Documentation ¶
Overview ¶
Package cm contains methods that are useful for parsing and validating the objects defined in the Credential Manifest spec: https://identity.foundation/credential-manifest.
Index ¶
- Constants
- func PresentCredentialApplication(credentialManifest *CredentialManifest, ...) (*verifiable.Presentation, error)
- func PresentCredentialResponse(credentialManifest *CredentialManifest, opts ...PresentCredentialResponseOpt) (*verifiable.Presentation, error)
- func ValidateCredentialApplication(application *verifiable.Presentation, cm *CredentialManifest, ...) error
- func ValidateOutputDescriptors(descriptors []*OutputDescriptor) error
- type Color
- type CredentialApplication
- type CredentialManifest
- func (cm *CredentialManifest) ResolveCredential(descriptorID string, credential CredentialToResolveOption) (*ResolvedDescriptor, error)
- func (cm *CredentialManifest) ResolveResponse(response *verifiable.Presentation) ([]*ResolvedDescriptor, error)
- func (cm *CredentialManifest) UnmarshalJSON(data []byte) error
- func (cm *CredentialManifest) Validate() error
- type CredentialResponse
- type CredentialToResolveOption
- type DataDisplayDescriptor
- type DisplayMappingObject
- type ImageURIWithAltText
- type Issuer
- type LabeledDisplayMappingObject
- type OutputDescriptor
- type OutputDescriptorMap
- type PresentCredentialApplicationOpt
- type PresentCredentialResponseOpt
- type ResolvedDescriptor
- type ResolvedProperty
- type Schema
- type Styles
Constants ¶
const ( // CredentialApplicationAttachmentFormat defines the format type of Credential Application when used as an // attachment in the WACI issuance flow. // Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info. CredentialApplicationAttachmentFormat = "dif/credential-manifest/application@v1.0" // CredentialApplicationPresentationContext defines the context type of Credential Application when used as part of // a presentation attachment in the WACI issuance flow. // Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info. CredentialApplicationPresentationContext = "https://identity.foundation/credential-manifest/application/v1" )
const ( // CredentialResponseAttachmentFormat defines the format type of Credential Response when used as an // attachment in the WACI issuance flow. // Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info. CredentialResponseAttachmentFormat = "dif/credential-manifest/response@v1.0" // CredentialResponsePresentationContext defines the context type of Credential Response when used as part of // a presentation attachment in the WACI issuance flow. // Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info. CredentialResponsePresentationContext = "https://identity.foundation/credential-manifest/response/v1" )
const CredentialManifestAttachmentFormat = "dif/credential-manifest/manifest@v1.0"
CredentialManifestAttachmentFormat defines the format type of Credential Manifest when used as an attachment in the WACI issuance flow. Refer to https://identity.foundation/waci-presentation-exchange/#issuance-2 for more info.
Variables ¶
This section is empty.
Functions ¶
func PresentCredentialApplication ¶
func PresentCredentialApplication(credentialManifest *CredentialManifest, opts ...PresentCredentialApplicationOpt) (*verifiable.Presentation, error)
PresentCredentialApplication creates a minimal Presentation (without proofs) with Credential Application data based on credentialManifest. The WithExistingPresentationForPresentCredentialResponse can be used to add the Credential Application data to an existing Presentation object instead. If the "https://identity.foundation/presentation-exchange/submission/v1" context is found, it will be replaced with the "https://identity.foundation/credential-manifest/application/v1" context. Note that any existing proofs are not updated. Note also the following assumptions/limitations of this method:
- The format of all claims in the Presentation Submission are assumed to be ldp_vp and will be set as such.
- The format for the Credential Application object will be set to match the format from the Credential Manifest exactly. If a caller wants to use a smaller subset of the Credential Manifest's format, then they will have to set it manually.
- The location of the Verifiable Credentials is assumed to be an array at the root under a field called "verifiableCredential".
- The Verifiable Credentials in the presentation is assumed to be in the same order as the Output Descriptors in the Credential Manifest.
func PresentCredentialResponse ¶
func PresentCredentialResponse(credentialManifest *CredentialManifest, opts ...PresentCredentialResponseOpt) (*verifiable.Presentation, error)
PresentCredentialResponse creates a basic Presentation (without proofs) with Credential Response data based on credentialManifest. The WithExistingPresentationForPresentCredentialResponse can be used to add the Credential Response data to an existing Presentation object instead. Note that any existing proofs are not updated. Note also the following assumptions/limitations of this method:
- The format of all credentials is assumed to be ldp_vc.
- The location of the Verifiable Credentials is assumed to be an array at the root under a field called "verifiableCredential".
- The Verifiable Credentials in the presentation is assumed to be in the same order as the Output Descriptors in the Credential Manifest.
func ValidateCredentialApplication ¶
func ValidateCredentialApplication(application *verifiable.Presentation, cm *CredentialManifest, contextLoader ld.DocumentLoader, options ...presexch.MatchOption) error
ValidateCredentialApplication validates credential application presentation by validating the embedded Credential Application object against the given Credential Manifest. There are 3 requirements for the Credential Application to be valid against the Credential Manifest:
- Credential Application's manifest ID must match the Credential Manifest's ID.
- If the Credential Manifest has a format property, the Credential Application must also have a format property which is a subset of the Credential Manifest's.
- If the Credential Manifest contains a presentation_definition property, the Credential Application must have a matching presentation_submission property.
Proof of all individual credentials can also be validated by using options. Refer to https://identity.foundation/credential-manifest/#credential-application for more info.
func ValidateOutputDescriptors ¶
func ValidateOutputDescriptors(descriptors []*OutputDescriptor) error
ValidateOutputDescriptors checks the given slice of OutputDescriptors to ensure that they are valid (per the spec) when placed together within a single Credential Manifest. To pass validation, the following two conditions must be satisfied: 1. Each OutputDescriptor must have a unique ID. 2. Each OutputDescriptor must also have valid contents. See the validateOutputDescriptorDisplay function for details.
Types ¶
type Color ¶
type Color struct {
Color string `json:"color"` // RGB hex code
}
Color represents a single color in RGB hex code format.
type CredentialApplication ¶
type CredentialApplication struct { ID string `json:"id,omitempty"` // mandatory property // The value of this property MUST be the ID of a valid Credential Manifest. ManifestID string `json:"manifest_id,omitempty"` // mandatory property // Must be a subset of the format property of the CredentialManifest that this CredentialApplication is related to Format presexch.Format `json:"format,omitempty"` // mandatory property }
CredentialApplication represents a credential_application object as defined in https://identity.foundation/credential-manifest/#credential-application. Note that the term "Credential Application" is overloaded in the spec - a "Credential Application" may be referring to one of two different, but related, concepts. A "Credential Application" can be the object defined below, which is intended to be embedded in an envelope like a Verifiable Presentation. Additionally, when that envelope contains the object defined below under a field named "credential_application", then that envelope itself can be called a "Credential Application". The larger "envelope version" of a Credential Application may also have a sibling presentation_submission object within the envelope, as demonstrated by the PresentCredentialApplication method. See https://github.com/decentralized-identity/credential-manifest/issues/73 for more information about this name overloading.
func UnmarshalAndValidateAgainstCredentialManifest ¶
func UnmarshalAndValidateAgainstCredentialManifest(credentialApplicationBytes []byte, cm *CredentialManifest) (CredentialApplication, error)
UnmarshalAndValidateAgainstCredentialManifest unmarshals the credentialApplicationBytes into a CredentialApplication object (performing verification in the process), and after that verifies that the Credential Application is valid against the given Credential Manifest. It's simply a convenience method that allows you to unmarshal and perform validation against a Credential Manifest in one call.
func (*CredentialApplication) UnmarshalJSON ¶
func (ca *CredentialApplication) UnmarshalJSON(data []byte) error
UnmarshalJSON is the custom unmarshal function gets called automatically when the standard json.Unmarshal is called. It also ensures that the given data is a valid CredentialApplication object per the specification.
func (*CredentialApplication) ValidateAgainstCredentialManifest ¶
func (ca *CredentialApplication) ValidateAgainstCredentialManifest(cm *CredentialManifest) error
ValidateAgainstCredentialManifest verifies that the Credential Application is valid against the given Credential Manifest.
type CredentialManifest ¶
type CredentialManifest struct { ID string `json:"id,omitempty"` // mandatory property Issuer Issuer `json:"issuer,omitempty"` // mandatory property OutputDescriptors []*OutputDescriptor `json:"output_descriptors,omitempty"` // mandatory property Format *presexch.Format `json:"format,omitempty"` PresentationDefinition *presexch.PresentationDefinition `json:"presentation_definition,omitempty"` }
CredentialManifest represents a Credential Manifest object as defined in https://identity.foundation/credential-manifest/#credential-manifest-2.
func (*CredentialManifest) ResolveCredential ¶
func (cm *CredentialManifest) ResolveCredential(descriptorID string, credential CredentialToResolveOption) (*ResolvedDescriptor, error)
ResolveCredential resolves given credential and returns results.
func (*CredentialManifest) ResolveResponse ¶
func (cm *CredentialManifest) ResolveResponse(response *verifiable.Presentation) ([]*ResolvedDescriptor, error)
ResolveResponse resolves given credential response and returns results. Currently supports only 'ldp_vc' format of response credentials.
func (*CredentialManifest) UnmarshalJSON ¶
func (cm *CredentialManifest) UnmarshalJSON(data []byte) error
UnmarshalJSON is the custom unmarshal function gets called automatically when the standard json.Unmarshal is called. It also ensures that the given data is a valid CredentialManifest object per the specification.
func (*CredentialManifest) Validate ¶
func (cm *CredentialManifest) Validate() error
Validate ensures that this CredentialManifest is valid as per the spec. Note that this function is automatically called when unmarshalling a []byte into a CredentialManifest.
type CredentialResponse ¶
type CredentialResponse struct { ID string `json:"id,omitempty"` // mandatory property ManifestID string `json:"manifest_id,omitempty"` // mandatory property ApplicationID string `json:"application_id,omitempty"` OutputDescriptorMappingObjects []OutputDescriptorMap `json:"descriptor_map,omitempty"` // mandatory property }
CredentialResponse represents a Credential Response object as defined in https://identity.foundation/credential-manifest/#credential-response.
func (*CredentialResponse) ResolveDescriptorMaps ¶
func (cf *CredentialResponse) ResolveDescriptorMaps(jsonDataFromAttachment interface{}, parseCredentialOpts ...verifiable.CredentialOpt) ([]verifiable.Credential, error)
ResolveDescriptorMaps resolves Verifiable Credentials based on this Credential Response's descriptor maps. This function looks at each OutputDescriptorMap's path property and checks for that path in the given JSON data, which is expected to be from the attachment of an Issue Credential message (i.e. issuecredential.IssueCredentialV3.Attachments[i].Data.JSON). See the TestCredentialResponse_ResolveDescriptorMap method for examples. If a VC is found at that path's location, then it is added to the array of VCs that will be returned by this method. Once all OutputDescriptorMaps are done being scanned, the array of VCs will be returned.
func (*CredentialResponse) UnmarshalJSON ¶
func (cf *CredentialResponse) UnmarshalJSON(data []byte) error
UnmarshalJSON is the custom unmarshal function gets called automatically when the standard json.Unmarshal is called. It also ensures that the given data is a valid CredentialResponse object per the specification.
type CredentialToResolveOption ¶
type CredentialToResolveOption func(opts *resolveCredOpts)
CredentialToResolveOption is an option to provide credential to resolve manifest.
func CredentialToResolve ¶
func CredentialToResolve(credential *verifiable.Credential) CredentialToResolveOption
CredentialToResolve is an option to provide verifiable credential instance to resolve.
func RawCredentialToResolve ¶
func RawCredentialToResolve(raw json.RawMessage) CredentialToResolveOption
RawCredentialToResolve is an option to provide raw JSON bytes of verifiable credential to resolve.
type DataDisplayDescriptor ¶
type DataDisplayDescriptor struct { Title *DisplayMappingObject `json:"title,omitempty"` Subtitle *DisplayMappingObject `json:"subtitle,omitempty"` Description *DisplayMappingObject `json:"description,omitempty"` Properties []*LabeledDisplayMappingObject `json:"properties,omitempty"` }
DataDisplayDescriptor represents a Data Display Descriptor as defined in https://identity.foundation/credential-manifest/wallet-rendering/#data-display.
type DisplayMappingObject ¶
type DisplayMappingObject struct { Text string `json:"text,omitempty"` Paths []string `json:"path,omitempty"` Schema Schema `json:"schema,omitempty"` Fallback string `json:"fallback,omitempty"` }
DisplayMappingObject represents a Display Mapping Object as defined in https://identity.foundation/wallet-rendering/#display-mapping-object There are two possibilities here: 1. If the text field is used, schema is not required. The text field will contain display information about the target Claim. 2. If the path field is used, schema is required. Data will be pulled from the target Claim using the path. TODO (#3045) Support for JSONPath bracket notation.
type ImageURIWithAltText ¶
type ImageURIWithAltText struct { URI string `json:"uri,omitempty"` // mandatory property Alt string `json:"alt,omitempty"` }
ImageURIWithAltText represents a URI that points to an image along with the alt text for it.
type Issuer ¶
type Issuer struct { ID string `json:"id,omitempty"` // mandatory, must be a valid URI Name string `json:"name,omitempty"` Styles *Styles `json:"styles,omitempty"` }
Issuer represents the issuer object defined in https://identity.foundation/credential-manifest/#general-composition.
type LabeledDisplayMappingObject ¶
type LabeledDisplayMappingObject struct { DisplayMappingObject Label string `json:"label,omitempty"` // mandatory property }
LabeledDisplayMappingObject is a DisplayMappingObject with an additional Label field. They are used for the dynamic Properties array in a DataDisplayDescriptor.
type OutputDescriptor ¶
type OutputDescriptor struct { ID string `json:"id,omitempty"` // mandatory property Schema string `json:"schema,omitempty"` // mandatory property Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` Display *DataDisplayDescriptor `json:"display,omitempty"` Styles *Styles `json:"styles,omitempty"` }
OutputDescriptor represents an Output Descriptor object as defined in https://identity.foundation/credential-manifest/#output-descriptor.
type OutputDescriptorMap ¶
type OutputDescriptorMap presexch.InputDescriptorMapping
OutputDescriptorMap represents an Output Descriptor Mapping Object as defined in https://identity.foundation/credential-manifest/#credential-response. It has the same format as the InputDescriptorMapping object from the presexch package, but has a different meaning here.
type PresentCredentialApplicationOpt ¶
type PresentCredentialApplicationOpt func(opts *presentCredentialApplicationOpts)
PresentCredentialApplicationOpt is an option for the PresentCredentialApplication method.
func WithExistingPresentationForPresentCredentialApplication ¶
func WithExistingPresentationForPresentCredentialApplication( presentation *verifiable.Presentation) PresentCredentialApplicationOpt
WithExistingPresentationForPresentCredentialApplication is an option for the PresentCredentialApplication method that allows Credential Application data to be added to an existing Presentation (turning it into a Credential Application in the process). The existing Presentation should not already have Credential Application data.
type PresentCredentialResponseOpt ¶
type PresentCredentialResponseOpt func(opts *presentCredentialResponseOpts)
PresentCredentialResponseOpt is an option for the PresentCredentialResponse method.
func WithExistingPresentationForPresentCredentialResponse ¶
func WithExistingPresentationForPresentCredentialResponse( presentation *verifiable.Presentation) PresentCredentialResponseOpt
WithExistingPresentationForPresentCredentialResponse is an option for the PresentCredentialResponse method that allows Credential Response data to be added to an existing Presentation. The existing Presentation should not already have Credential Response data.
type ResolvedDescriptor ¶
type ResolvedDescriptor struct { DescriptorID string `json:"descriptor_id"` Title string `json:"title,omitempty"` Subtitle string `json:"subtitle,omitempty"` Description string `json:"description,omitempty"` Styles *Styles `json:"styles,omitempty"` Properties []*ResolvedProperty `json:"properties,omitempty"` }
ResolvedDescriptor typically represents results of resolving manifests by credential response. Typically represents a DataDisplayDescriptor that's had its various "template" fields resolved into concrete values based on a Verifiable Credential.
type ResolvedProperty ¶
type ResolvedProperty struct { Schema Schema `json:"schema"` Label string `json:"label"` Value interface{} `json:"value"` }
ResolvedProperty contains resolved result for each resolved property.
type Schema ¶
type Schema struct { Type string `json:"type"` // MUST be here Format string `json:"format,omitempty"` // MAY be here if the Type is "string". ContentMediaType string `json:"contentMediaType,omitempty"` // MAY be here if the Type is "string". ContentEncoding string `json:"contentEncoding,omitempty"` // MAY be here if the Type is "string". }
Schema represents Type and (optional) Format information for a DisplayMappingObject that uses the Paths field, as defined in https://identity.foundation/wallet-rendering/#using-path.
type Styles ¶
type Styles struct { Thumbnail *ImageURIWithAltText `json:"thumbnail,omitempty"` Hero *ImageURIWithAltText `json:"hero,omitempty"` Background *Color `json:"background,omitempty"` Text *Color `json:"text,omitempty"` }
Styles represents an Entity Styles object as defined in https://identity.foundation/wallet-rendering/#entity-styles.