irma

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2020 License: Apache-2.0 Imports: 60 Imported by: 0

README ¶

irmago-measurements

Documentation ¶

Overview ¶

Package irma contains generic IRMA strucs and logic of use to all IRMA participants. It parses irma_configuration folders to scheme managers, issuers, credential types and public keys; it contains various messages from the IRMA protocol; it parses IRMA metadata attributes; and it contains attribute and credential verification logic.

Index ¶

Constants ¶

View Source 
const (
	SchemeManagerStatusValid               = SchemeManagerStatus("Valid")
	SchemeManagerStatusUnprocessed         = SchemeManagerStatus("Unprocessed")
	SchemeManagerStatusInvalidIndex        = SchemeManagerStatus("InvalidIndex")
	SchemeManagerStatusInvalidSignature    = SchemeManagerStatus("InvalidSignature")
	SchemeManagerStatusParsingError        = SchemeManagerStatus("ParsingError")
	SchemeManagerStatusContentParsingError = SchemeManagerStatus("ContentParsingError")
)
View Source 
const (
	DisclosureNewSession           int = iota
	DisclosureRespondPermission    int = iota
	IssuanceNewSession             int = iota
	IssuanceRespondPermission      int = iota
	TorDisclosureNewSession        int = iota
	TorDisclosureRespondPermission int = iota
	TorIssuanceNewSession          int = iota
	TorIssuanceRespondPermission   int = iota

	KssGetCommitments    int = iota
	KssGetProofPs        int = iota
	TorKssGetCommitments int = iota
	TorKssGetProofPs     int = iota

	DisclosureHttpsNewSession           int = iota
	DisclosureHttpsRespondPermission    int = iota
	IssuanceHttpsNewSession             int = iota
	IssuanceHttpsRespondPermission      int = iota
	TorDisclosureHttpsNewSession        int = iota
	TorDisclosureHttpsRespondPermission int = iota
	TorIssuanceHttpsNewSession          int = iota
	TorIssuanceHttpsRespondPermission   int = iota

	KssHttpsGetCommitments    int = iota
	KssHttpsGetProofPs        int = iota
	TorKssHttpsGetCommitments int = iota
	TorKssHttpsGetProofPs     int = iota
)
View Source 
const (
	MinVersionHeader = "X-IRMA-MinProtocolVersion"
	MaxVersionHeader = "X-IRMA-MaxProtocolVersion"
)
View Source 
const (
	StatusConnected     = Status("connected")
	StatusCommunicating = Status("communicating")
	StatusManualStarted = Status("manualStarted")
)

Statuses

View Source 
const (
	ActionDisclosing = Action("disclosing")
	ActionSigning    = Action("signing")
	ActionIssuing    = Action("issuing")
	ActionRedirect   = Action("redirect")
	ActionRevoking   = Action("revoking")
	ActionUnknown    = Action("unknown")
)

Actions

View Source 
const (
	// Protocol version not supported
	ErrorProtocolVersionNotSupported = ErrorType("protocolVersionNotSupported")
	// Error in HTTP communication
	ErrorTransport = ErrorType("transport")
	// HTTPS required
	ErrorHTTPS = ErrorType("https")
	// Invalid client JWT in first IRMA message
	ErrorInvalidJWT = ErrorType("invalidJwt")
	// Unkown session type (not disclosing, signing, or issuing)
	ErrorUnknownAction = ErrorType("unknownAction")
	// Crypto error during calculation of our response (second IRMA message)
	ErrorCrypto = ErrorType("crypto")
	// Error involving revocation or nonrevocation proofs
	ErrorRevocation = ErrorType("revocation")
	// Server rejected our response (second IRMA message)
	ErrorRejected = ErrorType("rejected")
	// (De)serializing of a message failed
	ErrorSerialization = ErrorType("serialization")
	// Error in keyshare protocol
	ErrorKeyshare = ErrorType("keyshare")
	// The user is not enrolled at one of the keyshare servers needed for the request
	ErrorKeyshareUnenrolled = ErrorType("keyshareUnenrolled")
	// API server error
	ErrorApi = ErrorType("api")
	// Server returned unexpected or malformed response
	ErrorServerResponse = ErrorType("serverResponse")
	// Credential type not present in our Configuration
	ErrorUnknownIdentifier = ErrorType("unknownIdentifier")
	// Non-optional attribute not present in credential
	ErrorRequiredAttributeMissing = ErrorType("requiredAttributeMissing")
	// Error during downloading of credential type, issuer, or public keys
	ErrorConfigurationDownload = ErrorType("configurationDownload")
	// IRMA requests refers to unknown scheme manager
	ErrorUnknownSchemeManager = ErrorType("unknownSchemeManager")
	// A session is requested involving a scheme manager that has some problem
	ErrorInvalidSchemeManager = ErrorType("invalidSchemeManager")
	// Invalid session request
	ErrorInvalidRequest = ErrorType("invalidRequest")
	// Recovered panic
	ErrorPanic = ErrorType("panic")
)

Protocol errors

View Source 
const (
	LDContextDisclosureRequest = "https://irma.app/ld/request/disclosure/v2"
	LDContextSignatureRequest  = "https://irma.app/ld/request/signature/v2"
	LDContextIssuanceRequest   = "https://irma.app/ld/request/issuance/v2"
	LDContextRevocationRequest = "https://irma.app/ld/request/revocation/v1"
)
View Source 
const (
	ProofStatusValid             = ProofStatus("VALID")              // Proof is valid
	ProofStatusInvalid           = ProofStatus("INVALID")            // Proof is invalid
	ProofStatusInvalidTimestamp  = ProofStatus("INVALID_TIMESTAMP")  // Attribute-based signature had invalid timestamp
	ProofStatusUnmatchedRequest  = ProofStatus("UNMATCHED_REQUEST")  // Proof does not correspond to a specified request
	ProofStatusMissingAttributes = ProofStatus("MISSING_ATTRIBUTES") // Proof does not contain all requested attributes
	ProofStatusExpired           = ProofStatus("EXPIRED")            // Attributes were expired at proof creation time (now, or according to timestamp in case of abs)

	AttributeProofStatusPresent = AttributeProofStatus("PRESENT") // Attribute is disclosed and matches the value
	AttributeProofStatusExtra   = AttributeProofStatus("EXTRA")   // Attribute is disclosed, but wasn't requested in request
	AttributeProofStatusNull    = AttributeProofStatus("NULL")    // Attribute is disclosed but is null
)
View Source 
const (
	// ExpiryFactor is the precision for the expiry attribute. Value is one week.
	ExpiryFactor = 60 * 60 * 24 * 7
)
View Source 
const LDContextSignedMessage = "https://irma.app/ld/signature/v2"
View Source 
const Version = "0.5.0-rc.3"

Version of the IRMA command line and libraries

Variables ¶

View Source 
var (
	ErrRevocationStateNotFound = errors.New("revocation state not found")
	ErrUnknownRevocationKey    = errors.New("unknown revocationKey")
	ErrorUnknownCredentialType = errors.New("unknown credential type")
)
View Source 
var DefaultSchemeManagers = [2]SchemeManagerPointer{
	{
		Url: "https://privacybydesign.foundation/schememanager/irma-demo",
		Publickey: []byte(`-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHVnmAY+kGkFZn7XXozdI4HY8GOjm
54ngh4chTfn6WsTCf2w5rprfIqML61z2VTE4k8yJ0Z1QbyW6cdaao8obTQ==
-----END PUBLIC KEY-----`),
	},
	{
		Url: "https://privacybydesign.foundation/schememanager/pbdf",
		Publickey: []byte(`-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELzHV5ipBimWpuZIDaQQd+KmNpNop
dpBeCqpDwf+Grrw9ReODb6nwlsPJ/c/gqLnc+Y3sKOAJ2bFGI+jHBSsglg==
-----END PUBLIC KEY-----`),
	},
}
View Source 
var ErrMissingPublicKey = errors.New("Missing public key")
View Source 
var HTTPHeaders = map[string]http.Header{}
View Source 
var Logger *logrus.Logger

Logger is used for logging. If not set, init() will initialize it to logrus.StandardLogger().

View Source 
var RevocationParameters = struct {
	// DefaultUpdateEventCount specifies how many revocation events are attached to session requests
	// for the client to update its revocation state.
	DefaultUpdateEventCount uint64

	// RequestorUpdateInterval is the time period in minutes for requestor servers
	// updating their revocation state at th RA.
	RequestorUpdateInterval uint64

	// DefaultTolerance is the default tolerance in seconds: nonrevocation should be proved
	// by clients up to maximally this amount of seconds ago at verification time. If not, the
	// server will report the time up until nonrevocation of the attribute is guaranteed to the requestor.
	DefaultTolerance uint64

	// If server mode is enabled for a credential type, then once every so many seconds
	// the timestamp in each accumulator is updated to now.
	AccumulatorUpdateInterval uint64

	// DELETE issuance records of expired credential every so many minutes
	DeleteIssuanceRecordsInterval uint64

	// ClientUpdateInterval is the time interval with which the irmaclient periodically
	// retrieves a revocation update from the RA and updates its revocation state with a small but
	// increasing probability.
	ClientUpdateInterval uint64

	// ClientDefaultUpdateSpeed is the amount of time in hours after which it becomes very likely
	// that the app will update its witness, quickly after it has been opened.
	ClientDefaultUpdateSpeed uint64

	// ClientUpdateTimeout is the amount of time in milliseconds that the irmaclient waits
	// for nonrevocation witness updating to complete, before it continues with the session even
	// if updating is not yet done (in which case the candidate set computed by the client
	// may contain credentials that were revoked by one of the requestor's update messages).
	ClientUpdateTimeout uint64

	// Cache-control: max-age HTTP return header (in seconds)
	EventsCacheMaxAge uint64

	UpdateMinCount      uint64
	UpdateMaxCount      uint64
	UpdateMinCountPower int
	UpdateMaxCountPower int
}{
	RequestorUpdateInterval:       10,
	DefaultTolerance:              10 * 60,
	AccumulatorUpdateInterval:     60,
	DeleteIssuanceRecordsInterval: 5 * 60,
	ClientUpdateInterval:          10,
	ClientDefaultUpdateSpeed:      7 * 24,
	ClientUpdateTimeout:           1000,
	UpdateMinCountPower:           4,
	UpdateMaxCountPower:           9,
	EventsCacheMaxAge:             60 * 60,
}

RevocationParameters contains global revocation constants and default values.

Functions ¶

func ASN1ConvertSignatureNonce ¶ 

func ASN1ConvertSignatureNonce(message string, nonce *big.Int, timestamp *atum.Timestamp) *big.Int

ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature: 

nonce = SHA256(serverNonce, SHA256(message), timestampSignature)

where serverNonce is the nonce sent by the signature requestor.

func AddMeasurementResult ¶ 

func AddMeasurementResult(measurementType int, result int64)

func ClearFlutterMeasurements ¶ 

func ClearFlutterMeasurements()

func DefaultDataPath ¶ 

func DefaultDataPath() string

DefaultDataPath returns the default storage path for IRMA, using XDG Base Directory Specification https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html:

  • %LOCALAPPDATA% (i.e. C:\Users\$user\AppData\Local) if on Windows,
  • $XDG_DATA_HOME if set, otherwise $HOME/.local/share
  • $XDG_DATA_DIRS if set, otherwise /usr/local/share/ and /usr/share/
  • then the OSes temp dir (os.TempDir()),

returning the first of these that exists or can be created.

func DefaultSchemesPath ¶ 

func DefaultSchemesPath() string

DefaultSchemesPath returns the default storage path for irma_configuration, namely DefaultDataPath + "/irma_configuration"

func FloorToEpochBoundary ¶ 

func FloorToEpochBoundary(t time.Time) time.Time

FloorToEpochBoundary returns the greatest time not greater than the argument that falls on the boundary of an epoch for attribute validity or expiry, of which the value is defined by ExpiryFactor (one week).

func GetMetadataVersion ¶ 

func GetMetadataVersion(v *ProtocolVersion) byte

GetMetadataVersion maps a chosen protocol version to a metadata version that the server will use.

func GetTimestamp ¶ 

func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf *Configuration) (*atum.Timestamp, error)

GetTimestamp GETs a signed timestamp (a signature over the current time and the parameters) over the message to be signed, the randomized signatures over the attributes, and the disclosed attributes, for in attribute-based signature sessions.

func IncrementMeasurementAndDetermineAgain ¶ 

func IncrementMeasurementAndDetermineAgain() bool

func IsClientConnectedToTor ¶ 

func IsClientConnectedToTor(httpClient *http.Client) bool

func MakeTorHttpClient ¶ 

func MakeTorHttpClient(dataDir string) (*tor.Tor, func(), *http.Client)

func MarshalBinary ¶ 

func MarshalBinary(message interface{}) ([]byte, error)

func ParseApiServerJwt ¶ 

func ParseApiServerJwt(inputJwt string, signingKey *rsa.PublicKey) (map[AttributeTypeIdentifier]*DisclosedAttribute, error)

ParseApiServerJwt verifies and parses a JWT as returned by an irma_api_server after a disclosure request into a key-value pair.

func PrintExternalIpClient ¶ 

func PrintExternalIpClient(httpClient *http.Client)

func RenewTorCircuit ¶ 

func RenewTorCircuit(tor *tor.Tor, cancel func()) (func(), *http.Client)

func SendResultsAndResetMeasurements ¶ 

func SendResultsAndResetMeasurements()

func SetLogger ¶ 

func SetLogger(logger *logrus.Logger)

func SignRequestorRequest ¶ 

func SignRequestorRequest(request RequestorRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)

func SignSessionRequest ¶ 

func SignSessionRequest(request SessionRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)

func StopProgramWhenNeeded ¶ 

func StopProgramWhenNeeded(useTor bool, httpClient *http.Client)

func TimestampRequest ¶ 

func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, conf *Configuration) (
	[]byte, string, error)

TimestampRequest computes the nonce to be signed by a timestamp server, given a message to be signed in an attribute-based signature session along with the randomized signatures over the attributes and the disclosed attributes. The url of the timestamp server that should be used to validate the request is returned as the second return value.

func UnmarshalBinary ¶ 

func UnmarshalBinary(data []byte, dst interface{}) error

func UnmarshalValidate ¶ 

func UnmarshalValidate(data []byte, dest interface{}) error

UnmarshalValidate json.Unmarshal's data, and validates it using the Validate() method if dest implements the Validator interface.

func UnmarshalValidateBinary ¶ 

func UnmarshalValidateBinary(data []byte, dest interface{}) error

Types ¶

type AccumulatorRecord ¶ 

type AccumulatorRecord struct {
	CredType  CredentialTypeIdentifier `gorm:"primary_key"`
	Data      signedMessage
	PKCounter *uint `gorm:"primary_key;auto_increment:false"`
}

Structs corresponding to SQL table rows, ending in Record

func (*AccumulatorRecord) Convert ¶ 

func (a *AccumulatorRecord) Convert(id CredentialTypeIdentifier, sacc *revocation.SignedAccumulator) *AccumulatorRecord

func (*AccumulatorRecord) SignedAccumulator ¶ 

func (a *AccumulatorRecord) SignedAccumulator() *revocation.SignedAccumulator

type Action ¶ 

type Action string

Action encodes the session type of an IRMA session (e.g., disclosing).

type AttributeCon ¶ 

type AttributeCon []AttributeRequest

An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.

func (AttributeCon) CredentialTypes ¶ 

func (c AttributeCon) CredentialTypes() []CredentialTypeIdentifier

CredentialTypes returns an array of all credential types occuring in this conjunction.

func (AttributeCon) Satisfy ¶ 

func (c AttributeCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, revocation map[int]*time.Time, conf *Configuration) (bool, []*DisclosedAttribute, error)

Satisfy returns if each of the attributes specified by proofs and indices satisfies each of the contained AttributeRequests's. If so it also returns a list of the disclosed attribute values.

func (AttributeCon) Validate ¶ 

func (c AttributeCon) Validate() error

type AttributeConDisCon ¶ 

type AttributeConDisCon []AttributeDisCon

AttributeConDisCon is only satisfied if all of the containing AttributeDisCon are satisfied.

func (AttributeConDisCon) Iterate ¶ 

func (cdc AttributeConDisCon) Iterate(f func(attr *AttributeRequest) error) error

func (AttributeConDisCon) Satisfy ¶ 

func (cdc AttributeConDisCon) Satisfy(disclosure *Disclosure, revocation map[int]*time.Time, conf *Configuration) (bool, [][]*DisclosedAttribute, error)

Satisfy returns true if each of the contained AttributeDisCon is satisfied by the specified disclosure. If so it also returns the disclosed attributes.

func (AttributeConDisCon) Validate ¶ 

func (cdc AttributeConDisCon) Validate(conf *Configuration) error

type AttributeDisCon ¶ 

type AttributeDisCon []AttributeCon

An AttributeDisCon is satisfied if at least one of its containing AttributeCon is satisfied.

func (AttributeDisCon) Satisfy ¶ 

func (dc AttributeDisCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, revocation map[int]*time.Time, conf *Configuration) (bool, []*DisclosedAttribute, error)

Satisfy returns true if the attributes specified by proofs and indices satisfies any one of the contained AttributeCon's. If so it also returns a list of the disclosed attribute values.

func (AttributeDisCon) Validate ¶ 

func (dc AttributeDisCon) Validate() error

type AttributeIdentifier ¶ 

type AttributeIdentifier struct {
	Type           AttributeTypeIdentifier
	CredentialHash string
}

AttributeIdentifier identifies an attribute instance.

func (*AttributeIdentifier) CredentialIdentifier ¶ 

func (ai *AttributeIdentifier) CredentialIdentifier() CredentialIdentifier

CredentialIdentifier returns the credential identifier of this attribute.

type AttributeList ¶ 

type AttributeList struct {
	*MetadataAttribute  `json:"-"`
	Ints                []*big.Int
	Revoked             bool `json:",omitempty"`
	RevocationSupported bool `json:",omitempty"`
	// contains filtered or unexported fields
}

AttributeList contains attributes, excluding the secret key, providing convenient access to the metadata attribute.

func NewAttributeListFromInts ¶ 

func NewAttributeListFromInts(ints []*big.Int, conf *Configuration) *AttributeList

NewAttributeListFromInts initializes a new AttributeList from a list of bigints.

func (*AttributeList) Attribute ¶ 

func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) TranslatedString

Attribute returns the content of the specified attribute, or nil if not present in this attribute list.

func (*AttributeList) CredentialInfo ¶ 

func (attrs *AttributeList) CredentialInfo() *CredentialInfo

func (*AttributeList) EqualsExceptMetadata ¶ 

func (al *AttributeList) EqualsExceptMetadata(ol *AttributeList) bool

EqualsExceptMetadata checks whether two AttributeLists have the same attribute values. The attribute containing the metadata information is skipped in this check.

func (*AttributeList) Hash ¶ 

func (al *AttributeList) Hash() string

func (*AttributeList) Info ¶ 

func (al *AttributeList) Info() *CredentialInfo

func (*AttributeList) Map ¶ 

func (al *AttributeList) Map() map[AttributeTypeIdentifier]TranslatedString

func (*AttributeList) Strings ¶ 

func (al *AttributeList) Strings() []TranslatedString

Strings converts the current instance to human-readable strings.

func (*AttributeList) UntranslatedAttribute ¶ 

func (al *AttributeList) UntranslatedAttribute(identifier AttributeTypeIdentifier) *string

UntranslatedAttribute decodes the bigint corresponding to the specified attribute.

type AttributeProofStatus ¶ 

type AttributeProofStatus string

Status is the proof status of a single attribute

type AttributeRequest ¶ 

type AttributeRequest struct {
	Type    AttributeTypeIdentifier `json:"type"`
	Value   *string                 `json:"value,omitempty"`
	NotNull bool                    `json:"notNull,omitempty"`
}

An AttributeRequest asks for an instance of an attribute type, possibly requiring it to have a specified value, in a session request.

func NewAttributeRequest ¶ 

func NewAttributeRequest(attr string) AttributeRequest

NewAttributeRequest requests the specified attribute.

func (*AttributeRequest) MarshalJSON ¶ 

func (ar *AttributeRequest) MarshalJSON() ([]byte, error)

func (*AttributeRequest) Satisfy ¶ 

func (ar *AttributeRequest) Satisfy(attr AttributeTypeIdentifier, val *string) bool

Satisfy indicates whether the given attribute type and value satisfies this AttributeRequest.

func (*AttributeRequest) UnmarshalJSON ¶ 

func (ar *AttributeRequest) UnmarshalJSON(bts []byte) error

type AttributeType ¶ 

type AttributeType struct {
	ID          string `xml:"id,attr"`
	Optional    string `xml:"optional,attr"  json:",omitempty"`
	Name        TranslatedString
	Description TranslatedString

	Index        int    `xml:"-"`
	DisplayIndex *int   `xml:"displayIndex,attr" json:",omitempty"`
	DisplayHint  string `xml:"displayHint,attr"  json:",omitempty"`

	RevocationAttribute bool `xml:"revocation,attr" json:",omitempty"`

	// Taken from containing CredentialType
	CredentialTypeID string `xml:"-"`
	IssuerID         string `xml:"-"`
	SchemeManagerID  string `xml:"-"`
}

AttributeType is a description of an attribute within a credential type.

func (AttributeType) GetAttributeTypeIdentifier ¶ 

func (ad AttributeType) GetAttributeTypeIdentifier() AttributeTypeIdentifier

func (AttributeType) IsOptional ¶ 

func (ad AttributeType) IsOptional() bool

type AttributeTypeIdentifier ¶ 

type AttributeTypeIdentifier struct {
	// contains filtered or unexported fields
}

AttributeTypeIdentifier identifies an attribute. For example "irma-demo.RU.studentCard.studentID".

func NewAttributeTypeIdentifier ¶ 

func NewAttributeTypeIdentifier(id string) AttributeTypeIdentifier

NewAttributeTypeIdentifier converts the specified identifier to a AttributeTypeIdentifier.

func (AttributeTypeIdentifier) CredentialTypeIdentifier ¶ 

func (id AttributeTypeIdentifier) CredentialTypeIdentifier() CredentialTypeIdentifier

CredentialTypeIdentifier returns the CredentialTypeIdentifier of the attribute identifier.

func (AttributeTypeIdentifier) Empty ¶ 

func (oi AttributeTypeIdentifier) Empty() bool

func (AttributeTypeIdentifier) GormDataType ¶ 

func (AttributeTypeIdentifier) GormDataType(dialect gorm.Dialect) string

func (AttributeTypeIdentifier) IsCredential ¶ 

func (id AttributeTypeIdentifier) IsCredential() bool

IsCredential returns true if this attribute refers to its containing credential (i.e., it consists of only 3 parts).

func (AttributeTypeIdentifier) MarshalCBOR ¶ 

func (oi AttributeTypeIdentifier) MarshalCBOR() (data []byte, err error)

func (AttributeTypeIdentifier) MarshalText ¶ 

func (id AttributeTypeIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (AttributeTypeIdentifier) Name ¶ 

func (oi AttributeTypeIdentifier) Name() string

Name returns the last part of this identifier.

func (AttributeTypeIdentifier) Parent ¶ 

func (oi AttributeTypeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (AttributeTypeIdentifier) Root ¶ 

func (oi AttributeTypeIdentifier) Root() string

func (*AttributeTypeIdentifier) Scan ¶ 

func (oi *AttributeTypeIdentifier) Scan(src interface{}) error

func (AttributeTypeIdentifier) String ¶ 

func (oi AttributeTypeIdentifier) String() string

String returns this identifier as a string.

func (*AttributeTypeIdentifier) UnmarshalCBOR ¶ 

func (oi *AttributeTypeIdentifier) UnmarshalCBOR(data []byte) error

func (*AttributeTypeIdentifier) UnmarshalText ¶ 

func (id *AttributeTypeIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (AttributeTypeIdentifier) Value ¶ 

func (oi AttributeTypeIdentifier) Value() (driver.Value, error)

type BaseRequest ¶ 

type BaseRequest struct {
	LDContext string `json:"@context,omitempty"`

	// Set by the IRMA server during the session
	Context         *big.Int         `json:"context,omitempty"`
	Nonce           *big.Int         `json:"nonce,omitempty"`
	ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"`

	// Revocation is set by the requestor to indicate that it requires nonrevocation proofs for the
	// specified credential types.
	Revocation NonRevocationParameters `json:"revocation,omitempty"`

	Type            Action `json:"type,omitempty"` // Session type, only used in legacy code
	DevelopmentMode bool   `json:"devMode,omitempty"`

	ClientReturnURL string `json:"clientReturnUrl,omitempty"` // URL to proceed to when IRMA session is completed
	// contains filtered or unexported fields
}

BaseRequest contains information used by all IRMA session types, such the context and nonce, and revocation information.

func (*BaseRequest) GetContext ¶ 

func (b *BaseRequest) GetContext() *big.Int

func (*BaseRequest) GetNonce ¶ 

func (b *BaseRequest) GetNonce(*atum.Timestamp) *big.Int

func (*BaseRequest) Legacy ¶ 

func (b *BaseRequest) Legacy() bool

func (*BaseRequest) RequestsRevocation ¶ 

func (b *BaseRequest) RequestsRevocation(id CredentialTypeIdentifier) bool

RequestsRevocation indicates whether or not the requestor requires a nonrevocation proof for the given credential type; that is, whether or not it included revocation update messages.

func (*BaseRequest) RevocationSupported ¶ 

func (b *BaseRequest) RevocationSupported() bool

func (*BaseRequest) Validate ¶ 

func (b *BaseRequest) Validate(conf *Configuration) error

type Configuration ¶ 

type Configuration struct {
	SchemeManagers  map[SchemeManagerIdentifier]*SchemeManager
	Issuers         map[IssuerIdentifier]*Issuer
	CredentialTypes map[CredentialTypeIdentifier]*CredentialType
	AttributeTypes  map[AttributeTypeIdentifier]*AttributeType

	// Issuer private keys. If set (after calling ParseFolder()), will use these keys
	// instead of keys in irma_configuration/$issuer/PrivateKeys.
	PrivateKeys map[IssuerIdentifier]map[uint]*gabi.PrivateKey

	Revocation *RevocationStorage `json:"-"`

	Scheduler *gocron.Scheduler

	// Path to the irma_configuration folder that this instance represents
	Path string

	// DisabledSchemeManagers keeps track of scheme managers that did not parse  succesfully
	// (i.e., invalid signature, parsing error), and the problem that occurred when parsing them
	DisabledSchemeManagers map[SchemeManagerIdentifier]*SchemeManagerError

	Warnings []string `json:"-"`
	// contains filtered or unexported fields
}

Configuration keeps track of scheme managers, issuers, credential types and public keys, dezerializing them from an irma_configuration folder, and downloads and saves new ones on demand.

func NewConfiguration ¶ 

func NewConfiguration(path string, opts ConfigurationOptions) (conf *Configuration, err error)

NewConfiguration returns a new configuration. After this ParseFolder() should be called to parse the specified path.

func (*Configuration) AutoUpdateSchemes ¶ 

func (conf *Configuration) AutoUpdateSchemes(interval uint)

func (*Configuration) ContainsAttributeType ¶ 

func (conf *Configuration) ContainsAttributeType(attr AttributeTypeIdentifier) bool

func (*Configuration) ContainsCredentialType ¶ 

func (conf *Configuration) ContainsCredentialType(cred CredentialTypeIdentifier) bool

ContainsCredentialType checks if the configuration contains the specified credential type.

func (*Configuration) CopyManagerFromAssets ¶ 

func (conf *Configuration) CopyManagerFromAssets(scheme SchemeManagerIdentifier) (bool, error)

func (*Configuration) DangerousTOFUInstallSchemeManager ¶ 

func (conf *Configuration) DangerousTOFUInstallSchemeManager(manager *SchemeManager) error

DangerousTOFUInstallSchemeManager downloads and adds the specified scheme to this Configuration, downloading and trusting its public key from the scheme's remote URL.

func (*Configuration) DeleteSchemeManager ¶ 

func (conf *Configuration) DeleteSchemeManager(id SchemeManagerIdentifier) error

func (*Configuration) Download ¶ 

func (conf *Configuration) Download(session SessionRequest) (downloaded *IrmaIdentifierSet, err error)

Download downloads the issuers, credential types and public keys specified in set if the current Configuration does not already have them, and checks their authenticity using the scheme manager index.

func (*Configuration) DownloadDefaultSchemes ¶ 

func (conf *Configuration) DownloadDefaultSchemes() error

func (*Configuration) DownloadSchemeManagerSignature ¶ 

func (conf *Configuration) DownloadSchemeManagerSignature(manager *SchemeManager) (err error)

DownloadSchemeManagerSignature downloads, stores and verifies the latest version of the index file and signature of the specified manager.

func (*Configuration) InstallSchemeManager ¶ 

func (conf *Configuration) InstallSchemeManager(manager *SchemeManager, publickey []byte) error

InstallSchemeManager downloads and adds the specified scheme manager to this Configuration, provided its signature is valid against the specified key.

func (*Configuration) IsInitialized ¶ 

func (conf *Configuration) IsInitialized() bool

IsInitialized indicates whether this instance has successfully been initialized.

func (*Configuration) KeyshareServerKeyFunc ¶ 

func (conf *Configuration) KeyshareServerKeyFunc(scheme SchemeManagerIdentifier) func(t *jwt.Token) (interface{}, error)

KeyshareServerKeyFunc returns a function that returns the public key with which to verify a keyshare server JWT, suitable for passing to jwt.Parse() and jwt.ParseWithClaims().

func (*Configuration) KeyshareServerPublicKey ¶ 

func (conf *Configuration) KeyshareServerPublicKey(scheme SchemeManagerIdentifier, i int) (*rsa.PublicKey, error)

KeyshareServerPublicKey returns the i'th public key of the specified scheme.

func (*Configuration) ParseFolder ¶ 

func (conf *Configuration) ParseFolder() (err error)

ParseFolder populates the current Configuration by parsing the storage path, listing the containing scheme managers, issuers and credential types.

func (*Configuration) ParseOrRestoreFolder ¶ 

func (conf *Configuration) ParseOrRestoreFolder() error

ParseOrRestoreFolder parses the irma_configuration folder, and when possible attempts to restore any broken scheme managers from their remote. Any error encountered during parsing is considered recoverable only if it is of type *SchemeManagerError; In this case the scheme in which it occured is downloaded from its remote and re-parsed. If any other error is encountered at any time, it is returned immediately. If no error is returned, parsing and possibly restoring has been succesfull, and there should be no disabled scheme managers.

func (*Configuration) ParseSchemeManagerFolder ¶ 

func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeManager) (err error)

ParseSchemeManagerFolder parses the entire tree of the specified scheme manager If err != nil then a problem occured

func (*Configuration) PrivateKey ¶ 

func (conf *Configuration) PrivateKey(id IssuerIdentifier, counter uint) (*gabi.PrivateKey, error)

PrivateKey returns the specified private key of the specified issuer if present; an error otherwise.

func (*Configuration) PrivateKeyIndices ¶ 

func (conf *Configuration) PrivateKeyIndices(issuerid IssuerIdentifier) (i []uint, err error)

func (*Configuration) PrivateKeyLatest ¶ 

func (conf *Configuration) PrivateKeyLatest(id IssuerIdentifier) (*gabi.PrivateKey, error)

PrivateKeyLatest returns the latest private key of the specified issuer.

func (*Configuration) PublicKey ¶ 

func (conf *Configuration) PublicKey(id IssuerIdentifier, counter uint) (*gabi.PublicKey, error)

PublicKey returns the specified public key, or nil if not present in the Configuration.

func (*Configuration) PublicKeyIndices ¶ 

func (conf *Configuration) PublicKeyIndices(issuerid IssuerIdentifier) (i []uint, err error)

func (*Configuration) PublicKeyLatest ¶ 

func (conf *Configuration) PublicKeyLatest(id IssuerIdentifier) (*gabi.PublicKey, error)

PublicKeyLatest returns the latest private key of the specified issuer.

func (*Configuration) ReadAuthenticatedFile ¶ 

func (conf *Configuration) ReadAuthenticatedFile(manager *SchemeManager, path string) ([]byte, bool, error)

ReadAuthenticatedFile reads the file at the specified path and verifies its authenticity by checking that the file hash is present in the (signed) scheme manager index file.

func (*Configuration) ReinstallSchemeManager ¶ 

func (conf *Configuration) ReinstallSchemeManager(manager *SchemeManager) (err error)

func (*Configuration) UpdateSchemeManager ¶ 

func (conf *Configuration) UpdateSchemeManager(id SchemeManagerIdentifier, downloaded *IrmaIdentifierSet) (err error)

UpdateSchemeManager syncs the stored version within the irma_configuration directory with the remote version at the scheme manager's URL, downloading and storing new and modified files, according to the index files of both versions. It stores the identifiers of new or updated credential types or issuers in the second parameter. Note: any newly downloaded files are not yet parsed and inserted into conf.

func (*Configuration) UpdateSchemes ¶ 

func (conf *Configuration) UpdateSchemes() error

func (*Configuration) ValidateKeys ¶ 

func (conf *Configuration) ValidateKeys() error

func (*Configuration) VerifySchemeManager ¶ 

func (conf *Configuration) VerifySchemeManager(manager *SchemeManager) error

func (*Configuration) VerifySignature ¶ 

func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (err error)

VerifySignature verifies the signature on the scheme manager index file (which contains the SHA256 hashes of all files under this scheme manager, which are used for verifying file authenticity).

type ConfigurationFileHash ¶ 

type ConfigurationFileHash []byte

ConfigurationFileHash encodes the SHA256 hash of an authenticated file under a scheme manager within the configuration folder.

func (ConfigurationFileHash) Equal ¶ 

func (hash ConfigurationFileHash) Equal(other ConfigurationFileHash) bool

func (ConfigurationFileHash) String ¶ 

func (hash ConfigurationFileHash) String() string

type ConfigurationOptions ¶ 

type ConfigurationOptions struct {
	Assets              string
	ReadOnly            bool
	RevocationDBConnStr string
	RevocationDBType    string
	RevocationSettings  RevocationSettings
}

type CredentialIdentifier ¶ 

type CredentialIdentifier struct {
	Type CredentialTypeIdentifier
	Hash string
}

CredentialIdentifier identifies a credential instance.

type CredentialInfo ¶ 

type CredentialInfo struct {
	ID                  string                                       // e.g., "studentCard"
	IssuerID            string                                       // e.g., "RU"
	SchemeManagerID     string                                       // e.g., "irma-demo"
	SignedOn            Timestamp                                    // Unix timestamp
	Expires             Timestamp                                    // Unix timestamp
	Attributes          map[AttributeTypeIdentifier]TranslatedString // Human-readable rendered attributes
	Hash                string                                       // SHA256 hash over the attributes
	Revoked             bool                                         // If the credential has been revoked
	RevocationSupported bool                                         // If the credential supports creating nonrevocation proofs
}

CredentialInfo contains all information of an IRMA credential.

func (CredentialInfo) GetCredentialType ¶ 

func (ci CredentialInfo) GetCredentialType(conf *Configuration) *CredentialType

func (CredentialInfo) IsExpired ¶ 

func (ci CredentialInfo) IsExpired() bool

Returns true if credential is expired at moment of calling this function

type CredentialInfoList ¶ 

type CredentialInfoList []*CredentialInfo

A CredentialInfoList is a list of credentials (implements sort.Interface).

func (CredentialInfoList) Len ¶ 

func (cl CredentialInfoList) Len() int

Len implements sort.Interface.

func (CredentialInfoList) Less ¶ 

func (cl CredentialInfoList) Less(i, j int) bool

Less implements sort.Interface.

func (CredentialInfoList) Swap ¶ 

func (cl CredentialInfoList) Swap(i, j int)

Swap implements sort.Interface.

type CredentialRequest ¶ 

type CredentialRequest struct {
	Validity         *Timestamp               `json:"validity,omitempty"`
	KeyCounter       uint                     `json:"keyCounter,omitempty"`
	CredentialTypeID CredentialTypeIdentifier `json:"credential"`
	Attributes       map[string]string        `json:"attributes"`
	RevocationKey    string                   `json:"revocationKey,omitempty"`
}

A CredentialRequest contains the attributes and metadata of a credential that will be issued in an IssuanceRequest.

func (*CredentialRequest) AttributeList ¶ 

func (cr *CredentialRequest) AttributeList(
	conf *Configuration,
	metadataVersion byte,
	revocationAttr *big.Int,
	issuedAt time.Time,
) (*AttributeList, error)

AttributeList returns the list of attributes from this credential request.

func (*CredentialRequest) Info ¶ 

func (cr *CredentialRequest) Info(conf *Configuration, metadataVersion byte, issuedAt time.Time) (*CredentialInfo, error)

func (*CredentialRequest) Validate ¶ 

func (cr *CredentialRequest) Validate(conf *Configuration) error

Validate checks that this credential request is consistent with the specified Configuration: the credential type is known, all required attributes are present and no unknown attributes are given.

type CredentialType ¶ 

type CredentialType struct {
	ID                    string           `xml:"CredentialID"`
	Name                  TranslatedString `xml:"Name"`
	ShortName             TranslatedString `xml:"ShortName"`
	IssuerID              string           `xml:"IssuerID"`
	SchemeManagerID       string           `xml:"SchemeManager"`
	IsSingleton           bool             `xml:"ShouldBeSingleton"`
	DisallowDelete        bool             `xml:"DisallowDelete"`
	Description           TranslatedString
	AttributeTypes        []*AttributeType `xml:"Attributes>Attribute" json:"-"`
	RevocationServers     []string         `xml:"RevocationServers>RevocationServer"`
	RevocationUpdateCount uint64
	RevocationUpdateSpeed uint64
	RevocationIndex       int      `xml:"-"`
	XMLVersion            int      `xml:"version,attr"`
	XMLName               xml.Name `xml:"IssueSpecification"`

	IssueURL     TranslatedString `xml:"IssueURL"`
	IsULIssueURL bool             `xml:"IsULIssueURL"`

	DeprecatedSince Timestamp

	ForegroundColor         string
	BackgroundGradientStart string
	BackgroundGradientEnd   string

	IsInCredentialStore bool
	Category            TranslatedString
	FAQIntro            TranslatedString
	FAQPurpose          TranslatedString
	FAQContent          TranslatedString
	FAQHowto            TranslatedString

	Valid bool `xml:"-"`
}

CredentialType is a description of a credential type, specifying (a.o.) its name, issuer, and attributes.

func (CredentialType) AttributeType ¶ 

func (ct CredentialType) AttributeType(ai AttributeTypeIdentifier) *AttributeType

func (*CredentialType) ContainsAttribute ¶ 

func (ct *CredentialType) ContainsAttribute(ai AttributeTypeIdentifier) bool

ContainsAttribute tests whether the specified attribute is contained in this credentialtype.

func (*CredentialType) Identifier ¶ 

func (ct *CredentialType) Identifier() CredentialTypeIdentifier

Identifier returns the identifier of the specified credential type.

func (CredentialType) IndexOf ¶ 

func (ct CredentialType) IndexOf(ai AttributeTypeIdentifier) (int, error)

IndexOf returns the index of the specified attribute if present, or an error (and -1) if not present.

func (*CredentialType) IssuerIdentifier ¶ 

func (ct *CredentialType) IssuerIdentifier() IssuerIdentifier

IssuerIdentifier returns the issuer identifier of the specified credential type. 

func (ct *CredentialType) Logo(conf *Configuration) string

func (*CredentialType) RevocationSupported ¶ 

func (ct *CredentialType) RevocationSupported() bool

func (*CredentialType) SchemeManagerIdentifier ¶ 

func (ct *CredentialType) SchemeManagerIdentifier() SchemeManagerIdentifier

type CredentialTypeIdentifier ¶ 

type CredentialTypeIdentifier struct {
	// contains filtered or unexported fields
}

CredentialTypeIdentifier identifies a credentialtype. For example "irma-demo.RU.studentCard".

func NewCredentialTypeIdentifier ¶ 

func NewCredentialTypeIdentifier(id string) CredentialTypeIdentifier

NewCredentialTypeIdentifier converts the specified identifier to a CredentialTypeIdentifier.

func (CredentialTypeIdentifier) Empty ¶ 

func (oi CredentialTypeIdentifier) Empty() bool

func (CredentialTypeIdentifier) GormDataType ¶ 

func (CredentialTypeIdentifier) GormDataType(dialect gorm.Dialect) string

func (CredentialTypeIdentifier) IssuerIdentifier ¶ 

func (id CredentialTypeIdentifier) IssuerIdentifier() IssuerIdentifier

IssuerIdentifier returns the IssuerIdentifier of the credential identifier.

func (CredentialTypeIdentifier) MarshalCBOR ¶ 

func (oi CredentialTypeIdentifier) MarshalCBOR() (data []byte, err error)

func (CredentialTypeIdentifier) MarshalText ¶ 

func (id CredentialTypeIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (CredentialTypeIdentifier) Name ¶ 

func (oi CredentialTypeIdentifier) Name() string

Name returns the last part of this identifier.

func (CredentialTypeIdentifier) Parent ¶ 

func (oi CredentialTypeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (CredentialTypeIdentifier) Root ¶ 

func (oi CredentialTypeIdentifier) Root() string

func (*CredentialTypeIdentifier) Scan ¶ 

func (oi *CredentialTypeIdentifier) Scan(src interface{}) error

func (CredentialTypeIdentifier) String ¶ 

func (oi CredentialTypeIdentifier) String() string

String returns this identifier as a string.

func (*CredentialTypeIdentifier) UnmarshalCBOR ¶ 

func (oi *CredentialTypeIdentifier) UnmarshalCBOR(data []byte) error

func (*CredentialTypeIdentifier) UnmarshalText ¶ 

func (id *CredentialTypeIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (CredentialTypeIdentifier) Value ¶ 

func (oi CredentialTypeIdentifier) Value() (driver.Value, error)

type DisclosedAttribute ¶ 

type DisclosedAttribute struct {
	RawValue         *string                 `json:"rawvalue"`
	Value            TranslatedString        `json:"value"` // Value of the disclosed attribute
	Identifier       AttributeTypeIdentifier `json:"id"`
	Status           AttributeProofStatus    `json:"status"`
	IssuanceTime     Timestamp               `json:"issuancetime"`
	NotRevoked       bool                    `json:"notrevoked,omitempty"`
	NotRevokedBefore *Timestamp              `json:"notrevokedbefore,omitempty"`
}

DisclosedAttribute represents a disclosed attribute.

type DisclosedAttributeIndex ¶ 

type DisclosedAttributeIndex struct {
	CredentialIndex int                  `json:"cred"`
	AttributeIndex  int                  `json:"attr"`
	Identifier      CredentialIdentifier `json:"-"` // credential from which this attribute was disclosed
}

DisclosedAttributeIndex points to a specific attribute in a gabi.ProofList.

type DisclosedAttributeIndices ¶ 

type DisclosedAttributeIndices [][]*DisclosedAttributeIndex

DisclosedAttributeIndices contains, for each conjunction of an attribute disclosure request, a list of attribute indices, pointing to where the disclosed attributes for that conjunction can be found within a gabi.ProofList.

type Disclosure ¶ 

type Disclosure struct {
	Proofs  gabi.ProofList            `json:"proofs"`
	Indices DisclosedAttributeIndices `json:"indices"`
}

func (*Disclosure) DisclosedAttributes ¶ 

func (d *Disclosure) DisclosedAttributes(configuration *Configuration, condiscon AttributeConDisCon, revtimes map[int]*time.Time) (bool, [][]*DisclosedAttribute, error)

DisclosedAttributes returns a slice containing for each item in the conjunction the disclosed attributes that are present in the proof list. If a non-empty and non-nil AttributeDisjunctionList is included, then the first attributes in the returned slice match with the disjunction list in the disjunction list. The first return parameter of this function indicates whether or not all disjunctions (if present) are satisfied.

func (*Disclosure) Verify ¶ 

func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error)

func (*Disclosure) VerifyAgainstRequest ¶ 

func (d *Disclosure) VerifyAgainstRequest(
	configuration *Configuration,
	request SessionRequest,
	context, nonce *big.Int,
	publickeys []*gabi.PublicKey,
	validAt *time.Time,
	issig bool,
) ([][]*DisclosedAttribute, ProofStatus, error)

type DisclosureChoice ¶ 

type DisclosureChoice struct {
	Attributes [][]*AttributeIdentifier
}

A DisclosureChoice contains the attributes chosen to be disclosed.

func (*DisclosureChoice) Validate ¶ 

func (choice *DisclosureChoice) Validate() error

type DisclosureRequest ¶ 

type DisclosureRequest struct {
	BaseRequest

	Disclose AttributeConDisCon       `json:"disclose,omitempty"`
	Labels   map[int]TranslatedString `json:"labels,omitempty"`
}

A DisclosureRequest is a request to disclose certain attributes. Construct new instances using NewDisclosureRequest().

func NewDisclosureRequest ¶ 

func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest

func (*DisclosureRequest) Action ¶ 

func (dr *DisclosureRequest) Action() Action

func (*DisclosureRequest) AddSingle ¶ 

func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *string, label TranslatedString)

func (*DisclosureRequest) Base ¶ 

func (dr *DisclosureRequest) Base() *BaseRequest

func (*DisclosureRequest) Disclosure ¶ 

func (dr *DisclosureRequest) Disclosure() *DisclosureRequest

func (*DisclosureRequest) Identifiers ¶ 

func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet

func (*DisclosureRequest) IsDisclosureRequest ¶ 

func (dr *DisclosureRequest) IsDisclosureRequest() bool

func (*DisclosureRequest) Legacy ¶ 

func (dr *DisclosureRequest) Legacy() (SessionRequest, error)

func (*DisclosureRequest) UnmarshalJSON ¶ 

func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error)

func (*DisclosureRequest) Validate ¶ 

func (dr *DisclosureRequest) Validate() error

type ErrorType ¶ 

type ErrorType string

ErrorType are session errors.

func (ErrorType) Error ¶ 

func (err ErrorType) Error() string

type EventRecord ¶ 

type EventRecord struct {
	Index      *uint64                  `gorm:"primary_key;column:eventindex;auto_increment:false"`
	CredType   CredentialTypeIdentifier `gorm:"primary_key"`
	PKCounter  *uint                    `gorm:"primary_key;auto_increment:false"`
	E          *RevocationAttribute
	ParentHash eventHash
}

Structs corresponding to SQL table rows, ending in Record

func (*EventRecord) Convert ¶ 

func (e *EventRecord) Convert(id CredentialTypeIdentifier, pkcounter uint, event *revocation.Event) *EventRecord

func (*EventRecord) Event ¶ 

func (e *EventRecord) Event() *revocation.Event

type ExpiredError ¶ 

type ExpiredError struct {
	Err error // underlying error
}

ExpiredError indicates that something (e.g. a JWT) has expired.

func (ExpiredError) Error ¶ 

func (e ExpiredError) Error() string

type HTTPTransport ¶ 

type HTTPTransport struct {
	Server     string
	Binary     bool
	ForceHTTPS bool
	// contains filtered or unexported fields
}

HTTPTransport sends and receives JSON messages to a HTTP server.

func NewHTTPTransport ¶ 

func NewHTTPTransport(serverURL string, forceHTTPS bool, httpClients ...*http.Client) *HTTPTransport

NewHTTPTransport returns a new HTTPTransport.

func (*HTTPTransport) Delete ¶ 

func (transport *HTTPTransport) Delete()

Delete performs a DELETE.

func (*HTTPTransport) Get ¶ 

func (transport *HTTPTransport) Get(url string, result interface{}) error

Get performs a GET request and parses the server's response into result.

func (*HTTPTransport) GetBytes ¶ 

func (transport *HTTPTransport) GetBytes(url string) ([]byte, error)

func (*HTTPTransport) Post ¶ 

func (transport *HTTPTransport) Post(url string, result interface{}, object interface{}) error

Post sends the object to the server and parses its response into result.

func (*HTTPTransport) SetHeader ¶ 

func (transport *HTTPTransport) SetHeader(name, val string)

SetHeader sets a header to be sent in requests.

type IdentityProviderJwt ¶ 

type IdentityProviderJwt struct {
	ServerJwt
	Request *IdentityProviderRequest `json:"iprequest"`
}

IdentityProviderJwt is a requestor JWT for issuance session.

func NewIdentityProviderJwt ¶ 

func NewIdentityProviderJwt(servername string, ir *IssuanceRequest) *IdentityProviderJwt

NewIdentityProviderJwt returns a new IdentityProviderJwt.

func (*IdentityProviderJwt) Action ¶ 

func (claims *IdentityProviderJwt) Action() Action

func (*IdentityProviderJwt) RequestorRequest ¶ 

func (claims *IdentityProviderJwt) RequestorRequest() RequestorRequest

func (*IdentityProviderJwt) SessionRequest ¶ 

func (claims *IdentityProviderJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*IdentityProviderJwt) Sign ¶ 

func (claims *IdentityProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*IdentityProviderJwt) Valid ¶ 

func (claims *IdentityProviderJwt) Valid() error

type IdentityProviderRequest ¶ 

type IdentityProviderRequest struct {
	RequestorBaseRequest
	Request *IssuanceRequest `json:"request"`
}

An IdentityProviderRequest contains an issuance request.

func (*IdentityProviderRequest) Base ¶ 

func (r *IdentityProviderRequest) Base() RequestorBaseRequest

func (*IdentityProviderRequest) SessionRequest ¶ 

func (r *IdentityProviderRequest) SessionRequest() SessionRequest

func (*IdentityProviderRequest) Validate ¶ 

func (r *IdentityProviderRequest) Validate() error

type IrmaIdentifierSet ¶ 

type IrmaIdentifierSet struct {
	SchemeManagers  map[SchemeManagerIdentifier]struct{}
	Issuers         map[IssuerIdentifier]struct{}
	CredentialTypes map[CredentialTypeIdentifier]struct{}
	PublicKeys      map[IssuerIdentifier][]uint
	AttributeTypes  map[AttributeTypeIdentifier]struct{}
}

IrmaIdentifierSet contains a set (ensured by using map[...]struct{}) of all scheme managers, all issuers, all credential types, all public keys and all attribute types that are involved in an IRMA session.

func (*IrmaIdentifierSet) Distributed ¶ 

func (set *IrmaIdentifierSet) Distributed(conf *Configuration) bool

func (*IrmaIdentifierSet) Empty ¶ 

func (set *IrmaIdentifierSet) Empty() bool

func (*IrmaIdentifierSet) String ¶ 

func (set *IrmaIdentifierSet) String() string

type IssuanceRecord ¶ 

type IssuanceRecord struct {
	Key        string                   `gorm:"primary_key;column:revocationkey"`
	CredType   CredentialTypeIdentifier `gorm:"primary_key"`
	Issued     int64                    `gorm:"primary_key;auto_increment:false"`
	PKCounter  *uint
	Attr       *RevocationAttribute
	ValidUntil int64
	RevokedAt  int64 `json:",omitempty"` // 0 if not currently revoked
}

IssuanceRecord contains information generated during issuance, needed for later revocation.

type IssuanceRequest ¶ 

type IssuanceRequest struct {
	DisclosureRequest
	Credentials []*CredentialRequest `json:"credentials"`

	// Derived data
	CredentialInfoList        CredentialInfoList `json:",omitempty"`
	RemovalCredentialInfoList CredentialInfoList `json:",omitempty"`
}

An IssuanceRequest is a request to issue certain credentials, optionally also asking for certain attributes to be simultaneously disclosed. Construct new instances using NewIssuanceRequest().

func NewIssuanceRequest ¶ 

func NewIssuanceRequest(creds []*CredentialRequest, attrs ...AttributeTypeIdentifier) *IssuanceRequest

func (*IssuanceRequest) Action ¶ 

func (ir *IssuanceRequest) Action() Action

func (*IssuanceRequest) GetCredentialInfoList ¶ 

func (ir *IssuanceRequest) GetCredentialInfoList(
	conf *Configuration,
	version *ProtocolVersion,
	issuedAt time.Time,
) (CredentialInfoList, error)

func (*IssuanceRequest) Identifiers ¶ 

func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet

func (*IssuanceRequest) Legacy ¶ 

func (ir *IssuanceRequest) Legacy() (SessionRequest, error)

func (*IssuanceRequest) UnmarshalJSON ¶ 

func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error)

func (*IssuanceRequest) Validate ¶ 

func (ir *IssuanceRequest) Validate() error

type IssueCommitmentMessage ¶ 

type IssueCommitmentMessage struct {
	*gabi.IssueCommitmentMessage
	Indices DisclosedAttributeIndices `json:"indices,omitempty"`
}

func (*IssueCommitmentMessage) Disclosure ¶ 

func (i *IssueCommitmentMessage) Disclosure() *Disclosure

type Issuer ¶ 

type Issuer struct {
	ID              string           `xml:"ID"`
	Name            TranslatedString `xml:"Name"`
	ShortName       TranslatedString `xml:"ShortName"`
	SchemeManagerID string           `xml:"SchemeManager"`
	ContactAddress  string
	ContactEMail    string
	DeprecatedSince Timestamp
	XMLVersion      int `xml:"version,attr"`

	Valid bool `xml:"-"`
}

Issuer describes an issuer.

func (*Issuer) Identifier ¶ 

func (id *Issuer) Identifier() IssuerIdentifier

Identifier returns the identifier of the specified issuer description.

func (*Issuer) SchemeManagerIdentifier ¶ 

func (id *Issuer) SchemeManagerIdentifier() SchemeManagerIdentifier

type IssuerIdentifier ¶ 

type IssuerIdentifier struct {
	// contains filtered or unexported fields
}

IssuerIdentifier identifies an issuer. For example "irma-demo.RU".

func NewIssuerIdentifier ¶ 

func NewIssuerIdentifier(id string) IssuerIdentifier

NewIssuerIdentifier converts the specified identifier to a IssuerIdentifier.

func (IssuerIdentifier) Empty ¶ 

func (oi IssuerIdentifier) Empty() bool

func (IssuerIdentifier) GormDataType ¶ 

func (IssuerIdentifier) GormDataType(dialect gorm.Dialect) string

func (IssuerIdentifier) MarshalCBOR ¶ 

func (oi IssuerIdentifier) MarshalCBOR() (data []byte, err error)

func (IssuerIdentifier) MarshalText ¶ 

func (id IssuerIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (IssuerIdentifier) Name ¶ 

func (oi IssuerIdentifier) Name() string

Name returns the last part of this identifier.

func (IssuerIdentifier) Parent ¶ 

func (oi IssuerIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (IssuerIdentifier) Root ¶ 

func (oi IssuerIdentifier) Root() string

func (*IssuerIdentifier) Scan ¶ 

func (oi *IssuerIdentifier) Scan(src interface{}) error

func (IssuerIdentifier) SchemeManagerIdentifier ¶ 

func (id IssuerIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier

SchemeManagerIdentifier returns the scheme manager identifer of the issuer.

func (IssuerIdentifier) String ¶ 

func (oi IssuerIdentifier) String() string

String returns this identifier as a string.

func (*IssuerIdentifier) UnmarshalCBOR ¶ 

func (oi *IssuerIdentifier) UnmarshalCBOR(data []byte) error

func (*IssuerIdentifier) UnmarshalText ¶ 

func (id *IssuerIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (IssuerIdentifier) Value ¶ 

func (oi IssuerIdentifier) Value() (driver.Value, error)

type LegacyDisclosureRequest ¶ 

type LegacyDisclosureRequest struct {
	BaseRequest
	Content []LegacyLabeledDisjunction `json:"content"`
}

func (*LegacyDisclosureRequest) Action ¶ 

func (dr *LegacyDisclosureRequest) Action() Action

func (*LegacyDisclosureRequest) Base ¶ 

func (dr *LegacyDisclosureRequest) Base() *BaseRequest

func (*LegacyDisclosureRequest) Disclosure ¶ 

func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest

func (*LegacyDisclosureRequest) Identifiers ¶ 

func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet

func (*LegacyDisclosureRequest) Legacy ¶ 

func (dr *LegacyDisclosureRequest) Legacy() (SessionRequest, error)

func (*LegacyDisclosureRequest) Validate ¶ 

func (dr *LegacyDisclosureRequest) Validate() error

type LegacyDisjunction ¶ 

type LegacyDisjunction []AttributeRequest

LegacyDisjunction is a disjunction of attributes from before the condiscon feature, representing a list of attribute types one of which must be given by the user, possibly requiring specific values. (C.f. AttributeCon, also defined as []AttributeRequest, which is only satisfied if all listed attributes are given by the user.)

func (*LegacyDisjunction) MarshalJSON ¶ 

func (l *LegacyDisjunction) MarshalJSON() ([]byte, error)

func (*LegacyDisjunction) UnmarshalJSON ¶ 

func (l *LegacyDisjunction) UnmarshalJSON(bts []byte) error

type LegacyIssuanceRequest ¶ 

type LegacyIssuanceRequest struct {
	BaseRequest
	Credentials []*CredentialRequest       `json:"credentials"`
	Disclose    []LegacyLabeledDisjunction `json:"disclose"`
}

func (*LegacyIssuanceRequest) Action ¶ 

func (ir *LegacyIssuanceRequest) Action() Action

func (*LegacyIssuanceRequest) Base ¶ 

func (ir *LegacyIssuanceRequest) Base() *BaseRequest

func (*LegacyIssuanceRequest) Disclosure ¶ 

func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest

func (*LegacyIssuanceRequest) Identifiers ¶ 

func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet

func (*LegacyIssuanceRequest) Legacy ¶ 

func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error)

func (*LegacyIssuanceRequest) Validate ¶ 

func (ir *LegacyIssuanceRequest) Validate() error

type LegacyLabeledDisjunction ¶ 

type LegacyLabeledDisjunction struct {
	Label      string            `json:"label"`
	Attributes LegacyDisjunction `json:"attributes"`
}

type LegacySignatureRequest ¶ 

type LegacySignatureRequest struct {
	LegacyDisclosureRequest
	Message string `json:"message"`
}

func (*LegacySignatureRequest) Action ¶ 

func (ir *LegacySignatureRequest) Action() Action

type MetadataAttribute ¶ 

type MetadataAttribute struct {
	Int *big.Int

	Conf *Configuration
	// contains filtered or unexported fields
}

metadataAttribute represents a metadata attribute. Contains the credential type, signing date, validity, and the public key counter.

func MetadataFromInt ¶ 

func MetadataFromInt(i *big.Int, conf *Configuration) *MetadataAttribute

MetadataFromInt wraps the given Int

func NewMetadataAttribute ¶ 

func NewMetadataAttribute(version byte) *MetadataAttribute

NewMetadataAttribute constructs a new instance containing the default values: provided version as versionField now as signing date 0 as keycounter ValidityDefault (half a year) as default validity.

func (*MetadataAttribute) Bytes ¶ 

func (attr *MetadataAttribute) Bytes() []byte

Bytes returns this metadata attribute as a byte slice. Bigint's Bytes() method returns a big-endian byte slice, so add padding at begin.

func (*MetadataAttribute) CredentialType ¶ 

func (attr *MetadataAttribute) CredentialType() *CredentialType

CredentialType returns the credential type of the current instance using the Configuration.

func (*MetadataAttribute) CredentialTypeHash ¶ 

func (attr *MetadataAttribute) CredentialTypeHash() []byte

func (*MetadataAttribute) Expiry ¶ 

func (attr *MetadataAttribute) Expiry() time.Time

Expiry returns the expiry date of this instance

func (*MetadataAttribute) IsValid ¶ 

func (attr *MetadataAttribute) IsValid() bool

IsValid returns whether this instance is valid.

func (*MetadataAttribute) IsValidOn ¶ 

func (attr *MetadataAttribute) IsValidOn(t time.Time) bool

IsValidOn returns whether this instance is still valid at the given time

func (*MetadataAttribute) KeyCounter ¶ 

func (attr *MetadataAttribute) KeyCounter() uint

KeyCounter return the public key counter of the metadata attribute

func (*MetadataAttribute) PublicKey ¶ 

func (attr *MetadataAttribute) PublicKey() (*gabi.PublicKey, error)

PublicKey extracts identifier of the Idemix public key with which this instance was signed, and returns this public key.

func (*MetadataAttribute) SigningDate ¶ 

func (attr *MetadataAttribute) SigningDate() time.Time

SigningDate returns the time at which this instance was signed

func (*MetadataAttribute) ValidityDuration ¶ 

func (attr *MetadataAttribute) ValidityDuration() int

ValidityDuration returns the amount of epochs during which this instance is valid

func (*MetadataAttribute) Version ¶ 

func (attr *MetadataAttribute) Version() byte

Version returns the metadata version of this instance

type NonRevocationParameters ¶ 

type NonRevocationParameters map[CredentialTypeIdentifier]*NonRevocationRequest

func (*NonRevocationParameters) MarshalJSON ¶ 

func (n *NonRevocationParameters) MarshalJSON() ([]byte, error)

func (*NonRevocationParameters) UnmarshalJSON ¶ 

func (n *NonRevocationParameters) UnmarshalJSON(bts []byte) error

type NonRevocationRequest ¶ 

type NonRevocationRequest struct {
	Tolerance uint64                      `json:"tolerance,omitempty"`
	Updates   map[uint]*revocation.Update `json:"updates,omitempty"`
}

type ProofList ¶ 

type ProofList gabi.ProofList

ProofList is a gabi.ProofList with some extra methods.

func (ProofList) Expired ¶ 

func (pl ProofList) Expired(configuration *Configuration, t *time.Time) bool

Expired returns true if any of the contained disclosure proofs is specified at the specified time, or now, when the specified time is nil.

func (ProofList) ExtractPublicKeys ¶ 

func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabi.PublicKey, error)

ExtractPublicKeys returns the public keys of each proof in the proofList, in the same order, for later use in verification of the proofList. If one of the proofs is not a ProofD an error is returned.

func (ProofList) VerifyProofs ¶ 

func (pl ProofList) VerifyProofs(
	configuration *Configuration,
	request SessionRequest,
	context *big.Int, nonce *big.Int,
	publickeys []*gabi.PublicKey,
	validAt *time.Time,
	isSig bool,
) (bool, map[int]*time.Time, error)

VerifyProofs verifies the proofs cryptographically.

type ProofStatus ¶ 

type ProofStatus string

ProofStatus is the status of the complete proof

type ProtocolVersion ¶ 

type ProtocolVersion struct {
	Major int
	Minor int
}

ProtocolVersion encodes the IRMA protocol version of an IRMA session.

func NewVersion ¶ 

func NewVersion(major, minor int) *ProtocolVersion

func (*ProtocolVersion) Above ¶ 

func (v *ProtocolVersion) Above(major, minor int) bool

func (*ProtocolVersion) AboveVersion ¶ 

func (v *ProtocolVersion) AboveVersion(other *ProtocolVersion) bool

func (*ProtocolVersion) Below ¶ 

func (v *ProtocolVersion) Below(major, minor int) bool

Returns true if v is below the given version.

func (*ProtocolVersion) BelowVersion ¶ 

func (v *ProtocolVersion) BelowVersion(other *ProtocolVersion) bool

func (*ProtocolVersion) MarshalJSON ¶ 

func (v *ProtocolVersion) MarshalJSON() ([]byte, error)

func (*ProtocolVersion) String ¶ 

func (v *ProtocolVersion) String() string

func (*ProtocolVersion) UnmarshalJSON ¶ 

func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error)

type Qr ¶ 

type Qr struct {
	// Server with which to perform the session
	URL string `json:"u"`
	// Session type (disclosing, signing, issuing)
	Type Action `json:"irmaqr"`
}

Qr contains the data of an IRMA session QR (as generated by irma_js), suitable for NewSession().

func (*Qr) IsQr ¶ 

func (qr *Qr) IsQr() bool

func (*Qr) Validate ¶ 

func (qr *Qr) Validate() (err error)

type RemoteError ¶ 

type RemoteError struct {
	Status      int    `json:"status,omitempty"`
	ErrorName   string `json:"error,omitempty"`
	Description string `json:"description,omitempty"`
	Message     string `json:"message,omitempty"`
	Stacktrace  string `json:"stacktrace,omitempty"`
}

RemoteError is an error message returned by the API server on errors.

func (*RemoteError) Error ¶ 

func (err *RemoteError) Error() string

type RequestorBaseRequest ¶ 

type RequestorBaseRequest struct {
	ResultJwtValidity int    `json:"validity,omitempty"`    // Validity of session result JWT in seconds
	ClientTimeout     int    `json:"timeout,omitempty"`     // Wait this many seconds for the IRMA app to connect before the session times out
	CallbackURL       string `json:"callbackUrl,omitempty"` // URL to post session result to
}

RequestorBaseRequest contains fields present in all RequestorRequest types with which the requestor configures an IRMA session.

type RequestorJwt ¶ 

type RequestorJwt interface {
	Action() Action
	RequestorRequest() RequestorRequest
	SessionRequest() SessionRequest
	Requestor() string
	Valid() error
	Sign(jwt.SigningMethod, interface{}) (string, error)
}

A RequestorJwt contains an IRMA session object.

func ParseRequestorJwt ¶ 

func ParseRequestorJwt(action string, requestorJwt string) (RequestorJwt, error)

ParseRequestorJwt parses the specified JWT and returns the contents. Note: this function does not verify the signature! Do that elsewhere.

type RequestorRequest ¶ 

type RequestorRequest interface {
	Validator
	SessionRequest() SessionRequest
	Base() RequestorBaseRequest
}

RequestorRequest is the message with which requestors start an IRMA session. It contains a SessionRequest instance for the irmaclient along with extra fields in a RequestorBaseRequest.

type RequiredAttributeMissingError ¶ 

type RequiredAttributeMissingError struct {
	ErrorType
	Missing *IrmaIdentifierSet
}

func (*RequiredAttributeMissingError) Error ¶ 

func (e *RequiredAttributeMissingError) Error() string

type RevocationAttribute ¶ 

type RevocationAttribute big.Int

RevocationAttribute is a big.Int with DB (un)marshaling methods.

func (RevocationAttribute) GormDataType ¶ 

func (RevocationAttribute) GormDataType(dialect gorm.Dialect) string

func (*RevocationAttribute) MarshalCBOR ¶ 

func (i *RevocationAttribute) MarshalCBOR() ([]byte, error)

func (*RevocationAttribute) Scan ¶ 

func (i *RevocationAttribute) Scan(src interface{}) error

Scan implements sql.Scanner, for SQL unmarshaling (from a []byte).

