zcapld

package
v0.1.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2022 License: Apache-2.0 Imports: 26 Imported by: 23

Documentation

Index

Constants

View Source 
const (
	// SecurityContextV2 is the JSON-LD context used in ZCAP-LD documents.
	SecurityContextV2 = "https://w3id.org/security/v2"
	// ProofPurpose is the proofPurpose set on proofs in ZCAP-LD documents.
	ProofPurpose = "capabilityDelegation"
)
View Source 
const (
	// CapabilityInvocationHTTPHeader is the HTTP header expected on zcap'ed HTTP requests.
	CapabilityInvocationHTTPHeader = "capability-invocation"
)
View Source 
const (
	CaveatTypeExpiry = "expiry"
)

Caveat types.

Variables

This section is empty.

Functions

func CompressZCAP added in v0.1.6 

func CompressZCAP(zcap *Capability) (string, error)

CompressZCAP compresses capability into base64 encoded string.

func NewHTTPSigAuthHandler 

func NewHTTPSigAuthHandler(
	config *HTTPSigAuthConfig, expect *InvocationExpectations, next http.HandlerFunc) http.HandlerFunc

NewHTTPSigAuthHandler authenticates and authorizes a request before forwarding to 'next'. Authentication scheme: https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures-00. Authorization scheme: https://w3c-ccg.github.io/zcap-ld/.

Types

type AriesDIDKeySecrets 

type AriesDIDKeySecrets struct{}

AriesDIDKeySecrets is a secrets storage that can return did:key httpsignatures.Secrets. Based on workaround suggested by library authors here: https://github.com/igor-pavlenko/httpsignatures-go/issues/5.

func (*AriesDIDKeySecrets) Get 

func (a *AriesDIDKeySecrets) Get(keyID string) (httpsig.Secret, error)

Get returns a did:key secret.

type AriesDIDKeySignatureHashAlgorithm 

type AriesDIDKeySignatureHashAlgorithm struct {
	Crypto   crypto.Crypto
	KMS      kms.KeyManager
	Resolver VDRResolver
}

AriesDIDKeySignatureHashAlgorithm is a custom httpsignatures.SignatureHashAlgorithm composed of the aries framework's KMS and Crypto apis, and designed to work with did:key. Based on workaround suggested by library authors here: https://github.com/igor-pavlenko/httpsignatures-go/issues/5.

func (*AriesDIDKeySignatureHashAlgorithm) Algorithm 

func (a *AriesDIDKeySignatureHashAlgorithm) Algorithm() string

Algorithm returns this algorithm's name.

func (*AriesDIDKeySignatureHashAlgorithm) Create 

func (a *AriesDIDKeySignatureHashAlgorithm) Create(secret httpsig.Secret, data []byte) ([]byte, error)

Create signs data with the secret.

func (*AriesDIDKeySignatureHashAlgorithm) Verify 

func (a *AriesDIDKeySignatureHashAlgorithm) Verify(secret httpsig.Secret, data, signature []byte) error

Verify verifies the signature over data with the secret.

type Capability 

type Capability struct {
	Context          string             `json:"@context"`
	ID               string             `json:"id"`
	Invoker          string             `json:"invoker,omitempty"`
	Controller       string             `json:"controller,omitempty"`
	Delegator        string             `json:"delegator,omitempty"`
	Parent           string             `json:"parentCapability,omitempty"`
	AllowedAction    []string           `json:"allowedAction,omitempty"`
	InvocationTarget InvocationTarget   `json:"invocationTarget"`
	Caveats          []Caveat           `json:"caveats"`
	Proof            []verifiable.Proof `json:"proof,omitempty"`
}

Capability is a ZCAP.

func DecompressZCAP added in v0.1.6 

func DecompressZCAP(value string) (zcap *Capability, err error)

DecompressZCAP uncompresses base64 encoded string into capability.

func NewCapability 

func NewCapability(signer *Signer, options ...CapabilityOption) (*Capability, error)

NewCapability constructs a new, signed Capability with the options provided.

func ParseCapability 

func ParseCapability(raw []byte) (*Capability, error)

ParseCapability parses a Capability.

type CapabilityInvocation 

type CapabilityInvocation struct {
	ExpectedTarget         string
	ExpectedAction         string
	ExpectedRootCapability string
	VerificationMethod     *VerificationMethod // loaded from the http sig's keyId
}

CapabilityInvocation describes the parameters for invocation of a capability.

type CapabilityOption 

type CapabilityOption func(options *CapabilityOptions)

CapabilityOption configures CapabilityOptions.

func WithAllowedActions 

func WithAllowedActions(actions ...string) CapabilityOption

WithAllowedActions sets the actions allowed by the Capability.

func WithCapabilityChain 

func WithCapabilityChain(chain ...interface{}) CapabilityOption

WithCapabilityChain specifies the capabilityChain on the proof for the Capability.

func WithCaveats added in v0.1.6 

func WithCaveats(caveats ...Caveat) CapabilityOption

WithCaveats sets the caveats allowed by the Capability.

func WithChallenge 

func WithChallenge(c string) CapabilityOption

WithChallenge sets the challenge to include in the proof.

func WithController 

func WithController(c string) CapabilityOption

WithController identifies the controller of the Capability.

func WithDelegator 

func WithDelegator(d string) CapabilityOption

WithDelegator identifies the delegator of the Capability.

func WithDomain 

func WithDomain(d string) CapabilityOption

WithDomain sets the domain to include in the proof.

func WithID 

func WithID(id string) CapabilityOption

WithID overrides the default ID (urn:uuid:<uuid value>) used.

func WithInvocationTarget 

func WithInvocationTarget(targetID, targetType string) CapabilityOption

WithInvocationTarget sets the invocation target on the Capability.

func WithInvoker 

func WithInvoker(i string) CapabilityOption

WithInvoker identifies the invoker of the Capability.

func WithParent 

func WithParent(p string) CapabilityOption

WithParent identifies the parent Capability.

type CapabilityOptions 

type CapabilityOptions struct {
	ID               string
	Parent           string
	Invoker          string
	Controller       string
	Delegator        string
	AllowedAction    []string
	InvocationTarget InvocationTarget
	Challenge        string
	Domain           string
	CapabilityChain  []interface{}
	Caveats          []Caveat
}

CapabilityOptions configures capabilities.

type CapabilityResolver 

type CapabilityResolver interface {
	Resolve(uri string) (*Capability, error)
}

CapabilityResolver resolves capabilities.

type Caveat added in v0.1.6 

type Caveat struct {
	Type     string `json:"type"`
	Duration uint64 `json:"duration"`
}

Caveat is a restriction on how capability may be used. 

TODO need to generalize this mechanism to support different caveat types.

type DIDKeyResolver 

type DIDKeyResolver struct {
	VDR VDRResolver
}

DIDKeyResolver resolves verification keys from did:key URLs: https://w3c-ccg.github.io/did-method-key/.

func NewDIDKeyResolver added in v0.1.6 

func NewDIDKeyResolver(v VDRResolver) *DIDKeyResolver

NewDIDKeyResolver creates new DID resolver.

func (*DIDKeyResolver) Resolve 

func (d *DIDKeyResolver) Resolve(didKeyURL string) (*verifier.PublicKey, error)

Resolve expects 'didKeyURL' to be a did:key URL. Example: "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH#z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH".

type HTTPSigAuthConfig 

type HTTPSigAuthConfig struct {
	CapabilityResolver CapabilityResolver
	KeyResolver        KeyResolver
	VDRResolver        VDRResolver
	VerifierOptions    []VerificationOption
	Secrets            httpsig.Secrets
	ErrConsumer        func(error)
	KMS                kms.KeyManager
	Crypto             crypto.Crypto
}

HTTPSigAuthConfig configures the HTTP auth handler.

type InvocationExpectations 

type InvocationExpectations struct {
	Target         string
	RootCapability string
	Action         string
}

InvocationExpectations are set by the application's context as parameters to expect for any given invocation.

type InvocationTarget 

type InvocationTarget struct {
	ID   string
	Type string
}

InvocationTarget is the target on which the capability applies.

type KeyResolver 

type KeyResolver interface {
	Resolve(keyID string) (*verifier.PublicKey, error)
}

KeyResolver resolves verification keys.

type Proof 

type Proof struct {
	Capability         *Capability
	CapabilityAction   string
	VerificationMethod string
}

Proof describes the capability, the action, and the verification method of an invocation.

type Signer 

type Signer struct {
	ariessigner.SignatureSuite
	SuiteType          string
	VerificationMethod string
	ProcessorOpts      []jsonld.ProcessorOpts
}

Signer signs the Capability.

type SimpleCapabilityResolver 

type SimpleCapabilityResolver map[string]*Capability

SimpleCapabilityResolver enables in-memory capability resolvers based on maps.

func (SimpleCapabilityResolver) Resolve 

func (s SimpleCapabilityResolver) Resolve(uri string) (*Capability, error)

Resolve resolves capabilities.

type SimpleKeyResolver 

type SimpleKeyResolver map[string]*verifier.PublicKey

SimpleKeyResolver enables in-memory key resolvers based on maps.

func (SimpleKeyResolver) Resolve 

func (s SimpleKeyResolver) Resolve(keyID string) (*verifier.PublicKey, error)

Resolve resolves keys.

type VDRResolver added in v0.1.6 

type VDRResolver interface {
	Resolve(did string, opts ...vdr.DIDMethodOption) (*did.DocResolution, error)
}

VDRResolver represents VDR resolver.

type VerificationMethod 

type VerificationMethod struct {
	ID         string
	Controller string
}

VerificationMethod to use to verify an invocation.

type VerificationOption 

type VerificationOption func(*VerificationOptions)

VerificationOption sets an option for the Verifier.

func WithLDDocumentLoaders 

func WithLDDocumentLoaders(loaders ...ld.DocumentLoader) VerificationOption

WithLDDocumentLoaders sets the JSON-LD document loaders for the Verifier.

func WithSignatureSuites 

func WithSignatureSuites(suites ...verifier.SignatureSuite) VerificationOption

WithSignatureSuites sets the signature suites supported by the Verifier.

type VerificationOptions 

type VerificationOptions struct {
	LDProcessorOptions []jsonld.ProcessorOpts
	SignatureSuites    []verifier.SignatureSuite
}

VerificationOptions holds options for the Verifier.

type Verifier 

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier verifies zcaps.

func NewVerifier 

func NewVerifier(
	zcapResolver CapabilityResolver, keyResolver KeyResolver, options ...VerificationOption) (*Verifier, error)

NewVerifier returns a new Verifier.

func (*Verifier) Verify 

func (v *Verifier) Verify(proof *Proof, invocation *CapabilityInvocation) error

Verify the proof against the invocation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.