irma

package module
v0.12.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2023 License: Apache-2.0 Imports: 58 Imported by: 22

README

irmago   GoDoc Go Report Card

irmago is an IRMA implementation in Go. It contains multiple libraries and applications:

  • The commandline tool irma, which contains an IRMA server; subcommands for manipulating IRMA schemes, generating IRMA issuer public/private keypairs, performing test IRMA sessions on the command line; and more.
  • The Go library irmaserver providing a HTTP server that handles IRMA session with the IRMA mobile app, and functions for starting and managing IRMA sessions.
  • The root package irma contains generic IRMA functionality used by all other components below, such as parsing IRMA schemes, parsing IRMA metadata attributes, and structs representing messages of the IRMA protocol.
  • The Go package irmaclient is a library that serves as the client in the IRMA protocol; it can receive and disclose IRMA attributes and store and read them from storage. It also implements the keyshare protocol and handles registering to keyshare servers. The IRMA mobile app uses irmaclient.

Documentation

Technical documentation of all components of irmago and more can be found at https://irma.app/docs.

Running

The easiest way to run the irma command line tool is using Docker.

docker-compose run irma

For example, to start a simple IRMA session:

IP=192.168.1.2 # Replace with your local IP address.
docker-compose run -p 48680:48680 irma session --disclose pbdf.sidn-pbdf.email.email --url "http://$IP:48680"

You can run the irma keyshare services locally using the test configuration in testdata/configurations.

# To run the IRMA keyshare server
docker-compose run -p 8080:8080 irma keyshare server -c ./testdata/configurations/keyshareserver.yml
# To run the MyIRMA backend server
docker-compose run -p 8081:8081 irma keyshare myirmaserver -c ./testdata/configurations/myirmaserver.yml

Installing

git clone https://github.com/privacybydesign/irmago

irmago and its subpackages use Go modules for their dependencies. The go command will automatically download dependencies when needed.

To install the irma command line tool:

go install ./irma

You can also include the irma command line tool in a Docker image, using a base image of your choice. The default base image is Debian's stable-slim.

docker build --build-arg BASE_IMAGE=alpine -t privacybydesign/irma:edge .

When you build for production, we recommend you to build the latest release. You should replace v0.0.0 with the latest version number.

docker build -t privacybydesign/irma https://github.com/privacybydesign/irmago.git#v0.0.0

In case you want to build v0.8.0 or lower, then you should do some extra steps. The Dockerfile was not part of the repository at that time.

VERSION=v0.8.0
git checkout $VERSION
git checkout master -- Dockerfile
docker build -t privacybydesign/irma:$VERSION .

Running the unit tests

Some of the unit tests connect to locally running external services, namely PostgreSQL and an SMTP server running at port 1025. These need to be up and running before these tests can be executed. This can either be done using docker-compose or by following the instructions below to install the services manually.

PostgreSQL
  • Install using e.g. brew install postgresql, or apt-get install postgresql, or via another package manager of your OS.

  • Prepare the database and user:

    create database test;
    create user testuser with encrypted password 'testpassword';
    grant all privileges on database test to testuser;
    

    This only needs to be done once. No table or rows need to be created; the unit tests do this themselves.

SMTP server

For the SMTP server you can use MailHog (see also their installation instructions):

  • Install using brew install mailhog or go get github.com/mailhog/MailHog.
  • Run using MailHog, or ~/go/bin/MailHog, depending on your setup.

For the unit tests it only matters that the SMTP server itself is running and accepts emails, but MailHog additionally comes with a webinterface showing incoming emails. By default this runs at http://localhost:8025.

Running the tests

In case you chose to start PostgreSQL and MailHog using docker-compose, you first need to start these services:

docker-compose up

When PostgreSQL and MailHog are running, the tests can be run using:

go test -p 1 ./...
  • The option ./... makes sure all tests are run. You can also limit the number of tests by only running the tests from a single directory or even from a single file, for example only running all tests in the directory ./internal/sessiontest. When you only want to execute one single test, for example the TestDisclosureSession test, you can do this by adding the option -run TestDisclosureSession.
  • The option -p 1 is necessary to prevent parallel execution of tests. Most tests use file manipulation and therefore tests can interfere.
Running without PostgreSQL, MailHog or Docker

If installing PostgreSQL, MailHog or Docker is not an option for you, then you can exclude all tests that use those by additionally passing --tags=local_tests:

go test -p 1 --tags=local_tests ./...
Running without Go

You can also run the tests fully in Docker using the command below. This is useful when you don't want to install the Go compiler locally. By default, all tests are run one-by-one without parallel execution.

docker-compose run test

You can override the default command by specifying command line options for go test manually, for example:

docker-compose run test ./internal/sessiontest -run TestDisclosureSession

We always enforce the -p 1 option to be used (as explained above).

Using a local Redis datastore

irmago can either store session states in memory (default) or in a Redis datastore. For local testing purposes you can use the standard Redis docker container:

docker pull redis
docker run --name redis-test-instance -p 6379:6379 -d redis

You can then start irma with the store-type flag set to Redis and the default configuration file.

irma server -vv --store-type redis --redis-addr "localhost:6379" --redis-allow-empty-password --redis-no-tls

Performance tests

This project only includes performance tests for the irma keyshare server. These tests can be run using the k6 load testing tool and need a running keyshare server instance to test against. Instructions on how to run a keyshare server locally can be found above.

The performance tests can be started in the following way:

go install go.k6.io/k6@latest
k6 run ./testdata/performance/keyshare-server.js --env URL=http://localhost:8080 --env ISSUER_ID=test.test

By default, k6 runs a single test iteration using 1 virtual user. These defaults can be adjusted by specifying test stages using the -s CLI parameter.

Contact

Request access to our IRMA slack channel by mailing to our support if you want to become part of the community. In our slack channels, the latest news on IRMA are shared and technical details get discussed.

For responsible disclosure mail to our responsible disclosure mailbox

Documentation

Overview

Package irma contains generic IRMA strucs and logic of use to all IRMA participants. It parses irma_configuration folders to scheme managers, issuers, credential types and public keys; it contains various messages from the IRMA protocol; it parses IRMA metadata attributes; and it contains attribute and credential verification logic.

Index

Constants

View Source
const (
	MinVersionHeader    = "X-IRMA-MinProtocolVersion"
	MaxVersionHeader    = "X-IRMA-MaxProtocolVersion"
	AuthorizationHeader = "Authorization"
)
View Source
const (
	ClientStatusConnected     = ClientStatus("connected")
	ClientStatusCommunicating = ClientStatus("communicating")
	ClientStatusManualStarted = ClientStatus("manualStarted")
)

Client statuses

View Source
const (
	ActionDisclosing = Action("disclosing")
	ActionSigning    = Action("signing")
	ActionIssuing    = Action("issuing")
	ActionRedirect   = Action("redirect")
	ActionRevoking   = Action("revoking")
	ActionUnknown    = Action("unknown")
)

Actions

View Source
const (
	// Protocol version not supported
	ErrorProtocolVersionNotSupported = ErrorType("protocolVersionNotSupported")
	// Error in HTTP communication
	ErrorTransport = ErrorType("transport")
	// HTTPS required
	ErrorHTTPS = ErrorType("https")
	// Invalid client JWT in first IRMA message
	ErrorInvalidJWT = ErrorType("invalidJwt")
	// Unknown session type (not disclosing, signing, or issuing)
	ErrorUnknownAction = ErrorType("unknownAction")
	// Crypto error during calculation of our response (second IRMA message)
	ErrorCrypto = ErrorType("crypto")
	// Error involving revocation or nonrevocation proofs
	ErrorRevocation = ErrorType("revocation")
	// Our pairing attempt was rejected by the server
	ErrorPairingRejected = ErrorType("pairingRejected")
	// Server rejected our response (second IRMA message)
	ErrorRejected = ErrorType("rejected")
	// (De)serializing of a message failed
	ErrorSerialization = ErrorType("serialization")
	// Error in keyshare protocol
	ErrorKeyshare = ErrorType("keyshare")
	// The user is not enrolled at one of the keyshare servers needed for the request
	ErrorKeyshareUnenrolled = ErrorType("keyshareUnenrolled")
	// API server error
	ErrorApi = ErrorType("api")
	// Server returned unexpected or malformed response
	ErrorServerResponse = ErrorType("serverResponse")
	// Credential type not present in our Configuration
	ErrorUnknownIdentifier = ErrorType("unknownIdentifier")
	// Non-optional attribute not present in credential
	ErrorRequiredAttributeMissing = ErrorType("requiredAttributeMissing")
	// Error during downloading of credential type, issuer, or public keys
	ErrorConfigurationDownload = ErrorType("configurationDownload")
	// IRMA requests refers to unknown scheme manager
	ErrorUnknownSchemeManager = ErrorType("unknownSchemeManager")
	// A session is requested involving a scheme manager that has some problem
	ErrorInvalidSchemeManager = ErrorType("invalidSchemeManager")
	// Invalid session request
	ErrorInvalidRequest = ErrorType("invalidRequest")
	// Recovered panic
	ErrorPanic = ErrorType("panic")
	// Error involving random blind attributes
	ErrorRandomBlind = ErrorType("randomblind")
)

Protocol errors

View Source
const (
	LDContextDisclosureRequest      = "https://irma.app/ld/request/disclosure/v2"
	LDContextSignatureRequest       = "https://irma.app/ld/request/signature/v2"
	LDContextIssuanceRequest        = "https://irma.app/ld/request/issuance/v2"
	LDContextRevocationRequest      = "https://irma.app/ld/request/revocation/v1"
	LDContextFrontendOptionsRequest = "https://irma.app/ld/request/frontendoptions/v1"
	LDContextClientSessionRequest   = "https://irma.app/ld/request/client/v1"
	LDContextSessionOptions         = "https://irma.app/ld/options/v1"
	DefaultJwtValidity              = 120
)
View Source
const (
	PairingMethodNone = "none"
	PairingMethodPin  = "pin"
)
View Source
const (
	SchemeManagerStatusValid               = SchemeManagerStatus("Valid")
	SchemeManagerStatusUnprocessed         = SchemeManagerStatus("Unprocessed")
	SchemeManagerStatusInvalidIndex        = SchemeManagerStatus("InvalidIndex")
	SchemeManagerStatusInvalidSignature    = SchemeManagerStatus("InvalidSignature")
	SchemeManagerStatusParsingError        = SchemeManagerStatus("ParsingError")
	SchemeManagerStatusContentParsingError = SchemeManagerStatus("ContentParsingError")

	SchemeTypeIssuer    = SchemeType("issuer")
	SchemeTypeRequestor = SchemeType("requestor")
)
View Source
const (
	ProofStatusValid             = ProofStatus("VALID")              // Proof is valid
	ProofStatusInvalid           = ProofStatus("INVALID")            // Proof is invalid
	ProofStatusInvalidTimestamp  = ProofStatus("INVALID_TIMESTAMP")  // Attribute-based signature had invalid timestamp
	ProofStatusUnmatchedRequest  = ProofStatus("UNMATCHED_REQUEST")  // Proof does not correspond to a specified request
	ProofStatusMissingAttributes = ProofStatus("MISSING_ATTRIBUTES") // Proof does not contain all requested attributes
	ProofStatusExpired           = ProofStatus("EXPIRED")            // Attributes were expired at proof creation time (now, or according to timestamp in case of abs)

	AttributeProofStatusPresent = AttributeProofStatus("PRESENT") // Attribute is disclosed and matches the value
	AttributeProofStatusExtra   = AttributeProofStatus("EXTRA")   // Attribute is disclosed, but wasn't requested in request
	AttributeProofStatusNull    = AttributeProofStatus("NULL")    // Attribute is disclosed but is null
)
View Source
const (
	// ExpiryFactor is the precision for the expiry attribute. Value is one week.
	ExpiryFactor = 60 * 60 * 24 * 7
)
View Source
const (
	KeyshareAuthMethodChallengeResponse = "pin_challengeresponse"
)
View Source
const LDContextSignedMessage = "https://irma.app/ld/signature/v2"
View Source
const Version = "0.12.6"

Version of the IRMA command line and libraries

Variables

View Source
var (
	ErrRevocationStateNotFound = errors.New("revocation state not found")
	ErrUnknownRevocationKey    = errors.New("unknown revocationKey")
	ErrorUnknownCredentialType = errors.New("unknown credential type")
)
View Source
var DefaultSchemes = [2]SchemePointer{
	{
		URL: "https://privacybydesign.foundation/schememanager/irma-demo",
		Publickey: []byte(`-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHVnmAY+kGkFZn7XXozdI4HY8GOjm
54ngh4chTfn6WsTCf2w5rprfIqML61z2VTE4k8yJ0Z1QbyW6cdaao8obTQ==
-----END PUBLIC KEY-----`),
	},
	{
		URL: "https://privacybydesign.foundation/schememanager/pbdf",
		Publickey: []byte(`-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELzHV5ipBimWpuZIDaQQd+KmNpNop
dpBeCqpDwf+Grrw9ReODb6nwlsPJ/c/gqLnc+Y3sKOAJ2bFGI+jHBSsglg==
-----END PUBLIC KEY-----`),
	},
}
View Source
var (
	ErrMissingPrivateKey = fmt.Errorf("issuer private key not found: %w", os.ErrNotExist)
)
View Source
var ErrMissingPublicKey = errors.New("Missing public key")
View Source
var HTTPHeaders = map[string]http.Header{}
View Source
var Logger *logrus.Logger

Logger is used for logging. If not set, init() will initialize it to logrus.StandardLogger().

View Source
var RevocationParameters = struct {
	// DefaultUpdateEventCount specifies how many revocation events are attached to session requests
	// for the client to update its revocation state.
	DefaultUpdateEventCount uint64

	// RequestorUpdateInterval is the time period in minutes for requestor servers
	// updating their revocation state at th RA.
	RequestorUpdateInterval int

	// DefaultTolerance is the default tolerance in seconds: nonrevocation should be proved
	// by clients up to maximally this amount of seconds ago at verification time. If not, the
	// server will report the time up until nonrevocation of the attribute is guaranteed to the requestor.
	DefaultTolerance uint64

	// If server mode is enabled for a credential type, then once every so many seconds
	// the timestamp in each accumulator is updated to now.
	AccumulatorUpdateInterval int

	// DELETE issuance records of expired credential every so many minutes
	DeleteIssuanceRecordsInterval int

	// ClientUpdateInterval is the time interval with which the irmaclient periodically
	// retrieves a revocation update from the RA and updates its revocation state with a small but
	// increasing probability.
	ClientUpdateInterval int

	// ClientDefaultUpdateSpeed is the amount of time in hours after which it becomes very likely
	// that the app will update its witness, quickly after it has been opened.
	ClientDefaultUpdateSpeed uint64

	// ClientUpdateTimeout is the amount of time in milliseconds that the irmaclient waits
	// for nonrevocation witness updating to complete, before it continues with the session even
	// if updating is not yet done (in which case the candidate set computed by the client
	// may contain credentials that were revoked by one of the requestor's update messages).
	ClientUpdateTimeout uint64

	// Cache-control: max-age HTTP return header (in seconds)
	EventsCacheMaxAge uint64

	UpdateMinCount      uint64
	UpdateMaxCount      uint64
	UpdateMinCountPower int
	UpdateMaxCountPower int
}{
	RequestorUpdateInterval:       10,
	DefaultTolerance:              10 * 60,
	AccumulatorUpdateInterval:     60,
	DeleteIssuanceRecordsInterval: 5 * 60,
	ClientUpdateInterval:          10,
	ClientDefaultUpdateSpeed:      7 * 24,
	ClientUpdateTimeout:           1000,
	UpdateMinCountPower:           4,
	UpdateMaxCountPower:           9,
	EventsCacheMaxAge:             60 * 60,
}

RevocationParameters contains global revocation constants and default values.

Functions

func ASN1ConvertSignatureNonce

func ASN1ConvertSignatureNonce(message string, nonce *big.Int, timestamp *atum.Timestamp) *big.Int

ASN1ConvertSignatureNonce computes the nonce that is used in the creation of the attribute-based signature:

nonce = SHA256(serverNonce, SHA256(message), timestampSignature)

where serverNonce is the nonce sent by the signature requestor.

func DefaultDataPath added in v0.5.0

func DefaultDataPath() string

DefaultDataPath returns the default storage path for IRMA, using XDG Base Directory Specification https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html:

  • %LOCALAPPDATA% (i.e. C:\Users\$user\AppData\Local) if on Windows,
  • $XDG_DATA_HOME if set, otherwise $HOME/.local/share
  • $XDG_DATA_DIRS if set, otherwise /usr/local/share/ and /usr/share/
  • then the OSes temp dir (os.TempDir()),

returning the first of these that exists or can be created.

func DefaultSchemesPath added in v0.5.0

func DefaultSchemesPath() string

DefaultSchemesPath returns the default storage path for irma_configuration, namely DefaultDataPath + "/irma_configuration"

func FloorToEpochBoundary

func FloorToEpochBoundary(t time.Time) time.Time

FloorToEpochBoundary returns the greatest time not greater than the argument that falls on the boundary of an epoch for attribute validity or expiry, of which the value is defined by ExpiryFactor (one week).

func GetMetadataVersion

func GetMetadataVersion(v *ProtocolVersion) byte

GetMetadataVersion maps a chosen protocol version to a metadata version that the server will use.

func GetTimestamp

func GetTimestamp(message string, sigs []*big.Int, disclosed [][]*big.Int, conf *Configuration) (*atum.Timestamp, error)

GetTimestamp GETs a signed timestamp (a signature over the current time and the parameters) over the message to be signed, the randomized signatures over the attributes, and the disclosed attributes, for in attribute-based signature sessions.

func MarshalBinary added in v0.5.0

func MarshalBinary(message interface{}) ([]byte, error)

func ParseApiServerJwt

func ParseApiServerJwt(inputJwt string, signingKey *rsa.PublicKey) (map[AttributeTypeIdentifier]*DisclosedAttribute, error)

ParseApiServerJwt verifies and parses a JWT as returned by an irma_api_server after a disclosure request into a key-value pair.

func SetLogger added in v0.5.0

func SetLogger(logger *logrus.Logger)

func SetTLSClientConfig added in v0.9.0

func SetTLSClientConfig(config *tls.Config)

SetTLSClientConfig sets the TLS configuration being used for future outbound connections. A TLS configuration instance should not be modified after being set.

func SignRequestorRequest

func SignRequestorRequest(request RequestorRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)

func SignSessionRequest

func SignSessionRequest(request SessionRequest, alg jwt.SigningMethod, key interface{}, name string) (string, error)

func TimestampRequest

func TimestampRequest(message string, sigs []*big.Int, disclosed [][]*big.Int, new bool, conf *Configuration) (
	[]byte, string, error)

TimestampRequest computes the nonce to be signed by a timestamp server, given a message to be signed in an attribute-based signature session along with the randomized signatures over the attributes and the disclosed attributes. The url of the timestamp server that should be used to validate the request is returned as the second return value.

func UnmarshalBinary added in v0.5.0

func UnmarshalBinary(data []byte, dst interface{}) error

func UnmarshalValidate

func UnmarshalValidate(data []byte, dest interface{}) error

UnmarshalValidate json.Unmarshal's data, and validates it using the Validate() method if dest implements the Validator interface.

func UnmarshalValidateBinary added in v0.5.0

func UnmarshalValidateBinary(data []byte, dest interface{}) error

func WaitStatus added in v0.8.0

func WaitStatus(transport *HTTPTransport, initialStatus ServerStatus, statuschan chan ServerStatus, errorchan chan error)

func WaitStatusChanged added in v0.8.0

func WaitStatusChanged(transport *HTTPTransport, initialStatus ServerStatus, statuschan chan ServerStatus, errorchan chan error)

Types

type AccumulatorRecord added in v0.5.0

type AccumulatorRecord struct {
	CredType  CredentialTypeIdentifier `gorm:"primary_key"`
	Data      signedMessage
	PKCounter *uint `gorm:"primary_key;auto_increment:false"`
}

Structs corresponding to SQL table rows, ending in Record

func (*AccumulatorRecord) Convert added in v0.5.0

func (*AccumulatorRecord) SignedAccumulator added in v0.5.0

func (a *AccumulatorRecord) SignedAccumulator() *revocation.SignedAccumulator

type Action

type Action string

Action encodes the session type of an IRMA session (e.g., disclosing).

type AttributeCon added in v0.3.0

type AttributeCon []AttributeRequest

An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.

func (AttributeCon) CredentialTypes added in v0.3.0

func (c AttributeCon) CredentialTypes() []CredentialTypeIdentifier

CredentialTypes returns an array of all credential types occurring in this conjunction.

func (AttributeCon) Satisfy added in v0.3.0

func (c AttributeCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, revocation map[int]*time.Time, conf *Configuration) (bool, []*DisclosedAttribute, error)

Satisfy returns if each of the attributes specified by proofs and indices satisfies each of the contained AttributeRequests's. If so it also returns a list of the disclosed attribute values.

func (AttributeCon) Validate added in v0.3.0

func (c AttributeCon) Validate() error

type AttributeConDisCon added in v0.3.0

type AttributeConDisCon []AttributeDisCon

AttributeConDisCon is only satisfied if all of the containing AttributeDisCon are satisfied.

func (AttributeConDisCon) Iterate added in v0.3.0

func (cdc AttributeConDisCon) Iterate(f func(attr *AttributeRequest) error) error

func (AttributeConDisCon) Satisfy added in v0.3.0

func (cdc AttributeConDisCon) Satisfy(disclosure *Disclosure, revocation map[int]*time.Time, conf *Configuration) (bool, [][]*DisclosedAttribute, error)

Satisfy returns true if each of the contained AttributeDisCon is satisfied by the specified disclosure. If so it also returns the disclosed attributes.

func (AttributeConDisCon) Validate added in v0.3.0

func (cdc AttributeConDisCon) Validate(conf *Configuration) error

type AttributeDisCon added in v0.3.0

type AttributeDisCon []AttributeCon

An AttributeDisCon is satisfied if at least one of its containing AttributeCon is satisfied.

func (AttributeDisCon) Satisfy added in v0.3.0

func (dc AttributeDisCon) Satisfy(proofs gabi.ProofList, indices []*DisclosedAttributeIndex, revocation map[int]*time.Time, conf *Configuration) (bool, []*DisclosedAttribute, error)

Satisfy returns true if the attributes specified by proofs and indices satisfies any one of the contained AttributeCon's. If so it also returns a list of the disclosed attribute values.

func (AttributeDisCon) Validate added in v0.3.0

func (dc AttributeDisCon) Validate() error

type AttributeIdentifier

type AttributeIdentifier struct {
	Type           AttributeTypeIdentifier
	CredentialHash string
}

AttributeIdentifier identifies an attribute instance.

func (*AttributeIdentifier) CredentialIdentifier

func (ai *AttributeIdentifier) CredentialIdentifier() CredentialIdentifier

CredentialIdentifier returns the credential identifier of this attribute.

type AttributeList

type AttributeList struct {
	*MetadataAttribute  `json:"-"`
	Ints                []*big.Int
	Revoked             bool `json:",omitempty"`
	RevocationSupported bool `json:",omitempty"`
	// contains filtered or unexported fields
}

AttributeList contains attributes, excluding the secret key, providing convenient access to the metadata attribute.

func NewAttributeListFromInts

func NewAttributeListFromInts(ints []*big.Int, conf *Configuration) *AttributeList

NewAttributeListFromInts initializes a new AttributeList from a list of bigints.

func (*AttributeList) Attribute

func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) TranslatedString

Attribute returns the content of the specified attribute, or nil if not present in this attribute list.

func (*AttributeList) CredentialInfo added in v0.5.0

func (attrs *AttributeList) CredentialInfo() *CredentialInfo

func (*AttributeList) EqualsExceptMetadata added in v0.5.0

func (al *AttributeList) EqualsExceptMetadata(ol *AttributeList) bool

EqualsExceptMetadata checks whether two AttributeLists have the same attribute values. The attribute containing the metadata information is skipped in this check.

func (*AttributeList) Hash

func (al *AttributeList) Hash() string

func (*AttributeList) Info

func (al *AttributeList) Info() *CredentialInfo

func (*AttributeList) Map

func (*AttributeList) Strings

func (al *AttributeList) Strings() []TranslatedString

Strings converts the current instance to human-readable strings.

func (*AttributeList) UntranslatedAttribute

func (al *AttributeList) UntranslatedAttribute(identifier AttributeTypeIdentifier) *string

UntranslatedAttribute decodes the bigint corresponding to the specified attribute.

type AttributeProofStatus

type AttributeProofStatus string

Status is the proof status of a single attribute

type AttributeRequest added in v0.3.0

type AttributeRequest struct {
	Type    AttributeTypeIdentifier `json:"type"`
	Value   *string                 `json:"value,omitempty"`
	NotNull bool                    `json:"notNull,omitempty"`
}

An AttributeRequest asks for an instance of an attribute type, possibly requiring it to have a specified value, in a session request.

func NewAttributeRequest added in v0.3.0

func NewAttributeRequest(attr string) AttributeRequest

NewAttributeRequest requests the specified attribute.

func (*AttributeRequest) MarshalJSON added in v0.3.0

func (ar *AttributeRequest) MarshalJSON() ([]byte, error)

func (*AttributeRequest) Satisfy added in v0.3.0

func (ar *AttributeRequest) Satisfy(attr AttributeTypeIdentifier, val *string) bool

Satisfy indicates whether the given attribute type and value satisfies this AttributeRequest.

func (*AttributeRequest) UnmarshalJSON added in v0.3.0

func (ar *AttributeRequest) UnmarshalJSON(bts []byte) error

type AttributeType

type AttributeType struct {
	ID          string `xml:"id,attr"`
	Optional    string `xml:"optional,attr"  json:",omitempty"`
	Name        TranslatedString
	Description TranslatedString

	RandomBlind bool `xml:"randomblind,attr,optional" json:",omitempty"`

	Index        int    `xml:"-"`
	DisplayIndex *int   `xml:"displayIndex,attr" json:",omitempty"`
	DisplayHint  string `xml:"displayHint,attr"  json:",omitempty"`

	RevocationAttribute bool `xml:"revocation,attr" json:",omitempty"`

	// Taken from containing CredentialType
	CredentialTypeID string `xml:"-"`
	IssuerID         string `xml:"-"`
	SchemeManagerID  string `xml:"-"`
}

AttributeType is a description of an attribute within a credential type.

func (AttributeType) GetAttributeTypeIdentifier

func (ad AttributeType) GetAttributeTypeIdentifier() AttributeTypeIdentifier

func (AttributeType) IsOptional

func (ad AttributeType) IsOptional() bool

type AttributeTypeIdentifier

type AttributeTypeIdentifier struct {
	// contains filtered or unexported fields
}

AttributeTypeIdentifier identifies an attribute. For example "irma-demo.RU.studentCard.studentID".

func NewAttributeTypeIdentifier

func NewAttributeTypeIdentifier(id string) AttributeTypeIdentifier

NewAttributeTypeIdentifier converts the specified identifier to a AttributeTypeIdentifier.

func (AttributeTypeIdentifier) CredentialTypeIdentifier

func (id AttributeTypeIdentifier) CredentialTypeIdentifier() CredentialTypeIdentifier

CredentialTypeIdentifier returns the CredentialTypeIdentifier of the attribute identifier.

func (AttributeTypeIdentifier) Empty

func (oi AttributeTypeIdentifier) Empty() bool

func (AttributeTypeIdentifier) GormDataType added in v0.5.0

func (AttributeTypeIdentifier) GormDataType(dialect gorm.Dialect) string

func (AttributeTypeIdentifier) IsCredential

func (id AttributeTypeIdentifier) IsCredential() bool

IsCredential returns true if this attribute refers to its containing credential (i.e., it consists of only 3 parts).

func (AttributeTypeIdentifier) MarshalCBOR added in v0.5.0

func (oi AttributeTypeIdentifier) MarshalCBOR() (data []byte, err error)

func (AttributeTypeIdentifier) MarshalText

func (id AttributeTypeIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (AttributeTypeIdentifier) Name

func (oi AttributeTypeIdentifier) Name() string

Name returns the last part of this identifier.

func (AttributeTypeIdentifier) Parent

func (oi AttributeTypeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (AttributeTypeIdentifier) PartsCount added in v0.9.0

func (io AttributeTypeIdentifier) PartsCount() int

func (AttributeTypeIdentifier) Root

func (oi AttributeTypeIdentifier) Root() string

func (*AttributeTypeIdentifier) Scan added in v0.5.0

func (oi *AttributeTypeIdentifier) Scan(src interface{}) error

func (AttributeTypeIdentifier) String

func (oi AttributeTypeIdentifier) String() string

String returns this identifier as a string.

func (*AttributeTypeIdentifier) UnmarshalCBOR added in v0.5.0

func (oi *AttributeTypeIdentifier) UnmarshalCBOR(data []byte) error

func (*AttributeTypeIdentifier) UnmarshalText

func (id *AttributeTypeIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (AttributeTypeIdentifier) Value added in v0.5.0

func (oi AttributeTypeIdentifier) Value() (driver.Value, error)

type BaseRequest

type BaseRequest struct {
	LDContext string `json:"@context,omitempty"`

	// Set by the IRMA server during the session
	Context         *big.Int         `json:"context,omitempty"`
	Nonce           *big.Int         `json:"nonce,omitempty"`
	ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"`

	// Revocation is set by the requestor to indicate that it requires nonrevocation proofs for the
	// specified credential types.
	Revocation NonRevocationParameters `json:"revocation,omitempty"`

	Type            Action `json:"type,omitempty"` // Session type, only used in legacy code
	DevelopmentMode bool   `json:"devMode,omitempty"`

	ClientReturnURL  string `json:"clientReturnUrl,omitempty"`  // URL to proceed to when IRMA session is completed
	AugmentReturnURL bool   `json:"augmentReturnUrl,omitempty"` // Whether to augment the return url with the server session token
	// contains filtered or unexported fields
}

BaseRequest contains information used by all IRMA session types, such the context and nonce, and revocation information.

func (*BaseRequest) GetContext added in v0.3.0

func (b *BaseRequest) GetContext() *big.Int

func (*BaseRequest) GetNonce added in v0.3.0

func (b *BaseRequest) GetNonce(*atum.Timestamp) *big.Int

func (*BaseRequest) Legacy added in v0.3.0

func (b *BaseRequest) Legacy() bool

func (*BaseRequest) RequestsRevocation added in v0.5.0

func (b *BaseRequest) RequestsRevocation(id CredentialTypeIdentifier) bool

RequestsRevocation indicates whether or not the requestor requires a nonrevocation proof for the given credential type; that is, whether or not it included revocation update messages.

func (*BaseRequest) RevocationSupported added in v0.5.0

func (b *BaseRequest) RevocationSupported() bool

func (*BaseRequest) Validate added in v0.5.0

func (b *BaseRequest) Validate(conf *Configuration) error

type ClientAuthorization added in v0.8.0

type ClientAuthorization string

Authorization headers

type ClientSessionRequest added in v0.8.0

type ClientSessionRequest struct {
	LDContext       string           `json:"@context,omitempty"`
	ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"`
	Options         *SessionOptions  `json:"options,omitempty"`
	Request         SessionRequest   `json:"request,omitempty"`
}

ClientSessionRequest contains all information irmaclient needs to know to initiate a session.

func (*ClientSessionRequest) UnmarshalJSON added in v0.8.0

func (cr *ClientSessionRequest) UnmarshalJSON(data []byte) error

func (*ClientSessionRequest) Validate added in v0.8.0

func (cr *ClientSessionRequest) Validate() error

type ClientStatus added in v0.8.0

type ClientStatus string

ClientStatus encodes the client status of an IRMA session (e.g., connected).

type ClientToken added in v0.8.0

type ClientToken string

func ParseClientToken added in v0.9.0

func ParseClientToken(input string) (ClientToken, error)

ParseClientToken parses a string to a ClientToken after validating the input.

type Configuration

type Configuration struct {
	SchemeManagers  map[SchemeManagerIdentifier]*SchemeManager
	Issuers         map[IssuerIdentifier]*Issuer
	CredentialTypes map[CredentialTypeIdentifier]*CredentialType
	AttributeTypes  map[AttributeTypeIdentifier]*AttributeType

	// RequestorScheme data of the currently loaded requestorscheme
	RequestorSchemes map[RequestorSchemeIdentifier]*RequestorScheme
	Requestors       map[string]*RequestorInfo

	IssueWizards map[IssueWizardIdentifier]*IssueWizard

	// DisabledRequestorSchemes keeps track of any error of the requestorscheme if it
	// did not parse successfully
	DisabledRequestorSchemes map[RequestorSchemeIdentifier]*SchemeManagerError
	// DisabledSchemeManagers keeps track of schemes that did not parse successfully
	// (i.e., invalid signature, parsing error), and the problem that occurred when parsing them
	DisabledSchemeManagers map[SchemeManagerIdentifier]*SchemeManagerError

	// Listeners for configuration changes from initialization and updating of the schemes
	UpdateListeners []ConfigurationListener

	// Path to the irma_configuration folder that this instance represents
	Path        string
	PrivateKeys PrivateKeyRing
	Revocation  *RevocationStorage `json:"-"`
	Scheduler   *gocron.Scheduler
	Warnings    []string `json:"-"`
	// contains filtered or unexported fields
}

Configuration keeps track of schemes, issuers, credential types and public keys, dezerializing them from an irma_configuration folder, and downloads and saves new ones on demand.

func NewConfiguration

func NewConfiguration(path string, opts ConfigurationOptions) (conf *Configuration, err error)

NewConfiguration returns a new configuration. After this ParseFolder() should be called to parse the specified path.

func (*Configuration) AddPrivateKeyRing added in v0.5.0

func (conf *Configuration) AddPrivateKeyRing(ring PrivateKeyRing) error

func (*Configuration) AutoUpdateSchemes

func (conf *Configuration) AutoUpdateSchemes(interval int) error

func (*Configuration) CallListeners added in v0.8.0

func (conf *Configuration) CallListeners()

func (*Configuration) ContainsAttributeType added in v0.3.0

func (conf *Configuration) ContainsAttributeType(attr AttributeTypeIdentifier) bool

func (*Configuration) ContainsCredentialType added in v0.3.0

func (conf *Configuration) ContainsCredentialType(cred CredentialTypeIdentifier) bool

ContainsCredentialType checks if the configuration contains the specified credential type.

func (*Configuration) DangerousDeleteScheme added in v0.11.0

func (conf *Configuration) DangerousDeleteScheme(scheme Scheme) error

DangerousDeleteScheme deletes the given scheme from the configuration. Be aware: this action is dangerous when the scheme is still in use.

func (*Configuration) DangerousTOFUInstallScheme added in v0.6.0

func (conf *Configuration) DangerousTOFUInstallScheme(url string) error

DangerousTOFUInstallScheme downloads and adds the specified scheme to this Configuration, downloading and trusting its public key from the scheme's remote URL. Limitation: when this function is stopped unexpectedly (i.e. a panic or a sigint takes place), the scheme directory might get in an inconsistent state.

func (*Configuration) Download

func (conf *Configuration) Download(session SessionRequest) (downloaded *IrmaIdentifierSet, err error)

Download downloads the issuers, credential types and public keys specified in set if the current Configuration does not already have them, and checks their authenticity using the scheme index.

func (*Configuration) DownloadDefaultSchemes

func (conf *Configuration) DownloadDefaultSchemes() error

DownloadDefaultSchemes downloads and adds the default schemes to this Configuration. When an error occurs, this function will revert its changes. Limitation: when this function is stopped unexpectedly (i.e. a panic or a sigint takes place), the scheme directory might get in an inconsistent state.

func (*Configuration) InstallScheme added in v0.6.0

func (conf *Configuration) InstallScheme(url string, publickey []byte) error

InstallScheme downloads and adds the specified scheme to this Configuration, provided its signature is valid against the specified key. When an error occurs, this function will revert its changes. Limitation: when this function is stopped unexpectedly (i.e. a panic or a sigint takes place), the scheme directory might get in an inconsistent state.

func (*Configuration) IsInitialized

func (conf *Configuration) IsInitialized() bool

IsInitialized indicates whether this instance has successfully been initialized.

func (*Configuration) KeyshareServerKeyFunc

func (conf *Configuration) KeyshareServerKeyFunc(scheme SchemeManagerIdentifier) func(t *jwt.Token) (interface{}, error)

KeyshareServerKeyFunc returns a function that returns the public key with which to verify a keyshare server JWT, suitable for passing to jwt.Parse() and jwt.ParseWithClaims().

func (*Configuration) KeyshareServerPublicKey

func (conf *Configuration) KeyshareServerPublicKey(schemeid SchemeManagerIdentifier, i int) (*rsa.PublicKey, error)

KeyshareServerPublicKey returns the i'th public key of the specified scheme.

func (*Configuration) ParseFolder

func (conf *Configuration) ParseFolder() (err error)

ParseFolder populates the current Configuration by parsing the storage path, listing the containing schemes, issuers and credential types.

func (*Configuration) ParseOrRestoreFolder

func (conf *Configuration) ParseOrRestoreFolder() (rerr error)

ParseOrRestoreFolder parses the irma_configuration folder, and when possible attempts to restore any broken schemes from their remote. Any error encountered during parsing is considered recoverable only if it is of type *SchemeManagerError; In this case the scheme in which it occurred is downloaded from its remote and re-parsed. If any other error is encountered at any time, it is returned immediately. If no error is returned, parsing and possibly restoring has been succesfull, and there should be no disabled schemes.

func (*Configuration) ParseSchemeFolder added in v0.6.0

func (conf *Configuration) ParseSchemeFolder(dir string) (scheme Scheme, serr error)

func (*Configuration) PublicKey

func (conf *Configuration) PublicKey(id IssuerIdentifier, counter uint) (*gabikeys.PublicKey, error)

PublicKey returns the specified public key, or nil if not present in the Configuration.

func (*Configuration) PublicKeyIndices

func (conf *Configuration) PublicKeyIndices(issuerid IssuerIdentifier) (i []uint, err error)

func (*Configuration) PublicKeyLatest added in v0.5.0

func (conf *Configuration) PublicKeyLatest(id IssuerIdentifier) (*gabikeys.PublicKey, error)

PublicKeyLatest returns the latest private key of the specified issuer.

func (*Configuration) UpdateScheme added in v0.6.0

func (conf *Configuration) UpdateScheme(scheme Scheme, downloaded *IrmaIdentifierSet) error

UpdateScheme syncs the stored version within the irma_configuration directory with the remote version at the scheme's URL, downloading and storing new and modified files, according to the index files of both versions. It stores the identifiers of new or updated entities in the second parameter.

func (*Configuration) UpdateSchemes added in v0.3.0

func (conf *Configuration) UpdateSchemes() error

func (*Configuration) ValidateKeys added in v0.3.0

func (conf *Configuration) ValidateKeys() error

type ConfigurationListener added in v0.8.0

type ConfigurationListener func(conf *Configuration)

ConfigurationListeners are the interface provided to react to changes in schemes.

type ConfigurationOptions added in v0.5.0

type ConfigurationOptions struct {
	Assets              string
	ReadOnly            bool
	IgnorePrivateKeys   bool
	RevocationDBConnStr string
	RevocationDBType    string
	RevocationSettings  RevocationSettings
}

type CredentialDependencies added in v0.8.0

type CredentialDependencies [][][]CredentialTypeIdentifier

CredentialDependencies contains dependencies on credential types, using condiscon: a conjunction of disjunctions of conjunctions of credential types.

func (*CredentialDependencies) UnmarshalXML added in v0.8.0

func (deps *CredentialDependencies) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

func (CredentialDependencies) WizardContents added in v0.8.0

func (deps CredentialDependencies) WizardContents() IssueWizardContents

type CredentialIdentifier

type CredentialIdentifier struct {
	Type CredentialTypeIdentifier
	Hash string
}

CredentialIdentifier identifies a credential instance.

type CredentialInfo

type CredentialInfo struct {
	ID                  string                                       // e.g., "studentCard"
	IssuerID            string                                       // e.g., "RU"
	SchemeManagerID     string                                       // e.g., "irma-demo"
	SignedOn            Timestamp                                    // Unix timestamp
	Expires             Timestamp                                    // Unix timestamp
	Attributes          map[AttributeTypeIdentifier]TranslatedString // Human-readable rendered attributes
	Hash                string                                       // SHA256 hash over the attributes
	Revoked             bool                                         // If the credential has been revoked
	RevocationSupported bool                                         // If the credential supports creating nonrevocation proofs
}

CredentialInfo contains all information of an IRMA credential.

func (CredentialInfo) GetCredentialType

func (ci CredentialInfo) GetCredentialType(conf *Configuration) *CredentialType

func (CredentialInfo) Identifier added in v0.8.0

func (ci CredentialInfo) Identifier() CredentialTypeIdentifier

func (CredentialInfo) IsExpired

func (ci CredentialInfo) IsExpired() bool

Returns true if credential is expired at moment of calling this function

type CredentialInfoList

type CredentialInfoList []*CredentialInfo

A CredentialInfoList is a list of credentials (implements sort.Interface).

func (CredentialInfoList) Len

func (cl CredentialInfoList) Len() int

Len implements sort.Interface.

func (CredentialInfoList) Less

func (cl CredentialInfoList) Less(i, j int) bool

Less implements sort.Interface.

func (CredentialInfoList) Swap

func (cl CredentialInfoList) Swap(i, j int)

Swap implements sort.Interface.

type CredentialRequest

type CredentialRequest struct {
	Validity                    *Timestamp               `json:"validity,omitempty"`
	KeyCounter                  uint                     `json:"keyCounter,omitempty"`
	CredentialTypeID            CredentialTypeIdentifier `json:"credential"`
	Attributes                  map[string]string        `json:"attributes"`
	RevocationKey               string                   `json:"revocationKey,omitempty"`
	RevocationSupported         bool                     `json:"revocationSupported,omitempty"`
	RandomBlindAttributeTypeIDs []string                 `json:"randomblindIDs,omitempty"`
}

A CredentialRequest contains the attributes and metadata of a credential that will be issued in an IssuanceRequest.

func (*CredentialRequest) AttributeList

func (cr *CredentialRequest) AttributeList(
	conf *Configuration,
	metadataVersion byte,
	revocationAttr *big.Int,
	issuedAt time.Time,
) (*AttributeList, error)

AttributeList returns the list of attributes from this credential request.

func (*CredentialRequest) Info

func (cr *CredentialRequest) Info(conf *Configuration, metadataVersion byte, issuedAt time.Time) (*CredentialInfo, error)

func (*CredentialRequest) Validate

func (cr *CredentialRequest) Validate(conf *Configuration) error

Validate checks that this credential request is consistent with the specified Configuration: the credential type is known, all required attributes are present and no unknown attributes are given.

type CredentialType

type CredentialType struct {
	ID                    string           `xml:"CredentialID"`
	Name                  TranslatedString `xml:"Name"`
	IssuerID              string           `xml:"IssuerID"`
	SchemeManagerID       string           `xml:"SchemeManager"`
	IsSingleton           bool             `xml:"ShouldBeSingleton"`
	DisallowDelete        bool             `xml:"DisallowDelete"`
	Description           TranslatedString
	AttributeTypes        []*AttributeType `xml:"Attributes>Attribute" json:"-"`
	RevocationServers     []string         `xml:"RevocationServers>RevocationServer"`
	RevocationUpdateCount uint64
	RevocationUpdateSpeed uint64
	RevocationIndex       int      `xml:"-"`
	Languages             []string `xml:"Languages>Language"`
	XMLVersion            int      `xml:"version,attr"`
	XMLName               xml.Name `xml:"IssueSpecification"`

	IssueURL     *TranslatedString `xml:"IssueURL"`
	IsULIssueURL bool              `xml:"IsULIssueURL"`

	DeprecatedSince Timestamp

	Dependencies CredentialDependencies

	ForegroundColor         string
	BackgroundGradientStart string
	BackgroundGradientEnd   string

	IsInCredentialStore bool
	Category            *TranslatedString
	FAQIntro            *TranslatedString
	FAQPurpose          *TranslatedString
	FAQContent          *TranslatedString
	FAQHowto            *TranslatedString
	FAQSummary          *TranslatedString
}

CredentialType is a description of a credential type, specifying (a.o.) its name, issuer, and attributes.

func (CredentialType) AttributeType

func (*CredentialType) ContainsAttribute

func (ct *CredentialType) ContainsAttribute(ai AttributeTypeIdentifier) bool

ContainsAttribute tests whether the specified attribute is contained in this credentialtype.

func (*CredentialType) Identifier

func (ct *CredentialType) Identifier() CredentialTypeIdentifier

Identifier returns the identifier of the specified credential type.

func (CredentialType) IndexOf

func (ct CredentialType) IndexOf(ai AttributeTypeIdentifier) (int, error)

IndexOf returns the index of the specified attribute if present, or an error (and -1) if not present.

func (*CredentialType) IssuerIdentifier

func (ct *CredentialType) IssuerIdentifier() IssuerIdentifier

IssuerIdentifier returns the issuer identifier of the specified credential type.

func (ct *CredentialType) Logo(conf *Configuration) string

func (*CredentialType) RandomBlindAttributeIndices added in v0.6.0

func (ct *CredentialType) RandomBlindAttributeIndices() []int

Returns indices of random blind attributes within this credentialtype The indices coincide with indices of an AttributeList (metadataAttribute at index 0)

func (*CredentialType) RandomBlindAttributeNames added in v0.6.0

func (ct *CredentialType) RandomBlindAttributeNames() []string

func (*CredentialType) RevocationSupported added in v0.5.0

func (ct *CredentialType) RevocationSupported() bool

func (*CredentialType) SchemeManagerIdentifier

func (ct *CredentialType) SchemeManagerIdentifier() SchemeManagerIdentifier

type CredentialTypeIdentifier

type CredentialTypeIdentifier struct {
	// contains filtered or unexported fields
}

CredentialTypeIdentifier identifies a credentialtype. For example "irma-demo.RU.studentCard".

func NewCredentialTypeIdentifier

func NewCredentialTypeIdentifier(id string) CredentialTypeIdentifier

NewCredentialTypeIdentifier converts the specified identifier to a CredentialTypeIdentifier.

func (CredentialTypeIdentifier) Empty

func (oi CredentialTypeIdentifier) Empty() bool

func (CredentialTypeIdentifier) GormDataType added in v0.5.0

func (CredentialTypeIdentifier) GormDataType(dialect gorm.Dialect) string

func (CredentialTypeIdentifier) IssuerIdentifier

func (id CredentialTypeIdentifier) IssuerIdentifier() IssuerIdentifier

IssuerIdentifier returns the IssuerIdentifier of the credential identifier.

func (CredentialTypeIdentifier) MarshalCBOR added in v0.5.0

func (oi CredentialTypeIdentifier) MarshalCBOR() (data []byte, err error)

func (CredentialTypeIdentifier) MarshalText

func (id CredentialTypeIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (CredentialTypeIdentifier) Name

func (oi CredentialTypeIdentifier) Name() string

Name returns the last part of this identifier.

func (CredentialTypeIdentifier) Parent

func (oi CredentialTypeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (CredentialTypeIdentifier) PartsCount added in v0.9.0

func (io CredentialTypeIdentifier) PartsCount() int

func (CredentialTypeIdentifier) Root

func (oi CredentialTypeIdentifier) Root() string

func (*CredentialTypeIdentifier) Scan added in v0.5.0

func (oi *CredentialTypeIdentifier) Scan(src interface{}) error

func (CredentialTypeIdentifier) SchemeManagerIdentifier added in v0.8.0

func (id CredentialTypeIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier

func (CredentialTypeIdentifier) String

func (oi CredentialTypeIdentifier) String() string

String returns this identifier as a string.

func (*CredentialTypeIdentifier) UnmarshalCBOR added in v0.5.0

func (oi *CredentialTypeIdentifier) UnmarshalCBOR(data []byte) error

func (*CredentialTypeIdentifier) UnmarshalText

func (id *CredentialTypeIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (CredentialTypeIdentifier) Value added in v0.5.0

func (oi CredentialTypeIdentifier) Value() (driver.Value, error)

type DependencyChain added in v0.8.0

type DependencyChain []CredentialTypeIdentifier

func (DependencyChain) String added in v0.8.0

func (d DependencyChain) String() string

type DisclosedAttribute

type DisclosedAttribute struct {
	RawValue         *string                 `json:"rawvalue"`
	Value            TranslatedString        `json:"value"` // Value of the disclosed attribute
	Identifier       AttributeTypeIdentifier `json:"id"`
	Status           AttributeProofStatus    `json:"status"`
	IssuanceTime     Timestamp               `json:"issuancetime"`
	NotRevoked       bool                    `json:"notrevoked,omitempty"`
	NotRevokedBefore *Timestamp              `json:"notrevokedbefore,omitempty"`
}

DisclosedAttribute represents a disclosed attribute.

type DisclosedAttributeIndex

type DisclosedAttributeIndex struct {
	CredentialIndex int                  `json:"cred"`
	AttributeIndex  int                  `json:"attr"`
	Identifier      CredentialIdentifier `json:"-"` // credential from which this attribute was disclosed
}

DisclosedAttributeIndex points to a specific attribute in a gabi.ProofList.

type DisclosedAttributeIndices

type DisclosedAttributeIndices [][]*DisclosedAttributeIndex

DisclosedAttributeIndices contains, for each conjunction of an attribute disclosure request, a list of attribute indices, pointing to where the disclosed attributes for that conjunction can be found within a gabi.ProofList.

type Disclosure

type Disclosure struct {
	Proofs  gabi.ProofList            `json:"proofs"`
	Indices DisclosedAttributeIndices `json:"indices"`
}

func (*Disclosure) DisclosedAttributes

func (d *Disclosure) DisclosedAttributes(configuration *Configuration, condiscon AttributeConDisCon, revtimes map[int]*time.Time) (bool, [][]*DisclosedAttribute, error)

DisclosedAttributes returns a slice containing for each item in the conjunction the disclosed attributes that are present in the proof list. If a non-empty and non-nil AttributeDisjunctionList is included, then the first attributes in the returned slice match with the disjunction list in the disjunction list. The first return parameter of this function indicates whether or not all disjunctions (if present) are satisfied.

func (*Disclosure) Verify

func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error)

func (*Disclosure) VerifyAgainstRequest added in v0.5.0

func (d *Disclosure) VerifyAgainstRequest(
	configuration *Configuration,
	request SessionRequest,
	context, nonce *big.Int,
	publickeys []*gabikeys.PublicKey,
	validAt *time.Time,
	issig bool,
) ([][]*DisclosedAttribute, ProofStatus, error)

type DisclosureChoice

type DisclosureChoice struct {
	Attributes [][]*AttributeIdentifier
}

A DisclosureChoice contains the attributes chosen to be disclosed.

func (*DisclosureChoice) Validate added in v0.5.0

func (choice *DisclosureChoice) Validate() error

type DisclosureRequest

type DisclosureRequest struct {
	BaseRequest

	Disclose AttributeConDisCon       `json:"disclose,omitempty"`
	Labels   map[int]TranslatedString `json:"labels,omitempty"`
}

A DisclosureRequest is a request to disclose certain attributes. Construct new instances using NewDisclosureRequest().

func NewDisclosureRequest added in v0.3.0

func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest

func (*DisclosureRequest) Action

func (dr *DisclosureRequest) Action() Action

func (*DisclosureRequest) AddSingle added in v0.3.0

func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *string, label TranslatedString)

func (*DisclosureRequest) Base added in v0.3.0

func (dr *DisclosureRequest) Base() *BaseRequest

func (*DisclosureRequest) Disclosure added in v0.3.0

func (dr *DisclosureRequest) Disclosure() *DisclosureRequest

func (*DisclosureRequest) Identifiers

func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet

func (*DisclosureRequest) IsDisclosureRequest added in v0.5.0

func (dr *DisclosureRequest) IsDisclosureRequest() bool

func (*DisclosureRequest) Legacy added in v0.3.0

func (dr *DisclosureRequest) Legacy() (SessionRequest, error)

func (*DisclosureRequest) UnmarshalJSON added in v0.3.0

func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error)

func (*DisclosureRequest) Validate

func (dr *DisclosureRequest) Validate() error

type ErrorType

type ErrorType string

ErrorType are session errors.

func (ErrorType) Error added in v0.3.0

func (err ErrorType) Error() string

type EventRecord added in v0.5.0

type EventRecord struct {
	Index      *uint64                  `gorm:"primary_key;column:eventindex;auto_increment:false"`
	CredType   CredentialTypeIdentifier `gorm:"primary_key"`
	PKCounter  *uint                    `gorm:"primary_key;auto_increment:false"`
	E          *RevocationAttribute
	ParentHash eventHash
}

Structs corresponding to SQL table rows, ending in Record

func (*EventRecord) Convert added in v0.5.0

func (e *EventRecord) Convert(id CredentialTypeIdentifier, pkcounter uint, event *revocation.Event) *EventRecord

func (*EventRecord) Event added in v0.5.0

func (e *EventRecord) Event() *revocation.Event

type ExpiredError

type ExpiredError struct {
	Err error // underlying error
}

ExpiredError indicates that something (e.g. a JWT) has expired.

func (ExpiredError) Error

func (e ExpiredError) Error() string

type FrontendAuthorization added in v0.8.0

type FrontendAuthorization string

type FrontendOptionsRequest added in v0.8.0

type FrontendOptionsRequest struct {
	LDContext     string        `json:"@context,omitempty"`
	PairingMethod PairingMethod `json:"pairingMethod"`
}

An FrontendOptionsRequest asks for a options change of a particular session.

func NewFrontendOptionsRequest added in v0.8.0

func NewFrontendOptionsRequest() FrontendOptionsRequest

NewFrontendOptionsRequest returns a new options request initialized with default values for each option

func (*FrontendOptionsRequest) Validate added in v0.8.0

func (or *FrontendOptionsRequest) Validate() error

type FrontendSessionRequest added in v0.8.0

type FrontendSessionRequest struct {
	// Authorization token to access frontend endpoints.
	Authorization FrontendAuthorization `json:"authorization"`
	// PairingRecommended indictes to the frontend that pairing is recommended when starting the session.
	PairingRecommended bool `json:"pairingHint,omitempty"`
	// MinProtocolVersion that the server supports for the frontend protocol.
	MinProtocolVersion *ProtocolVersion `json:"minProtocolVersion"`
	// MaxProtocolVersion that the server supports for the frontend protocol.
	MaxProtocolVersion *ProtocolVersion `json:"maxProtocolVersion"`
}

FrontendSessionRequest contains session parameters for the frontend.

type FrontendSessionStatus added in v0.8.0

type FrontendSessionStatus struct {
	Status      ServerStatus `json:"status"`
	NextSession *Qr          `json:"nextSession,omitempty"`
}

type HTTPTransport

type HTTPTransport struct {
	Server     string
	Binary     bool
	ForceHTTPS bool
	// contains filtered or unexported fields
}

HTTPTransport sends and receives JSON messages to a HTTP server.

func NewHTTPTransport

func NewHTTPTransport(serverURL string, forceHTTPS bool) *HTTPTransport

NewHTTPTransport returns a new HTTPTransport.

func (*HTTPTransport) Delete

func (transport *HTTPTransport) Delete() error

Delete performs a DELETE.

func (*HTTPTransport) Get

func (transport *HTTPTransport) Get(url string, result interface{}) error

Get performs a GET request and parses the server's response into result.

func (*HTTPTransport) GetBytes

func (transport *HTTPTransport) GetBytes(url string) ([]byte, error)

func (*HTTPTransport) Post

func (transport *HTTPTransport) Post(url string, result interface{}, object interface{}) error

Post sends the object to the server and parses its response into result.

func (*HTTPTransport) SetHeader

func (transport *HTTPTransport) SetHeader(name, val string)

SetHeader sets a header to be sent in requests.

type IdentityProviderJwt

type IdentityProviderJwt struct {
	ServerJwt
	Request *IdentityProviderRequest `json:"iprequest"`
}

IdentityProviderJwt is a requestor JWT for issuance session.

func NewIdentityProviderJwt

func NewIdentityProviderJwt(servername string, ir *IssuanceRequest) *IdentityProviderJwt

NewIdentityProviderJwt returns a new IdentityProviderJwt.

func (*IdentityProviderJwt) Action

func (claims *IdentityProviderJwt) Action() Action

func (*IdentityProviderJwt) RequestorRequest

func (claims *IdentityProviderJwt) RequestorRequest() RequestorRequest

func (*IdentityProviderJwt) SessionRequest

func (claims *IdentityProviderJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*IdentityProviderJwt) Sign

func (claims *IdentityProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*IdentityProviderJwt) Valid

func (claims *IdentityProviderJwt) Valid() error

type IdentityProviderRequest

type IdentityProviderRequest struct {
	RequestorBaseRequest
	Request *IssuanceRequest `json:"request"`
}

An IdentityProviderRequest contains an issuance request.

func (*IdentityProviderRequest) Base

func (*IdentityProviderRequest) SessionRequest

func (r *IdentityProviderRequest) SessionRequest() SessionRequest

func (*IdentityProviderRequest) Validate

func (r *IdentityProviderRequest) Validate() error

type IrmaIdentifierSet

type IrmaIdentifierSet struct {
	SchemeManagers   map[SchemeManagerIdentifier]struct{}
	Issuers          map[IssuerIdentifier]struct{}
	CredentialTypes  map[CredentialTypeIdentifier]struct{}
	PublicKeys       map[IssuerIdentifier][]uint
	AttributeTypes   map[AttributeTypeIdentifier]struct{}
	RequestorSchemes map[RequestorSchemeIdentifier]struct{}
}

IrmaIdentifierSet contains a set (ensured by using map[...]struct{}) of all scheme managers, all issuers, all credential types, all public keys and all attribute types that are involved in an IRMA session.

func (*IrmaIdentifierSet) Distributed

func (set *IrmaIdentifierSet) Distributed(conf *Configuration) bool

func (*IrmaIdentifierSet) Empty

func (set *IrmaIdentifierSet) Empty() bool

func (*IrmaIdentifierSet) String added in v0.3.0

func (set *IrmaIdentifierSet) String() string

type IssuanceRecord added in v0.5.0

type IssuanceRecord struct {
	Key        string                   `gorm:"primary_key;column:revocationkey"`
	CredType   CredentialTypeIdentifier `gorm:"primary_key"`
	Issued     int64                    `gorm:"primary_key;auto_increment:false"`
	PKCounter  *uint
	Attr       *RevocationAttribute
	ValidUntil int64
	RevokedAt  int64 `json:",omitempty"` // 0 if not currently revoked
}

IssuanceRecord contains information generated during issuance, needed for later revocation.

type IssuanceRequest

type IssuanceRequest struct {
	DisclosureRequest
	Credentials []*CredentialRequest `json:"credentials"`

	// Derived data
	CredentialInfoList        CredentialInfoList `json:",omitempty"`
	RemovalCredentialInfoList CredentialInfoList `json:",omitempty"`
}

An IssuanceRequest is a request to issue certain credentials, optionally also asking for certain attributes to be simultaneously disclosed. Construct new instances using NewIssuanceRequest().

func NewIssuanceRequest added in v0.3.0

func NewIssuanceRequest(creds []*CredentialRequest, attrs ...AttributeTypeIdentifier) *IssuanceRequest

func (*IssuanceRequest) Action

func (ir *IssuanceRequest) Action() Action

func (*IssuanceRequest) GetCredentialInfoList

func (ir *IssuanceRequest) GetCredentialInfoList(
	conf *Configuration,
	version *ProtocolVersion,
	issuedAt time.Time,
) (CredentialInfoList, error)

func (*IssuanceRequest) Identifiers

func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet

func (*IssuanceRequest) Legacy added in v0.3.0

func (ir *IssuanceRequest) Legacy() (SessionRequest, error)

func (*IssuanceRequest) UnmarshalJSON added in v0.3.0

func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error)

func (*IssuanceRequest) Validate

func (ir *IssuanceRequest) Validate() error

type IssueCommitmentMessage

type IssueCommitmentMessage struct {
	*gabi.IssueCommitmentMessage
	Indices DisclosedAttributeIndices `json:"indices,omitempty"`
}

func (*IssueCommitmentMessage) Disclosure

func (i *IssueCommitmentMessage) Disclosure() *Disclosure

type IssueWizard added in v0.8.0

type IssueWizard struct {
	ID                   IssueWizardIdentifier     `json:"id"`
	Title                TranslatedString          `json:"title"`
	LogoPath             *string                   `json:"logoPath,omitempty"` // Full path to the logo set automatically during scheme parsing
	Color                *string                   `json:"color,omitempty"`
	TextColor            *string                   `json:"textColor,omitempty"`
	Issues               *CredentialTypeIdentifier `json:"issues,omitempty"`
	AllowOtherRequestors bool                      `json:"allowOtherRequestors"`
	Languages            []string                  `json:"languages"`

	Info *TranslatedString `json:"info,omitempty"`
	FAQ  []IssueWizardQA   `json:"faq,omitempty"`

	Intro              *TranslatedString   `json:"intro,omitempty"`
	SuccessHeader      *TranslatedString   `json:"successHeader,omitempty"`
	SuccessText        *TranslatedString   `json:"successText,omitempty"`
	ExpandDependencies *bool               `json:"expandDependencies,omitempty"`
	Contents           IssueWizardContents `json:"contents"`
}

func (IssueWizard) Path added in v0.8.0

func (wizard IssueWizard) Path(conf *Configuration, creds CredentialInfoList) ([]IssueWizardItem, error)

Path returns a list of IssueWizardItems to be used as the wizard item order. If the ExpandDependencies boolean is set to false, the result of IssueWizardContents.ChoosePath is returned. If not set or set to true, this is augmented with all dependencies of all items in an executable order.

func (*IssueWizard) Validate added in v0.8.0

func (wizard *IssueWizard) Validate(conf *Configuration) error

type IssueWizardContents added in v0.8.0

type IssueWizardContents [][][]IssueWizardItem

IssueWizardContents contains a condiscon (conjunction of disjunctions of conjunctions) of issue wizard items, making it possible to present the user with different options to complete the wizard.

func (IssueWizardContents) ChoosePath added in v0.8.0

func (contents IssueWizardContents) ChoosePath(conf *Configuration, creds map[CredentialTypeIdentifier]struct{}) []IssueWizardItem

ChoosePath processes the wizard contents given the list of present credentials. Of each disjunction, either the first contained inner conjunction that is satisfied by the credential list is chosen; or if no such conjunction exists in the disjunction, the first conjunction is chosen. The result of doing this for all outer conjunctions is flattened and returned.

type IssueWizardIdentifier added in v0.8.0

type IssueWizardIdentifier struct {
	// contains filtered or unexported fields
}

func NewIssueWizardIdentifier added in v0.8.0

func NewIssueWizardIdentifier(id string) IssueWizardIdentifier

NewIssueWizardIdentifier converts the specified identifier to a NewIssueWizardIdentifier.

func (IssueWizardIdentifier) Empty added in v0.8.0

func (oi IssueWizardIdentifier) Empty() bool

func (IssueWizardIdentifier) GormDataType added in v0.8.0

func (IssueWizardIdentifier) GormDataType(dialect gorm.Dialect) string

func (IssueWizardIdentifier) MarshalCBOR added in v0.8.0

func (oi IssueWizardIdentifier) MarshalCBOR() (data []byte, err error)

func (IssueWizardIdentifier) MarshalText added in v0.8.0

func (id IssueWizardIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (IssueWizardIdentifier) Name added in v0.8.0

func (oi IssueWizardIdentifier) Name() string

Name returns the last part of this identifier.

func (IssueWizardIdentifier) Parent added in v0.8.0

func (oi IssueWizardIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (IssueWizardIdentifier) PartsCount added in v0.9.0

func (io IssueWizardIdentifier) PartsCount() int

func (IssueWizardIdentifier) RequestorIdentifier added in v0.8.0

func (id IssueWizardIdentifier) RequestorIdentifier() RequestorIdentifier

RequestorIdentifier returns the requestor identifier of the issue wizard.

func (IssueWizardIdentifier) Root added in v0.8.0

func (oi IssueWizardIdentifier) Root() string

func (*IssueWizardIdentifier) Scan added in v0.8.0

func (oi *IssueWizardIdentifier) Scan(src interface{}) error

func (IssueWizardIdentifier) String added in v0.8.0

func (oi IssueWizardIdentifier) String() string

String returns this identifier as a string.

func (*IssueWizardIdentifier) UnmarshalCBOR added in v0.8.0

func (oi *IssueWizardIdentifier) UnmarshalCBOR(data []byte) error

func (*IssueWizardIdentifier) UnmarshalText added in v0.8.0

func (id *IssueWizardIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (IssueWizardIdentifier) Value added in v0.8.0

func (oi IssueWizardIdentifier) Value() (driver.Value, error)

type IssueWizardItem added in v0.8.0

type IssueWizardItem struct {
	Type       IssueWizardItemType       `json:"type"`
	Credential *CredentialTypeIdentifier `json:"credential,omitempty"`
	Header     *TranslatedString         `json:"header,omitempty"`
	Text       *TranslatedString         `json:"text,omitempty"`
	Label      *TranslatedString         `json:"label,omitempty"`
	SessionURL *string                   `json:"sessionUrl,omitempty"`
	URL        *TranslatedString         `json:"url,omitempty"`
	InApp      *bool                     `json:"inapp,omitempty"`
	// contains filtered or unexported fields
}

type IssueWizardItemType added in v0.8.0

type IssueWizardItemType string
const (
	IssueWizardItemTypeCredential IssueWizardItemType = "credential"
	IssueWizardItemTypeSession    IssueWizardItemType = "session"
	IssueWizardItemTypeWebsite    IssueWizardItemType = "website"
)

type IssueWizardQA added in v0.8.0

type IssueWizardQA struct {
	Question TranslatedString `json:"question"`
	Answer   TranslatedString `json:"answer"`
}

type Issuer

type Issuer struct {
	ID              string           `xml:"ID"`
	Name            TranslatedString `xml:"Name"`
	SchemeManagerID string           `xml:"SchemeManager"`
	ContactAddress  string
	ContactEMail    string
	DeprecatedSince Timestamp
	Languages       []string `xml:"Languages>Language"`
	XMLVersion      int      `xml:"version,attr"`
}

Issuer describes an issuer.

func (*Issuer) Identifier

func (id *Issuer) Identifier() IssuerIdentifier

Identifier returns the identifier of the specified issuer description.

func (*Issuer) SchemeManagerIdentifier

func (id *Issuer) SchemeManagerIdentifier() SchemeManagerIdentifier

type IssuerIdentifier

type IssuerIdentifier struct {
	// contains filtered or unexported fields
}

IssuerIdentifier identifies an issuer. For example "irma-demo.RU".

func NewIssuerIdentifier

func NewIssuerIdentifier(id string) IssuerIdentifier

NewIssuerIdentifier converts the specified identifier to a IssuerIdentifier.

func (IssuerIdentifier) Empty

func (oi IssuerIdentifier) Empty() bool

func (IssuerIdentifier) GormDataType added in v0.5.0

func (IssuerIdentifier) GormDataType(dialect gorm.Dialect) string

func (IssuerIdentifier) MarshalCBOR added in v0.5.0

func (oi IssuerIdentifier) MarshalCBOR() (data []byte, err error)

func (IssuerIdentifier) MarshalText

func (id IssuerIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (IssuerIdentifier) Name

func (oi IssuerIdentifier) Name() string

Name returns the last part of this identifier.

func (IssuerIdentifier) Parent

func (oi IssuerIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (IssuerIdentifier) PartsCount added in v0.9.0

func (io IssuerIdentifier) PartsCount() int

func (IssuerIdentifier) Root

func (oi IssuerIdentifier) Root() string

func (*IssuerIdentifier) Scan added in v0.5.0

func (oi *IssuerIdentifier) Scan(src interface{}) error

func (IssuerIdentifier) SchemeManagerIdentifier

func (id IssuerIdentifier) SchemeManagerIdentifier() SchemeManagerIdentifier

SchemeManagerIdentifier returns the scheme manager identifer of the issuer.

func (IssuerIdentifier) String

func (oi IssuerIdentifier) String() string

String returns this identifier as a string.

func (*IssuerIdentifier) UnmarshalCBOR added in v0.5.0

func (oi *IssuerIdentifier) UnmarshalCBOR(data []byte) error

func (*IssuerIdentifier) UnmarshalText

func (id *IssuerIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (IssuerIdentifier) Value added in v0.5.0

func (oi IssuerIdentifier) Value() (driver.Value, error)

type KeyshareAuthChallenge added in v0.11.0

type KeyshareAuthChallenge struct {
	Candidates []string `json:"candidates,omitempty"`
	Challenge  []byte   `json:"challenge"`
}

type KeyshareAuthRequest added in v0.11.0

type KeyshareAuthRequest struct {
	AuthRequestJWT string `json:"auth_request_jwt"`
}

type KeyshareAuthRequestClaims added in v0.11.0

type KeyshareAuthRequestClaims struct {
	jwt.RegisteredClaims
	Username string `json:"id"`
}

type KeyshareAuthResponse added in v0.11.0

type KeyshareAuthResponse struct {
	KeyshareAuthResponseData
	AuthResponseJWT string `json:"auth_response_jwt"`
}

type KeyshareAuthResponseClaims added in v0.11.0

type KeyshareAuthResponseClaims struct {
	jwt.RegisteredClaims
	KeyshareAuthResponseData
}

type KeyshareAuthResponseData added in v0.11.0

type KeyshareAuthResponseData struct {
	Username  string `json:"id"`
	Pin       string `json:"pin"`
	Challenge []byte `json:"challenge,omitempty"`
}

type KeyshareChangePin added in v0.8.0

type KeyshareChangePin struct {
	KeyshareChangePinData
	ChangePinJWT string `json:"change_pin_jwt"`
}

type KeyshareChangePinClaims added in v0.11.0

type KeyshareChangePinClaims struct {
	jwt.RegisteredClaims
	KeyshareChangePinData
}

type KeyshareChangePinData added in v0.11.0

type KeyshareChangePinData struct {
	Username string `json:"id"`
	OldPin   string `json:"oldpin"`
	NewPin   string `json:"newpin"`
}

type KeyshareEnrollment added in v0.8.0

type KeyshareEnrollment struct {
	KeyshareEnrollmentData
	EnrollmentJWT string `json:"enrollment_jwt,omitempty"`
}

type KeyshareEnrollmentClaims added in v0.11.0

type KeyshareEnrollmentClaims struct {
	jwt.RegisteredClaims
	KeyshareEnrollmentData
}

type KeyshareEnrollmentData added in v0.11.0

type KeyshareEnrollmentData struct {
	Pin       string  `json:"pin,omitempty"`
	Email     *string `json:"email,omitempty"`
	Language  string  `json:"language,omitempty"`
	PublicKey []byte  `json:"publickey,omitempty"`
}

type KeyshareKeyRegistration added in v0.11.0

type KeyshareKeyRegistration struct {
	PublicKeyRegistrationJWT string `json:"jwt"`
}

type KeyshareKeyRegistrationClaims added in v0.11.0

type KeyshareKeyRegistrationClaims struct {
	jwt.RegisteredClaims
	KeyshareKeyRegistrationData
}

type KeyshareKeyRegistrationData added in v0.11.0

type KeyshareKeyRegistrationData struct {
	Username  string `json:"id"`
	Pin       string `json:"pin"`
	PublicKey []byte `json:"publickey,omitempty"`
}

type KeysharePinStatus added in v0.8.0

type KeysharePinStatus struct {
	Status  string `json:"status"`
	Message string `json:"message"`
}

type LegacyDisclosureRequest added in v0.3.0

type LegacyDisclosureRequest struct {
	BaseRequest
	Content []LegacyLabeledDisjunction `json:"content"`
}

func (*LegacyDisclosureRequest) Action added in v0.3.0

func (dr *LegacyDisclosureRequest) Action() Action

func (*LegacyDisclosureRequest) Base added in v0.3.0

func (*LegacyDisclosureRequest) Disclosure added in v0.3.0

func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest

func (*LegacyDisclosureRequest) Identifiers added in v0.3.0

func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet

func (*LegacyDisclosureRequest) Legacy added in v0.3.0

func (*LegacyDisclosureRequest) Validate added in v0.3.0

func (dr *LegacyDisclosureRequest) Validate() error

type LegacyDisjunction added in v0.3.0

type LegacyDisjunction []AttributeRequest

LegacyDisjunction is a disjunction of attributes from before the condiscon feature, representing a list of attribute types one of which must be given by the user, possibly requiring specific values. (C.f. AttributeCon, also defined as []AttributeRequest, which is only satisfied if all listed attributes are given by the user.)

func (*LegacyDisjunction) MarshalJSON added in v0.3.0

func (l *LegacyDisjunction) MarshalJSON() ([]byte, error)

func (*LegacyDisjunction) UnmarshalJSON added in v0.3.0

func (l *LegacyDisjunction) UnmarshalJSON(bts []byte) error

type LegacyIssuanceRequest added in v0.3.0

type LegacyIssuanceRequest struct {
	BaseRequest
	Credentials []*CredentialRequest       `json:"credentials"`
	Disclose    []LegacyLabeledDisjunction `json:"disclose"`
}

func (*LegacyIssuanceRequest) Action added in v0.3.0

func (ir *LegacyIssuanceRequest) Action() Action

func (*LegacyIssuanceRequest) Base added in v0.3.0

func (ir *LegacyIssuanceRequest) Base() *BaseRequest

func (*LegacyIssuanceRequest) Disclosure added in v0.3.0

func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest

func (*LegacyIssuanceRequest) Identifiers added in v0.3.0

func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet

func (*LegacyIssuanceRequest) Legacy added in v0.3.0

func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error)

func (*LegacyIssuanceRequest) Validate added in v0.3.0

func (ir *LegacyIssuanceRequest) Validate() error

type LegacyLabeledDisjunction added in v0.3.0

type LegacyLabeledDisjunction struct {
	Label      string            `json:"label"`
	Attributes LegacyDisjunction `json:"attributes"`
}

type LegacySignatureRequest added in v0.3.0

type LegacySignatureRequest struct {
	LegacyDisclosureRequest
	Message string `json:"message"`
}

func (*LegacySignatureRequest) Action added in v0.3.0

func (ir *LegacySignatureRequest) Action() Action

type MetadataAttribute

type MetadataAttribute struct {
	Int *big.Int

	Conf *Configuration
	// contains filtered or unexported fields
}

metadataAttribute represents a metadata attribute. Contains the credential type, signing date, validity, and the public key counter.

func MetadataFromInt

func MetadataFromInt(i *big.Int, conf *Configuration) *MetadataAttribute

MetadataFromInt wraps the given Int

func NewMetadataAttribute

func NewMetadataAttribute(version byte) *MetadataAttribute

NewMetadataAttribute constructs a new instance containing the default values: provided version as versionField now as signing date 0 as keycounter ValidityDefault (half a year) as default validity.

func (*MetadataAttribute) Bytes

func (attr *MetadataAttribute) Bytes() []byte

Bytes returns this metadata attribute as a byte slice. Bigint's Bytes() method returns a big-endian byte slice, so add padding at begin.

func (*MetadataAttribute) CredentialType

func (attr *MetadataAttribute) CredentialType() *CredentialType

CredentialType returns the credential type of the current instance using the Configuration.

func (*MetadataAttribute) CredentialTypeHash

func (attr *MetadataAttribute) CredentialTypeHash() []byte

func (*MetadataAttribute) Expiry

func (attr *MetadataAttribute) Expiry() time.Time

Expiry returns the expiry date of this instance

func (*MetadataAttribute) IsValid

func (attr *MetadataAttribute) IsValid() bool

IsValid returns whether this instance is valid.

func (*MetadataAttribute) IsValidOn

func (attr *MetadataAttribute) IsValidOn(t time.Time) bool

IsValidOn returns whether this instance is still valid at the given time

func (*MetadataAttribute) KeyCounter

func (attr *MetadataAttribute) KeyCounter() uint

KeyCounter return the public key counter of the metadata attribute

func (*MetadataAttribute) PublicKey

func (attr *MetadataAttribute) PublicKey() (*gabikeys.PublicKey, error)

PublicKey extracts identifier of the Idemix public key with which this instance was signed, and returns this public key.

func (*MetadataAttribute) SigningDate

func (attr *MetadataAttribute) SigningDate() time.Time

SigningDate returns the time at which this instance was signed

func (*MetadataAttribute) ValidityDuration

func (attr *MetadataAttribute) ValidityDuration() int

ValidityDuration returns the amount of epochs during which this instance is valid

func (*MetadataAttribute) Version

func (attr *MetadataAttribute) Version() byte

Version returns the metadata version of this instance

type NextSessionData added in v0.8.0

type NextSessionData struct {
	URL string `json:"url"` // URL from which to get the next session after this one
}

type NonRevocationParameters added in v0.5.0

type NonRevocationParameters map[CredentialTypeIdentifier]*NonRevocationRequest

func (*NonRevocationParameters) MarshalJSON added in v0.5.0

func (n *NonRevocationParameters) MarshalJSON() ([]byte, error)

func (*NonRevocationParameters) UnmarshalJSON added in v0.5.0

func (n *NonRevocationParameters) UnmarshalJSON(bts []byte) error

type NonRevocationRequest added in v0.5.0

type NonRevocationRequest struct {
	Tolerance uint64                      `json:"tolerance,omitempty"`
	Updates   map[uint]*revocation.Update `json:"updates,omitempty"`
}

type PairingMethod added in v0.8.0

type PairingMethod string

type PrivateKeyRing added in v0.5.0

type PrivateKeyRing interface {
	// Latest returns the private key with the highest counter for the specified issuer, if any,
	// or an error.
	Latest(id IssuerIdentifier) (*gabikeys.PrivateKey, error)

	// Get returns the specified private key, or an error.
	Get(id IssuerIdentifier, counter uint) (*gabikeys.PrivateKey, error)

	// Iterate executes the specified function on each private key of the specified issuer
	// present in the ring. The private keys are offered to the function in no particular order,
	// and the same key may be offered multiple times. Returns on the first error returned
	// by the function.
	Iterate(id IssuerIdentifier, f func(sk *gabikeys.PrivateKey) error) error
}

PrivateKeyRing provides access to a set of private keys.

type PrivateKeyRingFolder added in v0.5.0

type PrivateKeyRingFolder struct {
	// contains filtered or unexported fields
}

PrivateKeyRingFolder represents a folder on disk containing private keys with filenames of the form scheme.issuer.xml and scheme.issuer.counter.xml.

func NewPrivateKeyRingFolder added in v0.5.0

func NewPrivateKeyRingFolder(path string, conf *Configuration) (*PrivateKeyRingFolder, error)

func (*PrivateKeyRingFolder) Get added in v0.5.0

func (*PrivateKeyRingFolder) Iterate added in v0.5.0

func (*PrivateKeyRingFolder) Latest added in v0.5.0

type ProofList

type ProofList gabi.ProofList

ProofList is a gabi.ProofList with some extra methods.

func (ProofList) Expired

func (pl ProofList) Expired(configuration *Configuration, t *time.Time) (bool, error)

Expired returns true if any of the contained disclosure proofs is specified at the specified time, or now, when the specified time is nil.

func (ProofList) ExtractPublicKeys

func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabikeys.PublicKey, error)

ExtractPublicKeys returns the public keys of each proof in the proofList, in the same order, for later use in verification of the proofList. If one of the proofs is not a ProofD an error is returned.

func (ProofList) VerifyProofs

func (pl ProofList) VerifyProofs(
	configuration *Configuration,
	request SessionRequest,
	context *big.Int, nonce *big.Int,
	publickeys []*gabikeys.PublicKey,
	validAt *time.Time,
	isSig bool,
) (bool, map[int]*time.Time, error)

VerifyProofs verifies the proofs cryptographically.

type ProofPCommitmentMap added in v0.8.0

type ProofPCommitmentMap struct {
	Commitments map[PublicKeyIdentifier]*gabi.ProofPCommitment `json:"c"`
}

func (*ProofPCommitmentMap) MarshalJSON added in v0.8.0

func (ppcm *ProofPCommitmentMap) MarshalJSON() ([]byte, error)

type ProofStatus

type ProofStatus string

ProofStatus is the status of the complete proof

type ProtocolVersion

type ProtocolVersion struct {
	Major int
	Minor int
}

ProtocolVersion encodes the IRMA protocol version of an IRMA session.

func NewVersion

func NewVersion(major, minor int) *ProtocolVersion

func (*ProtocolVersion) Above

func (v *ProtocolVersion) Above(major, minor int) bool

func (*ProtocolVersion) AboveVersion

func (v *ProtocolVersion) AboveVersion(other *ProtocolVersion) bool

func (*ProtocolVersion) Below

func (v *ProtocolVersion) Below(major, minor int) bool

Returns true if v is below the given version.

func (*ProtocolVersion) BelowVersion

func (v *ProtocolVersion) BelowVersion(other *ProtocolVersion) bool

func (*ProtocolVersion) MarshalJSON

func (v *ProtocolVersion) MarshalJSON() ([]byte, error)

func (*ProtocolVersion) String

func (v *ProtocolVersion) String() string

func (*ProtocolVersion) UnmarshalJSON

func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error)

type PublicKeyIdentifier added in v0.8.0

type PublicKeyIdentifier struct {
	Issuer  IssuerIdentifier `json:"issuer"`
	Counter uint             `json:"counter"`
}

PublicKeyIdentifier identifies a single key from an issuer. For example: "irma-demo.RU-1"

func (*PublicKeyIdentifier) MarshalText added in v0.8.0

func (pki *PublicKeyIdentifier) MarshalText() (text []byte, err error)

func (*PublicKeyIdentifier) UnmarshalText added in v0.8.0

func (pki *PublicKeyIdentifier) UnmarshalText(text []byte) error

type Qr

type Qr struct {
	// Server with which to perform the session
	URL string `json:"u"`
	// Session type (disclosing, signing, issuing)
	Type Action `json:"irmaqr"`
}

Qr contains the data of an IRMA session QR (as generated by irma_js), suitable for NewSession().

func (*Qr) IsQr added in v0.5.0

func (qr *Qr) IsQr() bool

func (*Qr) Validate

func (qr *Qr) Validate() (err error)

type RemoteError

type RemoteError struct {
	Status      int    `json:"status,omitempty"`
	ErrorName   string `json:"error,omitempty"`
	Description string `json:"description,omitempty"`
	Message     string `json:"message,omitempty"`
	Stacktrace  string `json:"stacktrace,omitempty"`
}

RemoteError is an error message returned by the API server on errors.

func (*RemoteError) Error

func (err *RemoteError) Error() string

type RequestorBaseRequest

type RequestorBaseRequest struct {
	ResultJwtValidity int              `json:"validity,omitempty"`    // Validity of session result JWT in seconds
	ClientTimeout     int              `json:"timeout,omitempty"`     // Wait this many seconds for the IRMA app to connect before the session times out
	CallbackURL       string           `json:"callbackUrl,omitempty"` // URL to post session result to
	NextSession       *NextSessionData `json:"nextSession,omitempty"` // Data about session to start after this one (if any)
}

RequestorBaseRequest contains fields present in all RequestorRequest types with which the requestor configures an IRMA session.

func (*RequestorBaseRequest) SetDefaultsIfNecessary added in v0.7.0

func (r *RequestorBaseRequest) SetDefaultsIfNecessary()

type RequestorChunk added in v0.6.0

type RequestorChunk []*RequestorInfo

RequestorChunk is a number of verified requestors stored together. The RequestorScheme can consist of multiple such chunks

type RequestorIdentifier added in v0.8.0

type RequestorIdentifier struct {
	// contains filtered or unexported fields
}

func NewRequestorIdentifier added in v0.8.0

func NewRequestorIdentifier(id string) RequestorIdentifier

NewRequestorIdentifier converts the specified identifier to a NewRequestorIdentifier.

func (RequestorIdentifier) Empty added in v0.8.0

func (oi RequestorIdentifier) Empty() bool

func (RequestorIdentifier) GormDataType added in v0.8.0

func (RequestorIdentifier) GormDataType(dialect gorm.Dialect) string

func (RequestorIdentifier) MarshalCBOR added in v0.8.0

func (oi RequestorIdentifier) MarshalCBOR() (data []byte, err error)

func (RequestorIdentifier) MarshalText added in v0.8.0

func (id RequestorIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (RequestorIdentifier) Name added in v0.8.0

func (oi RequestorIdentifier) Name() string

Name returns the last part of this identifier.

func (RequestorIdentifier) Parent added in v0.8.0

func (oi RequestorIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (RequestorIdentifier) PartsCount added in v0.9.0

func (io RequestorIdentifier) PartsCount() int

func (RequestorIdentifier) RequestorSchemeIdentifier added in v0.8.0

func (id RequestorIdentifier) RequestorSchemeIdentifier() RequestorSchemeIdentifier

RequestorSchemeIdentifier returns the requestor scheme identifier of the requestor.

func (RequestorIdentifier) Root added in v0.8.0

func (oi RequestorIdentifier) Root() string

func (*RequestorIdentifier) Scan added in v0.8.0

func (oi *RequestorIdentifier) Scan(src interface{}) error

func (RequestorIdentifier) String added in v0.8.0

func (oi RequestorIdentifier) String() string

String returns this identifier as a string.

func (*RequestorIdentifier) UnmarshalCBOR added in v0.8.0

func (oi *RequestorIdentifier) UnmarshalCBOR(data []byte) error

func (*RequestorIdentifier) UnmarshalText added in v0.8.0

func (id *RequestorIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (RequestorIdentifier) Value added in v0.8.0

func (oi RequestorIdentifier) Value() (driver.Value, error)

type RequestorInfo added in v0.6.0

type RequestorInfo struct {
	ID         RequestorIdentifier                    `json:"id"`
	Scheme     RequestorSchemeIdentifier              `json:"scheme"`
	Name       TranslatedString                       `json:"name"`
	Industry   *TranslatedString                      `json:"industry"`
	Hostnames  []string                               `json:"hostnames"`
	LogoPath   *string                                `json:"logoPath,omitempty"`
	ValidUntil *Timestamp                             `json:"valid_until"`
	Unverified bool                                   `json:"unverified"`
	Languages  []string                               `json:"languages"`
	Wizards    map[IssueWizardIdentifier]*IssueWizard `json:"wizards"`
}

RequestorInfo describes a single verified requestor

func NewRequestorInfo added in v0.6.0

func NewRequestorInfo(hostname string) *RequestorInfo

NewRequestorInfo returns a Requestor with just the given hostname

type RequestorJwt

type RequestorJwt interface {
	Action() Action
	RequestorRequest() RequestorRequest
	SessionRequest() SessionRequest
	Requestor() string
	Valid() error
	Sign(jwt.SigningMethod, interface{}) (string, error)
}

A RequestorJwt contains an IRMA session object.

func ParseRequestorJwt

func ParseRequestorJwt(action string, requestorJwt string) (RequestorJwt, error)

ParseRequestorJwt parses the specified JWT and returns the contents. Note: this function does not verify the signature! Do that elsewhere.

type RequestorRequest

type RequestorRequest interface {
	Validator
	SessionRequest() SessionRequest
	Base() *RequestorBaseRequest
}

RequestorRequest is the message with which requestors start an IRMA session. It contains a SessionRequest instance for the irmaclient along with extra fields in a RequestorBaseRequest.

type RequestorScheme added in v0.6.0

type RequestorScheme struct {
	ID        RequestorSchemeIdentifier `json:"id"`
	URL       string                    `json:"url"`
	Demo      bool                      `json:"demo"`
	Languages []string                  `json:"languages"`
	Status    SchemeManagerStatus       `json:"-"`
	Timestamp Timestamp                 `json:"-"`
	// contains filtered or unexported fields
}

RequestorScheme describes verified requestors

type RequestorSchemeIdentifier added in v0.6.0

type RequestorSchemeIdentifier struct {
	// contains filtered or unexported fields
}

RequestorSchemeIdentifier identifies a requestor scheme. Equal to its ID. For example "pbdf-requestors"

func NewRequestorSchemeIdentifier added in v0.6.0

func NewRequestorSchemeIdentifier(id string) RequestorSchemeIdentifier

NewRequestorSchemeIdentifier converts the specified identifier to a RequestorSchemeIdentifier.

func (RequestorSchemeIdentifier) Empty added in v0.6.0

func (oi RequestorSchemeIdentifier) Empty() bool

func (RequestorSchemeIdentifier) GormDataType added in v0.6.0

func (RequestorSchemeIdentifier) GormDataType(dialect gorm.Dialect) string

func (RequestorSchemeIdentifier) MarshalCBOR added in v0.6.0

func (oi RequestorSchemeIdentifier) MarshalCBOR() (data []byte, err error)

func (RequestorSchemeIdentifier) MarshalText added in v0.6.0

func (id RequestorSchemeIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (RequestorSchemeIdentifier) Name added in v0.6.0

func (oi RequestorSchemeIdentifier) Name() string

Name returns the last part of this identifier.

func (RequestorSchemeIdentifier) Parent added in v0.6.0

func (oi RequestorSchemeIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (RequestorSchemeIdentifier) PartsCount added in v0.9.0

func (io RequestorSchemeIdentifier) PartsCount() int

func (RequestorSchemeIdentifier) Root added in v0.6.0

func (oi RequestorSchemeIdentifier) Root() string

func (*RequestorSchemeIdentifier) Scan added in v0.6.0

func (oi *RequestorSchemeIdentifier) Scan(src interface{}) error

func (RequestorSchemeIdentifier) String added in v0.6.0

func (oi RequestorSchemeIdentifier) String() string

String returns this identifier as a string.

func (*RequestorSchemeIdentifier) UnmarshalCBOR added in v0.6.0

func (oi *RequestorSchemeIdentifier) UnmarshalCBOR(data []byte) error

func (*RequestorSchemeIdentifier) UnmarshalText added in v0.6.0

func (id *RequestorSchemeIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (RequestorSchemeIdentifier) Value added in v0.6.0

func (oi RequestorSchemeIdentifier) Value() (driver.Value, error)

type RequestorToken added in v0.8.0

type RequestorToken string

Tokens to identify a session from the perspective of the different agents

func ParseRequestorToken added in v0.9.0

func ParseRequestorToken(input string) (RequestorToken, error)

ParseRequestorToken parses a string to a ClientToken after validating the input.

type RequiredAttributeMissingError added in v0.5.0

type RequiredAttributeMissingError struct {
	ErrorType
	Missing *IrmaIdentifierSet
}

func (*RequiredAttributeMissingError) Error added in v0.5.0

type RevocationAttribute added in v0.5.0

type RevocationAttribute big.Int

RevocationAttribute is a big.Int with DB (un)marshaling methods.

func (RevocationAttribute) GormDataType added in v0.5.0

func (RevocationAttribute) GormDataType(dialect gorm.Dialect) string

func (*RevocationAttribute) MarshalCBOR added in v0.5.0

func (i *RevocationAttribute) MarshalCBOR() ([]byte, error)

func (*RevocationAttribute) Scan added in v0.5.0

func (i *RevocationAttribute) Scan(src interface{}) error

Scan implements sql.Scanner, for SQL unmarshaling (from a []byte).

func (*RevocationAttribute) UnmarshalCBOR added in v0.5.0

func (i *RevocationAttribute) UnmarshalCBOR(data []byte) error

func (*RevocationAttribute) Value added in v0.5.0

func (i *RevocationAttribute) Value() (driver.Value, error)

Value implements driver.Valuer, for SQL marshaling (to []byte).

type RevocationClient added in v0.5.0

type RevocationClient struct {
	Conf     *Configuration
	Settings RevocationSettings
	// contains filtered or unexported fields
}

RevocationClient offers an HTTP client to the revocation server endpoints.

func (RevocationClient) FetchUpdateFrom added in v0.5.0

func (client RevocationClient) FetchUpdateFrom(id CredentialTypeIdentifier, pkcounter uint, from uint64) (*revocation.Update, error)

func (RevocationClient) FetchUpdateLatest added in v0.5.0

func (client RevocationClient) FetchUpdateLatest(id CredentialTypeIdentifier, pkcounter uint, count uint64) (*revocation.Update, error)

func (RevocationClient) FetchUpdatesLatest added in v0.5.0

func (client RevocationClient) FetchUpdatesLatest(id CredentialTypeIdentifier, count uint64) (map[uint]*revocation.Update, error)

func (RevocationClient) PostIssuanceRecord added in v0.5.0

func (client RevocationClient) PostIssuanceRecord(id CredentialTypeIdentifier, sk *gabikeys.PrivateKey, rec *IssuanceRecord, url string) error

type RevocationJwt added in v0.5.0

type RevocationJwt struct {
	ServerJwt
	Request *RevocationRequest `json:"revrequest"`
}

func (*RevocationJwt) Sign added in v0.5.0

func (claims *RevocationJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*RevocationJwt) Valid added in v0.5.0

func (claims *RevocationJwt) Valid() error

type RevocationKeys added in v0.5.0

type RevocationKeys struct {
	Conf *Configuration
}

RevocationKeys contains helper functions for retrieving revocation private and public keys from an irma.Configuration instance.

func (RevocationKeys) PrivateKey added in v0.5.0

func (rs RevocationKeys) PrivateKey(issid IssuerIdentifier, counter uint) (*gabikeys.PrivateKey, error)

func (RevocationKeys) PrivateKeyLatest added in v0.5.0

func (rs RevocationKeys) PrivateKeyLatest(issid IssuerIdentifier) (*gabikeys.PrivateKey, error)

func (RevocationKeys) PublicKey added in v0.5.0

func (rs RevocationKeys) PublicKey(issid IssuerIdentifier, counter uint) (*gabikeys.PublicKey, error)

type RevocationRequest added in v0.5.0

type RevocationRequest struct {
	LDContext      string                   `json:"@context,omitempty"`
	CredentialType CredentialTypeIdentifier `json:"type"`
	Key            string                   `json:"revocationKey,omitempty"`
	Issued         int64                    `json:"issued,omitempty"`
}

func (*RevocationRequest) Validate added in v0.5.0

func (r *RevocationRequest) Validate() error

type RevocationSetting added in v0.5.0

type RevocationSetting struct {
	Server              bool   `json:"server,omitempty" mapstructure:"server"`
	Authority           bool   `json:"authority,omitempty" mapstructure:"authority"`
	RevocationServerURL string `json:"revocation_server_url,omitempty" mapstructure:"revocation_server_url"`
	Tolerance           uint64 `json:"tolerance,omitempty" mapstructure:"tolerance"` // in seconds, min 30
	SSE                 bool   `json:"sse,omitempty" mapstructure:"sse"`
	// contains filtered or unexported fields
}

RevocationSetting contains revocation settings for a given credential type.

type RevocationSettings added in v0.5.0

type RevocationSettings map[CredentialTypeIdentifier]*RevocationSetting

func (RevocationSettings) Get added in v0.5.0

type RevocationStorage added in v0.5.0

type RevocationStorage struct {
	Keys RevocationKeys

	ServerSentEvents *sse.Server
	// contains filtered or unexported fields
}

RevocationStorage stores and retrieves revocation-related data from and to a SQL database, and offers a revocation API for all other irmago code, including a Revoke() method that revokes an earlier issued credential.

func (*RevocationStorage) Accumulator added in v0.5.0

func (rs *RevocationStorage) Accumulator(id CredentialTypeIdentifier, pkcounter uint) (
	*revocation.SignedAccumulator, error,
)

func (*RevocationStorage) AddIssuanceRecord added in v0.5.0

func (rs *RevocationStorage) AddIssuanceRecord(r *IssuanceRecord) error

func (*RevocationStorage) AddUpdate added in v0.5.0

func (*RevocationStorage) Close added in v0.5.0

func (rs *RevocationStorage) Close() error

func (*RevocationStorage) EnableRevocation added in v0.5.0

func (rs *RevocationStorage) EnableRevocation(id CredentialTypeIdentifier, sk *gabikeys.PrivateKey) error

EnableRevocation creates an initial accumulator for a given credential type. This function is the only way to create such an initial accumulator and it must be called before anyone can use revocation for this credential type. Requires the issuer private key.

func (*RevocationStorage) Events added in v0.5.0

func (rs *RevocationStorage) Events(id CredentialTypeIdentifier, pkcounter uint, from, to uint64) (*revocation.EventList, error)

func (*RevocationStorage) Exists added in v0.5.0

func (rs *RevocationStorage) Exists(id CredentialTypeIdentifier, counter uint) (bool, error)

Exists returns whether or not an accumulator exists in the database for the given credential type.

func (*RevocationStorage) IssuanceRecords added in v0.5.0

func (rs *RevocationStorage) IssuanceRecords(id CredentialTypeIdentifier, key string, issued time.Time) ([]*IssuanceRecord, error)

func (*RevocationStorage) Load added in v0.5.0

func (rs *RevocationStorage) Load(debug bool, dbtype, connstr string, settings RevocationSettings) error

func (*RevocationStorage) PostUpdate added in v0.5.0

func (rs *RevocationStorage) PostUpdate(id CredentialTypeIdentifier, update *revocation.Update)

func (*RevocationStorage) Revoke added in v0.5.0

func (rs *RevocationStorage) Revoke(id CredentialTypeIdentifier, key string, issued time.Time) error

Revoke revokes the credential(s) specified by key and issued, if found within the current database, by updating their revocation time to now, removing their revocation attribute from the current accumulator, and updating the revocation database on disk. If issued is not specified, i.e. passed the zero value, all credentials specified by key are revoked.

func (*RevocationStorage) SaveIssuanceRecord added in v0.5.0

func (rs *RevocationStorage) SaveIssuanceRecord(id CredentialTypeIdentifier, rec *IssuanceRecord, sk *gabikeys.PrivateKey) error

SaveIssuanceRecord either stores the issuance record locally, if we are the revocation server of the crecential type, or it signs and sends it to the remote revocation server.

func (*RevocationStorage) SetRevocationUpdates added in v0.5.0

func (rs *RevocationStorage) SetRevocationUpdates(b *BaseRequest) error

SetRevocationUpdates retrieves the latest revocation records from the database, and attaches them to the request, for each credential type for which a nonrevocation proof is requested in b.Revocation.

func (*RevocationStorage) SyncDB added in v0.5.0

func (*RevocationStorage) SyncIfOld added in v0.5.0

func (rs *RevocationStorage) SyncIfOld(id CredentialTypeIdentifier, maxage uint64) error

func (*RevocationStorage) UpdateLatest added in v0.5.0

func (rs *RevocationStorage) UpdateLatest(id CredentialTypeIdentifier, count uint64, counter *uint) (map[uint]*revocation.Update, error)

type Scheme added in v0.6.0

type Scheme interface {
	// contains filtered or unexported methods
}

type SchemeAppVersion added in v0.3.0

type SchemeAppVersion struct {
	Android int `xml:"Android"`
	IOS     int `xml:"iOS"`
}

type SchemeFileHash added in v0.6.0

type SchemeFileHash []byte

SchemeFileHash encodes the SHA256 hash of an authenticated file under a scheme within the configuration folder.

func (SchemeFileHash) Equal added in v0.6.0

func (hash SchemeFileHash) Equal(other SchemeFileHash) bool

func (SchemeFileHash) String added in v0.6.0

func (hash SchemeFileHash) String() string

type SchemeManager

type SchemeManager struct {
	ID                string           `xml:"Id"`
	Name              TranslatedString `xml:"Name"`
	URL               string           `xml:"Url"`
	Contact           string           `xml:"contact"`
	Demo              bool             `xml:"Demo"` // Decides whether to download private keys
	Description       TranslatedString
	MinimumAppVersion SchemeAppVersion
	KeyshareServer    string
	KeyshareWebsite   string
	KeyshareAttribute string
	TimestampServer   string
	Languages         []string `xml:"Languages>Language"`
	XMLVersion        int      `xml:"version,attr"`
	XMLName           xml.Name `xml:"SchemeManager"`

	Status    SchemeManagerStatus `xml:"-"`
	Timestamp Timestamp
	// contains filtered or unexported fields
}

SchemeManager describes an issuer scheme and is the issuer equivalent to the RequestorScheme. The naming is legacy.

func (*SchemeManager) Distributed

func (scheme *SchemeManager) Distributed() bool

Distributed indicates if this scheme uses a keyshare server.

func (*SchemeManager) Identifier

func (scheme *SchemeManager) Identifier() SchemeManagerIdentifier

Identifier returns the identifier of the specified scheme.

type SchemeManagerError

type SchemeManagerError struct {
	Scheme string
	Status SchemeManagerStatus
	Err    error
}

func (SchemeManagerError) Error

func (sme SchemeManagerError) Error() string

type SchemeManagerIdentifier

type SchemeManagerIdentifier struct {
	// contains filtered or unexported fields
}

SchemeManagerIdentifier identifies a scheme manager. Equal to its ID. For example "irma-demo".

func NewSchemeManagerIdentifier

func NewSchemeManagerIdentifier(id string) SchemeManagerIdentifier

NewSchemeManagerIdentifier converts the specified identifier to a SchemeManagerIdentifier.

func (SchemeManagerIdentifier) Empty

func (oi SchemeManagerIdentifier) Empty() bool

func (SchemeManagerIdentifier) GormDataType added in v0.5.0

func (SchemeManagerIdentifier) GormDataType(dialect gorm.Dialect) string

func (SchemeManagerIdentifier) MarshalCBOR added in v0.5.0

func (oi SchemeManagerIdentifier) MarshalCBOR() (data []byte, err error)

func (SchemeManagerIdentifier) MarshalText

func (id SchemeManagerIdentifier) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (SchemeManagerIdentifier) Name

func (oi SchemeManagerIdentifier) Name() string

Name returns the last part of this identifier.

func (SchemeManagerIdentifier) Parent

func (oi SchemeManagerIdentifier) Parent() string

Parent returns the parent object of this identifier.

func (SchemeManagerIdentifier) PartsCount added in v0.9.0

func (io SchemeManagerIdentifier) PartsCount() int

func (SchemeManagerIdentifier) Root

func (oi SchemeManagerIdentifier) Root() string

func (*SchemeManagerIdentifier) Scan added in v0.5.0

func (oi *SchemeManagerIdentifier) Scan(src interface{}) error

func (SchemeManagerIdentifier) String

func (oi SchemeManagerIdentifier) String() string

String returns this identifier as a string.

func (*SchemeManagerIdentifier) UnmarshalCBOR added in v0.5.0

func (oi *SchemeManagerIdentifier) UnmarshalCBOR(data []byte) error

func (*SchemeManagerIdentifier) UnmarshalText

func (id *SchemeManagerIdentifier) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

func (SchemeManagerIdentifier) Value added in v0.5.0

func (oi SchemeManagerIdentifier) Value() (driver.Value, error)

type SchemeManagerIndex

type SchemeManagerIndex map[string]SchemeFileHash

SchemeManagerIndex is a (signed) list of files under a scheme along with their SHA266 hash

func (SchemeManagerIndex) FromString

func (i SchemeManagerIndex) FromString(s string) error

FromString populates this index by parsing the specified string.

func (SchemeManagerIndex) Scheme added in v0.3.0

func (i SchemeManagerIndex) Scheme() string

func (SchemeManagerIndex) String

func (i SchemeManagerIndex) String() string

type SchemeManagerStatus

type SchemeManagerStatus string

type SchemePointer added in v0.6.0

type SchemePointer struct {
	URL       string // URL to download scheme from
	Type      SchemeType
	Publickey []byte // Public key of scheme against which to verify files after they have been downloaded
}

SchemePointer points to a remote IRMA scheme, containing information to download the scheme, including its (pinned) public key.

type SchemeType added in v0.6.0

type SchemeType string

type ServerJwt

type ServerJwt struct {
	Type       string    `json:"sub"`
	ServerName string    `json:"iss"`
	IssuedAt   Timestamp `json:"iat"`
}

ServerJwt contains standard JWT fields.

func (*ServerJwt) Requestor

func (jwt *ServerJwt) Requestor() string

type ServerSessionResponse added in v0.8.0

type ServerSessionResponse struct {
	ProofStatus     ProofStatus                   `json:"proofStatus"`
	IssueSignatures []*gabi.IssueSignatureMessage `json:"sigs,omitempty"`
	NextSession     *Qr                           `json:"nextSession,omitempty"`

	// needed for legacy (un)marshaling
	ProtocolVersion *ProtocolVersion `json:"-"`
	SessionType     Action           `json:"-"`
}

func (*ServerSessionResponse) MarshalJSON added in v0.8.0

func (s *ServerSessionResponse) MarshalJSON() ([]byte, error)

func (*ServerSessionResponse) UnmarshalJSON added in v0.8.0

func (s *ServerSessionResponse) UnmarshalJSON(bts []byte) error

type ServerStatus added in v0.8.0

type ServerStatus string

ServerStatus encodes the server status of an IRMA session (e.g., CONNECTED).

const (
	ServerStatusInitialized ServerStatus = "INITIALIZED" // The session has been started and is waiting for the client
	ServerStatusPairing     ServerStatus = "PAIRING"     // The client is waiting for the frontend to give permission to connect
	ServerStatusConnected   ServerStatus = "CONNECTED"   // The client has retrieved the session request, we wait for its response
	ServerStatusCancelled   ServerStatus = "CANCELLED"   // The session is cancelled, possibly due to an error
	ServerStatusDone        ServerStatus = "DONE"        // The session has completed successfully
	ServerStatusTimeout     ServerStatus = "TIMEOUT"     // Session timed out
)

Server statuses

func (ServerStatus) Finished added in v0.8.0

func (status ServerStatus) Finished() bool

type ServiceProviderJwt

type ServiceProviderJwt struct {
	ServerJwt
	Request *ServiceProviderRequest `json:"sprequest"`
}

ServiceProviderJwt is a requestor JWT for a disclosure session.

func NewServiceProviderJwt

func NewServiceProviderJwt(servername string, dr *DisclosureRequest) *ServiceProviderJwt

NewServiceProviderJwt returns a new ServiceProviderJwt.

func (*ServiceProviderJwt) Action

func (claims *ServiceProviderJwt) Action() Action

func (*ServiceProviderJwt) RequestorRequest

func (claims *ServiceProviderJwt) RequestorRequest() RequestorRequest

func (*ServiceProviderJwt) SessionRequest

func (claims *ServiceProviderJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*ServiceProviderJwt) Sign

func (claims *ServiceProviderJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*ServiceProviderJwt) Valid

func (claims *ServiceProviderJwt) Valid() error

type ServiceProviderRequest

type ServiceProviderRequest struct {
	RequestorBaseRequest
	Request *DisclosureRequest `json:"request"`
}

A ServiceProviderRequest contains a disclosure request.

func (*ServiceProviderRequest) Base

func (*ServiceProviderRequest) SessionRequest

func (r *ServiceProviderRequest) SessionRequest() SessionRequest

func (*ServiceProviderRequest) Validate

func (r *ServiceProviderRequest) Validate() error

type SessionError

type SessionError struct {
	Err error
	ErrorType
	Info         string
	RemoteError  *RemoteError
	RemoteStatus int
}

SessionError is a protocol error.

func (*SessionError) Error

func (e *SessionError) Error() string

func (*SessionError) Stack

func (e *SessionError) Stack() string

func (*SessionError) WrappedError

func (e *SessionError) WrappedError() string

type SessionOptions added in v0.8.0

type SessionOptions struct {
	LDContext     string        `json:"@context,omitempty"`
	PairingMethod PairingMethod `json:"pairingMethod"`
	PairingCode   string        `json:"pairingCode,omitempty"`
}

type SessionRequest

type SessionRequest interface {
	Validator
	Base() *BaseRequest
	GetNonce(timestamp *atum.Timestamp) *big.Int
	Disclosure() *DisclosureRequest
	Identifiers() *IrmaIdentifierSet
	Action() Action
	Legacy() (SessionRequest, error)
}

SessionRequest instances contain all information the irmaclient needs to perform an IRMA session.

type SignatureRequest

type SignatureRequest struct {
	DisclosureRequest
	Message string `json:"message"`
}

A SignatureRequest is a a request to sign a message with certain attributes. Construct new instances using NewSignatureRequest().

func NewSignatureRequest added in v0.3.0

func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *SignatureRequest

func (*SignatureRequest) Action

func (sr *SignatureRequest) Action() Action

func (*SignatureRequest) GetNonce

func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int

GetNonce returns the nonce of this signature session (with the message already hashed into it).

func (*SignatureRequest) IsSignatureRequest added in v0.5.0

func (sr *SignatureRequest) IsSignatureRequest() bool

func (*SignatureRequest) Legacy added in v0.3.0

func (sr *SignatureRequest) Legacy() (SessionRequest, error)

func (*SignatureRequest) SignatureFromMessage

func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error)

func (*SignatureRequest) UnmarshalJSON added in v0.3.0

func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error)

func (*SignatureRequest) Validate

func (sr *SignatureRequest) Validate() error

type SignatureRequestorJwt

type SignatureRequestorJwt struct {
	ServerJwt
	Request *SignatureRequestorRequest `json:"absrequest"`
}

SignatureRequestorJwt is a requestor JWT for a signing session.

func NewSignatureRequestorJwt

func NewSignatureRequestorJwt(servername string, sr *SignatureRequest) *SignatureRequestorJwt

NewSignatureRequestorJwt returns a new SignatureRequestorJwt.

func (*SignatureRequestorJwt) Action

func (claims *SignatureRequestorJwt) Action() Action

func (*SignatureRequestorJwt) RequestorRequest

func (claims *SignatureRequestorJwt) RequestorRequest() RequestorRequest

func (*SignatureRequestorJwt) SessionRequest

func (claims *SignatureRequestorJwt) SessionRequest() SessionRequest

SessionRequest returns an IRMA session object.

func (*SignatureRequestorJwt) Sign

func (claims *SignatureRequestorJwt) Sign(method jwt.SigningMethod, key interface{}) (string, error)

func (*SignatureRequestorJwt) Valid

func (claims *SignatureRequestorJwt) Valid() error

type SignatureRequestorRequest

type SignatureRequestorRequest struct {
	RequestorBaseRequest
	Request *SignatureRequest `json:"request"`
}

A SignatureRequestorRequest contains a signing request.

func (*SignatureRequestorRequest) Base

func (*SignatureRequestorRequest) SessionRequest

func (r *SignatureRequestorRequest) SessionRequest() SessionRequest

func (*SignatureRequestorRequest) Validate

func (r *SignatureRequestorRequest) Validate() error

type SignedMessage

type SignedMessage struct {
	LDContext string                    `json:"@context"`
	Signature gabi.ProofList            `json:"signature"`
	Indices   DisclosedAttributeIndices `json:"indices"`
	Nonce     *big.Int                  `json:"nonce"`
	Context   *big.Int                  `json:"context"`
	Message   string                    `json:"message"`
	Timestamp *atum.Timestamp           `json:"timestamp"`
}

SignedMessage is a message signed with an attribute-based signature The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)

func (*SignedMessage) Disclosure

func (sm *SignedMessage) Disclosure() *Disclosure

func (*SignedMessage) GetNonce

func (sm *SignedMessage) GetNonce() *big.Int

func (*SignedMessage) MatchesNonceAndContext

func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool

func (*SignedMessage) Verify

func (sm *SignedMessage) Verify(configuration *Configuration, request *SignatureRequest) ([][]*DisclosedAttribute, ProofStatus, error)

Verify the attribute-based signature, optionally against a corresponding signature request. If the request is present (i.e. not nil), then the first attributes in the returned result match with the disjunction list in the request (that is, the i'th attribute in the result should satisfy the i'th disjunction in the request). If the request is not fully satisfied in this fashion, the Status of the result is ProofStatusMissingAttributes. Any remaining attributes (i.e. not asked for by the request) are also included in the result, after the attributes that match disjunctions in the request.

The signature request is optional; if it is nil then the attribute-based signature is still verified, and all containing attributes returned in the result.

func (*SignedMessage) VerifyTimestamp

func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) error

Given an SignedMessage, verify the timestamp over the signed message, disclosed attributes, and rerandomized CL-signatures.

func (*SignedMessage) Version added in v0.3.0

func (sm *SignedMessage) Version() int

type Timestamp

type Timestamp time.Time

Timestamp is a time.Time that marshals to Unix timestamps.

func (Timestamp) After

func (t Timestamp) After(u Timestamp) bool

func (Timestamp) Before

func (t Timestamp) Before(u Timestamp) bool

Check if Timestamp is before other Timestamp. Used for checking expiry of attributes

func (*Timestamp) Floor added in v0.3.0

func (t *Timestamp) Floor() Timestamp

func (Timestamp) IsZero added in v0.5.0

func (t Timestamp) IsZero() bool

To check whether Timestamp is uninitialized

func (*Timestamp) MarshalJSON

func (t *Timestamp) MarshalJSON() ([]byte, error)

MarshalJSON marshals a timestamp.

func (*Timestamp) MarshalXML added in v0.5.0

func (t *Timestamp) MarshalXML(e *xml.Encoder, start xml.StartElement) error

func (*Timestamp) String

func (t *Timestamp) String() string

Timestamp implements Stringer.

func (Timestamp) Sub added in v0.5.0

func (t Timestamp) Sub(u Timestamp) time.Duration

func (*Timestamp) UnmarshalJSON

func (t *Timestamp) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals a timestamp.

func (*Timestamp) UnmarshalXML added in v0.5.0

func (t *Timestamp) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

type TranslatedString

type TranslatedString map[string]string

TranslatedString is a map of translated strings.

func NewTranslatedString

func NewTranslatedString(attr *string) TranslatedString

NewTranslatedString returns a TranslatedString containing the specified string for each supported language, or nil when attr is nil.

func (*TranslatedString) MarshalXML

func (ts *TranslatedString) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML implements xml.Marshaler.

func (*TranslatedString) UnmarshalXML

func (ts *TranslatedString) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML unmarshals an XML tag containing a string translated to multiple languages, for example: <Foo><en>Hello world</en><nl>Hallo wereld</nl></Foo> into a TranslatedString: { "en": "Hello world" , "nl": "Hallo wereld" }

type UnknownIdentifierError added in v0.3.0

type UnknownIdentifierError struct {
	ErrorType
	Missing *IrmaIdentifierSet
}

func (*UnknownIdentifierError) Error added in v0.3.0

func (e *UnknownIdentifierError) Error() string

type Validator

type Validator interface {
	Validate() error
}

Directories

Path Synopsis
internal
sessiontest
This package just contains tests.
This package just contains tests.
test
Package test contains functionality that should be available to all unit tests (which live in separate packages).
Package test contains functionality that should be available to all unit tests (which live in separate packages).
cmd
Package irmaclient implements an IRMA client, that can manage and use IRMA attributes.
Package irmaclient implements an IRMA client, that can manage and use IRMA attributes.
irmac
Required to be main when building a shared library
Required to be main when building a shared library
irmaserver
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
Package irmaserver is a library that allows IRMA verifiers, issuers or attribute-based signature applications to perform IRMA sessions with irmaclient instances (i.e.
requestorserver
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.
Package requestorserver is a server allowing IRMA verifiers, issuers or attribute-based signature applications (the requestor) to perform IRMA sessions with irmaclient instances (i.e.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL