config

package
v0.0.0-...-99b4b88 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const SERVICES_PATH = "service"
View Source 
const SERVICE_DEFAULT_SCOPE = ""

Variables

View Source 
var ErrorCcsEmptyResponse = errors.New("empty_response_from_ccs")
View Source 
var ErrorCcsErrorResponse = errors.New("error_response_from_ccs")
View Source 
var ErrorCcsNoResponse = errors.New("no_response_from_ccs")
View Source 
var ErrorNoSuchScope = errors.New("requested_scope_does_not_exist")

Functions

This section is empty.

Types

type ClaimInclusion 

type ClaimInclusion struct {
	// Key of the claim to be included. All objects under this key will be included unchanged.
	OriginalKey string `json:"originalKey" mapstructure:"originalKey"`
	// Key of the claim to be used in the jwt. If not provided, the original one will be used.
	NewKey string `json:"newKey" mapstructure:"newKey"`
}

type ClaimsQuery 

type ClaimsQuery struct {
	// REQUIRED if claim_sets is present in the Credential Query; OPTIONAL otherwise. A string identifying the particular claim. The value MUST be a non-empty string consisting of alphanumeric, underscore (_), or hyphen (-) characters. Within the particular claims array, the same id MUST NOT be present more than once.
	Id string `json:"id,omitempty" mapstructure:"id,omitempty"`
	//  The value MUST be a non-empty array representing a claims path pointer that specifies the path to a claim within the Credential. See https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-claims-path-pointer
	Path []interface{} `json:"path,omitempty" mapstructure:"path,omitempty"`
	// A non-empty array of strings, integers or boolean values that specifies the expected values of the claim. If the values property is present, the Wallet SHOULD return the claim only if the type and value of the claim both match exactly for at least one of the elements in the array.
	Values []interface{} `json:"values,omitempty" mapstructure:"values,omitempty"`
	// MDoc specific parameter, ignored for all other types. The flag can be set to inform that the reader wishes to keep(store) the data. In case of false, its data is only used to be dispalyed and verified.
	IntentToRetain bool `json:"intent_to_retain,omitempty" mapstructure:"intent_to_retain,omitempty"`
	// MDoc specific parameter, ignored for all other types. Refers to a namespace inside an mdoc.
	Namespace string `json:"namespace,omitempty" mapstructure:"namespace,omitempty"`
	// MDoc specific parameter, ignored for all other types. Identifier for the data-element in the namespace.
	ClaimName string `json:"claim_name,omitempty" mapstructure:"claim_name,omitempty"`
}

ClaimsQuery is a query to specifies claims in the requested Credential.

type ClientIdentification 

type ClientIdentification struct {
	// path to the did signing key(in pem format) for request object mode
	KeyPath string `mapstructure:"keyPath"`
	// algorithm used for the request signing key
	KeyAlgorithm string `mapstructure:"requestKeyAlgorithm"`
	// identification used by the verifier when requesting authorization. Can be a did, but also methods like x509_san_dns
	Id string `mapstructure:"id"`
	// optional path to the certifcate to embed in the jwt header
	CertificatePath string `mapstructure:"certificatePath"`
}

type ConfigClient 

type ConfigClient interface {
	GetServices() (services []ConfiguredService, err error)
}

func NewCCSHttpClient 

func NewCCSHttpClient(configEndpoint string) (client ConfigClient, err error)

type ConfigRepo 

type ConfigRepo struct {
	// url of the configuration service to be used
	ConfigEndpoint string `mapstructure:"configEndpoint"`
	// statically configured services with their trust anchors and scopes.
	Services       []ConfiguredService `mapstructure:"services"`
	UpdateInterval int64               `mapstructure:"updateInterval" default:"30"`
}

type Configuration 

type Configuration struct {
	Server     Server     `mapstructure:"server"`
	Verifier   Verifier   `mapstructure:"verifier"`
	Logging    Logging    `mapstructure:"logging"`
	ConfigRepo ConfigRepo `mapstructure:"configRepo"`
	M2M        M2M        `mapstructure:"m2m"`
	Elsi       Elsi       `mapstructure:"elsi"`
}

general structure of the configuration file

func ReadConfig 

func ReadConfig(configFile string) (configuration Configuration, err error)

read the config from the config file

type ConfiguredService 

type ConfiguredService struct {
	// Default OIDC scope to be used if none is specified
	DefaultOidcScope  string                `json:"defaultOidcScope" mapstructure:"defaultOidcScope"`
	ServiceScopes     map[string]ScopeEntry `json:"oidcScopes" mapstructure:"oidcScopes"`
	Id                string                `json:"id" mapstructure:"id"`
	AuthorizationType string                `json:"authorizationType,omitempty" mapstructure:"authorizationType,omitempty"`
	AuthorizationPath string                `json:"authorizationPath,omitempty" mapstructure:"authorizationPath,omitempty"`
}

func (ConfiguredService) GetCredential 

func (cs ConfiguredService) GetCredential(scope, credentialType string) (Credential, bool)

func (ConfiguredService) GetCredentials 

func (cs ConfiguredService) GetCredentials(scope string) (credentials []Credential, err error)

func (ConfiguredService) GetDcqlQuery 

func (cs ConfiguredService) GetDcqlQuery(scope string) (dcql *DCQL, err error)

func (ConfiguredService) GetPresentationDefinition 

func (cs ConfiguredService) GetPresentationDefinition(scope string) (pd *PresentationDefinition, err error)

func (ConfiguredService) GetRequiredCredentialTypes 

func (cs ConfiguredService) GetRequiredCredentialTypes(scope string) (types []string, err error)

func (ConfiguredService) GetScope 

func (cs ConfiguredService) GetScope(scope string) (scopeEntry ScopeEntry, err error)

type Constraints 

type Constraints struct {
	// array of objects to describe the information to be included
	Fields []Fields `json:"fields" mapstructure:"fields"`
}

type Credential 

type Credential struct {
	// Type of the credential
	Type string `json:"type" mapstructure:"type"`
	// A list of (EBSI Trusted Issuers Registry compatible) endpoints to  retrieve the trusted participants from.
	TrustedParticipantsLists []TrustedParticipantsList `json:"trustedParticipantsLists,omitempty" mapstructure:"trustedParticipantsLists,omitempty"`
	// A list of (EBSI Trusted Issuers Registry compatible) endpoints to  retrieve the trusted issuers from. The attributes need to be formated to comply with the verifiers requirements.
	TrustedIssuersLists []string `json:"trustedIssuersLists,omitempty" mapstructure:"trustedIssuersLists,omitempty"`
	// Configuration of Holder Verfification
	HolderVerification HolderVerification `json:"holderVerification" mapstructure:"holderVerification"`
	// Does the given credential require a compliancy credential
	RequireCompliance bool `json:"requireCompliance" mapstructure:"requireCompliance"`
	// Configuration for the credential its inclusion into the JWT.
	JwtInclusion JwtInclusion `json:"jwtInclusion" mapstructure:"jwtInclusion"`
}

type CredentialQuery 

type CredentialQuery struct {
	// A string identifying the Credential in the response and, if provided, the constraints in credential_sets. The value MUST be a non-empty string consisting of alphanumeric, underscore (_), or hyphen (-) characters. Within the Authorization Request, the same id MUST NOT be present more than once.
	Id string `json:"id,omitempty" mapstructure:"id,omitempty"`
	// A string that specifies the format of the requested Credential.
	Format string `json:"format,omitempty" mapstructure:"format,omitempty"`
	// A boolean which indicates whether multiple Credentials can be returned for this Credential Query. If omitted, the default value is false.
	Multiple bool `json:"multiple" mapstructure:"multiple"`
	// A non-empty array of objects  that specifies claims in the requested Credential. Verifiers MUST NOT point to the same claim more than once in a single query. Wallets SHOULD ignore such duplicate claim queries.
	Claims []ClaimsQuery `json:"claims,omitempty" mapstructure:"claims,omitempty"`
	// Defines additional properties requested by the Verifier that apply to the metadata and validity data of the Credential. The properties of this object are defined per Credential Format. If empty, no specific constraints are placed on the metadata or validity of the requested Credential.
	Meta *MetaDataQuery `json:"meta,omitempty" mapstructure:"meta,omitempty"`
	// A boolean which indicates whether the Verifier requires a Cryptographic Holder Binding proof. The default value is true, i.e., a Verifiable Presentation with Cryptographic Holder Binding is required. If set to false, the Verifier accepts a Credential without Cryptographic Holder Binding proof.
	RequireCryptographicHolderBinding bool `json:"require_cryptographic_holder_binding,omitempty" mapstructure:"require_cryptographic_holder_binding,omitempty"`
	// A non-empty array containing arrays of identifiers for elements in claims that specifies which combinations of claims for the Credential are requested.
	ClaimSets [][]string `json:"claim_sets,omitempty" mapstructure:"claim_sets,omitempty"`
	// A non-empty array of objects  that specifies expected authorities or trust frameworks that certify Issuers, that the Verifier will accept. Every Credential returned by the Wallet SHOULD match at least one of the conditions present in the corresponding trusted_authorities array if present.
	TrustedAuthorities []TrustedAuthorityQuery `json:"trusted_authorities,omitempty" mapstructure:"trusted_authorities,omitempty"`
}

CredentialQuery is an object representing a request for a presentation of one or more matching Credentials

type CredentialSetQuery 

type CredentialSetQuery struct {
	// A non-empty array, where each value in the array is a list of Credential Query identifiers representing one set of Credentials that satisfies the use case. The value of each element in the options array is a non-empty array of identifiers which reference elements in credentials.
	Options [][]string `json:"options,omitempty" mapstructure:"options,omitempty"`
	// A boolean which indicates whether this set of Credentials is required to satisfy the particular use case at the Verifier.
	Required bool `json:"required,omitempty" mapstructure:"required,omitempty"`
	// A string, number or object specifying the purpose of the query. This specification does not define a specific structure or specific values for this property. The purpose is intended to be used by the Verifier to communicate the reason for the query to the Wallet. The Wallet MAY use this information to show the user the reason for the request.
	Purpose interface{} `json:"purpose,omitempty" mapstructure:"purpose,omitempty"`
}

CredentialSetQuery is a Credential Set Query is an object representing a request for one or more Credentials to satisfy a particular use case with the Verifier.

type DCQL 

type DCQL struct {
	// A non-empty array of Credential Queries that specify the requested Credentials.
	Credentials []CredentialQuery `json:"credentials" mapstructure:"credentials"`
	// A non-empty array of Credential Set Queries that specifies additional constraints on which of the requested Credentials to return.
	CredentialSets []CredentialSetQuery `json:"credential_sets,omitempty" mapstructure:"credential_sets,omitempty"`
}

DCQL defines a JSON encoded query to request the credentials to be included in the presentation

type Elsi 

type Elsi struct {
	// should the support for did:elsi be enabled
	Enabled bool `mapstructure:"enabled" default:"false"`
	// endpoint of the validation service to be used for JAdES signatures
	ValidationEndpoint *ValidationEndpoint `mapstructure:"validationEndpoint"`
}

type Fields 

type Fields struct {
	// Id of the field
	Id string `json:"id" mapstructure:"id"`
	// A list of JsonPaths for the requested claim
	Path []string `json:"path" mapstructure:"path"`
	// Does it need to be included?
	Optional bool `json:"optional" mapstructure:"optional" default:"true"`
	// a custom filter to be applied on the fields, f.e. restrict to certain values
	Filter interface{} `json:"filter" mapstructure:"filter"`
}

type FormatObject 

type FormatObject struct {
	// list of algorithms to be requested for credential - f.e. ES256
	Alg []string `json:"alg" mapstructure:"alg"`
}

type HolderVerification 

type HolderVerification struct {
	// should holder verification be enabled
	Enabled bool `json:"enabled" mapstructure:"enabled"`
	// the claim containing the holder
	Claim string `json:"claim" mapstructure:"claim"`
}

type HttpClient 

type HttpClient interface {
	Get(url string) (resp *http.Response, err error)
}

type HttpConfigClient 

type HttpConfigClient struct {
	// contains filtered or unexported fields
}

func (HttpConfigClient) GetServices 

func (hcc HttpConfigClient) GetServices() (services []ConfiguredService, err error)

type InputDescriptor 

type InputDescriptor struct {
	// Id of the descriptor
	Id string `json:"id" mapstructure:"id"`
	// defines the infromation to be requested
	Constraints Constraints `json:"constraints" mapstructure:"constraints"`
	// Format of the credential to be requested
	Format map[string]FormatObject `json:"format" mapstructure:"format"`
}

type JwtInclusion 

type JwtInclusion struct {
	// Should the given credential be included into the generated JWT
	Enabled bool `json:"enabled" mapstructure:"enabled"`
	// Should the complete credential be embedded
	FullInclusion bool `json:"fullInclusion" mapstructure:"fullInclusion"`
	// Claims to be included
	ClaimsToInclude []ClaimInclusion `json:"claimsToInclude" mapstructure:"claimsToInclude"`
}

type Logging 

type Logging struct {
	// loglevel to be used - can be DEBUG, INFO, WARN or ERROR
	Level string `mapstructure:"level" default:"INFO"`
	// should the logging in a structured json format
	JsonLogging bool `mapstructure:"jsonLogging" default:"true"`
	// should requests be logged
	LogRequests bool `mapstructure:"logRequests" default:"true"`
	// list of paths to be ignored on request logging(could be often called operational endpoints like f.e. metrics)
	PathsToSkip []string `mapstructure:"pathsToSkip"`
}

logging config

type M2M 

type M2M struct {
	// auth enabled for M2M interactions
	AuthEnabled bool `mapstructure:"authEnabled"`
	// path to the signing key(in pem format)
	KeyPath string `mapstructure:"keyPath"`
	// path to the credential to be used for auth
	CredentialPath string `mapstructure:"credentialPath"`
	// id of the verifier when retrieving tokens
	ClientId string `mapstructure:"clientId"`
	// verification method to be provided for the ld-proof
	VerificationMethod string `mapstructure:"verificationMethod" default:"JsonWebKey2020"`
	// signature type to be provided for the ld-proof
	SignatureType string `mapstructure:"signatureType" default:"JsonWebSignature2020"`
	// type of the provided key
	KeyType string `mapstructure:"keyType" default:"RSAPS256"`
}

configuration for M2M interaction

type MetaDataQuery 

type MetaDataQuery struct {
	// SD-JWT and JWT specific parameter. A non-empty array of strings that specifies allowed values for the type of the requested Verifiable Credential.The Wallet MAY return Credentials that inherit from any of the specified types, following the inheritance logic defined in https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-10
	VctValues []string `json:"vct_values,omitempty" mapstructure:"vct_values,omitempty"`
	// Required for MDoc. String that specifies an allowed value for the doctype of the requested Verifiable Credential. It MUST be a valid doctype identifier as defined in https://www.iso.org/standard/69084.html
	DoctypeValue string `json:"doctype_value,omitempty" mapstructure:"doctype_value,omitempty"`
	// Required for ldp_vc. A non-empty array of string arrays. The Type value of the credential needs to be a subset of at least one of the string-arrays.
	TypeValues [][]string `json:"type_values,omitempty" mapstructure:"type_values,omitempty"`
}

MetaDataQuery defines additional properties requested by the Verifier that apply to the metadata and validity data of the Credential.

type Policies 

type Policies struct {
	// policies that all credentials are checked against
	DefaultPolicies PolicyMap `mapstructure:"default"`
	// policies that used to check specific credential types. Key maps to the "credentialSubject.type" of the credential
	CredentialTypeSpecificPolicies map[string]PolicyMap `mapstructure:"credentialTypeSpecific"`
}

type PolicyConfigParameters 

type PolicyConfigParameters map[string]interface{}

type PolicyMap 

type PolicyMap map[string]PolicyConfigParameters

type PresentationDefinition 

type PresentationDefinition struct {
	// Id of the definition
	Id string `json:"id" mapstructure:"id"`
	// List of requested inputs
	InputDescriptors []InputDescriptor `json:"input_descriptors" mapstructure:"input_descriptors"`
	// Format of the credential to be requested
	Format map[string]FormatObject `json:"format" mapstructure:"format"`
}

type ScopeEntry 

type ScopeEntry struct {
	// credential types with their trust configuration
	Credentials []Credential `json:"credentials" mapstructure:"credentials"`
	// 	Proofs to be requested - see https://identity.foundation/presentation-exchange/#presentation-definition
	PresentationDefinition *PresentationDefinition `json:"presentationDefinition" mapstructure:"presentationDefinition"`
	// JSON encoded query to request the credentials to be included in the presentation
	DCQL *DCQL `json:"dcql" mapstructure:"dcql"`
	// When set, the claim are flatten to plain JWT-claims before beeing included, instead of keeping the credential/presentation structure, where the claims are under the key vc or vp
	FlatClaims bool `json:"flatClaims" mapstructure:"flatClaims"`
}

type Server 

type Server struct {
	// host name of the verifier
	Host string `mapstructure:"host"`
	// port to bind the server
	Port int `mapstructure:"port" default:"8080"`
	// directory to read the template(s) from
	TemplateDir string `mapstructure:"templateDir" default:"views/"`
	// directory of static files to be provided, f.e. to be used inside the templates
	StaticDir string `mapstructure:"staticDir" default:"views/static/"`
}

general configuration to run the application

type ServicesResponse 

type ServicesResponse struct {
	Total      int                 `json:"total"`
	PageNumber int                 `json:"pageNumber"`
	PageSize   int                 `json:"pageSize"`
	Services   []ConfiguredService `json:"services"`
}

type TrustedAuthorityQuery 

type TrustedAuthorityQuery struct {
	//  A string uniquely identifying the type of information about the issuer trust framework.
	Type string `json:"type" mapstructure:"type"`
	// A non-empty array of strings, where each string (value) contains information specific to the used Trusted Authorities Query type that allows the identification of an issuer, a trust framework, or a federation that an issuer belongs to.
	Values []string `json:"values" mapstructure:"values"`
}

TrustedAuthorityQuery is an object representing information that helps to identify an authority or the trust framework that certifies Issuers.

type TrustedParticipantsList 

type TrustedParticipantsList struct {
	// Type of praticipants list to be used - either gaia-x or ebsi
	Type string `json:"type" mapstructure:"type"`
	// url of the list
	Url string `json:"url" mapstructure:"url"`
}

type ValidationEndpoint 

type ValidationEndpoint struct {
	Host           string `mapstructure:"host"`
	ValidationPath string `mapstructure:"validationPath" default:"/validateSignature"`
	HealthPath     string `mapstructure:"healthPath" default:"/q/health/ready"`
}

type Verifier 

type Verifier struct {
	// did to be used by the verifier
	Did string `mapstructure:"did"`
	// Identification to be used for the verifier
	ClientIdentification ClientIdentification `mapstructure:"clientIdentification"`
	// supported request modes - currently 'urlEncoded', 'byValue' and 'byReference' are available. In case of byValue, the keyPath has to be set.
	SupportedModes []string `mapstructure:"supportedModes" default:"urlEncoded"`
	// address of the (ebsi-compatible) trusted-issuers-registry for verifying the issuer
	TirAddress string `mapstructure:"tirAddress"`
	// expiry of the tir-cache entries
	TirCacheExpiry int `mapstructure:"tirCacheExpiry" default:"30"`
	// expiry of the til-cache entries
	TilCacheExpiry int `mapstructure:"tilCacheExpiry" default:"30"`
	// expiry of auth sessions
	SessionExpiry int `mapstructure:"sessionExpiry" default:"30"`
	// policies that shall be checked
	PolicyConfig Policies `mapstructure:"policies"`
	// path of the authorizationEndpoint to be provided in the .well-known/openid-configuration
	AuthorizationEndpoint string `mapstructure:"authorizationEndpoint"`
	// Validation mode for validating the vcs. Does not touch verification, just content validation.
	// applicable modes:
	// * `none`: No validation, just swallow everything
	// * `combined`: ld and schema validation
	// * `jsonLd`: uses JSON-LD parser for validation
	// * `baseContext`: validates that only the fields and values (when applicable)are present in the document. No extra fields are allowed (outside of credentialSubject).
	// Default is set to `none` to ensure backwards compatibility
	ValidationMode string `mapstructure:"validationMode" default:"none"`
	// algorithm to be used for the jwt signatures - currently supported: RS256 and ES256
	KeyAlgorithm string `mapstructure:"keyAlgorithm" default:"RS256"`
	// when set to true, the private key is generated on startup. Its not persisted and just kept in memory.
	GenerateKey bool `mapstructure:"generateKey" default:"true"`
	// path to the private key for jwt signatures
	KeyPath string `mapstructure:"keyPath"`
}

configuration specific to the functionality of the verifier

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.