func (*RevocationAttribute) UnmarshalCBOR ¶ 

func (i *RevocationAttribute) UnmarshalCBOR(data []byte) error

func (*RevocationAttribute) Value ¶ 

func (i *RevocationAttribute) Value() (driver.Value, error)

Value implements driver.Valuer, for SQL marshaling (to []byte).

type RevocationClient ¶ 

type RevocationClient struct {
	Conf     *Configuration
	Settings RevocationSettings
	// contains filtered or unexported fields
}

RevocationClient offers an HTTP client to the revocation server endpoints.

func (RevocationClient) FetchUpdateFrom ¶ 

func (client RevocationClient) FetchUpdateFrom(id CredentialTypeIdentifier, pkcounter uint, from uint64) (*revocation.Update, error)

func (RevocationClient) FetchUpdateLatest ¶ 

func (client RevocationClient) FetchUpdateLatest(id CredentialTypeIdentifier, pkcounter uint, count uint64) (*revocation.Update, error)

func (RevocationClient) FetchUpdatesLatest ¶ 

func (client RevocationClient) FetchUpdatesLatest(id CredentialTypeIdentifier, count uint64) (map[uint]*revocation.Update, error)

func (RevocationClient) PostIssuanceRecord ¶ 

func (client RevocationClient) PostIssuanceRecord(id CredentialTypeIdentifier, sk *revocation.PrivateKey, rec *IssuanceRecord, url string) error

type RevocationJwt ¶ 

type RevocationJwt struct {
	ServerJwt
	Request *RevocationRequest `json:"revrequest"`
}

func (*RevocationJwt) Sign ¶ 

func (claims *RevocationJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*RevocationJwt) Valid ¶ 

func (claims *RevocationJwt) Valid() error

type RevocationKeys ¶ 

type RevocationKeys struct {
	Conf *Configuration
}

RevocationKeys contains helper functions for retrieving revocation private and public keys from an irma.Configuration instance.

func (RevocationKeys) PrivateKey ¶ 

func (rs RevocationKeys) PrivateKey(issid IssuerIdentifier, counter uint) (*revocation.PrivateKey, error)

func (RevocationKeys) PrivateKeyLatest ¶ 

func (rs RevocationKeys) PrivateKeyLatest(issid IssuerIdentifier) (*revocation.PrivateKey, error)

func (RevocationKeys) PublicKey ¶ 

func (rs RevocationKeys) PublicKey(issid IssuerIdentifier, counter uint) (*revocation.PublicKey, error)

type RevocationRequest ¶ 

type RevocationRequest struct {
	LDContext      string                   `json:"@context,omitempty"`
	CredentialType CredentialTypeIdentifier `json:"type"`
	Key            string                   `json:"revocationKey,omitempty"`
	Issued         int64                    `json:"issued,omitempty"`
}

func (*RevocationRequest) Validate ¶ 

func (r *RevocationRequest) Validate() error

type RevocationSetting ¶ 

type RevocationSetting struct {
	Server              bool   `json:"server,omitempty" mapstructure:"server"`
	Authority           bool   `json:"authority,omitempty" mapstructure:"authority"`
	RevocationServerURL string `json:"revocation_server_url,omitempty" mapstructure:"revocation_server_url"`
	Tolerance           uint64 `json:"tolerance,omitempty" mapstructure:"tolerance"` // in seconds, min 30
	SSE                 bool   `json:"sse,omitempty" mapstructure:"sse"`
	// contains filtered or unexported fields
}

RevocationSetting contains revocation settings for a given credential type.

type RevocationSettings ¶ 

type RevocationSettings map[CredentialTypeIdentifier]*RevocationSetting

func (RevocationSettings) Get ¶ 

func (rs RevocationSettings) Get(id CredentialTypeIdentifier) *RevocationSetting

type RevocationStorage ¶ 

type RevocationStorage struct {
	Keys RevocationKeys

	ServerSentEvents *sse.Server
	// contains filtered or unexported fields
}

RevocationStorage stores and retrieves revocation-related data from and to a SQL database, and offers a revocation API for all other irmago code, including a Revoke() method that revokes an earlier issued credential.

func (*RevocationStorage) Accumulator ¶ 

func (rs *RevocationStorage) Accumulator(id CredentialTypeIdentifier, pkcounter uint) (
	*revocation.SignedAccumulator, error,
)

func (*RevocationStorage) AddIssuanceRecord ¶ 

func (rs *RevocationStorage) AddIssuanceRecord(r *IssuanceRecord) error

func (*RevocationStorage) AddUpdate ¶ 

func (rs *RevocationStorage) AddUpdate(id CredentialTypeIdentifier, record *revocation.Update) error

func (*RevocationStorage) Close ¶ 

func (rs *RevocationStorage) Close() error

func (*RevocationStorage) EnableRevocation ¶ 

func (rs *RevocationStorage) EnableRevocation(id CredentialTypeIdentifier, sk *revocation.PrivateKey) error

EnableRevocation creates an initial accumulator for a given credential type. This function is the only way to create such an initial accumulator and it must be called before anyone can use revocation for this credential type. Requires the issuer private key.

func (*RevocationStorage) Events ¶ 

func (rs *RevocationStorage) Events(id CredentialTypeIdentifier, pkcounter uint, from, to uint64) (*revocation.EventList, error)

func (*RevocationStorage) Exists ¶ 

func (rs *RevocationStorage) Exists(id CredentialTypeIdentifier, counter uint) (bool, error)

Exists returns whether or not an accumulator exists in the database for the given credential type.

func (*RevocationStorage) IssuanceRecords ¶ 

func (rs *RevocationStorage) IssuanceRecords(id CredentialTypeIdentifier, key string, issued time.Time) ([]*IssuanceRecord, error)

func (*RevocationStorage) Load ¶ 

func (rs *RevocationStorage) Load(debug bool, dbtype, connstr string, settings RevocationSettings) error

func (*RevocationStorage) PostUpdate ¶ 

func (rs *RevocationStorage) PostUpdate(id CredentialTypeIdentifier, update *revocation.Update)

func (*RevocationStorage) Revoke ¶ 

func (rs *RevocationStorage) Revoke(id CredentialTypeIdentifier, key string, issued time.Time) error

Revoke revokes the credential(s) specified by key and issued, if found within the current database, by updating their revocation time to now, removing their revocation attribute from the current accumulator, and updating the revocation database on disk. If issued is not specified, i.e. passed the zero value, all credentials specified by key are revoked.

func (*RevocationStorage) SaveIssuanceRecord ¶ 

func (rs *RevocationStorage) SaveIssuanceRecord(id CredentialTypeIdentifier, rec *IssuanceRecord, sk *gabi.PrivateKey) error

SaveIssuanceRecord either stores the issuance record locally, if we are the revocation server of the crecential type, or it signs and sends it to the remote revocation server.

func (*RevocationStorage) SetRevocationUpdates ¶ 

func (rs *RevocationStorage) SetRevocationUpdates(b *BaseRequest) error

SetRevocationUpdates retrieves the latest revocation records from the database, and attaches them to the request, for each credential type for which a nonrevocation proof is requested in b.Revocation.

func (*RevocationStorage) SyncDB ¶ 

func (rs *RevocationStorage) SyncDB(id CredentialTypeIdentifier) error

func (*RevocationStorage) SyncIfOld ¶ 

func (rs *RevocationStorage) SyncIfOld(id CredentialTypeIdentifier, maxage uint64) error

func (*RevocationStorage) UpdateLatest ¶ 

func (rs *RevocationStorage) UpdateLatest(id CredentialTypeIdentifier, count uint64, counter *uint) (map[uint]*revocation.Update, error)

type SchemeAppVersion ¶ 

type SchemeAppVersion struct {
	Android int `xml:"Android"`
	IOS     int `xml:"iOS"`
}

type SchemeManager ¶ 

type SchemeManager struct {
	ID                string           `xml:"Id"`
	Name              TranslatedString `xml:"Name"`
	URL               string           `xml:"Url"`
	Contact           string           `xml:"contact"`
	Demo              bool             `xml:"Demo"` // Decides whether to download private keys
	Description       TranslatedString
	MinimumAppVersion SchemeAppVersion
	KeyshareServer    string
	KeyshareWebsite   string
	KeyshareAttribute string
	TimestampServer   string
	XMLVersion        int      `xml:"version,attr"`
	XMLName           xml.Name `xml:"SchemeManager"`

	Status SchemeManagerStatus `xml:"-"`
	Valid  bool                `xml:"-"` // true iff Status == SchemeManagerStatusValid

	Timestamp Timestamp
	// contains filtered or unexported fields
}

SchemeManager describes a scheme manager.

func DownloadSchemeManager ¶ 

func DownloadSchemeManager(url string) (*SchemeManager, error)

DownloadSchemeManager downloads and returns a scheme manager description.xml file from the specified URL.

func NewSchemeManager ¶ 

func NewSchemeManager(name string) *SchemeManager

func (*SchemeManager) Distributed ¶ 

func (sm *SchemeManager) Distributed() bool

Distributed indicates if this scheme manager uses a keyshare server.

func (*SchemeManager) Identifier ¶ 

func (sm *SchemeManager) Identifier() SchemeManagerIdentifier

Identifier returns the identifier of the specified scheme manager.

type SchemeManagerError ¶ 

type SchemeManagerError struct {
	Manager SchemeManagerIdentifier
	Status  SchemeManagerStatus
	Err     error
}

func (SchemeManagerError) Error ¶ 

func (sme SchemeManagerError) Error() string

type SchemeManagerIdentifier ¶ 

type SchemeManagerIdentifier struct {
	// contains filtered or unexported fields
}

SchemeManagerIdentifier identifies a scheme manager. Equal to its ID. For example "irma-demo".

func NewSchemeManagerIdentifier ¶ 

func NewSchemeManagerIdentifier(id string) SchemeManagerIdentifier

NewSchemeManagerIdentifier converts the specified identifier to a SchemeManagerIdentifier.

func (SchemeManagerIdentifier) Empty ¶ 

func (oi SchemeManagerIdentifier) Empty() bool

func (SchemeManagerIdentifier) GormDataType ¶ 

func (SchemeManagerIdentifier) GormDataType(dialect gorm.Dialect) string

func (SchemeManagerIdentifier) MarshalCBOR ¶ 

func (oi SchemeManagerIdentifier) MarshalCBOR() (data []byte, err error)

func (SchemeManagerIdentifier) MarshalText ¶ 

func (id SchemeManagerIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (SchemeManagerIdentifier) Name ¶ 

func (oi SchemeManagerIdentifier) Name() string

Name returns the last part of this identifier.

func (SchemeManagerIdentifier) Parent ¶ 

func (oi SchemeManagerIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (SchemeManagerIdentifier) Root ¶ 

func (oi SchemeManagerIdentifier) Root() string

func (*SchemeManagerIdentifier) Scan ¶ 

func (oi *SchemeManagerIdentifier) Scan(src interface{}) error

func (SchemeManagerIdentifier) String ¶ 

func (oi SchemeManagerIdentifier) String() string

String returns this identifier as a string.

func (*SchemeManagerIdentifier) UnmarshalCBOR ¶ 

func (oi *SchemeManagerIdentifier) UnmarshalCBOR(data []byte) error

func (*SchemeManagerIdentifier) UnmarshalText ¶ 

func (id *SchemeManagerIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (SchemeManagerIdentifier) Value ¶ 

func (oi SchemeManagerIdentifier) Value() (driver.Value, error)

type SchemeManagerIndex ¶ 

type SchemeManagerIndex map[string]ConfigurationFileHash

SchemeManagerIndex is a (signed) list of files under a scheme manager along with their SHA266 hash

func (SchemeManagerIndex) FromString ¶ 

func (i SchemeManagerIndex) FromString(s string) error

FromString populates this index by parsing the specified string.

func (SchemeManagerIndex) Scheme ¶ 

func (i SchemeManagerIndex) Scheme() SchemeManagerIdentifier

func (SchemeManagerIndex) String ¶ 

func (i SchemeManagerIndex) String() string

type SchemeManagerPointer ¶ 

type SchemeManagerPointer struct {
	Url       string // URL to download scheme from
	Publickey []byte // Public key of scheme against which to verify files after they have been downloaded
}

SchemeManagerPointer points to a remote IRMA scheme, containing information to download the scheme, including its (pinned) public key.

type SchemeManagerStatus ¶ 

type SchemeManagerStatus string

type ServerJwt ¶ 

type ServerJwt struct {
	Type       string    `json:"sub"`
	ServerName string    `json:"iss"`
	IssuedAt   Timestamp `json:"iat"`
}

ServerJwt contains standard JWT fields.

func (*ServerJwt) Requestor ¶ 

func (jwt *ServerJwt) Requestor() string

type ServiceProviderJwt ¶ 

type ServiceProviderJwt struct {
	ServerJwt
	Request *ServiceProviderRequest `json:"sprequest"`
}

ServiceProviderJwt is a requestor JWT for a disclosure session.

func NewServiceProviderJwt ¶ 

func NewServiceProviderJwt(servername string, dr *DisclosureRequest) *ServiceProviderJwt

NewServiceProviderJwt returns a new ServiceProviderJwt.

func (*ServiceProviderJwt) Action ¶ 

func (claims *ServiceProviderJwt) Action() Action

func (*ServiceProviderJwt) RequestorRequest ¶ 

func (claims *ServiceProviderJwt) RequestorRequest() RequestorRequest

func (*ServiceProviderJwt) SessionRequest ¶ 

func (claims *ServiceProviderJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*ServiceProviderJwt) Sign ¶ 

func (claims *ServiceProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*ServiceProviderJwt) Valid ¶ 

func (claims *ServiceProviderJwt) Valid() error

type ServiceProviderRequest ¶ 

type ServiceProviderRequest struct {
	RequestorBaseRequest
	Request *DisclosureRequest `json:"request"`
}

A ServiceProviderRequest contains a disclosure request.

func (*ServiceProviderRequest) Base ¶ 

func (r *ServiceProviderRequest) Base() RequestorBaseRequest

func (*ServiceProviderRequest) SessionRequest ¶ 

func (r *ServiceProviderRequest) SessionRequest() SessionRequest

func (*ServiceProviderRequest) Validate ¶ 

func (r *ServiceProviderRequest) Validate() error

type SessionError ¶ 

type SessionError struct {
	Err error
	ErrorType
	Info         string
	RemoteError  *RemoteError
	RemoteStatus int
}

SessionError is a protocol error.

func (*SessionError) Error ¶ 

func (e *SessionError) Error() string

func (*SessionError) Stack ¶ 

func (e *SessionError) Stack() string

func (*SessionError) WrappedError ¶ 

func (e *SessionError) WrappedError() string

type SessionRequest ¶ 

type SessionRequest interface {
	Validator
	Base() *BaseRequest
	GetNonce(timestamp *atum.Timestamp) *big.Int
	Disclosure() *DisclosureRequest
	Identifiers() *IrmaIdentifierSet
	Action() Action
	Legacy() (SessionRequest, error)
}

SessionRequest instances contain all information the irmaclient needs to perform an IRMA session.

type SignatureRequest ¶ 

type SignatureRequest struct {
	DisclosureRequest
	Message string `json:"message"`
}

A SignatureRequest is a a request to sign a message with certain attributes. Construct new instances using NewSignatureRequest().

func NewSignatureRequest ¶ 

func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *SignatureRequest

func (*SignatureRequest) Action ¶ 

func (sr *SignatureRequest) Action() Action

func (*SignatureRequest) GetNonce ¶ 

func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int

GetNonce returns the nonce of this signature session (with the message already hashed into it).

func (*SignatureRequest) IsSignatureRequest ¶ 

func (sr *SignatureRequest) IsSignatureRequest() bool

func (*SignatureRequest) Legacy ¶ 

func (sr *SignatureRequest) Legacy() (SessionRequest, error)

func (*SignatureRequest) SignatureFromMessage ¶ 

func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error)

func (*SignatureRequest) UnmarshalJSON ¶ 

func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error)

func (*SignatureRequest) Validate ¶ 

func (sr *SignatureRequest) Validate() error

type SignatureRequestorJwt ¶ 

type SignatureRequestorJwt struct {
	ServerJwt
	Request *SignatureRequestorRequest `json:"absrequest"`
}

SignatureRequestorJwt is a requestor JWT for a signing session.

func NewSignatureRequestorJwt ¶ 

func NewSignatureRequestorJwt(servername string, sr *SignatureRequest) *SignatureRequestorJwt

NewSignatureRequestorJwt returns a new SignatureRequestorJwt.

func (*SignatureRequestorJwt) Action ¶ 

func (claims *SignatureRequestorJwt) Action() Action

func (*SignatureRequestorJwt) RequestorRequest ¶ 

func (claims *SignatureRequestorJwt) RequestorRequest() RequestorRequest

func (*SignatureRequestorJwt) SessionRequest ¶ 

func (claims *SignatureRequestorJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*SignatureRequestorJwt) Sign ¶ 

func (claims *SignatureRequestorJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*SignatureRequestorJwt) Valid ¶ 

func (claims *SignatureRequestorJwt) Valid() error

type SignatureRequestorRequest ¶ 

type SignatureRequestorRequest struct {
	RequestorBaseRequest
	Request *SignatureRequest `json:"request"`
}

A SignatureRequestorRequest contains a signing request.

func (*SignatureRequestorRequest) Base ¶ 

func (r *SignatureRequestorRequest) Base() RequestorBaseRequest

func (*SignatureRequestorRequest) SessionRequest ¶ 

func (r *SignatureRequestorRequest) SessionRequest() SessionRequest

func (*SignatureRequestorRequest) Validate ¶ 

func (r *SignatureRequestorRequest) Validate() error

type SignedMessage ¶ 

type SignedMessage struct {
	LDContext string                    `json:"@context"`
	Signature gabi.ProofList            `json:"signature"`
	Indices   DisclosedAttributeIndices `json:"indices"`
	Nonce     *big.Int                  `json:"nonce"`
	Context   *big.Int                  `json:"context"`
	Message   string                    `json:"message"`
	Timestamp *atum.Timestamp           `json:"timestamp"`
}

SignedMessage is a message signed with an attribute-based signature The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)

func (*SignedMessage) Disclosure ¶ 

func (sm *SignedMessage) Disclosure() *Disclosure

func (*SignedMessage) GetNonce ¶ 

func (sm *SignedMessage) GetNonce() *big.Int

func (*SignedMessage) MatchesNonceAndContext ¶ 

func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool

func (*SignedMessage) Verify ¶ 

func (sm *SignedMessage) Verify(configuration *Configuration, request *SignatureRequest) ([][]*DisclosedAttribute, ProofStatus, error)

Verify the attribute-based signature, optionally against a corresponding signature request. If the request is present (i.e. not nil), then the first attributes in the returned result match with the disjunction list in the request (that is, the i'th attribute in the result should satisfy the i'th disjunction in the request). If the request is not fully satisfied in this fasion, the Status of the result is ProofStatusMissingAttributes. Any remaining attributes (i.e. not asked for by the request) are also included in the result, after the attributes that match disjunctions in the request.

The signature request is optional; if it is nil then the attribute-based signature is still verified, and all containing attributes returned in the result.

func (*SignedMessage) VerifyTimestamp ¶ 

func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error

Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes, and rerandomized CL-signatures.

func (*SignedMessage) Version ¶ 

func (sm *SignedMessage) Version() int

type Status ¶ 

type Status string

Status encodes the status of an IRMA session (e.g., connected).

type Timestamp ¶ 

type Timestamp time.Time

Timestamp is a time.Time that marshals to Unix timestamps.

func (Timestamp) After ¶ 

func (t Timestamp) After(u Timestamp) bool

func (Timestamp) Before ¶ 

func (t Timestamp) Before(u Timestamp) bool

Check if Timestamp is before other Timestamp. Used for checking expiry of attributes

func (*Timestamp) Floor ¶ 

func (t *Timestamp) Floor() Timestamp

func (Timestamp) IsZero ¶ 

func (t Timestamp) IsZero() bool

To check whether Timestamp is uninitialized

func (*Timestamp) MarshalJSON ¶ 

func (t *Timestamp) MarshalJSON() ([]byte, error)

MarshalJSON marshals a timestamp.

func (*Timestamp) MarshalXML ¶ 

func (t *Timestamp) MarshalXML(e *xml.Encoder, start xml.StartElement) error

func (*Timestamp) String ¶ 

func (t *Timestamp) String() string

Timestamp implements Stringer.

func (*Timestamp) UnmarshalJSON ¶ 

func (t *Timestamp) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals a timestamp.

func (*Timestamp) UnmarshalXML ¶ 

func (t *Timestamp) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

type TranslatedString ¶ 

type TranslatedString map[string]string

TranslatedString is a map of translated strings.

func NewTranslatedString ¶ 

func NewTranslatedString(attr *string) TranslatedString

NewTranslatedString returns a TranslatedString containing the specified string for each supported language, or nil when attr is nil.

func (*TranslatedString) MarshalXML ¶ 

func (ts *TranslatedString) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML implements xml.Marshaler.

func (*TranslatedString) UnmarshalXML ¶ 

func (ts *TranslatedString) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML unmarshals an XML tag containing a string translated to multiple languages, for example: <Foo><en>Hello world</en><nl>Hallo wereld</nl></Foo> into a TranslatedString: { "en": "Hello world" , "nl": "Hallo wereld" }

type UnknownIdentifierError ¶ 

type UnknownIdentifierError struct {
	ErrorType
	Missing *IrmaIdentifierSet
}

func (*UnknownIdentifierError) Error ¶ 

func (e *UnknownIdentifierError) Error() string

type Validator ¶ 

type Validator interface {
	Validate() error
}

Source Files ¶

View all Source files

Directories ¶

Path Synopsis
internal
common
disable_sigpipe
sessiontest
This package just contains tests.
 This package just contains tests.
test
Package test contains functionality that should be available to all unit tests (which live in separate packages).
 Package test contains functionality that should be available to all unit tests (which live in separate packages).
cmd
Package irmaclient implements an IRMA client, that can manage and use IRMA attributes.
 Package irmaclient implements an IRMA client, that can manage and use IRMA attributes.
irmac
Required to be main when building a shared library
 Required to be main when building a shared library
irmaserver
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
 Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
requestorserver
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.
 Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.