wallet

package
v0.0.0-...-57c6170 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 1, 2023 License: Apache-2.0 Imports: 63 Imported by: 0

Documentation

Overview

nolint

Index

Constants

View Source
const (
	Ed25519VerificationKey2018 = "ed25519verificationkey2018"
	Bls12381G1Key2020          = "bls12381g1key2020"
)

supported key types for import key base58 (all constants defined in lower case).

View Source
const (
	// ExternalJWTProofFormat indicates that a credential or presentation should be signed with an external JWT proof.
	ExternalJWTProofFormat = "ExternalJWTProofFormat"
	// EmbeddedLDProofFormat indicates that a credential or presentation should be signed with an embedded LD proof.
	EmbeddedLDProofFormat = "EmbeddedLDProofFormat"
)
View Source
const (
	// Ed25519Signature2018 ed25519 signature suite.
	Ed25519Signature2018 = "Ed25519Signature2018"
	// JSONWebSignature2020 json web signature suite.
	JSONWebSignature2020 = "JsonWebSignature2020"
	// BbsBlsSignature2020 BBS signature suite.
	BbsBlsSignature2020 = "BbsBlsSignature2020"
)

Proof types.

Variables

View Source
var (
	// ErrAlreadyUnlocked error when key manager is already created for a given user.
	ErrAlreadyUnlocked = errors.New("wallet already unlocked")

	// ErrWalletLocked when key manager operation is attempted without unlocking wallet.
	ErrWalletLocked = errors.New("wallet locked")
)

errors.

View Source
var ErrInvalidAuthToken = errors.New("invalid auth token")

ErrInvalidAuthToken when auth token provided to wallet is unable to unlock key manager.

View Source
var ErrProfileNotFound = errors.New("profile does not exist")

ErrProfileNotFound error for wallet profile not found scenario.

View Source
var (
	// ErrQueryNoResultFound error when no records found from query.
	ErrQueryNoResultFound = errors.New("no result found")
)

Query errors.

Functions

func CreateDataVaultKeyPairs

func CreateDataVaultKeyPairs(userID string, ctx provider, options ...UnlockOptions) error

CreateDataVaultKeyPairs can be used create EDV key pairs for given profile. Wallet will create key pairs in profile kms and updates profile with newly generate EDV encryption & MAC key IDs.

func CreateProfile

func CreateProfile(userID string, ctx provider, options ...ProfileOptions) error

CreateProfile creates a new verifiable credential wallet profile for given user. returns error if wallet profile is already created. Use `UpdateProfile()` for replacing an already created verifiable credential wallet profile.

func ProfileExists

func ProfileExists(userID string, ctx provider) error

ProfileExists checks if profile exists for given wallet user, returns error if not found.

func UpdateProfile

func UpdateProfile(userID string, ctx provider, options ...ProfileOptions) error

UpdateProfile updates existing verifiable credential wallet profile. Caution: - you might lose your existing keys if you change kms options. - you might lose your existing wallet contents if you change storage/EDV options (ex: switching context storage provider or changing EDV settings).

Types

type AddContentOptions

type AddContentOptions func(opts *addContentOpts)

AddContentOptions is option for adding contents to wallet.

func AddByCollection

func AddByCollection(collectionID string) AddContentOptions

AddByCollection option for grouping wallet contents by collection ID.

func ValidateContent

func ValidateContent() AddContentOptions

ValidateContent enables data model validations of adding content.

type ConcludeInteractionOptions

type ConcludeInteractionOptions func(opts *concludeInteractionOpts)

ConcludeInteractionOptions is option to conclude credential interaction between wallet and verifier/issuer by sending present proof or request credential message.

func FromPresentation

func FromPresentation(presentation *verifiable.Presentation) ConcludeInteractionOptions

FromPresentation for sending aries verifiable presentation as message attachment.

func FromRawPresentation

func FromRawPresentation(raw json.RawMessage) ConcludeInteractionOptions

FromRawPresentation for sending raw JSON as presentation as message attachment.

func WaitForDone

func WaitForDone(timeout time.Duration) ConcludeInteractionOptions

WaitForDone if provided then wallet will wait for credential interaction protocol status to be done or abandoned till given timeout. If used then wallet will wait for acknowledgement or problem report from other party and also will return web redirect info if found in incoming message. If timeout is zero then wallet will use its default timeout.

type ConnectOptions

type ConnectOptions func(opts *connectOpts)

ConnectOptions options for accepting incoming out-of-band invitation and connecting.

func WithConnectTimeout

func WithConnectTimeout(timeout time.Duration) ConnectOptions

WithConnectTimeout option providing connect timeout, to wait for connection status to be 'completed'.

func WithMyLabel

func WithMyLabel(label string) ConnectOptions

WithMyLabel option for providing label to be shared with the other agent during the subsequent did-exchange.

func WithReuseAnyConnection

func WithReuseAnyConnection(reuse bool) ConnectOptions

WithReuseAnyConnection option to use any recognized DID in the services array for a reusable connection.

func WithReuseDID

func WithReuseDID(did string) ConnectOptions

WithReuseDID option to provide DID to be used when reusing a connection.

func WithRouterConnections

func WithRouterConnections(conns ...string) ConnectOptions

WithRouterConnections option to provide for router connections to be used.

type ContentType

type ContentType string

ContentType is wallet content type.

const (
	// Collection content type which can be used to group wallet contents together.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#Collection
	Collection ContentType = "collection"

	// Credential content type for handling credential data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#Credential
	Credential ContentType = "credential"

	// DIDResolutionResponse content type for handling DID document data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#DIDResolutionResponse
	DIDResolutionResponse ContentType = "didResolutionResponse"

	// Metadata content type for handling wallet metadata data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#meta-data
	Metadata ContentType = "metadata"

	// Connection content type for handling wallet connection data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#connection
	Connection ContentType = "connection"

	// Key content type for handling key data models.
	// https://w3c-ccg.github.io/universal-wallet-interop-spec/#Key
	Key ContentType = "key"
)

func (ContentType) IsValid

func (ct ContentType) IsValid() error

IsValid checks if underlying content type is supported.

func (ContentType) Name

func (ct ContentType) Name() string

Name of the content type.

type CredentialInteractionStatus

type CredentialInteractionStatus struct {
	// One of the status present proof or issue credential interaction
	// Refer https://github.com/hyperledger/aries-rfcs/blob/main/features/0015-acks/README.md#ack-status.
	Status string `json:"status"`
	// Optional web redirect URL info sent by verifier.
	RedirectURL string `json:"url,omitempty"`
}

CredentialInteractionStatus holds the status of credential share/issuance interaction from wallet. Typically holds web redirect info of credential interaction conclusion or problem-report.

type CredentialToDerive

type CredentialToDerive func(opts *deriveOpts)

CredentialToDerive is credential option for deriving a credential from wallet.

func FromCredential

func FromCredential(cred *verifiable.Credential) CredentialToDerive

FromCredential option for deriving credential from a credential instance.

func FromRawCredential

func FromRawCredential(raw json.RawMessage) CredentialToDerive

FromRawCredential for deriving credential from raw credential bytes.

func FromStoredCredential

func FromStoredCredential(id string) CredentialToDerive

FromStoredCredential for deriving credential from stored credential.

type DeriveOptions

type DeriveOptions struct {
	// Frame is JSON-LD frame used for selective disclosure.
	Frame map[string]interface{} `json:"frame,omitempty"`
	// Nonce to prove uniqueness or freshness of the proof.
	Nonce string `json:"nonce,omitempty"`
}

DeriveOptions model containing options for deriving a credential.

type DidComm

type DidComm struct {
	// contains filtered or unexported fields
}

DidComm enables access to verifiable credential wallet features.

func NewDidComm

func NewDidComm(wallet *Wallet, ctx combinedDidCommWalletProvider) (*DidComm, error)

NewDidComm returns new verifiable credential wallet for given user. returns error if wallet profile is not found. To create a new wallet profile, use `CreateProfile()`. To update an existing profile, use `UpdateProfile()`.

func (*DidComm) Connect

func (c *DidComm) Connect(authToken string, invitation *outofband.Invitation, options ...ConnectOptions) (string, error)

Connect accepts out-of-band invitations and performs DID exchange.

Args:

  • authToken: authorization for performing create key pair operation.
  • invitation: out-of-band invitation.
  • options: connection options.

Returns:

  • connection ID if DID exchange is successful.
  • error if operation false.

func (*DidComm) PresentProof

func (c *DidComm) PresentProof(authToken, thID string, options ...ConcludeInteractionOptions) (*CredentialInteractionStatus, error)

PresentProof sends message present proof message from wallet to relying party. https://w3c-ccg.github.io/universal-wallet-interop-spec/#presentproof

Currently Supporting [0454-present-proof-v2](https://github.com/hyperledger/aries-rfcs/tree/master/features/0454-present-proof-v2)

Args:

  • authToken: authorization for performing operation.
  • thID: thread ID (action ID) of request presentation.
  • presentProofFrom: presentation to be sent.

Returns:

  • Credential interaction status containing status, redirectURL.
  • error if operation fails.

func (*DidComm) ProposeCredential

func (c *DidComm) ProposeCredential(authToken string, invitation *GenericInvitation, options ...InitiateInteractionOption) (*service.DIDCommMsgMap, error)

ProposeCredential sends propose credential message from wallet to issuer. https://w3c-ccg.github.io/universal-wallet-interop-spec/#proposecredential

Currently Supporting : 0453-issueCredentialV2 https://github.com/hyperledger/aries-rfcs/blob/main/features/0453-issue-credential-v2/README.md

Args:

  • authToken: authorization for performing operation.
  • invitation: out-of-band invitation from issuer.
  • options: options for accepting invitation and send propose credential message.

Returns:

  • DIDCommMsgMap containing offer credential message if operation is successful.
  • error if operation fails.

func (*DidComm) ProposePresentation

func (c *DidComm) ProposePresentation(authToken string, invitation *GenericInvitation, options ...InitiateInteractionOption) (*service.DIDCommMsgMap, error)

ProposePresentation accepts out-of-band invitation and sends message proposing presentation from wallet to relying party. https://w3c-ccg.github.io/universal-wallet-interop-spec/#proposepresentation

Currently Supporting [0454-present-proof-v2](https://github.com/hyperledger/aries-rfcs/tree/master/features/0454-present-proof-v2)

Args:

  • authToken: authorization for performing operation.
  • invitation: out-of-band invitation from relying party.
  • options: options for accepting invitation and send propose presentation message.

Returns:

  • DIDCommMsgMap containing request presentation message if operation is successful.
  • error if operation fails.

func (*DidComm) RequestCredential

func (c *DidComm) RequestCredential(authToken, thID string, options ...ConcludeInteractionOptions) (*CredentialInteractionStatus, error)

RequestCredential sends request credential message from wallet to issuer and optionally waits for credential response. https://w3c-ccg.github.io/universal-wallet-interop-spec/#requestcredential

Currently Supporting : 0453-issueCredentialV2 https://github.com/hyperledger/aries-rfcs/blob/main/features/0453-issue-credential-v2/README.md

Args:

  • authToken: authorization for performing operation.
  • thID: thread ID (action ID) of offer credential message previously received.
  • concludeInteractionOptions: options to conclude interaction like presentation to be shared etc.

Returns:

  • Credential interaction status containing status, redirectURL.
  • error if operation fails.

type ExampleDefinition

type ExampleDefinition struct {
	Context           []string                  `json:"@context"`
	Type              interface{}               `json:"type"`
	CredentialSubject map[string]string         `json:"credentialSubject"`
	CredentialSchema  map[string]string         `json:"credentialSchema"`
	TrustedIssuer     []TrustedIssuerDefinition `json:"trustedIssuer"`
	IssuerQuery       map[string]interface{}    `json:"issuerQuery"`
}

ExampleDefinition frame for QueryByExample. Refer - https://w3c-ccg.github.io/vp-request-spec/#example-2-a-query-by-example-query TODO currently `IssuerQuery` is ignored.

type GenericInvitation

type GenericInvitation struct {
	ID        string                        `json:"id"`
	Type      string                        `json:"type"`
	From      string                        `json:"from,omitempty"`
	Label     string                        `json:"label,omitempty"`
	Goal      string                        `json:"goal,omitempty"`
	GoalCode  string                        `json:"goal_code,omitempty"`
	Services  []interface{}                 `json:"services"`
	Accept    []string                      `json:"accept,omitempty"`
	Protocols []string                      `json:"handshake_protocols,omitempty"`
	Requests  []decorator.GenericAttachment `json:"attachments,omitempty"`
	// contains filtered or unexported fields
}

GenericInvitation holds either a DIDComm V1 or V2 invitation.

func (*GenericInvitation) AsV1

func (gi *GenericInvitation) AsV1() *oobsvc.Invitation

AsV1 returns this invitation as an OOB V1 invitation.

func (*GenericInvitation) AsV2

func (gi *GenericInvitation) AsV2() *oobv2.Invitation

AsV2 returns this invitation as an OOB V2 invitation.

func (*GenericInvitation) MarshalJSON

func (gi *GenericInvitation) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface.

func (*GenericInvitation) UnmarshalJSON

func (gi *GenericInvitation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler interface.

func (*GenericInvitation) Version

func (gi *GenericInvitation) Version() service.Version

Version returns the DIDComm version of this OOB invitation.

type GetAllContentsOptions

type GetAllContentsOptions func(opts *getAllContentsOpts)

GetAllContentsOptions is option for getting all contents from wallet.

func FilterByCollection

func FilterByCollection(collectionID string) GetAllContentsOptions

FilterByCollection option for getting all contents by collection from wallet.

type InitiateInteractionOption

type InitiateInteractionOption func(opts *initiateInteractionOpts)

InitiateInteractionOption options for initiating credential interaction by proposing presentation/credential from wallet.

func WithConnectOptions

func WithConnectOptions(options ...ConnectOptions) InitiateInteractionOption

WithConnectOptions for customizing options for accepting invitation.

func WithFromDID

func WithFromDID(from string) InitiateInteractionOption

WithFromDID option for providing customized from DID for sending propose message.

func WithInitiateTimeout

func WithInitiateTimeout(timeout time.Duration) InitiateInteractionOption

WithInitiateTimeout to provide timeout duration to wait for response for propose message.

type KeyPair

type KeyPair struct {
	// base64 encoded key ID of the key created.
	KeyID string `json:"keyID,omitempty"`
	// base64 encoded public key of the key pair created.
	PublicKey string `json:"publicKey,omitempty"`
}

KeyPair is response of creating key pair inside wallet.

type ProfileOptions

type ProfileOptions func(opts *profileOpts)

ProfileOptions is option for verifiable credential wallet key manager.

func WithEDVStorage

func WithEDVStorage(url, vaultID, encryptionKID, macKID string) ProfileOptions

WithEDVStorage option, for wallet profile to use EDV as storage. If provided then all wallet contents will use EDV for storage. Note: key manager options supplied for profile creation and management will be reused for EDV operations.

func WithKeyServerURL

func WithKeyServerURL(url string) ProfileOptions

WithKeyServerURL option, when provided then wallet will use remote kms for key operations. This option will be ignore if provided with 'WithSecretLockService' option.

func WithPassphrase

func WithPassphrase(passphrase string) ProfileOptions

WithPassphrase option to provide passphrase for local kms for key operations.

func WithSecretLockService

func WithSecretLockService(svc secretlock.Service) ProfileOptions

WithSecretLockService option, when provided then wallet will use local kms for key operations.

type ProofFormat

type ProofFormat string

ProofFormat determines whether a credential or presentation should be signed with an external JWT proof (wrapping the credential to form a JWT-VC) or with an embedded LD proof.

type ProofOptions

type ProofOptions struct {
	// Controller is a DID to be for signing. This option is required for issue/prove wallet features.
	Controller string `json:"controller,omitempty"`
	// VerificationMethod is the URI of the verificationMethod used for the proof.
	// Optional, by default Controller public key matching 'assertion' for issue or 'authentication' for prove functions.
	VerificationMethod string `json:"verificationMethod,omitempty"`
	// Created date of the proof.
	// Optional, current system time will be used.
	Created *time.Time `json:"created,omitempty"`
	// ProofFormat determines whether a credential or presentation should be signed with an external JWT proof
	// (wrapping the credential to form a JWT-VC) or with an embedded LD proof.
	//
	// Optional: If empty, defaults to EmbeddedLDProofFormat.
	ProofFormat ProofFormat `json:"proofFormat,omitempty"`
	// Domain is operational domain of a digital proof.
	// Optional, by default domain will not be part of proof.
	Domain string `json:"domain,omitempty"`
	// Challenge is a random or pseudo-random value option authentication.
	// Optional, by default challenge will not be part of proof.
	Challenge string `json:"challenge,omitempty"`
	// ProofType is signature type used for signing.
	// Optional, by default proof will be generated in Ed25519Signature2018 format.
	ProofType string `json:"proofType,omitempty"`
	// ProofRepresentation is type of proof data expected, (Refer verifiable.SignatureProofValue)
	// Optional, by default proof will be represented as 'verifiable.SignatureProofValue'.
	ProofRepresentation *verifiable.SignatureRepresentation `json:"proofRepresentation,omitempty"`
}

ProofOptions model

Options for adding JWT or linked data proofs to a verifiable credential or a verifiable presentation. To be used as options for issue/prove wallet features.

type ProveOptions

type ProveOptions func(opts *proveOpts)

ProveOptions options for proving credential to present from wallet.

func WithCredentialsToProve

func WithCredentialsToProve(credentials ...*verifiable.Credential) ProveOptions

WithCredentialsToProve option for providing verifiable credential instances for wallet to present.

func WithPresentationToProve

func WithPresentationToProve(presentation *verifiable.Presentation) ProveOptions

WithPresentationToProve option for providing presentation for wallet to present. If passed along with other credentials options, response verifiable presentation will be normalized to include all the credentials.

func WithRawCredentialsToProve

func WithRawCredentialsToProve(raw ...json.RawMessage) ProveOptions

WithRawCredentialsToProve option for providing raw credential for wallet to present.

func WithRawPresentationToProve

func WithRawPresentationToProve(presentation json.RawMessage) ProveOptions

WithRawPresentationToProve option for providing raw presentation for wallet to present. Ignored if passed along with WithPresentationToProve option. If passed along with other credentials options, response verifiable presentation will be normalized to include all the credentials.

func WithStoredCredentialsToProve

func WithStoredCredentialsToProve(ids ...string) ProveOptions

WithStoredCredentialsToProve option for providing stored credential IDs for wallet to present.

type Query

type Query struct {
	// contains filtered or unexported fields
}

Query performs wallet credential queries, currently supporting all the QueryTypes defined in QueryType.

func NewQuery

func NewQuery(pkFetcher verifiable.PublicKeyFetcher, loader ld.DocumentLoader, queries ...*QueryParams) *Query

NewQuery returns new wallet query instance.

func (*Query) PerformQuery

func (q *Query) PerformQuery(credentials map[string]json.RawMessage) ([]*verifiable.Presentation, error)

PerformQuery performs credential query on given credentials. nolint:gocyclo

type QueryByExampleDefinition

type QueryByExampleDefinition struct {
	Example *ExampleDefinition `json:"example"`
}

QueryByExampleDefinition is model for QueryByExample query type. https://w3c-ccg.github.io/vp-request-spec/#query-by-example

type QueryByFrameDefinition

type QueryByFrameDefinition struct {
	Frame         map[string]interface{}    `json:"frame"`
	TrustedIssuer []TrustedIssuerDefinition `json:"trustedIssuer"`
}

QueryByFrameDefinition is model for QueryByExample query type. https://w3c-ccg.github.io/vp-request-spec/ TODO QueryByExampleDefinition model is not yet finalized - https://github.com/w3c-ccg/vp-request-spec/issues/8

type QueryParams

type QueryParams struct {
	// Type of the query.
	// Allowed values  'QueryByExample', 'QueryByFrame', 'PresentationExchange', 'DIDAuth'
	Type string `json:"type"`

	// Query can contain one or more credential queries.
	Query []json.RawMessage `json:"credentialQuery"`
}

QueryParams contains credential queries for querying credential from wallet. Refer https://w3c-ccg.github.io/vp-request-spec/#format for more details.

type QueryType

type QueryType int

QueryType is type of query supported by wallet implementation More details can be found here : https://w3c-ccg.github.io/universal-wallet-interop-spec/#query

func GetQueryType

func GetQueryType(name string) (QueryType, error)

GetQueryType returns QueryType instance for given string query type.

func (QueryType) Name

func (q QueryType) Name() string

Name returns name of the query.

type ResolveManifestOption

type ResolveManifestOption func(opts *resolveManifestOpts)

ResolveManifestOption is option to resolve credential manifests.

func ResolveCredential

func ResolveCredential(descriptorID string, credential *verifiable.Credential) ResolveManifestOption

ResolveCredential options for resolving credential by given descriptor ID.

func ResolveCredentialID

func ResolveCredentialID(descriptorID, credentialID string) ResolveManifestOption

ResolveCredentialID options for resolving credential from wallet content store by given descriptor ID.

func ResolveRawCredential

func ResolveRawCredential(descriptorID string, rawCredential json.RawMessage) ResolveManifestOption

ResolveRawCredential options for resolving raw bytes of credential by given descriptor ID.

func ResolveRawResponse

func ResolveRawResponse(response json.RawMessage) ResolveManifestOption

ResolveRawResponse options for resolving raw bytes of credential response presentation.

func ResolveResponse

func ResolveResponse(response *verifiable.Presentation) ResolveManifestOption

ResolveResponse options for resolving credential response presentation.

type Session

type Session struct {
	KeyManager kms.KeyManager
	// contains filtered or unexported fields
}

Session represent a session object created when user unlock wallet.

type TrustedIssuerDefinition

type TrustedIssuerDefinition struct {
	Issuer   string `json:"issuer"`
	Required bool   `json:"required"`
}

TrustedIssuerDefinition is model for trusted issuer component in QueryByFrame & QueryByExample.

type UnlockOptions

type UnlockOptions func(opts *unlockOpts)

UnlockOptions is option for unlocking verifiable credential wallet key manager. Wallet unlocking instantiates KMS instance for wallet operations. Type of key manager (local or remote) to be used will be decided based on options passed. Note: unlock options should match key manager options set for given wallet profile.

func WithUnlockByAuthorizationToken

func WithUnlockByAuthorizationToken(url string) UnlockOptions

WithUnlockByAuthorizationToken option for supplying remote kms auth token to open wallet. This option will be ignore when supplied with localkms options.

func WithUnlockByPassphrase

func WithUnlockByPassphrase(passphrase string) UnlockOptions

WithUnlockByPassphrase option for supplying passphrase to open wallet. This option takes precedence when provided along with other options.

func WithUnlockBySecretLockService

func WithUnlockBySecretLockService(svc secretlock.Service) UnlockOptions

WithUnlockBySecretLockService option for supplying secret lock service to open wallet. This option will be ignored when supplied with 'WithPassphrase' option.

func WithUnlockEDVOptions

func WithUnlockEDVOptions(edvOpts ...edv.RESTProviderOption) UnlockOptions

WithUnlockEDVOptions can be used to provide custom aries edv options for unlocking wallet. Provided options will be considered only if given wallet profile is using EDV configurations.

func WithUnlockExpiry

func WithUnlockExpiry(tokenExpiry time.Duration) UnlockOptions

WithUnlockExpiry time duration after which wallet key manager will be expired. Wallet should be reopened by using 'client.Open()' once expired or a new instance needs to be created.

func WithUnlockWebKMSOptions

func WithUnlockWebKMSOptions(webkmsOpts ...webkms.Opt) UnlockOptions

WithUnlockWebKMSOptions can be used to provide custom aries web kms options for unlocking wallet. This option can be used to set web kms client http header function instead of using WithUnlockByAuthorizationToken.

type VerificationOption

type VerificationOption func(opts *verifyOpts)

VerificationOption options for verifying credential from wallet.

func WithRawCredentialToVerify

func WithRawCredentialToVerify(raw json.RawMessage) VerificationOption

WithRawCredentialToVerify option for providing raw credential to be verified from wallet.

func WithRawPresentationToVerify

func WithRawPresentationToVerify(raw json.RawMessage) VerificationOption

WithRawPresentationToVerify option for providing raw presentation to be verified from wallet.

func WithStoredCredentialToVerify

func WithStoredCredentialToVerify(id string) VerificationOption

WithStoredCredentialToVerify option for providing ID of the stored credential to be verified from wallet.

type Wallet

type Wallet struct {
	// contains filtered or unexported fields
}

Wallet enables access to verifiable credential wallet features.

func New

func New(userID string, ctx provider) (*Wallet, error)

New returns new verifiable credential wallet for given user. returns error if wallet profile is not found. To create a new wallet profile, use `CreateProfile()`. To update an existing profile, use `UpdateProfile()`.

func (*Wallet) Close

func (c *Wallet) Close() bool

Close expires token issued to this VC wallet, removes the key manager instance and closes wallet content store. returns false if token is not found or already expired for this wallet user.

func (*Wallet) CreateKeyPair

func (c *Wallet) CreateKeyPair(authToken string, keyType kms.KeyType) (*KeyPair, error)

CreateKeyPair creates key pair inside a wallet.

Args:
	- authToken: authorization for performing create key pair operation.
	- keyType: type of the key to be created.

func (*Wallet) Derive

func (c *Wallet) Derive(authToken string, credential CredentialToDerive, options *DeriveOptions) (*verifiable.Credential, error)

Derive derives a credential and returns response credential.

Args:
	- credential to derive (ID of the stored credential, raw credential or credential instance).
	- derive options.

func (*Wallet) Export

func (c *Wallet) Export(auth string) (json.RawMessage, error)

Export produces a serialized exported wallet representation. Only ciphertext wallet contents can be exported.

Args:
	- auth: token to be used to lock the wallet before exporting.

Returns exported locked wallet.

Supported data models:

func (*Wallet) Issue

func (c *Wallet) Issue(authToken string, credential json.RawMessage,
	options *ProofOptions) (*verifiable.Credential, error)

Issue adds proof to a Verifiable Credential.

Args:
	- auth token for unlocking kms.
	- A verifiable credential with or without proof.
	- Proof options.

func (*Wallet) Open

func (c *Wallet) Open(options ...UnlockOptions) (string, error)

Open unlocks wallet's key manager instance & open wallet content store and returns a token for subsequent use of wallet features.

Args:
	- unlock options for opening wallet.

Returns token with expiry that can be used for subsequent use of wallet features.

func (*Wallet) Prove

func (c *Wallet) Prove(authToken string, proofOptions *ProofOptions, credentials ...ProveOptions) (*verifiable.Presentation, error)

Prove produces a Verifiable Presentation.

Args:
	- auth token for unlocking kms.
	- list of interfaces (string of credential IDs which can be resolvable to stored credentials in wallet or
	raw credential or a presentation).
	- proof options

func (*Wallet) Query

func (c *Wallet) Query(authToken string, params ...*QueryParams) ([]*verifiable.Presentation, error)

Query runs query against wallet credential contents and returns presentation containing credential results.

This function may return multiple presentations as query result based on combination of query types used.

https://w3c-ccg.github.io/universal-wallet-interop-spec/#query

Supported Query Types:

func (*Wallet) ResolveCredentialManifest

func (c *Wallet) ResolveCredentialManifest(authToken string, manifest json.RawMessage, resolve ResolveManifestOption) ([]*cm.ResolvedDescriptor, error)

ResolveCredentialManifest resolves given credential manifest by credential response or credential. Supports: https://identity.foundation/credential-manifest/

Args:

  • authToken: authorization for performing operation.
  • manifest: Credential manifest data model in raw format.
  • resolve: options to provide credential response or credential to resolve.

Returns:

  • list of resolved descriptors.
  • error if operation fails.

func (*Wallet) SignJWT

func (c *Wallet) SignJWT(authToken string, headers, claims map[string]interface{}, kid string) (string, error)

SignJWT creates a JWT signed by the wallet's KMS using a key from an owned DID.

Args:
	- auth token for unlocking kms.
	- Headers to include in the created JWT.
	- Claims for the created JWT.
	- the ID of the key to use for signing, as a DID, either with a fragment identifier to specify a verification
	  method, or without, in which case the first Authentication or Assertion verification method is used.

func (*Wallet) Verify

func (c *Wallet) Verify(authToken string, options VerificationOption) (bool, error)

Verify takes Takes a Verifiable Credential or Verifiable Presentation as input,.

Args:
	- verification option for sending different models (stored credential ID, raw credential, raw presentation).

Returns: a boolean verified, and an error if verified is false.

func (*Wallet) VerifyJWT

func (c *Wallet) VerifyJWT(compactJWT string) error

VerifyJWT verifies a JWT signed by a DID;

Args:

  • JWT to verify.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL