Documentation ¶
Index ¶
- Constants
- Variables
- func InitVerifier(config *configModel.Configuration) (err error)
- type CredentialSubject
- type CredentialVerifier
- func (v *CredentialVerifier) AuthenticationResponse(state string, verifiablePresentation *verifiable.Presentation) (sameDevice SameDeviceResponse, err error)
- func (v *CredentialVerifier) GenerateToken(clientId, subject, audience string, scopes []string, ...) (int64, string, error)
- func (v *CredentialVerifier) GetJWKS() jwk.Set
- func (v *CredentialVerifier) GetOpenIDConfiguration(serviceIdentifier string) (metadata common.OpenIDProviderMetadata, err error)
- func (v *CredentialVerifier) GetToken(authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error)
- func (v *CredentialVerifier) ReturnLoginQR(host string, protocol string, callback string, sessionId string, ...) (qr string, err error)
- func (v *CredentialVerifier) StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, ...) (authenticationRequest string, err error)
- func (v *CredentialVerifier) StartSiopFlow(host string, protocol string, callback string, sessionId string, ...) (connectionString string, err error)
- type CredentialsConfig
- type GaiaXRegistryValidationService
- type JWTVerfificationMethodResolver
- type MappableVerifiableCredential
- type NonceGenerator
- type SameDeviceResponse
- type ServiceBackedCredentialsConfig
- func (cc ServiceBackedCredentialsConfig) GetScope(serviceIdentifier string) (credentialTypes []string, err error)
- func (cc ServiceBackedCredentialsConfig) GetTrustedIssuersLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
- func (cc ServiceBackedCredentialsConfig) GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
- func (cc ServiceBackedCredentialsConfig) RequiredCredentialTypes(serviceIdentifier string, scope string) (credentialTypes []string, err error)
- type TrustBlocValidator
- type TrustRegistriesValidationContext
- type TrustedIssuerValidationService
- type TrustedParticipantValidationService
- type ValidationContext
- type ValidationService
- type VerifiableCredential
- type Verifier
Constants ¶
const CACHE_EXPIRY = 60
const Ed25519VerificationKey2018 = "Ed25519VerificationKey2018"
const RsaVerificationKey2018 = "RsaVerificationKey2018"
const WILDCARD_TIL = "*"
Variables ¶
var ErrorCannotConverContext = errors.New("cannot_convert_context")
var ErrorInvalidTil = errors.New("invalid_til_configured")
var ErrorInvalidVC = errors.New("invalid_vc")
var ErrorNoDID = errors.New("no_did_configured")
var ErrorNoKID = errors.New("no_kid_provided")
var ErrorNoSuchCode = errors.New("no_such_code")
var ErrorNoSuchSession = errors.New("no_such_session")
var ErrorNoTIR = errors.New("no_tir_configured")
var ErrorNoVerificationKey = errors.New("no_verification_key")
var ErrorNotAValidVerficationMethod = errors.New("not_a_valid_verfication_method")
var ErrorRedirectUriMismatch = errors.New("redirect_uri_does_not_match")
var ErrorRequiredCredentialNotProvided = errors.New("required_credential_not_provided")
var ErrorTokenUnparsable = errors.New("unable_to_parse_token")
var ErrorUnresolvableDid = errors.New("unresolvable_did")
var ErrorUnsupportedValidationMode = errors.New("unsupported_validation_mode")
var ErrorVerficationContextSetup = errors.New("no_valid_verification_context")
var ErrorWrongGrantType = errors.New("wrong_grant_type")
var SupportedModes = []string{"none", "combined", "jsonLd", "baseContext"}
Functions ¶
func InitVerifier ¶
func InitVerifier(config *configModel.Configuration) (err error)
* * Initialize the verifier and all its components from the configuration *
Types ¶
type CredentialSubject ¶
type CredentialSubject struct { Id string `mapstructure:"id"` SubjectType string `mapstructure:"type"` Claims map[string]interface{} `mapstructure:",remain"` }
Subset of the structure of a CredentialSubject inside a Verifiable Credential
type CredentialVerifier ¶
type CredentialVerifier struct {
// contains filtered or unexported fields
}
implementation of the verifier, using trustbloc and gaia-x compliance issuers registry as a validation backends.
func (*CredentialVerifier) AuthenticationResponse ¶
func (v *CredentialVerifier) AuthenticationResponse(state string, verifiablePresentation *verifiable.Presentation) (sameDevice SameDeviceResponse, err error)
* * Receive credentials and verify them in the context of an already present login-session. Will return either an error if failed, a sameDevice response to be used for * redirection or notify the original initiator(in case of a cross-device flow) *
func (*CredentialVerifier) GenerateToken ¶
func (v *CredentialVerifier) GenerateToken(clientId, subject, audience string, scopes []string, verifiablePresentation *verifiable.Presentation) (int64, string, error)
func (*CredentialVerifier) GetJWKS ¶
func (v *CredentialVerifier) GetJWKS() jwk.Set
* * Return the JWKS used by the verifier to allow jwt verification *
func (*CredentialVerifier) GetOpenIDConfiguration ¶
func (v *CredentialVerifier) GetOpenIDConfiguration(serviceIdentifier string) (metadata common.OpenIDProviderMetadata, err error)
func (*CredentialVerifier) GetToken ¶
func (v *CredentialVerifier) GetToken(authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error)
* * Returns an already generated jwt from the cache to properly authorized requests. Every token will only be returend once. *
func (*CredentialVerifier) ReturnLoginQR ¶
func (v *CredentialVerifier) ReturnLoginQR(host string, protocol string, callback string, sessionId string, clientId string) (qr string, err error)
* * Initializes the cross-device login flow and returns all neccessary information as a qr-code *
func (*CredentialVerifier) StartSameDeviceFlow ¶
func (v *CredentialVerifier) StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, clientId string) (authenticationRequest string, err error)
* * Starts a same-device siop-flow and returns the required redirection information *
func (*CredentialVerifier) StartSiopFlow ¶
func (v *CredentialVerifier) StartSiopFlow(host string, protocol string, callback string, sessionId string, clientId string) (connectionString string, err error)
* * Starts a siop-flow and returns the required connection information *
type CredentialsConfig ¶
type CredentialsConfig interface { // should return the list of credentialtypes to be requested via the scope parameter GetScope(serviceIdentifier string) (credentialTypes []string, err error) // get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check its issued by a trusted participant. GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error) // get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check that credentials are issued by trusted issuers // and that the issuer has permission to issue such claims. GetTrustedIssuersLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error) // The credential types that are required for the given service and scope RequiredCredentialTypes(serviceIdentifier string, scope string) (credentialTypes []string, err error) }
* * Provides information about credentialTypes associated with services and there trust anchors.
func InitServiceBackedCredentialsConfig ¶
func InitServiceBackedCredentialsConfig(repoConfig *config.ConfigRepo) (credentialsConfig CredentialsConfig, err error)
type GaiaXRegistryValidationService ¶
type GaiaXRegistryValidationService struct {
// contains filtered or unexported fields
}
func InitGaiaXRegistryValidationService ¶
func InitGaiaXRegistryValidationService(verifierConfig *configModel.Verifier) GaiaXRegistryValidationService
func (*GaiaXRegistryValidationService) ValidateVC ¶
func (v *GaiaXRegistryValidationService) ValidateVC(verifiableCredential *verifiable.Credential, validationContext ValidationContext) (result bool, err error)
type JWTVerfificationMethodResolver ¶
type JWTVerfificationMethodResolver struct{}
func (JWTVerfificationMethodResolver) ResolveVerificationMethod ¶
func (jwtVMR JWTVerfificationMethodResolver) ResolveVerificationMethod(verificationMethod string, expectedProofIssuer string) (*vermethod.VerificationMethod, error)
type MappableVerifiableCredential ¶
type MappableVerifiableCredential struct { Id string `mapstructure:"id"` Types []string `mapstructure:"type"` Issuer string `mapstructure:"issuer"` CredentialSubject CredentialSubject `mapstructure:"credentialSubject"` }
TODO Issue fix to mapstructure to enable combination of "DecoderConfig.ErrorUnset" and an unmapped/untagged field
type NonceGenerator ¶
type NonceGenerator interface {
GenerateNonce() string
}
type SameDeviceResponse ¶
type SameDeviceResponse struct { // the redirect target to be informed RedirectTarget string // code of the siop flow Code string // session id provided by the client SessionId string }
Response structure for successful same-device authentications
type ServiceBackedCredentialsConfig ¶
type ServiceBackedCredentialsConfig struct {
// contains filtered or unexported fields
}
func (ServiceBackedCredentialsConfig) GetScope ¶
func (cc ServiceBackedCredentialsConfig) GetScope(serviceIdentifier string) (credentialTypes []string, err error)
FIXME shall we return all scopes or just the default one?
func (ServiceBackedCredentialsConfig) GetTrustedIssuersLists ¶
func (ServiceBackedCredentialsConfig) GetTrustedParticipantLists ¶
func (ServiceBackedCredentialsConfig) RequiredCredentialTypes ¶
func (cc ServiceBackedCredentialsConfig) RequiredCredentialTypes(serviceIdentifier string, scope string) (credentialTypes []string, err error)
type TrustBlocValidator ¶
type TrustBlocValidator struct {
// contains filtered or unexported fields
}
func (TrustBlocValidator) ValidateVC ¶
func (tbv TrustBlocValidator) ValidateVC(verifiableCredential *verifiable.Credential, verificationContext ValidationContext) (result bool, err error)
the credential is already verified after parsing it from the VP, only content validation should happen here.
type TrustRegistriesValidationContext ¶
type TrustRegistriesValidationContext struct {
// contains filtered or unexported fields
}
func (TrustRegistriesValidationContext) GetRequiredCredentialTypes ¶
func (trvc TrustRegistriesValidationContext) GetRequiredCredentialTypes() []string
func (TrustRegistriesValidationContext) GetTrustedIssuersLists ¶
func (trvc TrustRegistriesValidationContext) GetTrustedIssuersLists() map[string][]string
func (TrustRegistriesValidationContext) GetTrustedParticipantLists ¶
func (trvc TrustRegistriesValidationContext) GetTrustedParticipantLists() map[string][]string
type TrustedIssuerValidationService ¶
type TrustedIssuerValidationService struct {
// contains filtered or unexported fields
}
* * The trusted participant verification service will validate the entry of a participant within the trusted list.
func (*TrustedIssuerValidationService) ValidateVC ¶
func (tpvs *TrustedIssuerValidationService) ValidateVC(verifiableCredential *verifiable.Credential, validationContext ValidationContext) (result bool, err error)
type TrustedParticipantValidationService ¶
type TrustedParticipantValidationService struct {
// contains filtered or unexported fields
}
* * The trusted participant validation service will validate the entry of a participant within the trusted list.
func (*TrustedParticipantValidationService) ValidateVC ¶
func (tpvs *TrustedParticipantValidationService) ValidateVC(verifiableCredential *verifiable.Credential, validationContext ValidationContext) (result bool, err error)
type ValidationContext ¶
type ValidationContext interface{}
type ValidationService ¶
type ValidationService interface { // Validates the given VC. FIXME Currently a positiv result is returned even when no policy was checked ValidateVC(verifiableCredential *verifiable.Credential, verificationContext ValidationContext) (result bool, err error) }
type VerifiableCredential ¶
type VerifiableCredential struct { MappableVerifiableCredential // contains filtered or unexported fields }
Subset of the structure of a Verifiable Credential
func MapVerifiableCredential ¶
func MapVerifiableCredential(raw map[string]interface{}) (VerifiableCredential, error)
func (VerifiableCredential) GetCredentialType ¶
func (vc VerifiableCredential) GetCredentialType() string
func (VerifiableCredential) GetIssuer ¶
func (vc VerifiableCredential) GetIssuer() string
func (VerifiableCredential) GetRawData ¶
func (vc VerifiableCredential) GetRawData() map[string]interface{}
type Verifier ¶
type Verifier interface { ReturnLoginQR(host string, protocol string, callback string, sessionId string, clientId string) (qr string, err error) StartSiopFlow(host string, protocol string, callback string, sessionId string, clientId string) (connectionString string, err error) StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, clientId string) (authenticationRequest string, err error) GetToken(authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error) GetJWKS() jwk.Set AuthenticationResponse(state string, verifiablePresentation *verifiable.Presentation) (sameDevice SameDeviceResponse, err error) GenerateToken(clientId, subject, audience string, scope []string, verifiablePresentation *verifiable.Presentation) (int64, string, error) GetOpenIDConfiguration(serviceIdentifier string) (metadata common.OpenIDProviderMetadata, err error) }
verifier interface