github.com/dknight/go-smartid
Package smartid implements an interface in Go to work with the Smart-ID API (https://www.smart-id.com). Smart-ID is used to easily and safely authenticate and sign documents online using only a smart phone. Smart-ID is a popular method in the Baltic countries of Estonia, Latvia, and Lithuania for authenticating and signing documents online for banks, social media, government offices, and other institutions. The bare minimum required to make an authentication request. Demonstarates synchronous way. Another example contains many more quest parameters for the signing method. Sign and Authenticate methods are similar and you can use the same AuthRequest parameters for both of them. This examples is asynchronous uses channel. Demonstration of siging with document number.
Readme
Package smartid implements an interface in Go to work with the Smart-ID API (https://www.smart-id.com). Smart-ID is used to easily and safely authenticate and sign documents online using only a smart phone. Smart-ID is a popular method in the Baltic countries of Estonia, Latvia, and Lithuania for authenticating and signing documents online for banks, social media, government offices, and other institutions.
Official Smart-ID technical documentation.
)
go get github.com/dknight/go-smartid
The bare minimum required to make an authentication request. Demonstarates synchronous way.
For more examples see full docs.
semid := NewSemanticIdentifier(IdentifierTypePNO, CountryEE, "30303039914")
client := NewClient("https:sid.demo.sk.ee/smart-id-rp/v2/", 5000)
request := AuthRequest{
// Replace in production with real RelyingPartyUUID.
RelyingPartyUUID: "00000000-0000-0000-0000-000000000000",
// Replace in production with real RelyingPartyName.
RelyingPartyName: "DEMO",
// It is good to generate new has for security reasons.
Hash: GenerateAuthHash(SHA512),
// We use personal ID as Identifier, also possible to use document number.
Identifier: semid,
}
// This blocks thread until it completes
resp, err := client.AuthenticateSync(context.TODO(), &request)
if err != nil {
log.Fatalln(err)
}
if _, err := resp.Validate(); err != nil {
log.Fatalln(err)
}
// It is also good to verify the certificate over secure. But it isn't
// mandatory, but strongly recommended.
//
certPaths := []string{"./certs/TEST_of_EID-SK_2016.pem.crt"}
if ok, err := resp.Cert.Verify(certPaths); !ok {
log.Fatalln(err)
}
identity := resp.GetIdentity()
fmt.Println("Name:", identity.CommonName)
fmt.Println("Personal ID:", identity.SerialNumber)
fmt.Println("Country:", identity.Country)
// Output:
// Name: TESTNUMBER,QUALIFIED OK1
// Personal ID: PNOEE-30303039914
// Country: EE
Another example contains many more quest parameters for the signing method. Sign and Authenticate methods are similar and you can use the same AuthRequest parameters for both of them.
This examples is asynchronous uses channel.
semid := NewSemanticIdentifier(IdentifierTypePNO, CountryEE, "30303039914")
client := NewClient("https://sid.demo.sk.ee/smart-id-rp/v2/", 5000)
request := AuthRequest{
// Replace in production with real RelyingPartyUUID.
RelyingPartyUUID: "00000000-0000-0000-0000-000000000000",
// Replace in production with real RelyingPartyName.
RelyingPartyName: "DEMO",
// It is good to generate new has for security reasons.
Hash: GenerateAuthHash(SHA384),
// HashType should be the same as in GenerateAuthHash.
HashType: SHA384,
// We use personal ID as Identifier, also possible to use document
// number.
Identifier: semid,
AuthType: AuthTypeEtsi,
CertificateLevel: CertLevelQualified,
AllowedInteractionsOrder: []AllowedInteractionsOrder{
{
Type: InteractionVerificationCodeChoice,
DisplayText60: "Welcome to Smart-ID!",
},
{
Type: InteractionDisplayTextAndPIN,
DisplayText200: "Welcome to Smart-ID! A bit longer text.",
},
},
}
resp := <-client.Sign(context.TODO(), &request)
if _, err := resp.Validate(); err != nil {
log.Fatalln(err)
}
// It is also good to verify the certificate over secure. But it isn't
// mandatory, but strongly recommended.
//
certPaths := []string{"./certs/TEST_of_EID-SK_2016.pem.crt"}
if ok, err := resp.Cert.Verify(certPaths); !ok {
log.Fatalln(err)
}
identity := resp.GetIdentity()
fmt.Println("Name:", identity.CommonName)
fmt.Println("Personal ID:", identity.SerialNumber)
fmt.Println("Country:", identity.Country)
// Output:
// Name: TESTNUMBER,QUALIFIED OK1
// Personal ID: PNOEE-30303039914
// Country: EE
For more examples see docs.
:private/ endpoint.response.Cert.GetX509Cert().SK test environment is very unstable. Possible technical problems might be:
go test
If in development you get an error x509: certificate signed by unknown authority. Then you need to install SK test certificates to your system.
Install certificates from directory ./certs to your operating system.
Fedora Linux example:
sudo cp ./certs/TEST_of_* /usr/share/pki/ca-trust-source/anchors/
sudo update-ca-trust
Then you can verify your certificate, but don't forget to replace with your personal certificate in production.
certPaths := []string{"./certs/TEST_of_EID-SK_2016.pem.crt"}
if ok, err := resp.Cert.Verify(certPaths); !ok {
log.Fatalln(err)
}
Any help is appreciated. Found a bug, typo, inaccuracy, etc.? Please do not hesitate and make pull request or issue.
MIT 2022-2023
FAQs
Package smartid implements an interface in Go to work with the Smart-ID API (https://www.smart-id.com). Smart-ID is used to easily and safely authenticate and sign documents online using only a smart phone. Smart-ID is a popular method in the Baltic countries of Estonia, Latvia, and Lithuania for authenticating and signing documents online for banks, social media, government offices, and other institutions. The bare minimum required to make an authentication request. Demonstarates synchronous way. Another example contains many more quest parameters for the signing method. Sign and Authenticate methods are similar and you can use the same AuthRequest parameters for both of them. This examples is asynchronous uses channel. Demonstration of siging with document number.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A hospital in Mobile, Alabama, agreed to a settlement in a landmark ransomware death lawsuit, but is now reportedly reconsidering the agreement and refusing to pay.
Security News
A new report explores how advancements in LLMs are enhancing cyber threats, including polymorphic malware, personalized spearphishing, and the risk of hijacking customer service bots.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.