driver

package
v0.14.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 10, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Insert indicates a record was added to the table.
	Insert = driver2.Insert
	// Update indicates an existing record was modified.
	Update = driver2.Update
)

Variables

View Source
var (
	IdentityRoleStrings = map[IdentityRoleType]string{
		IssuerRole:    "issuer",
		AuditorRole:   "auditor",
		OwnerRole:     "owner",
		CertifierRole: "certifier",
	}
)

Functions

func RoleToString

func RoleToString(r IdentityRoleType) string

Types

type AuditInfo

type AuditInfo interface {
	// EnrollmentID returns the enrollment identifier associated with this audit info.
	EnrollmentID() string
	// RevocationHandle returns the revocation handle associated with this audit info.
	RevocationHandle() string
}

AuditInfo represents the audit-related information for an identity. It exposes the enrollment id and the revocation handle necessary for audit and revocation operations.

type AuditInfoDeserializer

type AuditInfoDeserializer interface {
	// DeserializeAuditInfo deserializes the provided raw bytes into an AuditInfo value.
	// The context may carry ancillary information required for deserialization.
	DeserializeAuditInfo(ctx context.Context, identity tdriver.Identity, raw []byte) (AuditInfo, error)
}

AuditInfoDeserializer converts a raw byte representation into an AuditInfo instance. Implementations should validate and parse the raw bytes and return an error on failure.

type ColumnKey

type ColumnKey = driver2.ColumnKey

ColumnKey defines the name of a database column.

type Config

type Config interface {
	// CacheSizeForOwnerID returns the cache size to be used for the given owner wallet.
	// If not defined for the given id, the function returns -1.
	CacheSizeForOwnerID(id string) int

	// TranslatePath maps a configured relative or templated path to an absolute
	// runtime path. Implementations should resolve variables and perform any
	// environment-specific transformations required to locate credential files.
	TranslatePath(path string) string
}

Config is a read-only view over identity service configuration. Implementors provide lookup helpers used by the identity service to resolve configured identities and to normalize configured paths.

type ConfiguredIdentity

type ConfiguredIdentity struct {
	ID        string `yaml:"id"`
	Default   bool   `yaml:"default,omitempty"`
	Path      string `yaml:"path"`
	CacheSize int    `yaml:"cacheSize"`
	Opts      any    `yaml:"opts,omitempty"`
}

ConfiguredIdentity describes an identity entry parsed from configuration.

Fields:

  • ID: the unique identifier for the identity
  • Default: whether this identity should be considered the default
  • Path: file-system path or location where credentials/configuration live
  • CacheSize: per-identity cache size used by the identity service; 0 means no cache
  • Opts: provider-specific options (opaque)

func (*ConfiguredIdentity) String

func (i *ConfiguredIdentity) String() string

String returns the identity's ID and satisfies fmt.Stringer.

type Identity

type Identity = driver.Identity

Identity is an alias for driver.Identity

type IdentityConfiguration

type IdentityConfiguration = tdriver.IdentityConfiguration

IdentityConfiguration contains configuration-related information of an identity

type IdentityConfigurationIterator

type IdentityConfigurationIterator = iterators.Iterator[*IdentityConfiguration]

IdentityConfigurationIterator is an iterator over stored IdentityConfiguration values. It yields pointers to IdentityConfiguration and follows the iterator contract defined in the collections/iterators package.

type IdentityConfigurationNotifier

type IdentityConfigurationNotifier interface {
	// Subscribe registers a callback function to be called when an identity configuration is inserted or updated.
	Subscribe(callback func(Operation, IdentityConfigurationRecord)) error
	// UnsubscribeAll unregisters all callbacks.
	UnsubscribeAll() error
}

IdentityConfigurationNotifier is used to subscribe to configuration changes in the identity storage.

type IdentityConfigurationRecord

type IdentityConfigurationRecord struct {
	// ID is the unique identifier of the identity.
	ID string
	// Type is the type of the identity (e.g. "fabtoken", "zkatdlog").
	Type string
	// URL is the path to the credentials relevant to this identity.
	URL string
}

IdentityConfigurationRecord contains the primary key fields of an identity configuration.

type IdentityDescriptor

type IdentityDescriptor struct {
	Identity  Identity
	AuditInfo []byte

	Signer     driver.Signer
	SignerInfo []byte
	Verifier   driver.Verifier

	// Ephemeral if true, nothing will be stored in the storage space
	Ephemeral bool
}

type IdentityInfo

type IdentityInfo interface {
	// ID returns the identifier of the Identity
	ID() string
	// EnrollmentID returns the enrollment ID of the Identity
	EnrollmentID() string
	// Remote is true if this identity info refers to an identify whose corresponding secret key is not known, it is external/remote
	Remote() bool
	// Get returns the identity and it is audit info.
	// Get might return a different identity at each call depending on the implementation.
	Get(ctx context.Context) (Identity, []byte, error)
	// Anonymous is true if this identity supports anonymity
	Anonymous() bool
}

IdentityInfo models a long-term identity inside the Identity Provider. An identity has an identifier (ID) and an Enrollment ID, unique identifier. An identity can be remote, meaning that the corresponding secret key is remotely available.

type IdentityNotifier

type IdentityNotifier = driver2.Notifier

IdentityNotifier is an alias to the driver-level notifier. It is used to subscribe to events in the identity storage.

type IdentityRoleType

type IdentityRoleType int

IdentityRoleType is the role of an identity

const (
	// IssuerRole is the role of an issuer
	IssuerRole IdentityRoleType = iota
	// AuditorRole is the role of an auditor
	AuditorRole
	// OwnerRole is the role of an owner
	OwnerRole
	// CertifierRole is the role of a certifier
	CertifierRole
)

type IdentityStoreService

type IdentityStoreService interface {
	// AddConfiguration stores an identity and the path to the credentials relevant to this identity
	AddConfiguration(ctx context.Context, wp IdentityConfiguration) error
	// GetConfiguration returns the configuration with the given id, type, and url.
	// It returns nil if the configuration does not exist.
	GetConfiguration(ctx context.Context, id, typ, url string) (*IdentityConfiguration, error)
	// ConfigurationsByID returns all configurations with the given id and type, regardless of their url.
	ConfigurationsByID(ctx context.Context, id, configurationType string) ([]IdentityConfiguration, error)
	// ConfigurationExists returns true if a configuration with the given id and type exists.
	ConfigurationExists(ctx context.Context, id, typ, url string) (bool, error)
	// IteratorConfigurations returns an iterator to all configurations stored
	IteratorConfigurations(ctx context.Context, configurationType string) (IdentityConfigurationIterator, error)
	// Notifier returns an IdentityConfigurationNotifier for this store to subscribe to configuration changes.
	Notifier() (IdentityConfigurationNotifier, error)
	// StoreIdentityData stores the passed identity and token information
	StoreIdentityData(ctx context.Context, id []byte, identityAudit []byte, tokenMetadata []byte, tokenMetadataAudit []byte) error
	// GetAuditInfo retrieves the audit info bounded to the given identity
	GetAuditInfo(ctx context.Context, id []byte) ([]byte, error)
	// GetTokenInfo returns the token information related to the passed identity
	GetTokenInfo(ctx context.Context, id []byte) ([]byte, []byte, error)
	// StoreSignerInfo stores the passed signer info and bound it to the given identity
	StoreSignerInfo(ctx context.Context, id driver.Identity, info []byte) error
	// GetExistingSignerInfo returns the hashes of the identities for which StoreSignerInfo was called
	GetExistingSignerInfo(ctx context.Context, ids ...driver.Identity) ([]string, error)
	// SignerInfoExists returns true if StoreSignerInfo was called on input the given identity
	SignerInfoExists(ctx context.Context, id []byte) (bool, error)
	// GetSignerInfo returns the signer info bound to the given identity
	GetSignerInfo(ctx context.Context, id []byte) ([]byte, error)
	// RegisterIdentityDescriptor registers a descriptor for an identity and associates it with an alias
	RegisterIdentityDescriptor(ctx context.Context, descriptor *IdentityDescriptor, alias driver.Identity) error
	// IterateSigners returns a page of SignerEntry values from the Signers table ordered by
	// identity_hash, starting at the given offset and returning at most limit entries.
	// Use offset=0 for the first page and increment by limit on each subsequent call.
	// When the returned slice has fewer entries than limit, iteration is complete.
	IterateSigners(ctx context.Context, offset, limit int) ([]SignerEntry, error)
	// Close closes the store
	Close() error
}

IdentityStoreService provides persistent storage operations for identity configurations, audit data, token metadata, and signer-related information.

type IdentityType

type IdentityType = driver.IdentityType

IdentityType identifies the type of identity. It is an alias for driver.IdentityType and is used by deserializers to choose the correct decoding logic for different identity representations.

type IdentityTypeString

type IdentityTypeString = driver.IdentityTypeString

IdentityTypeString is an alias for driver.IdentityTypeString

type Keystore

type Keystore interface {
	// Put stores the given key under the provided id. Implementations MUST
	// overwrite any existing value for the id and return a non-nil error on
	// failure.
	Put(id string, key any) error

	// Get retrieves the key stored under the provided id and populates the
	// provided `key` parameter.
	// If no entry exists for id, implementations should return an error describing the missing entry.
	Get(id string, key any) error

	// Delete removes the key with the given identifier.
	// If the key does not exist, implementations should return nil (idempotent).
	Delete(id string) error

	// Close closes the store
	Close() error
}

Keystore provides a minimal key/value style interface used by the identity service to persist arbitrary cryptographic key objects keyed by an identifier.

The `id` parameter is expected to be the hexadecimal representation of the key's Subject Key Identifier (SKI). Other packages may depend on this convention.

Implementations should treat the provided `key` as an opaque value. For Put the caller supplies the value to store; for Get the caller supplies a pointer or value that implementations should populate with the stored representation. Implementations are responsible for any necessary (de)serialization.

type Operation

type Operation = driver2.Operation

Operation defines the type of database operation (Insert, Update, etc.).

type Role

type Role interface {
	// ID returns the identifier of this role
	ID() IdentityRoleType
	// MapToIdentity returns the long-term identity and its identifier for the given index.
	// The index can be an identity or a label (string).
	MapToIdentity(ctx context.Context, v WalletLookupID) (Identity, string, error)
	// GetIdentityInfo returns the long-term identity info associated to the passed id
	GetIdentityInfo(ctx context.Context, id string) (IdentityInfo, error)
	// RegisterIdentity registers the given identity
	RegisterIdentity(ctx context.Context, config IdentityConfiguration) error
	// IdentityIDs returns the identifiers contained in this role
	IdentityIDs() ([]string, error)
	// Done releases all the resources allocated by this service.
	Done() error
}

Role is a container of long-term identities. A long-term identity is then used to construct a wallet.

type SignerEntry

type SignerEntry struct {
	// IdentityHash is the primary key of the Signers row (hex-encoded hash of the identity).
	IdentityHash string
	// Identity is the raw serialised identity bytes.
	Identity []byte
}

SignerEntry holds a single row from the Signers table.

type StorageProvider

type StorageProvider interface {
	// WalletStore returns a WalletStoreService for the given tmsID.
	WalletStore(tmsID token.TMSID) (WalletStoreService, error)

	// IdentityStore returns an IdentityStoreService for the given tmsID.
	IdentityStore(tmsID token.TMSID) (IdentityStoreService, error)

	// Keystore returns a Keystore service for the given tmsID.
	Keystore(tmsID token.TMSID) (Keystore, error)
}

StorageProvider returns storage services scoped to a specific token management system (TMS) identified by token.TMSID. Callers request the concrete store service for the given TMS and use the returned service to access persisted wallet, identity, or keystore data.

type TypedSignerDeserializer

type TypedSignerDeserializer interface {
	// DeserializeSigner deserializes the provided raw bytes into a tdriver.Signer
	// appropriate for the supplied identity type.
	// The context may carry ancillary information required for deserialization.
	DeserializeSigner(ctx context.Context, typ IdentityType, raw []byte) (tdriver.Signer, error)
}

TypedSignerDeserializer converts a raw byte representation into a concrete Signer for a given IdentityType. Implementations should validate the raw data and return an error on invalid input or decoding failure.

type TypedVerifierDeserializer

type TypedVerifierDeserializer interface {
	// DeserializeVerifier deserializes a verifier for the given identity type and raw identity
	DeserializeVerifier(ctx context.Context, typ IdentityType, raw []byte) (tdriver.Verifier, error)
	// Recipients returns the list of recipient identities from the given typed identity
	Recipients(id tdriver.Identity, typ IdentityType, raw []byte) ([]tdriver.Identity, error)
	// GetAuditInfo retrieves audit information for the given identity
	GetAuditInfo(ctx context.Context, id tdriver.Identity, typ IdentityType, raw []byte, p tdriver.AuditInfoProvider) ([]byte, error)
	// GetAuditInfoMatcher returns a matcher that can verify if an identity matches the given audit info
	GetAuditInfoMatcher(ctx context.Context, owner tdriver.Identity, auditInfo []byte) (tdriver.Matcher, error)
}

TypedVerifierDeserializer deserializes verifiers and related identity information for typed identities. It provides methods to extract verifiers, recipients, audit information, and audit matchers from typed identity representations.

type WalletID

type WalletID = string

WalletID models the wallet id type

type WalletLookupID

type WalletLookupID = tdriver.WalletLookupID

WalletLookupID defines the type of identifiers that can be used to retrieve a given wallet. It can be a string, as the name of the wallet, or an identity contained in that wallet. Ultimately, it is the token tdriver to decide which types are allowed.

type WalletStoreService

type WalletStoreService interface {
	// GetWalletID fetches a walletID that is bound to the identity passed
	GetWalletID(ctx context.Context, identity token.Identity, roleID int) (WalletID, error)
	// GetWalletIDs fetches all walletID's that have been stored so far without duplicates
	GetWalletIDs(ctx context.Context, roleID int) ([]WalletID, error)
	// StoreIdentity binds an identity to a walletID and its metadata
	StoreIdentity(ctx context.Context, identity token.Identity, eID string, wID WalletID, roleID int, meta []byte) error
	// IdentityExists checks whether an identity-wallet binding has already been stored
	IdentityExists(ctx context.Context, identity token.Identity, wID WalletID, roleID int) bool
	// LoadMeta returns the metadata stored for a specific identity
	LoadMeta(ctx context.Context, identity token.Identity, wID WalletID, roleID int) ([]byte, error)
	// Close closes the store
	Close() error
}

WalletStoreService provides operations for binding identities to wallets and managing associated metadata.

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL