Documentation ¶
Overview ¶
nolint
Index ¶
- Constants
- Variables
- func CreateDataVaultKeyPairs(userID string, ctx provider, options ...UnlockOptions) error
- func CreateProfile(userID string, ctx provider, options ...ProfileOptions) error
- func ProfileExists(userID string, ctx provider) error
- func UpdateProfile(userID string, ctx provider, options ...ProfileOptions) error
- type AddContentOptions
- type ConcludeInteractionOptions
- type ConnectOptions
- type ContentType
- type CredentialInteractionStatus
- type CredentialToDerive
- type DeriveOptions
- type DidComm
- func (c *DidComm) Connect(authToken string, invitation *outofband.Invitation, options ...ConnectOptions) (string, error)
- func (c *DidComm) PresentProof(authToken, thID string, options ...ConcludeInteractionOptions) (*CredentialInteractionStatus, error)
- func (c *DidComm) ProposeCredential(authToken string, invitation *GenericInvitation, ...) (*service.DIDCommMsgMap, error)
- func (c *DidComm) ProposePresentation(authToken string, invitation *GenericInvitation, ...) (*service.DIDCommMsgMap, error)
- func (c *DidComm) RequestCredential(authToken, thID string, options ...ConcludeInteractionOptions) (*CredentialInteractionStatus, error)
- type ExampleDefinition
- type GenericInvitation
- type GetAllContentsOptions
- type InitiateInteractionOption
- type KeyPair
- type ProfileOptions
- type ProofFormat
- type ProofOptions
- type ProveOptions
- func WithCredentialsToProve(credentials ...*verifiable.Credential) ProveOptions
- func WithPresentationToProve(presentation *verifiable.Presentation) ProveOptions
- func WithRawCredentialsToProve(raw ...json.RawMessage) ProveOptions
- func WithRawPresentationToProve(presentation json.RawMessage) ProveOptions
- func WithStoredCredentialsToProve(ids ...string) ProveOptions
- type Query
- type QueryByExampleDefinition
- type QueryByFrameDefinition
- type QueryParams
- type QueryType
- type ResolveManifestOption
- func ResolveCredential(descriptorID string, credential *verifiable.Credential) ResolveManifestOption
- func ResolveCredentialID(descriptorID, credentialID string) ResolveManifestOption
- func ResolveRawCredential(descriptorID string, rawCredential json.RawMessage) ResolveManifestOption
- func ResolveRawResponse(response json.RawMessage) ResolveManifestOption
- func ResolveResponse(response *verifiable.Presentation) ResolveManifestOption
- type Session
- type TrustedIssuerDefinition
- type UnlockOptions
- func WithUnlockByAuthorizationToken(url string) UnlockOptions
- func WithUnlockByPassphrase(passphrase string) UnlockOptions
- func WithUnlockBySecretLockService(svc secretlock.Service) UnlockOptions
- func WithUnlockEDVOptions(edvOpts ...edv.RESTProviderOption) UnlockOptions
- func WithUnlockExpiry(tokenExpiry time.Duration) UnlockOptions
- func WithUnlockWebKMSOptions(webkmsOpts ...webkms.Opt) UnlockOptions
- type VerificationOption
- type Wallet
- func (c *Wallet) Add(authToken string, contentType ContentType, content json.RawMessage, ...) error
- func (c *Wallet) Close() bool
- func (c *Wallet) CreateKeyPair(authToken string, keyType kms.KeyType) (*KeyPair, error)
- func (c *Wallet) Derive(authToken string, credential CredentialToDerive, options *DeriveOptions) (*verifiable.Credential, error)
- func (c *Wallet) Export(auth string) (json.RawMessage, error)
- func (c *Wallet) Get(authToken string, contentType ContentType, contentID string) (json.RawMessage, error)
- func (c *Wallet) GetAll(authToken string, contentType ContentType, options ...GetAllContentsOptions) (map[string]json.RawMessage, error)
- func (c *Wallet) Import(auth string, contents json.RawMessage) error
- func (c *Wallet) Issue(authToken string, credential json.RawMessage, options *ProofOptions) (*verifiable.Credential, error)
- func (c *Wallet) Open(options ...UnlockOptions) (string, error)
- func (c *Wallet) Prove(authToken string, proofOptions *ProofOptions, credentials ...ProveOptions) (*verifiable.Presentation, error)
- func (c *Wallet) Query(authToken string, params ...*QueryParams) ([]*verifiable.Presentation, error)
- func (c *Wallet) Remove(authToken string, contentType ContentType, contentID string) error
- func (c *Wallet) ResolveCredentialManifest(authToken string, manifest json.RawMessage, resolve ResolveManifestOption) ([]*cm.ResolvedDescriptor, error)
- func (c *Wallet) SignJWT(authToken string, headers, claims map[string]interface{}, kid string) (string, error)
- func (c *Wallet) Verify(authToken string, options VerificationOption) (bool, error)
- func (c *Wallet) VerifyJWT(compactJWT string) error
Constants ¶
const ( Ed25519VerificationKey2018 = "ed25519verificationkey2018" Bls12381G1Key2020 = "bls12381g1key2020" )
supported key types for import key base58 (all constants defined in lower case).
