README
¶
NZCP validator
Validates NZCP passes according to https://nzcp.covid19.health.nz.
Example
This is output from the example program in cli/:
Scan QR code> NZCP:/1/2KCEVIQEIVVWK6JNGEASNICZAEP2KALYDZSGSZB2O5SWEOTOPJRXALTDN53GSZBRHEXGQZLBNR2GQLTOPICRUYMBTIFAIGTUKBAAUYTWMOSGQQDDN5XHIZLYOSBHQJTIOR2HA4Z2F4XXO53XFZ3TGLTPOJTS6MRQGE4C6Y3SMVSGK3TUNFQWY4ZPOYYXQKTIOR2HA4Z2F4XW46TDOAXGG33WNFSDCOJONBSWC3DUNAXG46RPMNXW45DFPB2HGL3WGFTXMZLSONUW63TFGEXDALRQMR2HS4DFQJ2FMZLSNFTGSYLCNRSUG4TFMRSW45DJMFWG6UDVMJWGSY2DN53GSZCQMFZXG4LDOJSWIZLOORUWC3CTOVRGUZLDOSRWSZ3JOZSW4TTBNVSWISTBMNVWUZTBNVUWY6KOMFWWKZ2TOBQXE4TPO5RWI33CNIYTSNRQFUYDILJRGYDVAYFE6VGU4MCDGK7DHLLYWHVPUS2YIDJOA6Y524TD3AZRM263WTY2BE4DPKIF27WKF3UDNNVSVWRDYIYVJ65IRJJJ6Z25M2DO4YZLBHWFQGVQR5ZLIWEQJOZTS3IQ7JTNCFDX
Given name: Jack
Family name: Sparrow
Date of birth: 1960-04-16
Valid between: 2021-11-03 to 2031-11-03
Pass ID: urn:uuid:60a4f54d-4e30-4332-be33-ad78b1eafa4b
Signing key: did:web:nzcp.covid19.health.nz#key-1
Signature: 0uB7HdcmPYMxZr27TxoJODepBdfsou6Da2sq2iPCMVT7qIpSn2ddZobuYysJ7FgasI9ytFiQS7M5bRD6ZtEUdw
Validation: FAIL
> Untrusted issuer: got 'did:web:nzcp.covid19.health.nz'
> Unknown public key: got 'did:web:nzcp.covid19.health.nz#key-1'
See example_test.go and tests for more examples.
License
Copyright (c) 2021 Jonathan Chow
This project is licensed under the terms of the MIT license. See LICENSE for the full license text.
Documentation
¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrMissingNZCPPrefix = errors.New("Missing prefix 'NZCP:/'") ErrMissingNZCPVersion = errors.New("Missing NZCP version") ErrBadNZCPVersion = errors.New("Bad NZCP version") ErrMissingNZCPPayload = errors.New("Missing NZCP payload") ErrBadNZCPPayload = errors.New("Bad NZCP payload") ErrInvalidTokenFormat = errors.New("Invalid token format") ErrInvalidTokenHeader = errors.New("Invalid token header") ErrInvalidTokenBody = errors.New("Invalid token body") )
var ( ErrBadSignature = errors.New("Bad signature") ErrInvalidSigningAlgorithm = errors.New("Invalid signing algorithm") ErrUntrustedIssuer = errors.New("Untrusted issuer") ErrUnknownPublicKey = errors.New("Unknown public key") ErrTokenNotActive = errors.New("Token not yet active") ErrTokenExpired = errors.New("Token has expired") ErrInvalidCTI = errors.New("Invalid CTI") ErrInvalidClaimsContext = errors.New("Claims context is invalid") ErrInvalidClaimsType = errors.New("Claims type is invalid") ErrInvalidTokenVersion = errors.New("Token version is invalid") )
Functions ¶
func ValidateToken ¶
ValidateToken validates token t only accepting the trusted issuers in the official specification. If the token is invalid, a slice of all validation errors is returned. Otherwise, nil is returned.
Types ¶
type CredentialSubject ¶
type Token ¶
type Token struct {
KeyID string
Algorithm int
Issuer string
NotBefore time.Time
Expires time.Time
JTI string
VerifiableCredential VerifiableCredential
Signature []byte
// contains filtered or unexported fields
}
func NewToken ¶
NewToken parses an encoded NZCP from the QR code data. If err is nil, the token has been successfully unmarshalled, but it has not been validated. This is so that the data in the QR code can be displayed whether the token is valid or not. Use t.Valid() to validate.
Example ¶
package main
import (
"encoding/json"
"fmt"
"github.com/echojc/nzcpv"
)
func main() {
q := "NZCP:/1/2KCEVIQEIVVWK6JNGEASNICZAEP2KALYDZSGSZB2O5SWEOTOPJRXALTDN53GSZBRHEXGQZLBNR2GQLTOPICRUYMBTIFAIGTUKBAAUYTWMOSGQQDDN5XHIZLYOSBHQJTIOR2HA4Z2F4XXO53XFZ3TGLTPOJTS6MRQGE4C6Y3SMVSGK3TUNFQWY4ZPOYYXQKTIOR2HA4Z2F4XW46TDOAXGG33WNFSDCOJONBSWC3DUNAXG46RPMNXW45DFPB2HGL3WGFTXMZLSONUW63TFGEXDALRQMR2HS4DFQJ2FMZLSNFTGSYLCNRSUG4TFMRSW45DJMFWG6UDVMJWGSY2DN53GSZCQMFZXG4LDOJSWIZLOORUWC3CTOVRGUZLDOSRWSZ3JOZSW4TTBNVSWISTBMNVWUZTBNVUWY6KOMFWWKZ2TOBQXE4TPO5RWI33CNIYTSNRQFUYDILJRGYDVAYFE6VGU4MCDGK7DHLLYWHVPUS2YIDJOA6Y524TD3AZRM263WTY2BE4DPKIF27WKF3UDNNVSVWRDYIYVJ65IRJJJ6Z25M2DO4YZLBHWFQGVQR5ZLIWEQJOZTS3IQ7JTNCFDX"
t, err := nzcpv.NewToken(q)
if err != nil {
fmt.Println(err)
return
}
// pretty print
s, _ := json.MarshalIndent(t, "", " ")
fmt.Println(string(s))
}
Output: { "KeyID": "key-1", "Algorithm": -7, "Issuer": "did:web:nzcp.covid19.health.nz", "NotBefore": "2021-11-03T09:05:30+13:00", "Expires": "2031-11-03T09:05:30+13:00", "JTI": "urn:uuid:60a4f54d-4e30-4332-be33-ad78b1eafa4b", "VerifiableCredential": { "Context": [ "https://www.w3.org/2018/credentials/v1", "https://nzcp.covid19.health.nz/contexts/v1" ], "Version": "1.0.0", "Type": [ "VerifiableCredential", "PublicCovidPass" ], "CredentialSubject": { "GivenName": "Jack", "FamilyName": "Sparrow", "DOB": "1960-04-16" } }, "Signature": "0uB7HdcmPYMxZr27TxoJODepBdfsou6Da2sq2iPCMVT7qIpSn2ddZobuYysJ7FgasI9ytFiQS7M5bRD6ZtEUdw==" }
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
Validator is a struct that holds a list of trusted issuers and keys for validating tokens. The zero-value is NOT usable. Use NewValidator() instead.
func NewValidator ¶
func NewValidator() *Validator
NewValidator creates a token validator to which non-trusted issuers and public keys can be added. This is intended for testing purposes only. To ensure compliance to the specification, the default validator should be used instead via the ValidateToken() function.
func (*Validator) RegisterIssuer ¶
RegisterIssuer instructs the validator to treat iss as a valid issuer for NZCPs. This is intended for testing purposes only.
func (*Validator) RegisterPublicKey ¶
RegisterPublicKey instructs the validator to treat id and its associated public key as valid for NZCPs. This is intended for testing purposes only.
func (*Validator) ValidateToken ¶
ValidateToken validates token t according to the configuration of the Validator. If the token is invalid, a slice of all validation errors is returned. Otherwise, nil is returned.
type VerifiableCredential ¶
type VerifiableCredential struct {
Context []string `cbor:"@context"`
Version string `cbor:"version"`
Type []string `cbor:"type"`
CredentialSubject CredentialSubject `cbor:"credentialSubject"`
}
Source Files
Directories