Skip to content

Commit 99b4b88

Browse files
authored
Merge pull request #69 from FIWARE/fail
fail for non-existent scopes
2 parents d65c2ba + 788fda5 commit 99b4b88

File tree

4 files changed

+60
-32
lines changed

4 files changed

+60
-32
lines changed

config/configClient.go

Lines changed: 39 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ const SERVICE_DEFAULT_SCOPE = ""
1717
var ErrorCcsNoResponse = errors.New("no_response_from_ccs")
1818
var ErrorCcsErrorResponse = errors.New("error_response_from_ccs")
1919
var ErrorCcsEmptyResponse = errors.New("empty_response_from_ccs")
20+
var ErrorNoSuchScope = errors.New("requested_scope_does_not_exist")
2021

2122
type HttpClient interface {
2223
Get(url string) (resp *http.Response, err error)
@@ -214,38 +215,59 @@ type CredentialSetQuery struct {
214215
Purpose interface{} `json:"purpose,omitempty" mapstructure:"purpose,omitempty"`
215216
}
216217

217-
func (cs ConfiguredService) GetRequiredCredentialTypes(scope string) []string {
218-
types := []string{}
219-
for _, credential := range cs.GetCredentials(scope) {
218+
func (cs ConfiguredService) GetRequiredCredentialTypes(scope string) (types []string, err error) {
219+
credentials, err := cs.GetCredentials(scope)
220+
if err != nil {
221+
return types, err
222+
}
223+
for _, credential := range credentials {
220224
types = append(types, credential.Type)
221225
}
222-
return types
226+
return types, err
223227
}
224228

225-
func (cs ConfiguredService) GetScope(scope string) ScopeEntry {
229+
func (cs ConfiguredService) GetScope(scope string) (scopeEntry ScopeEntry, err error) {
226230
if scope != SERVICE_DEFAULT_SCOPE {
227-
return cs.ServiceScopes[scope]
231+
scope = cs.DefaultOidcScope
228232
}
229-
return cs.ServiceScopes[cs.DefaultOidcScope]
233+
scopeEntry, exists := cs.ServiceScopes[scope]
234+
if !exists {
235+
return scopeEntry, ErrorNoSuchScope
236+
}
237+
return scopeEntry, nil
230238
}
231239

232-
func (cs ConfiguredService) GetCredentials(scope string) []Credential {
233-
return cs.GetScope(scope).Credentials
240+
func (cs ConfiguredService) GetCredentials(scope string) (credentials []Credential, err error) {
241+
scopeEntry, err := cs.GetScope(scope)
242+
if err != nil {
243+
return credentials, err
244+
}
245+
return scopeEntry.Credentials, err
234246
}
235247

236-
func (cs ConfiguredService) GetPresentationDefinition(scope string) *PresentationDefinition {
237-
return cs.GetScope(scope).PresentationDefinition
248+
func (cs ConfiguredService) GetPresentationDefinition(scope string) (pd *PresentationDefinition, err error) {
249+
scopeEntry, err := cs.GetScope(scope)
250+
if err != nil {
251+
return pd, err
252+
}
253+
return scopeEntry.PresentationDefinition, err
238254
}
239255

240-
func (cs ConfiguredService) GetDcqlQuery(scope string) *DCQL {
241-
return cs.GetScope(scope).DCQL
256+
func (cs ConfiguredService) GetDcqlQuery(scope string) (dcql *DCQL, err error) {
257+
scopeEntry, err := cs.GetScope(scope)
258+
if err != nil {
259+
return dcql, err
260+
}
261+
return scopeEntry.DCQL, err
242262
}
243263

244264
func (cs ConfiguredService) GetCredential(scope, credentialType string) (Credential, bool) {
245-
credentials := cs.GetCredentials(scope)
246-
for _, credential := range credentials {
247-
if credential.Type == credentialType {
248-
return credential, true
265+
credentials, err := cs.GetCredentials(scope)
266+
if err == nil {
267+
for _, credential := range credentials {
268+
if credential.Type == credentialType {
269+
return credential, true
270+
}
249271
}
250272
}
251273
return Credential{}, false

verifier/credentialsConfig.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -34,9 +34,9 @@ type CredentialsConfig interface {
3434
// should return the authorization path to be provided in the redirect
3535
GetAuthorizationPath(serviceIdentifier string) (path string)
3636
// should return the presentationDefinition be requested via the scope parameter
37-
GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *config.PresentationDefinition)
37+
GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *config.PresentationDefinition, err error)
3838
// should return the presentatiodcql to be requested via the scope parameter
39-
GetDcqlQuery(serviceIdentifier string, scope string) (dcql *config.DCQL)
39+
GetDcqlQuery(serviceIdentifier string, scope string) (dcql *config.DCQL, err error)
4040
// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check its issued by a trusted participant.
4141
GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []config.TrustedParticipantsList, err error)
4242
// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check that credentials are issued by trusted issuers
@@ -140,7 +140,7 @@ func (cc ServiceBackedCredentialsConfig) RequiredCredentialTypes(serviceIdentifi
140140
if hit {
141141
logging.Log().Debugf("Found service for %s", serviceIdentifier)
142142
configuredService := cacheEntry.(config.ConfiguredService)
143-
return configuredService.GetRequiredCredentialTypes(scope), nil
143+
return configuredService.GetRequiredCredentialTypes(scope)
144144
}
145145
logging.Log().Errorf("No service entry for %s", serviceIdentifier)
146146
return []string{}, fmt.Errorf("no service %s configured", serviceIdentifier)
@@ -189,25 +189,25 @@ func (cc ServiceBackedCredentialsConfig) GetAuthorizationPath(serviceIdentifier
189189
logging.Log().Debugf("No authorization-path entry for %s", serviceIdentifier)
190190
return ""
191191
}
192-
func (cc ServiceBackedCredentialsConfig) GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *config.PresentationDefinition) {
192+
func (cc ServiceBackedCredentialsConfig) GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *config.PresentationDefinition, err error) {
193193
cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)
194194
if hit {
195195
return cacheEntry.(config.ConfiguredService).GetPresentationDefinition(scope)
196196

197197
}
198198
logging.Log().Debugf("No presentation definition for %s - %s", serviceIdentifier, scope)
199-
return presentationDefinition
199+
return presentationDefinition, nil
200200
}
201201

202-
func (cc ServiceBackedCredentialsConfig) GetDcqlQuery(serviceIdentifier string, scope string) (dcql *config.DCQL) {
202+
func (cc ServiceBackedCredentialsConfig) GetDcqlQuery(serviceIdentifier string, scope string) (dcql *config.DCQL, err error) {
203203
cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)
204204
logging.Log().Debug("Get the dcql")
205205
if hit {
206206
return cacheEntry.(config.ConfiguredService).GetDcqlQuery(scope)
207207

208208
}
209209
logging.Log().Debugf("No dcql for %s - %s", serviceIdentifier, scope)
210-
return dcql
210+
return dcql, nil
211211
}
212212

213213
func (cc ServiceBackedCredentialsConfig) GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []config.TrustedParticipantsList, err error) {

verifier/verifier.go

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1155,13 +1155,19 @@ func (v *CredentialVerifier) createAuthenticationRequestObject(response_uri stri
11551155
}
11561156
jwtBuilder.Expiration(v.clock.Now().Add(time.Second * 30))
11571157

1158-
presentationDefinition := v.credentialsConfig.GetPresentationDefinition(clientId, scope)
1158+
presentationDefinition, err := v.credentialsConfig.GetPresentationDefinition(clientId, scope)
1159+
if err != nil {
1160+
return
1161+
}
11591162
if presentationDefinition != nil {
11601163
logging.Log().Debugf("The definition %s", logging.PrettyPrintObject(presentationDefinition))
11611164
jwtBuilder.Claim("presentation_definition", &presentationDefinition)
11621165
}
11631166

1164-
dcql := v.credentialsConfig.GetDcqlQuery(clientId, scope)
1167+
dcql, err := v.credentialsConfig.GetDcqlQuery(clientId, scope)
1168+
if err != nil {
1169+
return
1170+
}
11651171
if dcql != nil {
11661172
logging.Log().Debugf("The dcql %s", logging.PrettyPrintObject(dcql))
11671173
jwtBuilder.Claim("dcql_query", &dcql)

verifier/verifier_test.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -110,18 +110,18 @@ func (mcc mockCredentialConfig) GetAuthorizationPath(serviceIdentifier string) (
110110
}
111111
return DEFAULT_AUTHORIZATION_PATH
112112
}
113-
func (mcc mockCredentialConfig) GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *configModel.PresentationDefinition) {
113+
func (mcc mockCredentialConfig) GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *configModel.PresentationDefinition, err error) {
114114
if mcc.mockError != nil {
115-
return presentationDefinition
115+
return presentationDefinition, mcc.mockError
116116
}
117-
return mcc.mockScopes[serviceIdentifier][scope].PresentationDefinition
117+
return mcc.mockScopes[serviceIdentifier][scope].PresentationDefinition, mcc.mockError
118118
}
119119

120-
func (mcc mockCredentialConfig) GetDcqlQuery(serviceIdentifier string, scope string) (dcql *configModel.DCQL) {
120+
func (mcc mockCredentialConfig) GetDcqlQuery(serviceIdentifier string, scope string) (dcql *configModel.DCQL, err error) {
121121
if mcc.mockError != nil {
122-
return dcql
122+
return dcql, mcc.mockError
123123
}
124-
return mcc.mockScopes[serviceIdentifier][scope].DCQL
124+
return mcc.mockScopes[serviceIdentifier][scope].DCQL, mcc.mockError
125125
}
126126
func (mcc mockCredentialConfig) GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []configModel.TrustedParticipantsList, err error) {
127127
if mcc.mockError != nil {

0 commit comments

Comments
 (0)