Add issuance /getproof endpoint for retrieving session result in case of combined sessions

Author: sietseringers

build.gradle

@@ -2,7 +2,7 @@ apply plugin: 'war'
 apply plugin: 'org.akhikhl.gretty'
 apply plugin: 'eclipse-wtp'
 
-version = "2.1.1"
+version = "2.2.0"
 
 import org.gradle.internal.os.OperatingSystem;
 

src/main/java/org/irmacard/api/web/resources/BaseResource.java

@@ -1,9 +1,9 @@
 package org.irmacard.api.web.resources;
 
-import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.JwsHeader;
-import io.jsonwebtoken.SigningKeyResolverAdapter;
+import io.jsonwebtoken.*;
 import org.irmacard.api.common.*;
+import org.irmacard.api.common.JwtParser;
+import org.irmacard.api.common.disclosure.DisclosureProofResult;
 import org.irmacard.api.common.disclosure.ServiceProviderRequest;
 import org.irmacard.api.common.exceptions.ApiError;
 import org.irmacard.api.common.exceptions.ApiException;
@@ -20,6 +20,8 @@
 
 import java.math.BigInteger;
 import java.security.Key;
+import java.security.KeyManagementException;
+import java.util.Calendar;
 import java.util.HashMap;
 
 public abstract class BaseResource
@@ -203,4 +205,25 @@ protected void fail(ApiError error, SessionClass session) throws ApiException {
 		session.setStatusCancelled();
 		throw new ApiException(error);
 	}
+
+	protected String signResultJwt(DisclosureProofResult result, int validity, String subject) throws KeyManagementException {
+		Calendar now = Calendar.getInstance();
+		Calendar expiry = Calendar.getInstance();
+		expiry.add(Calendar.SECOND, validity);
+
+		JwtBuilder builder = Jwts.builder()
+				.setClaims(result.getAsMap())
+				.setIssuedAt(now.getTime())
+				.setExpiration(expiry.getTime())
+				.setSubject(subject);
+
+		String jwt_issuer = ApiConfiguration.getInstance().getJwtIssuer();
+		if (jwt_issuer != null)
+			builder = builder.setIssuer(jwt_issuer);
+
+		return builder
+				.signWith(ApiConfiguration.getInstance().getJwtAlgorithm(),
+						ApiConfiguration.getInstance().getJwtPrivateKey())
+				.compact();
+	}
 }

src/main/java/org/irmacard/api/web/resources/IssueResource.java

@@ -1,6 +1,8 @@
 package org.irmacard.api.web.resources;
 
+import io.jsonwebtoken.JwtBuilder;
 import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.Jwts;
 import org.irmacard.api.common.*;
 import org.irmacard.api.common.disclosure.DisclosureProofRequest;
 import org.irmacard.api.common.disclosure.DisclosureProofResult;
@@ -13,6 +15,7 @@
 import org.irmacard.api.web.sessions.IrmaSession;
 import org.irmacard.api.web.sessions.IssueSession;
 import org.irmacard.api.web.sessions.Sessions;
+import org.irmacard.api.web.sessions.VerificationSession;
 import org.irmacard.credentials.Attributes;
 import org.irmacard.credentials.CredentialsException;
 import org.irmacard.credentials.idemix.IdemixIssuer;
@@ -30,7 +33,9 @@
 import javax.inject.Inject;
 import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
+import java.security.KeyManagementException;
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.HashMap;
 import javax.ws.rs.core.Context;
 import javax.servlet.http.HttpServletRequest;
@@ -77,13 +82,7 @@ public JwtSessionRequest getJwt(@PathParam("sessiontoken") String sessiontoken,
 	@Produces(MediaType.APPLICATION_JSON)
 	@Override
 	public IrmaSession.Status getStatus(@PathParam("sessiontoken") String sessiontoken) {
-		IrmaSession.Status status = super.getStatus(sessiontoken);
-
-		IssueSession session = sessions.getNonNullSession(sessiontoken);
-		if (status == IrmaSession.Status.DONE || status == IrmaSession.Status.CANCELLED)
-			session.close();
-
-		return status;
+		return super.getStatus(sessiontoken);
 	}
 
 	@DELETE @Path("/{sessiontoken}")
@@ -218,9 +217,10 @@ public ArrayList<IssueSignatureMessage> getSignatureMessages(IssueCommitmentMess
 			if (request.getRequiredAttributes().size() > 0) {
 				DisclosureProofRequest disclosureRequest = new DisclosureProofRequest(
 						request.getNonce(), request.getContext(), request.getRequiredAttributes());
-				DisclosureProofResult.Status status = disclosureRequest.verify(proofs).getStatus();
+				DisclosureProofResult res = disclosureRequest.verify(proofs);
+				session.setDisclosed(res);
 
-				switch (status) {
+				switch (res.getStatus()) {
 					case EXPIRED:
 						fail(ApiError.ATTRIBUTES_EXPIRED, session);
 					case MISSING_ATTRIBUTES:
@@ -277,4 +277,20 @@ public ArrayList<IssueSignatureMessage> getSignatureMessages(IssueCommitmentMess
 			return null;
 		}
 	}
+
+	public DisclosureProofResult getproof(String sessiontoken) {
+		IssueSession session = sessions.getNonNullSession(sessiontoken);
+		DisclosureProofResult result = session.getDisclosed();
+		if (result == null)
+			throw new ApiException(ApiError.UNEXPECTED_REQUEST, "No attributes were disclosed in this session");
+		result.setServiceProviderData(session.getClientRequest().getData());
+		return result;
+	}
+
+	@GET @Path("/{sessiontoken}/getproof")
+	@Produces(MediaType.TEXT_PLAIN)
+	public String gettoken(@PathParam("sessiontoken") String sessiontoken) throws KeyManagementException {
+		return signResultJwt(getproof(sessiontoken), 120, "issue_result");
+	}
+
 }

src/main/java/org/irmacard/api/web/resources/VerificationResource.java

@@ -196,33 +196,12 @@ public DisclosureProofResult getproof(@PathParam("sessiontoken") String sessiont
         return result;
     }
 
-    // TODO: This seems to also return (signed) data even if the proof does not
-    // verify, maybe we want to refuse this method if that is the case, need to
-    // change workflow to allow this.
     @GET @Path("/{sessiontoken}/getproof")
     @Produces(MediaType.TEXT_PLAIN)
     public String gettoken(@PathParam("sessiontoken") String sessiontoken) throws KeyManagementException {
         VerificationSession session = sessions.getNonNullSession(sessiontoken);
         DisclosureProofResult result = getproof(sessiontoken);
-
-        Calendar now = Calendar.getInstance();
-        Calendar expiry = Calendar.getInstance();
-        expiry.add(Calendar.SECOND, session.getClientRequest().getValidity());
-
-        JwtBuilder builder = Jwts.builder()
-                .setClaims(result.getAsMap())
-                .setIssuedAt(now.getTime())
-                .setExpiration(expiry.getTime())
-                .setSubject("disclosure_result");
-
-        String jwt_issuer = ApiConfiguration.getInstance().getJwtIssuer();
-        if (jwt_issuer != null)
-            builder = builder.setIssuer(jwt_issuer);
-
-        return builder
-                .signWith(ApiConfiguration.getInstance().getJwtAlgorithm(),
-                        ApiConfiguration.getInstance().getJwtPrivateKey())
-                .compact();
+        return signResultJwt(result, session.getClientRequest().getValidity(), "disclosure_result");
     }
 
     // TODO: move to some kind of 'util class'?

src/main/java/org/irmacard/api/web/sessions/IssueSession.java

@@ -1,5 +1,6 @@
 package org.irmacard.api.web.sessions;
 
+import org.irmacard.api.common.disclosure.DisclosureProofResult;
 import org.irmacard.api.common.issuing.IdentityProviderRequest;
 import org.irmacard.api.common.issuing.IssuingRequest;
 import org.irmacard.credentials.idemix.messages.IssueCommitmentMessage;
@@ -8,6 +9,8 @@ public class IssueSession extends IrmaSession<IdentityProviderRequest, IssuingRe
 	private IssueCommitmentMessage commitments;
 	private boolean isDistributed;
 
+	private DisclosureProofResult disclosed;
+
 	public IssueSession(boolean isDistributed) {
 		super();
 		this.isDistributed = isDistributed;
@@ -28,4 +31,12 @@ public void setCommitments(IssueCommitmentMessage commitments) {
 	public boolean isDistributed() {
 		return isDistributed;
 	}
+
+	public DisclosureProofResult getDisclosed() {
+		return disclosed;
+	}
+
+	public void setDisclosed(DisclosureProofResult disclosed) {
+		this.disclosed = disclosed;
+	}
 }