Skip to content

Feature/go-trust #232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
masv3971 merged 4 commits into from
Dec 18, 2025
Merged

Feature/go-trust #232

masv3971 merged 4 commits into from
Dec 18, 2025

Conversation

@leifj
Copy link
Contributor

@leifj leifj commented Dec 16, 2025

No description provided.

@leifj leifj changed the title Feature/rename go trust to sirosfoundation Feature/go-trust Dec 16, 2025
@leifj
Copy link
Contributor Author

leifj commented Dec 16, 2025

this pr also contains a new implementation of an authzen client for the go-trust server to be used for trust evaluation and did resolution

@masv3971 masv3971 requested a review from Copilot December 16, 2025 13:13
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR integrates the go-trust library for AuthZEN-based key resolution and trust evaluation, adding ECDSA support alongside existing Ed25519 functionality. The integration deprecates the local AuthZEN client in favor of the more feature-rich go-trust implementation.

Key changes:

  • Added go-trust library dependency and created adapter components for key resolution
  • Extended key resolver interfaces to support ECDSA keys in addition to Ed25519
  • Implemented comprehensive test coverage for new functionality including JWK conversion, DID document parsing, and trust evaluation

Reviewed changes

Copilot reviewed 11 out of 1014 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
go.mod Updated Go version to 1.25.1 and added go-trust dependency, removed testcontainers dependencies
pkg/keyresolver/resolver.go Added ECDSAResolver interface and ResolveECDSA method to MultiResolver
pkg/keyresolver/gotrust_adapter.go New adapter implementing key resolution using go-trust client with Ed25519 and ECDSA support
pkg/keyresolver/gotrust_adapter_test.go Comprehensive tests for go-trust adapter including key resolution and trust evaluation
pkg/keyresolver/did_helpers.go Helper functions for extracting keys from DID documents and entity configurations
pkg/keyresolver/did_helpers_test.go Tests for DID document parsing and key extraction
pkg/keyresolver/authzen.go Added GoTrustEvaluator and ECDSATrustEvaluator, deprecated local AuthZEN client
pkg/keyresolver/authzen_test.go Tests for trust evaluation functionality
pkg/authzen/client.go Added deprecation notice with migration guide
docs/adr/05-go-trust-authzen-client.md Updated repository URL reference
docs/GO_TRUST_INTEGRATION_PLAN.md Updated repository URL references

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

masv3971
masv3971 reviewed Dec 16, 2025
View reviewed changes
@leifj
Copy link
Contributor Author

leifj commented Dec 16, 2025

Pused fixes to the comments

leifj added 4 commits December 18, 2025 14:23
@leifj
feat(keyresolver): add go-trust library integration for AuthZEN
1b35952 
Implements go-trust library integration per GO_TRUST_INTEGRATION_PLAN.md:

- Add GoTrustResolver adapter wrapping authzenclient for key resolution
- Add ECDSAResolver interface extending Resolver for ECDSA support
- Add DID document parsing helpers for extracting keys from trust_metadata
- Add GoTrustEvaluator implementing ECDSATrustEvaluator interface
- Add ValidatingResolver that combines resolution with trust evaluation
- Add comprehensive tests achieving 80-100% coverage on new code

The new integration provides:
- Ed25519 and ECDSA key resolution via AuthZEN protocol
- Trust evaluation with key extraction from response metadata
- JWK conversion utilities for Ed25519 and ECDSA keys
- DID document parsing for multikey and JWK formats

Legacy AuthZENTrustEvaluator remains for backward compatibility.
Old pkg/authzen package remains available but marked deprecated.

Ref: ADR-05, GO_TRUST_INTEGRATION_PLAN.md
@leifj
refactor: remove deprecated local authzen implementation
cc0946e 
Remove the old pkg/authzen package and AuthZENTrustEvaluator that was
kept for backwards compatibility. All code should now use the go-trust
library (GoTrustEvaluator) instead.

Changes:
- Remove pkg/authzen/ directory entirely (client.go, README.md)
- Remove AuthZENTrustEvaluator, NewAuthZENTrustEvaluator from keyresolver
- Remove localAuthzen import from authzen.go
- Remove deprecated tests for AuthZENTrustEvaluator
@leifj
fix: address PR review comments
212bf9e 
- Fix ECDSA trust evaluation to extract DID from verification method
- Implement proper ECDSA multikey decoding with P-256 support
- Refactor OpenID Federation parsing into smaller helper functions
- Support both compressed (0x02/0x03) and uncompressed (0x04) EC points
@leifj
chore: update go-trust to sirosfoundation and refresh vendor
a704aeb 
- Update all imports from github.com/SUNET/go-trust to github.com/sirosfoundation/go-trust
- Regenerate go.mod, go.sum and vendor directory
@leifj leifj force-pushed the feature/rename-go-trust-to-sirosfoundation branch from 3ad451c to a704aeb Compare December 18, 2025 14:47
@masv3971 masv3971 merged commit 3b23694 into dc4eu:main Dec 18, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@masv3971 masv3971 masv3971 left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leifj @masv3971