@Override
public boolean verifyToken(PresentationToken t) throws TokenVerificationException {
ObjectFactory of = new ObjectFactory();
// System.out.println("Bridging verify token: "+t);
try {
// String xml = XmlUtils.toXml(of.createPresentationToken(t), false);
// System.out.println(xml+"\n\n");
String[] pseudonymEngines = this.getPseudonymEngines(t);
boolean tokenContainsUProve = false;
PresentationTokenWithCommitments idemixToken = of.createPresentationTokenWithCommitments();
PresentationToken uproveToken = of.createPresentationToken();
if (t.getVersion() == null) {
uproveToken.setVersion("1.0");
idemixToken.setVersion("1.0");
} else {
idemixToken.setVersion(t.getVersion());
uproveToken.setVersion(t.getVersion());
}
PresentationTokenDescription desc = t.getPresentationTokenDescription();
PresentationTokenDescription iDesc = of.createPresentationTokenDescription();
PresentationTokenDescription uDesc = of.createPresentationTokenDescription();
iDesc.setMessage(desc.getMessage());
uDesc.setMessage(desc.getMessage());
iDesc.setPolicyUID(desc.getPolicyUID());
uDesc.setPolicyUID(desc.getPolicyUID());
iDesc.setTokenUID(desc.getTokenUID());
uDesc.setTokenUID(desc.getTokenUID());
for (int i = 0; i < pseudonymEngines.length; i++) {
PseudonymInToken pit = t.getPresentationTokenDescription().getPseudonym().get(i);
if ("UPROVE".equals(pseudonymEngines[i])) {
uDesc.getPseudonym().add(pit);
} else {
iDesc.getPseudonym().add(pit);
}
}
this.verifierRevocation.clearCredentialInToken();
Set<URI> idemixCredentialAliases = new HashSet<URI>();
Set<URI> uproveCredentialAliases = new HashSet<URI>();
for (CredentialInToken cit : desc.getCredential()) {
this.verifierRevocation.addCredentialInToken(cit);
/*
try{
System.out.println("original: "+XmlUtils.toXml(of.createCredentialInToken(cit)));
}catch(Exception e){System.out.println("failed to print original cit");};
*/
if ((this.keyManager.getIssuerParameters(cit.getIssuerParametersUID()))
.getAlgorithmID()
.equals(CryptoUriUtil.getIdemixMechanism())) {
idemixCredentialAliases.add(cit.getAlias());
iDesc.getCredential().add(cit);
} else {
uproveCredentialAliases.add(cit.getAlias());
uDesc.getCredential().add(cit);
tokenContainsUProve = true;
// Add issuer parameters to Idemix Structure store
try {
this.storeUProveIssuerParameters(cit.getIssuerParametersUID());
} catch (Exception e) {
System.out.println(
"Failed to store UProve issuer parameters in Idemix structure store");
throw new RuntimeException(e);
}
}
}
for (AttributePredicate ap : desc.getAttributePredicate()) {
for (Object o : ap.getAttributeOrConstantValue()) {
if (o instanceof AttributePredicate.Attribute) {
iDesc.getAttributePredicate().add(ap);
break;
}
}
}
// TODO This might require some changes to work with revocation
for (VerifierDrivenRevocationInToken vdr : desc.getVerifierDrivenRevocation()) {
for (AttributeInRevocation air : vdr.getAttribute()) {
if (idemixCredentialAliases.contains(air.getCredentialAlias())) {
iDesc.getVerifierDrivenRevocation().add(vdr);
break;
} else {
uDesc.getVerifierDrivenRevocation().add(vdr);
}
}
}
// TODO Look at the uprove crypto evidence, if there are committed indices,
// check with cred spec if they are for revocation handles
// if so, do some stuff that allows poltransl and the other idemix parts to work
idemixToken.setPresentationTokenDescriptionWithCommitments(this.addCommitments(iDesc));
uproveToken.setPresentationTokenDescription(uDesc);
boolean verifies = false;
CryptoParams tcp = t.getCryptoEvidence();
CryptoParams icp = of.createCryptoParams();
boolean cryptoEvidenceContainsIdemix = false;
for (Object o : tcp.getAny()) {
try {
if (o instanceof JAXBElement) {
JAXBElement<?> jaxb = (JAXBElement<?>) o;
Object wrapped = jaxb.getValue();
if (wrapped instanceof CredentialInTokenWithCommitments) {
cryptoEvidenceContainsIdemix = true;
CredentialInTokenWithCommitments citwc = (CredentialInTokenWithCommitments) wrapped;
idemixToken
.getPresentationTokenDescriptionWithCommitments()
.getCredential()
.add(
citwc); // (CredentialInTokenWithCommitments)XmlUtils.getObjectFromXML(credIn,
// false));
} else {
System.err.println(
"Element is JaxB : "
+ jaxb.getValue()
+ " : "
+ jaxb.getDeclaredType()
+ " : "
+ jaxb.getScope()
+ " : "
+ jaxb.getName());
}
continue;
}
Element e = (Element) o;
String elementName = e.getLocalName() != null ? e.getLocalName() : e.getNodeName();
if ("UProveCredentialAndPseudonym".equals(elementName)) {
String credAlias =
((Element) e.getElementsByTagName("Proof").item(0))
.getElementsByTagName("CredentialAlias")
.item(0)
.getTextContent();
CredentialSpecification credSpec = null;
CredentialInToken c = null;
for (CredentialInToken cit : t.getPresentationTokenDescription().getCredential()) {
if (cit.getAlias().toString().equals(credAlias)) {
credSpec = this.keyManager.getCredentialSpecification(cit.getCredentialSpecUID());
c = cit;
break;
}
}
if (credSpec == null) {
throw new RuntimeException("Could not find credential specification.");
}
List<Integer> inspectableAttributes = new ArrayList<Integer>();
Map<Integer, URI> indexToInspectorKey = new HashMap<Integer, URI>();
Map<Integer, URI> indexToAttributeType = new HashMap<Integer, URI>();
// TODO here we have to also look at any inspectable attributes.
// If there are any, we need to create an inspectable information element etc.
int revocationindex = -1;
for (int i = 0;
i < credSpec.getAttributeDescriptions().getAttributeDescription().size();
i++) {
AttributeDescription ad =
credSpec.getAttributeDescriptions().getAttributeDescription().get(i);
if (ad.getType()
.toString()
.equals("http://abc4trust.eu/wp2/abcschemav1.0/revocationhandle")) {
revocationindex = i;
}
for (AttributeInToken da : c.getDisclosedAttribute()) {
if (da.getAttributeType().equals(ad.getType())
&& (da.getInspectorPublicKeyUID() != null)) {
inspectableAttributes.add(i);
indexToInspectorKey.put(i, da.getInspectorPublicKeyUID());
indexToAttributeType.put(i, da.getAttributeType());
}
}
}
Set<Integer> committedValues = new HashSet<Integer>();
committedValues.addAll(inspectableAttributes);
if (!committedValues.contains(revocationindex) && (revocationindex != -1)) {
committedValues.add(revocationindex);
}
Map<Integer, Integer> indexToIndexInProof = this.mapIndices(committedValues);
if (e.getElementsByTagName("CommittedAttributesIndices").getLength() > 0) {
Element cai = (Element) e.getElementsByTagName("CommittedAttributesIndices").item(0);
NodeList nl = cai.getChildNodes();
for (int j = 0; j < nl.getLength(); j++) {
Element ind = null;
try {
ind = (Element) nl.item(j);
} catch (ClassCastException ex) {
// If we end up here, it is most likely because we got a TextElement which is
// empty due
// to malformed xml (such as \r or \n)
continue;
}
int committedIndex = Integer.parseInt(ind.getTextContent()) - 1;
Element root = null;
// make addToRoot method, to allow for inspectable revocationinformation
if (committedIndex == revocationindex) {
root = ind.getOwnerDocument().createElement("RevocationInformation");
} else if (inspectableAttributes.contains(committedIndex)) {
root = ind.getOwnerDocument().createElement("InspectableInformation");
root.setAttribute(
"InspectorPublicKey", indexToInspectorKey.get(committedIndex).toString());
root.setAttribute(
"AttributeType", indexToAttributeType.get(committedIndex).toString());
} else {
// TODO: @Michael - explain this code a little :)
continue;
}
root.setAttribute("CredentialAlias", c.getAlias().toString());
root.setAttribute("CredentialSpecUID", credSpec.getSpecificationUID().toString());
root.setAttribute("IssuerParamsUID", c.getIssuerParametersUID().toString());
Element tilde = root.getOwnerDocument().createElement("TildeO");
root.appendChild(tilde);
NodeList tildes = e.getElementsByTagName("TildeO").item(0).getChildNodes();
//
// System.out.println("got the tildeO nodes: "+tildes.getLength());
tilde.appendChild(
tildes.item(indexToIndexInProof.get(committedIndex)).cloneNode(true));
tilde = root.getOwnerDocument().createElement("TildeValues");
root.appendChild(tilde);
tildes = e.getElementsByTagName("TildeValues").item(0).getChildNodes();
tilde.appendChild(
tildes.item((indexToIndexInProof.get(committedIndex) * 3)).cloneNode(true));
icp.getAny().add(root);
}
}
}
if ("IdmxProof".equals(elementName)) {
cryptoEvidenceContainsIdemix = true;
icp.getAny().add(o);
}
if ("CredentialInTokenWithCommitments".equals(elementName)
|| "abc:CredentialInTokenWithCommitments".equals(elementName)) {
cryptoEvidenceContainsIdemix = true;
// magic code adding the CrednetialInToken
TransformerFactory transfac = TransformerFactory.newInstance();
Transformer trans = transfac.newTransformer();
trans.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
trans.setOutputProperty(OutputKeys.INDENT, "yes");
// create string from xml tree
StringWriter sw = new StringWriter();
StreamResult result = new StreamResult(sw);
DOMSource source = new DOMSource(e.getOwnerDocument());
trans.transform(source, result);
String xmlString = sw.toString();
InputStream credIn = new ByteArrayInputStream(xmlString.getBytes());
idemixToken
.getPresentationTokenDescriptionWithCommitments()
.getCredential()
.add((CredentialInTokenWithCommitments) XmlUtils.getObjectFromXML(credIn, false));
}
if ("VerifiableEncryption".equals(elementName)) {
icp.getAny().add(o);
}
} catch (Exception e) {
e.printStackTrace();
// TODO @jdn, I think your revocation code causes some some serialization problems
// /Michael
// throw new RuntimeException(e);
}
}
if (cryptoEvidenceContainsIdemix) {
idemixToken.setCryptoEvidence(icp);
// System.out.println("\n\nNow verifying idmtoken!!");
// System.out.println(XmlUtils.toXml(of.createPresentationTokenWithCommitments(idemixToken),
// false)+"\n\n");
// System.out.println("about to call idmix engine for verification");
// System.out.println("we have "+idemixToken.getCryptoEvidence().getAny().size()+" crypto
// evidence");
if (idemixToken.getCryptoEvidence().getAny().size() == 0) {
verifies = true;
} else {
verifies = this.idemixEngine.verifyTokenWithCommitments(idemixToken);
}
System.out.println("idemix verifies: " + verifies);
}
if (tokenContainsUProve) {
// CryptoParams tcp = t.getCryptoEvidence();
tcp = t.getCryptoEvidence();
CryptoParams ucp = of.createCryptoParams();
for (Object o : tcp.getAny()) {
try {
Element e = (Element) o;
if (e.getNodeName().startsWith("UProve")) {
ucp.getAny().add(o);
}
} catch (Exception e) {
}
}
uproveToken.setCryptoEvidence(ucp);
// System.out.println("Now verifying uprove");
// xml = XmlUtils.toXml(of.createPresentationToken(uproveToken), false);
// System.out.println(xml+"\n\n");
boolean ver = this.uproveEngine.verifyToken(uproveToken);
// System.out.println("uprove verifies: "+ver);
if (cryptoEvidenceContainsIdemix) {
verifies = verifies && ver;
} else {
verifies = ver;
}
}
// System.out.println("DELEGATION VERIFIER.verifies:::: "+verifies);
return verifies;
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
@Test
public void testPersistentStoreAndGetToken() throws Exception {
// Init the persistent storage and the TokenManager
File temp1 = File.createTempFile(TOKENS_FILE, EXTENSION);
temp1.deleteOnExit();
File temp2 = File.createTempFile(PSEUDONYMS_FILE, EXTENSION);
temp2.deleteOnExit();
PersistentFileTokenStorage persistentStorage = new PersistentFileTokenStorage(temp1, temp2);
TokenManagerVerifier tokenManager = new TokenManagerImpl(persistentStorage);
// Create a PresentationToken for test
PresentationTokenDescription pTokenDesc = new PresentationTokenDescription();
final byte[] originalPseudonymValue = new byte[] {4, 2, 5};
PseudonymInToken originalPseudonym = new PseudonymInToken();
originalPseudonym.setPseudonymValue(originalPseudonymValue);
pTokenDesc.getPseudonym().add(originalPseudonym);
URI tokenUid1 = new URI("token-uid1");
pTokenDesc.setTokenUID(tokenUid1);
PresentationToken pToken = new PresentationToken();
