cleanup deserializer

Signed-off-by: Angelo De Caro <[email protected]>

Author: adecaro

Diff for: integration/ports.go

@@ -43,6 +43,11 @@ var (
 		CommType:          fsc.WebSocket,
 		ReplicationFactor: token.None,
 	}
+	WebSocketWithReplication = &InfrastructureType{
+		Label:             ginkgo.Label("replicas"),
+		CommType:          fsc.WebSocket,
+		ReplicationFactor: 3,
+	}
 	LibP2PNoReplication = &InfrastructureType{
 		Label:             ginkgo.Label("libp2p"),
 		CommType:          fsc.LibP2P,

Diff for: token/core/zkatdlog/crypto/audit/auditor_test.go

@@ -50,7 +50,7 @@ var _ = Describe("Auditor", func() {
 		Expect(err).NotTo(HaveOccurred())
 		pp, err = crypto.Setup(32, ipk, math.FP256BN_AMCL)
 		Expect(err).NotTo(HaveOccurred())
-		des, err := idemix.NewDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL)
+		des, err := idemix.NewEidNymRhNymDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL)
 		Expect(err).NotTo(HaveOccurred())
 		auditor = audit.NewAuditor(logging.MustGetLogger("auditor"), des, pp.PedersenGenerators, nil, fakeSigningIdentity, math.Curves[pp.Curve])
 		fakeSigningIdentity.SignReturns([]byte("auditor-signature"), nil)

Diff for: token/core/zkatdlog/crypto/validator/validator_test.go

@@ -73,7 +73,7 @@ var _ = Describe("validator", func() {
 		c := math.Curves[pp.Curve]
 
 		asigner, _ := prepareECDSASigner()
-		des, err := idemix.NewDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL)
+		des, err := idemix.NewEidNymRhNymDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, math.FP256BN_AMCL)
 		Expect(err).NotTo(HaveOccurred())
 		auditor = audit.NewAuditor(logging.MustGetLogger("auditor"), des, pp.PedersenGenerators, pp.IdemixIssuerPK, asigner, c)
 		araw, err := asigner.Serialize()

Diff for: token/core/zkatdlog/nogh/driver/deserializer.go

@@ -30,7 +30,12 @@ func NewDeserializer(pp *crypto.PublicParams) (*Deserializer, error) {
 	if pp == nil {
 		return nil, errors.New("failed to get deserializer: nil public parameters")
 	}
-	idemixDes, err := idemix.NewDeserializer(&schema.DefaultManager{}, "", pp.IdemixIssuerPK, pp.IdemixCurveID)
+	idemixDes, err := idemix.NewEidNymRhNymDeserializer(
+		&schema.DefaultManager{},
+		"",
+		pp.IdemixIssuerPK,
+		pp.IdemixCurveID,
+	)
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed getting idemix deserializer for passed public params [%d]", pp.IdemixCurveID)
 	}

Diff for: token/services/identity/msp/idemix/deserializer.go

@@ -22,41 +22,24 @@ type Deserializer struct {
 	*msp2.Deserializer
 }
 
-// NewDeserializer returns a new deserializer for the idemix ExpectEidNymRhNym verification strategy
-func NewDeserializer(
+// NewEidNymRhNymDeserializer returns a new deserializer that expects EID and RH Nyms identities.
+// The returned deserializer checks the validly of the deserialized identities.
+func NewEidNymRhNymDeserializer(
 	sm SchemaManager,
 	schema string,
 	ipk []byte,
 	curveID math.CurveID,
 ) (*Deserializer, error) {
-	logger.Debugf("new deserialized for dlog idemix")
 	cryptoProvider, err := msp2.NewBCCSPWithDummyKeyStore(curveID, curveID == math.BLS12_381_BBS)
 	if err != nil {
 		return nil, errors.WithMessagef(err, "failed to instantiate crypto provider for curve [%d]", curveID)
 	}
-	return NewDeserializerWithProvider(sm, schema, ipk, csp.ExpectEidNymRhNym, nil, cryptoProvider)
+	return NewDeserializer(sm, schema, ipk, csp.ExpectEidNymRhNym, nil, cryptoProvider)
 }
 
-// NewDeserializerWithProvider returns a new serialized for the passed arguments
-func NewDeserializerWithProvider(
-	sm SchemaManager,
-	schema string,
-	ipk []byte,
-	verType csp.VerificationType,
-	nymEID []byte,
-	cryptoProvider csp.BCCSP,
-) (*Deserializer, error) {
-	return NewDeserializerWithBCCSP(
-		sm,
-		schema,
-		ipk,
-		verType,
-		nymEID,
-		cryptoProvider,
-	)
-}
-
-func NewDeserializerWithBCCSP(
+// NewDeserializer returns a new deserializer for the passed arguments.
+// The returned deserializer checks the validly of the deserialized identities.
+func NewDeserializer(
 	sm SchemaManager,
 	schema string,
 	ipk []byte,
@@ -67,20 +50,21 @@ func NewDeserializerWithBCCSP(
 	logger.Debugf("Setting up Idemix-based MSP instance")
 
 	// Import Issuer Public Key
+	if len(ipk) == 0 {
+		return nil, errors.Errorf("no issuer public key provided")
+	}
 	var issuerPublicKey csp.Key
-	if len(ipk) != 0 {
-		// get the opts from the schema manager
-		opts, err := sm.PublicKeyImportOpts(schema)
-		if err != nil {
-			return nil, errors.Wrapf(err, "could not obtain PublicKeyImportOpts for schema '%s'", schema)
-		}
-		issuerPublicKey, err = cryptoProvider.KeyImport(
-			ipk,
-			opts,
-		)
-		if err != nil {
-			return nil, err
-		}
+	// get the opts from the schema manager
+	opts, err := sm.PublicKeyImportOpts(schema)
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not obtain PublicKeyImportOpts for schema '%s'", schema)
+	}
+	issuerPublicKey, err = cryptoProvider.KeyImport(
+		ipk,
+		opts,
+	)
+	if err != nil {
+		return nil, err
 	}
 
 	return &Deserializer{
@@ -97,7 +81,7 @@ func NewDeserializerWithBCCSP(
 }
 
 func (d *Deserializer) DeserializeVerifier(raw driver.Identity) (driver.Verifier, error) {
-	identity, err := d.Deserialize(raw, true)
+	identity, err := d.Deserialize(raw)
 	if err != nil {
 		return nil, err
 	}
@@ -111,8 +95,16 @@ func (d *Deserializer) DeserializeVerifier(raw driver.Identity) (driver.Verifier
 	}, nil
 }
 
+func (d *Deserializer) DeserializeAuditInfo(raw []byte) (driver2.AuditInfo, error) {
+	return d.Deserializer.DeserializeAuditInfo(raw)
+}
+
+func (d *Deserializer) GetOwnerMatcher(raw []byte) (driver.Matcher, error) {
+	return d.Deserializer.DeserializeAuditInfo(raw)
+}
+
 func (d *Deserializer) DeserializeVerifierAgainstNymEID(raw []byte, nymEID []byte) (driver.Verifier, error) {
-	identity, err := d.Deserializer.DeserializeAgainstNymEID(raw, true, nymEID)
+	identity, err := d.Deserializer.DeserializeAgainstNymEID(raw, nymEID)
 	if err != nil {
 		return nil, err
 	}
@@ -126,49 +118,6 @@ func (d *Deserializer) DeserializeVerifierAgainstNymEID(raw []byte, nymEID []byt
 	}, nil
 }
 
-func (d *Deserializer) DeserializeSigner(raw []byte) (driver.Signer, error) {
-	return nil, errors.New("not supported")
-}
-
-func (d *Deserializer) DeserializeAuditInfo(raw []byte) (driver2.AuditInfo, error) {
-	return d.Deserializer.DeserializeAuditInfo(raw)
-}
-
-func (d *Deserializer) GetOwnerMatcher(raw []byte) (driver.Matcher, error) {
-	return d.Deserializer.DeserializeAuditInfo(raw)
-}
-
-func (d *Deserializer) GetOwnerAuditInfo(raw []byte, p driver.AuditInfoProvider) ([][]byte, error) {
-	auditInfo, err := p.GetAuditInfo(raw)
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed getting audit info for recipient identity [%s]", driver.Identity(raw).String())
-	}
-	return [][]byte{auditInfo}, nil
-}
-
-func (d *Deserializer) Info(raw []byte, auditInfo []byte) (string, error) {
-	r, err := d.Deserialize(raw, false)
-	if err != nil {
-		return "", err
-	}
-
-	eid := ""
-	if len(auditInfo) != 0 {
-		ai, err := msp2.DeserializeAuditInfo(auditInfo)
-		if err != nil {
-			return "", err
-		}
-		ai.SchemaManager = d.Deserializer.SchemaManager
-		ai.Schema = d.Deserializer.Schema
-		if err := ai.Match(raw); err != nil {
-			return "", err
-		}
-		eid = ai.EnrollmentID()
-	}
-
-	return fmt.Sprintf("MSP.Idemix: [%s][%s][%s][%s][%s]", eid, driver.Identity(raw).UniqueID(), r.SerializedIdentity.Mspid, r.OU.OrganizationalUnitIdentifier, r.Role.Role.String()), nil
-}
-
 func (d *Deserializer) String() string {
 	return fmt.Sprintf("Idemix with IPK [%s]", hash.Hashable(d.Ipk).String())
 }

