github.com/hyperledger/aries-framework-go@v0.3.2/pkg/doc/cl/ursa/issuer.go

github.com/hyperledger/aries-framework-go@v0.3.2/pkg/doc/cl/ursa/issuer.go (about)

     1  //go:build ursa
     2  // +build ursa
     3  
     4  /*
     5  Copyright Avast Software. All Rights Reserved.
     6  
     7  SPDX-License-Identifier: Apache-2.0
     8  */
     9  
    10  package ursa
    11  
    12  import (
    13  	"errors"
    14  	"fmt"
    15  
    16  	"github.com/hyperledger/aries-framework-go/pkg/crypto"
    17  	"github.com/hyperledger/aries-framework-go/pkg/doc/cl"
    18  	"github.com/hyperledger/aries-framework-go/pkg/kms"
    19  )
    20  
    21  // Issuer is an ursa implementation of the CL Issuer API.
    22  type Issuer struct {
    23  	crypto crypto.Crypto
    24  	kh     interface{}
    25  	pubKey []byte
    26  	attrs  []string
    27  }
    28  
    29  // NewIssuer insaniates a service for the provided keyID and attributes.
    30  func NewIssuer(provider cl.Provider, keyID string, attrs []string) (*Issuer, error) {
    31  	km := provider.KMS()
    32  
    33  	kh, err := km.Get(keyID)
    34  	if err != nil {
    35  		return nil, fmt.Errorf("failed to get KeyHandle for %s: %w", keyID, err)
    36  	}
    37  
    38  	pubKey, kt, err := km.ExportPubKeyBytes(keyID)
    39  	if err != nil {
    40  		return nil, err
    41  	}
    42  
    43  	if kt != kms.CLCredDefType {
    44  		return nil, errors.New("not a CredDef key")
    45  	}
    46  
    47  	return &Issuer{kh: kh, crypto: provider.Crypto(), pubKey: pubKey, attrs: attrs}, nil
    48  }
    49  
    50  // GetCredentialDefinition returns a public CredDef data - public key, correctness proof and attributes
    51  // returns:
    52  // 		credDef as *CredentialDefinition
    53  //		error in case of errors
    54  func (s *Issuer) GetCredentialDefinition() (*cl.CredentialDefinition, error) {
    55  	correctnessProof, err := s.crypto.GetCorrectnessProof(s.kh)
    56  	if err != nil {
    57  		return nil, err
    58  	}
    59  
    60  	return &cl.CredentialDefinition{CredDefCorrectnessProof: correctnessProof, CredPubKey: s.pubKey, Attrs: s.attrs}, nil
    61  }
    62  
    63  // OfferCredential generates CredOffer containing valid nonce
    64  // returns:
    65  // 		offer as *CredentialOffer
    66  //		error in case of errors
    67  func (s *Issuer) OfferCredential() (*cl.CredentialOffer, error) {
    68  	nonce, err := newNonce()
    69  	if err != nil {
    70  		return nil, err
    71  	}
    72  
    73  	return &cl.CredentialOffer{Nonce: nonce}, nil
    74  }
    75  
    76  // IssueCredential issues and signs Credential for values and CredRequest
    77  // provided by prover and CredOffer from the previous step
    78  // Resulting Credential will contain signature and signature's correctness proof, along with issued attributes
    79  // returns:
    80  // 		credential as *Credential
    81  //		error in case of errors
    82  func (s *Issuer) IssueCredential(
    83  	values map[string]interface{},
    84  	credRequest *cl.CredentialRequest,
    85  	credOffer *cl.CredentialOffer,
    86  ) (*cl.Credential, error) {
    87  	sig, sigProof, err := s.crypto.SignWithSecrets(
    88  		s.kh,
    89  		values,
    90  		credRequest.BlindedCredentialSecrets.Handle,
    91  		credRequest.BlindedCredentialSecrets.CorrectnessProof,
    92  		[][]byte{credOffer.Nonce, credRequest.Nonce},
    93  		credRequest.ProverID,
    94  	)
    95  	if err != nil {
    96  		return nil, err
    97  	}
    98  
    99  	return &cl.Credential{Signature: sig, SigProof: sigProof, Values: values}, nil
   100  }