Documentation
¶
Index ¶
- Constants
- func EncodeAttributeClaimDataForSigning(metadata Metadata, attribute string, value interface{}) ([]byte, error)
- func EncodeAttributeClaimDataForSigningOption(metadata Metadata, attribute string, value interface{}, canonicalMarshal bool) ([]byte, error)
- func VerifyClaim(cred *VerifiableCredential, attribute string, publicKey ed25519.PublicKey) error
- type Builder
- type Claim
- type CredentialStatus
- type JSONSchema
- type Metadata
- func NewDefaultMetadata(id string, issuer did.DID, schema string, baseRevocationURL did.URI) Metadatadeprecated
- func NewMetadataWithTimestamp(id string, issuer did.DID, schema string, baseRevocationURL did.URI, ...) Metadata
- func NewMetadataWithTimestampAndExpiry(id string, issuer did.DID, schema string, baseRevocationURL did.URI, ...) Metadata
- type RawCredential
- type Schema
- type VerifiableCredential
Constants ¶
const ( ModelVersionV1 = "1.0" W3Context = "https://www.w3.org/2018/credentials/v1" Type = "VerifiableCredential" SchemaType = "JsonSchemaValidatorWorkday2019" RevocationType = "WorkdayRevocation2020" SubjectIDAttribute = "id" )
Variables ¶
This section is empty.
Functions ¶
func EncodeAttributeClaimDataForSigning ¶
func EncodeAttributeClaimDataForSigning(metadata Metadata, attribute string, value interface{}) ([]byte, error)
EncodeAttributeClaimDataForSigning creates a canonical byte array using the constituent parts of the credential that are required for generating a claim proof digital signature. See EncodeAttributeClaimDataForSigningOption.
func EncodeAttributeClaimDataForSigningOption ¶
func EncodeAttributeClaimDataForSigningOption(metadata Metadata, attribute string, value interface{}, canonicalMarshal bool) ([]byte, error)
EncodeAttributeClaimDataForSigningOption creates a byte array using the constituent parts of the credential that are required for generating a claim proof digital signature. Claim Proofs include the credential metadata and claim/attribute name and value. This can be thought of as a redacted version of the credential that contains a single claim.
func VerifyClaim ¶
func VerifyClaim(cred *VerifiableCredential, attribute string, publicKey ed25519.PublicKey) error
VerifyClaim verifies the digital signature of the Claim Proof associated with the given attribute and public key. An error will be returned if the signature is either invalid or if a Claim Proof cannot be found for the given attribute.
Types ¶
type Builder ¶
type Builder struct {
// SubjectDID is the Decentralized ID of the subject of the credential, who is normally also the
// credential Holder. This is recorded as the "id" (JSON-LD "@id") property in the
// credentialSubject block of the credential.
SubjectDID did.DID `validate:"required"`
// Data is a map of claims that adhere to the schema referenced in the Metadata.
Data map[string]interface{}
// Metadata is information about the credential.
Metadata *Metadata `validate:"required"`
// Signer has the ability to generate a digital signature for a provided signature type.
Signer proof.Signer `validate:"required"`
// SignatureType specifies the suite used to generate the credential signature
SignatureType proof.SignatureType `validate:"required"`
// ProofVersion defaults to 2, which is the latest. Optionally can set it to other values.
ProofVersion proof.ModelVersion
}
Builder is used to construct signed Verifiable Credential.
func (Builder) Build ¶
func (b Builder) Build() (*VerifiableCredential, error)
Build returns a signed Verifiable Credential using the current state of the builder.
type Claim ¶
type Claim struct {
EncodedClaim []byte `json:"encodedClaim"`
*proof.Proof `json:"proof,omitempty"`
}
Used to allow encoded claims to comply with the `Provable` interface
type CredentialStatus ¶
type JSONSchema ¶
type JSONSchema struct {
Version string `json:"version"`
Name string `json:"name"`
Type string `json:"type"`
Author string `json:"author"`
Authored string `json:"authored"`
}
JSONSchema for a credential schema.
type Metadata ¶
type Metadata struct {
// ModelVersion is a string that represents the data model version. As the system evolves,
// different versions will have different capabilities, and the system must be able to
// distinguish which model to use for de-serializing any JSON representations into concrete
// objects. This version can change independently of the @context property, and should be
// considered Workday specific.
ModelVersion string `json:"modelVersion,omitempty"`
// From the W3C Verfiable Credentials Data Model specification...
// The value of the @context property MUST be an ordered set where the first item is a URI with
// the value https://www.w3.org/2018/credentials/v1. For reference, a copy of the base context
// is provided in Appendix § B. Base Context. Subsequent items in the array MUST express context
// information and be composed of any combination of URIs or objects. It is RECOMMENDED that
// each URI in the @context be one which, if de-referenced, results in a document containing
// machine-readable information about the @context.
Context []string `json:"@context"`
// From the W3C Verifiable Credentials Data Model specification...
// If the id property is present:
// 1) The id property MUST express an identifier that others are expected to use when expressing
// statements about a specific thing identified by that identifier.
// 2) The id property MUST NOT have more than one value.
// 3) The value of the id property MUST be a URI.
ID string `json:"id,omitempty"`
// From the W3C Verifiable Credentials Data Model specification...
// The value of the type property MUST be, or map to (through interpretation of the @context
// property), one or more URIs. If more than one URI is provided, the URIs MUST be interpreted
// as an unordered set. Syntactic conveniences SHOULD be used to ease developer usage. Such
// conveniences might include JSON-LD terms. It is RECOMMENDED that each URI in the type be one
// which, if de-referenced, results in a document containing machine-readable information about
// the type.
Type []string `json:"type"`
// From the W3C Verifiable Credentials Data Model specification...
// The value of the issuer property MUST be either a URI or an object containing an id property.
// It is RECOMMENDED that the URI in the issuer or its id be one which, if de-referenced,
// results in a document containing machine-readable information about the issuer that can be
// used to verify the information expressed in the credential.
Issuer did.DID `json:"issuer,omitempty"`
// From the W3C Verifiable Credentials Data Model specification...
// A credential MUST have an issuanceDate property. The value of the issuanceDate property MUST
// be a string value of an [RFC3339] combined date and time string representing the date and
// time the credential becomes valid, which could be a date and time in the future. Note that
// this value represents the earliest point in time at which the information associated with
// the credentialSubject property becomes valid.
IssuanceDate string `json:"issuanceDate,omitempty"`
// From the W3C Verifiable Credentials Data Model specification...
// The value of the credentialSchema property MUST be one or more data schemas that provide
// verifiers with enough information to determine if the provided data conforms to the provided
// schema. Each credentialSchema MUST specify its type (for example, JsonSchemaValidator2018),
// and an id property that MUST be a URI identifying the schema file. The precise contents of
// each data schema is determined by the specific type definition.
Schema Schema `json:"credentialSchema,omitempty"`
// From the W3C Verifiable Credentials Data Model specification...
// If present, the value of the expirationDate property MUST be a string value of an [RFC3339]
// combined date and time string representing the date and time the credential ceases to be valid.
ExpirationDate string `json:"expirationDate,omitempty"`
// From the W3C Verifiable Credentials Data Model specification...
// This specification defines the following credentialStatus property for the discovery of information about the
// current status of a verifiable credential, such as whether it is suspended or revoked.
// The credentialStatus object consists of two properties:
// id — which MUST be a URL
// type - which expresses the credential status type (also referred to as the credential status method).
// It is expected that the value will provide enough information to determine the current status of the credential.
// For example, the object could contain a link to an external document noting whether or not the credential is
// suspended or revoked.
CredentialStatus *CredentialStatus `json:"credentialStatus,omitempty"`
}
Metadata is the information about the set of claims in the Verifiable Credential.
func NewMetadataWithTimestamp ¶
func NewMetadataWithTimestamp(id string, issuer did.DID, schema string, baseRevocationURL did.URI, issuanceDate time.Time) Metadata
NewMetadataWithTimestamp returns Metadata for a credential with a specified IssuanceDate. Currently in Workday, the issuance date is determined by the offer date, although this is not a requirement in the W3C model, and in the future we may expose this to Issuers.
type RawCredential ¶
type RawCredential struct {
VerifiableCredential
Raw []byte `json:"-"`
}
RawCredential is a wrapper around a byte array that holds a credential in raw JSON format. The byte array can be considered the data and the VerifiableCredential acts as a view into the data. Mutations to the data must go directly through this object in order to keep the raw form and the view in sync. The purpose of this struct is to enable changes to the Credential model without disrupting the processing in the mobile code (exposed through gomobile).
func AsRawCredential ¶
func AsRawCredential(cred VerifiableCredential) (*RawCredential, error)
AsRawCredential creates a RawCredential that wraps a deep copy of the given credential.
func (*RawCredential) Filter ¶
func (c *RawCredential) Filter(attrSet map[string]bool) (*RawCredential, error)
Filter returns a copy of this RawCredential with only the claims (credentialSubject and claimProofs) specified in the attribute set. This is intended to support selective disclosure of claims during a presentation exchange.
func (RawCredential) MarshalJSON ¶
func (c RawCredential) MarshalJSON() ([]byte, error)
func (*RawCredential) UnmarshalJSON ¶
func (c *RawCredential) UnmarshalJSON(bits []byte) error
type Schema ¶
Schema is a URI that points to a JSON Schema, which can be used to validate the shape of the credential. Workday currently only supports the "JsonSchemaValidator2018" type.
type VerifiableCredential ¶
type VerifiableCredential struct {
Metadata
CredentialSubject map[string]interface{} `json:"credentialSubject"`
ClaimProofs map[string]proof.Proof `json:"claimProofs,omitempty"`
*proof.Proof `json:"proof,omitempty"`
}
VerifiableCredential is a digitally signed set of claims that adhere's to the W3C Verifiable Credentials data model. The set of claims, claim proofs, and associated metadata held within a Verifiable Credential. The "claimProofs" property is unique to Workday credentials and represents our implementation of attribute-level selective disclosure without Zero-Knowledge Proofs.
func (*VerifiableCredential) GetProof ¶
func (v *VerifiableCredential) GetProof() *proof.Proof
func (*VerifiableCredential) IsEmpty ¶
func (v *VerifiableCredential) IsEmpty() bool
IsEmpty returns true if the credential is nil or contains no data.
func (*VerifiableCredential) SetProof ¶
func (v *VerifiableCredential) SetProof(p *proof.Proof)
func (*VerifiableCredential) ToJSON ¶
func (v *VerifiableCredential) ToJSON() (string, error)
Source Files
Directories