Documentation
¶
Index ¶
- Constants
- func ConvertEDVQueryToAriesQuery(query Query) (string, error)
- func ConvertEDVQueryToMongoDBQuery(vaultID string, edvQuery Query) bson.D
- func CreateMongoDBIndex(mongoDBProvider *ariesStorageMongodb.Provider, documentDatabaseName string) error
- func CreateTags(vaultID string, document EncryptedDocument) []storage.Tag
- func GenerateAriesDocumentEntryKey(vaultID, documentID string) string
- func GenerateMongoDBIndexModels() []mongodriver.IndexModel
- func NewStorageProvider(parameters StorageParameters, databaseTimeout uint64) (ariesStorage.Provider, error)
- func StoreDocumentsForMongoDB(vaultID string, documents []EncryptedDocument, ...) error
- func VaultIDTagMatches(targetVaultID string, queryResultsIterator storage.Iterator) (bool, error)
- type Batch
- type EncryptedDocument
- type JSONWebEncryption
- type Query
- type Recipient
- type RecipientHeaders
- type SecureStorage
- type StorageParameters
- type VaultOperation
Constants ¶
View Source
const ( LogModuleName = "edv-provider" VaultIDTagName = "vaultID" DocumentIDFieldName = "id" )
View Source
const ( DatabaseTypeMemOption = "mem" DatabaseTypeCouchDBOption = "couchdb" DatabaseTypeMongoDBOption = "mongodb" Sleep = time.Second )
View Source
const ( // UpsertDocumentVaultOperation represents an upsert operation to be performed in a batch. UpsertDocumentVaultOperation = "upsert" // DeleteDocumentVaultOperation represents a delete operation to be performed in a batch. DeleteDocumentVaultOperation = "delete" )
View Source
const EdvIDSize = 16
Variables ¶
This section is empty.
Functions ¶
func CreateMongoDBIndex ¶
func CreateMongoDBIndex(mongoDBProvider *ariesStorageMongodb.Provider, documentDatabaseName string) error
func CreateTags ¶ added in v1.0.5
func CreateTags(vaultID string, document EncryptedDocument) []storage.Tag
tags are the vaultID and every indexed attribute (attribute name and attribute value)
func GenerateAriesDocumentEntryKey ¶ added in v1.0.5
func GenerateMongoDBIndexModels ¶
func GenerateMongoDBIndexModels() []mongodriver.IndexModel
func NewStorageProvider ¶ added in v1.0.6
func NewStorageProvider(parameters StorageParameters, databaseTimeout uint64) (ariesStorage.Provider, error)
func StoreDocumentsForMongoDB ¶
func StoreDocumentsForMongoDB(vaultID string, documents []EncryptedDocument, mongoDBStore *ariesStorageMongodb.Store) error
Types ¶
type Batch ¶
type Batch []VaultOperation
Batch represents a batch of operations to be performed in a vault.
type EncryptedDocument ¶
type EncryptedDocument struct {
ID string `json:"id,omitempty"`
Sequence uint64 `json:"sequence,omitempty"`
IndexedAttributeCollections []models.IndexedAttributeCollection `json:"indexed,omitempty"`
JWE json.RawMessage `json:"jwe,omitempty"`
// VaultID is just used internally for storing to MongoDB.
// It's always removed before returning data to a client.
VaultID string `json:"vaultID,omitempty"`
}
StructuredDocument is an unencrypted JSON (structured) Document. EncryptedDocument represents an Encrypted Document in a Secure Storage.
type JSONWebEncryption ¶
type JSONWebEncryption struct {
B64ProtectedHeaders string `json:"protected,omitempty"`
UnprotectedHeaders map[string]interface{} `json:"unprotected,omitempty"`
Recipients []Recipient `json:"recipients,omitempty"`
B64SingleRecipientEncKey string `json:"encrypted_key,omitempty"`
SingleRecipientHeader *RecipientHeaders `json:"header,omitempty"`
B64AAD string `json:"aad,omitempty"`
B64IV string `json:"iv,omitempty"`
B64Ciphertext string `json:"ciphertext,omitempty"`
B64Tag string `json:"tag,omitempty"`
}
JSONWebEncryption represents a JWE.
type Query ¶
type Query struct {
ReturnFullDocuments bool `json:"returnFullDocuments"`
Index string `json:"index"`
Equals []map[string]string `json:"equals"`
Has string `json:"has"`
}
Query represents an incoming vault query. See https://identity.foundation/edv-spec/#searching-encrypted-documents for more info. An empty attribute value is treated as a wildcard, whereby any attribute value for that attribute name can be matched (similar to a "has" query - but the spec doesn't have a way to do this for more complex queries yet). ReturnFullDocuments is optional and can only be used if the "ReturnFullDocumentsOnQuery" extension is enabled.
type Recipient ¶
type Recipient struct {
Header *RecipientHeaders `json:"header,omitempty"`
EncryptedKey string `json:"encrypted_key,omitempty"`
}
Recipient is a recipient of a JWE including the shared encryption key.
type RecipientHeaders ¶
type RecipientHeaders struct {
Alg string `json:"alg,omitempty"`
APU string `json:"apu,omitempty"`
IV string `json:"iv,omitempty"`
Tag string `json:"tag,omitempty"`
KID string `json:"kid,omitempty"`
EPK json.RawMessage `json:"epk,omitempty"`
SPK json.RawMessage `json:"spk,omitempty"`
}
RecipientHeaders are the recipient headers.
type SecureStorage ¶
type SecureStorage interface {
// CreateNewVault instantiates a new vault with the given dataVaultConfiguration
CreateNewVault(vaultID string, dataVaultConfiguration *models.DataVaultConfiguration) error
VaultExists(vaultID string) (bool, error)
Put(vaultID string, documents ...EncryptedDocument) error
// Get fetches a document from a vault.
Get(vaultID, documentID string) ([]byte, error)
// Delete deletes a document from a vault.
Delete(vaultID, documentID string) error
// The c.retrievalPageSize parameter is passed in from the startup args and could be used with pagination.
Query(vaultID string, query Query) ([]EncryptedDocument, error)
}
SecureStorage represents a secure storage in an Storage Provider.
- It's used for performing operations involving creation/instantiation of vaults (compartments).
- It wraps an Aries storage provider with additional functionality that's needed for EDV operations.
(see github.com/hyperledger/aries-framework-go-ext/tree/main/component/storage/mongodb/store.go)
type StorageParameters ¶ added in v1.0.6
type VaultOperation ¶
type VaultOperation struct {
Operation string `json:"operation"` // Valid values: upsert,delete
DocumentID string `json:"id,omitempty"` // Only used if Operation=delete
EncryptedDocument EncryptedDocument `json:"document,omitempty"` // Only used if Operation=upsert
}
VaultOperation represents an upsert or delete operation to be performed in a vault.
Source Files
Click to show internal directories.
Click to hide internal directories.