services

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 18, 2021 License: GPL-3.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// IrmaFormat is used to indicate a contract is in he form of a base64 encoded IRMA signature
	IrmaFormat ContractFormat = "irma"
	// JwtFormat is used to indicate a contract in in the form of a Jwt encoded signature
	JwtFormat ContractFormat = "JWT"
	// Valid is used to indicate a contract was valid on the time of testing
	Valid ValidationState = "VALID"
	// Invalid is used to indicate a contract was invalid on the time of testing
	Invalid ValidationState = "INVALID"
)
View Source 
const OAuthEndpointType = "oauth"

OAuthEndpointType defines the type identifier for oauth endpoints (RFCtodo)

Variables

View Source 
var ErrSessionNotFound = errors.New("session not found")

ErrSessionNotFound is returned when there is no contract signing session found for a certain SessionID

View Source 
var ValidJWTAlg = []string{
	jwt.SigningMethodPS256.Name,
	jwt.SigningMethodPS384.Name,
	jwt.SigningMethodPS512.Name,
	jwt.SigningMethodES256.Name,
	jwt.SigningMethodES384.Name,
	jwt.SigningMethodES512.Name,
}

ValidJWTAlg defines JWT signing algorithms allowed

Functions

This section is empty.

Types

type AccessTokenResult 

type AccessTokenResult struct {
	AccessToken string
}

AccessTokenResult defines the return value back to the api for the CreateAccessToken method

type AuthenticationTokenContainerEncoder 

type AuthenticationTokenContainerEncoder interface {
	// Decode accepts a raw token container encoded as a string and decodes it into a NutsAuthenticationTokenContainer
	Decode(rawTokenContainer string) (*NutsAuthenticationTokenContainer, error)

	// Encode accepts a NutsAuthenticationTokenContainer and encodes in into a string
	Encode(authTokenContainer NutsAuthenticationTokenContainer) (string, error)
}

AuthenticationTokenContainerEncoder defines the interface for Authentication Token Containers services

type ContractClient 

type ContractClient interface {
	contract.VPVerifier

	// CreateSigningSession creates a signing session for the requested contract and means
	CreateSigningSession(sessionRequest CreateSessionRequest) (contract.SessionPointer, error)

	// SigningSessionStatus returns the status of the current signing session or ErrSessionNotFound is sessionID is unknown
	SigningSessionStatus(sessionID string) (contract.SigningSessionResult, error)

	Configure() error

	// deprecated
	ContractSessionStatus(sessionID string) (*SessionStatusResult, error)
	// deprecated
	ValidateContract(request ValidationRequest) (*ContractValidationResult, error)
	// HandlerFunc returns the Irma server handler func
	// deprecated
	HandlerFunc() http.HandlerFunc
}

ContractClient defines functions for creating and validating verifiable credentials

type ContractFormat 

type ContractFormat string

ContractFormat describes the format of a signed contract. Based on the format an appropriate validator can be selected.

type ContractNotary 

type ContractNotary interface {
	// DrawUpContract draws up a contract from a template and returns a Contract which than can be signed by the user.
	DrawUpContract(template contract.Template, orgID core.PartyID, validFrom time.Time, validDuration time.Duration) (*contract.Contract, error)
	// ValidateContract checks if the contract is syntactically correct and valid at the given moment in time. It does not check the signature.
	ValidateContract(contractToValidate contract.Contract, orgID core.PartyID, checkTime time.Time) (bool, error)
}

ContractNotary defines the interface to draw up a contract.

type ContractSessionHandler 

type ContractSessionHandler interface {
	SessionStatus(session SessionID) (*SessionStatusResult, error)
	StartSession(request interface{}, handler server.SessionHandler) (*irma.Qr, string, error)
}

ContractSessionHandler interface must be implemented by ContractSessionHandlers deprecated

type ContractValidationResult 

type ContractValidationResult struct {
	ValidationResult ValidationState `json:"validation_result"`
	ContractFormat   ContractFormat  `json:"contract_format"`
	// DisclosedAttributes contain the attributes used to sign this contract
	DisclosedAttributes map[string]string `json:"disclosed_attributes"`
	// ContractAttributes contain the attributes used to fill the contract
	ContractAttributes map[string]string `json:"contract_attributes"`
}

ContractValidationResult contains the result of a contract validation deprecated, moved to pkg/contract

type ContractValidator 

type ContractValidator interface {
	// ValidateContract validates a signed login contract, actingPartyCN is deprecated and thus optional
	ValidateContract(contract string, format ContractFormat, actingPartyCN *string, checkTime *time.Time) (*ContractValidationResult, error)
	// ValidateJwt validates a JWT that contains a signed login contract, actingPartyCN is deprecated and thus optional
	ValidateJwt(contract string, actingPartyCN *string, checkTime *time.Time) (*ContractValidationResult, error)
	IsInitialized() bool
}

ContractValidator interface must be implemented by contract validators deprecated

type CreateAccessTokenRequest 

type CreateAccessTokenRequest struct {
	RawJwtBearerToken string
	ClientCert        string
	// deprecated
	VendorIdentifier *string
}

CreateAccessTokenRequest contains all information to create an access token from a JwtBearerToken

type CreateJwtBearerTokenRequest 

type CreateJwtBearerTokenRequest struct {
	Actor         string
	Custodian     string
	IdentityToken *string
	Subject       *string
}

CreateJwtBearerTokenRequest contains all information to create a JwtBearerToken

type CreateSessionRequest 

type CreateSessionRequest struct {
	SigningMeans contract.SigningMeans
	// Message to sign
	Message string
}

CreateSessionRequest is used to create a contract signing session.

type CreateSessionResult 

type CreateSessionResult struct {
	QrCodeInfo irma.Qr
	SessionID  string
}

CreateSessionResult contains the results needed to setup an irma flow

type JwtBearerTokenResult 

type JwtBearerTokenResult struct {
	BearerToken string
}

JwtBearerTokenResult defines the return value back to the api for the createJwtBearerToken method

type NutsAccessToken 

type NutsAccessToken struct {
	jwt.StandardClaims
	SubjectID  *string `json:"sid"`
	Scope      string  `json:"scope"`
	Name       string  `json:"name"`
	GivenName  string  `json:"given_name"`
	Prefix     string  `json:"prefix"`
	FamilyName string  `json:"family_name"`
	Email      string  `json:"email"`
}

NutsAccessToken is a OAuth 2.0 access token which provides context to a request. Its contents are derived from a Jwt Bearer token. The Jwt Bearer token is verified by the authorization server and stripped from the proof to make it compact.

type NutsAuthenticationTokenContainer 

type NutsAuthenticationTokenContainer struct {
	// Type indicates the type of the base64 encoded Token
	Type TokenContainerType `json:"type"`
	// Token contains a base64 signed token.
	Token string `json:"token"`
}

NutsAuthenticationTokenContainer holds the base64 encoded token and a type which uniquely identifies the means used to sign the contract See the Nuts RFC002 section 6 :Authentication Token Container deprecated, replace with VerifiablePresentation

type NutsIdentityToken 

type NutsIdentityToken struct {
	jwt.StandardClaims
	//Identifier of the legalEntity who issued and signed the token
	//Issuer string
	// What kind of signature? Currently only IRMA is supported
	Type ContractFormat `json:"type"`
	// The base64 encoded signature
	Signature string `json:"sig"`
}

NutsIdentityToken contains the signed identity of the user performing the request Deprecated

type NutsJwtBearerToken 

type NutsJwtBearerToken struct {
	jwt.StandardClaims
	// Base64 encoded VerifiablePresentation
	UserIdentity       *string           `json:"usi"`
	SubjectID          *string           `json:"sid"`
	Scope              string            `json:"scope"`
	SigningCertificate *x509.Certificate `json:-`
}

NutsJwtBearerToken contains the deserialized Jwt Bearer Token as defined in rfc7523. It contains a NutsIdentity token which can be verified by the authorization server.

func (NutsJwtBearerToken) AsMap 

func (token NutsJwtBearerToken) AsMap() (map[string]interface{}, error)

AsMap returns the claims from a NutsJwtBearerToken as a map with the json names as keys

type OAuthClient 

type OAuthClient interface {
	CreateAccessToken(request CreateAccessTokenRequest) (*AccessTokenResult, error)
	CreateJwtBearerToken(request CreateJwtBearerTokenRequest) (*JwtBearerTokenResult, error)
	IntrospectAccessToken(token string) (*NutsAccessToken, error)
	Configure() error
}

OAuthClient is the client interface for the OAuth service

type SessionID 

type SessionID string

SessionID contains a number to uniquely identify a contract signing session

type SessionStatusResult 

type SessionStatusResult struct {
	server.SessionResult
	// NutsAuthToken contains the JWT if the sessionStatus is DONE
	NutsAuthToken string `json:"nuts_auth_token"`
}

SessionStatusResult contains the current state of a session. If the session is DONE it also contains a JWT in the NutsAuthToken deprecated

type SignedToken 

type SignedToken interface {
	// SignerAttributes extracts a map of attribute names and their values from the signature
	SignerAttributes() (map[string]string, error)
	// Contract extracts the Contract from the SignedToken
	Contract() contract.Contract
}

SignedToken defines the uniform interface to crypto specific implementations such as Irma or x509 tokens.

type TokenContainerType 

type TokenContainerType string

TokenContainerType is used in the NutsAuthenticationTokenContainer to tell the type of the

type VPProofValueParser 

type VPProofValueParser interface {
	// Parse accepts a raw ProofValue from the VP as a string. The parser tries to parse the value into a SignedToken.
	Parse(rawAuthToken string) (SignedToken, error)

	// Verify accepts a SignedToken and verifies the signature using the crypto for the specific implementation of this interface.
	Verify(token SignedToken) error
}

VPProofValueParser provides a uniform interface for Authentication services like IRMA or x509 signed tokens

type ValidationRequest 

type ValidationRequest struct {
	// ContractFormat specifies the type of format used for the contract, e.g. 'irma'
	ContractFormat ContractFormat

	// The actual contract in string format to validate
	ContractString string

	// ActingPartyCN is the common name of the Acting party extracted from the client cert
	ActingPartyCN string
}

ValidationRequest is used to pass all information to ValidateContract deprecated, moved to pkg/contract

type ValidationState 

type ValidationState string

ValidationState contains the outcome of the validation. It van be VALID or INVALID. This makes it human readable.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.