Documentation ¶
Index ¶
- Constants
- Variables
- func AnonDecrypt(cypherText, privateKey []byte) ([]byte, error)
- func AnonEncrypt(msg, publicKey []byte) []byte
- func BuildAuthorisingCommitmentInput(privKey *hdkeychain.ExtendedKey, opAddress string) []byte
- func BuildDIDPrefix(method string) string
- func BuildDigitalAssetID(data []byte, fingerprintAlgorithm, didMethod string) (string, error)
- func BuildDigitalAssetIDFromFile(filename, fingerprintAlgorithm, didMethod string) (string, string, error)
- func BuildDigitalAssetIDFromReader(r io.Reader, fingerprintAlgorithm, didMethod string) (string, error)
- func BuildDigitalAssetIDWithFingerprint(fp []byte, didMethod string) string
- func BuildRequestingCommitmentInput(leaseID string, expiresAt *time.Time) []byte
- func BuildRoutingKey(key *btcec.PublicKey) (string, error)
- func BuildSharedSecret(key *hdkeychain.ExtendedKey) string
- func CompactDocument(input []byte, ctxURL string) ([]byte, error)
- func DecryptAESCGM(ciphertext []byte, key *AESKey) (plaintext []byte, err error)
- func DecryptCredentials(recipient *DID, credentials, subject string) (string, string, error)
- func DefaultDocumentLoader() ld.DocumentLoader
- func DeriveStorageAccessKey(leaseID string) (ed25519.PublicKey, ed25519.PrivateKey)
- func EncryptAESCGM(plaintext []byte, key *AESKey) (ciphertext []byte, err error)
- func EncryptCredentials(recipient *DID, keyID, secret, subject string) string
- func ExpandDocument(input []byte) ([]byte, error)
- func ExtractDIDMethod(didID string) (string, error)
- func ExtractSignature(hdr http.Header) (string, string, error)
- func FlattenDocument(input []byte, ctx any) ([]byte, error)
- func GenerateAccessKeyID() string
- func GenerateAccessToken(recordID, leaseID string, now, leaseExpiryTime int64) string
- func GenerateDocumentNodeMap(input []byte) (map[string]any, error)
- func GenerateNewHDKey(seed []byte) (*hdkeychain.ExtendedKey, *hdkeychain.ExtendedKey, error)
- func Hash(tag string, data []byte) []byte
- func HashRequestBody(body []byte) []byte
- func HeadID(assetID string, lockerID string, sender *LockerParticipant, headName string) string
- func NewAssetID(method string) string
- func PackHeadBody(assetID, lockerID, participantID, name, recordID string) []byte
- func Pad(src []byte) []byte
- func PutBinaryContextIntoDefaultDocumentLoader(url string, ctx []byte) error
- func PutContextIntoDefaultDocumentLoader(url, filePath string) error
- func PutContextMapIntoDefaultDocumentLoader(contextMap map[string]string) error
- func RandomKeyIndex() uint32
- func RecordsToCSV(recs []*Record) []byte
- func SetDebugMode(v bool)
- func SetDefaultDocumentLoader(l ld.DocumentLoader)
- func SignRequest(hdr http.Header, keyID string, clientSecret *AESKey, clientHMACKey []byte, ...) (string, error)
- func UnpackHeadBody(val []byte) (string, string, string, string, string)
- func UnwrapDigitalAssetID(id string) string
- func ValidateDIDMethodPrefix(methodPrefix string) error
- func ValidateRequest(hdr http.Header, reqSig string, encryptedHMACKey []byte, reqTime time.Time, ...) (bool, error)
- func VerifyAccessToken(ctx context.Context, at, dataAssetID string, now, maxDistanceSeconds int64, ...) bool
- func VerifyDigitalAssetID(id, fingerprintAlgorithm string, data []byte) (bool, error)
- func VerifySemanticDigitalAssetID(id, fingerprintAlgorithm string, data []byte) (bool, error)
- type AESKey
- func DecodeAESKey(val string, privKey ed25519.PrivateKey) (*AESKey, error)
- func DeriveClientAESKey(pk ed25519.PrivateKey) *AESKey
- func DeriveEncryptionKey(secret1, secret2 []byte) *AESKey
- func DeriveSymmetricalKey(secret []byte, pubKey *btcec.PublicKey) *AESKey
- func NewAESKey(val []byte) *AESKey
- func NewEncryptionKey() *AESKey
- func SplitClientSecret(secret string) (ed25519.PrivateKey, *AESKey, []byte, error)
- type AccessKey
- type AccessLevel
- type AccessVerifier
- type Algorithm
- type BlobManager
- type Block
- type Confirmation
- type ConsentReceipt
- type Criteria
- type DID
- func (did *DID) Bytes() []byte
- func (did *DID) Copy() *DID
- func (did *DID) NeuteredCopy() *DID
- func (did *DID) Sign(message []byte) []byte
- func (did *DID) SignKeyValue() ed25519.PrivateKey
- func (did *DID) VerKeyValue() ed25519.PublicKey
- func (did *DID) Verify(message, signature []byte) bool
- func (did *DID) Zero()
- type DIDDocument
- type DIDOption
- type DIDProvider
- type DataAssetState
- type DataController
- type DataSet
- type Ed25519VerificationKey2018
- type Impression
- func (ii *Impression) Bytes() []byte
- func (ii *Impression) Compact() ([]byte, error)
- func (ii *Impression) Copy() *Impression
- func (ii *Impression) GetProvenance(resourceID string) any
- func (ii *Impression) GetVariantID() string
- func (ii *Impression) IsRoot() bool
- func (ii *Impression) IsSigned() bool
- func (ii *Impression) MerkleSign(identity string, key ed25519.PrivateKey) error
- func (ii *Impression) MerkleVerify(key ed25519.PublicKey) (bool, error)
- func (ii *Impression) Revision() int64
- func (ii *Impression) RevisionOf() string
- type KnowledgeOffer
- type KnowledgeProspectus
- type KnowledgeQuery
- type KnowledgeSharingRequest
- type KnowledgeSharingResult
- type Lease
- type Ledger
- type Locker
- func (l *Locker) AcceptedAtBlock() int64
- func (l *Locker) Bytes() []byte
- func (l *Locker) Copy() *Locker
- func (l *Locker) GetParticipant(participantID string) *LockerParticipant
- func (l *Locker) Hydrate(pk ed25519.PrivateKey) error
- func (l *Locker) IsHydrated() bool
- func (l *Locker) IsUnilocker() bool
- func (l *Locker) Perspective(iid string) *Locker
- func (l *Locker) SetAcceptedAtBlock(block int64)
- func (l *Locker) Them() *LockerParticipant
- func (l *Locker) Us() *LockerParticipant
- func (l *Locker) Zero()
- type LockerParticipant
- func (lp *LockerParticipant) GetOperationSymKey(idx uint32) *AESKey
- func (lp *LockerParticipant) GetRecordPrivateKey(idx uint32) (*hdkeychain.ExtendedKey, error)
- func (lp *LockerParticipant) GetRecordPublicKey(idx uint32) (*btcec.PublicKey, error)
- func (lp *LockerParticipant) GetRootPrivateKey() string
- func (lp *LockerParticipant) Hydrate(pk ed25519.PrivateKey) error
- func (lp *LockerParticipant) IsHydrated() bool
- func (lp *LockerParticipant) IsRecordOwner(routingKey string, idx uint32) (*btcec.PublicKey, *AESKey, error)
- func (lp *LockerParticipant) Zero()
- type MerkleSigner
- type MerkleVerifier
- type MetaResource
- type NewBlockMessage
- type OffChainStorage
- type OfferTerms
- type OpType
- type PartyOption
- type Proof
- type ProvActivity
- type ProvAgent
- type ProvAssociation
- type ProvBundle
- type ProvEntity
- type ProvPrimarySource
- type ProvRole
- type ProvUsage
- type QuotedFromEntity
- type Record
- type RecordState
- type RecordStatus
- type SemanticAsset
- func GenerateNewSemanticAsset(serial, isIdentity bool, didMethod, nonce string) (*SemanticAsset, error)
- func GenerateNewSemanticDigitalAsset(data []byte, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)
- func GenerateNewSemanticDigitalAssetFromFile(filename, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)
- func GenerateNewSemanticDigitalAssetFromReader(r io.Reader, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)
- func GenerateNewSemanticDigitalAssetWithHash(fp []byte, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)
- func GenerateValueAsset(functionID string, entityArgs, valueArgs map[string]any, didMethod string) (*SemanticAsset, error)
- type Service
- type SignableDocument
- func (dp *SignableDocument) Context() any
- func (dp *SignableDocument) Copy() (*SignableDocument, error)
- func (dp *SignableDocument) Hash() ([]byte, error)
- func (dp *SignableDocument) ID() string
- func (dp *SignableDocument) MerkleSetID(idPrefix string) (string, error)
- func (dp *SignableDocument) MerkleSign(idPrefix string, identity string, key ed25519.PrivateKey) (string, *Proof, error)
- func (dp *SignableDocument) MerkleVerify(idPrefix string, publicKey ed25519.PublicKey) (bool, error)
- func (dp *SignableDocument) SetContext(ctx any)
- func (dp *SignableDocument) Sign(identity string, key ed25519.PrivateKey) (*Proof, error)
- func (dp *SignableDocument) Verify(publicKey ed25519.PublicKey) (bool, error)
- type Signer
- type StoredResource
- type VaultProperties
- type Verifier
Constants ¶
const ( AccessKeyType = "AccessKey" AccessKeyHeaderDate = "X-Meta-Date" AccessKeyHeaderClientKey = "X-Meta-Client-Key" AccessKeyHeaderBodyHash = "X-Meta-Body-Hash" )
const ( NTopicNewBlock = "ledger.newBlock" MessageTypeNewBlockNotification = "NewBlockNotification" )
const ( ProvTypeAgent = "Agent" ProvTypeRole = "Role" ProvTypeUsage = "Usage" ProvTypeActivity = "Activity" ProvTypeEntity = "Entity" ProvTypeAssociation = "Association" )
const ( RcTypeAlgo0 = 0 RcTypeAlgo1 = 1 // RecordFlagPublic bit is set to true, if the underlying operation // and data assets are available in a clear-text form. Use this // flag to publish data that needs to be accessed by third parties // that don't know the locker secrets. RecordFlagPublic uint32 = 0x00000001 )
const (
Ed25519VerificationKey2018Type = "Ed25519VerificationKey2018"
)
const KeySize = 32
const ( // MerkleID is an ID used for signing and verification of Merkle documents. // We set the document ID to MerkleID before signing (because final Merkle ID of the document // is a hash of the document including its signature MerkleID = "_:merkle_root_2016" )
const (
NonceLength = 32
)
const (
PiprateContextURL = "https://piprate.org/context/piprate.jsonld"
)
const (
RequestingCommitmentTag = "requesting commitment"
)
const (
TypeResource = "Resource"
)
Variables ¶
var ( ErrMissingDateInHeader = errors.New("missing " + AccessKeyHeaderDate + " in request header") ErrMissingClientKeyInHeader = errors.New("missing " + AccessKeyHeaderClientKey + " in request header") )
var ( // ErrDataSetNotFound indicates the dataset was not found. It may mean the dataset is available // in MetaLocker, but not accessible by the given data wallet. ErrDataSetNotFound = errors.New("dataset not found") ErrResourceNotFound = errors.New("resource not found") )
var ( // ErrRecordNotFound indicates the ledger record was not found ErrRecordNotFound = errors.New("record not found") // ErrBlockNotFound indicates the ledger block was not found ErrBlockNotFound = errors.New("block not found") // ErrDataAssetNotFound indicates the data asset was not found ErrDataAssetNotFound = errors.New("data asset not found") // ErrAssetHeadNotFound indicates the record for an asset head is not found ErrAssetHeadNotFound = errors.New("asset head not found") )
var ( ErrDataAssetAccessDenied = errors.New("access to data asset denied") ErrBlobNotFound = errors.New("blob not found") )
var ( // DefaultMaxDistanceSeconds is 5 minutes DefaultMaxDistanceSeconds int64 = 5 * 60 )
var ErrAuthorizationNotFound = errors.New("missing or invalid Authorization in request header")
var ErrInvalidDID = errors.New("invalid DID identifier")
var ( // ErrOperationNotFound indicates that operation was not found ErrOperationNotFound = errors.New("operation not found") )
Functions ¶
func AnonDecrypt ¶
func AnonEncrypt ¶
AnonEncrypt encrypts a message by anonymous-encryption scheme. Sealed boxes are designed to anonymously send messages to a Recipient given its public key. Only the Recipient can decrypt these messages, using its private key. While the Recipient can verify the integrity of the message, it cannot verify the identity of the Sender.
func BuildAuthorisingCommitmentInput ¶
func BuildAuthorisingCommitmentInput(privKey *hdkeychain.ExtendedKey, opAddress string) []byte
func BuildDIDPrefix ¶
func BuildDigitalAssetID ¶
BuildDigitalAssetID creates a new instance for Digital Asset from a pre-calculated fingerprint.
func BuildDigitalAssetIDFromFile ¶
func BuildDigitalAssetIDFromFile(filename, fingerprintAlgorithm, didMethod string) (string, string, error)
BuildDigitalAssetIDFromFile creates a new instance for Digital Asset
func BuildDigitalAssetIDFromReader ¶
func BuildDigitalAssetIDFromReader(r io.Reader, fingerprintAlgorithm, didMethod string) (string, error)
BuildDigitalAssetIDFromReader creates a new instance for Digital Asset from a pre-calculated fingerprint.
func BuildDigitalAssetIDWithFingerprint ¶
BuildDigitalAssetIDWithFingerprint creates a new instance for Digital Asset from a pre-calculated fingerprint.
func BuildRoutingKey ¶
func BuildSharedSecret ¶
func BuildSharedSecret(key *hdkeychain.ExtendedKey) string
func DecryptAESCGM ¶
DecryptAESCGM decrypts data using 256-bit AES-GCM. This both hides the content of the data and provides a check that it hasn't been altered. Expects input form nonce|ciphertext|tag where '|' indicates concatenation.
func DecryptCredentials ¶
func DefaultDocumentLoader ¶
func DefaultDocumentLoader() ld.DocumentLoader
func DeriveStorageAccessKey ¶
func DeriveStorageAccessKey(leaseID string) (ed25519.PublicKey, ed25519.PrivateKey)
func EncryptAESCGM ¶
EncryptAESCGM encrypts data using 256-bit AES-GCM. This both hides the content of the data and provides a check that it hasn't been altered. Output takes the form nonce|ciphertext|tag where '|' indicates concatenation.
func EncryptCredentials ¶
func ExpandDocument ¶
func ExtractDIDMethod ¶
func GenerateAccessKeyID ¶
func GenerateAccessKeyID() string
func GenerateAccessToken ¶
func GenerateDocumentNodeMap ¶
GenerateDocumentNodeMap exposes GenerateNodeMap method from JSON-LD API. It shouldn't be really used directly (use Flatten instead), but it's sometimes useful for debugging JSON-LD schema related issues.
func GenerateNewHDKey ¶
func GenerateNewHDKey(seed []byte) (*hdkeychain.ExtendedKey, *hdkeychain.ExtendedKey, error)
func Hash ¶
Hash generates a hash of data using HMAC-SHA-512/256. The tag is intended to be a natural-language string describing the purpose of the hash, such as "hash file for lookup key" or "master secret to client secret". It serves as an HMAC "key" and ensures that different purposes will have different hash output. This function is NOT suitable for hashing passwords.
func HashRequestBody ¶
func HeadID ¶
func HeadID(assetID string, lockerID string, sender *LockerParticipant, headName string) string
func PackHeadBody ¶
func RandomKeyIndex ¶
func RandomKeyIndex() uint32
func RecordsToCSV ¶
func SetDebugMode ¶
func SetDebugMode(v bool)
func SetDefaultDocumentLoader ¶
func SetDefaultDocumentLoader(l ld.DocumentLoader)
func SignRequest ¶
func UnwrapDigitalAssetID ¶
UnwrapDigitalAssetID removes 'did:method:' component from the given DID
func ValidateDIDMethodPrefix ¶
func ValidateRequest ¶
func VerifyAccessToken ¶
func VerifyDigitalAssetID ¶
Types ¶
type AESKey ¶
type AESKey [32]byte
func DecodeAESKey ¶
func DecodeAESKey(val string, privKey ed25519.PrivateKey) (*AESKey, error)
func DeriveClientAESKey ¶
func DeriveClientAESKey(pk ed25519.PrivateKey) *AESKey
func DeriveEncryptionKey ¶
func DeriveSymmetricalKey ¶
func NewEncryptionKey ¶
func NewEncryptionKey() *AESKey
NewEncryptionKey generates a random 256-bit key for Encrypt() and Decrypt(). It panics if the source of randomness fails.
func SplitClientSecret ¶
type AccessKey ¶
type AccessKey struct { ID string `json:"id"` AccountID string `json:"account"` AccessLevel AccessLevel `json:"level"` Secret string `json:"secret,omitempty"` Type string `json:"type"` ManagementKey string `json:"mgmtKey"` EncryptedManagedKey string `json:"emk,omitempty"` EncryptedHostedKey string `json:"ehk,omitempty"` ManagementKeyPub ed25519.PublicKey `json:"-"` ManagementKeyPrv ed25519.PrivateKey `json:"-"` ClientSecret *AESKey `json:"-"` ClientHMACKey []byte `json:"-"` }
AccessKey defines a key that can be used to access MetaLocker. Access keys are useful for programmatic or temporary access to MetaLocker data without revealing its main encryption keys.
func GenerateAccessKey ¶
func GenerateAccessKey(accountID string, accessLevel AccessLevel) (*AccessKey, error)
GenerateAccessKey creates a new access key that can be used to connect to MetaLocker.
Client will use: keyID, management key (64-byte private Ed-25519 key), HMAC key (64 bytes) Server will use: keyID, encrypted HMAC key
func (*AccessKey) AddHostedKey ¶
func (*AccessKey) AddManagedKey ¶
func (*AccessKey) ClientKeys ¶
ClientKeys returns a pair <key-id> and <secret-string> that can be used by a remote client to gain access to a specific account with specific restrictions.
type AccessLevel ¶
type AccessLevel int32
const ( AccessLevelNone AccessLevel = 0 AccessLevelRestricted AccessLevel = 1 AccessLevelManaged AccessLevel = 2 AccessLevelHosted AccessLevel = 3 AccessLevelLocal AccessLevel = 4 AccessLevelCold AccessLevel = 5 )
type AccessVerifier ¶
type AccessVerifier interface { // GetRecord returns a ledger record by its ID. Returns ErrRecordNotFound error // if record was not found. GetRecord(ctx context.Context, rid string) (*Record, error) // GetDataAssetState returns the state of the given data asset. Returns // ErrDataAssetNotFound error if data asset not found. GetDataAssetState(ctx context.Context, id string) (DataAssetState, error) // GetRecordState returns ledger record state for the given // record ID. It's useful to identify if the record // was published on the ledger (and its block ID) or if the lease // behind the record was revoked. GetRecordState(ctx context.Context, rid string) (*RecordState, error) }
AccessVerifier is used by MetaLocker vaults to retrieve record and data asset information that is necessary to identify whether to serve the requested data asset.
type BlobManager ¶
type BlobManager interface { GetBlob(ctx context.Context, res *StoredResource, accessToken string) (io.ReadCloser, error) SendBlob(ctx context.Context, data io.Reader, cleartext bool, vaultID string) (*StoredResource, error) PurgeBlob(ctx context.Context, res *StoredResource) error GetVaultMap(ctx context.Context) (map[string]*VaultProperties, error) }
BlobManager is a trusted component that reads and writes binary data to MetaLocker vaults. BlobManager manages client-side encryption for blobs. There is no need to encrypt of decrypt data that comes from BlobManager.
type Block ¶
type Block struct { Number int64 `json:"number"` Hash string `json:"hash"` ParentHash string `json:"parentHash,omitempty"` }
Block defines a block of the MetaLocker ledger. Blocks are identified by their sequential numbers, starting with 0. Hash and ParentHash fields allow connecting a specific block with the underlying block implementation.
type Confirmation ¶
type Confirmation struct { Type string `json:"type"` Offer *KnowledgeOffer `json:"offer"` Terms []*OfferTerms `json:"terms,omitempty"` Provenance []*QuotedFromEntity `json:"provenance,omitempty"` }
type ConsentReceipt ¶
type ConsentReceipt struct { Version string `json:"version,omitempty"` Jurisdiction string `json:"jurisdiction,omitempty"` ConsentTimestamp uint64 `json:"consentTimestamp,omitempty"` CollectionMethod string `json:"collectionMethod,omitempty"` ConsentReceiptID string `json:"consentReceiptID,omitempty"` Subject string `json:"subject,omitempty"` DataController *DataController `json:"dataController,omitempty"` Services []*Service `json:"services,omitempty"` PolicyURL string `json:"policyUrl,omitempty"` Sensitive bool `json:"sensitive,omitempty"` SpiCat []string `json:"spiCat,omitempty"` }
type DID ¶
type DID struct { // ID is a decentralised identifier. ID string `json:"id" example:"did:piprate:9JA3ukzEXQeoTLyH9N2Jdp"` // VerKey public Ed25519 key in base58 encoding VerKey string `json:"verKey" example:"<public key in base58 encoding>"` // SignKey (optional) private Ed25519 key in base58 encoding SignKey string `json:"signKey,omitempty" example:"<private key in base58 encoding>"` // contains filtered or unexported fields }
DID is a Hyperledger Indy-style definition of a decentralised identifier (DID). DID is a globally unique persistent identifier that does not require a centralized registration authority because it is generated and/or registered cryptographically.
func GenerateDID ¶
func (*DID) NeuteredCopy ¶
func (*DID) SignKeyValue ¶
func (did *DID) SignKeyValue() ed25519.PrivateKey
func (*DID) VerKeyValue ¶
type DIDDocument ¶
type DIDDocument struct { Context any `json:"@context,omitempty"` ID string `json:"id"` PublicKey []any `json:"publicKey,omitempty"` Authentication []any `json:"authentication,omitempty"` Service []any `json:"service,omitempty"` Created *time.Time `json:"created,omitempty"` Updated *time.Time `json:"updated,omitempty"` Proof *Proof `json:"proof,omitempty"` }
func SimpleDIDDocument ¶
func SimpleDIDDocument(did *DID, created *time.Time) (*DIDDocument, error)
func (*DIDDocument) Bytes ¶
func (d *DIDDocument) Bytes() []byte
func (*DIDDocument) Equals ¶
func (d *DIDDocument) Equals(anotherD *DIDDocument) bool
func (*DIDDocument) ExtractIndyStyleDID ¶
func (d *DIDDocument) ExtractIndyStyleDID() (*DID, error)
func (*DIDDocument) Sign ¶
func (d *DIDDocument) Sign(identity string, key ed25519.PrivateKey) error
Sign signs the document and assigns Merkle ID to the root JSON-LD element
type DIDProvider ¶
type DIDProvider interface { CreateDIDDocument(ctx context.Context, ddoc *DIDDocument) error GetDIDDocument(ctx context.Context, iid string) (*DIDDocument, error) }
type DataAssetState ¶
type DataAssetState int
const ( DataAssetStateKeep DataAssetState = 1 DataAssetStateRemove DataAssetState = 2 DataAssetStateNotFound DataAssetState = 3 )
type DataController ¶
type DataController struct { OnBehalf bool `json:"onBehalf,omitempty"` Org string `json:"org,omitempty"` Contact string `json:"contact,omitempty"` Address any `json:"address,omitempty"` Email string `json:"email,omitempty"` Phone string `json:"phone,omitempty"` PIIControllerURL *url.URL `json:"piiControllerUrl,omitempty"` }
type DataSet ¶
type DataSet interface { // ID returns the dataset's record ID. ID() string // MetaResource returns a reader for the dataset's meta resource. MetaResource(ctx context.Context) (io.ReadCloser, error) // DecodeMetaResource is a convenience function that unmarshals the dataset's metadata into the given structure. DecodeMetaResource(ctx context.Context, obj any) error // Resources returns a list of resource IDs that belong to the dataset. Resources() []string // Resource returns a reader for the given resource within the dataset. Resource(ctx context.Context, id string) (io.ReadCloser, error) // DecodeResource is a convenience function that unmarshals the requested resource into the given structure. DecodeResource(ctx context.Context, id string, obj any) error // Lease returns the dataset's lease document Lease() *Lease // Impression returns the dataset's impression document (also available through Lease() ) Impression() *Impression // Record returns the dataset's record structure Record() *Record // BlockNumber returns the number (ID) of the block where the dataset's record appeared. BlockNumber() int64 // LockerID returns the ID of the locker that contains the dataset. LockerID() string // ParticipantID returns the ID (the corresponding identity's DID) of the locker participant // that submitted the dataset. ParticipantID() string }
DataSet defines an interface to a MetaLocker dataset stored in the given record.
type Ed25519VerificationKey2018 ¶
type Ed25519VerificationKey2018 struct { Context any `json:"@context,omitempty"` ID string `json:"id"` Type string `json:"type"` Controller string `json:"controller"` Expires *time.Time `json:"expires,omitempty"` PublicKeyBase58 string `json:"publicKeyBase58"` }
Ed25519VerificationKey2018 is based on https://w3c-dvcg.github.io/lds-ed25519-2018/
type Impression ¶
type Impression struct { Context any `json:"@context"` ID string `json:"id"` Type []string `json:"type"` Asset string `json:"asset,omitempty"` ProvGraph any `json:"graph,omitempty"` WasAttributedTo string `json:"wasAttributedTo,omitempty"` GeneratedAtTime *time.Time `json:"generatedAtTime,omitempty"` MetaResource *MetaResource `json:"resource,omitempty"` RevisionNumber int64 `json:"revisionNumber,omitempty"` RevisionMessage string `json:"revisionMessage,omitempty"` WasRevisionOf string `json:"wasRevisionOf,omitempty"` SpecializationOf string `json:"specializationOf,omitempty"` Proof *Proof `json:"proof,omitempty"` }
Impression is a semantic definition of a dataset that contains verifiable information about its provenance, authorship, relation to other datasets, including revision data. Impression is signed by its creator using JSON-LD Signature scheme.
func NewBlankImpression ¶
func NewBlankImpression() *Impression
func NewImpression ¶
func NewImpression(body []byte) (*Impression, error)
func (*Impression) Bytes ¶
func (ii *Impression) Bytes() []byte
func (*Impression) Compact ¶
func (ii *Impression) Compact() ([]byte, error)
func (*Impression) Copy ¶
func (ii *Impression) Copy() *Impression
func (*Impression) GetProvenance ¶
func (ii *Impression) GetProvenance(resourceID string) any
func (*Impression) GetVariantID ¶
func (ii *Impression) GetVariantID() string
func (*Impression) IsRoot ¶
func (ii *Impression) IsRoot() bool
func (*Impression) IsSigned ¶
func (ii *Impression) IsSigned() bool
func (*Impression) MerkleSign ¶
func (ii *Impression) MerkleSign(identity string, key ed25519.PrivateKey) error
func (*Impression) MerkleVerify ¶
func (ii *Impression) MerkleVerify(key ed25519.PublicKey) (bool, error)
func (*Impression) Revision ¶
func (ii *Impression) Revision() int64
func (*Impression) RevisionOf ¶
func (ii *Impression) RevisionOf() string
type KnowledgeOffer ¶
type KnowledgeOffer struct { ID string `json:"id"` Type string `json:"type"` Sender string `json:"sender"` Recipient string `json:"recipient"` Expires *time.Time `json:"expires,omitempty"` Asset any `json:"asset"` DatasetType string `json:"datasetType"` DatasetPreview any `json:"datasetPreview,omitempty"` RevisionNumber int64 `json:"revisionNumber,omitempty"` WasRevisionOf string `json:"wasRevisionOf,omitempty"` SpecializationOf string `json:"specializationOf,omitempty"` Terms []*OfferTerms `json:"terms"` Proof *Proof `json:"proof,omitempty"` }
func NewKnowledgeOffer ¶
func NewKnowledgeOffer(body []byte) (*KnowledgeOffer, error)
func (*KnowledgeOffer) Bytes ¶
func (ko *KnowledgeOffer) Bytes() []byte
func (*KnowledgeOffer) MerkleSign ¶
func (ko *KnowledgeOffer) MerkleSign(identity string, key ed25519.PrivateKey) error
func (*KnowledgeOffer) MerkleVerify ¶
func (ko *KnowledgeOffer) MerkleVerify(key ed25519.PublicKey) (bool, error)
type KnowledgeProspectus ¶
type KnowledgeProspectus struct { Context any `json:"@context"` ID string `json:"id"` Type string `json:"type"` Creator string `json:"creator,omitempty"` Created *time.Time `json:"created,omitempty"` Query *KnowledgeQuery `json:"query,omitempty"` Offers []*KnowledgeOffer `json:"offers,omitempty"` Proof *Proof `json:"proof,omitempty"` }
func NewKnowledgeProspectus ¶
func NewKnowledgeProspectus(body []byte) (*KnowledgeProspectus, error)
func (*KnowledgeProspectus) Bytes ¶
func (kp *KnowledgeProspectus) Bytes() []byte
func (*KnowledgeProspectus) MerkleSign ¶
func (kp *KnowledgeProspectus) MerkleSign(identity string, key ed25519.PrivateKey) error
func (*KnowledgeProspectus) MerkleVerify ¶
func (kp *KnowledgeProspectus) MerkleVerify(key ed25519.PublicKey) (bool, error)
type KnowledgeQuery ¶
type KnowledgeSharingRequest ¶
type KnowledgeSharingRequest struct { Context any `json:"@context"` ID string `json:"id"` Type string `json:"type"` Creator string `json:"creator,omitempty"` Created *time.Time `json:"created,omitempty"` Prospectus *KnowledgeProspectus `json:"prospectus,omitempty"` Locker string `json:"locker,omitempty"` Vault string `json:"vault,omitempty"` Confirmations []*Confirmation `json:"confirmations"` Proof *Proof `json:"proof,omitempty"` }
type KnowledgeSharingResult ¶
type Lease ¶
type Lease struct { ID string `json:"id"` Type string `json:"type"` ExpiresAt *time.Time `json:"expire,omitempty"` Resources []*StoredResource `json:"storage"` DataSetType string `json:"datasetType"` Impression *Impression `json:"impression"` Provenance *ProvEntity `json:"provenance,omitempty"` Proof *Proof `json:"proof,omitempty"` }
Lease is a dataset lease as a MetaLocker operation. This lease is stored in OffChainStorage.
func (*Lease) DataAssetList ¶
func (*Lease) GenerateAccessToken ¶
func (*Lease) GetResourceIDs ¶
func (*Lease) MetaResource ¶
func (l *Lease) MetaResource() *StoredResource
func (*Lease) Resource ¶
func (l *Lease) Resource(assetID string) *StoredResource
type Ledger ¶
type Ledger interface { io.Closer // SubmitRecord adds a ledger records into the queue to be // included into the next block. SubmitRecord(ctx context.Context, r *Record) error // GetRecord returns a ledger record by its ID. Returns ErrRecordNotFound error // if record was not found. GetRecord(ctx context.Context, rid string) (*Record, error) // GetRecordState returns ledger record state for the given // record ID. It's useful to identify if the record // was published on the ledger (and its block ID) or if the lease // behind the record was revoked. GetRecordState(ctx context.Context, rid string) (*RecordState, error) // GetBlock returns a block definition for the given block number. GetBlock(ctx context.Context, bn int64) (*Block, error) // GetBlockRecords returns a list of all ledger records included // in the block as an array of arrays of strings: // [record_id, routing_key, key_index]* // Returns ErrBlockNotFound error if block was not found. GetBlockRecords(ctx context.Context, bn int64) ([][]string, error) // GetGenesisBlock returns the definition of the genesis block. // If there is no genesis block yet, it will return nil as a block. GetGenesisBlock(ctx context.Context) (*Block, error) // GetTopBlock returns the definition of the top (latest) block. // If there are no blocks yet, it will return nil as a block. GetTopBlock(ctx context.Context) (*Block, error) // GetChain returns a sequence of block definitions of // the given length (depth), starting from the given block id GetChain(ctx context.Context, startNumber int64, depth int) ([]*Block, error) // GetDataAssetState returns the state of the given data asset. Returns // ErrDataAssetNotFound error if data asset not found. GetDataAssetState(ctx context.Context, id string) (DataAssetState, error) // GetAssetHead returns the record of type = head that defines the current asset head for the given ID. GetAssetHead(ctx context.Context, headID string) (*Record, error) }
Ledger is an interface to a MetaLocker ledger.
type Locker ¶
type Locker struct { // ID is the unique locker ID. ID string `json:"id"` // Name is the locker's name. These names are useful for locker documentation purposes. // They aren't used in any data processing. Name string `json:"name"` // AccessLevel is the locker's access level. Data wallet needs to be unlocked to a specific access level // to gain access to lockers at this level or higher. AccessLevel AccessLevel `json:"level"` // Participants is a list of locker participants. Participants []*LockerParticipant `json:"participants"` // Created is the locker's creation time. For documentation purposes only. Created *time.Time `json:"created"` // Expires is the time when the locker will expire. NOT SUPPORTED. Expires *time.Time `json:"expires,omitempty"` // Sealed is the time when the locker was sealed (closed). NOT SUPPORTED. Sealed *time.Time `json:"sealed,omitempty"` // FirstBlock is the block number that was the height of the chain when the locker was created. // It is guaranteed that all records for this locker will be in blocks AFTER this block. FirstBlock int64 `json:"firstBlock"` // LastBlock is the block number that was the height of the chain when the locker was sealed. // It is guaranteed that all records for this locker will be in blocks BEFORE this block. // NOT SUPPORTED. LastBlock int64 `json:"lastBlock,omitempty"` // ThirdPartyAcceptedAtBlock is the number of the block when the locker was accepted by the owner // when the owner acts as a third party (is not a participant on the locker) ThirdPartyAcceptedAtBlock int64 `json:"acceptedAtBlock,omitempty"` }
Locker is a secure, persistent, bidirectional communication channel between two or more participants. A special type of locker with just one participant is called a uni-locker.
func GenerateLocker ¶
func GenerateLocker(accessLevel AccessLevel, name string, expires *time.Time, firstBlock int64, parties ...PartyOption) (*Locker, error)
func (*Locker) AcceptedAtBlock ¶
func (*Locker) GetParticipant ¶
func (l *Locker) GetParticipant(participantID string) *LockerParticipant
func (*Locker) IsHydrated ¶
func (*Locker) IsUnilocker ¶
func (*Locker) Perspective ¶
func (*Locker) SetAcceptedAtBlock ¶
func (*Locker) Them ¶
func (l *Locker) Them() *LockerParticipant
func (*Locker) Us ¶
func (l *Locker) Us() *LockerParticipant
type LockerParticipant ¶
type LockerParticipant struct { // ID is the participant's identity ID (DID) ID string `json:"id"` // SharedSecret is a Base64-encoded secret used to encrypt operations in the given locker (leases, etc) Self bool `json:"self,omitempty"` // RootPublicKey is a Base64-encoded root public key that can be used to identify if the specific record // was issued by this participant. RootPublicKey string `json:"rootPublicKey,omitempty"` // RootPrivateKeyEnc is a Base64-encoded, encrypted root HD key used to generate record's routing keys. RootPrivateKeyEnc string `json:"encryptedRootPrivateKey,omitempty"` // AcceptedAtBlock is the number of the block when the locker was accepted by the party // and registered in its root locker. AcceptedAtBlock int64 `json:"acceptedAtBlock,omitempty"` // contains filtered or unexported fields }
LockerParticipant is a definition of locker participant. It contains sensitive secrets, such as SharedSecret, and should be stored securely.
func (*LockerParticipant) GetOperationSymKey ¶
func (lp *LockerParticipant) GetOperationSymKey(idx uint32) *AESKey
func (*LockerParticipant) GetRecordPrivateKey ¶
func (lp *LockerParticipant) GetRecordPrivateKey(idx uint32) (*hdkeychain.ExtendedKey, error)
func (*LockerParticipant) GetRecordPublicKey ¶
func (lp *LockerParticipant) GetRecordPublicKey(idx uint32) (*btcec.PublicKey, error)
func (*LockerParticipant) GetRootPrivateKey ¶
func (lp *LockerParticipant) GetRootPrivateKey() string
func (*LockerParticipant) Hydrate ¶
func (lp *LockerParticipant) Hydrate(pk ed25519.PrivateKey) error
Hydrate decrypts (if needed) and instantiates ExtendedKey fields from Base64 encoded values
func (*LockerParticipant) IsHydrated ¶
func (lp *LockerParticipant) IsHydrated() bool
func (*LockerParticipant) IsRecordOwner ¶
func (lp *LockerParticipant) IsRecordOwner(routingKey string, idx uint32) (*btcec.PublicKey, *AESKey, error)
func (*LockerParticipant) Zero ¶
func (lp *LockerParticipant) Zero()
type MerkleSigner ¶
type MerkleSigner interface {
MerkleSign(identity string, key ed25519.PrivateKey) error
}
type MerkleVerifier ¶
type MetaResource ¶
type MetaResource struct { // Asset is the meta resource's asset ID. Asset string `json:"id,omitempty"` // ContentType is the semantic type of the meta resource (and of the dataset). ContentType string `json:"contentType,omitempty"` // Fingerprint is the digital fingerprint of the meta resource. Because MetaResource // is signed as a part of impression, this fingerprint can verify if the meta resource // has been altered in any way. Fingerprint string `json:"fingerprint,omitempty"` // FingerprintAlgorithm is the Fingerprint's algorithm. FingerprintAlgorithm string `json:"fingerprintAlgorithm,omitempty"` }
MetaResource provides Impression with a link to its meta resource, the root document of the underlying dataset.
type NewBlockMessage ¶
type OffChainStorage ¶
type OffChainStorage interface { GetOperation(ctx context.Context, opAddr string) ([]byte, error) SendOperation(ctx context.Context, opData []byte) (string, error) PurgeOperation(ctx context.Context, opAddr string) error }
OffChainStorage is an interface to a storage layer that is used to store ledger operation definitions. In contrast with ledger records which are permanent, offchain data can be deleted, if the underlying dataset lease expired, or it was revoked, or for any other reason that prohibits access to the given operation.
type OfferTerms ¶
type OfferTerms struct {
Duration int64 `json:"duration,omitempty"`
}
type PartyOption ¶
type PartyOption func() (*LockerParticipant, error)
func Them ¶
func Them(did *DID, seed []byte) PartyOption
func Us ¶
func Us(did *DID, seed []byte) PartyOption
type ProvActivity ¶
type ProvActivity struct { ID string `json:"id,omitempty"` Type string `json:"type"` Algorithm string `json:"algorithm"` Used any `json:"used,omitempty"` QualifiedUsage []*ProvUsage `json:"qualifiedUsage,omitempty"` WasAssociatedWith string `json:"wasAssociatedWith,omitempty"` QualifiedAssociation []*ProvAssociation `json:"qualifiedAssociation,omitempty"` }
type ProvAssociation ¶
type ProvBundle ¶
type ProvBundle struct { Context any `json:"@context,omitempty"` ID string `json:"id,omitempty"` Type string `json:"type"` GeneratedAtTime *time.Time `json:"generatedAtTime,omitempty"` WasAttributedTo string `json:"wasAttributedTo,omitempty"` HadPrimarySource string `json:"hadPrimarySource,omitempty"` QualifiedPrimarySource []*ProvPrimarySource `json:"qualifiedPrimarySource,omitempty"` Graph any `json:"graph,omitempty"` Proof *Proof `json:"proof,omitempty"` }
type ProvEntity ¶
type ProvEntity struct { Context any `json:"@context,omitempty"` ID string `json:"id,omitempty"` Type string `json:"type"` WasAttributedTo string `json:"wasAttributedTo,omitempty"` GeneratedAtTime *time.Time `json:"generatedAtTime,omitempty"` WasGeneratedBy *ProvActivity `json:"wasGeneratedBy,omitempty"` WasQuotedFrom any `json:"wasQuotedFrom,omitempty"` WasAccessibleTo any `json:"wasAccessibleTo,omitempty"` ContentType string `json:"contentType,omitempty"` MentionOf string `json:"mentionOf,omitempty"` AsInBundle string `json:"asInBundle,omitempty"` Proof *Proof `json:"proof,omitempty"` }
func (*ProvEntity) Bytes ¶
func (pe *ProvEntity) Bytes() []byte
func (*ProvEntity) Copy ¶
func (pe *ProvEntity) Copy() *ProvEntity
func (*ProvEntity) MerkleSign ¶
func (pe *ProvEntity) MerkleSign(identity string, key ed25519.PrivateKey) error
func (*ProvEntity) MerkleVerify ¶
func (pe *ProvEntity) MerkleVerify(key ed25519.PublicKey) (bool, error)
type ProvPrimarySource ¶
type QuotedFromEntity ¶
type Record ¶
type Record struct { // ID of the record. Currently, it's a hash of the record generated // by the Seal function (see below). ID string `json:"id"` // RoutingKey is a public key from the locker HD structure. It can be // used to filter specific messages from the ledger. RoutingKey string `json:"routingKey"` // KeyIndex is the index of the HD key used to produce the routing key. KeyIndex uint32 `json:"keyIndex"` // Operation is the type of the operation. May be removed from // the record in the future. Operation OpType `json:"operationType"` // OperationAddress is the address of the Operation (can be an asset ID, IPFS address, etc.) OperationAddress string `json:"address,omitempty"` // Flags contain a set of flags that modify the record's behaviour. // See RecordFlagXXX constants for examples. Flags uint32 `json:"flags,omitempty"` // AuthorisingCommitment is binary data which allows the originator // of the transaction to prove their role, without disclosing any // other information about this transaction AuthorisingCommitment string `json:"ac,omitempty"` // AuthorisingCommitmentType. for future use: there may be different // types of commitment structures. AuthorisingCommitmentType byte `json:"acType,omitempty"` // RequestingCommitment is binary data which allows the recipient of // the transaction to prove their right to access data without disclosing // any other information about this transaction RequestingCommitment string `json:"rc,omitempty"` // RequestingCommitmentType. for future use: there may be different types // of commitment structures. RequestingCommitmentType byte `json:"rcType,omitempty"` // ImpressionCommitment is binary data which allows a party to prove // that this record contains a specific impression, by combining // the impression ID with another artifact, a trapdoor. ImpressionCommitment string `json:"ic,omitempty"` // ImpressionCommitmentType. for future use: there may be different // types of commitment structures. ImpressionCommitmentType byte `json:"icType,omitempty"` // DataAssets is a list of data assets (blobs) attached to the record DataAssets []string `json:"dataAssets,omitempty"` SubjectRecord string `json:"subjectRecord,omitempty"` RevocationProof []string `json:"revocationProof,omitempty"` // HeadID is unique ID of the asset head. HeadID string `json:"headID,omitempty"` // HeadBody contains base64-encoded, encrypted head body (see PackHeadBody() ). HeadBody string `json:"headBody,omitempty"` // Signature contains a digital signature of the record, signed by // the record's private HD key Signature string `json:"signature"` Status RecordStatus `json:"status,omitempty"` }
Record represents one data transaction (lease, revocation, etc). It contains no details which would allow a third party observer to identify the participants or the nature of this transaction.
type RecordState ¶
type RecordState struct { Status RecordStatus `json:"status"` BlockNumber int64 `json:"number"` }
func (*RecordState) Bytes ¶
func (r *RecordState) Bytes() []byte
type RecordStatus ¶
type RecordStatus string
const ( StatusUnknown RecordStatus = "unknown" StatusPending RecordStatus = "pending" StatusPublished RecordStatus = "published" StatusRevoked RecordStatus = "revoked" StatusFailed RecordStatus = "failed" )
type SemanticAsset ¶
type SemanticAsset struct { Context any `json:"@context,omitempty"` ID string `json:"id"` Type any `json:"type"` Nonce string `json:"nonce,omitempty"` Serial bool `json:"isSerial,omitempty"` IsIdentity bool `json:"isIdentity,omitempty"` IsDigital bool `json:"isDigital,omitempty"` Fingerprint string `json:"fingerprint,omitempty"` FingerprintAlgorithm string `json:"fingerprintAlgorithm,omitempty"` WasGeneratedBy map[string]any `json:"wasGeneratedBy,omitempty"` Proof *Proof `json:"proof,omitempty"` }
func GenerateNewSemanticAsset ¶
func GenerateNewSemanticAsset(serial, isIdentity bool, didMethod, nonce string) (*SemanticAsset, error)
func GenerateNewSemanticDigitalAsset ¶
func GenerateNewSemanticDigitalAsset(data []byte, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)
GenerateNewSemanticDigitalAsset creates a new instance for Digital Asset
func GenerateNewSemanticDigitalAssetFromFile ¶
func GenerateNewSemanticDigitalAssetFromFile(filename, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)
GenerateNewSemanticDigitalAssetFromFile creates a new instance for Digital Asset
func GenerateNewSemanticDigitalAssetFromReader ¶
func GenerateNewSemanticDigitalAssetFromReader(r io.Reader, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)
GenerateNewSemanticDigitalAssetFromReader creates a new instance for Digital Asset from io.Reader
func GenerateNewSemanticDigitalAssetWithHash ¶
func GenerateNewSemanticDigitalAssetWithHash(fp []byte, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)
GenerateNewSemanticDigitalAssetWithHash creates a new instance for Digital Asset from pre-calculated hash.
func GenerateValueAsset ¶
func (*SemanticAsset) MerkleSetID ¶
func (sa *SemanticAsset) MerkleSetID(didMethod string) error
func (*SemanticAsset) MerkleVerify ¶
func (sa *SemanticAsset) MerkleVerify() (bool, error)
type SignableDocument ¶
type SignableDocument struct {
// contains filtered or unexported fields
}
func NewSignableDocument ¶
func NewSignableDocument(b []byte) (*SignableDocument, error)
func (*SignableDocument) Context ¶
func (dp *SignableDocument) Context() any
func (*SignableDocument) Copy ¶
func (dp *SignableDocument) Copy() (*SignableDocument, error)
Copy return a deep copy of the document
func (*SignableDocument) Hash ¶
func (dp *SignableDocument) Hash() ([]byte, error)
func (*SignableDocument) ID ¶
func (dp *SignableDocument) ID() string
func (*SignableDocument) MerkleSetID ¶
func (dp *SignableDocument) MerkleSetID(idPrefix string) (string, error)
MerkleSetID assigns Merkle ID to the root JSON-LD element
func (*SignableDocument) MerkleSign ¶
func (dp *SignableDocument) MerkleSign(idPrefix string, identity string, key ed25519.PrivateKey) (string, *Proof, error)
MerkleSign signs the document and assigns Merkle ID to the root JSON-LD element
func (*SignableDocument) MerkleVerify ¶
func (dp *SignableDocument) MerkleVerify(idPrefix string, publicKey ed25519.PublicKey) (bool, error)
MerkleVerify verifies document signature and returns false if verification fails.
func (*SignableDocument) SetContext ¶
func (dp *SignableDocument) SetContext(ctx any)
func (*SignableDocument) Sign ¶
func (dp *SignableDocument) Sign(identity string, key ed25519.PrivateKey) (*Proof, error)
Sign signs the document as per JSON-LD signatures specification.
type StoredResource ¶
type StoredResource struct { // ID is the resource ID. ID string `json:"id,omitempty"` // Type is always equal to TypeResource. Type string `json:"type"` // Asset is the data asset's content-addressable ID. Asset string `json:"asset,omitempty"` // Vault is the ID of the vault where the data asset is stored. Vault string `json:"vault"` // Method is the vault's method of storage. This field defines the meaning of Params field. Method string `json:"method"` // Params is key/value pairs that are specific to the selected Method. These parameters should be // sufficient to locate the resource blob in the vault. Params map[string]any `json:"params,omitempty"` // EncryptionKey is a Base64-encoded client side encryption key (if the asset was encrypted on the client side). EncryptionKey string `json:"encryptionKey,omitempty"` // MIMEType is the data asset's MIME type (if known). MIMEType string `json:"mimeType,omitempty"` // Size is the resource's size in bytes. Size int64 `json:"size,omitempty"` }
StoredResource contains details about location and the way to access a specific data asset.
func (*StoredResource) GetEncryptionKey ¶
func (sc *StoredResource) GetEncryptionKey() *AESKey
func (*StoredResource) StorageID ¶
func (sc *StoredResource) StorageID() string
type VaultProperties ¶
type VaultProperties struct { // ID is the vault's ID. ID string // Name is the vault's name. Vault names should be unique within each instance of MetaLocker. Name string // Type is the vault's type. It defines the underlying technology. Type string // SSE is true if the vault provides Server Side Encryption. If it does, data sent to the vault // should not be encrypted on the client side. SSE bool // CAS is true if the vault generates content addressable IDs CAS bool }
VaultProperties defines basic properties of a MetaLocker vault.