verifier

package
v0.0.0-...-ed34bc6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2023 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const CACHE_EXPIRY = 60
View Source 
const CACHE_KEY_TEMPLATE = "%s-%s"

Variables

View Source 
var ErrorCannotConverContext = errors.New("cannot_convert_context")
View Source 
var ErrorInvalidVC = errors.New("invalid_vc")
View Source 
var ErrorNoDID = errors.New("no_did_configured")
View Source 
var ErrorNoSuchCode = errors.New("no_such_code")
View Source 
var ErrorNoSuchSession = errors.New("no_such_session")
View Source 
var ErrorNoTIR = errors.New("no_tir_configured")
View Source 
var ErrorRedirectUriMismatch = errors.New("redirect_uri_does_not_match")
View Source 
var ErrorVerficationContextSetup = errors.New("no_valid_verification_context")
View Source 
var ErrorWrongGrantType = errors.New("wrong_grant_type")

Functions

func InitVerifier 

func InitVerifier(verifierConfig *configModel.Verifier, repoConfig *configModel.ConfigRepo, ssiKitClient ssikit.SSIKit) (err error)

* * Initialize the verifier and all its components from the configuration *

Types

type Cache 

type Cache interface {
	Add(k string, x interface{}, d time.Duration) error
	Get(k string) (interface{}, bool)
	Delete(k string)
}

type Clock 

type Clock interface {
	Now() time.Time
}

type CredentialSubject 

type CredentialSubject struct {
	Id          string                 `mapstructure:"id"`
	SubjectType string                 `mapstructure:"type"`
	Claims      map[string]interface{} `mapstructure:",remain"`
}

Subset of the structure of a CredentialSubject inside a Verifiable Credential

type CredentialVerifier 

type CredentialVerifier struct {
	// contains filtered or unexported fields
}

implementation of the verifier, using waltId ssikit and gaia-x compliance issuers registry as a validation backends.

func (*CredentialVerifier) AuthenticationResponse 

func (v *CredentialVerifier) AuthenticationResponse(state string, verifiableCredentials []map[string]interface{}, holder string) (sameDevice SameDeviceResponse, err error)

* * Receive credentials and verify them in the context of an already present login-session. Will return either an error if failed, a sameDevice response to be used for * redirection or notify the original initiator(in case of a cross-device flow) *

func (*CredentialVerifier) GetJWKS 

func (v *CredentialVerifier) GetJWKS() jwk.Set

* * Return the JWKS used by the verifier to allow jwt verification *

func (*CredentialVerifier) GetToken 

func (v *CredentialVerifier) GetToken(grantType string, authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error)

* * Returns an already generated jwt from the cache to properly authorized requests. Every token will only be returend once. *

func (*CredentialVerifier) ReturnLoginQR 

func (v *CredentialVerifier) ReturnLoginQR(host string, protocol string, callback string, sessionId string, clientId string) (qr string, err error)

* * Initializes the cross-device login flow and returns all neccessary information as a qr-code *

func (*CredentialVerifier) StartSameDeviceFlow 

func (v *CredentialVerifier) StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, clientId string) (authenticationRequest string, err error)

* * Starts a same-device siop-flow and returns the required redirection information *

func (*CredentialVerifier) StartSiopFlow 

func (v *CredentialVerifier) StartSiopFlow(host string, protocol string, callback string, sessionId string, clientId string) (connectionString string, err error)

* * Starts a siop-flow and returns the required connection information *

type CredentialsConfig 

type CredentialsConfig interface {
	// should return the list of credentialtypes to be requested via the scope parameter
	GetScope(serviceIdentifier string) (credentialTypes []string, err error)
	// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check its issued by a trusted participant.
	GetTrustedParticipantLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
	// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check that credentials are issued by trusted issuers
	// and that the issuer has permission to issue such claims.
	GetTrustedIssuersLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
}

* * Provides information about credentialTypes associated with services and there trust anchors.

func InitServiceBackedCredentialsConfig 

func InitServiceBackedCredentialsConfig(repoConfig *config.ConfigRepo) (credentialsConfig CredentialsConfig, err error)

type GaiaXRegistryVerificationService 

type GaiaXRegistryVerificationService struct {
	// contains filtered or unexported fields
}

func InitGaiaXRegistryVerificationService 

func InitGaiaXRegistryVerificationService(verifierConfig *configModel.Verifier) GaiaXRegistryVerificationService

func (*GaiaXRegistryVerificationService) VerifyVC 

func (v *GaiaXRegistryVerificationService) VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error)

type MappableVerifiableCredential 

type MappableVerifiableCredential struct {
	Id                string            `mapstructure:"id"`
	Types             []string          `mapstructure:"type"`
	Issuer            string            `mapstructure:"issuer"`
	CredentialSubject CredentialSubject `mapstructure:"credentialSubject"`
}

