owid

package module
v0.1.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 10, 2022 License: Apache-2.0 Imports: 33 Imported by: 8

README

Open Web Id

Open Web Id (OWID)

Open Web Id (OWID) - Simple cryptographically auditable identifiers and processors implemented in Go.

Read the OWID project to learn more about the concepts before looking into this reference implementation.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddHandlers 

func AddHandlers(s *Services)

AddHandlers to the http default mux for shared web state.

func EmptyToBuffer 

func EmptyToBuffer(f *bytes.Buffer) error

EmptyToBuffer writes an empty OWID marker. Used to indicate optional OWIDs in byte arrays.

func HandlerAddKeys added in v0.1.7 

func HandlerAddKeys(s *Services) http.HandlerFunc

HandlerAddKeys adds a key to the signer associated with the domain.

func HandlerRegister 

func HandlerRegister(s *Services) http.HandlerFunc

HandlerRegister handles registering of a domain as a signer.

func HandlerSigner added in v0.1.7 

func HandlerSigner(s *Services) http.HandlerFunc

HandlerSigner Returns the public information associated with the creator.

func HandlerSigners added in v0.1.7 

func HandlerSigners(s *Services) http.HandlerFunc

HandlerSignersAsJSON is a handler that returns a list of all the known domains that relate to signers in JSON format.

func HandlerVerify 

func HandlerVerify(s *Services) http.HandlerFunc

HandlerVerify verifies the signature in the incoming OWID. If the method is POST and the content is binary data then the OWID is created using the FromByteArray method. Otherwise the OWID is constructed form the base 64 encoded string in the owid parameter. Returns true if the OWID is valid, otherwise false.

Types

type AWS 

type AWS struct {
	// contains filtered or unexported fields
}

AWS is a implementation of owid.Store for Amazon's Dynamo DB storage.

func NewAWS 

func NewAWS() (*AWS, error)

NewAWS creates a new instance of the AWS structure cspell:ignore sess

func (*AWS) GetSigner added in v0.1.7 

func (a *AWS) GetSigner(domain string) (*Signer, error)

GetSigner gets signer for domain from internal map, updating the internal map from AWS if the signer is not in the map.

func (*AWS) GetSigners added in v0.1.7 

func (s *AWS) GetSigners() map[string]*Signer

GetSigners returns a map of all the known signers keyed on domain.

type ByteArray added in v0.1.7 

type ByteArray struct {
	Data []byte // The byte array with the data
}

ByteArray is a simple implementation of the data interface

func (*ByteArray) MarshalBinary added in v0.1.7 

func (b *ByteArray) MarshalBinary() ([]byte, error)

BinaryMarshal returns the byte array. Implements encoding.BinaryMarshaler.

func (*ByteArray) MarshalOwid added in v0.1.7 

func (b *ByteArray) MarshalOwid() ([]byte, error)

BinaryMarshal returns the byte array. Implements owid.Marshaler.

type Configuration 

type Configuration struct {
	config.Base `mapstructure:",squash"`
	OwidFile    string `mapstructure:"owidFile"`
	OwidStore   string `mapstructure:"owidStore"`
}

Configuration details from appsettings.json for access to the AWS, Azure, or GCP storage.

func NewConfig 

func NewConfig(file string) Configuration

NewConfig creates a new instance of configuration from the file provided. If the file does not contain a value for some important fields then the environment is checked to see if there is corresponding value present there.

func (*Configuration) Log added in v0.1.7 

func (c *Configuration) Log()

Log prints non sensitive configuration fields to the logger.

type Crypto 

type Crypto struct {
	// contains filtered or unexported fields
}

Crypto structure containing the public and private keys

func NewCrypto 

func NewCrypto() (*Crypto, error)

NewCrypto creates an new instance of the Crypto structure and generates a public / private key pair used to sign and verify OWIDs.

func NewCryptoSignOnly 

func NewCryptoSignOnly(privatePem string) (*Crypto, error)

NewCryptoSignOnly creates a new instance of the Crypto structure for signing OWIDs only from the PEM provided. privatePem PEM format non password protected ECDSA private PEM key.

func NewCryptoVerifyOnly 

func NewCryptoVerifyOnly(publicPemKey string) (*Crypto, error)

NewCryptoVerifyOnly creates a new instance of the Crypto structure for Verifying OWIDs only from the PEM key. publicPemKey PEM format ECDSA public PEM key.

func (*Crypto) SignByteArray 

func (c *Crypto) SignByteArray(data []byte) ([]byte, error)

SignByteArray signs the byte array with the private key of the crypto provider.

func (*Crypto) VerifyByteArray 

func (c *Crypto) VerifyByteArray(data []byte, sig []byte) (bool, error)

VerifyByteArray returns true if the signature is valid for the data.

type Keys added in v0.1.7 

type Keys struct {
	PrivateKey string    `json:"privateKey"` // The private key in PEM format
	PublicKey  string    `json:"publicKey"`  // The public key in PEM format
	Created    time.Time `json:"created"`    // The date and time that the keys were created
	// contains filtered or unexported fields
}

Keys associated with a signer at a given point in time.

func (*Keys) NewCryptoSignOnly added in v0.1.7 

func (k *Keys) NewCryptoSignOnly() (*Crypto, error)

NewCryptoSignOnly creates a new instance of the Crypto structure for signing OWIDs only.

func (*Keys) NewCryptoVerifyOnly added in v0.1.7 

func (k *Keys) NewCryptoVerifyOnly() (*Crypto, error)

NewCryptoVerifyOnly creates a new instance of the Crypto structure for Verifying OWIDs only.

func (*Keys) SubjectPublicKeyInfo added in v0.1.7 

func (k *Keys) SubjectPublicKeyInfo() (string, error)

SubjectPublicKeyInfo returns the public key in SPKI form.

type KeysWithDomain added in v0.1.7 

type KeysWithDomain struct {
	*Keys
	Domain string `json:"domain"`
}

Keys with domain is a structure that also includes the domain of the signer that the key relates to. Used when writing the keys to permanent storage.

type Local 

type Local struct {
	// contains filtered or unexported fields
}

Local store implementation for OWID - data is stored in maps in memory and persisted on disk using JSON files.

func NewLocalStore 

func NewLocalStore(file string) (*Local, error)

NewLocalStore creates a new instance of Local from a given file path.

func (*Local) GetSigner added in v0.1.7 

func (l *Local) GetSigner(domain string) (*Signer, error)

GetSigner gets signer for domain from internal map, updating the internal map if the signer is not in the map.

func (*Local) GetSigners added in v0.1.7 

func (s *Local) GetSigners() map[string]*Signer

GetSigners returns a map of all the known signers keyed on domain.

type Marshaler added in v0.1.7 

type Marshaler interface {

	// Marshal the data to an OWID for signing or verification.
	MarshalOwid() ([]byte, error)
}

Marshaler used to obtain only the data from the target of the OWID that needs to be signed or verified. The normal encoding.BinaryMarshaler implementation may well also contain the OWID as well and there can not be used for the purpose of obtaining the data from the target for signing or verification.

type OWID 

type OWID struct {
	Version   byte      // The byte version of the OWID.
	Domain    string    // Domain associated with the creator.
	TimeStamp time.Time // The date and time to the nearest minute in UTC that the OWID was signed.
	Signature []byte    // Signature for this OWID and the data returned from the target.
	Target    Marshaler // Instance of the object that contains the data related to the OWID.
}

OWID structure which can be used as a node in a tree.

func FromBase64 

func FromBase64(value string, m Marshaler) (*OWID, error)

FromBase64 creates a single OWID from the base 64 string.

func FromBuffer 

func FromBuffer(b *bytes.Buffer, target Marshaler) (*OWID, error)

FromBuffer creates a single OWID from the buffer and data.

func FromByteArray 

func FromByteArray(data []byte, m Marshaler) (*OWID, error)

FromByteArray creates a single OWID from the byte array with the data provided.

func FromForm 

func FromForm(q *url.Values, key string, target Marshaler) (*OWID, error)

FromForm extracts the base64 string from the form and returns the OWID. If the key is missing or the string is not valid then an error is returned.

func NewUnsignedOwid added in v0.1.7 

func NewUnsignedOwid(
	domain string,
	date time.Time,
	target Marshaler) (*OWID, error)

NewUnsignedOwid creates a new unsigned instance of the OWID structure. returns the new OWID

func (*OWID) AgeInMinutes added in v0.1.7 

func (o *OWID) AgeInMinutes() int

AgeInMinutes returns the number of complete minutes that have elapsed since the OWID was created.

func (*OWID) AsBase64 

func (o *OWID) AsBase64() (string, error)

AsBase64 returns the OWID as a base 64 string.

func (*OWID) AsString 

func (o *OWID) AsString() string

AsString returns the OWID as a base 64 string or the text of any error message.

func (*OWID) FromBuffer added in v0.1.7 

func (o *OWID) FromBuffer(b *bytes.Buffer) error

FromBuffer populates the OWID fields from the buffer provided.

func (*OWID) GetTimeStampInMinutes added in v0.1.7 

func (o *OWID) GetTimeStampInMinutes() uint32

GetTimeStampInMinutes returns the date that the OWID was created as the number of minutes since the common.IoDateBase epoch.

func (*OWID) MarshalBinary added in v0.1.7 

func (o *OWID) MarshalBinary() ([]byte, error)

MarshalBinary returns the OWID as a byte array.

func (*OWID) MarshalJSON added in v0.1.7 

func (o *OWID) MarshalJSON() ([]byte, error)

MarshalJSON the OWID to conform to the OneKey source definition. https://github.com/OneKey-Network/addressability-framework/blob/main/mvp-spec/model/source.md Note: the version is added to the JSON with the intention of adding this to the source in OneKey in the future.

func (*OWID) SetTimeStampInMinutes added in v0.1.7 

func (o *OWID) SetTimeStampInMinutes(t uint32)

SetTimeStampInMinutes sets the timestamp in minutes from the common.IoDateBase epoch.

func (*OWID) Sign 

func (o *OWID) Sign(crypto *Crypto) error

Sign the data provided with the crypto instance and update the signature of the OWID. The timestamp is updated to the current time. The domain and timestamp are appended to the target data before signing. The OWID is only considered valid if the timestamp and domain also match. crypto instance to use for signing

func (*OWID) ToBuffer 

func (o *OWID) ToBuffer(f *bytes.Buffer) error

ToBuffer appends the OWID to the buffer provided.

func (*OWID) ToQuery 

func (o *OWID) ToQuery(k string, q *url.Values) error

ToQuery adds the OWID to a query string.

func (*OWID) UnmarshalBinary added in v0.1.7 

func (o *OWID) UnmarshalBinary(data []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler.

func (*OWID) UnmarshalJSON added in v0.1.7 

func (o *OWID) UnmarshalJSON(data []byte) error

UnmarshalJSON from JSON which conforms to the OneKey source definition. https://github.com/OneKey-Network/addressability-framework/blob/main/mvp-spec/model/source.md

func (*OWID) Validate added in v0.1.7 

func (o *OWID) Validate() error

Validate the OWID data structure (not the same as Verify which checks the signature is valid) and returns an error instance if there is a problem.

func (*OWID) Verify 

func (o *OWID) Verify(scheme string) (bool, error)

Verify this OWID and it's ancestors by fetching the public key from the domain in the OWID. scheme to use when fetching the public key from the domain in the OWID Returns true if the signature matches the data, otherwise false.

func (*OWID) VerifyWithCrypto 

func (o *OWID) VerifyWithCrypto(crypto *Crypto) (bool, error)

VerifyWithCrypto the signature in the OWID and the data provided. crypto instance to use for verification Returns true if the signature matches the data, otherwise false.

func (*OWID) VerifyWithPublicKey 

func (o *OWID) VerifyWithPublicKey(public string) (bool, error)

VerifyWithPublicKey the signature in the OWID and the data provided using the public key. public key in PEM format Returns true if the signature matches the data, otherwise false.

type PublicKey added in v0.1.7 

type PublicKey struct {
	PublicKey string    `json:"publicKey,omitempty"` // The public key in PEM format
	Created   time.Time `json:"created"`             // The date and time that the keys were created
}

PublicKey associated with the signer at a given point in time.

type Register 

type Register struct {
	Services          *Services
	Domain            string
	Name              string
	TermsURL          string
	Error             string
	NameError         string
	TermsURLError     string
	ReadOnly          bool
	MinNameLength     int
	MaxNameLength     int
	MaxTermsURLLength int
}

Register contains HTML template data used to register a signer

func (*Register) DisplayErrors 

func (r *Register) DisplayErrors() bool

type Services 

type Services struct {
	// contains filtered or unexported fields
}

Services references all the information needed for OWID methods.

func NewServices 

func NewServices(config *Configuration, store Store, access access.Access) *Services

NewServices a set of services to use with OWID. These provide defaults via the configuration parameter, and access to persistent storage for signer configuration via the store parameter. config

func (*Services) GetSigner added in v0.1.7 

func (s *Services) GetSigner(host string) (*Signer, error)

