README
¶
bankid
A Golang wrapper around the Swedish BankID appapi v5.1
bankid.go provides a minimal higher-level wrapper around the Swedish BankID's v.5.1 appapi.
Note!
This library is still under construction, and you are not! encouraged to use it in a production environment!
Installation
go get github.com/hossner/bankid
Use case
The purpose of this library is to provide a simple way for Go applications to integrate with the Swedish BankID service. The use case for doing so is:
- Define a call back function
function myCallBack(sessionId, message, details string){
fmt.Println("Session ID:", sessionId, " sent message:", message, " with the details:", details)
}
- Create an instance of the bankid.Connection struct with the call back function as argument.
conn := bankid.New("", myCallBack)
defer bankid.Close
- For each request from the client, call the bankid.Connection.SendRequest method. Note that the remote client's IP address must be provided as the first argument.
sessionID := conn.SendRequest("192.168.0.1", "", "", nil, nil)
Now, at every status update of the request the call back function myCallBack is called, allowing for handling of the session accordingly.
If required, more customization is possible through the configuration file (path provided as argument to the bankid.New function) and/or a bankid.Requirement struct, provided as argument to the bankid.Connection.SendRequest method at each request.
More details about the exported structs and functions below.
The config file
The configuration file is a JSON formatted text file, the different settings explained below.
Section certStore
User authenticated TLS is used to establish an authenticated connection with the BankID service. The required client certificate with key, and the CA certificate, are stored in the certStorePath directory. The client certificate and key are stored in userP12FileName, with the password for the file in userPrivateKeyPassword. The CA certificate is stored in caCertFileName.
Section httpClientConfig
The Host and Content-type values are used in the HTTP client when comunicating with the BankID service. The values provided in the example configuration file are currently the only ones accepted.
serviceURL
The serviceURL can be set to point to either the test endpoint or the production end point. The value in the provided example configuration file points to the test endpoint.
pollDelay
The pollDelay value (in milliseconds) defines how often the BankID service should be polled for status updates for the ongoing requests. Values lower than 2000 (2 seconds) are not allowed and will default to 2000.
logFile
Path to log file to be used by the library. If this value is set to empty string, logging is done to stderr.
logLevel
Integer value 0-5 to enable/disable logging. A value of 0 disables logging, 1 equals debug logging, 2 warnings, 3 errors, 4 and 5 critical log messages. Note that the log is not rotated in this version, so logging should only be enabled in debug purposes.
QR codes
For use with QR code(s), an aditional call back function has to be declared, and sent as the last parameter to the SendRequest function. This call back function will then be called every second, for as long as the transaction is outstanding, providing a QR code to display to the user. The QR code is in PNG format in a byte array.
Also note that the TokenStartRequred parameter must be set in the Auth/Sign requirements in order to enable the use of QR codes. Below is an example of how this could be done.
- Define a call back function
function myCallBack(sessionId, message, details string){
fmt.Println("Session ID:", sessionId, " sent message:", message, " with the details:", details)
}
- Define a call back function for receiving QR codes every second, to be displayed to the user
function onQRCodeRenewal(pngImg []byte, sessionID string){
fmt.Println("Session ID:", sessionId, "received data for an updated QR code")
// Update the display/page with the received pngImg data
}
- Create an instance of the bankid.Connection struct with the call back function as argument.
conn := bankid.New("", myCallBack)
defer bankid.Close
- For each request from the client, call the bankid.Connection.SendRequest method. Note that the remote client's IP address must be provided as the first argument, and to enable the use of QR code(s) a pointer to a
Requirementsstruct and aFOnNewQRCodecall back function is also provided as arguments.
sessionID := conn.SendRequest("192.168.0.1", "", "", &bankid.Requirements{TokenStartReqired: true}, onQRCodeRenewal)
Now, at every status update of the request the call back function myCallBack is called just as before, allowing for handling of the session accordingly. As long as the request is outstanding, the call back function onQRCodeRenewal will in addition also be called every second, providing a PNG formatted byte array to be displayed for the user.
Formatted text to sign
The support for formatted userVisibleData in the BankID RPv5.1 specifications is not yet implemented in this library.
Auth/Sign requirements
Specific requirements may be needed at Auth or Sign requests. These requirements can be provided as a pointer to a Requirement struct as an argument to the SendRequest method. The different members of the struct are briefly described below. For more information about the different requirements, plase see the official documentation.
PersonalNumber
If the user is authenticating by providing his/her personal number then that personal number is set through this member. It has to be a 12 digit correct Swedish personal number.
UserNoneVisibleData
Data not visible to the user can be provided as part of the BankID signature, signed by the user. This data must be Base64 encoded and max 40.000 characters after encoding.
CardReader
If the user is required to use a card reader, this member can be set to either class1 to force usage of at least a transparent card readers (where the PIN code is entered using the computer's key pad) or class2 requiring the use of a key pad provided card reader. Please note that CertificatePolicies should be used iin conjunction with this member to avoid undefined behavior.
CertificatePolicies
This member can be used to force usage of the diffent types of BankID (file based, mobile phone based or smart card based). Please see the official documentation for more information.
IssuerCN
Not needed in normal usage, please see the official documentation for more information.
TokenStartRequired
This can be set to true either to be able to autostart the BankID App on the same device, through app switching using the autoStartToken, or to allow the usage of QR codes. This library only supports usage of "animated", or continuously updated, QR codes. See FOnNewQRCode for more information.
AllowFingerprint
If set to true users of iOS and Android devices may use fingerprint for authentication and signing, if the device supports it, if the user has configured the device to use it, and if the user has configured BankID to use it.
Example usage
See the example folder.
BankID appapi v5.1 documentation
See https://bankid.com/rp/info for more information about the BankID appapi.
Documentation
¶
Index ¶
Constants ¶
const ( DEBUG = iota INFO WARN ERROR FATAL PANIC )
The definition of log levels
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Connection ¶
type Connection struct {
Version string
// contains filtered or unexported fields
}
Connection holds the connection with the BankID server. The same connection will be reused if multiple calls to 'New' are made.
func New ¶
func New(configFileName string, responseCallBack FOnResponse) (*Connection, error)
New returns a server connection. If a connection allready exists, it will be reused
func (*Connection) CancelRequest ¶
func (sc *Connection) CancelRequest(requestID string)
CancelRequest cancels an ongoing session
func (*Connection) GenerateQRCode ¶
func (sc *Connection) GenerateQRCode(reqID string, size int) ([]byte, error)
GenerateQRCode generates a QR code based on the request ID received through the SendRequest function. The result is an PNG file returned as a byte slice. Note that if an FOnNewQRCode function was passed as argument to the SendRequest function - meaning that animated QR codes are to be used - the GenerateQRCode function will return an empty byte slice and an error
func (*Connection) SendRequest ¶
func (sc *Connection) SendRequest(endUserIP, requestID, textToBeSigned string, requirements *Requirements, onQRCodeFunc FOnNewQRCode) string
SendRequest sends an auth/sign request to the BankID server. If textToBeSigned is provided it is a sign request, otherwise it's an authentication request. Returns a request ID; the same as the requestID parameter if provided, otherwise a generated one
type FOnNewQRCode ¶
FOnNewQRCode is a call back function, used as an argument to SendRequest, that is called every second after the request, providing a new QR code
type FOnResponse ¶
type FOnResponse func(requestID, status, message string)
FOnResponse is the call back function used to return status updates after a auth/sign request has been made Returns: requestID, status, message
type Requirements ¶
type Requirements struct {
PersonalNumber string `json:"-"` // 12 digits
UserNonVisibleData string `json:"-"` // 40.000 bytes/chars
CardReader string `json:"cardReader,omitempty"` //"class1" or "class2"
CertificatePolicies []string `json:"certificatePolicies,omitempty"`
IssuerCN []string `json:"issuerCn,omitempty"`
// AutoStartTokenRequired bool `json:"autoStartTokenRequired,omitempty"`
TokenStartRequired bool `json:"tokenStartRequired,omitempty"`
AllowFingerprint bool `json:"allowFingerprint,omitempty"`
}
Requirements is used when specific requirements for the sign/auth request are needed.
Source Files
Directories