cm

package
v0.0.0-...-57c6170 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 1, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package cm contains methods that are useful for parsing and validating the objects defined in the Credential Manifest spec: https://identity.foundation/credential-manifest.

Index

Constants

View Source
const (
	// CredentialApplicationAttachmentFormat defines the format type of Credential Application when used as an
	// attachment in the WACI issuance flow.
	// Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.
	CredentialApplicationAttachmentFormat = "dif/credential-manifest/application@v1.0"
	// CredentialApplicationPresentationContext defines the context type of Credential Application when used as part of
	// a presentation attachment in the WACI issuance flow.
	// Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.
	CredentialApplicationPresentationContext = "https://identity.foundation/credential-manifest/application/v1"
)
View Source
const (
	// CredentialResponseAttachmentFormat defines the format type of Credential Response when used as an
	// attachment in the WACI issuance flow.
	// Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.
	CredentialResponseAttachmentFormat = "dif/credential-manifest/response@v1.0"
	// CredentialResponsePresentationContext defines the context type of Credential Response when used as part of
	// a presentation attachment in the WACI issuance flow.
	// Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.
	CredentialResponsePresentationContext = "https://identity.foundation/credential-manifest/response/v1"
)
View Source
const CredentialManifestAttachmentFormat = "dif/credential-manifest/manifest@v1.0"

CredentialManifestAttachmentFormat defines the format type of Credential Manifest when used as an attachment in the WACI issuance flow. Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.

Variables

This section is empty.

Functions

func PresentCredentialApplication

func PresentCredentialApplication(credentialManifest *CredentialManifest,
	opts ...PresentCredentialApplicationOpt) (*verifiable.Presentation, error)

PresentCredentialApplication creates a minimal Presentation (without proofs) with Credential Application data based on credentialManifest. The WithExistingPresentationForPresentCredentialResponse can be used to add the Credential Application data to an existing Presentation object instead. If the "https://identity.foundation/presentation-exchange/submission/v1" context is found, it will be replaced with the "https://identity.foundation/credential-manifest/application/v1" context. Note that any existing proofs are not updated. Note also the following assumptions/limitations of this method:

  1. The format of all claims in the Presentation Submission are assumed to be ldp_vp and will be set as such.
  2. The format for the Credential Application object will be set to match the format from the Credential Manifest exactly. If a caller wants to use a smaller subset of the Credential Manifest's format, then they will have to set it manually.
  3. The location of the Verifiable Credentials is assumed to be an array at the root under a field called "verifiableCredential".
  4. The Verifiable Credentials in the presentation is assumed to be in the same order as the Output Descriptors in the Credential Manifest.

func PresentCredentialResponse

func PresentCredentialResponse(credentialManifest *CredentialManifest,
	opts ...PresentCredentialResponseOpt) (*verifiable.Presentation, error)

PresentCredentialResponse creates a basic Presentation (without proofs) with Credential Response data based on credentialManifest. The WithExistingPresentationForPresentCredentialResponse can be used to add the Credential Response data to an existing Presentation object instead. Note that any existing proofs are not updated. Note also the following assumptions/limitations of this method:

  1. The format of all credentials is assumed to be ldp_vc.
  2. The location of the Verifiable Credentials is assumed to be an array at the root under a field called "verifiableCredential".
  3. The Verifiable Credentials in the presentation is assumed to be in the same order as the Output Descriptors in the Credential Manifest.

func ValidateCredentialApplication

func ValidateCredentialApplication(application *verifiable.Presentation, cm *CredentialManifest,
	contextLoader ld.DocumentLoader, options ...presexch.MatchOption) error

ValidateCredentialApplication validates credential application presentation by validating the embedded Credential Application object against the given Credential Manifest. There are 3 requirements for the Credential Application to be valid against the Credential Manifest:

  1. Credential Application's manifest ID must match the Credential Manifest's ID.
  2. If the Credential Manifest has a format property, the Credential Application must also have a format property which is a subset of the Credential Manifest's.
  3. If the Credential Manifest contains a presentation_definition property, the Credential Application must have a matching presentation_submission property.

Proof of all individual credentials can also be validated by using options. Refer to https://identity.foundation/credential-manifest/#credential-application for more info.

func ValidateOutputDescriptors

func ValidateOutputDescriptors(descriptors []*OutputDescriptor) error

ValidateOutputDescriptors checks the given slice of OutputDescriptors to ensure that they are valid (per the spec) when placed together within a single Credential Manifest. To pass validation, the following two conditions must be satisfied: 1. Each OutputDescriptor must have a unique ID. 2. Each OutputDescriptor must also have valid contents. See the validateOutputDescriptorDisplay function for details.

Types

type Color

type Color struct {
	Color string `json:"color"` // RGB hex code
}

Color represents a single color in RGB hex code format.

type CredentialApplication

type CredentialApplication struct {
	ID string `json:"id,omitempty"` // mandatory property
	// The value of this property MUST be the ID of a valid Credential Manifest.
	ManifestID string `json:"manifest_id,omitempty"` // mandatory property
	// Must be a subset of the format property of the CredentialManifest that this CredentialApplication is related to
	Format presexch.Format `json:"format,omitempty"` // mandatory property
}

CredentialApplication represents a credential_application object as defined in https://identity.foundation/credential-manifest/#credential-application. Note that the term "Credential Application" is overloaded in the spec - a "Credential Application" may be referring to one of two different, but related, concepts. A "Credential Application" can be the object defined below, which is intended to be embedded in an envelope like a Verifiable Presentation. Additionally, when that envelope contains the object defined below under a field named "credential_application", then that envelope itself can be called a "Credential Application". The larger "envelope version" of a Credential Application may also have a sibling presentation_submission object within the envelope, as demonstrated by the PresentCredentialApplication method. See https://github.com/decentralized-identity/credential-manifest/issues/73 for more information about this name overloading.

func UnmarshalAndValidateAgainstCredentialManifest

func UnmarshalAndValidateAgainstCredentialManifest(credentialApplicationBytes []byte,
	cm *CredentialManifest) (CredentialApplication, error)

UnmarshalAndValidateAgainstCredentialManifest unmarshals the credentialApplicationBytes into a CredentialApplication object (performing verification in the process), and after that verifies that the Credential Application is valid against the given Credential Manifest. It's simply a convenience method that allows you to unmarshal and perform validation against a Credential Manifest in one call.

func (*CredentialApplication) UnmarshalJSON

func (ca *CredentialApplication) UnmarshalJSON(data []byte) error

UnmarshalJSON is the custom unmarshal function gets called automatically when the standard json.Unmarshal is called. It also ensures that the given data is a valid CredentialApplication object per the specification.

func (*CredentialApplication) ValidateAgainstCredentialManifest

func (ca *CredentialApplication) ValidateAgainstCredentialManifest(cm *CredentialManifest) error

ValidateAgainstCredentialManifest verifies that the Credential Application is valid against the given Credential Manifest.

type CredentialManifest

type CredentialManifest struct {
	ID                     string                           `json:"id,omitempty"`                 // mandatory property
	Issuer                 Issuer                           `json:"issuer,omitempty"`             // mandatory property
	OutputDescriptors      []*OutputDescriptor              `json:"output_descriptors,omitempty"` // mandatory property
	Format                 *presexch.Format                 `json:"format,omitempty"`
	PresentationDefinition *presexch.PresentationDefinition `json:"presentation_definition,omitempty"`
}

CredentialManifest represents a Credential Manifest object as defined in https://identity.foundation/credential-manifest/#credential-manifest-2.

func (*CredentialManifest) ResolveCredential

func (cm *CredentialManifest) ResolveCredential(descriptorID string, credential CredentialToResolveOption) (*ResolvedDescriptor, error)

ResolveCredential resolves given credential and returns results.

func (*CredentialManifest) ResolveResponse

func (cm *CredentialManifest) ResolveResponse(response *verifiable.Presentation) ([]*ResolvedDescriptor, error)

ResolveResponse resolves given credential response and returns results. Currently supports only 'ldp_vc' format of response credentials.

func (*CredentialManifest) UnmarshalJSON

func (cm *CredentialManifest) UnmarshalJSON(data []byte) error

UnmarshalJSON is the custom unmarshal function gets called automatically when the standard json.Unmarshal is called. It also ensures that the given data is a valid CredentialManifest object per the specification.

func (*CredentialManifest) Validate

func (cm *CredentialManifest) Validate() error

Validate ensures that this CredentialManifest is valid as per the spec. Note that this function is automatically called when unmarshalling a []byte into a CredentialManifest.

type CredentialResponse

type CredentialResponse struct {
	ID                             string                `json:"id,omitempty"`          // mandatory property
	ManifestID                     string                `json:"manifest_id,omitempty"` // mandatory property
	ApplicationID                  string                `json:"application_id,omitempty"`
	OutputDescriptorMappingObjects []OutputDescriptorMap `json:"descriptor_map,omitempty"` // mandatory property
}

CredentialResponse represents a Credential Response object as defined in https://identity.foundation/credential-manifest/#credential-response.

func (*CredentialResponse) ResolveDescriptorMaps

func (cf *CredentialResponse) ResolveDescriptorMaps(jsonDataFromAttachment interface{},
	parseCredentialOpts ...verifiable.CredentialOpt) ([]verifiable.Credential, error)

ResolveDescriptorMaps resolves Verifiable Credentials based on this Credential Response's descriptor maps. This function looks at each OutputDescriptorMap's path property and checks for that path in the given JSON data, which is expected to be from the attachment of an Issue Credential message (i.e. issuecredential.IssueCredentialV3.Attachments[i].Data.JSON). See the TestCredentialResponse_ResolveDescriptorMap method for examples. If a VC is found at that path's location, then it is added to the array of VCs that will be returned by this method. Once all OutputDescriptorMaps are done being scanned, the array of VCs will be returned.

func (*CredentialResponse) UnmarshalJSON

func (cf *CredentialResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON is the custom unmarshal function gets called automatically when the standard json.Unmarshal is called. It also ensures that the given data is a valid CredentialResponse object per the specification.

type CredentialToResolveOption

type CredentialToResolveOption func(opts *resolveCredOpts)

CredentialToResolveOption is an option to provide credential to resolve manifest.

func CredentialToResolve

func CredentialToResolve(credential *verifiable.Credential) CredentialToResolveOption

CredentialToResolve is an option to provide verifiable credential instance to resolve.

func RawCredentialToResolve

func RawCredentialToResolve(raw json.RawMessage) CredentialToResolveOption

RawCredentialToResolve is an option to provide raw JSON bytes of verifiable credential to resolve.

type DataDisplayDescriptor

type DataDisplayDescriptor struct {
	Title       *DisplayMappingObject          `json:"title,omitempty"`
	Subtitle    *DisplayMappingObject          `json:"subtitle,omitempty"`
	Description *DisplayMappingObject          `json:"description,omitempty"`
	Properties  []*LabeledDisplayMappingObject `json:"properties,omitempty"`
}

DataDisplayDescriptor represents a Data Display Descriptor as defined in https://identity.foundation/credential-manifest/wallet-rendering/#data-display.

type DisplayMappingObject

type DisplayMappingObject struct {
	Text     string   `json:"text,omitempty"`
	Paths    []string `json:"path,omitempty"`
	Schema   Schema   `json:"schema,omitempty"`
	Fallback string   `json:"fallback,omitempty"`
}

DisplayMappingObject represents a Display Mapping Object as defined in https://identity.foundation/wallet-rendering/#display-mapping-object There are two possibilities here: 1. If the text field is used, schema is not required. The text field will contain display information about the target Claim. 2. If the path field is used, schema is required. Data will be pulled from the target Claim using the path. TODO (#3045) Support for JSONPath bracket notation.

type ImageURIWithAltText

type ImageURIWithAltText struct {
	URI string `json:"uri,omitempty"` // mandatory property
	Alt string `json:"alt,omitempty"`
}

ImageURIWithAltText represents a URI that points to an image along with the alt text for it.

type Issuer

type Issuer struct {
	ID     string  `json:"id,omitempty"` // mandatory, must be a valid URI
	Name   string  `json:"name,omitempty"`
	Styles *Styles `json:"styles,omitempty"`
}

Issuer represents the issuer object defined in https://identity.foundation/credential-manifest/#general-composition.

type LabeledDisplayMappingObject

type LabeledDisplayMappingObject struct {
	DisplayMappingObject
	Label string `json:"label,omitempty"` // mandatory property
}

LabeledDisplayMappingObject is a DisplayMappingObject with an additional Label field. They are used for the dynamic Properties array in a DataDisplayDescriptor.

type OutputDescriptor

type OutputDescriptor struct {
	ID          string                 `json:"id,omitempty"`     // mandatory property
	Schema      string                 `json:"schema,omitempty"` // mandatory property
	Name        string                 `json:"name,omitempty"`
	Description string                 `json:"description,omitempty"`
	Display     *DataDisplayDescriptor `json:"display,omitempty"`
	Styles      *Styles                `json:"styles,omitempty"`
}

OutputDescriptor represents an Output Descriptor object as defined in https://identity.foundation/credential-manifest/#output-descriptor.

type OutputDescriptorMap

type OutputDescriptorMap presexch.InputDescriptorMapping

OutputDescriptorMap represents an Output Descriptor Mapping Object as defined in https://identity.foundation/credential-manifest/#credential-response. It has the same format as the InputDescriptorMapping object from the presexch package, but has a different meaning here.

type PresentCredentialApplicationOpt

type PresentCredentialApplicationOpt func(opts *presentCredentialApplicationOpts)

PresentCredentialApplicationOpt is an option for the PresentCredentialApplication method.

func WithExistingPresentationForPresentCredentialApplication

func WithExistingPresentationForPresentCredentialApplication(
	presentation *verifiable.Presentation) PresentCredentialApplicationOpt

WithExistingPresentationForPresentCredentialApplication is an option for the PresentCredentialApplication method that allows Credential Application data to be added to an existing Presentation (turning it into a Credential Application in the process). The existing Presentation should not already have Credential Application data.

type PresentCredentialResponseOpt

type PresentCredentialResponseOpt func(opts *presentCredentialResponseOpts)

PresentCredentialResponseOpt is an option for the PresentCredentialResponse method.

func WithExistingPresentationForPresentCredentialResponse

func WithExistingPresentationForPresentCredentialResponse(
	presentation *verifiable.Presentation) PresentCredentialResponseOpt

WithExistingPresentationForPresentCredentialResponse is an option for the PresentCredentialResponse method that allows Credential Response data to be added to an existing Presentation. The existing Presentation should not already have Credential Response data.

type ResolvedDescriptor

type ResolvedDescriptor struct {
	DescriptorID string              `json:"descriptor_id"`
	Title        string              `json:"title,omitempty"`
	Subtitle     string              `json:"subtitle,omitempty"`
	Description  string              `json:"description,omitempty"`
	Styles       *Styles             `json:"styles,omitempty"`
	Properties   []*ResolvedProperty `json:"properties,omitempty"`
}

ResolvedDescriptor typically represents results of resolving manifests by credential response. Typically represents a DataDisplayDescriptor that's had its various "template" fields resolved into concrete values based on a Verifiable Credential.

type ResolvedProperty

type ResolvedProperty struct {
	Schema Schema      `json:"schema"`
	Label  string      `json:"label"`
	Value  interface{} `json:"value"`
}

ResolvedProperty contains resolved result for each resolved property.

type Schema

type Schema struct {
	Type             string `json:"type"`                       // MUST be here
	Format           string `json:"format,omitempty"`           // MAY be here if the Type is "string".
	ContentMediaType string `json:"contentMediaType,omitempty"` // MAY be here if the Type is "string".
	ContentEncoding  string `json:"contentEncoding,omitempty"`  // MAY be here if the Type is "string".
}

Schema represents Type and (optional) Format information for a DisplayMappingObject that uses the Paths field, as defined in https://identity.foundation/wallet-rendering/#using-path.

type Styles

type Styles struct {
	Thumbnail  *ImageURIWithAltText `json:"thumbnail,omitempty"`
	Hero       *ImageURIWithAltText `json:"hero,omitempty"`
	Background *Color               `json:"background,omitempty"`
	Text       *Color               `json:"text,omitempty"`
}

Styles represents an Entity Styles object as defined in https://identity.foundation/wallet-rendering/#entity-styles.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL