From 4934c950f9cbaa6ac072c0ae506ac742352fc55a Mon Sep 17 00:00:00 2001 From: Volodymyr Kubiv Date: Mon, 23 Oct 2023 10:12:31 +0300 Subject: [PATCH] chore: update to latest vc-go. Signed-off-by: Volodymyr Kubiv --- .../credential/signer_test.go | 2 +- cmd/wallet-sdk-gomobile/display/resolve.go | 7 +- cmd/wallet-sdk-gomobile/go.mod | 12 +-- cmd/wallet-sdk-gomobile/go.sum | 35 ++----- .../openid4vp/interaction.go | 6 +- .../openid4vp/interaction_test.go | 4 +- .../verifiable/credentials_test.go | 4 +- .../verifiable/parsecredential.go | 10 +- cmd/wallet-sdk-js/go.mod | 12 +-- cmd/wallet-sdk-js/go.sum | 35 ++----- cmd/wallet-sdk-js/walletsdk/agent.go | 9 +- go.mod | 14 +-- go.sum | 35 ++----- pkg/api/api.go | 5 +- pkg/common/jwt_signer.go | 16 +++- pkg/common/jwt_signer_test.go | 16 ++-- pkg/common/keyresolver.go | 45 ++------- pkg/common/keyresolver_test.go | 31 +------ pkg/credentialquery/credentialquery.go | 11 ++- pkg/credentialschema/credentialschema_test.go | 2 +- pkg/credentialschema/opts.go | 8 +- pkg/credentialsigner/signer.go | 92 ++++++++++++++----- pkg/internal/issuermetadata/issuermetadata.go | 10 +- .../issuermetadata/issuermetadata_test.go | 7 +- pkg/openid4ci/interaction.go | 26 ++---- pkg/openid4ci/issuerinitiatedinteraction.go | 4 +- .../issuerinitiatedinteraction_test.go | 11 ++- pkg/openid4ci/walletinitiatedinteraction.go | 2 +- pkg/openid4vp/openid4vp.go | 43 ++++++--- pkg/openid4vp/openid4vp_test.go | 2 +- test/integration/credentialapi_test.go | 14 +-- test/integration/go.mod | 6 +- test/integration/go.sum | 12 +-- 33 files changed, 241 insertions(+), 307 deletions(-) diff --git a/cmd/wallet-sdk-gomobile/credential/signer_test.go b/cmd/wallet-sdk-gomobile/credential/signer_test.go index 1a0ad76a9..b38a936a8 100644 --- a/cmd/wallet-sdk-gomobile/credential/signer_test.go +++ b/cmd/wallet-sdk-gomobile/credential/signer_test.go @@ -67,7 +67,7 @@ func TestSigner_Issue(t *testing.T) { &mockCrypto{SignErr: expectErr}, ) - _, err := s.Issue(verifiable.NewCredential(mockCredential), "") + _, err := s.Issue(verifiable.NewCredential(mockCredential), "did:test:foo#key-1") require.Error(t, err) require.Contains(t, err.Error(), "signing credential") require.ErrorIs(t, err, expectErr) diff --git a/cmd/wallet-sdk-gomobile/display/resolve.go b/cmd/wallet-sdk-gomobile/display/resolve.go index ca6d7828d..06e3f8ade 100644 --- a/cmd/wallet-sdk-gomobile/display/resolve.go +++ b/cmd/wallet-sdk-gomobile/display/resolve.go @@ -10,7 +10,8 @@ package display import ( "errors" - "github.com/trustbloc/vc-go/jwt" + "github.com/trustbloc/vc-go/proof/defaults" + "github.com/trustbloc/wallet-sdk/pkg/common" afgoverifiable "github.com/trustbloc/vc-go/verifiable" @@ -77,10 +78,10 @@ func generateGoAPIOpts(vcs *verifiable.CredentialsArray, issuerURI string, } if opts.didResolver != nil { - jwtVerifier := jwt.NewVerifier(jwt.KeyResolverFunc( + jwtVerifier := defaults.NewDefaultProofChecker( common.NewVDRKeyResolver(&wrapper.VDRResolverWrapper{ DIDResolver: opts.didResolver, - }).PublicKeyFetcher())) + })) goAPIOpt := goapicredentialschema.WithJWTSignatureVerifier(jwtVerifier) diff --git a/cmd/wallet-sdk-gomobile/go.mod b/cmd/wallet-sdk-gomobile/go.mod index c52939174..3a1d0f908 100644 --- a/cmd/wallet-sdk-gomobile/go.mod +++ b/cmd/wallet-sdk-gomobile/go.mod @@ -14,9 +14,9 @@ require ( github.com/google/uuid v1.3.0 github.com/piprate/json-gold v0.5.1-0.20230111113000-6ddbe6e6f19f github.com/stretchr/testify v1.8.2 - github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9 + github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0 github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721 - github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2 + github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3 github.com/trustbloc/wallet-sdk v0.0.0-00010101000000-000000000000 ) @@ -60,16 +60,10 @@ require ( github.com/tidwall/pretty v1.2.0 // indirect github.com/tidwall/sjson v1.1.4 // indirect github.com/trustbloc/bbs-signature-go v1.0.0 // indirect - github.com/trustbloc/logutil-go v1.0.0-rc1 // indirect - github.com/trustbloc/sidetree-core-go v1.0.0 // indirect + github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - go.opentelemetry.io/otel v1.14.0 // indirect - go.opentelemetry.io/otel/trace v1.14.0 // indirect - go.uber.org/atomic v1.9.0 // indirect - go.uber.org/multierr v1.6.0 // indirect - go.uber.org/zap v1.23.0 // indirect golang.org/x/crypto v0.13.0 // indirect golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect golang.org/x/net v0.15.0 // indirect diff --git a/cmd/wallet-sdk-gomobile/go.sum b/cmd/wallet-sdk-gomobile/go.sum index 396dbc489..88f09deb4 100644 --- a/cmd/wallet-sdk-gomobile/go.sum +++ b/cmd/wallet-sdk-gomobile/go.sum @@ -11,8 +11,6 @@ github.com/VictoriaMetrics/fastcache v1.5.7/go.mod h1:ptDBkNMQI4RtmVo8VS/XwRY6Ro github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah4HI848JfFxHt+iPb26b4zyfspmqY0/8= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ= github.com/btcsuite/btcd v0.22.3 h1:kYNaWFvOw6xvqP0vR20RP1Zq1DVMBxEO8QN5d1/EfNg= github.com/btcsuite/btcd v0.22.3/go.mod h1:wqgTSL29+50LRkmOVknEdmt8ZojIzhuWvgu/iptuN7Y= @@ -45,10 +43,6 @@ github.com/evanphx/json-patch v4.1.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/go-jose/go-jose/v3 v3.0.1-0.20221117193127-916db76e8214 h1:w5li6eMV6NCHh1YVbKRM/gMCVtZ2w7mnwq78eNnHXQQ= github.com/go-jose/go-jose/v3 v3.0.1-0.20221117193127-916db76e8214/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -147,16 +141,14 @@ github.com/tidwall/sjson v1.1.4 h1:bTSsPLdAYF5QNLSwYsKfBKKTnlGbIuhqL3CpRsjzGhg= github.com/tidwall/sjson v1.1.4/go.mod h1:wXpKXu8CtDjKAZ+3DrKY5ROCorDFahq8l0tey/Lx1fg= github.com/trustbloc/bbs-signature-go v1.0.0 h1:JOKmPRTpjbbGODt71i3wJyiEBcu5XEoeSMQaM0WHR7Q= github.com/trustbloc/bbs-signature-go v1.0.0/go.mod h1:8xptu/lbVUDACQW10yiHtqATzC2kpTKQk5mKsKTD85Y= -github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9 h1:UA6QlD58VZnSd2EpFJCi9XctBY3naKouBOtjMss4ewc= -github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9/go.mod h1:qqTm9zd5rGhHSOtC8jjadqM01Od9zcDbUiUYLv+M6ls= +github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0 h1:ollAh0wYMpsKDCumZqNPHPWz1Ey81wkjGeoHdpNjV8M= +github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0/go.mod h1:N3/V/JFMBQldko9OjpTCxAt9UHv5/qcVJXAO1DaDDe4= github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721 h1:3zVBmT6aF+ovuLNuE3BTxhw2UrfaOHHCJ+1yVEI/f8A= github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721/go.mod h1:7arOSG9GewtV1WiqYZ23dSZ6haamosSABwyG//cRaXQ= -github.com/trustbloc/logutil-go v1.0.0-rc1 h1:rRJbvgQfrlUfyej+mY0nuQJymGqjRW4oZEwKi544F4c= -github.com/trustbloc/logutil-go v1.0.0-rc1/go.mod h1:JlxT0oZfNKgIlSNtgc001WEeDMxlnAvOM43gNm8DQVc= -github.com/trustbloc/sidetree-core-go v1.0.0 h1:kzfKZOJ0sgDy9D1AYNcoR3JHutqtMtKvF2P9UwUcDjU= -github.com/trustbloc/sidetree-core-go v1.0.0/go.mod h1:jdxAFuorlIwFOGVW6O455/lZqxg2mZkRHNTEolcZdDI= -github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2 h1:CVfpNobNz9nuIZlkHQvN+VYSDvVCEjAoyOATKpu+MUU= -github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2/go.mod h1:SnCw1mlpqWuRaKlcMGXlPqtu5Ggu7/a0WTvFXCrcJ0M= +github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd h1:hWWZ7lQSRK5FOcVhG5cUtwaNwWLYaz9wASiR5GyPtQE= +github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd/go.mod h1:3oQhk0vOdhaUpPEQBFBzwqH8t0d8bcP2XLU2orBY13U= +github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3 h1:mh7s/lAqcShmgpxYYDyTY+2fGs9COkBVYcTJGVvR/Y0= +github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3/go.mod h1:VuXhnz0ojxFCRL9dPxETYTtFPNNFHqzS1Ati/lnQs1o= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -164,21 +156,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM= -go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= -go.opentelemetry.io/otel/sdk v1.12.0 h1:8npliVYV7qc0t1FKdpU08eMnOjgPFMnriPhn0HH4q3o= -go.opentelemetry.io/otel/sdk v1.12.0/go.mod h1:WYcvtgquYvgODEvxOry5owO2y9MyciW7JqMz6cpXShE= -go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M= -go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY= -go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY= golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= diff --git a/cmd/wallet-sdk-gomobile/openid4vp/interaction.go b/cmd/wallet-sdk-gomobile/openid4vp/interaction.go index a96357dc8..2cd383fa6 100644 --- a/cmd/wallet-sdk-gomobile/openid4vp/interaction.go +++ b/cmd/wallet-sdk-gomobile/openid4vp/interaction.go @@ -14,8 +14,8 @@ import ( "fmt" "github.com/piprate/json-gold/ld" - "github.com/trustbloc/vc-go/jwt" "github.com/trustbloc/vc-go/presexch" + "github.com/trustbloc/vc-go/proof/defaults" afgoverifiable "github.com/trustbloc/vc-go/verifiable" "github.com/trustbloc/wallet-sdk/cmd/wallet-sdk-gomobile/api" @@ -94,10 +94,10 @@ func NewInteraction(args *Args, opts *Opts) (*Interaction, error) { //nolint:fun return nil, err } - jwtVerifier := jwt.NewVerifier(jwt.KeyResolverFunc( + jwtVerifier := defaults.NewDefaultProofChecker( common.NewVDRKeyResolver(&wrapper.VDRResolverWrapper{ DIDResolver: args.didRes, - }).PublicKeyFetcher())) + })) goAPIInteraction, err := openid4vp.NewInteraction( args.authorizationRequest, diff --git a/cmd/wallet-sdk-gomobile/openid4vp/interaction_test.go b/cmd/wallet-sdk-gomobile/openid4vp/interaction_test.go index 314ba5507..3437e71ec 100644 --- a/cmd/wallet-sdk-gomobile/openid4vp/interaction_test.go +++ b/cmd/wallet-sdk-gomobile/openid4vp/interaction_test.go @@ -19,6 +19,7 @@ import ( "github.com/trustbloc/kms-go/doc/jose/jwk" wrapperapi "github.com/trustbloc/kms-go/wrapper/api" + "github.com/trustbloc/wallet-sdk/cmd/wallet-sdk-gomobile/metricslogger/stderr" goapilocalkms "github.com/trustbloc/wallet-sdk/pkg/localkms" @@ -129,7 +130,8 @@ func TestNewInteraction(t *testing.T) { instance, err := NewInteraction(requiredArgs, nil) testutil.RequireErrorContains(t, err, "INVALID_AUTHORIZATION_REQUEST") testutil.RequireErrorContains(t, err, "verify request object: parse JWT: "+ - "parse JWT from compact JWS: resolve DID did:ion:EiDYWcDuP-EDjVyFWGFdpgPncar9A7OGFykdeX71ZTU-wg") + "parse JWT from compact JWS: invalid public key id: resolve DID "+ + "did:ion:EiDYWcDuP-EDjVyFWGFdpgPncar9A7OGFykdeX71ZTU-wg") require.Nil(t, instance) }) } diff --git a/cmd/wallet-sdk-gomobile/verifiable/credentials_test.go b/cmd/wallet-sdk-gomobile/verifiable/credentials_test.go index c00498c7b..8c80ee297 100644 --- a/cmd/wallet-sdk-gomobile/verifiable/credentials_test.go +++ b/cmd/wallet-sdk-gomobile/verifiable/credentials_test.go @@ -13,7 +13,7 @@ import ( "testing" "github.com/stretchr/testify/require" - afgojwt "github.com/trustbloc/vc-go/jwt" + "github.com/trustbloc/vc-go/crypto-ext/testutil" afgoverifiable "github.com/trustbloc/vc-go/verifiable" "github.com/trustbloc/wallet-sdk/cmd/wallet-sdk-gomobile/verifiable" @@ -160,7 +160,7 @@ func TestVerifiableCredential_ClaimTypes(t *testing.T) { _, privKey, err := ed25519.GenerateKey(rand.Reader) require.NoError(t, err) - universityDegreeVCSDJWT, err := universityDegreeVC.MakeSDJWT(afgojwt.NewEd25519Signer(privKey), + universityDegreeVCSDJWT, err := universityDegreeVC.MakeSDJWT(testutil.NewEd25519Signer(privKey), universityDegreeVC.Contents().Issuer.ID+"#keys-1") require.NoError(t, err) diff --git a/cmd/wallet-sdk-gomobile/verifiable/parsecredential.go b/cmd/wallet-sdk-gomobile/verifiable/parsecredential.go index 88f5b34ea..fb65519ae 100644 --- a/cmd/wallet-sdk-gomobile/verifiable/parsecredential.go +++ b/cmd/wallet-sdk-gomobile/verifiable/parsecredential.go @@ -9,11 +9,12 @@ package verifiable import ( "net/http" - "github.com/piprate/json-gold/ld" "github.com/trustbloc/vc-go/verifiable" "github.com/trustbloc/wallet-sdk/cmd/wallet-sdk-gomobile/wrapper" goapi "github.com/trustbloc/wallet-sdk/pkg/api" + "github.com/trustbloc/wallet-sdk/pkg/common" + "github.com/trustbloc/wallet-sdk/pkg/memstorage/legacy" ) // ParseCredential parses the given serialized VC into a VC object. @@ -37,8 +38,13 @@ func ParseCredential(vc string, opts *Opts) (*Credential, error) { httpClient.Timeout = goapi.DefaultHTTPTimeout } + goAPIDocumentLoader, err := common.CreateJSONLDDocumentLoader(httpClient, legacy.NewProvider()) + if err != nil { + return nil, wrapper.ToMobileError(err) + } + parseCredentialOpts = append(parseCredentialOpts, - verifiable.WithJSONLDDocumentLoader(ld.NewDefaultDocumentLoader(httpClient))) + verifiable.WithJSONLDDocumentLoader(goAPIDocumentLoader)) } else { wrappedLoader := &wrapper.DocumentLoaderWrapper{ DocumentLoader: opts.documentLoader, diff --git a/cmd/wallet-sdk-js/go.mod b/cmd/wallet-sdk-js/go.mod index 003523eb4..4a587360c 100644 --- a/cmd/wallet-sdk-js/go.mod +++ b/cmd/wallet-sdk-js/go.mod @@ -11,9 +11,9 @@ toolchain go1.21.0 require ( github.com/piprate/json-gold v0.5.1-0.20230111113000-6ddbe6e6f19f github.com/stretchr/testify v1.8.2 - github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9 + github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0 github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721 - github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2 + github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3 github.com/trustbloc/wallet-sdk v0.0.0-00010101000000-000000000000 ) @@ -59,16 +59,10 @@ require ( github.com/tidwall/pretty v1.2.0 // indirect github.com/tidwall/sjson v1.1.4 // indirect github.com/trustbloc/bbs-signature-go v1.0.0 // indirect - github.com/trustbloc/logutil-go v1.0.0-rc1 // indirect - github.com/trustbloc/sidetree-core-go v1.0.0 // indirect + github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - go.opentelemetry.io/otel v1.14.0 // indirect - go.opentelemetry.io/otel/trace v1.14.0 // indirect - go.uber.org/atomic v1.9.0 // indirect - go.uber.org/multierr v1.6.0 // indirect - go.uber.org/zap v1.23.0 // indirect golang.org/x/crypto v0.10.0 // indirect golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect golang.org/x/net v0.10.0 // indirect diff --git a/cmd/wallet-sdk-js/go.sum b/cmd/wallet-sdk-js/go.sum index 06814475e..377a19f09 100644 --- a/cmd/wallet-sdk-js/go.sum +++ b/cmd/wallet-sdk-js/go.sum @@ -11,8 +11,6 @@ github.com/VictoriaMetrics/fastcache v1.5.7/go.mod h1:ptDBkNMQI4RtmVo8VS/XwRY6Ro github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah4HI848JfFxHt+iPb26b4zyfspmqY0/8= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ= github.com/btcsuite/btcd v0.22.3 h1:kYNaWFvOw6xvqP0vR20RP1Zq1DVMBxEO8QN5d1/EfNg= github.com/btcsuite/btcd v0.22.3/go.mod h1:wqgTSL29+50LRkmOVknEdmt8ZojIzhuWvgu/iptuN7Y= @@ -45,10 +43,6 @@ github.com/evanphx/json-patch v4.1.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/go-jose/go-jose/v3 v3.0.1-0.20221117193127-916db76e8214 h1:w5li6eMV6NCHh1YVbKRM/gMCVtZ2w7mnwq78eNnHXQQ= github.com/go-jose/go-jose/v3 v3.0.1-0.20221117193127-916db76e8214/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -147,16 +141,14 @@ github.com/tidwall/sjson v1.1.4 h1:bTSsPLdAYF5QNLSwYsKfBKKTnlGbIuhqL3CpRsjzGhg= github.com/tidwall/sjson v1.1.4/go.mod h1:wXpKXu8CtDjKAZ+3DrKY5ROCorDFahq8l0tey/Lx1fg= github.com/trustbloc/bbs-signature-go v1.0.0 h1:JOKmPRTpjbbGODt71i3wJyiEBcu5XEoeSMQaM0WHR7Q= github.com/trustbloc/bbs-signature-go v1.0.0/go.mod h1:8xptu/lbVUDACQW10yiHtqATzC2kpTKQk5mKsKTD85Y= -github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9 h1:UA6QlD58VZnSd2EpFJCi9XctBY3naKouBOtjMss4ewc= -github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9/go.mod h1:qqTm9zd5rGhHSOtC8jjadqM01Od9zcDbUiUYLv+M6ls= +github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0 h1:ollAh0wYMpsKDCumZqNPHPWz1Ey81wkjGeoHdpNjV8M= +github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0/go.mod h1:N3/V/JFMBQldko9OjpTCxAt9UHv5/qcVJXAO1DaDDe4= github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721 h1:3zVBmT6aF+ovuLNuE3BTxhw2UrfaOHHCJ+1yVEI/f8A= github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721/go.mod h1:7arOSG9GewtV1WiqYZ23dSZ6haamosSABwyG//cRaXQ= -github.com/trustbloc/logutil-go v1.0.0-rc1 h1:rRJbvgQfrlUfyej+mY0nuQJymGqjRW4oZEwKi544F4c= -github.com/trustbloc/logutil-go v1.0.0-rc1/go.mod h1:JlxT0oZfNKgIlSNtgc001WEeDMxlnAvOM43gNm8DQVc= -github.com/trustbloc/sidetree-core-go v1.0.0 h1:kzfKZOJ0sgDy9D1AYNcoR3JHutqtMtKvF2P9UwUcDjU= -github.com/trustbloc/sidetree-core-go v1.0.0/go.mod h1:jdxAFuorlIwFOGVW6O455/lZqxg2mZkRHNTEolcZdDI= -github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2 h1:CVfpNobNz9nuIZlkHQvN+VYSDvVCEjAoyOATKpu+MUU= -github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2/go.mod h1:SnCw1mlpqWuRaKlcMGXlPqtu5Ggu7/a0WTvFXCrcJ0M= +github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd h1:hWWZ7lQSRK5FOcVhG5cUtwaNwWLYaz9wASiR5GyPtQE= +github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd/go.mod h1:3oQhk0vOdhaUpPEQBFBzwqH8t0d8bcP2XLU2orBY13U= +github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3 h1:mh7s/lAqcShmgpxYYDyTY+2fGs9COkBVYcTJGVvR/Y0= +github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3/go.mod h1:VuXhnz0ojxFCRL9dPxETYTtFPNNFHqzS1Ati/lnQs1o= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -164,21 +156,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM= -go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= -go.opentelemetry.io/otel/sdk v1.12.0 h1:8npliVYV7qc0t1FKdpU08eMnOjgPFMnriPhn0HH4q3o= -go.opentelemetry.io/otel/sdk v1.12.0/go.mod h1:WYcvtgquYvgODEvxOry5owO2y9MyciW7JqMz6cpXShE= -go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M= -go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY= -go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY= golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= diff --git a/cmd/wallet-sdk-js/walletsdk/agent.go b/cmd/wallet-sdk-js/walletsdk/agent.go index fd783b2d5..ebc0b36a4 100644 --- a/cmd/wallet-sdk-js/walletsdk/agent.go +++ b/cmd/wallet-sdk-js/walletsdk/agent.go @@ -12,6 +12,8 @@ import ( "fmt" "net/http" + "github.com/trustbloc/vc-go/proof/defaults" + "github.com/trustbloc/wallet-sdk/pkg/did/creator/ion" didjwk "github.com/trustbloc/wallet-sdk/pkg/did/creator/jwk" @@ -21,7 +23,6 @@ import ( jsonld "github.com/piprate/json-gold/ld" "github.com/trustbloc/did-go/doc/did" arieskms "github.com/trustbloc/kms-go/spi/kms" - "github.com/trustbloc/vc-go/jwt" "github.com/trustbloc/vc-go/presexch" "github.com/trustbloc/vc-go/verifiable" @@ -123,10 +124,8 @@ func (a *Agent) CreateOpenID4CIIssuerInitiatedInteraction( func (a *Agent) CreateOpenID4VPInteraction( authorizationRequest string, ) (*OpenID4VPInteraction, error) { - jwtVerifier := jwt.NewVerifier(jwt.KeyResolverFunc( - common.NewVDRKeyResolver( - a.didResolver, - ).PublicKeyFetcher())) + jwtVerifier := defaults.NewDefaultProofChecker( + common.NewVDRKeyResolver(a.didResolver)) interaction, err := openid4vp.NewInteraction(authorizationRequest, jwtVerifier, a.didResolver, a.crypto, a.docLoader) diff --git a/go.mod b/go.mod index 3ad78c838..bc27f1693 100644 --- a/go.mod +++ b/go.mod @@ -9,13 +9,12 @@ go 1.21 require ( github.com/go-jose/go-jose/v3 v3.0.1-0.20221117193127-916db76e8214 - github.com/google/tink/go v1.7.0 github.com/google/uuid v1.3.0 github.com/piprate/json-gold v0.5.1-0.20230111113000-6ddbe6e6f19f github.com/stretchr/testify v1.8.2 - github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9 + github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0 github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721 - github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2 + github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3 golang.org/x/oauth2 v0.7.0 ) @@ -34,6 +33,7 @@ require ( github.com/evanphx/json-patch v4.1.0+incompatible // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/golang/snappy v0.0.4 // indirect + github.com/google/tink/go v1.7.0 // indirect github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2 // indirect github.com/kawamuray/jsonpath v0.0.0-20201211160320-7483bafabd7e // indirect github.com/kilic/bls12-381 v0.1.1-0.20210503002446-7b7597926c69 // indirect @@ -58,16 +58,10 @@ require ( github.com/tidwall/pretty v1.2.0 // indirect github.com/tidwall/sjson v1.1.4 // indirect github.com/trustbloc/bbs-signature-go v1.0.0 // indirect - github.com/trustbloc/logutil-go v1.0.0-rc1 // indirect - github.com/trustbloc/sidetree-core-go v1.0.0 // indirect + github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - go.opentelemetry.io/otel v1.14.0 // indirect - go.opentelemetry.io/otel/trace v1.14.0 // indirect - go.uber.org/atomic v1.9.0 // indirect - go.uber.org/multierr v1.6.0 // indirect - go.uber.org/zap v1.23.0 // indirect golang.org/x/crypto v0.1.0 // indirect golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect golang.org/x/net v0.9.0 // indirect diff --git a/go.sum b/go.sum index 60ee6d21b..2ef2277e7 100644 --- a/go.sum +++ b/go.sum @@ -11,8 +11,6 @@ github.com/VictoriaMetrics/fastcache v1.5.7/go.mod h1:ptDBkNMQI4RtmVo8VS/XwRY6Ro github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah4HI848JfFxHt+iPb26b4zyfspmqY0/8= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ= github.com/btcsuite/btcd v0.22.3 h1:kYNaWFvOw6xvqP0vR20RP1Zq1DVMBxEO8QN5d1/EfNg= github.com/btcsuite/btcd v0.22.3/go.mod h1:wqgTSL29+50LRkmOVknEdmt8ZojIzhuWvgu/iptuN7Y= @@ -45,10 +43,6 @@ github.com/evanphx/json-patch v4.1.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/go-jose/go-jose/v3 v3.0.1-0.20221117193127-916db76e8214 h1:w5li6eMV6NCHh1YVbKRM/gMCVtZ2w7mnwq78eNnHXQQ= github.com/go-jose/go-jose/v3 v3.0.1-0.20221117193127-916db76e8214/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -147,16 +141,14 @@ github.com/tidwall/sjson v1.1.4 h1:bTSsPLdAYF5QNLSwYsKfBKKTnlGbIuhqL3CpRsjzGhg= github.com/tidwall/sjson v1.1.4/go.mod h1:wXpKXu8CtDjKAZ+3DrKY5ROCorDFahq8l0tey/Lx1fg= github.com/trustbloc/bbs-signature-go v1.0.0 h1:JOKmPRTpjbbGODt71i3wJyiEBcu5XEoeSMQaM0WHR7Q= github.com/trustbloc/bbs-signature-go v1.0.0/go.mod h1:8xptu/lbVUDACQW10yiHtqATzC2kpTKQk5mKsKTD85Y= -github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9 h1:UA6QlD58VZnSd2EpFJCi9XctBY3naKouBOtjMss4ewc= -github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9/go.mod h1:qqTm9zd5rGhHSOtC8jjadqM01Od9zcDbUiUYLv+M6ls= +github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0 h1:ollAh0wYMpsKDCumZqNPHPWz1Ey81wkjGeoHdpNjV8M= +github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0/go.mod h1:N3/V/JFMBQldko9OjpTCxAt9UHv5/qcVJXAO1DaDDe4= github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721 h1:3zVBmT6aF+ovuLNuE3BTxhw2UrfaOHHCJ+1yVEI/f8A= github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721/go.mod h1:7arOSG9GewtV1WiqYZ23dSZ6haamosSABwyG//cRaXQ= -github.com/trustbloc/logutil-go v1.0.0-rc1 h1:rRJbvgQfrlUfyej+mY0nuQJymGqjRW4oZEwKi544F4c= -github.com/trustbloc/logutil-go v1.0.0-rc1/go.mod h1:JlxT0oZfNKgIlSNtgc001WEeDMxlnAvOM43gNm8DQVc= -github.com/trustbloc/sidetree-core-go v1.0.0 h1:kzfKZOJ0sgDy9D1AYNcoR3JHutqtMtKvF2P9UwUcDjU= -github.com/trustbloc/sidetree-core-go v1.0.0/go.mod h1:jdxAFuorlIwFOGVW6O455/lZqxg2mZkRHNTEolcZdDI= -github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2 h1:CVfpNobNz9nuIZlkHQvN+VYSDvVCEjAoyOATKpu+MUU= -github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2/go.mod h1:SnCw1mlpqWuRaKlcMGXlPqtu5Ggu7/a0WTvFXCrcJ0M= +github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd h1:hWWZ7lQSRK5FOcVhG5cUtwaNwWLYaz9wASiR5GyPtQE= +github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd/go.mod h1:3oQhk0vOdhaUpPEQBFBzwqH8t0d8bcP2XLU2orBY13U= +github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3 h1:mh7s/lAqcShmgpxYYDyTY+2fGs9COkBVYcTJGVvR/Y0= +github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3/go.mod h1:VuXhnz0ojxFCRL9dPxETYTtFPNNFHqzS1Ati/lnQs1o= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -164,21 +156,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM= -go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= -go.opentelemetry.io/otel/sdk v1.12.0 h1:8npliVYV7qc0t1FKdpU08eMnOjgPFMnriPhn0HH4q3o= -go.opentelemetry.io/otel/sdk v1.12.0/go.mod h1:WYcvtgquYvgODEvxOry5owO2y9MyciW7JqMz6cpXShE= -go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M= -go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY= -go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY= golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= diff --git a/pkg/api/api.go b/pkg/api/api.go index e36b75804..6a7530981 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -14,6 +14,7 @@ import ( "github.com/trustbloc/kms-go/doc/jose" "github.com/trustbloc/kms-go/doc/jose/jwk" "github.com/trustbloc/kms-go/spi/kms" + "github.com/trustbloc/vc-go/jwt" "github.com/trustbloc/vc-go/verifiable" ) @@ -71,8 +72,8 @@ type Crypto interface { // JWTSigner defines interface for JWT signing operation. type JWTSigner interface { GetKeyID() string - Sign(data []byte) ([]byte, error) - Headers() jose.Headers + SignJWT(sigParams jwt.SignParameters, data []byte) ([]byte, error) + CreateJWTHeaders(sigParams jwt.SignParameters) (jose.Headers, error) } // JSONWebKeySet represents a JWK Set object. diff --git a/pkg/common/jwt_signer.go b/pkg/common/jwt_signer.go index 383b5e141..07a7497d8 100644 --- a/pkg/common/jwt_signer.go +++ b/pkg/common/jwt_signer.go @@ -16,6 +16,7 @@ import ( "github.com/trustbloc/kms-go/doc/jose/jwk" "github.com/trustbloc/kms-go/doc/util/jwkkid" "github.com/trustbloc/kms-go/spi/kms" + "github.com/trustbloc/vc-go/jwt" "github.com/trustbloc/vc-go/verifiable" "github.com/trustbloc/wallet-sdk/pkg/api" @@ -124,15 +125,20 @@ func (s *JWSSigner) GetKeyID() string { return s.keyID } -// Sign signs jwt token. -func (s *JWSSigner) Sign(data []byte) ([]byte, error) { +// Algorithm return jwt algorithm. +func (s *JWSSigner) Algorithm() string { + return s.algorithm +} + +// SignJWT signs jwt token. +func (s *JWSSigner) SignJWT(_ jwt.SignParameters, data []byte) ([]byte, error) { return s.crypto.Sign(data, s.cryptoKID) } -// Headers provides JWS headers. -func (s *JWSSigner) Headers() jose.Headers { +// CreateJWTHeaders provides JWS headers. +func (s *JWSSigner) CreateJWTHeaders(_ jwt.SignParameters) (jose.Headers, error) { return jose.Headers{ jose.HeaderKeyID: s.keyID, jose.HeaderAlgorithm: s.algorithm, - } + }, nil } diff --git a/pkg/common/jwt_signer_test.go b/pkg/common/jwt_signer_test.go index d7de78f38..880896b57 100644 --- a/pkg/common/jwt_signer_test.go +++ b/pkg/common/jwt_signer_test.go @@ -19,6 +19,7 @@ import ( "github.com/trustbloc/kms-go/doc/jose/jwk/jwksupport" "github.com/trustbloc/kms-go/doc/util/jwkkid" "github.com/trustbloc/kms-go/spi/kms" + "github.com/trustbloc/vc-go/jwt" "github.com/trustbloc/wallet-sdk/pkg/common" "github.com/trustbloc/wallet-sdk/pkg/models" @@ -79,8 +80,7 @@ func TestNewJWSSigner(t *testing.T) { &cryptoMock{}) require.NoError(t, err) require.NotNil(t, signer) - alg, hasAlg := signer.Headers().Algorithm() - require.True(t, hasAlg) + alg := signer.Algorithm() require.Equal(t, successCase.expectedAlg, alg) }) } @@ -162,14 +162,18 @@ func TestJWSSigner_Sign(t *testing.T) { &cryptoMock{Signature: []byte("mock sig")}) require.NoError(t, err) - sig, err := signer.Sign([]byte("test data")) + sig, err := signer.SignJWT(jwt.SignParameters{}, []byte("test data")) require.NoError(t, err) require.Equal(t, sig, []byte("mock sig")) - require.Equal(t, signer.Headers()["kid"], "testKeyID") require.Equal(t, signer.GetKeyID(), "testKeyID") - require.Equal(t, signer.Headers()["alg"], "EdDSA") + require.Equal(t, signer.Algorithm(), "EdDSA") + + headers, err := signer.CreateJWTHeaders(jwt.SignParameters{}) + require.NoError(t, err) + require.Equal(t, headers["kid"], "testKeyID") + require.Equal(t, headers["alg"], "EdDSA") }) t.Run("Failed", func(t *testing.T) { @@ -182,7 +186,7 @@ func TestJWSSigner_Sign(t *testing.T) { &cryptoMock{Err: errors.New("test error")}) require.NoError(t, err) - _, err = s.Sign([]byte("test data")) + _, err = s.SignJWT(jwt.SignParameters{}, []byte("test data")) require.Error(t, err) }) } diff --git a/pkg/common/keyresolver.go b/pkg/common/keyresolver.go index 6906158e5..c15c20fef 100644 --- a/pkg/common/keyresolver.go +++ b/pkg/common/keyresolver.go @@ -8,49 +8,22 @@ SPDX-License-Identifier: Apache-2.0 package common import ( - "fmt" - "strings" - - "github.com/trustbloc/vc-go/signature/verifier" - "github.com/trustbloc/vc-go/verifiable" + diddoc "github.com/trustbloc/did-go/doc/did" + vdrapi "github.com/trustbloc/did-go/vdr/api" + "github.com/trustbloc/vc-go/vermethod" "github.com/trustbloc/wallet-sdk/pkg/api" ) -// VDRKeyResolver resolves DID in order to find public keys for VC verification using vdr.Registry. -// A source of DID could be issuer of VC or holder of VP. It can be also obtained from -// JWS "issuer" claim or "verificationMethod" of Linked Data Proof. -type VDRKeyResolver struct { - resolver api.DIDResolver -} - // NewVDRKeyResolver creates VDRKeyResolver. -func NewVDRKeyResolver(resolver api.DIDResolver) *VDRKeyResolver { - return &VDRKeyResolver{resolver: resolver} +func NewVDRKeyResolver(resolver api.DIDResolver) *vermethod.VDRResolver { + return vermethod.NewVDRResolver(&didResolverWrapper{didResolver: resolver}) } -func (r *VDRKeyResolver) resolvePublicKey(issuerDID, keyID string) (*verifier.PublicKey, error) { - docResolution, err := r.resolver.Resolve(issuerDID) - if err != nil { - return nil, fmt.Errorf("resolve DID %s: %w", issuerDID, err) - } - - for _, verifications := range docResolution.DIDDocument.VerificationMethods() { - for _, verification := range verifications { - if strings.Contains(verification.VerificationMethod.ID, keyID) { - return &verifier.PublicKey{ - Type: verification.VerificationMethod.Type, - Value: verification.VerificationMethod.Value, - JWK: verification.VerificationMethod.JSONWebKey(), - }, nil - } - } - } - - return nil, fmt.Errorf("public key with KID %s is not found for DID %s", keyID, issuerDID) +type didResolverWrapper struct { + didResolver api.DIDResolver } -// PublicKeyFetcher returns Public Key Fetcher via DID resolution mechanism. -func (r *VDRKeyResolver) PublicKeyFetcher() verifiable.PublicKeyFetcher { - return r.resolvePublicKey +func (d *didResolverWrapper) Resolve(did string, _ ...vdrapi.DIDMethodOption) (*diddoc.DocResolution, error) { + return d.didResolver.Resolve(did) } diff --git a/pkg/common/keyresolver_test.go b/pkg/common/keyresolver_test.go index 648e35f6a..b4294b36a 100644 --- a/pkg/common/keyresolver_test.go +++ b/pkg/common/keyresolver_test.go @@ -7,8 +7,6 @@ SPDX-License-Identifier: Apache-2.0 package common_test import ( - "errors" - "fmt" "testing" "github.com/stretchr/testify/require" @@ -24,8 +22,6 @@ func TestDIDKeyResolver_Resolve(t *testing.T) { didDoc := createDIDDoc() publicKey := didDoc.VerificationMethod[0] - authentication := didDoc.Authentication[0] - assertionMethod := didDoc.AssertionMethod[0] vdrRegistry := &mockvdr.VDRegistry{ ResolveValue: didDoc, @@ -34,35 +30,12 @@ func TestDIDKeyResolver_Resolve(t *testing.T) { resolver := common.NewVDRKeyResolver(&vdrResolverAdapter{vdr: vdrRegistry}) req.NotNil(resolver) - pubKey, err := resolver.PublicKeyFetcher()(didDoc.ID, publicKey.ID) + pubKey, err := resolver.ResolveVerificationMethod(publicKey.ID) req.NoError(err) req.Equal(publicKey.Value, pubKey.Value) req.Equal("Ed25519VerificationKey2018", pubKey.Type) req.NotNil(pubKey.JWK) req.Equal(pubKey.JWK.Algorithm, "EdDSA") - - authPubKey, err := resolver.PublicKeyFetcher()(didDoc.ID, authentication.VerificationMethod.ID) - req.NoError(err) - req.Equal(authentication.VerificationMethod.Value, authPubKey.Value) - req.Equal("Ed25519VerificationKey2018", authPubKey.Type) - req.NotNil(authPubKey.JWK) - req.Equal(authPubKey.JWK.Algorithm, "EdDSA") - - assertMethPubKey, err := resolver.PublicKeyFetcher()(didDoc.ID, assertionMethod.VerificationMethod.ID) - req.NoError(err) - req.Equal(assertionMethod.VerificationMethod.Value, assertMethPubKey.Value) - req.Equal("Ed25519VerificationKey2018", assertMethPubKey.Type) - - pubKey, err = resolver.PublicKeyFetcher()(didDoc.ID, "invalid key") - req.Error(err) - req.EqualError(err, fmt.Sprintf("public key with KID invalid key is not found for DID %s", didDoc.ID)) - req.Nil(pubKey) - - vdrRegistry.ResolveErr = errors.New("resolver error") - pubKey, err = resolver.PublicKeyFetcher()(didDoc.ID, "") - req.Error(err) - req.EqualError(err, fmt.Sprintf("resolve DID %s: resolver error", didDoc.ID)) - req.Nil(pubKey) } type vdrResolverAdapter struct { @@ -108,7 +81,7 @@ func createDIDDoc() *did.Doc { "authentication": [ { "controller": "did:test:2WxUJa8nVjXr5yS69JWoKZ", - "id": "did:test:2WxUJa8nVjXr5yS69JWoKZ#keys-1", + "id": "did:test:2WxUJa8nVjXr5yS69JWoKZ#keys-2", "publicKeyJwk": { "kty": "OKP", "crv": "Ed25519", diff --git a/pkg/credentialquery/credentialquery.go b/pkg/credentialquery/credentialquery.go index 401482561..adff037a8 100644 --- a/pkg/credentialquery/credentialquery.go +++ b/pkg/credentialquery/credentialquery.go @@ -9,7 +9,9 @@ package credentialquery import ( "github.com/piprate/json-gold/ld" + "github.com/trustbloc/bbs-signature-go/bbs12381g2pub" "github.com/trustbloc/vc-go/presexch" + "github.com/trustbloc/vc-go/proof/defaults" "github.com/trustbloc/vc-go/verifiable" "github.com/trustbloc/wallet-sdk/pkg/api" @@ -62,14 +64,21 @@ func (c *Instance) GetSubmissionRequirements( opt(qOpts) } + bbsProofCreator := &verifiable.BBSProofCreator{ + ProofDerivation: bbs12381g2pub.New(), + VerificationMethodResolver: common.NewVDRKeyResolver(qOpts.didResolver), + } + var matchOpts []presexch.MatchRequirementsOpt if qOpts.applySelectiveDisclosure { matchOpts = append(matchOpts, presexch.WithSelectiveDisclosureApply(), + presexch.WithSDBBSProofCreator(bbsProofCreator), presexch.WithSDCredentialOptions( verifiable.WithDisabledProofCheck(), verifiable.WithJSONLDDocumentLoader(c.documentLoader), - verifiable.WithPublicKeyFetcher(common.NewVDRKeyResolver(qOpts.didResolver).PublicKeyFetcher()), + verifiable.WithProofChecker( + defaults.NewDefaultProofChecker(common.NewVDRKeyResolver(qOpts.didResolver))), ), ) } diff --git a/pkg/credentialschema/credentialschema_test.go b/pkg/credentialschema/credentialschema_test.go index 2c32e094e..266b0915c 100644 --- a/pkg/credentialschema/credentialschema_test.go +++ b/pkg/credentialschema/credentialschema_test.go @@ -626,6 +626,6 @@ func ordersMatch(order1, order2 *int) bool { type mockSignatureVerifier struct{} -func (*mockSignatureVerifier) Verify(jose.Headers, []byte, []byte, []byte) error { +func (*mockSignatureVerifier) CheckJWTProof(jose.Headers, []byte, []byte, []byte) error { return nil } diff --git a/pkg/credentialschema/opts.go b/pkg/credentialschema/opts.go index c512b8267..9d0d7c598 100644 --- a/pkg/credentialschema/opts.go +++ b/pkg/credentialschema/opts.go @@ -10,7 +10,7 @@ import ( "errors" "net/http" - "github.com/trustbloc/kms-go/doc/jose" + "github.com/trustbloc/vc-go/jwt" "github.com/trustbloc/vc-go/verifiable" @@ -54,7 +54,7 @@ type resolveOpts struct { metricsLogger api.MetricsLogger httpClient httpClient maskingString *string - signatureVerifier jose.SignatureVerifier + signatureVerifier jwt.ProofChecker } // ResolveOpt represents an option for the Resolve function. @@ -156,7 +156,7 @@ func WithMaskingString(maskingString string) ResolveOpt { // WithJWTSignatureVerifier is an option that allows a caller to pass in a signature verifier. If the issuer metadata is // retrieved from the issuer via an issuerURI, and it's signed, then a signature verifier must be provided so that // the issuer metadata's signature can be verified. -func WithJWTSignatureVerifier(signatureVerifier jose.SignatureVerifier) ResolveOpt { +func WithJWTSignatureVerifier(signatureVerifier jwt.ProofChecker) ResolveOpt { return func(opts *resolveOpts) { opts.signatureVerifier = signatureVerifier } @@ -263,7 +263,7 @@ func processVCOpts(credentialSource *credentialSource) ([]*verifiable.Credential } func processIssuerMetadataOpts(issuerMetadataSource *issuerMetadataSource, httpClient httpClient, - metricsLogger api.MetricsLogger, signatureVerifier jose.SignatureVerifier, + metricsLogger api.MetricsLogger, signatureVerifier jwt.ProofChecker, ) (*issuer.Metadata, error) { if issuerMetadataSource.metadata != nil { return issuerMetadataSource.metadata, nil diff --git a/pkg/credentialsigner/signer.go b/pkg/credentialsigner/signer.go index 65f2544de..38b8a48fc 100644 --- a/pkg/credentialsigner/signer.go +++ b/pkg/credentialsigner/signer.go @@ -10,10 +10,9 @@ package credentialsigner import ( "errors" "fmt" + "strings" diddoc "github.com/trustbloc/did-go/doc/did" - vdrapi "github.com/trustbloc/did-go/vdr/api" - "github.com/trustbloc/vc-go/jwt/didsignjwt" "github.com/trustbloc/vc-go/verifiable" "github.com/trustbloc/wallet-sdk/pkg/api" @@ -44,6 +43,8 @@ const ( ExternalJWTProofFormat = "ExternalJWTProofFormat" // EmbeddedLDProofFormat indicates that a credential or presentation should be signed with an embedded LD proof. EmbeddedLDProofFormat = "EmbeddedLDProofFormat" + // number of sections in verification method. + vmSectionCount = 2 ) // ProofOptions contains options for issuing a credential. @@ -73,7 +74,7 @@ func (s *Signer) Issue(credential *verifiable.Credential, proofOptions *ProofOpt func (s *Signer) issueJWTVC(unsignedVC *verifiable.Credential, proofOptions *ProofOptions, ) (*verifiable.Credential, error) { - docVM, fullKID, err := didsignjwt.ResolveSigningVM(proofOptions.KeyID, &didResolverWrapper{didResolver: s.didResolver}) + docVM, fullKID, _, err := resolveSigningVMWithRelationship(proofOptions.KeyID, s.didResolver) if err != nil { return nil, fmt.Errorf("resolving verification method for signing key: %w", err) } @@ -85,17 +86,12 @@ func (s *Signer) issueJWTVC(unsignedVC *verifiable.Credential, proofOptions *Pro return nil, fmt.Errorf("initializing jwt signer: %w", err) } - alg, hasAlg := jwtSigner.Headers().Algorithm() - if !hasAlg { - return nil, fmt.Errorf("signer missing algorithm header") - } - - vcAlg, err := algByName(alg) + vcAlg, err := algByName(jwtSigner.Algorithm()) if err != nil { return nil, err } - vc, err := unsignedVC.CreateSignedJWTVC(false, vcAlg, &signerWrapper{jwtSigner}, fullKID) + vc, err := unsignedVC.CreateSignedJWTVC(false, vcAlg, jwtSigner, fullKID) if err != nil { return nil, fmt.Errorf("failed to create JWT VC: %w", err) } @@ -124,26 +120,74 @@ func algByName(alg string) (verifiable.JWSAlgorithm, error) { } } -type signerWrapper struct { - signer api.JWTSigner -} +// resolveSigningVMWithRelationship resolves a DID KeyID using the given did resolver, and returns either: +// +// - the Verification Method identified by the given key ID, or +// - the first Assertion Method in the DID doc, if the DID provided has no fragment component. +// +// Returns: +// - a verification method suitable for signing. +// - the full DID#KID identifier of the returned verification method. +// - the name of the signing-supporting verification relationship found for this verification method. +func resolveSigningVMWithRelationship( + kid string, + didResolver api.DIDResolver, +) (*diddoc.VerificationMethod, string, string, error) { + vmSplit := strings.Split(kid, "#") + + if len(vmSplit) != vmSectionCount { + return nil, "", "", errors.New("invalid verification method format") + } + + signingDID := vmSplit[0] + + docRes, err := didResolver.Resolve(signingDID) + if err != nil { + return nil, "", "", fmt.Errorf("failed to resolve signing DID: %w", err) + } + + vmID := vmSplit[vmSectionCount-1] -// Sign wraps api.JWTSigner. -func (s *signerWrapper) Sign(data []byte) ([]byte, error) { - return s.signer.Sign(data) + for _, verifications := range docRes.DIDDocument.VerificationMethods() { + for _, verification := range verifications { + if isSigningKey(verification.Relationship) && vmIDFragmentOnly(verification.VerificationMethod.ID) == vmID { + vm := verification.VerificationMethod + + return &vm, kid, verificationRelationshipName(verification.Relationship), nil + } + } + } + + return nil, "", "", fmt.Errorf("did document has no verification method with given ID") } -// Alg returns the alg field from api.JWTSigner Headers(). -func (s *signerWrapper) Alg() string { - alg, _ := s.signer.Headers().Algorithm() +func verificationRelationshipName(rel diddoc.VerificationRelationship) string { + switch rel { //nolint:exhaustive + case diddoc.VerificationRelationshipGeneral: + return "" + case diddoc.AssertionMethod: + return "assertionMethod" + case diddoc.Authentication: + return "authentication" + } - return alg + return "" } -type didResolverWrapper struct { - didResolver api.DIDResolver +func vmIDFragmentOnly(vmID string) string { + vmSplit := strings.Split(vmID, "#") + if len(vmSplit) == 1 { + return vmSplit[0] + } + + return vmSplit[1] } -func (d *didResolverWrapper) Resolve(did string, _ ...vdrapi.DIDMethodOption) (*diddoc.DocResolution, error) { - return d.didResolver.Resolve(did) +func isSigningKey(vr diddoc.VerificationRelationship) bool { + switch vr { //nolint:exhaustive + case diddoc.AssertionMethod, diddoc.Authentication, diddoc.VerificationRelationshipGeneral: + return true + } + + return false } diff --git a/pkg/internal/issuermetadata/issuermetadata.go b/pkg/internal/issuermetadata/issuermetadata.go index 14d8926f3..8f05600a3 100644 --- a/pkg/internal/issuermetadata/issuermetadata.go +++ b/pkg/internal/issuermetadata/issuermetadata.go @@ -15,8 +15,6 @@ import ( "github.com/trustbloc/vc-go/jwt" - "github.com/trustbloc/kms-go/doc/jose" - "github.com/trustbloc/wallet-sdk/pkg/api" "github.com/trustbloc/wallet-sdk/pkg/internal/httprequest" "github.com/trustbloc/wallet-sdk/pkg/metricslogger/noop" @@ -32,7 +30,7 @@ type httpClient interface { // Get gets an issuer's metadata by doing a lookup on its OpenID configuration endpoint. // issuerURI is expected to be the base URL for the issuer. func Get(issuerURI string, httpClient httpClient, metricsLogger api.MetricsLogger, parentEvent string, - signatureVerifier jose.SignatureVerifier, + signatureVerifier jwt.ProofChecker, ) (*issuer.Metadata, error) { if metricsLogger == nil { metricsLogger = noop.NewMetricsLogger() @@ -55,7 +53,7 @@ func Get(issuerURI string, httpClient httpClient, metricsLogger api.MetricsLogge } func responseBytesToIssuerMetadataObject(responseBytes []byte, - signatureVerifier jose.SignatureVerifier, + signatureVerifier jwt.ProofChecker, ) (*issuer.Metadata, error) { // The issuer metadata can come in one of two formats - either directly as JSON, or as a JWT. var metadata issuer.Metadata @@ -73,7 +71,7 @@ func responseBytesToIssuerMetadataObject(responseBytes []byte, // struct directly. It's passed here so that it can be included in the error message in case the response // is also not a JWT. This gives the caller additional information that can help them to more easily debug the cause // of the parsing failure. -func issuerMetadataObjectFromJWT(responseBytes []byte, signatureVerifier jose.SignatureVerifier, +func issuerMetadataObjectFromJWT(responseBytes []byte, signatureVerifier jwt.ProofChecker, errUnmarshal error, ) (*issuer.Metadata, error) { var metadata issuer.Metadata @@ -85,7 +83,7 @@ func issuerMetadataObjectFromJWT(responseBytes []byte, signatureVerifier jose.Si return nil, errors.New("missing signature verifier") } - jsonWebToken, _, errParseJWT := jwt.Parse(string(responseBytes), jwt.WithSignatureVerifier(signatureVerifier)) + jsonWebToken, _, errParseJWT := jwt.Parse(string(responseBytes), jwt.WithProofChecker(signatureVerifier)) if errParseJWT != nil { return nil, fmt.Errorf("failed to parse the response from the issuer's OpenID Credential Issuer "+ "endpoint as JSON or as a JWT: %w", errors.Join(errUnmarshal, errParseJWT)) diff --git a/pkg/internal/issuermetadata/issuermetadata_test.go b/pkg/internal/issuermetadata/issuermetadata_test.go index 11ce639ae..e0c667553 100644 --- a/pkg/internal/issuermetadata/issuermetadata_test.go +++ b/pkg/internal/issuermetadata/issuermetadata_test.go @@ -14,9 +14,9 @@ import ( "testing" "github.com/trustbloc/kms-go/doc/jose" + "github.com/trustbloc/vc-go/proof/defaults" "github.com/stretchr/testify/require" - "github.com/trustbloc/vc-go/jwt" "github.com/trustbloc/wallet-sdk/pkg/api" "github.com/trustbloc/wallet-sdk/pkg/common" @@ -104,8 +104,7 @@ func TestGet(t *testing.T) { didResolver, err := resolver.NewDIDResolver() require.NoError(t, err) - jwtVerifier := jwt.NewVerifier(jwt.KeyResolverFunc( - common.NewVDRKeyResolver(didResolver).PublicKeyFetcher())) + jwtVerifier := defaults.NewDefaultProofChecker(common.NewVDRKeyResolver(didResolver)) issuerMetadata, err := issuermetadata.Get(server.URL, http.DefaultClient, nil, "", jwtVerifier) @@ -214,6 +213,6 @@ func TestGet(t *testing.T) { type mockVerifier struct{} -func (m *mockVerifier) Verify(jose.Headers, []byte, []byte, []byte) error { +func (m *mockVerifier) CheckJWTProof(jose.Headers, []byte, []byte, []byte) error { return nil } diff --git a/pkg/openid4ci/interaction.go b/pkg/openid4ci/interaction.go index e82131ebc..2ec77983e 100644 --- a/pkg/openid4ci/interaction.go +++ b/pkg/openid4ci/interaction.go @@ -21,10 +21,10 @@ import ( "strings" "time" + "github.com/trustbloc/vc-go/proof/defaults" + "github.com/trustbloc/wallet-sdk/pkg/did/wellknown" - diddoc "github.com/trustbloc/did-go/doc/did" - "github.com/trustbloc/vc-go/jwt" "github.com/trustbloc/wallet-sdk/pkg/common" "github.com/google/uuid" @@ -48,7 +48,7 @@ const getIssuerMetadataEventText = "Get issuer metadata" type interaction struct { issuerURI string clientID string - didResolver *didResolverWrapper + didResolver api.DIDResolver activityLogger api.ActivityLogger metricsLogger api.MetricsLogger disableVCProofChecks bool @@ -316,8 +316,7 @@ func (i *interaction) getOpenIDConfig() (*OpenIDConfig, error) { // before, then this method does nothing in order to avoid making an unnecessary GET call. func (i *interaction) populateIssuerMetadata(parentEvent string) error { if i.issuerMetadata == nil { - jwtVerifier := jwt.NewVerifier(jwt.KeyResolverFunc( - common.NewVDRKeyResolver(&resolverAdapter{didResolver: i.didResolver}).PublicKeyFetcher())) + jwtVerifier := defaults.NewDefaultProofChecker(common.NewVDRKeyResolver(i.didResolver)) issuerMetadata, err := metadatafetcher.Get(i.issuerURI, i.httpClient, i.metricsLogger, parentEvent, jwtVerifier) if err != nil { @@ -533,14 +532,12 @@ func (i *interaction) getVCsFromCredentialResponses( ) ([]*verifiable.Credential, error) { var vcs []*verifiable.Credential - vdrKeyResolver := verifiable.NewVDRKeyResolver(i.didResolver) - credentialOpts := []verifiable.CredentialOpt{ verifiable.WithJSONLDDocumentLoader(i.documentLoader), - verifiable.WithPublicKeyFetcher(vdrKeyResolver.PublicKeyFetcher()), + verifiable.WithProofChecker(defaults.NewDefaultProofChecker(common.NewVDRKeyResolver(i.didResolver))), } - opts := dataintegrity.Options{DIDResolver: i.didResolver} + opts := dataintegrity.Options{DIDResolver: &didResolverWrapper{didResolver: i.didResolver}} dataIntegrityVerifier, err := dataintegrity.NewVerifier(&opts, ecdsa2019.NewVerifierInitializer(&ecdsa2019.VerifierInitializerOptions{ @@ -650,19 +647,10 @@ func (i *interaction) verifyIssuer() (string, error) { // The first return parameter (a bool) is redundant with the error return. It's always false if there's an error // and always true if there was no error. Thus, it provides no additional information and can be ignored. - _, serviceURL, err := wellknown.ValidateLinkedDomains(did, &resolverAdapter{didResolver: i.didResolver}, - i.httpClient) + _, serviceURL, err := wellknown.ValidateLinkedDomains(did, i.didResolver, i.httpClient) if err != nil { return "", err } return serviceURL, nil } - -type resolverAdapter struct { - didResolver *didResolverWrapper -} - -func (r *resolverAdapter) Resolve(did string) (*diddoc.DocResolution, error) { - return r.didResolver.Resolve(did) -} diff --git a/pkg/openid4ci/issuerinitiatedinteraction.go b/pkg/openid4ci/issuerinitiatedinteraction.go index fb0220626..35adaf585 100644 --- a/pkg/openid4ci/issuerinitiatedinteraction.go +++ b/pkg/openid4ci/issuerinitiatedinteraction.go @@ -101,7 +101,7 @@ func NewIssuerInitiatedInteraction(initiateIssuanceURI string, return &IssuerInitiatedInteraction{ interaction: &interaction{ issuerURI: credentialOffer.CredentialIssuer, - didResolver: &didResolverWrapper{didResolver: config.DIDResolver}, + didResolver: config.DIDResolver, activityLogger: config.ActivityLogger, metricsLogger: config.MetricsLogger, disableVCProofChecks: config.DisableVCProofChecks, @@ -587,7 +587,7 @@ func signToken(claims interface{}, signer api.JWTSigner) (string, error) { // TODO: Send "typ" header. // headers["typ"] = "openid4vci-proof+jwt" - token, err := jwt.NewSigned(claims, headers, signer) + token, err := jwt.NewSigned(claims, jwt.SignParameters{AdditionalHeaders: headers}, signer) if err != nil { return "", fmt.Errorf("sign token failed: %w", err) } diff --git a/pkg/openid4ci/issuerinitiatedinteraction_test.go b/pkg/openid4ci/issuerinitiatedinteraction_test.go index 392b30ed5..d9e1ba487 100644 --- a/pkg/openid4ci/issuerinitiatedinteraction_test.go +++ b/pkg/openid4ci/issuerinitiatedinteraction_test.go @@ -17,6 +17,8 @@ import ( "testing" "time" + "github.com/trustbloc/vc-go/jwt" + "github.com/trustbloc/wallet-sdk/pkg/did/resolver" "github.com/stretchr/testify/require" @@ -1071,7 +1073,8 @@ func TestIssuerInitiatedInteraction_RequestCredential(t *testing.T) { require.EqualError(t, err, "CREDENTIAL_PARSE_FAILED(OCI1-0007):failed to parse credential from "+ "credential response at index 0: "+ "JWS proof check: unmarshal VC JWT claims: parse JWT: "+ - "parse JWT from compact JWS: public key with KID d3cfd36b-4f75-4041-b416-f0a7a3c6b9f6 is not "+ + "parse JWT from compact JWS: invalid public key id: public key with KID "+ + "#d3cfd36b-4f75-4041-b416-f0a7a3c6b9f6 is not "+ "found for DID did:orb:uAAA:EiDpzs0hy0q0If4ZfJA1kxBQd9ed6FoBFhhqDWSiBeKaIg") require.Nil(t, credentials) }) @@ -1775,15 +1778,15 @@ func (s *jwtSignerMock) GetKeyID() string { return s.keyID } -func (s *jwtSignerMock) Sign([]byte) ([]byte, error) { +func (s *jwtSignerMock) SignJWT(_ jwt.SignParameters, _ []byte) ([]byte, error) { return []byte("test signature"), s.Err } -func (s *jwtSignerMock) Headers() jose.Headers { +func (s *jwtSignerMock) CreateJWTHeaders(_ jwt.SignParameters) (jose.Headers, error) { return jose.Headers{ jose.HeaderKeyID: "KeyID", jose.HeaderAlgorithm: "ES384", - } + }, nil } // includeIssuerStateParam only applies if includeAuthCodeGrant is true. diff --git a/pkg/openid4ci/walletinitiatedinteraction.go b/pkg/openid4ci/walletinitiatedinteraction.go index 37a38e61a..c18cd7e7a 100644 --- a/pkg/openid4ci/walletinitiatedinteraction.go +++ b/pkg/openid4ci/walletinitiatedinteraction.go @@ -45,7 +45,7 @@ func NewWalletInitiatedInteraction(issuerURI string, config *ClientConfig) (*Wal return &WalletInitiatedInteraction{ interaction: &interaction{ issuerURI: issuerURI, - didResolver: &didResolverWrapper{didResolver: config.DIDResolver}, + didResolver: config.DIDResolver, activityLogger: config.ActivityLogger, metricsLogger: config.MetricsLogger, disableVCProofChecks: config.DisableVCProofChecks, diff --git a/pkg/openid4vp/openid4vp.go b/pkg/openid4vp/openid4vp.go index e7ff2ca89..b9ae6c13c 100644 --- a/pkg/openid4vp/openid4vp.go +++ b/pkg/openid4vp/openid4vp.go @@ -21,14 +21,15 @@ import ( "github.com/google/uuid" "github.com/piprate/json-gold/ld" + "github.com/trustbloc/bbs-signature-go/bbs12381g2pub" diddoc "github.com/trustbloc/did-go/doc/did" vdrapi "github.com/trustbloc/did-go/vdr/api" - "github.com/trustbloc/kms-go/doc/jose" wrapperapi "github.com/trustbloc/kms-go/wrapper/api" "github.com/trustbloc/vc-go/dataintegrity" "github.com/trustbloc/vc-go/dataintegrity/suite/ecdsa2019" "github.com/trustbloc/vc-go/jwt" "github.com/trustbloc/vc-go/presexch" + "github.com/trustbloc/vc-go/proof/defaults" "github.com/trustbloc/vc-go/verifiable" "github.com/trustbloc/wallet-sdk/pkg/api" @@ -57,10 +58,6 @@ func (d *didResolverWrapper) Resolve(did string, _ ...vdrapi.DIDMethodOption) (* return d.didResolver.Resolve(did) } -type jwtSignatureVerifier interface { - Verify(joseHeaders jose.Headers, payload, signingInput, signature []byte) error -} - type httpClient interface { Do(req *http.Request) (*http.Response, error) } @@ -87,7 +84,7 @@ type authorizedResponse struct { // If no ActivityLogger is provided (via an option), then no activity logging will take place. func NewInteraction( authorizationRequest string, - signatureVerifier jwtSignatureVerifier, + signatureVerifier jwt.ProofChecker, didResolver api.DIDResolver, crypto api.Crypto, documentLoader ld.DocumentLoader, @@ -265,7 +262,7 @@ func fetchRequestObject(authorizationRequest string, client httpClient, func verifyRequestObjectAndDecodeClaims( rawRequestObject string, - signatureVerifier jwtSignatureVerifier, + signatureVerifier jwt.ProofChecker, ) (*requestObject, error) { requestObject := &requestObject{} @@ -277,8 +274,8 @@ func verifyRequestObjectAndDecodeClaims( return requestObject, nil } -func verifyTokenSignature(rawJwt string, claims interface{}, verifier jose.SignatureVerifier) error { - jsonWebToken, _, err := jwt.Parse(rawJwt, jwt.WithSignatureVerifier(verifier)) +func verifyTokenSignature(rawJwt string, claims interface{}, proofChecker jwt.ProofChecker) error { + jsonWebToken, _, err := jwt.Parse(rawJwt, jwt.WithProofChecker(proofChecker)) if err != nil { return fmt.Errorf("parse JWT: %w", err) } @@ -326,12 +323,20 @@ func createAuthorizedResponseOneCred( //nolint:funlen,gocyclo // Unable to decom } } + bbsProofCreator := &verifiable.BBSProofCreator{ + ProofDerivation: bbs12381g2pub.New(), + VerificationMethodResolver: common.NewVDRKeyResolver(didResolver), + } + presentation, err := pd.CreateVP( []*verifiable.Credential{credential}, documentLoader, - verifiable.WithDisabledProofCheck(), - verifiable.WithJSONLDDocumentLoader(documentLoader), - verifiable.WithPublicKeyFetcher(verifiable.NewVDRKeyResolver(wrapResolver(didResolver)).PublicKeyFetcher()), + presexch.WithSDBBSProofCreator(bbsProofCreator), + presexch.WithSDCredentialOptions( + verifiable.WithDisabledProofCheck(), + verifiable.WithJSONLDDocumentLoader(documentLoader), + verifiable.WithProofChecker(defaults.NewDefaultProofChecker(common.NewVDRKeyResolver(didResolver))), + ), ) if err != nil { return nil, err @@ -407,11 +412,19 @@ func createAuthorizedResponseMultiCred( //nolint:funlen,gocyclo // Unable to dec ) (*authorizedResponse, error) { pd := requestObject.Claims.VPToken.PresentationDefinition + bbsProofCreator := &verifiable.BBSProofCreator{ + ProofDerivation: bbs12381g2pub.New(), + VerificationMethodResolver: common.NewVDRKeyResolver(didResolver), + } + presentations, submission, err := pd.CreateVPArray( credentials, documentLoader, - verifiable.WithDisabledProofCheck(), - verifiable.WithJSONLDDocumentLoader(documentLoader), + presexch.WithSDBBSProofCreator(bbsProofCreator), + presexch.WithSDCredentialOptions( + verifiable.WithDisabledProofCheck(), + verifiable.WithJSONLDDocumentLoader(documentLoader), + ), ) if err != nil { return nil, err @@ -550,7 +563,7 @@ func createIDToken( } func signToken(claims interface{}, signer api.JWTSigner) (string, error) { - token, err := jwt.NewSigned(claims, nil, signer) + token, err := jwt.NewSigned(claims, jwt.SignParameters{}, signer) if err != nil { return "", fmt.Errorf("sign token failed: %w", err) } diff --git a/pkg/openid4vp/openid4vp_test.go b/pkg/openid4vp/openid4vp_test.go index 2c98529ac..545867c8b 100644 --- a/pkg/openid4vp/openid4vp_test.go +++ b/pkg/openid4vp/openid4vp_test.go @@ -771,7 +771,7 @@ type jwtSignatureVerifierMock struct { err error } -func (s *jwtSignatureVerifierMock) Verify(jose.Headers, []byte, []byte, []byte) error { +func (s *jwtSignatureVerifierMock) CheckJWTProof(jose.Headers, []byte, []byte, []byte) error { return s.err } diff --git a/test/integration/credentialapi_test.go b/test/integration/credentialapi_test.go index 95db98a75..f47068834 100644 --- a/test/integration/credentialapi_test.go +++ b/test/integration/credentialapi_test.go @@ -13,9 +13,12 @@ import ( "testing" "time" + "github.com/trustbloc/vc-go/proof/defaults" + "github.com/trustbloc/wallet-sdk/cmd/wallet-sdk-gomobile/didion" "github.com/trustbloc/wallet-sdk/cmd/wallet-sdk-gomobile/didjwk" "github.com/trustbloc/wallet-sdk/cmd/wallet-sdk-gomobile/didkey" + "github.com/trustbloc/wallet-sdk/pkg/common" "github.com/piprate/json-gold/ld" "github.com/stretchr/testify/require" @@ -55,9 +58,8 @@ func TestCredentialAPI(t *testing.T) { verifier := jwtvcVerifier{ ldLoader: ldLoader, - publicKeyFetcher: afgoverifiable.NewVDRKeyResolver(&didResolverWrapper{ - didResolver: sdkResolver, - }).PublicKeyFetcher(), + proofChecker: defaults.NewDefaultProofChecker( + common.NewVDRKeyResolver(sdkResolver)), } testCases := []struct { @@ -142,15 +144,15 @@ func TestCredentialAPI(t *testing.T) { } type jwtvcVerifier struct { - ldLoader ld.DocumentLoader - publicKeyFetcher afgoverifiable.PublicKeyFetcher + ldLoader ld.DocumentLoader + proofChecker afgoverifiable.CombinedProofChecker } func (j *jwtvcVerifier) verify(cred []byte) error { _, err := afgoverifiable.ParseCredential( cred, afgoverifiable.WithJSONLDDocumentLoader(j.ldLoader), - afgoverifiable.WithPublicKeyFetcher(j.publicKeyFetcher), + afgoverifiable.WithProofChecker(j.proofChecker), ) return err diff --git a/test/integration/go.mod b/test/integration/go.mod index 8fa3d4353..acb1e0a86 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -14,9 +14,9 @@ require ( github.com/piprate/json-gold v0.5.1-0.20230111113000-6ddbe6e6f19f github.com/stretchr/testify v1.8.2 github.com/trustbloc/cmdutil-go v0.0.0-20221125151303-09d42adcc811 - github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9 + github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0 github.com/trustbloc/logutil-go v1.0.0-rc1 - github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2 + github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3 github.com/trustbloc/wallet-sdk v0.0.0-00010101000000-000000000000 github.com/trustbloc/wallet-sdk/cmd/wallet-sdk-gomobile v0.0.0-20230102235937-82237ea9dde3 go.uber.org/zap v1.23.0 @@ -67,7 +67,7 @@ require ( github.com/tidwall/sjson v1.1.4 // indirect github.com/trustbloc/bbs-signature-go v1.0.0 // indirect github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721 // indirect - github.com/trustbloc/sidetree-core-go v1.0.0 // indirect + github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 809951465..4e1a0137c 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -158,16 +158,16 @@ github.com/trustbloc/bbs-signature-go v1.0.0 h1:JOKmPRTpjbbGODt71i3wJyiEBcu5XEoe github.com/trustbloc/bbs-signature-go v1.0.0/go.mod h1:8xptu/lbVUDACQW10yiHtqATzC2kpTKQk5mKsKTD85Y= github.com/trustbloc/cmdutil-go v0.0.0-20221125151303-09d42adcc811 h1:0e1d1w9o662+e7ZnJvRYJH8yblcBXngme8qbsjTvhQc= github.com/trustbloc/cmdutil-go v0.0.0-20221125151303-09d42adcc811/go.mod h1:o/v7C1z6d/5UrjaC6GAUc1hk0XVuE3M4tpyvsMMUw5k= -github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9 h1:UA6QlD58VZnSd2EpFJCi9XctBY3naKouBOtjMss4ewc= -github.com/trustbloc/did-go v1.0.2-0.20230922190208-b53738d979e9/go.mod h1:qqTm9zd5rGhHSOtC8jjadqM01Od9zcDbUiUYLv+M6ls= +github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0 h1:ollAh0wYMpsKDCumZqNPHPWz1Ey81wkjGeoHdpNjV8M= +github.com/trustbloc/did-go v1.0.2-0.20230928194341-39d5462574c0/go.mod h1:N3/V/JFMBQldko9OjpTCxAt9UHv5/qcVJXAO1DaDDe4= github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721 h1:3zVBmT6aF+ovuLNuE3BTxhw2UrfaOHHCJ+1yVEI/f8A= github.com/trustbloc/kms-go v1.0.1-0.20230928143453-638bd66bb721/go.mod h1:7arOSG9GewtV1WiqYZ23dSZ6haamosSABwyG//cRaXQ= github.com/trustbloc/logutil-go v1.0.0-rc1 h1:rRJbvgQfrlUfyej+mY0nuQJymGqjRW4oZEwKi544F4c= github.com/trustbloc/logutil-go v1.0.0-rc1/go.mod h1:JlxT0oZfNKgIlSNtgc001WEeDMxlnAvOM43gNm8DQVc= -github.com/trustbloc/sidetree-core-go v1.0.0 h1:kzfKZOJ0sgDy9D1AYNcoR3JHutqtMtKvF2P9UwUcDjU= -github.com/trustbloc/sidetree-core-go v1.0.0/go.mod h1:jdxAFuorlIwFOGVW6O455/lZqxg2mZkRHNTEolcZdDI= -github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2 h1:CVfpNobNz9nuIZlkHQvN+VYSDvVCEjAoyOATKpu+MUU= -github.com/trustbloc/vc-go v1.0.3-0.20230928151511-79dcd24234b2/go.mod h1:SnCw1mlpqWuRaKlcMGXlPqtu5Ggu7/a0WTvFXCrcJ0M= +github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd h1:hWWZ7lQSRK5FOcVhG5cUtwaNwWLYaz9wASiR5GyPtQE= +github.com/trustbloc/sidetree-go v0.0.0-20230928172705-30e78b6b6ddd/go.mod h1:3oQhk0vOdhaUpPEQBFBzwqH8t0d8bcP2XLU2orBY13U= +github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3 h1:mh7s/lAqcShmgpxYYDyTY+2fGs9COkBVYcTJGVvR/Y0= +github.com/trustbloc/vc-go v1.0.3-0.20231019085953-561fd4e9b9f3/go.mod h1:VuXhnz0ojxFCRL9dPxETYTtFPNNFHqzS1Ati/lnQs1o= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=