registry

package

v2.7.0 Latest Latest Go to latest Published: May 13, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/capiscio/capiscio-core

Links

Open Source Insights

Documentation ¶

Overview ¶

Package registry implements the Trust Registry interface for key retrieval.

Index ¶

Constants
type AgentStatus
- func (s *AgentStatus) IsActive() bool
type BadgeStatus
type CloudRegistry
- func NewCloudRegistry(url string) *CloudRegistry
type LocalRegistry
- func NewLocalRegistry(path string) *LocalRegistry
type Registry
type Revocation

Constants ¶

View Source

const AgentStatusActive = "active"

AgentStatusActive is the status for an active agent.

View Source

const AgentStatusDisabled = "disabled"

AgentStatusDisabled is the status for a disabled agent.

View Source

const AgentStatusSuspended = "suspended"

AgentStatusSuspended is the status for a suspended agent.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AgentStatus ¶

type AgentStatus struct {
	// ID is the agent identifier.
	ID string `json:"id"`

	// Status is the agent status: "active", "disabled", or "suspended".
	Status string `json:"status"`

	// DisabledAt is the timestamp when the agent was disabled.
	DisabledAt *time.Time `json:"disabledAt,omitempty"`

	// Reason is the reason for disabling (if disabled).
	Reason string `json:"reason,omitempty"`
}

AgentStatus represents the status of an agent.

func (*AgentStatus) IsActive ¶

func (s *AgentStatus) IsActive() bool

IsActive returns true if the agent status is active.

type BadgeStatus ¶

type BadgeStatus struct {
	// JTI is the badge ID.
	JTI string `json:"jti"`

	// Subject is the agent DID (sub claim).
	Subject string `json:"sub,omitempty"`

	// Revoked indicates if the badge has been revoked.
	Revoked bool `json:"revoked"`

	// Reason is the revocation reason (if revoked).
	Reason string `json:"reason,omitempty"`

	// RevokedAt is the timestamp when the badge was revoked.
	RevokedAt *time.Time `json:"revokedAt,omitempty"`

	// ExpiresAt is the badge expiry time.
	ExpiresAt *time.Time `json:"expiresAt,omitempty"`
}

BadgeStatus represents the status of a badge.

type CloudRegistry ¶

type CloudRegistry struct {
	RegistryURL string
	Client      *http.Client
	// contains filtered or unexported fields
}

CloudRegistry implements Registry by fetching keys from a URL.

func NewCloudRegistry ¶

func NewCloudRegistry(url string) *CloudRegistry

NewCloudRegistry creates a new CloudRegistry.

func (*CloudRegistry) GetAgentStatus ¶

func (r *CloudRegistry) GetAgentStatus(ctx context.Context, issuerURL string, agentID string) (*AgentStatus, error)

GetAgentStatus retrieves the status of an agent from the registry. Endpoint: GET {issuerURL}/v1/agents/{agentID}/status

func (*CloudRegistry) GetBadgeStatus ¶

func (r *CloudRegistry) GetBadgeStatus(ctx context.Context, issuerURL string, jti string) (*BadgeStatus, error)

GetBadgeStatus retrieves the status of a badge from the registry. Endpoint: GET {issuerURL}/v1/badges/{jti}/status

func (*CloudRegistry) GetPublicKey ¶

func (r *CloudRegistry) GetPublicKey(ctx context.Context, issuer string) (crypto.PublicKey, error)

GetPublicKey fetches the CA public key from the registry's JWKS endpoint. It resolves the JWKS URL from the issuer or falls back to RegistryURL.

func (*CloudRegistry) IsRevoked ¶

func (r *CloudRegistry) IsRevoked(_ context.Context, _ string) (bool, error)

IsRevoked checks revocation (not implemented for MVP). Deprecated: Use GetBadgeStatus instead.

func (*CloudRegistry) SyncRevocations ¶

func (r *CloudRegistry) SyncRevocations(ctx context.Context, issuerURL string, since time.Time) ([]Revocation, error)

SyncRevocations fetches revocations from the registry since the given time. Endpoint: GET {issuerURL}/v1/revocations?since={ISO8601}

type LocalRegistry ¶

type LocalRegistry struct {
	KeyPath string
	// contains filtered or unexported fields
}

LocalRegistry implements Registry using a local file.

func NewLocalRegistry ¶

func NewLocalRegistry(path string) *LocalRegistry

NewLocalRegistry creates a new LocalRegistry.

func (*LocalRegistry) GetAgentStatus ¶

func (r *LocalRegistry) GetAgentStatus(_ context.Context, _ string, _ string) (*AgentStatus, error)

GetAgentStatus is not supported for local registry. Returns an error indicating online verification is not available.

func (*LocalRegistry) GetBadgeStatus ¶

func (r *LocalRegistry) GetBadgeStatus(_ context.Context, _ string, _ string) (*BadgeStatus, error)

GetBadgeStatus is not supported for local registry. Returns an error indicating online verification is not available.

func (*LocalRegistry) GetPublicKey ¶

func (r *LocalRegistry) GetPublicKey(_ context.Context, _ string) (crypto.PublicKey, error)

GetPublicKey reads the key from the local file. It ignores the issuer argument for the MVP (trusts the local key for all).

func (*LocalRegistry) IsRevoked ¶

func (r *LocalRegistry) IsRevoked(_ context.Context, _ string) (bool, error)

IsRevoked checks if the ID is in the local blocklist (not implemented yet). Deprecated: Use GetBadgeStatus instead.

func (*LocalRegistry) SyncRevocations ¶

func (r *LocalRegistry) SyncRevocations(_ context.Context, _ string, _ time.Time) ([]Revocation, error)

SyncRevocations is not supported for local registry. Returns an error indicating online sync is not available.

type Registry ¶

type Registry interface {
	// GetPublicKey fetches the public key for a given Issuer DID/URI.
	// Returns the public key and any error encountered.
	GetPublicKey(ctx context.Context, issuerDID string) (crypto.PublicKey, error)

	// IsRevoked checks if a specific Badge ID (jti) has been revoked.
	// Deprecated: Use GetBadgeStatus for richer information.
	IsRevoked(ctx context.Context, badgeID string) (bool, error)

	// GetBadgeStatus retrieves the status of a badge by jti.
	// Returns BadgeStatus or error if the badge is not found.
	GetBadgeStatus(ctx context.Context, issuerURL string, jti string) (*BadgeStatus, error)

	// GetAgentStatus retrieves the status of an agent by ID.
	// Returns AgentStatus or error if the agent is not found.
	GetAgentStatus(ctx context.Context, issuerURL string, agentID string) (*AgentStatus, error)

	// SyncRevocations fetches revocations since the given timestamp.
	// Used for bulk sync of revocation lists for offline verification.
	SyncRevocations(ctx context.Context, issuerURL string, since time.Time) ([]Revocation, error)
}

Registry defines the interface for the CapiscIO Trust Registry. It is responsible for resolving trusted public keys for Issuers, checking revocation status, and agent status. See RFC-002: Trust Badge Specification.

type Revocation ¶

type Revocation struct {
	// JTI is the revoked badge ID.
	JTI string `json:"jti"`

	// RevokedAt is when the badge was revoked.
	RevokedAt time.Time `json:"revokedAt"`

	// Reason is the optional revocation reason.
	Reason string `json:"reason,omitempty"`
}

Revocation represents a single badge revocation entry.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL