Documentation
¶
Overview ¶
Package verifiable implements Verifiable Credential and Presentation data model (https://www.w3.org/TR/vc-data-model). It provides the data structures and functions which allow to process the Verifiable documents on different sides and levels. For example, an Issuer can create verifiable.Credential structure and issue it to a Holder in JWS form. The Holder can decode received Credential and make sure the signature is valid. The Holder can present the Credential to the Verifier or combine one or more Credentials into a Verifiable Presentation. The Verifier can decode and verify the received Credentials and Presentations.
Index ¶
- Constants
- func BBSSelectiveDisclosure(doc map[string]interface{}, revealDoc map[string]interface{}, nonce []byte, ...) (map[string]interface{}, error)
- func JSONSchemaLoader(opts ...SchemaOpt) string
- func JWTVCToJSON(vc []byte) ([]byte, error)
- func SerializeSubject(subject []Subject) interface{}
- func SubjectID(subject []Subject) (string, error)
- type BBSProofCreator
- type CombinedProofChecker
- type CreatePresentationOpt
- type Credential
- func CreateCredential(vcc CredentialContents, customFields CustomFields) (*Credential, error)
- func CreateCredentialWithProofs(vcc CredentialContents, customFields CustomFields, proofs []Proof) (*Credential, error)
- func ParseCredential(vcData []byte, opts ...CredentialOpt) (*Credential, error)
- func ParseCredentialJSON(vcJSON JSONObject, opts ...CredentialOpt) (*Credential, error)
- func (vc *Credential) AddDataIntegrityProof(context *DataIntegrityProofContext, signer *dataintegrity.Signer) error
- func (vc *Credential) AddLinkedDataProof(context *LinkedDataProofContext, jsonldOpts ...processor.Opts) error
- func (vc *Credential) CheckProof(opts ...CredentialOpt) error
- func (vc *Credential) Contents() CredentialContents
- func (vc *Credential) CreateDisplayCredential(opts ...DisplayCredentialOption) (*Credential, error)
- func (vc *Credential) CreateDisplayCredentialMap(opts ...DisplayCredentialOption) (map[string]interface{}, error)
- func (vc *Credential) CreateSignedJWTVC(minimizeVC bool, signatureAlg JWSAlgorithm, proofCreator jwt.ProofCreator, ...) (*Credential, error)
- func (vc *Credential) CreateUnsecuredJWTVC(minimizeVC bool) (*Credential, error)
- func (vc *Credential) CustomField(name string) interface{}
- func (vc *Credential) GenerateBBSSelectiveDisclosure(revealDoc map[string]interface{}, nonce []byte, ...) (*Credential, error)
- func (vc *Credential) IsJWT() bool
- func (vc *Credential) JWTClaims(minimizeVC bool) (*JWTCredClaims, error)
- func (vc *Credential) JWTHeaders() jose.Headers
- func (vc *Credential) MakeSDJWT(signer jose.Signer, signingKeyID string, options ...MakeSDJWTOption) (string, error)
- func (vc *Credential) MarshalAsJSONLD() ([]byte, error)
- func (vc *Credential) MarshalJSON() ([]byte, error)
- func (vc *Credential) MarshalWithDisclosure(opts ...MarshalDisclosureOption) (string, error)
- func (vc *Credential) Proofs() []Proof
- func (vc *Credential) ResetProofs(newProofs []Proof)
- func (vc *Credential) SDJWTDisclosures() []*common.DisclosureClaim
- func (vc *Credential) SetCustomField(name string, value interface{})
- func (vc *Credential) SetSDJWTDisclosures(disclosures []*common.DisclosureClaim) error
- func (vc *Credential) ToJWTString() (string, error)
- func (vc *Credential) ToRawJSON() JSONObject
- func (vc *Credential) ToUniversalForm() (interface{}, error)
- func (vc *Credential) ValidateCredential(opts ...CredentialOpt) error
- func (vc *Credential) WithModifiedContext(context []string) *Credential
- func (vc *Credential) WithModifiedID(id string) *Credential
- func (vc *Credential) WithModifiedIssuer(issuer *Issuer) *Credential
- func (vc *Credential) WithModifiedStatus(status *TypedID) *Credential
- func (vc *Credential) WithModifiedSubject(subject []Subject) *Credential
- type CredentialContents
- type CredentialDecoder
- type CredentialOpt
- func WithBaseContextExtendedValidation(customContexts, customTypes []string) CredentialOpt
- func WithBaseContextValidation() CredentialOpt
- func WithCredDisableValidation() CredentialOpt
- func WithCredentialSchemaLoader(loader *CredentialSchemaLoader) CredentialOpt
- func WithDataIntegrityVerifier(v *dataintegrity.Verifier) CredentialOpt
- func WithDisabledProofCheck() CredentialOpt
- func WithExpectedDataIntegrityFields(purpose, domain, challenge string) CredentialOpt
- func WithExternalJSONLDContext(context ...string) CredentialOpt
- func WithJSONLDDocumentLoader(documentLoader jsonld.DocumentLoader) CredentialOpt
- func WithJSONLDOnlyValidRDF() CredentialOpt
- func WithJSONLDValidation() CredentialOpt
- func WithJWTProofChecker(verifier jwt.ProofChecker) CredentialOpt
- func WithLDProofChecker(verifier lddocument.ProofChecker) CredentialOpt
- func WithNoCustomSchemaCheck() CredentialOpt
- func WithProofChecker(verifier CombinedProofChecker) CredentialOpt
- func WithSchema(schema string) CredentialOpt
- func WithStrictValidation() CredentialOpt
- type CredentialSchemaLoader
- type CredentialSchemaLoaderBuilder
- func (b *CredentialSchemaLoaderBuilder) Build() *CredentialSchemaLoader
- func (b *CredentialSchemaLoaderBuilder) SetCache(cache SchemaCache) *CredentialSchemaLoaderBuilder
- func (b *CredentialSchemaLoaderBuilder) SetJSONLoader(loader gojsonschema.JSONLoader) *CredentialSchemaLoaderBuilder
- func (b *CredentialSchemaLoaderBuilder) SetSchemaDownloadClient(client *http.Client) *CredentialSchemaLoaderBuilder
- type CredentialTemplate
- type CustomFields
- type DataIntegrityProofContext
- type DisplayCredentialOption
- type Evidence
- type ExpirableSchemaCache
- type Issuer
- type JSONObject
- type JWSAlgorithm
- type JWTCredClaims
- func (jcc *JWTCredClaims) MarshalJWS(signatureAlg JWSAlgorithm, signer jwt.ProofCreator, keyID string) (string, jose.Headers, error)
- func (jcc *JWTCredClaims) MarshalJWSString(signatureAlg JWSAlgorithm, signer jwt.ProofCreator, keyID string) (string, error)
- func (jcc *JWTCredClaims) MarshalUnsecuredJWT() (string, error)
- func (jcc *JWTCredClaims) ToSDJWTV5CredentialPayload() ([]byte, error)
- func (jcc *JWTCredClaims) UnmarshalJSON(data []byte) error
- type JWTCredClaimsUnmarshaller
- type JWTEnvelope
- type JWTPresClaims
- type JWTPresClaimsUnmarshaller
- type LinkedDataProofContext
- type MakeSDJWTOption
- func MakeSDJWTWithAlwaysIncludeObjects(alwaysIncludeObjects []string) MakeSDJWTOption
- func MakeSDJWTWithHash(hash crypto.Hash) MakeSDJWTOption
- func MakeSDJWTWithNonSelectivelyDisclosableClaims(nonSDClaims []string) MakeSDJWTOption
- func MakeSDJWTWithRecursiveClaimsObjects(recursiveClaimsObject []string) MakeSDJWTOption
- func MakeSDJWTWithVersion(version common.SDJWTVersion) MakeSDJWTOption
- type MakeSDJWTOpts
- type MarshalDisclosureOption
- func DiscloseAll() MarshalDisclosureOption
- func DiscloseGivenIfAvailable(disclosureNames []string) MarshalDisclosureOption
- func DiscloseGivenRequired(disclosureNames []string) MarshalDisclosureOption
- func DisclosureHolderBinding(binding *holder.BindingInfo) MarshalDisclosureOption
- func DisclosureSigner(signer jose.Signer, signingKeyID string) MarshalDisclosureOption
- func MarshalWithSDJWTVersion(version common.SDJWTVersion) MarshalDisclosureOption
- type MarshalledCredential
- type Presentation
- func (vp *Presentation) AddCredentials(credentials ...*Credential)
- func (vp *Presentation) AddDataIntegrityProof(context *DataIntegrityProofContext, signer *dataintegrity.Signer) error
- func (vp *Presentation) AddLinkedDataProof(context *LinkedDataProofContext, jsonldOpts ...ldprocessor.Opts) error
- func (vp *Presentation) Credentials() []*Credential
- func (vp *Presentation) JWTClaims(audience []string, minimizeVP bool) (*JWTPresClaims, error)
- func (vp *Presentation) MarshalJSON() ([]byte, error)
- func (vp *Presentation) MarshalledCredentials() ([]MarshalledCredential, error)
- type PresentationOpt
- func WithDisabledJSONLDChecks() PresentationOpt
- func WithPresDataIntegrityVerifier(v *dataintegrity.Verifier) PresentationOpt
- func WithPresDisabledProofCheck() PresentationOpt
- func WithPresExpectedDataIntegrityFields(purpose, domain, challenge string) PresentationOpt
- func WithPresJSONLDDocumentLoader(documentLoader jsonld.DocumentLoader) PresentationOpt
- func WithPresProofChecker(fetcher CombinedProofChecker) PresentationOpt
- func WithPresStrictValidation() PresentationOpt
- type Proof
- type SchemaCache
- type SchemaOpt
- type SignatureRepresentation
- type Subject
- type TypedID
Examples ¶
- Credential (Embedding)
- Credential (ExtraFields)
- Credential.AddLinkedDataProof
- Credential.GenerateBBSSelectiveDisclosure
- Credential.JWTClaims
- ParseCredential
- Presentation
- Presentation (Two)
- Presentation.AddLinkedDataProof
- Presentation.JWTClaims
- Presentation.MarshalJSON
- Presentation.MarshalledCredentials
Constants ¶
View Source
const ( // ContextURI is the required JSON-LD context for VCs and VPs. ContextURI = "https://www.w3.org/2018/credentials/v1" // ContextID is the non-fragment part of the JSON-LD schema ID for VCs and VPs. ContextID = "https://www.w3.org/2018/credentials" // VCType is the required Type for Verifiable Credentials. VCType = "VerifiableCredential" // VPType is the required Type for Verifiable Credentials. VPType = "VerifiablePresentation" )
View Source
const DefaultSchemaTemplate = `` /* 3496-byte string literal not displayed */
DefaultSchemaTemplate describes default schema.
Variables ¶
This section is empty.
Functions ¶
func BBSSelectiveDisclosure ¶ added in v1.1.0
func BBSSelectiveDisclosure(doc map[string]interface{}, revealDoc map[string]interface{}, nonce []byte, bbsProofCreator *BBSProofCreator, opts ...processor.Opts) (map[string]interface{}, error)
BBSSelectiveDisclosure creates selective disclosure from the input doc which must have a BBS+ proof (with BbsBlsSignature2020 type).
func JSONSchemaLoader ¶
JSONSchemaLoader creates default schema with the option to disable the check of specific properties.
func JWTVCToJSON ¶
JWTVCToJSON parses a JWT VC without verifying, and returns the JSON VC contents.
func SerializeSubject ¶ added in v1.1.0
func SerializeSubject(subject []Subject) interface{}
SerializeSubject converts subject(s) JSON object or array If the subject is nil no error will be returned.
Types ¶
type BBSProofCreator ¶ added in v1.1.0
type BBSProofCreator struct {
ProofDerivation bbsProofDerivation
VerificationMethodResolver verificationMethodResolver
}
BBSProofCreator used to create bbs proof during selective disclosure.
type CombinedProofChecker ¶ added in v1.1.0
type CombinedProofChecker interface {
CheckLDProof(proof *proof.Proof, expectedProofIssuer string, msg, signature []byte) error
// GetLDPCanonicalDocument will return normalized/canonical version of the document
GetLDPCanonicalDocument(proof *proof.Proof, doc map[string]interface{}, opts ...processor.Opts) ([]byte, error)
// GetLDPDigest returns document digest
GetLDPDigest(proof *proof.Proof, doc []byte) ([]byte, error)
CheckJWTProof(headers jose.Headers, expectedProofIssuer string, msg, signature []byte) error
}
CombinedProofChecker universal proof checker for both LD and JWT proofs.
type CreatePresentationOpt ¶
type CreatePresentationOpt func(p *Presentation) error
CreatePresentationOpt are options for creating a new presentation.
func WithCredentials ¶
func WithCredentials(cs ...*Credential) CreatePresentationOpt
WithCredentials sets the provided credentials into the presentation.
type Credential ¶
type Credential struct {
//TODO: make this private. Currently used in tests to create invalid jwt vc's.
JWTEnvelope *JWTEnvelope
// contains filtered or unexported fields
}
Credential Verifiable Credential definition.
Example (Embedding) ¶
vc := &UniversityDegreeCredential{
Credential: createExampleCred(verifiable.CredentialContents{
Context: []string{
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1",
},
ID: "http://example.edu/credentials/1872",
Types: []string{
"VerifiableCredential",
"UniversityDegreeCredential",
},
Subject: serializeSingleSubject(UniversityDegreeSubject{
ID: "did:example:ebfeb1f712ebc6f1c276e12ec21",
Name: "Jayden Doe",
Spouse: "did:example:c276e12ec21ebfeb1f712ebc6f1",
Degree: UniversityDegree{
Type: "BachelorDegree",
University: "MIT",
},
}),
Issuer: &verifiable.Issuer{
ID: "did:example:76e12ec712ebc6f1c221ebfeb1f",
CustomFields: verifiable.CustomFields{"name": "Example University"},
},
Issued: utiltime.NewTime(issued),
Expired: utiltime.NewTime(expired),
Schemas: []verifiable.TypedID{},
}),
ReferenceNumber: 83294847,
}
// Marshal to JSON to verify the result of decoding.
vcBytes, err := json.Marshal(vc)
if err != nil {
panic("failed to marshal VC to JSON")
}
fmt.Println(string(vcBytes))
// Marshal to JWS.
jwtClaims, err := vc.JWTClaims(true)
if err != nil {
panic(fmt.Errorf("failed to marshal JWT claims of VC: %w", err))
}
signer, verifier := testsupport.NewEd25519Pair(issuerPubKey, issuerPrivKey,
"did:example:76e12ec712ebc6f1c221ebfeb1f#key1")
jws, err := jwtClaims.MarshalJWSString(verifiable.EdDSA, signer,
"did:example:76e12ec712ebc6f1c221ebfeb1f#key1")
if err != nil {
panic(fmt.Errorf("failed to sign VC inside JWT: %w", err))
}
fmt.Println(jws)
// Parse JWS and make sure it's coincide with JSON.
vcParsed, err := verifiable.ParseCredential(
[]byte(jws),
verifiable.WithProofChecker(verifier),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to encode VC from JWS: %w", err))
}
// When a Credential was parsed from JWS, it Marshals into a JSON string containing the original JWS.
vcBytesFromJWS, err := vcParsed.MarshalJSON()
if err != nil {
panic(fmt.Errorf("failed to marshal VC: %w", err))
}
// todo missing referenceNumber here (https://github.com/hyperledger/aries-framework-go/issues/847)
fmt.Println(string(vcBytesFromJWS))
// To marshal the Credential into JSON-LD form, clear the JWT field.
vcBytesFromJWS, err = vcParsed.MarshalAsJSONLD()
if err != nil {
panic(fmt.Errorf("failed to marshal VC: %w", err))
}
fmt.Println(string(vcBytesFromJWS))
Output: {"@context":["https://www.w3.org/2018/credentials/v1","https://www.w3.org/2018/credentials/examples/v1"],"credentialSubject":{"degree":{"type":"BachelorDegree","university":"MIT"},"id":"did:example:ebfeb1f712ebc6f1c276e12ec21","name":"Jayden Doe","spouse":"did:example:c276e12ec21ebfeb1f712ebc6f1"},"expirationDate":"2020-01-01T19:23:24Z","id":"http://example.edu/credentials/1872","issuanceDate":"2010-01-01T19:23:24Z","issuer":{"id":"did:example:76e12ec712ebc6f1c221ebfeb1f","name":"Example University"},"referenceNumber":83294847,"type":["VerifiableCredential","UniversityDegreeCredential"]} eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOjc2ZTEyZWM3MTJlYmM2ZjFjMjIxZWJmZWIxZiNrZXkxIn0.eyJleHAiOjE1Nzc5MDY2MDQsImlhdCI6MTI2MjM3MzgwNCwiaXNzIjoiZGlkOmV4YW1wbGU6NzZlMTJlYzcxMmViYzZmMWMyMjFlYmZlYjFmIiwianRpIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzE4NzIiLCJuYmYiOjEyNjIzNzM4MDQsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwiY3JlZGVudGlhbFN1YmplY3QiOnsiZGVncmVlIjp7InR5cGUiOiJCYWNoZWxvckRlZ3JlZSIsInVuaXZlcnNpdHkiOiJNSVQifSwiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJuYW1lIjoiSmF5ZGVuIERvZSIsInNwb3VzZSI6ImRpZDpleGFtcGxlOmMyNzZlMTJlYzIxZWJmZWIxZjcxMmViYzZmMSJ9LCJpc3N1ZXIiOnsibmFtZSI6IkV4YW1wbGUgVW5pdmVyc2l0eSJ9LCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXX19.Knvt4xuUkjixsZXhF6U0QEWZhqSb81gp07hb3Vr40C7hKRtsmv0GU4CXYxrO4MRC5CisJF9hFIbgiwTSOde2CQ "eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOjc2ZTEyZWM3MTJlYmM2ZjFjMjIxZWJmZWIxZiNrZXkxIn0.eyJleHAiOjE1Nzc5MDY2MDQsImlhdCI6MTI2MjM3MzgwNCwiaXNzIjoiZGlkOmV4YW1wbGU6NzZlMTJlYzcxMmViYzZmMWMyMjFlYmZlYjFmIiwianRpIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzE4NzIiLCJuYmYiOjEyNjIzNzM4MDQsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwiY3JlZGVudGlhbFN1YmplY3QiOnsiZGVncmVlIjp7InR5cGUiOiJCYWNoZWxvckRlZ3JlZSIsInVuaXZlcnNpdHkiOiJNSVQifSwiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJuYW1lIjoiSmF5ZGVuIERvZSIsInNwb3VzZSI6ImRpZDpleGFtcGxlOmMyNzZlMTJlYzIxZWJmZWIxZjcxMmViYzZmMSJ9LCJpc3N1ZXIiOnsibmFtZSI6IkV4YW1wbGUgVW5pdmVyc2l0eSJ9LCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXX19.Knvt4xuUkjixsZXhF6U0QEWZhqSb81gp07hb3Vr40C7hKRtsmv0GU4CXYxrO4MRC5CisJF9hFIbgiwTSOde2CQ" {"@context":["https://www.w3.org/2018/credentials/v1","https://www.w3.org/2018/credentials/examples/v1"],"credentialSubject":{"degree":{"type":"BachelorDegree","university":"MIT"},"id":"did:example:ebfeb1f712ebc6f1c276e12ec21","name":"Jayden Doe","spouse":"did:example:c276e12ec21ebfeb1f712ebc6f1"},"expirationDate":"2020-01-01T19:23:24Z","id":"http://example.edu/credentials/1872","issuanceDate":"2010-01-01T19:23:24Z","issuer":{"id":"did:example:76e12ec712ebc6f1c221ebfeb1f","name":"Example University"},"type":["VerifiableCredential","UniversityDegreeCredential"]}
Example (ExtraFields) ¶
vc := createExampleCredCF(verifiable.CredentialContents{
Context: []string{
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1",
},
ID: "http://example.edu/credentials/1872",
Types: []string{
"VerifiableCredential",
"UniversityDegreeCredential",
},
Subject: serializeSingleSubject(UniversityDegreeSubject{
ID: "did:example:ebfeb1f712ebc6f1c276e12ec21",
Name: "Jayden Doe",
Spouse: "did:example:c276e12ec21ebfeb1f712ebc6f1",
Degree: UniversityDegree{
Type: "BachelorDegree",
University: "MIT",
},
}),
Issuer: &verifiable.Issuer{
ID: "did:example:76e12ec712ebc6f1c221ebfeb1f",
CustomFields: verifiable.CustomFields{"name": "Example University"},
},
Issued: utiltime.NewTime(issued),
Expired: utiltime.NewTime(expired),
Schemas: []verifiable.TypedID{},
}, map[string]interface{}{
"referenceNumber": 83294847,
})
// Marshal to JSON.
vcBytes, err := json.Marshal(vc)
if err != nil {
panic("failed to marshal VC to JSON")
}
fmt.Println(string(vcBytes))
// Marshal to JWS.
jwtClaims, err := vc.JWTClaims(true)
if err != nil {
panic(fmt.Errorf("failed to marshal JWT claims of VC: %w", err))
}
signer, verifier := testsupport.NewEd25519Pair(issuerPubKey, issuerPrivKey, "did:example:76e12ec712ebc6f1c221ebfeb1f#key1")
jws, err := jwtClaims.MarshalJWSString(verifiable.EdDSA, signer, "did:example:76e12ec712ebc6f1c221ebfeb1f#key1")
if err != nil {
panic(fmt.Errorf("failed to sign VC inside JWT: %w", err))
}
fmt.Println(jws)
// Parse JWS and make sure it's coincide with JSON.
vcParsed, err := verifiable.ParseCredential(
[]byte(jws),
verifiable.WithProofChecker(verifier),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to encode VC from JWS: %w", err))
}
vcBytesFromJWS, err := vcParsed.MarshalAsJSONLD()
if err != nil {
panic(fmt.Errorf("failed to marshal VC: %w", err))
}
fmt.Println(string(vcBytesFromJWS))
Output: {"@context":["https://www.w3.org/2018/credentials/v1","https://www.w3.org/2018/credentials/examples/v1"],"credentialSubject":{"degree":{"type":"BachelorDegree","university":"MIT"},"id":"did:example:ebfeb1f712ebc6f1c276e12ec21","name":"Jayden Doe","spouse":"did:example:c276e12ec21ebfeb1f712ebc6f1"},"expirationDate":"2020-01-01T19:23:24Z","id":"http://example.edu/credentials/1872","issuanceDate":"2010-01-01T19:23:24Z","issuer":{"id":"did:example:76e12ec712ebc6f1c221ebfeb1f","name":"Example University"},"referenceNumber":83294847,"type":["VerifiableCredential","UniversityDegreeCredential"]} eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOjc2ZTEyZWM3MTJlYmM2ZjFjMjIxZWJmZWIxZiNrZXkxIn0.eyJleHAiOjE1Nzc5MDY2MDQsImlhdCI6MTI2MjM3MzgwNCwiaXNzIjoiZGlkOmV4YW1wbGU6NzZlMTJlYzcxMmViYzZmMWMyMjFlYmZlYjFmIiwianRpIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzE4NzIiLCJuYmYiOjEyNjIzNzM4MDQsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwiY3JlZGVudGlhbFN1YmplY3QiOnsiZGVncmVlIjp7InR5cGUiOiJCYWNoZWxvckRlZ3JlZSIsInVuaXZlcnNpdHkiOiJNSVQifSwiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJuYW1lIjoiSmF5ZGVuIERvZSIsInNwb3VzZSI6ImRpZDpleGFtcGxlOmMyNzZlMTJlYzIxZWJmZWIxZjcxMmViYzZmMSJ9LCJpc3N1ZXIiOnsibmFtZSI6IkV4YW1wbGUgVW5pdmVyc2l0eSJ9LCJyZWZlcmVuY2VOdW1iZXIiOjgzMjk0ODQ3LCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXX19.EQ2uTjoSZqnudRLWUkymQPYSw7A9Rs2mk3ckw4TDm7EUyVU-1YA3cozniIjlGvFPJhNQ5oLvMlG4OmBS4VtoBg {"@context":["https://www.w3.org/2018/credentials/v1","https://www.w3.org/2018/credentials/examples/v1"],"credentialSubject":{"degree":{"type":"BachelorDegree","university":"MIT"},"id":"did:example:ebfeb1f712ebc6f1c276e12ec21","name":"Jayden Doe","spouse":"did:example:c276e12ec21ebfeb1f712ebc6f1"},"expirationDate":"2020-01-01T19:23:24Z","id":"http://example.edu/credentials/1872","issuanceDate":"2010-01-01T19:23:24Z","issuer":{"id":"did:example:76e12ec712ebc6f1c221ebfeb1f","name":"Example University"},"referenceNumber":83294847,"type":["VerifiableCredential","UniversityDegreeCredential"]}
func CreateCredential ¶ added in v1.1.0
func CreateCredential(vcc CredentialContents, customFields CustomFields) (*Credential, error)
CreateCredential creates vc from CredentialContents.
func CreateCredentialWithProofs ¶ added in v1.1.0
func CreateCredentialWithProofs(vcc CredentialContents, customFields CustomFields, proofs []Proof) (*Credential, error)
CreateCredentialWithProofs creates vc from CredentialContents, with provided proofs.
func ParseCredential ¶
func ParseCredential(vcData []byte, opts ...CredentialOpt) (*Credential, error)
ParseCredential parses Verifiable Credential from bytes which could be marshalled JSON or serialized JWT. It also applies miscellaneous options like settings of schema validation. It returns decoded Credential.
Example ¶
// Issuer is about to issue the university degree credential for the Holder
vcEncoded := createExampleCredCF(verifiable.CredentialContents{
Context: []string{
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1",
},
ID: "http://example.edu/credentials/1872",
Types: []string{
"VerifiableCredential",
"UniversityDegreeCredential",
},
Subject: serializeSingleSubject(UniversityDegreeSubject{
ID: "did:example:ebfeb1f712ebc6f1c276e12ec21",
Name: "Jayden Doe",
Spouse: "did:example:c276e12ec21ebfeb1f712ebc6f1",
Degree: UniversityDegree{
Type: "BachelorDegree",
University: "MIT",
},
}),
Issuer: &verifiable.Issuer{
ID: "did:example:76e12ec712ebc6f1c221ebfeb1f",
CustomFields: verifiable.CustomFields{"name": "Example University"},
},
Issued: utiltime.NewTime(issued),
Expired: utiltime.NewTime(expired),
Schemas: []verifiable.TypedID{},
}, map[string]interface{}{
"referenceNumber": 83294847,
})
// ... in JWS form.
jwtClaims, err := vcEncoded.JWTClaims(true)
if err != nil {
panic(fmt.Errorf("failed to marshal JWT claims of VC: %w", err))
}
signer, verifier := testsupport.NewEd25519Pair(issuerPubKey, issuerPrivKey, "did:example:76e12ec712ebc6f1c221ebfeb1f#key1")
jws, err := jwtClaims.MarshalJWSString(verifiable.EdDSA, signer, "did:example:76e12ec712ebc6f1c221ebfeb1f#key1")
if err != nil {
panic(fmt.Errorf("failed to sign VC inside JWT: %w", err))
}
// The Holder receives JWS and decodes it.
vcParsed, err := verifiable.ParseCredential(
[]byte(jws),
verifiable.WithProofChecker(verifier),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to decode VC JWS: %w", err))
}
// When parsing a verifiable.Credential from JWS, Credential.JWT is set to the raw JWS value.
// This allows the user to save the Credential and verify it later.
// When Credential.JWT is set, the Credential Marshals into a JSON string containing the original JWS.
vcDecodedBytes, err := vcParsed.MarshalJSON()
if err != nil {
panic(fmt.Errorf("failed to marshal VC: %w", err))
}
// The Holder then e.g. can save the credential to her personal verifiable credential wallet.
fmt.Println(string(vcDecodedBytes))
vcDecodedBytes, err = vcParsed.MarshalAsJSONLD()
if err != nil {
panic(fmt.Errorf("failed to marshal VC: %w", err))
}
// The Credential is now in JSON-LD form..
fmt.Println(string(vcDecodedBytes))
Output: "eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOjc2ZTEyZWM3MTJlYmM2ZjFjMjIxZWJmZWIxZiNrZXkxIn0.eyJleHAiOjE1Nzc5MDY2MDQsImlhdCI6MTI2MjM3MzgwNCwiaXNzIjoiZGlkOmV4YW1wbGU6NzZlMTJlYzcxMmViYzZmMWMyMjFlYmZlYjFmIiwianRpIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzE4NzIiLCJuYmYiOjEyNjIzNzM4MDQsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwiY3JlZGVudGlhbFN1YmplY3QiOnsiZGVncmVlIjp7InR5cGUiOiJCYWNoZWxvckRlZ3JlZSIsInVuaXZlcnNpdHkiOiJNSVQifSwiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJuYW1lIjoiSmF5ZGVuIERvZSIsInNwb3VzZSI6ImRpZDpleGFtcGxlOmMyNzZlMTJlYzIxZWJmZWIxZjcxMmViYzZmMSJ9LCJpc3N1ZXIiOnsibmFtZSI6IkV4YW1wbGUgVW5pdmVyc2l0eSJ9LCJyZWZlcmVuY2VOdW1iZXIiOjgzMjk0ODQ3LCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXX19.EQ2uTjoSZqnudRLWUkymQPYSw7A9Rs2mk3ckw4TDm7EUyVU-1YA3cozniIjlGvFPJhNQ5oLvMlG4OmBS4VtoBg" {"@context":["https://www.w3.org/2018/credentials/v1","https://www.w3.org/2018/credentials/examples/v1"],"credentialSubject":{"degree":{"type":"BachelorDegree","university":"MIT"},"id":"did:example:ebfeb1f712ebc6f1c276e12ec21","name":"Jayden Doe","spouse":"did:example:c276e12ec21ebfeb1f712ebc6f1"},"expirationDate":"2020-01-01T19:23:24Z","id":"http://example.edu/credentials/1872","issuanceDate":"2010-01-01T19:23:24Z","issuer":{"id":"did:example:76e12ec712ebc6f1c221ebfeb1f","name":"Example University"},"referenceNumber":83294847,"type":["VerifiableCredential","UniversityDegreeCredential"]}
func ParseCredentialJSON ¶ added in v1.1.0
func ParseCredentialJSON(vcJSON JSONObject, opts ...CredentialOpt) (*Credential, error)
ParseCredentialJSON parses Verifiable Credential from json-ld object.
func (*Credential) AddDataIntegrityProof ¶
func (vc *Credential) AddDataIntegrityProof(context *DataIntegrityProofContext, signer *dataintegrity.Signer) error
AddDataIntegrityProof adds a Data Integrity Proof to the Credential.
func (*Credential) AddLinkedDataProof ¶
func (vc *Credential) AddLinkedDataProof(context *LinkedDataProofContext, jsonldOpts ...processor.Opts) error
AddLinkedDataProof appends proof to the Verifiable Credential.
Example ¶
vc, err := verifiable.ParseCredential([]byte(vcJSON),
verifiable.WithDisabledProofCheck(),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to decode VC JSON: %w", err))
}
signer, _ := testsupport.NewEd25519Pair(issuerPubKey, issuerPrivKey, "did:example:76e12ec712ebc6f1c221ebfeb1f#key1")
err = vc.AddLinkedDataProof(&verifiable.LinkedDataProofContext{
Created: &issued,
SignatureType: "Ed25519Signature2018",
KeyType: kms.ED25519Type,
ProofCreator: signer,
SignatureRepresentation: verifiable.SignatureJWS,
VerificationMethod: "did:example:123456#key1",
}, jsonld.WithDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to add linked data proof: %w", err))
}
vcJSONWithProof, err := json.MarshalIndent(vc, "", "\t")
if err != nil {
panic(fmt.Errorf("failed to marshal VC to JSON: %w", err))
}
fmt.Println(string(vcJSONWithProof))
Output: { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1" ], "credentialSchema": [], "credentialSubject": { "degree": { "type": "BachelorDegree", "university": "MIT" }, "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", "name": "Jayden Doe", "spouse": "did:example:c276e12ec21ebfeb1f712ebc6f1" }, "expirationDate": "2020-01-01T19:23:24Z", "id": "http://example.edu/credentials/1872", "issuanceDate": "2009-01-01T19:23:24Z", "issuer": { "id": "did:example:76e12ec712ebc6f1c221ebfeb1f", "name": "Example University" }, "proof": { "created": "2010-01-01T19:23:24Z", "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..lrkhpRH4tWl6KzQKHlcyAwSm8qUTXIMSKmD3QASF_uI5QW8NWLxLebXmnQpIM8H7umhLA6dINSYVowcaPdpwBw", "proofPurpose": "assertionMethod", "type": "Ed25519Signature2018", "verificationMethod": "did:example:123456#key1" }, "referenceNumber": 83294849, "type": [ "VerifiableCredential", "UniversityDegreeCredential" ] }
func (*Credential) CheckProof ¶ added in v1.1.0
func (vc *Credential) CheckProof(opts ...CredentialOpt) error
CheckProof checks credential proofs.
func (*Credential) Contents ¶ added in v1.1.0
func (vc *Credential) Contents() CredentialContents
Contents returns credential contents as typed structure.
func (*Credential) CreateDisplayCredential ¶
func (vc *Credential) CreateDisplayCredential( opts ...DisplayCredentialOption, ) (*Credential, error)
CreateDisplayCredential creates, for SD-JWT credentials, a Credential whose selective-disclosure subject fields are replaced with the disclosure data.
Options may be provided to filter the disclosures that will be included in the display credential. If a disclosure is not included, the associated claim will not be present in the returned credential.
If the calling Credential is not an SD-JWT credential, this method returns the credential itself.
func (*Credential) CreateDisplayCredentialMap ¶
func (vc *Credential) CreateDisplayCredentialMap( opts ...DisplayCredentialOption, ) (map[string]interface{}, error)
CreateDisplayCredentialMap creates, for SD-JWT credentials, a Credential whose selective-disclosure subject fields are replaced with the disclosure data.
Options may be provided to filter the disclosures that will be included in the display credential. If a disclosure is not included, the associated claim will not be present in the returned credential.
If the calling Credential is not an SD-JWT credential, this method returns the credential itself.
func (*Credential) CreateSignedJWTVC ¶ added in v1.1.0
func (vc *Credential) CreateSignedJWTVC( minimizeVC bool, signatureAlg JWSAlgorithm, proofCreator jwt.ProofCreator, keyID string) (*Credential, error)
CreateSignedJWTVC envelops current vc into signed jwt.
func (*Credential) CreateUnsecuredJWTVC ¶ added in v1.1.0
func (vc *Credential) CreateUnsecuredJWTVC(minimizeVC bool) (*Credential, error)
CreateUnsecuredJWTVC envelops current vc into unsigned jwt.
func (*Credential) CustomField ¶ added in v1.1.0
func (vc *Credential) CustomField(name string) interface{}
CustomField returns custom field by name.
func (*Credential) GenerateBBSSelectiveDisclosure ¶
func (vc *Credential) GenerateBBSSelectiveDisclosure(revealDoc map[string]interface{}, nonce []byte, bbsProofCreator *BBSProofCreator, opts ...CredentialOpt) (*Credential, error)
GenerateBBSSelectiveDisclosure generate BBS+ selective disclosure from one BBS+ signature.
Example ¶
vcStr := `
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/citizenship/v1",
"https://w3id.org/security/bbs/v1"
],
"id": "https://issuer.oidp.uscis.gov/credentials/83627465",
"type": [
"VerifiableCredential",
"PermanentResidentCard"
],
"issuer": "did:example:b34ca6cd37bbf23",
"identifier": "83627465",
"name": "Permanent Resident Card",
"description": "Government of Example Permanent Resident Card.",
"issuanceDate": "2019-12-03T12:19:52Z",
"expirationDate": "2029-12-03T12:19:52Z",
"credentialSubject": {
"id": "did:example:b34ca6cd37bbf23",
"type": [
"PermanentResident",
"Person"
],
"givenName": "JOHN",
"familyName": "SMITH",
"gender": "Male",
"image": "data:image/png;base64,iVBORw0KGgokJggg==",
"residentSince": "2015-01-01",
"lprCategory": "C09",
"lprNumber": "999-999-999",
"commuterClassification": "C1",
"birthCountry": "Bahamas",
"birthDate": "1958-07-17"
}
}
`
vc, err := verifiable.ParseCredential([]byte(vcStr),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()),
verifiable.WithDisabledProofCheck())
if err != nil {
panic(fmt.Errorf("failed to decode VC JSON: %w", err))
}
proofCreator, _ := testsupport.NewEd25519Pair(issuerPubKey, issuerPrivKey, "did:example:123456#key1")
err = vc.AddLinkedDataProof(&verifiable.LinkedDataProofContext{
Created: &issued,
SignatureType: "Ed25519Signature2018",
KeyType: kms.ED25519Type,
ProofCreator: proofCreator,
SignatureRepresentation: verifiable.SignatureJWS,
VerificationMethod: "did:example:123456#key1",
}, jsonld.WithDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(err)
}
pubKey, privKey, err := loadBBSKeyPair(bbsPubKeyB64, bbsPrivKeyB64)
if err != nil {
panic(err)
}
bbsSigner, err := testutil.NewBBSSigner(privKey)
if err != nil {
panic(err)
}
pubKeyBytes, err := pubKey.Marshal()
if err != nil {
panic(err)
}
bbsProofCreator := creator.New(creator.WithLDProofType(bbsblssignature2020.New(), bbsSigner))
err = vc.AddLinkedDataProof(&verifiable.LinkedDataProofContext{
Created: &issued,
SignatureType: "BbsBlsSignature2020",
KeyType: kms.BLS12381G2Type,
ProofCreator: bbsProofCreator,
SignatureRepresentation: verifiable.SignatureProofValue,
VerificationMethod: "did:example:123456#key1",
}, jsonld.WithDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(err)
}
// BBS+ signature is generated each time unique, that's why we substitute it with some constant value
// for a reason of keeping constant test output.
originalProofValue := hideProofValue(vc.Proofs()[1], "dummy signature value")
vcJSONWithProof, err := json.MarshalIndent(vc, "", "\t")
if err != nil {
panic(fmt.Errorf("failed to marshal VC to JSON: %w", err))
}
fmt.Println(string(vcJSONWithProof))
restoreProofValue(vc.Proofs()[1], originalProofValue)
// Create BBS+ selective disclosure. We explicitly state the fields we want to reveal in the output document.
// For example, "credentialSubject.birthDate" is not mentioned and thus will be hidden.
// To hide top-level VC fields, "@explicit": true is used on top level of reveal doc.
// For example, we can reveal "identifier" top-level VC field only. "issuer" and "issuanceDate" are mandatory
// and thus must be defined in reveal doc in case of hiding top-level VC fields.
revealDoc := `
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/citizenship/v1",
"https://w3id.org/security/bbs/v1"
],
"type": ["VerifiableCredential", "PermanentResidentCard"],
"@explicit": true,
"identifier": {},
"issuer": {},
"issuanceDate": {},
"credentialSubject": {
"@explicit": true,
"type": ["PermanentResident", "Person"],
"givenName": {},
"familyName": {},
"gender": {}
}
}
`
var revealDocMap map[string]interface{}
err = json.Unmarshal([]byte(revealDoc), &revealDocMap)
if err != nil {
panic(err)
}
vcWithSelectiveDisclosure, err := vc.GenerateBBSSelectiveDisclosure(revealDocMap, []byte("some nonce"),
&verifiable.BBSProofCreator{
ProofDerivation: bbs12381g2pub.New(),
VerificationMethodResolver: testsupport.NewSingleKeyResolver("did:example:123456#key1", pubKeyBytes, "Bls12381G2Key2020", ""),
},
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(err)
}
// Only BBS+ related proof left.
hideProofValue(vcWithSelectiveDisclosure.Proofs()[0], "dummy signature proof value")
vcJSONWithProof, err = json.MarshalIndent(vcWithSelectiveDisclosure, "", "\t")
if err != nil {
panic(fmt.Errorf("failed to marshal VC to JSON: %w", err))
}
fmt.Println()
fmt.Println(string(vcJSONWithProof))
Output: { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://w3id.org/citizenship/v1", "https://w3id.org/security/bbs/v1" ], "credentialSubject": { "birthCountry": "Bahamas", "birthDate": "1958-07-17", "commuterClassification": "C1", "familyName": "SMITH", "gender": "Male", "givenName": "JOHN", "id": "did:example:b34ca6cd37bbf23", "image": "data:image/png;base64,iVBORw0KGgokJggg==", "lprCategory": "C09", "lprNumber": "999-999-999", "residentSince": "2015-01-01", "type": [ "PermanentResident", "Person" ] }, "description": "Government of Example Permanent Resident Card.", "expirationDate": "2029-12-03T12:19:52Z", "id": "https://issuer.oidp.uscis.gov/credentials/83627465", "identifier": "83627465", "issuanceDate": "2019-12-03T12:19:52Z", "issuer": "did:example:b34ca6cd37bbf23", "name": "Permanent Resident Card", "proof": [ { "created": "2010-01-01T19:23:24Z", "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..HsBapUAZDdaZZy6hrn951768kJaRmNAwTWvVnTDM-Bp5k08eEnnxrii5n47AeWVLDJJo7P0dEPafyC_gMjFPAA", "proofPurpose": "assertionMethod", "type": "Ed25519Signature2018", "verificationMethod": "did:example:123456#key1" }, { "created": "2010-01-01T19:23:24Z", "proofPurpose": "assertionMethod", "proofValue": "ZHVtbXkgc2lnbmF0dXJlIHZhbHVl", "type": "BbsBlsSignature2020", "verificationMethod": "did:example:123456#key1" } ], "type": [ "VerifiableCredential", "PermanentResidentCard" ] } { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://w3id.org/citizenship/v1", "https://w3id.org/security/bbs/v1" ], "credentialSubject": { "familyName": "SMITH", "gender": "Male", "givenName": "JOHN", "id": "did:example:b34ca6cd37bbf23", "type": [ "Person", "PermanentResident" ] }, "id": "https://issuer.oidp.uscis.gov/credentials/83627465", "identifier": "83627465", "issuanceDate": "2019-12-03T12:19:52Z", "issuer": "did:example:b34ca6cd37bbf23", "proof": { "created": "2010-01-01T19:23:24Z", "nonce": "c29tZSBub25jZQ==", "proofPurpose": "assertionMethod", "proofValue": "ZHVtbXkgc2lnbmF0dXJlIHByb29mIHZhbHVl", "type": "BbsBlsSignatureProof2020", "verificationMethod": "did:example:123456#key1" }, "type": [ "PermanentResidentCard", "VerifiableCredential" ] }
func (*Credential) IsJWT ¶ added in v1.1.0
func (vc *Credential) IsJWT() bool
IsJWT returns is vc envelop into jwt.
func (*Credential) JWTClaims ¶
func (vc *Credential) JWTClaims(minimizeVC bool) (*JWTCredClaims, error)
JWTClaims converts Verifiable Credential into JWT Credential claims, which can be than serialized e.g. into JWS. TODO: review JWT and SDJWT implementation. Do not expose claims externally. TODO: JWTClaims not take to account "sub" claim from jwt, should it?
Example ¶
// The Holder wants to send the credential to the Verifier in JWS.
vc, err := verifiable.ParseCredential([]byte(vcJSON),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()), verifiable.WithStrictValidation())
if err != nil {
panic(fmt.Errorf("failed to decode VC JSON: %w", err))
}
jwtClaims, err := vc.JWTClaims(true)
if err != nil {
panic(fmt.Errorf("failed to marshal JWT claims of VC: %w", err))
}
signer, _ := testsupport.NewEd25519Pair(issuerPubKey, issuerPrivKey, "did:example:76e12ec712ebc6f1c221ebfeb1f#key1")
jws, err := jwtClaims.MarshalJWSString(verifiable.EdDSA, signer, "")
if err != nil {
panic(fmt.Errorf("failed to sign VC inside JWT: %w", err))
}
// The Holder passes JWS to Verifier
fmt.Println(jws)
//{"exp":1577906604,"iat":1230837804,"iss":"did:example:76e12ec712ebc6f1c221ebfeb1f","jti":"http://example.edu/credentials/1872","nbf":1230837804,"sub":"did:example:ebfeb1f712ebc6f1c276e12ec21","vc":{"@context":["https://www.w3.org/2018/credentials/v1","https://www.w3.org/2018/credentials/examples/v1"],"credentialSchema":[],"credentialSubject":{"degree":{"type":"BachelorDegree","university":"MIT"},"id":"did:example:ebfeb1f712ebc6f1c276e12ec21","name":"Jayden Doe","spouse":"did:example:c276e12ec21ebfeb1f712ebc6f1"},"issuer":{"name":"Example University"},"referenceNumber":8.3294849e+07,"type":["VerifiableCredential","UniversityDegreeCredential"]}}
//{"exp":1577906604,"iat":1230837804,"iss":"did:example:76e12ec712ebc6f1c221ebfeb1f","jti":"http://example.edu/credentials/1872","nbf":1230837804,"sub":"did:example:ebfeb1f712ebc6f1c276e12ec21","vc":{"@context":["https://www.w3.org/2018/credentials/v1","https://www.w3.org/2018/credentials/examples/v1"],"credentialSubject":{"degree":{"type":"BachelorDegree","university":"MIT"},"id":"did:example:ebfeb1f712ebc6f1c276e12ec21","name":"Jayden Doe","spouse":"did:example:c276e12ec21ebfeb1f712ebc6f1"},"issuer":{"name":"Example University"},"referenceNumber":8.3294849e+07,"type":["VerifiableCredential","UniversityDegreeCredential"]}}
Output:
func (*Credential) JWTHeaders ¶ added in v1.1.0
func (vc *Credential) JWTHeaders() jose.Headers
JWTHeaders returns jwt headers for jwt-vc.
func (*Credential) MakeSDJWT ¶
func (vc *Credential) MakeSDJWT( signer jose.Signer, signingKeyID string, options ...MakeSDJWTOption) (string, error)
MakeSDJWT creates an SD-JWT in combined format for issuance, with all fields in credentialSubject converted recursively into selectively-disclosable SD-JWT claims.
func (*Credential) MarshalAsJSONLD ¶ added in v1.1.0
func (vc *Credential) MarshalAsJSONLD() ([]byte, error)
MarshalAsJSONLD converts Verifiable Credential to JSON bytes ignoring that it is in JWT form.
func (*Credential) MarshalJSON ¶
func (vc *Credential) MarshalJSON() ([]byte, error)
MarshalJSON converts Verifiable Credential to JSON bytes.
func (*Credential) MarshalWithDisclosure ¶
func (vc *Credential) MarshalWithDisclosure(opts ...MarshalDisclosureOption) (string, error)
MarshalWithDisclosure marshals a SD-JWT credential in combined format for presentation, including precisely the disclosures indicated by provided options, and optionally a holder binding if given the requisite option.
func (*Credential) Proofs ¶
func (vc *Credential) Proofs() []Proof
Proofs returns json-ld and data integrity proofs.
func (*Credential) ResetProofs ¶ added in v1.1.0
func (vc *Credential) ResetProofs(newProofs []Proof)
ResetProofs sets new proofs for vc.
func (*Credential) SDJWTDisclosures ¶
func (vc *Credential) SDJWTDisclosures() []*common.DisclosureClaim
SDJWTDisclosures returns sd disclosures for sdjwt.
func (*Credential) SetCustomField ¶ added in v1.1.0
func (vc *Credential) SetCustomField(name string, value interface{})
SetCustomField should be used only in tests. Remove after proper vc test tool created.
func (*Credential) SetSDJWTDisclosures ¶ added in v1.1.0
func (vc *Credential) SetSDJWTDisclosures(disclosures []*common.DisclosureClaim) error
SetSDJWTDisclosures sets sd disclosures for sdjwt.
func (*Credential) ToJWTString ¶ added in v1.1.0
func (vc *Credential) ToJWTString() (string, error)
ToJWTString returns vc as a jwt string. Works only for jwt vc, in other case returns error.
func (*Credential) ToRawJSON ¶ added in v1.1.0
func (vc *Credential) ToRawJSON() JSONObject
ToRawJSON return vc as json object. For json-ld vc this will be original json object. For jwt vc it will be jwt claims json object.
func (*Credential) ToUniversalForm ¶ added in v1.1.0
func (vc *Credential) ToUniversalForm() (interface{}, error)
ToUniversalForm returns vc in its natural form. For jwt-vc it is a jwt string. For json-ld vc it is a json object.
func (*Credential) ValidateCredential ¶ added in v1.1.0
func (vc *Credential) ValidateCredential(opts ...CredentialOpt) error
ValidateCredential validate both ld and jwt credentials. WithCredDisableValidation is ignored.
func (*Credential) WithModifiedContext ¶ added in v1.1.0
func (vc *Credential) WithModifiedContext(context []string) *Credential
WithModifiedContext creates new credential with modified context and without proofs as they become invalid.
func (*Credential) WithModifiedID ¶ added in v1.1.0
func (vc *Credential) WithModifiedID(id string) *Credential
WithModifiedID creates new credential with modified id and without proofs as they become invalid.
func (*Credential) WithModifiedIssuer ¶ added in v1.1.0
func (vc *Credential) WithModifiedIssuer(issuer *Issuer) *Credential
WithModifiedIssuer creates new credential with modified issuer and without proofs as they become invalid.
func (*Credential) WithModifiedStatus ¶ added in v1.1.0
func (vc *Credential) WithModifiedStatus(status *TypedID) *Credential
WithModifiedStatus creates new credential with modified status and without proofs as they become invalid.
func (*Credential) WithModifiedSubject ¶ added in v1.1.0
func (vc *Credential) WithModifiedSubject(subject []Subject) *Credential
WithModifiedSubject creates new credential with modified issuer and without proofs as they become invalid.
type CredentialContents ¶ added in v1.1.0
type CredentialContents struct {
Context []string
CustomContext []interface{}
ID string
Types []string
Subject []Subject
Issuer *Issuer
Issued *util.TimeWrapper
Expired *util.TimeWrapper
Status *TypedID
Schemas []TypedID
Evidence Evidence
TermsOfUse []TypedID
RefreshService []TypedID
SDJWTHashAlg *crypto.Hash
}
CredentialContents store credential contents as typed structure.
type CredentialDecoder ¶
type CredentialDecoder func(dataJSON []byte, vc *Credential) error
CredentialDecoder makes a custom decoding of Verifiable Credential in JSON form to existent instance of Credential.
type CredentialOpt ¶
type CredentialOpt func(opts *credentialOpts)
CredentialOpt is the Verifiable Credential decoding option.
func WithBaseContextExtendedValidation ¶
func WithBaseContextExtendedValidation(customContexts, customTypes []string) CredentialOpt
WithBaseContextExtendedValidation validates that fields that are specified in base context are as specified. Additional fields are allowed.
func WithBaseContextValidation ¶
func WithBaseContextValidation() CredentialOpt
WithBaseContextValidation validates that only the fields and values (when applicable) are present in the document. No extra fields are allowed (outside of credentialSubject).
func WithCredDisableValidation ¶
func WithCredDisableValidation() CredentialOpt
WithCredDisableValidation options for disabling of JSON-LD and json-schema validation.
func WithCredentialSchemaLoader ¶
func WithCredentialSchemaLoader(loader *CredentialSchemaLoader) CredentialOpt
WithCredentialSchemaLoader option is used to define custom credentials schema loader. If not defined, the default one is created with default HTTP client to download the schema and no caching of the schemas.
func WithDataIntegrityVerifier ¶
func WithDataIntegrityVerifier(v *dataintegrity.Verifier) CredentialOpt
WithDataIntegrityVerifier provides the Data Integrity verifier to use when the credential being processed has a Data Integrity proof.
func WithDisabledProofCheck ¶
func WithDisabledProofCheck() CredentialOpt
WithDisabledProofCheck option for disabling of proof check.
func WithExpectedDataIntegrityFields ¶
func WithExpectedDataIntegrityFields(purpose, domain, challenge string) CredentialOpt
WithExpectedDataIntegrityFields validates that a Data Integrity proof has the given purpose, domain, and challenge. Empty purpose means the default, assertionMethod, will be expected. Empty domain and challenge will mean they are not checked.
func WithExternalJSONLDContext ¶
func WithExternalJSONLDContext(context ...string) CredentialOpt
WithExternalJSONLDContext defines external JSON-LD contexts to be used in JSON-LD validation and Linked Data Signatures verification.
func WithJSONLDDocumentLoader ¶
func WithJSONLDDocumentLoader(documentLoader jsonld.DocumentLoader) CredentialOpt
WithJSONLDDocumentLoader defines a JSON-LD document loader.
func WithJSONLDOnlyValidRDF ¶
func WithJSONLDOnlyValidRDF() CredentialOpt
WithJSONLDOnlyValidRDF indicates the need to remove all invalid RDF dataset from normalize document when verifying linked data signatures of verifiable credential.
func WithJSONLDValidation ¶
func WithJSONLDValidation() CredentialOpt
WithJSONLDValidation uses the JSON LD parser for validation.
func WithJWTProofChecker ¶ added in v1.1.0
func WithJWTProofChecker(verifier jwt.ProofChecker) CredentialOpt
WithJWTProofChecker set proofChecker that used for validation of jwt proof.
func WithLDProofChecker ¶ added in v1.1.0
func WithLDProofChecker(verifier lddocument.ProofChecker) CredentialOpt
WithLDProofChecker set proofChecker that used for validation of ldp-vc proof.
func WithNoCustomSchemaCheck ¶
func WithNoCustomSchemaCheck() CredentialOpt
WithNoCustomSchemaCheck option is for disabling of Credential Schemas download if defined in Verifiable Credential. Instead, the Verifiable Credential is checked against default Schema.
func WithProofChecker ¶ added in v1.1.0
func WithProofChecker(verifier CombinedProofChecker) CredentialOpt
WithProofChecker set proofChecker that used for validation of ldp-vc and jwt proof.
func WithSchema ¶
func WithSchema(schema string) CredentialOpt
WithSchema option to set custom schema.
func WithStrictValidation ¶
func WithStrictValidation() CredentialOpt
WithStrictValidation enabled strict validation of VC.
In case of JSON Schema validation, additionalProperties=true is set on the schema.
In case of JSON-LD validation, the comparison of JSON-LD VC document after compaction with original VC one is made. In case of mismatch a validation exception is raised.
type CredentialSchemaLoader ¶
type CredentialSchemaLoader struct {
// contains filtered or unexported fields
}
CredentialSchemaLoader defines expirable cache.
type CredentialSchemaLoaderBuilder ¶
type CredentialSchemaLoaderBuilder struct {
// contains filtered or unexported fields
}
CredentialSchemaLoaderBuilder defines a builder of CredentialSchemaLoader.
func NewCredentialSchemaLoaderBuilder ¶
func NewCredentialSchemaLoaderBuilder() *CredentialSchemaLoaderBuilder
NewCredentialSchemaLoaderBuilder creates a new instance of CredentialSchemaLoaderBuilder.
func (*CredentialSchemaLoaderBuilder) Build ¶
func (b *CredentialSchemaLoaderBuilder) Build() *CredentialSchemaLoader
Build constructed CredentialSchemaLoader. It creates default HTTP client and JSON schema loader if not defined.
func (*CredentialSchemaLoaderBuilder) SetCache ¶
func (b *CredentialSchemaLoaderBuilder) SetCache(cache SchemaCache) *CredentialSchemaLoaderBuilder
SetCache defines SchemaCache.
func (*CredentialSchemaLoaderBuilder) SetJSONLoader ¶
func (b *CredentialSchemaLoaderBuilder) SetJSONLoader(loader gojsonschema.JSONLoader) *CredentialSchemaLoaderBuilder
SetJSONLoader defines gojsonschema.JSONLoader.
func (*CredentialSchemaLoaderBuilder) SetSchemaDownloadClient ¶
func (b *CredentialSchemaLoaderBuilder) SetSchemaDownloadClient(client *http.Client) *CredentialSchemaLoaderBuilder
SetSchemaDownloadClient sets HTTP client to be used to download the schema.
type CredentialTemplate ¶
type CredentialTemplate func() *Credential
CredentialTemplate defines a factory method to create new Credential template.
type CustomFields ¶
type CustomFields map[string]interface{}
CustomFields is a map of extra fields of struct build when unmarshalling JSON which are not mapped to the struct fields.
type DataIntegrityProofContext ¶
type DataIntegrityProofContext struct {
SigningKeyID string // eg did:foo:bar#key-1
ProofPurpose string // assertionMethod
CryptoSuite string // ecdsa-2019
Created *time.Time //
Domain string //
Challenge string //
}
DataIntegrityProofContext holds parameters for creating or validating a Data Integrity Proof.
type DisplayCredentialOption ¶
type DisplayCredentialOption func(opts *displayCredOpts)
DisplayCredentialOption provides an option for Credential.CreateDisplayCredential.
func DisplayAllDisclosures ¶
func DisplayAllDisclosures() DisplayCredentialOption
DisplayAllDisclosures sets that Credential.CreateDisplayCredential will include all disclosures in the generated credential.
func DisplayGivenDisclosures ¶
func DisplayGivenDisclosures(given []string) DisplayCredentialOption
DisplayGivenDisclosures sets that Credential.CreateDisplayCredential will include only the given disclosures in the generated credential.
type ExpirableSchemaCache ¶
type ExpirableSchemaCache struct {
// contains filtered or unexported fields
}
ExpirableSchemaCache is an implementation of SchemaCache based fastcache.Cache with expirable elements.
func NewExpirableSchemaCache ¶
func NewExpirableSchemaCache(size int, expiration time.Duration) *ExpirableSchemaCache
NewExpirableSchemaCache creates new instance of ExpirableSchemaCache.
func (*ExpirableSchemaCache) Get ¶
func (sc *ExpirableSchemaCache) Get(k string) ([]byte, bool)
Get element from the cache. If element is present, it checks if the element is expired. If yes, it clears the element from the cache and indicates that the key is not found.
func (*ExpirableSchemaCache) Put ¶
func (sc *ExpirableSchemaCache) Put(k string, v []byte)
Put element to the cache. It also adds a mark of when the element will expire.
type Issuer ¶
type Issuer struct {
ID string `json:"id,omitempty"`
CustomFields CustomFields `json:"-"`
}
Issuer of the Verifiable Credential.
func IssuerFromJSON ¶ added in v1.1.0
func IssuerFromJSON(issuerObj JSONObject) (*Issuer, error)
IssuerFromJSON creates issuer from raw json object.
type JSONObject ¶ added in v1.1.0
type JSONObject = map[string]interface{}
JSONObject used to store json object.
func IssuerToJSON ¶ added in v1.1.0
func IssuerToJSON(issuer Issuer) JSONObject
IssuerToJSON converts issuer to raw json object.
func SubjectToJSON ¶ added in v1.1.0
func SubjectToJSON(subject Subject) JSONObject
SubjectToJSON converts credential subject to json object.
type JWSAlgorithm ¶
type JWSAlgorithm int
JWSAlgorithm defines JWT signature algorithms of Verifiable Credential.
const ( // RS256 JWT Algorithm. RS256 JWSAlgorithm = iota // PS256 JWT Algorithm. PS256 // EdDSA JWT Algorithm. EdDSA // ECDSASecp256k1 JWT Algorithm. ECDSASecp256k1 // ECDSASecp256r1 JWT Algorithm. ECDSASecp256r1 // ECDSASecp384r1 JWT Algorithm. ECDSASecp384r1 // ECDSASecp521r1 JWT Algorithm. ECDSASecp521r1 )
func KeyTypeToJWSAlgo ¶
func KeyTypeToJWSAlgo(keyType kmsapi.KeyType) (JWSAlgorithm, error)
KeyTypeToJWSAlgo returns the JWSAlgorithm based on keyType.
func (JWSAlgorithm) Name ¶
func (ja JWSAlgorithm) Name() (string, error)
Name return the name of the signature algorithm.
type JWTCredClaims ¶
JWTCredClaims is JWT Claims extension by Verifiable Credential (with custom "vc" claim).
func (*JWTCredClaims) MarshalJWS ¶
func (jcc *JWTCredClaims) MarshalJWS(signatureAlg JWSAlgorithm, signer jwt.ProofCreator, keyID string) (string, jose.Headers, error)
MarshalJWS serializes JWT into signed form (JWS).
func (*JWTCredClaims) MarshalJWSString ¶ added in v1.1.0
func (jcc *JWTCredClaims) MarshalJWSString(signatureAlg JWSAlgorithm, signer jwt.ProofCreator, keyID string) (string, error)
MarshalJWSString serializes JWT into signed form (JWS).
func (*JWTCredClaims) MarshalUnsecuredJWT ¶
func (jcc *JWTCredClaims) MarshalUnsecuredJWT() (string, error)
MarshalUnsecuredJWT serialized JWT into unsecured JWT.
func (*JWTCredClaims) ToSDJWTV5CredentialPayload ¶
func (jcc *JWTCredClaims) ToSDJWTV5CredentialPayload() ([]byte, error)
ToSDJWTV5CredentialPayload defines custom marshalling of JWTCredClaims. Key difference with default marshaller is that returned object does not contain custom "vc" root claim. Example:
https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-example-4b-w3c-verifiable-c.
func (*JWTCredClaims) UnmarshalJSON ¶
func (jcc *JWTCredClaims) UnmarshalJSON(data []byte) error
UnmarshalJSON defines custom unmarshalling of JWTCredClaims from JSON. For SD-JWT case, it supports both v2 and v5 formats.
type JWTCredClaimsUnmarshaller ¶
type JWTCredClaimsUnmarshaller func(vcJWTBytes string) (jose.Headers, *JWTCredClaims, error)
JWTCredClaimsUnmarshaller unmarshals verifiable credential bytes into JWT claims with extra "vc" claim.
type JWTEnvelope ¶ added in v1.1.0
type JWTEnvelope struct {
JWT string
JWTHeaders jose.Headers
SDJWTVersion common.SDJWTVersion
SDJWTDisclosures []*common.DisclosureClaim
SDHolderBinding string
}
JWTEnvelope contains information about JWT that envelops credential.
type JWTPresClaims ¶
JWTPresClaims is JWT Claims extension by Verifiable Presentation (with custom "vp" claim).
func (*JWTPresClaims) MarshalJWS ¶
func (jpc *JWTPresClaims) MarshalJWS(signatureAlg JWSAlgorithm, signer jwt.ProofCreator, keyID string) (string, error)
MarshalJWS serializes JWT presentation claims into signed form (JWS).
func (*JWTPresClaims) MarshalUnsecuredJWT ¶
func (jpc *JWTPresClaims) MarshalUnsecuredJWT() (string, error)
MarshalUnsecuredJWT serializes JWT presentation claims into unsecured JWT.
type JWTPresClaimsUnmarshaller ¶
type JWTPresClaimsUnmarshaller func(vpJWT string) (*JWTPresClaims, error)
JWTPresClaimsUnmarshaller parses JWT of certain type to JWT Claims containing "vp" (Presentation) claim.
type LinkedDataProofContext ¶
type LinkedDataProofContext struct {
// TODO: rename to ProofType
SignatureType string // required
ProofCreator lddocument.ProofCreator // required
KeyType kms.KeyType // required
SignatureRepresentation SignatureRepresentation // required
Created *time.Time // optional
VerificationMethod string // optional
Challenge string // optional
Domain string // optional
Purpose string // optional
// CapabilityChain must be an array. Each element is either a string or an object.
CapabilityChain []interface{}
}
LinkedDataProofContext holds options needed to build a Linked Data Proof.
type MakeSDJWTOption ¶
type MakeSDJWTOption func(opts *MakeSDJWTOpts)
MakeSDJWTOption provides an option for creating an SD-JWT from a VC.
func MakeSDJWTWithAlwaysIncludeObjects ¶
func MakeSDJWTWithAlwaysIncludeObjects(alwaysIncludeObjects []string) MakeSDJWTOption
MakeSDJWTWithAlwaysIncludeObjects is an option for provide object keys that should be a part of selectively disclosable claims.
func MakeSDJWTWithHash ¶
func MakeSDJWTWithHash(hash crypto.Hash) MakeSDJWTOption
MakeSDJWTWithHash sets the hash to use for an SD-JWT VC.
func MakeSDJWTWithNonSelectivelyDisclosableClaims ¶
func MakeSDJWTWithNonSelectivelyDisclosableClaims(nonSDClaims []string) MakeSDJWTOption
MakeSDJWTWithNonSelectivelyDisclosableClaims is an option for provide claim names that should be ignored when creating selectively disclosable claims.
func MakeSDJWTWithRecursiveClaimsObjects ¶
func MakeSDJWTWithRecursiveClaimsObjects(recursiveClaimsObject []string) MakeSDJWTOption
MakeSDJWTWithRecursiveClaimsObjects sets version for SD-JWT VC. SD-JWT v5+ support.
func MakeSDJWTWithVersion ¶
func MakeSDJWTWithVersion(version common.SDJWTVersion) MakeSDJWTOption
MakeSDJWTWithVersion sets version for SD-JWT VC.
type MakeSDJWTOpts ¶
type MakeSDJWTOpts struct {
// contains filtered or unexported fields
}
MakeSDJWTOpts provides SD-JWT options for VC.
func (*MakeSDJWTOpts) GetAlwaysIncludeObject ¶
func (o *MakeSDJWTOpts) GetAlwaysIncludeObject() []string
GetAlwaysIncludeObject returns alwaysIncludeObjects mostly for testing purposes.
func (*MakeSDJWTOpts) GetNonSDClaims ¶
func (o *MakeSDJWTOpts) GetNonSDClaims() []string
GetNonSDClaims returns nonSDClaims mostly for testing purposes.
func (*MakeSDJWTOpts) GetRecursiveClaimsObject ¶
func (o *MakeSDJWTOpts) GetRecursiveClaimsObject() []string
GetRecursiveClaimsObject returns recursiveClaimsObject mostly for testing purposes.
type MarshalDisclosureOption ¶
type MarshalDisclosureOption func(opts *marshalDisclosureOpts)
MarshalDisclosureOption provides an option for Credential.MarshalWithDisclosure.
func DiscloseAll ¶
func DiscloseAll() MarshalDisclosureOption
DiscloseAll sets that all disclosures in the given Credential will be disclosed by Credential.MarshalWithDisclosure.
Will result in an error if this option is provided alongside DiscloseGivenIfAvailable or DiscloseGivenRequired.
func DiscloseGivenIfAvailable ¶
func DiscloseGivenIfAvailable(disclosureNames []string) MarshalDisclosureOption
DiscloseGivenIfAvailable sets that the disclosures with the given claim names will be disclosed by Credential.MarshalWithDisclosure.
If any name provided does not have a matching disclosure, Credential.MarshalWithDisclosure will skip the name.
Will result in an error if this option is provided alongside DiscloseAll.
func DiscloseGivenRequired ¶
func DiscloseGivenRequired(disclosureNames []string) MarshalDisclosureOption
DiscloseGivenRequired sets that the disclosures with the given claim names will be disclosed by Credential.MarshalWithDisclosure.
If any name provided does not have a matching disclosure, Credential.MarshalWithDisclosure will return an error.
Will result in an error if this option is provided alongside DiscloseAll.
func DisclosureHolderBinding ¶
func DisclosureHolderBinding(binding *holder.BindingInfo) MarshalDisclosureOption
DisclosureHolderBinding option configures Credential.MarshalWithDisclosure to include a holder binding.
func DisclosureSigner ¶
func DisclosureSigner(signer jose.Signer, signingKeyID string) MarshalDisclosureOption
DisclosureSigner option provides Credential.MarshalWithDisclosure with a signer that will be used to create an SD-JWT if the given Credential wasn't already parsed from SD-JWT.
func MarshalWithSDJWTVersion ¶
func MarshalWithSDJWTVersion(version common.SDJWTVersion) MarshalDisclosureOption
MarshalWithSDJWTVersion sets version for SD-JWT VC.
type MarshalledCredential ¶
type MarshalledCredential []byte
MarshalledCredential defines marshalled Verifiable Credential enclosed into Presentation. MarshalledCredential can be passed to verifiable.ParseCredential().
type Presentation ¶
type Presentation struct {
Context []string
CustomContext []interface{}
ID string
Type []string
Holder string
Proofs []Proof
JWT string
CustomFields CustomFields
// contains filtered or unexported fields
}
Presentation Verifiable Presentation base data model definition.
Example ¶
// A Holder loads the credential from verifiable credential wallet in order to send to Verifier.
// She embedded the credential into presentation and sends it to the Verifier in JWS form.
vcStrFromWallet := `
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"credentialSubject": {
"degree": {
"type": "BachelorDegree",
"university": "MIT"
},
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"name": "Jayden Doe",
"spouse": "did:example:c276e12ec21ebfeb1f712ebc6f1"
},
"expirationDate": "2020-01-01T19:23:24Z",
"id": "http://example.edu/credentials/1872",
"issuanceDate": "2010-01-01T19:23:24Z",
"issuer": {
"id": "did:example:76e12ec712ebc6f1c221ebfeb1f",
"name": "Example University"
},
"referenceNumber": 83294847,
"type": [
"VerifiableCredential",
"UniversityDegreeCredential"
]
}
`
vc, err := verifiable.ParseCredential([]byte(vcStrFromWallet),
verifiable.WithDisabledProofCheck(),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to decode VC JSON: %w", err))
}
vp, err := verifiable.NewPresentation(verifiable.WithCredentials(vc))
if err != nil {
panic(fmt.Errorf("failed to build VP from VC: %w", err))
}
vp.ID = "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5"
vp.Holder = "did:example:ebfeb1f712ebc6f1c276e12ec21"
aud := []string{"did:example:4a57546973436f6f6c4a4a57573"}
jwtClaims, err := vp.JWTClaims(aud, true)
if err != nil {
panic(fmt.Errorf("failed to create JWT claims of VP: %w", err))
}
signer, _ := testsupport.NewEd25519Pair(holderPubKey, holderPrivKey, "")
jws, err := jwtClaims.MarshalJWS(verifiable.EdDSA, signer, "")
if err != nil {
panic(fmt.Errorf("failed to sign VP inside JWT: %w", err))
}
fmt.Println(jws)
Output: eyJhbGciOiJFZERTQSJ9.eyJhdWQiOiJkaWQ6ZXhhbXBsZTo0YTU3NTQ2OTczNDM2ZjZmNmM0YTRhNTc1NzMiLCJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJqdGkiOiJ1cm46dXVpZDozOTc4MzQ0Zi04NTk2LTRjM2EtYTk3OC04ZmNhYmEzOTAzYzUiLCJ2cCI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjoiVmVyaWZpYWJsZVByZXNlbnRhdGlvbiIsInZlcmlmaWFibGVDcmVkZW50aWFsIjpbeyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImRlZ3JlZSI6eyJ0eXBlIjoiQmFjaGVsb3JEZWdyZWUiLCJ1bml2ZXJzaXR5IjoiTUlUIn0sImlkIjoiZGlkOmV4YW1wbGU6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwibmFtZSI6IkpheWRlbiBEb2UiLCJzcG91c2UiOiJkaWQ6ZXhhbXBsZTpjMjc2ZTEyZWMyMWViZmViMWY3MTJlYmM2ZjEifSwiZXhwaXJhdGlvbkRhdGUiOiIyMDIwLTAxLTAxVDE5OjIzOjI0WiIsImlkIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzE4NzIiLCJpc3N1YW5jZURhdGUiOiIyMDEwLTAxLTAxVDE5OjIzOjI0WiIsImlzc3VlciI6eyJpZCI6ImRpZDpleGFtcGxlOjc2ZTEyZWM3MTJlYmM2ZjFjMjIxZWJmZWIxZiIsIm5hbWUiOiJFeGFtcGxlIFVuaXZlcnNpdHkifSwicmVmZXJlbmNlTnVtYmVyIjo4LjMyOTQ4NDdlKzA3LCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXX1dfX0.SG_LPpCZJ_AHIdkK6kiIn6WOmwUldZbS6Vv1P1GJuQVPpocwDZEnAvoeV-BJF-UW0kooGxqw-ffdf0ZgUubOAA
Example (Two) ¶
// Holder wants to send 2 credentials to Verifier.
// The first VC is created on fly (or just decoded using ParseCredential).
vc := createExampleCredCF(verifiable.CredentialContents{
Context: []string{
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1",
},
ID: "http://example.edu/credentials/1872",
Types: []string{
"VerifiableCredential",
"UniversityDegreeCredential",
},
Subject: serializeSingleSubject(UniversityDegreeSubject{
ID: "did:example:ebfeb1f712ebc6f1c276e12ec21",
Name: "Jayden Doe",
Spouse: "did:example:c276e12ec21ebfeb1f712ebc6f1",
Degree: UniversityDegree{
Type: "BachelorDegree",
University: "MIT",
},
}),
Issuer: &verifiable.Issuer{
ID: "did:example:76e12ec712ebc6f1c221ebfeb1f",
CustomFields: verifiable.CustomFields{"name": "Example University"},
},
Issued: utiltime.NewTime(issued),
Expired: utiltime.NewTime(expired),
Schemas: []verifiable.TypedID{},
}, map[string]interface{}{
"referenceNumber": 83294847,
})
vcStr := `
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"id": "http://example.edu/credentials/58473",
"type": ["VerifiableCredential", "AlumniCredential"],
"issuer": "https://example.edu/issuers/14",
"issuanceDate": "2010-01-01T19:23:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"alumniOf": "Example University"
},
"proof": {
"type": "RsaSignature2018"
}
}
`
// The second VC is provided in JWS form (e.g. kept in the wallet in that form).
vcJWS := "eyJhbGciOiJFZERTQSIsImtpZCI6IiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Nzc5MDY2MDQsImlhdCI6MTI2MjM3MzgwNCwiaXNzIjoiZGlkOmV4YW1wbGU6NzZlMTJlYzcxMmViYzZmMWMyMjFlYmZlYjFmIiwianRpIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzE4NzIiLCJuYmYiOjEyNjIzNzM4MDQsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwiY3JlZGVudGlhbFNjaGVtYSI6W10sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImRlZ3JlZSI6eyJ0eXBlIjoiQmFjaGVsb3JEZWdyZWUiLCJ1bml2ZXJzaXR5IjoiTUlUIn0sImlkIjoiZGlkOmV4YW1wbGU6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwibmFtZSI6IkpheWRlbiBEb2UiLCJzcG91c2UiOiJkaWQ6ZXhhbXBsZTpjMjc2ZTEyZWMyMWViZmViMWY3MTJlYmM2ZjEifSwiaXNzdWVyIjp7Im5hbWUiOiJFeGFtcGxlIFVuaXZlcnNpdHkifSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl19fQ.AHn2A2q5DL1heX3_izq_2yrsBDhoZ6BGGKhoRvhfMnMUuuOnBOdekdTg-dfUMJgipXRql_6WzBUIj4wTFehXCw"
vc2, err := verifiable.ParseCredential([]byte(vcStr),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()),
verifiable.WithDisabledProofCheck())
if err != nil {
panic(fmt.Errorf("failed to decode VC JSON: %w", err))
}
jwtVC, err := verifiable.ParseCredential([]byte(vcJWS),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()),
verifiable.WithDisabledProofCheck())
if err != nil {
panic(fmt.Errorf("failed to decode VC JWT: %w", err))
}
vp, err := verifiable.NewPresentation(verifiable.WithCredentials(vc),
verifiable.WithCredentials(jwtVC), verifiable.WithCredentials(vc2))
if err != nil {
panic(fmt.Errorf("failed to set credentials of VP: %w", err))
}
vp.ID = "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c"
vp.Holder = "did:example:ebfeb1f712ebc6f1c276e12ec21"
vpBytes, err := json.MarshalIndent(vp, "", "\t")
if err != nil {
panic(err)
}
fmt.Print(string(vpBytes))
Output: { "@context": [ "https://www.w3.org/2018/credentials/v1" ], "holder": "did:example:ebfeb1f712ebc6f1c276e12ec21", "id": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c", "type": "VerifiablePresentation", "verifiableCredential": [ { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1" ], "credentialSubject": { "degree": { "type": "BachelorDegree", "university": "MIT" }, "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", "name": "Jayden Doe", "spouse": "did:example:c276e12ec21ebfeb1f712ebc6f1" }, "expirationDate": "2020-01-01T19:23:24Z", "id": "http://example.edu/credentials/1872", "issuanceDate": "2010-01-01T19:23:24Z", "issuer": { "id": "did:example:76e12ec712ebc6f1c221ebfeb1f", "name": "Example University" }, "referenceNumber": 83294847, "type": [ "VerifiableCredential", "UniversityDegreeCredential" ] }, "eyJhbGciOiJFZERTQSIsImtpZCI6IiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Nzc5MDY2MDQsImlhdCI6MTI2MjM3MzgwNCwiaXNzIjoiZGlkOmV4YW1wbGU6NzZlMTJlYzcxMmViYzZmMWMyMjFlYmZlYjFmIiwianRpIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzE4NzIiLCJuYmYiOjEyNjIzNzM4MDQsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwiY3JlZGVudGlhbFNjaGVtYSI6W10sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImRlZ3JlZSI6eyJ0eXBlIjoiQmFjaGVsb3JEZWdyZWUiLCJ1bml2ZXJzaXR5IjoiTUlUIn0sImlkIjoiZGlkOmV4YW1wbGU6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwibmFtZSI6IkpheWRlbiBEb2UiLCJzcG91c2UiOiJkaWQ6ZXhhbXBsZTpjMjc2ZTEyZWMyMWViZmViMWY3MTJlYmM2ZjEifSwiaXNzdWVyIjp7Im5hbWUiOiJFeGFtcGxlIFVuaXZlcnNpdHkifSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl19fQ.AHn2A2q5DL1heX3_izq_2yrsBDhoZ6BGGKhoRvhfMnMUuuOnBOdekdTg-dfUMJgipXRql_6WzBUIj4wTFehXCw", { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1" ], "credentialSubject": { "alumniOf": "Example University", "id": "did:example:ebfeb1f712ebc6f1c276e12ec21" }, "id": "http://example.edu/credentials/58473", "issuanceDate": "2010-01-01T19:23:24Z", "issuer": "https://example.edu/issuers/14", "proof": { "type": "RsaSignature2018" }, "type": [ "VerifiableCredential", "AlumniCredential" ] } ] }
func NewPresentation ¶
func NewPresentation(opts ...CreatePresentationOpt) (*Presentation, error)
NewPresentation creates a new Presentation with default context and type with the provided credentials.
func ParsePresentation ¶
func ParsePresentation(vpData []byte, opts ...PresentationOpt) (*Presentation, error)
ParsePresentation creates an instance of Verifiable Presentation by reading a JSON document from bytes. It also applies miscellaneous options like custom decoders or settings of schema validation.
func (*Presentation) AddCredentials ¶
func (vp *Presentation) AddCredentials(credentials ...*Credential)
AddCredentials adds credentials to presentation.
func (*Presentation) AddDataIntegrityProof ¶
func (vp *Presentation) AddDataIntegrityProof(context *DataIntegrityProofContext, signer *dataintegrity.Signer) error
AddDataIntegrityProof adds a Data Integrity Proof to the Presentation.
func (*Presentation) AddLinkedDataProof ¶
func (vp *Presentation) AddLinkedDataProof(context *LinkedDataProofContext, jsonldOpts ...ldprocessor.Opts) error
AddLinkedDataProof appends proof to the Verifiable Presentation.
Example ¶
// 1. ISSUER issues a VC.
vcToIssue := `
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"credentialSubject": {
"degree": {
"type": "BachelorDegree",
"university": "MIT"
},
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"name": "Jayden Doe",
"spouse": "did:example:c276e12ec21ebfeb1f712ebc6f1"
},
"expirationDate": "2020-01-01T19:23:24Z",
"id": "http://example.edu/credentials/1872",
"issuanceDate": "2010-01-01T19:23:24Z",
"issuer": {
"id": "did:example:76e12ec712ebc6f1c221ebfeb1f",
"name": "Example University"
},
"type": [
"VerifiableCredential",
"UniversityDegreeCredential"
]
}
`
issuedVC, err := verifiable.ParseCredential([]byte(vcToIssue),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()),
verifiable.WithDisabledProofCheck())
if err != nil {
panic(fmt.Errorf("failed to decode VC JSON: %w", err))
}
proofCreators, proofVerifier := testsupport.NewEd25519Pairs([]testsupport.Ed25519SignKey{
{PubKey: issuerPubKey, PrivKey: issuerPrivKey, PublicKeyID: "did:example:123456#key1"},
{PubKey: holderPubKey, PrivKey: holderPrivKey, PublicKeyID: "did:example:987654#key1"},
})
err = issuedVC.AddLinkedDataProof(&verifiable.LinkedDataProofContext{
Created: &issued,
SignatureType: "Ed25519Signature2018",
KeyType: kms.ED25519Type,
ProofCreator: proofCreators[0],
SignatureRepresentation: verifiable.SignatureJWS,
VerificationMethod: "did:example:123456#key1",
}, jsonld.WithDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to add linked data proof: %w", err))
}
issuedVCBytes, err := issuedVC.MarshalJSON()
if err != nil {
panic(fmt.Errorf("failed to marshal VC to JSON: %w", err))
}
// 2. ISSUER creates a VP with the VC enclosed.
vcFromHolderWallet, err := verifiable.ParseCredential(issuedVCBytes,
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()),
verifiable.WithDisabledProofCheck())
if err != nil {
panic(fmt.Errorf("failed to decode VC JSON: %w", err))
}
vpToVerify, err := verifiable.NewPresentation(verifiable.WithCredentials(vcFromHolderWallet))
if err != nil {
panic(fmt.Errorf("failed to build VP from VC: %w", err))
}
vpToVerify.Holder = "did:example:ebfeb1f712ebc6f1c276e12ec22"
vpToVerify.ID = "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c6"
err = vpToVerify.AddLinkedDataProof(&verifiable.LinkedDataProofContext{
Created: &issued,
SignatureType: "Ed25519Signature2018",
KeyType: kms.ED25519Type,
ProofCreator: proofCreators[1],
SignatureRepresentation: verifiable.SignatureJWS,
VerificationMethod: "did:example:987654#key1",
}, jsonld.WithDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to add linked data proof: %w", err))
}
vpJSONWithProof, err := vpToVerify.MarshalJSON()
if err != nil {
panic(fmt.Errorf("failed to marshal VP to JSON: %w", err))
}
vp, err := verifiable.ParsePresentation(vpJSONWithProof,
verifiable.WithPresProofChecker(proofVerifier),
verifiable.WithPresJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to decode VP JWS: %w", err))
}
vpJSON, err := json.MarshalIndent(vp, "", "\t")
if err != nil {
panic(fmt.Errorf("failed to marshal VC to JSON: %w", err))
}
fmt.Println(string(vpJSON))
Output: { "@context": [ "https://www.w3.org/2018/credentials/v1" ], "holder": "did:example:ebfeb1f712ebc6f1c276e12ec22", "id": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c6", "proof": { "created": "2010-01-01T19:23:24Z", "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..8stDRasAcYjkQiqiczyFJdkff8VJIF3Lbaq5BNTaC-PcvJHGo2Xja8GTsHByTOx7QNCwC3bNiboPgfXtmm8aBA", "proofPurpose": "assertionMethod", "type": "Ed25519Signature2018", "verificationMethod": "did:example:987654#key1" }, "type": "VerifiablePresentation", "verifiableCredential": [ { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1" ], "credentialSubject": { "degree": { "type": "BachelorDegree", "university": "MIT" }, "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", "name": "Jayden Doe", "spouse": "did:example:c276e12ec21ebfeb1f712ebc6f1" }, "expirationDate": "2020-01-01T19:23:24Z", "id": "http://example.edu/credentials/1872", "issuanceDate": "2010-01-01T19:23:24Z", "issuer": { "id": "did:example:76e12ec712ebc6f1c221ebfeb1f", "name": "Example University" }, "proof": { "created": "2010-01-01T19:23:24Z", "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..mQCxgQDvAYI-2YYCkHHe-at9eNI_wN03R6CRyjycb3CnfPWezbo6zEGe94W2AdYsBhC_Zzedcn_ZKgccMYFnCQ", "proofPurpose": "assertionMethod", "type": "Ed25519Signature2018", "verificationMethod": "did:example:123456#key1" }, "type": [ "VerifiableCredential", "UniversityDegreeCredential" ] } ] }
func (*Presentation) Credentials ¶
func (vp *Presentation) Credentials() []*Credential
Credentials returns current credentials of presentation.
func (*Presentation) JWTClaims ¶
func (vp *Presentation) JWTClaims(audience []string, minimizeVP bool) (*JWTPresClaims, error)
JWTClaims converts Verifiable Presentation into JWT Presentation claims, which can be than serialized e.g. into JWS.
Example ¶
// The Holder kept the presentation serialized to JSON in her personal verifiable credential wallet.
vpStrFromWallet := `
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"id": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5",
"type": [
"VerifiablePresentation",
"UniversityDegreeCredential"
],
"verifiableCredential": [
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"credentialSubject": {
"degree": {
"type": "BachelorDegree",
"university": "MIT"
},
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"name": "Jayden Doe",
"spouse": "did:example:c276e12ec21ebfeb1f712ebc6f1"
},
"expirationDate": "2020-01-01T19:23:24Z",
"id": "http://example.edu/credentials/1872",
"issuanceDate": "2010-01-01T19:23:24Z",
"issuer": {
"id": "did:example:76e12ec712ebc6f1c221ebfeb1f",
"name": "Example University"
},
"referenceNumber": 83294847,
"type": [
"VerifiableCredential",
"UniversityDegreeCredential"
]
}
],
"holder": "did:example:ebfeb1f712ebc6f1c276e12ec21"
}
`
// The Holder wants to send the presentation to the Verifier in JWS.
vp, err := verifiable.ParsePresentation([]byte(vpStrFromWallet), verifiable.WithPresDisabledProofCheck(),
verifiable.WithPresJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to decode VP JSON: %w", err))
}
aud := []string{"did:example:4a57546973436f6f6c4a4a57573"}
jwtClaims, err := vp.JWTClaims(aud, true)
if err != nil {
panic(fmt.Errorf("failed to create JWT claims of VP: %w", err))
}
signer, _ := testsupport.NewEd25519Pair(holderPubKey, holderPrivKey, "")
jws, err := jwtClaims.MarshalJWS(verifiable.EdDSA, signer, "")
if err != nil {
panic(fmt.Errorf("failed to sign VP inside JWT: %w", err))
}
fmt.Println(jws)
Output: eyJhbGciOiJFZERTQSJ9.eyJhdWQiOiJkaWQ6ZXhhbXBsZTo0YTU3NTQ2OTczNDM2ZjZmNmM0YTRhNTc1NzMiLCJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJqdGkiOiJ1cm46dXVpZDozOTc4MzQ0Zi04NTk2LTRjM2EtYTk3OC04ZmNhYmEzOTAzYzUiLCJ2cCI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZVByZXNlbnRhdGlvbiIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbeyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImRlZ3JlZSI6eyJ0eXBlIjoiQmFjaGVsb3JEZWdyZWUiLCJ1bml2ZXJzaXR5IjoiTUlUIn0sImlkIjoiZGlkOmV4YW1wbGU6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwibmFtZSI6IkpheWRlbiBEb2UiLCJzcG91c2UiOiJkaWQ6ZXhhbXBsZTpjMjc2ZTEyZWMyMWViZmViMWY3MTJlYmM2ZjEifSwiZXhwaXJhdGlvbkRhdGUiOiIyMDIwLTAxLTAxVDE5OjIzOjI0WiIsImlkIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzE4NzIiLCJpc3N1YW5jZURhdGUiOiIyMDEwLTAxLTAxVDE5OjIzOjI0WiIsImlzc3VlciI6eyJpZCI6ImRpZDpleGFtcGxlOjc2ZTEyZWM3MTJlYmM2ZjFjMjIxZWJmZWIxZiIsIm5hbWUiOiJFeGFtcGxlIFVuaXZlcnNpdHkifSwicmVmZXJlbmNlTnVtYmVyIjo4LjMyOTQ4NDdlKzA3LCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXX1dfX0.x69vHH5K0ydS1vVkiy2l056fjXsB-6L58AViy405y9e1XLfm70IeiUaG3gSBkePO-WM7S47jxZEJcRSk6397DA
func (*Presentation) MarshalJSON ¶
func (vp *Presentation) MarshalJSON() ([]byte, error)
MarshalJSON converts Verifiable Presentation to JSON bytes.
Example ¶
vc := createExampleCredCF(verifiable.CredentialContents{
Context: []string{
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1",
},
ID: "http://example.edu/credentials/1872",
Types: []string{
"VerifiableCredential",
"UniversityDegreeCredential",
},
Subject: serializeSingleSubject(UniversityDegreeSubject{
ID: "did:example:ebfeb1f712ebc6f1c276e12ec21",
Name: "Jayden Doe",
Spouse: "did:example:c276e12ec21ebfeb1f712ebc6f1",
Degree: UniversityDegree{
Type: "BachelorDegree",
University: "MIT",
},
}),
Issuer: &verifiable.Issuer{
ID: "did:example:76e12ec712ebc6f1c221ebfeb1f",
CustomFields: verifiable.CustomFields{"name": "Example University"},
},
Issued: utiltime.NewTime(issued),
Expired: utiltime.NewTime(expired),
Schemas: []verifiable.TypedID{},
}, map[string]interface{}{
"referenceNumber": 83294847,
})
vp, err := verifiable.NewPresentation(verifiable.WithCredentials(vc))
if err != nil {
panic(fmt.Errorf("failed to set credentials of VP: %w", err))
}
vp.ID = "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c"
vp.Holder = "did:example:ebfeb1f712ebc6f1c276e12ec21"
// json.MarshalIndent() calls Presentation.MarshalJSON()
vpJSON, err := json.MarshalIndent(vp, "", "\t")
if err != nil {
panic(fmt.Errorf("failed to marshal VP to JSON: %w", err))
}
fmt.Println(string(vpJSON))
Output: { "@context": [ "https://www.w3.org/2018/credentials/v1" ], "holder": "did:example:ebfeb1f712ebc6f1c276e12ec21", "id": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c", "type": "VerifiablePresentation", "verifiableCredential": [ { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1" ], "credentialSubject": { "degree": { "type": "BachelorDegree", "university": "MIT" }, "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", "name": "Jayden Doe", "spouse": "did:example:c276e12ec21ebfeb1f712ebc6f1" }, "expirationDate": "2020-01-01T19:23:24Z", "id": "http://example.edu/credentials/1872", "issuanceDate": "2010-01-01T19:23:24Z", "issuer": { "id": "did:example:76e12ec712ebc6f1c221ebfeb1f", "name": "Example University" }, "referenceNumber": 83294847, "type": [ "VerifiableCredential", "UniversityDegreeCredential" ] } ] }
func (*Presentation) MarshalledCredentials ¶
func (vp *Presentation) MarshalledCredentials() ([]MarshalledCredential, error)
MarshalledCredentials provides marshalled credentials enclosed into Presentation in raw byte array format. They can be used to decode Credentials into struct.
Example ¶
vc := createExampleCred(verifiable.CredentialContents{
Context: []string{
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1",
},
ID: "http://example.edu/credentials/1872",
Types: []string{
"VerifiableCredential",
"UniversityDegreeCredential",
},
Subject: serializeSingleSubject(UniversityDegreeSubject{
ID: "did:example:ebfeb1f712ebc6f1c276e12ec21",
Name: "Jayden Doe",
Spouse: "did:example:c276e12ec21ebfeb1f712ebc6f1",
Degree: UniversityDegree{
Type: "BachelorDegree",
University: "MIT",
},
}),
Issuer: &verifiable.Issuer{
ID: "did:example:76e12ec712ebc6f1c221ebfeb1f",
CustomFields: verifiable.CustomFields{"name": "Example University"},
},
Issued: utiltime.NewTime(issued),
Expired: utiltime.NewTime(expired),
Schemas: []verifiable.TypedID{},
})
proofCreators, proofVerifier := testsupport.NewEd25519Pairs([]testsupport.Ed25519SignKey{
{PubKey: issuerPubKey, PrivKey: issuerPrivKey, PublicKeyID: "did:example:76e12ec712ebc6f1c221ebfeb1f#i-kid"},
{PubKey: holderPubKey, PrivKey: holderPrivKey, PublicKeyID: "did:123#h-kid"},
})
// Put JWS form of VC into VP.
jwtVC, err := vc.CreateSignedJWTVC(true, verifiable.EdDSA, proofCreators[0],
"did:example:76e12ec712ebc6f1c221ebfeb1f#i-kid")
if err != nil {
panic(fmt.Errorf("failed to set credentials of VP: %w", err))
}
vp, err := verifiable.NewPresentation(verifiable.WithCredentials(jwtVC))
if err != nil {
panic(fmt.Errorf("failed to set credentials of VP: %w", err))
}
vp.ID = "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c"
vp.Holder = "did:example:ebfeb1f712ebc6f1c276e12ec21"
// Marshal VP to JWS as well.
vpJWTClaims, err := vp.JWTClaims(nil, true)
if err != nil {
panic(fmt.Errorf("failed to create JWT claims of VP: %w", err))
}
vpJWS, err := vpJWTClaims.MarshalJWS(verifiable.EdDSA, proofCreators[1], "did:123#h-kid")
if err != nil {
panic(fmt.Errorf("failed to sign VP inside JWT: %w", err))
}
// Decode VP from JWS.
// Note that VC-s inside will be decoded as well. If they are JWS, their signature is verified
// and thus we need to make sure the public key fetcher can retrieve the public key.
vp, err = verifiable.ParsePresentation(
[]byte(vpJWS), verifiable.WithPresProofChecker(proofVerifier), verifiable.WithPresJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to decode VP JWS: %w", err))
}
// Get credentials in binary form.
vpCreds, err := vp.MarshalledCredentials()
if err != nil {
panic(fmt.Errorf("failed to get marshalled credentials from decoded presentation: %w", err))
}
if len(vpCreds) != 1 {
panic("Expected 1 credential inside presentation")
}
// Decoded credential.
vcDecoded, err := verifiable.ParseCredential(vpCreds[0],
verifiable.WithDisabledProofCheck(),
verifiable.WithJSONLDDocumentLoader(getJSONLDDocumentLoader()))
if err != nil {
panic(fmt.Errorf("failed to decode VC: %w", err))
}
vcDecodedJSON, err := json.MarshalIndent(vcDecoded, "", "\t")
if err != nil {
panic(fmt.Errorf("failed to marshal VP to JSON: %w", err))
}
fmt.Println(string(vcDecodedJSON))
Output: "eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOjc2ZTEyZWM3MTJlYmM2ZjFjMjIxZWJmZWIxZiNpLWtpZCJ9.eyJleHAiOjE1Nzc5MDY2MDQsImlhdCI6MTI2MjM3MzgwNCwiaXNzIjoiZGlkOmV4YW1wbGU6NzZlMTJlYzcxMmViYzZmMWMyMjFlYmZlYjFmIiwianRpIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzE4NzIiLCJuYmYiOjEyNjIzNzM4MDQsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwiY3JlZGVudGlhbFN1YmplY3QiOnsiZGVncmVlIjp7InR5cGUiOiJCYWNoZWxvckRlZ3JlZSIsInVuaXZlcnNpdHkiOiJNSVQifSwiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJuYW1lIjoiSmF5ZGVuIERvZSIsInNwb3VzZSI6ImRpZDpleGFtcGxlOmMyNzZlMTJlYzIxZWJmZWIxZjcxMmViYzZmMSJ9LCJpc3N1ZXIiOnsibmFtZSI6IkV4YW1wbGUgVW5pdmVyc2l0eSJ9LCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXX19.Uwec0QMKqPmmcSOB4aML5V-Ro0mnCCB1kjmh_zSOEkvq862M61XmgBP0vbpanBmKexCjtuzn68kuRiF1IUhHDQ"
type PresentationOpt ¶
type PresentationOpt func(opts *presentationOpts)
PresentationOpt is the Verifiable Presentation decoding option.
func WithDisabledJSONLDChecks ¶
func WithDisabledJSONLDChecks() PresentationOpt
WithDisabledJSONLDChecks disables JSON-LD checks for VP parsing. By default, JSON-LD checks are enabled.
func WithPresDataIntegrityVerifier ¶
func WithPresDataIntegrityVerifier(v *dataintegrity.Verifier) PresentationOpt
WithPresDataIntegrityVerifier provides the Data Integrity verifier to use when the presentation being processed has a Data Integrity proof.
func WithPresDisabledProofCheck ¶
func WithPresDisabledProofCheck() PresentationOpt
WithPresDisabledProofCheck option for disabling of proof check.
func WithPresExpectedDataIntegrityFields ¶
func WithPresExpectedDataIntegrityFields(purpose, domain, challenge string) PresentationOpt
WithPresExpectedDataIntegrityFields validates that a Data Integrity proof has the given purpose, domain, and challenge. Empty purpose means the default, assertionMethod, will be expected. Empty domain and challenge will mean they are not checked.
func WithPresJSONLDDocumentLoader ¶
func WithPresJSONLDDocumentLoader(documentLoader jsonld.DocumentLoader) PresentationOpt
WithPresJSONLDDocumentLoader defines custom JSON-LD document loader. If not defined, when decoding VP a new document loader will be created using CachingJSONLDLoader() if JSON-LD validation is made.
func WithPresProofChecker ¶ added in v1.1.0
func WithPresProofChecker(fetcher CombinedProofChecker) PresentationOpt
WithPresProofChecker indicates that Verifiable Presentation should be decoded from JWS using provided proofChecker.
func WithPresStrictValidation ¶
func WithPresStrictValidation() PresentationOpt
WithPresStrictValidation enabled strict JSON-LD validation of VP. In case of JSON-LD validation, the comparison of JSON-LD VP document after compaction with original VP one is made. In case of mismatch a validation exception is raised.
type Proof ¶
type Proof map[string]interface{}
Proof defines embedded proof of Verifiable Credential.
type SchemaCache ¶
type SchemaCache interface {
// Put element to the cache.
Put(k string, v []byte)
// Get element from the cache, returns false at second return value if element is not present.
Get(k string) ([]byte, bool)
}
SchemaCache defines a cache of credential schemas.
type SchemaOpt ¶
type SchemaOpt func(*schemaOpts)
SchemaOpt is create default schema options.
func WithDisableRequiredField ¶
WithDisableRequiredField disabled check of required field in default schema.
type SignatureRepresentation ¶
type SignatureRepresentation int
SignatureRepresentation is a signature value holder type (e.g. "proofValue" or "jws").
const ( // SignatureProofValue uses "proofValue" field in a Proof to put/read a digital signature. SignatureProofValue SignatureRepresentation = iota // SignatureJWS uses "jws" field in a Proof as an element for representation of detached JSON Web Signatures. SignatureJWS )
type Subject ¶
type Subject struct {
ID string `json:"id,omitempty"`
CustomFields CustomFields `json:"-"`
}
Subject of the Verifiable Credential.
func SubjectFromJSON ¶ added in v1.1.0
func SubjectFromJSON(subjectObj JSONObject) (Subject, error)
SubjectFromJSON creates credential subject form json object.
type TypedID ¶
type TypedID struct {
ID string
Type string
CustomFields
}
TypedID defines a flexible structure with id and name fields and arbitrary extra fields kept in CustomFields.
Source Files
¶
- bbs_selective_disclosure.go
- cache.go
- common.go
- credential.go
- credential_bbs.go
- credential_jws.go
- credential_jwt.go
- credential_jwt_unsecured.go
- credential_ldp.go
- credential_sdjwt.go
- data_integrity_proof.go
- embedded_proof.go
- jsonld.go
- jws.go
- jwt_unsecured.go
- linked_data_proof.go
- presentation.go
- presentation_jws.go
- presentation_jwt.go
- presentation_jwt_unsecured.go
- presentation_ldp.go
Directories
Click to show internal directories.
Click to hide internal directories.