Documentation ¶
Index ¶
- Constants
- type AddContentRequest
- type AuthCapabilityProvider
- type Command
- func (o *Command) Add(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Close(rw io.Writer, req io.Reader) command.Error
- func (o *Command) CreateKeyPair(rw io.Writer, req io.Reader) command.Error
- func (o *Command) CreateProfile(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Derive(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Get(rw io.Writer, req io.Reader) command.Error
- func (o *Command) GetAll(rw io.Writer, req io.Reader) command.Error
- func (o *Command) GetHandlers() []command.Handler
- func (o *Command) Issue(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Open(rw io.Writer, req io.Reader) command.Error
- func (o *Command) ProfileExists(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Prove(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Query(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Remove(rw io.Writer, req io.Reader) command.Error
- func (o *Command) ResolveCredentialManifest(rw io.Writer, req io.Reader) command.Error
- func (o *Command) SignJWT(rw io.Writer, req io.Reader) command.Error
- func (o *Command) UpdateProfile(rw io.Writer, req io.Reader) command.Error
- func (o *Command) Verify(rw io.Writer, req io.Reader) command.Error
- func (o *Command) VerifyJWT(rw io.Writer, req io.Reader) command.Error
- type Config
- type ContentQueryRequest
- type ContentQueryResponse
- type CreateKeyPairRequest
- type CreateKeyPairResponse
- type CreateOrUpdateProfileRequest
- type DeriveRequest
- type DeriveResponse
- type EDVConfiguration
- type GNAPHeaderSigner
- type GetAllContentRequest
- type GetAllContentResponse
- type GetContentRequest
- type GetContentResponse
- type HTTPHeaderSigner
- type IssueRequest
- type IssueResponse
- type LockWalletRequest
- type LockWalletResponse
- type ProveRequest
- type ProveResponse
- type RemoveContentRequest
- type ResolveCredentialManifestRequest
- type ResolveCredentialManifestResponse
- type SignJWTRequest
- type SignJWTResponse
- type UnlockAuth
- type UnlockWalletRequest
- type UnlockWalletResponse
- type VerifyJWTRequest
- type VerifyJWTResponse
- type VerifyRequest
- type VerifyResponse
- type WalletAuth
- type WalletUser
Constants ¶
const ( // InvalidRequestErrorCode is typically a code for invalid requests. InvalidRequestErrorCode = command.Code(iota + command.VCWallet) // CreateProfileErrorCode for errors during create wallet profile operations. CreateProfileErrorCode // UpdateProfileErrorCode for errors during update wallet profile operations. UpdateProfileErrorCode // OpenWalletErrorCode for errors during wallet unlock operations. OpenWalletErrorCode // CloseWalletErrorCode for errors during wallet lock operations. CloseWalletErrorCode // AddToWalletErrorCode for errors while adding contents to wallet. AddToWalletErrorCode // RemoveFromWalletErrorCode for errors while removing contents from wallet. RemoveFromWalletErrorCode // GetFromWalletErrorCode for errors while getting a content from wallet. GetFromWalletErrorCode // GetAllFromWalletErrorCode for errors while getting all contents from wallet. GetAllFromWalletErrorCode // QueryWalletErrorCode for errors while querying credentials contents from wallet. QueryWalletErrorCode // IssueFromWalletErrorCode for errors while issuing a credential from wallet. IssueFromWalletErrorCode // ProveFromWalletErrorCode for errors while producing a presentation from wallet. ProveFromWalletErrorCode // VerifyFromWalletErrorCode for errors while verifying a presentation or credential from wallet. VerifyFromWalletErrorCode // DeriveFromWalletErrorCode for errors while deriving a credential from wallet. DeriveFromWalletErrorCode // CreateKeyPairFromWalletErrorCode for errors while creating key pair from wallet. CreateKeyPairFromWalletErrorCode // ProfileExistsErrorCode for errors while checking if profile exists for a wallet user. ProfileExistsErrorCode // ResolveCredentialManifestErrorCode for errors while resolving credential manifest from wallet. ResolveCredentialManifestErrorCode // SignJWTErrorCode for errors while signing a JWT using wallet. SignJWTErrorCode // VerifyJWTErrorCode for errors while verifying a JWT using wallet. VerifyJWTErrorCode )
Error codes.
const ( CommandName = "vcwallet" // command methods. CreateProfileMethod = "CreateProfile" UpdateProfileMethod = "UpdateProfile" ProfileExistsMethod = "ProfileExists" OpenMethod = "Open" CloseMethod = "Close" AddMethod = "Add" RemoveMethod = "Remove" GetMethod = "Get" GetAllMethod = "GetAll" QueryMethod = "Query" SignJWTMethod = "SignJWT" VerifyJWTMethod = "VerifyJWT" IssueMethod = "Issue" ProveMethod = "Prove" VerifyMethod = "Verify" DeriveMethod = "Derive" CreateKeyPairMethod = "CreateKeyPair" ResolveCredentialManifestMethod = "ResolveCredentialManifest" )
All command operations.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddContentRequest ¶
type AddContentRequest struct { WalletAuth // type of the content to be added to the wallet. // supported types: collection, credential, didResolutionResponse, metadata, connection, key ContentType wallet.ContentType `json:"contentType"` // content to be added to wallet content store. Content json.RawMessage `json:"content"` // ID of the wallet collection to which this content should belong. CollectionID string `json:"collectionID"` }
AddContentRequest is request for adding a content to wallet.
type AuthCapabilityProvider ¶
type AuthCapabilityProvider interface { // Returns HTTP Header Signer. GetHeaderSigner(authzKeyStoreURL, accessToken, secretShare string) HTTPHeaderSigner }
AuthCapabilityProvider is for providing Authorization Capabilities (ZCAP-LD) feature for wallet's EDV and WebKMS components.
type Command ¶
type Command struct {
// contains filtered or unexported fields
}
Command contains operations provided by verifiable credential wallet controller.
func (*Command) CreateKeyPair ¶
CreateKeyPair creates key pair from wallet.
func (*Command) CreateProfile ¶
CreateProfile creates new wallet profile for given user.
func (*Command) GetHandlers ¶
GetHandlers returns list of all commands supported by this controller command.
func (*Command) Open ¶
Open unlocks given user's wallet and returns a token for subsequent use of wallet features.
func (*Command) ProfileExists ¶
ProfileExists checks if wallet profile exists for given wallet user.
func (*Command) Query ¶
Query runs credential queries against wallet credential contents and returns presentation containing credential results.
func (*Command) ResolveCredentialManifest ¶
ResolveCredentialManifest resolves given credential manifest by credential response or credential. Supports: https://identity.foundation/credential-manifest/
Writes list of resolved descriptors to writer or returns error if operation fails.
func (*Command) UpdateProfile ¶
UpdateProfile updates an existing wallet profile for given user.
type Config ¶
type Config struct { // EDV header signer, typically used for introducing zcapld feature. EdvAuthzProvider AuthCapabilityProvider // Web KMS header signer, typically used for introducing zcapld feature. WebKMSAuthzProvider AuthCapabilityProvider // Web KMS header signer for GNAP authorization. WebKMSGNAPSigner GNAPHeaderSigner // EDV header signer for GNAP authorization. EDVGNAPSigner GNAPHeaderSigner // option is a performance optimization that speeds up queries by getting full documents from // the EDV server instead of only document locations. EDVReturnFullDocumentsOnQuery bool // this EDV option is a performance optimization that allows for restStore.Batch to only require one REST call. EDVBatchEndpointExtensionEnabled bool // Aries Web KMS cache size configuration. WebKMSCacheSize int // Default token expiry for all wallet profiles created. // Will be used only if wallet unlock request doesn't supply default timeout value. DefaultTokenExpiry time.Duration // Indicate if a data model of json-ld content stored in the wallet should be validated. ValidateDataModel bool }
Config contains properties to customize verifiable credential wallet controller. All properties of this config are optional, but they can be used to customize wallet's webkms and edv client's.
type ContentQueryRequest ¶
type ContentQueryRequest struct { WalletAuth // credential query(s) for querying wallet contents. Query []*wallet.QueryParams `json:"query"` }
ContentQueryRequest is request model for querying wallet contents.
type ContentQueryResponse ¶
type ContentQueryResponse struct { // response presentation(s) containing query results. Results []*verifiable.Presentation `json:"results"` }
ContentQueryResponse response for wallet content query.
type CreateKeyPairRequest ¶
type CreateKeyPairRequest struct { WalletAuth // type of the key to be created. KeyType kms.KeyType `json:"keyType,omitempty"` }
CreateKeyPairRequest is request model for creating key pair from wallet.
type CreateKeyPairResponse ¶
CreateKeyPairResponse is response model for creating key pair from wallet.
type CreateOrUpdateProfileRequest ¶
type CreateOrUpdateProfileRequest struct { // Unique identifier to identify wallet user UserID string `json:"userID"` // passphrase for local kms for key operations. // Optional, if this option is provided then wallet for this profile will use local KMS for key operations. LocalKMSPassphrase string `json:"localKMSPassphrase,omitempty"` // passphrase for web/remote kms for key operations. // Optional, if this option is provided then wallet for this profile will use web/remote KMS for key operations. KeyStoreURL string `json:"keyStoreURL,omitempty"` // edv configuration for storing wallet contents for this profile // Optional, if not provided then agent storage provider will be used as store provider. EDVConfiguration *EDVConfiguration `json:"edvConfiguration,omitempty"` }
CreateOrUpdateProfileRequest is request model for creating a new wallet profile or updating an existing wallet profile.
type DeriveRequest ¶
type DeriveRequest struct { WalletAuth // ID of the credential already saved in wallet content store. // optional, if provided then this option takes precedence. StoredCredentialID string `json:"storedCredentialID"` // List of raw credential to be presented. // optional, will be used only if other options is not provided. RawCredential json.RawMessage `json:"rawCredential"` // DeriveOptions options for deriving credential *wallet.DeriveOptions `json:"deriveOption"` }
DeriveRequest is request model for deriving a credential from wallet.
type DeriveResponse ¶
type DeriveResponse struct { // credential derived. Credential *verifiable.Credential `json:"credential"` }
DeriveResponse is response for derived credential operation.
type EDVConfiguration ¶
type EDVConfiguration struct { // EDV server URL for storing wallet contents. ServerURL string `json:"serverURL,omitempty"` // EDV vault ID for storing the wallet contents. VaultID string `json:"vaultID,omitempty"` // Encryption key ID of already existing key in wallet profile kms. // If profile is using localkms then wallet will create this key set for wallet user. EncryptionKeyID string `json:"encryptionKID,omitempty"` // MAC operation key ID of already existing key in wallet profile kms. // If profile is using localkms then wallet will create this key set for wallet user. MACKeyID string `json:"macKID,omitempty"` }
EDVConfiguration contains configuration for EDV settings for profile creation.
type GNAPHeaderSigner ¶
GNAPHeaderSigner signs a request using GNAP, for resource server access authorization.
type GetAllContentRequest ¶
type GetAllContentRequest struct { WalletAuth // type of the contents to be returned from wallet. // supported types: collection, credential, didResolutionResponse, metadata, connection ContentType wallet.ContentType `json:"contentType"` // ID of the collection on which the response contents to be filtered. CollectionID string `json:"collectionID,omitempty"` }
GetAllContentRequest is request for getting all contents from wallet for given content type.
type GetAllContentResponse ¶
type GetAllContentResponse struct { // contents retrieved from wallet content store. // map of content ID to content. Contents map[string]json.RawMessage `json:"contents"` }
GetAllContentResponse response for get all content by content type wallet operation.
type GetContentRequest ¶
type GetContentRequest struct { WalletAuth // type of the content to be returned from wallet. // supported types: collection, credential, didResolutionResponse, metadata, connection ContentType wallet.ContentType `json:"contentType"` // ID of the content to be returned from wallet ContentID string `json:"contentID"` }
GetContentRequest is request for getting a content from wallet.
type GetContentResponse ¶
type GetContentResponse struct { // content retrieved from wallet content store. Content json.RawMessage `json:"content"` }
GetContentResponse response for get content from wallet operation.
type HTTPHeaderSigner ¶
type HTTPHeaderSigner interface { // SignHeader header with capability. SignHeader(req *http.Request, capabilityBytes []byte) (*http.Header, error) }
HTTPHeaderSigner is for http header signing, typically used for zcapld functionality.
type IssueRequest ¶
type IssueRequest struct { WalletAuth // raw credential to be issued from wallet. Credential json.RawMessage `json:"credential"` // proof options for issuing credential ProofOptions *wallet.ProofOptions `json:"proofOptions"` }
IssueRequest is request model for issuing credential from wallet.
type IssueResponse ¶
type IssueResponse struct { // credential issued. Credential *verifiable.Credential `json:"credential"` }
IssueResponse is response for issue credential interface from wallet.
type LockWalletRequest ¶
type LockWalletRequest struct { // user ID of the wallet to be locked. UserID string `json:"userID"` }
LockWalletRequest contains options for locking wallet.
type LockWalletResponse ¶
type LockWalletResponse struct { // Closed status of the wallet lock operation. // if true, wallet is closed successfully // if false, wallet is already closed or never unlocked. Closed bool `json:"closed"` }
LockWalletResponse contains response for wallet lock operation.
type ProveRequest ¶
type ProveRequest struct { WalletAuth // IDs of credentials already saved in wallet content store. StoredCredentials []string `json:"storedCredentials"` // List of raw credentials to be presented. RawCredentials []json.RawMessage `json:"rawCredentials"` // Presentation to be proved. Presentation json.RawMessage `json:"presentation"` // proof options for issuing credential. ProofOptions *wallet.ProofOptions `json:"proofOptions"` }
ProveRequest for producing verifiable presentation from wallet. Contains options for proofs and credential. Any combination of credential option can be mixed.
type ProveResponse ¶
type ProveResponse struct { // presentation response from prove operation. Presentation *verifiable.Presentation `json:"presentation"` }
ProveResponse contains response presentation from prove operation.
type RemoveContentRequest ¶
type RemoveContentRequest struct { WalletAuth // type of the content to be removed from the wallet. // supported types: collection, credential, didResolutionResponse, metadata, connection ContentType wallet.ContentType `json:"contentType"` // ID of the content to be removed from wallet ContentID string `json:"contentID"` }
RemoveContentRequest is request for removing a content from wallet.
type ResolveCredentialManifestRequest ¶
type ResolveCredentialManifestRequest struct { WalletAuth // Credential Manifest on which given credential response or credential needs to be resolved. Manifest json.RawMessage `json:"manifest,omitempty"` // Response to be resolved. // If provided, then this option takes precedence over credential resolve option. Response json.RawMessage `json:"response,omitempty"` // Credential to be be resolved, to be provided along with 'DescriptorID' to be used for resolving. Credential json.RawMessage `json:"credential,omitempty"` // ID of the Credential from wallet content to be be resolved, to be provided along with 'DescriptorID'. CredentialID string `json:"credentialID,omitempty"` // ID of the output descriptor to be used for resolving given credential. DescriptorID string `json:"descriptorID,omitempty"` }
ResolveCredentialManifestRequest is request model for resolving credential manifest from wallet.
type ResolveCredentialManifestResponse ¶
type ResolveCredentialManifestResponse struct { // List of Resolved Descriptor results. Resolved []*cm.ResolvedDescriptor `json:"resolved,omitempty"` }
ResolveCredentialManifestResponse is response model from wallet credential manifest resolve operation.
type SignJWTRequest ¶
type SignJWTRequest struct { WalletAuth // Headers to include in JWT protected headers. Headers map[string]interface{} `json:"headers"` // Claims to sign as JWT payload. Claims map[string]interface{} `json:"claims"` // KID identifies the key to be used for signing the JWT. KID string `json:"kid"` }
SignJWTRequest is request model for signing a JWT using wallet.
type SignJWTResponse ¶
type SignJWTResponse struct { // JWT signed. JWT string `json:"jwt"` }
SignJWTResponse is response for signing JWT using wallet.
type UnlockAuth ¶
type UnlockAuth struct { // Http header 'authorization' bearer token to be used. // Optional, only if required by wallet user (for webkms or edv). AuthToken string `json:"authToken,omitempty"` // Http header 'authorization' GNAP token to be used. // Optional, only if required by wallet user (for webkms or edv). GNAPToken string `json:"gnapToken,omitempty"` // Capability if ZCAP sign header feature to be used for authorizing access. // Optional, can be used only if ZCAP sign header feature is configured with command controller. Capability string `json:"capability,omitempty"` // AuthZKeyStoreURL if ZCAP sign header feature to be used for authorizing access. // Optional, can be used only if ZCAP sign header feature is configured with command controller. AuthZKeyStoreURL string `json:"authzKeyStoreURL,omitempty"` // Optional, can be used only if ZCAP sign header feature is configured with command controller. SecretShare string `json:"secretShare,omitempty"` }
UnlockAuth contains different options for authorizing access to wallet's EDV content store & webkms.
type UnlockWalletRequest ¶
type UnlockWalletRequest struct { // user ID of the wallet to be unlocked. UserID string `json:"userID"` // passphrase for local kms for key operations. // Optional, to be used if profile for this wallet user is setup with local KMS. LocalKMSPassphrase string `json:"localKMSPassphrase,omitempty"` // WebKMSAuth for authorizing acccess to web/remote kms. // Optional, to be used if profile for this wallet user is setup with web/remote KMS. WebKMSAuth *UnlockAuth `json:"webKMSAuth"` // Options for authorizing access to wallet's EDV content store. // Optional, to be used only if profile for this wallet user is setup to use EDV as content store. EDVUnlock *UnlockAuth `json:"edvUnlocks"` // Time duration in milliseconds after which wallet will expire its unlock status. Expiry time.Duration `json:"expiry,omitempty"` }
UnlockWalletRequest contains different options for unlocking wallet.
type UnlockWalletResponse ¶
type UnlockWalletResponse struct { // Token for granting access to wallet for subsequent wallet operations. Token string `json:"token,omitempty"` }
UnlockWalletResponse contains response for wallet unlock operation.
type VerifyJWTRequest ¶
type VerifyJWTRequest struct { WalletAuth // JWT is the compact JWT to be verified. JWT string `json:"jwt"` }
VerifyJWTRequest is request model for verifying a JWT using wallet.
type VerifyJWTResponse ¶
type VerifyJWTResponse struct { // Verified is true if provided JWT was successfully verified. Verified bool `json:"verified"` // Error contains the JWT verification error, if any. Error string `json:"error,omitempty"` }
VerifyJWTResponse is response for verifying JWT using wallet.
type VerifyRequest ¶
type VerifyRequest struct { WalletAuth // ID of the credential already saved in wallet content store. // optional, if provided then this option takes precedence over other options. StoredCredentialID string `json:"storedCredentialID"` // List of raw credential to be presented. // optional, if provided then this option takes precedence over presentation options. RawCredential json.RawMessage `json:"rawCredential"` // Presentation to be proved. // optional, will be used only if other options are not provided. Presentation json.RawMessage `json:"presentation"` }
VerifyRequest request for verifying a credential or presentation from wallet. Any one of the credential option should be used.
type VerifyResponse ¶
type VerifyResponse struct { // if true then verification is successful. Verified bool `json:"verified"` // error details if verified is false. Error string `json:"error,omitempty"` }
VerifyResponse is response model for wallet verify operation.
type WalletAuth ¶
type WalletAuth struct { // Authorization token for performing wallet operations. Auth string `json:"auth"` // ID of wallet user. UserID string `json:"userID"` }
WalletAuth contains wallet auth parameters for performing wallet operations.
type WalletUser ¶
type WalletUser struct { // ID of wallet user. ID string `json:"userID"` }
WalletUser contains wallet user info for performing profile operations.