Merge pull request #69 from FIWARE/fail

fail for non-existent scopes

Author: wistefan

config/configClient.go

@@ -17,6 +17,7 @@ const SERVICE_DEFAULT_SCOPE = ""
 var ErrorCcsNoResponse = errors.New("no_response_from_ccs")
 var ErrorCcsErrorResponse = errors.New("error_response_from_ccs")
 var ErrorCcsEmptyResponse = errors.New("empty_response_from_ccs")
+var ErrorNoSuchScope = errors.New("requested_scope_does_not_exist")
 
 type HttpClient interface {
 	Get(url string) (resp *http.Response, err error)
@@ -214,38 +215,59 @@ type CredentialSetQuery struct {
 	Purpose interface{} `json:"purpose,omitempty" mapstructure:"purpose,omitempty"`
 }
 
-func (cs ConfiguredService) GetRequiredCredentialTypes(scope string) []string {
-	types := []string{}
-	for _, credential := range cs.GetCredentials(scope) {
+func (cs ConfiguredService) GetRequiredCredentialTypes(scope string) (types []string, err error) {
+	credentials, err := cs.GetCredentials(scope)
+	if err != nil {
+		return types, err
+	}
+	for _, credential := range credentials {
 		types = append(types, credential.Type)
 	}
-	return types
+	return types, err
 }
 
-func (cs ConfiguredService) GetScope(scope string) ScopeEntry {
+func (cs ConfiguredService) GetScope(scope string) (scopeEntry ScopeEntry, err error) {
 	if scope != SERVICE_DEFAULT_SCOPE {
-		return cs.ServiceScopes[scope]
+		scope = cs.DefaultOidcScope
 	}
-	return cs.ServiceScopes[cs.DefaultOidcScope]
+	scopeEntry, exists := cs.ServiceScopes[scope]
+	if !exists {
+		return scopeEntry, ErrorNoSuchScope
+	}
+	return scopeEntry, nil
 }
 
-func (cs ConfiguredService) GetCredentials(scope string) []Credential {
-	return cs.GetScope(scope).Credentials
+func (cs ConfiguredService) GetCredentials(scope string) (credentials []Credential, err error) {
+	scopeEntry, err := cs.GetScope(scope)
+	if err != nil {
+		return credentials, err
+	}
+	return scopeEntry.Credentials, err
 }
 
-func (cs ConfiguredService) GetPresentationDefinition(scope string) *PresentationDefinition {
-	return cs.GetScope(scope).PresentationDefinition
+func (cs ConfiguredService) GetPresentationDefinition(scope string) (pd *PresentationDefinition, err error) {
+	scopeEntry, err := cs.GetScope(scope)
+	if err != nil {
+		return pd, err
+	}
+	return scopeEntry.PresentationDefinition, err
 }
 
-func (cs ConfiguredService) GetDcqlQuery(scope string) *DCQL {
-	return cs.GetScope(scope).DCQL
+func (cs ConfiguredService) GetDcqlQuery(scope string) (dcql *DCQL, err error) {
+	scopeEntry, err := cs.GetScope(scope)
+	if err != nil {
+		return dcql, err
+	}
+	return scopeEntry.DCQL, err
 }
 
 func (cs ConfiguredService) GetCredential(scope, credentialType string) (Credential, bool) {
-	credentials := cs.GetCredentials(scope)
-	for _, credential := range credentials {
-		if credential.Type == credentialType {
-			return credential, true
+	credentials, err := cs.GetCredentials(scope)
+	if err == nil {
+		for _, credential := range credentials {
+			if credential.Type == credentialType {
+				return credential, true
+			}
 		}
 	}
 	return Credential{}, false

verifier/credentialsConfig.go

@@ -34,9 +34,9 @@ type CredentialsConfig interface {
 	// should return the authorization path to be provided in the redirect
 	GetAuthorizationPath(serviceIdentifier string) (path string)
 	// should return the presentationDefinition be requested via the scope parameter
-	GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *config.PresentationDefinition)
+	GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *config.PresentationDefinition, err error)
 	// should return the presentatiodcql to be requested via the scope parameter
-	GetDcqlQuery(serviceIdentifier string, scope string) (dcql *config.DCQL)
+	GetDcqlQuery(serviceIdentifier string, scope string) (dcql *config.DCQL, err error)
 	// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check its issued by a trusted participant.
 	GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []config.TrustedParticipantsList, err error)
 	// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check that credentials are issued by trusted issuers
@@ -140,7 +140,7 @@ func (cc ServiceBackedCredentialsConfig) RequiredCredentialTypes(serviceIdentifi
 	if hit {
 		logging.Log().Debugf("Found service for %s", serviceIdentifier)
 		configuredService := cacheEntry.(config.ConfiguredService)
-		return configuredService.GetRequiredCredentialTypes(scope), nil
+		return configuredService.GetRequiredCredentialTypes(scope)
 	}
 	logging.Log().Errorf("No service entry for %s", serviceIdentifier)
 	return []string{}, fmt.Errorf("no service %s configured", serviceIdentifier)
@@ -189,25 +189,25 @@ func (cc ServiceBackedCredentialsConfig) GetAuthorizationPath(serviceIdentifier
 	logging.Log().Debugf("No authorization-path entry for %s", serviceIdentifier)
 	return ""
 }
-func (cc ServiceBackedCredentialsConfig) GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *config.PresentationDefinition) {
+func (cc ServiceBackedCredentialsConfig) GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *config.PresentationDefinition, err error) {
 	cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)
 	if hit {
 		return cacheEntry.(config.ConfiguredService).GetPresentationDefinition(scope)
 
 	}
 	logging.Log().Debugf("No presentation definition for %s - %s", serviceIdentifier, scope)
-	return presentationDefinition
+	return presentationDefinition, nil
 }
 
-func (cc ServiceBackedCredentialsConfig) GetDcqlQuery(serviceIdentifier string, scope string) (dcql *config.DCQL) {
+func (cc ServiceBackedCredentialsConfig) GetDcqlQuery(serviceIdentifier string, scope string) (dcql *config.DCQL, err error) {
 	cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)
 	logging.Log().Debug("Get the dcql")
 	if hit {
 		return cacheEntry.(config.ConfiguredService).GetDcqlQuery(scope)
 
 	}
 	logging.Log().Debugf("No dcql for %s - %s", serviceIdentifier, scope)
-	return dcql
+	return dcql, nil
 }
 
 func (cc ServiceBackedCredentialsConfig) GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []config.TrustedParticipantsList, err error) {

verifier/verifier.go

@@ -1155,13 +1155,19 @@ func (v *CredentialVerifier) createAuthenticationRequestObject(response_uri stri
 	}
 	jwtBuilder.Expiration(v.clock.Now().Add(time.Second * 30))
 
-	presentationDefinition := v.credentialsConfig.GetPresentationDefinition(clientId, scope)
+	presentationDefinition, err := v.credentialsConfig.GetPresentationDefinition(clientId, scope)
+	if err != nil {
+		return
+	}
 	if presentationDefinition != nil {
 		logging.Log().Debugf("The definition %s", logging.PrettyPrintObject(presentationDefinition))
 		jwtBuilder.Claim("presentation_definition", &presentationDefinition)
 	}
 
-	dcql := v.credentialsConfig.GetDcqlQuery(clientId, scope)
+	dcql, err := v.credentialsConfig.GetDcqlQuery(clientId, scope)
+	if err != nil {
+		return
+	}
 	if dcql != nil {
 		logging.Log().Debugf("The dcql %s", logging.PrettyPrintObject(dcql))
 		jwtBuilder.Claim("dcql_query", &dcql)

verifier/verifier_test.go

@@ -110,18 +110,18 @@ func (mcc mockCredentialConfig) GetAuthorizationPath(serviceIdentifier string) (
 	}
 	return DEFAULT_AUTHORIZATION_PATH
 }
-func (mcc mockCredentialConfig) GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *configModel.PresentationDefinition) {
+func (mcc mockCredentialConfig) GetPresentationDefinition(serviceIdentifier string, scope string) (presentationDefinition *configModel.PresentationDefinition, err error) {
 	if mcc.mockError != nil {
-		return presentationDefinition
+		return presentationDefinition, mcc.mockError
 	}
-	return mcc.mockScopes[serviceIdentifier][scope].PresentationDefinition
+	return mcc.mockScopes[serviceIdentifier][scope].PresentationDefinition, mcc.mockError
 }
 
-func (mcc mockCredentialConfig) GetDcqlQuery(serviceIdentifier string, scope string) (dcql *configModel.DCQL) {
+func (mcc mockCredentialConfig) GetDcqlQuery(serviceIdentifier string, scope string) (dcql *configModel.DCQL, err error) {
 	if mcc.mockError != nil {
-		return dcql
+		return dcql, mcc.mockError
 	}
-	return mcc.mockScopes[serviceIdentifier][scope].DCQL
+	return mcc.mockScopes[serviceIdentifier][scope].DCQL, mcc.mockError
 }
 func (mcc mockCredentialConfig) GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []configModel.TrustedParticipantsList, err error) {
 	if mcc.mockError != nil {