pToken.setPresentationTokenDescription(pTokenDesc);
pToken.setVersion("1.0");
// Create another PresentationToken for test
PresentationTokenDescription pTokenDesc2 = new PresentationTokenDescription();
final byte[] originalPseudonymValue2 = new byte[] {3, 2, 5};
PseudonymInToken originalPseudonym2 = new PseudonymInToken();
originalPseudonym2.setPseudonymValue(originalPseudonymValue2);
pTokenDesc2.getPseudonym().add(originalPseudonym2);
URI tokenUid2 = new URI("token-uid2");
pTokenDesc2.setTokenUID(tokenUid2);
PresentationToken pToken2 = new PresentationToken();
pToken2.setPresentationTokenDescription(pTokenDesc2);
pToken2.setVersion("2.0");
// Store the first token
URI uid = tokenManager.storeToken(pToken);
// Retrieve the saved PresentationToken
PresentationToken savedPresentationToken = tokenManager.getToken(uid);
// Get pseudonym from the saved PresentationToken
PseudonymInToken savedPseudonym =
savedPresentationToken.getPresentationTokenDescription().getPseudonym().get(0);
// Test if the original PseudonymValue bytewise equals the one that has been saved.
assertArrayEquals(originalPseudonymValue, savedPseudonym.getPseudonymValue());
// Test version
assertEquals("1.0", savedPresentationToken.getVersion());
// Test isEstablishedPseudonym with the first original pseudonym
assertTrue(tokenManager.isEstablishedPseudonym(originalPseudonym));
// Test isEstablishedPseudonym with a false / nonexistant pseudonym
byte[] falsePseudonymValue = new byte[] {41, 23, 51};
PseudonymInToken falsePseudonym = new PseudonymInToken();
falsePseudonym.setPseudonymValue(falsePseudonymValue);
assertFalse(tokenManager.isEstablishedPseudonym(falsePseudonym));
// Store the second token
URI uid2 = tokenManager.storeToken(pToken2);
// Retrieve the saved PresentationToken
PresentationToken savedPresentationToken2 = tokenManager.getToken(uid2);
// Get pseudonym from the second saved PresentationToken
PseudonymInToken savedPseudonym2 =
savedPresentationToken2.getPresentationTokenDescription().getPseudonym().get(0);
// Test if the original second PseudonymValue bytewise equals the one that has been saved.
assertArrayEquals(originalPseudonymValue2, savedPseudonym2.getPseudonymValue());
// Test version
assertEquals("2.0", savedPresentationToken2.getVersion());
// Test isEstablishedPseudonym with second pseudonym
assertTrue(tokenManager.isEstablishedPseudonym(originalPseudonym2));
// Test isEstablishedPseudonym with a false / nonexistant pseudonym
byte[] falsePseudonymValue2 = new byte[] {52, 37, 55};
PseudonymInToken falsePseudonym2 = new PseudonymInToken();
falsePseudonym2.setPseudonymValue(falsePseudonymValue2);
assertFalse(tokenManager.isEstablishedPseudonym(falsePseudonym2));
// Retrieve the first saved PresentationToken again to make sure it has not been overwritten
savedPresentationToken = tokenManager.getToken(uid);
// Get pseudonym from the saved PresentationToken again to make sure it has not been overwritten
savedPseudonym = savedPresentationToken.getPresentationTokenDescription().getPseudonym().get(0);
// Test if the originalPseudonymValue bytewise equals the one that has been saved first again to
// make sure it has not been overwritten.
assertArrayEquals(originalPseudonymValue, savedPseudonym.getPseudonymValue());
// Test version again to make sure it has not been overwritten
assertEquals("1.0", savedPresentationToken.getVersion());
// Test isEstablishedPseudonym with the first original pseudonym again to make sure it has not
// been overwritten
assertTrue(tokenManager.isEstablishedPseudonym(originalPseudonym));
// Test delete token
assertTrue(tokenManager.deleteToken(uid));
// Test isEstablishedPseudonym with the first original pseudonym to make sure it has been
// removed
assertFalse(tokenManager.isEstablishedPseudonym(originalPseudonym));
// Retrieve the first saved PresentationToken again to make sure it has been removed
savedPresentationToken = tokenManager.getToken(uid);
assertEquals(null, savedPresentationToken);
}