TODO Issue fix to mapstructure to enable combination of "DecoderConfig.ErrorUnset" and an unmapped/untagged field

type NonceGenerator 

type NonceGenerator interface {
	GenerateNonce() string
}

type PolicyMap 

type PolicyMap map[string]ssikit.Policy

type SameDeviceResponse 

type SameDeviceResponse struct {
	// the redirect target to be informed
	RedirectTarget string
	// code of the siop flow
	Code string
	// session id provided by the client
	SessionId string
}

Response structure for successful same-device authentications

type ServiceBackedCredentialsConfig 

type ServiceBackedCredentialsConfig struct {
	// contains filtered or unexported fields
}

func (ServiceBackedCredentialsConfig) GetScope 

func (cc ServiceBackedCredentialsConfig) GetScope(serviceIdentifier string) (credentialTypes []string, err error)

func (ServiceBackedCredentialsConfig) GetTrustedIssuersLists 

func (cc ServiceBackedCredentialsConfig) GetTrustedIssuersLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error)

func (ServiceBackedCredentialsConfig) GetTrustedParticipantLists 

func (cc ServiceBackedCredentialsConfig) GetTrustedParticipantLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error)

type SsiKitExternalVerificationService 

type SsiKitExternalVerificationService struct {
	// contains filtered or unexported fields
}

* * The SsiKit verifier should concentrate on general verification at the credential level(e.g. check signature, expiry etc.). Even thought a TIR policy could * be configured, its recommended to use the TrustedIssuersRegistryVerifer or TrustedIssuersListVerifier for that purpose.

func InitSsiKitExternalVerificationService 

func InitSsiKitExternalVerificationService(verifierConfig *configModel.Verifier, ssiKitClient ssikit.SSIKit) (verifier SsiKitExternalVerificationService, err error)

func (*SsiKitExternalVerificationService) VerifyVC 

func (v *SsiKitExternalVerificationService) VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error)

type TokenSigner 

type TokenSigner interface {
	Sign(t jwt.Token, alg jwa.SignatureAlgorithm, key interface{}, options ...jwt.SignOption) ([]byte, error)
}

type TrustRegistriesVerificationContext 

type TrustRegistriesVerificationContext struct {
	// contains filtered or unexported fields
}

func (TrustRegistriesVerificationContext) GetTrustedIssuersLists 

func (trvc TrustRegistriesVerificationContext) GetTrustedIssuersLists() []string

func (TrustRegistriesVerificationContext) GetTrustedParticipantLists 

func (trvc TrustRegistriesVerificationContext) GetTrustedParticipantLists() []string

type TrustedIssuerVerificationService 

type TrustedIssuerVerificationService struct {
	// contains filtered or unexported fields
}

* * The trusted participant verification service will validate the entry of a participant within the trusted list.

func (*TrustedIssuerVerificationService) VerifyVC 

func (tpvs *TrustedIssuerVerificationService) VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error)

type TrustedParticipantVerificationService 

type TrustedParticipantVerificationService struct {
	// contains filtered or unexported fields
}

* * The trusted participant verification service will validate the entry of a participant within the trusted list.

func (*TrustedParticipantVerificationService) VerifyVC 

func (tpvs *TrustedParticipantVerificationService) VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error)

type VerifiableCredential 

type VerifiableCredential struct {
	MappableVerifiableCredential
	// contains filtered or unexported fields
}

Subset of the structure of a Verifiable Credential

func MapVerifiableCredential 

func MapVerifiableCredential(raw map[string]interface{}) (VerifiableCredential, error)

func (VerifiableCredential) GetCredentialType 

func (vc VerifiableCredential) GetCredentialType() string

func (VerifiableCredential) GetIssuer 

func (vc VerifiableCredential) GetIssuer() string

func (VerifiableCredential) GetRawData 

func (vc VerifiableCredential) GetRawData() map[string]interface{}

type VerificationContext 

type VerificationContext interface{}

type VerificationService 

type VerificationService interface {
	// Verifies the given VC. FIXME Currently a positiv result is returned even when no policy was checked
	VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error)
}

type Verifier 

type Verifier interface {
	ReturnLoginQR(host string, protocol string, callback string, sessionId string, clientId string) (qr string, err error)
	StartSiopFlow(host string, protocol string, callback string, sessionId string, clientId string) (connectionString string, err error)
	StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, clientId string) (authenticationRequest string, err error)
	GetToken(grantType string, authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error)
	GetJWKS() jwk.Set
	AuthenticationResponse(state string, verifiableCredentials []map[string]interface{}, holder string) (sameDevice SameDeviceResponse, err error)
}

verifier interface

func GetVerifier 

func GetVerifier() Verifier

* * Global singelton access to the verifier *

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.