Documentation ¶
Index ¶
- Constants
- Variables
- func GetIrmaConfig(config AuthConfig) (irmaConfig *irma.Configuration, err error)
- func GetIrmaServer(config AuthConfig) (irmaServer *irmaserver.Server, err error)
- type AccessTokenHandler
- type AccessTokenResponse
- type Auth
- func (auth *Auth) Configure() (err error)
- func (auth *Auth) ContractByType(contractType ContractType, language Language, version Version) (*ContractTemplate, error)
- func (auth *Auth) ContractSessionStatus(sessionID string) (*SessionStatusResult, error)
- func (auth *Auth) CreateAccessToken(request CreateAccessTokenRequest) (*AccessTokenResponse, error)
- func (auth *Auth) CreateContractSession(sessionRequest CreateSessionRequest) (*CreateSessionResult, error)
- func (auth *Auth) CreateJwtBearerToken(request CreateJwtBearerTokenRequest) (*JwtBearerTokenResponse, error)
- func (auth *Auth) IntrospectAccessToken(token string) (*NutsAccessToken, error)
- func (auth *Auth) KeyExistsFor(legalEntity core.PartyID) bool
- func (auth *Auth) OrganizationNameByID(legalEntity core.PartyID) (string, error)
- func (auth *Auth) ValidateContract(request ValidationRequest) (*ContractValidationResult, error)
- type AuthClient
- type AuthConfig
- type ContractFormat
- type ContractMatrix
- type ContractSessionHandler
- type ContractTemplate
- type ContractType
- type ContractValidationResult
- type ContractValidator
- type CreateAccessTokenRequest
- type CreateJwtBearerTokenRequest
- type CreateSessionRequest
- type CreateSessionResult
- type DefaultIrmaClient
- type DefaultValidator
- func (v DefaultValidator) BuildAccessToken(jwtBearerToken *NutsJwtBearerToken, ...) (string, error)
- func (v DefaultValidator) CreateIdentityTokenFromIrmaContract(contract *SignedIrmaContract, legalEntity core.PartyID) (string, error)
- func (v DefaultValidator) CreateJwtBearerToken(request *CreateJwtBearerTokenRequest) (*JwtBearerTokenResponse, error)
- func (v DefaultValidator) IsInitialized() bool
- func (v DefaultValidator) ParseAndValidateAccessToken(accessToken string) (*NutsAccessToken, error)
- func (v DefaultValidator) ParseAndValidateJwtBearerToken(acString string) (*NutsJwtBearerToken, error)
- func (v DefaultValidator) SessionStatus(id SessionID) (*SessionStatusResult, error)
- func (v DefaultValidator) StartSession(request interface{}, handler irmaserver.SessionHandler) (*irma.Qr, string, error)
- func (v DefaultValidator) ValidateContract(b64EncodedContract string, format ContractFormat, actingPartyCN string) (*ContractValidationResult, error)
- func (v DefaultValidator) ValidateJwt(token string, actingPartyCN string) (*ContractValidationResult, error)
- type IrmaContractVerifier
- func (cv *IrmaContractVerifier) ParseSignedIrmaContract(rawContract string) (*SignedIrmaContract, error)
- func (cv *IrmaContractVerifier) ValidateContractContents(signedContract *SignedIrmaContract, validationResult *ContractValidationResult, ...) (*ContractValidationResult, error)
- func (cv *IrmaContractVerifier) VerifyAll(signedContract *SignedIrmaContract, actingPartyCn string) (*ContractValidationResult, error)
- func (cv *IrmaContractVerifier) VerifySignature(signedContract *SignedIrmaContract) (*ContractValidationResult, error)
- type IrmaServerClient
- type JwtBearerTokenResponse
- type Language
- type LegacyIdentityToken
- type NutsAccessToken
- type NutsIdentityToken
- type NutsJwtBearerToken
- type SessionID
- type SessionStatusResult
- type SignedIrmaContract
- type ValidationRequest
- type ValidationState
- type Version
Constants ¶
const ( // IrmaFormat is used to indicate a contract is in he form of a base64 encoded IRMA signature IrmaFormat ContractFormat = "irma" // JwtFormat is used to indicate a contract in in the form of a Jwt encoded signature JwtFormat ContractFormat = "JWT" // Valid is used to indicate a contract was valid on the time of testing Valid ValidationState = "VALID" // Invalid is used to indicate a contract was invalid on the time of testing Invalid ValidationState = "INVALID" )
const ConfActingPartyCN = "actingPartyCn"
ConfActingPartyCN is the config key to provide the Acting party common name
const ConfAddress = "address"
ConfAddress is the config key for the address the http server listens on
const ConfEnableCORS = "enableCORS"
const ConfIrmaConfigPath = "irmaConfigPath"
ConfIrmaConfigPath is the config key to provide the irma configuration path
const ConfIrmaSchemeManager = "irmaSchemeManager"
ConfIrmaSchemeManager allows selecting an IRMA scheme manager. During development this can ben irma-demo. Production should be pdfb
const ConfMode = "mode"
ConfMode is the config name for the engine mode
const ConfSkipAutoUpdateIrmaSchemas = "skipAutoUpdateIrmaSchemas"
ConfSkipAutoUpdateIrmaSchemas is the config key to provide an option to skip auto updating the irma schemas
const IrmaMountPath = "/auth/irmaclient"
The location the irma webserver will mount
const JwtBearerGrantType = "urn:ietf:params:oauth:grant-type:jwt-bearer"
JwtBearerGrantType defines the grant-type to use in the access token request
const PublicURL = "publicUrl"
PublicURL is the config key for the public URL the http/irma server can be discovered
Variables ¶
var Contracts = ContractMatrix{ "NL": {"BehandelaarLogin": { "v1": &ContractTemplate{ Type: "BehandelaarLogin", Version: "v1", Language: "NL", SignerAttributes: []string{".nuts.agb.agbcode"}, Template: `NL:BehandelaarLogin:v1 Ondergetekende geeft toestemming aan {{acting_party}} om namens {{legal_entity}} en ondergetekende het Nuts netwerk te bevragen. Deze toestemming is geldig van {{valid_from}} tot {{valid_to}}.`, TemplateAttributes: []string{"acting_party", "legal_entity", "valid_from", "valid_to"}, Regexp: `NL:BehandelaarLogin:v1 Ondergetekende geeft toestemming aan (.+) om namens (.+) en ondergetekende het Nuts netwerk te bevragen. Deze toestemming is geldig van (.+) tot (.+).`, }, "v2": &ContractTemplate{ Type: "BehandelaarLogin", Version: "v2", Language: "NL", SignerAttributes: StandardSignerAttributes, Template: `NL:BehandelaarLogin:v2 Ondergetekende geeft toestemming aan {{acting_party}} om namens {{legal_entity}} en ondergetekende het Nuts netwerk te bevragen. Deze toestemming is geldig van {{valid_from}} tot {{valid_to}}.`, TemplateAttributes: []string{"acting_party", "legal_entity", "valid_from", "valid_to"}, Regexp: `NL:BehandelaarLogin:v2 Ondergetekende geeft toestemming aan (.+) om namens (.+) en ondergetekende het Nuts netwerk te bevragen. Deze toestemming is geldig van (.+) tot (.+).`, }, }}, "EN": {"PractitionerLogin": { "v1": &ContractTemplate{ Type: "PractitionerLogin", Version: "v1", Language: "EN", SignerAttributes: []string{"nuts.agb.agbcode"}, Template: `EN:PractitionerLogin:v1 Undersigned gives permission to {{acting_party}} to make request to the Nuts network on behalf of {{legal_entity}} and itself. This permission is valid from {{valid_from}} until {{valid_to}}.`, TemplateAttributes: []string{"acting_party", "legal_entity", "valid_from", "valid_to"}, Regexp: `EN:PractitionerLogin:v1 Undersigned gives permission to (.+) to make request to the Nuts network on behalf of (.+) and itself. This permission is valid from (.+) until (.+).`, }, "v2": &ContractTemplate{ Type: "PractitionerLogin", Version: "v2", Language: "EN", SignerAttributes: StandardSignerAttributes, Template: `EN:PractitionerLogin:v2 Undersigned gives permission to {{acting_party}} to make request to the Nuts network on behalf of {{legal_entity}} and itself. This permission is valid from {{valid_from}} until {{valid_to}}.`, TemplateAttributes: []string{"acting_party", "legal_entity", "valid_from", "valid_to"}, Regexp: `EN:PractitionerLogin:v2 Undersigned gives permission to (.+) to make request to the Nuts network on behalf of (.+) and itself. This permission is valid from (.+) until (.+).`, }, }}, }
EN:PractitionerLogin:v1 ContractTemplate
var ErrContractNotFound = errors.New("contract not found")
ErrContractNotFound is used when a certain combination of type, language and version cannot resolve to a contract
var ErrInvalidContractFormat = errors.New("unknown contract type")
ErrInvalidContractFormat indicates tha a contract format is unknown.
var ErrInvalidContractText = errors.New("invalid contract text")
ErrInvalidContractText is used when contract texts cannot be parsed or contain invalid values
var ErrLegalEntityNotProvided = errors.New("legalEntity not provided")
ErrLegalEntityNotProvided indicates that the legalEntity is missing
var ErrMissingActingParty = errors.New("missing actingPartyCn")
ErrMissingActingParty is returned when the actingPartyCn is missing from the config
var ErrMissingPublicURL = errors.New("missing publicUrl")
ErrMissingPublicURL is returned when the publicUrl is missing from the config
var ErrSessionNotFound = errors.New("session not found")
ErrSessionNotFound is returned when there is no contract signing session found for a certain SessionID
var ErrUnknownContractFormat = errors.New("unknown contract format")
ErrUnknownContractFormat is returned when the contract format is unknown
var NowFunc = time.Now
NowFunc is used to store a function that returns the current time. This can be changed when you want to mock the current time.
var StandardSignerAttributes = []string{
".gemeente.personalData.firstnames",
"pbdf.pbdf.email.email",
}
StandardSignerAttributes defines the standard list of attributes used for a contract. If SignerAttribute name starts with a dot '.', it uses the configured scheme manager
Functions ¶
func GetIrmaConfig ¶
func GetIrmaConfig(config AuthConfig) (irmaConfig *irma.Configuration, err error)
GetIrmaConfig creates and returns an IRMA config. The config sets the given irma path or a temporary folder. Then it downloads the schemas.
func GetIrmaServer ¶
func GetIrmaServer(config AuthConfig) (irmaServer *irmaserver.Server, err error)
GetIrmaServer creates and starts the irma server instance. The server can be used by a IRMA client like the app to handle IRMA sessions
Types ¶
type AccessTokenHandler ¶ added in v0.13.0
type AccessTokenHandler interface { // CreateJwtBearerToken from a JwtBearerTokenRequest. Returns a signed JWT string. CreateJwtBearerToken(request *CreateJwtBearerTokenRequest) (token *JwtBearerTokenResponse, err error) // ParseAndValidateJwtBearerToken accepts a jwt encoded bearer token as string and returns the NutsJwtBearerToken object if valid. // it returns a ErrLegalEntityNotProvided if the issuer does not contain an legal entity // it returns a ErrOrganizationNotFound if the organization in the issuer could not be found in the registry ParseAndValidateJwtBearerToken(token string) (*NutsJwtBearerToken, error) // BuildAccessToken create a jwt encoded access token from a NutsJwtBearerToken and a ContractValidationResult. BuildAccessToken(jwtClaims *NutsJwtBearerToken, identityValidationResult *ContractValidationResult) (token string, err error) // ParseAndValidateAccessToken parses and validates an AccessToken and returns a filled NutsAccessToken as result. // it returns a ErrLegalEntityNotProvided if the issuer does not contain an legal entity // it returns a ErrOrganizationNotFound if the organization in the issuer could not be found in the registry ParseAndValidateAccessToken(accessToken string) (*NutsAccessToken, error) }
AccessTokenHandler interface must be implemented by Access token handlers. Ir defines the interface to handle all logic concerning creating and introspecting OAuth 2.0 Access tokens
type AccessTokenResponse ¶ added in v0.13.0
type AccessTokenResponse struct {
AccessToken string
}
AccessTokenResponse defines the return value back to the api for the CreateAccessToken method
type Auth ¶
type Auth struct { Config AuthConfig ContractSessionHandler ContractSessionHandler ContractValidator ContractValidator IrmaServer *irmaserver.Server AccessTokenHandler AccessTokenHandler Crypto crypto.Client Registry registry.RegistryClient ValidContracts ContractMatrix // contains filtered or unexported fields }
Auth is the main struct of the Auth service
func AuthInstance ¶
func AuthInstance() *Auth
AuthInstance create an returns a singleton of the Auth struct
func NewAuthInstance ¶ added in v0.15.0
func NewAuthInstance(config AuthConfig, cryptoClient crypto.Client, registryClient registry.RegistryClient) *Auth
func NewTestAuthInstance ¶ added in v0.15.0
func (*Auth) Configure ¶
Configure the Auth struct by creating a validator and create an Irma server
func (*Auth) ContractByType ¶
func (auth *Auth) ContractByType(contractType ContractType, language Language, version Version) (*ContractTemplate, error)
NewContractByType returns a ContractTemplate of a certain type, language and version. If for the combination of type, version and language no contract can be found, the error is of type ErrContractNotFound
func (*Auth) ContractSessionStatus ¶
func (auth *Auth) ContractSessionStatus(sessionID string) (*SessionStatusResult, error)
ContractSessionStatus returns the current session status for a given sessionID. If the session is not found, the error is an ErrSessionNotFound and SessionStatusResult is nil
func (*Auth) CreateAccessToken ¶ added in v0.13.0
func (auth *Auth) CreateAccessToken(request CreateAccessTokenRequest) (*AccessTokenResponse, error)
CreateAccessToken extracts the claims out of the request, checks the validity and builds the access token
func (*Auth) CreateContractSession ¶
func (auth *Auth) CreateContractSession(sessionRequest CreateSessionRequest) (*CreateSessionResult, error)
CreateContractSession creates a session based on an IRMA contract. This allows the user to permit the application to use the Nuts Network in its name. The user can limit the application in time and scope. By signing it with IRMA other nodes in the network can verify the validity of the contract.
func (*Auth) CreateJwtBearerToken ¶ added in v0.13.0
func (auth *Auth) CreateJwtBearerToken(request CreateJwtBearerTokenRequest) (*JwtBearerTokenResponse, error)
CreateJwtBearerToken creates a JwtBearerToken from the given CreateJwtBearerTokenRequest
func (*Auth) IntrospectAccessToken ¶ added in v0.13.0
func (auth *Auth) IntrospectAccessToken(token string) (*NutsAccessToken, error)
IntrospectAccessToken fills the fields in NutsAccessToken from the given Jwt Access Token
func (*Auth) KeyExistsFor ¶ added in v0.13.0
KeyExistsFor check if the private key exists on this node by calling the same function on the CryptoClient
func (*Auth) OrganizationNameByID ¶ added in v0.13.0
OrganizationNameByID returns the name of an organisation from the registry
func (*Auth) ValidateContract ¶
func (auth *Auth) ValidateContract(request ValidationRequest) (*ContractValidationResult, error)
ValidateContract validates a given contract. Currently two ContractType's are accepted: Irma and Jwt. Both types should be passed as a base64 encoded string in the ContractString of the request paramContractString of the request param
type AuthClient ¶
type AuthClient interface { CreateContractSession(sessionRequest CreateSessionRequest) (*CreateSessionResult, error) ContractSessionStatus(sessionID string) (*SessionStatusResult, error) ContractByType(contractType ContractType, language Language, version Version) (*ContractTemplate, error) ValidateContract(request ValidationRequest) (*ContractValidationResult, error) CreateAccessToken(request CreateAccessTokenRequest) (*AccessTokenResponse, error) CreateJwtBearerToken(request CreateJwtBearerTokenRequest) (*JwtBearerTokenResponse, error) IntrospectAccessToken(token string) (*NutsAccessToken, error) KeyExistsFor(legalEntity core.PartyID) bool OrganizationNameByID(legalEntity core.PartyID) (string, error) }
AuthClient is the interface which should be implemented for clients or mocks
type AuthConfig ¶
type AuthConfig struct { Mode string // Address to bind the http server to. Default localhost:1323 Address string PublicUrl string IrmaConfigPath string IrmaSchemeManager string SkipAutoUpdateIrmaSchemas bool ActingPartyCn string EnableCORS bool }
AuthConfig holds all the configuration params
func DefaultAuthConfig ¶ added in v0.15.0
func DefaultAuthConfig() AuthConfig
type ContractFormat ¶
type ContractFormat string
ContractFormat describes the format of a signed contract. Based on the format an appropriate validator can be selected.
type ContractMatrix ¶ added in v0.14.0
type ContractMatrix map[Language]map[ContractType]map[Version]*ContractTemplate
type ContractSessionHandler ¶
type ContractSessionHandler interface { SessionStatus(session SessionID) (*SessionStatusResult, error) StartSession(request interface{}, handler irmaservercore.SessionHandler) (*irma.Qr, string, error) }
ContractSessionHandler interface must be implemented by ContractSessionHandlers
type ContractTemplate ¶ added in v0.14.0
type ContractTemplate struct { Type ContractType `json:"type"` Version Version `json:"version"` Language Language `json:"language"` SignerAttributes []string `json:"signer_attributes"` SignerDemoAttributes []string `json:"-"` Template string `json:"template"` TemplateAttributes []string `json:"template_attributes"` Regexp string `json:"-"` }
ContractTemplate is a template which can result in a signed contract
func NewContractByType ¶ added in v0.14.0
func NewContractByType(contractType ContractType, language Language, version Version, validContracts ContractMatrix) (*ContractTemplate, error)
NewContractByType returns the contract for a certain type, language and version. If version is omitted "v1" is used If no contract is found, the error vaule of ErrContractNotFound is returned.
func NewContractFromMessageContents ¶ added in v0.14.0
func NewContractFromMessageContents(contents string, validContracts ContractMatrix) (*ContractTemplate, error)
NewContractFromMessageContents finds the contract for a certain message. Every message should begin with a special sequence like "NL:ContractName:version".
type ContractType ¶
type ContractType string
ContractType contains type of the contract to sign. Example: "BehandelaarLogin"
type ContractValidationResult ¶ added in v0.13.0
type ContractValidationResult struct { ValidationResult ValidationState `json:"validation_result"` ContractFormat ContractFormat `json:"contract_format"` // DisclosedAttributes contain the attributes used to sign this contract DisclosedAttributes map[string]string `json:"disclosed_attributes"` }
ContractValidationResult contains the result of a contract validation
type ContractValidator ¶
type ContractValidator interface { ValidateContract(contract string, format ContractFormat, actingPartyCN string) (*ContractValidationResult, error) ValidateJwt(contract string, actingPartyCN string) (*ContractValidationResult, error) IsInitialized() bool }
ContractValidator interface must be implemented by contract validators
type CreateAccessTokenRequest ¶ added in v0.13.0
CreateAccessTokenRequest contains all information to create an access token from a JwtBearerToken
type CreateJwtBearerTokenRequest ¶ added in v0.13.0
type CreateJwtBearerTokenRequest struct { Actor string Custodian string IdentityToken string Subject string Scope string }
CreateJwtBearerTokenRequest contains all information to create a JwtBearerToken
type CreateSessionRequest ¶
type CreateSessionRequest struct { // ContractType such as "BehandelaarLogin" Type ContractType // Version of the contract such as "v1" Version Version // Language of the contact such as "NL" Language Language // LegalEntity denotes the organization of the user LegalEntity string // ValidFrom describes the time from which this contract should be considered valid ValidFrom time.Time // ValidFrom describes the time until this contract should be considered valid ValidTo time.Time // TemplateAttributes is an object containing extra template values. example: {"reason":"providing care"} TemplateAttributes map[string]string }
CreateSessionRequest is used to create a contract signing session.
type CreateSessionResult ¶
CreateSessionResult contains the results needed to setup an irma flow
type DefaultIrmaClient ¶ added in v0.13.0
type DefaultIrmaClient struct {
I *irmaserver.Server
}
DefaultIrmaClient is a wrapper for the Irma Server
func (*DefaultIrmaClient) GetSessionResult ¶ added in v0.13.0
func (d *DefaultIrmaClient) GetSessionResult(token string) *irmaservercore.SessionResult
GetSessionResult forwards to Irma Server instance
func (*DefaultIrmaClient) StartSession ¶ added in v0.13.0
func (d *DefaultIrmaClient) StartSession(request interface{}, handler irmaservercore.SessionHandler) (*irma.Qr, string, error)
StartSession forwards to Irma Server instance
type DefaultValidator ¶
type DefaultValidator struct { IrmaServer IrmaServerClient IrmaConfig *irma.Configuration Registry registry.RegistryClient Crypto nutscrypto.Client ValidContracts ContractMatrix }
DefaultValidator validates contracts using the irma logic.
func (DefaultValidator) BuildAccessToken ¶ added in v0.13.0
func (v DefaultValidator) BuildAccessToken(jwtBearerToken *NutsJwtBearerToken, identityValidationResult *ContractValidationResult) (string, error)
BuildAccessToken builds an access token based on the oauth claims and the identity of the user provided by the identityValidationResult The token gets signed with the custodians private key and returned as a string.
func (DefaultValidator) CreateIdentityTokenFromIrmaContract ¶ added in v0.13.0
func (v DefaultValidator) CreateIdentityTokenFromIrmaContract(contract *SignedIrmaContract, legalEntity core.PartyID) (string, error)
CreateIdentityTokenFromIrmaContract from a signed irma contract. Returns a JWT signed with the provided legalEntity.
func (DefaultValidator) CreateJwtBearerToken ¶ added in v0.13.0
func (v DefaultValidator) CreateJwtBearerToken(request *CreateJwtBearerTokenRequest) (*JwtBearerTokenResponse, error)
CreateJwtBearerToken creates a JwtBearerTokenResponse containing a jwtBearerToken from a CreateJwtBearerTokenRequest.
func (DefaultValidator) IsInitialized ¶ added in v0.13.0
func (v DefaultValidator) IsInitialized() bool
IsInitialized is a helper function to determine if the validator has been initialized properly.
func (DefaultValidator) ParseAndValidateAccessToken ¶ added in v0.13.0
func (v DefaultValidator) ParseAndValidateAccessToken(accessToken string) (*NutsAccessToken, error)
ParseAndValidateAccessToken parses and validates a accesstoken string and returns a filled in NutsAccessToken.
func (DefaultValidator) ParseAndValidateJwtBearerToken ¶ added in v0.13.0
func (v DefaultValidator) ParseAndValidateJwtBearerToken(acString string) (*NutsJwtBearerToken, error)
ParseAndValidateJwtBearerToken validates the jwt signature and returns the containing claims
func (DefaultValidator) SessionStatus ¶
func (v DefaultValidator) SessionStatus(id SessionID) (*SessionStatusResult, error)
SessionStatus returns the current status of a certain session. It returns nil if the session is not found
func (DefaultValidator) StartSession ¶
func (v DefaultValidator) StartSession(request interface{}, handler irmaserver.SessionHandler) (*irma.Qr, string, error)
StartSession starts an irma session. This is mainly a wrapper around the irma.IrmaServer.StartSession
func (DefaultValidator) ValidateContract ¶
func (v DefaultValidator) ValidateContract(b64EncodedContract string, format ContractFormat, actingPartyCN string) (*ContractValidationResult, error)
ValidateContract is the entry point for contract validation. It decodes the base64 encoded contract, parses the contract string, and validates the contract. Returns nil, ErrUnknownContractFormat if the contract used in the message is unknown
func (DefaultValidator) ValidateJwt ¶
func (v DefaultValidator) ValidateJwt(token string, actingPartyCN string) (*ContractValidationResult, error)
ValidateJwt validates a JWT formatted identity token
type IrmaContractVerifier ¶ added in v0.14.0
type IrmaContractVerifier struct {
// contains filtered or unexported fields
}
A IrmaContract is valid when:
it has a valid signature it contains a message that is a known ContractTemplate its signature is signed with all attributes required by the ContractTemplate it has a valid time period the acting party named in the contract is the same as the one making the request
func (*IrmaContractVerifier) ParseSignedIrmaContract ¶ added in v0.14.0
func (cv *IrmaContractVerifier) ParseSignedIrmaContract(rawContract string) (*SignedIrmaContract, error)
ParseSignedIrmaContract parses a json string containing a signed irma contract.
func (*IrmaContractVerifier) ValidateContractContents ¶ added in v0.14.0
func (cv *IrmaContractVerifier) ValidateContractContents(signedContract *SignedIrmaContract, validationResult *ContractValidationResult, actingPartyCn string) (*ContractValidationResult, error)
ValidateContractContents validates at the actual contract contents. Is the timeframe valid and does the common name corresponds with the contract message.
func (*IrmaContractVerifier) VerifyAll ¶ added in v0.14.0
func (cv *IrmaContractVerifier) VerifyAll(signedContract *SignedIrmaContract, actingPartyCn string) (*ContractValidationResult, error)
func (*IrmaContractVerifier) VerifySignature ¶ added in v0.14.0
func (cv *IrmaContractVerifier) VerifySignature(signedContract *SignedIrmaContract) (*ContractValidationResult, error)
VerifySignature verifies the IRMA signature. Returns a ContractValidationResult Note: This method only checks the IRMA crypto, not the attributes used or the contents of the contract.
type IrmaServerClient ¶ added in v0.13.0
type IrmaServerClient interface { GetSessionResult(token string) *irmaservercore.SessionResult StartSession(request interface{}, handler irmaservercore.SessionHandler) (*irma.Qr, string, error) }
IrmaServerClient is an abstraction for the Irma Server, mainly for enabling better testing
type JwtBearerTokenResponse ¶ added in v0.13.0
type JwtBearerTokenResponse struct {
BearerToken string
}
JwtBearerTokenResponse defines the return value back to the api for the createJwtBearerToken method
type LegacyIdentityToken ¶ added in v0.13.1
type LegacyIdentityToken struct { jwt.StandardClaims Contract SignedIrmaContract `json:"nuts_signature"` }
LegacyIdentityToken is the JWT that was used as Identity token in versions prior to < 0.13
type NutsAccessToken ¶ added in v0.13.0
type NutsAccessToken struct { jwt.StandardClaims SubjectID string `json:"sid"` Scope string `json:"scope"` Name string `json:"name"` GivenName string `json:"given_name"` Prefix string `json:"prefix"` FamilyName string `json:"family_name"` Email string `json:"email"` }
NutsAccessToken is a OAuth 2.0 access token which provides context to a request. Its contents are derived from a Jwt Bearer token. The Jwt Bearer token is verified by the authorization server and stripped from the proof to make it compact.
type NutsIdentityToken ¶ added in v0.13.0
type NutsIdentityToken struct { jwt.StandardClaims //Identifier of the legalEntity who issued and signed the token //Issuer string // What kind of signature? Currently only IRMA is supported Type ContractFormat `json:"type"` // The base64 encoded signature Signature string `json:"sig"` }
NutsIdentityToken contains the signed identity of the user performing the request
type NutsJwtBearerToken ¶ added in v0.13.0
type NutsJwtBearerToken struct { jwt.StandardClaims IdentityToken string `json:"usi"` SubjectID string `json:"sid"` Scope string `json:"scope"` }
NutsJwtBearerToken contains the deserialized Jwt Bearer Token as defined in rfc7523. It contains a NutsIdentity token which can be verified by the authorization server.
type SessionID ¶
type SessionID string
SessionID contains a number to uniquely identify a contract signing session
type SessionStatusResult ¶
type SessionStatusResult struct { irmaservercore.SessionResult // NutsAuthToken contains the JWT if the sessionStatus is DONE NutsAuthToken string `json:"nuts_auth_token"` }
SessionStatusResult contains the current state of a session. If the session is DONE it also contains a JWT in the NutsAuthToken
type SignedIrmaContract ¶
type SignedIrmaContract struct { IrmaContract irma.SignedMessage ContractTemplate *ContractTemplate }
SignedIrmaContract holds the contract and additional methods to parse and validate.
type ValidationRequest ¶
type ValidationRequest struct { // ContractFormat specifies the type of format used for the contract, e.g. 'irma' ContractFormat ContractFormat // The actual contract in string format to validate ContractString string // ActingPartyCN is the common name of the Acting party extracted from the client cert ActingPartyCN string }
ValidationRequest is used to pass all information to ValidateContract
type ValidationState ¶
type ValidationState string
ValidationState contains the outcome of the validation. It van be VALID or INVALID. This makes it human readable.