const ( // ExternalJWTProofFormat indicates that a credential or presentation should be signed with an external JWT proof. ExternalJWTProofFormat = "ExternalJWTProofFormat" // EmbeddedLDProofFormat indicates that a credential or presentation should be signed with an embedded LD proof. EmbeddedLDProofFormat = "EmbeddedLDProofFormat" )
const ( // Ed25519Signature2018 ed25519 signature suite. Ed25519Signature2018 = "Ed25519Signature2018" // JSONWebSignature2020 json web signature suite. JSONWebSignature2020 = "JsonWebSignature2020" // BbsBlsSignature2020 BBS signature suite. BbsBlsSignature2020 = "BbsBlsSignature2020" )
Proof types.
Variables ¶
var ( // ErrAlreadyUnlocked error when key manager is already created for a given user. ErrAlreadyUnlocked = errors.New("wallet already unlocked") // ErrWalletLocked when key manager operation is attempted without unlocking wallet. ErrWalletLocked = errors.New("wallet locked") )
errors.
var ErrInvalidAuthToken = errors.New("invalid auth token")
ErrInvalidAuthToken when auth token provided to wallet is unable to unlock key manager.
var ErrProfileNotFound = errors.New("profile does not exist")
ErrProfileNotFound error for wallet profile not found scenario.
var ( // ErrQueryNoResultFound error when no records found from query. ErrQueryNoResultFound = errors.New("no result found") )
Query errors.
Functions ¶
func CreateDataVaultKeyPairs ¶
func CreateDataVaultKeyPairs(userID string, ctx provider, options ...UnlockOptions) error
CreateDataVaultKeyPairs can be used create EDV key pairs for given profile. Wallet will create key pairs in profile kms and updates profile with newly generate EDV encryption & MAC key IDs.
func CreateProfile ¶
func CreateProfile(userID string, ctx provider, options ...ProfileOptions) error
CreateProfile creates a new verifiable credential wallet profile for given user. returns error if wallet profile is already created. Use `UpdateProfile()` for replacing an already created verifiable credential wallet profile.
func ProfileExists ¶
ProfileExists checks if profile exists for given wallet user, returns error if not found.
func UpdateProfile ¶
func UpdateProfile(userID string, ctx provider, options ...ProfileOptions) error
UpdateProfile updates existing verifiable credential wallet profile. Caution: - you might lose your existing keys if you change kms options. - you might lose your existing wallet contents if you change storage/EDV options (ex: switching context storage provider or changing EDV settings).
Types ¶
type AddContentOptions ¶
type AddContentOptions func(opts *addContentOpts)
AddContentOptions is option for adding contents to wallet.
func AddByCollection ¶
func AddByCollection(collectionID string) AddContentOptions
AddByCollection option for grouping wallet contents by collection ID.
func ValidateContent ¶
func ValidateContent() AddContentOptions
ValidateContent enables data model validations of adding content.
type ConcludeInteractionOptions ¶
type ConcludeInteractionOptions func(opts *concludeInteractionOpts)
ConcludeInteractionOptions is option to conclude credential interaction between wallet and verifier/issuer by sending present proof or request credential message.
func FromPresentation ¶
func FromPresentation(presentation *verifiable.Presentation) ConcludeInteractionOptions
FromPresentation for sending aries verifiable presentation as message attachment.
func FromRawPresentation ¶
func FromRawPresentation(raw json.RawMessage) ConcludeInteractionOptions
FromRawPresentation for sending raw JSON as presentation as message attachment.
func WaitForDone ¶
func WaitForDone(timeout time.Duration) ConcludeInteractionOptions
WaitForDone if provided then wallet will wait for credential interaction protocol status to be done or abandoned till given timeout. If used then wallet will wait for acknowledgement or problem report from other party and also will return web redirect info if found in incoming message. If timeout is zero then wallet will use its default timeout.
type ConnectOptions ¶
type ConnectOptions func(opts *connectOpts)
ConnectOptions options for accepting incoming out-of-band invitation and connecting.
func WithConnectTimeout ¶
func WithConnectTimeout(timeout time.Duration) ConnectOptions
WithConnectTimeout option providing connect timeout, to wait for connection status to be 'completed'.
func WithMyLabel ¶
func WithMyLabel(label string) ConnectOptions
WithMyLabel option for providing label to be shared with the other agent during the subsequent did-exchange.
func WithReuseAnyConnection ¶
func WithReuseAnyConnection(reuse bool) ConnectOptions
WithReuseAnyConnection option to use any recognized DID in the services array for a reusable connection.
func WithReuseDID ¶
func WithReuseDID(did string) ConnectOptions
WithReuseDID option to provide DID to be used when reusing a connection.
func WithRouterConnections ¶
func WithRouterConnections(conns ...string) ConnectOptions
WithRouterConnections option to provide for router connections to be used.
type ContentType ¶
type ContentType string
ContentType is wallet content type.
const ( // Collection content type which can be used to group wallet contents together. // https://w3c-ccg.github.io/universal-wallet-interop-spec/#Collection Collection ContentType = "collection" // Credential content type for handling credential data models. // https://w3c-ccg.github.io/universal-wallet-interop-spec/#Credential Credential ContentType = "credential" // DIDResolutionResponse content type for handling DID document data models. // https://w3c-ccg.github.io/universal-wallet-interop-spec/#DIDResolutionResponse DIDResolutionResponse ContentType = "didResolutionResponse" // Metadata content type for handling wallet metadata data models. // https://w3c-ccg.github.io/universal-wallet-interop-spec/#meta-data Metadata ContentType = "metadata" // Connection content type for handling wallet connection data models. // https://w3c-ccg.github.io/universal-wallet-interop-spec/#connection Connection ContentType = "connection" // Key content type for handling key data models. // https://w3c-ccg.github.io/universal-wallet-interop-spec/#Key Key ContentType = "key" )
func (ContentType) IsValid ¶
func (ct ContentType) IsValid() error
IsValid checks if underlying content type is supported.
type CredentialInteractionStatus ¶
type CredentialInteractionStatus struct { // One of the status present proof or issue credential interaction // Refer https://github.com/hyperledger/aries-rfcs/blob/main/features/0015-acks/README.md#ack-status. Status string `json:"status"` // Optional web redirect URL info sent by verifier. RedirectURL string `json:"url,omitempty"` }
CredentialInteractionStatus holds the status of credential share/issuance interaction from wallet. Typically holds web redirect info of credential interaction conclusion or problem-report.
type CredentialToDerive ¶
type CredentialToDerive func(opts *deriveOpts)
CredentialToDerive is credential option for deriving a credential from wallet.
func FromCredential ¶
func FromCredential(cred *verifiable.Credential) CredentialToDerive
FromCredential option for deriving credential from a credential instance.
func FromRawCredential ¶
func FromRawCredential(raw json.RawMessage) CredentialToDerive
FromRawCredential for deriving credential from raw credential bytes.
func FromStoredCredential ¶
func FromStoredCredential(id string) CredentialToDerive
FromStoredCredential for deriving credential from stored credential.
type DeriveOptions ¶
type DeriveOptions struct { // Frame is JSON-LD frame used for selective disclosure. Frame map[string]interface{} `json:"frame,omitempty"` // Nonce to prove uniqueness or freshness of the proof. Nonce string `json:"nonce,omitempty"` }
DeriveOptions model containing options for deriving a credential.
type DidComm ¶
type DidComm struct {
// contains filtered or unexported fields
}
DidComm enables access to verifiable credential wallet features.
func NewDidComm ¶
NewDidComm returns new verifiable credential wallet for given user. returns error if wallet profile is not found. To create a new wallet profile, use `CreateProfile()`. To update an existing profile, use `UpdateProfile()`.
func (*DidComm) Connect ¶
func (c *DidComm) Connect(authToken string, invitation *outofband.Invitation, options ...ConnectOptions) (string, error)
Connect accepts out-of-band invitations and performs DID exchange.
Args:
- authToken: authorization for performing create key pair operation.
- invitation: out-of-band invitation.
- options: connection options.
Returns:
- connection ID if DID exchange is successful.
- error if operation false.
func (*DidComm) PresentProof ¶
func (c *DidComm) PresentProof(authToken, thID string, options ...ConcludeInteractionOptions) (*CredentialInteractionStatus, error)
PresentProof sends message present proof message from wallet to relying party. https://w3c-ccg.github.io/universal-wallet-interop-spec/#presentproof
Currently Supporting [0454-present-proof-v2](https://github.com/hyperledger/aries-rfcs/tree/master/features/0454-present-proof-v2)
Args:
- authToken: authorization for performing operation.
- thID: thread ID (action ID) of request presentation.
- presentProofFrom: presentation to be sent.
Returns:
- Credential interaction status containing status, redirectURL.
- error if operation fails.
func (*DidComm) ProposeCredential ¶
func (c *DidComm) ProposeCredential(authToken string, invitation *GenericInvitation, options ...InitiateInteractionOption) (*service.DIDCommMsgMap, error)
ProposeCredential sends propose credential message from wallet to issuer. https://w3c-ccg.github.io/universal-wallet-interop-spec/#proposecredential
Currently Supporting : 0453-issueCredentialV2 https://github.com/hyperledger/aries-rfcs/blob/main/features/0453-issue-credential-v2/README.md
Args:
- authToken: authorization for performing operation.
- invitation: out-of-band invitation from issuer.
- options: options for accepting invitation and send propose credential message.
Returns:
- DIDCommMsgMap containing offer credential message if operation is successful.
- error if operation fails.
func (*DidComm) ProposePresentation ¶
func (c *DidComm) ProposePresentation(authToken string, invitation *GenericInvitation, options ...InitiateInteractionOption) (*service.DIDCommMsgMap, error)
ProposePresentation accepts out-of-band invitation and sends message proposing presentation from wallet to relying party. https://w3c-ccg.github.io/universal-wallet-interop-spec/#proposepresentation
Currently Supporting [0454-present-proof-v2](https://github.com/hyperledger/aries-rfcs/tree/master/features/0454-present-proof-v2)
Args:
- authToken: authorization for performing operation.
- invitation: out-of-band invitation from relying party.
- options: options for accepting invitation and send propose presentation message.
Returns:
- DIDCommMsgMap containing request presentation message if operation is successful.
- error if operation fails.
func (*DidComm) RequestCredential ¶
func (c *DidComm) RequestCredential(authToken, thID string, options ...ConcludeInteractionOptions) (*CredentialInteractionStatus, error)
RequestCredential sends request credential message from wallet to issuer and optionally waits for credential response. https://w3c-ccg.github.io/universal-wallet-interop-spec/#requestcredential
Currently Supporting : 0453-issueCredentialV2 https://github.com/hyperledger/aries-rfcs/blob/main/features/0453-issue-credential-v2/README.md
Args:
- authToken: authorization for performing operation.
- thID: thread ID (action ID) of offer credential message previously received.
- concludeInteractionOptions: options to conclude interaction like presentation to be shared etc.
Returns:
- Credential interaction status containing status, redirectURL.
- error if operation fails.
type ExampleDefinition ¶
type ExampleDefinition struct { Context []string `json:"@context"` Type interface{} `json:"type"` CredentialSubject map[string]string `json:"credentialSubject"` CredentialSchema map[string]string `json:"credentialSchema"` TrustedIssuer []TrustedIssuerDefinition `json:"trustedIssuer"` IssuerQuery map[string]interface{} `json:"issuerQuery"` }
ExampleDefinition frame for QueryByExample. Refer - https://w3c-ccg.github.io/vp-request-spec/#example-2-a-query-by-example-query TODO currently `IssuerQuery` is ignored.
type GenericInvitation ¶
type GenericInvitation struct { ID string `json:"id"` Type string `json:"type"` From string `json:"from,omitempty"` Label string `json:"label,omitempty"` Goal string `json:"goal,omitempty"` GoalCode string `json:"goal_code,omitempty"` Services []interface{} `json:"services"` Accept []string `json:"accept,omitempty"` Protocols []string `json:"handshake_protocols,omitempty"` Requests []decorator.GenericAttachment `json:"attachments,omitempty"` // contains filtered or unexported fields }
GenericInvitation holds either a DIDComm V1 or V2 invitation.
func (*GenericInvitation) AsV1 ¶
func (gi *GenericInvitation) AsV1() *oobsvc.Invitation
AsV1 returns this invitation as an OOB V1 invitation.
func (*GenericInvitation) AsV2 ¶
func (gi *GenericInvitation) AsV2() *oobv2.Invitation
AsV2 returns this invitation as an OOB V2 invitation.
func (*GenericInvitation) MarshalJSON ¶
func (gi *GenericInvitation) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler interface.
func (*GenericInvitation) UnmarshalJSON ¶
func (gi *GenericInvitation) UnmarshalJSON(data []byte) error
UnmarshalJSON implements json.Unmarshaler interface.
func (*GenericInvitation) Version ¶
func (gi *GenericInvitation) Version() service.Version
Version returns the DIDComm version of this OOB invitation.
type GetAllContentsOptions ¶
type GetAllContentsOptions func(opts *getAllContentsOpts)
GetAllContentsOptions is option for getting all contents from wallet.
func FilterByCollection ¶
func FilterByCollection(collectionID string) GetAllContentsOptions
FilterByCollection option for getting all contents by collection from wallet.
type InitiateInteractionOption ¶
type InitiateInteractionOption func(opts *initiateInteractionOpts)
InitiateInteractionOption options for initiating credential interaction by proposing presentation/credential from wallet.
func WithConnectOptions ¶
func WithConnectOptions(options ...ConnectOptions) InitiateInteractionOption
WithConnectOptions for customizing options for accepting invitation.
func WithFromDID ¶
func WithFromDID(from string) InitiateInteractionOption
WithFromDID option for providing customized from DID for sending propose message.
func WithInitiateTimeout ¶
func WithInitiateTimeout(timeout time.Duration) InitiateInteractionOption
WithInitiateTimeout to provide timeout duration to wait for response for propose message.
type KeyPair ¶
type KeyPair struct { // base64 encoded key ID of the key created. KeyID string `json:"keyID,omitempty"` // base64 encoded public key of the key pair created. PublicKey string `json:"publicKey,omitempty"` }
KeyPair is response of creating key pair inside wallet.
type ProfileOptions ¶
type ProfileOptions func(opts *profileOpts)
ProfileOptions is option for verifiable credential wallet key manager.
func WithEDVStorage ¶
func WithEDVStorage(url, vaultID, encryptionKID, macKID string) ProfileOptions
WithEDVStorage option, for wallet profile to use EDV as storage. If provided then all wallet contents will use EDV for storage. Note: key manager options supplied for profile creation and management will be reused for EDV operations.
func WithKeyServerURL ¶
func WithKeyServerURL(url string) ProfileOptions
WithKeyServerURL option, when provided then wallet will use remote kms for key operations. This option will be ignore if provided with 'WithSecretLockService' option.
func WithPassphrase ¶
func WithPassphrase(passphrase string) ProfileOptions
WithPassphrase option to provide passphrase for local kms for key operations.
func WithSecretLockService ¶
func WithSecretLockService(svc secretlock.Service) ProfileOptions
WithSecretLockService option, when provided then wallet will use local kms for key operations.
type ProofFormat ¶
type ProofFormat string
ProofFormat determines whether a credential or presentation should be signed with an external JWT proof (wrapping the credential to form a JWT-VC) or with an embedded LD proof.
type ProofOptions ¶
type ProofOptions struct { // Controller is a DID to be for signing. This option is required for issue/prove wallet features. Controller string `json:"controller,omitempty"` // VerificationMethod is the URI of the verificationMethod used for the proof. // Optional, by default Controller public key matching 'assertion' for issue or 'authentication' for prove functions. VerificationMethod string `json:"verificationMethod,omitempty"` // Created date of the proof. // Optional, current system time will be used. Created *time.Time `json:"created,omitempty"` // ProofFormat determines whether a credential or presentation should be signed with an external JWT proof // (wrapping the credential to form a JWT-VC) or with an embedded LD proof. // // Optional: If empty, defaults to EmbeddedLDProofFormat. ProofFormat ProofFormat `json:"proofFormat,omitempty"` // Domain is operational domain of a digital proof. // Optional, by default domain will not be part of proof. Domain string `json:"domain,omitempty"` // Challenge is a random or pseudo-random value option authentication. // Optional, by default challenge will not be part of proof. Challenge string `json:"challenge,omitempty"` // ProofType is signature type used for signing. // Optional, by default proof will be generated in Ed25519Signature2018 format. ProofType string `json:"proofType,omitempty"` // ProofRepresentation is type of proof data expected, (Refer verifiable.SignatureProofValue) // Optional, by default proof will be represented as 'verifiable.SignatureProofValue'. ProofRepresentation *verifiable.SignatureRepresentation `json:"proofRepresentation,omitempty"` }
ProofOptions model
Options for adding JWT or linked data proofs to a verifiable credential or a verifiable presentation. To be used as options for issue/prove wallet features.
type ProveOptions ¶
type ProveOptions func(opts *proveOpts)
ProveOptions options for proving credential to present from wallet.
func WithCredentialsToProve ¶
func WithCredentialsToProve(credentials ...*verifiable.Credential) ProveOptions
WithCredentialsToProve option for providing verifiable credential instances for wallet to present.
func WithPresentationToProve ¶
func WithPresentationToProve(presentation *verifiable.Presentation) ProveOptions
WithPresentationToProve option for providing presentation for wallet to present. If passed along with other credentials options, response verifiable presentation will be normalized to include all the credentials.
func WithRawCredentialsToProve ¶
func WithRawCredentialsToProve(raw ...json.RawMessage) ProveOptions
WithRawCredentialsToProve option for providing raw credential for wallet to present.
func WithRawPresentationToProve ¶
func WithRawPresentationToProve(presentation json.RawMessage) ProveOptions
WithRawPresentationToProve option for providing raw presentation for wallet to present. Ignored if passed along with WithPresentationToProve option. If passed along with other credentials options, response verifiable presentation will be normalized to include all the credentials.
func WithStoredCredentialsToProve ¶
func WithStoredCredentialsToProve(ids ...string) ProveOptions
WithStoredCredentialsToProve option for providing stored credential IDs for wallet to present.
type Query ¶
type Query struct {
// contains filtered or unexported fields
}
Query performs wallet credential queries, currently supporting all the QueryTypes defined in QueryType.
func NewQuery ¶
func NewQuery(pkFetcher verifiable.PublicKeyFetcher, loader ld.DocumentLoader, queries ...*QueryParams) *Query
NewQuery returns new wallet query instance.
func (*Query) PerformQuery ¶
func (q *Query) PerformQuery(credentials map[string]json.RawMessage) ([]*verifiable.Presentation, error)
PerformQuery performs credential query on given credentials. nolint:gocyclo
type QueryByExampleDefinition ¶
type QueryByExampleDefinition struct {
Example *ExampleDefinition `json:"example"`
}
QueryByExampleDefinition is model for QueryByExample query type. https://w3c-ccg.github.io/vp-request-spec/#query-by-example
type QueryByFrameDefinition ¶
type QueryByFrameDefinition struct { Frame map[string]interface{} `json:"frame"` TrustedIssuer []TrustedIssuerDefinition `json:"trustedIssuer"` }
QueryByFrameDefinition is model for QueryByExample query type. https://w3c-ccg.github.io/vp-request-spec/ TODO QueryByExampleDefinition model is not yet finalized - https://github.com/w3c-ccg/vp-request-spec/issues/8
type QueryParams ¶
type QueryParams struct { // Type of the query. // Allowed values 'QueryByExample', 'QueryByFrame', 'PresentationExchange', 'DIDAuth' Type string `json:"type"` // Query can contain one or more credential queries. Query []json.RawMessage `json:"credentialQuery"` }
QueryParams contains credential queries for querying credential from wallet. Refer https://w3c-ccg.github.io/vp-request-spec/#format for more details.
type QueryType ¶
type QueryType int
QueryType is type of query supported by wallet implementation More details can be found here : https://w3c-ccg.github.io/universal-wallet-interop-spec/#query
const ( // QueryByExample https://w3c-ccg.github.io/vp-request-spec/#query-by-example QueryByExample QueryType = iota + 1 // QueryByFrame https://github.com/w3c-ccg/vp-request-spec/issues/8 QueryByFrame // PresentationExchange https://identity.foundation/presentation-exchange/ PresentationExchange // DIDAuth https://w3c-ccg.github.io/vp-request-spec/#did-authentication-request DIDAuth )
func GetQueryType ¶
GetQueryType returns QueryType instance for given string query type.
type ResolveManifestOption ¶
type ResolveManifestOption func(opts *resolveManifestOpts)
ResolveManifestOption is option to resolve credential manifests.
func ResolveCredential ¶
func ResolveCredential(descriptorID string, credential *verifiable.Credential) ResolveManifestOption
ResolveCredential options for resolving credential by given descriptor ID.
func ResolveCredentialID ¶
func ResolveCredentialID(descriptorID, credentialID string) ResolveManifestOption
ResolveCredentialID options for resolving credential from wallet content store by given descriptor ID.
func ResolveRawCredential ¶
func ResolveRawCredential(descriptorID string, rawCredential json.RawMessage) ResolveManifestOption
ResolveRawCredential options for resolving raw bytes of credential by given descriptor ID.
func ResolveRawResponse ¶
func ResolveRawResponse(response json.RawMessage) ResolveManifestOption
ResolveRawResponse options for resolving raw bytes of credential response presentation.
func ResolveResponse ¶
func ResolveResponse(response *verifiable.Presentation) ResolveManifestOption
ResolveResponse options for resolving credential response presentation.
type Session ¶
type Session struct { KeyManager kms.KeyManager // contains filtered or unexported fields }
Session represent a session object created when user unlock wallet.
type TrustedIssuerDefinition ¶
type TrustedIssuerDefinition struct { Issuer string `json:"issuer"` Required bool `json:"required"` }
TrustedIssuerDefinition is model for trusted issuer component in QueryByFrame & QueryByExample.
type UnlockOptions ¶
type UnlockOptions func(opts *unlockOpts)
UnlockOptions is option for unlocking verifiable credential wallet key manager. Wallet unlocking instantiates KMS instance for wallet operations. Type of key manager (local or remote) to be used will be decided based on options passed. Note: unlock options should match key manager options set for given wallet profile.
func WithUnlockByAuthorizationToken ¶
func WithUnlockByAuthorizationToken(url string) UnlockOptions
WithUnlockByAuthorizationToken option for supplying remote kms auth token to open wallet. This option will be ignore when supplied with localkms options.
func WithUnlockByPassphrase ¶
func WithUnlockByPassphrase(passphrase string) UnlockOptions
WithUnlockByPassphrase option for supplying passphrase to open wallet. This option takes precedence when provided along with other options.
func WithUnlockBySecretLockService ¶
func WithUnlockBySecretLockService(svc secretlock.Service) UnlockOptions
WithUnlockBySecretLockService option for supplying secret lock service to open wallet. This option will be ignored when supplied with 'WithPassphrase' option.
func WithUnlockEDVOptions ¶
func WithUnlockEDVOptions(edvOpts ...edv.RESTProviderOption) UnlockOptions
WithUnlockEDVOptions can be used to provide custom aries edv options for unlocking wallet. Provided options will be considered only if given wallet profile is using EDV configurations.
func WithUnlockExpiry ¶
func WithUnlockExpiry(tokenExpiry time.Duration) UnlockOptions
WithUnlockExpiry time duration after which wallet key manager will be expired. Wallet should be reopened by using 'client.Open()' once expired or a new instance needs to be created.
func WithUnlockWebKMSOptions ¶
func WithUnlockWebKMSOptions(webkmsOpts ...webkms.Opt) UnlockOptions
WithUnlockWebKMSOptions can be used to provide custom aries web kms options for unlocking wallet. This option can be used to set web kms client http header function instead of using WithUnlockByAuthorizationToken.
type VerificationOption ¶
type VerificationOption func(opts *verifyOpts)
VerificationOption options for verifying credential from wallet.
func WithRawCredentialToVerify ¶
func WithRawCredentialToVerify(raw json.RawMessage) VerificationOption
WithRawCredentialToVerify option for providing raw credential to be verified from wallet.
func WithRawPresentationToVerify ¶
func WithRawPresentationToVerify(raw json.RawMessage) VerificationOption
WithRawPresentationToVerify option for providing raw presentation to be verified from wallet.
func WithStoredCredentialToVerify ¶
func WithStoredCredentialToVerify(id string) VerificationOption
WithStoredCredentialToVerify option for providing ID of the stored credential to be verified from wallet.
type Wallet ¶
type Wallet struct {
// contains filtered or unexported fields
}
Wallet enables access to verifiable credential wallet features.
func New ¶
New returns new verifiable credential wallet for given user. returns error if wallet profile is not found. To create a new wallet profile, use `CreateProfile()`. To update an existing profile, use `UpdateProfile()`.
func (*Wallet) Add ¶
func (c *Wallet) Add(authToken string, contentType ContentType, content json.RawMessage, options ...AddContentOptions) error
Add adds given data model to wallet contents store.
Supported data models:
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Collection
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Credential
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#DIDResolutionResponse
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#meta-data
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#connection
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Key
func (*Wallet) Close ¶
Close expires token issued to this VC wallet, removes the key manager instance and closes wallet content store. returns false if token is not found or already expired for this wallet user.
func (*Wallet) CreateKeyPair ¶
CreateKeyPair creates key pair inside a wallet.
Args: - authToken: authorization for performing create key pair operation. - keyType: type of the key to be created.
func (*Wallet) Derive ¶
func (c *Wallet) Derive(authToken string, credential CredentialToDerive, options *DeriveOptions) (*verifiable.Credential, error)
Derive derives a credential and returns response credential.
Args: - credential to derive (ID of the stored credential, raw credential or credential instance). - derive options.
func (*Wallet) Export ¶
func (c *Wallet) Export(auth string) (json.RawMessage, error)
Export produces a serialized exported wallet representation. Only ciphertext wallet contents can be exported.
Args: - auth: token to be used to lock the wallet before exporting. Returns exported locked wallet.
Supported data models:
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Collection
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Credential
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#DIDResolutionResponse
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#meta-data
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#connection
func (*Wallet) Get ¶
func (c *Wallet) Get(authToken string, contentType ContentType, contentID string) (json.RawMessage, error)
Get fetches a wallet content by content ID.
Supported data models:
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Collection
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Credential
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#DIDResolutionResponse
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#meta-data
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#connection
func (*Wallet) GetAll ¶
func (c *Wallet) GetAll(authToken string, contentType ContentType, options ...GetAllContentsOptions) (map[string]json.RawMessage, error)
GetAll fetches all wallet contents of given type. Returns map of key value from content store for given content type.
Supported data models:
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Collection
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Credential
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#DIDResolutionResponse
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#meta-data
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#connection
func (*Wallet) Import ¶
func (c *Wallet) Import(auth string, contents json.RawMessage) error
Import Takes a serialized exported wallet representation as input and imports all contents into wallet.
Args: - contents: wallet content to be imported. - auth: token used while exporting the wallet.
Supported data models:
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Collection
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Credential
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#DIDResolutionResponse
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#meta-data
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#connection
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Key
func (*Wallet) Issue ¶
func (c *Wallet) Issue(authToken string, credential json.RawMessage, options *ProofOptions) (*verifiable.Credential, error)
Issue adds proof to a Verifiable Credential.
Args: - auth token for unlocking kms. - A verifiable credential with or without proof. - Proof options.
func (*Wallet) Open ¶
func (c *Wallet) Open(options ...UnlockOptions) (string, error)
Open unlocks wallet's key manager instance & open wallet content store and returns a token for subsequent use of wallet features.
Args: - unlock options for opening wallet. Returns token with expiry that can be used for subsequent use of wallet features.
func (*Wallet) Prove ¶
func (c *Wallet) Prove(authToken string, proofOptions *ProofOptions, credentials ...ProveOptions) (*verifiable.Presentation, error)
Prove produces a Verifiable Presentation.
Args: - auth token for unlocking kms. - list of interfaces (string of credential IDs which can be resolvable to stored credentials in wallet or raw credential or a presentation). - proof options
func (*Wallet) Query ¶
func (c *Wallet) Query(authToken string, params ...*QueryParams) ([]*verifiable.Presentation, error)
Query runs query against wallet credential contents and returns presentation containing credential results.
This function may return multiple presentations as query result based on combination of query types used.
https://w3c-ccg.github.io/universal-wallet-interop-spec/#query
Supported Query Types:
func (*Wallet) Remove ¶
func (c *Wallet) Remove(authToken string, contentType ContentType, contentID string) error
Remove removes wallet content by content ID.
Supported data models:
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Collection
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#Credential
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#DIDResolutionResponse
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#meta-data
- https://w3c-ccg.github.io/universal-wallet-interop-spec/#connection
func (*Wallet) ResolveCredentialManifest ¶
func (c *Wallet) ResolveCredentialManifest(authToken string, manifest json.RawMessage, resolve ResolveManifestOption) ([]*cm.ResolvedDescriptor, error)
ResolveCredentialManifest resolves given credential manifest by credential response or credential. Supports: https://identity.foundation/credential-manifest/
Args:
- authToken: authorization for performing operation.
- manifest: Credential manifest data model in raw format.
- resolve: options to provide credential response or credential to resolve.
Returns:
- list of resolved descriptors.
- error if operation fails.
func (*Wallet) SignJWT ¶
func (c *Wallet) SignJWT(authToken string, headers, claims map[string]interface{}, kid string) (string, error)
SignJWT creates a JWT signed by the wallet's KMS using a key from an owned DID.
Args: - auth token for unlocking kms. - Headers to include in the created JWT. - Claims for the created JWT. - the ID of the key to use for signing, as a DID, either with a fragment identifier to specify a verification method, or without, in which case the first Authentication or Assertion verification method is used.
func (*Wallet) Verify ¶
func (c *Wallet) Verify(authToken string, options VerificationOption) (bool, error)
Verify takes Takes a Verifiable Credential or Verifiable Presentation as input,.
Args: - verification option for sending different models (stored credential ID, raw credential, raw presentation).
Returns: a boolean verified, and an error if verified is false.