Conversation
## Summary Add 18 new tests across 4 test files to establish a safety net before replacing trustbloc libraries with custom implementations. ### Tests added - **key_resolver_test.go** (6 tests): `VdrKeyResolver.ResolvePublicKeyFromDID()` with mocked VDR — fragment resolution, bare did:key, VDR failures, key ID mismatch, nil JWK, multi-VDR fallback - **jwt_verifier_test.go** (4 tests): `TrustBlocValidator.ValidateVC()` — none/combined/jsonLd/baseContext validation modes - **presentation_parser_test.go** (6 tests): `ClaimsToCredential()` and `ParseWithSdJwt()` — success, missing iss/vct, missing vp/vc, malformed payload - **trustedissuer_test.go** (5 tests): `parseAttribute()`/`parseAttributes()` — valid base64, invalid base64, invalid JSON, empty, mixed All 18 new tests pass. Full test suite passes. ## Test plan - [x] `go test ./verifier/... -v` — all tests pass - [x] `go test ./... -v` — full suite passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com> Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/1 Reviewed-by: wistefan <wistefan@googlemail.com> Co-authored-by: claude <claude@gitea.com> Co-committed-by: claude <claude@gitea.com>
## Summary Add project-local types in `common/credential.go` that mirror the subset of trustbloc `verifiable` types used by the codebase. These will replace `trustbloc/vc-go/verifiable` in subsequent steps. ### Types added - `Issuer`, `Subject`, `CustomFields`, `JSONObject`, `CredentialContents` - `Credential` with `Contents()`, `ToRawJSON()`, `MarshalJSON()` - `Presentation` with `Holder`, `ID`, `Credentials()`, `AddCredentials()`, `MarshalJSON()` - `CreateCredential()` and `NewPresentation()` constructors - `WithCredentials()` functional option No production code changes — only new types and 11 unit tests. ## Test plan - [x] `go test ./common/... -v` — 11 tests pass - [x] `go build ./...` — compiles - [x] `go test ./... -timeout 120s` — full suite passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com> Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/2 Reviewed-by: wistefan <wistefan@googlemail.com> Co-authored-by: claude <claude@gitea.com> Co-committed-by: claude <claude@gitea.com>
## Summary - New `did/` package with resolvers for `did:key`, `did:web`, and `did:jwk` - Multi-method `Registry` with `VDR` interface matching the trustbloc pattern but simplified - `did:key`: multibase/multicodec decoding supporting Ed25519, P-256, P-384, secp256k1 - `did:web`: HTTPS fetch + JSON DID document parsing with `publicKeyJwk` and `publicKeyMultibase` support - `did:jwk`: base64url JWK decoding - 20 tests covering all resolvers, URL conversion, error cases, and type constructors ## Test plan - [x] `go test ./did/... -v` — all 20 tests pass - [x] `go test ./...` — full suite passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com> Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/3 Co-authored-by: claude <claude@gitea.com> Co-committed-by: claude <claude@gitea.com>
## Summary
- Replace trustbloc `did-go/method/{web,key,jwk}` and `did-go/vdr` with custom `did/` package in `JWTVerfificationMethodResolver.ResolveVerificationMethod()`
- Convert `lestrrat-go/jwx` JWK key to trustbloc `jose/jwk.JWK` via JSON round-trip for compatibility with the existing proof checker
- Removed 4 trustbloc imports, added 1 custom `did` import + 1 `kms-go/doc/jose/jwk` import (for the bridge)
## Test plan
- [x] `go test ./verifier/... -v` — all tests pass
- [x] `go test ./...` — full suite passes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com>
Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/4
Reviewed-by: wistefan <wistefan@googlemail.com>
Co-authored-by: claude <claude@gitea.com>
Co-committed-by: claude <claude@gitea.com>
…, api_api (#5) ## Summary - **key_resolver.go**: Replace `api.VDR` with `did.VDR`, return JWK directly from custom `VerificationMethod.JSONWebKey()` — eliminates the JSON serialize/parse round-trip - **request_object_client.go**: Replace trustbloc VDR instantiation with `did.NewKeyVDR()`, `did.NewJWKVDR()`, `did.NewWebVDR()` - **openapi/api_api.go**: Same VDR replacement - **key_resolver_test.go**: Rewrite mock VDR and helpers to use custom `did` types (simpler interface — no Create/Update/Deactivate/Close) - Net: -91 lines removed, +45 added ## Test plan - [x] `go test ./verifier/... -v` — all tests pass - [x] `go test ./openapi/... -v` — all tests pass - [x] `go test ./...` — full suite passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com> Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/5 Reviewed-by: wistefan <wistefan@googlemail.com> Co-authored-by: claude <claude@gitea.com> Co-committed-by: claude <claude@gitea.com>
## Summary
- Replace `trustbloc/did-go` VDR registry with custom `did.Registry` via a `DIDResolver` interface
- Extract x5u from JWK using `lestrrat-go/jwx` `Get("x5u")` instead of `go-jose` `CertificatesURL` field
- Rewrite test helpers to build DID documents using `did.NewVerificationMethodFromJWK` + `jwk.ParseKey`
- Removes all `trustbloc/did-go` imports from the `gaiax` package
## Test plan
- [x] `go test ./gaiax/... -v` — all tests pass
- [x] `go test ./...` — full suite passes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com>
Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/6
Reviewed-by: wistefan <wistefan@googlemail.com>
Co-authored-by: claude <claude@gitea.com>
Co-committed-by: claude <claude@gitea.com>
