verifier

package

v0.3.2 Latest Latest Go to latest Published: May 9, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hyperledger/aries-framework-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package verifier enables the Verifier: An entity that requests, checks and extracts the claims from an SD-JWT and respective Disclosures.

Index ¶

func Parse(combinedFormatForPresentation string, opts ...ParseOpt) (map[string]interface{}, error)
type ParseOpt

Examples ¶

Parse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Parse ¶

func Parse(combinedFormatForPresentation string, opts ...ParseOpt) (map[string]interface{}, error)

Parse parses combined format for presentation and returns verified claims. The Verifier has to verify that all disclosed claim values were part of the original, Issuer-signed SD-JWT.

At a high level, the Verifier:

receives the Combined Format for Presentation from the Holder and verifies the signature of the SD-JWT using the Issuer's public key,
verifies the Holder Binding JWT, if Holder Binding is required by the Verifier's policy, using the public key included in the SD-JWT,
calculates the digests over the Holder-Selected Disclosures and verifies that each digest is contained in the SD-JWT.

Detailed algorithm: https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-02.html#name-verification-by-the-verifier

The Verifier will not, however, learn any claim values not disclosed in the Disclosures.

Example ¶

package main

import (
	"crypto/ed25519"
	"crypto/rand"
	"encoding/json"
	"fmt"

	afjwt "github.com/hyperledger/aries-framework-go/pkg/doc/jwt"
	"github.com/hyperledger/aries-framework-go/pkg/doc/sdjwt/common"
	"github.com/hyperledger/aries-framework-go/pkg/doc/sdjwt/holder"
	"github.com/hyperledger/aries-framework-go/pkg/doc/sdjwt/issuer"
)

func main() {
	signer, signatureVerifier, err := setUp()
	if err != nil {
		fmt.Println("failed to set-up test: %w", err.Error())
	}

	claims := map[string]interface{}{
		"given_name": "Albert",
		"last_name":  "Smith",
	}

	// Issuer will issue SD-JWT for specified claims.
	token, err := issuer.New(testIssuer, claims, nil, signer)
	if err != nil {
		fmt.Println("failed to issue SD-JWT: %w", err.Error())
	}

	combinedFormatForIssuance, err := token.Serialize(false)
	if err != nil {
		fmt.Println("failed to issue SD-JWT: %w", err.Error())
	}

	// Holder will parse combined format for issuance for verification purposes.
	_, err = holder.Parse(combinedFormatForIssuance, holder.WithSignatureVerifier(signatureVerifier))
	if err != nil {
		fmt.Println("holder failed to parse SD-JWT: %w", err.Error())
	}

	// The Holder will disclose all claims.
	combinedFormatForPresentation := combinedFormatForIssuance + common.CombinedFormatSeparator

	// Verifier will validate combined format for presentation and create verified claims.
	verifiedClaims, err := Parse(combinedFormatForPresentation,
		WithSignatureVerifier(signatureVerifier))
	if err != nil {
		fmt.Println("verifier failed to parse holder presentation: %w", err.Error())
	}

	verifiedClaimsJSON, err := marshalObj(verifiedClaims)
	if err != nil {
		fmt.Println("verifier failed to marshal verified claims: %w", err.Error())
	}

	fmt.Println(verifiedClaimsJSON)

}

func setUp() (*afjwt.JoseED25519Signer, *afjwt.JoseEd25519Verifier, error) {
	issuerPublicKey, issuerPrivateKey, err := ed25519.GenerateKey(rand.Reader)
	if err != nil {
		return nil, nil, err
	}

	signer := afjwt.NewEd25519Signer(issuerPrivateKey)

	signatureVerifier, err := afjwt.NewEd25519Verifier(issuerPublicKey)
	if err != nil {
		return nil, nil, err
	}

	return signer, signatureVerifier, nil
}

func marshalObj(obj interface{}) (string, error) {
	objBytes, err := json.Marshal(obj)
	if err != nil {
		fmt.Println("failed to marshal object: %w", err.Error())
	}

	return prettyPrint(objBytes)
}

Output:

{
	"given_name": "Albert",
	"iss": "https://example.com/issuer",
	"last_name": "Smith"
}

Types ¶

type ParseOpt ¶

type ParseOpt func(opts *parseOpts)

ParseOpt is the SD-JWT Parser option.

func WithExpectedAudienceForHolderBinding ¶

func WithExpectedAudienceForHolderBinding(audience string) ParseOpt

WithExpectedAudienceForHolderBinding option is to pass expected audience for holder binding.

func WithExpectedNonceForHolderBinding ¶

func WithExpectedNonceForHolderBinding(nonce string) ParseOpt

WithExpectedNonceForHolderBinding option is to pass nonce value for holder binding.

func WithHolderBindingRequired ¶

func WithHolderBindingRequired(flag bool) ParseOpt

WithHolderBindingRequired option is for enforcing holder binding.

func WithHolderSigningAlgorithms ¶

func WithHolderSigningAlgorithms(algorithms []string) ParseOpt

WithHolderSigningAlgorithms option is for defining secure signing algorithms (for holder).

func WithIssuerSigningAlgorithms ¶

func WithIssuerSigningAlgorithms(algorithms []string) ParseOpt

WithIssuerSigningAlgorithms option is for defining secure signing algorithms (for issuer).

func WithJWTDetachedPayload ¶

func WithJWTDetachedPayload(payload []byte) ParseOpt

WithJWTDetachedPayload option is for definition of JWT detached payload.

func WithLeewayForClaimsValidation ¶

func WithLeewayForClaimsValidation(duration time.Duration) ParseOpt

WithLeewayForClaimsValidation is an option for claims time(s) validation.

func WithSignatureVerifier ¶

func WithSignatureVerifier(signatureVerifier jose.SignatureVerifier) ParseOpt

WithSignatureVerifier option is for definition of signature verifier.

Source Files ¶

View all Source files

verifier.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL