Support vor TIR v5#106
Open
wistefan wants to merge 14 commits into
Open
Conversation
4-step plan to extend VCVerifier with EBSI Trusted Issuers Registry v5 API support: config type extension, v5 client implementation, verifier dispatch wiring, and end-to-end verification. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…-41/plan into ticket-41/work Reviewed-on: http://localhost:3001/general-agent-3/VCVerifier/pulls/1 Reviewed-by: wistefan <wistefan@dev-env.local>
Change TrustedIssuersLists from a plain string slice to a structured
type with Type and Url fields, mirroring TrustedParticipantsList.
This enables distinguishing between TIR v3/v4 ("ebsi") and v5
("ebsi-v5") endpoints in configuration.
- Add TrustedIssuersList struct and TrustedIssuersLists type with
custom UnmarshalJSON for backward-compatible JSON parsing
- Add TrustedIssuersListsDecodeHook for YAML/mapstructure compat
- Update Credential struct, CredentialsConfig interface, verifier
context types, database models, and trusted issuer validation
- Add parameterized tests for UnmarshalJSON and decode hook
- All existing tests pass with updated test helpers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add MigrateCredentialsTrustedListType() that scans scope_entry rows
and backfills empty listType fields with the default value ("ebsi")
- Hook migration into InitSchema so it runs automatically on startup
- Add comprehensive tests: backfill, idempotency, empty DB, placeholder adaptation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove database/migrations.go and database/migrations_test.go (Go code migrations) - Remove migration call from database/schema.go InitSchema() - Add db/migration/changelog.xml (Liquibase root changelog) - Add db/migration/v3/changelog-v3_0_0.xml (backfill empty listType with "ebsi") - Liquibase format is compatible with CCS migration chain (v0..v2) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…5' (#2) from ticket-41/step-1 into ticket-41/work Reviewed-on: http://localhost:3001/general-agent-3/VCVerifier/pulls/2 Reviewed-by: wistefan <wistefan@dev-env.local>
Implement IsTrustedParticipantV5 and GetTrustedIssuerV5 on TirHttpClient to support the EBSI TIR v5 API. The v5 API returns attribute references (URLs) instead of inline data, requiring a multi-step flow: get issuer, paginate attribute list, fetch each attribute individually. Results are assembled into the existing TrustedIssuer struct and cached via tilCache. Includes 13 parameterized tests covering single/multiple attributes, pagination, hasAttributes=false, 404s, network errors, partial failures, multi-endpoint fallback, and caching behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ods' (#3) from ticket-41/step-2 into ticket-41/work Reviewed-on: http://localhost:3001/general-agent-3/VCVerifier/pulls/3 Reviewed-by: wistefan <wistefan@dev-env.local>
…cipant Route "ebsi-v5" typed entries to new v5 TIR client methods. The existing "ebsi" type continues to use v3/v4 auto-detection. In trustedparticipant.go, added typeEbsiV5 constant and dispatch branch calling IsTrustedParticipantV5. In trustedissuer.go, refactored ValidateVC to split URLs by type and try ebsi (v3/v4) first then ebsi-v5, renamed extractTilURLs to extractTilURLsByType with type filtering and empty-type backward compat. Updated mock TirClient with separate v5 lists and added comprehensive table-driven tests for v5-only, mixed ebsi+v5, and fallback scenarios. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… layer' (#4) from ticket-41/step-3 into ticket-41/work Reviewed-on: http://localhost:3001/general-agent-3/VCVerifier/pulls/4 Reviewed-by: wistefan <wistefan@dev-env.local>
Test coverage for the complete TIR v5 flow: - Config parsing tests for structured trustedIssuersLists (v5 and mixed formats) - CCS client test for JSON responses with ebsi-v5 typed entries - Database round-trip tests for CredentialDB with ebsi-v5 typed lists - Verifier integration tests verifying v5 type propagation through getTrustRegistriesValidationContext and AuthenticationResponse flows - YAML test fixtures for v5-only and mixed v5/legacy configurations Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add httptest-based integration tests for v5 attribute retrieval (TestV5AttributeRetrieval_Integration) covering single attribute, multi-page pagination, no-attributes, and 404 scenarios - Add httptest-based integration test for v5 participant checking (TestV5ParticipantCheck_Integration) covering registered and unregistered participants - Add jsonHandler helper for concise test server setup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…t fixtures, and documentation' (#5) from ticket-41/step-4 into ticket-41/work Reviewed-on: http://localhost:3001/general-agent-3/VCVerifier/pulls/5 Reviewed-by: wistefan <wistefan@dev-env.local>
wistefan
added
the
minor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Config type extension: Extended TrustedIssuersLists and TrustedParticipantsLists from plain string arrays to structured types with type and url fields. Added TrustedIssuersList and TrustedParticipantsList structs with custom JSON unmarshaling for backward compatibility. Legacy ["https://url"] format auto-converts to {type: "ebsi", url: "https://url"}. Database models and Liquibase migration included to backfill existing data.
TIR v5 client: Implemented GetIssuerV5(), GetAttributesV5(), and GetSingleAttributeV5() methods in tir/tirClient.go for multi-step attribute fetching (get issuer → list attributes with pagination → fetch each attribute). Added corresponding v5 response types.
Verifier layer wiring: Updated trustedissuer.go and trustedparticipant.go to dispatch to v5 client methods when type: "ebsi-v5" is configured, while defaulting to existing v3/v4 auto-detection for type: "ebsi" (backward-compatible).