v0.15.2 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 20, 2024 License: Apache-2.0 Imports: 34 Imported by: 4



Package irmaclient implements an IRMA client, that can manage and use IRMA attributes. It (de)serializes them from/to storage, acts as the client in the IRMA protocol (see, and also in the IRMA keyshare protocol (see



View Source
const ActionRemoval = irma.Action("removal")


This section is empty.


func SignerCreateJWT added in v0.11.0

func SignerCreateJWT(signer Signer, keyname string, claims jwt.Claims) (string, error)


type ChangePinHandler

type ChangePinHandler interface {
	ChangePinFailure(manager irma.SchemeManagerIdentifier, err error)
	ChangePinIncorrect(manager irma.SchemeManagerIdentifier, attempts int)
	ChangePinBlocked(manager irma.SchemeManagerIdentifier, timeout int)

type Client

type Client struct {

	// Other state
	Preferences   Preferences
	Configuration *irma.Configuration
	// contains filtered or unexported fields

func New

func New(
	storagePath string,
	irmaConfigurationPath string,
	handler ClientHandler,
	signer Signer,
	aesKey [32]byte,
) (*Client, error)

New creates a new Client that uses the directory specified by storagePath for (de)serializing itself. irmaConfigurationPath is the path to a (possibly readonly) folder containing irma_configuration; and handler is used for informing the user of new stuff, and when a enrollment to a keyshare server needs to happen. The client returned by this function has been fully deserialized and is ready for use.

NOTE: It is the responsibility of the caller that there exists a (properly protected) directory at storagePath!

func (*Client) Attributes

func (client *Client) Attributes(id irma.CredentialTypeIdentifier, counter int) (attributes *irma.AttributeList)

Attributes returns the attribute list of the requested credential, or nil if we do not have it.

func (*Client) Candidates

func (client *Client) Candidates(request irma.SessionRequest) (
	candidates [][]DisclosureCandidates, satisfiable bool, err error,

Candidates returns a list of options for the user to choose from, given a session request and the credentials currently in storage.

func (*Client) Close added in v0.5.0

func (client *Client) Close() error

func (*Client) ConfigurationUpdated added in v0.3.0

func (client *Client) ConfigurationUpdated(downloaded *irma.IrmaIdentifierSet) error

ConfigurationUpdated should be run after Configuration.Download(). For any credential type in the updated scheme to which new attributes were added, this function sets the value of these new attributes to 0 in all instances that the client currently has of this credential type.

func (*Client) ConstructCredentials

func (client *Client) ConstructCredentials(msg []*gabi.IssueSignatureMessage, request *irma.IssuanceRequest, builders gabi.ProofBuilderList) error

ConstructCredentials constructs and saves new credentials using the specified issuance signature messages and credential builders.

func (*Client) CredentialInfoList

func (client *Client) CredentialInfoList() irma.CredentialInfoList

CredentialInfoList returns a list of information of all contained credentials.

func (*Client) EnrolledSchemeManagers

func (client *Client) EnrolledSchemeManagers() []irma.SchemeManagerIdentifier

func (*Client) IssuanceProofBuilders

func (client *Client) IssuanceProofBuilders(
	request *irma.IssuanceRequest, choice *irma.DisclosureChoice, keyshareSession *keyshareSession,
) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *big.Int, error)

IssuanceProofBuilders constructs a list of proof builders in the issuance protocol for the future credentials as well as possibly any disclosed attributes, and generates a nonce against which the issuer's proof of knowledge must verify.

func (*Client) IssueCommitments

func (client *Client) IssueCommitments(request *irma.IssuanceRequest, choice *irma.DisclosureChoice,
) (*irma.IssueCommitmentMessage, gabi.ProofBuilderList, error)

IssueCommitments computes issuance commitments, along with disclosure proofs specified by choice, and also returns the credential builders which will become the new credentials upon combination with the issuer's signature.

func (*Client) KeyshareChangePin

func (client *Client) KeyshareChangePin(oldPin string, newPin string)

func (*Client) KeyshareEnroll

func (client *Client) KeyshareEnroll(manager irma.SchemeManagerIdentifier, email *string, pin string, lang string)

KeyshareEnroll attempts to enroll at the keyshare server of the specified scheme manager.

func (*Client) KeyshareRemove

func (client *Client) KeyshareRemove(manager irma.SchemeManagerIdentifier) error

KeyshareRemove unenrolls the keyshare server of the specified scheme manager and removes all associated credentials.

func (*Client) KeyshareRemoveAll

func (client *Client) KeyshareRemoveAll() error

KeyshareRemoveAll removes all keyshare server registrations and associated credentials.

func (*Client) KeyshareVerifyPin

func (client *Client) KeyshareVerifyPin(pin string, schemeid irma.SchemeManagerIdentifier) (bool, int, int, error)

KeyshareVerifyPin verifies the specified PIN at the keyshare server, returning if it succeeded; if not, how many tries are left, or for how long the user is blocked. If an error is returned it is of type *irma.SessionError.

func (*Client) LoadLogsBefore added in v0.4.0

func (client *Client) LoadLogsBefore(beforeIndex uint64, max int) ([]*LogEntry, error)

LoadLogsBefore returns the log entries of past events that took place before log entry with ID 'beforeIndex' (sorted from new to old, the result length is limited to max).

func (*Client) LoadNewestLogs added in v0.4.0

func (client *Client) LoadNewestLogs(max int) ([]*LogEntry, error)

LoadNewestLogs returns the log entries of latest past events (sorted from new to old, the result length is limited to max).

func (*Client) NewSession

func (client *Client) NewSession(sessionrequest string, handler Handler) SessionDismisser

NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request. When the request is not suitable to start an IRMA session from, it calls the Failure method of the specified Handler.

func (*Client) NonrevPrepare added in v0.5.0

func (client *Client) NonrevPrepare(request irma.SessionRequest) error

NonrevPrepare updates the revocation state for each credential in the request requiring a nonrevocation proof, using the updates included in the request, or the remote revocation server if those do not suffice.

func (*Client) NonrevUpdateFromServer added in v0.5.0

func (client *Client) NonrevUpdateFromServer(id irma.CredentialTypeIdentifier) error

func (*Client) PauseJobs added in v0.5.0

func (client *Client) PauseJobs()

PauseJobs pauses background job processing.

func (*Client) ProofBuilders

func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.SessionRequest,
) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *atum.Timestamp, error)

ProofBuilders constructs a list of proof builders for the specified attribute choice.

func (*Client) Proofs

func (client *Client) Proofs(choice *irma.DisclosureChoice, request irma.SessionRequest) (*irma.Disclosure, *atum.Timestamp, error)

Proofs computes disclosure proofs containing the attributes specified by choice.

func (*Client) RemoveCredential

func (client *Client) RemoveCredential(id irma.CredentialTypeIdentifier, index int) error

RemoveCredential removes the specified credential if that is allowed.

func (*Client) RemoveCredentialByHash

func (client *Client) RemoveCredentialByHash(hash string) error

RemoveCredentialByHash removes the specified credential.

func (*Client) RemoveRequestorScheme added in v0.15.0

func (client *Client) RemoveRequestorScheme(schemeID irma.RequestorSchemeIdentifier) error

RemoveRequestorScheme removes the given requestor scheme and all requestors and issue wizards related to it.

func (*Client) RemoveScheme added in v0.11.0

func (client *Client) RemoveScheme(schemeID irma.SchemeManagerIdentifier) error

RemoveScheme removes the given scheme manager and all credentials and log entries related to it.

func (*Client) RemoveStorage added in v0.5.0

func (client *Client) RemoveStorage() error

RemoveStorage removes all attributes, signatures, logs and userdata. This includes the user's secret key, keyshare servers and preferences/updates. A fresh secret key is installed.

func (*Client) SetPreferences added in v0.5.0

func (client *Client) SetPreferences(pref Preferences)

func (*Client) StartJobs added in v0.5.0

func (client *Client) StartJobs()

StartJobs performs scheduled background jobs in separate goroutines. Pause pending jobs with PauseJobs().

func (*Client) UnenrolledSchemeManagers

func (client *Client) UnenrolledSchemeManagers() []irma.SchemeManagerIdentifier

type ClientHandler

type ClientHandler interface {

	UpdateConfiguration(new *irma.IrmaIdentifierSet)
	Revoked(cred *irma.CredentialIdentifier)
	ReportError(err error)

ClientHandler informs the user that the configuration or the list of attributes that this client uses has been updated.

type DisclosureCandidate added in v0.5.0

type DisclosureCandidate struct {
	Value        irma.TranslatedString
	Expired      bool
	Revoked      bool
	NotRevokable bool

func (*DisclosureCandidate) Present added in v0.5.0

func (dc *DisclosureCandidate) Present() bool

type DisclosureCandidates added in v0.5.0

type DisclosureCandidates []*DisclosureCandidate

func (DisclosureCandidates) Choose added in v0.5.0

type Handler

type Handler interface {
	StatusUpdate(action irma.Action, status irma.ClientStatus)
	ClientReturnURLSet(clientReturnURL string)
	PairingRequired(pairingCode string)
	Success(result string)
	Failure(err *irma.SessionError)

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)

	RequestIssuancePermission(request *irma.IssuanceRequest,
		satisfiable bool,
		candidates [][]DisclosureCandidates,
		requestorInfo *irma.RequestorInfo,
		callback PermissionHandler)
	RequestVerificationPermission(request *irma.DisclosureRequest,
		satisfiable bool,
		candidates [][]DisclosureCandidates,
		requestorInfo *irma.RequestorInfo,
		callback PermissionHandler)
	RequestSignaturePermission(request *irma.SignatureRequest,
		satisfiable bool,
		candidates [][]DisclosureCandidates,
		requestorInfo *irma.RequestorInfo,
		callback PermissionHandler)
	RequestSchemeManagerPermission(manager *irma.SchemeManager,
		callback func(proceed bool))

	RequestPin(remainingAttempts int, callback PinHandler)

A Handler contains callbacks for communication to the user.

type KeyshareHandler

type KeyshareHandler interface {
	EnrollmentFailure(manager irma.SchemeManagerIdentifier, err error)
	EnrollmentSuccess(manager irma.SchemeManagerIdentifier)

KeyshareHandler is used for asking the user for his email address and PIN, for enrolling at a keyshare server.

type KeysharePinRequestor

type KeysharePinRequestor interface {
	RequestPin(remainingAttempts int, callback PinHandler)

KeysharePinRequestor is used to asking the user for his PIN.

type LogEntry

type LogEntry struct {
	// General info
	ID   uint64
	Type irma.Action
	Time irma.Timestamp // Time at which the session was completed

	// Credential removal
	Removed map[irma.CredentialTypeIdentifier][]irma.TranslatedString `json:",omitempty"`

	// Signature sessions
	SignedMessage          []byte          `json:",omitempty"`
	Timestamp              *atum.Timestamp `json:",omitempty"`
	SignedMessageLDContext string          `json:",omitempty"`

	// Issuance sessions
	IssueCommitment *irma.IssueCommitmentMessage `json:",omitempty"`

	// All session types
	ServerName *irma.RequestorInfo   `json:",omitempty"`
	Version    *irma.ProtocolVersion `json:",omitempty"`
	Disclosure *irma.Disclosure      `json:",omitempty"`
	Request    json.RawMessage       `json:",omitempty"` // Message that started the session
	// contains filtered or unexported fields

LogEntry is a log entry of a past event.

func (*LogEntry) GetDisclosedCredentials

func (entry *LogEntry) GetDisclosedCredentials(conf *irma.Configuration) ([][]*irma.DisclosedAttribute, error)

GetDisclosedCredentials gets the list of disclosed credentials for a log entry

func (*LogEntry) GetIssuedCredentials

func (entry *LogEntry) GetIssuedCredentials(conf *irma.Configuration) (list irma.CredentialInfoList, err error)

GetIssuedCredentials gets the list of issued credentials for a log entry

func (*LogEntry) GetSignedMessage

func (entry *LogEntry) GetSignedMessage() (abs *irma.SignedMessage, err error)

GetSignedMessage gets the signed for a log entry

func (*LogEntry) SessionRequest

func (entry *LogEntry) SessionRequest() (irma.SessionRequest, error)

type PermissionHandler

type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)

PermissionHandler is a callback for providing permission for an IRMA session and specifying the attributes to be disclosed.

type PinHandler

type PinHandler func(proceed bool, pin string)

PinHandler is used to provide the user's PIN code.

type Preferences

type Preferences struct {
	DeveloperMode bool

Preferences contains the preferences of the user of this client. TODO: consider if we should save irmamobile preferences here, because they would automatically be part of any backup and syncing solution we implement at a later time

type SessionDismisser

type SessionDismisser interface {

SessionDismisser can dismiss the current IRMA session.

type Signer added in v0.11.0

type Signer interface {
	// PublicKey fetches the public key.
	PublicKey(keyname string) ([]byte, error)

	// Sign the specified message using the private key.
	Sign(keyname string, msg []byte) ([]byte, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL