Release/3.14.0

.github/ISSUE_TEMPLATE.md

@@ -12,6 +12,6 @@ assignees: ''
 #
 # There's a better way to get help!
 #
-# Send your questions or issues to sdksupport@yoti.com
+# Send your questions or issues to https://support.yoti.com
 #
 #

.github/workflows/tests.yaml

@@ -13,7 +13,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go-version: [1.17, 1.18, "^1"]
+        go-version: [1.19, "^1"]
 
     steps:
       - uses: actions/checkout@v2

.gitignore

@@ -12,9 +12,12 @@ debug
 # Report files
 sonar-report.json
 coverage.out
+report.json
 
 # idea files
 .idea
 
-# Generated binaries
-/_examples/docscan/docscan
+# DS_Store files
+.DS_Store
+
+

README.md

@@ -42,7 +42,7 @@ import "github.com/getyoti/yoti-go-sdk/v3"
 or add the following line to your go.mod file (check https://github.com/getyoti/yoti-go-sdk/releases for the latest version)
 ```
 
-require github.com/getyoti/yoti-go-sdk/v3 v3.11.0
+require github.com/getyoti/yoti-go-sdk/v3 v3.12.0
 ```
 
 ## Setup
@@ -59,7 +59,7 @@ For each service you will need:
 
 ## Support
 
-For any questions or support please email [clientsupport@yoti.com](mailto:clientsupport@yoti.com).
+For any questions or support please contact us here: https://support.yoti.com
 Please provide the following to get you up and working as quickly as possible:
 
 * Computer type

_examples/.gitignore

@@ -1 +1,9 @@
 .env
+# Generated binaries
+docscan/docscan
+idv/idv
+aml/aml
+docscansandbox/docscansandbox
+profile/profile
+profilesandbox/profilesandbox
+digitalidentity/digitalidentity

_examples/aml/go.mod

@@ -1,6 +1,6 @@
 module aml
 
-go 1.17
+go 1.19
 
 require (
 	github.com/getyoti/yoti-go-sdk/v3 v3.0.0

_examples/aml/main.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"io/ioutil"
 	"log"
 	"os"
 	"strconv"
@@ -19,7 +18,7 @@ var (
 
 func main() {
 	var err error
-	key, err = ioutil.ReadFile(os.Getenv("YOTI_KEY_FILE_PATH"))
+	key, err = os.ReadFile(os.Getenv("YOTI_KEY_FILE_PATH"))
 	sdkID = os.Getenv("YOTI_CLIENT_SDK_ID")
 
 	if err != nil {

_examples/digitalidentity/.env.example

@@ -0,0 +1,2 @@
+YOTI_CLIENT_SDK_ID=
+YOTI_KEY_FILE_PATH=

_examples/digitalidentity/.gitignore

@@ -0,0 +1,8 @@
+/images/YotiSelfie.jpeg
+
+# Example project generated self-signed certificate
+/yotiSelfSignedCert.pem
+/yotiSelfSignedKey.pem
+
+# Compiled binary
+/digitalidentity

_examples/digitalidentity/README.md

@@ -0,0 +1,46 @@
+## Table of Contents
+
+1) [Setup](#setup) -
+How to initialise the Yoti client
+
+1) [Running the digitalidentity examples](#running-the-profile-example) -
+Running the digitalidentity example
+
+## Setup
+
+The YotiClient is the SDK entry point. To initialise it you need include the following snippet inside your endpoint initialisation section:
+
+```Go
+clientSdkID := "your-client-sdk-id"
+key, err := os.ReadFile("path/to/your-application-pem-file.pem")
+if err != nil {
+    // handle key load error
+}
+
+client, err := yoti.NewClient(
+    clientSdkID,
+    key)
+```
+
+Where:
+
+* `"your-client-sdk-id"` is the SDK Client Identifier generated by Yoti Hub in the Key tab when you create your application.
+
+* `path/to/your-application-pem-file.pem` is the path to the application pem file. It can be downloaded from the Keys tab in the [Yoti Hub](https://hub.yoti.com/).
+
+Please do not open the pem file as this might corrupt the key, and you will need regenerate your key.
+
+Keeping your settings and access keys outside your repository is highly recommended. You can use a package like [godotenv](https://github.com/joho/godotenv) to manage environment variables more easily.
+
+
+## Running the DigitalIdentity Example
+
+1. Change directory to the profile example folder: `cd _examples/digitalidentity`
+2. On the [Yoti Hub](https://hub.yoti.com/):
+   1. Set the application domain of your app to `localhost:8080`
+   2. Set the scenario callback URL to `/digitalidentity`
+3. Rename the [.env.example](_examples/digitalidentity/.env.example) file to `.env` and fill in the required configuration values (mentioned in the [Configuration](#configuration) section)
+4. Build with `go build`
+5. Start the compiled program by running `./digitalidentity`
+
+Visiting `https://localhost:8080/` should show a webpage with a Yoti button rendered on it

_examples/digitalidentity/advanced_identity_profile.go

@@ -0,0 +1,70 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/getyoti/yoti-go-sdk/v3/digitalidentity"
+)
+
+var advancedIdentityProfile = []byte(`{
+		"profiles": [
+			{
+				"trust_framework": "YOTI_GLOBAL",
+				"schemes": [
+					{
+						"label": "LB321",
+						"type": "IDENTITY",
+						"objective": "AL_L1"
+					}
+				]
+			}
+		]
+	}`)
+
+func buildAdvancedIdentitySessionReq() (sessionSpec *digitalidentity.ShareSessionRequest, err error) {
+	policy, err := (&digitalidentity.PolicyBuilder{}).WithAdvancedIdentityProfileRequirements(advancedIdentityProfile).Build()
+	if err != nil {
+		return nil, fmt.Errorf("failed to build Advanced Identity Requirements policy: %v", err)
+	}
+
+	subject := []byte(`{
+		"subject_id": "unique-user-id-for-examples"
+	}`)
+
+	sessionReq, err := (&digitalidentity.ShareSessionRequestBuilder{}).WithPolicy(policy).WithRedirectUri("https://localhost:8080/v2/receipt-info").WithSubject(subject).Build()
+	if err != nil {
+		return nil, fmt.Errorf("failed to build create session request: %v", err)
+	}
+	return &sessionReq, nil
+}
+
+func generateAdvancedIdentitySession(w http.ResponseWriter, r *http.Request) {
+	didClient, err := initialiseDigitalIdentityClient()
+	if err != nil {
+		fmt.Fprintf(w, "Client could't be generated: %v", err)
+		return
+	}
+
+	sessionReq, err := buildAdvancedIdentitySessionReq()
+	if err != nil {
+		fmt.Fprintf(w, "failed to build session request: %v", err)
+		return
+	}
+
+	shareSession, err := didClient.CreateShareSession(sessionReq)
+	if err != nil {
+		fmt.Fprintf(w, "failed to create share session: %v", err)
+		return
+	}
+
+	output, err := json.Marshal(shareSession)
+	if err != nil {
+		fmt.Fprintf(w, "failed to marshall share session: %v", err)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	fmt.Fprintf(w, string(output))
+
+}

_examples/digitalidentity/certificatehelper.go

@@ -0,0 +1,175 @@
+package main
+
+import (
+	"crypto/ecdsa"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"log"
+	"math/big"
+	"net"
+	"os"
+	"strings"
+	"time"
+)
+
+var (
+	validFrom = ""
+	validFor  = 2 * 365 * 24 * time.Hour
+	isCA      = true
+	rsaBits   = 2048
+)
+
+func publicKey(priv interface{}) interface{} {
+	switch k := priv.(type) {
+	case *rsa.PrivateKey:
+		return &k.PublicKey
+	case *ecdsa.PrivateKey:
+		return &k.PublicKey
+	default:
+		return nil
+	}
+}
+
+func pemBlockForKey(priv interface{}) *pem.Block {
+	switch k := priv.(type) {
+	case *rsa.PrivateKey:
+		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
+	case *ecdsa.PrivateKey:
+		b, err := x509.MarshalECPrivateKey(k)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err)
+			os.Exit(2)
+		}
+		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
+	default:
+		return nil
+	}
+}
+
+func certificatePresenceCheck(certPath string, keyPath string) (present bool) {
+	if _, err := os.Stat(certPath); os.IsNotExist(err) {
+		return false
+	}
+	if _, err := os.Stat(keyPath); os.IsNotExist(err) {
+		return false
+	}
+	return true
+}
+
+func generateSelfSignedCertificate(certPath, keyPath, host string) error {
+	priv, err := rsa.GenerateKey(rand.Reader, rsaBits)
+	if err != nil {
+		log.Printf("failed to generate private key: %s", err)
+		return err
+	}
+
+	notBefore, err := parseNotBefore(validFrom)
+	if err != nil {
+		log.Printf("failed to parse 'Not Before' value of cert using validFrom %q, error was: %s", validFrom, err)
+		return err
+	}
+
+	notAfter := notBefore.Add(validFor)
+
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		log.Printf("failed to generate serial number: %s", err)
+		return err
+	}
+
+	template := x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			Organization: []string{"Yoti"},
+		},
+		NotBefore: notBefore,
+		NotAfter:  notAfter,
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+
+	hosts := strings.Split(host, ",")
+	for _, h := range hosts {
+		if ip := net.ParseIP(h); ip != nil {
+			template.IPAddresses = append(template.IPAddresses, ip)
+		} else {
+			template.DNSNames = append(template.DNSNames, h)
+		}
+	}
+
+	if isCA {
+		template.IsCA = true
+		template.KeyUsage |= x509.KeyUsageCertSign
+	}
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
+	if err != nil {
+		log.Printf("Failed to create certificate: %s", err)
+		return err
+	}
+
+	err = createPemFile(certPath, derBytes)
+	if err != nil {
+		log.Printf("failed to create pem file at %q: %s", certPath, err)
+		return err
+	}
+	log.Printf("written %s\n", certPath)
+
+	err = createKeyFile(keyPath, priv)
+	if err != nil {
+		log.Printf("failed to create key file at %q: %s", keyPath, err)
+		return err
+	}
+	log.Printf("written %s\n", keyPath)
+
+	return nil
+}
+
+func createPemFile(certPath string, derBytes []byte) error {
+	certOut, err := os.Create(certPath)
+
+	if err != nil {
+		log.Printf("failed to open "+certPath+" for writing: %s", err)
+		return err
+	}
+
+	defer certOut.Close()
+	err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+
+	return err
+}
+
+func createKeyFile(keyPath string, privateKey interface{}) error {
+	keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+
+	if err != nil {
+		log.Print("failed to open "+keyPath+" for writing:", err)
+		return err
+	}
+
+	defer keyOut.Close()
+	err = pem.Encode(keyOut, pemBlockForKey(privateKey))
+
+	return err
+}
+
+func parseNotBefore(validFrom string) (notBefore time.Time, err error) {
+	if len(validFrom) == 0 {
+		notBefore = time.Now()
+	} else {
+		notBefore, err = time.Parse("Jan 2 15:04:05 2006", validFrom)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err)
+			return time.Time{}, err
+		}
+	}
+
+	return notBefore, nil
+}