public static IdemixRoles ToIdemixRoles(this IEnumerable <MSPRole.Types.MSPRoleType> roles) { IdemixRoles mask = 0; foreach (MSPRole.Types.MSPRoleType role in roles) { mask |= (IdemixRoles)(1 << (int)role); } return(mask); }
public IdemixEnrollment(IdemixIssuerPublicKey ipk, KeyPair revocationPk, string mspId, BIG sk, IdemixCredential cred, CredentialRevocationInformation cri, string ou, IdemixRoles roleMask) { Ipk = ipk; RevocationPk = revocationPk; MspId = mspId; Sk = sk; Cred = cred; Cri = cri; Ou = ou; RoleMask = roleMask; }
public void TestIdemixRoles() { IdemixRoles role = IdemixRoles.ADMIN | IdemixRoles.CLIENT; Assert.IsTrue(role.CheckRole(IdemixRoles.ADMIN)); Assert.IsFalse(role.CheckRole(IdemixRoles.PEER)); Assert.IsFalse(role.CheckRole(IdemixRoles.MEMBER)); Assert.IsTrue(role.CheckRole(IdemixRoles.CLIENT)); Assert.AreEqual(MSPRole.Types.MSPRoleType.Member.ToIdemixRole(), IdemixRoles.MEMBER); Assert.AreEqual(IdemixRoles.ADMIN.ToMSPRoleTypes().First(), MSPRole.Types.MSPRoleType.Admin); }
public static List <MSPRole.Types.MSPRoleType> ToMSPRoleTypes(this IdemixRoles roles) { List <MSPRole.Types.MSPRoleType> ls = new List <MSPRole.Types.MSPRoleType>(); int pos = 0; foreach (IdemixRoles r in Enum.GetValues(typeof(IdemixRoles))) { if ((r & roles) == r) { ls.Add((MSPRole.Types.MSPRoleType)pos); } pos++; } return(ls); }
/** * Create Idemix Identity from the following inputs: * * @param mspId is MSP ID sting * @param nym is Identity Mixer Pseudonym * @param ou is OU attribute * @param roleMask is a bitmask that represent all the roles attached to this identity * @param proof is Proof */ public IdemixIdentity(string mspId, IdemixIssuerPublicKey ipk, ECP nym, string ou, IdemixRoles roleMask, IdemixSignature proof) { if (mspId == null) { throw new ArgumentException("MSP ID must not be null"); } if (string.IsNullOrEmpty(mspId)) { throw new ArgumentException("MSP ID must not be empty"); } if (ipk == null) { throw new ArgumentException("Issuer Public Key must not be empty"); } if (nym == null) { throw new ArgumentException("Identity Mixer Pseudonym (nym) must not be null"); } if (ou == null) { throw new ArgumentException("OU attribute must not be null"); } if (string.IsNullOrEmpty(ou)) { throw new ArgumentException("OU attribute must not be empty"); } if (proof == null) { throw new ArgumentException("Proof must not be null"); } this.mspId = mspId; ipkHash = ipk.Hash; pseudonym = nym; Ou = ou; RoleMask = roleMask; associationProof = proof; }
public static bool CheckRole(this IdemixRoles roles, IdemixRoles searchRole) { return((roles & searchRole) == searchRole); }
/** * Create new Idemix Signing Identity with a fresh pseudonym * * @param ipk issuer public key * @param revocationPk the issuer's long term revocation public key * @param mspId MSP identifier * @param sk user's secret * @param cred idemix credential * @param cri the credential revocation information * @param ou is OU attribute * @param role is role attribute * @throws CryptoException * @throws InvalidArgumentException */ public IdemixSigningIdentity(IdemixIssuerPublicKey ipk, KeyPair revocationPk, string mspId, BIG sk, IdemixCredential cred, CredentialRevocationInformation cri, string ou, IdemixRoles role) { // input checks if (ipk == null) { throw new ArgumentException("Issuer Public Key (IPK) must not be null"); } if (revocationPk == null) { throw new ArgumentException("Revocation PK must not be null"); } if (mspId == null) { throw new ArgumentException("MSP ID must not be null"); } if (string.IsNullOrEmpty(mspId)) { throw new ArgumentException("MSP ID must not be empty"); } if (ou == null) { throw new ArgumentException("OU must not be null"); } if (string.IsNullOrEmpty(ou)) { throw new ArgumentException("OU must not be empty"); } if (sk == null) { throw new ArgumentException("SK must not be null"); } if (cred == null) { throw new ArgumentException("Credential must not be null"); } if (cri == null) { throw new ArgumentException("Credential revocation information must not be null"); } logger.Trace($"Verifying public key with hash: [{BitConverter.ToString(ipk.Hash).Replace("-", "")}] \nAttributes: [{string.Join(",", ipk.AttributeNames)}]"); if (!ipk.Check()) { CryptoException e = new CryptoException("Issuer public key is not valid"); logger.Error("", e); throw e; } this.ipk = ipk; this.sk = sk; this.cri = cri; logger.Trace("Verifying the credential"); // cryptographically verify credential // (check if the issuer's signature is valid) if (!cred.Verify(sk, ipk)) { CryptoException e = new CryptoException("Credential is not cryptographically valid"); logger.Error("", e); throw e; } logger.Trace("Checking attributes"); // attribute checks // 4 attributes are expected: // - organization unit (disclosed) // - role: admin or member (disclosed) // - enrollment id (hidden, for future auditing feature and authorization with CA) // - revocation handle (hidden, for future revocation support) if (cred.Attrs.Length != 4) { throw new CryptoException($"Error: There are {cred.Attrs.Length} attributes and the expected are 4"); } byte[] ouBytes = cred.Attrs[0]; byte[] roleBytes = cred.Attrs[1]; byte[] eIdBytes = cred.Attrs[2]; byte[] rHBytes = cred.Attrs[3]; BIG[] attributes = new BIG[4]; attributes[0] = BIG.FromBytes(ouBytes); attributes[1] = BIG.FromBytes(roleBytes); attributes[2] = BIG.FromBytes(eIdBytes); attributes[3] = BIG.FromBytes(rHBytes); // check that the OU string matches the credential's attribute value if (!ou.ToBytes().HashModOrder().ToBytes().SequenceEqual(ouBytes)) { throw new ArgumentException("the OU string does not match the credential"); } // check that the role matches the credential's attribute value if (!new BIG((int)role).ToBytes().SequenceEqual(roleBytes)) { throw new ArgumentException("the role does not match the credential"); } logger.Trace("Generating fresh pseudonym and proof"); // generate a fresh pseudonym Pseudonym = new IdemixPseudonym(this.sk, this.ipk); // generate a fresh proof of possession of a credential // with respect to a freshly generated pseudonym Proof = new IdemixSignature(cred, this.sk, Pseudonym, this.ipk, disclosedFlags, msgEmpty, rhIndex, cri); logger.Trace("Verifying the proof"); // verify the proof if (!Proof.Verify(disclosedFlags, this.ipk, msgEmpty, attributes, rhIndex, revocationPk, (int)cri.Epoch)) { throw new CryptoException("Generated proof of identity is not valid"); } logger.Trace("Generating the Identity Object"); // generate a fresh identity with new pseudonym idemixIdentity = new IdemixIdentity(mspId, this.ipk, Pseudonym.Nym, ou, role, Proof); logger.Trace(idemixIdentity.ToString()); }