Diff for: token/services/identity/msp/idemix/msp/deserializer.go

@@ -36,11 +36,11 @@ type Deserializer struct {
 	Schema          string
 }
 
-func (d *Deserializer) Deserialize(raw []byte, checkValidity bool) (*DeserializedIdentity, error) {
-	return d.DeserializeAgainstNymEID(raw, checkValidity, nil)
+func (d *Deserializer) Deserialize(raw []byte) (*DeserializedIdentity, error) {
+	return d.DeserializeAgainstNymEID(raw, nil)
 }
 
-func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, checkValidity bool, nymEID []byte) (*DeserializedIdentity, error) {
+func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, nymEID []byte) (*DeserializedIdentity, error) {
 	si := &m.SerializedIdentity{}
 	err := proto.Unmarshal(raw, si)
 	if err != nil {
@@ -56,6 +56,11 @@ func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, checkValidity bool,
 		return nil, errors.Errorf("unable to deserialize idemix identity: pseudonym is invalid")
 	}
 
+	// match schema
+	if serialized.Schema != d.Schema {
+		return nil, errors.Errorf("unable to deserialize idemix identity: schema does not match [%s]!=[%s]", serialized.Schema, d.Schema)
+	}
+
 	// Import NymPublicKey
 	var rawNymPublicKey []byte
 	rawNymPublicKey = append(rawNymPublicKey, serialized.NymX...)
@@ -110,10 +115,8 @@ func (d *Deserializer) DeserializeAgainstNymEID(raw []byte, checkValidity bool,
 	if err != nil {
 		return nil, errors.Wrap(err, "cannot deserialize")
 	}
-	if checkValidity {
-		if err := id.Validate(); err != nil {
-			return nil, errors.Wrap(err, "cannot deserialize, invalid identity")
-		}
+	if err := id.Validate(); err != nil {
+		return nil, errors.Wrap(err, "cannot deserialize, invalid identity")
 	}
 
 	return &DeserializedIdentity{

Diff for: token/services/identity/msp/idemix/msp/id.go

@@ -44,7 +44,7 @@ type SchemaManager interface {
 
 type Identity struct {
 	NymPublicKey bccsp.Key
-	Idemix       *Deserializer
+	Deserializer *Deserializer
 	ID           *msp.IdentityIdentifier
 	Role         *m.MSPRole
 	OU           *m.OrganizationUnit
@@ -59,7 +59,7 @@ type Identity struct {
 }
 
 func NewIdentity(
-	idemix *Deserializer,
+	deserializer *Deserializer,
 	NymPublicKey bccsp.Key,
 	role *m.MSPRole,
 	ou *m.OrganizationUnit,
@@ -69,7 +69,7 @@ func NewIdentity(
 	Schema string,
 ) (*Identity, error) {
 	id := &Identity{}
-	id.Idemix = idemix
+	id.Deserializer = deserializer
 	id.NymPublicKey = NymPublicKey
 	id.Role = role
 	id.OU = ou
@@ -83,7 +83,7 @@ func NewIdentity(
 		return nil, errors.Wrapf(err, "failed to marshal nym public key")
 	}
 	id.ID = &msp.IdentityIdentifier{
-		Mspid: idemix.Name,
+		Mspid: deserializer.Name,
 		Id:    bytes.NewBuffer(raw).String(),
 	}
 
@@ -105,12 +105,12 @@ func (id *Identity) GetIdentifier() *msp.IdentityIdentifier {
 }
 
 func (id *Identity) GetMSPIdentifier() string {
-	return id.Idemix.Name
+	return id.Deserializer.Name
 }
 
 func (id *Identity) GetOrganizationalUnits() []*msp.OUIdentifier {
 	// we use the (serialized) public key of this MSP as the CertifiersIdentifier
-	certifiersIdentifier, err := id.Idemix.IssuerPublicKey.Bytes()
+	certifiersIdentifier, err := id.Deserializer.IssuerPublicKey.Bytes()
 	if err != nil {
 		logger.Errorf("Failed to marshal ipk in GetOrganizationalUnits: %s", err)
 		return nil
@@ -121,7 +121,7 @@ func (id *Identity) GetOrganizationalUnits() []*msp.OUIdentifier {
 
 func (id *Identity) Validate() error {
 	// logger.Debugf("Validating identity %+v", id)
-	if id.GetMSPIdentifier() != id.Idemix.Name {
+	if id.GetMSPIdentifier() != id.Deserializer.Name {
 		return errors.Errorf("the supplied identity does not belong to this msp")
 	}
 	return id.verifyProof()
@@ -132,9 +132,9 @@ func (id *Identity) Verify(msg []byte, sig []byte) error {
 	if err != nil {
 		return err
 	}
-	opts.IssuerPK = id.Idemix.IssuerPublicKey
+	opts.IssuerPK = id.Deserializer.IssuerPublicKey
 
-	_, err = id.Idemix.Csp.Verify(
+	_, err = id.Deserializer.Csp.Verify(
 		id.NymPublicKey,
 		sig,
 		msg,
@@ -189,24 +189,24 @@ func (id *Identity) Serialize() ([]byte, error) {
 func (id *Identity) verifyProof() error {
 	// Verify signature
 	var metadata *bccsp.IdemixSignerMetadata
-	if len(id.Idemix.NymEID) != 0 {
+	if len(id.Deserializer.NymEID) != 0 {
 		metadata = &bccsp.IdemixSignerMetadata{
-			EidNym: id.Idemix.NymEID,
-			RhNym:  id.Idemix.RhNym,
+			EidNym: id.Deserializer.NymEID,
+			RhNym:  id.Deserializer.RhNym,
 		}
 	}
 
 	opts, err := id.SchemaManager.SignerOpts(id.Schema, id.OU, id.Role)
 	if err != nil {
 		return errors.Wrapf(err, "could obtain signer opts for schema '%s'", id.Schema)
 	}
-	opts.Epoch = id.Idemix.Epoch
+	opts.Epoch = id.Deserializer.Epoch
 	opts.VerificationType = id.VerificationType
 	opts.Metadata = metadata
-	opts.RevocationPublicKey = id.Idemix.RevocationPK
+	opts.RevocationPublicKey = id.Deserializer.RevocationPK
 
-	valid, err := id.Idemix.Csp.Verify(
-		id.Idemix.IssuerPublicKey,
+	valid, err := id.Deserializer.Csp.Verify(
+		id.Deserializer.IssuerPublicKey,
 		id.AssociationProof,
 		nil,
 		opts,
@@ -233,9 +233,9 @@ func (id *SigningIdentity) Sign(msg []byte) ([]byte, error) {
 		return nil, err
 	}
 	opts.Nym = id.NymKey
-	opts.IssuerPK = id.Idemix.IssuerPublicKey
+	opts.IssuerPK = id.Deserializer.IssuerPublicKey
 
-	sig, err := id.Idemix.Csp.Sign(
+	sig, err := id.Deserializer.Csp.Sign(
 		id.UserKey,
 		msg,
 		opts,

Diff for: token/services/identity/msp/idemix/provider.go

@@ -323,7 +323,7 @@ func (p *Provider) IsRemote() bool {
 }
 
 func (p *Provider) DeserializeVerifier(raw []byte) (driver.Verifier, error) {
-	r, err := p.Deserialize(raw, true)
+	r, err := p.Deserialize(raw)
 	if err != nil {
 		return nil, err
 	}
@@ -332,7 +332,7 @@ func (p *Provider) DeserializeVerifier(raw []byte) (driver.Verifier, error) {
 }
 
 func (p *Provider) DeserializeSigner(raw []byte) (driver.Signer, error) {
-	r, err := p.Deserialize(raw, true)
+	r, err := p.Deserialize(raw)
 	if err != nil {
 		return nil, err
 	}
@@ -361,7 +361,7 @@ func (p *Provider) DeserializeSigner(raw []byte) (driver.Signer, error) {
 }
 
 func (p *Provider) Info(raw []byte, auditInfo []byte) (string, error) {
-	r, err := p.Deserialize(raw, true)
+	r, err := p.Deserialize(raw)
 	if err != nil {
 		return "", err
 	}