wallet

package
v0.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 14, 2021 License: Apache-2.0 Imports: 52 Imported by: 11

Documentation

Overview

nolint

Index

Constants

View Source 
const (
	Ed25519VerificationKey2018 = "ed25519verificationkey2018"
	Bls12381G1Key2020          = "bls12381g1key2020"
)

supported key types for import key base58 (all constants defined in lower case).

View Source 
const (
	// Ed25519Signature2018 ed25519 signature suite.
	Ed25519Signature2018 = "Ed25519Signature2018"
	// JSONWebSignature2020 json web signature suite.
	JSONWebSignature2020 = "JsonWebSignature2020"
	// BbsBlsSignature2020 BBS signature suite.
	BbsBlsSignature2020 = "BbsBlsSignature2020"
)

Proof types.

Variables

View Source 
var (
	// ErrAlreadyUnlocked error when key manager is already created for a given user.
	ErrAlreadyUnlocked = errors.New("wallet already unlocked")

	// WalletLocked when key manager operation is attempted without unlocking wallet.
	ErrWalletLocked = errors.New("wallet locked")

	// ErrInvalidAuthToken when auth token provided to wallet is unable to unlock key manager.
	ErrInvalidAuthToken = errors.New("invalid auth token")
)

errors.

View Source 
var ErrProfileNotFound = errors.New("profile does not exist")

ErrProfileNotFound error for wallet profile not found scenario.

View Source 
var (
	// ErrQueryNoResultFound error when no records found from query.
	ErrQueryNoResultFound = errors.New("no result found")
)

Query errors.

Functions

func CreateDataVaultKeyPairs 

func CreateDataVaultKeyPairs(userID string, ctx provider, options ...UnlockOptions) error

CreateDataVaultKeyPairs can be used create EDV key pairs for given profile. Wallet will create key pairs in profile kms and updates profile with newly generate EDV encryption & MAC key IDs.

func CreateProfile 

func CreateProfile(userID string, ctx provider, options ...ProfileOptions) error

CreateProfile creates a new verifiable credential wallet profile for given user. returns error if wallet profile is already created. Use `UpdateProfile()` for replacing an already created verifiable credential wallet profile.

func ProfileExists 

func ProfileExists(userID string, ctx provider) error

ProfileExists checks if profile exists for given wallet user, returns error if not found.

func UpdateProfile 

func UpdateProfile(userID string, ctx provider, options ...ProfileOptions) error

UpdateProfile updates existing verifiable credential wallet profile. Caution: - you might lose your existing keys if you change kms options. - you might lose your existing wallet contents if you change storage/EDV options (ex: switching context storage provider or changing EDV settings).

Types

type AddContentOptions 

type AddContentOptions func(opts *addContentOpts)

AddContentOptions is option for adding contents to wallet.

func AddByCollection 

func AddByCollection(collectionID string) AddContentOptions

AddByCollection option for grouping wallet contents by collection ID.

type ConnectOptions 

type ConnectOptions func(opts *connectOpts)

ConnectOptions options for accepting incoming out-of-band invitation and connecting.

func WithConnectTimeout 

func WithConnectTimeout(timeout time.Duration) ConnectOptions

WithConnectTimeout option providing connect timeout, to wait for connection status to be 'completed'.

func WithMyLabel 

func WithMyLabel(label string) ConnectOptions

WithMyLabel option for providing label to be shared with the other agent during the subsequent did-exchange.

func WithReuseAnyConnection 

func WithReuseAnyConnection(reuse bool) ConnectOptions

WithReuseAnyConnection option to use any recognized DID in the services array for a reusable connection.

func WithReuseDID 

func WithReuseDID(did string) ConnectOptions

WithReuseDID option to provide DID to be used when reusing a connection.

func WithRouterConnections 

func WithRouterConnections(conns ...string) ConnectOptions

WithRouterConnections option to provide for router connections to be used.

type ContentType 

type ContentType string

ContentType is wallet content type. 

const (
	// Collection content type which can be used to group wallet contents together.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#Collection
	Collection ContentType = "collection"

	// Credential content type for handling credential data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#Credential
	Credential ContentType = "credential"

	// DIDResolutionResponse content type for handling DID document data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#DIDResolutionResponse
	DIDResolutionResponse ContentType = "didResolutionResponse"

	// Metadata content type for handling wallet metadata data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#meta-data
	Metadata ContentType = "metadata"

	// Connection content type for handling wallet connection data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#connection
	Connection ContentType = "connection"

	// Key content type for handling key data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#Key
	Key ContentType = "key"
)

func (ContentType) IsValid 

func (ct ContentType) IsValid() error

IsValid checks if underlying content type is supported.

func (ContentType) Name 

func (ct ContentType) Name() string

Name of the content type.

type CredentialToDerive 

type CredentialToDerive func(opts *deriveOpts)

CredentialToDerive is credential option for deriving a credential from wallet.

func FromCredential 

func FromCredential(cred *verifiable.Credential) CredentialToDerive

FromCredential option for deriving credential from a credential instance.

func FromRawCredential 

func FromRawCredential(raw json.RawMessage) CredentialToDerive

FromRawCredential for deriving credential from raw credential bytes.

func FromStoredCredential 

func FromStoredCredential(id string) CredentialToDerive

FromStoredCredential for deriving credential from stored credential.

type DeriveOptions 

type DeriveOptions struct {
	// Frame is JSON-LD frame used for selective disclosure.
	Frame map[string]interface{} `json:"frame,omitempty"`
	// Nonce to prove uniqueness or freshness of the proof.
	Nonce string `json:"nonce,omitempty"`
}

DeriveOptions model containing options for deriving a credential.

type ExampleDefinition 

type ExampleDefinition struct {
	Context           []string                  `json:"@context"`
	Type              interface{}               `json:"type"`
	CredentialSubject map[string]string         `json:"credentialSubject"`
	CredentialSchema  map[string]string         `json:"credentialSchema"`
	TrustedIssuer     []TrustedIssuerDefinition `json:"trustedIssuer"`
	IssuerQuery       map[string]interface{}    `json:"issuerQuery"`
}

ExampleDefinition frame for QueryByExample. Refer - https://w3c-ccg.github.io/vp-request-spec/#example-2-a-query-by-example-query TODO currently `IssuerQuery` is ignored.

type GetAllContentsOptions 

type GetAllContentsOptions func(opts *getAllContentsOpts)

GetAllContentsOptions is option for getting all contents from wallet.

func FilterByCollection 

func FilterByCollection(collectionID string) GetAllContentsOptions

FilterByCollection option for getting all contents by collection from wallet.

type KeyPair 

type KeyPair struct {
	// base64 encoded key ID of the key created.
	KeyID string `json:"keyID,omitempty"`
	// base64 encoded public key of the key pair created.
	PublicKey string `json:"publicKey,omitempty"`
}

KeyPair is response of creating key pair inside wallet.

type PresentProofFrom 

type PresentProofFrom func(opts *presentProofOpts)

PresentProofFrom is option to send present proof from wallet.

func FromPresentation 

func FromPresentation(presentation *verifiable.Presentation) PresentProofFrom

FromPresentation for sending aries verifiable presentation.

func FromRawPresentation 

func FromRawPresentation(raw json.RawMessage) PresentProofFrom

FromRawPresentation for sending raw JSON as presentation.

type ProfileOptions 

type ProfileOptions func(opts *profileOpts)

ProfileOptions is option for verifiable credential wallet key manager.

func WithEDVStorage 

func WithEDVStorage(url, vaultID, encryptionKID, macKID string) ProfileOptions

WithEDVStorage option, for wallet profile to use EDV as storage. If provided then all wallet contents will use EDV for storage. Note: key manager options supplied for profile creation and management will be reused for EDV operations.

func WithKeyServerURL 

func WithKeyServerURL(url string) ProfileOptions

WithKeyServerURL option, when provided then wallet will use remote kms for key operations. This option will be ignore if provided with 'WithSecretLockService' option.

func WithPassphrase 

func WithPassphrase(passphrase string) ProfileOptions

WithPassphrase option to provide passphrase for local kms for key operations.

func WithSecretLockService 

func WithSecretLockService(svc secretlock.Service) ProfileOptions

WithSecretLockService option, when provided then wallet will use local kms for key operations.

type ProofOptions 

type ProofOptions struct {
	// Controller is a DID to be for signing. This option is required for issue/prove wallet features.
	Controller string `json:"controller,omitempty"`
	// VerificationMethod is the URI of the verificationMethod used for the proof.
	// Optional, by default Controller public key matching 'assertion' for issue or 'authentication' for prove functions.
	VerificationMethod string `json:"verificationMethod,omitempty"`
	// Created date of the proof.
	// Optional, current system time will be used.
	Created *time.Time `json:"created,omitempty"`
	// Domain is operational domain of a digital proof.
	// Optional, by default domain will not be part of proof.
	Domain string `json:"domain,omitempty"`
	// Challenge is a random or pseudo-random value option authentication.
	// Optional, by default challenge will not be part of proof.
	Challenge string `json:"challenge,omitempty"`
	// ProofType is signature type used for signing.
	// Optional, by default proof will be generated in Ed25519Signature2018 format.
	ProofType string `json:"proofType,omitempty"`
	// ProofRepresentation is type of proof data expected, (Refer verifiable.SignatureProofValue)
	// Optional, by default proof will be represented as 'verifiable.SignatureProofValue'.
	ProofRepresentation *verifiable.SignatureRepresentation `json:"proofRepresentation,omitempty"`
}

ProofOptions model

Options for adding linked data proofs to a verifiable credential or a verifiable presentation. To be used as options for issue/prove wallet features.

type ProposePresentationOption 

type ProposePresentationOption func(opts *proposePresOpts)

ProposePresentationOption options for proposing presentation from wallet.

func WithConnectOptions 

func WithConnectOptions(options ...ConnectOptions) ProposePresentationOption

WithConnectOptions for customizing options for accepting invitation.

func WithFromDID 

func WithFromDID(from string) ProposePresentationOption

WithFromDID option for providing customized from DID for sending propose presentation message.

func WithPresentProofTimeout 

func WithPresentProofTimeout(timeout time.Duration) ProposePresentationOption

WithPresentProofTimeout to provide timeout duration to wait for request presentation response from relying party.

type ProveOptions 

type ProveOptions func(opts *proveOpts)

ProveOptions options for proving credential to present from wallet.

func WithCredentialsToProve 

func WithCredentialsToProve(credentials ...*verifiable.Credential) ProveOptions

WithCredentialsToProve option for providing verifiable credential instances for wallet to present.

func WithPresentationToProve 

func WithPresentationToProve(presentation *verifiable.Presentation) ProveOptions

WithPresentationToProve option for providing presentation for wallet to present. If passed along with other credentials options, response verifiable presentation will be normalized to include all the credentials.

func WithRawCredentialsToProve 

func WithRawCredentialsToProve(raw ...json.RawMessage) ProveOptions

WithRawCredentialsToProve option for providing raw credential for wallet to present.

func WithRawPresentationToProve 

func WithRawPresentationToProve(presentation json.RawMessage) ProveOptions

WithRawPresentationToProve option for providing raw presentation for wallet to present. Ignored if passed along with WithPresentationToProve option. If passed along with other credentials options, response verifiable presentation will be normalized to include all the credentials.

func WithStoredCredentialsToProve 

func WithStoredCredentialsToProve(ids ...string) ProveOptions

WithStoredCredentialsToProve option for providing stored credential IDs for wallet to present.

type Query 

type Query struct {
	// contains filtered or unexported fields
}

Query performs wallet credential queries, currently supporting all the QueryTypes defined in QueryType.

func NewQuery 

func NewQuery(pkFetcher verifiable.PublicKeyFetcher, loader ld.DocumentLoader, queries ...*QueryParams) *Query

NewQuery returns new wallet query instance.

func (*Query) PerformQuery 

func (q *Query) PerformQuery(credentials map[string]json.RawMessage) ([]*verifiable.Presentation, error)

PerformQuery performs credential query on given credentials. nolint:gocyclo

type QueryByExampleDefinition 

type QueryByExampleDefinition struct {
	Example *ExampleDefinition `json:"example"`
}

QueryByExampleDefinition is model for QueryByExample query type. https://w3c-ccg.github.io/vp-request-spec/#query-by-example

type QueryByFrameDefinition 

type QueryByFrameDefinition struct {
	Frame         map[string]interface{}    `json:"frame"`
	TrustedIssuer []TrustedIssuerDefinition `json:"trustedIssuer"`
}

QueryByFrameDefinition is model for QueryByExample query type. https://w3c-ccg.github.io/vp-request-spec/ TODO QueryByExampleDefinition model is not yet finalized - https://github.com/w3c-ccg/vp-request-spec/issues/8

type QueryParams 

type QueryParams struct {
	// Type of the query.
	// Allowed values  'QueryByExample', 'QueryByFrame', 'PresentationExchange', 'DIDAuth'
	Type string `json:"type"`

	// Query can contain one or more credential queries.
	Query []json.RawMessage `json:"credentialQuery"`
}

QueryParams contains credential queries for querying credential from wallet. Refer https://w3c-ccg.github.io/vp-request-spec/#format for more details.

type QueryType 

type QueryType int

QueryType is type of query supported by wallet implementation More details can be found here : https://w3c-ccg.github.io/universal-wallet-interop-spec/#query 

const (
	// QueryByExample https://w3c-ccg.github.io/vp-request-spec/#query-by-example
	QueryByExample QueryType = iota + 1
	// QueryByFrame https://github.com/w3c-ccg/vp-request-spec/issues/8
	QueryByFrame
	// PresentationExchange https://identity.foundation/presentation-exchange/
	PresentationExchange
	// DIDAuth https://w3c-ccg.github.io/vp-request-spec/#did-authentication-request
	DIDAuth
)

func GetQueryType 

func GetQueryType(name string) (QueryType, error)

GetQueryType returns QueryType instance for given string query type.

func (QueryType) Name 

func (q QueryType) Name() string

Name returns name of the query.

type TrustedIssuerDefinition 

type TrustedIssuerDefinition struct {
	Issuer   string `json:"issuer"`
	Required bool   `json:"required"`
}

TrustedIssuerDefinition is model for trusted issuer component in QueryByFrame & QueryByExample.

type UnlockOptions 

type UnlockOptions func(opts *unlockOpts)

UnlockOptions is option for unlocking verifiable credential wallet key manager. Wallet unlocking instantiates KMS instance for wallet operations. Type of key manager (local or remote) to be used will be decided based on options passed. Note: unlock options should match key manager options set for given wallet profile.

func WithUnlockByAuthorizationToken 

func WithUnlockByAuthorizationToken(url string) UnlockOptions

WithUnlockByAuthorizationToken option for supplying remote kms auth token to open wallet. This option will be ignore when supplied with localkms options.

func WithUnlockByPassphrase 

func WithUnlockByPassphrase(passphrase string) UnlockOptions

WithUnlockByPassphrase option for supplying passphrase to open wallet. This option takes precedence when provided along with other options.

func WithUnlockBySecretLockService 

func WithUnlockBySecretLockService(svc secretlock.Service) UnlockOptions

WithUnlockBySecretLockService option for supplying secret lock service to open wallet. This option will be ignored when supplied with 'WithPassphrase' option.

func WithUnlockEDVOptions 

func WithUnlockEDVOptions(edvOpts ...edv.RESTProviderOption) UnlockOptions

WithUnlockEDVOptions can be used to provide custom aries edv options for unlocking wallet. Provided options will be considered only if given wallet profile is using EDV configurations.

func WithUnlockExpiry 

func WithUnlockExpiry(tokenExpiry time.Duration) UnlockOptions

WithUnlockExpiry time duration after which wallet key manager will be expired. Wallet should be reopened by using 'client.Open()' once expired or a new instance needs to be created.

func WithUnlockWebKMSOptions 

func WithUnlockWebKMSOptions(webkmsOpts ...webkms.Opt) UnlockOptions

WithUnlockWebKMSOptions can be used to provide custom aries web kms options for unlocking wallet. This option can be used to set web kms client http header function instead of using WithUnlockByAuthorizationToken.

type VerificationOption 

type VerificationOption func(opts *verifyOpts)

VerificationOption options for verifying credential from wallet.

func WithRawCredentialToVerify 

func WithRawCredentialToVerify(raw json.RawMessage) VerificationOption

WithRawCredentialToVerify option for providing raw credential to be verified from wallet.

func WithRawPresentationToVerify 

func WithRawPresentationToVerify(raw json.RawMessage) VerificationOption

WithRawPresentationToVerify option for providing raw presentation to be verified from wallet.

func WithStoredCredentialToVerify 

func WithStoredCredentialToVerify(id string) VerificationOption

WithStoredCredentialToVerify option for providing ID of the stored credential to be verified from wallet.

type Wallet 

type Wallet struct {
	// contains filtered or unexported fields
}

Wallet enables access to verifiable credential wallet features.

func New 

func New(userID string, ctx provider) (*Wallet, error)

New returns new verifiable credential wallet for given user. returns error if wallet profile is not found. To create a new wallet profile, use `CreateProfile()`. To update an existing profile, use `UpdateProfile()`.

func (*Wallet) Add 

func (c *Wallet) Add(authToken string, contentType ContentType, content json.RawMessage, options ...AddContentOptions) error

Add adds given data model to wallet contents store.

Supported data models:

func (*Wallet) Close 

func (c *Wallet) Close() bool

Close expires token issued to this VC wallet, removes the key manager instance and closes wallet content store. returns false if token is not found or already expired for this wallet user.

func (*Wallet) Connect 

func (c *Wallet) Connect(authToken string, invitation *outofband.Invitation, options ...ConnectOptions) (string, error)

Connect accepts out-of-band invitations and performs DID exchange.

Args:

  • authToken: authorization for performing create key pair operation.
  • invitation: out-of-band invitation.
  • options: connection options.

Returns:

  • connection ID if DID exchange is successful.
  • error if operation false.

func (*Wallet) CreateKeyPair 

func (c *Wallet) CreateKeyPair(authToken string, keyType kms.KeyType) (*KeyPair, error)

CreateKeyPair creates key pair inside a wallet. 

Args:
	- authToken: authorization for performing create key pair operation.
	- keyType: type of the key to be created.

func (*Wallet) Derive 

func (c *Wallet) Derive(authToken string, credential CredentialToDerive, options *DeriveOptions) (*verifiable.Credential, error)

Derive derives a credential and returns response credential. 

Args:
	- credential to derive (ID of the stored credential, raw credential or credential instance).
	- derive options.

func (*Wallet) Export 

func (c *Wallet) Export(auth string) (json.RawMessage, error)

Export produces a serialized exported wallet representation. Only ciphertext wallet contents can be exported. 

Args:
	- auth: token to be used to lock the wallet before exporting.

Returns exported locked wallet.

Supported data models:

func (*Wallet) Get 

func (c *Wallet) Get(authToken string, contentType ContentType, contentID string) (json.RawMessage, error)

Get fetches a wallet content by content ID.

Supported data models:

func (*Wallet) GetAll 

func (c *Wallet) GetAll(authToken string, contentType ContentType, options ...GetAllContentsOptions) (map[string]json.RawMessage, error)

GetAll fetches all wallet contents of given type. Returns map of key value from content store for given content type.

Supported data models:

func (*Wallet) Import 

func (c *Wallet) Import(auth string, contents json.RawMessage) error

Import Takes a serialized exported wallet representation as input and imports all contents into wallet. 

Args:
	- contents: wallet content to be imported.
	- auth: token used while exporting the wallet.

Supported data models:

func (*Wallet) Issue 

func (c *Wallet) Issue(authToken string, credential json.RawMessage,
	options *ProofOptions) (*verifiable.Credential, error)

Issue adds proof to a Verifiable Credential. 

Args:
	- auth token for unlocking kms.
	- A verifiable credential with or without proof.
	- Proof options.

func (*Wallet) Open 

func (c *Wallet) Open(options ...UnlockOptions) (string, error)

Open unlocks wallet's key manager instance & open wallet content store and returns a token for subsequent use of wallet features. 

Args:
	- unlock options for opening wallet.

Returns token with expiry that can be used for subsequent use of wallet features.

func (*Wallet) PresentProof 

func (c *Wallet) PresentProof(authToken, thID string, presentProofFrom PresentProofFrom) error

PresentProof sends message present proof message from wallet to relying party. https://w3c-ccg.github.io/universal-wallet-interop-spec/#presentproof

Currently Supporting [0454-present-proof-v2](https://github.com/hyperledger/aries-rfcs/tree/master/features/0454-present-proof-v2)

Args:

  • authToken: authorization for performing operation.
  • thID: thread ID (action ID) of request presentation.
  • presentProofFrom: presentation to be sent.

Returns:

  • error if operation fails.

TODO: wait for acknowledgement option to be added.

func (*Wallet) ProposePresentation 

func (c *Wallet) ProposePresentation(authToken string, invitation *outofband.Invitation, options ...ProposePresentationOption) (*service.DIDCommMsgMap, error)

ProposePresentation accepts out-of-band invitation and sends message proposing presentation from wallet to relying party. https://w3c-ccg.github.io/universal-wallet-interop-spec/#proposepresentation

Currently Supporting [0454-present-proof-v2](https://github.com/hyperledger/aries-rfcs/tree/master/features/0454-present-proof-v2)

Args:

  • authToken: authorization for performing operation.
  • invitation: out-of-band invitation from relying party.
  • options: options for accepting invitation and send propose presentation message.

Returns:

  • DIDCommMsgMap containing request presentation message if operation is successful.
  • error if operation fails.

func (*Wallet) Prove 

func (c *Wallet) Prove(authToken string, proofOptions *ProofOptions, credentials ...ProveOptions) (*verifiable.Presentation, error)

Prove produces a Verifiable Presentation. 

Args:
	- auth token for unlocking kms.
	- list of interfaces (string of credential IDs which can be resolvable to stored credentials in wallet or
	raw credential or a presentation).
	- proof options

func (*Wallet) Query 

func (c *Wallet) Query(authToken string, params ...*QueryParams) ([]*verifiable.Presentation, error)

Query runs query against wallet credential contents and returns presentation containing credential results.

This function may return multiple presentations as query result based on combination of query types used.

https://w3c-ccg.github.io/universal-wallet-interop-spec/#query

Supported Query Types:

func (*Wallet) Remove 

func (c *Wallet) Remove(authToken string, contentType ContentType, contentID string) error

Remove removes wallet content by content ID.

Supported data models:

func (*Wallet) Verify 

func (c *Wallet) Verify(authToken string, options VerificationOption) (bool, error)

Verify takes Takes a Verifiable Credential or Verifiable Presentation as input,. 

Args:
	- verification option for sending different models (stored credential ID, raw credential, raw presentation).

Returns: a boolean verified, and an error if verified is false.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.