Documentation ¶
Index ¶
- Constants
- Variables
- func InitVerifier(verifierConfig *configModel.Verifier, repoConfig *configModel.ConfigRepo, ...) (err error)
- type Cache
- type Clock
- type CredentialSubject
- type CredentialVerifier
- func (v *CredentialVerifier) AuthenticationResponse(state string, verifiableCredentials []map[string]interface{}, holder string) (sameDevice SameDeviceResponse, err error)
- func (v *CredentialVerifier) GetJWKS() jwk.Set
- func (v *CredentialVerifier) GetToken(grantType string, authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error)
- func (v *CredentialVerifier) ReturnLoginQR(host string, protocol string, callback string, sessionId string, ...) (qr string, err error)
- func (v *CredentialVerifier) StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, ...) (authenticationRequest string, err error)
- func (v *CredentialVerifier) StartSiopFlow(host string, protocol string, callback string, sessionId string, ...) (connectionString string, err error)
- type CredentialsConfig
- type GaiaXRegistryVerificationService
- type MappableVerifiableCredential
- type NonceGenerator
- type PolicyMap
- type SameDeviceResponse
- type ServiceBackedCredentialsConfig
- func (cc ServiceBackedCredentialsConfig) GetScope(serviceIdentifier string) (credentialTypes []string, err error)
- func (cc ServiceBackedCredentialsConfig) GetTrustedIssuersLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
- func (cc ServiceBackedCredentialsConfig) GetTrustedParticipantLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
- type SsiKitExternalVerificationService
- type TokenSigner
- type TrustRegistriesVerificationContext
- type TrustedIssuerVerificationService
- type TrustedParticipantVerificationService
- type VerifiableCredential
- type VerificationContext
- type VerificationService
- type Verifier
Constants ¶
const CACHE_EXPIRY = 60
const CACHE_KEY_TEMPLATE = "%s-%s"
Variables ¶
var ErrorCannotConverContext = errors.New("cannot_convert_context")
var ErrorInvalidVC = errors.New("invalid_vc")
var ErrorNoDID = errors.New("no_did_configured")
var ErrorNoSuchCode = errors.New("no_such_code")
var ErrorNoSuchSession = errors.New("no_such_session")
var ErrorNoTIR = errors.New("no_tir_configured")
var ErrorRedirectUriMismatch = errors.New("redirect_uri_does_not_match")
var ErrorVerficationContextSetup = errors.New("no_valid_verification_context")
var ErrorWrongGrantType = errors.New("wrong_grant_type")
Functions ¶
func InitVerifier ¶
func InitVerifier(verifierConfig *configModel.Verifier, repoConfig *configModel.ConfigRepo, ssiKitClient ssikit.SSIKit) (err error)
* * Initialize the verifier and all its components from the configuration *
Types ¶
type CredentialSubject ¶
type CredentialSubject struct { Id string `mapstructure:"id"` SubjectType string `mapstructure:"type"` Claims map[string]interface{} `mapstructure:",remain"` }
Subset of the structure of a CredentialSubject inside a Verifiable Credential
type CredentialVerifier ¶
type CredentialVerifier struct {
// contains filtered or unexported fields
}
implementation of the verifier, using waltId ssikit and gaia-x compliance issuers registry as a validation backends.
func (*CredentialVerifier) AuthenticationResponse ¶
func (v *CredentialVerifier) AuthenticationResponse(state string, verifiableCredentials []map[string]interface{}, holder string) (sameDevice SameDeviceResponse, err error)
* * Receive credentials and verify them in the context of an already present login-session. Will return either an error if failed, a sameDevice response to be used for * redirection or notify the original initiator(in case of a cross-device flow) *
func (*CredentialVerifier) GetJWKS ¶
func (v *CredentialVerifier) GetJWKS() jwk.Set
* * Return the JWKS used by the verifier to allow jwt verification *
func (*CredentialVerifier) GetToken ¶
func (v *CredentialVerifier) GetToken(grantType string, authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error)
* * Returns an already generated jwt from the cache to properly authorized requests. Every token will only be returend once. *
func (*CredentialVerifier) ReturnLoginQR ¶
func (v *CredentialVerifier) ReturnLoginQR(host string, protocol string, callback string, sessionId string, clientId string) (qr string, err error)
* * Initializes the cross-device login flow and returns all neccessary information as a qr-code *
func (*CredentialVerifier) StartSameDeviceFlow ¶
func (v *CredentialVerifier) StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, clientId string) (authenticationRequest string, err error)
* * Starts a same-device siop-flow and returns the required redirection information *
func (*CredentialVerifier) StartSiopFlow ¶
func (v *CredentialVerifier) StartSiopFlow(host string, protocol string, callback string, sessionId string, clientId string) (connectionString string, err error)
* * Starts a siop-flow and returns the required connection information *
type CredentialsConfig ¶
type CredentialsConfig interface { // should return the list of credentialtypes to be requested via the scope parameter GetScope(serviceIdentifier string) (credentialTypes []string, err error) // get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check its issued by a trusted participant. GetTrustedParticipantLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error) // get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check that credentials are issued by trusted issuers // and that the issuer has permission to issue such claims. GetTrustedIssuersLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error) }
* * Provides information about credentialTypes associated with services and there trust anchors.
func InitServiceBackedCredentialsConfig ¶
func InitServiceBackedCredentialsConfig(repoConfig *config.ConfigRepo) (credentialsConfig CredentialsConfig, err error)
type GaiaXRegistryVerificationService ¶
type GaiaXRegistryVerificationService struct {
// contains filtered or unexported fields
}
func InitGaiaXRegistryVerificationService ¶
func InitGaiaXRegistryVerificationService(verifierConfig *configModel.Verifier) GaiaXRegistryVerificationService
func (*GaiaXRegistryVerificationService) VerifyVC ¶
func (v *GaiaXRegistryVerificationService) VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error)
type MappableVerifiableCredential ¶
type MappableVerifiableCredential struct { Id string `mapstructure:"id"` Types []string `mapstructure:"type"` Issuer string `mapstructure:"issuer"` CredentialSubject CredentialSubject `mapstructure:"credentialSubject"` }
TODO Issue fix to mapstructure to enable combination of "DecoderConfig.ErrorUnset" and an unmapped/untagged field
type NonceGenerator ¶
type NonceGenerator interface {
GenerateNonce() string
}
type SameDeviceResponse ¶
type SameDeviceResponse struct { // the redirect target to be informed RedirectTarget string // code of the siop flow Code string // session id provided by the client SessionId string }
Response structure for successful same-device authentications
type ServiceBackedCredentialsConfig ¶
type ServiceBackedCredentialsConfig struct {
// contains filtered or unexported fields
}
func (ServiceBackedCredentialsConfig) GetScope ¶
func (cc ServiceBackedCredentialsConfig) GetScope(serviceIdentifier string) (credentialTypes []string, err error)
func (ServiceBackedCredentialsConfig) GetTrustedIssuersLists ¶
func (cc ServiceBackedCredentialsConfig) GetTrustedIssuersLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
func (ServiceBackedCredentialsConfig) GetTrustedParticipantLists ¶
func (cc ServiceBackedCredentialsConfig) GetTrustedParticipantLists(serviceIdentifier string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
type SsiKitExternalVerificationService ¶
type SsiKitExternalVerificationService struct {
// contains filtered or unexported fields
}
* * The SsiKit verifier should concentrate on general verification at the credential level(e.g. check signature, expiry etc.). Even thought a TIR policy could * be configured, its recommended to use the TrustedIssuersRegistryVerifer or TrustedIssuersListVerifier for that purpose.
func InitSsiKitExternalVerificationService ¶
func InitSsiKitExternalVerificationService(verifierConfig *configModel.Verifier, ssiKitClient ssikit.SSIKit) (verifier SsiKitExternalVerificationService, err error)
func (*SsiKitExternalVerificationService) VerifyVC ¶
func (v *SsiKitExternalVerificationService) VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error)
type TokenSigner ¶
type TokenSigner interface {
Sign(t jwt.Token, alg jwa.SignatureAlgorithm, key interface{}, options ...jwt.SignOption) ([]byte, error)
}
type TrustRegistriesVerificationContext ¶
type TrustRegistriesVerificationContext struct {
// contains filtered or unexported fields
}
func (TrustRegistriesVerificationContext) GetTrustedIssuersLists ¶
func (trvc TrustRegistriesVerificationContext) GetTrustedIssuersLists() []string
func (TrustRegistriesVerificationContext) GetTrustedParticipantLists ¶
func (trvc TrustRegistriesVerificationContext) GetTrustedParticipantLists() []string
type TrustedIssuerVerificationService ¶
type TrustedIssuerVerificationService struct {
// contains filtered or unexported fields
}
* * The trusted participant verification service will validate the entry of a participant within the trusted list.
func (*TrustedIssuerVerificationService) VerifyVC ¶
func (tpvs *TrustedIssuerVerificationService) VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error)
type TrustedParticipantVerificationService ¶
type TrustedParticipantVerificationService struct {
// contains filtered or unexported fields
}
* * The trusted participant verification service will validate the entry of a participant within the trusted list.
func (*TrustedParticipantVerificationService) VerifyVC ¶
func (tpvs *TrustedParticipantVerificationService) VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error)
type VerifiableCredential ¶
type VerifiableCredential struct { MappableVerifiableCredential // contains filtered or unexported fields }
Subset of the structure of a Verifiable Credential
func MapVerifiableCredential ¶
func MapVerifiableCredential(raw map[string]interface{}) (VerifiableCredential, error)
func (VerifiableCredential) GetCredentialType ¶
func (vc VerifiableCredential) GetCredentialType() string
func (VerifiableCredential) GetIssuer ¶
func (vc VerifiableCredential) GetIssuer() string
func (VerifiableCredential) GetRawData ¶
func (vc VerifiableCredential) GetRawData() map[string]interface{}
type VerificationContext ¶
type VerificationContext interface{}
type VerificationService ¶
type VerificationService interface { // Verifies the given VC. FIXME Currently a positiv result is returned even when no policy was checked VerifyVC(verifiableCredential VerifiableCredential, verificationContext VerificationContext) (result bool, err error) }
type Verifier ¶
type Verifier interface { ReturnLoginQR(host string, protocol string, callback string, sessionId string, clientId string) (qr string, err error) StartSiopFlow(host string, protocol string, callback string, sessionId string, clientId string) (connectionString string, err error) StartSameDeviceFlow(host string, protocol string, sessionId string, redirectPath string, clientId string) (authenticationRequest string, err error) GetToken(grantType string, authorizationCode string, redirectUri string) (jwtString string, expiration int64, err error) GetJWKS() jwk.Set AuthenticationResponse(state string, verifiableCredentials []map[string]interface{}, holder string) (sameDevice SameDeviceResponse, err error) }
verifier interface