verifier

package
v0.0.0-...-f2ba1b1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 21, 2024 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source 
const CACHE_EXPIRY = 60
View Source 
const Ed25519VerificationKey2018 = "Ed25519VerificationKey2018"
View Source 
const RsaVerificationKey2018 = "RsaVerificationKey2018"
View Source 
const WILDCARD_TIL = "*"

Variables

View Source 
var ErrorCannotConverContext = errors.New("cannot_convert_context")
View Source 
var ErrorInvalidTil = errors.New("invalid_til_configured")
View Source 
var ErrorInvalidVC = errors.New("invalid_vc")
View Source 
var ErrorNoDID = errors.New("no_did_configured")
View Source 
var ErrorNoKID = errors.New("no_kid_provided")
View Source 
var ErrorNoSuchCode = errors.New("no_such_code")
View Source 
var ErrorNoSuchSession = errors.New("no_such_session")
View Source 
var ErrorNoTIR = errors.New("no_tir_configured")
View Source 
var ErrorNoVerificationKey = errors.New("no_verification_key")
View Source 
var ErrorNotAValidVerficationMethod = errors.New("not_a_valid_verfication_method")
View Source 
var ErrorRedirectUriMismatch = errors.New("redirect_uri_does_not_match")
View Source 
var ErrorRequiredCredentialNotProvided = errors.New("required_credential_not_provided")
View Source 
var ErrorTokenUnparsable = errors.New("unable_to_parse_token")
View Source 
var ErrorUnresolvableDid = errors.New("unresolvable_did")
View Source 
var ErrorUnsupportedValidationMode = errors.New("unsupported_validation_mode")
View Source 
var ErrorVerficationContextSetup = errors.New("no_valid_verification_context")
View Source 
var ErrorWrongGrantType = errors.New("wrong_grant_type")
View Source 
var SupportedModes = []string{"none", "combined", "jsonLd", "baseContext"}

Functions

func InitVerifier 

func InitVerifier(config *configModel.Configuration) (err error)

* * Initialize the verifier and all its components from the configuration *

Types

type CredentialSubject 

type CredentialSubject struct {
	Id          string                 `mapstructure:"id"`
	SubjectType string                 `mapstructure:"type"`
	Claims      map[string]interface{} `mapstructure:",remain"`
}

Subset of the structure of a CredentialSubject inside a Verifiable Credential

type CredentialVerifier 

type CredentialVerifier struct {
	// contains filtered or unexported fields
}

implementation of the verifier, using trustbloc and gaia-x compliance issuers registry as a validation backends.

func (*CredentialVerifier) AuthenticationResponse 

func (v *CredentialVerifier) AuthenticationResponse(state string, verifiablePresentation *verifiable.Presentation) (sameDevice SameDeviceResponse, err error)

* * Receive credentials and verify them in the context of an already present login-session. Will return either an error if failed, a sameDevice response to be used for * redirection or notify the original initiator(in case of a cross-device flow) *

func (*CredentialVerifier) GenerateToken 

func (v *CredentialVerifier) GenerateToken(clientId, subject, audience string, scopes []string, verifiablePresentation *verifiable.Presentation) (int64, string, error)

func (*CredentialVerifier) GetJWKS 

func (v *CredentialVerifier) GetJWKS() jwk.Set

* * Return the JWKS used by the verifier to allow jwt verification *

func (*CredentialVerifier) GetOpenIDConfiguration 

func (v *CredentialVerifier) GetOpenIDConfiguration(serviceIdentifier string) (metadata common.OpenIDProviderMetadata, err error)

func (*CredentialVerifier) GetToken 

func (v *CredentialVerifier) GetToken(authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error)

* * Returns an already generated jwt from the cache to properly authorized requests. Every token will only be returend once. *

func (*CredentialVerifier) ReturnLoginQR 

func (v *CredentialVerifier) ReturnLoginQR(host string, protocol string, callback string, sessionId string, clientId string) (qr string, err error)

* * Initializes the cross-device login flow and returns all neccessary information as a qr-code *

func (*CredentialVerifier) StartSameDeviceFlow 

func (v *CredentialVerifier) StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, clientId string) (authenticationRequest string, err error)

* * Starts a same-device siop-flow and returns the required redirection information *

func (*CredentialVerifier) StartSiopFlow 

func (v *CredentialVerifier) StartSiopFlow(host string, protocol string, callback string, sessionId string, clientId string) (connectionString string, err error)

* * Starts a siop-flow and returns the required connection information *

type CredentialsConfig 

type CredentialsConfig interface {
	// should return the list of credentialtypes to be requested via the scope parameter
	GetScope(serviceIdentifier string) (credentialTypes []string, err error)
	// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check its issued by a trusted participant.
	GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
	// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check that credentials are issued by trusted issuers
	// and that the issuer has permission to issue such claims.
	GetTrustedIssuersLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
	// The credential types that are required for the given service and scope
	RequiredCredentialTypes(serviceIdentifier string, scope string) (credentialTypes []string, err error)
}

* * Provides information about credentialTypes associated with services and there trust anchors.

func InitServiceBackedCredentialsConfig 

func InitServiceBackedCredentialsConfig(repoConfig *config.ConfigRepo) (credentialsConfig CredentialsConfig, err error)

type GaiaXRegistryValidationService 

type GaiaXRegistryValidationService struct {
	// contains filtered or unexported fields
}

func InitGaiaXRegistryValidationService 

func InitGaiaXRegistryValidationService(verifierConfig *configModel.Verifier) GaiaXRegistryValidationService

func (*GaiaXRegistryValidationService) ValidateVC 

func (v *GaiaXRegistryValidationService) ValidateVC(verifiableCredential *verifiable.Credential, validationContext ValidationContext) (result bool, err error)

type JWTVerfificationMethodResolver 

type JWTVerfificationMethodResolver struct{}

func (JWTVerfificationMethodResolver) ResolveVerificationMethod 

func (jwtVMR JWTVerfificationMethodResolver) ResolveVerificationMethod(verificationMethod string, expectedProofIssuer string) (*vermethod.VerificationMethod, error)

type MappableVerifiableCredential 

type MappableVerifiableCredential struct {
	Id                string            `mapstructure:"id"`
	Types             []string          `mapstructure:"type"`
	Issuer            string            `mapstructure:"issuer"`
	CredentialSubject CredentialSubject `mapstructure:"credentialSubject"`
}

TODO Issue fix to mapstructure to enable combination of "DecoderConfig.ErrorUnset" and an unmapped/untagged field

type NonceGenerator 

type NonceGenerator interface {
	GenerateNonce() string
}

type SameDeviceResponse 

type SameDeviceResponse struct {
	// the redirect target to be informed
	RedirectTarget string
	// code of the siop flow
	Code string
	// session id provided by the client
	SessionId string
}

Response structure for successful same-device authentications

type ServiceBackedCredentialsConfig 

type ServiceBackedCredentialsConfig struct {
	// contains filtered or unexported fields
}

func (ServiceBackedCredentialsConfig) GetScope 

func (cc ServiceBackedCredentialsConfig) GetScope(serviceIdentifier string) (credentialTypes []string, err error)

FIXME shall we return all scopes or just the default one?

func (ServiceBackedCredentialsConfig) GetTrustedIssuersLists 

func (cc ServiceBackedCredentialsConfig) GetTrustedIssuersLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)

func (ServiceBackedCredentialsConfig) GetTrustedParticipantLists 

func (cc ServiceBackedCredentialsConfig) GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)

func (ServiceBackedCredentialsConfig) RequiredCredentialTypes 

func (cc ServiceBackedCredentialsConfig) RequiredCredentialTypes(serviceIdentifier string, scope string) (credentialTypes []string, err error)

type TrustBlocValidator 

type TrustBlocValidator struct {
	// contains filtered or unexported fields
}

func (TrustBlocValidator) ValidateVC 

func (tbv TrustBlocValidator) ValidateVC(verifiableCredential *verifiable.Credential, verificationContext ValidationContext) (result bool, err error)

the credential is already verified after parsing it from the VP, only content validation should happen here.

type TrustRegistriesValidationContext 

type TrustRegistriesValidationContext struct {
	// contains filtered or unexported fields
}

func (TrustRegistriesValidationContext) GetRequiredCredentialTypes 

func (trvc TrustRegistriesValidationContext) GetRequiredCredentialTypes() []string

func (TrustRegistriesValidationContext) GetTrustedIssuersLists 

func (trvc TrustRegistriesValidationContext) GetTrustedIssuersLists() map[string][]string

func (TrustRegistriesValidationContext) GetTrustedParticipantLists 

func (trvc TrustRegistriesValidationContext) GetTrustedParticipantLists() map[string][]string

type TrustedIssuerValidationService 

type TrustedIssuerValidationService struct {
	// contains filtered or unexported fields
}

* * The trusted participant verification service will validate the entry of a participant within the trusted list.

func (*TrustedIssuerValidationService) ValidateVC 

func (tpvs *TrustedIssuerValidationService) ValidateVC(verifiableCredential *verifiable.Credential, validationContext ValidationContext) (result bool, err error)

type TrustedParticipantValidationService 

type TrustedParticipantValidationService struct {
	// contains filtered or unexported fields
}

* * The trusted participant validation service will validate the entry of a participant within the trusted list.

func (*TrustedParticipantValidationService) ValidateVC 

func (tpvs *TrustedParticipantValidationService) ValidateVC(verifiableCredential *verifiable.Credential, validationContext ValidationContext) (result bool, err error)

type ValidationContext 

type ValidationContext interface{}

type ValidationService 

type ValidationService interface {
	// Validates the given VC. FIXME Currently a positiv result is returned even when no policy was checked
	ValidateVC(verifiableCredential *verifiable.Credential, verificationContext ValidationContext) (result bool, err error)
}

type VerifiableCredential 

type VerifiableCredential struct {
	MappableVerifiableCredential
	// contains filtered or unexported fields
}

Subset of the structure of a Verifiable Credential

func MapVerifiableCredential 

func MapVerifiableCredential(raw map[string]interface{}) (VerifiableCredential, error)

func (VerifiableCredential) GetCredentialType 

func (vc VerifiableCredential) GetCredentialType() string

func (VerifiableCredential) GetIssuer 

func (vc VerifiableCredential) GetIssuer() string

func (VerifiableCredential) GetRawData 

func (vc VerifiableCredential) GetRawData() map[string]interface{}

type Verifier 

type Verifier interface {
	ReturnLoginQR(host string, protocol string, callback string, sessionId string, clientId string) (qr string, err error)
	StartSiopFlow(host string, protocol string, callback string, sessionId string, clientId string) (connectionString string, err error)
	StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, clientId string) (authenticationRequest string, err error)
	GetToken(authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error)
	GetJWKS() jwk.Set
	AuthenticationResponse(state string, verifiablePresentation *verifiable.Presentation) (sameDevice SameDeviceResponse, err error)
	GenerateToken(clientId, subject, audience string, scope []string, verifiablePresentation *verifiable.Presentation) (int64, string, error)
	GetOpenIDConfiguration(serviceIdentifier string) (metadata common.OpenIDProviderMetadata, err error)
}

verifier interface

func GetVerifier 

func GetVerifier() Verifier

* * Global singelton access to the verifier *

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.