Documentation
¶
Index ¶
- Constants
- Variables
- func RoleToString(r IdentityRoleType) string
- type AuditInfo
- type AuditInfoDeserializer
- type ColumnKey
- type Config
- type ConfiguredIdentity
- type Identity
- type IdentityConfiguration
- type IdentityConfigurationIterator
- type IdentityConfigurationNotifier
- type IdentityConfigurationRecord
- type IdentityDescriptor
- type IdentityInfo
- type IdentityNotifier
- type IdentityRoleType
- type IdentityStoreService
- type IdentityType
- type IdentityTypeString
- type Keystore
- type Operation
- type Role
- type SignerEntry
- type StorageProvider
- type TypedSignerDeserializer
- type TypedVerifierDeserializer
- type WalletID
- type WalletLookupID
- type WalletStoreService
Constants ¶
const ( // Insert indicates a record was added to the table. Insert = driver2.Insert // Update indicates an existing record was modified. Update = driver2.Update )
Variables ¶
var ( IdentityRoleStrings = map[IdentityRoleType]string{ IssuerRole: "issuer", AuditorRole: "auditor", OwnerRole: "owner", CertifierRole: "certifier", } )
Functions ¶
func RoleToString ¶
func RoleToString(r IdentityRoleType) string
Types ¶
type AuditInfo ¶
type AuditInfo interface {
// EnrollmentID returns the enrollment identifier associated with this audit info.
EnrollmentID() string
// RevocationHandle returns the revocation handle associated with this audit info.
RevocationHandle() string
}
AuditInfo represents the audit-related information for an identity. It exposes the enrollment id and the revocation handle necessary for audit and revocation operations.
type AuditInfoDeserializer ¶
type AuditInfoDeserializer interface {
// DeserializeAuditInfo deserializes the provided raw bytes into an AuditInfo value.
// The context may carry ancillary information required for deserialization.
DeserializeAuditInfo(ctx context.Context, identity tdriver.Identity, raw []byte) (AuditInfo, error)
}
AuditInfoDeserializer converts a raw byte representation into an AuditInfo instance. Implementations should validate and parse the raw bytes and return an error on failure.
type Config ¶
type Config interface {
// CacheSizeForOwnerID returns the cache size to be used for the given owner wallet.
// If not defined for the given id, the function returns -1.
CacheSizeForOwnerID(id string) int
// TranslatePath maps a configured relative or templated path to an absolute
// runtime path. Implementations should resolve variables and perform any
// environment-specific transformations required to locate credential files.
TranslatePath(path string) string
}
Config is a read-only view over identity service configuration. Implementors provide lookup helpers used by the identity service to resolve configured identities and to normalize configured paths.
type ConfiguredIdentity ¶
type ConfiguredIdentity struct {
ID string `yaml:"id"`
Default bool `yaml:"default,omitempty"`
Path string `yaml:"path"`
CacheSize int `yaml:"cacheSize"`
Opts any `yaml:"opts,omitempty"`
}
ConfiguredIdentity describes an identity entry parsed from configuration.
Fields:
- ID: the unique identifier for the identity
- Default: whether this identity should be considered the default
- Path: file-system path or location where credentials/configuration live
- CacheSize: per-identity cache size used by the identity service; 0 means no cache
- Opts: provider-specific options (opaque)
func (*ConfiguredIdentity) String ¶
func (i *ConfiguredIdentity) String() string
String returns the identity's ID and satisfies fmt.Stringer.
type IdentityConfiguration ¶
type IdentityConfiguration = tdriver.IdentityConfiguration
IdentityConfiguration contains configuration-related information of an identity
type IdentityConfigurationIterator ¶
type IdentityConfigurationIterator = iterators.Iterator[*IdentityConfiguration]
IdentityConfigurationIterator is an iterator over stored IdentityConfiguration values. It yields pointers to IdentityConfiguration and follows the iterator contract defined in the collections/iterators package.
type IdentityConfigurationNotifier ¶
type IdentityConfigurationNotifier interface {
// Subscribe registers a callback function to be called when an identity configuration is inserted or updated.
Subscribe(callback func(Operation, IdentityConfigurationRecord)) error
// UnsubscribeAll unregisters all callbacks.
UnsubscribeAll() error
}
IdentityConfigurationNotifier is used to subscribe to configuration changes in the identity storage.
type IdentityConfigurationRecord ¶
type IdentityConfigurationRecord struct {
// ID is the unique identifier of the identity.
ID string
// Type is the type of the identity (e.g. "fabtoken", "zkatdlog").
Type string
// URL is the path to the credentials relevant to this identity.
URL string
}
IdentityConfigurationRecord contains the primary key fields of an identity configuration.
type IdentityDescriptor ¶
type IdentityInfo ¶
type IdentityInfo interface {
// ID returns the identifier of the Identity
ID() string
// EnrollmentID returns the enrollment ID of the Identity
EnrollmentID() string
// Remote is true if this identity info refers to an identify whose corresponding secret key is not known, it is external/remote
Remote() bool
// Get returns the identity and it is audit info.
// Get might return a different identity at each call depending on the implementation.
Get(ctx context.Context) (Identity, []byte, error)
// Anonymous is true if this identity supports anonymity
Anonymous() bool
}
IdentityInfo models a long-term identity inside the Identity Provider. An identity has an identifier (ID) and an Enrollment ID, unique identifier. An identity can be remote, meaning that the corresponding secret key is remotely available.
type IdentityNotifier ¶
IdentityNotifier is an alias to the driver-level notifier. It is used to subscribe to events in the identity storage.
type IdentityRoleType ¶
type IdentityRoleType int
IdentityRoleType is the role of an identity
const ( // IssuerRole is the role of an issuer IssuerRole IdentityRoleType = iota // AuditorRole is the role of an auditor AuditorRole // OwnerRole is the role of an owner OwnerRole // CertifierRole is the role of a certifier CertifierRole )
type IdentityStoreService ¶
type IdentityStoreService interface {
// AddConfiguration stores an identity and the path to the credentials relevant to this identity
AddConfiguration(ctx context.Context, wp IdentityConfiguration) error
// GetConfiguration returns the configuration with the given id, type, and url.
// It returns nil if the configuration does not exist.
GetConfiguration(ctx context.Context, id, typ, url string) (*IdentityConfiguration, error)
// ConfigurationsByID returns all configurations with the given id and type, regardless of their url.
ConfigurationsByID(ctx context.Context, id, configurationType string) ([]IdentityConfiguration, error)
// ConfigurationExists returns true if a configuration with the given id and type exists.
ConfigurationExists(ctx context.Context, id, typ, url string) (bool, error)
// IteratorConfigurations returns an iterator to all configurations stored
IteratorConfigurations(ctx context.Context, configurationType string) (IdentityConfigurationIterator, error)
// Notifier returns an IdentityConfigurationNotifier for this store to subscribe to configuration changes.
Notifier() (IdentityConfigurationNotifier, error)
// StoreIdentityData stores the passed identity and token information
StoreIdentityData(ctx context.Context, id []byte, identityAudit []byte, tokenMetadata []byte, tokenMetadataAudit []byte) error
// GetAuditInfo retrieves the audit info bounded to the given identity
GetAuditInfo(ctx context.Context, id []byte) ([]byte, error)
// GetTokenInfo returns the token information related to the passed identity
GetTokenInfo(ctx context.Context, id []byte) ([]byte, []byte, error)
// StoreSignerInfo stores the passed signer info and bound it to the given identity
StoreSignerInfo(ctx context.Context, id driver.Identity, info []byte) error
// GetExistingSignerInfo returns the hashes of the identities for which StoreSignerInfo was called
GetExistingSignerInfo(ctx context.Context, ids ...driver.Identity) ([]string, error)
// SignerInfoExists returns true if StoreSignerInfo was called on input the given identity
SignerInfoExists(ctx context.Context, id []byte) (bool, error)
// GetSignerInfo returns the signer info bound to the given identity
GetSignerInfo(ctx context.Context, id []byte) ([]byte, error)
// RegisterIdentityDescriptor registers a descriptor for an identity and associates it with an alias
RegisterIdentityDescriptor(ctx context.Context, descriptor *IdentityDescriptor, alias driver.Identity) error
// IterateSigners returns a page of SignerEntry values from the Signers table ordered by
// identity_hash, starting at the given offset and returning at most limit entries.
// Use offset=0 for the first page and increment by limit on each subsequent call.
// When the returned slice has fewer entries than limit, iteration is complete.
IterateSigners(ctx context.Context, offset, limit int) ([]SignerEntry, error)
// Close closes the store
Close() error
}
IdentityStoreService provides persistent storage operations for identity configurations, audit data, token metadata, and signer-related information.
type IdentityType ¶
type IdentityType = driver.IdentityType
IdentityType identifies the type of identity. It is an alias for driver.IdentityType and is used by deserializers to choose the correct decoding logic for different identity representations.
type IdentityTypeString ¶
type IdentityTypeString = driver.IdentityTypeString
IdentityTypeString is an alias for driver.IdentityTypeString
type Keystore ¶
type Keystore interface {
// Put stores the given key under the provided id. Implementations MUST
// overwrite any existing value for the id and return a non-nil error on
// failure.
Put(id string, key any) error
// Get retrieves the key stored under the provided id and populates the
// provided `key` parameter.
// If no entry exists for id, implementations should return an error describing the missing entry.
Get(id string, key any) error
// Delete removes the key with the given identifier.
// If the key does not exist, implementations should return nil (idempotent).
Delete(id string) error
// Close closes the store
Close() error
}
Keystore provides a minimal key/value style interface used by the identity service to persist arbitrary cryptographic key objects keyed by an identifier.
The `id` parameter is expected to be the hexadecimal representation of the key's Subject Key Identifier (SKI). Other packages may depend on this convention.
Implementations should treat the provided `key` as an opaque value. For Put the caller supplies the value to store; for Get the caller supplies a pointer or value that implementations should populate with the stored representation. Implementations are responsible for any necessary (de)serialization.
type Role ¶
type Role interface {
// ID returns the identifier of this role
ID() IdentityRoleType
// MapToIdentity returns the long-term identity and its identifier for the given index.
// The index can be an identity or a label (string).
MapToIdentity(ctx context.Context, v WalletLookupID) (Identity, string, error)
// GetIdentityInfo returns the long-term identity info associated to the passed id
GetIdentityInfo(ctx context.Context, id string) (IdentityInfo, error)
// RegisterIdentity registers the given identity
RegisterIdentity(ctx context.Context, config IdentityConfiguration) error
// IdentityIDs returns the identifiers contained in this role
IdentityIDs() ([]string, error)
// Done releases all the resources allocated by this service.
Done() error
}
Role is a container of long-term identities. A long-term identity is then used to construct a wallet.
type SignerEntry ¶
type SignerEntry struct {
// IdentityHash is the primary key of the Signers row (hex-encoded hash of the identity).
IdentityHash string
// Identity is the raw serialised identity bytes.
Identity []byte
}
SignerEntry holds a single row from the Signers table.
type StorageProvider ¶
type StorageProvider interface {
// WalletStore returns a WalletStoreService for the given tmsID.
WalletStore(tmsID token.TMSID) (WalletStoreService, error)
// IdentityStore returns an IdentityStoreService for the given tmsID.
IdentityStore(tmsID token.TMSID) (IdentityStoreService, error)
// Keystore returns a Keystore service for the given tmsID.
Keystore(tmsID token.TMSID) (Keystore, error)
}
StorageProvider returns storage services scoped to a specific token management system (TMS) identified by token.TMSID. Callers request the concrete store service for the given TMS and use the returned service to access persisted wallet, identity, or keystore data.
type TypedSignerDeserializer ¶
type TypedSignerDeserializer interface {
// DeserializeSigner deserializes the provided raw bytes into a tdriver.Signer
// appropriate for the supplied identity type.
// The context may carry ancillary information required for deserialization.
DeserializeSigner(ctx context.Context, typ IdentityType, raw []byte) (tdriver.Signer, error)
}
TypedSignerDeserializer converts a raw byte representation into a concrete Signer for a given IdentityType. Implementations should validate the raw data and return an error on invalid input or decoding failure.
type TypedVerifierDeserializer ¶
type TypedVerifierDeserializer interface {
// DeserializeVerifier deserializes a verifier for the given identity type and raw identity
DeserializeVerifier(ctx context.Context, typ IdentityType, raw []byte) (tdriver.Verifier, error)
// Recipients returns the list of recipient identities from the given typed identity
Recipients(id tdriver.Identity, typ IdentityType, raw []byte) ([]tdriver.Identity, error)
// GetAuditInfo retrieves audit information for the given identity
GetAuditInfo(ctx context.Context, id tdriver.Identity, typ IdentityType, raw []byte, p tdriver.AuditInfoProvider) ([]byte, error)
// GetAuditInfoMatcher returns a matcher that can verify if an identity matches the given audit info
GetAuditInfoMatcher(ctx context.Context, owner tdriver.Identity, auditInfo []byte) (tdriver.Matcher, error)
}
TypedVerifierDeserializer deserializes verifiers and related identity information for typed identities. It provides methods to extract verifiers, recipients, audit information, and audit matchers from typed identity representations.
type WalletLookupID ¶
type WalletLookupID = tdriver.WalletLookupID
WalletLookupID defines the type of identifiers that can be used to retrieve a given wallet. It can be a string, as the name of the wallet, or an identity contained in that wallet. Ultimately, it is the token tdriver to decide which types are allowed.
type WalletStoreService ¶
type WalletStoreService interface {
// GetWalletID fetches a walletID that is bound to the identity passed
GetWalletID(ctx context.Context, identity token.Identity, roleID int) (WalletID, error)
// GetWalletIDs fetches all walletID's that have been stored so far without duplicates
GetWalletIDs(ctx context.Context, roleID int) ([]WalletID, error)
// StoreIdentity binds an identity to a walletID and its metadata
StoreIdentity(ctx context.Context, identity token.Identity, eID string, wID WalletID, roleID int, meta []byte) error
// IdentityExists checks whether an identity-wallet binding has already been stored
IdentityExists(ctx context.Context, identity token.Identity, wID WalletID, roleID int) bool
// LoadMeta returns the metadata stored for a specific identity
LoadMeta(ctx context.Context, identity token.Identity, wID WalletID, roleID int) ([]byte, error)
// Close closes the store
Close() error
}
WalletStoreService provides operations for binding identities to wallets and managing associated metadata.