From c3ab3dccb8b74b609eb012ca9d3e8ace38789800 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Thu, 18 Dec 2025 12:55:35 +0100 Subject: [PATCH 01/13] Fix VP JWT type marshalling being a []string --- vcr/holder/presenter.go | 10 ++++++---- vcr/holder/presenter_test.go | 31 +++++++++++++++++++++++++++++-- 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/vcr/holder/presenter.go b/vcr/holder/presenter.go index 182f434d41..f00f77db1f 100644 --- a/vcr/holder/presenter.go +++ b/vcr/holder/presenter.go @@ -23,6 +23,9 @@ import ( "encoding/json" "errors" "fmt" + "strings" + "time" + "github.com/google/uuid" "github.com/lestrrat-go/jwx/v2/jws" "github.com/lestrrat-go/jwx/v2/jwt" @@ -37,8 +40,6 @@ import ( "github.com/nuts-foundation/nuts-node/vcr/signature/proof" "github.com/nuts-foundation/nuts-node/vdr/resolver" "github.com/piprate/json-gold/ld" - "strings" - "time" ) type presenter struct { @@ -128,15 +129,16 @@ func (p presenter) buildJWTPresentation(ctx context.Context, subjectDID did.DID, } id := did.DIDURL{DID: subjectDID} id.Fragment = strings.ToLower(uuid.NewString()) + type VPAlias vc.VerifiablePresentation claims := map[string]interface{}{ jwt.SubjectKey: subjectDID.String(), jwt.JwtIDKey: id.String(), - "vp": vc.VerifiablePresentation{ + "vp": VPAlias(vc.VerifiablePresentation{ Context: append([]ssi.URI{VerifiableCredentialLDContextV1}, options.AdditionalContexts...), Type: append([]ssi.URI{VerifiablePresentationLDType}, options.AdditionalTypes...), Holder: options.Holder, VerifiableCredential: credentials, - }, + }), } if options.ProofOptions.Nonce != nil { claims["nonce"] = *options.ProofOptions.Nonce diff --git a/vcr/holder/presenter_test.go b/vcr/holder/presenter_test.go index efc47e70b8..454b63c361 100644 --- a/vcr/holder/presenter_test.go +++ b/vcr/holder/presenter_test.go @@ -20,6 +20,9 @@ package holder import ( "context" + "testing" + "time" + ssi "github.com/nuts-foundation/go-did" "github.com/nuts-foundation/go-did/did" "github.com/nuts-foundation/go-did/vc" @@ -39,8 +42,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.uber.org/mock/gomock" - "testing" - "time" ) func TestPresenter_buildPresentation(t *testing.T) { @@ -162,7 +163,33 @@ func TestPresenter_buildPresentation(t *testing.T) { assert.NotNil(t, result.JWT()) nonce, _ := result.JWT().Get("nonce") assert.Empty(t, nonce) + + t.Run("#3957: Verifiable Presentation type is marshalled incorrectly in JWT format", func(t *testing.T) { + t.Run("make sure the fix is backwards compatible", func(t *testing.T) { + vp := vc.VerifiablePresentation{ + Type: []ssi.URI{ssi.MustParseURI("VerifiablePresentation")}, + } + t.Run("sanity check: regular JSON marshalling yields type: string", func(t *testing.T) { + data, err := vp.MarshalJSON() + require.NoError(t, err) + assert.Contains(t, string(data), `"type":"VerifiablePresentation"`) + }) + }) + vpAsMap := result.JWT().PrivateClaims()["vp"].(map[string]any) + t.Run("make sure type now marshalls as array", func(t *testing.T) { + typeProp := vpAsMap["type"].([]any) + assert.Equal(t, []any{"VerifiablePresentation"}, typeProp) + }) + t.Run("make sure the VP can be unmarshalled", func(t *testing.T) { + presentation, err := vc.ParseVerifiablePresentation(result.Raw()) + require.NoError(t, err) + assert.Equal(t, result.ID.String(), presentation.ID.String()) + assert.Len(t, presentation.Type, 1) + assert.Equal(t, "VerifiablePresentation", presentation.Type[0].String()) + }) + }) }) + t.Run("ok - multiple VCs", func(t *testing.T) { ctrl := gomock.NewController(t) From 7a27d5b6b159827ed5bda7624fec443b66922659 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Thu, 18 Dec 2025 14:29:00 +0100 Subject: [PATCH 02/13] Claude AI tried to fix the e2e test --- vcr/holder/presenter.go | 54 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 51 insertions(+), 3 deletions(-) diff --git a/vcr/holder/presenter.go b/vcr/holder/presenter.go index f00f77db1f..7a39b5abcc 100644 --- a/vcr/holder/presenter.go +++ b/vcr/holder/presenter.go @@ -48,6 +48,55 @@ type presenter struct { keyResolver resolver.KeyResolver } +// vpJWT is a wrapper around vc.VerifiablePresentation to ensure proper JSON marshaling for JWT VPs. +// When marshaling a VP into JWT format, the 'type' field must always be an array according to the W3C spec, +// even when it contains a single value. The go-did library's default marshaling optimizes single values to strings. +type vpJWT struct { + vc.VerifiablePresentation +} + +// MarshalJSON marshals the VP ensuring the 'type' and '@context' fields are always arrays in JWT format +func (v vpJWT) MarshalJSON() ([]byte, error) { + // Marshal the underlying VP to a map + vpBytes, err := v.VerifiablePresentation.MarshalJSON() + if err != nil { + return nil, err + } + + var vpMap map[string]interface{} + if err := json.Unmarshal(vpBytes, &vpMap); err != nil { + return nil, err + } + + // Ensure 'type' is always an array + if typeVal, ok := vpMap["type"]; ok { + switch t := typeVal.(type) { + case string: + // Convert single string to array + vpMap["type"] = []string{t} + case []interface{}: + // Already an array, keep as is + case []string: + // Already a string array, keep as is + } + } + + // Ensure '@context' is always an array + if ctxVal, ok := vpMap["@context"]; ok { + switch c := ctxVal.(type) { + case string: + // Convert single string to array + vpMap["@context"] = []string{c} + case []interface{}: + // Already an array, keep as is + case []string: + // Already a string array, keep as is + } + } + + return json.Marshal(vpMap) +} + func (p presenter) buildSubmission(ctx context.Context, credentials map[did.DID][]vc.VerifiableCredential, presentationDefinition pe.PresentationDefinition, params BuildParams) (*vc.VerifiablePresentation, *pe.PresentationSubmission, error) { // match against the wallet's credentials @@ -129,16 +178,15 @@ func (p presenter) buildJWTPresentation(ctx context.Context, subjectDID did.DID, } id := did.DIDURL{DID: subjectDID} id.Fragment = strings.ToLower(uuid.NewString()) - type VPAlias vc.VerifiablePresentation claims := map[string]interface{}{ jwt.SubjectKey: subjectDID.String(), jwt.JwtIDKey: id.String(), - "vp": VPAlias(vc.VerifiablePresentation{ + "vp": vpJWT{vc.VerifiablePresentation{ Context: append([]ssi.URI{VerifiableCredentialLDContextV1}, options.AdditionalContexts...), Type: append([]ssi.URI{VerifiablePresentationLDType}, options.AdditionalTypes...), Holder: options.Holder, VerifiableCredential: credentials, - }), + }}, } if options.ProofOptions.Nonce != nil { claims["nonce"] = *options.ProofOptions.Nonce From a05b17576ce84d15007d235c3200964e462f0447 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Thu, 18 Dec 2025 14:56:46 +0100 Subject: [PATCH 03/13] Claude AI tried to fix the e2e test --- vcr/holder/presenter.go | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/vcr/holder/presenter.go b/vcr/holder/presenter.go index 7a39b5abcc..c4fd2448ed 100644 --- a/vcr/holder/presenter.go +++ b/vcr/holder/presenter.go @@ -55,7 +55,9 @@ type vpJWT struct { vc.VerifiablePresentation } -// MarshalJSON marshals the VP ensuring the 'type' and '@context' fields are always arrays in JWT format +// MarshalJSON marshals the VP ensuring certain fields are always arrays in JWT format. +// According to W3C VC spec, when a VP is in JWT format, the following fields must always be arrays: +// - 'type', '@context', 'verifiableCredential', and 'proof' (even when containing a single value) func (v vpJWT) MarshalJSON() ([]byte, error) { // Marshal the underlying VP to a map vpBytes, err := v.VerifiablePresentation.MarshalJSON() @@ -94,6 +96,31 @@ func (v vpJWT) MarshalJSON() ([]byte, error) { } } + // Ensure 'verifiableCredential' is always an array + if vcVal, ok := vpMap["verifiableCredential"]; ok { + switch vc := vcVal.(type) { + case string: + // Convert single string to array + vpMap["verifiableCredential"] = []string{vc} + case map[string]interface{}: + // Convert single object to array + vpMap["verifiableCredential"] = []interface{}{vc} + case []interface{}: + // Already an array, keep as is + } + } + + // Ensure 'proof' is always an array + if proofVal, ok := vpMap["proof"]; ok { + switch p := proofVal.(type) { + case map[string]interface{}: + // Convert single object to array + vpMap["proof"] = []interface{}{p} + case []interface{}: + // Already an array, keep as is + } + } + return json.Marshal(vpMap) } From 6cdd44d7ddd1181fceeccbb00ca506f35c78ceea Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Thu, 18 Dec 2025 15:13:36 +0100 Subject: [PATCH 04/13] Claude AI tried to fix the e2e test (revert 1) --- vcr/holder/presenter.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/vcr/holder/presenter.go b/vcr/holder/presenter.go index c4fd2448ed..bd1be58382 100644 --- a/vcr/holder/presenter.go +++ b/vcr/holder/presenter.go @@ -97,18 +97,18 @@ func (v vpJWT) MarshalJSON() ([]byte, error) { } // Ensure 'verifiableCredential' is always an array - if vcVal, ok := vpMap["verifiableCredential"]; ok { - switch vc := vcVal.(type) { - case string: - // Convert single string to array - vpMap["verifiableCredential"] = []string{vc} - case map[string]interface{}: - // Convert single object to array - vpMap["verifiableCredential"] = []interface{}{vc} - case []interface{}: - // Already an array, keep as is - } - } + //if vcVal, ok := vpMap["verifiableCredential"]; ok { + // switch vc := vcVal.(type) { + // case string: + // // Convert single string to array + // vpMap["verifiableCredential"] = []string{vc} + // case map[string]interface{}: + // // Convert single object to array + // vpMap["verifiableCredential"] = []interface{}{vc} + // case []interface{}: + // // Already an array, keep as is + // } + //} // Ensure 'proof' is always an array if proofVal, ok := vpMap["proof"]; ok { From 7aa3568149702a70062bbde7e3d3578e6c0e7575 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Thu, 18 Dec 2025 16:08:15 +0100 Subject: [PATCH 05/13] fix test? --- vcr/pe/presentation_submission.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/vcr/pe/presentation_submission.go b/vcr/pe/presentation_submission.go index 1d78ed137f..501501220f 100644 --- a/vcr/pe/presentation_submission.go +++ b/vcr/pe/presentation_submission.go @@ -22,13 +22,14 @@ import ( "encoding/json" "errors" "fmt" + "strings" + "github.com/PaesslerAG/jsonpath" "github.com/google/uuid" "github.com/nuts-foundation/go-did/did" "github.com/nuts-foundation/go-did/vc" "github.com/nuts-foundation/nuts-node/vcr/credential" v2 "github.com/nuts-foundation/nuts-node/vcr/pe/schema/v2" - "strings" ) // ParsePresentationSubmission validates the given JSON and parses it into a PresentationSubmission. @@ -136,8 +137,8 @@ func (b *PresentationSubmissionBuilder) Build(format string) (PresentationSubmis // go-did always marshals a single VC as a single VC for JSON-LD VPs. So we might need to fix the mapping paths. // todo the check below actually depends on the format of the credential and not the format of the VP - if len(signInstruction.Mappings) == 1 { - signInstruction.Mappings[0].Path = "$.verifiableCredential" + if format == vc.JWTPresentationProofFormat && len(signInstruction.Mappings) == 1 { + signInstruction.Mappings[0].Path = "$.verifiableCredential[0]" } // Just 1 VP, no nesting needed From 3647757763da50f1d1c141311143ec026483949c Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Fri, 19 Dec 2025 14:39:50 +0100 Subject: [PATCH 06/13] debug level for e2e test --- e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml | 2 +- e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml b/e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml index 32ed855184..40f6ad5d7a 100644 --- a/e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml +++ b/e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml @@ -1,5 +1,5 @@ url: https://nodeA -verbosity: debug +verbosity: trace strictmode: false internalratelimiter: false http: diff --git a/e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml b/e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml index fb78e0ee5f..3ba913f1fa 100644 --- a/e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml +++ b/e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml @@ -1,5 +1,5 @@ url: https://nodeB -verbosity: debug +verbosity: trace strictmode: false internalratelimiter: false http: From 7ec04b07b91b8fed618e439643a0d091d539bff6 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Fri, 19 Dec 2025 14:47:43 +0100 Subject: [PATCH 07/13] info level logging --- auth/client/iam/openid4vp.go | 11 ++++++----- vcr/holder/presenter.go | 23 ++++++----------------- 2 files changed, 12 insertions(+), 22 deletions(-) diff --git a/auth/client/iam/openid4vp.go b/auth/client/iam/openid4vp.go index 0f9e370601..7fc952eae2 100644 --- a/auth/client/iam/openid4vp.go +++ b/auth/client/iam/openid4vp.go @@ -24,16 +24,17 @@ import ( "encoding/json" "errors" "fmt" - "github.com/nuts-foundation/nuts-node/http/client" - "github.com/nuts-foundation/nuts-node/vcr/credential" - "github.com/nuts-foundation/nuts-node/vdr/didsubject" - "github.com/piprate/json-gold/ld" "maps" "net/http" "net/url" "slices" "time" + "github.com/nuts-foundation/nuts-node/http/client" + "github.com/nuts-foundation/nuts-node/vcr/credential" + "github.com/nuts-foundation/nuts-node/vdr/didsubject" + "github.com/piprate/json-gold/ld" + "github.com/nuts-foundation/go-did/did" "github.com/nuts-foundation/go-did/vc" "github.com/nuts-foundation/nuts-node/auth/log" @@ -328,7 +329,7 @@ func (c *OpenID4VPClient) RequestRFC021AccessToken(ctx context.Context, clientID } } - log.Logger().Tracef("Requesting access token from '%s' for scope '%s'\n VP: %s\n Submission: %s", metadata.TokenEndpoint, scopes, assertion, string(presentationSubmission)) + log.Logger().Infof("Requesting access token from '%s' for scope '%s'\n VP: %s\n Submission: %s", metadata.TokenEndpoint, scopes, assertion, string(presentationSubmission)) token, err := iamClient.AccessToken(ctx, metadata.TokenEndpoint, data, dpopHeader) if err != nil { // the error could be a http error, we just relay it here to make use of any 400 status codes. diff --git a/vcr/holder/presenter.go b/vcr/holder/presenter.go index bd1be58382..2582baddda 100644 --- a/vcr/holder/presenter.go +++ b/vcr/holder/presenter.go @@ -97,25 +97,14 @@ func (v vpJWT) MarshalJSON() ([]byte, error) { } // Ensure 'verifiableCredential' is always an array - //if vcVal, ok := vpMap["verifiableCredential"]; ok { - // switch vc := vcVal.(type) { - // case string: - // // Convert single string to array - // vpMap["verifiableCredential"] = []string{vc} - // case map[string]interface{}: - // // Convert single object to array - // vpMap["verifiableCredential"] = []interface{}{vc} - // case []interface{}: - // // Already an array, keep as is - // } - //} - - // Ensure 'proof' is always an array - if proofVal, ok := vpMap["proof"]; ok { - switch p := proofVal.(type) { + if vcVal, ok := vpMap["verifiableCredential"]; ok { + switch vc := vcVal.(type) { + case string: + // Convert single string to array + vpMap["verifiableCredential"] = []string{vc} case map[string]interface{}: // Convert single object to array - vpMap["proof"] = []interface{}{p} + vpMap["verifiableCredential"] = []interface{}{vc} case []interface{}: // Already an array, keep as is } From 021ad6c024faeac54b87e02160b8927cf8ec5e4f Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Fri, 19 Dec 2025 15:23:11 +0100 Subject: [PATCH 08/13] Attempt --- auth/client/iam/openid4vp.go | 4 ++++ vcr/holder/presenter.go | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/auth/client/iam/openid4vp.go b/auth/client/iam/openid4vp.go index 7fc952eae2..ccc58abe3e 100644 --- a/auth/client/iam/openid4vp.go +++ b/auth/client/iam/openid4vp.go @@ -329,6 +329,10 @@ func (c *OpenID4VPClient) RequestRFC021AccessToken(ctx context.Context, clientID } } + println("===== VP =====") + println(vp.Raw()) + println("===== Submission =====") + println(string(presentationSubmission)) log.Logger().Infof("Requesting access token from '%s' for scope '%s'\n VP: %s\n Submission: %s", metadata.TokenEndpoint, scopes, assertion, string(presentationSubmission)) token, err := iamClient.AccessToken(ctx, metadata.TokenEndpoint, data, dpopHeader) if err != nil { diff --git a/vcr/holder/presenter.go b/vcr/holder/presenter.go index 2582baddda..5799a268aa 100644 --- a/vcr/holder/presenter.go +++ b/vcr/holder/presenter.go @@ -194,15 +194,16 @@ func (p presenter) buildJWTPresentation(ctx context.Context, subjectDID did.DID, } id := did.DIDURL{DID: subjectDID} id.Fragment = strings.ToLower(uuid.NewString()) + type VPAlias vc.VerifiablePresentation claims := map[string]interface{}{ jwt.SubjectKey: subjectDID.String(), jwt.JwtIDKey: id.String(), - "vp": vpJWT{vc.VerifiablePresentation{ + "vp": VPAlias(vc.VerifiablePresentation{ Context: append([]ssi.URI{VerifiableCredentialLDContextV1}, options.AdditionalContexts...), Type: append([]ssi.URI{VerifiablePresentationLDType}, options.AdditionalTypes...), Holder: options.Holder, VerifiableCredential: credentials, - }}, + }), } if options.ProofOptions.Nonce != nil { claims["nonce"] = *options.ProofOptions.Nonce From 630345d479d09959b0e1cf57b8ef54ae26587d3f Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Fri, 19 Dec 2025 15:55:23 +0100 Subject: [PATCH 09/13] fixzz --- auth/api/iam/session.go | 19 +++++- e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml | 2 +- e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml | 2 +- vcr/holder/presenter.go | 67 +------------------- vcr/pe/presentation_submission.go | 14 ++-- 5 files changed, 29 insertions(+), 75 deletions(-) diff --git a/auth/api/iam/session.go b/auth/api/iam/session.go index 6eb16376e8..d36787fde7 100644 --- a/auth/api/iam/session.go +++ b/auth/api/iam/session.go @@ -19,11 +19,13 @@ package iam import ( + "encoding/json" "errors" "fmt" - "github.com/nuts-foundation/nuts-node/auth/oauth" "net/url" + "github.com/nuts-foundation/nuts-node/auth/oauth" + "github.com/nuts-foundation/go-did/did" "github.com/nuts-foundation/go-did/vc" "github.com/nuts-foundation/nuts-node/http" @@ -121,7 +123,20 @@ func (v *PEXConsumer) fulfill(submission pe.PresentationSubmission, envelope pe. return errors.New("presentation definition is already fulfilled") } - _, err := submission.Validate(envelope, *definition) + // Marshal and println VP (envelope) and submission + jsonData, err := envelope.MarshalJSON() + if err != nil { + return fmt.Errorf("could not marshal presentation exchange envelope: %w", err) + } + fmt.Printf("Received PEX Envelope: %s\n", string(jsonData)) + + jsonData, err = json.Marshal(submission) + if err != nil { + return fmt.Errorf("could not marshal presentation submission: %w", err) + } + fmt.Printf("Received Presentation Submission: %s\n", string(jsonData)) + + _, err = submission.Validate(envelope, *definition) if err != nil { return fmt.Errorf("presentation submission does not conform to presentation definition (id=%s)", definition.Id) } diff --git a/e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml b/e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml index 40f6ad5d7a..32ed855184 100644 --- a/e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml +++ b/e2e-tests/oauth-flow/rfc021/node-A/nuts.yaml @@ -1,5 +1,5 @@ url: https://nodeA -verbosity: trace +verbosity: debug strictmode: false internalratelimiter: false http: diff --git a/e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml b/e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml index 3ba913f1fa..fb78e0ee5f 100644 --- a/e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml +++ b/e2e-tests/oauth-flow/rfc021/node-B/nuts.yaml @@ -1,5 +1,5 @@ url: https://nodeB -verbosity: trace +verbosity: debug strictmode: false internalratelimiter: false http: diff --git a/vcr/holder/presenter.go b/vcr/holder/presenter.go index 5799a268aa..64066e2dfc 100644 --- a/vcr/holder/presenter.go +++ b/vcr/holder/presenter.go @@ -48,71 +48,6 @@ type presenter struct { keyResolver resolver.KeyResolver } -// vpJWT is a wrapper around vc.VerifiablePresentation to ensure proper JSON marshaling for JWT VPs. -// When marshaling a VP into JWT format, the 'type' field must always be an array according to the W3C spec, -// even when it contains a single value. The go-did library's default marshaling optimizes single values to strings. -type vpJWT struct { - vc.VerifiablePresentation -} - -// MarshalJSON marshals the VP ensuring certain fields are always arrays in JWT format. -// According to W3C VC spec, when a VP is in JWT format, the following fields must always be arrays: -// - 'type', '@context', 'verifiableCredential', and 'proof' (even when containing a single value) -func (v vpJWT) MarshalJSON() ([]byte, error) { - // Marshal the underlying VP to a map - vpBytes, err := v.VerifiablePresentation.MarshalJSON() - if err != nil { - return nil, err - } - - var vpMap map[string]interface{} - if err := json.Unmarshal(vpBytes, &vpMap); err != nil { - return nil, err - } - - // Ensure 'type' is always an array - if typeVal, ok := vpMap["type"]; ok { - switch t := typeVal.(type) { - case string: - // Convert single string to array - vpMap["type"] = []string{t} - case []interface{}: - // Already an array, keep as is - case []string: - // Already a string array, keep as is - } - } - - // Ensure '@context' is always an array - if ctxVal, ok := vpMap["@context"]; ok { - switch c := ctxVal.(type) { - case string: - // Convert single string to array - vpMap["@context"] = []string{c} - case []interface{}: - // Already an array, keep as is - case []string: - // Already a string array, keep as is - } - } - - // Ensure 'verifiableCredential' is always an array - if vcVal, ok := vpMap["verifiableCredential"]; ok { - switch vc := vcVal.