Documentation ¶
Overview ¶
Package irma contains generic IRMA strucs and logic of use to all IRMA participants. It parses irma_configuration folders to scheme managers, issuers, credential types and public keys; it contains various messages from the IRMA protocol; it parses IRMA metadata attributes; and it contains attribute and credential verification logic.
Index ¶
- Constants
- Variables
- func ASN1ConvertSignatureNonce(message string, nonce *big.Int, timestamp *atum.Timestamp) *big.Int
- func DefaultDataPath() string
- func DefaultSchemesAssetsPath() string
- func DefaultSchemesPath() string
- func EnsureDefaultSchemesAssetsPathExists() string
- func FloorToEpochBoundary(t time.Time) time.Time
- func GetMetadataVersion(v *ProtocolVersion) byte
- func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf *Configuration) (*atum.Timestamp, error)
- func MarshalBinary(message interface{}) ([]byte, error)
- func ParseApiServerJwt(inputJwt string, signingKey *rsa.PublicKey) (map[AttributeTypeIdentifier]*DisclosedAttribute, error)
- func SetLogger(logger *logrus.Logger)
- func SetTLSClientConfig(config *tls.Config)
- func SignRequestorRequest(request RequestorRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)
- func SignSessionRequest(request SessionRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)
- func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, ...) ([]byte, string, error)
- func UnmarshalBinary(data []byte, dst interface{}) error
- func UnmarshalValidate(data []byte, dest interface{}) error
- func UnmarshalValidateBinary(data []byte, dest interface{}) error
- func WaitStatus(transport *HTTPTransport, initialStatus ServerStatus, ...)
- func WaitStatusChanged(transport *HTTPTransport, initialStatus ServerStatus, ...)
- func WrapErrorPrefix(err error, msg string) error
- type AccumulatorRecord
- type Action
- type AttributeCon
- type AttributeConDisCon
- func (cdc AttributeConDisCon) Iterate(f func(attr *AttributeRequest) error) error
- func (cdc AttributeConDisCon) Satisfy(disclosure *Disclosure, revocation map[int]*time.Time, conf *Configuration) (bool, [][]*DisclosedAttribute, error)
- func (cdc AttributeConDisCon) Validate(conf *Configuration) error
- type AttributeDisCon
- type AttributeIdentifier
- type AttributeList
- func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) TranslatedString
- func (al *AttributeList) CredentialInfo() *CredentialInfo
- func (al *AttributeList) EqualsExceptMetadata(ol *AttributeList) bool
- func (al *AttributeList) Hash() string
- func (al *AttributeList) Info() *CredentialInfo
- func (al *AttributeList) Map() map[AttributeTypeIdentifier]TranslatedString
- func (al *AttributeList) Strings() []TranslatedString
- func (al *AttributeList) UntranslatedAttribute(identifier AttributeTypeIdentifier) *string
- type AttributeProofStatus
- type AttributeRequest
- type AttributeType
- type AttributeTypeIdentifier
- func (id AttributeTypeIdentifier) CredentialTypeIdentifier() CredentialTypeIdentifier
- func (oi AttributeTypeIdentifier) Empty() bool
- func (AttributeTypeIdentifier) GormDBDataType(db *gorm.DB, _ *schema.Field) string
- func (id AttributeTypeIdentifier) IsCredential() bool
- func (oi AttributeTypeIdentifier) MarshalCBOR() (data []byte, err error)
- func (id AttributeTypeIdentifier) MarshalText() ([]byte, error)
- func (oi AttributeTypeIdentifier) Name() string
- func (oi AttributeTypeIdentifier) Parent() string
- func (oi AttributeTypeIdentifier) PartsCount() int
- func (oi AttributeTypeIdentifier) Root() string
- func (oi *AttributeTypeIdentifier) Scan(src interface{}) error
- func (oi AttributeTypeIdentifier) String() string
- func (oi *AttributeTypeIdentifier) UnmarshalCBOR(data []byte) error
- func (id *AttributeTypeIdentifier) UnmarshalText(text []byte) error
- func (oi AttributeTypeIdentifier) Value() (driver.Value, error)
- type BaseRequest
- func (b *BaseRequest) GetContext() *big.Int
- func (b *BaseRequest) GetNonce(*atum.Timestamp) *big.Int
- func (b *BaseRequest) Legacy() bool
- func (b *BaseRequest) RequestsRevocation(id CredentialTypeIdentifier) bool
- func (b *BaseRequest) RevocationSupported() bool
- func (b *BaseRequest) Validate(conf *Configuration) error
- type ClientAuthorization
- type ClientSessionRequest
- type ClientStatus
- type ClientToken
- type Configuration
- func (conf *Configuration) AddPrivateKeyRing(ring PrivateKeyRing) error
- func (conf *Configuration) AutoUpdateSchemes(interval int) error
- func (conf *Configuration) CallListeners()
- func (conf *Configuration) ContainsAttributeType(attr AttributeTypeIdentifier) bool
- func (conf *Configuration) ContainsCredentialType(cred CredentialTypeIdentifier) bool
- func (conf *Configuration) DangerousDeleteScheme(scheme Scheme) error
- func (conf *Configuration) DangerousTOFUInstallScheme(url string) error
- func (conf *Configuration) Download(session SessionRequest) (downloaded *IrmaIdentifierSet, err error)
- func (conf *Configuration) DownloadDefaultSchemes() error
- func (conf *Configuration) InstallScheme(url string, publickey []byte) error
- func (conf *Configuration) IsInAssets(scheme Scheme) (bool, error)
- func (conf *Configuration) IsInitialized() bool
- func (conf *Configuration) KeyshareServerKeyFunc(scheme SchemeManagerIdentifier) func(t *jwt.Token) (interface{}, error)
- func (conf *Configuration) KeyshareServerPublicKey(schemeid SchemeManagerIdentifier, i int) (*rsa.PublicKey, error)
- func (conf *Configuration) ParseFolder() (err error)
- func (conf *Configuration) ParseOrRestoreFolder() (rerr error)
- func (conf *Configuration) ParseSchemeFolder(dir string) (scheme Scheme, serr error)
- func (conf *Configuration) PublicKey(id IssuerIdentifier, counter uint) (*gabikeys.PublicKey, error)
- func (conf *Configuration) PublicKeyIndices(issuerid IssuerIdentifier) (i []uint, err error)
- func (conf *Configuration) PublicKeyLatest(id IssuerIdentifier) (*gabikeys.PublicKey, error)
- func (conf *Configuration) UpdateScheme(scheme Scheme, downloaded *IrmaIdentifierSet) error
- func (conf *Configuration) UpdateSchemes() error
- func (conf *Configuration) ValidateKeys() error
- type ConfigurationListener
- type ConfigurationOptions
- type CredentialDependencies
- type CredentialIdentifier
- type CredentialInfo
- type CredentialInfoList
- type CredentialRequest
- func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion byte, revocationAttr *big.Int, ...) (*AttributeList, error)
- func (cr *CredentialRequest) Info(conf *Configuration, metadataVersion byte, issuedAt time.Time) (*CredentialInfo, error)
- func (cr *CredentialRequest) PublicKeyIdentifier() PublicKeyIdentifier
- func (cr *CredentialRequest) Validate(conf *Configuration) error
- type CredentialType
- func (ct CredentialType) AttributeType(ai AttributeTypeIdentifier) *AttributeType
- func (ct *CredentialType) ContainsAttribute(ai AttributeTypeIdentifier) bool
- func (ct *CredentialType) Identifier() CredentialTypeIdentifier
- func (ct CredentialType) IndexOf(ai AttributeTypeIdentifier) (int, error)
- func (ct *CredentialType) IssuerIdentifier() IssuerIdentifier
- func (ct *CredentialType) Logo(conf *Configuration) string
- func (ct *CredentialType) RandomBlindAttributeIndices() []int
- func (ct *CredentialType) RandomBlindAttributeNames() []string
- func (ct *CredentialType) RevocationSupported() bool
- func (ct *CredentialType) SchemeManagerIdentifier() SchemeManagerIdentifier
- type CredentialTypeIdentifier
- func (oi CredentialTypeIdentifier) Empty() bool
- func (CredentialTypeIdentifier) GormDBDataType(db *gorm.DB, _ *schema.Field) string
- func (id CredentialTypeIdentifier) IssuerIdentifier() IssuerIdentifier
- func (oi CredentialTypeIdentifier) MarshalCBOR() (data []byte, err error)
- func (id CredentialTypeIdentifier) MarshalText() ([]byte, error)
- func (oi CredentialTypeIdentifier) Name() string
- func (oi CredentialTypeIdentifier) Parent() string
- func (oi CredentialTypeIdentifier) PartsCount() int
- func (oi CredentialTypeIdentifier) Root() string
- func (oi *CredentialTypeIdentifier) Scan(src interface{}) error
- func (id CredentialTypeIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier
- func (oi CredentialTypeIdentifier) String() string
- func (oi *CredentialTypeIdentifier) UnmarshalCBOR(data []byte) error
- func (id *CredentialTypeIdentifier) UnmarshalText(text []byte) error
- func (oi CredentialTypeIdentifier) Value() (driver.Value, error)
- type DependencyChain
- type DisclosedAttribute
- type DisclosedAttributeIndex
- type DisclosedAttributeIndices
- type Disclosure
- func (d *Disclosure) DisclosedAttributes(configuration *Configuration, condiscon AttributeConDisCon, ...) (bool, [][]*DisclosedAttribute, error)
- func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error)
- func (d *Disclosure) VerifyAgainstRequest(configuration *Configuration, request SessionRequest, context, nonce *big.Int, ...) ([][]*DisclosedAttribute, ProofStatus, error)
- type DisclosureChoice
- type DisclosureRequest
- func (dr *DisclosureRequest) Action() Action
- func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *string, label TranslatedString)
- func (dr *DisclosureRequest) Base() *BaseRequest
- func (dr *DisclosureRequest) Disclosure() *DisclosureRequest
- func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet
- func (dr *DisclosureRequest) IsDisclosureRequest() bool
- func (dr *DisclosureRequest) Legacy() (SessionRequest, error)
- func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error)
- func (dr *DisclosureRequest) Validate() error
- type ErrorType
- type EventRecord
- type ExpiredError
- type FrontendAuthorization
- type FrontendOptionsRequest
- type FrontendSessionRequest
- type FrontendSessionStatus
- type GetCommitmentsRequest
- type HTTPTransport
- func (transport *HTTPTransport) Delete() error
- func (transport *HTTPTransport) Get(url string, result interface{}) error
- func (transport *HTTPTransport) GetBytes(url string) ([]byte, error)
- func (transport *HTTPTransport) Post(url string, result interface{}, object interface{}) error
- func (transport *HTTPTransport) SetHeader(name, val string)
- type IdentityProviderJwt
- func (claims *IdentityProviderJwt) Action() Action
- func (claims *IdentityProviderJwt) RequestorRequest() RequestorRequest
- func (claims *IdentityProviderJwt) SessionRequest() SessionRequest
- func (claims *IdentityProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
- func (claims *IdentityProviderJwt) Valid() error
- type IdentityProviderRequest
- type IrmaIdentifierSet
- type IssuanceRecord
- type IssuanceRequest
- func (ir *IssuanceRequest) Action() Action
- func (ir *IssuanceRequest) GetCredentialInfoList(conf *Configuration, version *ProtocolVersion, issuedAt time.Time) (CredentialInfoList, error)
- func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet
- func (ir *IssuanceRequest) Legacy() (SessionRequest, error)
- func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error)
- func (ir *IssuanceRequest) Validate() error
- type IssueCommitmentMessage
- type IssueWizard
- type IssueWizardContents
- type IssueWizardIdentifier
- func (oi IssueWizardIdentifier) Empty() bool
- func (IssueWizardIdentifier) GormDBDataType(db *gorm.DB, _ *schema.Field) string
- func (oi IssueWizardIdentifier) MarshalCBOR() (data []byte, err error)
- func (id IssueWizardIdentifier) MarshalText() ([]byte, error)
- func (oi IssueWizardIdentifier) Name() string
- func (oi IssueWizardIdentifier) Parent() string
- func (oi IssueWizardIdentifier) PartsCount() int
- func (id IssueWizardIdentifier) RequestorIdentifier() RequestorIdentifier
- func (oi IssueWizardIdentifier) Root() string
- func (oi *IssueWizardIdentifier) Scan(src interface{}) error
- func (oi IssueWizardIdentifier) String() string
- func (oi *IssueWizardIdentifier) UnmarshalCBOR(data []byte) error
- func (id *IssueWizardIdentifier) UnmarshalText(text []byte) error
- func (oi IssueWizardIdentifier) Value() (driver.Value, error)
- type IssueWizardItem
- type IssueWizardItemType
- type IssueWizardQA
- type Issuer
- type IssuerIdentifier
- func (oi IssuerIdentifier) Empty() bool
- func (IssuerIdentifier) GormDBDataType(db *gorm.DB, _ *schema.Field) string
- func (oi IssuerIdentifier) MarshalCBOR() (data []byte, err error)
- func (id IssuerIdentifier) MarshalText() ([]byte, error)
- func (oi IssuerIdentifier) Name() string
- func (oi IssuerIdentifier) Parent() string
- func (oi IssuerIdentifier) PartsCount() int
- func (oi IssuerIdentifier) Root() string
- func (oi *IssuerIdentifier) Scan(src interface{}) error
- func (id IssuerIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier
- func (oi IssuerIdentifier) String() string
- func (oi *IssuerIdentifier) UnmarshalCBOR(data []byte) error
- func (id *IssuerIdentifier) UnmarshalText(text []byte) error
- func (oi IssuerIdentifier) Value() (driver.Value, error)
- type KeyshareAuthChallenge
- type KeyshareAuthRequest
- type KeyshareAuthRequestClaims
- type KeyshareAuthResponse
- type KeyshareAuthResponseClaims
- type KeyshareAuthResponseData
- type KeyshareChangePin
- type KeyshareChangePinClaims
- type KeyshareChangePinData
- type KeyshareEnrollment
- type KeyshareEnrollmentClaims
- type KeyshareEnrollmentData
- type KeyshareKeyRegistration
- type KeyshareKeyRegistrationClaims
- type KeyshareKeyRegistrationData
- type KeysharePinStatus
- type LegacyDisclosureRequest
- func (dr *LegacyDisclosureRequest) Action() Action
- func (dr *LegacyDisclosureRequest) Base() *BaseRequest
- func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest
- func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet
- func (dr *LegacyDisclosureRequest) Legacy() (SessionRequest, error)
- func (dr *LegacyDisclosureRequest) Validate() error
- type LegacyDisjunction
- type LegacyIssuanceRequest
- func (ir *LegacyIssuanceRequest) Action() Action
- func (ir *LegacyIssuanceRequest) Base() *BaseRequest
- func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest
- func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet
- func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error)
- func (ir *LegacyIssuanceRequest) Validate() error
- type LegacyLabeledDisjunction
- type LegacySignatureRequest
- type MetadataAttribute
- func (attr *MetadataAttribute) Bytes() []byte
- func (attr *MetadataAttribute) CredentialType() *CredentialType
- func (attr *MetadataAttribute) CredentialTypeHash() []byte
- func (attr *MetadataAttribute) Expiry() time.Time
- func (attr *MetadataAttribute) IsValid() bool
- func (attr *MetadataAttribute) IsValidOn(t time.Time) bool
- func (attr *MetadataAttribute) KeyCounter() uint
- func (attr *MetadataAttribute) PublicKey() (*gabikeys.PublicKey, error)
- func (attr *MetadataAttribute) SigningDate() time.Time
- func (attr *MetadataAttribute) ValidityDuration() int
- func (attr *MetadataAttribute) Version() byte
- type NextSessionData
- type NonRevocationParameters
- type NonRevocationRequest
- type PMap
- type PairingMethod
- type PrivateKeyRing
- type PrivateKeyRingFolder
- type ProofList
- func (pl ProofList) Expired(configuration *Configuration, t *time.Time, ...) (bool, error)
- func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabikeys.PublicKey, error)
- func (pl ProofList) VerifyProofs(configuration *Configuration, request SessionRequest, context *big.Int, ...) (bool, map[int]*time.Time, error)
- type ProofPCommitmentMap
- type ProofPCommitmentMapV2
- type ProofStatus
- type ProtocolVersion
- func (v *ProtocolVersion) Above(major, minor int) bool
- func (v *ProtocolVersion) AboveVersion(other *ProtocolVersion) bool
- func (v *ProtocolVersion) Below(major, minor int) bool
- func (v *ProtocolVersion) BelowVersion(other *ProtocolVersion) bool
- func (v *ProtocolVersion) MarshalJSON() ([]byte, error)
- func (v *ProtocolVersion) String() string
- func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error)
- type PublicKeyIdentifier
- type Qr
- type RemoteError
- type RequestorBaseRequest
- type RequestorChunk
- type RequestorIdentifier
- func (oi RequestorIdentifier) Empty() bool
- func (RequestorIdentifier) GormDBDataType(db *gorm.DB, _ *schema.Field) string
- func (oi RequestorIdentifier) MarshalCBOR() (data []byte, err error)
- func (id RequestorIdentifier) MarshalText() ([]byte, error)
- func (oi RequestorIdentifier) Name() string
- func (oi RequestorIdentifier) Parent() string
- func (oi RequestorIdentifier) PartsCount() int
- func (id RequestorIdentifier) RequestorSchemeIdentifier() RequestorSchemeIdentifier
- func (oi RequestorIdentifier) Root() string
- func (oi *RequestorIdentifier) Scan(src interface{}) error
- func (oi RequestorIdentifier) String() string
- func (oi *RequestorIdentifier) UnmarshalCBOR(data []byte) error
- func (id *RequestorIdentifier) UnmarshalText(text []byte) error
- func (oi RequestorIdentifier) Value() (driver.Value, error)
- type RequestorInfo
- type RequestorJwt
- type RequestorRequest
- type RequestorScheme
- type RequestorSchemeIdentifier
- func (oi RequestorSchemeIdentifier) Empty() bool
- func (RequestorSchemeIdentifier) GormDBDataType(db *gorm.DB, _ *schema.Field) string
- func (oi RequestorSchemeIdentifier) MarshalCBOR() (data []byte, err error)
- func (id RequestorSchemeIdentifier) MarshalText() ([]byte, error)
- func (oi RequestorSchemeIdentifier) Name() string
- func (oi RequestorSchemeIdentifier) Parent() string
- func (oi RequestorSchemeIdentifier) PartsCount() int
- func (oi RequestorSchemeIdentifier) Root() string
- func (oi *RequestorSchemeIdentifier) Scan(src interface{}) error
- func (oi RequestorSchemeIdentifier) String() string
- func (oi *RequestorSchemeIdentifier) UnmarshalCBOR(data []byte) error
- func (id *RequestorSchemeIdentifier) UnmarshalText(text []byte) error
- func (oi RequestorSchemeIdentifier) Value() (driver.Value, error)
- type RequestorToken
- type RequiredAttributeMissingError
- type RevocationAttribute
- func (RevocationAttribute) GormDBDataType(db *gorm.DB, _ *schema.Field) string
- func (i *RevocationAttribute) MarshalCBOR() ([]byte, error)
- func (i *RevocationAttribute) Scan(src interface{}) error
- func (i *RevocationAttribute) UnmarshalCBOR(data []byte) error
- func (i *RevocationAttribute) Value() (driver.Value, error)
- type RevocationClient
- func (client RevocationClient) FetchUpdateFrom(id CredentialTypeIdentifier, pkcounter uint, from uint64) (*revocation.Update, error)
- func (client RevocationClient) FetchUpdateLatest(id CredentialTypeIdentifier, pkcounter uint, count uint64) (*revocation.Update, error)
- func (client RevocationClient) FetchUpdatesLatest(id CredentialTypeIdentifier, count uint64) (map[uint]*revocation.Update, error)
- func (client RevocationClient) PostIssuanceRecord(id CredentialTypeIdentifier, sk *gabikeys.PrivateKey, rec *IssuanceRecord, ...) error
- type RevocationJwt
- type RevocationKeys
- func (rs RevocationKeys) PrivateKey(issid IssuerIdentifier, counter uint) (*gabikeys.PrivateKey, error)
- func (rs RevocationKeys) PrivateKeyLatest(issid IssuerIdentifier) (*gabikeys.PrivateKey, error)
- func (rs RevocationKeys) PublicKey(issid IssuerIdentifier, counter uint) (*gabikeys.PublicKey, error)
- type RevocationRequest
- type RevocationSetting
- type RevocationSettings
- type RevocationStorage
- func (rs *RevocationStorage) Accumulator(id CredentialTypeIdentifier, pkCounter uint) (*revocation.SignedAccumulator, error)
- func (rs *RevocationStorage) AddIssuanceRecord(r *IssuanceRecord) error
- func (rs *RevocationStorage) AddUpdate(id CredentialTypeIdentifier, update *revocation.Update) error
- func (rs *RevocationStorage) Close() error
- func (rs *RevocationStorage) EnableRevocation(id CredentialTypeIdentifier, sk *gabikeys.PrivateKey) error
- func (rs *RevocationStorage) Events(id CredentialTypeIdentifier, pkcounter uint, from, to uint64) (*revocation.EventList, error)
- func (rs *RevocationStorage) Exists(id CredentialTypeIdentifier, counter uint) (bool, error)
- func (rs *RevocationStorage) IssuanceRecords(id CredentialTypeIdentifier, key string, issued time.Time) ([]*IssuanceRecord, error)
- func (rs *RevocationStorage) LatestUpdates(id CredentialTypeIdentifier, limit uint64, pkCounter *uint) (map[uint]*revocation.Update, error)
- func (rs *RevocationStorage) Load(debug bool, dbtype, connstr string, settings RevocationSettings) error
- func (rs *RevocationStorage) PostUpdate(id CredentialTypeIdentifier, update *revocation.Update)
- func (rs *RevocationStorage) Revoke(id CredentialTypeIdentifier, key string, issued time.Time) error
- func (rs *RevocationStorage) SaveIssuanceRecord(id CredentialTypeIdentifier, rec *IssuanceRecord, sk *gabikeys.PrivateKey) error
- func (rs *RevocationStorage) SetRevocationUpdates(b *BaseRequest) error
- func (rs *RevocationStorage) SyncDB(id CredentialTypeIdentifier) error
- func (rs *RevocationStorage) SyncIfOld(id CredentialTypeIdentifier, maxage uint64) error
- type Scheme
- type SchemeAppVersion
- type SchemeFileHash
- type SchemeManager
- type SchemeManagerError
- type SchemeManagerIdentifier
- func (oi SchemeManagerIdentifier) Empty() bool
- func (SchemeManagerIdentifier) GormDBDataType(db *gorm.DB, _ *schema.Field) string
- func (oi SchemeManagerIdentifier) MarshalCBOR() (data []byte, err error)
- func (id SchemeManagerIdentifier) MarshalText() ([]byte, error)
- func (oi SchemeManagerIdentifier) Name() string
- func (oi SchemeManagerIdentifier) Parent() string
- func (oi SchemeManagerIdentifier) PartsCount() int
- func (oi SchemeManagerIdentifier) Root() string
- func (oi *SchemeManagerIdentifier) Scan(src interface{}) error
- func (oi SchemeManagerIdentifier) String() string
- func (oi *SchemeManagerIdentifier) UnmarshalCBOR(data []byte) error
- func (id *SchemeManagerIdentifier) UnmarshalText(text []byte) error
- func (oi SchemeManagerIdentifier) Value() (driver.Value, error)
- type SchemeManagerIndex
- type SchemeManagerStatus
- type SchemePointer
- type SchemeType
- type ServerJwt
- type ServerSessionResponse
- type ServerStatus
- type ServiceProviderJwt
- func (claims *ServiceProviderJwt) Action() Action
- func (claims *ServiceProviderJwt) RequestorRequest() RequestorRequest
- func (claims *ServiceProviderJwt) SessionRequest() SessionRequest
- func (claims *ServiceProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
- func (claims *ServiceProviderJwt) Valid() error
- type ServiceProviderRequest
- type SessionError
- type SessionOptions
- type SessionRequest
- type SignatureRequest
- func (sr *SignatureRequest) Action() Action
- func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int
- func (sr *SignatureRequest) IsSignatureRequest() bool
- func (sr *SignatureRequest) Legacy() (SessionRequest, error)
- func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error)
- func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error)
- func (sr *SignatureRequest) Validate() error
- type SignatureRequestorJwt
- func (claims *SignatureRequestorJwt) Action() Action
- func (claims *SignatureRequestorJwt) RequestorRequest() RequestorRequest
- func (claims *SignatureRequestorJwt) SessionRequest() SessionRequest
- func (claims *SignatureRequestorJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
- func (claims *SignatureRequestorJwt) Valid() error
- type SignatureRequestorRequest
- type SignedMessage
- func (sm *SignedMessage) Disclosure() *Disclosure
- func (sm *SignedMessage) GetNonce() *big.Int
- func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool
- func (sm *SignedMessage) Verify(configuration *Configuration, request *SignatureRequest) ([][]*DisclosedAttribute, ProofStatus, error)
- func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error
- func (sm *SignedMessage) Version() int
- type Timestamp
- func (t Timestamp) After(u Timestamp) bool
- func (t Timestamp) Before(u Timestamp) bool
- func (t *Timestamp) Floor() Timestamp
- func (t Timestamp) IsZero() bool
- func (t *Timestamp) MarshalJSON() ([]byte, error)
- func (t *Timestamp) MarshalXML(e *xml.Encoder, start xml.StartElement) error
- func (t *Timestamp) String() string
- func (t Timestamp) Sub(u Timestamp) time.Duration
- func (t *Timestamp) UnmarshalJSON(b []byte) error
- func (t *Timestamp) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
- type TranslatedString
- type UnknownIdentifierError
- type Validator
Constants ¶
const ( MinVersionHeader = "X-IRMA-MinProtocolVersion" MaxVersionHeader = "X-IRMA-MaxProtocolVersion" AuthorizationHeader = "Authorization" )
const ( ClientStatusConnected = ClientStatus("connected") ClientStatusCommunicating = ClientStatus("communicating") ClientStatusManualStarted = ClientStatus("manualStarted") )
Client statuses
const ( ActionDisclosing = Action("disclosing") ActionSigning = Action("signing") ActionIssuing = Action("issuing") ActionRedirect = Action("redirect") ActionRevoking = Action("revoking") ActionUnknown = Action("unknown") )
Actions
const ( // Protocol version not supported ErrorProtocolVersionNotSupported = ErrorType("protocolVersionNotSupported") // Error in HTTP communication ErrorTransport = ErrorType("transport") // HTTPS required ErrorHTTPS = ErrorType("https") // Invalid client JWT in first IRMA message ErrorInvalidJWT = ErrorType("invalidJwt") // Unknown session type (not disclosing, signing, or issuing) ErrorUnknownAction = ErrorType("unknownAction") // Crypto error during calculation of our response (second IRMA message) ErrorCrypto = ErrorType("crypto") // Error involving revocation or nonrevocation proofs ErrorRevocation = ErrorType("revocation") // Our pairing attempt was rejected by the server ErrorPairingRejected = ErrorType("pairingRejected") // Server rejected our response (second IRMA message) ErrorRejected = ErrorType("rejected") // (De)serializing of a message failed ErrorSerialization = ErrorType("serialization") ErrorKeyshare = ErrorType("keyshare") ErrorKeyshareUnenrolled = ErrorType("keyshareUnenrolled") // API server error ErrorApi = ErrorType("api") // Server returned unexpected or malformed response ErrorServerResponse = ErrorType("serverResponse") // Credential type not present in our Configuration ErrorUnknownIdentifier = ErrorType("unknownIdentifier") // Non-optional attribute not present in credential ErrorRequiredAttributeMissing = ErrorType("requiredAttributeMissing") // Error during downloading of credential type, issuer, or public keys ErrorConfigurationDownload = ErrorType("configurationDownload") // IRMA requests refers to unknown scheme manager ErrorUnknownSchemeManager = ErrorType("unknownSchemeManager") // A session is requested involving a scheme manager that has some problem ErrorInvalidSchemeManager = ErrorType("invalidSchemeManager") // Invalid session request ErrorInvalidRequest = ErrorType("invalidRequest") // Recovered panic ErrorPanic = ErrorType("panic") // Error involving random blind attributes ErrorRandomBlind = ErrorType("randomblind") )
Protocol errors
const ( LDContextDisclosureRequest = "https://irma.app/ld/request/disclosure/v2" LDContextSignatureRequest = "https://irma.app/ld/request/signature/v2" LDContextIssuanceRequest = "https://irma.app/ld/request/issuance/v2" LDContextRevocationRequest = "https://irma.app/ld/request/revocation/v1" LDContextFrontendOptionsRequest = "https://irma.app/ld/request/frontendoptions/v1" LDContextClientSessionRequest = "https://irma.app/ld/request/client/v1" LDContextSessionOptions = "https://irma.app/ld/options/v1" DefaultJwtValidity = 120 )
const ( PairingMethodNone = "none" PairingMethodPin = "pin" )
const ( SchemeManagerStatusValid = SchemeManagerStatus("Valid") SchemeManagerStatusUnprocessed = SchemeManagerStatus("Unprocessed") SchemeManagerStatusInvalidIndex = SchemeManagerStatus("InvalidIndex") SchemeManagerStatusInvalidSignature = SchemeManagerStatus("InvalidSignature") SchemeManagerStatusParsingError = SchemeManagerStatus("ParsingError") SchemeManagerStatusContentParsingError = SchemeManagerStatus("ContentParsingError") SchemeTypeIssuer = SchemeType("issuer") SchemeTypeRequestor = SchemeType("requestor") )
const ( ProofStatusValid = ProofStatus("VALID") // Proof is valid ProofStatusInvalid = ProofStatus("INVALID") // Proof is invalid ProofStatusInvalidTimestamp = ProofStatus("INVALID_TIMESTAMP") // Attribute-based signature had invalid timestamp ProofStatusUnmatchedRequest = ProofStatus("UNMATCHED_REQUEST") // Proof does not correspond to a specified request ProofStatusMissingAttributes = ProofStatus("MISSING_ATTRIBUTES") // Proof does not contain all requested attributes ProofStatusExpired = ProofStatus("EXPIRED") // Attributes were expired at proof creation time (now, or according to timestamp in case of abs) AttributeProofStatusPresent = AttributeProofStatus("PRESENT") // Attribute is disclosed and matches the value AttributeProofStatusExtra = AttributeProofStatus("EXTRA") // Attribute is disclosed, but wasn't requested in request AttributeProofStatusNull = AttributeProofStatus("NULL") // Attribute is disclosed but is null )
const (
// ExpiryFactor is the precision for the expiry attribute. Value is one week.
ExpiryFactor = 60 * 60 * 24 * 7
)
const (
)const LDContextSignedMessage = "https://irma.app/ld/signature/v2"
const Version = "0.16.0"
Version of the IRMA command line and libraries
Variables ¶
var ( ErrRevocationStateNotFound = errors.New("revocation state not found") ErrUnknownRevocationKey = errors.New("unknown revocationKey") ErrorUnknownCredentialType = errors.New("unknown credential type") )
var DefaultSchemes = [2]SchemePointer{ { URL: "https://privacybydesign.foundation/schememanager/irma-demo", Publickey: []byte(`-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHVnmAY+kGkFZn7XXozdI4HY8GOjm 54ngh4chTfn6WsTCf2w5rprfIqML61z2VTE4k8yJ0Z1QbyW6cdaao8obTQ== -----END PUBLIC KEY-----`), }, { URL: "https://privacybydesign.foundation/schememanager/pbdf", Publickey: []byte(`-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELzHV5ipBimWpuZIDaQQd+KmNpNop dpBeCqpDwf+Grrw9ReODb6nwlsPJ/c/gqLnc+Y3sKOAJ2bFGI+jHBSsglg== -----END PUBLIC KEY-----`), }, }
var (
ErrMissingPrivateKey = fmt.Errorf("issuer private key not found: %w", os.ErrNotExist)
)
var ErrMissingPublicKey = errors.New("Missing public key")
var HTTPHeaders = map[string]http.Header{}
var Logger *logrus.Logger
Logger is used for logging. If not set, init() will initialize it to logrus.StandardLogger().
var RevocationParameters = struct { // DefaultUpdateEventCount specifies how many revocation events are attached to session requests // for the client to update its revocation state. DefaultUpdateEventCount uint64 // RequestorUpdateInterval is the time period in minutes for requestor servers // updating their revocation state at th RA. RequestorUpdateInterval int // DefaultTolerance is the default tolerance in seconds: nonrevocation should be proved // by clients up to maximally this amount of seconds ago at verification time. If not, the // server will report the time up until nonrevocation of the attribute is guaranteed to the requestor. DefaultTolerance uint64 // If server mode is enabled for a credential type, then once every so many seconds // the timestamp in each accumulator is updated to now. AccumulatorUpdateInterval int // DELETE issuance records of expired credential every so many minutes DeleteIssuanceRecordsInterval int // ClientUpdateInterval is the time interval with which the irmaclient periodically // retrieves a revocation update from the RA and updates its revocation state with a small but // increasing probability. ClientUpdateInterval int // ClientDefaultUpdateSpeed is the amount of time in hours after which it becomes very likely // that the app will update its witness, quickly after it has been opened. ClientDefaultUpdateSpeed uint64 // ClientUpdateTimeout is the amount of time in milliseconds that the irmaclient waits // for nonrevocation witness updating to complete, before it continues with the session even // if updating is not yet done (in which case the candidate set computed by the client // may contain credentials that were revoked by one of the requestor's update messages). ClientUpdateTimeout uint64 // Cache-control: max-age HTTP return header (in seconds) EventsCacheMaxAge uint64 UpdateMinCount uint64 UpdateMaxCount uint64 UpdateMinCountPower int UpdateMaxCountPower int }{ RequestorUpdateInterval: 10, DefaultTolerance: 10 * 60, AccumulatorUpdateInterval: 60, DeleteIssuanceRecordsInterval: 5 * 60, ClientUpdateInterval: 10, ClientDefaultUpdateSpeed: 7 * 24, ClientUpdateTimeout: 1000, UpdateMinCountPower: 4, UpdateMaxCountPower: 9, EventsCacheMaxAge: 60 * 60, }
RevocationParameters contains global revocation constants and default values.
Functions ¶
func ASN1ConvertSignatureNonce ¶
ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature:
nonce = SHA256(serverNonce, SHA256(message), timestampSignature)
where serverNonce is the nonce sent by the signature requestor.
func DefaultDataPath ¶ added in v0.5.0
func DefaultDataPath() string
DefaultDataPath returns the default storage path for IRMA, using XDG Base Directory Specification https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html:
- %LOCALAPPDATA% (i.e. C:\Users\$user\AppData\Local) if on Windows,
- $XDG_DATA_HOME if set, otherwise $HOME/.local/share
- $XDG_DATA_DIRS if set, otherwise /usr/local/share/ and /usr/share/
- then the OSes temp dir (os.TempDir()),
returning the first of these that exists or can be created.
func DefaultSchemesAssetsPath ¶ added in v0.13.3
func DefaultSchemesAssetsPath() string
DefaultSchemesAssetsPath returns the default storage path for irma_configuration assets, namely DefaultDataPath + "/irma_configuration_assets" if it exists. Otherwise, it returns the empty string.
func DefaultSchemesPath ¶ added in v0.5.0
func DefaultSchemesPath() string
DefaultSchemesPath returns the default storage path for irma_configuration, namely DefaultDataPath + "/irma_configuration"
func EnsureDefaultSchemesAssetsPathExists ¶ added in v0.13.3
func EnsureDefaultSchemesAssetsPathExists() string
EnsureDefaultSchemesAssetsPathExists ensures that the default storage path for irma_configuration assets exists and returns it.
func FloorToEpochBoundary ¶
FloorToEpochBoundary returns the greatest time not greater than the argument that falls on the boundary of an epoch for attribute validity or expiry, of which the value is defined by ExpiryFactor (one week).
func GetMetadataVersion ¶
func GetMetadataVersion(v *ProtocolVersion) byte
GetMetadataVersion maps a chosen protocol version to a metadata version that the server will use.
func GetTimestamp ¶
func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf *Configuration) (*atum.Timestamp, error)
GetTimestamp GETs a signed timestamp (a signature over the current time and the parameters) over the message to be signed, the randomized signatures over the attributes, and the disclosed attributes, for in attribute-based signature sessions.
func MarshalBinary ¶ added in v0.5.0
func ParseApiServerJwt ¶
func ParseApiServerJwt(inputJwt string, signingKey *rsa.PublicKey) (map[AttributeTypeIdentifier]*DisclosedAttribute, error)
ParseApiServerJwt verifies and parses a JWT as returned by an irma_api_server after a disclosure request into a key-value pair.
func SetTLSClientConfig ¶ added in v0.9.0
SetTLSClientConfig sets the TLS configuration being used for future outbound connections. A TLS configuration instance should not be modified after being set.
func SignRequestorRequest ¶
func SignRequestorRequest(request RequestorRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)
func SignSessionRequest ¶
func SignSessionRequest(request SessionRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)
func TimestampRequest ¶
func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, conf *Configuration) ( []byte, string, error)
TimestampRequest computes the nonce to be signed by a timestamp server, given a message to be signed in an attribute-based signature session along with the randomized signatures over the attributes and the disclosed attributes. The url of the timestamp server that should be used to validate the request is returned as the second return value.
func UnmarshalBinary ¶ added in v0.5.0
func UnmarshalValidate ¶
UnmarshalValidate json.Unmarshal's data, and validates it using the Validate() method if dest implements the Validator interface.
func UnmarshalValidateBinary ¶ added in v0.5.0
func WaitStatus ¶ added in v0.8.0
func WaitStatus(transport *HTTPTransport, initialStatus ServerStatus, statuschan chan ServerStatus, errorchan chan error)
func WaitStatusChanged ¶ added in v0.8.0
func WaitStatusChanged(transport *HTTPTransport, initialStatus ServerStatus, statuschan chan ServerStatus, errorchan chan error)
func WrapErrorPrefix ¶ added in v0.13.0
Types ¶
type AccumulatorRecord ¶ added in v0.5.0
type AccumulatorRecord struct { CredType CredentialTypeIdentifier `gorm:"primaryKey"` Data signedMessage PKCounter *uint `gorm:"primaryKey;autoIncrement:false"` }
AccumulatorRecord corresponds to SQL table rows to store accumulators using GORM.
func (*AccumulatorRecord) Convert ¶ added in v0.5.0
func (a *AccumulatorRecord) Convert(id CredentialTypeIdentifier, sacc *revocation.SignedAccumulator) *AccumulatorRecord
Convert converts a revocation.SignedAccumulator to an AccumulatorRecord.
func (*AccumulatorRecord) SignedAccumulator ¶ added in v0.5.0
func (a *AccumulatorRecord) SignedAccumulator() *revocation.SignedAccumulator
SignedAccumulator converts a AccumulatorRecord to a revocation.SignedAccumulator. Note: the Accumulator field in SignedAccumulator is not initialized yet. Use the UnmarshalVerify method for this.
type Action ¶
type Action string
Action encodes the session type of an IRMA session (e.g., disclosing).
type AttributeCon ¶ added in v0.3.0
type AttributeCon []AttributeRequest
An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.
func (AttributeCon) CredentialTypes ¶ added in v0.3.0
func (c AttributeCon) CredentialTypes() []CredentialTypeIdentifier
CredentialTypes returns an array of all credential types occurring in this conjunction.
func (AttributeCon) Satisfy ¶ added in v0.3.0
func (c AttributeCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, revocation map[int]*time.Time, conf *Configuration) (bool, []*DisclosedAttribute, error)
Satisfy returns if each of the attributes specified by proofs and indices satisfies each of the contained AttributeRequests's. If so it also returns a list of the disclosed attribute values.
func (AttributeCon) Validate ¶ added in v0.3.0
func (c AttributeCon) Validate() error
type AttributeConDisCon ¶ added in v0.3.0
type AttributeConDisCon []AttributeDisCon
AttributeConDisCon is only satisfied if all of the containing AttributeDisCon are satisfied.
func (AttributeConDisCon) Iterate ¶ added in v0.3.0
func (cdc AttributeConDisCon) Iterate(f func(attr *AttributeRequest) error) error
func (AttributeConDisCon) Satisfy ¶ added in v0.3.0
func (cdc AttributeConDisCon) Satisfy(disclosure *Disclosure, revocation map[int]*time.Time, conf *Configuration) (bool, [][]*DisclosedAttribute, error)
Satisfy returns true if each of the contained AttributeDisCon is satisfied by the specified disclosure. If so it also returns the disclosed attributes.
func (AttributeConDisCon) Validate ¶ added in v0.3.0
func (cdc AttributeConDisCon) Validate(conf *Configuration) error
type AttributeDisCon ¶ added in v0.3.0
type AttributeDisCon []AttributeCon
An AttributeDisCon is satisfied if at least one of its containing AttributeCon is satisfied.
func (AttributeDisCon) Satisfy ¶ added in v0.3.0
func (dc AttributeDisCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, revocation map[int]*time.Time, conf *Configuration) (bool, []*DisclosedAttribute, error)
Satisfy returns true if the attributes specified by proofs and indices satisfies any one of the contained AttributeCon's. If so it also returns a list of the disclosed attribute values.
func (AttributeDisCon) Validate ¶ added in v0.3.0
func (dc AttributeDisCon) Validate() error
type AttributeIdentifier ¶
type AttributeIdentifier struct { Type AttributeTypeIdentifier CredentialHash string }
AttributeIdentifier identifies an attribute instance.
func (*AttributeIdentifier) CredentialIdentifier ¶
func (ai *AttributeIdentifier) CredentialIdentifier() CredentialIdentifier
CredentialIdentifier returns the credential identifier of this attribute.
type AttributeList ¶
type AttributeList struct { *MetadataAttribute `json:"-"` Ints []*big.Int Revoked bool `json:",omitempty"` RevocationSupported bool `json:",omitempty"` // contains filtered or unexported fields }
AttributeList contains attributes, excluding the secret key, providing convenient access to the metadata attribute.
func NewAttributeListFromInts ¶
func NewAttributeListFromInts(ints []*big.Int, conf *Configuration) *AttributeList
NewAttributeListFromInts initializes a new AttributeList from a list of bigints.
func (*AttributeList) Attribute ¶
func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) TranslatedString
Attribute returns the content of the specified attribute, or nil if not present in this attribute list.
func (*AttributeList) CredentialInfo ¶ added in v0.5.0
func (al *AttributeList) CredentialInfo() *CredentialInfo
func (*AttributeList) EqualsExceptMetadata ¶ added in v0.5.0
func (al *AttributeList) EqualsExceptMetadata(ol *AttributeList) bool
EqualsExceptMetadata checks whether two AttributeLists have the same attribute values. The attribute containing the metadata information is skipped in this check.
func (*AttributeList) Hash ¶
func (al *AttributeList) Hash() string
func (*AttributeList) Info ¶
func (al *AttributeList) Info() *CredentialInfo
func (*AttributeList) Map ¶
func (al *AttributeList) Map() map[AttributeTypeIdentifier]TranslatedString
func (*AttributeList) Strings ¶
func (al *AttributeList) Strings() []TranslatedString
Strings converts the current instance to human-readable strings.
func (*AttributeList) UntranslatedAttribute ¶
func (al *AttributeList) UntranslatedAttribute(identifier AttributeTypeIdentifier) *string
UntranslatedAttribute decodes the bigint corresponding to the specified attribute.
type AttributeProofStatus ¶
type AttributeProofStatus string
AttributeProofStatus is the proof status of a single attribute
type AttributeRequest ¶ added in v0.3.0
type AttributeRequest struct { Type AttributeTypeIdentifier `json:"type"` Value *string `json:"value,omitempty"` NotNull bool `json:"notNull,omitempty"` }
An AttributeRequest asks for an instance of an attribute type, possibly requiring it to have a specified value, in a session request.
func NewAttributeRequest ¶ added in v0.3.0
func NewAttributeRequest(attr string) AttributeRequest
NewAttributeRequest requests the specified attribute.
func (*AttributeRequest) MarshalJSON ¶ added in v0.3.0
func (ar *AttributeRequest) MarshalJSON() ([]byte, error)
func (*AttributeRequest) Satisfy ¶ added in v0.3.0
func (ar *AttributeRequest) Satisfy(attr AttributeTypeIdentifier, val *string) bool
Satisfy indicates whether the given attribute type and value satisfies this AttributeRequest.
func (*AttributeRequest) UnmarshalJSON ¶ added in v0.3.0
func (ar *AttributeRequest) UnmarshalJSON(bts []byte) error
type AttributeType ¶
type AttributeType struct { ID string `xml:"id,attr"` Optional string `xml:"optional,attr" json:",omitempty"` Name TranslatedString Description TranslatedString RandomBlind bool `xml:"randomblind,attr,omitempty" json:",omitempty"` Index int `xml:"-"` DisplayIndex *int `xml:"displayIndex,attr" json:",omitempty"` DisplayHint string `xml:"displayHint,attr" json:",omitempty"` RevocationAttribute bool `xml:"revocation,attr" json:",omitempty"` // Taken from containing CredentialType CredentialTypeID string `xml:"-"` IssuerID string `xml:"-"` SchemeManagerID string `xml:"-"` }
AttributeType is a description of an attribute within a credential type.
func (AttributeType) GetAttributeTypeIdentifier ¶
func (ad AttributeType) GetAttributeTypeIdentifier() AttributeTypeIdentifier
func (AttributeType) IsOptional ¶
func (ad AttributeType) IsOptional() bool
type AttributeTypeIdentifier ¶
type AttributeTypeIdentifier struct {
// contains filtered or unexported fields
}
AttributeTypeIdentifier identifies an attribute. For example "irma-demo.RU.studentCard.studentID".
func NewAttributeTypeIdentifier ¶
func NewAttributeTypeIdentifier(id string) AttributeTypeIdentifier
NewAttributeTypeIdentifier converts the specified identifier to a AttributeTypeIdentifier.
func (AttributeTypeIdentifier) CredentialTypeIdentifier ¶
func (id AttributeTypeIdentifier) CredentialTypeIdentifier() CredentialTypeIdentifier
CredentialTypeIdentifier returns the CredentialTypeIdentifier of the attribute identifier.
func (AttributeTypeIdentifier) GormDBDataType ¶ added in v0.13.0
GormDBDataType implements the gorm.io/gorm/migrator GormDataTypeInterface interface.
func (AttributeTypeIdentifier) IsCredential ¶
func (id AttributeTypeIdentifier) IsCredential() bool
IsCredential returns true if this attribute refers to its containing credential (i.e., it consists of only 3 parts).
func (AttributeTypeIdentifier) MarshalCBOR ¶ added in v0.5.0
func (AttributeTypeIdentifier) MarshalText ¶
func (id AttributeTypeIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (AttributeTypeIdentifier) Name ¶
func (oi AttributeTypeIdentifier) Name() string
Name returns the last part of this identifier.
func (AttributeTypeIdentifier) Parent ¶
func (oi AttributeTypeIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (AttributeTypeIdentifier) PartsCount ¶ added in v0.9.0
func (oi AttributeTypeIdentifier) PartsCount() int
func (*AttributeTypeIdentifier) Scan ¶ added in v0.5.0
func (oi *AttributeTypeIdentifier) Scan(src interface{}) error
Scan implements sql/driver Scanner interface.
func (AttributeTypeIdentifier) String ¶
func (oi AttributeTypeIdentifier) String() string
String returns this identifier as a string.
func (*AttributeTypeIdentifier) UnmarshalCBOR ¶ added in v0.5.0
func (*AttributeTypeIdentifier) UnmarshalText ¶
func (id *AttributeTypeIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type BaseRequest ¶
type BaseRequest struct { LDContext string `json:"@context,omitempty"` // Set by the IRMA server during the session Context *big.Int `json:"context,omitempty"` Nonce *big.Int `json:"nonce,omitempty"` ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"` // Revocation is set by the requestor to indicate that it requires nonrevocation proofs for the // specified credential types. Revocation NonRevocationParameters `json:"revocation,omitempty"` Type Action `json:"type,omitempty"` // Session type, only used in legacy code DevelopmentMode bool `json:"devMode,omitempty"` ClientReturnURL string `json:"clientReturnUrl,omitempty"` // URL to proceed to when IRMA session is completed AugmentReturnURL bool `json:"augmentReturnUrl,omitempty"` // Whether to augment the return url with the server session token Host string `json:"host,omitempty"` // Host to use in the IRMA session QR // contains filtered or unexported fields }
BaseRequest contains information used by all IRMA session types, such the context and nonce, and revocation information.
func (*BaseRequest) GetContext ¶ added in v0.3.0
func (b *BaseRequest) GetContext() *big.Int
func (*BaseRequest) GetNonce ¶ added in v0.3.0
func (b *BaseRequest) GetNonce(*atum.Timestamp) *big.Int
func (*BaseRequest) Legacy ¶ added in v0.3.0
func (b *BaseRequest) Legacy() bool
func (*BaseRequest) RequestsRevocation ¶ added in v0.5.0
func (b *BaseRequest) RequestsRevocation(id CredentialTypeIdentifier) bool
RequestsRevocation indicates whether or not the requestor requires a nonrevocation proof for the given credential type; that is, whether or not it included revocation update messages.
func (*BaseRequest) RevocationSupported ¶ added in v0.5.0
func (b *BaseRequest) RevocationSupported() bool
func (*BaseRequest) Validate ¶ added in v0.5.0
func (b *BaseRequest) Validate(conf *Configuration) error
type ClientSessionRequest ¶ added in v0.8.0
type ClientSessionRequest struct { LDContext string `json:"@context,omitempty"` ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"` Options *SessionOptions `json:"options,omitempty"` Request SessionRequest `json:"request,omitempty"` }
ClientSessionRequest contains all information irmaclient needs to know to initiate a session.
func (*ClientSessionRequest) UnmarshalJSON ¶ added in v0.8.0
func (cr *ClientSessionRequest) UnmarshalJSON(data []byte) error
func (*ClientSessionRequest) Validate ¶ added in v0.8.0
func (cr *ClientSessionRequest) Validate() error
type ClientStatus ¶ added in v0.8.0
type ClientStatus string
ClientStatus encodes the client status of an IRMA session (e.g., connected).
type ClientToken ¶ added in v0.8.0
type ClientToken string
ClientToken identifies a session from the perspective of the client.
func ParseClientToken ¶ added in v0.9.0
func ParseClientToken(input string) (ClientToken, error)
ParseClientToken parses a string to a ClientToken after validating the input.
type Configuration ¶
type Configuration struct { SchemeManagers map[SchemeManagerIdentifier]*SchemeManager Issuers map[IssuerIdentifier]*Issuer CredentialTypes map[CredentialTypeIdentifier]*CredentialType AttributeTypes map[AttributeTypeIdentifier]*AttributeType // RequestorScheme data of the currently loaded requestorscheme RequestorSchemes map[RequestorSchemeIdentifier]*RequestorScheme Requestors map[string]*RequestorInfo IssueWizards map[IssueWizardIdentifier]*IssueWizard // DisabledRequestorSchemes keeps track of any error of the requestorscheme if it // did not parse successfully DisabledRequestorSchemes map[RequestorSchemeIdentifier]*SchemeManagerError // DisabledSchemeManagers keeps track of schemes that did not parse successfully // (i.e., invalid signature, parsing error), and the problem that occurred when parsing them DisabledSchemeManagers map[SchemeManagerIdentifier]*SchemeManagerError // Listeners for configuration changes from initialization and updating of the schemes UpdateListeners []ConfigurationListener // Path to the irma_configuration folder that this instance represents Path string PrivateKeys PrivateKeyRing Revocation *RevocationStorage `json:"-"` Scheduler *gocron.Scheduler Warnings []string `json:"-"` // contains filtered or unexported fields }
Configuration keeps track of schemes, issuers, credential types and public keys, dezerializing them from an irma_configuration folder, and downloads and saves new ones on demand.
func NewConfiguration ¶
func NewConfiguration(path string, opts ConfigurationOptions) (conf *Configuration, err error)
NewConfiguration returns a new configuration. After this ParseFolder() should be called to parse the specified path.
func (*Configuration) AddPrivateKeyRing ¶ added in v0.5.0
func (conf *Configuration) AddPrivateKeyRing(ring PrivateKeyRing) error
func (*Configuration) AutoUpdateSchemes ¶
func (conf *Configuration) AutoUpdateSchemes(interval int) error
func (*Configuration) CallListeners ¶ added in v0.8.0
func (conf *Configuration) CallListeners()
func (*Configuration) ContainsAttributeType ¶ added in v0.3.0
func (conf *Configuration) ContainsAttributeType(attr AttributeTypeIdentifier) bool
func (*Configuration) ContainsCredentialType ¶ added in v0.3.0
func (conf *Configuration) ContainsCredentialType(cred CredentialTypeIdentifier) bool
ContainsCredentialType checks if the configuration contains the specified credential type.
func (*Configuration) DangerousDeleteScheme ¶ added in v0.11.0
func (conf *Configuration) DangerousDeleteScheme(scheme Scheme) error
DangerousDeleteScheme deletes the given scheme from the configuration. Be aware: this action is dangerous when the scheme is still in use.
func (*Configuration) DangerousTOFUInstallScheme ¶ added in v0.6.0
func (conf *Configuration) DangerousTOFUInstallScheme(url string) error
DangerousTOFUInstallScheme downloads and adds the specified scheme to this Configuration, downloading and trusting its public key from the scheme's remote URL. Limitation: when this function is stopped unexpectedly (i.e. a panic or a sigint takes place), the scheme directory might get in an inconsistent state.
func (*Configuration) Download ¶
func (conf *Configuration) Download(session SessionRequest) (downloaded *IrmaIdentifierSet, err error)
Download downloads the issuers, credential types and public keys specified in set if the current Configuration does not already have them, and checks their authenticity using the scheme index.
func (*Configuration) DownloadDefaultSchemes ¶
func (conf *Configuration) DownloadDefaultSchemes() error
DownloadDefaultSchemes downloads and adds the default schemes to this Configuration. When an error occurs, this function will revert its changes. Limitation: when this function is stopped unexpectedly (i.e. a panic or a sigint takes place), the scheme directory might get in an inconsistent state.
func (*Configuration) InstallScheme ¶ added in v0.6.0
func (conf *Configuration) InstallScheme(url string, publickey []byte) error
InstallScheme downloads and adds the specified scheme to this Configuration, provided its signature is valid against the specified key. When an error occurs, this function will revert its changes. Limitation: when this function is stopped unexpectedly (i.e. a panic or a sigint takes place), the scheme directory might get in an inconsistent state.
func (*Configuration) IsInAssets ¶ added in v0.15.1
func (conf *Configuration) IsInAssets(scheme Scheme) (bool, error)
func (*Configuration) IsInitialized ¶
func (conf *Configuration) IsInitialized() bool
IsInitialized indicates whether this instance has successfully been initialized.
func (*Configuration) KeyshareServerKeyFunc ¶
func (conf *Configuration) KeyshareServerKeyFunc(scheme SchemeManagerIdentifier) func(t *jwt.Token) (interface{}, error)
KeyshareServerKeyFunc returns a function that returns the public key with which to verify a keyshare server JWT, suitable for passing to jwt.Parse() and jwt.ParseWithClaims().
func (*Configuration) KeyshareServerPublicKey ¶
func (conf *Configuration) KeyshareServerPublicKey(schemeid SchemeManagerIdentifier, i int) (*rsa.PublicKey, error)
KeyshareServerPublicKey returns the i'th public key of the specified scheme.
func (*Configuration) ParseFolder ¶
func (conf *Configuration) ParseFolder() (err error)
ParseFolder populates the current Configuration by parsing the storage path, listing the containing schemes, issuers and credential types.
func (*Configuration) ParseOrRestoreFolder ¶
func (conf *Configuration) ParseOrRestoreFolder() (rerr error)
ParseOrRestoreFolder parses the irma_configuration folder, and when possible attempts to restore any broken schemes from their remote. Any error encountered during parsing is considered recoverable only if it is of type *SchemeManagerError; In this case the scheme in which it occurred is downloaded from its remote and re-parsed. If any other error is encountered at any time, it is returned immediately. If no error is returned, parsing and possibly restoring has been successful, and there should be no disabled schemes.
func (*Configuration) ParseSchemeFolder ¶ added in v0.6.0
func (conf *Configuration) ParseSchemeFolder(dir string) (scheme Scheme, serr error)
func (*Configuration) PublicKey ¶
func (conf *Configuration) PublicKey(id IssuerIdentifier, counter uint) (*gabikeys.PublicKey, error)
PublicKey returns the specified public key, or nil if not present in the Configuration.
func (*Configuration) PublicKeyIndices ¶
func (conf *Configuration) PublicKeyIndices(issuerid IssuerIdentifier) (i []uint, err error)
func (*Configuration) PublicKeyLatest ¶ added in v0.5.0
func (conf *Configuration) PublicKeyLatest(id IssuerIdentifier) (*gabikeys.PublicKey, error)
PublicKeyLatest returns the latest private key of the specified issuer.
func (*Configuration) UpdateScheme ¶ added in v0.6.0
func (conf *Configuration) UpdateScheme(scheme Scheme, downloaded *IrmaIdentifierSet) error
UpdateScheme syncs the stored version within the irma_configuration directory with the remote version at the scheme's URL, downloading and storing new and modified files, according to the index files of both versions. It stores the identifiers of new or updated entities in the second parameter.
func (*Configuration) UpdateSchemes ¶ added in v0.3.0
func (conf *Configuration) UpdateSchemes() error
func (*Configuration) ValidateKeys ¶ added in v0.3.0
func (conf *Configuration) ValidateKeys() error
type ConfigurationListener ¶ added in v0.8.0
type ConfigurationListener func(conf *Configuration)
ConfigurationListener are the interface provided to react to changes in schemes.
type ConfigurationOptions ¶ added in v0.5.0
type CredentialDependencies ¶ added in v0.8.0
type CredentialDependencies [][][]CredentialTypeIdentifier
CredentialDependencies contains dependencies on credential types, using condiscon: a conjunction of disjunctions of conjunctions of credential types.
func (*CredentialDependencies) UnmarshalXML ¶ added in v0.8.0
func (deps *CredentialDependencies) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
func (CredentialDependencies) WizardContents ¶ added in v0.8.0
func (deps CredentialDependencies) WizardContents() IssueWizardContents
type CredentialIdentifier ¶
type CredentialIdentifier struct { Type CredentialTypeIdentifier Hash string }
CredentialIdentifier identifies a credential instance.
type CredentialInfo ¶
type CredentialInfo struct { ID string // e.g., "studentCard" IssuerID string // e.g., "RU" SchemeManagerID string // e.g., "irma-demo" SignedOn Timestamp // Unix timestamp Expires Timestamp // Unix timestamp Attributes map[AttributeTypeIdentifier]TranslatedString // Human-readable rendered attributes Hash string // SHA256 hash over the attributes Revoked bool // If the credential has been revoked RevocationSupported bool // If the credential supports creating nonrevocation proofs }
CredentialInfo contains all information of an IRMA credential.
func (CredentialInfo) GetCredentialType ¶
func (ci CredentialInfo) GetCredentialType(conf *Configuration) *CredentialType
func (CredentialInfo) Identifier ¶ added in v0.8.0
func (ci CredentialInfo) Identifier() CredentialTypeIdentifier
func (CredentialInfo) IsExpired ¶
func (ci CredentialInfo) IsExpired() bool
IsExpired returns true if credential is expired at moment of calling this function
type CredentialInfoList ¶
type CredentialInfoList []*CredentialInfo
A CredentialInfoList is a list of credentials (implements sort.Interface).
func (CredentialInfoList) Len ¶
func (cl CredentialInfoList) Len() int
Len implements sort.Interface.
func (CredentialInfoList) Less ¶
func (cl CredentialInfoList) Less(i, j int) bool
Less implements sort.Interface.
func (CredentialInfoList) Swap ¶
func (cl CredentialInfoList) Swap(i, j int)
Swap implements sort.Interface.
type CredentialRequest ¶
type CredentialRequest struct { Validity *Timestamp `json:"validity,omitempty"` KeyCounter uint `json:"keyCounter,omitempty"` CredentialTypeID CredentialTypeIdentifier `json:"credential"` Attributes map[string]string `json:"attributes"` RevocationKey string `json:"revocationKey,omitempty"` RevocationSupported bool `json:"revocationSupported,omitempty"` RandomBlindAttributeTypeIDs []string `json:"randomblindIDs,omitempty"` }
A CredentialRequest contains the attributes and metadata of a credential that will be issued in an IssuanceRequest.
func (*CredentialRequest) AttributeList ¶
func (cr *CredentialRequest) AttributeList( conf *Configuration, metadataVersion byte, revocationAttr *big.Int, issuedAt time.Time, ) (*AttributeList, error)
AttributeList returns the list of attributes from this credential request.
func (*CredentialRequest) Info ¶
func (cr *CredentialRequest) Info(conf *Configuration, metadataVersion byte, issuedAt time.Time) (*CredentialInfo, error)
func (*CredentialRequest) PublicKeyIdentifier ¶ added in v0.14.0
func (cr *CredentialRequest) PublicKeyIdentifier() PublicKeyIdentifier
func (*CredentialRequest) Validate ¶
func (cr *CredentialRequest) Validate(conf *Configuration) error
Validate checks that this credential request is consistent with the specified Configuration: the credential type is known, all required attributes are present and no unknown attributes are given.
type CredentialType ¶
type CredentialType struct { ID string `xml:"CredentialID"` Name TranslatedString `xml:"Name"` IssuerID string `xml:"IssuerID"` SchemeManagerID string `xml:"SchemeManager"` IsSingleton bool `xml:"ShouldBeSingleton"` DisallowDelete bool `xml:"DisallowDelete"` Description TranslatedString AttributeTypes []*AttributeType `xml:"Attributes>Attribute" json:"-"` RevocationServers []string `xml:"RevocationServers>RevocationServer"` RevocationUpdateCount uint64 RevocationUpdateSpeed uint64 RevocationIndex int `xml:"-"` Languages []string `xml:"Languages>Language"` XMLVersion int `xml:"version,attr"` XMLName xml.Name `xml:"IssueSpecification"` IssueURL *TranslatedString `xml:"IssueURL"` IsULIssueURL bool `xml:"IsULIssueURL"` DeprecatedSince Timestamp Dependencies CredentialDependencies ForegroundColor string BackgroundGradientStart string BackgroundGradientEnd string IsInCredentialStore bool Category *TranslatedString FAQIntro *TranslatedString FAQPurpose *TranslatedString FAQContent *TranslatedString FAQHowto *TranslatedString FAQSummary *TranslatedString }
CredentialType is a description of a credential type, specifying (a.o.) its name, issuer, and attributes.
func (CredentialType) AttributeType ¶
func (ct CredentialType) AttributeType(ai AttributeTypeIdentifier) *AttributeType
func (*CredentialType) ContainsAttribute ¶
func (ct *CredentialType) ContainsAttribute(ai AttributeTypeIdentifier) bool
ContainsAttribute tests whether the specified attribute is contained in this credentialtype.
func (*CredentialType) Identifier ¶
func (ct *CredentialType) Identifier() CredentialTypeIdentifier
Identifier returns the identifier of the specified credential type.
func (CredentialType) IndexOf ¶
func (ct CredentialType) IndexOf(ai AttributeTypeIdentifier) (int, error)
IndexOf returns the index of the specified attribute if present, or an error (and -1) if not present.
func (*CredentialType) IssuerIdentifier ¶
func (ct *CredentialType) IssuerIdentifier() IssuerIdentifier
IssuerIdentifier returns the issuer identifier of the specified credential type.
func (*CredentialType) Logo ¶
func (ct *CredentialType) Logo(conf *Configuration) string
func (*CredentialType) RandomBlindAttributeIndices ¶ added in v0.6.0
func (ct *CredentialType) RandomBlindAttributeIndices() []int
RandomBlindAttributeIndices returns indices of random blind attributes within this credentialtype The indices coincide with indices of an AttributeList (metadataAttribute at index 0)
func (*CredentialType) RandomBlindAttributeNames ¶ added in v0.6.0
func (ct *CredentialType) RandomBlindAttributeNames() []string
func (*CredentialType) RevocationSupported ¶ added in v0.5.0
func (ct *CredentialType) RevocationSupported() bool
func (*CredentialType) SchemeManagerIdentifier ¶
func (ct *CredentialType) SchemeManagerIdentifier() SchemeManagerIdentifier
type CredentialTypeIdentifier ¶
type CredentialTypeIdentifier struct {
// contains filtered or unexported fields
}
CredentialTypeIdentifier identifies a credentialtype. For example "irma-demo.RU.studentCard".
func NewCredentialTypeIdentifier ¶
func NewCredentialTypeIdentifier(id string) CredentialTypeIdentifier
NewCredentialTypeIdentifier converts the specified identifier to a CredentialTypeIdentifier.
func (CredentialTypeIdentifier) GormDBDataType ¶ added in v0.13.0
GormDBDataType implements the gorm.io/gorm/migrator GormDataTypeInterface interface.
func (CredentialTypeIdentifier) IssuerIdentifier ¶
func (id CredentialTypeIdentifier) IssuerIdentifier() IssuerIdentifier
IssuerIdentifier returns the IssuerIdentifier of the credential identifier.
func (CredentialTypeIdentifier) MarshalCBOR ¶ added in v0.5.0
func (CredentialTypeIdentifier) MarshalText ¶
func (id CredentialTypeIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (CredentialTypeIdentifier) Name ¶
func (oi CredentialTypeIdentifier) Name() string
Name returns the last part of this identifier.
func (CredentialTypeIdentifier) Parent ¶
func (oi CredentialTypeIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (CredentialTypeIdentifier) PartsCount ¶ added in v0.9.0
func (oi CredentialTypeIdentifier) PartsCount() int
func (*CredentialTypeIdentifier) Scan ¶ added in v0.5.0
func (oi *CredentialTypeIdentifier) Scan(src interface{}) error
Scan implements sql/driver Scanner interface.
func (CredentialTypeIdentifier) SchemeManagerIdentifier ¶ added in v0.8.0
func (id CredentialTypeIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier
func (CredentialTypeIdentifier) String ¶
func (oi CredentialTypeIdentifier) String() string
String returns this identifier as a string.
func (*CredentialTypeIdentifier) UnmarshalCBOR ¶ added in v0.5.0
func (*CredentialTypeIdentifier) UnmarshalText ¶
func (id *CredentialTypeIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type DependencyChain ¶ added in v0.8.0
type DependencyChain []CredentialTypeIdentifier
func (DependencyChain) String ¶ added in v0.8.0
func (d DependencyChain) String() string
type DisclosedAttribute ¶
type DisclosedAttribute struct { RawValue *string `json:"rawvalue"` Value TranslatedString `json:"value"` // Value of the disclosed attribute Identifier AttributeTypeIdentifier `json:"id"` Status AttributeProofStatus `json:"status"` IssuanceTime Timestamp `json:"issuancetime"` NotRevoked bool `json:"notrevoked,omitempty"` NotRevokedBefore *Timestamp `json:"notrevokedbefore,omitempty"` }
DisclosedAttribute represents a disclosed attribute.
type DisclosedAttributeIndex ¶
type DisclosedAttributeIndex struct { CredentialIndex int `json:"cred"` AttributeIndex int `json:"attr"` Identifier CredentialIdentifier `json:"-"` // credential from which this attribute was disclosed }
DisclosedAttributeIndex points to a specific attribute in a gabi.ProofList.
type DisclosedAttributeIndices ¶
type DisclosedAttributeIndices [][]*DisclosedAttributeIndex
DisclosedAttributeIndices contains, for each conjunction of an attribute disclosure request, a list of attribute indices, pointing to where the disclosed attributes for that conjunction can be found within a gabi.ProofList.
type Disclosure ¶
type Disclosure struct { Proofs gabi.ProofList `json:"proofs"` Indices DisclosedAttributeIndices `json:"indices"` }
func (*Disclosure) DisclosedAttributes ¶
func (d *Disclosure) DisclosedAttributes(configuration *Configuration, condiscon AttributeConDisCon, revtimes map[int]*time.Time) (bool, [][]*DisclosedAttribute, error)
DisclosedAttributes returns a slice containing for each item in the conjunction the disclosed attributes that are present in the proof list. If a non-empty and non-nil AttributeDisjunctionList is included, then the first attributes in the returned slice match with the disjunction list in the disjunction list. The first return parameter of this function indicates whether or not all disjunctions (if present) are satisfied.
func (*Disclosure) Verify ¶
func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error)
func (*Disclosure) VerifyAgainstRequest ¶ added in v0.5.0
func (d *Disclosure) VerifyAgainstRequest( configuration *Configuration, request SessionRequest, context, nonce *big.Int, publickeys []*gabikeys.PublicKey, validAt *time.Time, issig bool, ) ([][]*DisclosedAttribute, ProofStatus, error)
type DisclosureChoice ¶
type DisclosureChoice struct {
Attributes [][]*AttributeIdentifier
}
A DisclosureChoice contains the attributes chosen to be disclosed.
func (*DisclosureChoice) Validate ¶ added in v0.5.0
func (choice *DisclosureChoice) Validate() error
type DisclosureRequest ¶
type DisclosureRequest struct { BaseRequest Disclose AttributeConDisCon `json:"disclose,omitempty"` Labels map[int]TranslatedString `json:"labels,omitempty"` SkipExpiryCheck []CredentialTypeIdentifier `json:"skipExpiryCheck,omitempty"` }
A DisclosureRequest is a request to disclose certain attributes. Construct new instances using NewDisclosureRequest().
func NewDisclosureRequest ¶ added in v0.3.0
func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest
func (*DisclosureRequest) Action ¶
func (dr *DisclosureRequest) Action() Action
func (*DisclosureRequest) AddSingle ¶ added in v0.3.0
func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *string, label TranslatedString)
func (*DisclosureRequest) Base ¶ added in v0.3.0
func (dr *DisclosureRequest) Base() *BaseRequest
func (*DisclosureRequest) Disclosure ¶ added in v0.3.0
func (dr *DisclosureRequest) Disclosure() *DisclosureRequest
func (*DisclosureRequest) Identifiers ¶
func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet
func (*DisclosureRequest) IsDisclosureRequest ¶ added in v0.5.0
func (dr *DisclosureRequest) IsDisclosureRequest() bool
func (*DisclosureRequest) Legacy ¶ added in v0.3.0
func (dr *DisclosureRequest) Legacy() (SessionRequest, error)
func (*DisclosureRequest) UnmarshalJSON ¶ added in v0.3.0
func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error)
func (*DisclosureRequest) Validate ¶
func (dr *DisclosureRequest) Validate() error
type EventRecord ¶ added in v0.5.0
type EventRecord struct { Index *uint64 `gorm:"primaryKey;column:eventindex;autoIncrement:false"` CredType CredentialTypeIdentifier `gorm:"primaryKey"` PKCounter *uint `gorm:"primaryKey;autoIncrement:false"` E *RevocationAttribute ParentHash eventHash }
EventRecord corresponds to SQL table rows to store revocation events using GORM.
func (*EventRecord) Convert ¶ added in v0.5.0
func (e *EventRecord) Convert(id CredentialTypeIdentifier, pkcounter uint, event *revocation.Event) *EventRecord
Convert converts a revocation.Event to a EventRecord.
func (*EventRecord) Event ¶ added in v0.5.0
func (e *EventRecord) Event() *revocation.Event
Event converts a EventRecord to a revocation.Event.
type ExpiredError ¶
type ExpiredError struct {
Err error // underlying error
}
ExpiredError indicates that something (e.g. a JWT) has expired.
func (ExpiredError) Error ¶
func (e ExpiredError) Error() string
type FrontendAuthorization ¶ added in v0.8.0
type FrontendAuthorization string
Authorization headers
type FrontendOptionsRequest ¶ added in v0.8.0
type FrontendOptionsRequest struct { LDContext string `json:"@context,omitempty"` PairingMethod PairingMethod `json:"pairingMethod"` }
An FrontendOptionsRequest asks for a options change of a particular session.
func NewFrontendOptionsRequest ¶ added in v0.8.0
func NewFrontendOptionsRequest() FrontendOptionsRequest
NewFrontendOptionsRequest returns a new options request initialized with default values for each option
func (*FrontendOptionsRequest) Validate ¶ added in v0.8.0
func (or *FrontendOptionsRequest) Validate() error
type FrontendSessionRequest ¶ added in v0.8.0
type FrontendSessionRequest struct { // Authorization token to access frontend endpoints. Authorization FrontendAuthorization `json:"authorization"` // PairingRecommended indictes to the frontend that pairing is recommended when starting the session. PairingRecommended bool `json:"pairingHint,omitempty"` // MinProtocolVersion that the server supports for the frontend protocol. MinProtocolVersion *ProtocolVersion `json:"minProtocolVersion"` // MaxProtocolVersion that the server supports for the frontend protocol. MaxProtocolVersion *ProtocolVersion `json:"maxProtocolVersion"` }
FrontendSessionRequest contains session parameters for the frontend.
type FrontendSessionStatus ¶ added in v0.8.0
type FrontendSessionStatus struct { Status ServerStatus `json:"status"` NextSession *Qr `json:"nextSession,omitempty"` }
type GetCommitmentsRequest ¶ added in v0.14.0
type GetCommitmentsRequest struct { Keys []PublicKeyIdentifier `json:"keys"` Hash gabi.KeyshareCommitmentRequest `json:"hw"` }
type HTTPTransport ¶
type HTTPTransport struct { Server string Binary bool ForceHTTPS bool // contains filtered or unexported fields }
HTTPTransport sends and receives JSON messages to a HTTP server.
func NewHTTPTransport ¶
func NewHTTPTransport(serverURL string, forceHTTPS bool) *HTTPTransport
NewHTTPTransport returns a new HTTPTransport.
func (*HTTPTransport) Delete ¶
func (transport *HTTPTransport) Delete() error
Delete performs a DELETE.
func (*HTTPTransport) Get ¶
func (transport *HTTPTransport) Get(url string, result interface{}) error
Get performs a GET request and parses the server's response into result.
func (*HTTPTransport) GetBytes ¶
func (transport *HTTPTransport) GetBytes(url string) ([]byte, error)
func (*HTTPTransport) Post ¶
func (transport *HTTPTransport) Post(url string, result interface{}, object interface{}) error
Post sends the object to the server and parses its response into result.
func (*HTTPTransport) SetHeader ¶
func (transport *HTTPTransport) SetHeader(name, val string)
SetHeader sets a header to be sent in requests.
type IdentityProviderJwt ¶
type IdentityProviderJwt struct { ServerJwt Request *IdentityProviderRequest `json:"iprequest"` }
IdentityProviderJwt is a requestor JWT for issuance session.
func NewIdentityProviderJwt ¶
func NewIdentityProviderJwt(servername string, ir *IssuanceRequest) *IdentityProviderJwt
NewIdentityProviderJwt returns a new IdentityProviderJwt.
func (*IdentityProviderJwt) Action ¶
func (claims *IdentityProviderJwt) Action() Action
func (*IdentityProviderJwt) RequestorRequest ¶
func (claims *IdentityProviderJwt) RequestorRequest() RequestorRequest
func (*IdentityProviderJwt) SessionRequest ¶
func (claims *IdentityProviderJwt) SessionRequest() SessionRequest
SessionRequest returns an IRMA session object.
func (*IdentityProviderJwt) Sign ¶
func (claims *IdentityProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
func (*IdentityProviderJwt) Valid ¶
func (claims *IdentityProviderJwt) Valid() error
type IdentityProviderRequest ¶
type IdentityProviderRequest struct { RequestorBaseRequest Request *IssuanceRequest `json:"request"` }
An IdentityProviderRequest contains an issuance request.
func (*IdentityProviderRequest) Base ¶
func (r *IdentityProviderRequest) Base() *RequestorBaseRequest
func (*IdentityProviderRequest) SessionRequest ¶
func (r *IdentityProviderRequest) SessionRequest() SessionRequest
func (*IdentityProviderRequest) Validate ¶
func (r *IdentityProviderRequest) Validate() error
type IrmaIdentifierSet ¶
type IrmaIdentifierSet struct { SchemeManagers map[SchemeManagerIdentifier]struct{} Issuers map[IssuerIdentifier]struct{} CredentialTypes map[CredentialTypeIdentifier]struct{} PublicKeys map[IssuerIdentifier][]uint AttributeTypes map[AttributeTypeIdentifier]struct{} RequestorSchemes map[RequestorSchemeIdentifier]struct{} }
IrmaIdentifierSet contains a set (ensured by using map[...]struct{}) of all scheme managers, all issuers, all credential types, all public keys and all attribute types that are involved in an IRMA session.
func (*IrmaIdentifierSet) Distributed ¶
func (set *IrmaIdentifierSet) Distributed(conf *Configuration) bool
func (*IrmaIdentifierSet) Empty ¶
func (set *IrmaIdentifierSet) Empty() bool
func (*IrmaIdentifierSet) String ¶ added in v0.3.0
func (set *IrmaIdentifierSet) String() string
type IssuanceRecord ¶ added in v0.5.0
type IssuanceRecord struct { Key string `gorm:"primaryKey;column:revocationkey"` CredType CredentialTypeIdentifier `gorm:"primaryKey"` Issued int64 `gorm:"primaryKey;autoIncrement:false"` PKCounter *uint Attr *RevocationAttribute ValidUntil int64 RevokedAt int64 `json:",omitempty"` // 0 if not currently revoked }
IssuanceRecord contains information generated during issuance, needed for later revocation. It corresponds to SQL table rows to store issuance records using GORM.
type IssuanceRequest ¶
type IssuanceRequest struct { DisclosureRequest Credentials []*CredentialRequest `json:"credentials"` // Derived data CredentialInfoList CredentialInfoList `json:",omitempty"` RemovalCredentialInfoList CredentialInfoList `json:",omitempty"` }
An IssuanceRequest is a request to issue certain credentials, optionally also asking for certain attributes to be simultaneously disclosed. Construct new instances using NewIssuanceRequest().
func NewIssuanceRequest ¶ added in v0.3.0
func NewIssuanceRequest(creds []*CredentialRequest, attrs ...AttributeTypeIdentifier) *IssuanceRequest
func (*IssuanceRequest) Action ¶
func (ir *IssuanceRequest) Action() Action
func (*IssuanceRequest) GetCredentialInfoList ¶
func (ir *IssuanceRequest) GetCredentialInfoList( conf *Configuration, version *ProtocolVersion, issuedAt time.Time, ) (CredentialInfoList, error)
func (*IssuanceRequest) Identifiers ¶
func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet
func (*IssuanceRequest) Legacy ¶ added in v0.3.0
func (ir *IssuanceRequest) Legacy() (SessionRequest, error)
func (*IssuanceRequest) UnmarshalJSON ¶ added in v0.3.0
func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error)
func (*IssuanceRequest) Validate ¶
func (ir *IssuanceRequest) Validate() error
type IssueCommitmentMessage ¶
type IssueCommitmentMessage struct { *gabi.IssueCommitmentMessage Indices DisclosedAttributeIndices `json:"indices,omitempty"` }
func (*IssueCommitmentMessage) Disclosure ¶
func (i *IssueCommitmentMessage) Disclosure() *Disclosure
type IssueWizard ¶ added in v0.8.0
type IssueWizard struct { ID IssueWizardIdentifier `json:"id"` Title TranslatedString `json:"title"` Logo *string `json:"logo,omitempty"` // SHA256 of the logo contents (which is the filename on disk) LogoPath *string `json:"logoPath,omitempty"` // Full path to the logo set automatically during scheme parsing Color *string `json:"color,omitempty"` TextColor *string `json:"textColor,omitempty"` Issues *CredentialTypeIdentifier `json:"issues,omitempty"` AllowOtherRequestors bool `json:"allowOtherRequestors"` Languages []string `json:"languages"` Info *TranslatedString `json:"info,omitempty"` FAQ []IssueWizardQA `json:"faq,omitempty"` Intro *TranslatedString `json:"intro,omitempty"` SuccessHeader *TranslatedString `json:"successHeader,omitempty"` SuccessText *TranslatedString `json:"successText,omitempty"` ExpandDependencies *bool `json:"expandDependencies,omitempty"` Contents IssueWizardContents `json:"contents"` }
func (IssueWizard) Path ¶ added in v0.8.0
func (wizard IssueWizard) Path(conf *Configuration, creds CredentialInfoList) ([]IssueWizardItem, error)
Path returns a list of IssueWizardItems to be used as the wizard item order. If the ExpandDependencies boolean is set to false, the result of IssueWizardContents.ChoosePath is returned. If not set or set to true, this is augmented with all dependencies of all items in an executable order.
func (*IssueWizard) Validate ¶ added in v0.8.0
func (wizard *IssueWizard) Validate(conf *Configuration) error
type IssueWizardContents ¶ added in v0.8.0
type IssueWizardContents [][][]IssueWizardItem
IssueWizardContents contains a condiscon (conjunction of disjunctions of conjunctions) of issue wizard items, making it possible to present the user with different options to complete the wizard.
func (IssueWizardContents) ChoosePath ¶ added in v0.8.0
func (contents IssueWizardContents) ChoosePath(conf *Configuration, creds map[CredentialTypeIdentifier]struct{}) []IssueWizardItem
ChoosePath processes the wizard contents given the list of present credentials. Of each disjunction, either the first contained inner conjunction that is satisfied by the credential list is chosen; or if no such conjunction exists in the disjunction, the first conjunction is chosen. The result of doing this for all outer conjunctions is flattened and returned.
type IssueWizardIdentifier ¶ added in v0.8.0
type IssueWizardIdentifier struct {
// contains filtered or unexported fields
}
func NewIssueWizardIdentifier ¶ added in v0.8.0
func NewIssueWizardIdentifier(id string) IssueWizardIdentifier
NewIssueWizardIdentifier converts the specified identifier to a NewIssueWizardIdentifier.
func (IssueWizardIdentifier) GormDBDataType ¶ added in v0.13.0
GormDBDataType implements the gorm.io/gorm/migrator GormDataTypeInterface interface.
func (IssueWizardIdentifier) MarshalCBOR ¶ added in v0.8.0
func (IssueWizardIdentifier) MarshalText ¶ added in v0.8.0
func (id IssueWizardIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (IssueWizardIdentifier) Name ¶ added in v0.8.0
func (oi IssueWizardIdentifier) Name() string
Name returns the last part of this identifier.
func (IssueWizardIdentifier) Parent ¶ added in v0.8.0
func (oi IssueWizardIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (IssueWizardIdentifier) PartsCount ¶ added in v0.9.0
func (oi IssueWizardIdentifier) PartsCount() int
func (IssueWizardIdentifier) RequestorIdentifier ¶ added in v0.8.0
func (id IssueWizardIdentifier) RequestorIdentifier() RequestorIdentifier
RequestorIdentifier returns the requestor identifier of the issue wizard.
func (*IssueWizardIdentifier) Scan ¶ added in v0.8.0
func (oi *IssueWizardIdentifier) Scan(src interface{}) error
Scan implements sql/driver Scanner interface.
func (IssueWizardIdentifier) String ¶ added in v0.8.0
func (oi IssueWizardIdentifier) String() string
String returns this identifier as a string.
func (*IssueWizardIdentifier) UnmarshalCBOR ¶ added in v0.8.0
func (*IssueWizardIdentifier) UnmarshalText ¶ added in v0.8.0
func (id *IssueWizardIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type IssueWizardItem ¶ added in v0.8.0
type IssueWizardItem struct { Type IssueWizardItemType `json:"type"` Credential *CredentialTypeIdentifier `json:"credential,omitempty"` Header *TranslatedString `json:"header,omitempty"` Text *TranslatedString `json:"text,omitempty"` Label *TranslatedString `json:"label,omitempty"` SessionURL *string `json:"sessionUrl,omitempty"` URL *TranslatedString `json:"url,omitempty"` InApp *bool `json:"inapp,omitempty"` // contains filtered or unexported fields }
type IssueWizardItemType ¶ added in v0.8.0
type IssueWizardItemType string
const ( IssueWizardItemTypeCredential IssueWizardItemType = "credential" IssueWizardItemTypeSession IssueWizardItemType = "session" IssueWizardItemTypeWebsite IssueWizardItemType = "website" )
type IssueWizardQA ¶ added in v0.8.0
type IssueWizardQA struct { Question TranslatedString `json:"question"` Answer TranslatedString `json:"answer"` }
type Issuer ¶
type Issuer struct { ID string `xml:"ID"` Name TranslatedString `xml:"Name"` SchemeManagerID string `xml:"SchemeManager"` ContactAddress string ContactEMail string DeprecatedSince Timestamp Languages []string `xml:"Languages>Language"` XMLVersion int `xml:"version,attr"` }
Issuer describes an issuer.
func (*Issuer) Identifier ¶
func (id *Issuer) Identifier() IssuerIdentifier
Identifier returns the identifier of the specified issuer description.
func (*Issuer) SchemeManagerIdentifier ¶
func (id *Issuer) SchemeManagerIdentifier() SchemeManagerIdentifier
type IssuerIdentifier ¶
type IssuerIdentifier struct {
// contains filtered or unexported fields
}
IssuerIdentifier identifies an issuer. For example "irma-demo.RU".
func NewIssuerIdentifier ¶
func NewIssuerIdentifier(id string) IssuerIdentifier
NewIssuerIdentifier converts the specified identifier to a IssuerIdentifier.
func (IssuerIdentifier) GormDBDataType ¶ added in v0.13.0
GormDBDataType implements the gorm.io/gorm/migrator GormDataTypeInterface interface.
func (IssuerIdentifier) MarshalCBOR ¶ added in v0.5.0
func (IssuerIdentifier) MarshalText ¶
func (id IssuerIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (IssuerIdentifier) Name ¶
func (oi IssuerIdentifier) Name() string
Name returns the last part of this identifier.
func (IssuerIdentifier) Parent ¶
func (oi IssuerIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (IssuerIdentifier) PartsCount ¶ added in v0.9.0
func (oi IssuerIdentifier) PartsCount() int
func (*IssuerIdentifier) Scan ¶ added in v0.5.0
func (oi *IssuerIdentifier) Scan(src interface{}) error
Scan implements sql/driver Scanner interface.
func (IssuerIdentifier) SchemeManagerIdentifier ¶
func (id IssuerIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier
SchemeManagerIdentifier returns the scheme manager identifer of the issuer.
func (IssuerIdentifier) String ¶
func (oi IssuerIdentifier) String() string
String returns this identifier as a string.
func (*IssuerIdentifier) UnmarshalCBOR ¶ added in v0.5.0
func (*IssuerIdentifier) UnmarshalText ¶
func (id *IssuerIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type KeyshareAuthChallenge ¶ added in v0.11.0
type KeyshareAuthChallenge struct {}
type KeyshareAuthRequest ¶ added in v0.11.0
type KeyshareAuthRequest struct {
}type KeyshareAuthRequestClaims ¶ added in v0.11.0
type KeyshareAuthRequestClaims struct {}
type KeyshareAuthResponse ¶ added in v0.11.0
type KeyshareAuthResponse struct {}
type KeyshareAuthResponseClaims ¶ added in v0.11.0
type KeyshareAuthResponseClaims struct {}
type KeyshareAuthResponseData ¶ added in v0.11.0
type KeyshareAuthResponseData struct {}
type KeyshareChangePin ¶ added in v0.8.0
type KeyshareChangePin struct {}
type KeyshareChangePinClaims ¶ added in v0.11.0
type KeyshareChangePinClaims struct {}
type KeyshareChangePinData ¶ added in v0.11.0
type KeyshareChangePinData struct {}
type KeyshareEnrollment ¶ added in v0.8.0
type KeyshareEnrollment struct {}
type KeyshareEnrollmentClaims ¶ added in v0.11.0
type KeyshareEnrollmentClaims struct {}
type KeyshareEnrollmentData ¶ added in v0.11.0
type KeyshareEnrollmentData struct {}
type KeyshareKeyRegistration ¶ added in v0.11.0
type KeyshareKeyRegistration struct {
}type KeyshareKeyRegistrationClaims ¶ added in v0.11.0
type KeyshareKeyRegistrationClaims struct {}
type KeyshareKeyRegistrationData ¶ added in v0.11.0
type KeyshareKeyRegistrationData struct {}
type KeysharePinStatus ¶ added in v0.8.0
type KeysharePinStatus struct {}
type LegacyDisclosureRequest ¶ added in v0.3.0
type LegacyDisclosureRequest struct { BaseRequest Content []LegacyLabeledDisjunction `json:"content"` }
func (*LegacyDisclosureRequest) Action ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Action() Action
func (*LegacyDisclosureRequest) Base ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Base() *BaseRequest
func (*LegacyDisclosureRequest) Disclosure ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest
func (*LegacyDisclosureRequest) Identifiers ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet
func (*LegacyDisclosureRequest) Legacy ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Legacy() (SessionRequest, error)
func (*LegacyDisclosureRequest) Validate ¶ added in v0.3.0
func (dr *LegacyDisclosureRequest) Validate() error
type LegacyDisjunction ¶ added in v0.3.0
type LegacyDisjunction []AttributeRequest
LegacyDisjunction is a disjunction of attributes from before the condiscon feature, representing a list of attribute types one of which must be given by the user, possibly requiring specific values. (C.f. AttributeCon, also defined as []AttributeRequest, which is only satisfied if all listed attributes are given by the user.)
func (*LegacyDisjunction) MarshalJSON ¶ added in v0.3.0
func (l *LegacyDisjunction) MarshalJSON() ([]byte, error)
func (*LegacyDisjunction) UnmarshalJSON ¶ added in v0.3.0
func (l *LegacyDisjunction) UnmarshalJSON(bts []byte) error
type LegacyIssuanceRequest ¶ added in v0.3.0
type LegacyIssuanceRequest struct { BaseRequest Credentials []*CredentialRequest `json:"credentials"` Disclose []LegacyLabeledDisjunction `json:"disclose"` }
func (*LegacyIssuanceRequest) Action ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Action() Action
func (*LegacyIssuanceRequest) Base ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Base() *BaseRequest
func (*LegacyIssuanceRequest) Disclosure ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest
func (*LegacyIssuanceRequest) Identifiers ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet
func (*LegacyIssuanceRequest) Legacy ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error)
func (*LegacyIssuanceRequest) Validate ¶ added in v0.3.0
func (ir *LegacyIssuanceRequest) Validate() error
type LegacyLabeledDisjunction ¶ added in v0.3.0
type LegacyLabeledDisjunction struct { Label string `json:"label"` Attributes LegacyDisjunction `json:"attributes"` }
type LegacySignatureRequest ¶ added in v0.3.0
type LegacySignatureRequest struct { LegacyDisclosureRequest Message string `json:"message"` }
func (*LegacySignatureRequest) Action ¶ added in v0.3.0
func (ir *LegacySignatureRequest) Action() Action
type MetadataAttribute ¶
type MetadataAttribute struct { Int *big.Int Conf *Configuration // contains filtered or unexported fields }
MetadataAttribute represents a metadata attribute. Contains the credential type, signing date, validity, and the public key counter.
func MetadataFromInt ¶
func MetadataFromInt(i *big.Int, conf *Configuration) *MetadataAttribute
MetadataFromInt wraps the given Int
func NewMetadataAttribute ¶
func NewMetadataAttribute(version byte) *MetadataAttribute
NewMetadataAttribute constructs a new instance containing the default values: provided version as versionField now as signing date 0 as keycounter ValidityDefault (half a year) as default validity.
func (*MetadataAttribute) Bytes ¶
func (attr *MetadataAttribute) Bytes() []byte
Bytes returns this metadata attribute as a byte slice. Bigint's Bytes() method returns a big-endian byte slice, so add padding at begin.
func (*MetadataAttribute) CredentialType ¶
func (attr *MetadataAttribute) CredentialType() *CredentialType
CredentialType returns the credential type of the current instance using the Configuration.
func (*MetadataAttribute) CredentialTypeHash ¶
func (attr *MetadataAttribute) CredentialTypeHash() []byte
func (*MetadataAttribute) Expiry ¶
func (attr *MetadataAttribute) Expiry() time.Time
Expiry returns the expiry date of this instance
func (*MetadataAttribute) IsValid ¶
func (attr *MetadataAttribute) IsValid() bool
IsValid returns whether this instance is valid.
func (*MetadataAttribute) IsValidOn ¶
func (attr *MetadataAttribute) IsValidOn(t time.Time) bool
IsValidOn returns whether this instance is still valid at the given time
func (*MetadataAttribute) KeyCounter ¶
func (attr *MetadataAttribute) KeyCounter() uint
KeyCounter return the public key counter of the metadata attribute
func (*MetadataAttribute) PublicKey ¶
func (attr *MetadataAttribute) PublicKey() (*gabikeys.PublicKey, error)
PublicKey extracts identifier of the Idemix public key with which this instance was signed, and returns this public key.
func (*MetadataAttribute) SigningDate ¶
func (attr *MetadataAttribute) SigningDate() time.Time
SigningDate returns the time at which this instance was signed
func (*MetadataAttribute) ValidityDuration ¶
func (attr *MetadataAttribute) ValidityDuration() int
ValidityDuration returns the amount of epochs during which this instance is valid
func (*MetadataAttribute) Version ¶
func (attr *MetadataAttribute) Version() byte
Version returns the metadata version of this instance
type NextSessionData ¶ added in v0.8.0
type NextSessionData struct {
URL string `json:"url"` // URL from which to get the next session after this one
}
type NonRevocationParameters ¶ added in v0.5.0
type NonRevocationParameters map[CredentialTypeIdentifier]*NonRevocationRequest
func (*NonRevocationParameters) MarshalJSON ¶ added in v0.5.0
func (n *NonRevocationParameters) MarshalJSON() ([]byte, error)
func (*NonRevocationParameters) UnmarshalJSON ¶ added in v0.5.0
func (n *NonRevocationParameters) UnmarshalJSON(bts []byte) error
type NonRevocationRequest ¶ added in v0.5.0
type NonRevocationRequest struct { Tolerance uint64 `json:"tolerance,omitempty"` Updates map[uint]*revocation.Update `json:"updates,omitempty"` }
type PMap ¶ added in v0.14.0
type PMap struct {
Ps map[PublicKeyIdentifier]*big.Int `json:"ps"`
}
func (*PMap) MarshalJSON ¶ added in v0.14.0
type PairingMethod ¶ added in v0.8.0
type PairingMethod string
type PrivateKeyRing ¶ added in v0.5.0
type PrivateKeyRing interface { // Latest returns the private key with the highest counter for the specified issuer, if any, // or an error. Latest(id IssuerIdentifier) (*gabikeys.PrivateKey, error) // Get returns the specified private key, or an error. Get(id IssuerIdentifier, counter uint) (*gabikeys.PrivateKey, error) // Iterate executes the specified function on each private key of the specified issuer // present in the ring. The private keys are offered to the function in no particular order, // and the same key may be offered multiple times. Returns on the first error returned // by the function. Iterate(id IssuerIdentifier, f func(sk *gabikeys.PrivateKey) error) error }
PrivateKeyRing provides access to a set of private keys.
type PrivateKeyRingFolder ¶ added in v0.5.0
type PrivateKeyRingFolder struct {
// contains filtered or unexported fields
}
PrivateKeyRingFolder represents a folder on disk containing private keys with filenames of the form scheme.issuer.xml and scheme.issuer.counter.xml.
func NewPrivateKeyRingFolder ¶ added in v0.5.0
func NewPrivateKeyRingFolder(path string, conf *Configuration) (*PrivateKeyRingFolder, error)
func (*PrivateKeyRingFolder) Get ¶ added in v0.5.0
func (p *PrivateKeyRingFolder) Get(id IssuerIdentifier, counter uint) (*gabikeys.PrivateKey, error)
func (*PrivateKeyRingFolder) Iterate ¶ added in v0.5.0
func (p *PrivateKeyRingFolder) Iterate(id IssuerIdentifier, f func(sk *gabikeys.PrivateKey) error) error
func (*PrivateKeyRingFolder) Latest ¶ added in v0.5.0
func (p *PrivateKeyRingFolder) Latest(id IssuerIdentifier) (*gabikeys.PrivateKey, error)
type ProofList ¶
ProofList is a gabi.ProofList with some extra methods.
func (ProofList) Expired ¶
func (pl ProofList) Expired(configuration *Configuration, t *time.Time, skipExpiryCheck []CredentialTypeIdentifier) (bool, error)
Expired returns true if any of the contained disclosure proofs is specified at the specified time, or now, when the specified time is nil.
func (ProofList) ExtractPublicKeys ¶
func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabikeys.PublicKey, error)
ExtractPublicKeys returns the public keys of each proof in the proofList, in the same order, for later use in verification of the proofList. If one of the proofs is not a ProofD an error is returned.
func (ProofList) VerifyProofs ¶
func (pl ProofList) VerifyProofs( configuration *Configuration, request SessionRequest, context *big.Int, nonce *big.Int, publickeys []*gabikeys.PublicKey, validAt *time.Time, isSig bool, ) (bool, map[int]*time.Time, error)
VerifyProofs verifies the proofs cryptographically.
type ProofPCommitmentMap ¶ added in v0.8.0
type ProofPCommitmentMap struct {
Commitments map[PublicKeyIdentifier]*gabi.ProofPCommitment `json:"c"`
}
func (*ProofPCommitmentMap) MarshalJSON ¶ added in v0.8.0
func (ppcm *ProofPCommitmentMap) MarshalJSON() ([]byte, error)
type ProofPCommitmentMapV2 ¶ added in v0.14.0
type ProofPCommitmentMapV2 struct {
Commitments map[PublicKeyIdentifier]*big.Int `json:"c"`
}
func (*ProofPCommitmentMapV2) MarshalJSON ¶ added in v0.14.0
func (cm *ProofPCommitmentMapV2) MarshalJSON() ([]byte, error)
type ProtocolVersion ¶
ProtocolVersion encodes the IRMA protocol version of an IRMA session.
func NewVersion ¶
func NewVersion(major, minor int) *ProtocolVersion
func (*ProtocolVersion) Above ¶
func (v *ProtocolVersion) Above(major, minor int) bool
Above returns true if v is above the given version.
func (*ProtocolVersion) AboveVersion ¶
func (v *ProtocolVersion) AboveVersion(other *ProtocolVersion) bool
AboveVersion returns true if v is above the given version.
func (*ProtocolVersion) Below ¶
func (v *ProtocolVersion) Below(major, minor int) bool
Below returns true if v is below the given version.
func (*ProtocolVersion) BelowVersion ¶
func (v *ProtocolVersion) BelowVersion(other *ProtocolVersion) bool
BelowVersion returns true if v is below the given version.
func (*ProtocolVersion) MarshalJSON ¶
func (v *ProtocolVersion) MarshalJSON() ([]byte, error)
func (*ProtocolVersion) String ¶
func (v *ProtocolVersion) String() string
func (*ProtocolVersion) UnmarshalJSON ¶
func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error)
type PublicKeyIdentifier ¶ added in v0.8.0
type PublicKeyIdentifier struct { Issuer IssuerIdentifier `json:"issuer"` Counter uint `json:"counter"` }
PublicKeyIdentifier identifies a single key from an issuer. For example: "irma-demo.RU-1"
func (*PublicKeyIdentifier) MarshalText ¶ added in v0.8.0
func (pki *PublicKeyIdentifier) MarshalText() (text []byte, err error)
func (*PublicKeyIdentifier) UnmarshalText ¶ added in v0.8.0
func (pki *PublicKeyIdentifier) UnmarshalText(text []byte) error
type Qr ¶
type Qr struct { // Server with which to perform the session URL string `json:"u"` // Session type (disclosing, signing, issuing) Type Action `json:"irmaqr"` }
Qr contains the data of an IRMA session QR (as generated by irma_js), suitable for NewSession().
type RemoteError ¶
type RemoteError struct { Status int `json:"status,omitempty"` ErrorName string `json:"error,omitempty"` Description string `json:"description,omitempty"` Message string `json:"message,omitempty"` Stacktrace string `json:"stacktrace,omitempty"` }
RemoteError is an error message returned by the API server on errors.
func (*RemoteError) Error ¶
func (err *RemoteError) Error() string
type RequestorBaseRequest ¶
type RequestorBaseRequest struct { ResultJwtValidity int `json:"validity,omitempty"` // Validity of session result JWT in seconds ClientTimeout int `json:"timeout,omitempty"` // Wait this many seconds for the IRMA app to connect before the session times out CallbackURL string `json:"callbackUrl,omitempty"` // URL to post session result to NextSession *NextSessionData `json:"nextSession,omitempty"` // Data about session to start after this one (if any) }
RequestorBaseRequest contains fields present in all RequestorRequest types with which the requestor configures an IRMA session.
func (*RequestorBaseRequest) SetDefaultsIfNecessary ¶ added in v0.7.0
func (r *RequestorBaseRequest) SetDefaultsIfNecessary()
type RequestorChunk ¶ added in v0.6.0
type RequestorChunk []*RequestorInfo
RequestorChunk is a number of verified requestors stored together. The RequestorScheme can consist of multiple such chunks
type RequestorIdentifier ¶ added in v0.8.0
type RequestorIdentifier struct {
// contains filtered or unexported fields
}
func NewRequestorIdentifier ¶ added in v0.8.0
func NewRequestorIdentifier(id string) RequestorIdentifier
NewRequestorIdentifier converts the specified identifier to a NewRequestorIdentifier.
func (RequestorIdentifier) GormDBDataType ¶ added in v0.13.0
GormDBDataType implements the gorm.io/gorm/migrator GormDataTypeInterface interface.
func (RequestorIdentifier) MarshalCBOR ¶ added in v0.8.0
func (RequestorIdentifier) MarshalText ¶ added in v0.8.0
func (id RequestorIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (RequestorIdentifier) Name ¶ added in v0.8.0
func (oi RequestorIdentifier) Name() string
Name returns the last part of this identifier.
func (RequestorIdentifier) Parent ¶ added in v0.8.0
func (oi RequestorIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (RequestorIdentifier) PartsCount ¶ added in v0.9.0
func (oi RequestorIdentifier) PartsCount() int
func (RequestorIdentifier) RequestorSchemeIdentifier ¶ added in v0.8.0
func (id RequestorIdentifier) RequestorSchemeIdentifier() RequestorSchemeIdentifier
RequestorSchemeIdentifier returns the requestor scheme identifier of the requestor.
func (*RequestorIdentifier) Scan ¶ added in v0.8.0
func (oi *RequestorIdentifier) Scan(src interface{}) error
Scan implements sql/driver Scanner interface.
func (RequestorIdentifier) String ¶ added in v0.8.0
func (oi RequestorIdentifier) String() string
String returns this identifier as a string.
func (*RequestorIdentifier) UnmarshalCBOR ¶ added in v0.8.0
func (*RequestorIdentifier) UnmarshalText ¶ added in v0.8.0
func (id *RequestorIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type RequestorInfo ¶ added in v0.6.0
type RequestorInfo struct { ID RequestorIdentifier `json:"id"` Scheme RequestorSchemeIdentifier `json:"scheme"` Name TranslatedString `json:"name"` Industry *TranslatedString `json:"industry"` Hostnames []string `json:"hostnames"` Logo *string `json:"logo"` LogoPath *string `json:"logoPath,omitempty"` ValidUntil *Timestamp `json:"valid_until"` Unverified bool `json:"unverified"` Languages []string `json:"languages"` Wizards map[IssueWizardIdentifier]*IssueWizard `json:"wizards"` }
RequestorInfo describes a single verified requestor
func NewRequestorInfo ¶ added in v0.6.0
func NewRequestorInfo(hostname string) *RequestorInfo
NewRequestorInfo returns a Requestor with just the given hostname
type RequestorJwt ¶
type RequestorJwt interface { Action() Action RequestorRequest() RequestorRequest SessionRequest() SessionRequest Requestor() string Valid() error Sign(jwt.SigningMethod, interface{}) (string, error) }
A RequestorJwt contains an IRMA session object.
func ParseRequestorJwt ¶
func ParseRequestorJwt(action string, requestorJwt string) (RequestorJwt, error)
ParseRequestorJwt parses the specified JWT and returns the contents. Note: this function does not verify the signature! Do that elsewhere.
type RequestorRequest ¶
type RequestorRequest interface { Validator SessionRequest() SessionRequest Base() *RequestorBaseRequest }
RequestorRequest is the message with which requestors start an IRMA session. It contains a SessionRequest instance for the irmaclient along with extra fields in a RequestorBaseRequest.
type RequestorScheme ¶ added in v0.6.0
type RequestorScheme struct { ID RequestorSchemeIdentifier `json:"id"` URL string `json:"url"` Demo bool `json:"demo"` Languages []string `json:"languages"` Status SchemeManagerStatus `json:"-"` Timestamp Timestamp `json:"-"` // contains filtered or unexported fields }
RequestorScheme describes verified requestors
type RequestorSchemeIdentifier ¶ added in v0.6.0
type RequestorSchemeIdentifier struct {
// contains filtered or unexported fields
}
RequestorSchemeIdentifier identifies a requestor scheme. Equal to its ID. For example "pbdf-requestors"
func NewRequestorSchemeIdentifier ¶ added in v0.6.0
func NewRequestorSchemeIdentifier(id string) RequestorSchemeIdentifier
NewRequestorSchemeIdentifier converts the specified identifier to a RequestorSchemeIdentifier.
func (RequestorSchemeIdentifier) Empty ¶ added in v0.6.0
func (oi RequestorSchemeIdentifier) Empty() bool
func (RequestorSchemeIdentifier) GormDBDataType ¶ added in v0.13.0
GormDBDataType implements the gorm.io/gorm/migrator GormDataTypeInterface interface.
func (RequestorSchemeIdentifier) MarshalCBOR ¶ added in v0.6.0
func (RequestorSchemeIdentifier) MarshalText ¶ added in v0.6.0
func (id RequestorSchemeIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (RequestorSchemeIdentifier) Name ¶ added in v0.6.0
func (oi RequestorSchemeIdentifier) Name() string
Name returns the last part of this identifier.
func (RequestorSchemeIdentifier) Parent ¶ added in v0.6.0
func (oi RequestorSchemeIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (RequestorSchemeIdentifier) PartsCount ¶ added in v0.9.0
func (oi RequestorSchemeIdentifier) PartsCount() int
func (RequestorSchemeIdentifier) Root ¶ added in v0.6.0
func (oi RequestorSchemeIdentifier) Root() string
func (*RequestorSchemeIdentifier) Scan ¶ added in v0.6.0
func (oi *RequestorSchemeIdentifier) Scan(src interface{}) error
Scan implements sql/driver Scanner interface.
func (RequestorSchemeIdentifier) String ¶ added in v0.6.0
func (oi RequestorSchemeIdentifier) String() string
String returns this identifier as a string.
func (*RequestorSchemeIdentifier) UnmarshalCBOR ¶ added in v0.6.0
func (*RequestorSchemeIdentifier) UnmarshalText ¶ added in v0.6.0
func (id *RequestorSchemeIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type RequestorToken ¶ added in v0.8.0
type RequestorToken string
RequestorToken identifies a session from the perspective of the requestor.
func ParseRequestorToken ¶ added in v0.9.0
func ParseRequestorToken(input string) (RequestorToken, error)
ParseRequestorToken parses a string to a ClientToken after validating the input.
type RequiredAttributeMissingError ¶ added in v0.5.0
type RequiredAttributeMissingError struct { ErrorType Missing *IrmaIdentifierSet }
func (*RequiredAttributeMissingError) Error ¶ added in v0.5.0
func (e *RequiredAttributeMissingError) Error() string
type RevocationAttribute ¶ added in v0.5.0
RevocationAttribute is a big.Int with DB (un)marshaling methods.
func (RevocationAttribute) GormDBDataType ¶ added in v0.13.0
GormDBDataType implements the gorm.io/gorm/migrator GormDataTypeInterface interface.
func (*RevocationAttribute) MarshalCBOR ¶ added in v0.5.0
func (i *RevocationAttribute) MarshalCBOR() ([]byte, error)
MarshalCBOR marshals the given revocation attribute to CBOR.
func (*RevocationAttribute) Scan ¶ added in v0.5.0
func (i *RevocationAttribute) Scan(src interface{}) error
Scan implements sql.Scanner, for SQL unmarshaling (from a []byte).
func (*RevocationAttribute) UnmarshalCBOR ¶ added in v0.5.0
func (i *RevocationAttribute) UnmarshalCBOR(data []byte) error
UnmarshalCBOR unmarshals the given CBOR bytes and parses it as revocation attribute.
type RevocationClient ¶ added in v0.5.0
type RevocationClient struct { Conf *Configuration Settings RevocationSettings // contains filtered or unexported fields }
RevocationClient offers an HTTP client to the revocation server endpoints.
func (RevocationClient) FetchUpdateFrom ¶ added in v0.5.0
func (client RevocationClient) FetchUpdateFrom(id CredentialTypeIdentifier, pkcounter uint, from uint64) (*revocation.Update, error)
func (RevocationClient) FetchUpdateLatest ¶ added in v0.5.0
func (client RevocationClient) FetchUpdateLatest(id CredentialTypeIdentifier, pkcounter uint, count uint64) (*revocation.Update, error)
func (RevocationClient) FetchUpdatesLatest ¶ added in v0.5.0
func (client RevocationClient) FetchUpdatesLatest(id CredentialTypeIdentifier, count uint64) (map[uint]*revocation.Update, error)
func (RevocationClient) PostIssuanceRecord ¶ added in v0.5.0
func (client RevocationClient) PostIssuanceRecord(id CredentialTypeIdentifier, sk *gabikeys.PrivateKey, rec *IssuanceRecord, url string) error
type RevocationJwt ¶ added in v0.5.0
type RevocationJwt struct { ServerJwt Request *RevocationRequest `json:"revrequest"` }
func (*RevocationJwt) Sign ¶ added in v0.5.0
func (claims *RevocationJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
func (*RevocationJwt) Valid ¶ added in v0.5.0
func (claims *RevocationJwt) Valid() error
type RevocationKeys ¶ added in v0.5.0
type RevocationKeys struct {
Conf *Configuration
}
RevocationKeys contains helper functions for retrieving revocation private and public keys from an irma.Configuration instance.
func (RevocationKeys) PrivateKey ¶ added in v0.5.0
func (rs RevocationKeys) PrivateKey(issid IssuerIdentifier, counter uint) (*gabikeys.PrivateKey, error)
func (RevocationKeys) PrivateKeyLatest ¶ added in v0.5.0
func (rs RevocationKeys) PrivateKeyLatest(issid IssuerIdentifier) (*gabikeys.PrivateKey, error)
func (RevocationKeys) PublicKey ¶ added in v0.5.0
func (rs RevocationKeys) PublicKey(issid IssuerIdentifier, counter uint) (*gabikeys.PublicKey, error)
type RevocationRequest ¶ added in v0.5.0
type RevocationRequest struct { LDContext string `json:"@context,omitempty"` CredentialType CredentialTypeIdentifier `json:"type"` Key string `json:"revocationKey,omitempty"` Issued int64 `json:"issued,omitempty"` }
func (*RevocationRequest) Validate ¶ added in v0.5.0
func (r *RevocationRequest) Validate() error
type RevocationSetting ¶ added in v0.5.0
type RevocationSetting struct { Server bool `json:"server,omitempty" mapstructure:"server"` Authority bool `json:"authority,omitempty" mapstructure:"authority"` RevocationServerURL string `json:"revocation_server_url,omitempty" mapstructure:"revocation_server_url"` Tolerance uint64 `json:"tolerance,omitempty" mapstructure:"tolerance"` // in seconds, min 30 SSE bool `json:"sse,omitempty" mapstructure:"sse"` // contains filtered or unexported fields }
RevocationSetting contains revocation settings for a given credential type.
type RevocationSettings ¶ added in v0.5.0
type RevocationSettings map[CredentialTypeIdentifier]*RevocationSetting
RevocationSettings specifies per credential type what the revocation settings are.
func (RevocationSettings) Get ¶ added in v0.5.0
func (rs RevocationSettings) Get(id CredentialTypeIdentifier) *RevocationSetting
type RevocationStorage ¶ added in v0.5.0
type RevocationStorage struct { Keys RevocationKeys ServerSentEvents *sse.Server // contains filtered or unexported fields }
RevocationStorage stores and retrieves revocation-related data from and to a SQL database, and offers a revocation API for all other irmago code, including a Revoke() method that revokes an earlier issued credential.
func (*RevocationStorage) Accumulator ¶ added in v0.5.0
func (rs *RevocationStorage) Accumulator(id CredentialTypeIdentifier, pkCounter uint) ( *revocation.SignedAccumulator, error, )
Accumulator returns the current state of the accumulator that belongs to the given credential type and public key.
func (*RevocationStorage) AddIssuanceRecord ¶ added in v0.5.0
func (rs *RevocationStorage) AddIssuanceRecord(r *IssuanceRecord) error
AddIssuanceRecord stores the given issuance record.
func (*RevocationStorage) AddUpdate ¶ added in v0.5.0
func (rs *RevocationStorage) AddUpdate(id CredentialTypeIdentifier, update *revocation.Update) error
AddUpdate validates, processes and stores the given revocation update.
func (*RevocationStorage) Close ¶ added in v0.5.0
func (rs *RevocationStorage) Close() error
Close ensures the revocation storage is being closed. Limitation: the background jobs being started by Load() are not being stopped. This can only be done now by clearing all jobs in the Configuration's Scheduler.
func (*RevocationStorage) EnableRevocation ¶ added in v0.5.0
func (rs *RevocationStorage) EnableRevocation(id CredentialTypeIdentifier, sk *gabikeys.PrivateKey) error
EnableRevocation creates an initial accumulator for a given credential type. This function is the only way to create such an initial accumulator and it must be called before anyone can use revocation for this credential type. Requires the issuer private key.
func (*RevocationStorage) Events ¶ added in v0.5.0
func (rs *RevocationStorage) Events(id CredentialTypeIdentifier, pkcounter uint, from, to uint64) (*revocation.EventList, error)
Events returns the revocation events for the given credential type, public key counter and event index range. It returns an error if the requested range is not (fully) present.
func (*RevocationStorage) Exists ¶ added in v0.5.0
func (rs *RevocationStorage) Exists(id CredentialTypeIdentifier, counter uint) (bool, error)
Exists returns whether or not an accumulator exists in the database for the given credential type.
func (*RevocationStorage) IssuanceRecords ¶ added in v0.5.0
func (rs *RevocationStorage) IssuanceRecords(id CredentialTypeIdentifier, key string, issued time.Time) ([]*IssuanceRecord, error)
IssuanceRecords returns all issuance records matching the given credential type, revocation key and issuance time. If the given issuance time is zero, then the issuance time is being ignored as condition.
func (*RevocationStorage) LatestUpdates ¶ added in v0.13.0
func (rs *RevocationStorage) LatestUpdates(id CredentialTypeIdentifier, limit uint64, pkCounter *uint) (map[uint]*revocation.Update, error)
LatestUpdates returns revocation update instances for the given credential type and (optionally) public key containing the latest signed accumulator, and the latest revocation events. If limit is set to 0, then all revocation events are returned. If pkCounter is set to nil, then an update is returned for every public key.
func (*RevocationStorage) Load ¶ added in v0.5.0
func (rs *RevocationStorage) Load(debug bool, dbtype, connstr string, settings RevocationSettings) error
Load initializes the revocation storage and starts background jobs to keep the storage up-to-date.
func (*RevocationStorage) PostUpdate ¶ added in v0.5.0
func (rs *RevocationStorage) PostUpdate(id CredentialTypeIdentifier, update *revocation.Update)
func (*RevocationStorage) Revoke ¶ added in v0.5.0
func (rs *RevocationStorage) Revoke(id CredentialTypeIdentifier, key string, issued time.Time) error
Revoke revokes the credential(s) specified by key and issued, if found within the current revocation storage. It updates their revocation time to now, removes their revocation attribute from the current accumulator, and updates the revocation storage. If issued is not specified, i.e. passed the zero value, all credentials specified by key are revoked.
func (*RevocationStorage) SaveIssuanceRecord ¶ added in v0.5.0
func (rs *RevocationStorage) SaveIssuanceRecord(id CredentialTypeIdentifier, rec *IssuanceRecord, sk *gabikeys.PrivateKey) error
SaveIssuanceRecord either stores the issuance record locally, if we are the revocation server of the crecential type, or it signs and sends it to the remote revocation server.
func (*RevocationStorage) SetRevocationUpdates ¶ added in v0.5.0
func (rs *RevocationStorage) SetRevocationUpdates(b *BaseRequest) error
SetRevocationUpdates retrieves the latest revocation records from the database, and attaches them to the request, for each credential type for which a nonrevocation proof is requested in b.Revocation.
func (*RevocationStorage) SyncDB ¶ added in v0.5.0
func (rs *RevocationStorage) SyncDB(id CredentialTypeIdentifier) error
SyncDB fetches the current revocation state of the given credential at its revocation authority and stores this for caching purposes. This is useful to prevent that you have to contact the revocation authority at the exact moment you want to disclose a revocation proof.
func (*RevocationStorage) SyncIfOld ¶ added in v0.5.0
func (rs *RevocationStorage) SyncIfOld(id CredentialTypeIdentifier, maxage uint64) error
SyncIfOld ensures that SyncDB will be called if the current revocation state is older than the given maxage.
type SchemeAppVersion ¶ added in v0.3.0
type SchemeFileHash ¶ added in v0.6.0
type SchemeFileHash []byte
SchemeFileHash encodes the SHA256 hash of an authenticated file under a scheme within the configuration folder.
func (SchemeFileHash) Equal ¶ added in v0.6.0
func (hash SchemeFileHash) Equal(other SchemeFileHash) bool
func (SchemeFileHash) String ¶ added in v0.6.0
func (hash SchemeFileHash) String() string
type SchemeManager ¶
type SchemeManager struct { ID string `xml:"Id"` Name TranslatedString `xml:"Name"` URL string `xml:"Url"` Contact string `xml:"contact"` Demo bool `xml:"Demo"` // Decides whether to download private keys Description TranslatedString MinimumAppVersion SchemeAppVersion TimestampServer string Languages []string `xml:"Languages>Language"` XMLVersion int `xml:"version,attr"` XMLName xml.Name `xml:"SchemeManager"` Status SchemeManagerStatus `xml:"-"` Timestamp Timestamp // contains filtered or unexported fields }
SchemeManager describes an issuer scheme and is the issuer equivalent to the RequestorScheme. The naming is legacy.
func (*SchemeManager) Distributed ¶
func (scheme *SchemeManager) Distributed() bool
Distributed indicates if this scheme uses a keyshare server.
func (*SchemeManager) Identifier ¶
func (scheme *SchemeManager) Identifier() SchemeManagerIdentifier
Identifier returns the identifier of the specified scheme.
type SchemeManagerError ¶
type SchemeManagerError struct { Scheme string Status SchemeManagerStatus Err error }
func (SchemeManagerError) Error ¶
func (sme SchemeManagerError) Error() string
type SchemeManagerIdentifier ¶
type SchemeManagerIdentifier struct {
// contains filtered or unexported fields
}
SchemeManagerIdentifier identifies a scheme manager. Equal to its ID. For example "irma-demo".
func NewSchemeManagerIdentifier ¶
func NewSchemeManagerIdentifier(id string) SchemeManagerIdentifier
NewSchemeManagerIdentifier converts the specified identifier to a SchemeManagerIdentifier.
func (SchemeManagerIdentifier) GormDBDataType ¶ added in v0.13.0
GormDBDataType implements the gorm.io/gorm/migrator GormDataTypeInterface interface.
func (SchemeManagerIdentifier) MarshalCBOR ¶ added in v0.5.0
func (SchemeManagerIdentifier) MarshalText ¶
func (id SchemeManagerIdentifier) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (SchemeManagerIdentifier) Name ¶
func (oi SchemeManagerIdentifier) Name() string
Name returns the last part of this identifier.
func (SchemeManagerIdentifier) Parent ¶
func (oi SchemeManagerIdentifier) Parent() string
Parent returns the parent object of this identifier.
func (SchemeManagerIdentifier) PartsCount ¶ added in v0.9.0
func (oi SchemeManagerIdentifier) PartsCount() int
func (*SchemeManagerIdentifier) Scan ¶ added in v0.5.0
func (oi *SchemeManagerIdentifier) Scan(src interface{}) error
Scan implements sql/driver Scanner interface.
func (SchemeManagerIdentifier) String ¶
func (oi SchemeManagerIdentifier) String() string
String returns this identifier as a string.
func (*SchemeManagerIdentifier) UnmarshalCBOR ¶ added in v0.5.0
func (*SchemeManagerIdentifier) UnmarshalText ¶
func (id *SchemeManagerIdentifier) UnmarshalText(text []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type SchemeManagerIndex ¶
type SchemeManagerIndex map[string]SchemeFileHash
SchemeManagerIndex is a (signed) list of files under a scheme along with their SHA266 hash
func (SchemeManagerIndex) FromString ¶
func (i SchemeManagerIndex) FromString(s string) error
FromString populates this index by parsing the specified string.
func (SchemeManagerIndex) Scheme ¶ added in v0.3.0
func (i SchemeManagerIndex) Scheme() string
func (SchemeManagerIndex) String ¶
func (i SchemeManagerIndex) String() string
type SchemeManagerStatus ¶
type SchemeManagerStatus string
type SchemePointer ¶ added in v0.6.0
type SchemePointer struct { URL string // URL to download scheme from Type SchemeType Publickey []byte // Public key of scheme against which to verify files after they have been downloaded }
SchemePointer points to a remote IRMA scheme, containing information to download the scheme, including its (pinned) public key.
type SchemeType ¶ added in v0.6.0
type SchemeType string
type ServerJwt ¶
type ServerJwt struct { Type string `json:"sub"` ServerName string `json:"iss"` IssuedAt Timestamp `json:"iat"` }
ServerJwt contains standard JWT fields.
type ServerSessionResponse ¶ added in v0.8.0
type ServerSessionResponse struct { ProofStatus ProofStatus `json:"proofStatus"` IssueSignatures []*gabi.IssueSignatureMessage `json:"sigs,omitempty"` NextSession *Qr `json:"nextSession,omitempty"` // needed for legacy (un)marshaling ProtocolVersion *ProtocolVersion `json:"-"` SessionType Action `json:"-"` }
func (*ServerSessionResponse) MarshalJSON ¶ added in v0.8.0
func (s *ServerSessionResponse) MarshalJSON() ([]byte, error)
func (*ServerSessionResponse) UnmarshalJSON ¶ added in v0.8.0
func (s *ServerSessionResponse) UnmarshalJSON(bts []byte) error
type ServerStatus ¶ added in v0.8.0
type ServerStatus string
ServerStatus encodes the server status of an IRMA session (e.g., CONNECTED).
const ( ServerStatusInitialized ServerStatus = "INITIALIZED" // The session has been started and is waiting for the client ServerStatusPairing ServerStatus = "PAIRING" // The client is waiting for the frontend to give permission to connect ServerStatusConnected ServerStatus = "CONNECTED" // The client has retrieved the session request, we wait for its response ServerStatusCancelled ServerStatus = "CANCELLED" // The session is cancelled, possibly due to an error ServerStatusDone ServerStatus = "DONE" // The session has completed successfully ServerStatusTimeout ServerStatus = "TIMEOUT" // Session timed out )
Server statuses
func (ServerStatus) Finished ¶ added in v0.8.0
func (status ServerStatus) Finished() bool
type ServiceProviderJwt ¶
type ServiceProviderJwt struct { ServerJwt Request *ServiceProviderRequest `json:"sprequest"` }
ServiceProviderJwt is a requestor JWT for a disclosure session.
func NewServiceProviderJwt ¶
func NewServiceProviderJwt(servername string, dr *DisclosureRequest) *ServiceProviderJwt
NewServiceProviderJwt returns a new ServiceProviderJwt.
func (*ServiceProviderJwt) Action ¶
func (claims *ServiceProviderJwt) Action() Action
func (*ServiceProviderJwt) RequestorRequest ¶
func (claims *ServiceProviderJwt) RequestorRequest() RequestorRequest
func (*ServiceProviderJwt) SessionRequest ¶
func (claims *ServiceProviderJwt) SessionRequest() SessionRequest
SessionRequest returns an IRMA session object.
func (*ServiceProviderJwt) Sign ¶
func (claims *ServiceProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
func (*ServiceProviderJwt) Valid ¶
func (claims *ServiceProviderJwt) Valid() error
type ServiceProviderRequest ¶
type ServiceProviderRequest struct { RequestorBaseRequest Request *DisclosureRequest `json:"request"` }
A ServiceProviderRequest contains a disclosure request.
func (*ServiceProviderRequest) Base ¶
func (r *ServiceProviderRequest) Base() *RequestorBaseRequest
func (*ServiceProviderRequest) SessionRequest ¶
func (r *ServiceProviderRequest) SessionRequest() SessionRequest
func (*ServiceProviderRequest) Validate ¶
func (r *ServiceProviderRequest) Validate() error
type SessionError ¶
type SessionError struct { Err error ErrorType Info string RemoteError *RemoteError RemoteStatus int }
SessionError is a protocol error.
func (*SessionError) Error ¶
func (e *SessionError) Error() string
func (*SessionError) Stack ¶
func (e *SessionError) Stack() string
func (*SessionError) WrappedError ¶
func (e *SessionError) WrappedError() string
type SessionOptions ¶ added in v0.8.0
type SessionOptions struct { LDContext string `json:"@context,omitempty"` PairingMethod PairingMethod `json:"pairingMethod"` PairingCode string `json:"pairingCode,omitempty"` }
type SessionRequest ¶
type SessionRequest interface { Validator Base() *BaseRequest GetNonce(timestamp *atum.Timestamp) *big.Int Disclosure() *DisclosureRequest Identifiers() *IrmaIdentifierSet Action() Action Legacy() (SessionRequest, error) }
SessionRequest instances contain all information the irmaclient needs to perform an IRMA session.
type SignatureRequest ¶
type SignatureRequest struct { DisclosureRequest Message string `json:"message"` }
A SignatureRequest is a a request to sign a message with certain attributes. Construct new instances using NewSignatureRequest().
func NewSignatureRequest ¶ added in v0.3.0
func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *SignatureRequest
func (*SignatureRequest) Action ¶
func (sr *SignatureRequest) Action() Action
func (*SignatureRequest) GetNonce ¶
func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int
GetNonce returns the nonce of this signature session (with the message already hashed into it).
func (*SignatureRequest) IsSignatureRequest ¶ added in v0.5.0
func (sr *SignatureRequest) IsSignatureRequest() bool
func (*SignatureRequest) Legacy ¶ added in v0.3.0
func (sr *SignatureRequest) Legacy() (SessionRequest, error)
func (*SignatureRequest) SignatureFromMessage ¶
func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error)
func (*SignatureRequest) UnmarshalJSON ¶ added in v0.3.0
func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error)
func (*SignatureRequest) Validate ¶
func (sr *SignatureRequest) Validate() error
type SignatureRequestorJwt ¶
type SignatureRequestorJwt struct { ServerJwt Request *SignatureRequestorRequest `json:"absrequest"` }
SignatureRequestorJwt is a requestor JWT for a signing session.
func NewSignatureRequestorJwt ¶
func NewSignatureRequestorJwt(servername string, sr *SignatureRequest) *SignatureRequestorJwt
NewSignatureRequestorJwt returns a new SignatureRequestorJwt.
func (*SignatureRequestorJwt) Action ¶
func (claims *SignatureRequestorJwt) Action() Action
func (*SignatureRequestorJwt) RequestorRequest ¶
func (claims *SignatureRequestorJwt) RequestorRequest() RequestorRequest
func (*SignatureRequestorJwt) SessionRequest ¶
func (claims *SignatureRequestorJwt) SessionRequest() SessionRequest
SessionRequest returns an IRMA session object.
func (*SignatureRequestorJwt) Sign ¶
func (claims *SignatureRequestorJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)
func (*SignatureRequestorJwt) Valid ¶
func (claims *SignatureRequestorJwt) Valid() error
type SignatureRequestorRequest ¶
type SignatureRequestorRequest struct { RequestorBaseRequest Request *SignatureRequest `json:"request"` }
A SignatureRequestorRequest contains a signing request.
func (*SignatureRequestorRequest) Base ¶
func (r *SignatureRequestorRequest) Base() *RequestorBaseRequest
func (*SignatureRequestorRequest) SessionRequest ¶
func (r *SignatureRequestorRequest) SessionRequest() SessionRequest
func (*SignatureRequestorRequest) Validate ¶
func (r *SignatureRequestorRequest) Validate() error
type SignedMessage ¶
type SignedMessage struct { LDContext string `json:"@context"` Signature gabi.ProofList `json:"signature"` Indices DisclosedAttributeIndices `json:"indices"` Nonce *big.Int `json:"nonce"` Context *big.Int `json:"context"` Message string `json:"message"` Timestamp *atum.Timestamp `json:"timestamp"` }
SignedMessage is a message signed with an attribute-based signature The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)
func (*SignedMessage) Disclosure ¶
func (sm *SignedMessage) Disclosure() *Disclosure
func (*SignedMessage) GetNonce ¶
func (sm *SignedMessage) GetNonce() *big.Int
func (*SignedMessage) MatchesNonceAndContext ¶
func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool
func (*SignedMessage) Verify ¶
func (sm *SignedMessage) Verify(configuration *Configuration, request *SignatureRequest) ([][]*DisclosedAttribute, ProofStatus, error)
Verify the attribute-based signature, optionally against a corresponding signature request. If the request is present (i.e. not nil), then the first attributes in the returned result match with the disjunction list in the request (that is, the i'th attribute in the result should satisfy the i'th disjunction in the request). If the request is not fully satisfied in this fashion, the Status of the result is ProofStatusMissingAttributes. Any remaining attributes (i.e. not asked for by the request) are also included in the result, after the attributes that match disjunctions in the request.
The signature request is optional; if it is nil then the attribute-based signature is still verified, and all containing attributes returned in the result.
func (*SignedMessage) VerifyTimestamp ¶
func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error
VerifyTimestamp verifies the timestamp over the signed message, disclosed attributes, and rerandomized CL-signatures of the given SignedMessage.
func (*SignedMessage) Version ¶ added in v0.3.0
func (sm *SignedMessage) Version() int
type Timestamp ¶
Timestamp is a time.Time that marshals to Unix timestamps.
func (Timestamp) After ¶
After checks if Timestamp is after other Timestamp. Used for checking expiry of attributes.
func (Timestamp) Before ¶
Before checks if Timestamp is before other Timestamp. Used for checking expiry of attributes.
func (*Timestamp) MarshalJSON ¶
MarshalJSON marshals a timestamp.
func (*Timestamp) MarshalXML ¶ added in v0.5.0
func (*Timestamp) UnmarshalJSON ¶
UnmarshalJSON unmarshals a timestamp.
func (*Timestamp) UnmarshalXML ¶ added in v0.5.0
type TranslatedString ¶
TranslatedString is a map of translated strings.
func NewTranslatedString ¶
func NewTranslatedString(attr *string) TranslatedString
NewTranslatedString returns a TranslatedString containing the specified string for each supported language, or nil when attr is nil.
func (*TranslatedString) MarshalXML ¶
func (ts *TranslatedString) MarshalXML(e *xml.Encoder, start xml.StartElement) error
MarshalXML implements xml.Marshaler.
func (*TranslatedString) UnmarshalXML ¶
func (ts *TranslatedString) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
UnmarshalXML unmarshals an XML tag containing a string translated to multiple languages, for example: <Foo><en>Hello world</en><nl>Hallo wereld</nl></Foo> into a TranslatedString: { "en": "Hello world" , "nl": "Hallo wereld" }
type UnknownIdentifierError ¶ added in v0.3.0
type UnknownIdentifierError struct { ErrorType Missing *IrmaIdentifierSet }
func (*UnknownIdentifierError) Error ¶ added in v0.3.0
func (e *UnknownIdentifierError) Error() string
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
internal
|
|
sessiontest
This package just contains tests.
|
This package just contains tests. |
test
Package test contains functionality that should be available to all unit tests (which live in separate packages).
|
Package test contains functionality that should be available to all unit tests (which live in separate packages). |
Package irmaclient implements an IRMA client, that can manage and use IRMA attributes.
|
Package irmaclient implements an IRMA client, that can manage and use IRMA attributes. |
irmac
Required to be main when building a shared library
|
Required to be main when building a shared library |
irmaserver
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
|
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e. |
requestorserver
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.
|
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e. |