go_sd_jwt

package module

v0.0.3 Latest Latest Go to latest Published: Oct 17, 2024 License: MIT Imports: 16 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/SchulzeStTSI/go-sd-jwt

Links

Open Source Insights

README ¶

Go SD-JWT

Package go_sd_jwt provides a library for creating and validating SD-JWTs. The resulting SdJwt object exposes methods for retrieving the claims and disclosures as well as retrieving all disclosed claims in line with the specification.

For more information on SD-JWTs, see the Selective Disclosure JWTs Specification

Also see: sdjwt.org for a playground powered by this module

Requirements

Go 1.21 or higher

Installation

go get github.com/SchulzeStTSI/go-sd-jwt

Functions

Pointer

func Pointer[T comparable](t T) *T

Pointer is a helper method that returns a pointer to the given value.

PointerMap

func PointerMap(m map[string]any) *map[string]any

PointerMap is a helper method that returns a pointer to the given map.

PointerSlice

func PointerSlice(s []any) *[]any

PointerSlice is a helper method that returns a pointer to the given slice.

Types

Disclosure

type Disclosure struct {
    Salt         string
    Key          *string
    Value        any
    EncodedValue string
}

This object represents a single disclosure in a SD-JWT. The EncodedValue property returns the disclosure string as provided in the original sd jwt

func NewFromObject(key string, value any, salt *string) (*Disclosure, error)

NewFromObject creates a Disclosure object for the provided key/value pair and optional salt. If no salt provided, a new salt value of 128 bits is generated

func NewFromArrayElement(element any, salt *string) (*Disclosure, error)

NewFromArrayElement creates a Disclosure object for the provided array element and optional salt. If no salt provided, a new salt value of 128 bits is generated

func NewFromDisclosure(disclosure string) (*Disclosure, error)

NewFromDisclosure creates a Disclosure object from the provided encoded disclosure string

func (d *Disclosure) Hash(hash hash.Hash)

Hash returns the digest bytes of the current disclosure using the provided hash

SdJwt

type SdJwt struct {
    Head        map[string]any
    Body        map[string]any
    Signature   string
    KbJwt       *kbjwt.KbJwt
    Disclosures []disclosure.Disclosure
}

SdJwt this object represents a valid SD-JWT. Created using the New or NewFromComponents functions which performs the required validation.

func New(token string) (*SdJwt, error)

New Creates a new SD-JWT from a JWT format token. The token is validated inline with the SD-JWT specification. If the token is valid, a new SdJwt object is returned.

func NewFromComponents(protected, payload, signature string, disclosures []string, kbJwt *string) (*SdJwt, error)

NewFromComponents Creates a new SD-JWT from the individual components. This function is designed to cater for the many different permutations of JSON format token. If the token is valid, a new SdJwt object is returned.

func (s *SdJwt) GetDisclosedClaims() (map[string]any, error)

GetDisclosedClaims returns the claims that were disclosed in the token or included as plaintext values. This function will error one of the following scenarios is encountered:

The SD-JWT contains a disclosure that does not match an included digest
The SD-JWT contains a malformed _sd claim
The SD-JWT contains an unsupported value for the _sd_alg claim
The SD-JWT has a disclosure that is malformed for the use (e.g. doesn't contain a claim name for a non-array digest)

func (s *SdJwt) AddKeyBindingJwt(signer crypto.Signer, h crypto.Hash, alg, aud, nonce string) error

AddKeyBindingJwt signs and adds a key binding jwt to the sd-jwt object complete with sd_hash claim for the currently specifed disclosures

func (s *SdJwt) Token() (*string, error)

Token returns the current form of the sd-jwt object in string token format

Usage

For an example e2e flow of an SD Jwt see the e2e_test Contains examples of:

creating an SD Jwt as an issuer
receiving the SD Jwt as a holder
re-issuing the SD Jwt as a holder with a subset of disclosures
receiving the SD Jwt as a consumer

Errors

This package defines the following errors:

InvalidToken - The provided token is malformed in some way
InvalidDisclosure - The provided disclosure is malformed or invalid in some way

Documentation ¶

Overview ¶

Package go_sd_jwt provides a library for creating and validating SD-JWTs. The resulting SdJwt object exposes methods for retrieving the claims and disclosures as well as retrieving all disclosed claims in line with the specification.

Index ¶

func GetHash(hashString string) (hash.Hash, error)
type SdJwt
- func New(token string) (*SdJwt, error)
- func NewFromComponents(protected, payload, signature string, disclosures []string, kbJwt *string) (*SdJwt, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetHash ¶

func GetHash(hashString string) (hash.Hash, error)

Types ¶

type SdJwt ¶

type SdJwt struct {
	Head        map[string]any
	Body        map[string]any
	Signature   string
	KbJwt       *kbjwt.KbJwt
	Disclosures []disclosure.Disclosure
}

SdJwt this object represents a valid SD-JWT. Created using the FromToken function which performs the required validation. Helper methods are provided for retrieving the contents

func New ¶

func New(token string) (*SdJwt, error)

New Creates a new SD-JWT from a JWT format token. The token is validated inline with the SD-JWT specification. If the token is valid, a new SdJwt object is returned. If a kb-jwt is included, the contents of this too will be validated.

func NewFromComponents ¶

func NewFromComponents(protected, payload, signature string, disclosures []string, kbJwt *string) (*SdJwt, error)

NewFromComponents Creates a new SD-JWT from the individual components optionally taking in a kbJwt. The token is validated inline with the SD-JWT specification. If the token is valid, a new SdJwt object is returned. If a kb-jwt is included, the contents of this too will be validated. This function is designed to cater for the much more free-form JSON serialization options on offer

func (*SdJwt) AddKeyBindingJwt ¶

func (s *SdJwt) AddKeyBindingJwt(signer crypto.Signer, h crypto.Hash, alg, aud, nonce string) error

AddKeyBindingJwt This method adds a keybinding jwt signed with the provided signer interface and hash If the provided hash does not match the hash algorithm specified in the SD Jwt (or isn't sha256 if no _sd_alg claim present), an error will be thrown The sd_hash value will be set based off of all disclosures present in the current sd jwt object

func (*SdJwt) GetDisclosedClaims ¶

func (s *SdJwt) GetDisclosedClaims() (map[string]any, error)

GetDisclosedClaims returns the claims that were disclosed in the token or included as plaintext values. This function will error one of the following scenarios is encountered: 1. The SD-JWT contains a disclosure that does not match an included digest 2. The SD-JWT contains a malformed _sd claim 3. The SD-JWT contains an unsupported value for the _sd_alg claim 4. The SD-JWT has a disclosure that is malformed for the use (e.g. doesn't contain a claim name for a non-array digest)

func (*SdJwt) Token ¶

func (s *SdJwt) Token() (*string, error)

Token This method returns the SD Jwt in its current state, in a token format, as a string

Source Files ¶

View all Source files

sd-jwt.go

Directories ¶

Path	Synopsis
disclosure
internal
error
model
salt
utils
kbjwt

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL