Documentation
¶
Index ¶
- Constants
- type AddContentRequest
- type AuthCapabilityProvider
- type Command
- func (o *Command) Add(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Close(rw io.Writer, req io.Reader) command.Error
- func (o *Command) CreateKeyPair(rw io.Writer, req io.Reader) command.Error
- func (o *Command) CreateProfile(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Derive(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Get(rw io.Writer, req io.Reader) command.Error
- func (o *Command) GetAll(rw io.Writer, req io.Reader) command.Error
- func (o *Command) GetHandlers() []command.Handler
- func (o *Command) Issue(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Open(rw io.Writer, req io.Reader) command.Error
- func (o *Command) ProfileExists(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Prove(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Query(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Remove(rw io.Writer, req io.Reader) command.Error
- func (o *Command) ResolveCredentialManifest(rw io.Writer, req io.Reader) command.Error
- func (o *Command) SignJWT(rw io.Writer, req io.Reader) command.Error
- func (o *Command) UpdateProfile(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Verify(rw io.Writer, req io.Reader) command.Error
- func (o *Command) VerifyJWT(rw io.Writer, req io.Reader) command.Error
- type Config
- type ContentQueryRequest
- type ContentQueryResponse
- type CreateKeyPairRequest
- type CreateKeyPairResponse
- type CreateOrUpdateProfileRequest
- type DeriveRequest
- type DeriveResponse
- type EDVConfiguration
- type GNAPHeaderSigner
- type GetAllContentRequest
- type GetAllContentResponse
- type GetContentRequest
- type GetContentResponse
- type HTTPHeaderSigner
- type IssueRequest
- type IssueResponse
- type LockWalletRequest
- type LockWalletResponse
- type ProveRequest
- type ProveResponse
- type RemoveContentRequest
- type ResolveCredentialManifestRequest
- type ResolveCredentialManifestResponse
- type SignJWTRequest
- type SignJWTResponse
- type UnlockAuth
- type UnlockWalletRequest
- type UnlockWalletResponse
- type VerifyJWTRequest
- type VerifyJWTResponse
- type VerifyRequest
- type VerifyResponse
- type WalletAuth
- type WalletUser
Constants ¶
View Source
const ( // InvalidRequestErrorCode is typically a code for invalid requests. InvalidRequestErrorCode = command.Code(iota + command.VCWallet) // CreateProfileErrorCode for errors during create wallet profile operations. CreateProfileErrorCode // UpdateProfileErrorCode for errors during update wallet profile operations. UpdateProfileErrorCode // OpenWalletErrorCode for errors during wallet unlock operations. OpenWalletErrorCode // CloseWalletErrorCode for errors during wallet lock operations. CloseWalletErrorCode // AddToWalletErrorCode for errors while adding contents to wallet. AddToWalletErrorCode // RemoveFromWalletErrorCode for errors while removing contents from wallet. RemoveFromWalletErrorCode // GetFromWalletErrorCode for errors while getting a content from wallet. GetFromWalletErrorCode // GetAllFromWalletErrorCode for errors while getting all contents from wallet. GetAllFromWalletErrorCode // QueryWalletErrorCode for errors while querying credentials contents from wallet. QueryWalletErrorCode // IssueFromWalletErrorCode for errors while issuing a credential from wallet. IssueFromWalletErrorCode // ProveFromWalletErrorCode for errors while producing a presentation from wallet. ProveFromWalletErrorCode // VerifyFromWalletErrorCode for errors while verifying a presentation or credential from wallet. VerifyFromWalletErrorCode // DeriveFromWalletErrorCode for errors while deriving a credential from wallet. DeriveFromWalletErrorCode // CreateKeyPairFromWalletErrorCode for errors while creating key pair from wallet. CreateKeyPairFromWalletErrorCode // ProfileExistsErrorCode for errors while checking if profile exists for a wallet user. ProfileExistsErrorCode // ResolveCredentialManifestErrorCode for errors while resolving credential manifest from wallet. ResolveCredentialManifestErrorCode // SignJWTErrorCode for errors while signing a JWT using wallet. SignJWTErrorCode // VerifyJWTErrorCode for errors while verifying a JWT using wallet. VerifyJWTErrorCode )
Error codes.
View Source
const ( CommandName = "vcwallet" // command methods. CreateProfileMethod = "CreateProfile" UpdateProfileMethod = "UpdateProfile" ProfileExistsMethod = "ProfileExists" OpenMethod = "Open" CloseMethod = "Close" AddMethod = "Add" RemoveMethod = "Remove" GetMethod = "Get" GetAllMethod = "GetAll" QueryMethod = "Query" SignJWTMethod = "SignJWT" VerifyJWTMethod = "VerifyJWT" IssueMethod = "Issue" ProveMethod = "Prove" VerifyMethod = "Verify" DeriveMethod = "Derive" CreateKeyPairMethod = "CreateKeyPair" ResolveCredentialManifestMethod = "ResolveCredentialManifest" )
All command operations.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddContentRequest ¶
type AddContentRequest struct {
WalletAuth
// type of the content to be added to the wallet.
// supported types: collection, credential, didResolutionResponse, metadata, connection, key
ContentType wallet.ContentType `json:"contentType"`
// content to be added to wallet content store.
Content json.RawMessage `json:"content"`
// ID of the wallet collection to which this content should belong.
CollectionID string `json:"collectionID"`
}
AddContentRequest is request for adding a content to wallet.
type AuthCapabilityProvider ¶
type AuthCapabilityProvider interface {
// Returns HTTP Header Signer.
GetHeaderSigner(authzKeyStoreURL, accessToken, secretShare string) HTTPHeaderSigner
}
AuthCapabilityProvider is for providing Authorization Capabilities (ZCAP-LD) feature for wallet's EDV and WebKMS components.
type Command ¶
type Command struct {
// contains filtered or unexported fields
}
Command contains operations provided by verifiable credential wallet controller.
func (*Command) CreateKeyPair ¶
CreateKeyPair creates key pair from wallet.
func (*Command) CreateProfile ¶
CreateProfile creates new wallet profile for given user.
func (*Command) GetHandlers ¶
GetHandlers returns list of all commands supported by this controller command.
func (*Command) Open ¶
Open unlocks given user's wallet and returns a token for subsequent use of wallet features.
func (*Command) ProfileExists ¶
ProfileExists checks if wallet profile exists for given wallet user.
func (*Command) Query ¶
Query runs credential queries against wallet credential contents and returns presentation containing credential results.
func (*Command) ResolveCredentialManifest ¶ added in v0.1.8
ResolveCredentialManifest resolves given credential manifest by credential response or credential. Supports: https://identity.foundation/credential-manifest/
Writes list of resolved descriptors to writer or returns error if operation fails.
func (*Command) UpdateProfile ¶
UpdateProfile updates an existing wallet profile for given user.
type Config ¶
type Config struct {
// EDV header signer, typically used for introducing zcapld feature.
EdvAuthzProvider AuthCapabilityProvider
// Web KMS header signer, typically used for introducing zcapld feature.
WebKMSAuthzProvider AuthCapabilityProvider
// Web KMS header signer for GNAP authorization.
WebKMSGNAPSigner GNAPHeaderSigner
// EDV header signer for GNAP authorization.
EDVGNAPSigner GNAPHeaderSigner
// option is a performance optimization that speeds up queries by getting full documents from
// the EDV server instead of only document locations.
EDVReturnFullDocumentsOnQuery bool
// this EDV option is a performance optimization that allows for restStore.Batch to only require one REST call.
EDVBatchEndpointExtensionEnabled bool
// Aries Web KMS cache size configuration.
WebKMSCacheSize int
// Default token expiry for all wallet profiles created.
// Will be used only if wallet unlock request doesn't supply default timeout value.
DefaultTokenExpiry time.Duration
// Indicate if a data model of json-ld content stored in the wallet should be validated.
ValidateDataModel bool
}
Config contains properties to customize verifiable credential wallet controller. All properties of this config are optional, but they can be used to customize wallet's webkms and edv client's.
type ContentQueryRequest ¶
type ContentQueryRequest struct {
WalletAuth
// credential query(s) for querying wallet contents.
Query []*wallet.QueryParams `json:"query"`
}
ContentQueryRequest is request model for querying wallet contents.
type ContentQueryResponse ¶
type ContentQueryResponse struct {
// response presentation(s) containing query results.
Results []*verifiable.Presentation `json:"results"`
}
ContentQueryResponse response for wallet content query.
type CreateKeyPairRequest ¶
type CreateKeyPairRequest struct {
WalletAuth
// type of the key to be created.
KeyType kms.KeyType `json:"keyType,omitempty"`
}
CreateKeyPairRequest is request model for creating key pair from wallet.
type CreateKeyPairResponse ¶
CreateKeyPairResponse is response model for creating key pair from wallet.
type CreateOrUpdateProfileRequest ¶
type CreateOrUpdateProfileRequest struct {
// Unique identifier to identify wallet user
UserID string `json:"userID"`
// passphrase for local kms for key operations.
// Optional, if this option is provided then wallet for this profile will use local KMS for key operations.
LocalKMSPassphrase string `json:"localKMSPassphrase,omitempty"`
// passphrase for web/remote kms for key operations.
// Optional, if this option is provided then wallet for this profile will use web/remote KMS for key operations.
KeyStoreURL string `json:"keyStoreURL,omitempty"`
// edv configuration for storing wallet contents for this profile
// Optional, if not provided then agent storage provider will be used as store provider.
EDVConfiguration *EDVConfiguration `json:"edvConfiguration,omitempty"`
}
CreateOrUpdateProfileRequest is request model for creating a new wallet profile or updating an existing wallet profile.
type DeriveRequest ¶
type DeriveRequest struct {
WalletAuth
// ID of the credential already saved in wallet content store.
// optional, if provided then this option takes precedence.
StoredCredentialID string `json:"storedCredentialID"`
// List of raw credential to be presented.
// optional, will be used only if other options is not provided.
RawCredential json.RawMessage `json:"rawCredential"`
// DeriveOptions options for deriving credential
*wallet.DeriveOptions `json:"deriveOption"`
}
DeriveRequest is request model for deriving a credential from wallet.
type DeriveResponse ¶
type DeriveResponse struct {
// credential derived.
Credential *verifiable.Credential `json:"credential"`
}
DeriveResponse is response for derived credential operation.
type EDVConfiguration ¶
type EDVConfiguration struct {
// EDV server URL for storing wallet contents.
ServerURL string `json:"serverURL,omitempty"`
// EDV vault ID for storing the wallet contents.
VaultID string `json:"vaultID,omitempty"`
// Encryption key ID of already existing key in wallet profile kms.
// If profile is using localkms then wallet will create this key set for wallet user.
EncryptionKeyID string `json:"encryptionKID,omitempty"`
// MAC operation key ID of already existing key in wallet profile kms.
// If profile is using localkms then wallet will create this key set for wallet user.
MACKeyID string `json:"macKID,omitempty"`
}
EDVConfiguration contains configuration for EDV settings for profile creation.
type GNAPHeaderSigner ¶ added in v0.1.9
GNAPHeaderSigner signs a request using GNAP, for resource server access authorization.
type GetAllContentRequest ¶
type GetAllContentRequest struct {
WalletAuth
// type of the contents to be returned from wallet.
// supported types: collection, credential, didResolutionResponse, metadata, connection
ContentType wallet.ContentType `json:"contentType"`
// ID of the collection on which the response contents to be filtered.
CollectionID string `json:"collectionID,omitempty"`
}
GetAllContentRequest is request for getting all contents from wallet for given content type.
type GetAllContentResponse ¶
type GetAllContentResponse struct {
// contents retrieved from wallet content store.
// map of content ID to content.
Contents map[string]json.RawMessage `json:"contents"`
}
GetAllContentResponse response for get all content by content type wallet operation.
type GetContentRequest ¶
type GetContentRequest struct {
WalletAuth
// type of the content to be returned from wallet.
// supported types: collection, credential, didResolutionResponse, metadata, connection
ContentType wallet.ContentType `json:"contentType"`
// ID of the content to be returned from wallet
ContentID string `json:"contentID"`
}
GetContentRequest is request for getting a content from wallet.
type GetContentResponse ¶
type GetContentResponse struct {
// content retrieved from wallet content store.
Content json.RawMessage `json:"content"`
}
GetContentResponse response for get content from wallet operation.
type HTTPHeaderSigner ¶
type HTTPHeaderSigner interface {
// SignHeader header with capability.
SignHeader(req *http.Request, capabilityBytes []byte) (*http.Header, error)
}
HTTPHeaderSigner is for http header signing, typically used for zcapld functionality.
type IssueRequest ¶
type IssueRequest struct {
WalletAuth
// raw credential to be issued from wallet.
Credential json.RawMessage `json:"credential"`
// proof options for issuing credential
ProofOptions *wallet.ProofOptions `json:"proofOptions"`
}
IssueRequest is request model for issuing credential from wallet.
type IssueResponse ¶
type IssueResponse struct {
// credential issued.
Credential *verifiable.Credential `json:"credential"`
}
IssueResponse is response for issue credential interface from wallet.
type LockWalletRequest ¶
type LockWalletRequest struct {
// user ID of the wallet to be locked.
UserID string `json:"userID"`
}
LockWalletRequest contains options for locking wallet.
type LockWalletResponse ¶
type LockWalletResponse struct {
// Closed status of the wallet lock operation.
// if true, wallet is closed successfully
// if false, wallet is already closed or never unlocked.
Closed bool `json:"closed"`
}
LockWalletResponse contains response for wallet lock operation.
type ProveRequest ¶
type ProveRequest struct {
WalletAuth
// IDs of credentials already saved in wallet content store.
StoredCredentials []string `json:"storedCredentials"`
// List of raw credentials to be presented.
RawCredentials []json.RawMessage `json:"rawCredentials"`
// Presentation to be proved.
Presentation json.RawMessage `json:"presentation"`
// proof options for issuing credential.
ProofOptions *wallet.ProofOptions `json:"proofOptions"`
}
ProveRequest for producing verifiable presentation from wallet. Contains options for proofs and credential. Any combination of credential option can be mixed.
type ProveResponse ¶
type ProveResponse struct {
// presentation response from prove operation.
Presentation *verifiable.Presentation `json:"presentation"`
}
ProveResponse contains response presentation from prove operation.
type RemoveContentRequest ¶
type RemoveContentRequest struct {
WalletAuth
// type of the content to be removed from the wallet.
// supported types: collection, credential, didResolutionResponse, metadata, connection
ContentType wallet.ContentType `json:"contentType"`
// ID of the content to be removed from wallet
ContentID string `json:"contentID"`
}
RemoveContentRequest is request for removing a content from wallet.
type ResolveCredentialManifestRequest ¶ added in v0.1.8
type ResolveCredentialManifestRequest struct {
WalletAuth
// Credential Manifest on which given credential response or credential needs to be resolved.
Manifest json.RawMessage `json:"manifest,omitempty"`
// Response to be resolved.
// If provided, then this option takes precedence over credential resolve option.
Response json.RawMessage `json:"response,omitempty"`
// Credential to be be resolved, to be provided along with 'DescriptorID' to be used for resolving.
Credential json.RawMessage `json:"credential,omitempty"`
// ID of the Credential from wallet content to be be resolved, to be provided along with 'DescriptorID'.
CredentialID string `json:"credentialID,omitempty"`
// ID of the output descriptor to be used for resolving given credential.
DescriptorID string `json:"descriptorID,omitempty"`
}
ResolveCredentialManifestRequest is request model for resolving credential manifest from wallet.
type ResolveCredentialManifestResponse ¶ added in v0.1.8
type ResolveCredentialManifestResponse struct {
// List of Resolved Descriptor results.
Resolved []*cm.ResolvedDescriptor `json:"resolved,omitempty"`
}
ResolveCredentialManifestResponse is response model from wallet credential manifest resolve operation.
type SignJWTRequest ¶ added in v0.1.9
type SignJWTRequest struct {
WalletAuth
// Headers to include in JWT protected headers.
Headers map[string]interface{} `json:"headers"`
// Claims to sign as JWT payload.
Claims map[string]interface{} `json:"claims"`
// KID identifies the key to be used for signing the JWT.
KID string `json:"kid"`
}
SignJWTRequest is request model for signing a JWT using wallet.
type SignJWTResponse ¶ added in v0.1.9
type SignJWTResponse struct {
// JWT signed.
JWT string `json:"jwt"`
}
SignJWTResponse is response for signing JWT using wallet.
type UnlockAuth ¶
type UnlockAuth struct {
// Http header 'authorization' bearer token to be used.
// Optional, only if required by wallet user (for webkms or edv).
AuthToken string `json:"authToken,omitempty"`
// Http header 'authorization' GNAP token to be used.
// Optional, only if required by wallet user (for webkms or edv).
GNAPToken string `json:"gnapToken,omitempty"`
// Capability if ZCAP sign header feature to be used for authorizing access.
// Optional, can be used only if ZCAP sign header feature is configured with command controller.
Capability string `json:"capability,omitempty"`
// AuthZKeyStoreURL if ZCAP sign header feature to be used for authorizing access.
// Optional, can be used only if ZCAP sign header feature is configured with command controller.
AuthZKeyStoreURL string `json:"authzKeyStoreURL,omitempty"`
// Optional, can be used only if ZCAP sign header feature is configured with command controller.
SecretShare string `json:"secretShare,omitempty"`
}
UnlockAuth contains different options for authorizing access to wallet's EDV content store & webkms.
type UnlockWalletRequest ¶
type UnlockWalletRequest struct {
// user ID of the wallet to be unlocked.
UserID string `json:"userID"`
// passphrase for local kms for key operations.
// Optional, to be used if profile for this wallet user is setup with local KMS.
LocalKMSPassphrase string `json:"localKMSPassphrase,omitempty"`
// WebKMSAuth for authorizing acccess to web/remote kms.
// Optional, to be used if profile for this wallet user is setup with web/remote KMS.
WebKMSAuth *UnlockAuth `json:"webKMSAuth"`
// Options for authorizing access to wallet's EDV content store.
// Optional, to be used only if profile for this wallet user is setup to use EDV as content store.
EDVUnlock *UnlockAuth `json:"edvUnlocks"`
// Time duration in milliseconds after which wallet will expire its unlock status.
Expiry time.Duration `json:"expiry,omitempty"`
}
UnlockWalletRequest contains different options for unlocking wallet.
type UnlockWalletResponse ¶
type UnlockWalletResponse struct {
// Token for granting access to wallet for subsequent wallet operations.
Token string `json:"token,omitempty"`
}
UnlockWalletResponse contains response for wallet unlock operation.
type VerifyJWTRequest ¶ added in v0.1.9
type VerifyJWTRequest struct {
WalletAuth
// JWT is the compact JWT to be verified.
JWT string `json:"jwt"`
}
VerifyJWTRequest is request model for verifying a JWT using wallet.
type VerifyJWTResponse ¶ added in v0.1.9
type VerifyJWTResponse struct {
// Verified is true if provided JWT was successfully verified.
Verified bool `json:"verified"`
// Error contains the JWT verification error, if any.
Error string `json:"error,omitempty"`
}
VerifyJWTResponse is response for verifying JWT using wallet.
type VerifyRequest ¶
type VerifyRequest struct {
WalletAuth
// ID of the credential already saved in wallet content store.
// optional, if provided then this option takes precedence over other options.
StoredCredentialID string `json:"storedCredentialID"`
// List of raw credential to be presented.
// optional, if provided then this option takes precedence over presentation options.
RawCredential json.RawMessage `json:"rawCredential"`
// Presentation to be proved.
// optional, will be used only if other options are not provided.
Presentation json.RawMessage `json:"presentation"`
}
VerifyRequest request for verifying a credential or presentation from wallet. Any one of the credential option should be used.
type VerifyResponse ¶
type VerifyResponse struct {
// if true then verification is successful.
Verified bool `json:"verified"`
// error details if verified is false.
Error string `json:"error,omitempty"`
}
VerifyResponse is response model for wallet verify operation.
type WalletAuth ¶
type WalletAuth struct {
// Authorization token for performing wallet operations.
Auth string `json:"auth"`
// ID of wallet user.
UserID string `json:"userID"`
}
WalletAuth contains wallet auth parameters for performing wallet operations.
type WalletUser ¶
type WalletUser struct {
// ID of wallet user.
ID string `json:"userID"`
}
WalletUser contains wallet user info for performing profile operations.
Source Files
Click to show internal directories.
Click to hide internal directories.