register

package
v3.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 14, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DocumentContext context in document.
	DocumentContext = "https://w3id.org/did/v1"

	// PublicKeyTypeString key type string for public key section.
	PublicKeyTypeString = "Secp256k1VerificationKey2018"

	// AuthenticationKeyTypeString key type string for authentication section.
	AuthenticationKeyTypeString = "Secp256k1SignatureAuthentication2018"
)
View Source 
const (
	// PublicKeyType public key type
	PublicKeyType = iota

	// AuthenticationKeyType authentication key type
	AuthenticationKeyType
)
View Source 
const DefaultAuthTokenStartOffset = 30

DefaultAuthTokenStartOffset is the default offset for token valid-from time used. This is to avoid tokens being rejected when the client time is marginally ahead of the server (i.e. resolver or Iotics host)

Variables

This section is empty.

Functions

func CloneRegisterDelegationProof 

func CloneRegisterDelegationProof(obj map[string]*RegisterDelegationProof) map[string]*RegisterDelegationProof

CloneRegisterDelegationProof Clone a RegisterDelegationProof

func CloneRegisterPublicKey 

func CloneRegisterPublicKey(obj map[string]*RegisterPublicKey) map[string]*RegisterPublicKey

CloneRegisterPublicKey Clone a RegisterPublicKey

func GetResolverFromEnv 

func GetResolverFromEnv() (string, error)

GetResolverFromEnv lookup RESOLVER from environment

func IsAllowFor 

func IsAllowFor(ctx context.Context, resolverClient ResolverClient, issuer *Issuer, issuerDoc *RegisterDocument, subjectDoc *RegisterDocument, includeAuth bool) (bool, error)

IsAllowFor Check if the issuer is allowed for control (authentication if include_auth = True) on the subject register. Returns both whether control is allowed as well as the associated error. (This can be used to e.g. treat certain errors differently such as ResolverError - or can instead be ignored).

func IsContextError 

func IsContextError(err error) bool

IsContextError returns true if the provided error is of type context.Canceled or context.DeadlineExceeded

func IsResolverError 

func IsResolverError(err error) bool

IsResolverError returns true if the provided error is of type ResolverError

func NewResolverError 

func NewResolverError(err error, errType ResolverErrType) error

NewResolverError Create a new error (For tests)

func ValidateAllowedForAuth 

func ValidateAllowedForAuth(ctx context.Context, resolverClient ResolverClient, issuer *Issuer, subjectID string) error

ValidateAllowedForAuth Validate if issuer is allowed for authentication on the register document associated to the subject.

func ValidateAllowedForControl 

func ValidateAllowedForControl(ctx context.Context, resolverClient ResolverClient, issuer *Issuer, subjectID string) error

ValidateAllowedForControl Validate if issuer is allowed for control on the register document associated to the subject decentralised.

func ValidateDelegation 

func ValidateDelegation(ctx context.Context, resolverClient ResolverClient, registeredID string, registeredProof *RegisterDelegationProof) error

ValidateDelegation Validate register delegation proof against the delegation controller register document.

Types

type AuthenticationClaims 

type AuthenticationClaims struct {
	Issuer    *Issuer
	Subject   string
	Audience  string
	IssuedAt  int64
	ExpiresAt int64
}

AuthenticationClaims Structure for returning decoded authentication tokens

func DecodeAuthToken 

func DecodeAuthToken(token JwtToken, publicKeyBase58 string, audience string) (*AuthenticationClaims, error)

DecodeAuthToken Decode a authentication token

func DecodeAuthTokenNoVerify 

func DecodeAuthTokenNoVerify(token JwtToken) (*AuthenticationClaims, error)

DecodeAuthTokenNoVerify Decode a authentication token without verifying it

func VerifyAuthentication 

func VerifyAuthentication(ctx context.Context, resolverClient ResolverClient, token JwtToken) (*AuthenticationClaims, error)

VerifyAuthentication Verify if the authentication token is allowed for authentication.

type ChallengeClaims 

type ChallengeClaims struct {
	Signature string
	Issuer    *Issuer
	Audience  string
}

ChallengeClaims structure for decoded challenge tokens

func DecodeChallengeToken 

func DecodeChallengeToken(token JwtToken, publicKeyBase58 string, audience string) (*ChallengeClaims, error)

DecodeChallengeToken Decode a challenge token

func DecodeChallengeTokenNoVerify 

func DecodeChallengeTokenNoVerify(token JwtToken) (*ChallengeClaims, error)

DecodeChallengeTokenNoVerify Decode a challenge token without verifying it

type DelegationProofType 

type DelegationProofType string

DelegationProofType

  • did: that means the proof can be used to setup a delegation from single delegating subject. The signed proof content is the encoded DID Identifier of the delegating subject.
  • generic: that means the proof can be used to setup a delegation from several delegating subjects. The signed proof content is an empty byte array.

In case of conflict, unknown value, the most restrictive type (did) is used 

const (
	DidProof     DelegationProofType = "did"
	GenericProof DelegationProofType = "generic"
)

type DidDocumentClaims 

type DidDocumentClaims struct {
	Doc      *RegisterDocument
	Issuer   *Issuer
	Audience string
}

DidDocumentClaims structure for decoded document tokens

func DecodeDocumentToken 

func DecodeDocumentToken(token JwtToken, publicKeyBase58 string, audience string) (*DidDocumentClaims, error)

DecodeDocumentToken Decode a document token

func DecodeDocumentTokenNoVerify 

func DecodeDocumentTokenNoVerify(token JwtToken) (*DidDocumentClaims, error)

DecodeDocumentTokenNoVerify Decode a document token without verifying it

type Issuer 

type Issuer struct {
	Did  string
	Name string
}

Issuer struct

func NewIssuer 

func NewIssuer(did string, name string) (*Issuer, error)

NewIssuer creates a valid issuer or returns an error.

func NewIssuerFromString 

func NewIssuerFromString(issuerString string) (*Issuer, error)

NewIssuerFromString creates a valid issuer from issuer string or returns an error.

func (Issuer) String 

func (i Issuer) String() string

String returns the object as a string.

type IssuerKey 

type IssuerKey struct {
	Issuer          *Issuer
	PublicKeyBase58 string
}

IssuerKey combines Issuer and public key base58 string

func NewIssuerKey 

func NewIssuerKey(did string, name string, publicKeyBase58 string) (*IssuerKey, error)

NewIssuerKey builds an issuer key from identifier, name and public key.

type JwtToken 

type JwtToken string

JwtToken JWT Token type of string

func CreateAuthToken 

func CreateAuthToken(issuer *Issuer, subject string, audience string, duration time.Duration, privateKey *ecdsa.PrivateKey, startOffset int) (JwtToken, error)

CreateAuthToken Create an authentication jwt token

func CreateChallengeToken 

func CreateChallengeToken(pr *proof.Proof, privateKey *ecdsa.PrivateKey) (JwtToken, error)

CreateChallengeToken returns a new challenge token from the proof.

func CreateDocumentToken 

func CreateDocumentToken(issuer *Issuer, audience string, doc *RegisterDocument, privateKey *ecdsa.PrivateKey) (JwtToken, error)

CreateDocumentToken Create a register document jwt token

type KeyType 

type KeyType uint

KeyType number

func NewKeyType 

func NewKeyType(value string) (KeyType, error)

NewKeyType get KeyType uint given string type

func (KeyType) String 

func (keyType KeyType) String() string

String KeyType to string

type Metadata 

type Metadata struct {
	Label   string `json:"label,omitempty"`
	Comment string `json:"comment,omitempty"`
	URL     string `json:"url,omitempty"`
}

Metadata optional structure on DID Document.

type NoopResolverClientMetrics added in v3.2.0 

type NoopResolverClientMetrics struct{}

Noop metrics

func (NoopResolverClientMetrics) RecordConnection added in v3.2.0 

func (NoopResolverClientMetrics) RecordConnection()

func (NoopResolverClientMetrics) RecordConnectionReleased added in v3.2.0 

func (NoopResolverClientMetrics) RecordConnectionReleased()

func (NoopResolverClientMetrics) RecordError added in v3.2.0 

func (NoopResolverClientMetrics) RecordError(errType ResolverErrType)

type RegisterDelegationProof 

type RegisterDelegationProof struct {
	ID         string              `json:"id"`
	Controller string              `json:"controller"`
	Proof      string              `json:"proof"`
	ProofType  DelegationProofType `json:"proofType,omitempty"`
	Revoked    bool                `json:"revoked,omitempty"`
}

RegisterDelegationProof structure on delegation.

func GetIssuerRegisterDelegationProof 

func GetIssuerRegisterDelegationProof(issuerName string, document *RegisterDocument, includeAuth bool) (*RegisterDelegationProof, error)

GetIssuerRegisterDelegationProof Find a register delegation proof by issuer.

func GetIssuerRegisterDelegationProofByController 

func GetIssuerRegisterDelegationProofByController(controller string, document *RegisterDocument, includeAuth bool) (*RegisterDelegationProof, error)

GetIssuerRegisterDelegationProofByController Find a register delegation proof by controller issuer.

func NewRegisterDelegationProof 

func NewRegisterDelegationProof(name string, controller string, proof string, proofType DelegationProofType, revoked bool) (*RegisterDelegationProof, error)

NewRegisterDelegationProof returns a new register delegation proof from the current setting revoke field.

func (RegisterDelegationProof) Clone 

func (r RegisterDelegationProof) Clone() (*RegisterDelegationProof, error)

Clone clone a RegisterDelegationProof

type RegisterDocument 

type RegisterDocument struct {
	Context                string                    `json:"@context"`
	ID                     string                    `json:"id"`
	IoticsSpecVersion      string                    `json:"ioticsSpecVersion"`
	IoticsDIDType          string                    `json:"ioticsDIDType"` // note: also known as Purpose
	Controller             string                    `json:"controller,omitempty"`
	Creator                string                    `json:"creator,omitempty"`
	UpdateTime             int64                     `json:"updateTime"` // milliseconds
	Proof                  string                    `json:"proof"`
	Revoked                bool                      `json:"revoked,omitempty"`
	AuthenticationKeys     []RegisterPublicKey       `json:"authentication,omitempty"`
	PublicKeys             []RegisterPublicKey       `json:"publicKey"`
	DelegateAuthentication []RegisterDelegationProof `json:"delegateAuthentication,omitempty"`
	DelegateControl        []RegisterDelegationProof `json:"delegateControl,omitempty"`
	Metadata               Metadata                  `json:"metadata,omitempty"`
}

RegisterDocument structure for document data.

func NewRegisterDocument 

func NewRegisterDocument(opts []RegisterDocumentOpts) (*RegisterDocument, []error)

NewRegisterDocument Build a valid immutable register document.

func (RegisterDocument) PublicKeyByID 

func (document RegisterDocument) PublicKeyByID(id string) *RegisterPublicKey

PublicKeyByID get public key by ID (note: excluding authentication keys).

func (RegisterDocument) Validate 

func (document RegisterDocument) Validate() []error

Validate Document validation (correct fields, lengths, types etc NOT CRYPTO)

type RegisterDocumentBuilder 

type RegisterDocumentBuilder struct {
	ID                     string
	Purpose                string
	Proof                  string
	Revoked                bool
	Metadata               Metadata
	Creator                string
	SpecVersion            string
	UpdateTime             int64
	Controller             string
	PublicKeys             map[string]*RegisterPublicKey
	AuthenticationKeys     map[string]*RegisterPublicKey
	DelegateAuthentication map[string]*RegisterDelegationProof
	DelegateControl        map[string]*RegisterDelegationProof
}

RegisterDocumentBuilder is used to create RegisterDocument but uses maps instead of slices so that we can better handle keys by name NOTE: is this really necessary? we could let the client to set the RegisterDocument correctly with some validation to take care of edge cases if someone would add the same name/ID multiple times?

func (RegisterDocumentBuilder) Clone 

func (b RegisterDocumentBuilder) Clone() *RegisterDocumentBuilder

Clone a RegisterDocumentBuilder

type RegisterDocumentOpts 

type RegisterDocumentOpts func(builder *RegisterDocumentBuilder) error

RegisterDocumentOpts document builder options holder type

func AddAuthenticationDelegation 

func AddAuthenticationDelegation(name string, controller string, proof string, proofType DelegationProofType, revoked bool) RegisterDocumentOpts

AddAuthenticationDelegation returns a function which will add authentication delegation to the RegisterDocument this function is idempotent, so if the same key (with the same name/ID) is added, it overwrites the previous one

func AddAuthenticationDelegationObj 

func AddAuthenticationDelegationObj(obj *RegisterDelegationProof) RegisterDocumentOpts

AddAuthenticationDelegationObj Add RegisterDelegationProof object

func AddAuthenticationKey 

func AddAuthenticationKey(name string, publicKeyBase58 string, revoked bool) RegisterDocumentOpts

AddAuthenticationKey returns a function which will add an authentication key to the RegisterDocument this function is idempotent, so if the same key (with the same name/ID) is added, it overwrites the previous one

func AddAuthenticationKeyObj 

func AddAuthenticationKeyObj(obj *RegisterPublicKey) RegisterDocumentOpts

AddAuthenticationKeyObj add RegisterPublicKey object

func AddControlDelegation 

func AddControlDelegation(name string, controller string, proof string, proofType DelegationProofType, revoked bool) RegisterDocumentOpts

AddControlDelegation returns a function which will add control delegation to the RegisterDocument this function is idempotent, so if the same key (with the same name/ID) is added, it overwrites the previous one

func AddControlDelegationObj 

func AddControlDelegationObj(obj *RegisterDelegationProof) RegisterDocumentOpts

AddControlDelegationObj add RegisterDelegationProof object

func AddFromExistingDocument 

func AddFromExistingDocument(doc *RegisterDocument) RegisterDocumentOpts

AddFromExistingDocument Build a new document from an existing one

func AddPublicKey 

func AddPublicKey(name string, publicKeyBase58 string, revoked bool) RegisterDocumentOpts

AddPublicKey returns a function which will add a public key to the RegisterDocument this function is idempotent, so if the same key (with the same name/ID) is added, it overwrites the previous one

func AddPublicKeyObj 

func AddPublicKeyObj(obj *RegisterPublicKey) RegisterDocumentOpts

AddPublicKeyObj add RegisterPublicKey object

func AddRootParams 

func AddRootParams(id string, purpose identity.DidType, proof string, revoked bool) RegisterDocumentOpts

AddRootParams Add root parameters ID, Purpose, Proof, Revoked

func RemoveKey 

func RemoveKey(name string) RegisterDocumentOpts

RemoveKey returns a function which will remove a key or delegation from the RegisterDocument if it exists

func RevokeKey 

func RevokeKey(name string) RegisterDocumentOpts

RevokeKey returns a function which will remove a key or delegation from the RegisterDocument if it exists

func SetDocumentController 

func SetDocumentController(controller string) RegisterDocumentOpts

SetDocumentController Set document controller

func SetDocumentCreator 

func SetDocumentCreator(creator string) RegisterDocumentOpts

SetDocumentCreator Set document creator

func SetDocumentRevoked 

func SetDocumentRevoked(revoked bool) RegisterDocumentOpts

SetDocumentRevoked Set document revoked

type RegisterPublicKey 

type RegisterPublicKey struct {
	ID              string `json:"id"`
	Type            string `json:"type"`
	PublicKeyBase58 string `json:"publicKeyBase58"`
	Revoked         bool   `json:"revoked,omitempty"`
}

RegisterPublicKey structure for key used in authentication and publicKey in lists.

func GetIssuerRegisterKey 

func GetIssuerRegisterKey(issuerName string, document *RegisterDocument, includeAuth bool) (*RegisterPublicKey, error)

GetIssuerRegisterKey Find a register key by issuer.

func GetOwnerRegisterPublicKey 

func GetOwnerRegisterPublicKey(document *RegisterDocument) (*RegisterPublicKey, error)

GetOwnerRegisterPublicKey Get the register document initial owner public key.

func NewRegisterPublicKey 

func NewRegisterPublicKey(name string, keyType KeyType, publicKeyBase58 string, revoked bool) (*RegisterPublicKey, error)

NewRegisterPublicKey returns a new register public key from the current setting revoke field.

func NewRegisterPublicKeyFromMap 

func NewRegisterPublicKeyFromMap(data map[string]interface{}) (*RegisterPublicKey, error)

NewRegisterPublicKeyFromMap returns a new register public key from map

func (RegisterPublicKey) Base58 

func (r RegisterPublicKey) Base58() string

Base58 get public key base58

func (RegisterPublicKey) Clone 

func (r RegisterPublicKey) Clone() (*RegisterPublicKey, error)

Clone clone a RegisterPublicKey and return a new one

func (RegisterPublicKey) Equal 

func (r RegisterPublicKey) Equal(other RegisterPublicKey) bool

Equal compare RegisterPublicKey instances

func (RegisterPublicKey) IsRevoked 

func (r RegisterPublicKey) IsRevoked() bool

IsRevoked get revoked bool

func (RegisterPublicKey) ToMap 

func (r RegisterPublicKey) ToMap() map[string]interface{}

ToMap get a map

type RegisteredIdentity 

type RegisteredIdentity interface {
	Did() string
	Name() string
	KeyPair() *crypto.KeyPair
	Issuer() *Issuer
}

RegisteredIdentity interface.

func NewRegisteredIdentity 

func NewRegisteredIdentity(keyPair *crypto.KeyPair, issuer *Issuer) RegisteredIdentity

NewRegisteredIdentity New RegisteredIdentity

type ResolverClient 

type ResolverClient interface {
	// GetDocument fetch a document from the resolver by DID identifier
	GetDocument(ctx context.Context, documentID string) (*RegisterDocument, error)

	// RegisterDocument registers a document in the resolver.
	RegisterDocument(ctx context.Context, doc *RegisterDocument, privateKey *ecdsa.PrivateKey, issuer *Issuer) error
}

ResolverClient resolver client interface

func NewDefaultRestResolverClient 

func NewDefaultRestResolverClient(url *url.URL) ResolverClient

NewDefaultRestResolverClient build a new REST Resolver Client with default HTTP timeout

func NewMeteredRestResolverClient added in v3.2.0 

func NewMeteredRestResolverClient(url *url.URL, client *http.Client, m ResolverClientMetrics) ResolverClient

NewMeteredRestResolverClient builds a ResolverClient with custom http.Client & metrics

func NewRestResolverClient 

func NewRestResolverClient(url *url.URL, timeout time.Duration) ResolverClient

NewRestResolverClient builds a new REST Resolver Client & noop metrics

type ResolverClientMetrics added in v3.2.0 

type ResolverClientMetrics interface {
	// RecordError records errors encountered during resolver calls
	// The underlying implementation should be thread safe in order to avoid erroneous metrics
	// when multiple goroutines are using the same client.
	// If the underlying metric implementation is, for example, a prometheus counter, it should be thread safe by default.
	RecordError(errType ResolverErrType)
	// RecordConnection increments a gauge when a resolver http connection is initiated
	RecordConnection()
	// RecordConnectionReleased decrements a gauge when a resolver http connection is released
	RecordConnectionReleased()
}

ResolverClientMetrics interface

type ResolverErrType 

type ResolverErrType int

ResolverErrType ResolverErrType 

const (
	// ConfError Resolver configuration error type
	ConfError ResolverErrType = iota
	// ConnectionError Resolver connection error type
	ConnectionError
	// ServerError Resolver server error type
	ServerError
	// NotFound Resolver did not found error type
	NotFound
	// ApplicationError Resolver application error type
	ApplicationError
	// TimeoutError Resolver timeout error type
	TimeoutError
)

func (ResolverErrType) String added in v3.2.0 

func (e ResolverErrType) String() string

type ResolverError 

type ResolverError struct {
	// contains filtered or unexported fields
}

ResolverError type, implements the error interface

func (ResolverError) Err 

func (r ResolverError) Err() error

Err returns the err

func (ResolverError) Error 

func (r ResolverError) Error() string

Error returns the representation

func (ResolverError) ErrorType 

func (r ResolverError) ErrorType() ResolverErrType

ErrorType returns the error type

type RestResolverClient 

type RestResolverClient struct {
	// contains filtered or unexported fields
}

RestResolverClient REST Resolver struct

func (*RestResolverClient) GetDocument 

func (c *RestResolverClient) GetDocument(ctx context.Context, documentID string) (*RegisterDocument, error)

GetDocument fetch a document from the resolver by DID identifier

func (*RestResolverClient) RegisterDocument 

func (c *RestResolverClient) RegisterDocument(ctx context.Context, document *RegisterDocument, privateKey *ecdsa.PrivateKey, issuer *Issuer) error

RegisterDocument registers a document in the resolver.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.