From f438251ba90036c3de37ecbfb4715c42b2998217 Mon Sep 17 00:00:00 2001 From: Gerard Snaauw Date: Tue, 31 May 2022 14:58:59 +0200 Subject: [PATCH] Deduplicate oapi ssi schema definitions (#1123) * move schemas to common and validate against used code --- api/ssi_types.go | 99 ++++++++++++++++++ api/ssi_types_test.go | 89 ++++++++++++++++ auth/api/v1/generated.go | 29 ++---- docs/_static/auth/v1.yaml | 97 ++--------------- docs/_static/common/ssi_types.yaml | 143 +++++++++++++++++++++++++ docs/_static/vcr/v2.yaml | 161 +++-------------------------- makefile | 3 +- vcr/api/v2/generated.go | 44 +------- vcr/api/v2/types.go | 7 +- vcr/issuer/issuer.go | 1 - 10 files changed, 372 insertions(+), 301 deletions(-) create mode 100644 api/ssi_types.go create mode 100644 api/ssi_types_test.go create mode 100644 docs/_static/common/ssi_types.yaml diff --git a/api/ssi_types.go b/api/ssi_types.go new file mode 100644 index 0000000000..44e7dfcc62 --- /dev/null +++ b/api/ssi_types.go @@ -0,0 +1,99 @@ +// Package ssiTypes provides primitives to interact with the openapi HTTP API. +// +// Code generated by github.com/deepmap/oapi-codegen version v1.10.1 DO NOT EDIT. +package ssiTypes + +// Subject of a Verifiable Credential identifying the holder and expressing claims. +type CredentialSubject interface{} + +// DID according to Nuts specification +type DID string + +// Cryptographic proofs that can be used to detect tampering and verify the authorship of a +// credential or presentation. An embedded proof is a mechanism where the proof is included in +// the data, such as a Linked Data Signature. +type EmbeddedProof struct { + // A random or pseudo-random value, provided by the verifier, used by some authentication protocols to + // mitigate replay attacks. + Challenge *string `json:"challenge,omitempty"` + + // Date and time at which proof has been created. + Created string `json:"created"` + + // A string value that specifies the operational domain of a digital proof. This could be an Internet domain + // name like example.com, an ad-hoc value such as mycorp-level3-access, or a very specific transaction value + // like 8zF6T$mqP. A signer could include a domain in its digital proof to restrict its use to particular + // target, identified by the specified domain. + Domain *string `json:"domain,omitempty"` + + // JSON Web Signature + Jws string `json:"jws"` + + // A unique string value generated by the holder, MUST only be used once for a particular domain + // and window of time. This value can be used to mitigate replay attacks. + Nonce *string `json:"nonce,omitempty"` + + // It expresses the purpose of the proof and ensures the information is protected by the + // signature. + ProofPurpose string `json:"proofPurpose"` + + // Type of the object or the datatype of the typed value. Currently only supported value is "JsonWebSignature2020". + Type string `json:"type"` + + // Specifies the public key that can be used to verify the digital signature. + // Dereferencing a public key URL reveals information about the controller of the key, + // which can be checked against the issuer of the credential. + VerificationMethod string `json:"verificationMethod"` +} + +// A credential according to the W3C and Nuts specs. +type VerifiableCredential struct { + // List of URIs of JSON-LD contexts of the VC. + Context interface{} `json:"@context"` + + // Subject of a Verifiable Credential identifying the holder and expressing claims. + CredentialSubject CredentialSubject `json:"credentialSubject"` + + // rfc3339 time string until when the credential is valid. + ExpirationDate *string `json:"expirationDate,omitempty"` + + // Credential ID. An URI wich uniquely identifies the credential e.g. the issuers DID concatenated with an uuid. + Id *string `json:"id,omitempty"` + + // rfc3339 time string when the credential was issued. + IssuanceDate string `json:"issuanceDate"` + + // DID according to Nuts specification + Issuer DID `json:"issuer"` + + // one or multiple cryptographic proofs + Proof interface{} `json:"proof"` + + // A single string or array of strings. The value(s) indicate the type of credential. It should contain `VerifiableCredential`. Each type should be defined in the @context. + Type []string `json:"type"` +} + +// Verifiable Presentation +type VerifiablePresentation struct { + // An ordered set where the first item is a URI https://www.w3.org/2018/credentials/v1. It is used to define + // terms and help to express specific identifiers in a compact manner. + Context interface{} `json:"@context"` + + // URI of the entity that is generating the presentation. + Holder *string `json:"holder,omitempty"` + + // URI that is used to unambiguously refer to an object, such as a person, product, or organization. + Id *string `json:"id,omitempty"` + + // Cryptographic proofs that can be used to detect tampering and verify the authorship of a + // credential or presentation. An embedded proof is a mechanism where the proof is included in + // the data, such as a Linked Data Signature. + Proof *interface{} `json:"proof,omitempty"` + + // A single string or array of strings. Values indicate the type of object. It should contain `VerifiablePresentation`. Each type must be defined in the @context. + Type interface{} `json:"type"` + + // VerifiableCredential is composed of a list containing one or more verifiable credentials, in a + // cryptographically verifiable format. + VerifiableCredential *interface{} `json:"verifiableCredential,omitempty"` +} diff --git a/api/ssi_types_test.go b/api/ssi_types_test.go new file mode 100644 index 0000000000..ac116305a4 --- /dev/null +++ b/api/ssi_types_test.go @@ -0,0 +1,89 @@ +package ssiTypes + +import ( + "encoding/json" + "testing" + "time" + + ssi "github.com/nuts-foundation/go-did" + vcr "github.com/nuts-foundation/nuts-node/vcr/api/v2" + "github.com/stretchr/testify/assert" +) + +func TestSsiTypes_VerifiableCredential(t *testing.T) { + t.Run("required fields only", func(t *testing.T) { + remarshallTest(t, createVerifiableCredential(), VerifiableCredential{}) + }) + + t.Run("all fields", func(t *testing.T) { + vc := createVerifiableCredential() + id := ssi.MustParseURI("did:nuts:CuE3qeFGGLhEAS3gKzhMCeqd1dGa9at5JCbmCfyMU2Ey#c4199b74-0c0a-4e09-a463-6927553e65f5") + vc.ID = &id + expirationDate := time.Now().Add(time.Hour) + vc.ExpirationDate = &expirationDate + + remarshallTest(t, vc, VerifiableCredential{}) + }) +} + +func TestSsiTypes_VerifiablePresentation(t *testing.T) { + t.Run("required fields only", func(t *testing.T) { + remarshallTest(t, createVerifiablePresentation(), VerifiableCredential{}) + }) + + t.Run("all fields", func(t *testing.T) { + id := ssi.MustParseURI("did:nuts:CuE3qeFGGLhEAS3gKzhMCeqd1dGa9at5JCbmCfyMU2Ey#c4199b74-0c0a-4e09-a463-6927553e65f5") + holder := ssi.MustParseURI("did:nuts:CuE3qeFGGLhEAS3gKzhMCeqd1dGa9at5JCbmCfyMU2Ey") + + vp := createVerifiablePresentation() + vp.ID = &id + vp.Holder = &holder + vp.VerifiableCredential = []vcr.VerifiableCredential{createVerifiableCredential()} + vp.Proof = []interface{}{"because"} + + remarshallTest(t, vp, VerifiablePresentation{}) + }) +} + +func createVerifiableCredential() vcr.VerifiableCredential { + return vcr.VerifiableCredential{ + Context: []ssi.URI{ssi.MustParseURI("https://www.w3.org/2018/credentials/v1")}, + Type: []ssi.URI{ + ssi.MustParseURI("NutsOrganizationCredential"), + ssi.MustParseURI("VerifiableCredential"), + }, + Issuer: ssi.MustParseURI("did:nuts:CuE3qeFGGLhEAS3gKzhMCeqd1dGa9at5JCbmCfyMU2Ey"), + IssuanceDate: time.Now(), + CredentialSubject: []interface{}{"subject"}, + Proof: []interface{}{"because"}, + } +} + +func createVerifiablePresentation() vcr.VerifiablePresentation { + return vcr.VerifiablePresentation{ + Context: []ssi.URI{ + ssi.MustParseURI("https://www.w3.org/2018/credentials/v1"), + ssi.MustParseURI("https://nuts.nl/credentials/v1"), + }, + Type: []ssi.URI{ssi.MustParseURI("VerifiablePresentation")}, + } +} + +func remarshallTest(t *testing.T, source, target any) { + jsonSource, err := json.Marshal(source) + if !assert.NoError(t, err) { + return + } + + err = json.Unmarshal(jsonSource, &target) + if !assert.NoError(t, err) { + return + } + + jsonTarget, err := json.Marshal(target) + if !assert.NoError(t, err) { + return + } + + assert.JSONEq(t, string(jsonSource), string(jsonTarget)) +} diff --git a/auth/api/v1/generated.go b/auth/api/v1/generated.go index 40e9843cf4..e1b639a829 100644 --- a/auth/api/v1/generated.go +++ b/auth/api/v1/generated.go @@ -41,7 +41,7 @@ const ( SignSessionResponseMeansIrma SignSessionResponseMeans = "irma" ) -// Error response when access token request fails as described in rfc6749 sectionn 5.2 +// Error response when access token request fails as described in rfc6749 section 5.2 type AccessTokenRequestFailedResponse struct { Error AccessTokenRequestFailedResponseError `json:"error"` @@ -139,7 +139,7 @@ type CreateJwtGrantRequest struct { Authorizer string `json:"authorizer"` Credentials []VerifiableCredential `json:"credentials"` - // If the signature session is completed, this property contains the signature embedded in an w3c verifiable presentation. + // Verifiable Presentation Identity *VerifiablePresentation `json:"identity,omitempty"` Requester string `json:"requester"` @@ -147,21 +147,6 @@ type CreateJwtGrantRequest struct { Service string `json:"service"` } -// CredentialIssuer defines model for CredentialIssuer. -type CredentialIssuer struct { - // a credential type - CredentialType string `json:"credentialType"` - - // the DID of an issuer - Issuer string `json:"issuer"` -} - -// Subject of a Verifiable Credential identifying the holder and expressing claims. -type CredentialSubject map[string]interface{} - -// DID according to Nuts specification -type DID string - // DrawUpContractRequest defines model for DrawUpContractRequest. type DrawUpContractRequest struct { // Language of the contract in all caps. @@ -198,7 +183,7 @@ type RequestAccessTokenRequest struct { Authorizer string `json:"authorizer"` Credentials []VerifiableCredential `json:"credentials"` - // If the signature session is completed, this property contains the signature embedded in an w3c verifiable presentation. + // Verifiable Presentation Identity *VerifiablePresentation `json:"identity,omitempty"` Requester string `json:"requester"` @@ -237,16 +222,16 @@ type SignSessionResponseMeans string // SignSessionStatusResponse defines model for SignSessionStatusResponse. type SignSessionStatusResponse struct { - // Status indicates the status of the signing proces. Values depend on the implementation of the signing means. + // Status indicates the status of the signing process. Values depend on the implementation of the signing means. Status string `json:"status"` - // If the signature session is completed, this property contains the signature embedded in an w3c verifiable presentation. + // Verifiable Presentation VerifiablePresentation *VerifiablePresentation `json:"verifiablePresentation,omitempty"` } // SignatureVerificationRequest defines model for SignatureVerificationRequest. type SignatureVerificationRequest struct { - // If the signature session is completed, this property contains the signature embedded in an w3c verifiable presentation. + // Verifiable Presentation VerifiablePresentation VerifiablePresentation `json:"VerifiablePresentation"` // Moment in time to check the validity of the signature. If omitted, the current time is used. @@ -1750,7 +1735,7 @@ type ServerInterface interface { // Create a JWT Grant // (POST /internal/auth/v1/jwt-grant) CreateJwtGrant(ctx echo.Context) error - // Request an accesstoken from the authorizer + // Request an access token from the authorizer // (POST /internal/auth/v1/request-access-token) RequestAccessToken(ctx echo.Context) error // Create a signing session for a supported means. diff --git a/docs/_static/auth/v1.yaml b/docs/_static/auth/v1.yaml index 23a7f772f6..0513094a64 100644 --- a/docs/_static/auth/v1.yaml +++ b/docs/_static/auth/v1.yaml @@ -136,7 +136,7 @@ paths: error returns: * 400 - one of the parameters has the wrong format - * 404 - combinetaion of template, language, and version not found + * 404 - combination of template, language, and version not found tags: - contract requestBody: @@ -185,9 +185,9 @@ paths: /internal/auth/v1/request-access-token: post: operationId: requestAccessToken - summary: Request an accesstoken from the authorizer + summary: Request an access token from the authorizer description: | - Create a JWT Grant and use it as authorization grant to get an accesstoken from the authorizer. + Create a JWT Grant and use it as authorization grant to get an access token from the authorizer. error returns: * 400 - one of the parameters has the wrong format @@ -201,7 +201,7 @@ paths: $ref: "#/components/schemas/RequestAccessTokenRequest" responses: '200': - description: Successful request. Responds with an accesstoken. + description: Successful request. Responds with an access token. content: application/json: schema: @@ -294,68 +294,9 @@ paths: components: schemas: VerifiableCredential: - type: object - description: A credential according to the W3C and Nuts specs. - required: - - "@context" - - type - - issuer - - issuanceDate - - credentialSubject - - proof - properties: - "@context": - description: List of URIs - type: array - items: - type: string - id: - description: credential ID. A Nuts DID followed by a large number. - example: "did:nuts:B8PUHs2AUHbFF1xLLK4eZjgErEcMXHxs68FteY7NDtCY" - type: string - type: - description: List of type definitions for the credential. Always includes 'VerifiableCredential' - type: array - items: - type: string - issuer: - $ref: '#/components/schemas/DID' - issuanceDate: - description: rfc3339 time string when the credential was issued. - type: string - example: "2012-01-02T12:00:00Z" - expirationDate: - description: rfc3339 time string untill when the credential is valid. - type: string - example: "2012-01-02T12:00:00Z" - credentialSubject: - $ref: '#/components/schemas/CredentialSubject' - proof: - description: one or multiple cryptographic proofs - type: object - CredentialSubject: - type: object - description: Subject of a Verifiable Credential identifying the holder and expressing claims. - CredentialIssuer: - type: object - required: - - issuer - - credentialType - properties: - issuer: - description: the DID of an issuer - example: "did:nuts:B8PUHs2AUHbFF1xLLK4eZjgErEcMXHxs68FteY7NDtCY" - type: string - credentialType: - description: a credential type - example: NutsOrganizationCredential - type: string - DID: - type: string - description: DID according to Nuts specification - example: "did:nuts:B8PUHs2AUHbFF1xLLK4eZjgErEcMXHxs68FteY7NDtCY" + $ref: '../common/ssi_types.yaml#/components/schemas/VerifiableCredential' # - # Everthing related to sessions and signing + # Everything related to sessions and signing # SignSessionRequest: required: @@ -395,28 +336,12 @@ components: - status properties: status: - description: Status indicates the status of the signing proces. Values depend on the implementation of the signing means. + description: Status indicates the status of the signing process. Values depend on the implementation of the signing means. type: string verifiablePresentation: $ref: "#/components/schemas/VerifiablePresentation" VerifiablePresentation: - description: If the signature session is completed, this property contains the signature embedded in an w3c verifiable presentation. - type: object - required: - - "@context" - - type - - proof - properties: - "@context": - type: array - items: - type: string - type: - type: array - items: - type: string - proof: - type: object + $ref: '../common/ssi_types.yaml#/components/schemas/VerifiablePresentation' SignatureVerificationRequest: type: object required: @@ -583,7 +508,7 @@ components: $ref: "#/components/schemas/VerifiablePresentation" service: type: string - description: The service for which this access-token can be used. The right oauth endpoint is selected based on the service. + description: The service for which this access token can be used. The right oauth endpoint is selected based on the service. example: nuts-patient-transfer credentials: type: array @@ -620,7 +545,7 @@ components: $ref: '#/components/schemas/VerifiablePresentation' service: type: string - description: The service for which this access-token can be used. The right oauth endpoint is selected based on the service. + description: The service for which this access token can be used. The right oauth endpoint is selected based on the service. example: nuts-patient-transfer credentials: type: array @@ -663,7 +588,7 @@ components: description: The lifetime in seconds of the access token. example: 900 AccessTokenRequestFailedResponse: - description: Error response when access token request fails as described in rfc6749 sectionn 5.2 + description: Error response when access token request fails as described in rfc6749 section 5.2 required: - error - error_description diff --git a/docs/_static/common/ssi_types.yaml b/docs/_static/common/ssi_types.yaml new file mode 100644 index 0000000000..c3d5722b5c --- /dev/null +++ b/docs/_static/common/ssi_types.yaml @@ -0,0 +1,143 @@ +components: + schemas: + VerifiableCredential: + type: object + description: A credential according to the W3C and Nuts specs. + required: + - "@context" + - type + - issuer + - issuanceDate + - credentialSubject + - proof + properties: + "@context": + description: "List of URIs of JSON-LD contexts of the VC." + id: + description: Credential ID. An URI wich uniquely identifies the credential e.g. the issuers DID concatenated with an uuid. + example: "did:nuts:123#B8PUHs2AUHbFF1xLLK4eZjgErEcMXHxs68FteY7NDtCY" + type: string + type: + description: A single string or array of strings. The value(s) indicate the type of credential. It should contain `VerifiableCredential`. Each type should be defined in the @context. + type: array + items: + type: string + issuer: + $ref: '#/components/schemas/DID' + issuanceDate: + description: rfc3339 time string when the credential was issued. + type: string + example: "2012-01-02T12:00:00Z" + expirationDate: + description: rfc3339 time string until when the credential is valid. + type: string + example: "2012-01-02T12:00:00Z" + credentialSubject: + $ref: '#/components/schemas/CredentialSubject' + proof: + description: one or multiple cryptographic proofs + DID: + type: string + description: DID according to Nuts specification + example: "did:nuts:B8PUHs2AUHbFF1xLLK4eZjgErEcMXHxs68FteY7NDtCY" + CredentialSubject: + description: Subject of a Verifiable Credential identifying the holder and expressing claims. + + VerifiablePresentation: + type: object + description: Verifiable Presentation + title: Verifiable Presentation Model + required: + - "@context" + - type + properties: + "@context": + description: | + An ordered set where the first item is a URI https://www.w3.org/2018/credentials/v1. It is used to define + terms and help to express specific identifiers in a compact manner. + uniqueItems: true + example: [ + "https://www.w3.org/2018/credentials/v1" + ] + id: + type: string + description: URI that is used to unambiguously refer to an object, such as a person, product, or organization. + example: https://example.edu/credentials/1872, + format: uri + type: + description: A single string or array of strings. Values indicate the type of object. It should contain `VerifiablePresentation`. Each type must be defined in the @context. + example: "VerifiablePresentation" + verifiableCredential: + description: | + VerifiableCredential is composed of a list containing one or more verifiable credentials, in a + cryptographically verifiable format. + example: + $ref: '#/components/schemas/VerifiableCredential' + holder: + type: string + description: "URI of the entity that is generating the presentation." + format: uri + example: "did:nuts:123" + proof: + description: | + Cryptographic proofs that can be used to detect tampering and verify the authorship of a + credential or presentation. An embedded proof is a mechanism where the proof is included in + the data, such as a Linked Data Signature. + example: + $ref: "#/components/schemas/EmbeddedProof" + EmbeddedProof: + title: Embedded Proof + type: object + description: | + Cryptographic proofs that can be used to detect tampering and verify the authorship of a + credential or presentation. An embedded proof is a mechanism where the proof is included in + the data, such as a Linked Data Signature. + required: + - type + - created + - proofPurpose + - verificationMethod + - jws + properties: + type: + type: string + description: Type of the object or the datatype of the typed value. Currently only supported value is "JsonWebSignature2020". + example: JsonWebSignature2020. + created: + type: string + description: Date and time at which proof has been created. + example: '2021-12-20T09:00:00Z' + proofPurpose: + type: string + description: | + It expresses the purpose of the proof and ensures the information is protected by the + signature. + example: assertionMethod + challenge: + type: string + description: | + A random or pseudo-random value, provided by the verifier, used by some authentication protocols to + mitigate replay attacks. + domain: + type: string + description: | + A string value that specifies the operational domain of a digital proof. This could be an Internet domain + name like example.com, an ad-hoc value such as mycorp-level3-access, or a very specific transaction value + like 8zF6T$mqP. A signer could include a domain in its digital proof to restrict its use to particular + target, identified by the specified domain. + nonce: + type: string + description: | + A unique string value generated by the holder, MUST only be used once for a particular domain + and window of time. This value can be used to mitigate replay attacks. + verificationMethod: + type: string + description: | + Specifies the public key that can be used to verify the digital signature. + Dereferencing a public key URL reveals information about the controller of the key, + which can be checked against the issuer of the credential. + example: did:nuts:123#key-5 + jws: + type: string + description: JSON Web Signature + example: eyJhbGciOiJFUzI1NksifQ.eyJzdWIiOiJFQlNJIDIwMTkifQ.oggE3ft3kJYPGGa9eBibpbjgeJXw4fLbVMouVoM2NfcDxsl_UUUIarsS1VpBoYEs7s9cBlc4uC0EbnJCHfVJIw diff --git a/docs/_static/vcr/v2.yaml b/docs/_static/vcr/v2.yaml index 192d30bfdd..d7c8d74ee2 100644 --- a/docs/_static/vcr/v2.yaml +++ b/docs/_static/vcr/v2.yaml @@ -3,7 +3,7 @@ info: title: Nuts Verifiable Credential API spec description: | API specification for common operations on Verifiable credentials. - It allows the three roles, issuer, holer and verifier to issue, revoke, search, present and verify credentials. + It allows the three roles, issuer, holder and verifier to issue, revoke, search, present and verify credentials. version: 2.0.0 license: name: GPLv3 @@ -216,7 +216,7 @@ paths: Verifies a Verifiable Credential. It checks: * The signature * Expiration - * Rrevocation status + * Revocation status * If the issuer is trusted * If the issuer was not deactivated at time of issuing @@ -283,7 +283,7 @@ paths: The added trust is persisted and may be removed with a delete operation. error returns: - * 400 - Invalid paramters + * 400 - Invalid parameters * 500 - An error occurred while processing the request operationId: "trustIssuer" tags: @@ -306,7 +306,7 @@ paths: The removed trust is persisted. error returns: - * 400 - Invalid paramters + * 400 - Invalid parameters * 500 - An error occurred while processing the request operationId: "untrustIssuer" tags: @@ -331,7 +331,7 @@ paths: error returns: * 400 - Malformed credential type - * 404 - Unkown credential type + * 404 - Unknown credential type operationId: "listTrusted" tags: - credential @@ -362,7 +362,7 @@ paths: error returns: * 400 - Malformed credential type - * 404 - Unkown credential type + * 404 - Unknown credential type operationId: "listUntrusted" tags: - credential @@ -393,7 +393,7 @@ paths: Given a list of VCs, create a new presentation. error returns: - * 400 - Invalid paramters + * 400 - Invalid parameters * 500 - An error occurred while processing the request operationId: createVP tags: @@ -448,7 +448,7 @@ components: If set, the node publishes this credential to the network. This is the default behaviour. When set to false, the caller is responsible for distributing the VC to a holder. When the issuer is also the holder, it then can be used to directly create a presentation (self issued). - Note: a not published credential can still be publicaly revoked. + Note: a not published credential can still be publicly revoked. type: boolean default: true visibility: @@ -461,43 +461,7 @@ components: credentialSubject: $ref: '#/components/schemas/CredentialSubject' VerifiableCredential: - type: object - description: A credential according to the W3C and Nuts specs. - required: - - "@context" - - type - - issuer - - issuanceDate - - credentialSubject - - proof - properties: - "@context": - description: "List of URIs of JSON-LD contexts of the VC." - type: array - items: - type: string - id: - description: Credential ID. An URI wich uniquely identifies the credential e.g. the issuers DID concatenated with an uuid. - example: "did:nuts:123#B8PUHs2AUHbFF1xLLK4eZjgErEcMXHxs68FteY7NDtCY" - type: string - type: - description: A single string or array of strings. The value(s) indicate the type of credential. It should contain `VerifiableCredential`. Each type should be defined in the @context. - type: object - issuer: - $ref: '#/components/schemas/DID' - issuanceDate: - description: rfc3339 time string when the credential was issued. - type: string - example: "2012-01-02T12:00:00Z" - expirationDate: - description: rfc3339 time string untill when the credential is valid. - type: string - example: "2012-01-02T12:00:00Z" - credentialSubject: - $ref: '#/components/schemas/CredentialSubject' - proof: - description: one or multiple cryptographic proofs - type: object + $ref: '../common/ssi_types.yaml#/components/schemas/VerifiableCredential' SearchVCRequest: type: object description: request body for searching VCs @@ -559,12 +523,9 @@ components: type: object description: Proof contains the cryptographic proof(s). DID: - type: string - description: DID according to Nuts specification - example: "did:nuts:B8PUHs2AUHbFF1xLLK4eZjgErEcMXHxs68FteY7NDtCY" + $ref: '../common/ssi_types.yaml#/components/schemas/DID' CredentialSubject: - type: object - description: Subject of a Verifiable Credential identifying the holder and expressing claims. + $ref: '../common/ssi_types.yaml#/components/schemas/CredentialSubject' VCVerificationRequest: required: @@ -578,7 +539,7 @@ components: type: object properties: allowUntrustedIssuer: - description: If set to true, an untrusted credential issuer is alowed. + description: If set to true, an untrusted credential issuer is allowed. type: boolean default: false VCVerificationResult: @@ -665,103 +626,7 @@ components: $ref: '#/components/schemas/VerifiableCredential' VerifiablePresentation: - type: object - description: Verifiable Presentation - title: Verifiable Presentation Model - required: - - "@context" - - type - properties: - "@context": - description: | - An ordered set where the first item is a URI https://www.w3.org/2018/credentials/v1. It is used to define - terms and help to express specific identifiers in a compact manner. - uniqueItems: true - example: [ - "https://www.w3.org/2018/credentials/v1" - ] - type: array - items: - type: string - id: - type: string - description: URI that is used to unambiguously refer to an object, such as a person, product, or organization. - example: https://example.edu/credentials/1872, - format: uri - type: - description: A single string or array of strings. Values indicate the type of object. It should contain `VerifiablePresentation`. Each type must be defined in the @context. - example: "VerifiablePresentation" - type: object - verifiableCredential: - description: | - VerifiableCredential is composed of a list containing one or more verifiable credentials, in a - cryptographically verifiable format. - type: array - items: - $ref: '#/components/schemas/VerifiableCredential' - holder: - type: string - description: "URI of the entity that is generating the presentation." - format: uri - example: "did:nuts:123" - proof: - $ref: "#/components/schemas/EmbeddedProof" - EmbeddedProof: - title: Embedded Proof - type: object - description: | - Cryptographic proofs that can be used to detect tampering and verify the authorship of a - credential or presentation. An embedded proof is a mechanism where the proof is included in - the data, such as a Linked Data Signature. - required: - - type - - created - - proofPurpose - - verificationMethod - - jws - properties: - type: - type: string - description: Type of the object or the datatype of the typed value. Currently only supported value is "JsonWebSignature2020". - example: JsonWebSignature2020. - created: - type: string - description: Date and time at which proof has been created. - example: '2021-12-20T09:00:00Z' - proofPurpose: - type: string - description: | - It expresses the purpose of the proof and ensures the information is protected by the - signature. - example: assertionMethod - challenge: - type: string - description: | - A random or pseudo-random value, provided by the verifier, used by some authentication protocols to - mitigate replay attacks. - domain: - type: string - description: | - A string value that specifies the operational domain of a digital proof. This could be an Internet domain - name like example.com, an ad-hoc value such as mycorp-level3-access, or a very specific transaction value - like 8zF6T$mqP. A signer could include a domain in its digital proof to restrict its use to particular - target, identified by the specified domain. - nonce: - type: string - description: | - A unique string value generated by the holder, MUST only be used once for a particular domain - and window of time. This value can be used to mitigate replay attacks. - verificationMethod: - type: string - description: | - Specifies the public key that can be used to verify the digital signature. - Dereferencing a public key URL reveals information about the controller of the key, - which can be checked against the issuer of the credential. - example: did:nuts:123#key-5 - jws: - type: string - description: JSON Web Signature - example: eyJhbGciOiJFUzI1NksifQ.eyJzdWIiOiJFQlNJIDIwMTkifQ.oggE3ft3kJYPGGa9eBibpbjgeJXw4fLbVMouVoM2NfcDxsl_UUUIarsS1VpBoYEs7s9cBlc4uC0EbnJCHfVJIw + $ref: '../common/ssi_types.yaml#/components/schemas/VerifiablePresentation' CredentialIssuer: type: object required: diff --git a/makefile b/makefile index 3b4c7cd4fc..7ec77ab7c6 100644 --- a/makefile +++ b/makefile @@ -49,9 +49,10 @@ gen-api: oapi-codegen -generate types,server,client,skip-prune -templates codegen/oapi/ -package v1 -exclude-schemas DIDDocument,DIDDocumentMetadata,Service,VerificationMethod docs/_static/vdr/v1.yaml | gofmt > vdr/api/v1/generated.go oapi-codegen -generate types -templates codegen/oapi/ -package v1 docs/_static/vdr/v1.yaml | gofmt > vdr/api/v1/test/generated.go oapi-codegen -generate types,server,client -templates codegen/oapi/ -package v1 -exclude-schemas PeerDiagnostics docs/_static/network/v1.yaml | gofmt > network/api/v1/generated.go - oapi-codegen -generate types,server,client,skip-prune -templates codegen/oapi/ -package v2 -exclude-schemas VerifiableCredential,CredentialSubject,Revocation,VerifiablePresentation,SearchVCRequest docs/_static/vcr/v2.yaml | gofmt > vcr/api/v2/generated.go + oapi-codegen -generate types,server,client,skip-prune -templates codegen/oapi/ -package v2 -exclude-schemas VerifiableCredential,DID,CredentialSubject,Revocation,VerifiablePresentation,SearchVCRequest docs/_static/vcr/v2.yaml | gofmt > vcr/api/v2/generated.go oapi-codegen -generate types,server,client,skip-prune -templates codegen/oapi/ -package v1 -exclude-schemas VerifiableCredential,VerifiablePresentation docs/_static/auth/v1.yaml | gofmt > auth/api/v1/generated.go oapi-codegen -generate types,server,client -templates codegen/oapi/ -package v1 -exclude-schemas ContactInformation,OrganizationSearchResult,Endpoint docs/_static/didman/v1.yaml | gofmt > didman/api/v1/generated.go + oapi-codegen -generate types,skip-prune -templates codegen/oapi/ -package ssiTypes docs/_static/common/ssi_types.yaml | gofmt > api/ssi_types.go gen-protobuf: protoc --go_out=paths=source_relative:network -I network network/transport/v2/protocol.proto diff --git a/vcr/api/v2/generated.go b/vcr/api/v2/generated.go index 9878a3e51f..027d8029f4 100644 --- a/vcr/api/v2/generated.go +++ b/vcr/api/v2/generated.go @@ -59,46 +59,6 @@ type CredentialIssuer struct { Issuer string `json:"issuer"` } -// DID according to Nuts specification -type DID string - -// Cryptographic proofs that can be used to detect tampering and verify the authorship of a -// credential or presentation. An embedded proof is a mechanism where the proof is included in -// the data, such as a Linked Data Signature. -type EmbeddedProof struct { - // A random or pseudo-random value, provided by the verifier, used by some authentication protocols to - // mitigate replay attacks. - Challenge *string `json:"challenge,omitempty"` - - // Date and time at which proof has been created. - Created string `json:"created"` - - // A string value that specifies the operational domain of a digital proof. This could be an Internet domain - // name like example.com, an ad-hoc value such as mycorp-level3-access, or a very specific transaction value - // like 8zF6T$mqP. A signer could include a domain in its digital proof to restrict its use to particular - // target, identified by the specified domain. - Domain *string `json:"domain,omitempty"` - - // JSON Web Signature - Jws string `json:"jws"` - - // A unique string value generated by the holder, MUST only be used once for a particular domain - // and window of time. This value can be used to mitigate replay attacks. - Nonce *string `json:"nonce,omitempty"` - - // It expresses the purpose of the proof and ensures the information is protected by the - // signature. - ProofPurpose string `json:"proofPurpose"` - - // Type of the object or the datatype of the typed value. Currently only supported value is "JsonWebSignature2020". - Type string `json:"type"` - - // Specifies the public key that can be used to verify the digital signature. - // Dereferencing a public key URL reveals information about the controller of the key, - // which can be checked against the issuer of the credential. - VerificationMethod string `json:"verificationMethod"` -} - // A request for issuing a new Verifiable Credential. type IssueVCRequest struct { // The resolvable context of the credentialSubject as URI. If omitted, the "https://nuts.nl/credentials/v1" context is used. @@ -117,7 +77,7 @@ type IssueVCRequest struct { // If set, the node publishes this credential to the network. This is the default behaviour. // When set to false, the caller is responsible for distributing the VC to a holder. When the issuer is // also the holder, it then can be used to directly create a presentation (self issued). - // Note: a not published credential can still be publicaly revoked. + // Note: a not published credential can still be publicly revoked. PublishToNetwork *bool `json:"publishToNetwork,omitempty"` // Type definition for the credential. @@ -154,7 +114,7 @@ type SearchVCResults struct { // VCVerificationOptions defines model for VCVerificationOptions. type VCVerificationOptions struct { - // If set to true, an untrusted credential issuer is alowed. + // If set to true, an untrusted credential issuer is allowed. AllowUntrustedIssuer *bool `json:"allowUntrustedIssuer,omitempty"` } diff --git a/vcr/api/v2/types.go b/vcr/api/v2/types.go index 8b32ddd8d9..4c6a2c61e6 100644 --- a/vcr/api/v2/types.go +++ b/vcr/api/v2/types.go @@ -20,10 +20,12 @@ package v2 import ( + "time" + ssi "github.com/nuts-foundation/go-did" + "github.com/nuts-foundation/go-did/did" "github.com/nuts-foundation/go-did/vc" "github.com/nuts-foundation/nuts-node/vcr/credential" - "time" ) // VerifiableCredential is an alias to use from within the API @@ -38,6 +40,9 @@ type Revocation = credential.Revocation // VerifiablePresentation is an alias to use from within the API type VerifiablePresentation = vc.VerifiablePresentation +// DID is an alias to use from within the API +type DID = did.DID + // SearchVCQuery defines a less strict VerifiableCredential struct without proof which can be used to search for VerifiableCredentials. // All fields except for the Context are optional type SearchVCQuery struct { diff --git a/vcr/issuer/issuer.go b/vcr/issuer/issuer.go index 74162d99be..fc12039a7a 100644 --- a/vcr/issuer/issuer.go +++ b/vcr/issuer/issuer.go @@ -25,7 +25,6 @@ import ( "time" "github.com/google/uuid" - ssi "github.com/nuts-foundation/go-did" "github.com/nuts-foundation/go-did/did" "github.com/nuts-foundation/go-did/vc"