GetSigner returns the signer from the store used by the service.

func (*Services) GetSignerHttp added in v0.1.7 

func (s *Services) GetSignerHttp(w http.ResponseWriter, r *http.Request) *Signer

GetSignerHttp for the request writing an error to the response if there is no signer for the host associated with the request.

type Signer added in v0.1.7 

type Signer struct {
	Domain   string  `json:"domain"`   // The registered domain name and key field
	Name     string  `json:"name"`     // The common name of the signer
	TermsURL string  `json:"termsUrl"` // URL with the T&Cs associated with the signed data
	Keys     []*Keys `json:"keys"`     // The private and public keys associated with the signer
	// contains filtered or unexported fields
}

Signer of Open Web Ids.

func NewTestDefaultSigner added in v0.1.7 

func NewTestDefaultSigner(t *testing.T) *Signer

NewTestSigner creates a new default test signer. A public test method so that consuming packages can easilly create test signers to verify their OWID target structures.

func NewTestSigner added in v0.1.7 

func NewTestSigner(
	t *testing.T,
	domain string,
	name string,
	termsURL string) *Signer

NewTestSigner creates a new test signer for the domain, name, and terms provided. A public test method so that consuming packages can easilly create test signers to verify their OWID target structures.

func (*Signer) CreateOWIDandSign added in v0.1.7 

func (s *Signer) CreateOWIDandSign(m Marshaler) (*OWID, error)

CreateOWIDandSign the OWID with the payload and signs the result. data to be signed Returns a new OWID for the signer.

func (*Signer) MarshalJSON added in v0.1.7 

func (s *Signer) MarshalJSON() ([]byte, error)

MarshalJSON prevents the signer being marshalled. A safety feature to reduce the risk of accidental exposure of the private keys.

func (*Signer) NewCryptoSignOnly added in v0.1.7 

func (s *Signer) NewCryptoSignOnly() (*Crypto, error)

NewCryptoSignOnly creates a new instance of the Crypto structure for signing OWIDs only.

func (*Signer) NewOwid added in v0.1.7 

func (s *Signer) NewOwid(target Marshaler) (*OWID, error)

NewOwid returns a new unsigned OWID associated with the signer. target associated with the newly created OWID returns the new OWID ready to be signed

func (*Signer) PublicKeys added in v0.1.7 

func (s *Signer) PublicKeys() ([]*PublicKey, error)

PublicKeys creates an array of the public key information.

func (*Signer) Sign added in v0.1.7 

func (s *Signer) Sign(owid *OWID) error

Sign the OWID by updating the signature field. owid to update the signature

func (*Signer) SortKeys added in v0.1.7 

func (s *Signer) SortKeys()

SortKeys in descending order of created date.

func (*Signer) UnmarshalJSON added in v0.1.7 

func (s *Signer) UnmarshalJSON(data []byte) error

UnmarshalJSON prevents the signer being unmarshalled. A safety feature to reduce the risk of accidental exposure of the private keys.

func (*Signer) Verify added in v0.1.7 

func (s *Signer) Verify(owid *OWID) (bool, error)

Verify the OWID and any other OWIDs are valid for this signer. owid containing the signature to verify with the data Returns true if the signature is valid, otherwise false.

The signer has multiple keys and all of them have to be tried against the signature before verification can be complete. The keys are ordered based on proximity to the OWID date field and then tried in order.

type SignerPublic added in v0.1.7 

type SignerPublic struct {
	Domain     string       `json:"domain"`     // The registered domain name and key field
	Name       string       `json:"name"`       // The common name of the signer
	TermsURL   string       `json:"termsUrl"`   // URL with the T&Cs associated with the signed data
	PublicKeys []*PublicKey `json:"publicKeys"` // The public keys associated with the signer
}

Signer of Open Web Ids in a form that can be marshalled for providing public key information to other parties.

type Store 

type Store interface {

	// GetSigner returns the signer information for the domain.
	GetSigner(domain string) (*Signer, error)

	// GetSigners return a map of all the known signers keyed on domain.
	GetSigners() map[string]*Signer
	// contains filtered or unexported methods
}

Store is an interface for accessing persistent signer data for signing and verifying OWIDs.

func NewStore 

func NewStore(c *Configuration) Store

NewStore returns a work implementation of the Store interface for the configuration supplied.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.