(type) { - case string: - // Convert single string to array - vpMap["verifiableCredential"] = []string{vc} - case map[string]interface{}: - // Convert single object to array - vpMap["verifiableCredential"] = []interface{}{vc} - case []interface{}: - // Already an array, keep as is - } - } - - return json.Marshal(vpMap) -} - func (p presenter) buildSubmission(ctx context.Context, credentials map[did.DID][]vc.VerifiableCredential, presentationDefinition pe.PresentationDefinition, params BuildParams) (*vc.VerifiablePresentation, *pe.PresentationSubmission, error) { // match against the wallet's credentials @@ -194,7 +129,7 @@ func (p presenter) buildJWTPresentation(ctx context.Context, subjectDID did.DID, } id := did.DIDURL{DID: subjectDID} id.Fragment = strings.ToLower(uuid.NewString()) - type VPAlias vc.VerifiablePresentation + type VPAlias = vc.VerifiablePresentation claims := map[string]interface{}{ jwt.SubjectKey: subjectDID.String(), jwt.JwtIDKey: id.String(), diff --git a/vcr/pe/presentation_submission.go b/vcr/pe/presentation_submission.go index 501501220f..2adb9391c9 100644 --- a/vcr/pe/presentation_submission.go +++ b/vcr/pe/presentation_submission.go @@ -134,11 +134,15 @@ func (b *PresentationSubmissionBuilder) Build(format string) (PresentationSubmis } // the verifiableCredential property in Verifiable Presentations can be a single VC or an array of VCs when represented in JSON. - // go-did always marshals a single VC as a single VC for JSON-LD VPs. So we might need to fix the mapping paths. - - // todo the check below actually depends on the format of the credential and not the format of the VP - if format == vc.JWTPresentationProofFormat && len(signInstruction.Mappings) == 1 { - signInstruction.Mappings[0].Path = "$.verifiableCredential[0]" + // go-did always marshals a single VC as a single VC for JSON-LD VPs. So we need to fix the mapping paths. + if len(signInstruction.Mappings) == 1 { + if format == vc.JWTPresentationProofFormat { + // JWT VP always has an array of VCs + signInstruction.Mappings[0].Path = "$.verifiableCredential[0]" + } else { + // JSON-LD VP with single VC has single VC in verifiableCredential + signInstruction.Mappings[0].Path = "$.verifiableCredential" + } } // Just 1 VP, no nesting needed From f37f7c89600ddf39a5c34380e1a77012ab7d8c43 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Sat, 20 Dec 2025 10:13:42 +0100 Subject: [PATCH 10/13] fixzz --- vcr/holder/presenter.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vcr/holder/presenter.go b/vcr/holder/presenter.go index 64066e2dfc..f00f77db1f 100644 --- a/vcr/holder/presenter.go +++ b/vcr/holder/presenter.go @@ -129,7 +129,7 @@ func (p presenter) buildJWTPresentation(ctx context.Context, subjectDID did.DID, } id := did.DIDURL{DID: subjectDID} id.Fragment = strings.ToLower(uuid.NewString()) - type VPAlias = vc.VerifiablePresentation + type VPAlias vc.VerifiablePresentation claims := map[string]interface{}{ jwt.SubjectKey: subjectDID.String(), jwt.JwtIDKey: id.String(), From ba228ea990cf10761064150595ed5400cbef1ba9 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Wed, 24 Dec 2025 14:15:28 +0100 Subject: [PATCH 11/13] reverts --- auth/api/iam/session.go | 19 +----- auth/client/iam/openid4vp.go | 6 +- test/pki/certificate-and-key.pem | 86 +++++++++++++------------- test/pki/truststore.pem | 34 +++++----- vcr/pe/presentation_submission_test.go | 7 ++- 5 files changed, 67 insertions(+), 85 deletions(-) diff --git a/auth/api/iam/session.go b/auth/api/iam/session.go index d36787fde7..6eb16376e8 100644 --- a/auth/api/iam/session.go +++ b/auth/api/iam/session.go @@ -19,12 +19,10 @@ package iam import ( - "encoding/json" "errors" "fmt" - "net/url" - "github.com/nuts-foundation/nuts-node/auth/oauth" + "net/url" "github.com/nuts-foundation/go-did/did" "github.com/nuts-foundation/go-did/vc" @@ -123,20 +121,7 @@ func (v *PEXConsumer) fulfill(submission pe.PresentationSubmission, envelope pe. return errors.New("presentation definition is already fulfilled") } - // Marshal and println VP (envelope) and submission - jsonData, err := envelope.MarshalJSON() - if err != nil { - return fmt.Errorf("could not marshal presentation exchange envelope: %w", err) - } - fmt.Printf("Received PEX Envelope: %s\n", string(jsonData)) - - jsonData, err = json.Marshal(submission) - if err != nil { - return fmt.Errorf("could not marshal presentation submission: %w", err) - } - fmt.Printf("Received Presentation Submission: %s\n", string(jsonData)) - - _, err = submission.Validate(envelope, *definition) + _, err := submission.Validate(envelope, *definition) if err != nil { return fmt.Errorf("presentation submission does not conform to presentation definition (id=%s)", definition.Id) } diff --git a/auth/client/iam/openid4vp.go b/auth/client/iam/openid4vp.go index ccc58abe3e..3f9ef0dc79 100644 --- a/auth/client/iam/openid4vp.go +++ b/auth/client/iam/openid4vp.go @@ -329,11 +329,7 @@ func (c *OpenID4VPClient) RequestRFC021AccessToken(ctx context.Context, clientID } } - println("===== VP =====") - println(vp.Raw()) - println("===== Submission =====") - println(string(presentationSubmission)) - log.Logger().Infof("Requesting access token from '%s' for scope '%s'\n VP: %s\n Submission: %s", metadata.TokenEndpoint, scopes, assertion, string(presentationSubmission)) + log.Logger().Tracef("Requesting access token from '%s' for scope '%s'\n VP: %s\n Submission: %s", metadata.TokenEndpoint, scopes, assertion, string(presentationSubmission)) token, err := iamClient.AccessToken(ctx, metadata.TokenEndpoint, data, dpopHeader) if err != nil { // the error could be a http error, we just relay it here to make use of any 400 status codes. diff --git a/test/pki/certificate-and-key.pem b/test/pki/certificate-and-key.pem index c9c757e231..6f7a2fb485 100644 --- a/test/pki/certificate-and-key.pem +++ b/test/pki/certificate-and-key.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIUYD0fyGXRh4m1LNIVDeq7gy8Gjh8wDQYJKoZIhvcNAQEL -BQAwEjEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMzA5MTgwNzQzMzFaFw0yNTEyMjEw -NzQzMzFaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBALG34WDAfiAlkZHvEd/36Q1B2peo89XoFV1M1YYyizLqlrYh -jd5AlbBOKvOqERqxnmjotFtdPv2CvLSNvMjYnW1ZvrgpURkFcfxljD+o1+NPKGWe -W8ESx43Dw7B8zk9sUY7KXXXbQwpgxvg5UHMPqdWXGjt6NEGbTnVA+wzXL4OucPrG -GaIQYgehv7BslbK7Sx+uEgJiCpCInO98XKOmOP8cG9XhhYeya3sFo1rxLLjZYZ2y -Xk6OKxzWfIDdkMVMTX+RJssh7YM8hHh+VXedPWeT9qms3+oE42nzKK3cTPBCZz6Q -seaTBR4ei8IUV5zZbnamAEyGPC7le2pXjYf8BYUCAwEAAaOBnzCBnDAfBgNVHSME -GDAWgBQxA2u4Flfb6Fh213p0A5pc58/d5jAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE +MIIDVDCCAjygAwIBAgIUFBit1eXOfOm/yIqjg0LaeX1VbtEwDQYJKoZIhvcNAQEL +BQAwEjEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yNTEyMjQxMzA5MDNaFw0yODAzMjgx +MzA5MDNaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOMTt6ddLQCJ3/s4G/6AXxZlVNXnmT1mf7c5WmlRt4ZtFDXW +Vq3JNIbtYmcePaokq4rBfgpBPKksdhu5lJCTAiwo4mzIEl0wIGhiozu/H2QfMcjf +IJWKpt4ykYMfNmsrbK1Pe2y7STW6ujAsA3uy1lXz+iQAghiukrxkZVPw8OPVQzMd +TPBfUcgBoUgyQSuknTjxy9nM2cveaA5+XNTW/zV6X+nYoVw8jAPbZiELYxGxRWQo +KrfQ1d9XsF8f4pRPOg45UInUpAtaVs50D1fZ6Wv9Ye1uXaO0uhhOzMh6BLSXH4C6 +GvaapOGoqet9iQE9Fys56Zb7baRcXCB3laPkq9sCAwEAAaOBnzCBnDAfBgNVHSME +GDAWgBR5s+88oQmwtCwpXo/TEbGok7P7rDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE 8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIwYDVR0RBBwwGoIJbG9j -YWxob3N0ggdudXRzLm5shwR/AAABMB0GA1UdDgQWBBTjakswydG33Yd2j6NZYmaz -OmwzGDANBgkqhkiG9w0BAQsFAAOCAQEAAGX+5qP+d5f+4mmDsHFFqSuN8dD/qmKn -zD6y2avvkNvxcOqVc5Bu4JwwXRLcLhsz5bc+AT4L9j22CMbX7vQo4jcMMhONKpOo -IFqwWOv+mHy+77uEEoCwC9upqxlvhDQ3XQhztdSdPDgiv59ZJzUpVO8cAKikh8zx -eHfShqH+THIzbqzjohkS0HnlhMeeX1404x9EKqRuXsWSUhOKimTlspngDBJm+66I -W7FvwUtJLNq387lfX2bM4fbesFAj56yU+gNz7UpDizTVsVe9wQ1zXRZuORiHKnd8 -EJlV31OFdN3oCDSlTayqaLrHYueewCbtl5yl/wVfr/j6YXvrDk0ZVg== +YWxob3N0ggdudXRzLm5shwR/AAABMB0GA1UdDgQWBBRPtaUObIblSOQWLa3ox6JS +hwypmDANBgkqhkiG9w0BAQsFAAOCAQEArzp1x0K9uxoJSrViEHolkTFNiTKN6gsu +NfJ1LZPOZ5hAljgF1oAsvv2kV6GBnBQ0xOdpiDkycGbyhi7qSiNHUqqQIRbpcTgc +kUQiGAFy6NsUrIr7hj0S25hRyso7BuP4A39Vr6+tr3mE1TU/beCmbX5WoW02AYSc +7wCRBk5sgYBQJXfDVQjREXhTnbFPnZ/5FpbgwSzCaxsC0DA1eem7A7MWIUGfq42O +n/JastpHC1xzrK94Xy+LyVTs6Xc5US3sho9CqlVQ+V9Ajh1GQkONhEODPtN78mPh +IIGDIYJyjQqDuPalCQVrqZYYLPU7PfFAGnjqQs5gkD337hTj8XVyGg== -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxt+FgwH4gJZGR -7xHf9+kNQdqXqPPV6BVdTNWGMosy6pa2IY3eQJWwTirzqhEasZ5o6LRbXT79gry0 -jbzI2J1tWb64KVEZBXH8ZYw/qNfjTyhlnlvBEseNw8OwfM5PbFGOyl1120MKYMb4 -OVBzD6nVlxo7ejRBm051QPsM1y+DrnD6xhmiEGIHob+wbJWyu0sfrhICYgqQiJzv -fFyjpjj/HBvV4YWHsmt7BaNa8Sy42WGdsl5Ojisc1nyA3ZDFTE1/kSbLIe2DPIR4 -flV3nT1nk/aprN/qBONp8yit3EzwQmc+kLHmkwUeHovCFFec2W52pgBMhjwu5Xtq -V42H/AWFAgMBAAECggEAEDFAGnvncf/iS9DjyMuSgyf3Jf7ZmqmO+sWDpfrIdo7r -xPP5NGEfkmUI4lMiRFOfKpFbT4DHOrt0/KF2bDlaXKqC504yaqx1lojdFrbIVthx -RpL/aq/OmVLXK2cvuApXQwKaseCUsuce8eJs+1LXx1OBax5nEPw40ZOmXCTmGiH9 -gE/wNv2qknJLkqy5SF4pbpC5ZWADwwqodDerQbxwasVavIST4cPolsgebpGJs/7w -L15BDzTOMLktABUFg9A4pymox4+GZOg66Zeyo03vzup3aoj8MjHoLUK4dmyKK7rV -o1KQnq7DmSFBf90k+2Xo24H6dNZ77CmMjptC9/upiQKBgQDnHkLjL3yGn3RYx3PI -DrfYFWP4BOa8iodL6mUu+EF2qt8+KFqh83X2JPXXSa4ve7L5nGBTg5w94KOcHvsl -tUjKwQVw/eQ3oXQLmSYgpbdMu+BbDqA68vc/QnmFEjfnA/kxjrjXoPBBnHyJK3Gg -vq9TA7q7vkQ5ducSmMwlL+pvbQKBgQDE2eOkPvxw2q8GYoMkhF2TOja5mUWff9ye -P6NJFxyvPfF/GMTKNJu0d8hMe5X03dxZAhsCGiVz4mtqSnQzW3rbe9sD6nz7HNLH -qFL/il+mL8+Wzc2wAfL4NV6/rBrfAPB7Gc23QZ8bhv+E8lU1S7qQg8OaF+l39PhH -sXOsturneQKBgFtlpzPqqocedcdKEOpzj5Z/VwpU/d5ftgN6jUsW1+SSzDfrg3P6 -MJMHqMTbmWujsnJtudYs/NOni2wJAG64EzJDROCbNu4dBiQ0C1Tr0+IfhijcTtch -EE/O/Pl36+2Kr7g+ZbC4L2ry9HjWWlgkMHdWyTjHlHlZISZEkK7AFSi9AoGBAJ7v -lb7dJBEyX7J2A5COVscyb1D3EaGwKL6Ufw/aW0yaZMvLgcgJJdZWCCDIf9DO+MPc -0VWnKqogG74cEyoMKGvh2nmU8AgHw590pl6wqH2TiLYnwHTlffktjiyPlrqLFZ8u -vEvD7eTZ4KDE0EtRs3ZPDLTzrYsu/O9VtSG0JoFxAoGBALcjE36unr7dnEnP8Zu2 -5Jm07qcXKoJxfF0PDwKoK/c3sqJ6DvaR9szkwxTQFLBldG/Zn9r4us0HWevZz5Wc -HbUChCc7qS0Lfc2ywLnXvOl/cs+/oTXccxpcrWBg+3FbcZSu6uq846uNTb6zmZuG -XvBXyerr5QY+KwEkepVQa36B +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDjE7enXS0Aid/7 +OBv+gF8WZVTV55k9Zn+3OVppUbeGbRQ11latyTSG7WJnHj2qJKuKwX4KQTypLHYb +uZSQkwIsKOJsyBJdMCBoYqM7vx9kHzHI3yCViqbeMpGDHzZrK2ytT3tsu0k1urow +LAN7stZV8/okAIIYrpK8ZGVT8PDj1UMzHUzwX1HIAaFIMkErpJ048cvZzNnL3mgO +flzU1v81el/p2KFcPIwD22YhC2MRsUVkKCq30NXfV7BfH+KUTzoOOVCJ1KQLWlbO +dA9X2elr/WHtbl2jtLoYTszIegS0lx+Auhr2mqThqKnrfYkBPRcrOemW+22kXFwg +d5Wj5KvbAgMBAAECggEAG2WOm+e2/UClQGcVoZAVaNtS7/fgWjMap52I1fog/Vv9 +uz0f+hmzd6/+Vliksfl4pOYRceVLD1Io8dFjJkpGUdOg9eTxqkKbNlzoOtYlUGwf +EpAxGzm+RkKtobdLVoTHuOVFC+pQu+XKfvNgfDUofPhRrrRM/fNaCtbGDumb9rDT +GofVyO1C/N9UDpav32IA738KljmUNfcW0V37MbPXwzKIgXR98baBRM12kVJ8BoU+ +N+wNvRw6mLEzYG9F+YToM1eAohfH/J+kQDfEMYRjT+suZmCvi1EhTRA8e81nJOhh +2y87PI7UDLCkE1/EmEkxjb2ZMgnNAwWBj951l3ZJGQKBgQD0V710aGFcd3rBSfB7 +ahnv8yDhBEy4MtwjSTyZ2IV6tz085gDRbYjrz6HthMfeZPHFc5T38k3vLWh8xU5P +lFMhym67jldViz/OQFz/0QYJ9JmhIWjSLwZZ7Qe0vxkcGZncttAQ4qb2ME4HHmBo +W72neHbzexvNjKQ3tRJbYTFV7QKBgQDt6Rqda28+92q1tlt24omIiq5vDOxqhif2 +Ne7kcM6zslKk8RjgNgtuXebNYPLTOD/IjfrpLLpvplFdUD0M76N1FG8vK/nS14gp +9LC0oxLJJix58HmE+v0o5XT0GPzVwJf2fdv5cXwxo3E1uYf4dzTYqiT/xNBG/6Wa +pVkzdsxP5wKBgQCFEjPP7fj4Tum/0vDxhbtSfurtIVZXCvvxC7XBY7ZuOtVTEUBo +zmq/Ynkhziq75+X0TxpWXtQq6mP5b8tSc8lCoejkpITTxd6eCVecys2rJld09akM +ryeaWgjUWy7lqtus5LM0PvwHIA+euOBwdWY4itbdi7J8o5fb7vVsZuZjkQKBgQDD +IuE7oTUb1l/mL26R8nmQTv+IAnefX+5DGjWZlZVU+ryioUYgEPQLUGXQquZArPBU +FXBp9M/uZ+JwwTFx/NR7YYlYjZ9ZeoMqtpKBdwgfiHoOglmJ4zvmYV4uIJiw0klS +WiUlUhnltQNUZ5rJBy2HUPcL+mhC88jnMRwbBCPMnQKBgQDRl4AklAWRE0i6yfK7 +/NSGBoVhhflxMfsn3fj6Sv8GO3W6ybcfm7mjTpJ+WfW33wDBitInyX7MXw0dbLQq +yo37+fNAy2jMflACe52UDwVr9mHqNJ9oUA9rPowK7jmF0RXwrYZ7LLTGARYtjwvP +spGbZw75UY2AdIHmZYw10+ksyQ== -----END PRIVATE KEY----- diff --git a/test/pki/truststore.pem b/test/pki/truststore.pem index e54fd3eef8..699f63e5d2 100644 --- a/test/pki/truststore.pem +++ b/test/pki/truststore.pem @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDBTCCAe2gAwIBAgIUZXkXcHCJWCMCAWJxkO3kaOEtCkUwDQYJKoZIhvcNAQEL -BQAwEjEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMzA5MTgwNzQzMzFaFw0yODA5MTYw -NzQzMzFaMBIxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDXQK6vCjlszOkg0WdjAAbv6xNq6x6VgDWI7MzG3hOOl8PQWWA9 -l1NC32pRXAxxDZ2eyXqTWb9UIURNqTizvgTWv1JaAOC4q42e7dcZcLtldqwsOP5z -m0+85hfpBO2HdTbyk5WSppEi2C91zGDu1dH5D3jyyxqafasG4j+U4GwDiRNvJuSy -rtyfHgb0/i2ZokitvQi9t2wNqgJ1DMCYuEsLSyZopDI8BnTjf3ymmRE0SGt8Vafy -bJ3Y6MH9FoxqfkydxMlzzH0I6cssPW1zklSxt3WAWWVFcnYgZ4ZLA/y2RzMX6dz2 -MQbV8LshjbWcQz/9z4vRGe2CYpK3R+dJTz8fAgMBAAGjUzBRMB0GA1UdDgQWBBQx -A2u4Flfb6Fh213p0A5pc58/d5jAfBgNVHSMEGDAWgBQxA2u4Flfb6Fh213p0A5pc -58/d5jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBjQM3Azjxz -FysIOP4ENxgGyCIw8Re0oo1A3ksPSSAbZgm/7jJ/WjqtZuufF1w4/FJbAB8hVnqu -JiXGmQszZ/QUHF2cPNUTCYoxlOtxt78h04TYQZXzZuX1dg1hTuob93hqMIbWdaLN -B4R8Lt5t+fv9oieT2iGL5IBrVOrKpgP9K5TwB36+G5+DtgCS0KcQoIPs5UVEXrIf -ipvbGrjsdQeUFqle2BRkbpu2hwWmeOCXlRrOgv2fefgJ3ikeUd3nIzPN3akOGDrD -/FIrtJYGMdfv/HkEVeTojyH7oHdbZher3/3VvIaDS+AEETsxMKsyJc2xrLys3y/O -cMPaRZyq2sH2 +MIIDBTCCAe2gAwIBAgIUCZwA9MWIVcamq8xfFCD4aqM6V5QwDQYJKoZIhvcNAQEL +BQAwEjEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yNTEyMjQxMzA5MDJaFw0zMDEyMjMx +MzA5MDJaMBIxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQD5yzpZAYwGMpH7EzTCGgpmRGMngM9yPzrlKnlWArulDjgQicPT +1HZcSWLMeMmFwxzrqIlSxam+RYv+84bu2lPXYuFRPUvq5PPkE7SAHzzFtN00Xe5k +mXaNUvDYNXCtGgqBPFo8GFPx0md6/gS+X3SDceeOAth/5NzABFZHtVEiYaCwHsm8 +i/WGHXs0d2eP9qpX938AROpaHsoGhCUQ5O8XAO7XbRQn3i2YzKduZR0/ZB+cm4Ta +O7yN89p6VmLNdsBYQyBG9O4VSUrCAzegc3uWvT6efx5RKsOUmJkUMisxbP7TyCPG +rWFVLn6pQd29KSe6P+KDdTMfPrBvyWelm3C1AgMBAAGjUzBRMB0GA1UdDgQWBBR5 +s+88oQmwtCwpXo/TEbGok7P7rDAfBgNVHSMEGDAWgBR5s+88oQmwtCwpXo/TEbGo +k7P7rDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCQ1IAlf9hu +bOcar4SfPnQaUROwj1kwWxtfoji4SRuNJctyouLinOF/kTDvSjHPuAt6hUV0nW4W +wQ/wHArBPmWXgMsF+Ajg4j2/fQKE+Qj5HPvGhycDQprBJOmqd5OyT2K7WreKZWEd +HxZUvkD7chckFFvoTz0tXECEDefmoY8Hds/hS9SSpJNKZug2UkKkZ0ct8Tw6VRG5 +CBqMDVBJ71dcs50SZQwiEfr5i7FeJoP8PxK++ckNhEvwAS0z/AINiek6Lw9vhSQU +AFiNGLCli+Za1Sx7DIrubStPOY1bLz68FAJXs3Zxot3aen0I7SxlnyY2MvGI8gEB +XNkk7Xed254U -----END CERTIFICATE----- diff --git a/vcr/pe/presentation_submission_test.go b/vcr/pe/presentation_submission_test.go index 5388e234ef..b85e60afb9 100644 --- a/vcr/pe/presentation_submission_test.go +++ b/vcr/pe/presentation_submission_test.go @@ -20,6 +20,9 @@ package pe import ( "encoding/json" + "testing" + "time" + ssi "github.com/nuts-foundation/go-did" "github.com/nuts-foundation/go-did/did" "github.com/nuts-foundation/go-did/vc" @@ -27,8 +30,6 @@ import ( "github.com/nuts-foundation/nuts-node/vcr/signature/proof" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "testing" - "time" ) func TestParsePresentationSubmission(t *testing.T) { @@ -189,7 +190,7 @@ func TestPresentationSubmissionBuilder_Build(t *testing.T) { assert.Len(t, signInstruction.VerifiableCredentials, 1) assert.Equal(t, holder1, signInstruction.Holder) require.Len(t, submission.DescriptorMap, 1) - assert.Equal(t, "$.verifiableCredential", submission.DescriptorMap[0].Path) + assert.Equal(t, "$.verifiableCredential[0]", submission.DescriptorMap[0].Path) }) }) } From 25af536a9a287ffc1d114de6d555489fb553e669 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Fri, 13 Feb 2026 08:49:23 +0100 Subject: [PATCH 12/13] Switch to go-did for creating JWT VPs --- go.mod | 38 +++++------ go.sum | 121 +++++++++++++++++++---------------- vcr/holder/presenter.go | 54 +++++----------- vcr/holder/presenter_test.go | 2 +- 4 files changed, 100 insertions(+), 115 deletions(-) diff --git a/go.mod b/go.mod index d88c0ec088..d130883867 100644 --- a/go.mod +++ b/go.mod @@ -6,17 +6,17 @@ go 1.25.7 require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0 github.com/PaesslerAG/jsonpath v0.1.2-0.20230323094847-3484786d6f97 github.com/alicebob/miniredis/v2 v2.35.0 - github.com/avast/retry-go/v4 v4.7.0 + github.com/avast/retry-go/v4 v4.6.1 github.com/cbroglie/mustache v1.4.0 github.com/chromedp/chromedp v0.14.2 github.com/dlclark/regexp2 v1.11.5 github.com/go-redis/redismock/v9 v9.2.0 github.com/goodsign/monday v1.0.2 github.com/google/uuid v1.6.0 - github.com/hashicorp/vault/api v1.22.0 + github.com/hashicorp/vault/api v1.20.0 github.com/knadh/koanf/parsers/yaml v1.1.0 github.com/knadh/koanf/providers/env v1.1.0 github.com/knadh/koanf/providers/file v1.2.1 @@ -31,7 +31,7 @@ require ( github.com/nats-io/nats-server/v2 v2.11.8 github.com/nats-io/nats.go v1.45.0 github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b - github.com/nuts-foundation/go-did v0.17.0 + github.com/nuts-foundation/go-did v0.17.1-0.20260212135048-a732801c5ae3 github.com/nuts-foundation/go-leia/v4 v4.2.0 github.com/nuts-foundation/go-stoabs v1.11.0 github.com/nuts-foundation/sqlite v1.0.0 @@ -53,7 +53,7 @@ require ( go.uber.org/atomic v1.11.0 go.uber.org/goleak v1.3.0 go.uber.org/mock v0.6.0 - golang.org/x/crypto v0.47.0 + golang.org/x/crypto v0.48.0 golang.org/x/time v0.14.0 google.golang.org/grpc v1.78.0 google.golang.org/protobuf v1.36.11 @@ -70,7 +70,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.4.0 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect github.com/PaesslerAG/gval v1.2.2 // indirect github.com/alexandrevicenzi/go-sse v1.6.0 // indirect github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect @@ -113,11 +113,11 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.8 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect - github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 // indirect + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect - github.com/hashicorp/go-sockaddr v1.0.7 // indirect + github.com/hashicorp/go-sockaddr v1.0.2 // indirect github.com/hashicorp/hcl v1.0.1-vault-7 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect @@ -155,7 +155,7 @@ require ( github.com/nats-io/jwt/v2 v2.7.4 // indirect github.com/nats-io/nkeys v0.4.11 // indirect github.com/nats-io/nuid v1.0.1 // indirect - github.com/ncruces/go-strftime v1.0.0 // indirect + github.com/ncruces/go-strftime v0.1.9 // indirect github.com/nightlyone/lockfile v1.0.0 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -186,22 +186,22 @@ require ( go.uber.org/multierr v1.11.0 // indirect golang.org/x/net v0.49.0 // indirect golang.org/x/sync v0.19.0 // indirect - golang.org/x/sys v0.40.0 // indirect - golang.org/x/term v0.39.0 // indirect - golang.org/x/text v0.33.0 // indirect + golang.org/x/sys v0.41.0 // indirect + golang.org/x/term v0.40.0 // indirect + golang.org/x/text v0.34.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect gopkg.in/Regis24GmbH/go-diacritics.v2 v2.0.3 // indirect - gorm.io/gorm v1.31.1 + gorm.io/gorm v1.30.2 modernc.org/mathutil v1.7.1 // indirect modernc.org/memory v1.11.0 // indirect - modernc.org/sqlite v1.45.0 + modernc.org/sqlite v1.38.2 rsc.io/qr v0.2.0 // indirect ) require ( github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 github.com/daangn/minimemcached v1.2.0 - github.com/eko/gocache/lib/v4 v4.2.3 + github.com/eko/gocache/lib/v4 v4.2.0 github.com/eko/gocache/store/go_cache/v4 v4.2.2 github.com/eko/gocache/store/memcache/v4 v4.2.2 github.com/eko/gocache/store/redis/v4 v4.2.2 @@ -209,7 +209,7 @@ require ( github.com/uptrace/opentelemetry-go-extra/otelgorm v0.3.2 go.opentelemetry.io/contrib/bridges/otellogrus v0.15.0 go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.65.0 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 go.opentelemetry.io/otel v1.40.0 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.16.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 @@ -238,7 +238,7 @@ require ( go.opentelemetry.io/proto/otlp v1.9.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 // indirect + golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 // indirect - modernc.org/libc v1.67.6 // indirect + modernc.org/libc v1.66.3 // indirect ) diff --git a/go.sum b/go.sum index f9b9d27cc3..35f6a260fb 100644 --- a/go.sum +++ b/go.sum @@ -7,8 +7,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 h1:fou+2+WFTib47nS+nz/ozhEB github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0/go.mod h1:t76Ruy8AHvUAC8GfMWJMa0ElSbuIcO03NLpynfbgsPA= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0 h1:MhRfI58HblXzCtWEZCO0feHs8LweePB3s90r7WaR1KU= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0/go.mod h1:okZ+ZURbArNdlJ+ptXoyHNuOETzOl1Oww19rm8I2WLA= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= @@ -26,8 +26,8 @@ github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJ github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs= -github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk= +github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs= +github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PaesslerAG/gval v1.2.2 h1:Y7iBzhgE09IGTt5QgGQ2IdaYYYOU134YGHBThD+wm9E= @@ -45,12 +45,14 @@ github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op h1:+OSa/t11TFhqfr github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op/go.mod h1:IUpT2DPAKh6i/YhSbt6Gl3v2yvUZjmKncl7U91fup7E= github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ= github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk= -github.com/avast/retry-go/v4 v4.7.0 h1:yjDs35SlGvKwRNSykujfjdMxMhMQQM0TnIjJaHB+Zio= -github.com/avast/retry-go/v4 v4.7.0/go.mod h1:ZMPDa3sY2bKgpLtap9JRUgk2yTAba7cgiFhqxY2Sg6Q= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/avast/retry-go/v4 v4.6.1 h1:VkOLRubHdisGrHnTu89g08aQEWEgRU7LVEop3GbIcMk= +github.com/avast/retry-go/v4 v4.6.1/go.mod h1:V6oF8njAwxJ5gRo1Q7Cxab24xs5NCWZBeaHHBklR8mA= github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w= github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 h1:N7oVaKyGp8bttX0bfZGmcGkjz7DLQXhAn3DNd3T0ous= @@ -112,16 +114,17 @@ github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/eknkc/basex v1.0.1 h1:TcyAkqh4oJXgV3WYyL4KEfCMk9W8oJCpmx1bo+jVgKY= github.com/eknkc/basex v1.0.1/go.mod h1:k/F/exNEHFdbs3ZHuasoP2E7zeWwZblG84Y7Z59vQRo= -github.com/eko/gocache/lib/v4 v4.2.3 h1:s78TFqEGAH3SbzP4N40D755JYT/aaGFKEPrsUtC1chU= -github.com/eko/gocache/lib/v4 v4.2.3/go.mod h1:Zus8mwmaPu1VYOzfomb+Dvx2wV7fT5jDRbHYtQM6MEY= +github.com/eko/gocache/lib/v4 v4.2.0 h1:MNykyi5Xw+5Wu3+PUrvtOCaKSZM1nUSVftbzmeC7Yuw= +github.com/eko/gocache/lib/v4 v4.2.0/go.mod h1:7ViVmbU+CzDHzRpmB4SXKyyzyuJ8A3UW3/cszpcqB4M= github.com/eko/gocache/store/go_cache/v4 v4.2.2 h1:tAI9nl6TLoJyKG1ujF0CS0n/IgTEMl+NivxtR5R3/hw= github.com/eko/gocache/store/go_cache/v4 v4.2.2/go.mod h1:T9zkHokzr8K9EiC7RfMbDg6HSwaV6rv3UdcNu13SGcA= github.com/eko/gocache/store/memcache/v4 v4.2.2 h1:VKfxytQ5bkcfF3LhmgkrqRiEU2yCN2/rJBUvF1fKZJw= github.com/eko/gocache/store/memcache/v4 v4.2.2/go.mod h1:9lFU3tZPiej8E3J4ueZ0K9kIdiDQpRxu6WhtId5OsZA= github.com/eko/gocache/store/redis/v4 v4.2.2 h1:Thw31fzGuH3WzJywsdbMivOmP550D6JS7GDHhvCJPA0= github.com/eko/gocache/store/redis/v4 v4.2.2/go.mod h1:LaTxLKx9TG/YUEybQvPMij++D7PBTIJ4+pzvk0ykz0w= -github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= -github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -157,8 +160,8 @@ github.com/go-redsync/redsync/v4 v4.13.0 h1:49X6GJfnbLGaIpBBREM/zA4uIMDXKAh1NDkv github.com/go-redsync/redsync/v4 v4.13.0/go.mod h1:HMW4Q224GZQz6x1Xc7040Yfgacukdzu7ifTDAKiyErQ= github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo= github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU= -github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= -github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= +github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw= +github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU= @@ -213,26 +216,26 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48= -github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= -github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 h1:U+kC2dOhMFQctRfhK0gRctKAPTloZdMU5ZJxaesJ/VM= -github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0/go.mod h1:Ll013mhdmsVDuoIXVfBtvgGJsXDYkTw1kooNcoCXuE0= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= -github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9dbT+Fw= -github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw= +github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= +github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= -github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.1-vault-7 h1:ag5OxFVy3QYTFTJODRzTKVZ6xvdfLLCA1cy/Y6xGI0I= github.com/hashicorp/hcl v1.0.1-vault-7/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/vault/api v1.22.0 h1:+HYFquE35/B74fHoIeXlZIP2YADVboaPjaSicHEZiH0= -github.com/hashicorp/vault/api v1.22.0/go.mod h1:IUZA2cDvr4Ok3+NtK2Oq/r+lJeXkeCrHRmqdyWfpmGM= +github.com/hashicorp/vault/api v1.20.0 h1:KQMHElgudOsr+IbJgmbjHnCTxEpKs9LnozA1D3nozU4= +github.com/hashicorp/vault/api v1.20.0/go.mod h1:GZ4pcjfzoOWpkJ3ijHNpEoAxKEsBJnVljyTe3jM2Sms= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= @@ -303,8 +306,10 @@ github.com/lestrrat-go/jwx/v2 v2.1.6 h1:hxM1gfDILk/l5ylers6BX/Eq1m/pnxe9NBwW6lVf github.com/lestrrat-go/jwx/v2 v2.1.6/go.mod h1:Y722kU5r/8mV7fYDifjug0r8FK8mZdw0K0GpJw/l8pU= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mdp/qrterminal/v3 v3.2.1 h1:6+yQjiiOsSuXT5n9/m60E54vdgFsw0zhADHhHLrFet4= @@ -323,10 +328,13 @@ github.com/minio/highwayhash v1.0.3/go.mod h1:GGYsuwP/fPD6Y9hMiXuapVvlIUEhFhMTh0 github.com/minio/sha256-simd v0.1.1-0.20190913151208-6de447530771/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= +github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= @@ -358,14 +366,14 @@ github.com/nats-io/nkeys v0.4.11 h1:q44qGV008kYd9W1b1nEBkNzvnWxtRSQ7A8BoqRrcfa0= github.com/nats-io/nkeys v0.4.11/go.mod h1:szDimtgmfOi9n25JpfIdGw12tZFYXqhGxjhVxsatHVE= github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w= -github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= +github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4= +github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= github.com/nightlyone/lockfile v1.0.0 h1:RHep2cFKK4PonZJDdEl4GmkabuhbsRMgk/k3uAmxBiA= github.com/nightlyone/lockfile v1.0.0/go.mod h1:rywoIealpdNse2r832aiD9jRk8ErCatROs6LzC841CI= github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b h1:80icUxWHwE1MrIOOEK5rxrtyKOgZeq5Iu1IjAEkggTY= github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b/go.mod h1:6YUioYirD6/8IahZkoS4Ypc8xbeJW76Xdk1QKcziNTM= -github.com/nuts-foundation/go-did v0.17.0 h1:nLmMiiKjIJwgZsfJ98ywATiCb9VHomnb3r86oWHdILw= -github.com/nuts-foundation/go-did v0.17.0/go.mod h1:8VLZhVjkFH9VgGu//3y7ICowwItpym3NWkOih1Ka1fw= +github.com/nuts-foundation/go-did v0.17.1-0.20260212135048-a732801c5ae3 h1:IfGZJLbkoRj7alYKHPX3W1Txm6GrqBts3kfSqK1GcXE= +github.com/nuts-foundation/go-did v0.17.1-0.20260212135048-a732801c5ae3/go.mod h1:4od1gAmCi9HjHTQGEvHC8pLeuXdXACxidAcdA52YScc= github.com/nuts-foundation/go-leia/v4 v4.2.0 h1:o/bgYVCyTgsfgtaKmlrcUaJ2z4NwetERC98SUWwYajM= github.com/nuts-foundation/go-leia/v4 v4.2.0/go.mod h1:Gw6bXqJLOAmHSiXJJYbVoj+Mowp/PoBRywO0ZPsVzA0= github.com/nuts-foundation/go-stoabs v1.11.0 h1:q18jVruPdFcVhodDrnKuhq/24i0pUC/YXgzJS0glKUU= @@ -395,6 +403,7 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.2.0 h1:vBXSNuE5MYP9IJ5kjsdo8uq+w41jSPgvba2DEnkRx9k= github.com/pquerna/cachecontrol v0.2.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= github.com/pressly/goose/v3 v3.26.0 h1:KJakav68jdH0WDvoAcj8+n61WqOIaPGgH0bJWS6jpmM= @@ -429,6 +438,7 @@ github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.26.1 h1:/ihwxqH+4z8UxyI70wM1z9yCvkWcfz/a3mj48k/Zngc= github.com/rs/zerolog v1.26.1/go.mod h1:/wSSJWX7lVrsOwlbyTRSOJvqRlc+WjWlfes+CiJ+tmc= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/santhosh-tekuri/jsonschema v1.2.4 h1:hNhW8e7t+H1vgY+1QeEQpveR6D4+OwKPXCfD2aieJis= @@ -517,8 +527,8 @@ go.opentelemetry.io/contrib/bridges/otellogrus v0.15.0 h1:+MQcK0tevmQ6Gm98sFiCR1 go.opentelemetry.io/contrib/bridges/otellogrus v0.15.0/go.mod h1:w7tbuPrJmHTksDeWIO+hOGyULHgZDpvBd8bslS8aVpk= go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.65.0 h1:pPQ0G8ql6v+OTo65t28jcm7QWrJTw1Jr5JESzEagtNE= go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.65.0/go.mod h1:vQwiruxeni575TCQ/OOJa4Rew7qIvmiLCyoWc/D51Gs= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0= go.opentelemetry.io/contrib/propagators/b3 v1.40.0 h1:xariChe8OOVF3rNlfzGFgQc61npQmXhzZj/i82mxMfg= go.opentelemetry.io/contrib/propagators/b3 v1.40.0/go.mod h1:72WvbdxbOfXaELEQfonFfOL6osvcVjI7uJEE8C2nkrs= go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms= @@ -577,10 +587,10 @@ golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOM golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8= -golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A= -golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 h1:MDfG8Cvcqlt9XXrmEiD4epKn7VJHZO84hejP9Jmp0MM= -golang.org/x/exp v0.0.0-20251209150349-8475f28825e9/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU= +golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= +golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= +golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o= +golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= @@ -588,8 +598,8 @@ golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= -golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= +golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= +golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -624,6 +634,7 @@ golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -652,8 +663,8 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= -golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= +golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -669,8 +680,8 @@ golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= -golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY= -golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= +golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= +golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -685,8 +696,8 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= -golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= -golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= +golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= +golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -698,8 +709,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA= -golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc= +golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= +golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -738,22 +749,20 @@ gorm.io/driver/postgres v1.6.0/go.mod h1:vUw0mrGgrTK+uPHEhAdV4sfFELrByKVGnaVRkXD gorm.io/driver/sqlserver v1.6.1 h1:XWISFsu2I2pqd1KJhhTZNJMx1jNQ+zVL/Q8ovDcUjtY= gorm.io/driver/sqlserver v1.6.1/go.mod h1:VZeNn7hqX1aXoN5TPAFGWvxWG90xtA8erGn2gQmpc6U= gorm.io/gorm v1.30.0/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE= -gorm.io/gorm v1.31.1 h1:7CA8FTFz/gRfgqgpeKIBcervUn3xSyPUmr6B2WXJ7kg= -gorm.io/gorm v1.31.1/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs= -modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis= -modernc.org/cc/v4 v4.27.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0= -modernc.org/ccgo/v4 v4.30.1 h1:4r4U1J6Fhj98NKfSjnPUN7Ze2c6MnAdL0hWw6+LrJpc= -modernc.org/ccgo/v4 v4.30.1/go.mod h1:bIOeI1JL54Utlxn+LwrFyjCx2n2RDiYEaJVSrgdrRfM= -modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA= -modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc= +gorm.io/gorm v1.30.2 h1:f7bevlVoVe4Byu3pmbWPVHnPsLoWaMjEb7/clyr9Ivs= +gorm.io/gorm v1.30.2/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE= +modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM= +modernc.org/cc/v4 v4.26.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0= +modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU= +modernc.org/ccgo/v4 v4.28.0/go.mod h1:JygV3+9AV6SmPhDasu4JgquwU81XAKLd3OKTUDNOiKE= +modernc.org/fileutil v1.3.8 h1:qtzNm7ED75pd1C7WgAGcK4edm4fvhtBsEiI/0NQ54YM= +modernc.org/fileutil v1.3.8/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc= modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI= modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito= -modernc.org/gc/v3 v3.1.1 h1:k8T3gkXWY9sEiytKhcgyiZ2L0DTyCQ/nvX+LoCljoRE= -modernc.org/gc/v3 v3.1.1/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY= modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks= modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI= -modernc.org/libc v1.67.6 h1:eVOQvpModVLKOdT+LvBPjdQqfrZq+pC39BygcT+E7OI= -modernc.org/libc v1.67.6/go.mod h1:JAhxUVlolfYDErnwiqaLvUqc8nfb2r6S6slAgZOnaiE= +modernc.org/libc v1.66.3 h1:cfCbjTUcdsKyyZZfEUKfoHcP3S0Wkvz3jgSzByEWVCQ= +modernc.org/libc v1.66.3/go.mod h1:XD9zO8kt59cANKvHPXpx7yS2ELPheAey0vjIuZOhOU8= modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU= modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg= modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI= @@ -762,8 +771,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8= modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns= modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w= modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE= -modernc.org/sqlite v1.45.0 h1:r51cSGzKpbptxnby+EIIz5fop4VuE4qFoVEjNvWoObs= -modernc.org/sqlite v1.45.0/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA= +modernc.org/sqlite v1.38.2 h1:Aclu7+tgjgcQVShZqim41Bbw9Cho0y/7WzYptXqkEek= +modernc.org/sqlite v1.38.2/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E= modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0= modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A= modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= diff --git a/vcr/holder/presenter.go b/vcr/holder/presenter.go index f00f77db1f..b15e5908cc 100644 --- a/vcr/holder/presenter.go +++ b/vcr/holder/presenter.go @@ -27,8 +27,6 @@ import ( "time" "github.com/google/uuid" - "github.com/lestrrat-go/jwx/v2/jws" - "github.com/lestrrat-go/jwx/v2/jwt" ssi "github.com/nuts-foundation/go-did" "github.com/nuts-foundation/go-did/did" "github.com/nuts-foundation/go-did/vc" @@ -124,44 +122,22 @@ func (p presenter) buildPresentation(ctx context.Context, signerDID *did.DID, cr // buildJWTPresentation builds a JWT presentation according to https://www.w3.org/TR/vc-data-model/#json-web-token func (p presenter) buildJWTPresentation(ctx context.Context, subjectDID did.DID, credentials []vc.VerifiableCredential, options PresentationOptions, keyID string) (*vc.VerifiablePresentation, error) { - headers := map[string]interface{}{ - jws.TypeKey: "JWT", - } - id := did.DIDURL{DID: subjectDID} - id.Fragment = strings.ToLower(uuid.NewString()) - type VPAlias vc.VerifiablePresentation - claims := map[string]interface{}{ - jwt.SubjectKey: subjectDID.String(), - jwt.JwtIDKey: id.String(), - "vp": VPAlias(vc.VerifiablePresentation{ - Context: append([]ssi.URI{VerifiableCredentialLDContextV1}, options.AdditionalContexts...), - Type: append([]ssi.URI{VerifiablePresentationLDType}, options.AdditionalTypes...), - Holder: options.Holder, - VerifiableCredential: credentials, - }), - } - if options.ProofOptions.Nonce != nil { - claims["nonce"] = *options.ProofOptions.Nonce - } - if options.ProofOptions.Domain != nil { - claims[jwt.AudienceKey] = *options.ProofOptions.Domain - } - if options.ProofOptions.Created.IsZero() { - claims[jwt.NotBeforeKey] = time.Now().Unix() - } else { - claims[jwt.NotBeforeKey] = int(options.ProofOptions.Created.Unix()) - } + exp := options.ProofOptions.Created.Add(1 * time.Hour) if options.ProofOptions.Expires != nil { - claims[jwt.ExpirationKey] = int(options.ProofOptions.Expires.Unix()) - } - for claimName, value := range options.ProofOptions.AdditionalProperties { - claims[claimName] = value - } - token, err := p.signer.SignJWT(ctx, claims, headers, keyID) - if err != nil { - return nil, fmt.Errorf("unable to sign JWT presentation: %w", err) - } - return vc.ParseVerifiablePresentation(token) + exp = *options.ProofOptions.Expires + } + return vc.CreateJWTVerifiablePresentation(ctx, subjectDID.URI(), credentials, vc.PresentationOptions{ + AdditionalContexts: options.AdditionalContexts, + AdditionalTypes: options.AdditionalTypes, + AdditionalProofProperties: options.ProofOptions.AdditionalProperties, + Holder: options.Holder, + Nonce: options.ProofOptions.Nonce, + Audience: options.ProofOptions.Domain, + IssuedAt: &options.ProofOptions.Created, + ExpiresAt: exp, + }, func(ctx context.Context, claims map[string]interface{}, headers map[string]interface{}) (string, error) { + return p.signer.SignJWT(ctx, claims, headers, keyID) + }) } func (p presenter) buildJSONLDPresentation(ctx context.Context, subjectDID did.DID, credentials []vc.VerifiableCredential, options PresentationOptions, keyID string) (*vc.VerifiablePresentation, error) { diff --git a/vcr/holder/presenter_test.go b/vcr/holder/presenter_test.go index 454b63c361..4952418cd9 100644 --- a/vcr/holder/presenter_test.go +++ b/vcr/holder/presenter_test.go @@ -143,7 +143,7 @@ func TestPresenter_buildPresentation(t *testing.T) { }) }) t.Run("JWT", func(t *testing.T) { - options := PresentationOptions{Format: JWTPresentationFormat} + options := PresentationOptions{Format: JWTPresentationFormat, ProofOptions: proof.ProofOptions{Created: time.Now()}} t.Run("ok - one VC", func(t *testing.T) { ctrl := gomock.NewController(t) From f8e20929515c237db5efc49905d7ee1d51aa062e Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Sat, 14 Feb 2026 13:09:59 +0100 Subject: [PATCH 13/13] update dependency --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index d130883867..2b2d1f029e 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/nats-io/nats-server/v2 v2.11.8 github.com/nats-io/nats.go v1.45.0 github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b - github.com/nuts-foundation/go-did v0.17.1-0.20260212135048-a732801c5ae3 + github.com/nuts-foundation/go-did v0.18.0 github.com/nuts-foundation/go-leia/v4 v4.2.0 github.com/nuts-foundation/go-stoabs v1.11.0 github.com/nuts-foundation/sqlite v1.0.0 diff --git a/go.sum b/go.sum index 35f6a260fb..5e87a8b41f 100644 --- a/go.sum +++ b/go.sum @@ -374,6 +374,8 @@ github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b h1:80 github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b/go.mod h1:6YUioYirD6/8IahZkoS4Ypc8xbeJW76Xdk1QKcziNTM= github.com/nuts-foundation/go-did v0.17.1-0.20260212135048-a732801c5ae3 h1:IfGZJLbkoRj7alYKHPX3W1Txm6GrqBts3kfSqK1GcXE= github.com/nuts-foundation/go-did v0.17.1-0.20260212135048-a732801c5ae3/go.mod h1:4od1gAmCi9HjHTQGEvHC8pLeuXdXACxidAcdA52YScc= +github.com/nuts-foundation/go-did v0.18.0 h1:IB0X8PrzDulpR1zAgDpaHfwoSjJpIhx5u1Tg8I2nnb8= +github.com/nuts-foundation/go-did v0.18.0/go.mod h1:4od1gAmCi9HjHTQGEvHC8pLeuXdXACxidAcdA52YScc= github.com/nuts-foundation/go-leia/v4 v4.2.0 h1:o/bgYVCyTgsfgtaKmlrcUaJ2z4NwetERC98SUWwYajM= github.com/nuts-foundation/go-leia/v4 v4.2.0/go.mod h1:Gw6bXqJLOAmHSiXJJYbVoj+Mowp/PoBRywO0ZPsVzA0= github.com/nuts-foundation/go-stoabs v1.11.0 h1:q18jVruPdFcVhodDrnKuhq/24i0pUC/YXgzJS0glKUU=