vcwallet

package
v0.0.0-...-57c6170 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 1, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// InvalidRequestErrorCode is typically a code for invalid requests.
	InvalidRequestErrorCode = command.Code(iota + command.VCWallet)

	// CreateProfileErrorCode for errors during create wallet profile operations.
	CreateProfileErrorCode

	// UpdateProfileErrorCode for errors during update wallet profile operations.
	UpdateProfileErrorCode

	// OpenWalletErrorCode for errors during wallet unlock operations.
	OpenWalletErrorCode

	// CloseWalletErrorCode for errors during wallet lock operations.
	CloseWalletErrorCode

	// AddToWalletErrorCode for errors while adding contents to wallet.
	AddToWalletErrorCode

	// RemoveFromWalletErrorCode for errors while removing contents from wallet.
	RemoveFromWalletErrorCode

	// GetFromWalletErrorCode for errors while getting a content from wallet.
	GetFromWalletErrorCode

	// GetAllFromWalletErrorCode for errors while getting all contents from wallet.
	GetAllFromWalletErrorCode

	// QueryWalletErrorCode for errors while querying credentials contents from wallet.
	QueryWalletErrorCode

	// IssueFromWalletErrorCode for errors while issuing a credential from wallet.
	IssueFromWalletErrorCode

	// ProveFromWalletErrorCode for errors while producing a presentation from wallet.
	ProveFromWalletErrorCode

	// VerifyFromWalletErrorCode for errors while verifying a presentation or credential from wallet.
	VerifyFromWalletErrorCode

	// DeriveFromWalletErrorCode for errors while deriving a credential from wallet.
	DeriveFromWalletErrorCode

	// CreateKeyPairFromWalletErrorCode for errors while creating key pair from wallet.
	CreateKeyPairFromWalletErrorCode

	// ProfileExistsErrorCode for errors while checking if profile exists for a wallet user.
	ProfileExistsErrorCode

	// ResolveCredentialManifestErrorCode for errors while resolving credential manifest from wallet.
	ResolveCredentialManifestErrorCode

	// SignJWTErrorCode for errors while signing a JWT using wallet.
	SignJWTErrorCode

	// VerifyJWTErrorCode for errors while verifying a JWT using wallet.
	VerifyJWTErrorCode
)

Error codes.

View Source
const (
	CommandName = "vcwallet"

	// command methods.
	CreateProfileMethod             = "CreateProfile"
	UpdateProfileMethod             = "UpdateProfile"
	ProfileExistsMethod             = "ProfileExists"
	OpenMethod                      = "Open"
	CloseMethod                     = "Close"
	AddMethod                       = "Add"
	RemoveMethod                    = "Remove"
	GetMethod                       = "Get"
	GetAllMethod                    = "GetAll"
	QueryMethod                     = "Query"
	SignJWTMethod                   = "SignJWT"
	VerifyJWTMethod                 = "VerifyJWT"
	IssueMethod                     = "Issue"
	ProveMethod                     = "Prove"
	VerifyMethod                    = "Verify"
	DeriveMethod                    = "Derive"
	CreateKeyPairMethod             = "CreateKeyPair"
	ResolveCredentialManifestMethod = "ResolveCredentialManifest"
)

All command operations.

Variables

This section is empty.

Functions

This section is empty.

Types

type AddContentRequest

type AddContentRequest struct {
	WalletAuth

	// type of the content to be added to the wallet.
	// supported types: collection, credential, didResolutionResponse, metadata, connection, key
	ContentType wallet.ContentType `json:"contentType"`

	// content to be added to wallet content store.
	Content json.RawMessage `json:"content"`

	// ID of the wallet collection to which this content should belong.
	CollectionID string `json:"collectionID"`
}

AddContentRequest is request for adding a content to wallet.

type AuthCapabilityProvider

type AuthCapabilityProvider interface {
	// Returns HTTP Header Signer.
	GetHeaderSigner(authzKeyStoreURL, accessToken, secretShare string) HTTPHeaderSigner
}

AuthCapabilityProvider is for providing Authorization Capabilities (ZCAP-LD) feature for wallet's EDV and WebKMS components.

type Command

type Command struct {
	// contains filtered or unexported fields
}

Command contains operations provided by verifiable credential wallet controller.

func New

func New(p provider, config *Config) *Command

New returns new verifiable credential wallet controller command instance.

func (*Command) Add

func (o *Command) Add(rw io.Writer, req io.Reader) command.Error

Add adds given data model to wallet content store.

func (*Command) Close

func (o *Command) Close(rw io.Writer, req io.Reader) command.Error

Close locks given user's wallet.

func (*Command) CreateKeyPair

func (o *Command) CreateKeyPair(rw io.Writer, req io.Reader) command.Error

CreateKeyPair creates key pair from wallet.

func (*Command) CreateProfile

func (o *Command) CreateProfile(rw io.Writer, req io.Reader) command.Error

CreateProfile creates new wallet profile for given user.

func (*Command) Derive

func (o *Command) Derive(rw io.Writer, req io.Reader) command.Error

Derive derives a credential from wallet.

func (*Command) Get

func (o *Command) Get(rw io.Writer, req io.Reader) command.Error

Get returns wallet content by ID from wallet content store.

func (*Command) GetAll

func (o *Command) GetAll(rw io.Writer, req io.Reader) command.Error

GetAll gets all wallet content from wallet content store for given type.

func (*Command) GetHandlers

func (o *Command) GetHandlers() []command.Handler

GetHandlers returns list of all commands supported by this controller command.

func (*Command) Issue

func (o *Command) Issue(rw io.Writer, req io.Reader) command.Error

Issue adds proof to a Verifiable Credential from wallet.

func (*Command) Open

func (o *Command) Open(rw io.Writer, req io.Reader) command.Error

Open unlocks given user's wallet and returns a token for subsequent use of wallet features.

func (*Command) ProfileExists

func (o *Command) ProfileExists(rw io.Writer, req io.Reader) command.Error

ProfileExists checks if wallet profile exists for given wallet user.

func (*Command) Prove

func (o *Command) Prove(rw io.Writer, req io.Reader) command.Error

Prove produces a Verifiable Presentation from wallet.

func (*Command) Query

func (o *Command) Query(rw io.Writer, req io.Reader) command.Error

Query runs credential queries against wallet credential contents and returns presentation containing credential results.

func (*Command) Remove

func (o *Command) Remove(rw io.Writer, req io.Reader) command.Error

Remove deletes given content from wallet content store.

func (*Command) ResolveCredentialManifest

func (o *Command) ResolveCredentialManifest(rw io.Writer, req io.Reader) command.Error

ResolveCredentialManifest resolves given credential manifest by credential response or credential. Supports: https://identity.foundation/credential-manifest/

Writes list of resolved descriptors to writer or returns error if operation fails.

func (*Command) SignJWT

func (o *Command) SignJWT(rw io.Writer, req io.Reader) command.Error

SignJWT signs a JWT using a key in wallet.

func (*Command) UpdateProfile

func (o *Command) UpdateProfile(rw io.Writer, req io.Reader) command.Error

UpdateProfile updates an existing wallet profile for given user.

func (*Command) Verify

func (o *Command) Verify(rw io.Writer, req io.Reader) command.Error

Verify verifies credential/presentation from wallet.

func (*Command) VerifyJWT

func (o *Command) VerifyJWT(rw io.Writer, req io.Reader) command.Error

VerifyJWT verifies a JWT using wallet.

type Config

type Config struct {
	// EDV header signer, typically used for introducing zcapld feature.
	EdvAuthzProvider AuthCapabilityProvider
	// Web KMS header signer, typically used for introducing zcapld feature.
	WebKMSAuthzProvider AuthCapabilityProvider
	// Web KMS header signer for GNAP authorization.
	WebKMSGNAPSigner GNAPHeaderSigner
	// EDV header signer for GNAP authorization.
	EDVGNAPSigner GNAPHeaderSigner
	// option is a performance optimization that speeds up queries by getting full documents from
	// the EDV server instead of only document locations.
	EDVReturnFullDocumentsOnQuery bool
	// this EDV option is a performance optimization that allows for restStore.Batch to only require one REST call.
	EDVBatchEndpointExtensionEnabled bool
	// Aries Web KMS cache size configuration.
	WebKMSCacheSize int
	// Default token expiry for all wallet profiles created.
	// Will be used only if wallet unlock request doesn't supply default timeout value.
	DefaultTokenExpiry time.Duration
	// Indicate if a data model of json-ld content stored in the wallet should be validated.
	ValidateDataModel bool
}

Config contains properties to customize verifiable credential wallet controller. All properties of this config are optional, but they can be used to customize wallet's webkms and edv client's.

type ContentQueryRequest

type ContentQueryRequest struct {
	WalletAuth

	// credential query(s) for querying wallet contents.
	Query []*wallet.QueryParams `json:"query"`
}

ContentQueryRequest is request model for querying wallet contents.

type ContentQueryResponse

type ContentQueryResponse struct {
	// response presentation(s) containing query results.
	Results []*verifiable.Presentation `json:"results"`
}

ContentQueryResponse response for wallet content query.

type CreateKeyPairRequest

type CreateKeyPairRequest struct {
	WalletAuth

	// type of the key to be created.
	KeyType kms.KeyType `json:"keyType,omitempty"`
}

CreateKeyPairRequest is request model for creating key pair from wallet.

type CreateKeyPairResponse

type CreateKeyPairResponse struct {
	*wallet.KeyPair
}

CreateKeyPairResponse is response model for creating key pair from wallet.

type CreateOrUpdateProfileRequest

type CreateOrUpdateProfileRequest struct {
	// Unique identifier to identify wallet user
	UserID string `json:"userID"`

	// passphrase for local kms for key operations.
	// Optional, if this option is provided then wallet for this profile will use local KMS for key operations.
	LocalKMSPassphrase string `json:"localKMSPassphrase,omitempty"`

	// passphrase for web/remote kms for key operations.
	// Optional, if this option is provided then wallet for this profile will use web/remote KMS for key operations.
	KeyStoreURL string `json:"keyStoreURL,omitempty"`

	// edv configuration for storing wallet contents for this profile
	// Optional, if not provided then agent storage provider will be used as store provider.
	EDVConfiguration *EDVConfiguration `json:"edvConfiguration,omitempty"`
}

CreateOrUpdateProfileRequest is request model for creating a new wallet profile or updating an existing wallet profile.

type DeriveRequest

type DeriveRequest struct {
	WalletAuth

	// ID of the credential already saved in wallet content store.
	// optional, if provided then this option takes precedence.
	StoredCredentialID string `json:"storedCredentialID"`

	// List of raw credential to be presented.
	// optional, will be used only if other options is not provided.
	RawCredential json.RawMessage `json:"rawCredential"`

	// DeriveOptions options for deriving credential
	*wallet.DeriveOptions `json:"deriveOption"`
}

DeriveRequest is request model for deriving a credential from wallet.

type DeriveResponse

type DeriveResponse struct {
	// credential derived.
	Credential *verifiable.Credential `json:"credential"`
}

DeriveResponse is response for derived credential operation.

type EDVConfiguration

type EDVConfiguration struct {
	// EDV server URL for storing wallet contents.
	ServerURL string `json:"serverURL,omitempty"`

	// EDV vault ID for storing the wallet contents.
	VaultID string `json:"vaultID,omitempty"`

	// Encryption key ID of already existing key in wallet profile kms.
	// If profile is using localkms then wallet will create this key set for wallet user.
	EncryptionKeyID string `json:"encryptionKID,omitempty"`

	// MAC operation key ID of already existing key in wallet profile kms.
	// If profile is using localkms then wallet will create this key set for wallet user.
	MACKeyID string `json:"macKID,omitempty"`
}

EDVConfiguration contains configuration for EDV settings for profile creation.

type GNAPHeaderSigner

type GNAPHeaderSigner func(req *http.Request) (*http.Header, error)

GNAPHeaderSigner signs a request using GNAP, for resource server access authorization.

type GetAllContentRequest

type GetAllContentRequest struct {
	WalletAuth

	// type of the contents to be returned from wallet.
	// supported types: collection, credential, didResolutionResponse, metadata, connection
	ContentType wallet.ContentType `json:"contentType"`

	// ID of the collection on which the response contents to be filtered.
	CollectionID string `json:"collectionID,omitempty"`
}

GetAllContentRequest is request for getting all contents from wallet for given content type.

type GetAllContentResponse

type GetAllContentResponse struct {
	// contents retrieved from wallet content store.
	// map of content ID to content.
	Contents map[string]json.RawMessage `json:"contents"`
}

GetAllContentResponse response for get all content by content type wallet operation.

type GetContentRequest

type GetContentRequest struct {
	WalletAuth

	// type of the content to be returned from wallet.
	// supported types: collection, credential, didResolutionResponse, metadata, connection
	ContentType wallet.ContentType `json:"contentType"`

	// ID of the content to be returned from wallet
	ContentID string `json:"contentID"`
}

GetContentRequest is request for getting a content from wallet.

type GetContentResponse

type GetContentResponse struct {
	// content retrieved from wallet content store.
	Content json.RawMessage `json:"content"`
}

GetContentResponse response for get content from wallet operation.

type HTTPHeaderSigner

type HTTPHeaderSigner interface {
	// SignHeader header with capability.
	SignHeader(req *http.Request, capabilityBytes []byte) (*http.Header, error)
}

HTTPHeaderSigner is for http header signing, typically used for zcapld functionality.

type IssueRequest

type IssueRequest struct {
	WalletAuth

	// raw credential to be issued from wallet.
	Credential json.RawMessage `json:"credential"`

	// proof options for issuing credential
	ProofOptions *wallet.ProofOptions `json:"proofOptions"`
}

IssueRequest is request model for issuing credential from wallet.

type IssueResponse

type IssueResponse struct {
	// credential issued.
	Credential *verifiable.Credential `json:"credential"`
}

IssueResponse is response for issue credential interface from wallet.

type LockWalletRequest

type LockWalletRequest struct {
	// user ID of the wallet to be locked.
	UserID string `json:"userID"`
}

LockWalletRequest contains options for locking wallet.

type LockWalletResponse

type LockWalletResponse struct {
	// Closed status of the wallet lock operation.
	// if true, wallet is closed successfully
	// if false, wallet is already closed or never unlocked.
	Closed bool `json:"closed"`
}

LockWalletResponse contains response for wallet lock operation.

type ProveRequest

type ProveRequest struct {
	WalletAuth

	// IDs of credentials already saved in wallet content store.
	StoredCredentials []string `json:"storedCredentials"`

	// List of raw credentials to be presented.
	RawCredentials []json.RawMessage `json:"rawCredentials"`

	// Presentation to be proved.
	Presentation json.RawMessage `json:"presentation"`

	// proof options for issuing credential.
	ProofOptions *wallet.ProofOptions `json:"proofOptions"`
}

ProveRequest for producing verifiable presentation from wallet. Contains options for proofs and credential. Any combination of credential option can be mixed.

type ProveResponse

type ProveResponse struct {
	// presentation response from prove operation.
	Presentation *verifiable.Presentation `json:"presentation"`
}

ProveResponse contains response presentation from prove operation.

type RemoveContentRequest

type RemoveContentRequest struct {
	WalletAuth

	// type of the content to be removed from the wallet.
	// supported types: collection, credential, didResolutionResponse, metadata, connection
	ContentType wallet.ContentType `json:"contentType"`

	// ID of the content to be removed from wallet
	ContentID string `json:"contentID"`
}

RemoveContentRequest is request for removing a content from wallet.

type ResolveCredentialManifestRequest

type ResolveCredentialManifestRequest struct {
	WalletAuth

	// Credential Manifest on which given credential response or credential needs to be resolved.
	Manifest json.RawMessage `json:"manifest,omitempty"`

	// Response to be resolved.
	// If provided, then this option takes precedence over credential resolve option.
	Response json.RawMessage `json:"response,omitempty"`

	// Credential to be be resolved, to be provided along with 'DescriptorID' to be used for resolving.
	Credential json.RawMessage `json:"credential,omitempty"`

	// ID of the Credential from wallet content to be be resolved, to be provided along with 'DescriptorID'.
	CredentialID string `json:"credentialID,omitempty"`

	// ID of the output descriptor to be used for resolving given credential.
	DescriptorID string `json:"descriptorID,omitempty"`
}

ResolveCredentialManifestRequest is request model for resolving credential manifest from wallet.

type ResolveCredentialManifestResponse

type ResolveCredentialManifestResponse struct {
	// List of Resolved Descriptor results.
	Resolved []*cm.ResolvedDescriptor `json:"resolved,omitempty"`
}

ResolveCredentialManifestResponse is response model from wallet credential manifest resolve operation.

type SignJWTRequest

type SignJWTRequest struct {
	WalletAuth

	// Headers to include in JWT protected headers.
	Headers map[string]interface{} `json:"headers"`
	// Claims to sign as JWT payload.
	Claims map[string]interface{} `json:"claims"`
	// KID identifies the key to be used for signing the JWT.
	KID string `json:"kid"`
}

SignJWTRequest is request model for signing a JWT using wallet.

type SignJWTResponse

type SignJWTResponse struct {
	// JWT signed.
	JWT string `json:"jwt"`
}

SignJWTResponse is response for signing JWT using wallet.

type UnlockAuth

type UnlockAuth struct {
	// Http header 'authorization' bearer token to be used.
	// Optional, only if required by wallet user (for webkms or edv).
	AuthToken string `json:"authToken,omitempty"`

	// Http header 'authorization' GNAP token to be used.
	// Optional, only if required by wallet user (for webkms or edv).
	GNAPToken string `json:"gnapToken,omitempty"`

	// Capability if ZCAP sign header feature to be used for authorizing access.
	// Optional, can be used only if ZCAP sign header feature is configured with command controller.
	Capability string `json:"capability,omitempty"`

	// AuthZKeyStoreURL if ZCAP sign header feature to be used for authorizing access.
	// Optional, can be used only if ZCAP sign header feature is configured with command controller.
	AuthZKeyStoreURL string `json:"authzKeyStoreURL,omitempty"`

	// SecretShare if ZCAP sign header feature to be used for authorizing access.
	// Optional, can be used only if ZCAP sign header feature is configured with command controller.
	SecretShare string `json:"secretShare,omitempty"`
}

UnlockAuth contains different options for authorizing access to wallet's EDV content store & webkms.

type UnlockWalletRequest

type UnlockWalletRequest struct {
	// user ID of the wallet to be unlocked.
	UserID string `json:"userID"`

	// passphrase for local kms for key operations.
	// Optional, to be used if profile for this wallet user is setup with local KMS.
	LocalKMSPassphrase string `json:"localKMSPassphrase,omitempty"`

	// WebKMSAuth for authorizing acccess to web/remote kms.
	// Optional, to be used if profile for this wallet user is setup with web/remote KMS.
	WebKMSAuth *UnlockAuth `json:"webKMSAuth"`

	// Options for authorizing access to wallet's EDV content store.
	// Optional, to be used only if profile for this wallet user is setup to use EDV as content store.
	EDVUnlock *UnlockAuth `json:"edvUnlocks"`

	// Time duration in milliseconds after which wallet will expire its unlock status.
	Expiry time.Duration `json:"expiry,omitempty"`
}

UnlockWalletRequest contains different options for unlocking wallet.

type UnlockWalletResponse

type UnlockWalletResponse struct {
	// Token for granting access to wallet for subsequent wallet operations.
	Token string `json:"token,omitempty"`
}

UnlockWalletResponse contains response for wallet unlock operation.

type VerifyJWTRequest

type VerifyJWTRequest struct {
	WalletAuth

	// JWT is the compact JWT to be verified.
	JWT string `json:"jwt"`
}

VerifyJWTRequest is request model for verifying a JWT using wallet.

type VerifyJWTResponse

type VerifyJWTResponse struct {
	// Verified is true if provided JWT was successfully verified.
	Verified bool `json:"verified"`
	// Error contains the JWT verification error, if any.
	Error string `json:"error,omitempty"`
}

VerifyJWTResponse is response for verifying JWT using wallet.

type VerifyRequest

type VerifyRequest struct {
	WalletAuth

	// ID of the credential already saved in wallet content store.
	// optional, if provided then this option takes precedence over other options.
	StoredCredentialID string `json:"storedCredentialID"`

	// List of raw credential to be presented.
	// optional, if provided then this option takes precedence over presentation options.
	RawCredential json.RawMessage `json:"rawCredential"`

	// Presentation to be proved.
	// optional, will be used only if other options are not provided.
	Presentation json.RawMessage `json:"presentation"`
}

VerifyRequest request for verifying a credential or presentation from wallet. Any one of the credential option should be used.

type VerifyResponse

type VerifyResponse struct {
	// if true then verification is successful.
	Verified bool `json:"verified"`

	// error details if verified is false.
	Error string `json:"error,omitempty"`
}

VerifyResponse is response model for wallet verify operation.

type WalletAuth

type WalletAuth struct {
	// Authorization token for performing wallet operations.
	Auth string `json:"auth"`

	// ID of wallet user.
	UserID string `json:"userID"`
}

WalletAuth contains wallet auth parameters for performing wallet operations.

type WalletUser

type WalletUser struct {
	// ID of wallet user.
	ID string `json:"userID"`
}

WalletUser contains wallet user info for performing profile operations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL