model

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2024 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AccessKeyType = "AccessKey"

	AccessKeyHeaderDate      = "X-Meta-Date"
	AccessKeyHeaderClientKey = "X-Meta-Client-Key"
	AccessKeyHeaderBodyHash  = "X-Meta-Body-Hash"
)
View Source
const (
	NTopicNewBlock = "ledger.newBlock"

	MessageTypeNewBlockNotification = "NewBlockNotification"
)
View Source
const (
	ProvTypeAgent       = "Agent"
	ProvTypeRole        = "Role"
	ProvTypeUsage       = "Usage"
	ProvTypeActivity    = "Activity"
	ProvTypeEntity      = "Entity"
	ProvTypeAssociation = "Association"
)
View Source
const (
	RcTypeAlgo0 = 0
	RcTypeAlgo1 = 1

	// RecordFlagPublic bit is set to true, if the underlying operation
	// and data assets are available in a clear-text form. Use this
	// flag to publish data that needs to be accessed by third parties
	// that don't know the locker secrets.
	RecordFlagPublic uint32 = 0x00000001
)
View Source
const (
	Ed25519VerificationKey2018Type = "Ed25519VerificationKey2018"
)
View Source
const KeySize = 32
View Source
const (
	// MerkleID is an ID used for signing and verification of Merkle documents.
	// We set the document ID to MerkleID before signing (because final Merkle ID of the document
	// is a hash of the document including its signature
	MerkleID = "_:merkle_root_2016"
)
View Source
const (
	NonceLength = 32
)
View Source
const (
	PiprateContextURL = "https://piprate.org/context/piprate.jsonld"
)
View Source
const (
	RequestingCommitmentTag = "requesting commitment"
)
View Source
const (
	TypeResource = "Resource"
)

Variables

View Source
var (
	ErrMissingDateInHeader      = errors.New("missing " + AccessKeyHeaderDate + " in request header")
	ErrMissingClientKeyInHeader = errors.New("missing " + AccessKeyHeaderClientKey + " in request header")
)
View Source
var (
	// ErrDataSetNotFound indicates the dataset was not found. It may mean the dataset is available
	// in MetaLocker, but not accessible by the given data wallet.
	ErrDataSetNotFound  = errors.New("dataset not found")
	ErrResourceNotFound = errors.New("resource not found")
)
View Source
var (
	// ErrRecordNotFound indicates the ledger record was not found
	ErrRecordNotFound = errors.New("record not found")
	// ErrBlockNotFound indicates the ledger block was not found
	ErrBlockNotFound = errors.New("block not found")
	// ErrDataAssetNotFound indicates the data asset was not found
	ErrDataAssetNotFound = errors.New("data asset not found")
	// ErrAssetHeadNotFound indicates the record for an asset head is not found
	ErrAssetHeadNotFound = errors.New("asset head not found")
)
View Source
var (
	ErrDataAssetAccessDenied = errors.New("access to data asset denied")
	ErrBlobNotFound          = errors.New("blob not found")
)
View Source
var (
	// DefaultMaxDistanceSeconds is 5 minutes
	DefaultMaxDistanceSeconds int64 = 5 * 60
)
View Source
var ErrAuthorizationNotFound = errors.New("missing or invalid Authorization in request header")
View Source
var ErrInvalidDID = errors.New("invalid DID identifier")
View Source
var (
	// ErrOperationNotFound indicates that operation was not found
	ErrOperationNotFound = errors.New("operation not found")
)

Functions

func AnonDecrypt

func AnonDecrypt(cypherText, privateKey []byte) ([]byte, error)

func AnonEncrypt

func AnonEncrypt(msg, publicKey []byte) []byte

AnonEncrypt encrypts a message by anonymous-encryption scheme. Sealed boxes are designed to anonymously send messages to a Recipient given its public key. Only the Recipient can decrypt these messages, using its private key. While the Recipient can verify the integrity of the message, it cannot verify the identity of the Sender.

func BuildAuthorisingCommitmentInput

func BuildAuthorisingCommitmentInput(privKey *hdkeychain.ExtendedKey, opAddress string) []byte

func BuildDIDPrefix

func BuildDIDPrefix(method string) string

func BuildDigitalAssetID

func BuildDigitalAssetID(data []byte, fingerprintAlgorithm, didMethod string) (string, error)

BuildDigitalAssetID creates a new instance for Digital Asset from a pre-calculated fingerprint.

func BuildDigitalAssetIDFromFile

func BuildDigitalAssetIDFromFile(filename, fingerprintAlgorithm, didMethod string) (string, string, error)

BuildDigitalAssetIDFromFile creates a new instance for Digital Asset

func BuildDigitalAssetIDFromReader

func BuildDigitalAssetIDFromReader(r io.Reader, fingerprintAlgorithm, didMethod string) (string, error)

BuildDigitalAssetIDFromReader creates a new instance for Digital Asset from a pre-calculated fingerprint.

func BuildDigitalAssetIDWithFingerprint

func BuildDigitalAssetIDWithFingerprint(fp []byte, didMethod string) string

BuildDigitalAssetIDWithFingerprint creates a new instance for Digital Asset from a pre-calculated fingerprint.

func BuildRequestingCommitmentInput

func BuildRequestingCommitmentInput(leaseID string, expiresAt *time.Time) []byte

func BuildRoutingKey

func BuildRoutingKey(key *btcec.PublicKey) (string, error)

func BuildSharedSecret

func BuildSharedSecret(key *hdkeychain.ExtendedKey) string

func CompactDocument

func CompactDocument(input []byte, ctxURL string) ([]byte, error)

func DecryptAESCGM

func DecryptAESCGM(ciphertext []byte, key *AESKey) (plaintext []byte, err error)

DecryptAESCGM decrypts data using 256-bit AES-GCM. This both hides the content of the data and provides a check that it hasn't been altered. Expects input form nonce|ciphertext|tag where '|' indicates concatenation.

func DecryptCredentials

func DecryptCredentials(recipient *DID, credentials, subject string) (string, string, error)

func DefaultDocumentLoader

func DefaultDocumentLoader() ld.DocumentLoader

func DeriveStorageAccessKey

func DeriveStorageAccessKey(leaseID string) (ed25519.PublicKey, ed25519.PrivateKey)

func EncryptAESCGM

func EncryptAESCGM(plaintext []byte, key *AESKey) (ciphertext []byte, err error)

EncryptAESCGM encrypts data using 256-bit AES-GCM. This both hides the content of the data and provides a check that it hasn't been altered. Output takes the form nonce|ciphertext|tag where '|' indicates concatenation.

func EncryptCredentials

func EncryptCredentials(recipient *DID, keyID, secret, subject string) string

func ExpandDocument

func ExpandDocument(input []byte) ([]byte, error)

func ExtractDIDMethod

func ExtractDIDMethod(didID string) (string, error)

func ExtractSignature

func ExtractSignature(hdr http.Header) (string, string, error)

func FlattenDocument

func FlattenDocument(input []byte, ctx any) ([]byte, error)

func GenerateAccessKeyID

func GenerateAccessKeyID() string

func GenerateAccessToken

func GenerateAccessToken(recordID, leaseID string, now, leaseExpiryTime int64) string

func GenerateDocumentNodeMap

func GenerateDocumentNodeMap(input []byte) (map[string]any, error)

GenerateDocumentNodeMap exposes GenerateNodeMap method from JSON-LD API. It shouldn't be really used directly (use Flatten instead), but it's sometimes useful for debugging JSON-LD schema related issues.

func GenerateNewHDKey

func GenerateNewHDKey(seed []byte) (*hdkeychain.ExtendedKey, *hdkeychain.ExtendedKey, error)

func Hash

func Hash(tag string, data []byte) []byte

Hash generates a hash of data using HMAC-SHA-512/256. The tag is intended to be a natural-language string describing the purpose of the hash, such as "hash file for lookup key" or "master secret to client secret". It serves as an HMAC "key" and ensures that different purposes will have different hash output. This function is NOT suitable for hashing passwords.

func HashRequestBody

func HashRequestBody(body []byte) []byte

func HeadID

func HeadID(assetID string, lockerID string, sender *LockerParticipant, headName string) string

func NewAssetID

func NewAssetID(method string) string

NewAssetID generates a new random asset ID.

func PackHeadBody

func PackHeadBody(assetID, lockerID, participantID, name, recordID string) []byte

func Pad

func Pad(src []byte) []byte

func PutBinaryContextIntoDefaultDocumentLoader

func PutBinaryContextIntoDefaultDocumentLoader(url string, ctx []byte) error

func PutContextIntoDefaultDocumentLoader

func PutContextIntoDefaultDocumentLoader(url, filePath string) error

func PutContextMapIntoDefaultDocumentLoader

func PutContextMapIntoDefaultDocumentLoader(contextMap map[string]string) error

func RandomKeyIndex

func RandomKeyIndex() uint32

func RecordsToCSV

func RecordsToCSV(recs []*Record) []byte

func SetDebugMode

func SetDebugMode(v bool)

func SetDefaultDocumentLoader

func SetDefaultDocumentLoader(l ld.DocumentLoader)

func SignRequest

func SignRequest(hdr http.Header, keyID string, clientSecret *AESKey, clientHMACKey []byte, now time.Time, url string, body []byte) (string, error)

func UnpackHeadBody

func UnpackHeadBody(val []byte) (string, string, string, string, string)

func UnwrapDigitalAssetID

func UnwrapDigitalAssetID(id string) string

UnwrapDigitalAssetID removes 'did:method:' component from the given DID

func ValidateDIDMethodPrefix

func ValidateDIDMethodPrefix(methodPrefix string) error

func ValidateRequest

func ValidateRequest(hdr http.Header, reqSig string, encryptedHMACKey []byte, reqTime time.Time, url string, bodyHash []byte) (bool, error)

func VerifyAccessToken

func VerifyAccessToken(ctx context.Context, at, dataAssetID string, now, maxDistanceSeconds int64, ledger AccessVerifier) bool

func VerifyDigitalAssetID

func VerifyDigitalAssetID(id, fingerprintAlgorithm string, data []byte) (bool, error)

func VerifySemanticDigitalAssetID

func VerifySemanticDigitalAssetID(id, fingerprintAlgorithm string, data []byte) (bool, error)

Types

type AESKey

type AESKey [32]byte

func DecodeAESKey

func DecodeAESKey(val string, privKey ed25519.PrivateKey) (*AESKey, error)

func DeriveClientAESKey

func DeriveClientAESKey(pk ed25519.PrivateKey) *AESKey

func DeriveEncryptionKey

func DeriveEncryptionKey(secret1, secret2 []byte) *AESKey

func DeriveSymmetricalKey

func DeriveSymmetricalKey(secret []byte, pubKey *btcec.PublicKey) *AESKey

func NewAESKey

func NewAESKey(val []byte) *AESKey

func NewEncryptionKey

func NewEncryptionKey() *AESKey

NewEncryptionKey generates a random 256-bit key for Encrypt() and Decrypt(). It panics if the source of randomness fails.

func SplitClientSecret

func SplitClientSecret(secret string) (ed25519.PrivateKey, *AESKey, []byte, error)

func (*AESKey) Base64

func (k *AESKey) Base64() string

func (AESKey) Bytes

func (k AESKey) Bytes() []byte

func (*AESKey) Zero

func (k *AESKey) Zero()

type AccessKey

type AccessKey struct {
	ID          string      `json:"id"`
	AccountID   string      `json:"account"`
	AccessLevel AccessLevel `json:"level"`
	Secret      string      `json:"secret,omitempty"`
	Type        string      `json:"type"`

	ManagementKey       string `json:"mgmtKey"`
	EncryptedManagedKey string `json:"emk,omitempty"`
	EncryptedHostedKey  string `json:"ehk,omitempty"`

	ManagementKeyPub ed25519.PublicKey  `json:"-"`
	ManagementKeyPrv ed25519.PrivateKey `json:"-"`
	ClientSecret     *AESKey            `json:"-"`
	ClientHMACKey    []byte             `json:"-"`
}

AccessKey defines a key that can be used to access MetaLocker. Access keys are useful for programmatic or temporary access to MetaLocker data without revealing its main encryption keys.

func GenerateAccessKey

func GenerateAccessKey(accountID string, accessLevel AccessLevel) (*AccessKey, error)

GenerateAccessKey creates a new access key that can be used to connect to MetaLocker.

Client will use: keyID, management key (64-byte private Ed-25519 key), HMAC key (64 bytes) Server will use: keyID, encrypted HMAC key

func (*AccessKey) AddHostedKey

func (ak *AccessKey) AddHostedKey(key *AESKey)

func (*AccessKey) AddManagedKey

func (ak *AccessKey) AddManagedKey(key *AESKey)

func (*AccessKey) Bytes

func (ak *AccessKey) Bytes() []byte

func (*AccessKey) ClientKeys

func (ak *AccessKey) ClientKeys() (string, string)

ClientKeys returns a pair <key-id> and <secret-string> that can be used by a remote client to gain access to a specific account with specific restrictions.

func (*AccessKey) Hydrate

func (ak *AccessKey) Hydrate(secret string) error

func (*AccessKey) Neuter

func (ak *AccessKey) Neuter()

type AccessLevel

type AccessLevel int32
const (
	AccessLevelNone       AccessLevel = 0
	AccessLevelRestricted AccessLevel = 1
	AccessLevelManaged    AccessLevel = 2
	AccessLevelHosted     AccessLevel = 3
	AccessLevelLocal      AccessLevel = 4
	AccessLevelCold       AccessLevel = 5
)

type AccessVerifier

type AccessVerifier interface {
	// GetRecord returns a ledger record by its ID. Returns ErrRecordNotFound error
	// if record was not found.
	GetRecord(ctx context.Context, rid string) (*Record, error)
	// GetDataAssetState returns the state of the given data asset. Returns
	// ErrDataAssetNotFound error if data asset not found.
	GetDataAssetState(ctx context.Context, id string) (DataAssetState, error)
	// GetRecordState returns ledger record state for the given
	// record ID. It's useful to identify if the record
	// was published on the ledger (and its block ID) or if the lease
	// behind the record was revoked.
	GetRecordState(ctx context.Context, rid string) (*RecordState, error)
}

AccessVerifier is used by MetaLocker vaults to retrieve record and data asset information that is necessary to identify whether to serve the requested data asset.

type Algorithm

type Algorithm struct {
	Context any    `json:"@context,omitempty"`
	ID      string `json:"id"`
	Type    any    `json:"type"`
}

type BlobManager

type BlobManager interface {
	GetBlob(ctx context.Context, res *StoredResource, accessToken string) (io.ReadCloser, error)
	SendBlob(ctx context.Context, data io.Reader, cleartext bool, vaultID string) (*StoredResource, error)
	PurgeBlob(ctx context.Context, res *StoredResource) error

	GetVaultMap(ctx context.Context) (map[string]*VaultProperties, error)
}

BlobManager is a trusted component that reads and writes binary data to MetaLocker vaults. BlobManager manages client-side encryption for blobs. There is no need to encrypt of decrypt data that comes from BlobManager.

type Block

type Block struct {
	Number     int64  `json:"number"`
	Hash       string `json:"hash"`
	ParentHash string `json:"parentHash,omitempty"`
}

Block defines a block of the MetaLocker ledger. Blocks are identified by their sequential numbers, starting with 0. Hash and ParentHash fields allow connecting a specific block with the underlying block implementation.

type Confirmation

type Confirmation struct {
	Type       string              `json:"type"`
	Offer      *KnowledgeOffer     `json:"offer"`
	Terms      []*OfferTerms       `json:"terms,omitempty"`
	Provenance []*QuotedFromEntity `json:"provenance,omitempty"`
}

type ConsentReceipt

type ConsentReceipt struct {
	Version          string          `json:"version,omitempty"`
	Jurisdiction     string          `json:"jurisdiction,omitempty"`
	ConsentTimestamp uint64          `json:"consentTimestamp,omitempty"`
	CollectionMethod string          `json:"collectionMethod,omitempty"`
	ConsentReceiptID string          `json:"consentReceiptID,omitempty"`
	Subject          string          `json:"subject,omitempty"`
	DataController   *DataController `json:"dataController,omitempty"`
	Services         []*Service      `json:"services,omitempty"`
	PolicyURL        string          `json:"policyUrl,omitempty"`
	Sensitive        bool            `json:"sensitive,omitempty"`
	SpiCat           []string        `json:"spiCat,omitempty"`
}

type Criteria

type Criteria struct {
	ID      string           `json:"id"`
	Type    string           `json:"type"`
	Name    string           `json:"name,omitempty"`
	Version string           `json:"version,omitempty"`
	Params  []map[string]any `json:"parameters,omitempty"`
}

type DID

type DID struct {
	// ID is a decentralised identifier.
	ID string `json:"id" example:"did:piprate:9JA3ukzEXQeoTLyH9N2Jdp"`
	// VerKey public Ed25519 key in base58 encoding
	VerKey string `json:"verKey" example:"<public key in base58 encoding>"`
	// SignKey (optional) private Ed25519 key in base58 encoding
	SignKey string `json:"signKey,omitempty" example:"<private key in base58 encoding>"`
	// contains filtered or unexported fields
}

DID is a Hyperledger Indy-style definition of a decentralised identifier (DID). DID is a globally unique persistent identifier that does not require a centralized registration authority because it is generated and/or registered cryptographically.

func GenerateDID

func GenerateDID(options ...DIDOption) (*DID, error)

func NewDID

func NewDID(did, verKey, signKey string) *DID

func (*DID) Bytes

func (did *DID) Bytes() []byte

func (*DID) Copy

func (did *DID) Copy() *DID

func (*DID) NeuteredCopy

func (did *DID) NeuteredCopy() *DID

func (*DID) Sign

func (did *DID) Sign(message []byte) []byte

func (*DID) SignKeyValue

func (did *DID) SignKeyValue() ed25519.PrivateKey

func (*DID) VerKeyValue

func (did *DID) VerKeyValue() ed25519.PublicKey

func (*DID) Verify

func (did *DID) Verify(message, signature []byte) bool

func (*DID) Zero

func (did *DID) Zero()

type DIDDocument

type DIDDocument struct {
	Context        any        `json:"@context,omitempty"`
	ID             string     `json:"id"`
	PublicKey      []any      `json:"publicKey,omitempty"`
	Authentication []any      `json:"authentication,omitempty"`
	Service        []any      `json:"service,omitempty"`
	Created        *time.Time `json:"created,omitempty"`
	Updated        *time.Time `json:"updated,omitempty"`
	Proof          *Proof     `json:"proof,omitempty"`
}

func SimpleDIDDocument

func SimpleDIDDocument(did *DID, created *time.Time) (*DIDDocument, error)

func (*DIDDocument) Bytes

func (d *DIDDocument) Bytes() []byte

func (*DIDDocument) Equals

func (d *DIDDocument) Equals(anotherD *DIDDocument) bool

func (*DIDDocument) ExtractIndyStyleDID

func (d *DIDDocument) ExtractIndyStyleDID() (*DID, error)

func (*DIDDocument) Sign

func (d *DIDDocument) Sign(identity string, key ed25519.PrivateKey) error

Sign signs the document and assigns Merkle ID to the root JSON-LD element

func (*DIDDocument) Verify

func (d *DIDDocument) Verify(key ed25519.PublicKey) (bool, error)

type DIDOption

type DIDOption func(opts *didOptions)

func WithMethod

func WithMethod(method string) DIDOption

func WithSeed

func WithSeed(seed string) DIDOption

type DIDProvider

type DIDProvider interface {
	CreateDIDDocument(ctx context.Context, ddoc *DIDDocument) error
	GetDIDDocument(ctx context.Context, iid string) (*DIDDocument, error)
}

type DataAssetState

type DataAssetState int
const (
	DataAssetStateKeep     DataAssetState = 1
	DataAssetStateRemove   DataAssetState = 2
	DataAssetStateNotFound DataAssetState = 3
)

type DataController

type DataController struct {
	OnBehalf         bool     `json:"onBehalf,omitempty"`
	Org              string   `json:"org,omitempty"`
	Contact          string   `json:"contact,omitempty"`
	Address          any      `json:"address,omitempty"`
	Email            string   `json:"email,omitempty"`
	Phone            string   `json:"phone,omitempty"`
	PIIControllerURL *url.URL `json:"piiControllerUrl,omitempty"`
}

type DataSet

type DataSet interface {
	// ID returns the dataset's record ID.
	ID() string
	// MetaResource returns a reader for the dataset's meta resource.
	MetaResource(ctx context.Context) (io.ReadCloser, error)
	// DecodeMetaResource is a convenience function that unmarshals the dataset's metadata into the given structure.
	DecodeMetaResource(ctx context.Context, obj any) error
	// Resources returns a list of resource IDs that belong to the dataset.
	Resources() []string
	// Resource returns a reader for the given resource within the dataset.
	Resource(ctx context.Context, id string) (io.ReadCloser, error)
	// DecodeResource is a convenience function that unmarshals the requested resource into the given structure.
	DecodeResource(ctx context.Context, id string, obj any) error
	// Lease returns the dataset's lease document
	Lease() *Lease
	// Impression returns the dataset's impression document (also available through Lease() )
	Impression() *Impression

	// Record returns the dataset's record structure
	Record() *Record
	// BlockNumber returns the number (ID) of the block where the dataset's record appeared.
	BlockNumber() int64
	// LockerID returns the ID of the locker that contains the dataset.
	LockerID() string
	// ParticipantID returns the ID (the corresponding identity's DID) of the locker participant
	// that submitted the dataset.
	ParticipantID() string
}

DataSet defines an interface to a MetaLocker dataset stored in the given record.

type Ed25519VerificationKey2018

type Ed25519VerificationKey2018 struct {
	Context         any        `json:"@context,omitempty"`
	ID              string     `json:"id"`
	Type            string     `json:"type"`
	Controller      string     `json:"controller"`
	Expires         *time.Time `json:"expires,omitempty"`
	PublicKeyBase58 string     `json:"publicKeyBase58"`
}

Ed25519VerificationKey2018 is based on https://w3c-dvcg.github.io/lds-ed25519-2018/

type Impression

type Impression struct {
	Context         any           `json:"@context"`
	ID              string        `json:"id"`
	Type            []string      `json:"type"`
	Asset           string        `json:"asset,omitempty"`
	ProvGraph       any           `json:"graph,omitempty"`
	WasAttributedTo string        `json:"wasAttributedTo,omitempty"`
	GeneratedAtTime *time.Time    `json:"generatedAtTime,omitempty"`
	MetaResource    *MetaResource `json:"resource,omitempty"`

	RevisionNumber   int64  `json:"revisionNumber,omitempty"`
	RevisionMessage  string `json:"revisionMessage,omitempty"`
	WasRevisionOf    string `json:"wasRevisionOf,omitempty"`
	SpecializationOf string `json:"specializationOf,omitempty"`

	Proof *Proof `json:"proof,omitempty"`
}

Impression is a semantic definition of a dataset that contains verifiable information about its provenance, authorship, relation to other datasets, including revision data. Impression is signed by its creator using JSON-LD Signature scheme.

func NewBlankImpression

func NewBlankImpression() *Impression

func NewImpression

func NewImpression(body []byte) (*Impression, error)

func (*Impression) Bytes

func (ii *Impression) Bytes() []byte

func (*Impression) Compact

func (ii *Impression) Compact() ([]byte, error)

func (*Impression) Copy

func (ii *Impression) Copy() *Impression

func (*Impression) GetProvenance

func (ii *Impression) GetProvenance(resourceID string) any

func (*Impression) GetVariantID

func (ii *Impression) GetVariantID() string

func (*Impression) IsRoot

func (ii *Impression) IsRoot() bool

func (*Impression) IsSigned

func (ii *Impression) IsSigned() bool

func (*Impression) MerkleSign

func (ii *Impression) MerkleSign(identity string, key ed25519.PrivateKey) error

func (*Impression) MerkleVerify

func (ii *Impression) MerkleVerify(key ed25519.PublicKey) (bool, error)

func (*Impression) Revision

func (ii *Impression) Revision() int64

func (*Impression) RevisionOf

func (ii *Impression) RevisionOf() string

type KnowledgeOffer

type KnowledgeOffer struct {
	ID               string        `json:"id"`
	Type             string        `json:"type"`
	Sender           string        `json:"sender"`
	Recipient        string        `json:"recipient"`
	Expires          *time.Time    `json:"expires,omitempty"`
	Asset            any           `json:"asset"`
	DatasetType      string        `json:"datasetType"`
	DatasetPreview   any           `json:"datasetPreview,omitempty"`
	RevisionNumber   int64         `json:"revisionNumber,omitempty"`
	WasRevisionOf    string        `json:"wasRevisionOf,omitempty"`
	SpecializationOf string        `json:"specializationOf,omitempty"`
	Terms            []*OfferTerms `json:"terms"`
	Proof            *Proof        `json:"proof,omitempty"`
}

func NewKnowledgeOffer

func NewKnowledgeOffer(body []byte) (*KnowledgeOffer, error)

func (*KnowledgeOffer) Bytes

func (ko *KnowledgeOffer) Bytes() []byte

func (*KnowledgeOffer) MerkleSign

func (ko *KnowledgeOffer) MerkleSign(identity string, key ed25519.PrivateKey) error

func (*KnowledgeOffer) MerkleVerify

func (ko *KnowledgeOffer) MerkleVerify(key ed25519.PublicKey) (bool, error)

type KnowledgeProspectus

type KnowledgeProspectus struct {
	Context any               `json:"@context"`
	ID      string            `json:"id"`
	Type    string            `json:"type"`
	Creator string            `json:"creator,omitempty"`
	Created *time.Time        `json:"created,omitempty"`
	Query   *KnowledgeQuery   `json:"query,omitempty"`
	Offers  []*KnowledgeOffer `json:"offers,omitempty"`
	Proof   *Proof            `json:"proof,omitempty"`
}

func NewKnowledgeProspectus

func NewKnowledgeProspectus(body []byte) (*KnowledgeProspectus, error)

func (*KnowledgeProspectus) Bytes

func (kp *KnowledgeProspectus) Bytes() []byte

func (*KnowledgeProspectus) MerkleSign

func (kp *KnowledgeProspectus) MerkleSign(identity string, key ed25519.PrivateKey) error

func (*KnowledgeProspectus) MerkleVerify

func (kp *KnowledgeProspectus) MerkleVerify(key ed25519.PublicKey) (bool, error)

type KnowledgeQuery

type KnowledgeQuery struct {
	Context  any        `json:"@context"`
	ID       string     `json:"id"`
	Type     string     `json:"type"`
	Creator  string     `json:"creator,omitempty"`
	Created  *time.Time `json:"created,omitempty"`
	Criteria *Criteria  `json:"criteria,omitempty"`
	Proof    *Proof     `json:"proof,omitempty"`
}

type KnowledgeSharingRequest

type KnowledgeSharingRequest struct {
	Context       any                  `json:"@context"`
	ID            string               `json:"id"`
	Type          string               `json:"type"`
	Creator       string               `json:"creator,omitempty"`
	Created       *time.Time           `json:"created,omitempty"`
	Prospectus    *KnowledgeProspectus `json:"prospectus,omitempty"`
	Locker        string               `json:"locker,omitempty"`
	Vault         string               `json:"vault,omitempty"`
	Confirmations []*Confirmation      `json:"confirmations"`
	Proof         *Proof               `json:"proof,omitempty"`
}

type KnowledgeSharingResult

type KnowledgeSharingResult struct {
	RecordID     string `json:"recordId"`
	ImpressionID string `json:"impressionId"`
	Payload      any    `json:"payload,omitempty"`
}

type Lease

type Lease struct {
	ID          string            `json:"id"`
	Type        string            `json:"type"`
	ExpiresAt   *time.Time        `json:"expire,omitempty"`
	Resources   []*StoredResource `json:"storage"`
	DataSetType string            `json:"datasetType"`
	Impression  *Impression       `json:"impression"`
	Provenance  *ProvEntity       `json:"provenance,omitempty"`
	Proof       *Proof            `json:"proof,omitempty"`
}

Lease is a dataset lease as a MetaLocker operation. This lease is stored in OffChainStorage.

func NewLease

func NewLease(body []byte) (*Lease, error)

func (*Lease) DataAssetList

func (l *Lease) DataAssetList(includeMetaAsset bool) []string

func (*Lease) GenerateAccessToken

func (l *Lease) GenerateAccessToken(rid string) string

func (*Lease) GetResourceIDs

func (l *Lease) GetResourceIDs() []string

func (*Lease) MetaResource

func (l *Lease) MetaResource() *StoredResource

func (*Lease) Resource

func (l *Lease) Resource(assetID string) *StoredResource

type Ledger

type Ledger interface {
	io.Closer

	// SubmitRecord adds a ledger records into the queue to be
	// included into the next block.
	SubmitRecord(ctx context.Context, r *Record) error
	// GetRecord returns a ledger record by its ID. Returns ErrRecordNotFound error
	// if record was not found.
	GetRecord(ctx context.Context, rid string) (*Record, error)
	// GetRecordState returns ledger record state for the given
	// record ID. It's useful to identify if the record
	// was published on the ledger (and its block ID) or if the lease
	// behind the record was revoked.
	GetRecordState(ctx context.Context, rid string) (*RecordState, error)
	// GetBlock returns a block definition for the given block number.
	GetBlock(ctx context.Context, bn int64) (*Block, error)
	// GetBlockRecords returns a list of all ledger records included
	// in the block as an array of arrays of strings:
	//     [record_id, routing_key, key_index]*
	// Returns ErrBlockNotFound error if block was not found.
	GetBlockRecords(ctx context.Context, bn int64) ([][]string, error)
	// GetGenesisBlock returns the definition of the genesis block.
	// If there is no genesis block yet, it will return nil as a block.
	GetGenesisBlock(ctx context.Context) (*Block, error)
	// GetTopBlock returns the definition of the top (latest) block.
	// If there are no blocks yet, it will return nil as a block.
	GetTopBlock(ctx context.Context) (*Block, error)
	// GetChain returns a sequence of block definitions of
	// the given length (depth), starting from the given block id
	GetChain(ctx context.Context, startNumber int64, depth int) ([]*Block, error)
	// GetDataAssetState returns the state of the given data asset. Returns
	// ErrDataAssetNotFound error if data asset not found.
	GetDataAssetState(ctx context.Context, id string) (DataAssetState, error)
	// GetAssetHead returns the record of type = head that defines the current asset head for the given ID.
	GetAssetHead(ctx context.Context, headID string) (*Record, error)
}

Ledger is an interface to a MetaLocker ledger.

type Locker

type Locker struct {
	// ID is the unique locker ID.
	ID string `json:"id"`
	// Name is the locker's name. These names are useful for locker documentation purposes.
	// They aren't used in any data processing.
	Name string `json:"name"`
	// AccessLevel is the locker's access level. Data wallet needs to be unlocked to a specific access level
	// to gain access to lockers at this level or higher.
	AccessLevel AccessLevel `json:"level"`
	// Participants is a list of locker participants.
	Participants []*LockerParticipant `json:"participants"`
	// Created is the locker's creation time. For documentation purposes only.
	Created *time.Time `json:"created"`
	// Expires is the time when the locker will expire. NOT SUPPORTED.
	Expires *time.Time `json:"expires,omitempty"`
	// Sealed is the time when the locker was sealed (closed). NOT SUPPORTED.
	Sealed *time.Time `json:"sealed,omitempty"`
	// FirstBlock is the block number that was the height of the chain when the locker was created.
	// It is guaranteed that all records for this locker will be in blocks AFTER this block.
	FirstBlock int64 `json:"firstBlock"`
	// LastBlock is the block number that was the height of the chain when the locker was sealed.
	// It is guaranteed that all records for this locker will be in blocks BEFORE this block.
	// NOT SUPPORTED.
	LastBlock int64 `json:"lastBlock,omitempty"`
	// ThirdPartyAcceptedAtBlock is the number of the block when the locker was accepted by the owner
	// when the owner acts as a third party (is not a participant on the locker)
	ThirdPartyAcceptedAtBlock int64 `json:"acceptedAtBlock,omitempty"`
}

Locker is a secure, persistent, bidirectional communication channel between two or more participants. A special type of locker with just one participant is called a uni-locker.

func GenerateLocker

func GenerateLocker(accessLevel AccessLevel, name string, expires *time.Time, firstBlock int64,
	parties ...PartyOption) (*Locker, error)

func (*Locker) AcceptedAtBlock

func (l *Locker) AcceptedAtBlock() int64

func (*Locker) Bytes

func (l *Locker) Bytes() []byte

func (*Locker) Copy

func (l *Locker) Copy() *Locker

func (*Locker) GetParticipant

func (l *Locker) GetParticipant(participantID string) *LockerParticipant

func (*Locker) Hydrate

func (l *Locker) Hydrate(pk ed25519.PrivateKey) error

func (*Locker) IsHydrated

func (l *Locker) IsHydrated() bool

func (*Locker) IsUnilocker

func (l *Locker) IsUnilocker() bool

func (*Locker) Perspective

func (l *Locker) Perspective(iid string) *Locker

func (*Locker) SetAcceptedAtBlock

func (l *Locker) SetAcceptedAtBlock(block int64)

func (*Locker) Them

func (l *Locker) Them() *LockerParticipant

func (*Locker) Us

func (l *Locker) Us() *LockerParticipant

func (*Locker) Zero

func (l *Locker) Zero()

type LockerParticipant

type LockerParticipant struct {
	// ID is the participant's identity ID (DID)
	ID string `json:"id"`
	// SharedSecret is a Base64-encoded secret used to encrypt operations in the given locker (leases, etc)
	SharedSecret string `json:"sharedSecret,omitempty"`
	Self         bool   `json:"self,omitempty"`
	// RootPublicKey is a Base64-encoded root public key that can be used to identify if the specific record
	// was issued by this participant.
	RootPublicKey string `json:"rootPublicKey,omitempty"`
	// RootPrivateKeyEnc is a Base64-encoded, encrypted root HD key used to generate record's routing keys.
	RootPrivateKeyEnc string `json:"encryptedRootPrivateKey,omitempty"`
	// AcceptedAtBlock is the number of the block when the locker was accepted by the party
	// and registered in its root locker.
	AcceptedAtBlock int64 `json:"acceptedAtBlock,omitempty"`
	// contains filtered or unexported fields
}

LockerParticipant is a definition of locker participant. It contains sensitive secrets, such as SharedSecret, and should be stored securely.

func (*LockerParticipant) GetOperationSymKey

func (lp *LockerParticipant) GetOperationSymKey(idx uint32) *AESKey

func (*LockerParticipant) GetRecordPrivateKey

func (lp *LockerParticipant) GetRecordPrivateKey(idx uint32) (*hdkeychain.ExtendedKey, error)

func (*LockerParticipant) GetRecordPublicKey

func (lp *LockerParticipant) GetRecordPublicKey(idx uint32) (*btcec.PublicKey, error)

func (*LockerParticipant) GetRootPrivateKey

func (lp *LockerParticipant) GetRootPrivateKey() string

func (*LockerParticipant) Hydrate

func (lp *LockerParticipant) Hydrate(pk ed25519.PrivateKey) error

Hydrate decrypts (if needed) and instantiates ExtendedKey fields from Base64 encoded values

func (*LockerParticipant) IsHydrated

func (lp *LockerParticipant) IsHydrated() bool

func (*LockerParticipant) IsRecordOwner

func (lp *LockerParticipant) IsRecordOwner(routingKey string, idx uint32) (*btcec.PublicKey, *AESKey, error)

func (*LockerParticipant) Zero

func (lp *LockerParticipant) Zero()

type MerkleSigner

type MerkleSigner interface {
	MerkleSign(identity string, key ed25519.PrivateKey) error
}

type MerkleVerifier

type MerkleVerifier interface {
	GetProof() *Proof
	MerkleVerify(key ed25519.PublicKey) (bool, error)
}

type MetaResource

type MetaResource struct {
	// Asset is the meta resource's asset ID.
	Asset string `json:"id,omitempty"`
	// ContentType is the semantic type of the meta resource (and of the dataset).
	ContentType string `json:"contentType,omitempty"`
	// Fingerprint is the digital fingerprint of the meta resource. Because MetaResource
	// is signed as a part of impression, this fingerprint can verify if the meta resource
	// has been altered in any way.
	Fingerprint string `json:"fingerprint,omitempty"`
	// FingerprintAlgorithm is the Fingerprint's algorithm.
	FingerprintAlgorithm string `json:"fingerprintAlgorithm,omitempty"`
}

MetaResource provides Impression with a link to its meta resource, the root document of the underlying dataset.

type NewBlockMessage

type NewBlockMessage struct {
	Type   string `json:"type"`
	Number int64  `json:"number"`
}

type OffChainStorage

type OffChainStorage interface {
	GetOperation(ctx context.Context, opAddr string) ([]byte, error)
	SendOperation(ctx context.Context, opData []byte) (string, error)
	PurgeOperation(ctx context.Context, opAddr string) error
}

OffChainStorage is an interface to a storage layer that is used to store ledger operation definitions. In contrast with ledger records which are permanent, offchain data can be deleted, if the underlying dataset lease expired, or it was revoked, or for any other reason that prohibits access to the given operation.

type OfferTerms

type OfferTerms struct {
	Duration int64 `json:"duration,omitempty"`
}

type OpType

type OpType uint32
var (
	OpTypeLease           OpType = 1
	OpTypeLeaseRevocation OpType = 2
	OpTypeAssetHead       OpType = 3
)

type PartyOption

type PartyOption func() (*LockerParticipant, error)

func Them

func Them(did *DID, seed []byte) PartyOption

func Us

func Us(did *DID, seed []byte) PartyOption

type Proof

type Proof struct {
	Type    string `json:"type"`
	Creator string `json:"creator"`
	Value   string `json:"proofValue"`
}

type ProvActivity

type ProvActivity struct {
	ID                   string             `json:"id,omitempty"`
	Type                 string             `json:"type"`
	Algorithm            string             `json:"algorithm"`
	Used                 any                `json:"used,omitempty"`
	QualifiedUsage       []*ProvUsage       `json:"qualifiedUsage,omitempty"`
	WasAssociatedWith    string             `json:"wasAssociatedWith,omitempty"`
	QualifiedAssociation []*ProvAssociation `json:"qualifiedAssociation,omitempty"`
}

type ProvAgent

type ProvAgent struct {
	ID              string `json:"id"`
	Type            string `json:"type"`
	ActedOnBehalfOf string `json:"actedOnBehalfOf,omitempty"`
}

type ProvAssociation

type ProvAssociation struct {
	Type    string    `json:"type"`
	Agent   any       `json:"agent"`
	HadRole *ProvRole `json:"hadRole,omitempty"`
}

type ProvBundle

type ProvBundle struct {
	Context                any                  `json:"@context,omitempty"`
	ID                     string               `json:"id,omitempty"`
	Type                   string               `json:"type"`
	GeneratedAtTime        *time.Time           `json:"generatedAtTime,omitempty"`
	WasAttributedTo        string               `json:"wasAttributedTo,omitempty"`
	HadPrimarySource       string               `json:"hadPrimarySource,omitempty"`
	QualifiedPrimarySource []*ProvPrimarySource `json:"qualifiedPrimarySource,omitempty"`
	Graph                  any                  `json:"graph,omitempty"`

	Proof *Proof `json:"proof,omitempty"`
}

type ProvEntity

type ProvEntity struct {
	Context         any           `json:"@context,omitempty"`
	ID              string        `json:"id,omitempty"`
	Type            string        `json:"type"`
	WasAttributedTo string        `json:"wasAttributedTo,omitempty"`
	GeneratedAtTime *time.Time    `json:"generatedAtTime,omitempty"`
	WasGeneratedBy  *ProvActivity `json:"wasGeneratedBy,omitempty"`
	WasQuotedFrom   any           `json:"wasQuotedFrom,omitempty"`
	WasAccessibleTo any           `json:"wasAccessibleTo,omitempty"`
	ContentType     string        `json:"contentType,omitempty"`
	MentionOf       string        `json:"mentionOf,omitempty"`
	AsInBundle      string        `json:"asInBundle,omitempty"`

	Proof *Proof `json:"proof,omitempty"`
}

func (*ProvEntity) Bytes

func (pe *ProvEntity) Bytes() []byte

func (*ProvEntity) Copy

func (pe *ProvEntity) Copy() *ProvEntity

func (*ProvEntity) MerkleSign

func (pe *ProvEntity) MerkleSign(identity string, key ed25519.PrivateKey) error

func (*ProvEntity) MerkleVerify

func (pe *ProvEntity) MerkleVerify(key ed25519.PublicKey) (bool, error)

type ProvPrimarySource

type ProvPrimarySource struct {
	Type      string `json:"type"`
	Entity    any    `json:"entity"`
	Algorithm string `json:"algorithm"`
}

type ProvRole

type ProvRole struct {
	Type  string `json:"type"`
	Label string `json:"label"`
}

type ProvUsage

type ProvUsage struct {
	Type    string    `json:"type"`
	Entity  any       `json:"entity"`
	HadRole *ProvRole `json:"hadRole,omitempty"`
}

type QuotedFromEntity

type QuotedFromEntity struct {
	ID            string `json:"id"`
	Type          string `json:"type"`
	WasQuotedFrom string `json:"wasQuotedFrom"`
}

type Record

type Record struct {
	// ID of the record. Currently, it's a hash of the record generated
	// by the Seal function (see below).
	ID string `json:"id"`
	// RoutingKey is a public key from the locker HD structure. It can be
	// used to filter specific messages from the ledger.
	RoutingKey string `json:"routingKey"`
	// KeyIndex is the index of the HD key used to produce the routing key.
	KeyIndex uint32 `json:"keyIndex"`
	// Operation is the type of the operation. May be removed from
	// the record in the future.
	Operation OpType `json:"operationType"`
	// OperationAddress is the address of the Operation (can be an asset ID, IPFS address, etc.)
	OperationAddress string `json:"address,omitempty"`
	// Flags contain a set of flags that modify the record's behaviour.
	// See RecordFlagXXX constants for examples.
	Flags uint32 `json:"flags,omitempty"`
	// AuthorisingCommitment is binary data which allows the originator
	// of the transaction to prove their role, without disclosing any
	// other information about this transaction
	AuthorisingCommitment string `json:"ac,omitempty"`
	// AuthorisingCommitmentType. for future use: there may be different
	// types of commitment structures.
	AuthorisingCommitmentType byte `json:"acType,omitempty"`
	// RequestingCommitment is binary data which allows the recipient of
	// the transaction to prove their right to access data without disclosing
	// any other information about this transaction
	RequestingCommitment string `json:"rc,omitempty"`
	// RequestingCommitmentType. for future use: there may be different types
	// of commitment structures.
	RequestingCommitmentType byte `json:"rcType,omitempty"`
	// ImpressionCommitment is binary data which allows a party to prove
	// that this record contains a specific impression, by combining
	// the impression ID with another artifact, a trapdoor.
	ImpressionCommitment string `json:"ic,omitempty"`
	// ImpressionCommitmentType. for future use: there may be different
	// types of commitment structures.
	ImpressionCommitmentType byte `json:"icType,omitempty"`

	// DataAssets is a list of data assets (blobs) attached to the record
	DataAssets []string `json:"dataAssets,omitempty"`

	SubjectRecord   string   `json:"subjectRecord,omitempty"`
	RevocationProof []string `json:"revocationProof,omitempty"`

	// HeadID is unique ID of the asset head.
	HeadID string `json:"headID,omitempty"`
	// HeadBody contains base64-encoded, encrypted head body (see PackHeadBody() ).
	HeadBody string `json:"headBody,omitempty"`

	// Signature contains a digital signature of the record, signed by
	// the record's private HD key
	Signature string `json:"signature"`

	Status RecordStatus `json:"status,omitempty"`
}

Record represents one data transaction (lease, revocation, etc). It contains no details which would allow a third party observer to identify the participants or the nature of this transaction.

func (*Record) Bytes

func (r *Record) Bytes() []byte

func (*Record) Copy

func (r *Record) Copy() *Record

func (*Record) Seal

func (r *Record) Seal(pk *btcec.PrivateKey) error

func (*Record) ToSlice

func (r *Record) ToSlice() []string

func (*Record) Validate

func (r *Record) Validate() error

func (*Record) Verify

func (r *Record) Verify(publicKey *btcec.PublicKey) (bool, error)

type RecordState

type RecordState struct {
	Status      RecordStatus `json:"status"`
	BlockNumber int64        `json:"number"`
}

func (*RecordState) Bytes

func (r *RecordState) Bytes() []byte

type RecordStatus

type RecordStatus string
const (
	StatusUnknown   RecordStatus = "unknown"
	StatusPending   RecordStatus = "pending"
	StatusPublished RecordStatus = "published"
	StatusRevoked   RecordStatus = "revoked"
	StatusFailed    RecordStatus = "failed"
)

type SemanticAsset

type SemanticAsset struct {
	Context any    `json:"@context,omitempty"`
	ID      string `json:"id"`
	Type    any    `json:"type"`
	Nonce   string `json:"nonce,omitempty"`

	Serial     bool `json:"isSerial,omitempty"`
	IsIdentity bool `json:"isIdentity,omitempty"`

	IsDigital            bool   `json:"isDigital,omitempty"`
	Fingerprint          string `json:"fingerprint,omitempty"`
	FingerprintAlgorithm string `json:"fingerprintAlgorithm,omitempty"`

	WasGeneratedBy map[string]any `json:"wasGeneratedBy,omitempty"`

	Proof *Proof `json:"proof,omitempty"`
}

func GenerateNewSemanticAsset

func GenerateNewSemanticAsset(serial, isIdentity bool, didMethod, nonce string) (*SemanticAsset, error)

func GenerateNewSemanticDigitalAsset

func GenerateNewSemanticDigitalAsset(data []byte, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)

GenerateNewSemanticDigitalAsset creates a new instance for Digital Asset

func GenerateNewSemanticDigitalAssetFromFile

func GenerateNewSemanticDigitalAssetFromFile(filename, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)

GenerateNewSemanticDigitalAssetFromFile creates a new instance for Digital Asset

func GenerateNewSemanticDigitalAssetFromReader

func GenerateNewSemanticDigitalAssetFromReader(r io.Reader, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)

GenerateNewSemanticDigitalAssetFromReader creates a new instance for Digital Asset from io.Reader

func GenerateNewSemanticDigitalAssetWithHash

func GenerateNewSemanticDigitalAssetWithHash(fp []byte, fingerprintAlgorithm, didMethod string) (*SemanticAsset, error)

GenerateNewSemanticDigitalAssetWithHash creates a new instance for Digital Asset from pre-calculated hash.

func GenerateValueAsset

func GenerateValueAsset(functionID string, entityArgs, valueArgs map[string]any, didMethod string) (*SemanticAsset, error)

func (*SemanticAsset) MerkleSetID

func (sa *SemanticAsset) MerkleSetID(didMethod string) error

func (*SemanticAsset) MerkleVerify

func (sa *SemanticAsset) MerkleVerify() (bool, error)

type Service

type Service struct {
	ServiceName string `json:"serviceName,omitempty"`
}

type SignableDocument

type SignableDocument struct {
	// contains filtered or unexported fields
}

func NewSignableDocument

func NewSignableDocument(b []byte) (*SignableDocument, error)

func (*SignableDocument) Context

func (dp *SignableDocument) Context() any

func (*SignableDocument) Copy

func (dp *SignableDocument) Copy() (*SignableDocument, error)

Copy return a deep copy of the document

func (*SignableDocument) Hash

func (dp *SignableDocument) Hash() ([]byte, error)

func (*SignableDocument) ID

func (dp *SignableDocument) ID() string

func (*SignableDocument) MerkleSetID

func (dp *SignableDocument) MerkleSetID(idPrefix string) (string, error)

MerkleSetID assigns Merkle ID to the root JSON-LD element

func (*SignableDocument) MerkleSign

func (dp *SignableDocument) MerkleSign(idPrefix string, identity string, key ed25519.PrivateKey) (string, *Proof, error)

MerkleSign signs the document and assigns Merkle ID to the root JSON-LD element

func (*SignableDocument) MerkleVerify

func (dp *SignableDocument) MerkleVerify(idPrefix string, publicKey ed25519.PublicKey) (bool, error)

MerkleVerify verifies document signature and returns false if verification fails.

func (*SignableDocument) SetContext

func (dp *SignableDocument) SetContext(ctx any)

func (*SignableDocument) Sign

func (dp *SignableDocument) Sign(identity string, key ed25519.PrivateKey) (*Proof, error)

Sign signs the document as per JSON-LD signatures specification.

func (*SignableDocument) Verify

func (dp *SignableDocument) Verify(publicKey ed25519.PublicKey) (bool, error)

Verify verifies document signature as per JSON-LD signatures specification and returns false if verification fails.

type Signer

type Signer interface {
	Sign(message []byte) []byte
}

type StoredResource

type StoredResource struct {
	// ID is the resource ID.
	ID string `json:"id,omitempty"`
	// Type is always equal to TypeResource.
	Type string `json:"type"`
	// Asset is the data asset's content-addressable ID.
	Asset string `json:"asset,omitempty"`
	// Vault is the ID of the vault where the data asset is stored.
	Vault string `json:"vault"`
	// Method is the vault's method of storage. This field defines the meaning of Params field.
	Method string `json:"method"`
	// Params is key/value pairs that are specific to the selected Method. These parameters should be
	// sufficient to locate the resource blob in the vault.
	Params map[string]any `json:"params,omitempty"`
	// EncryptionKey is a Base64-encoded client side encryption key (if the asset was encrypted on the client side).
	EncryptionKey string `json:"encryptionKey,omitempty"`
	// MIMEType is the data asset's MIME type (if known).
	MIMEType string `json:"mimeType,omitempty"`
	// Size is the resource's size in bytes.
	Size int64 `json:"size,omitempty"`
}

StoredResource contains details about location and the way to access a specific data asset.

func (*StoredResource) GetEncryptionKey

func (sc *StoredResource) GetEncryptionKey() *AESKey

func (*StoredResource) StorageID

func (sc *StoredResource) StorageID() string

type VaultProperties

type VaultProperties struct {
	// ID is the vault's ID.
	ID string
	// Name is the vault's name. Vault names should be unique within each instance of MetaLocker.
	Name string
	// Type is the vault's type. It defines the underlying technology.
	Type string
	// SSE is true if the vault provides Server Side Encryption. If it does, data sent to the vault
	// should not be encrypted on the client side.
	SSE bool
	// CAS is true if the vault generates content addressable IDs
	CAS bool
}

VaultProperties defines basic properties of a MetaLocker vault.

type Verifier

type Verifier interface {
	Verify(message, signature []byte) bool
}

Directories

Path Synopsis
raters

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL