irmago: github.com/privacybydesign/irmago Index | Files | Directories

package irma

import "github.com/privacybydesign/irmago"

Package irma contains generic IRMA strucs and logic of use to all IRMA participants. It parses irma_configuration folders to scheme managers, issuers, credential types and public keys; it contains various messages from the IRMA protocol; it parses IRMA metadata attributes; and it contains attribute and credential verification logic.

Index

Package Files

attributes.go credinfo.go descriptions.go identifiers.go irma_signature.go irmaconfig.go keyring.go legacy.go messages.go requests.go revocation.go revocation_db.go schemes.go timestamp.go transport.go verify.go version.go

Constants

const (
    MinVersionHeader = "X-IRMA-MinProtocolVersion"
    MaxVersionHeader = "X-IRMA-MaxProtocolVersion"
)
const (
    StatusConnected     = Status("connected")
    StatusCommunicating = Status("communicating")
    StatusManualStarted = Status("manualStarted")
)

Statuses

const (
    ActionDisclosing = Action("disclosing")
    ActionSigning    = Action("signing")
    ActionIssuing    = Action("issuing")
    ActionRedirect   = Action("redirect")
    ActionRevoking   = Action("revoking")
    ActionUnknown    = Action("unknown")
)

Actions

const (
    // Protocol version not supported
    ErrorProtocolVersionNotSupported = ErrorType("protocolVersionNotSupported")
    // Error in HTTP communication
    ErrorTransport = ErrorType("transport")
    // HTTPS required
    ErrorHTTPS = ErrorType("https")
    // Invalid client JWT in first IRMA message
    ErrorInvalidJWT = ErrorType("invalidJwt")
    // Unkown session type (not disclosing, signing, or issuing)
    ErrorUnknownAction = ErrorType("unknownAction")
    // Crypto error during calculation of our response (second IRMA message)
    ErrorCrypto = ErrorType("crypto")
    // Error involving revocation or nonrevocation proofs
    ErrorRevocation = ErrorType("revocation")
    // Server rejected our response (second IRMA message)
    ErrorRejected = ErrorType("rejected")
    // (De)serializing of a message failed
    ErrorSerialization = ErrorType("serialization")
    // Error in keyshare protocol
    ErrorKeyshare = ErrorType("keyshare")
    // The user is not enrolled at one of the keyshare servers needed for the request
    ErrorKeyshareUnenrolled = ErrorType("keyshareUnenrolled")
    // API server error
    ErrorApi = ErrorType("api")
    // Server returned unexpected or malformed response
    ErrorServerResponse = ErrorType("serverResponse")
    // Credential type not present in our Configuration
    ErrorUnknownIdentifier = ErrorType("unknownIdentifier")
    // Non-optional attribute not present in credential
    ErrorRequiredAttributeMissing = ErrorType("requiredAttributeMissing")
    // Error during downloading of credential type, issuer, or public keys
    ErrorConfigurationDownload = ErrorType("configurationDownload")
    // IRMA requests refers to unknown scheme manager
    ErrorUnknownSchemeManager = ErrorType("unknownSchemeManager")
    // A session is requested involving a scheme manager that has some problem
    ErrorInvalidSchemeManager = ErrorType("invalidSchemeManager")
    // Invalid session request
    ErrorInvalidRequest = ErrorType("invalidRequest")
    // Recovered panic
    ErrorPanic = ErrorType("panic")
)

Protocol errors

const (
    LDContextDisclosureRequest = "https://irma.app/ld/request/disclosure/v2"
    LDContextSignatureRequest  = "https://irma.app/ld/request/signature/v2"
    LDContextIssuanceRequest   = "https://irma.app/ld/request/issuance/v2"
    LDContextRevocationRequest = "https://irma.app/ld/request/revocation/v1"
)
const (
    SchemeManagerStatusValid               = SchemeManagerStatus("Valid")
    SchemeManagerStatusUnprocessed         = SchemeManagerStatus("Unprocessed")
    SchemeManagerStatusInvalidIndex        = SchemeManagerStatus("InvalidIndex")
    SchemeManagerStatusInvalidSignature    = SchemeManagerStatus("InvalidSignature")
    SchemeManagerStatusParsingError        = SchemeManagerStatus("ParsingError")
    SchemeManagerStatusContentParsingError = SchemeManagerStatus("ContentParsingError")

    SchemeTypeIssuer    = SchemeType("issuer")
    SchemeTypeRequestor = SchemeType("requestor")
)
const (
    ProofStatusValid             = ProofStatus("VALID")              // Proof is valid
    ProofStatusInvalid           = ProofStatus("INVALID")            // Proof is invalid
    ProofStatusInvalidTimestamp  = ProofStatus("INVALID_TIMESTAMP")  // Attribute-based signature had invalid timestamp
    ProofStatusUnmatchedRequest  = ProofStatus("UNMATCHED_REQUEST")  // Proof does not correspond to a specified request
    ProofStatusMissingAttributes = ProofStatus("MISSING_ATTRIBUTES") // Proof does not contain all requested attributes
    ProofStatusExpired           = ProofStatus("EXPIRED")            // Attributes were expired at proof creation time (now, or according to timestamp in case of abs)

    AttributeProofStatusPresent = AttributeProofStatus("PRESENT") // Attribute is disclosed and matches the value
    AttributeProofStatusExtra   = AttributeProofStatus("EXTRA")   // Attribute is disclosed, but wasn't requested in request
    AttributeProofStatusNull    = AttributeProofStatus("NULL")    // Attribute is disclosed but is null
)
const (
    // ExpiryFactor is the precision for the expiry attribute. Value is one week.
    ExpiryFactor = 60 * 60 * 24 * 7
)
const LDContextSignedMessage = "https://irma.app/ld/signature/v2"
const Version = "0.5.0"

Version of the IRMA command line and libraries

Variables

var (
    ErrRevocationStateNotFound = errors.New("revocation state not found")
    ErrUnknownRevocationKey    = errors.New("unknown revocationKey")
    ErrorUnknownCredentialType = errors.New("unknown credential type")
)
var DefaultSchemes = [2]SchemePointer{
    {
        URL:       "https://privacybydesign.foundation/schememanager/irma-demo",
        Publickey: []byte("" /* 179 byte string literal not displayed */),
    },
    {
        URL:       "https://privacybydesign.foundation/schememanager/pbdf",
        Publickey: []byte("" /* 179 byte string literal not displayed */),
    },
}
var (
    ErrMissingPrivateKey = fmt.Errorf("issuer private key not found: %w", os.ErrNotExist)
)
var ErrMissingPublicKey = errors.New("Missing public key")
var HTTPHeaders = map[string]http.Header{}
var Logger *logrus.Logger

Logger is used for logging. If not set, init() will initialize it to logrus.StandardLogger().

var RevocationParameters = struct {
    // DefaultUpdateEventCount specifies how many revocation events are attached to session requests
    // for the client to update its revocation state.
    DefaultUpdateEventCount uint64

    // RequestorUpdateInterval is the time period in minutes for requestor servers
    // updating their revocation state at th RA.
    RequestorUpdateInterval uint64

    // DefaultTolerance is the default tolerance in seconds: nonrevocation should be proved
    // by clients up to maximally this amount of seconds ago at verification time. If not, the
    // server will report the time up until nonrevocation of the attribute is guaranteed to the requestor.
    DefaultTolerance uint64

    // If server mode is enabled for a credential type, then once every so many seconds
    // the timestamp in each accumulator is updated to now.
    AccumulatorUpdateInterval uint64

    // DELETE issuance records of expired credential every so many minutes
    DeleteIssuanceRecordsInterval uint64

    // ClientUpdateInterval is the time interval with which the irmaclient periodically
    // retrieves a revocation update from the RA and updates its revocation state with a small but
    // increasing probability.
    ClientUpdateInterval uint64

    // ClientDefaultUpdateSpeed is the amount of time in hours after which it becomes very likely
    // that the app will update its witness, quickly after it has been opened.
    ClientDefaultUpdateSpeed uint64

    // ClientUpdateTimeout is the amount of time in milliseconds that the irmaclient waits
    // for nonrevocation witness updating to complete, before it continues with the session even
    // if updating is not yet done (in which case the candidate set computed by the client
    // may contain credentials that were revoked by one of the requestor's update messages).
    ClientUpdateTimeout uint64

    // Cache-control: max-age HTTP return header (in seconds)
    EventsCacheMaxAge uint64

    UpdateMinCount      uint64
    UpdateMaxCount      uint64
    UpdateMinCountPower int
    UpdateMaxCountPower int
}{
    RequestorUpdateInterval:       10,
    DefaultTolerance:              10 * 60,
    AccumulatorUpdateInterval:     60,
    DeleteIssuanceRecordsInterval: 5 * 60,
    ClientUpdateInterval:          10,
    ClientDefaultUpdateSpeed:      7 * 24,
    ClientUpdateTimeout:           1000,
    UpdateMinCountPower:           4,
    UpdateMaxCountPower:           9,
    EventsCacheMaxAge:             60 * 60,
}

RevocationParameters contains global revocation constants and default values.

func ASN1ConvertSignatureNonce Uses

func ASN1ConvertSignatureNonce(message string, nonce *big.Int, timestamp *atum.Timestamp) *big.Int

ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature:

nonce = SHA256(serverNonce, SHA256(message), timestampSignature)

where serverNonce is the nonce sent by the signature requestor.

func DefaultDataPath Uses

func DefaultDataPath() string

DefaultDataPath returns the default storage path for IRMA, using XDG Base Directory Specification https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html:

- %LOCALAPPDATA% (i.e. C:\Users\$user\AppData\Local) if on Windows,
- $XDG_DATA_HOME if set, otherwise $HOME/.local/share
- $XDG_DATA_DIRS if set, otherwise /usr/local/share/ and /usr/share/
- then the OSes temp dir (os.TempDir()),

returning the first of these that exists or can be created.

func DefaultSchemesPath Uses

func DefaultSchemesPath() string

DefaultSchemesPath returns the default storage path for irma_configuration, namely DefaultDataPath + "/irma_configuration"

func FloorToEpochBoundary Uses

func FloorToEpochBoundary(t time.Time) time.Time

FloorToEpochBoundary returns the greatest time not greater than the argument that falls on the boundary of an epoch for attribute validity or expiry, of which the value is defined by ExpiryFactor (one week).

func GetMetadataVersion Uses

func GetMetadataVersion(v *ProtocolVersion) byte

GetMetadataVersion maps a chosen protocol version to a metadata version that the server will use.

func GetTimestamp Uses

func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf *Configuration) (*atum.Timestamp, error)

GetTimestamp GETs a signed timestamp (a signature over the current time and the parameters) over the message to be signed, the randomized signatures over the attributes, and the disclosed attributes, for in attribute-based signature sessions.

func MarshalBinary Uses

func MarshalBinary(message interface{}) ([]byte, error)

func ParseApiServerJwt Uses

func ParseApiServerJwt(inputJwt string, signingKey *rsa.PublicKey) (map[AttributeTypeIdentifier]*DisclosedAttribute, error)

ParseApiServerJwt verifies and parses a JWT as returned by an irma_api_server after a disclosure request into a key-value pair.

func SetLogger Uses

func SetLogger(logger *logrus.Logger)

func SignRequestorRequest Uses

func SignRequestorRequest(request RequestorRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)

func SignSessionRequest Uses

func SignSessionRequest(request SessionRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)

func TimestampRequest Uses

func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, conf *Configuration) (
    []byte, string, error)

TimestampRequest computes the nonce to be signed by a timestamp server, given a message to be signed in an attribute-based signature session along with the randomized signatures over the attributes and the disclosed attributes. The url of the timestamp server that should be used to validate the request is returned as the second return value.

func UnmarshalBinary Uses

func UnmarshalBinary(data []byte, dst interface{}) error

func UnmarshalValidate Uses

func UnmarshalValidate(data []byte, dest interface{}) error

UnmarshalValidate json.Unmarshal's data, and validates it using the Validate() method if dest implements the Validator interface.

func UnmarshalValidateBinary Uses

func UnmarshalValidateBinary(data []byte, dest interface{}) error

type AccumulatorRecord Uses

type AccumulatorRecord struct {
    CredType  CredentialTypeIdentifier `gorm:"primary_key"`
    Data      signedMessage
    PKCounter *uint `gorm:"primary_key;auto_increment:false"`
}

Structs corresponding to SQL table rows, ending in Record

func (*AccumulatorRecord) Convert Uses

func (a *AccumulatorRecord) Convert(id CredentialTypeIdentifier, sacc *revocation.SignedAccumulator) *AccumulatorRecord

func (*AccumulatorRecord) SignedAccumulator Uses

func (a *AccumulatorRecord) SignedAccumulator() *revocation.SignedAccumulator

type Action Uses

type Action string

Action encodes the session type of an IRMA session (e.g., disclosing).

type AttributeCon Uses

type AttributeCon []AttributeRequest

An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.

func (AttributeCon) CredentialTypes Uses

func (c AttributeCon) CredentialTypes() []CredentialTypeIdentifier

CredentialTypes returns an array of all credential types occuring in this conjunction.

func (AttributeCon) Satisfy Uses

func (c AttributeCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, revocation map[int]*time.Time, conf *Configuration) (bool, []*DisclosedAttribute, error)

Satisfy returns if each of the attributes specified by proofs and indices satisfies each of the contained AttributeRequests's. If so it also returns a list of the disclosed attribute values.

func (AttributeCon) Validate Uses

func (c AttributeCon) Validate() error

type AttributeConDisCon Uses

type AttributeConDisCon []AttributeDisCon

AttributeConDisCon is only satisfied if all of the containing AttributeDisCon are satisfied.

func (AttributeConDisCon) Iterate Uses

func (cdc AttributeConDisCon) Iterate(f func(attr *AttributeRequest) error) error

func (AttributeConDisCon) Satisfy Uses

func (cdc AttributeConDisCon) Satisfy(disclosure *Disclosure, revocation map[int]*time.Time, conf *Configuration) (bool, [][]*DisclosedAttribute, error)

Satisfy returns true if each of the contained AttributeDisCon is satisfied by the specified disclosure. If so it also returns the disclosed attributes.

func (AttributeConDisCon) Validate Uses

func (cdc AttributeConDisCon) Validate(conf *Configuration) error

type AttributeDisCon Uses

type AttributeDisCon []AttributeCon

An AttributeDisCon is satisfied if at least one of its containing AttributeCon is satisfied.

func (AttributeDisCon) Satisfy Uses

func (dc AttributeDisCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, revocation map[int]*time.Time, conf *Configuration) (bool, []*DisclosedAttribute, error)

Satisfy returns true if the attributes specified by proofs and indices satisfies any one of the contained AttributeCon's. If so it also returns a list of the disclosed attribute values.

func (AttributeDisCon) Validate Uses

func (dc AttributeDisCon) Validate() error

type AttributeIdentifier Uses

type AttributeIdentifier struct {
    Type           AttributeTypeIdentifier
    CredentialHash string
}

AttributeIdentifier identifies an attribute instance.

func (*AttributeIdentifier) CredentialIdentifier Uses

func (ai *AttributeIdentifier) CredentialIdentifier() CredentialIdentifier

CredentialIdentifier returns the credential identifier of this attribute.

type AttributeList Uses

type AttributeList struct {
    *MetadataAttribute  `json:"-"`
    Ints                []*big.Int
    Revoked             bool `json:",omitempty"`
    RevocationSupported bool `json:",omitempty"`
    // contains filtered or unexported fields
}

AttributeList contains attributes, excluding the secret key, providing convenient access to the metadata attribute.

func NewAttributeListFromInts Uses

func NewAttributeListFromInts(ints []*big.Int, conf *Configuration) *AttributeList

NewAttributeListFromInts initializes a new AttributeList from a list of bigints.

func (*AttributeList) Attribute Uses

func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) TranslatedString

Attribute returns the content of the specified attribute, or nil if not present in this attribute list.

func (*AttributeList) CredentialInfo Uses

func (attrs *AttributeList) CredentialInfo() *CredentialInfo

func (*AttributeList) EqualsExceptMetadata Uses

func (al *AttributeList) EqualsExceptMetadata(ol *AttributeList) bool

EqualsExceptMetadata checks whether two AttributeLists have the same attribute values. The attribute containing the metadata information is skipped in this check.

func (*AttributeList) Hash Uses

func (al *AttributeList) Hash() string

func (*AttributeList) Info Uses

func (al *AttributeList) Info() *CredentialInfo

func (*AttributeList) Map Uses

func (al *AttributeList) Map() map[AttributeTypeIdentifier]TranslatedString

func (*AttributeList) Strings Uses

func (al *AttributeList) Strings() []TranslatedString

Strings converts the current instance to human-readable strings.

func (*AttributeList) UntranslatedAttribute Uses

func (al *AttributeList) UntranslatedAttribute(identifier AttributeTypeIdentifier) *string

UntranslatedAttribute decodes the bigint corresponding to the specified attribute.

type AttributeProofStatus Uses

type AttributeProofStatus string

Status is the proof status of a single attribute

type AttributeRequest Uses

type AttributeRequest struct {
    Type    AttributeTypeIdentifier `json:"type"`
    Value   *string                 `json:"value,omitempty"`
    NotNull bool                    `json:"notNull,omitempty"`
}

An AttributeRequest asks for an instance of an attribute type, possibly requiring it to have a specified value, in a session request.

func NewAttributeRequest Uses

func NewAttributeRequest(attr string) AttributeRequest

NewAttributeRequest requests the specified attribute.

func (*AttributeRequest) MarshalJSON Uses

func (ar *AttributeRequest) MarshalJSON() ([]byte, error)

func (*AttributeRequest) Satisfy Uses

func (ar *AttributeRequest) Satisfy(attr AttributeTypeIdentifier, val *string) bool

Satisfy indicates whether the given attribute type and value satisfies this AttributeRequest.

func (*AttributeRequest) UnmarshalJSON Uses

func (ar *AttributeRequest) UnmarshalJSON(bts []byte) error

type AttributeType Uses

type AttributeType struct {
    ID          string `xml:"id,attr"`
    Optional    string `xml:"optional,attr"  json:",omitempty"`
    Name        TranslatedString
    Description TranslatedString

    Index        int    `xml:"-"`
    DisplayIndex *int   `xml:"displayIndex,attr" json:",omitempty"`
    DisplayHint  string `xml:"displayHint,attr"  json:",omitempty"`

    RevocationAttribute bool `xml:"revocation,attr" json:",omitempty"`

    // Taken from containing CredentialType
    CredentialTypeID string `xml:"-"`
    IssuerID         string `xml:"-"`
    SchemeManagerID  string `xml:"-"`
}

AttributeType is a description of an attribute within a credential type.

func (AttributeType) GetAttributeTypeIdentifier Uses

func (ad AttributeType) GetAttributeTypeIdentifier() AttributeTypeIdentifier

func (AttributeType) IsOptional Uses

func (ad AttributeType) IsOptional() bool

type AttributeTypeIdentifier Uses

type AttributeTypeIdentifier struct {
    // contains filtered or unexported fields
}

AttributeTypeIdentifier identifies an attribute. For example "irma-demo.RU.studentCard.studentID".

func NewAttributeTypeIdentifier Uses

func NewAttributeTypeIdentifier(id string) AttributeTypeIdentifier

NewAttributeTypeIdentifier converts the specified identifier to a AttributeTypeIdentifier.

func (AttributeTypeIdentifier) CredentialTypeIdentifier Uses

func (id AttributeTypeIdentifier) CredentialTypeIdentifier() CredentialTypeIdentifier

CredentialTypeIdentifier returns the CredentialTypeIdentifier of the attribute identifier.

func (AttributeTypeIdentifier) Empty Uses

func (oi AttributeTypeIdentifier) Empty() bool

func (AttributeTypeIdentifier) GormDataType Uses

func (AttributeTypeIdentifier) GormDataType(dialect gorm.Dialect) string

func (AttributeTypeIdentifier) IsCredential Uses

func (id AttributeTypeIdentifier) IsCredential() bool

IsCredential returns true if this attribute refers to its containing credential (i.e., it consists of only 3 parts).

func (AttributeTypeIdentifier) MarshalCBOR Uses

func (oi AttributeTypeIdentifier) MarshalCBOR() (data []byte, err error)

func (AttributeTypeIdentifier) MarshalText Uses

func (id AttributeTypeIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (AttributeTypeIdentifier) Name Uses

func (oi AttributeTypeIdentifier) Name() string

Name returns the last part of this identifier.

func (AttributeTypeIdentifier) Parent Uses

func (oi AttributeTypeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (AttributeTypeIdentifier) Root Uses

func (oi AttributeTypeIdentifier) Root() string

func (*AttributeTypeIdentifier) Scan Uses

func (oi *AttributeTypeIdentifier) Scan(src interface{}) error

func (AttributeTypeIdentifier) String Uses

func (oi AttributeTypeIdentifier) String() string

String returns this identifier as a string.

func (*AttributeTypeIdentifier) UnmarshalCBOR Uses

func (oi *AttributeTypeIdentifier) UnmarshalCBOR(data []byte) error

func (*AttributeTypeIdentifier) UnmarshalText Uses

func (id *AttributeTypeIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (AttributeTypeIdentifier) Value Uses

func (oi AttributeTypeIdentifier) Value() (driver.Value, error)

type BaseRequest Uses

type BaseRequest struct {
    LDContext string `json:"@context,omitempty"`

    // Set by the IRMA server during the session
    Context         *big.Int         `json:"context,omitempty"`
    Nonce           *big.Int         `json:"nonce,omitempty"`
    ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"`

    // Revocation is set by the requestor to indicate that it requires nonrevocation proofs for the
    // specified credential types.
    Revocation NonRevocationParameters `json:"revocation,omitempty"`

    Type            Action `json:"type,omitempty"` // Session type, only used in legacy code
    DevelopmentMode bool   `json:"devMode,omitempty"`

    ClientReturnURL string `json:"clientReturnUrl,omitempty"` // URL to proceed to when IRMA session is completed
    // contains filtered or unexported fields
}

BaseRequest contains information used by all IRMA session types, such the context and nonce, and revocation information.

func (*BaseRequest) GetContext Uses

func (b *BaseRequest) GetContext() *big.Int

func (*BaseRequest) GetNonce Uses

func (b *BaseRequest) GetNonce(*atum.Timestamp) *big.Int

func (*BaseRequest) Legacy Uses

func (b *BaseRequest) Legacy() bool

func (*BaseRequest) RequestsRevocation Uses

func (b *BaseRequest) RequestsRevocation(id CredentialTypeIdentifier) bool

RequestsRevocation indicates whether or not the requestor requires a nonrevocation proof for the given credential type; that is, whether or not it included revocation update messages.

func (*BaseRequest) RevocationSupported Uses

func (b *BaseRequest) RevocationSupported() bool

func (*BaseRequest) Validate Uses

func (b *BaseRequest) Validate(conf *Configuration) error

type Configuration Uses

type Configuration struct {
    SchemeManagers  map[SchemeManagerIdentifier]*SchemeManager
    Issuers         map[IssuerIdentifier]*Issuer
    CredentialTypes map[CredentialTypeIdentifier]*CredentialType
    AttributeTypes  map[AttributeTypeIdentifier]*AttributeType

    // RequestorScheme data of the currently loaded requestorscheme
    RequestorSchemes map[RequestorSchemeIdentifier]*RequestorScheme
    Requestors       map[string]*RequestorInfo

    // DisabledRequestorSchemes keeps track of any error of the requestorscheme if it
    // did not parse successfully
    DisabledRequestorSchemes map[RequestorSchemeIdentifier]*SchemeManagerError
    // DisabledSchemeManagers keeps track of schemes that did not parse  succesfully
    // (i.e., invalid signature, parsing error), and the problem that occurred when parsing them
    DisabledSchemeManagers map[SchemeManagerIdentifier]*SchemeManagerError

    // Path to the irma_configuration folder that this instance represents
    Path        string
    PrivateKeys PrivateKeyRing
    Revocation  *RevocationStorage `json:"-"`
    Scheduler   *gocron.Scheduler
    Warnings    []string `json:"-"`

    // Path to temp directory if different than default (needed on android)
    TempPath string
    // contains filtered or unexported fields
}

Configuration keeps track of schemes, issuers, credential types and public keys, dezerializing them from an irma_configuration folder, and downloads and saves new ones on demand.

func NewConfiguration Uses

func NewConfiguration(path string, opts ConfigurationOptions) (conf *Configuration, err error)

NewConfiguration returns a new configuration. After this ParseFolder() should be called to parse the specified path.

func (*Configuration) AddPrivateKeyRing Uses

func (conf *Configuration) AddPrivateKeyRing(ring PrivateKeyRing) error

func (*Configuration) AutoUpdateSchemes Uses

func (conf *Configuration) AutoUpdateSchemes(interval uint)

func (*Configuration) ContainsAttributeType Uses

func (conf *Configuration) ContainsAttributeType(attr AttributeTypeIdentifier) bool

func (*Configuration) ContainsCredentialType Uses

func (conf *Configuration) ContainsCredentialType(cred CredentialTypeIdentifier) bool

ContainsCredentialType checks if the configuration contains the specified credential type.

func (*Configuration) DangerousTOFUInstallScheme Uses

func (conf *Configuration) DangerousTOFUInstallScheme(url string) error

DangerousTOFUInstallScheme downloads and adds the specified scheme to this Configuration, downloading and trusting its public key from the scheme's remote URL.

func (*Configuration) Download Uses

func (conf *Configuration) Download(session SessionRequest) (downloaded *IrmaIdentifierSet, err error)

Download downloads the issuers, credential types and public keys specified in set if the current Configuration does not already have them, and checks their authenticity using the scheme index.

func (*Configuration) DownloadDefaultSchemes Uses

func (conf *Configuration) DownloadDefaultSchemes() error

func (*Configuration) InstallScheme Uses

func (conf *Configuration) InstallScheme(url string, publickey []byte) error

InstallSchemeManager downloads and adds the specified scheme to this Configuration, provided its signature is valid against the specified key.

func (*Configuration) IsInitialized Uses

func (conf *Configuration) IsInitialized() bool

IsInitialized indicates whether this instance has successfully been initialized.

func (*Configuration) KeyshareServerKeyFunc Uses

func (conf *Configuration) KeyshareServerKeyFunc(scheme SchemeManagerIdentifier) func(t *jwt.Token) (interface{}, error)

KeyshareServerKeyFunc returns a function that returns the public key with which to verify a keyshare server JWT, suitable for passing to jwt.Parse() and jwt.ParseWithClaims().

func (*Configuration) KeyshareServerPublicKey Uses

func (conf *Configuration) KeyshareServerPublicKey(schemeid SchemeManagerIdentifier, i int) (*rsa.PublicKey, error)

KeyshareServerPublicKey returns the i'th public key of the specified scheme.

func (*Configuration) ParseFolder Uses

func (conf *Configuration) ParseFolder() (err error)

ParseFolder populates the current Configuration by parsing the storage path, listing the containing schemes, issuers and credential types.

func (*Configuration) ParseOrRestoreFolder Uses

func (conf *Configuration) ParseOrRestoreFolder() (rerr error)

ParseOrRestoreFolder parses the irma_configuration folder, and when possible attempts to restore any broken schemes from their remote. Any error encountered during parsing is considered recoverable only if it is of type *SchemeManagerError; In this case the scheme in which it occured is downloaded from its remote and re-parsed. If any other error is encountered at any time, it is returned immediately. If no error is returned, parsing and possibly restoring has been succesfull, and there should be no disabled schemes.

func (*Configuration) ParseSchemeFolder Uses

func (conf *Configuration) ParseSchemeFolder(dir string) (scheme Scheme, serr error)

func (*Configuration) PublicKey Uses

func (conf *Configuration) PublicKey(id IssuerIdentifier, counter uint) (*gabi.PublicKey, error)

PublicKey returns the specified public key, or nil if not present in the Configuration.

func (*Configuration) PublicKeyIndices Uses

func (conf *Configuration) PublicKeyIndices(issuerid IssuerIdentifier) (i []uint, err error)

func (*Configuration) PublicKeyLatest Uses

func (conf *Configuration) PublicKeyLatest(id IssuerIdentifier) (*gabi.PublicKey, error)

PublicKeyLatest returns the latest private key of the specified issuer.

func (*Configuration) UpdateScheme Uses

func (conf *Configuration) UpdateScheme(scheme Scheme, downloaded *IrmaIdentifierSet) error

UpdateScheme syncs the stored version within the irma_configuration directory with the remote version at the scheme's URL, downloading and storing new and modified files, according to the index files of both versions. It stores the identifiers of new or updated entities in the second parameter.

func (*Configuration) UpdateSchemes Uses

func (conf *Configuration) UpdateSchemes() error

func (*Configuration) ValidateKeys Uses

func (conf *Configuration) ValidateKeys() error

type ConfigurationOptions Uses

type ConfigurationOptions struct {
    Assets              string
    TempPath            string
    ReadOnly            bool
    IgnorePrivateKeys   bool
    RevocationDBConnStr string
    RevocationDBType    string
    RevocationSettings  RevocationSettings
}

type CredentialIdentifier Uses

type CredentialIdentifier struct {
    Type CredentialTypeIdentifier
    Hash string
}

CredentialIdentifier identifies a credential instance.

type CredentialInfo Uses

type CredentialInfo struct {
    ID                  string                                       // e.g., "studentCard"
    IssuerID            string                                       // e.g., "RU"
    SchemeManagerID     string                                       // e.g., "irma-demo"
    SignedOn            Timestamp                                    // Unix timestamp
    Expires             Timestamp                                    // Unix timestamp
    Attributes          map[AttributeTypeIdentifier]TranslatedString // Human-readable rendered attributes
    Hash                string                                       // SHA256 hash over the attributes
    Revoked             bool                                         // If the credential has been revoked
    RevocationSupported bool                                         // If the credential supports creating nonrevocation proofs
}

CredentialInfo contains all information of an IRMA credential.

func (CredentialInfo) GetCredentialType Uses

func (ci CredentialInfo) GetCredentialType(conf *Configuration) *CredentialType

func (CredentialInfo) IsExpired Uses

func (ci CredentialInfo) IsExpired() bool

Returns true if credential is expired at moment of calling this function

type CredentialInfoList Uses

type CredentialInfoList []*CredentialInfo

A CredentialInfoList is a list of credentials (implements sort.Interface).

func (CredentialInfoList) Len Uses

func (cl CredentialInfoList) Len() int

Len implements sort.Interface.

func (CredentialInfoList) Less Uses

func (cl CredentialInfoList) Less(i, j int) bool

Less implements sort.Interface.

func (CredentialInfoList) Swap Uses

func (cl CredentialInfoList) Swap(i, j int)

Swap implements sort.Interface.

type CredentialRequest Uses

type CredentialRequest struct {
    Validity            *Timestamp               `json:"validity,omitempty"`
    KeyCounter          uint                     `json:"keyCounter,omitempty"`
    CredentialTypeID    CredentialTypeIdentifier `json:"credential"`
    Attributes          map[string]string        `json:"attributes"`
    RevocationKey       string                   `json:"revocationKey,omitempty"`
    RevocationSupported bool                     `json:"revocationSupported,omitempty"`
}

A CredentialRequest contains the attributes and metadata of a credential that will be issued in an IssuanceRequest.

func (*CredentialRequest) AttributeList Uses

func (cr *CredentialRequest) AttributeList(
    conf *Configuration,
    metadataVersion byte,
    revocationAttr *big.Int,
    issuedAt time.Time,
) (*AttributeList, error)

AttributeList returns the list of attributes from this credential request.

func (*CredentialRequest) Info Uses

func (cr *CredentialRequest) Info(conf *Configuration, metadataVersion byte, issuedAt time.Time) (*CredentialInfo, error)

func (*CredentialRequest) Validate Uses

func (cr *CredentialRequest) Validate(conf *Configuration) error

Validate checks that this credential request is consistent with the specified Configuration: the credential type is known, all required attributes are present and no unknown attributes are given.

type CredentialType Uses

type CredentialType struct {
    ID                    string           `xml:"CredentialID"`
    Name                  TranslatedString `xml:"Name"`
    ShortName             TranslatedString `xml:"ShortName"`
    IssuerID              string           `xml:"IssuerID"`
    SchemeManagerID       string           `xml:"SchemeManager"`
    IsSingleton           bool             `xml:"ShouldBeSingleton"`
    DisallowDelete        bool             `xml:"DisallowDelete"`
    Description           TranslatedString
    AttributeTypes        []*AttributeType `xml:"Attributes>Attribute" json:"-"`
    RevocationServers     []string         `xml:"RevocationServers>RevocationServer"`
    RevocationUpdateCount uint64
    RevocationUpdateSpeed uint64
    RevocationIndex       int      `xml:"-"`
    XMLVersion            int      `xml:"version,attr"`
    XMLName               xml.Name `xml:"IssueSpecification"`

    IssueURL     TranslatedString `xml:"IssueURL"`
    IsULIssueURL bool             `xml:"IsULIssueURL"`

    DeprecatedSince Timestamp

    ForegroundColor         string
    BackgroundGradientStart string
    BackgroundGradientEnd   string

    IsInCredentialStore bool
    Category            TranslatedString
    FAQIntro            TranslatedString
    FAQPurpose          TranslatedString
    FAQContent          TranslatedString
    FAQHowto            TranslatedString
}

CredentialType is a description of a credential type, specifying (a.o.) its name, issuer, and attributes.

func (CredentialType) AttributeType Uses

func (ct CredentialType) AttributeType(ai AttributeTypeIdentifier) *AttributeType

func (*CredentialType) ContainsAttribute Uses

func (ct *CredentialType) ContainsAttribute(ai AttributeTypeIdentifier) bool

ContainsAttribute tests whether the specified attribute is contained in this credentialtype.

func (*CredentialType) Identifier Uses

func (ct *CredentialType) Identifier() CredentialTypeIdentifier

Identifier returns the identifier of the specified credential type.

func (CredentialType) IndexOf Uses

func (ct CredentialType) IndexOf(ai AttributeTypeIdentifier) (int, error)

IndexOf returns the index of the specified attribute if present, or an error (and -1) if not present.

func (*CredentialType) IssuerIdentifier Uses

func (ct *CredentialType) IssuerIdentifier() IssuerIdentifier

IssuerIdentifier returns the issuer identifier of the specified credential type.

func (ct *CredentialType) Logo(conf *Configuration) string

func (*CredentialType) RevocationSupported Uses

func (ct *CredentialType) RevocationSupported() bool

func (*CredentialType) SchemeManagerIdentifier Uses

func (ct *CredentialType) SchemeManagerIdentifier() SchemeManagerIdentifier

type CredentialTypeIdentifier Uses

type CredentialTypeIdentifier struct {
    // contains filtered or unexported fields
}

CredentialTypeIdentifier identifies a credentialtype. For example "irma-demo.RU.studentCard".

func NewCredentialTypeIdentifier Uses

func NewCredentialTypeIdentifier(id string) CredentialTypeIdentifier

NewCredentialTypeIdentifier converts the specified identifier to a CredentialTypeIdentifier.

func (CredentialTypeIdentifier) Empty Uses

func (oi CredentialTypeIdentifier) Empty() bool

func (CredentialTypeIdentifier) GormDataType Uses

func (CredentialTypeIdentifier) GormDataType(dialect gorm.Dialect) string

func (CredentialTypeIdentifier) IssuerIdentifier Uses

func (id CredentialTypeIdentifier) IssuerIdentifier() IssuerIdentifier

IssuerIdentifier returns the IssuerIdentifier of the credential identifier.

func (CredentialTypeIdentifier) MarshalCBOR Uses

func (oi CredentialTypeIdentifier) MarshalCBOR() (data []byte, err error)

func (CredentialTypeIdentifier) MarshalText Uses

func (id CredentialTypeIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (CredentialTypeIdentifier) Name Uses

func (oi CredentialTypeIdentifier) Name() string

Name returns the last part of this identifier.

func (CredentialTypeIdentifier) Parent Uses

func (oi CredentialTypeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (CredentialTypeIdentifier) Root Uses

func (oi CredentialTypeIdentifier) Root() string

func (*CredentialTypeIdentifier) Scan Uses

func (oi *CredentialTypeIdentifier) Scan(src interface{}) error

func (CredentialTypeIdentifier) String Uses

func (oi CredentialTypeIdentifier) String() string

String returns this identifier as a string.

func (*CredentialTypeIdentifier) UnmarshalCBOR Uses

func (oi *CredentialTypeIdentifier) UnmarshalCBOR(data []byte) error

func (*CredentialTypeIdentifier) UnmarshalText Uses

func (id *CredentialTypeIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (CredentialTypeIdentifier) Value Uses

func (oi CredentialTypeIdentifier) Value() (driver.Value, error)

type DisclosedAttribute Uses

type DisclosedAttribute struct {
    RawValue         *string                 `json:"rawvalue"`
    Value            TranslatedString        `json:"value"` // Value of the disclosed attribute
    Identifier       AttributeTypeIdentifier `json:"id"`
    Status           AttributeProofStatus    `json:"status"`
    IssuanceTime     Timestamp               `json:"issuancetime"`
    NotRevoked       bool                    `json:"notrevoked,omitempty"`
    NotRevokedBefore *Timestamp              `json:"notrevokedbefore,omitempty"`
}

DisclosedAttribute represents a disclosed attribute.

type DisclosedAttributeIndex Uses

type DisclosedAttributeIndex struct {
    CredentialIndex int                  `json:"cred"`
    AttributeIndex  int                  `json:"attr"`
    Identifier      CredentialIdentifier `json:"-"` // credential from which this attribute was disclosed
}

DisclosedAttributeIndex points to a specific attribute in a gabi.ProofList.

type DisclosedAttributeIndices Uses

type DisclosedAttributeIndices [][]*DisclosedAttributeIndex

DisclosedAttributeIndices contains, for each conjunction of an attribute disclosure request, a list of attribute indices, pointing to where the disclosed attributes for that conjunction can be found within a gabi.ProofList.

type Disclosure Uses

type Disclosure struct {
    Proofs  gabi.ProofList            `json:"proofs"`
    Indices DisclosedAttributeIndices `json:"indices"`
}

func (*Disclosure) DisclosedAttributes Uses

func (d *Disclosure) DisclosedAttributes(configuration *Configuration, condiscon AttributeConDisCon, revtimes map[int]*time.Time) (bool, [][]*DisclosedAttribute, error)

DisclosedAttributes returns a slice containing for each item in the conjunction the disclosed attributes that are present in the proof list. If a non-empty and non-nil AttributeDisjunctionList is included, then the first attributes in the returned slice match with the disjunction list in the disjunction list. The first return parameter of this function indicates whether or not all disjunctions (if present) are satisfied.

func (*Disclosure) Verify Uses

func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error)

func (*Disclosure) VerifyAgainstRequest Uses

func (d *Disclosure) VerifyAgainstRequest(
    configuration *Configuration,
    request SessionRequest,
    context, nonce *big.Int,
    publickeys []*gabi.PublicKey,
    validAt *time.Time,
    issig bool,
) ([][]*DisclosedAttribute, ProofStatus, error)

type DisclosureChoice Uses

type DisclosureChoice struct {
    Attributes [][]*AttributeIdentifier
}

A DisclosureChoice contains the attributes chosen to be disclosed.

func (*DisclosureChoice) Validate Uses

func (choice *DisclosureChoice) Validate() error

type DisclosureRequest Uses

type DisclosureRequest struct {
    BaseRequest

    Disclose AttributeConDisCon       `json:"disclose,omitempty"`
    Labels   map[int]TranslatedString `json:"labels,omitempty"`
}

A DisclosureRequest is a request to disclose certain attributes. Construct new instances using NewDisclosureRequest().

func NewDisclosureRequest Uses

func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest

func (*DisclosureRequest) Action Uses

func (dr *DisclosureRequest) Action() Action

func (*DisclosureRequest) AddSingle Uses

func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *string, label TranslatedString)

func (*DisclosureRequest) Base Uses

func (dr *DisclosureRequest) Base() *BaseRequest

func (*DisclosureRequest) Disclosure Uses

func (dr *DisclosureRequest) Disclosure() *DisclosureRequest

func (*DisclosureRequest) Identifiers Uses

func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet

func (*DisclosureRequest) IsDisclosureRequest Uses

func (dr *DisclosureRequest) IsDisclosureRequest() bool

func (*DisclosureRequest) Legacy Uses

func (dr *DisclosureRequest) Legacy() (SessionRequest, error)

func (*DisclosureRequest) UnmarshalJSON Uses

func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error)

func (*DisclosureRequest) Validate Uses

func (dr *DisclosureRequest) Validate() error

type ErrorType Uses

type ErrorType string

ErrorType are session errors.

func (ErrorType) Error Uses

func (err ErrorType) Error() string

type EventRecord Uses

type EventRecord struct {
    Index      *uint64                  `gorm:"primary_key;column:eventindex;auto_increment:false"`
    CredType   CredentialTypeIdentifier `gorm:"primary_key"`
    PKCounter  *uint                    `gorm:"primary_key;auto_increment:false"`
    E          *RevocationAttribute
    ParentHash eventHash
}

Structs corresponding to SQL table rows, ending in Record

func (*EventRecord) Convert Uses

func (e *EventRecord) Convert(id CredentialTypeIdentifier, pkcounter uint, event *revocation.Event) *EventRecord

func (*EventRecord) Event Uses

func (e *EventRecord) Event() *revocation.Event

type ExpiredError Uses

type ExpiredError struct {
    Err error // underlying error
}

ExpiredError indicates that something (e.g. a JWT) has expired.

func (ExpiredError) Error Uses

func (e ExpiredError) Error() string

type HTTPTransport Uses

type HTTPTransport struct {
    Server     string
    Binary     bool
    ForceHTTPS bool
    // contains filtered or unexported fields
}

HTTPTransport sends and receives JSON messages to a HTTP server.

func NewHTTPTransport Uses

func NewHTTPTransport(serverURL string, forceHTTPS bool) *HTTPTransport

NewHTTPTransport returns a new HTTPTransport.

func (*HTTPTransport) Delete Uses

func (transport *HTTPTransport) Delete()

Delete performs a DELETE.

func (*HTTPTransport) Get Uses

func (transport *HTTPTransport) Get(url string, result interface{}) error

Get performs a GET request and parses the server's response into result.

func (*HTTPTransport) GetBytes Uses

func (transport *HTTPTransport) GetBytes(url string) ([]byte, error)

func (*HTTPTransport) Post Uses

func (transport *HTTPTransport) Post(url string, result interface{}, object interface{}) error

Post sends the object to the server and parses its response into result.

func (*HTTPTransport) SetHeader Uses

func (transport *HTTPTransport) SetHeader(name, val string)

SetHeader sets a header to be sent in requests.

type IdentityProviderJwt Uses

type IdentityProviderJwt struct {
    ServerJwt
    Request *IdentityProviderRequest `json:"iprequest"`
}

IdentityProviderJwt is a requestor JWT for issuance session.

func NewIdentityProviderJwt Uses

func NewIdentityProviderJwt(servername string, ir *IssuanceRequest) *IdentityProviderJwt

NewIdentityProviderJwt returns a new IdentityProviderJwt.

func (*IdentityProviderJwt) Action Uses

func (claims *IdentityProviderJwt) Action() Action

func (*IdentityProviderJwt) RequestorRequest Uses

func (claims *IdentityProviderJwt) RequestorRequest() RequestorRequest

func (*IdentityProviderJwt) SessionRequest Uses

func (claims *IdentityProviderJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*IdentityProviderJwt) Sign Uses

func (claims *IdentityProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*IdentityProviderJwt) Valid Uses

func (claims *IdentityProviderJwt) Valid() error

type IdentityProviderRequest Uses

type IdentityProviderRequest struct {
    RequestorBaseRequest
    Request *IssuanceRequest `json:"request"`
}

An IdentityProviderRequest contains an issuance request.

func (*IdentityProviderRequest) Base Uses

func (r *IdentityProviderRequest) Base() RequestorBaseRequest

func (*IdentityProviderRequest) SessionRequest Uses

func (r *IdentityProviderRequest) SessionRequest() SessionRequest

func (*IdentityProviderRequest) Validate Uses

func (r *IdentityProviderRequest) Validate() error

type IrmaIdentifierSet Uses

type IrmaIdentifierSet struct {
    SchemeManagers   map[SchemeManagerIdentifier]struct{}
    Issuers          map[IssuerIdentifier]struct{}
    CredentialTypes  map[CredentialTypeIdentifier]struct{}
    PublicKeys       map[IssuerIdentifier][]uint
    AttributeTypes   map[AttributeTypeIdentifier]struct{}
    RequestorSchemes map[RequestorSchemeIdentifier]struct{}
}

IrmaIdentifierSet contains a set (ensured by using map[...]struct{}) of all scheme managers, all issuers, all credential types, all public keys and all attribute types that are involved in an IRMA session.

func (*IrmaIdentifierSet) Distributed Uses

func (set *IrmaIdentifierSet) Distributed(conf *Configuration) bool

func (*IrmaIdentifierSet) Empty Uses

func (set *IrmaIdentifierSet) Empty() bool

func (*IrmaIdentifierSet) String Uses

func (set *IrmaIdentifierSet) String() string

type IssuanceRecord Uses

type IssuanceRecord struct {
    Key        string                   `gorm:"primary_key;column:revocationkey"`
    CredType   CredentialTypeIdentifier `gorm:"primary_key"`
    Issued     int64                    `gorm:"primary_key;auto_increment:false"`
    PKCounter  *uint
    Attr       *RevocationAttribute
    ValidUntil int64
    RevokedAt  int64 `json:",omitempty"` // 0 if not currently revoked
}

IssuanceRecord contains information generated during issuance, needed for later revocation.

type IssuanceRequest Uses

type IssuanceRequest struct {
    DisclosureRequest
    Credentials []*CredentialRequest `json:"credentials"`

    // Derived data
    CredentialInfoList        CredentialInfoList `json:",omitempty"`
    RemovalCredentialInfoList CredentialInfoList `json:",omitempty"`
}

An IssuanceRequest is a request to issue certain credentials, optionally also asking for certain attributes to be simultaneously disclosed. Construct new instances using NewIssuanceRequest().

func NewIssuanceRequest Uses

func NewIssuanceRequest(creds []*CredentialRequest, attrs ...AttributeTypeIdentifier) *IssuanceRequest

func (*IssuanceRequest) Action Uses

func (ir *IssuanceRequest) Action() Action

func (*IssuanceRequest) GetCredentialInfoList Uses

func (ir *IssuanceRequest) GetCredentialInfoList(
    conf *Configuration,
    version *ProtocolVersion,
    issuedAt time.Time,
) (CredentialInfoList, error)

func (*IssuanceRequest) Identifiers Uses

func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet

func (*IssuanceRequest) Legacy Uses

func (ir *IssuanceRequest) Legacy() (SessionRequest, error)

func (*IssuanceRequest) UnmarshalJSON Uses

func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error)

func (*IssuanceRequest) Validate Uses

func (ir *IssuanceRequest) Validate() error

type IssueCommitmentMessage Uses

type IssueCommitmentMessage struct {
    *gabi.IssueCommitmentMessage
    Indices DisclosedAttributeIndices `json:"indices,omitempty"`
}

func (*IssueCommitmentMessage) Disclosure Uses

func (i *IssueCommitmentMessage) Disclosure() *Disclosure

type Issuer Uses

type Issuer struct {
    ID              string           `xml:"ID"`
    Name            TranslatedString `xml:"Name"`
    ShortName       TranslatedString `xml:"ShortName"`
    SchemeManagerID string           `xml:"SchemeManager"`
    ContactAddress  string
    ContactEMail    string
    DeprecatedSince Timestamp
    XMLVersion      int `xml:"version,attr"`
}

Issuer describes an issuer.

func (*Issuer) Identifier Uses

func (id *Issuer) Identifier() IssuerIdentifier

Identifier returns the identifier of the specified issuer description.

func (*Issuer) SchemeManagerIdentifier Uses

func (id *Issuer) SchemeManagerIdentifier() SchemeManagerIdentifier

type IssuerIdentifier Uses

type IssuerIdentifier struct {
    // contains filtered or unexported fields
}

IssuerIdentifier identifies an issuer. For example "irma-demo.RU".

func NewIssuerIdentifier Uses

func NewIssuerIdentifier(id string) IssuerIdentifier

NewIssuerIdentifier converts the specified identifier to a IssuerIdentifier.

func (IssuerIdentifier) Empty Uses

func (oi IssuerIdentifier) Empty() bool

func (IssuerIdentifier) GormDataType Uses

func (IssuerIdentifier) GormDataType(dialect gorm.Dialect) string

func (IssuerIdentifier) MarshalCBOR Uses

func (oi IssuerIdentifier) MarshalCBOR() (data []byte, err error)

func (IssuerIdentifier) MarshalText Uses

func (id IssuerIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (IssuerIdentifier) Name Uses

func (oi IssuerIdentifier) Name() string

Name returns the last part of this identifier.

func (IssuerIdentifier) Parent Uses

func (oi IssuerIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (IssuerIdentifier) Root Uses

func (oi IssuerIdentifier) Root() string

func (*IssuerIdentifier) Scan Uses

func (oi *IssuerIdentifier) Scan(src interface{}) error

func (IssuerIdentifier) SchemeManagerIdentifier Uses

func (id IssuerIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier

SchemeManagerIdentifier returns the scheme manager identifer of the issuer.

func (IssuerIdentifier) String Uses

func (oi IssuerIdentifier) String() string

String returns this identifier as a string.

func (*IssuerIdentifier) UnmarshalCBOR Uses

func (oi *IssuerIdentifier) UnmarshalCBOR(data []byte) error

func (*IssuerIdentifier) UnmarshalText Uses

func (id *IssuerIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (IssuerIdentifier) Value Uses

func (oi IssuerIdentifier) Value() (driver.Value, error)

type LegacyDisclosureRequest Uses

type LegacyDisclosureRequest struct {
    BaseRequest
    Content []LegacyLabeledDisjunction `json:"content"`
}

func (*LegacyDisclosureRequest) Action Uses

func (dr *LegacyDisclosureRequest) Action() Action

func (*LegacyDisclosureRequest) Base Uses

func (dr *LegacyDisclosureRequest) Base() *BaseRequest

func (*LegacyDisclosureRequest) Disclosure Uses

func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest

func (*LegacyDisclosureRequest) Identifiers Uses

func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet

func (*LegacyDisclosureRequest) Legacy Uses

func (dr *LegacyDisclosureRequest) Legacy() (SessionRequest, error)

func (*LegacyDisclosureRequest) Validate Uses

func (dr *LegacyDisclosureRequest) Validate() error

type LegacyDisjunction Uses

type LegacyDisjunction []AttributeRequest

LegacyDisjunction is a disjunction of attributes from before the condiscon feature, representing a list of attribute types one of which must be given by the user, possibly requiring specific values. (C.f. AttributeCon, also defined as []AttributeRequest, which is only satisfied if all listed attributes are given by the user.)

func (*LegacyDisjunction) MarshalJSON Uses

func (l *LegacyDisjunction) MarshalJSON() ([]byte, error)

func (*LegacyDisjunction) UnmarshalJSON Uses

func (l *LegacyDisjunction) UnmarshalJSON(bts []byte) error

type LegacyIssuanceRequest Uses

type LegacyIssuanceRequest struct {
    BaseRequest
    Credentials []*CredentialRequest       `json:"credentials"`
    Disclose    []LegacyLabeledDisjunction `json:"disclose"`
}

func (*LegacyIssuanceRequest) Action Uses

func (ir *LegacyIssuanceRequest) Action() Action

func (*LegacyIssuanceRequest) Base Uses

func (ir *LegacyIssuanceRequest) Base() *BaseRequest

func (*LegacyIssuanceRequest) Disclosure Uses

func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest

func (*LegacyIssuanceRequest) Identifiers Uses

func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet

func (*LegacyIssuanceRequest) Legacy Uses

func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error)

func (*LegacyIssuanceRequest) Validate Uses

func (ir *LegacyIssuanceRequest) Validate() error

type LegacyLabeledDisjunction Uses

type LegacyLabeledDisjunction struct {
    Label      string            `json:"label"`
    Attributes LegacyDisjunction `json:"attributes"`
}

type LegacySignatureRequest Uses

type LegacySignatureRequest struct {
    LegacyDisclosureRequest
    Message string `json:"message"`
}

func (*LegacySignatureRequest) Action Uses

func (ir *LegacySignatureRequest) Action() Action

type MetadataAttribute Uses

type MetadataAttribute struct {
    Int *big.Int

    Conf *Configuration
    // contains filtered or unexported fields
}

metadataAttribute represents a metadata attribute. Contains the credential type, signing date, validity, and the public key counter.

func MetadataFromInt Uses

func MetadataFromInt(i *big.Int, conf *Configuration) *MetadataAttribute

MetadataFromInt wraps the given Int

func NewMetadataAttribute Uses

func NewMetadataAttribute(version byte) *MetadataAttribute

NewMetadataAttribute constructs a new instance containing the default values: provided version as versionField now as signing date 0 as keycounter ValidityDefault (half a year) as default validity.

func (*MetadataAttribute) Bytes Uses

func (attr *MetadataAttribute) Bytes() []byte

Bytes returns this metadata attribute as a byte slice. Bigint's Bytes() method returns a big-endian byte slice, so add padding at begin.

func (*MetadataAttribute) CredentialType Uses

func (attr *MetadataAttribute) CredentialType() *CredentialType

CredentialType returns the credential type of the current instance using the Configuration.

func (*MetadataAttribute) CredentialTypeHash Uses

func (attr *MetadataAttribute) CredentialTypeHash() []byte

func (*MetadataAttribute) Expiry Uses

func (attr *MetadataAttribute) Expiry() time.Time

Expiry returns the expiry date of this instance

func (*MetadataAttribute) IsValid Uses

func (attr *MetadataAttribute) IsValid() bool

IsValid returns whether this instance is valid.

func (*MetadataAttribute) IsValidOn Uses

func (attr *MetadataAttribute) IsValidOn(t time.Time) bool

IsValidOn returns whether this instance is still valid at the given time

func (*MetadataAttribute) KeyCounter Uses

func (attr *MetadataAttribute) KeyCounter() uint

KeyCounter return the public key counter of the metadata attribute

func (*MetadataAttribute) PublicKey Uses

func (attr *MetadataAttribute) PublicKey() (*gabi.PublicKey, error)

PublicKey extracts identifier of the Idemix public key with which this instance was signed, and returns this public key.

func (*MetadataAttribute) SigningDate Uses

func (attr *MetadataAttribute) SigningDate() time.Time

SigningDate returns the time at which this instance was signed

func (*MetadataAttribute) ValidityDuration Uses

func (attr *MetadataAttribute) ValidityDuration() int

ValidityDuration returns the amount of epochs during which this instance is valid

func (*MetadataAttribute) Version Uses

func (attr *MetadataAttribute) Version() byte

Version returns the metadata version of this instance

type NonRevocationParameters Uses

type NonRevocationParameters map[CredentialTypeIdentifier]*NonRevocationRequest

func (*NonRevocationParameters) MarshalJSON Uses

func (n *NonRevocationParameters) MarshalJSON() ([]byte, error)

func (*NonRevocationParameters) UnmarshalJSON Uses

func (n *NonRevocationParameters) UnmarshalJSON(bts []byte) error

type NonRevocationRequest Uses

type NonRevocationRequest struct {
    Tolerance uint64                      `json:"tolerance,omitempty"`
    Updates   map[uint]*revocation.Update `json:"updates,omitempty"`
}

type PrivateKeyRing Uses

type PrivateKeyRing interface {
    // Latest returns the private key with the highest counter for the specified issuer, if any,
    // or an error.
    Latest(id IssuerIdentifier) (*gabi.PrivateKey, error)

    // Get returns the specified private key, or an error.
    Get(id IssuerIdentifier, counter uint) (*gabi.PrivateKey, error)

    // Iterate executes the specified function on each private key of the specified issuer
    // present in the ring. The private keys are offered to the function in no particular order,
    // and the same key may be offered multiple times. Returns on the first error returned
    // by the function.
    Iterate(id IssuerIdentifier, f func(sk *gabi.PrivateKey) error) error
}

PrivateKeyRing provides access to a set of private keys.

type PrivateKeyRingFolder Uses

type PrivateKeyRingFolder struct {
    // contains filtered or unexported fields
}

PrivateKeyRingFolder represents a folder on disk containing private keys with filenames of the form scheme.issuer.xml and scheme.issuer.counter.xml.

func NewPrivateKeyRingFolder Uses

func NewPrivateKeyRingFolder(path string, conf *Configuration) (*PrivateKeyRingFolder, error)

func (*PrivateKeyRingFolder) Get Uses

func (p *PrivateKeyRingFolder) Get(id IssuerIdentifier, counter uint) (*gabi.PrivateKey, error)

func (*PrivateKeyRingFolder) Iterate Uses

func (p *PrivateKeyRingFolder) Iterate(id IssuerIdentifier, f func(sk *gabi.PrivateKey) error) error

func (*PrivateKeyRingFolder) Latest Uses

func (p *PrivateKeyRingFolder) Latest(id IssuerIdentifier) (*gabi.PrivateKey, error)

type ProofList Uses

type ProofList gabi.ProofList

ProofList is a gabi.ProofList with some extra methods.

func (ProofList) Expired Uses

func (pl ProofList) Expired(configuration *Configuration, t *time.Time) (bool, error)

Expired returns true if any of the contained disclosure proofs is specified at the specified time, or now, when the specified time is nil.

func (ProofList) ExtractPublicKeys Uses

func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabi.PublicKey, error)

ExtractPublicKeys returns the public keys of each proof in the proofList, in the same order, for later use in verification of the proofList. If one of the proofs is not a ProofD an error is returned.

func (ProofList) VerifyProofs Uses

func (pl ProofList) VerifyProofs(
    configuration *Configuration,
    request SessionRequest,
    context *big.Int, nonce *big.Int,
    publickeys []*gabi.PublicKey,
    validAt *time.Time,
    isSig bool,
) (bool, map[int]*time.Time, error)

VerifyProofs verifies the proofs cryptographically.

type ProofStatus Uses

type ProofStatus string

ProofStatus is the status of the complete proof

type ProtocolVersion Uses

type ProtocolVersion struct {
    Major int
    Minor int
}

ProtocolVersion encodes the IRMA protocol version of an IRMA session.

func NewVersion Uses

func NewVersion(major, minor int) *ProtocolVersion

func (*ProtocolVersion) Above Uses

func (v *ProtocolVersion) Above(major, minor int) bool

func (*ProtocolVersion) AboveVersion Uses

func (v *ProtocolVersion) AboveVersion(other *ProtocolVersion) bool

func (*ProtocolVersion) Below Uses

func (v *ProtocolVersion) Below(major, minor int) bool

Returns true if v is below the given version.

func (*ProtocolVersion) BelowVersion Uses

func (v *ProtocolVersion) BelowVersion(other *ProtocolVersion) bool

func (*ProtocolVersion) MarshalJSON Uses

func (v *ProtocolVersion) MarshalJSON() ([]byte, error)

func (*ProtocolVersion) String Uses

func (v *ProtocolVersion) String() string

func (*ProtocolVersion) UnmarshalJSON Uses

func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error)

type Qr Uses

type Qr struct {
    // Server with which to perform the session
    URL string `json:"u"`
    // Session type (disclosing, signing, issuing)
    Type Action `json:"irmaqr"`
}

Qr contains the data of an IRMA session QR (as generated by irma_js), suitable for NewSession().

func (*Qr) IsQr Uses

func (qr *Qr) IsQr() bool

func (*Qr) Validate Uses

func (qr *Qr) Validate() (err error)

type RemoteError Uses

type RemoteError struct {
    Status      int    `json:"status,omitempty"`
    ErrorName   string `json:"error,omitempty"`
    Description string `json:"description,omitempty"`
    Message     string `json:"message,omitempty"`
    Stacktrace  string `json:"stacktrace,omitempty"`
}

RemoteError is an error message returned by the API server on errors.

func (*RemoteError) Error Uses

func (err *RemoteError) Error() string

type RequestorBaseRequest Uses

type RequestorBaseRequest struct {
    ResultJwtValidity int    `json:"validity,omitempty"`    // Validity of session result JWT in seconds
    ClientTimeout     int    `json:"timeout,omitempty"`     // Wait this many seconds for the IRMA app to connect before the session times out
    CallbackURL       string `json:"callbackUrl,omitempty"` // URL to post session result to
}

RequestorBaseRequest contains fields present in all RequestorRequest types with which the requestor configures an IRMA session.

type RequestorChunk Uses

type RequestorChunk []*RequestorInfo

RequestorChunk is a number of verified requestors stored together. The RequestorScheme can consist of multiple such chunks

type RequestorInfo Uses

type RequestorInfo struct {
    Scheme     RequestorSchemeIdentifier `json:"scheme"`
    Name       TranslatedString          `json:"name"`
    Industry   *TranslatedString         `json:"industry"`
    Hostnames  []string                  `json:"hostnames"`
           *string                   `json:"logo"`
    ValidUntil *Timestamp                `json:"valid_until"`
}

RequestorInfo describes a single verified requestor

func NewRequestorInfo Uses

func NewRequestorInfo(hostname string) *RequestorInfo

NewRequestorInfo returns a Requestor with just the given hostname

type RequestorJwt Uses

type RequestorJwt interface {
    Action() Action
    RequestorRequest() RequestorRequest
    SessionRequest() SessionRequest
    Requestor() string
    Valid() error
    Sign(jwt.SigningMethod, interface{}) (string, error)
}

A RequestorJwt contains an IRMA session object.

func ParseRequestorJwt Uses

func ParseRequestorJwt(action string, requestorJwt string) (RequestorJwt, error)

ParseRequestorJwt parses the specified JWT and returns the contents. Note: this function does not verify the signature! Do that elsewhere.

type RequestorRequest Uses

type RequestorRequest interface {
    Validator
    SessionRequest() SessionRequest
    Base() RequestorBaseRequest
}

RequestorRequest is the message with which requestors start an IRMA session. It contains a SessionRequest instance for the irmaclient along with extra fields in a RequestorBaseRequest.

type RequestorScheme Uses

type RequestorScheme struct {
    ID        RequestorSchemeIdentifier `json:"id"`
    URL       string                    `json:"url"`
    Status    SchemeManagerStatus       `json:"-"`
    Timestamp Timestamp                 `json:"-"`
    // contains filtered or unexported fields
}

RequestorScheme describes verified requestors

type RequestorSchemeIdentifier Uses

type RequestorSchemeIdentifier struct {
    // contains filtered or unexported fields
}

RequestorSchemeIdentifier identifies a requestor scheme. Equal to its ID. For example "pbdf-requestors"

func NewRequestorSchemeIdentifier Uses

func NewRequestorSchemeIdentifier(id string) RequestorSchemeIdentifier

NewRequestorIdentifier converts the specified identifier to a RequestorSchemeIdentifier.

func (RequestorSchemeIdentifier) Empty Uses

func (oi RequestorSchemeIdentifier) Empty() bool

func (RequestorSchemeIdentifier) GormDataType Uses

func (RequestorSchemeIdentifier) GormDataType(dialect gorm.Dialect) string

func (RequestorSchemeIdentifier) MarshalCBOR Uses

func (oi RequestorSchemeIdentifier) MarshalCBOR() (data []byte, err error)

func (RequestorSchemeIdentifier) MarshalText Uses

func (id RequestorSchemeIdentifier) MarshalText() ([]byte, error)

func (RequestorSchemeIdentifier) Name Uses

func (oi RequestorSchemeIdentifier) Name() string

Name returns the last part of this identifier.

func (RequestorSchemeIdentifier) Parent Uses

func (oi RequestorSchemeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (RequestorSchemeIdentifier) Root Uses

func (oi RequestorSchemeIdentifier) Root() string

func (*RequestorSchemeIdentifier) Scan Uses

func (oi *RequestorSchemeIdentifier) Scan(src interface{}) error

func (RequestorSchemeIdentifier) String Uses

func (oi RequestorSchemeIdentifier) String() string

String returns this identifier as a string.

func (*RequestorSchemeIdentifier) UnmarshalCBOR Uses

func (oi *RequestorSchemeIdentifier) UnmarshalCBOR(data []byte) error

func (*RequestorSchemeIdentifier) UnmarshalText Uses

func (id *RequestorSchemeIdentifier) UnmarshalText(text []byte) error

func (RequestorSchemeIdentifier) Value Uses

func (oi RequestorSchemeIdentifier) Value() (driver.Value, error)

type RequiredAttributeMissingError Uses

type RequiredAttributeMissingError struct {
    ErrorType
    Missing *IrmaIdentifierSet
}

func (*RequiredAttributeMissingError) Error Uses

func (e *RequiredAttributeMissingError) Error() string

type RevocationAttribute Uses

type RevocationAttribute big.Int

RevocationAttribute is a big.Int with DB (un)marshaling methods.

func (RevocationAttribute) GormDataType Uses

func (RevocationAttribute) GormDataType(dialect gorm.Dialect) string

func (*RevocationAttribute) MarshalCBOR Uses

func (i *RevocationAttribute) MarshalCBOR() ([]byte, error)

func (*RevocationAttribute) Scan Uses

func (i *RevocationAttribute) Scan(src interface{}) error

Scan implements sql.Scanner, for SQL unmarshaling (from a []byte).

func (*RevocationAttribute) UnmarshalCBOR Uses

func (i *RevocationAttribute) UnmarshalCBOR(data []byte) error

func (*RevocationAttribute) Value Uses

func (i *RevocationAttribute) Value() (driver.Value, error)

Value implements driver.Valuer, for SQL marshaling (to []byte).

type RevocationClient Uses

type RevocationClient struct {
    Conf     *Configuration
    Settings RevocationSettings
    // contains filtered or unexported fields
}

RevocationClient offers an HTTP client to the revocation server endpoints.

func (RevocationClient) FetchUpdateFrom Uses

func (client RevocationClient) FetchUpdateFrom(id CredentialTypeIdentifier, pkcounter uint, from uint64) (*revocation.Update, error)

func (RevocationClient) FetchUpdateLatest Uses

func (client RevocationClient) FetchUpdateLatest(id CredentialTypeIdentifier, pkcounter uint, count uint64) (*revocation.Update, error)

func (RevocationClient) FetchUpdatesLatest Uses

func (client RevocationClient) FetchUpdatesLatest(id CredentialTypeIdentifier, count uint64) (map[uint]*revocation.Update, error)

func (RevocationClient) PostIssuanceRecord Uses

func (client RevocationClient) PostIssuanceRecord(id CredentialTypeIdentifier, sk *revocation.PrivateKey, rec *IssuanceRecord, url string) error

type RevocationJwt Uses

type RevocationJwt struct {
    ServerJwt
    Request *RevocationRequest `json:"revrequest"`
}

func (*RevocationJwt) Sign Uses

func (claims *RevocationJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*RevocationJwt) Valid Uses

func (claims *RevocationJwt) Valid() error

type RevocationKeys Uses

type RevocationKeys struct {
    Conf *Configuration
}

RevocationKeys contains helper functions for retrieving revocation private and public keys from an irma.Configuration instance.

func (RevocationKeys) PrivateKey Uses

func (rs RevocationKeys) PrivateKey(issid IssuerIdentifier, counter uint) (*revocation.PrivateKey, error)

func (RevocationKeys) PrivateKeyLatest Uses

func (rs RevocationKeys) PrivateKeyLatest(issid IssuerIdentifier) (*revocation.PrivateKey, error)

func (RevocationKeys) PublicKey Uses

func (rs RevocationKeys) PublicKey(issid IssuerIdentifier, counter uint) (*revocation.PublicKey, error)

type RevocationRequest Uses

type RevocationRequest struct {
    LDContext      string                   `json:"@context,omitempty"`
    CredentialType CredentialTypeIdentifier `json:"type"`
    Key            string                   `json:"revocationKey,omitempty"`
    Issued         int64                    `json:"issued,omitempty"`
}

func (*RevocationRequest) Validate Uses

func (r *RevocationRequest) Validate() error

type RevocationSetting Uses

type RevocationSetting struct {
    Server              bool   `json:"server,omitempty" mapstructure:"server"`
    Authority           bool   `json:"authority,omitempty" mapstructure:"authority"`
    RevocationServerURL string `json:"revocation_server_url,omitempty" mapstructure:"revocation_server_url"`
    Tolerance           uint64 `json:"tolerance,omitempty" mapstructure:"tolerance"` // in seconds, min 30
    SSE                 bool   `json:"sse,omitempty" mapstructure:"sse"`
    // contains filtered or unexported fields
}

RevocationSetting contains revocation settings for a given credential type.

type RevocationSettings Uses

type RevocationSettings map[CredentialTypeIdentifier]*RevocationSetting

func (RevocationSettings) Get Uses

func (rs RevocationSettings) Get(id CredentialTypeIdentifier) *RevocationSetting

type RevocationStorage Uses

type RevocationStorage struct {
    Keys RevocationKeys

    ServerSentEvents *sse.Server
    // contains filtered or unexported fields
}

RevocationStorage stores and retrieves revocation-related data from and to a SQL database, and offers a revocation API for all other irmago code, including a Revoke() method that revokes an earlier issued credential.

func (*RevocationStorage) Accumulator Uses

func (rs *RevocationStorage) Accumulator(id CredentialTypeIdentifier, pkcounter uint) (
    *revocation.SignedAccumulator, error,
)

func (*RevocationStorage) AddIssuanceRecord Uses

func (rs *RevocationStorage) AddIssuanceRecord(r *IssuanceRecord) error

func (*RevocationStorage) AddUpdate Uses

func (rs *RevocationStorage) AddUpdate(id CredentialTypeIdentifier, record *revocation.Update) error

func (*RevocationStorage) Close Uses

func (rs *RevocationStorage) Close() error

func (*RevocationStorage) EnableRevocation Uses

func (rs *RevocationStorage) EnableRevocation(id CredentialTypeIdentifier, sk *revocation.PrivateKey) error

EnableRevocation creates an initial accumulator for a given credential type. This function is the only way to create such an initial accumulator and it must be called before anyone can use revocation for this credential type. Requires the issuer private key.

func (*RevocationStorage) Events Uses

func (rs *RevocationStorage) Events(id CredentialTypeIdentifier, pkcounter uint, from, to uint64) (*revocation.EventList, error)

func (*RevocationStorage) Exists Uses

func (rs *RevocationStorage) Exists(id CredentialTypeIdentifier, counter uint) (bool, error)

Exists returns whether or not an accumulator exists in the database for the given credential type.

func (*RevocationStorage) IssuanceRecords Uses

func (rs *RevocationStorage) IssuanceRecords(id CredentialTypeIdentifier, key string, issued time.Time) ([]*IssuanceRecord, error)

func (*RevocationStorage) Load Uses

func (rs *RevocationStorage) Load(debug bool, dbtype, connstr string, settings RevocationSettings) error

func (*RevocationStorage) PostUpdate Uses

func (rs *RevocationStorage) PostUpdate(id CredentialTypeIdentifier, update *revocation.Update)

func (*RevocationStorage) Revoke Uses

func (rs *RevocationStorage) Revoke(id CredentialTypeIdentifier, key string, issued time.Time) error

Revoke revokes the credential(s) specified by key and issued, if found within the current database, by updating their revocation time to now, removing their revocation attribute from the current accumulator, and updating the revocation database on disk. If issued is not specified, i.e. passed the zero value, all credentials specified by key are revoked.

func (*RevocationStorage) SaveIssuanceRecord Uses

func (rs *RevocationStorage) SaveIssuanceRecord(id CredentialTypeIdentifier, rec *IssuanceRecord, sk *gabi.PrivateKey) error

SaveIssuanceRecord either stores the issuance record locally, if we are the revocation server of the crecential type, or it signs and sends it to the remote revocation server.

func (*RevocationStorage) SetRevocationUpdates Uses

func (rs *RevocationStorage) SetRevocationUpdates(b *BaseRequest) error

SetRevocationUpdates retrieves the latest revocation records from the database, and attaches them to the request, for each credential type for which a nonrevocation proof is requested in b.Revocation.

func (*RevocationStorage) SyncDB Uses

func (rs *RevocationStorage) SyncDB(id CredentialTypeIdentifier) error

func (*RevocationStorage) SyncIfOld Uses

func (rs *RevocationStorage) SyncIfOld(id CredentialTypeIdentifier, maxage uint64) error

func (*RevocationStorage) UpdateLatest Uses

func (rs *RevocationStorage) UpdateLatest(id CredentialTypeIdentifier, count uint64, counter *uint) (map[uint]*revocation.Update, error)

type Scheme Uses

type Scheme interface {
    // contains filtered or unexported methods
}

type SchemeAppVersion Uses

type SchemeAppVersion struct {
    Android int `xml:"Android"`
    IOS     int `xml:"iOS"`
}

type SchemeFileHash Uses

type SchemeFileHash []byte

SchemeFileHash encodes the SHA256 hash of an authenticated file under a scheme within the configuration folder.

func (SchemeFileHash) Equal Uses

func (hash SchemeFileHash) Equal(other SchemeFileHash) bool

func (SchemeFileHash) String Uses

func (hash SchemeFileHash) String() string

type SchemeManager Uses

type SchemeManager struct {
    ID                string           `xml:"Id"`
    Name              TranslatedString `xml:"Name"`
    URL               string           `xml:"Url"`
    Contact           string           `xml:"contact"`
    Demo              bool             `xml:"Demo"` // Decides whether to download private keys
    Description       TranslatedString
    MinimumAppVersion SchemeAppVersion
    KeyshareServer    string
    KeyshareWebsite   string
    KeyshareAttribute string
    TimestampServer   string
    XMLVersion        int      `xml:"version,attr"`
    XMLName           xml.Name `xml:"SchemeManager"`

    Status    SchemeManagerStatus `xml:"-"`
    Timestamp Timestamp
    // contains filtered or unexported fields
}

SchemeManager describes a scheme manager.

func (*SchemeManager) Distributed Uses

func (scheme *SchemeManager) Distributed() bool

Distributed indicates if this scheme uses a keyshare server.

func (*SchemeManager) Identifier Uses

func (scheme *SchemeManager) Identifier() SchemeManagerIdentifier

Identifier returns the identifier of the specified scheme.

type SchemeManagerError Uses

type SchemeManagerError struct {
    Scheme string
    Status SchemeManagerStatus
    Err    error
}

func (SchemeManagerError) Error Uses

func (sme SchemeManagerError) Error() string

type SchemeManagerIdentifier Uses

type SchemeManagerIdentifier struct {
    // contains filtered or unexported fields
}

SchemeManagerIdentifier identifies a scheme manager. Equal to its ID. For example "irma-demo".

func NewSchemeManagerIdentifier Uses

func NewSchemeManagerIdentifier(id string) SchemeManagerIdentifier

NewSchemeManagerIdentifier converts the specified identifier to a SchemeManagerIdentifier.

func (SchemeManagerIdentifier) Empty Uses

func (oi SchemeManagerIdentifier) Empty() bool

func (SchemeManagerIdentifier) GormDataType Uses

func (SchemeManagerIdentifier) GormDataType(dialect gorm.Dialect) string

func (SchemeManagerIdentifier) MarshalCBOR Uses

func (oi SchemeManagerIdentifier) MarshalCBOR() (data []byte, err error)

func (SchemeManagerIdentifier) MarshalText Uses

func (id SchemeManagerIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (SchemeManagerIdentifier) Name Uses

func (oi SchemeManagerIdentifier) Name() string

Name returns the last part of this identifier.

func (SchemeManagerIdentifier) Parent Uses

func (oi SchemeManagerIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (SchemeManagerIdentifier) Root Uses

func (oi SchemeManagerIdentifier) Root() string

func (*SchemeManagerIdentifier) Scan Uses

func (oi *SchemeManagerIdentifier) Scan(src interface{}) error

func (SchemeManagerIdentifier) String Uses

func (oi SchemeManagerIdentifier) String() string

String returns this identifier as a string.

func (*SchemeManagerIdentifier) UnmarshalCBOR Uses

func (oi *SchemeManagerIdentifier) UnmarshalCBOR(data []byte) error

func (*SchemeManagerIdentifier) UnmarshalText Uses

func (id *SchemeManagerIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (SchemeManagerIdentifier) Value Uses

func (oi SchemeManagerIdentifier) Value() (driver.Value, error)

type SchemeManagerIndex Uses

type SchemeManagerIndex map[string]SchemeFileHash

SchemeManagerIndex is a (signed) list of files under a scheme along with their SHA266 hash

func (SchemeManagerIndex) FromString Uses

func (i SchemeManagerIndex) FromString(s string) error

FromString populates this index by parsing the specified string.

func (SchemeManagerIndex) Scheme Uses

func (i SchemeManagerIndex) Scheme() string

func (SchemeManagerIndex) String Uses

func (i SchemeManagerIndex) String() string

type SchemeManagerStatus Uses

type SchemeManagerStatus string

type SchemePointer Uses

type SchemePointer struct {
    URL       string // URL to download scheme from
    Type      SchemeType
    Publickey []byte // Public key of scheme against which to verify files after they have been downloaded
}

SchemePointer points to a remote IRMA scheme, containing information to download the scheme, including its (pinned) public key.

type SchemeType Uses

type SchemeType string

type ServerJwt Uses

type ServerJwt struct {
    Type       string    `json:"sub"`
    ServerName string    `json:"iss"`
    IssuedAt   Timestamp `json:"iat"`
}

ServerJwt contains standard JWT fields.

func (*ServerJwt) Requestor Uses

func (jwt *ServerJwt) Requestor() string

type ServiceProviderJwt Uses

type ServiceProviderJwt struct {
    ServerJwt
    Request *ServiceProviderRequest `json:"sprequest"`
}

ServiceProviderJwt is a requestor JWT for a disclosure session.

func NewServiceProviderJwt Uses

func NewServiceProviderJwt(servername string, dr *DisclosureRequest) *ServiceProviderJwt

NewServiceProviderJwt returns a new ServiceProviderJwt.

func (*ServiceProviderJwt) Action Uses

func (claims *ServiceProviderJwt) Action() Action

func (*ServiceProviderJwt) RequestorRequest Uses

func (claims *ServiceProviderJwt) RequestorRequest() RequestorRequest

func (*ServiceProviderJwt) SessionRequest Uses

func (claims *ServiceProviderJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*ServiceProviderJwt) Sign Uses

func (claims *ServiceProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*ServiceProviderJwt) Valid Uses

func (claims *ServiceProviderJwt) Valid() error

type ServiceProviderRequest Uses

type ServiceProviderRequest struct {
    RequestorBaseRequest
    Request *DisclosureRequest `json:"request"`
}

A ServiceProviderRequest contains a disclosure request.

func (*ServiceProviderRequest) Base Uses

func (r *ServiceProviderRequest) Base() RequestorBaseRequest

func (*ServiceProviderRequest) SessionRequest Uses

func (r *ServiceProviderRequest) SessionRequest() SessionRequest

func (*ServiceProviderRequest) Validate Uses

func (r *ServiceProviderRequest) Validate() error

type SessionError Uses

type SessionError struct {
    Err error
    ErrorType
    Info         string
    RemoteError  *RemoteError
    RemoteStatus int
}

SessionError is a protocol error.

func (*SessionError) Error Uses

func (e *SessionError) Error() string

func (*SessionError) Stack Uses

func (e *SessionError) Stack() string

func (*SessionError) WrappedError Uses

func (e *SessionError) WrappedError() string

type SessionRequest Uses

type SessionRequest interface {
    Validator
    Base() *BaseRequest
    GetNonce(timestamp *atum.Timestamp) *big.Int
    Disclosure() *DisclosureRequest
    Identifiers() *IrmaIdentifierSet
    Action() Action
    Legacy() (SessionRequest, error)
}

SessionRequest instances contain all information the irmaclient needs to perform an IRMA session.

type SignatureRequest Uses

type SignatureRequest struct {
    DisclosureRequest
    Message string `json:"message"`
}

A SignatureRequest is a a request to sign a message with certain attributes. Construct new instances using NewSignatureRequest().

func NewSignatureRequest Uses

func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *SignatureRequest

func (*SignatureRequest) Action Uses

func (sr *SignatureRequest) Action() Action

func (*SignatureRequest) GetNonce Uses

func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int

GetNonce returns the nonce of this signature session (with the message already hashed into it).

func (*SignatureRequest) IsSignatureRequest Uses

func (sr *SignatureRequest) IsSignatureRequest() bool

func (*SignatureRequest) Legacy Uses

func (sr *SignatureRequest) Legacy() (SessionRequest, error)

func (*SignatureRequest) SignatureFromMessage Uses

func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error)

func (*SignatureRequest) UnmarshalJSON Uses

func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error)

func (*SignatureRequest) Validate Uses

func (sr *SignatureRequest) Validate() error

type SignatureRequestorJwt Uses

type SignatureRequestorJwt struct {
    ServerJwt
    Request *SignatureRequestorRequest `json:"absrequest"`
}

SignatureRequestorJwt is a requestor JWT for a signing session.

func NewSignatureRequestorJwt Uses

func NewSignatureRequestorJwt(servername string, sr *SignatureRequest) *SignatureRequestorJwt

NewSignatureRequestorJwt returns a new SignatureRequestorJwt.

func (*SignatureRequestorJwt) Action Uses

func (claims *SignatureRequestorJwt) Action() Action

func (*SignatureRequestorJwt) RequestorRequest Uses

func (claims *SignatureRequestorJwt) RequestorRequest() RequestorRequest

func (*SignatureRequestorJwt) SessionRequest Uses

func (claims *SignatureRequestorJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*SignatureRequestorJwt) Sign Uses

func (claims *SignatureRequestorJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*SignatureRequestorJwt) Valid Uses

func (claims *SignatureRequestorJwt) Valid() error

type SignatureRequestorRequest Uses

type SignatureRequestorRequest struct {
    RequestorBaseRequest
    Request *SignatureRequest `json:"request"`
}

A SignatureRequestorRequest contains a signing request.

func (*SignatureRequestorRequest) Base Uses

func (r *SignatureRequestorRequest) Base() RequestorBaseRequest

func (*SignatureRequestorRequest) SessionRequest Uses

func (r *SignatureRequestorRequest) SessionRequest() SessionRequest

func (*SignatureRequestorRequest) Validate Uses

func (r *SignatureRequestorRequest) Validate() error

type SignedMessage Uses

type SignedMessage struct {
    LDContext string                    `json:"@context"`
    Signature gabi.ProofList            `json:"signature"`
    Indices   DisclosedAttributeIndices `json:"indices"`
    Nonce     *big.Int                  `json:"nonce"`
    Context   *big.Int                  `json:"context"`
    Message   string                    `json:"message"`
    Timestamp *atum.Timestamp           `json:"timestamp"`
}

SignedMessage is a message signed with an attribute-based signature The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)

func (*SignedMessage) Disclosure Uses

func (sm *SignedMessage) Disclosure() *Disclosure

func (*SignedMessage) GetNonce Uses

func (sm *SignedMessage) GetNonce() *big.Int

func (*SignedMessage) MatchesNonceAndContext Uses

func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool

func (*SignedMessage) Verify Uses

func (sm *SignedMessage) Verify(configuration *Configuration, request *SignatureRequest) ([][]*DisclosedAttribute, ProofStatus, error)

Verify the attribute-based signature, optionally against a corresponding signature request. If the request is present (i.e. not nil), then the first attributes in the returned result match with the disjunction list in the request (that is, the i'th attribute in the result should satisfy the i'th disjunction in the request). If the request is not fully satisfied in this fasion, the Status of the result is ProofStatusMissingAttributes. Any remaining attributes (i.e. not asked for by the request) are also included in the result, after the attributes that match disjunctions in the request.

The signature request is optional; if it is nil then the attribute-based signature is still verified, and all containing attributes returned in the result.

func (*SignedMessage) VerifyTimestamp Uses

func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error

Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes, and rerandomized CL-signatures.

func (*SignedMessage) Version Uses

func (sm *SignedMessage) Version() int

type Status Uses

type Status string

Status encodes the status of an IRMA session (e.g., connected).

type Timestamp Uses

type Timestamp time.Time

Timestamp is a time.Time that marshals to Unix timestamps.

func (Timestamp) After Uses

func (t Timestamp) After(u Timestamp) bool

func (Timestamp) Before Uses

func (t Timestamp) Before(u Timestamp) bool

Check if Timestamp is before other Timestamp. Used for checking expiry of attributes

func (*Timestamp) Floor Uses

func (t *Timestamp) Floor() Timestamp

func (Timestamp) IsZero Uses

func (t Timestamp) IsZero() bool

To check whether Timestamp is uninitialized

func (*Timestamp) MarshalJSON Uses

func (t *Timestamp) MarshalJSON() ([]byte, error)

MarshalJSON marshals a timestamp.

func (*Timestamp) MarshalXML Uses

func (t *Timestamp) MarshalXML(e *xml.Encoder, start xml.StartElement) error

func (*Timestamp) String Uses

func (t *Timestamp) String() string

Timestamp implements Stringer.

func (Timestamp) Sub Uses

func (t Timestamp) Sub(u Timestamp) time.Duration

func (*Timestamp) UnmarshalJSON Uses

func (t *Timestamp) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals a timestamp.

func (*Timestamp) UnmarshalXML Uses

func (t *Timestamp) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

type TranslatedString Uses

type TranslatedString map[string]string

TranslatedString is a map of translated strings.

func NewTranslatedString Uses

func NewTranslatedString(attr *string) TranslatedString

NewTranslatedString returns a TranslatedString containing the specified string for each supported language, or nil when attr is nil.

func (*TranslatedString) MarshalXML Uses

func (ts *TranslatedString) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML implements xml.Marshaler.

func (*TranslatedString) UnmarshalXML Uses

func (ts *TranslatedString) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML unmarshals an XML tag containing a string translated to multiple languages, for example: <Foo><en>Hello world</en><nl>Hallo wereld</nl></Foo> into a TranslatedString: { "en": "Hello world" , "nl": "Hallo wereld" }

type UnknownIdentifierError Uses

type UnknownIdentifierError struct {
    ErrorType
    Missing *IrmaIdentifierSet
}

func (*UnknownIdentifierError) Error Uses

func (e *UnknownIdentifierError) Error() string

type Validator Uses

type Validator interface {
    Validate() error
}

Directories

PathSynopsis
internal/common
internal/disable_sigpipe
internal/sessiontestThis package just contains tests.
internal/testPackage test contains functionality that should be available to all unit tests (which live in separate packages).
irma
irmaclientPackage irmaclient implements an IRMA client, that can manage and use IRMA attributes.
irma/cmd
server
server/irmacRequired to be main when building a shared library
server/irmaserverPackage irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
server/requestorserverPackage requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.

Package irma imports 55 packages (graph) and is imported by 10 packages. Updated 2020-09-25. Refresh now. Tools for package owners.