Documentation

Index

Constants

View Source
const (
	ComponentRevocation = "revocation"
	ComponentSession    = "session"
	ComponentStatic     = "static"
)
View Source
const (
	PostSizeLimit = 10 << 20 // 10 MB
	ReadTimeout   = 5 * time.Second
	WriteTimeout  = 2 * ReadTimeout
)

Variables

Functions

func BinaryResponse

func BinaryResponse(v interface{}, err *irma.RemoteError) (int, []byte)

func DoResultCallback

func DoResultCallback(callbackUrl string, result *SessionResult, issuer string, validity int, privatekey *rsa.PrivateKey)

func JsonResponse

func JsonResponse(v interface{}, err *irma.RemoteError) (int, []byte)

    JsonResponse JSON-marshals the specified object or error and returns it along with a suitable HTTP status code

    func LocalIP

    func LocalIP() (string, error)

      LocalIP returns the IP address of one of the (non-loopback) network interfaces

      func LogError

      func LogError(err error) error

      func LogFatal

      func LogFatal(err error) error

      func LogMiddleware

      func LogMiddleware(typ string, opts LogOptions) func(next http.Handler) http.Handler

        LogMiddleware is middleware for logging HTTP requests and responses.

        func LogRequest

        func LogRequest(typ, proto, method, url, from string, headers http.Header, message []byte)

        func LogResponse

        func LogResponse(url string, status int, duration time.Duration, binary bool, response []byte)

        func LogWarning

        func LogWarning(err error)

        func NewLogger

        func NewLogger(verbosity int, quiet bool, json bool) *logrus.Logger

        func ParseSessionRequest

        func ParseSessionRequest(request interface{}) (irma.RequestorRequest, error)

          ParseSessionRequest attempts to parse the input as an irma.RequestorRequest instance, accepting (skipping "irma.")

          - RequestorRequest instances directly (ServiceProviderRequest, SignatureRequestorRequest, IdentityProviderRequest)
          - SessionRequest instances (DisclosureRequest, SignatureRequest, IssuanceRequest)
          - JSON representations ([]byte or string) of any of the above.
          

          func RemoteError

          func RemoteError(err Error, message string) *irma.RemoteError

            RemoteError converts an error and an explaining message to an *irma.RemoteError.

            func ResultJwt

            func ResultJwt(sessionresult *SessionResult, issuer string, validity int, privatekey *rsa.PrivateKey) (string, error)

            func SizeLimitMiddleware

            func SizeLimitMiddleware(next http.Handler) http.Handler

            func TimeoutMiddleware

            func TimeoutMiddleware(except []string, timeout time.Duration) func(http.Handler) http.Handler

            func ToJson

            func ToJson(o interface{}) string

            func TypeString

            func TypeString(x interface{}) string

            func Verbosity

            func Verbosity(level int) logrus.Level

            func WriteBinaryResponse

            func WriteBinaryResponse(w http.ResponseWriter, object interface{}, rerr *irma.RemoteError)

            func WriteError

            func WriteError(w http.ResponseWriter, err Error, msg string)

              WriteError writes the specified error and explaining message as JSON to the http.ResponseWriter.

              func WriteJson

              func WriteJson(w http.ResponseWriter, object interface{})

                WriteJson writes the specified object as JSON to the http.ResponseWriter.

                func WriteResponse

                func WriteResponse(w http.ResponseWriter, object interface{}, rerr *irma.RemoteError)

                  WriteResponse writes the specified object or error as JSON to the http.ResponseWriter.

                  func WriteString

                  func WriteString(w http.ResponseWriter, str string)

                    WriteString writes the specified string to the http.ResponseWriter.

                    Types

                    type Configuration

                    type Configuration struct {
                    	// irma_configuration. If not given, this will be popupated using SchemesPath.
                    	IrmaConfiguration *irma.Configuration `json:"-"`
                    	// Path to IRMA schemes to parse into IrmaConfiguration (only used if IrmaConfiguration == nil).
                    	// If left empty, default value is taken using DefaultSchemesPath().
                    	// If an empty folder is specified, default schemes (irma-demo and pbdf) are downloaded into it.
                    	SchemesPath string `json:"schemes_path" mapstructure:"schemes_path"`
                    	// If specified, schemes found here are copied into SchemesPath (only used if IrmaConfiguration == nil)
                    	SchemesAssetsPath string `json:"schemes_assets_path" mapstructure:"schemes_assets_path"`
                    	// Disable scheme updating
                    	DisableSchemesUpdate bool `json:"disable_schemes_update" mapstructure:"disable_schemes_update"`
                    	// Update all schemes every x minutes (default value 0 means 60) (use DisableSchemesUpdate to disable)
                    	SchemesUpdateInterval int `json:"schemes_update" mapstructure:"schemes_update"`
                    	// Path to issuer private keys to parse
                    	IssuerPrivateKeysPath string `json:"privkeys" mapstructure:"privkeys"`
                    	// URL at which the IRMA app can reach this server during sessions
                    	URL string `json:"url" mapstructure:"url"`
                    	// Required to be set to true if URL does not begin with https:// in production mode.
                    	// In this case, the server would communicate with IRMA apps over plain HTTP. You must otherwise
                    	// ensure (using eg a reverse proxy with TLS enabled) that the attributes are protected in transit.
                    	DisableTLS bool `json:"disable_tls" mapstructure:"disable_tls"`
                    	// (Optional) email address of server admin, for incidental notifications such as breaking API changes
                    	// See https://github.com/privacybydesign/irmago/tree/master/server#specifying-an-email-address
                    	// for more information
                    	Email string `json:"email" mapstructure:"email"`
                    	// Enable server sent events for status updates (experimental; tends to hang when a reverse proxy is used)
                    	EnableSSE bool `json:"enable_sse" mapstructure:"enable_sse"`
                    
                    	// Static session requests that can be created by POST /session/{name}
                    	StaticSessions map[string]interface{} `json:"static_sessions"`
                    	// Static session requests after parsing
                    	StaticSessionRequests map[string]irma.RequestorRequest `json:"-"`
                    
                    	// Used in the "iss" field of result JWTs from /result-jwt and /getproof
                    	JwtIssuer string `json:"jwt_issuer" mapstructure:"jwt_issuer"`
                    	// Private key to sign result JWTs with. If absent, /result-jwt and /getproof are disabled.
                    	JwtPrivateKey     string `json:"jwt_privkey" mapstructure:"jwt_privkey"`
                    	JwtPrivateKeyFile string `json:"jwt_privkey_file" mapstructure:"jwt_privkey_file"`
                    	// Parsed JWT private key
                    	JwtRSAPrivateKey *rsa.PrivateKey `json:"-"`
                    	// Whether to allow callbackUrl to be set in session requests when no JWT privatekey is installed
                    	// (which is potentially unsafe depending on the setup)
                    	AllowUnsignedCallbacks bool `json:"allow_unsigned_callbacks" mapstructure:"allow_unsigned_callbacks"`
                    	// Whether to augment the clientreturnurl with the server token of the request (this allows for stateless
                    	// requestor servers more easily)
                    	AugmentClientReturnURL bool `json:"augment_client_return_url" mapstructure:"augment_client_return_url"`
                    
                    	// Logging verbosity level: 0 is normal, 1 includes DEBUG level, 2 includes TRACE level
                    	Verbose int `json:"verbose" mapstructure:"verbose"`
                    	// Don't log anything at all
                    	Quiet bool `json:"quiet" mapstructure:"quiet"`
                    	// Output structured log in JSON format
                    	LogJSON bool `json:"log_json" mapstructure:"log_json"`
                    	// Custom logger instance. If specified, Verbose, Quiet and LogJSON are ignored.
                    	Logger *logrus.Logger `json:"-"`
                    
                    	// Connection string for revocation database
                    	RevocationDBConnStr string `json:"revocation_db_str" mapstructure:"revocation_db_str"`
                    	// Database type for revocation database, supported: postgres, mysql
                    	RevocationDBType string `json:"revocation_db_type" mapstructure:"revocation_db_type"`
                    	// Credentials types for which revocation database should be hosted
                    	RevocationSettings irma.RevocationSettings `json:"revocation_settings" mapstructure:"revocation_settings"`
                    
                    	// Production mode: enables safer and stricter defaults and config checking
                    	Production bool `json:"production" mapstructure:"production"`
                    }

                      Configuration contains configuration for the irmaserver library and irmad.

                      func (*Configuration) Check

                      func (conf *Configuration) Check() error

                        Check ensures that the Configuration is loaded, usable and free of errors.

                        func (*Configuration) HavePrivateKeys

                        func (conf *Configuration) HavePrivateKeys() bool

                        type Error

                        type Error struct {
                        	Type        ErrorType `json:"error"`
                        	Status      int       `json:"status"`
                        	Description string    `json:"description"`
                        }

                          Error represents an error that occured during an IRMA sessions.

                          var (
                          	ErrorInvalidTimestamp          Error = Error{Type: "INVALID_TIMESTAMP", Status: 400, Description: "Timestamp was not an epoch boundary"}
                          	ErrorIssuingDisabled           Error = Error{Type: "ISSUING_DISABLED", Status: 403, Description: "This server does not support issuing"}
                          	ErrorMalformedVerifierRequest  Error = Error{Type: "MALFORMED_VERIFIER_REQUEST", Status: 400, Description: "Malformed verification request"}
                          	ErrorMalformedSignatureRequest Error = Error{Type: "MALFORMED_SIGNATURE_REQUEST", Status: 400, Description: "Malformed signature request"}
                          	ErrorMalformedIssuerRequest    Error = Error{Type: "MALFORMED_ISSUER_REQUEST", Status: 400, Description: "Malformed issuer request"}
                          	ErrorUnauthorized              Error = Error{Type: "UNAUTHORIZED", Status: 403, Description: "You are not authorized to issue or verify this attribute"}
                          	ErrorAttributesWrong           Error = Error{Type: "ATTRIBUTES_WRONG", Status: 400, Description: "Specified attribute(s) do not belong to this credential type or missing attributes"}
                          	ErrorCannotIssue               Error = Error{Type: "CANNOT_ISSUE", Status: 500, Description: "Cannot issue this credential"}
                          
                          	ErrorIssuanceFailed       Error = Error{Type: "ISSUANCE_FAILED", Status: 500, Description: "Failed to create credential(s)"}
                          	ErrorInvalidProofs        Error = Error{Type: "INVALID_PROOFS", Status: 400, Description: "Invalid secret key commitments and/or disclosure proofs"}
                          	ErrorAttributesMissing    Error = Error{Type: "ATTRIBUTES_MISSING", Status: 400, Description: "Not all requested-for attributes were present"}
                          	ErrorAttributesExpired    Error = Error{Type: "ATTRIBUTES_EXPIRED", Status: 400, Description: "Disclosed attributes were expired"}
                          	ErrorUnexpectedRequest    Error = Error{Type: "UNEXPECTED_REQUEST", Status: 403, Description: "Unexpected request in this state"}
                          	ErrorUnknownPublicKey     Error = Error{Type: "UNKNOWN_PUBLIC_KEY", Status: 403, Description: "Attributes were not valid against a known public key"}
                          	ErrorKeyshareProofMissing Error = Error{Type: "KEYSHARE_PROOF_MISSING", Status: 403, Description: "ProofP object from a keyshare server missing"}
                          	ErrorSessionUnknown       Error = Error{Type: "SESSION_UNKNOWN", Status: 400, Description: "Unknown or expired session"}
                          	ErrorMalformedInput       Error = Error{Type: "MALFORMED_INPUT", Status: 400, Description: "Input could not be parsed"}
                          	ErrorUnknown              Error = Error{Type: "EXCEPTION", Status: 500, Description: "Encountered unexpected problem"}
                          	ErrorRevocation           Error = Error{Type: "REVOCATION", Status: 500, Description: "Revocation error"}
                          	ErrorUnknownRevocationKey Error = Error{Type: "UNKNOWN_REVOCATION_KEY", Status: 404, Description: "No issuance records correspond to the given revocationKey"}
                          
                          	ErrorUnsupported     Error = Error{Type: "UNSUPPORTED", Status: 501, Description: "Unsupported by this server"}
                          	ErrorInvalidRequest  Error = Error{Type: "INVALID_REQUEST", Status: 400, Description: "Invalid HTTP request"}
                          	ErrorProtocolVersion Error = Error{Type: "PROTOCOL_VERSION", Status: 400, Description: "Protocol version negotiation failed"}
                          )

                          type ErrorType

                          type ErrorType string

                          type LegacySessionResult

                          type LegacySessionResult struct {
                          	Token       string                     `json:"token"`
                          	Status      Status                     `json:"status"`
                          	Type        irma.Action                `json:"type"`
                          	ProofStatus irma.ProofStatus           `json:"proofStatus,omitempty"`
                          	Disclosed   []*irma.DisclosedAttribute `json:"disclosed,omitempty"`
                          	Signature   *irma.SignedMessage        `json:"signature,omitempty"`
                          	Err         *irma.RemoteError          `json:"error,omitempty"`
                          }

                            Remove this when dropping support for legacy pre-condiscon session requests

                            type LogOptions

                            type LogOptions struct {
                            	Response, Headers, From, EncodeBinary bool
                            }

                            type SessionHandler

                            type SessionHandler func(*SessionResult)

                              SessionHandler is a function that can handle a session result once an IRMA session has completed.

                              type SessionPackage

                              type SessionPackage struct {
                              	SessionPtr *irma.Qr `json:"sessionPtr"`
                              	Token      string   `json:"token"`
                              }

                              type SessionResult

                              type SessionResult struct {
                              	Token       string                       `json:"token"`
                              	Status      Status                       `json:"status"`
                              	Type        irma.Action                  `json:"type"'`
                              	ProofStatus irma.ProofStatus             `json:"proofStatus,omitempty"`
                              	Disclosed   [][]*irma.DisclosedAttribute `json:"disclosed,omitempty"`
                              	Signature   *irma.SignedMessage          `json:"signature,omitempty"`
                              	Err         *irma.RemoteError            `json:"error,omitempty"`
                              
                              	LegacySession bool `json:"-"` // true if request was started with legacy (i.e. pre-condiscon) session request
                              }

                                SessionResult contains session information such as the session status, type, possible errors, and disclosed attributes or attribute-based signature if appropriate to the session type.

                                func (*SessionResult) Legacy

                                func (r *SessionResult) Legacy() *LegacySessionResult

                                  Remove this when dropping support for legacy pre-condiscon session requests

                                  type Status

                                  type Status string

                                    Status is the status of an IRMA session.

                                    const (
                                    	StatusInitialized Status = "INITIALIZED" // The session has been started and is waiting for the client
                                    	StatusConnected   Status = "CONNECTED"   // The client has retrieved the session request, we wait for its response
                                    	StatusCancelled   Status = "CANCELLED"   // The session is cancelled, possibly due to an error
                                    	StatusDone        Status = "DONE"        // The session has completed successfully
                                    	StatusTimeout     Status = "TIMEOUT"     // Session timed out
                                    )

                                    func (Status) Finished

                                    func (status Status) Finished() bool

                                    Directories

                                    Path Synopsis
                                    Required to be main when building a shared library
                                    Required to be main when building a shared library
                                    Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
                                    Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
                                    Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.
                                    Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.