cm

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2023 License: Apache-2.0 Imports: 11 Imported by: 9

Documentation

Overview

Package cm contains methods that are useful for parsing and validating the objects defined in the Credential Manifest spec: https://identity.foundation/credential-manifest.

Index

Constants

View Source 
const (
	// CredentialApplicationAttachmentFormat defines the format type of Credential Application when used as an
	// attachment in the WACI issuance flow.
	// Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.
	CredentialApplicationAttachmentFormat = "dif/credential-manifest/application@v1.0"
	// CredentialApplicationPresentationContext defines the context type of Credential Application when used as part of
	// a presentation attachment in the WACI issuance flow.
	// Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.
	CredentialApplicationPresentationContext = "https://identity.foundation/credential-manifest/application/v1"
)
View Source 
const (
	// CredentialResponseAttachmentFormat defines the format type of Credential Response when used as an
	// attachment in the WACI issuance flow.
	// Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.
	CredentialResponseAttachmentFormat = "dif/credential-manifest/response@v1.0"
	// CredentialResponsePresentationContext defines the context type of Credential Response when used as part of
	// a presentation attachment in the WACI issuance flow.
	// Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.
	CredentialResponsePresentationContext = "https://identity.foundation/credential-manifest/response/v1"
)
View Source 
const CredentialManifestAttachmentFormat = "dif/credential-manifest/manifest@v1.0"

CredentialManifestAttachmentFormat defines the format type of Credential Manifest when used as an attachment in the WACI issuance flow. Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.

Variables

This section is empty.

Functions

func PresentCredentialApplication 

func PresentCredentialApplication(credentialManifest *CredentialManifest,
	opts ...PresentCredentialApplicationOpt) (*verifiable.Presentation, error)

PresentCredentialApplication creates a minimal Presentation (without proofs) with Credential Application data based on credentialManifest. The WithExistingPresentationForPresentCredentialResponse can be used to add the Credential Application data to an existing Presentation object instead. If the "https://identity.foundation/presentation-exchange/submission/v1" context is found, it will be replaced with the "https://identity.foundation/credential-manifest/application/v1" context. Note that any existing proofs are not updated. Note also the following assumptions/limitations of this method:

  1. The format of all claims in the Presentation Submission are assumed to be ldp_vp and will be set as such.
  2. The format for the Credential Application object will be set to match the format from the Credential Manifest exactly. If a caller wants to use a smaller subset of the Credential Manifest's format, then they will have to set it manually.
  3. The location of the Verifiable Credentials is assumed to be an array at the root under a field called "verifiableCredential".
  4. The Verifiable Credentials in the presentation is assumed to be in the same order as the Output Descriptors in the Credential Manifest.

func PresentCredentialResponse added in v0.1.9 

func PresentCredentialResponse(credentialManifest *CredentialManifest,
	opts ...PresentCredentialResponseOpt) (*verifiable.Presentation, error)

PresentCredentialResponse creates a basic Presentation (without proofs) with Credential Response data based on credentialManifest. The WithExistingPresentationForPresentCredentialResponse can be used to add the Credential Response data to an existing Presentation object instead. Note that any existing proofs are not updated. Note also the following assumptions/limitations of this method:

  1. The format of all credentials is assumed to be ldp_vc.
  2. The location of the Verifiable Credentials is assumed to be an array at the root under a field called "verifiableCredential".
  3. The Verifiable Credentials in the presentation is assumed to be in the same order as the Output Descriptors in the Credential Manifest.

func ValidateCredentialApplication 

func ValidateCredentialApplication(application *verifiable.Presentation, cm *CredentialManifest,
	contextLoader ld.DocumentLoader, options ...presexch.MatchOption) error

ValidateCredentialApplication validates credential application presentation by validating the embedded Credential Application object against the given Credential Manifest. There are 3 requirements for the Credential Application to be valid against the Credential Manifest:

  1. Credential Application's manifest ID must match the Credential Manifest's ID.
  2. If the Credential Manifest has a format property, the Credential Application must also have a format property which is a subset of the Credential Manifest's.
  3. If the Credential Manifest contains a presentation_definition property, the Credential Application must have a matching presentation_submission property.

Proof of all individual credentials can also be validated by using options. Refer to https://identity.foundation/credential-manifest/#credential-application for more info.

func ValidateOutputDescriptors 

func ValidateOutputDescriptors(descriptors []*OutputDescriptor) error

ValidateOutputDescriptors checks the given slice of OutputDescriptors to ensure that they are valid (per the spec) when placed together within a single Credential Manifest. To pass validation, the following two conditions must be satisfied: 1. Each OutputDescriptor must have a unique ID. 2. Each OutputDescriptor must also have valid contents. See the validateOutputDescriptorDisplay function for details.

Types

type Color 

type Color struct {
	Color string `json:"color"` // RGB hex code
}

Color represents a single color in RGB hex code format.

type CredentialApplication 

type CredentialApplication struct {
	ID string `json:"id,omitempty"` // mandatory property
	// The value of this property MUST be the ID of a valid Credential Manifest.
	ManifestID string `json:"manifest_id,omitempty"` // mandatory property
	// Must be a subset of the format property of the CredentialManifest that this CredentialApplication is related to
	Format presexch.Format `json:"format,omitempty"` // mandatory property
}

CredentialApplication represents a credential_application object as defined in https://identity.foundation/credential-manifest/#credential-application. Note that the term "Credential Application" is overloaded in the spec - a "Credential Application" may be referring to one of two different, but related, concepts. A "Credential Application" can be the object defined below, which is intended to be embedded in an envelope like a Verifiable Presentation. Additionally, when that envelope contains the object defined below under a field named "credential_application", then that envelope itself can be called a "Credential Application". The larger "envelope version" of a Credential Application may also have a sibling presentation_submission object within the envelope, as demonstrated by the PresentCredentialApplication method. See https://github.com/decentralized-identity/credential-manifest/issues/73 for more information about this name overloading.

func UnmarshalAndValidateAgainstCredentialManifest 

func UnmarshalAndValidateAgainstCredentialManifest(credentialApplicationBytes []byte,
	cm *CredentialManifest) (CredentialApplication, error)

UnmarshalAndValidateAgainstCredentialManifest unmarshals the credentialApplicationBytes into a CredentialApplication object (performing verification in the process), and after that verifies that the Credential Application is valid against the given Credential Manifest. It's simply a convenience method that allows you to unmarshal and perform validation against a Credential Manifest in one call.

func (*CredentialApplication) UnmarshalJSON 

func (ca *CredentialApplication) UnmarshalJSON(data []byte) error

UnmarshalJSON is the custom unmarshal function gets called automatically when the standard json.Unmarshal is called. It also ensures that the given data is a valid CredentialApplication object per the specification.

func (*CredentialApplication) ValidateAgainstCredentialManifest 

func (ca *CredentialApplication) ValidateAgainstCredentialManifest(cm *CredentialManifest) error

ValidateAgainstCredentialManifest verifies that the Credential Application is valid against the given Credential Manifest.

type CredentialManifest 

type CredentialManifest struct {
	ID                     string                           `json:"id,omitempty"`                 // mandatory property
	Issuer                 Issuer                           `json:"issuer,omitempty"`             // mandatory property
	OutputDescriptors      []*OutputDescriptor              `json:"output_descriptors,omitempty"` // mandatory property
	Format                 *presexch.Format                 `json:"format,omitempty"`
	PresentationDefinition *presexch.PresentationDefinition `json:"presentation_definition,omitempty"`
}

CredentialManifest represents a Credential Manifest object as defined in https://identity.foundation/credential-manifest/#credential-manifest-2.

func (*CredentialManifest) ResolveCredential 

func (cm *CredentialManifest) ResolveCredential(descriptorID string, credential CredentialToResolveOption) (*ResolvedDescriptor, error)

ResolveCredential resolves given credential and returns results.

func (*CredentialManifest) ResolveResponse added in v0.1.9 

func (cm *CredentialManifest) ResolveResponse(response *verifiable.Presentation) ([]*ResolvedDescriptor, error)

ResolveResponse resolves given credential response and returns results. Currently supports only 'ldp_vc' format of response credentials.

func (*CredentialManifest) UnmarshalJSON 

func (cm *CredentialManifest) UnmarshalJSON(data []byte) error

UnmarshalJSON is the custom unmarshal function gets called automatically when the standard json.Unmarshal is called. It also ensures that the given data is a valid CredentialManifest object per the specification.

func (*CredentialManifest) Validate 

func (cm *CredentialManifest) Validate() error

Validate ensures that this CredentialManifest is valid as per the spec. Note that this function is automatically called when unmarshalling a []byte into a CredentialManifest.

type CredentialResponse added in v0.1.9 

type CredentialResponse struct {
	ID                             string                `json:"id,omitempty"`          // mandatory property
	ManifestID                     string                `json:"manifest_id,omitempty"` // mandatory property
	ApplicationID                  string                `json:"application_id,omitempty"`
	OutputDescriptorMappingObjects []OutputDescriptorMap `json:"descriptor_map,omitempty"` // mandatory property
}

CredentialResponse represents a Credential Response object as defined in https://identity.foundation/credential-manifest/#credential-response.

func (*CredentialResponse) ResolveDescriptorMaps added in v0.1.9 

func (cf *CredentialResponse) ResolveDescriptorMaps(jsonDataFromAttachment interface{},
	parseCredentialOpts ...verifiable.CredentialOpt) ([]verifiable.Credential, error)

ResolveDescriptorMaps resolves Verifiable Credentials based on this Credential Response's descriptor maps. This function looks at each OutputDescriptorMap's path property and checks for that path in the given JSON data, which is expected to be from the attachment of an Issue Credential message (i.e. issuecredential.IssueCredentialV3.Attachments[i].Data.JSON). See the TestCredentialResponse_ResolveDescriptorMap method for examples. If a VC is found at that path's location, then it is added to the array of VCs that will be returned by this method. Once all OutputDescriptorMaps are done being scanned, the array of VCs will be returned.

func (*CredentialResponse) UnmarshalJSON added in v0.1.9 

func (cf *CredentialResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON is the custom unmarshal function gets called automatically when the standard json.Unmarshal is called. It also ensures that the given data is a valid CredentialResponse object per the specification.

type CredentialToResolveOption 

type CredentialToResolveOption func(opts *resolveCredOpts)

CredentialToResolveOption is an option to provide credential to resolve manifest.

func CredentialToResolve 

func CredentialToResolve(credential *verifiable.Credential) CredentialToResolveOption

CredentialToResolve is an option to provide verifiable credential instance to resolve.

func RawCredentialToResolve 

func RawCredentialToResolve(raw json.RawMessage) CredentialToResolveOption

RawCredentialToResolve is an option to provide raw JSON bytes of verifiable credential to resolve.

type DataDisplayDescriptor 

type DataDisplayDescriptor struct {
	Title       *DisplayMappingObject          `json:"title,omitempty"`
	Subtitle    *DisplayMappingObject          `json:"subtitle,omitempty"`
	Description *DisplayMappingObject          `json:"description,omitempty"`
	Properties  []*LabeledDisplayMappingObject `json:"properties,omitempty"`
}

DataDisplayDescriptor represents a Data Display Descriptor as defined in https://identity.foundation/credential-manifest/wallet-rendering/#data-display.

type DisplayMappingObject 

type DisplayMappingObject struct {
	Text     string   `json:"text,omitempty"`
	Paths    []string `json:"path,omitempty"`
	Schema   Schema   `json:"schema,omitempty"`
	Fallback string   `json:"fallback,omitempty"`
}

DisplayMappingObject represents a Display Mapping Object as defined in https://identity.foundation/wallet-rendering/#display-mapping-object There are two possibilities here: 1. If the text field is used, schema is not required. The text field will contain display information about the target Claim. 2. If the path field is used, schema is required. Data will be pulled from the target Claim using the path. TODO (#3045) Support for JSONPath bracket notation.

type ImageURIWithAltText 

type ImageURIWithAltText struct {
	URI string `json:"uri,omitempty"` // mandatory property
	Alt string `json:"alt,omitempty"`
}

ImageURIWithAltText represents a URI that points to an image along with the alt text for it.

type Issuer 

type Issuer struct {
	ID     string  `json:"id,omitempty"` // mandatory, must be a valid URI
	Name   string  `json:"name,omitempty"`
	Styles *Styles `json:"styles,omitempty"`
}

Issuer represents the issuer object defined in https://identity.foundation/credential-manifest/#general-composition.

type LabeledDisplayMappingObject 

type LabeledDisplayMappingObject struct {
	DisplayMappingObject
	Label string `json:"label,omitempty"` // mandatory property
}

LabeledDisplayMappingObject is a DisplayMappingObject with an additional Label field. They are used for the dynamic Properties array in a DataDisplayDescriptor.

type OutputDescriptor 

type OutputDescriptor struct {
	ID          string                 `json:"id,omitempty"`     // mandatory property
	Schema      string                 `json:"schema,omitempty"` // mandatory property
	Name        string                 `json:"name,omitempty"`
	Description string                 `json:"description,omitempty"`
	Display     *DataDisplayDescriptor `json:"display,omitempty"`
	Styles      *Styles                `json:"styles,omitempty"`
}

OutputDescriptor represents an Output Descriptor object as defined in https://identity.foundation/credential-manifest/#output-descriptor.

type OutputDescriptorMap 

type OutputDescriptorMap presexch.InputDescriptorMapping

OutputDescriptorMap represents an Output Descriptor Mapping Object as defined in https://identity.foundation/credential-manifest/#credential-response. It has the same format as the InputDescriptorMapping object from the presexch package, but has a different meaning here.

type PresentCredentialApplicationOpt 

type PresentCredentialApplicationOpt func(opts *presentCredentialApplicationOpts)

PresentCredentialApplicationOpt is an option for the PresentCredentialApplication method.

func WithExistingPresentationForPresentCredentialApplication 

func WithExistingPresentationForPresentCredentialApplication(
	presentation *verifiable.Presentation) PresentCredentialApplicationOpt

WithExistingPresentationForPresentCredentialApplication is an option for the PresentCredentialApplication method that allows Credential Application data to be added to an existing Presentation (turning it into a Credential Application in the process). The existing Presentation should not already have Credential Application data.

type PresentCredentialResponseOpt added in v0.1.9 

type PresentCredentialResponseOpt func(opts *presentCredentialResponseOpts)

PresentCredentialResponseOpt is an option for the PresentCredentialResponse method.

func WithExistingPresentationForPresentCredentialResponse added in v0.1.9 

func WithExistingPresentationForPresentCredentialResponse(
	presentation *verifiable.Presentation) PresentCredentialResponseOpt

WithExistingPresentationForPresentCredentialResponse is an option for the PresentCredentialResponse method that allows Credential Response data to be added to an existing Presentation. The existing Presentation should not already have Credential Response data.

type ResolvedDescriptor 

type ResolvedDescriptor struct {
	DescriptorID string              `json:"descriptor_id"`
	Title        string              `json:"title,omitempty"`
	Subtitle     string              `json:"subtitle,omitempty"`
	Description  string              `json:"description,omitempty"`
	Styles       *Styles             `json:"styles,omitempty"`
	Properties   []*ResolvedProperty `json:"properties,omitempty"`
}

ResolvedDescriptor typically represents results of resolving manifests by credential response. Typically represents a DataDisplayDescriptor that's had its various "template" fields resolved into concrete values based on a Verifiable Credential.

type ResolvedProperty 

type ResolvedProperty struct {
	Schema Schema      `json:"schema"`
	Label  string      `json:"label"`
	Value  interface{} `json:"value"`
}

ResolvedProperty contains resolved result for each resolved property.

type Schema 

type Schema struct {
	Type             string `json:"type"`                       // MUST be here
	Format           string `json:"format,omitempty"`           // MAY be here if the Type is "string".
	ContentMediaType string `json:"contentMediaType,omitempty"` // MAY be here if the Type is "string".
	ContentEncoding  string `json:"contentEncoding,omitempty"`  // MAY be here if the Type is "string".
}

Schema represents Type and (optional) Format information for a DisplayMappingObject that uses the Paths field, as defined in https://identity.foundation/wallet-rendering/#using-path.

type Styles 

type Styles struct {
	Thumbnail  *ImageURIWithAltText `json:"thumbnail,omitempty"`
	Hero       *ImageURIWithAltText `json:"hero,omitempty"`
	Background *Color               `json:"background,omitempty"`
	Text       *Color               `json:"text,omitempty"`
}

Styles represents an Entity Styles object as defined in https://identity.foundation/wallet-rendering/#entity-styles.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.