Documentation ¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrMissingNZCPPrefix = errors.New("Missing prefix 'NZCP:/'") ErrMissingNZCPVersion = errors.New("Missing NZCP version") ErrBadNZCPVersion = errors.New("Bad NZCP version") ErrMissingNZCPPayload = errors.New("Missing NZCP payload") ErrBadNZCPPayload = errors.New("Bad NZCP payload") ErrInvalidTokenFormat = errors.New("Invalid token format") ErrInvalidTokenHeader = errors.New("Invalid token header") ErrInvalidTokenBody = errors.New("Invalid token body") )
var ( ErrBadSignature = errors.New("Bad signature") ErrInvalidSigningAlgorithm = errors.New("Invalid signing algorithm") ErrUntrustedIssuer = errors.New("Untrusted issuer") ErrUnknownPublicKey = errors.New("Unknown public key") ErrTokenNotActive = errors.New("Token not yet active") ErrTokenExpired = errors.New("Token has expired") ErrInvalidCTI = errors.New("Invalid CTI") ErrInvalidClaimsContext = errors.New("Claims context is invalid") ErrInvalidClaimsType = errors.New("Claims type is invalid") ErrInvalidTokenVersion = errors.New("Token version is invalid") )
Functions ¶
func ValidateToken ¶
ValidateToken validates token t only accepting the trusted issuers in the official specification. If the token is invalid, a slice of all validation errors is returned. Otherwise, nil is returned.
Types ¶
type CredentialSubject ¶
type Token ¶
type Token struct { KeyID string Algorithm int Issuer string NotBefore time.Time Expires time.Time JTI string VerifiableCredential VerifiableCredential Signature []byte // contains filtered or unexported fields }
func NewToken ¶
NewToken parses an encoded NZCP from the QR code data. If err is nil, the token has been successfully unmarshalled, but it has not been validated. This is so that the data in the QR code can be displayed whether the token is valid or not. Use t.Valid() to validate.
Example ¶
package main import ( "encoding/json" "fmt" "github.com/echojc/nzcpv" ) func main() { q := "NZCP:/1/2KCEVIQEIVVWK6JNGEASNICZAEP2KALYDZSGSZB2O5SWEOTOPJRXALTDN53GSZBRHEXGQZLBNR2GQLTOPICRUYMBTIFAIGTUKBAAUYTWMOSGQQDDN5XHIZLYOSBHQJTIOR2HA4Z2F4XXO53XFZ3TGLTPOJTS6MRQGE4C6Y3SMVSGK3TUNFQWY4ZPOYYXQKTIOR2HA4Z2F4XW46TDOAXGG33WNFSDCOJONBSWC3DUNAXG46RPMNXW45DFPB2HGL3WGFTXMZLSONUW63TFGEXDALRQMR2HS4DFQJ2FMZLSNFTGSYLCNRSUG4TFMRSW45DJMFWG6UDVMJWGSY2DN53GSZCQMFZXG4LDOJSWIZLOORUWC3CTOVRGUZLDOSRWSZ3JOZSW4TTBNVSWISTBMNVWUZTBNVUWY6KOMFWWKZ2TOBQXE4TPO5RWI33CNIYTSNRQFUYDILJRGYDVAYFE6VGU4MCDGK7DHLLYWHVPUS2YIDJOA6Y524TD3AZRM263WTY2BE4DPKIF27WKF3UDNNVSVWRDYIYVJ65IRJJJ6Z25M2DO4YZLBHWFQGVQR5ZLIWEQJOZTS3IQ7JTNCFDX" t, err := nzcpv.NewToken(q) if err != nil { fmt.Println(err) return } // pretty print s, _ := json.MarshalIndent(t, "", " ") fmt.Println(string(s)) }
Output: { "KeyID": "key-1", "Algorithm": -7, "Issuer": "did:web:nzcp.covid19.health.nz", "NotBefore": "2021-11-03T09:05:30+13:00", "Expires": "2031-11-03T09:05:30+13:00", "JTI": "urn:uuid:60a4f54d-4e30-4332-be33-ad78b1eafa4b", "VerifiableCredential": { "Context": [ "https://www.w3.org/2018/credentials/v1", "https://nzcp.covid19.health.nz/contexts/v1" ], "Version": "1.0.0", "Type": [ "VerifiableCredential", "PublicCovidPass" ], "CredentialSubject": { "GivenName": "Jack", "FamilyName": "Sparrow", "DOB": "1960-04-16" } }, "Signature": "0uB7HdcmPYMxZr27TxoJODepBdfsou6Da2sq2iPCMVT7qIpSn2ddZobuYysJ7FgasI9ytFiQS7M5bRD6ZtEUdw==" }
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
Validator is a struct that holds a list of trusted issuers and keys for validating tokens. The zero-value is NOT usable. Use NewValidator() instead.
func NewValidator ¶
func NewValidator() *Validator
NewValidator creates a token validator to which non-trusted issuers and public keys can be added. This is intended for testing purposes only. To ensure compliance to the specification, the default validator should be used instead via the ValidateToken() function.
func (*Validator) RegisterIssuer ¶
RegisterIssuer instructs the validator to treat iss as a valid issuer for NZCPs. This is intended for testing purposes only.
func (*Validator) RegisterPublicKey ¶
RegisterPublicKey instructs the validator to treat id and its associated public key as valid for NZCPs. This is intended for testing purposes only.
func (*Validator) ValidateToken ¶
ValidateToken validates token t according to the configuration of the Validator. If the token is invalid, a slice of all validation errors is returned. Otherwise, nil is returned.
type VerifiableCredential ¶
type VerifiableCredential struct { Context []string `cbor:"@context"` Version string `cbor:"version"` Type []string `cbor:"type"` CredentialSubject CredentialSubject `cbor:"credentialSubject"` }