Replace trustbloc verifiable.Credential/Presentation types with common.Credential/Presentation across all production and test code. The presentation parser still uses trustbloc internally for parsing/proof-checking, converting results to common types via bridge functions. Key changes: - common/credential.go: ToRawJSON() now returns JSONObject (no error), added rawJSON field and SetRawJSON() for preserving original JSON during bridge period - presentation_parser.go: Interfaces return common types, added convertTrustblocCredential() and convertTrustblocPresentation() bridge functions - jwt_verifier.go: TrustBlocValidator uses OriginalVC() bridge for validation - All validation services (holder, trustedissuer, trustedparticipant, compliance, gaiax): Accept *common.Credential instead of *verifiable.Credential - verifier.go: All interfaces use common types - openapi/api_api.go: Presentation handling uses common types Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…types' (#7) from step-6-local-credential-types into trustbloc Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/7 Reviewed-by: wistefan <wistefan@googlemail.com>
## Summary - Replace trustbloc `verifiable.ParsePresentation` with custom JWT and JSON-LD VP/VC parsing - New `verifier/jwt_proof_checker.go`: JWT signature verification using DID-resolved keys via lestrrat-go/jwx, handles did:elsi via JAdES - Delete `verifier/elsi_proof_checker.go` (logic moved to jwt_proof_checker.go) - JWT VPs/VCs get cryptographic proof verification; JSON-LD VPs parsed without LD-proof verification - Updated openapi tests: dynamic VP token generation, updated JSON-LD VP test expectations - SD-JWT parsing still uses trustbloc (Step 8) ## Test plan - [x] `go build ./...` compiles cleanly - [x] `go test ./... -count=1` all tests pass - [x] Signed did:key VP token verification works end-to-end - [x] did:elsi JAdES verification preserved 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com> Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/8 Reviewed-by: wistefan <wistefan@googlemail.com> Co-authored-by: claude <claude@gitea.com> Co-committed-by: claude <claude@gitea.com>
## Summary - Replace trustbloc `sdv.Parse()` with custom `common.ParseSDJWT()` implementation - New `common/sdjwt.go`: splits combined format by `~`, verifies issuer JWT signature, decodes disclosures, reconstructs claims from `_sd` digests - Removed `ParserOpts`, `sdJwtProofChecker`, `defaultSdJwtParserOptions` from presentation_parser.go - SD-JWT VC signature verification now uses the same `JWTProofChecker` as VP/VC verification ## Test plan - [x] `go build ./...` compiles cleanly - [x] `go test ./... -count=1` all tests pass - [x] Real SD-JWT token from test data parsed correctly (iss, vct, disclosures) - [x] SD-JWT integration tests in openapi pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com> Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/9 Reviewed-by: wistefan <wistefan@googlemail.com> Co-authored-by: claude <claude@gitea.com> Co-committed-by: claude <claude@gitea.com>
## Summary - Replace `TrustBlocValidator` with custom `CredentialValidator` supporting modes: none, combined, jsonLd, baseContext - Remove `JWTVerfificationMethodResolver` (no longer needed) - Remove `originalVC` bridge from `common/credential.go` - Remove trustbloc `verifiable` import from `jwt_verifier.go` ## Test plan - [x] All existing tests pass - [x] New tests for baseContext rejection of custom types - [x] New tests for combined mode accepting valid credentials Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com> Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/10 Reviewed-by: wistefan <wistefan@googlemail.com> Co-authored-by: claude <claude@gitea.com> Co-committed-by: claude <claude@gitea.com>
## Summary - Add `common.ParseCredentialJSON()` for parsing VCs from JSON - Add `common.LinkedDataProofContext` and `Presentation.AddLinkedDataProof()` for LD-proof creation using json-gold canonicalization - Replace all trustbloc imports in `tir/tokenProvider.go` and `tir/tokenProvider_test.go` - Zero trustbloc references remain in any `.go` files ## Test plan - [x] All tir tests pass (GetToken, InitM2MTokenProvider) - [x] Invalid context correctly fails LD-proof canonicalization - [x] Full test suite passes across all packages Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com> Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/11 Reviewed-by: wistefan <wistefan@googlemail.com> Co-authored-by: claude <claude@gitea.com> Co-committed-by: claude <claude@gitea.com>
## Summary - Run `go mod tidy` to remove `trustbloc/did-go`, `trustbloc/vc-go`, and `trustbloc/kms-go` from go.mod/go.sum - 145 lines removed from go.sum - Zero trustbloc references remain in any `.go`, `go.mod`, or `go.sum` files ## Test plan - [x] `go build ./...` succeeds - [x] `go test ./...` — all 8 packages pass - [x] `grep -r trustbloc` returns nothing Co-authored-by: Stefan Wiedemann <wistefan@googlemail.com> Reviewed-on: http://localhost:3000/wistefan/verifier/pulls/12 Reviewed-by: wistefan <wistefan@googlemail.com> Co-authored-by: claude <claude@gitea.com> Co-committed-by: claude <claude@gitea.com>
wistefan
added
the
minor
Mortega5
approved these changes
Mar 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#48 Summary
All three
trustbloclibraries (did-go,vc-go,kms-go) and their transitive dependencies (bbs-signature-go,sidetree-go) have been replaced with custom, in-project implementations. This eliminates a set of unmaintained third-party dependencies while preserving full functional equivalence.The work was done incrementally across:
3-5. Replaced DID resolution across
jwt_verifier,key_resolver,request_object_client,api_api, andgaiaxverifiable.ParsePresentation)tir/tokenProvider.gogo mod tidy