Documentation
¶
Overview ¶
Package irma contains generic IRMA strucs and logic of use to all IRMA participants. It parses irma_configuration folders to scheme managers, issuers, credential types and public keys; it contains various messages from the IRMA protocol; it parses IRMA metadata attributes; and it contains attribute and credential verification logic.
Index ¶
- Constants
- Variables
- func ASN1ConvertSignatureNonce(message string, nonce *big.Int, timestamp *atum.Timestamp) *big.Int
- func FloorToEpochBoundary(t time.Time) time.Time
- func GetMetadataVersion(v *ProtocolVersion) byte
- func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf *Configuration) (*atum.Timestamp, error)
- func ParseApiServerJwt(inputJwt string, signingKey *rsa.PublicKey) (map[AttributeTypeIdentifier]*DisclosedAttribute, error)
- func ParsePemEcdsaPublicKey(pkbts []byte) (*ecdsa.PublicKey, error)
- func SignRequestorRequest(request RequestorRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)
- func SignSessionRequest(request SessionRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)
- func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, ...) ([]byte, string, error)
- func UnmarshalValidate(data []byte, dest interface{}) error
- type Action
- type AttributeCon
- type AttributeConDisCon
- type AttributeDisCon
- type AttributeIdentifier
- type AttributeList
- func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) TranslatedString
- func (al *AttributeList) Hash() string
- func (al *AttributeList) Info() *CredentialInfo
- func (al *AttributeList) Map(conf *Configuration) map[AttributeTypeIdentifier]TranslatedString
- func (al *AttributeList) Strings() []TranslatedString
- func (al *AttributeList) UntranslatedAttribute(identifier AttributeTypeIdentifier) *string
- type AttributeProofStatus
- type AttributeRequest
- type AttributeType
- type AttributeTypeIdentifier
- func (id AttributeTypeIdentifier) CredentialTypeIdentifier() CredentialTypeIdentifier
- func (oi AttributeTypeIdentifier) Empty() bool
- func (id AttributeTypeIdentifier) IsCredential() bool
- func (id AttributeTypeIdentifier) MarshalText() ([]byte, error)
- func (oi AttributeTypeIdentifier) Name() string
- func (oi AttributeTypeIdentifier) Parent() string
- func (oi AttributeTypeIdentifier) Root() string
- func (oi AttributeTypeIdentifier) String() string
- func (id *AttributeTypeIdentifier) UnmarshalText(text []byte) error
- type BaseRequest
- type Configuration
- func (conf *Configuration) AutoUpdateSchemes(interval uint)
- func (conf *Configuration) ContainsAttributeType(attr AttributeTypeIdentifier) bool
- func (conf *Configuration) ContainsCredentialType(cred CredentialTypeIdentifier) bool
- func (conf *Configuration) CopyManagerFromAssets(scheme SchemeManagerIdentifier) (bool, error)
- func (conf *Configuration) DeleteSchemeManager(id SchemeManagerIdentifier) error
- func (conf *Configuration) Download(session SessionRequest) (downloaded *IrmaIdentifierSet, err error)
- func (conf *Configuration) DownloadDefaultSchemes() error
- func (conf *Configuration) DownloadSchemeManagerSignature(manager *SchemeManager) (err error)
- func (conf *Configuration) InstallSchemeManager(manager *SchemeManager, publickey []byte) error
- func (conf *Configuration) IsInitialized() bool
- func (conf *Configuration) KeyshareServerKeyFunc(scheme SchemeManagerIdentifier) func(t *jwt.Token) (interface{}, error)
- func (conf *Configuration) KeyshareServerPublicKey(scheme SchemeManagerIdentifier, i int) (*rsa.PublicKey, error)
- func (conf *Configuration) ParseFolder() (err error)
- func (conf *Configuration) ParseOrRestoreFolder() error
- func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeManager) (err error)
- func (conf *Configuration) PrivateKey(id IssuerIdentifier) (*gabi.PrivateKey, error)
- func (conf *Configuration) Prune()
- func (conf *Configuration) PublicKey(id IssuerIdentifier, counter int) (*gabi.PublicKey, error)
- func (conf *Configuration) PublicKeyIndices(issuerid IssuerIdentifier) (i []int, err error)
- func (conf *Configuration) ReadAuthenticatedFile(manager *SchemeManager, path string) ([]byte, bool, error)
- func (conf *Configuration) ReinstallSchemeManager(manager *SchemeManager) (err error)
- func (conf *Configuration) RemoveSchemeManager(id SchemeManagerIdentifier, fromStorage bool) error
- func (conf *Configuration) StopAutoUpdateSchemes()
- func (conf *Configuration) UpdateSchemeManager(id SchemeManagerIdentifier, downloaded *IrmaIdentifierSet) (err error)
- func (conf *Configuration) UpdateSchemes() error
- func (conf *Configuration) ValidateKeys() error
- func (conf *Configuration) VerifySchemeManager(manager *SchemeManager) error
- func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (err error)
- type ConfigurationFileHash
- type CredentialIdentifier
- type CredentialInfo
- type CredentialInfoList
- type CredentialRequest
- type CredentialType
- func (ct CredentialType) AttributeType(ai AttributeTypeIdentifier) *AttributeType
- func (ct *CredentialType) ContainsAttribute(ai AttributeTypeIdentifier) bool
- func (ct *CredentialType) Identifier() CredentialTypeIdentifier
- func (ct CredentialType) IndexOf(ai AttributeTypeIdentifier) (int, error)
- func (ct *CredentialType) IssuerIdentifier() IssuerIdentifier
- func (ct *CredentialType) Logo(conf *Configuration) string
- func (ct *CredentialType) SchemeManagerIdentifier() SchemeManagerIdentifier
- type CredentialTypeIdentifier
- func (oi CredentialTypeIdentifier) Empty() bool
- func (id CredentialTypeIdentifier) IssuerIdentifier() IssuerIdentifier
- func (id CredentialTypeIdentifier) MarshalText() ([]byte, error)
- func (oi CredentialTypeIdentifier) Name() string
- func (oi CredentialTypeIdentifier) Parent() string
- func (oi CredentialTypeIdentifier) Root() string
- func (oi CredentialTypeIdentifier) String() string
- func (id *CredentialTypeIdentifier) UnmarshalText(text []byte) error
- type DisclosedAttribute
- type DisclosedAttributeIndex
- type DisclosedAttributeIndices
- type Disclosure
- func (d *Disclosure) DisclosedAttributes(configuration *Configuration, condiscon AttributeConDisCon) (bool, [][]*DisclosedAttribute, error)
- func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error)
- func (d *Disclosure) VerifyAgainstDisjunctions(configuration *Configuration, required AttributeConDisCon, ...) ([][]*DisclosedAttribute, ProofStatus, error)
- type DisclosureChoice
- type DisclosureRequest
- func (dr *DisclosureRequest) Action() Action
- func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *string, label TranslatedString)
- func (dr *DisclosureRequest) Base() *BaseRequest
- func (dr *DisclosureRequest) Disclosure() *DisclosureRequest
- func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet
- func (dr *DisclosureRequest) Legacy() (SessionRequest, error)
- func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error)
- func (dr *DisclosureRequest) Validate() error
- type ErrorType
- type ExpiredError
- type HTTPTransport
- func (transport *HTTPTransport) Delete()
- func (transport *HTTPTransport) Get(url string, result interface{}) error
- func (transport *HTTPTransport) GetBytes(url string) ([]byte, error)
- func (transport *HTTPTransport) GetFile(url string, dest string) error
- func (transport *HTTPTransport) GetSignedFile(url string, dest string, hash ConfigurationFileHash) error
- func (transport *HTTPTransport) Post(url string, result interface{}, object interface{}) error
- func (transport *HTTPTransport) SetHeader(name, val string)
- type IdentityProviderJwt
- func (claims *IdentityProviderJwt) Action() Action
- func (claims *IdentityProviderJwt) RequestorRequest() RequestorRequest
- func (claims *IdentityProviderJwt) SessionRequest() SessionRequest
- func (claims *IdentityProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
- func (claims *IdentityProviderJwt) Valid() error
- type IdentityProviderRequest
- type IrmaIdentifierSet
- type IssuanceRequest
- func (ir *IssuanceRequest) Action() Action
- func (ir *IssuanceRequest) GetCredentialInfoList(conf *Configuration, version *ProtocolVersion) (CredentialInfoList, error)
- func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet
- func (ir *IssuanceRequest) Legacy() (SessionRequest, error)
- func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error)
- func (ir *IssuanceRequest) Validate() error
- type IssueCommitmentMessage
- type Issuer
- type IssuerIdentifier
- func (oi IssuerIdentifier) Empty() bool
- func (id IssuerIdentifier) MarshalText() ([]byte, error)
- func (oi IssuerIdentifier) Name() string
- func (oi IssuerIdentifier) Parent() string
- func (oi IssuerIdentifier) Root() string
- func (id IssuerIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier
- func (oi IssuerIdentifier) String() string
- func (id *IssuerIdentifier) UnmarshalText(text []byte) error
- type LegacyDisclosureRequest
- func (dr *LegacyDisclosureRequest) Action() Action
- func (dr *LegacyDisclosureRequest) Base() *BaseRequest
- func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest
- func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet
- func (dr *LegacyDisclosureRequest) Legacy() (SessionRequest, error)
- func (dr *LegacyDisclosureRequest) Validate() error
- type LegacyDisjunction
- type LegacyIssuanceRequest
- func (ir *LegacyIssuanceRequest) Action() Action
- func (ir *LegacyIssuanceRequest) Base() *BaseRequest
- func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest
- func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet
- func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error)
- func (ir *LegacyIssuanceRequest) Validate() error
- type LegacyLabeledDisjunction
- type LegacySignatureRequest
- type MetadataAttribute
- func (attr *MetadataAttribute) Bytes() []byte
- func (attr *MetadataAttribute) CredentialType() *CredentialType
- func (attr *MetadataAttribute) CredentialTypeHash() []byte
- func (attr *MetadataAttribute) Expiry() time.Time
- func (attr *MetadataAttribute) IsValid() bool
- func (attr *MetadataAttribute) IsValidOn(t time.Time) bool
- func (attr *MetadataAttribute) KeyCounter() int
- func (attr *MetadataAttribute) PublicKey() (*gabi.PublicKey, error)
- func (attr *MetadataAttribute) SigningDate() time.Time
- func (attr *MetadataAttribute) ValidityDuration() int
- func (attr *MetadataAttribute) Version() byte
- type ProofList
- type ProofStatus
- type ProtocolVersion
- func (v *ProtocolVersion) Above(major, minor int) bool
- func (v *ProtocolVersion) AboveVersion(other *ProtocolVersion) bool
- func (v *ProtocolVersion) Below(major, minor int) bool
- func (v *ProtocolVersion) BelowVersion(other *ProtocolVersion) bool
- func (v *ProtocolVersion) MarshalJSON() ([]byte, error)
- func (v *ProtocolVersion) String() string
- func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error)
- type Qr
- type RemoteError
- type RequestorBaseRequest
- type RequestorJwt
- type RequestorRequest
- type SchemeAppVersion
- type SchemeManager
- type SchemeManagerError
- type SchemeManagerIdentifier
- func (oi SchemeManagerIdentifier) Empty() bool
- func (id SchemeManagerIdentifier) MarshalText() ([]byte, error)
- func (oi SchemeManagerIdentifier) Name() string
- func (oi SchemeManagerIdentifier) Parent() string
- func (oi SchemeManagerIdentifier) Root() string
- func (oi SchemeManagerIdentifier) String() string
- func (id *SchemeManagerIdentifier) UnmarshalText(text []byte) error
- type SchemeManagerIndex
- type SchemeManagerPointer
- type SchemeManagerRequest
- type SchemeManagerStatus
- type ServerJwt
- type ServiceProviderJwt
- func (claims *ServiceProviderJwt) Action() Action
- func (claims *ServiceProviderJwt) RequestorRequest() RequestorRequest
- func (claims *ServiceProviderJwt) SessionRequest() SessionRequest
- func (claims *ServiceProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
- func (claims *ServiceProviderJwt) Valid() error
- type ServiceProviderRequest
- type SessionError
- type SessionRequest
- type SignatureRequest
- func (sr *SignatureRequest) Action() Action
- func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int
- func (sr *SignatureRequest) Legacy() (SessionRequest, error)
- func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error)
- func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error)
- func (sr *SignatureRequest) Validate() error
- type SignatureRequestorJwt
- func (claims *SignatureRequestorJwt) Action() Action
- func (claims *SignatureRequestorJwt) RequestorRequest() RequestorRequest
- func (claims *SignatureRequestorJwt) SessionRequest() SessionRequest
- func (claims *SignatureRequestorJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
- func (claims *SignatureRequestorJwt) Valid() error
- type SignatureRequestorRequest
- type SignedMessage
- func (sm *SignedMessage) Disclosure() *Disclosure
- func (sm *SignedMessage) GetNonce() *big.Int
- func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool
- func (sm *SignedMessage) Verify(configuration *Configuration, request *SignatureRequest) ([][]*DisclosedAttribute, ProofStatus, error)
- func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error
- func (sm *SignedMessage) Version() int
- type Status
- type Timestamp
- type TranslatedString
- type UnknownIdentifierError
- type Validator
Constants ¶
const ( SchemeManagerStatusValid = SchemeManagerStatus("Valid") SchemeManagerStatusUnprocessed = SchemeManagerStatus("Unprocessed") SchemeManagerStatusInvalidIndex = SchemeManagerStatus("InvalidIndex") SchemeManagerStatusInvalidSignature = SchemeManagerStatus("InvalidSignature") SchemeManagerStatusParsingError = SchemeManagerStatus("ParsingError") SchemeManagerStatusContentParsingError = SchemeManagerStatus("ContentParsingError") )
const ( MinVersionHeader = "X-IRMA-MinProtocolVersion" MaxVersionHeader = "X-IRMA-MaxProtocolVersion" )
const ( StatusConnected = Status("connected") StatusCommunicating = Status("communicating") StatusManualStarted = Status("manualStarted") )
Statuses
const ( ActionSchemeManager = Action("schememanager") ActionDisclosing = Action("disclosing") ActionSigning = Action("signing") ActionIssuing = Action("issuing") ActionRedirect = Action("redirect") ActionUnknown = Action("unknown") )
Actions
const ( // Protocol version not supported ErrorProtocolVersionNotSupported = ErrorType("protocolVersionNotSupported") // Error in HTTP communication ErrorTransport = ErrorType("transport") // Invalid client JWT in first IRMA message ErrorInvalidJWT = ErrorType("invalidJwt") // Unkown session type (not disclosing, signing, or issuing) ErrorUnknownAction = ErrorType("unknownAction") // Crypto error during calculation of our response (second IRMA message) ErrorCrypto = ErrorType("crypto") // Server rejected our response (second IRMA message) ErrorRejected = ErrorType("rejected") // (De)serializing of a message failed ErrorSerialization = ErrorType("serialization") ErrorKeyshare = ErrorType("keyshare") // API server error ErrorApi = ErrorType("api") // Server returned unexpected or malformed response ErrorServerResponse = ErrorType("serverResponse") // Credential type not present in our Configuration ErrorUnknownIdentifier = ErrorType("unknownIdentifier") // Error during downloading of credential type, issuer, or public keys ErrorConfigurationDownload = ErrorType("configurationDownload") // IRMA requests refers to unknown scheme manager ErrorUnknownSchemeManager = ErrorType("unknownSchemeManager") // A session is requested involving a scheme manager that has some problem ErrorInvalidSchemeManager = ErrorType("invalidSchemeManager") // Invalid session request ErrorInvalidRequest = ErrorType("invalidRequest") // Recovered panic ErrorPanic = ErrorType("panic") )
Protocol errors
const ( LDContextDisclosureRequest = "https://irma.app/ld/request/disclosure/v2" LDContextSignatureRequest = "https://irma.app/ld/request/signature/v2" LDContextIssuanceRequest = "https://irma.app/ld/request/issuance/v2" )
const ( ProofStatusValid = ProofStatus("VALID") // Proof is valid ProofStatusInvalid = ProofStatus("INVALID") // Proof is invalid ProofStatusInvalidTimestamp = ProofStatus("INVALID_TIMESTAMP") // Attribute-based signature had invalid timestamp ProofStatusUnmatchedRequest = ProofStatus("UNMATCHED_REQUEST") // Proof does not correspond to a specified request ProofStatusMissingAttributes = ProofStatus("MISSING_ATTRIBUTES") // Proof does not contain all requested attributes ProofStatusExpired = ProofStatus("EXPIRED") // Attributes were expired at proof creation time (now, or according to timestamp in case of abs) AttributeProofStatusPresent = AttributeProofStatus("PRESENT") // Attribute is disclosed and matches the value AttributeProofStatusExtra = AttributeProofStatus("EXTRA") // Attribute is disclosed, but wasn't requested in request AttributeProofStatusNull = AttributeProofStatus("NULL") // Attribute is disclosed but is null )
const (
// ExpiryFactor is the precision for the expiry attribute. Value is one week.
ExpiryFactor = 60 * 60 * 24 * 7
)
const LDContextSignedMessage = "https://irma.app/ld/signature/v2"
const Version = "0.4.1"
Version of the IRMA command line and libraries
Variables ¶
var DefaultSchemeManagers = [2]SchemeManagerPointer{ { Url: "https://privacybydesign.foundation/schememanager/irma-demo", Publickey: []byte(`-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHVnmAY+kGkFZn7XXozdI4HY8GOjm 54ngh4chTfn6WsTCf2w5rprfIqML61z2VTE4k8yJ0Z1QbyW6cdaao8obTQ== -----END PUBLIC KEY-----`), }, { Url: "https://privacybydesign.foundation/schememanager/pbdf", Publickey: []byte(`-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELzHV5ipBimWpuZIDaQQd+KmNpNop dpBeCqpDwf+Grrw9ReODb6nwlsPJ/c/gqLnc+Y3sKOAJ2bFGI+jHBSsglg== -----END PUBLIC KEY-----`), }, }
var ErrorMissingPublicKey = errors.New("Missing public key")
var ForceHttps bool = false
disabled until we offer a convenient way to toggle this in irma_mobile
var Logger *logrus.Logger
Logger is used for logging. If not set, init() will initialize it to logrus.StandardLogger().
Functions ¶
func ASN1ConvertSignatureNonce ¶
ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature:
nonce = SHA256(serverNonce, SHA256(message), timestampSignature)
where serverNonce is the nonce sent by the signature requestor.
func FloorToEpochBoundary ¶
FloorToEpochBoundary returns the greatest time not greater than the argument that falls on the boundary of an epoch for attribute validity or expiry, of which the value is defined by ExpiryFactor (one week).
func GetMetadataVersion ¶
func GetMetadataVersion(v *ProtocolVersion) byte
GetMetadataVersion maps a chosen protocol version to a metadata version that the server will use.
func GetTimestamp ¶
func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf *Configuration) (*atum.Timestamp, error)
GetTimestamp GETs a signed timestamp (a signature over the current time and the parameters) over the message to be signed, the randomized signatures over the attributes, and the disclosed attributes, for in attribute-based signature sessions.
func ParseApiServerJwt ¶
func ParseApiServerJwt(inputJwt string, signingKey *rsa.PublicKey) (map[AttributeTypeIdentifier]*DisclosedAttribute, error)
ParseApiServerJwt verifies and parses a JWT as returned by an irma_api_server after a disclosure request into a key-value pair.
func SignRequestorRequest ¶
func SignRequestorRequest(request RequestorRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)
func SignSessionRequest ¶
func SignSessionRequest(request SessionRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)
func TimestampRequest ¶
func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, conf *Configuration) ( []byte, string, error)
TimestampRequest computes the nonce to be signed by a timestamp server, given a message to be signed in an attribute-based signature session along with the randomized signatures over the attributes and the disclosed attributes. The url of the timestamp server that should be used to validate the request is returned as the second return value.
func UnmarshalValidate ¶
UnmarshalValidate json.Unmarshal's data, and validates it using the Validate() method if dest implements the Validator interface.
Types ¶
type Action ¶
type Action string
Action encodes the session type of an IRMA session (e.g., disclosing).
type AttributeCon ¶ added in v0.3.0
type AttributeCon []AttributeRequest
An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.
func (AttributeCon) CredentialTypes ¶ added in v0.3.0
func (c AttributeCon) CredentialTypes() []CredentialTypeIdentifier
CredentialTypes returns an array of all credential types occuring in this conjunction.
func (AttributeCon) Satisfy ¶ added in v0.3.0
func (c AttributeCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, conf *Configuration) (bool, []*DisclosedAttribute, error)
Satisfy returns if each of the attributes specified by proofs and indices satisfies each of the contained AttributeRequests's. If so it also returns a list of the disclosed attribute values.
func (AttributeCon) Validate ¶ added in v0.3.0
func (c AttributeCon) Validate() error
type AttributeConDisCon ¶ added in v0.3.0
type AttributeConDisCon []AttributeDisCon
AttributeConDisCon is only satisfied if all of the containing AttributeDisCon are satisfied.
func (AttributeConDisCon) Iterate ¶ added in v0.3.0
func (cdc AttributeConDisCon) Iterate(f func(attr *AttributeRequest) error) error
func (AttributeConDisCon) Satisfy ¶ added in v0.3.0
func (cdc AttributeConDisCon) Satisfy(disclosure *Disclosure, conf *Configuration) (bool, [][]*DisclosedAttribute, error)
Satisfy returns true if each of the contained AttributeDisCon is satisfied by the specified disclosure. If so it also returns the disclosed attributes.
func (AttributeConDisCon) Validate ¶ added in v0.3.0
func (cdc AttributeConDisCon) Validate(conf *Configuration) error
type AttributeDisCon ¶ added in v0.3.0
type AttributeDisCon []AttributeCon
An AttributeDisCon is satisfied if at least one of its containing AttributeCon is satisfied.
func (AttributeDisCon) Satisfy ¶ added in v0.3.0
func (dc AttributeDisCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, conf *Configuration) (bool, []*DisclosedAttribute, error)
Satisfy returns true if the attributes specified by proofs and indices satisfies any one of the contained AttributeCon's. If so it also returns a list of the disclosed attribute values.
func (AttributeDisCon) Validate ¶ added in v0.3.0
func (dc AttributeDisCon) Validate() error
type AttributeIdentifier ¶
type AttributeIdentifier struct { Type AttributeTypeIdentifier CredentialHash string }
AttributeIdentifier identifies an attribute instance.
func (*AttributeIdentifier) CredentialIdentifier ¶
func (ai *AttributeIdentifier) CredentialIdentifier() CredentialIdentifier
CredentialIdentifier returns the credential identifier of this attribute.
type AttributeList ¶
type AttributeList struct { *MetadataAttribute `json:"-"` Ints []*big.Int // contains filtered or unexported fields }
AttributeList contains attributes, excluding the secret key, providing convenient access to the metadata attribute.
func NewAttributeListFromInts ¶
func NewAttributeListFromInts(ints []*big.Int, conf *Configuration) *AttributeList
NewAttributeListFromInts initializes a new AttributeList from a list of bigints.
func (*AttributeList) Attribute ¶
func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) TranslatedString
Attribute returns the content of the specified attribute, or nil if not present in this attribute list.
func (*AttributeList) Hash ¶
func (al *AttributeList) Hash() string
func (*AttributeList) Info ¶
func (al *AttributeList) Info() *CredentialInfo
func (*AttributeList) Map ¶
func (al *AttributeList) Map(conf *Configuration) map[AttributeTypeIdentifier]TranslatedString
func (*AttributeList) Strings ¶
func (al *AttributeList) Strings() []TranslatedString
Strings converts the current instance to human-readable strings.
func (*AttributeList) UntranslatedAttribute ¶
func (al *AttributeList) UntranslatedAttribute(identifier AttributeTypeIdentifier) *string
UntranslatedAttribute decodes the bigint corresponding to the specified attribute.
type AttributeProofStatus ¶
type AttributeProofStatus string
Status is the proof status of a single attribute
type AttributeRequest ¶ added in v0.3.0
type AttributeRequest struct { Type AttributeTypeIdentifier `json:"type"` Value *string `json:"value,omitempty"` NotNull bool `json:"notNull,omitempty"` }
An AttributeRequest asks for an instance of an attribute type, possibly requiring it to have a specified value, in a session request.
func NewAttributeRequest ¶ added in v0.3.0
func NewAttributeRequest(attr string) AttributeRequest
NewAttributeRequest requests the specified attribute.
func (*AttributeRequest) MarshalJSON ¶ added in v0.3.0
func (ar *AttributeRequest) MarshalJSON() ([]byte, error)
func (*AttributeRequest) Satisfy ¶ added in v0.3.0
func (ar *AttributeRequest) Satisfy(attr AttributeTypeIdentifier, val *string) bool
Satisfy indicates whether the given attribute type and value satisfies this AttributeRequest.
func (*AttributeRequest) UnmarshalJSON ¶ added in v0.3.0
func (ar *AttributeRequest) UnmarshalJSON(bts []byte) error
type AttributeType ¶
type AttributeType struct { ID string `xml:"id,attr"` Optional string `xml:"optional,attr" json:",omitempty"` Name TranslatedString Description TranslatedString Index int `xml:"-"` DisplayIndex *int `xml:"displayIndex,attr" json:",omitempty"` // Taken from containing CredentialType CredentialTypeID string `xml:"-"` IssuerID string `xml:"-"` SchemeManagerID string `xml:"-"` }
AttributeType is a description of an attribute within a credential type.
func (AttributeType) GetAttributeTypeIdentifier ¶
func (ad AttributeType) GetAttributeTypeIdentifier() AttributeTypeIdentifier
func (AttributeType) IsOptional ¶
func (ad AttributeType) IsOptional() bool
type AttributeTypeIdentifier ¶
type AttributeTypeIdentifier struct {
// contains filtered or unexported fields
}
AttributeTypeIdentifier identifies an attribute. For example "irma-demo.RU.studentCard.studentID".
func NewAttributeTypeIdentifier ¶
func NewAttributeTypeIdentifier(id string) AttributeTypeIdentifier
NewAttributeTypeIdentifier converts the specified identifier to a AttributeTypeIdentifier.
func (AttributeTypeIdentifier) CredentialTypeIdentifier ¶
func (id AttributeTypeIdentifier) CredentialTypeIdentifier() CredentialTypeIdentifier
CredentialTypeIdentifier returns the CredentialTypeIdentifier of the attribute identifier.
func (AttributeTypeIdentifier) IsCredential ¶
func (id AttributeTypeIdentifier) IsCredential() bool
IsCredential returns true if this attribute refers to its containing credential (i.e., it consists of only 3 parts).
func (AttributeTypeIdentifier) MarshalText ¶
func (id AttributeTypeIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (AttributeTypeIdentifier) Name ¶
func (oi AttributeTypeIdentifier) Name() string
Name returns the last part of this identifier.
func (AttributeTypeIdentifier) Parent ¶
func (oi AttributeTypeIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (AttributeTypeIdentifier) String ¶
func (oi AttributeTypeIdentifier) String() string
String returns this identifier as a string.
func (*AttributeTypeIdentifier) UnmarshalText ¶
func (id *AttributeTypeIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type BaseRequest ¶
type BaseRequest struct { LDContext string `json:"@context,omitempty"` // Chosen by the IRMA server during the session Context *big.Int `json:"context,omitempty"` Nonce *big.Int `json:"nonce,omitempty"` ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"` Type Action `json:"type,omitempty"` // Session type, only used in legacy code // contains filtered or unexported fields }
BaseRequest contains the context and nonce for an IRMA session.
func (*BaseRequest) GetContext ¶ added in v0.3.0
func (b *BaseRequest) GetContext() *big.Int
func (*BaseRequest) GetNonce ¶ added in v0.3.0
func (b *BaseRequest) GetNonce(*atum.Timestamp) *big.Int
func (*BaseRequest) Legacy ¶ added in v0.3.0
func (b *BaseRequest) Legacy() bool
type Configuration ¶
type Configuration struct { SchemeManagers map[SchemeManagerIdentifier]*SchemeManager Issuers map[IssuerIdentifier]*Issuer CredentialTypes map[CredentialTypeIdentifier]*CredentialType AttributeTypes map[AttributeTypeIdentifier]*AttributeType // Path to the irma_configuration folder that this instance represents Path string // DisabledSchemeManagers keeps track of scheme managers that did not parse succesfully // (i.e., invalid signature, parsing error), and the problem that occurred when parsing them DisabledSchemeManagers map[SchemeManagerIdentifier]*SchemeManagerError Warnings []string // contains filtered or unexported fields }
Configuration keeps track of scheme managers, issuers, credential types and public keys, dezerializing them from an irma_configuration folder, and downloads and saves new ones on demand.
func NewConfiguration ¶
func NewConfiguration(path string) (*Configuration, error)
NewConfiguration returns a new configuration. After this ParseFolder() should be called to parse the specified path.
func NewConfigurationFromAssets ¶
func NewConfigurationFromAssets(path, assets string) (*Configuration, error)
NewConfigurationFromAssets returns a new configuration, copying the schemes out of the assets folder to path. ParseFolder() should be called to parse the specified path.
func NewConfigurationReadOnly ¶
func NewConfigurationReadOnly(path string) (*Configuration, error)
NewConfigurationReadOnly returns a new configuration whose representation on disk is never altered. ParseFolder() should be called to parse the specified path.
func (*Configuration) AutoUpdateSchemes ¶
func (conf *Configuration) AutoUpdateSchemes(interval uint)
func (*Configuration) ContainsAttributeType ¶ added in v0.3.0
func (conf *Configuration) ContainsAttributeType(attr AttributeTypeIdentifier) bool
func (*Configuration) ContainsCredentialType ¶ added in v0.3.0
func (conf *Configuration) ContainsCredentialType(cred CredentialTypeIdentifier) bool
ContainsCredentialType checks if the configuration contains the specified credential type.
func (*Configuration) CopyManagerFromAssets ¶
func (conf *Configuration) CopyManagerFromAssets(scheme SchemeManagerIdentifier) (bool, error)
func (*Configuration) DeleteSchemeManager ¶
func (conf *Configuration) DeleteSchemeManager(id SchemeManagerIdentifier) error
func (*Configuration) Download ¶
func (conf *Configuration) Download(session SessionRequest) (downloaded *IrmaIdentifierSet, err error)
Download downloads the issuers, credential types and public keys specified in set if the current Configuration does not already have them, and checks their authenticity using the scheme manager index.
func (*Configuration) DownloadDefaultSchemes ¶
func (conf *Configuration) DownloadDefaultSchemes() error
func (*Configuration) DownloadSchemeManagerSignature ¶
func (conf *Configuration) DownloadSchemeManagerSignature(manager *SchemeManager) (err error)
DownloadSchemeManagerSignature downloads, stores and verifies the latest version of the index file and signature of the specified manager.
func (*Configuration) InstallSchemeManager ¶
func (conf *Configuration) InstallSchemeManager(manager *SchemeManager, publickey []byte) error
InstallSchemeManager downloads and adds the specified scheme manager to this Configuration, provided its signature is valid.
func (*Configuration) IsInitialized ¶
func (conf *Configuration) IsInitialized() bool
IsInitialized indicates whether this instance has successfully been initialized.
func (*Configuration) KeyshareServerKeyFunc ¶
func (conf *Configuration) KeyshareServerKeyFunc(scheme SchemeManagerIdentifier) func(t *jwt.Token) (interface{}, error)
KeyshareServerKeyFunc returns a function that returns the public key with which to verify a keyshare server JWT, suitable for passing to jwt.Parse() and jwt.ParseWithClaims().
func (*Configuration) KeyshareServerPublicKey ¶
func (conf *Configuration) KeyshareServerPublicKey(scheme SchemeManagerIdentifier, i int) (*rsa.PublicKey, error)
KeyshareServerPublicKey returns the i'th public key of the specified scheme.
func (*Configuration) ParseFolder ¶
func (conf *Configuration) ParseFolder() (err error)
ParseFolder populates the current Configuration by parsing the storage path, listing the containing scheme managers, issuers and credential types.
func (*Configuration) ParseOrRestoreFolder ¶
func (conf *Configuration) ParseOrRestoreFolder() error
ParseOrRestoreFolder parses the irma_configuration folder, and when possible attempts to restore any broken scheme managers from their remote. Any error encountered during parsing is considered recoverable only if it is of type *SchemeManagerError; In this case the scheme in which it occured is downloaded from its remote and re-parsed. If any other error is encountered at any time, it is returned immediately. If no error is returned, parsing and possibly restoring has been succesfull, and there should be no disabled scheme managers.
func (*Configuration) ParseSchemeManagerFolder ¶
func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeManager) (err error)
ParseSchemeManagerFolder parses the entire tree of the specified scheme manager If err != nil then a problem occured
func (*Configuration) PrivateKey ¶
func (conf *Configuration) PrivateKey(id IssuerIdentifier) (*gabi.PrivateKey, error)
PrivateKey returns the specified private key, or nil if not present in the Configuration.
func (*Configuration) Prune ¶
func (conf *Configuration) Prune()
Prune removes any invalid scheme managers and everything they own from this Configuration
func (*Configuration) PublicKey ¶
func (conf *Configuration) PublicKey(id IssuerIdentifier, counter int) (*gabi.PublicKey, error)
PublicKey returns the specified public key, or nil if not present in the Configuration.
func (*Configuration) PublicKeyIndices ¶
func (conf *Configuration) PublicKeyIndices(issuerid IssuerIdentifier) (i []int, err error)
func (*Configuration) ReadAuthenticatedFile ¶
func (conf *Configuration) ReadAuthenticatedFile(manager *SchemeManager, path string) ([]byte, bool, error)
ReadAuthenticatedFile reads the file at the specified path and verifies its authenticity by checking that the file hash is present in the (signed) scheme manager index file.
func (*Configuration) ReinstallSchemeManager ¶
func (conf *Configuration) ReinstallSchemeManager(manager *SchemeManager) (err error)
func (*Configuration) RemoveSchemeManager ¶
func (conf *Configuration) RemoveSchemeManager(id SchemeManagerIdentifier, fromStorage bool) error
RemoveSchemeManager removes the specified scheme manager and all associated issuers, public keys and credential types from this Configuration.
func (*Configuration) StopAutoUpdateSchemes ¶
func (conf *Configuration) StopAutoUpdateSchemes()
func (*Configuration) UpdateSchemeManager ¶
func (conf *Configuration) UpdateSchemeManager(id SchemeManagerIdentifier, downloaded *IrmaIdentifierSet) (err error)
UpdateSchemeManager syncs the stored version within the irma_configuration directory with the remote version at the scheme manager's URL, downloading and storing new and modified files, according to the index files of both versions. It stores the identifiers of new or updated credential types or issuers in the second parameter. Note: any newly downloaded files are not yet parsed and inserted into conf.
func (*Configuration) UpdateSchemes ¶ added in v0.3.0
func (conf *Configuration) UpdateSchemes() error
func (*Configuration) ValidateKeys ¶ added in v0.3.0
func (conf *Configuration) ValidateKeys() error
func (*Configuration) VerifySchemeManager ¶
func (conf *Configuration) VerifySchemeManager(manager *SchemeManager) error
func (*Configuration) VerifySignature ¶
func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (err error)
VerifySignature verifies the signature on the scheme manager index file (which contains the SHA256 hashes of all files under this scheme manager, which are used for verifying file authenticity).
type ConfigurationFileHash ¶
type ConfigurationFileHash []byte
ConfigurationFileHash encodes the SHA256 hash of an authenticated file under a scheme manager within the configuration folder.
func (ConfigurationFileHash) Equal ¶
func (hash ConfigurationFileHash) Equal(other ConfigurationFileHash) bool
func (ConfigurationFileHash) String ¶
func (hash ConfigurationFileHash) String() string
type CredentialIdentifier ¶
type CredentialIdentifier struct { Type CredentialTypeIdentifier Hash string }
CredentialIdentifier identifies a credential instance.
type CredentialInfo ¶
type CredentialInfo struct { ID string // e.g., "studentCard" IssuerID string // e.g., "RU" SchemeManagerID string // e.g., "irma-demo" SignedOn Timestamp // Unix timestamp Expires Timestamp // Unix timestamp Attributes map[AttributeTypeIdentifier]TranslatedString // Human-readable rendered attributes Hash string // SHA256 hash over the attributes }
CredentialInfo contains all information of an IRMA credential.
func NewCredentialInfo ¶
func NewCredentialInfo(ints []*big.Int, conf *Configuration) *CredentialInfo
func (CredentialInfo) GetCredentialType ¶
func (ci CredentialInfo) GetCredentialType(conf *Configuration) *CredentialType
func (CredentialInfo) IsExpired ¶
func (ci CredentialInfo) IsExpired() bool
Returns true if credential is expired at moment of calling this function
type CredentialInfoList ¶
type CredentialInfoList []*CredentialInfo
A CredentialInfoList is a list of credentials (implements sort.Interface).
func (CredentialInfoList) Len ¶
func (cl CredentialInfoList) Len() int
Len implements sort.Interface.
func (CredentialInfoList) Less ¶
func (cl CredentialInfoList) Less(i, j int) bool
Less implements sort.Interface.
func (CredentialInfoList) Swap ¶
func (cl CredentialInfoList) Swap(i, j int)
Swap implements sort.Interface.
type CredentialRequest ¶
type CredentialRequest struct { Validity *Timestamp `json:"validity,omitempty"` KeyCounter int `json:"keyCounter,omitempty"` CredentialTypeID CredentialTypeIdentifier `json:"credential"` Attributes map[string]string `json:"attributes"` }
A CredentialRequest contains the attributes and metadata of a credential that will be issued in an IssuanceRequest.
func (*CredentialRequest) AttributeList ¶
func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion byte) (*AttributeList, error)
AttributeList returns the list of attributes from this credential request.
func (*CredentialRequest) Info ¶
func (cr *CredentialRequest) Info(conf *Configuration, metadataVersion byte) (*CredentialInfo, error)
func (*CredentialRequest) Validate ¶
func (cr *CredentialRequest) Validate(conf *Configuration) error
Validate checks that this credential request is consistent with the specified Configuration: the credential type is known, all required attributes are present and no unknown attributes are given.
type CredentialType ¶
type CredentialType struct { ID string `xml:"CredentialID"` Name TranslatedString `xml:"Name"` ShortName TranslatedString `xml:"ShortName"` IssuerID string `xml:"IssuerID"` SchemeManagerID string `xml:"SchemeManager"` IsSingleton bool `xml:"ShouldBeSingleton"` Description TranslatedString AttributeTypes []*AttributeType `xml:"Attributes>Attribute" json:"-"` XMLVersion int `xml:"version,attr"` XMLName xml.Name `xml:"IssueSpecification"` IssueURL TranslatedString `xml:"IssueURL"` Valid bool `xml:"-"` }
CredentialType is a description of a credential type, specifying (a.o.) its name, issuer, and attributes.
func (CredentialType) AttributeType ¶
func (ct CredentialType) AttributeType(ai AttributeTypeIdentifier) *AttributeType
func (*CredentialType) ContainsAttribute ¶
func (ct *CredentialType) ContainsAttribute(ai AttributeTypeIdentifier) bool
ContainsAttribute tests whether the specified attribute is contained in this credentialtype.
func (*CredentialType) Identifier ¶
func (ct *CredentialType) Identifier() CredentialTypeIdentifier
Identifier returns the identifier of the specified credential type.
func (CredentialType) IndexOf ¶
func (ct CredentialType) IndexOf(ai AttributeTypeIdentifier) (int, error)
IndexOf returns the index of the specified attribute if present, or an error (and -1) if not present.
func (*CredentialType) IssuerIdentifier ¶
func (ct *CredentialType) IssuerIdentifier() IssuerIdentifier
IssuerIdentifier returns the issuer identifier of the specified credential type.
func (*CredentialType) Logo ¶
func (ct *CredentialType) Logo(conf *Configuration) string
func (*CredentialType) SchemeManagerIdentifier ¶
func (ct *CredentialType) SchemeManagerIdentifier() SchemeManagerIdentifier
type CredentialTypeIdentifier ¶
type CredentialTypeIdentifier struct {
// contains filtered or unexported fields
}
CredentialTypeIdentifier identifies a credentialtype. For example "irma-demo.RU.studentCard".
func NewCredentialTypeIdentifier ¶
func NewCredentialTypeIdentifier(id string) CredentialTypeIdentifier
NewCredentialTypeIdentifier converts the specified identifier to a CredentialTypeIdentifier.
func (CredentialTypeIdentifier) IssuerIdentifier ¶
func (id CredentialTypeIdentifier) IssuerIdentifier() IssuerIdentifier
IssuerIdentifier returns the IssuerIdentifier of the credential identifier.
func (CredentialTypeIdentifier) MarshalText ¶
func (id CredentialTypeIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (CredentialTypeIdentifier) Name ¶
func (oi CredentialTypeIdentifier) Name() string
Name returns the last part of this identifier.
func (CredentialTypeIdentifier) Parent ¶
func (oi CredentialTypeIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (CredentialTypeIdentifier) String ¶
func (oi CredentialTypeIdentifier) String() string
String returns this identifier as a string.
func (*CredentialTypeIdentifier) UnmarshalText ¶
func (id *CredentialTypeIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type DisclosedAttribute ¶
type DisclosedAttribute struct { RawValue *string `json:"rawvalue"` Value TranslatedString `json:"value"` // Value of the disclosed attribute Identifier AttributeTypeIdentifier `json:"id"` Status AttributeProofStatus `json:"status"` IssuanceTime Timestamp `json:"issuancetime"` }
DisclosedAttribute represents a disclosed attribute.
type DisclosedAttributeIndex ¶
type DisclosedAttributeIndex struct { CredentialIndex int `json:"cred"` AttributeIndex int `json:"attr"` Identifier CredentialIdentifier `json:"-"` // credential from which this attribute was disclosed }
DisclosedAttributeIndex points to a specific attribute in a gabi.ProofList.
type DisclosedAttributeIndices ¶
type DisclosedAttributeIndices [][]*DisclosedAttributeIndex
DisclosedAttributeIndices contains, for each conjunction of an attribute disclosure request, a list of attribute indices, pointing to where the disclosed attributes for that conjunction can be found within a gabi.ProofList.
type Disclosure ¶
type Disclosure struct { Proofs gabi.ProofList `json:"proofs"` Indices DisclosedAttributeIndices `json:"indices"` }
func (*Disclosure) DisclosedAttributes ¶
func (d *Disclosure) DisclosedAttributes(configuration *Configuration, condiscon AttributeConDisCon) (bool, [][]*DisclosedAttribute, error)
DisclosedAttributes returns a slice containing for each item in the conjunction the disclosed attributes that are present in the proof list. If a non-empty and non-nil AttributeDisjunctionList is included, then the first attributes in the returned slice match with the disjunction list in the disjunction list. The first return parameter of this function indicates whether or not all disjunctions (if present) are satisfied.
func (*Disclosure) Verify ¶
func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error)
func (*Disclosure) VerifyAgainstDisjunctions ¶
func (d *Disclosure) VerifyAgainstDisjunctions( configuration *Configuration, required AttributeConDisCon, context, nonce *big.Int, publickeys []*gabi.PublicKey, issig bool, ) ([][]*DisclosedAttribute, ProofStatus, error)
type DisclosureChoice ¶
type DisclosureChoice struct {
Attributes [][]*AttributeIdentifier
}
A DisclosureChoice contains the attributes chosen to be disclosed.
type DisclosureRequest ¶
type DisclosureRequest struct { BaseRequest Disclose AttributeConDisCon `json:"disclose,omitempty"` Labels map[int]TranslatedString `json:"labels,omitempty"` }
A DisclosureRequest is a request to disclose certain attributes. Construct new instances using NewDisclosureRequest().
func NewDisclosureRequest ¶ added in v0.3.0
func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest
func (*DisclosureRequest) Action ¶
func (dr *DisclosureRequest) Action() Action
func (*DisclosureRequest) AddSingle ¶ added in v0.3.0
func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *string, label TranslatedString)
func (*DisclosureRequest) Base ¶ added in v0.3.0
func (dr *DisclosureRequest) Base() *BaseRequest
func (*DisclosureRequest) Disclosure ¶ added in v0.3.0
func (dr *DisclosureRequest) Disclosure() *DisclosureRequest
func (*DisclosureRequest) Identifiers ¶
func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet
func (*DisclosureRequest) Legacy ¶ added in v0.3.0
func (dr *DisclosureRequest) Legacy() (SessionRequest, error)
func (*DisclosureRequest) UnmarshalJSON ¶ added in v0.3.0
func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error)
func (*DisclosureRequest) Validate ¶
func (dr *DisclosureRequest) Validate() error
type ExpiredError ¶
type ExpiredError struct {
Err error // underlying error
}
ExpiredError indicates that something (e.g. a JWT) has expired.
func (ExpiredError) Error ¶
func (e ExpiredError) Error() string
type HTTPTransport ¶
type HTTPTransport struct { Server string // contains filtered or unexported fields }
HTTPTransport sends and receives JSON messages to a HTTP server.
func NewHTTPTransport ¶
func NewHTTPTransport(serverURL string) *HTTPTransport
NewHTTPTransport returns a new HTTPTransport.
func (*HTTPTransport) Get ¶
func (transport *HTTPTransport) Get(url string, result interface{}) error
Get performs a GET request and parses the server's response into result.
func (*HTTPTransport) GetBytes ¶
func (transport *HTTPTransport) GetBytes(url string) ([]byte, error)
func (*HTTPTransport) GetFile ¶
func (transport *HTTPTransport) GetFile(url string, dest string) error
func (*HTTPTransport) GetSignedFile ¶
func (transport *HTTPTransport) GetSignedFile(url string, dest string, hash ConfigurationFileHash) error
func (*HTTPTransport) Post ¶
func (transport *HTTPTransport) Post(url string, result interface{}, object interface{}) error
Post sends the object to the server and parses its response into result.
func (*HTTPTransport) SetHeader ¶
func (transport *HTTPTransport) SetHeader(name, val string)
SetHeader sets a header to be sent in requests.
type IdentityProviderJwt ¶
type IdentityProviderJwt struct { ServerJwt Request *IdentityProviderRequest `json:"iprequest"` }
IdentityProviderJwt is a requestor JWT for issuance session.
func NewIdentityProviderJwt ¶
func NewIdentityProviderJwt(servername string, ir *IssuanceRequest) *IdentityProviderJwt
NewIdentityProviderJwt returns a new IdentityProviderJwt.
func (*IdentityProviderJwt) Action ¶
func (claims *IdentityProviderJwt) Action() Action
func (*IdentityProviderJwt) RequestorRequest ¶
func (claims *IdentityProviderJwt) RequestorRequest() RequestorRequest
func (*IdentityProviderJwt) SessionRequest ¶
func (claims *IdentityProviderJwt) SessionRequest() SessionRequest
SessionRequest returns an IRMA session object.
func (*IdentityProviderJwt) Sign ¶
func (claims *IdentityProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
func (*IdentityProviderJwt) Valid ¶
func (claims *IdentityProviderJwt) Valid() error
type IdentityProviderRequest ¶
type IdentityProviderRequest struct { RequestorBaseRequest Request *IssuanceRequest `json:"request"` }
An IdentityProviderRequest contains an issuance request.
func (*IdentityProviderRequest) Base ¶
func (r *IdentityProviderRequest) Base() RequestorBaseRequest
func (*IdentityProviderRequest) SessionRequest ¶
func (r *IdentityProviderRequest) SessionRequest() SessionRequest
func (*IdentityProviderRequest) Validate ¶
func (r *IdentityProviderRequest) Validate() error
type IrmaIdentifierSet ¶
type IrmaIdentifierSet struct { SchemeManagers map[SchemeManagerIdentifier]struct{} Issuers map[IssuerIdentifier]struct{} CredentialTypes map[CredentialTypeIdentifier]struct{} PublicKeys map[IssuerIdentifier][]int }
IrmaIdentifierSet contains a set (ensured by using map[...]struct{}) of all scheme managers, all issuers, all credential types and all public keys that are involved in an IRMA session.
func (*IrmaIdentifierSet) Distributed ¶
func (set *IrmaIdentifierSet) Distributed(conf *Configuration) bool
func (*IrmaIdentifierSet) Empty ¶
func (set *IrmaIdentifierSet) Empty() bool
func (*IrmaIdentifierSet) String ¶ added in v0.3.0
func (set *IrmaIdentifierSet) String() string
type IssuanceRequest ¶
type IssuanceRequest struct { DisclosureRequest Credentials []*CredentialRequest `json:"credentials"` // Derived data CredentialInfoList CredentialInfoList `json:",omitempty"` RemovalCredentialInfoList CredentialInfoList `json:",omitempty"` }
An IssuanceRequest is a request to issue certain credentials, optionally also asking for certain attributes to be simultaneously disclosed. Construct new instances using NewIssuanceRequest().
func NewIssuanceRequest ¶ added in v0.3.0
func NewIssuanceRequest(creds []*CredentialRequest, attrs ...AttributeTypeIdentifier) *IssuanceRequest
func (*IssuanceRequest) Action ¶
func (ir *IssuanceRequest) Action() Action
func (*IssuanceRequest) GetCredentialInfoList ¶
func (ir *IssuanceRequest) GetCredentialInfoList(conf *Configuration, version *ProtocolVersion) (CredentialInfoList, error)
func (*IssuanceRequest) Identifiers ¶
func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet
func (*IssuanceRequest) Legacy ¶ added in v0.3.0
func (ir *IssuanceRequest) Legacy() (SessionRequest, error)
func (*IssuanceRequest) UnmarshalJSON ¶ added in v0.3.0
func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error)
func (*IssuanceRequest) Validate ¶
func (ir *IssuanceRequest) Validate() error
type IssueCommitmentMessage ¶
type IssueCommitmentMessage struct { *gabi.IssueCommitmentMessage Indices DisclosedAttributeIndices `json:"indices"` }
func (*IssueCommitmentMessage) Disclosure ¶
func (i *IssueCommitmentMessage) Disclosure() *Disclosure
type Issuer ¶
type Issuer struct { ID string `xml:"ID"` Name TranslatedString `xml:"Name"` ShortName TranslatedString `xml:"ShortName"` SchemeManagerID string `xml:"SchemeManager"` ContactAddress string ContactEMail string XMLVersion int `xml:"version,attr"` Valid bool `xml:"-"` }
Issuer describes an issuer.
func (*Issuer) Identifier ¶
func (id *Issuer) Identifier() IssuerIdentifier
Identifier returns the identifier of the specified issuer description.
func (*Issuer) SchemeManagerIdentifier ¶
func (id *Issuer) SchemeManagerIdentifier() SchemeManagerIdentifier
type IssuerIdentifier ¶
type IssuerIdentifier struct {
// contains filtered or unexported fields
}
IssuerIdentifier identifies an issuer. For example "irma-demo.RU".
func NewIssuerIdentifier ¶
func NewIssuerIdentifier(id string) IssuerIdentifier
NewIssuerIdentifier converts the specified identifier to a IssuerIdentifier.
func (IssuerIdentifier) MarshalText ¶
func (id IssuerIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (IssuerIdentifier) Name ¶
func (oi IssuerIdentifier) Name() string
Name returns the last part of this identifier.
func (IssuerIdentifier) Parent ¶
func (oi IssuerIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (IssuerIdentifier) SchemeManagerIdentifier ¶
func (id IssuerIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier
SchemeManagerIdentifier returns the scheme manager identifer of the issuer.
func (IssuerIdentifier) String ¶
func (oi IssuerIdentifier) String() string
String returns this identifier as a string.
func (*IssuerIdentifier) UnmarshalText ¶
func (id *IssuerIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type LegacyDisclosureRequest ¶ added in v0.3.0
type LegacyDisclosureRequest struct { BaseRequest Content []LegacyLabeledDisjunction `json:"content"` }
func (*LegacyDisclosureRequest) Action ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Action() Action
func (*LegacyDisclosureRequest) Base ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Base() *BaseRequest
func (*LegacyDisclosureRequest) Disclosure ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest
func (*LegacyDisclosureRequest) Identifiers ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet
func (*LegacyDisclosureRequest) Legacy ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Legacy() (SessionRequest, error)
func (*LegacyDisclosureRequest) Validate ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Validate() error
type LegacyDisjunction ¶ added in v0.3.0
type LegacyDisjunction []AttributeRequest
LegacyDisjunction is a disjunction of attributes from before the condiscon feature, representing a list of attribute types one of which must be given by the user, possibly requiring specific values. (C.f. AttributeCon, also defined as []AttributeRequest, which is only satisfied if all listed attributes are given by the user.)
func (*LegacyDisjunction) MarshalJSON ¶ added in v0.3.0
func (l *LegacyDisjunction) MarshalJSON() ([]byte, error)
func (*LegacyDisjunction) UnmarshalJSON ¶ added in v0.3.0
func (l *LegacyDisjunction) UnmarshalJSON(bts []byte) error
type LegacyIssuanceRequest ¶ added in v0.3.0
type LegacyIssuanceRequest struct { BaseRequest Credentials []*CredentialRequest `json:"credentials"` Disclose []LegacyLabeledDisjunction `json:"disclose"` }
func (*LegacyIssuanceRequest) Action ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Action() Action
func (*LegacyIssuanceRequest) Base ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Base() *BaseRequest
func (*LegacyIssuanceRequest) Disclosure ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest
func (*LegacyIssuanceRequest) Identifiers ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet
func (*LegacyIssuanceRequest) Legacy ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error)
func (*LegacyIssuanceRequest) Validate ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Validate() error
type LegacyLabeledDisjunction ¶ added in v0.3.0
type LegacyLabeledDisjunction struct { Label string `json:"label"` Attributes LegacyDisjunction `json:"attributes"` }
type LegacySignatureRequest ¶ added in v0.3.0
type LegacySignatureRequest struct { LegacyDisclosureRequest Message string `json:"message"` }
func (*LegacySignatureRequest) Action ¶ added in v0.3.0
func (ir *LegacySignatureRequest) Action() Action
type MetadataAttribute ¶
type MetadataAttribute struct { Int *big.Int Conf *Configuration // contains filtered or unexported fields }
metadataAttribute represents a metadata attribute. Contains the credential type, signing date, validity, and the public key counter.
func MetadataFromInt ¶
func MetadataFromInt(i *big.Int, conf *Configuration) *MetadataAttribute
MetadataFromInt wraps the given Int
func NewMetadataAttribute ¶
func NewMetadataAttribute(version byte) *MetadataAttribute
NewMetadataAttribute constructs a new instance containing the default values: provided version as versionField now as signing date 0 as keycounter ValidityDefault (half a year) as default validity.
func (*MetadataAttribute) Bytes ¶
func (attr *MetadataAttribute) Bytes() []byte
Bytes returns this metadata attribute as a byte slice.
func (*MetadataAttribute) CredentialType ¶
func (attr *MetadataAttribute) CredentialType() *CredentialType
CredentialType returns the credential type of the current instance using the Configuration.
func (*MetadataAttribute) CredentialTypeHash ¶
func (attr *MetadataAttribute) CredentialTypeHash() []byte
func (*MetadataAttribute) Expiry ¶
func (attr *MetadataAttribute) Expiry() time.Time
Expiry returns the expiry date of this instance
func (*MetadataAttribute) IsValid ¶
func (attr *MetadataAttribute) IsValid() bool
IsValid returns whether this instance is valid.
func (*MetadataAttribute) IsValidOn ¶
func (attr *MetadataAttribute) IsValidOn(t time.Time) bool
IsValidOn returns whether this instance is still valid at the given time
func (*MetadataAttribute) KeyCounter ¶
func (attr *MetadataAttribute) KeyCounter() int
KeyCounter return the public key counter of the metadata attribute
func (*MetadataAttribute) PublicKey ¶
func (attr *MetadataAttribute) PublicKey() (*gabi.PublicKey, error)
PublicKey extracts identifier of the Idemix public key with which this instance was signed, and returns this public key.
func (*MetadataAttribute) SigningDate ¶
func (attr *MetadataAttribute) SigningDate() time.Time
SigningDate returns the time at which this instance was signed
func (*MetadataAttribute) ValidityDuration ¶
func (attr *MetadataAttribute) ValidityDuration() int
ValidityDuration returns the amount of epochs during which this instance is valid
func (*MetadataAttribute) Version ¶
func (attr *MetadataAttribute) Version() byte
Version returns the metadata version of this instance
type ProofList ¶
ProofList is a gabi.ProofList with some extra methods.
func (ProofList) Expired ¶
func (pl ProofList) Expired(configuration *Configuration, t *time.Time) bool
Expired returns true if any of the contained disclosure proofs is specified at the specified time, or now, when the specified time is nil.
func (ProofList) ExtractPublicKeys ¶
func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabi.PublicKey, error)
ExtractPublicKeys returns the public keys of each proof in the proofList, in the same order, for later use in verification of the proofList. If one of the proofs is not a ProofD an error is returned.
type ProtocolVersion ¶
ProtocolVersion encodes the IRMA protocol version of an IRMA session.
func NewVersion ¶
func NewVersion(major, minor int) *ProtocolVersion
func (*ProtocolVersion) Above ¶
func (v *ProtocolVersion) Above(major, minor int) bool
func (*ProtocolVersion) AboveVersion ¶
func (v *ProtocolVersion) AboveVersion(other *ProtocolVersion) bool
func (*ProtocolVersion) Below ¶
func (v *ProtocolVersion) Below(major, minor int) bool
Returns true if v is below the given version.
func (*ProtocolVersion) BelowVersion ¶
func (v *ProtocolVersion) BelowVersion(other *ProtocolVersion) bool
func (*ProtocolVersion) MarshalJSON ¶
func (v *ProtocolVersion) MarshalJSON() ([]byte, error)
func (*ProtocolVersion) String ¶
func (v *ProtocolVersion) String() string
func (*ProtocolVersion) UnmarshalJSON ¶
func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error)
type Qr ¶
type Qr struct { // Server with which to perform the session URL string `json:"u"` // Session type (disclosing, signing, issuing) Type Action `json:"irmaqr"` }
Qr contains the data of an IRMA session QR (as generated by irma_js), suitable for NewSession().
type RemoteError ¶
type RemoteError struct { Status int `json:"status,omitempty"` ErrorName string `json:"error,omitempty"` Description string `json:"description,omitempty"` Message string `json:"message,omitempty"` Stacktrace string `json:"stacktrace,omitempty"` }
RemoteError is an error message returned by the API server on errors.
func (*RemoteError) Error ¶
func (err *RemoteError) Error() string
type RequestorBaseRequest ¶
type RequestorBaseRequest struct { ResultJwtValidity int `json:"validity,omitempty"` // Validity of session result JWT in seconds ClientTimeout int `json:"timeout,omitempty"` // Wait this many seconds for the IRMA app to connect before the session times out CallbackUrl string `json:"callbackUrl,omitempty"` // URL to post session result to }
RequestorBaseRequest contains fields present in all RequestorRequest types with which the requestor configures an IRMA session.
type RequestorJwt ¶
type RequestorJwt interface { Action() Action RequestorRequest() RequestorRequest SessionRequest() SessionRequest Requestor() string Valid() error Sign(jwt.SigningMethod, interface{}) (string, error) }
A RequestorJwt contains an IRMA session object.
func ParseRequestorJwt ¶
func ParseRequestorJwt(action string, requestorJwt string) (RequestorJwt, error)
ParseRequestorJwt parses the specified JWT and returns the contents. Note: this function does not verify the signature! Do that elsewhere.
type RequestorRequest ¶
type RequestorRequest interface { Validator SessionRequest() SessionRequest Base() RequestorBaseRequest }
RequestorRequest is the message with which requestors start an IRMA session. It contains a SessionRequest instance for the irmaclient along with extra fields in a RequestorBaseRequest.
type SchemeAppVersion ¶ added in v0.3.0
type SchemeManager ¶
type SchemeManager struct { ID string `xml:"Id"` Name TranslatedString `xml:"Name"` URL string `xml:"Url"` Contact string `xml:"contact"` Demo bool `xml:"Demo"` // Decides whether to download private keys Description TranslatedString MinimumAppVersion SchemeAppVersion TimestampServer string XMLVersion int `xml:"version,attr"` XMLName xml.Name `xml:"SchemeManager"` Status SchemeManagerStatus `xml:"-"` Valid bool `xml:"-"` // true iff Status == SchemeManagerStatusValid Timestamp Timestamp // contains filtered or unexported fields }
SchemeManager describes a scheme manager.
func DownloadSchemeManager ¶
func DownloadSchemeManager(url string) (*SchemeManager, error)
DownloadSchemeManager downloads and returns a scheme manager description.xml file from the specified URL.
func NewSchemeManager ¶
func NewSchemeManager(name string) *SchemeManager
func (*SchemeManager) Distributed ¶
func (sm *SchemeManager) Distributed() bool
Distributed indicates if this scheme manager uses a keyshare server.
func (*SchemeManager) Identifier ¶
func (sm *SchemeManager) Identifier() SchemeManagerIdentifier
Identifier returns the identifier of the specified scheme manager.
type SchemeManagerError ¶
type SchemeManagerError struct { Manager SchemeManagerIdentifier Status SchemeManagerStatus Err error }
func (SchemeManagerError) Error ¶
func (sme SchemeManagerError) Error() string
type SchemeManagerIdentifier ¶
type SchemeManagerIdentifier struct {
// contains filtered or unexported fields
}
SchemeManagerIdentifier identifies a scheme manager. Equal to its ID. For example "irma-demo".
func NewSchemeManagerIdentifier ¶
func NewSchemeManagerIdentifier(id string) SchemeManagerIdentifier
NewSchemeManagerIdentifier converts the specified identifier to a SchemeManagerIdentifier.
func (SchemeManagerIdentifier) MarshalText ¶
func (id SchemeManagerIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (SchemeManagerIdentifier) Name ¶
func (oi SchemeManagerIdentifier) Name() string
Name returns the last part of this identifier.
func (SchemeManagerIdentifier) Parent ¶
func (oi SchemeManagerIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (SchemeManagerIdentifier) String ¶
func (oi SchemeManagerIdentifier) String() string
String returns this identifier as a string.
func (*SchemeManagerIdentifier) UnmarshalText ¶
func (id *SchemeManagerIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type SchemeManagerIndex ¶
type SchemeManagerIndex map[string]ConfigurationFileHash
SchemeManagerIndex is a (signed) list of files under a scheme manager along with their SHA266 hash
func (SchemeManagerIndex) FromString ¶
func (i SchemeManagerIndex) FromString(s string) error
FromString populates this index by parsing the specified string.
func (SchemeManagerIndex) Scheme ¶ added in v0.3.0
func (i SchemeManagerIndex) Scheme() SchemeManagerIdentifier
func (SchemeManagerIndex) String ¶
func (i SchemeManagerIndex) String() string
type SchemeManagerPointer ¶
type SchemeManagerPointer struct { Url string // URL to download scheme from Publickey []byte // Public key of scheme against which to verify files after they have been downloaded }
SchemeManagerPointer points to a remote IRMA scheme, containing information to download the scheme, including its (pinned) public key.
type SchemeManagerRequest ¶
type SchemeManagerRequest Qr
func (*SchemeManagerRequest) Validate ¶
func (smr *SchemeManagerRequest) Validate() error
type SchemeManagerStatus ¶
type SchemeManagerStatus string
type ServerJwt ¶
type ServerJwt struct { Type string `json:"sub"` ServerName string `json:"iss"` IssuedAt Timestamp `json:"iat"` }
ServerJwt contains standard JWT fields.
type ServiceProviderJwt ¶
type ServiceProviderJwt struct { ServerJwt Request *ServiceProviderRequest `json:"sprequest"` }
ServiceProviderJwt is a requestor JWT for a disclosure session.
func NewServiceProviderJwt ¶
func NewServiceProviderJwt(servername string, dr *DisclosureRequest) *ServiceProviderJwt
NewServiceProviderJwt returns a new ServiceProviderJwt.
func (*ServiceProviderJwt) Action ¶
func (claims *ServiceProviderJwt) Action() Action
func (*ServiceProviderJwt) RequestorRequest ¶
func (claims *ServiceProviderJwt) RequestorRequest() RequestorRequest
func (*ServiceProviderJwt) SessionRequest ¶
func (claims *ServiceProviderJwt) SessionRequest() SessionRequest
SessionRequest returns an IRMA session object.
func (*ServiceProviderJwt) Sign ¶
func (claims *ServiceProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
func (*ServiceProviderJwt) Valid ¶
func (claims *ServiceProviderJwt) Valid() error
type ServiceProviderRequest ¶
type ServiceProviderRequest struct { RequestorBaseRequest Request *DisclosureRequest `json:"request"` }
A ServiceProviderRequest contains a disclosure request.
func (*ServiceProviderRequest) Base ¶
func (r *ServiceProviderRequest) Base() RequestorBaseRequest
func (*ServiceProviderRequest) SessionRequest ¶
func (r *ServiceProviderRequest) SessionRequest() SessionRequest
func (*ServiceProviderRequest) Validate ¶
func (r *ServiceProviderRequest) Validate() error
type SessionError ¶
type SessionError struct { Err error ErrorType Info string RemoteError *RemoteError RemoteStatus int }
SessionError is a protocol error.
func (*SessionError) Error ¶
func (e *SessionError) Error() string
func (*SessionError) Stack ¶
func (e *SessionError) Stack() string
func (*SessionError) WrappedError ¶
func (e *SessionError) WrappedError() string
type SessionRequest ¶
type SessionRequest interface { Validator Base() *BaseRequest GetNonce(timestamp *atum.Timestamp) *big.Int Disclosure() *DisclosureRequest Identifiers() *IrmaIdentifierSet Action() Action Legacy() (SessionRequest, error) }
SessionRequest instances contain all information the irmaclient needs to perform an IRMA session.
type SignatureRequest ¶
type SignatureRequest struct { DisclosureRequest Message string `json:"message"` }
A SignatureRequest is a a request to sign a message with certain attributes. Construct new instances using NewSignatureRequest().
func NewSignatureRequest ¶ added in v0.3.0
func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *SignatureRequest
func (*SignatureRequest) Action ¶
func (sr *SignatureRequest) Action() Action
func (*SignatureRequest) GetNonce ¶
func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int
GetNonce returns the nonce of this signature session (with the message already hashed into it).
func (*SignatureRequest) Legacy ¶ added in v0.3.0
func (sr *SignatureRequest) Legacy() (SessionRequest, error)
func (*SignatureRequest) SignatureFromMessage ¶
func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error)
func (*SignatureRequest) UnmarshalJSON ¶ added in v0.3.0
func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error)
func (*SignatureRequest) Validate ¶
func (sr *SignatureRequest) Validate() error
type SignatureRequestorJwt ¶
type SignatureRequestorJwt struct { ServerJwt Request *SignatureRequestorRequest `json:"absrequest"` }
SignatureRequestorJwt is a requestor JWT for a signing session.
func NewSignatureRequestorJwt ¶
func NewSignatureRequestorJwt(servername string, sr *SignatureRequest) *SignatureRequestorJwt
NewSignatureRequestorJwt returns a new SignatureRequestorJwt.
func (*SignatureRequestorJwt) Action ¶
func (claims *SignatureRequestorJwt) Action() Action
func (*SignatureRequestorJwt) RequestorRequest ¶
func (claims *SignatureRequestorJwt) RequestorRequest() RequestorRequest
func (*SignatureRequestorJwt) SessionRequest ¶
func (claims *SignatureRequestorJwt) SessionRequest() SessionRequest
SessionRequest returns an IRMA session object.
func (*SignatureRequestorJwt) Sign ¶
func (claims *SignatureRequestorJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
func (*SignatureRequestorJwt) Valid ¶
func (claims *SignatureRequestorJwt) Valid() error
type SignatureRequestorRequest ¶
type SignatureRequestorRequest struct { RequestorBaseRequest Request *SignatureRequest `json:"request"` }
A SignatureRequestorRequest contains a signing request.
func (*SignatureRequestorRequest) Base ¶
func (r *SignatureRequestorRequest) Base() RequestorBaseRequest
func (*SignatureRequestorRequest) SessionRequest ¶
func (r *SignatureRequestorRequest) SessionRequest() SessionRequest
func (*SignatureRequestorRequest) Validate ¶
func (r *SignatureRequestorRequest) Validate() error
type SignedMessage ¶
type SignedMessage struct { LDContext string `json:"@context"` Signature gabi.ProofList `json:"signature"` Indices DisclosedAttributeIndices `json:"indices"` Nonce *big.Int `json:"nonce"` Context *big.Int `json:"context"` Message string `json:"message"` Timestamp *atum.Timestamp `json:"timestamp"` }
SignedMessage is a message signed with an attribute-based signature The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)
func (*SignedMessage) Disclosure ¶
func (sm *SignedMessage) Disclosure() *Disclosure
func (*SignedMessage) GetNonce ¶
func (sm *SignedMessage) GetNonce() *big.Int
func (*SignedMessage) MatchesNonceAndContext ¶
func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool
func (*SignedMessage) Verify ¶
func (sm *SignedMessage) Verify(configuration *Configuration, request *SignatureRequest) ([][]*DisclosedAttribute, ProofStatus, error)
Verify the attribute-based signature, optionally against a corresponding signature request. If the request is present (i.e. not nil), then the first attributes in the returned result match with the disjunction list in the request (that is, the i'th attribute in the result should satisfy the i'th disjunction in the request). If the request is not fully satisfied in this fasion, the Status of the result is ProofStatusMissingAttributes. Any remaining attributes (i.e. not asked for by the request) are also included in the result, after the attributes that match disjunctions in the request.
The signature request is optional; if it is nil then the attribute-based signature is still verified, and all containing attributes returned in the result.
func (*SignedMessage) VerifyTimestamp ¶
func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error
Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes, and rerandomized CL-signatures.
func (*SignedMessage) Version ¶ added in v0.3.0
func (sm *SignedMessage) Version() int
type Timestamp ¶
Timestamp is a time.Time that marshals to Unix timestamps.
func (Timestamp) Before ¶
Check if Timestamp is before other Timestamp. Used for checking expiry of attributes
func (*Timestamp) MarshalJSON ¶
MarshalJSON marshals a timestamp.
func (*Timestamp) UnmarshalJSON ¶
UnmarshalJSON unmarshals a timestamp.
type TranslatedString ¶
TranslatedString is a map of translated strings.
func NewTranslatedString ¶
func NewTranslatedString(attr *string) TranslatedString
NewTranslatedString returns a TranslatedString containing the specified string for each supported language, or nil when attr is nil.
func (*TranslatedString) MarshalXML ¶
func (ts *TranslatedString) MarshalXML(e *xml.Encoder, start xml.StartElement) error
MarshalXML implements xml.Marshaler.
func (*TranslatedString) UnmarshalXML ¶
func (ts *TranslatedString) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
UnmarshalXML unmarshals an XML tag containing a string translated to multiple languages, for example: <Foo><en>Hello world</en><nl>Hallo wereld</nl></Foo> into a TranslatedString: { "en": "Hello world" , "nl": "Hallo wereld" }
type UnknownIdentifierError ¶ added in v0.3.0
type UnknownIdentifierError struct { ErrorType Missing *IrmaIdentifierSet }
func (*UnknownIdentifierError) Error ¶ added in v0.3.0
func (e *UnknownIdentifierError) Error() string
Source Files
¶
Directories
¶
Path | Synopsis |
---|---|
internal
|
|
servercore
Package servercore is the core of the IRMA server library, allowing IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
|
Package servercore is the core of the IRMA server library, allowing IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e. |
sessiontest
This package just contains tests.
|
This package just contains tests. |
test
Package test contains functionality that should be available to all unit tests (which live in separate packages).
|
Package test contains functionality that should be available to all unit tests (which live in separate packages). |
Package irmaclient implements an IRMA client, that can manage and use IRMA attributes.
|
Package irmaclient implements an IRMA client, that can manage and use IRMA attributes. |
irmac
Required to be main when building a shared library
|
Required to be main when building a shared library |
irmaserver
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
|
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e. |
requestorserver
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.
|
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e. |