vault

package
v0.0.0-...-3ebf473 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2023 License: Apache-2.0 Imports: 22 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CredRawData 

type CredRawData struct {
	Id      string `json:"id,omitempty"`
	Type    string `json:"type,omitempty"`
	Encoded string `json:"encoded,omitempty"`
}

type CredentialData 

type CredentialData struct {
	Jti                string `json:"jti" yaml:"jti"`
	CredName           string `json:"cred_name"`
	IssuerDID          string `json:"iss"`
	SubjectDID         string `json:"did"`
	Name               string `json:"name"`
	Given_name         string `json:"given_name"`
	Family_name        string `json:"family_name"`
	Preferred_username string `json:"preferred_username"`
	Email              string `json:"email"`
}

type CredentialDecoded 

type CredentialDecoded struct {
	jwt.RegisteredClaims
	Other map[string]any
}

type Signable 

type Signable interface {
	SigningString() (string, error)
	Kid() string
}

type Vault 

type Vault struct {
	Client *ent.Client
}

func Must 

func Must(v *Vault, err error) *Vault

Must is a helper that wraps a call to a function returning (*Vault, error) and panics if the error is non-nil. It is intended for use in program initialization where the starting process has to be aborted in case of error. Usage is like this: 

var issuerVault = vault.Must(vault.New(cfg))

func New 

func New(cfg *yaml.YAML) (v *Vault, err error)

New opens or creates a repository storing users, keys and credentials

func NewFromDBClient 

func NewFromDBClient(entClient *ent.Client) (v *Vault)

NewFromDBClient uses an existing client connection for creating the storage object

func (*Vault) AddKeyToUser 

func (v *Vault) AddKeyToUser(userid string, privKey *jwk.JWK) (*ent.PrivateKey, error)

func (*Vault) CreateAccessToken 

func (v *Vault) CreateAccessToken(credData string, issuerDID string) (json.RawMessage, error)

CreateAccessToken creates a JWT access token from the credential in serialized form, signed with the first private key associated to the issuer DID

func (*Vault) CreateCredentialJWTFromMap 

func (v *Vault) CreateCredentialJWTFromMap(credmap map[string]any) (credID string, rawJSONCred json.RawMessage, err error)

CreateCredentialJWTFromMap receives a map with the hierarchical data of the credential and returns the id of a new credential and the raw JWT string representing the credential

func (*Vault) CreateLegalPersonWithKey 

func (v *Vault) CreateLegalPersonWithKey(issuerDID string, name string, password string) (usr *ent.User, err error)

CreateLegalPersonWithKey creates a user of type "issuer" and an associated private key for signing. For a single tenant issuer installation, it should be enough with a single Issuer. The function expects the IssuerDID (a unique identifier) and the name of the entity.

func (*Vault) CreateNaturalPersonWithKey 

func (v *Vault) CreateNaturalPersonWithKey(id string, name string, password string) (usr *ent.User, err error)

func (*Vault) CreateOrGetCredential 

func (v *Vault) CreateOrGetCredential(credData *CredentialData) (rawJsonCred json.RawMessage, err error)

func (*Vault) CreateUser 

func (v *Vault) CreateUser(userid string, name string, usertype string, password string) (usr *ent.User, err error)

func (*Vault) CreateUserWithKey 

func (v *Vault) CreateUserWithKey(userid string, name string, usertype string, password string) (usr *ent.User, err error)

func (*Vault) CreateUserWithKeyX 

func (v *Vault) CreateUserWithKeyX(userid string, name string, usertype string, password string) (usr *ent.User, err error)

CreateUserWithKeyX is like CreateUserWithKey but panics if there is an error

func (*Vault) CredentialFromJWT 

func (v *Vault) CredentialFromJWT(credSerialized string) (rawJsonCred json.RawMessage, err error)

func (*Vault) GetAllCredentials 

func (v *Vault) GetAllCredentials() (creds []*CredRawData)

func (*Vault) GetDIDForUser 

func (v *Vault) GetDIDForUser(userid string) (string, error)

func (*Vault) NewKeyForUser 

func (v *Vault) NewKeyForUser(userid string) (*ent.PrivateKey, error)

func (*Vault) PrivateKeyByID 

func (v *Vault) PrivateKeyByID(id string) (jwkKey *jwk.JWK, err error)

func (*Vault) PrivateKeysForUser 

func (v *Vault) PrivateKeysForUser(userid string) (keys []*jwk.JWK, err error)

PrivateKeysForUser returns all the private keys belonging to the userid

func (*Vault) PublicKeysForUser 

func (v *Vault) PublicKeysForUser(userid string) (keys []*jwk.JWK, err error)

PublicKeysForUser returns all the public keys belonging to the userid

func (*Vault) SetDIDForUser 

func (v *Vault) SetDIDForUser(userid string, did string) error

func (*Vault) Sign 

func (v *Vault) Sign(object Signable) (signedString string, err error)

Sign signs the JWT using the algorithm and key ID in its header

func (*Vault) SignString 

func (v *Vault) SignString(toBeSigned string, kid string) (signedString string, err error)

SignString signs the string using the key with given ID and using algorithm alg

func (*Vault) SignWithJWK 

func (v *Vault) SignWithJWK(k *jwk.JWK, claims any) (signedString string, err error)

SignWithJWK signs the JWT using the algorithm and key ID in its header

func (*Vault) TestCred 

func (v *Vault) TestCred(credData *CredentialData) (rawJsonCred json.RawMessage, err error)

func (*Vault) UserByID 

func (v *Vault) UserByID(id string) (usr *ent.User, err error)

UserByID returns either a user or nil if not found, in the absence of any other error

func (*Vault) VerifySignature 

func (v *Vault) VerifySignature(signedString string, signature string, alg string, kid string) (err error)

VerifySignature verifies that a signature corresponds to a signed string given a key ID and algorithm

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.