Documentation
¶
Index ¶
- Constants
- Variables
- type BaseVerifiablePresentation
- type Contract
- type Language
- type Proof
- type SessionPointer
- type Signer
- type SigningMeans
- type SigningSessionResult
- type State
- type Template
- type TemplateStore
- type Type
- type VPType
- type VPVerificationResult
- type VPVerifier
- type VerifiablePresentation
- type VerifiablePresentationBase
- type VerifierType
- type Version
Constants ¶
const ActingPartyAttr = "acting_party"
deprecated
const AmsterdamTimeZone = "Europe/Amsterdam"
const LegalEntityAttr = "legal_entity"
const ValidFromAttr = "valid_from"
const ValidToAttr = "valid_to"
const VerifiableCredentialContext = "https://www.w3.org/2018/credentials/v1"
VerifiableCredentialContext is the v1 base context for VPs todo: move or use lib
const VerifiablePresentationType = VPType("VerifiablePresentation")
VerifiablePresentationType is used as one of the types for a VerifiablePresentation todo move
Variables ¶
var ErrContractNotFound = errors.New("contract not found")
ErrContractNotFound is used when a certain combination of type, language and version cannot resolve to a contract
var ErrInvalidContractFormat = errors.New("unknown contract type")
ErrInvalidContractFormat indicates tha a contract format is unknown.
var ErrInvalidContractText = errors.New("invalid contract text")
ErrInvalidContractText is used when contract texts cannot be parsed or contain invalid values
var ErrInvalidPeriod = fmt.Errorf("%w: invalid period", ErrInvalidContractText)
var ErrUnknownContractFormat = errors.New("unknown contract format")
ErrUnknownContractFormat is returned when the contract format is unknown
var ErrUnknownSessionID = errors.New("unknown sessionId")
ErrUnknownSessionID is returned when the session id is not known
var NowFunc = time.Now
NowFunc is used to store a function that returns the current time. This can be changed when you want to mock the current time.
var StandardContractTemplates = TemplateStore{ "NL": {"BehandelaarLogin": { "v1": &Template{ Type: "BehandelaarLogin", Version: "v1", Language: "NL", SignerAttributes: []string{".nuts.agb.agbcode"}, Template: `NL:BehandelaarLogin:v1 Ondergetekende geeft toestemming aan {{` + ActingPartyAttr + `}} om namens {{` + LegalEntityAttr + `}} en ondergetekende het Nuts netwerk te bevragen. Deze toestemming is geldig van {{` + ValidFromAttr + `}} tot {{` + ValidToAttr + `}}.`, TemplateAttributes: []string{ActingPartyAttr, LegalEntityAttr, ValidFromAttr, ValidToAttr}, Regexp: `NL:BehandelaarLogin:v1 Ondergetekende geeft toestemming aan (.+) om namens (.+) en ondergetekende het Nuts netwerk te bevragen. Deze toestemming is geldig van (.+) tot (.+).`, }, "v2": &Template{ Type: "BehandelaarLogin", Version: "v2", Language: "NL", SignerAttributes: StandardSignerAttributes, Template: `NL:BehandelaarLogin:v2 Ondergetekende geeft toestemming aan {{` + ActingPartyAttr + `}} om namens {{` + LegalEntityAttr + `}} en ondergetekende het Nuts netwerk te bevragen. Deze toestemming is geldig van {{` + ValidFromAttr + `}} tot {{` + ValidToAttr + `}}.`, TemplateAttributes: []string{ActingPartyAttr, LegalEntityAttr, ValidFromAttr, ValidToAttr}, Regexp: `NL:BehandelaarLogin:v2 Ondergetekende geeft toestemming aan (.+) om namens (.+) en ondergetekende het Nuts netwerk te bevragen. Deze toestemming is geldig van (.+) tot (.+).`, }, "v3": &Template{ Type: "BehandelaarLogin", Version: "v3", Language: "NL", SignerAttributes: StandardSignerAttributes, Template: `NL:BehandelaarLogin:v3 Hierbij verklaar ik te handelen in naam van {{` + LegalEntityAttr + `}}. Deze verklaring is geldig van {{` + ValidFromAttr + `}} tot {{` + ValidToAttr + `}}.`, TemplateAttributes: []string{LegalEntityAttr, ValidFromAttr, ValidToAttr}, Regexp: `NL:BehandelaarLogin:v3 Hierbij verklaar ik te handelen in naam van (.+). Deze verklaring is geldig van (.+) tot (.+).`, }, }}, "EN": {"PractitionerLogin": { "v1": &Template{ Type: "PractitionerLogin", Version: "v1", Language: "EN", SignerAttributes: []string{"nuts.agb.agbcode"}, Template: `EN:PractitionerLogin:v1 Undersigned gives permission to {{` + ActingPartyAttr + `}} to make request to the Nuts network on behalf of {{` + LegalEntityAttr + `}} and itself. This permission is valid from {{` + ValidFromAttr + `}} until {{` + ValidToAttr + `}}.`, TemplateAttributes: []string{ActingPartyAttr, LegalEntityAttr, ValidFromAttr, ValidToAttr}, Regexp: `EN:PractitionerLogin:v1 Undersigned gives permission to (.+) to make request to the Nuts network on behalf of (.+) and itself. This permission is valid from (.+) until (.+).`, }, "v2": &Template{ Type: "PractitionerLogin", Version: "v2", Language: "EN", SignerAttributes: StandardSignerAttributes, Template: `EN:PractitionerLogin:v2 Undersigned gives permission to {{` + ActingPartyAttr + `}} to make request to the Nuts network on behalf of {{` + LegalEntityAttr + `}} and itself. This permission is valid from {{` + ValidFromAttr + `}} until {{` + ValidToAttr + `}}.`, TemplateAttributes: []string{ActingPartyAttr, LegalEntityAttr, ValidFromAttr, ValidToAttr}, Regexp: `EN:PractitionerLogin:v2 Undersigned gives permission to (.+) to make request to the Nuts network on behalf of (.+) and itself. This permission is valid from (.+) until (.+).`, }, "v3": &Template{ Type: "PractitionerLogin", Version: "v3", Language: "EN", SignerAttributes: StandardSignerAttributes, Template: `EN:PractitionerLogin:v3 I hereby declare to act on behalf of {{` + LegalEntityAttr + `}}. This declaration is valid from {{` + ValidFromAttr + `}} until {{` + ValidToAttr + `}}.`, TemplateAttributes: []string{LegalEntityAttr, ValidFromAttr, ValidToAttr}, Regexp: `EN:PractitionerLogin:v3 I hereby declare to act on behalf of (.+). This declaration is valid from (.+) until (.+).`, }, }}, }
StandardContractTemplates contains a the official contract templates as specified in the Nuts specification EN:PractitionerLogin:v1 Template
var StandardSignerAttributes = []string{
".gemeente.personalData.firstnames",
"pbdf.sidn-pbdf.email.email",
}
StandardSignerAttributes defines the standard list of attributes used for a contract. If SignerAttribute name starts with a dot '.', it uses the configured scheme manager
Functions ¶
This section is empty.
Types ¶
type BaseVerifiablePresentation ¶
type BaseVerifiablePresentation struct {
Context []string `json:"@context"`
Proof map[string]interface{} `json:"proof"`
Type []VPType `json:"type"`
}
BaseVerifiablePresentation represents a W3C Verifiable Presentation with only its Type attribute
type Contract ¶
Contract contains the contract template, the raw contract text and the extracted params.
func ParseContractString ¶
func ParseContractString(rawContractText string, contractTemplates TemplateStore) (*Contract, error)
ParseContractString parses a raw string, finds the contract from the store and extracts the params Note: It does not verify the params
func (Contract) VerifyForGivenTime ¶
VerifyForGivenTime checks if the contract is valid for the given moment in time TODO: support of different time zones: https://github.com/nuts-foundation/nuts-auth/issues/152
type Proof ¶
type Proof struct {
Type string `json:"type"`
}
Proof represents the Proof part of a Verifiable Presentation specific verifiers may extend upon this Proof
type SessionPointer ¶
SessionPointer contains session information for the means how to sign the payload
type Signer ¶
type Signer interface {
// SigningSessionStatus returns the current status of the signing session or services.ErrSessionNotFound if not found
// todo: name should have been SessionStatus, but its currently in use by the old interface
SigningSessionStatus(sessionID string) (SigningSessionResult, error)
// StartSession starts a session for the implementing signer
// todo: name should have been StartSession, but its currently in use by the old interface
StartSigningSession(rawContractText string) (SessionPointer, error)
}
Signer is responsible for signing contract signing requests. Signing is done by making use of asynchronous SigningSessions.
type SigningMeans ¶
type SigningMeans string
SigningMeans holds the unique nuts name of the singing means.
type SigningSessionResult ¶
type SigningSessionResult interface {
// Status returns the current state of the SigningSession
Status() string
// VerifiablePresentation returns a VerifiablePresentation holding the presentation proof and disclosed attributes or an error if
// no proof is present yet
VerifiablePresentation() (VerifiablePresentation, error)
}
SigningSessionResult holds information in the current status of the SigningSession
type State ¶
type State string
State contains the result of the verification. It van be VALID or INVALID. This makes it human readable.
type Template ¶
type Template struct {
Type Type `json:"type"`
Version Version `json:"version"`
Language Language `json:"language"`
SignerAttributes []string `json:"signer_attributes"`
SignerDemoAttributes []string `json:"-"`
Template string `json:"Template"`
TemplateAttributes []string `json:"template_attributes"`
Regexp string `json:"-"`
}
Template stores al properties of a contract template which can result in a signed contract
func (Template) Render ¶
func (c Template) Render(vars map[string]string, validFrom time.Time, validDuration time.Duration) (*Contract, error)
Render a template using the given templates variables. The combination of validFrom and the duration configure the validFrom and validTo template attributes. The ValidFrom or ValidTo provided in the vars map will be overwritten. Note: For date calculation the Amsterdam timezone and Dutch locale is used.
type TemplateStore ¶
TemplateStore contains a list of Contract templates sorted by language, type and version
func (TemplateStore) FindFromRawContractText ¶
func (m TemplateStore) FindFromRawContractText(rawContractText string) (*Template, error)
type Type ¶
type Type string
Type contains type of the contract to sign. Example: "BehandelaarLogin"
type VPType ¶
type VPType string
VPType holds the type of the Verifiable Presentation. Based on the format an appropriate validator can be selected.
type VPVerificationResult ¶
type VPVerificationResult struct {
// Validity indicates if the Presentation is valid
// It can contains the "VALID" or "INVALID" status.
// Validators must only set the Validity to "VALID" if the whole VP, including the embedded
// contract are valid at the given moment in time.
Validity State
// VPType contains the the VP type like "NutsUziPresentation".
VPType VPType
// ContractID contains the identifier string of the signed contract message like: "EN:PractitionerLogin:v3"
ContractID string
// DisclosedAttributes contain the attributes used to sign this contract
DisclosedAttributes map[string]string
// ContractAttributes contain the attributes used to fill the contract
ContractAttributes map[string]string
}
VPVerificationResult contains the result of a contract validation
type VPVerifier ¶
type VPVerifier interface {
// VerifyVP validates a verifiable presentation.
// When the verifier could not handle the verifiable presentation, an error should be thrown.
VerifyVP(rawVerifiablePresentation []byte, checkTime *time.Time) (*VPVerificationResult, error)
}
VPVerifier defines the interface needed to verify a VerifiablePresentation
type VerifiablePresentation ¶
type VerifiablePresentation interface {
}
VerifiablePresentation represents a W3C Verifiable Presentation
type VerifiablePresentationBase ¶
VerifiablePresentationBase holds the basic fields for a VerifiableCredential todo: move or use lib
Source Files