exchange

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 23, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	JWT   JWTFormat = "jwt"
	JWTVC JWTFormat = "jwt_vc"
	JWTVP JWTFormat = "jwt_vp"

	LDP   LinkedDataFormat = "ldp"
	LDPVC LinkedDataFormat = "ldp_vc"
	LDPVP LinkedDataFormat = "ldp_vp"

	All  Selection = "all"
	Pick Selection = "pick"

	Required   Preference = "required"
	Preferred  Preference = "preferred"
	Allowed    Preference = "allowed"
	Disallowed Preference = "disallowed"
)
View Source
const (
	// JWTRequest is a wrapper for a `presentation_definition` inside a signed JWT
	JWTRequest PresentationRequestType = "jwt"

	PresentationDefinitionKey string = "presentation_definition"

	AudienceOption PresentationRequestOptionType = "audience"
)
View Source
const (
	// JWTVPTarget is an embed target where a presentation submission is represented alongside a Verifiable Presentation
	// in a JWT value. `presentation_submission` is a top-level claim alongside `vc` for the VP
	JWTVPTarget EmbedTarget = "jwt_vp"

	PresentationSubmissionContext string = "https://identity.foundation/presentation-exchange/submission/v1"
	PresentationSubmissionType    string = "PresentationSubmission"
)
View Source
const (
	BuilderEmptyError string = "builder cannot be empty"
)

Variables

This section is empty.

Functions

func AreValidSubmissionRequirements

func AreValidSubmissionRequirements(requirements []SubmissionRequirement) error

AreValidSubmissionRequirements validates a set of submission requirement objects against its known JSON schema

func BuildJWTPresentationRequest

func BuildJWTPresentationRequest(signer jwx.Signer, def PresentationDefinition, audience []string) ([]byte, error)

BuildJWTPresentationRequest builds a JWT representation of a presentation request

func BuildPresentationRequest

func BuildPresentationRequest(signer any, pt PresentationRequestType, def PresentationDefinition, opts ...PresentationRequestOption) ([]byte, error)

BuildPresentationRequest https://identity.foundation/presentation-exchange/#presentation-request used for transmitting a Presentation Definition from a holder to a verifier. Target is who the request is intended for. TODO(gabe) expand to other presentation types and signers https://github.com/extrimian/ssi-sdk/issues/57

func BuildPresentationSubmission

func BuildPresentationSubmission(signer any, requester string, def PresentationDefinition, claims []PresentationClaim, et EmbedTarget) ([]byte, error)

BuildPresentationSubmission constructs a submission given a presentation definition, set of claims, and an embed target format. https://identity.foundation/presentation-exchange/#presentation-submission Note: this method does not support LD cryptosuites, and prefers JWT representations. Future refactors may include an analog method for LD suites.

func BuildPresentationSubmissionVP

func BuildPresentationSubmissionVP(submitter string, def PresentationDefinition, claims []NormalizedClaim) (*credential.VerifiablePresentation, error)

BuildPresentationSubmissionVP takes a presentation definition and a set of claims. According to the presentation definition, and the algorithm defined - https://identity.foundation/presentation-exchange/#input-evaluation - in the specification, a presentation submission is constructed as a Verifiable Presentation.

func IsSupportedEmbedTarget

func IsSupportedEmbedTarget(et EmbedTarget) bool

func IsSupportedPresentationRequestType

func IsSupportedPresentationRequestType(rt PresentationRequestType) bool

IsSupportedPresentationRequestType returns whether a given presentation request embed target is supported by this lib

func IsValidDefinitionClaimFormatDesignation

func IsValidDefinitionClaimFormatDesignation(format ClaimFormat) error

IsValidDefinitionClaimFormatDesignation validates a given claim format object against its known JSON schema

func IsValidPresentationDefinition

func IsValidPresentationDefinition(definition PresentationDefinition) error

IsValidPresentationDefinition validates a given presentation definition object against its known JSON schema

func IsValidPresentationDefinitionEnvelope

func IsValidPresentationDefinitionEnvelope(definition PresentationDefinitionEnvelope) error

IsValidPresentationDefinitionEnvelope validates a given presentation definition envelope object against its known JSON schema

func IsValidPresentationSubmission

func IsValidPresentationSubmission(submission PresentationSubmission) error

IsValidPresentationSubmission validates a given presentation submission object against its known JSON schema

func IsValidSubmissionRequirement

func IsValidSubmissionRequirement(requirement SubmissionRequirement) error

IsValidSubmissionRequirement validates a submission requirement object against its known JSON schema

Types

type ClaimFormat

type ClaimFormat struct {
	JWT   *JWTType `json:"jwt,omitempty" validate:"omitempty,dive"`
	JWTVC *JWTType `json:"jwt_vc,omitempty" validate:"omitempty,dive"`
	JWTVP *JWTType `json:"jwt_vp,omitempty" validate:"omitempty,dive"`

	LDP   *LDPType `json:"ldp,omitempty" validate:"omitempty,dive"`
	LDPVC *LDPType `json:"ldp_vc,omitempty" validate:"omitempty,dive"`
	LDPVP *LDPType `json:"ldp_vp,omitempty" validate:"omitempty,dive"`
}

ClaimFormat https://identity.foundation/presentation-exchange/#claim-format-designations At most one field can have non-nil

func (*ClaimFormat) AlgOrProofTypePerFormat

func (cf *ClaimFormat) AlgOrProofTypePerFormat() []string

AlgOrProofTypePerFormat for a given format, return the supported alg or proof types. A nil response indicates that the format is not supported.

func (*ClaimFormat) FormatValues

func (cf *ClaimFormat) FormatValues() []string

FormatValues return the string value of the associated claim format types NOTE: does not do error checking of any type.

func (*ClaimFormat) IsEmpty

func (cf *ClaimFormat) IsEmpty() bool

func (*ClaimFormat) IsValid

func (cf *ClaimFormat) IsValid() error

type Constraints

type Constraints struct {
	Fields          []Field     `json:"fields,omitempty" validate:"omitempty,dive"`
	LimitDisclosure *Preference `json:"limit_disclosure,omitempty"`

	// https://identity.foundation/presentation-exchange/#relational-constraint-feature
	SubjectIsIssuer *Preference            `json:"subject_is_issuer,omitempty"`
	IsHolder        []RelationalConstraint `json:"is_holder,omitempty" validate:"omitempty,dive"`
	SameSubject     []RelationalConstraint `json:"same_subject,omitempty"`

	// https://identity.foundation/presentation-exchange/#credential-status-constraint-feature
	Statuses *CredentialStatus `json:"statuses,omitempty"`
}

type CredentialFormat

type CredentialFormat string

func SupportedClaimFormats

func SupportedClaimFormats() []CredentialFormat

type CredentialStatus

type CredentialStatus struct {
	Active *struct {
		Directive Preference `json:"directive,omitempty"`
	} `json:"active,omitempty"`

	Suspended *struct {
		Directive Preference `json:"directive,omitempty"`
	} `json:"suspended,omitempty"`

	Revoked *struct {
		Directive Preference `json:"directive,omitempty"`
	} `json:"revoked,omitempty"`
}

CredentialStatus https://identity.foundation/presentation-exchange/#credential-status-constraint-feature

type EmbedTarget

type EmbedTarget string

EmbedTarget describes where a presentation_submission is located in an object model https://identity.foundation/presentation-exchange/#embed-targets

func GetSupportedEmbedTargets

func GetSupportedEmbedTargets() []EmbedTarget

type Field

type Field struct {
	ID       string   `json:"id,omitempty"`
	Name     string   `json:"name,omitempty"`
	Path     []string `json:"path,omitempty" validate:"required"`
	Purpose  string   `json:"purpose,omitempty"`
	Optional bool     `json:"optional,omitempty"`
	// https://identity.foundation/presentation-exchange/spec/v2.0.0/#retention-feature
	IntentToRetain bool `json:"intent_to_retain,omitempty"`
	// If a predicate property is present, filter must be too
	// https://identity.foundation/presentation-exchange/#predicate-feature
	Predicate *Preference `json:"predicate,omitempty"`
	Filter    *Filter     `json:"filter,omitempty"`
}

type Filter

type Filter struct {
	Type                 string   `json:"type,omitempty"`
	Format               string   `json:"format,omitempty"`
	Properties           any      `json:"properties,omitempty"`
	Required             []string `json:"required,omitempty"`
	AdditionalProperties bool     `json:"additionalProperties,omitempty"`
	Pattern              string   `json:"pattern,omitempty"`
	Minimum              any      `json:"minimum,omitempty"`
	Maximum              any      `json:"maximum,omitempty"`
	MinLength            int      `json:"minLength,omitempty"`
	MaxLength            int      `json:"maxLength,omitempty"`
	ExclusiveMinimum     any      `json:"exclusiveMinimum,omitempty"`
	ExclusiveMaximum     any      `json:"exclusiveMaximum,omitempty"`
	Const                any      `json:"const,omitempty"`
	Enum                 []any    `json:"enum,omitempty"`
	Not                  any      `json:"not,omitempty"`
	AllOf                any      `json:"allOf,omitempty"`
	OneOf                any      `json:"oneOf,omitempty"`
}

func (Filter) ToJSON

func (f Filter) ToJSON() (string, error)

type FromOption

type FromOption struct {
	From       string                  `json:"from,omitempty"`
	FromNested []SubmissionRequirement `json:"from_nested,omitempty"`
}

type InputDescriptor

type InputDescriptor struct {
	// Must be unique within the Presentation Definition
	ID   string `json:"id" validate:"required"`
	Name string `json:"name,omitempty"`
	// Purpose for which claim's data is being requested
	Purpose     string       `json:"purpose,omitempty"`
	Format      *ClaimFormat `json:"format,omitempty" validate:"omitempty,dive"`
	Constraints *Constraints `json:"constraints" validate:"required"`
	// Must match a grouping strings listed in the `from` values of a submission requirement rule
	Group []string `json:"group,omitempty"`
}

func (*InputDescriptor) IsEmpty

func (id *InputDescriptor) IsEmpty() bool

func (*InputDescriptor) IsValid

func (id *InputDescriptor) IsValid() error

type InputDescriptorBuilder

type InputDescriptorBuilder struct {
	*InputDescriptor
}

func NewInputDescriptorBuilder

func NewInputDescriptorBuilder() InputDescriptorBuilder

func (*InputDescriptorBuilder) Build

func (idb *InputDescriptorBuilder) Build() (*InputDescriptor, error)

func (*InputDescriptorBuilder) IsEmpty

func (idb *InputDescriptorBuilder) IsEmpty() bool

func (*InputDescriptorBuilder) SetClaimFormat

func (idb *InputDescriptorBuilder) SetClaimFormat(format ClaimFormat) error

func (*InputDescriptorBuilder) SetConstraints

func (idb *InputDescriptorBuilder) SetConstraints(constraints Constraints) error

func (*InputDescriptorBuilder) SetGroup

func (idb *InputDescriptorBuilder) SetGroup(group []string) error

func (*InputDescriptorBuilder) SetName

func (idb *InputDescriptorBuilder) SetName(name string) error

func (*InputDescriptorBuilder) SetPurpose

func (idb *InputDescriptorBuilder) SetPurpose(purpose string) error

type JWTFormat

type JWTFormat CredentialFormat

func (JWTFormat) CredentialFormat

func (f JWTFormat) CredentialFormat() CredentialFormat

func (JWTFormat) Ptr

func (f JWTFormat) Ptr() *JWTFormat

func (JWTFormat) String

func (f JWTFormat) String() string

type JWTType

type JWTType struct {
	Alg []crypto.SignatureAlgorithm `json:"alg" validate:"required"`
}

type LDPType

type LDPType struct {
	ProofType []cryptosuite.SignatureType `json:"proof_type" validate:"required"`
}

type LinkedDataFormat

type LinkedDataFormat CredentialFormat

func (LinkedDataFormat) CredentialFormat

func (f LinkedDataFormat) CredentialFormat() CredentialFormat

func (LinkedDataFormat) Ptr

func (LinkedDataFormat) String

func (f LinkedDataFormat) String() string

type NormalizedClaim

type NormalizedClaim struct {
	// id for the claim
	ID string
	// json representation of the claim
	Data map[string]any
	// claim in its original format (e.g. Verifiable Credential, token string, etc.)
	RawClaim any
	// JWT_VC, JWT_VP, LDP_VC, LDP_VP, etc.
	Format string
	// Signing algorithm used for the claim (e.g. EdDSA, ES256, PS256, etc.).
	// OR the Linked Data Proof Type (e.g. JsonWebSignature2020)
	AlgOrProofType string
}

type Preference

type Preference string

func (Preference) Ptr

func (p Preference) Ptr() *Preference

type PresentationClaim

type PresentationClaim struct {
	// Data Integrity Claim
	// If we have a Credential or Presentation value, we assume we have a LDP_VC or LDP_VP respectively
	Credential   *credential.VerifiableCredential
	Presentation *credential.VerifiablePresentation
	LDPFormat    *LinkedDataFormat

	// JWT claims
	Token     *string
	JWTFormat *JWTFormat

	// The algorithm or Linked Data proof type by which the claim was signed must be present
	SignatureAlgorithmOrProofType string
}

PresentationClaim 's may be of any claim format designation, including LD or JWT variations of VCs or VPs https://identity.foundation/presentation-exchange/#claim-format-designations This object must be constructed for each claim before processing of a Presentation Definition

func (*PresentationClaim) GetClaim

func (pc *PresentationClaim) GetClaim() any

GetClaim returns the claim value as a generic type. Since PresentationClaim is a union type, the value returned is the first non-nil value in the following order: Credential, Presentation, Token

func (*PresentationClaim) GetClaimFormat

func (pc *PresentationClaim) GetClaimFormat() (string, error)

GetClaimFormat returns the value of the format depending on the claim type. Since PresentationClaim is a union type. An error is returned if no value is present in any of the possible embedded types.

func (*PresentationClaim) GetClaimJSON

func (pc *PresentationClaim) GetClaimJSON() (map[string]any, error)

GetClaimJSON gets the claim value and attempts to turn it into a generic go-JSON object represented by an any

func (*PresentationClaim) GetClaimValue

func (pc *PresentationClaim) GetClaimValue() (any, error)

GetClaimValue returns the value of the claim as JSON. Since PresentationClaim is a union type. An error is returned if no value is present in any of the possible embedded types.

func (*PresentationClaim) IsEmpty

func (pc *PresentationClaim) IsEmpty() bool

type PresentationDefinition

type PresentationDefinition struct {
	ID                     string                  `json:"id,omitempty" validate:"required"`
	Name                   string                  `json:"name,omitempty"`
	Purpose                string                  `json:"purpose,omitempty"`
	Format                 *ClaimFormat            `json:"format,omitempty" validate:"omitempty,dive"`
	InputDescriptors       []InputDescriptor       `json:"input_descriptors" validate:"required,dive"`
	SubmissionRequirements []SubmissionRequirement `json:"submission_requirements,omitempty" validate:"omitempty,dive"`

	// https://identity.foundation/presentation-exchange/#json-ld-framing-feature
	Frame any `json:"frame,omitempty"`
}

PresentationDefinition https://identity.foundation/presentation-exchange/#presentation-definition

func VerifyJWTPresentationRequest

func VerifyJWTPresentationRequest(verifier jwx.Verifier, request []byte) (*PresentationDefinition, error)

VerifyJWTPresentationRequest verifies the signature on a JWT-based presentation request for a given verifier and then returns the parsed Presentation Definition object as a result.

func VerifyPresentationRequest

func VerifyPresentationRequest(verifier any, pt PresentationRequestType, request []byte) (*PresentationDefinition, error)

VerifyPresentationRequest finds the correct verifier and parser for a given presentation request type, verifying the signature on the request, and returning the parsed Presentation Definition object.

func (*PresentationDefinition) IsEmpty

func (pd *PresentationDefinition) IsEmpty() bool

func (*PresentationDefinition) IsValid

func (pd *PresentationDefinition) IsValid() error

type PresentationDefinitionBuilder

type PresentationDefinitionBuilder struct {
	*PresentationDefinition
}

func NewPresentationDefinitionBuilder

func NewPresentationDefinitionBuilder() PresentationDefinitionBuilder

func (*PresentationDefinitionBuilder) Build

func (*PresentationDefinitionBuilder) IsEmpty

func (pdb *PresentationDefinitionBuilder) IsEmpty() bool

func (*PresentationDefinitionBuilder) SetClaimFormat

func (pdb *PresentationDefinitionBuilder) SetClaimFormat(format ClaimFormat) error

func (*PresentationDefinitionBuilder) SetFrame

func (pdb *PresentationDefinitionBuilder) SetFrame(frame any) error

func (*PresentationDefinitionBuilder) SetInputDescriptors

func (pdb *PresentationDefinitionBuilder) SetInputDescriptors(descriptors []InputDescriptor) error

func (*PresentationDefinitionBuilder) SetName

func (pdb *PresentationDefinitionBuilder) SetName(name string) error

func (*PresentationDefinitionBuilder) SetPurpose

func (pdb *PresentationDefinitionBuilder) SetPurpose(purpose string) error

func (*PresentationDefinitionBuilder) SetSubmissionRequirements

func (pdb *PresentationDefinitionBuilder) SetSubmissionRequirements(requirements []SubmissionRequirement) error

type PresentationDefinitionEnvelope

type PresentationDefinitionEnvelope struct {
	PresentationDefinition `json:"presentation_definition"`
}

type PresentationRequestOption

type PresentationRequestOption struct {
	Type  PresentationRequestOptionType
	Value any
}

type PresentationRequestOptionType

type PresentationRequestOptionType string

type PresentationRequestType

type PresentationRequestType string

PresentationRequestType represents wrappers for Presentation Definitions submitted as requests https://identity.foundation/presentation-exchange/#presentation-request

func GetSupportedPresentationRequestTypes

func GetSupportedPresentationRequestTypes() []PresentationRequestType

GetSupportedPresentationRequestTypes returns all supported presentation request embed targets

type PresentationSubmission

type PresentationSubmission struct {
	ID            string                 `json:"id" validate:"required"`
	DefinitionID  string                 `json:"definition_id" validate:"required"`
	DescriptorMap []SubmissionDescriptor `json:"descriptor_map" validate:"required"`
}

PresentationSubmission https://identity.foundation/presentation-exchange/#presentation-submission

func (*PresentationSubmission) IsEmpty

func (ps *PresentationSubmission) IsEmpty() bool

func (*PresentationSubmission) IsValid

func (ps *PresentationSubmission) IsValid() error

type PresentationSubmissionBuilder

type PresentationSubmissionBuilder struct {
	*PresentationSubmission
}

func NewPresentationSubmissionBuilder

func NewPresentationSubmissionBuilder(definitionID string) PresentationSubmissionBuilder

func (*PresentationSubmissionBuilder) Build

func (*PresentationSubmissionBuilder) IsEmpty

func (psb *PresentationSubmissionBuilder) IsEmpty() bool

func (*PresentationSubmissionBuilder) SetDescriptorMap

func (psb *PresentationSubmissionBuilder) SetDescriptorMap(descriptors []SubmissionDescriptor) error

type RelationalConstraint

type RelationalConstraint struct {
	FieldID   []string    `json:"field_id" validate:"required"`
	Directive *Preference `json:"directive" validate:"required"`
}

type Selection

type Selection string

type SubmissionDescriptor

type SubmissionDescriptor struct {
	// Must match the `id` property of the corresponding input descriptor
	ID         string                `json:"id" validate:"required"`
	Format     string                `json:"format" validate:"required"`
	Path       string                `json:"path" validate:"required"`
	PathNested *SubmissionDescriptor `json:"path_nested,omitempty"`
}

SubmissionDescriptor is a mapping to Input Descriptor objects

type SubmissionRequirement

type SubmissionRequirement struct {
	Rule Selection `json:"rule" validate:"required"`
	// Either an array of SubmissionRequirement OR a string value
	FromOption `validate:"required"`

	Name    string `json:"name,omitempty"`
	Purpose string `json:"purpose,omitempty"`
	Count   int    `json:"count,omitempty" validate:"omitempty,min=1"`
	Minimum int    `json:"min,omitempty"`
	Maximum int    `json:"max,omitempty"`
}

SubmissionRequirement https://identity.foundation/presentation-exchange/#presentation-definition-extensions

func (*SubmissionRequirement) IsEmpty

func (sr *SubmissionRequirement) IsEmpty() bool

func (*SubmissionRequirement) IsValid

func (sr *SubmissionRequirement) IsValid() error

type VerifiedSubmissionData

type VerifiedSubmissionData struct {
	// The ID of the input descriptor that was verified
	InputDescriptorID string
	// The raw claim data that was verified – could be a JWT, or a VC, or a VP
	Claim any
	// The filtered data as a JSON string
	FilteredData any
}

VerifiedSubmissionData is the result of a successful verification of a presentation submission corresponds to the data that was verified, and the filtered data that was used to verify it for a given input descriptor

func VerifyPresentationSubmission

func VerifyPresentationSubmission(ctx context.Context, verifier any, resolver resolution.Resolver, et EmbedTarget, def PresentationDefinition, submission []byte) ([]VerifiedSubmissionData, error)

VerifyPresentationSubmission verifies a presentation submission for both signature validity and correctness with the specification. It is assumed that the caller knows the submission embed target, and the corresponding presentation definition, and has access to the public key of the signer. A DID resolution is required to resolve the DID and keys of the signer for each credential in the presentation, whose signatures also need to be verified. Note: this method does not support LD cryptosuites, and prefers JWT representations. Future refactors may include an analog method for LD suites. TODO(gabe) remove embed target, have it detected from the submission

func VerifyPresentationSubmissionVP

func VerifyPresentationSubmissionVP(def PresentationDefinition, vp credential.VerifiablePresentation) ([]VerifiedSubmissionData, error)

VerifyPresentationSubmissionVP verifies whether a verifiable presentation is a valid presentation submission for a given presentation definition. No signature verification happens here.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL