wip

api/ssi_types_test.go

@@ -122,14 +122,15 @@ func Test_DIDDocumentMetadata(t *testing.T) {
 }
 
 func createVerifiableCredential() vcr.VerifiableCredential {
+	issuanceDate := time.Now()
 	return vcr.VerifiableCredential{
 		Context: []ssi.URI{ssi.MustParseURI("https://www.w3.org/2018/credentials/v1")},
 		Type: []ssi.URI{
 			ssi.MustParseURI("NutsOrganizationCredential"),
 			ssi.MustParseURI("VerifiableCredential"),
 		},
 		Issuer:            ssi.MustParseURI("did:nuts:CuE3qeFGGLhEAS3gKzhMCeqd1dGa9at5JCbmCfyMU2Ey"),
-		IssuanceDate:      time.Now(),
+		IssuanceDate:      &issuanceDate,
 		CredentialSubject: []interface{}{"subject"},
 		Proof:             []interface{}{"because"},
 	}

auth/api/auth/v1/api_test.go

@@ -489,13 +489,14 @@ func TestWrapper_RequestAccessToken(t *testing.T) {
 	t.Run("happy_path", func(t *testing.T) {
 		ctx := createContext(t)
 
+		issuanceDate := time.Now()
 		credentials := []vc.VerifiableCredential{
 			{
 				Context:      []ssi.URI{vc.VCContextV1URI(), credential.NutsV1ContextURI},
 				ID:           &ssi.URI{},
 				Type:         []ssi.URI{*credential.NutsAuthorizationCredentialTypeURI, vc.VerifiableCredentialTypeV1URI()},
 				Issuer:       vdr.TestDIDA.URI(),
-				IssuanceDate: time.Now(),
+				IssuanceDate: &issuanceDate,
 				CredentialSubject: []interface{}{credential.NutsAuthorizationCredentialSubject{
 					ID:           vdr.TestDIDB.String(),
 					PurposeOfUse: "eTransfer",

auth/api/iam/api_test.go

@@ -105,7 +105,7 @@ func TestWrapper_GetWebDID(t *testing.T) {
 		ID: webDID,
 	}
 	// remarshal expectedWebDIDDoc to make sure in-memory format is the same as the one returned by the API
-	data, _ := expectedWebDIDDoc.MarshalJSON()
+	data, _ := json.Marshal(expectedWebDIDDoc)
 	_ = expectedWebDIDDoc.UnmarshalJSON(data)
 
 	t.Run("ok", func(t *testing.T) {

auth/services/oauth/relying_party_test.go

@@ -257,12 +257,13 @@ func TestService_CreateJwtBearerToken(t *testing.T) {
 
 	id := vdr.TestDIDA.URI()
 	id.Fragment = "1"
+	issuanceDate := time.Now()
 	validCredential := vc.VerifiableCredential{
 		Context:      []ssi.URI{vc.VCContextV1URI(), credential.NutsV1ContextURI},
 		ID:           &id,
 		Type:         []ssi.URI{*credential.NutsAuthorizationCredentialTypeURI, vc.VerifiableCredentialTypeV1URI()},
 		Issuer:       vdr.TestDIDA.URI(),
-		IssuanceDate: time.Now(),
+		IssuanceDate: &issuanceDate,
 		CredentialSubject: []interface{}{credential.NutsAuthorizationCredentialSubject{
 			ID:           vdr.TestDIDB.String(),
 			PurposeOfUse: "eTransfer",

auth/services/selfsigned/signer.go

@@ -124,7 +124,7 @@ func (v *signer) createVP(ctx context.Context, s types.Session, issuanceDate tim
 		Context:           []ssi.URI{credential.NutsV1ContextURI},
 		Type:              []ssi.URI{ssi.MustParseURI(credentialType)},
 		Issuer:            issuerID.URI(),
-		IssuanceDate:      issuanceDate,
+		IssuanceDate:      &issuanceDate,
 		ExpirationDate:    &expirationData,
 		CredentialSubject: s.CredentialSubject(),
 	}

discovery/test.go

@@ -129,7 +129,8 @@ func createCredential(issuerDID did.DID, subjectDID did.DID, credentialSubject m
 	vcID := did.DIDURL{DID: issuerDID}
 	vcID.Fragment = uuid.NewString()
 	vcIDURI := vcID.URI()
-	expirationDate := time.Now().Add(time.Hour * 24)
+	issuanceDate := time.Now()
+	expirationDate := issuanceDate.Add(time.Hour * 24)
 	if credentialSubject == nil {
 		credentialSubject = make(map[string]interface{})
 	}
@@ -138,7 +139,7 @@ func createCredential(issuerDID did.DID, subjectDID did.DID, credentialSubject m
 		ID:                &vcIDURI,
 		Type:              []ssi.URI{ssi.MustParseURI("VerifiableCredential"), ssi.MustParseURI("TestCredential")},
 		Issuer:            issuerDID.URI(),
-		IssuanceDate:      time.Now(),
+		IssuanceDate:      &issuanceDate,
 		ExpirationDate:    &expirationDate,
 		CredentialSubject: []interface{}{credentialSubject},
 	}, func(ctx context.Context, claims map[string]interface{}, headers map[string]interface{}) (string, error) {

go.mod

@@ -25,7 +25,7 @@ require (
 	github.com/nats-io/nats-server/v2 v2.10.5
 	github.com/nats-io/nats.go v1.31.0
 	github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b
-	github.com/nuts-foundation/go-did v0.10.0
+	github.com/nuts-foundation/go-did v0.10.1
 	github.com/nuts-foundation/go-leia/v4 v4.0.1
 	github.com/nuts-foundation/go-stoabs v1.9.0
 	// check the oapi-codegen tool version in the makefile when upgrading the runtime

go.sum

@@ -448,14 +448,8 @@ github.com/nightlyone/lockfile v1.0.0/go.mod h1:rywoIealpdNse2r832aiD9jRk8ErCatR
 github.com/npillmayer/nestext v0.1.3/go.mod h1:h2lrijH8jpicr25dFY+oAJLyzlya6jhnuG+zWp9L0Uk=
 github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b h1:80icUxWHwE1MrIOOEK5rxrtyKOgZeq5Iu1IjAEkggTY=
 github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b/go.mod h1:6YUioYirD6/8IahZkoS4Ypc8xbeJW76Xdk1QKcziNTM=
-github.com/nuts-foundation/go-did v0.9.0 h1:JBz1cYaMxplKZ31QyWierrR3Yt2RIpaxZTt8KFm4Ph4=
-github.com/nuts-foundation/go-did v0.9.0/go.mod h1:L39mh6SBsuenqeZw2JxARx4a/bwdARwchG2x3zPMTjc=
-github.com/nuts-foundation/go-did v0.9.1-0.20231130131753-940e6a204184 h1:FpmffpdwFe927vT8eIlgWlXOkMCXXoQz1KpIToFX4xU=
-github.com/nuts-foundation/go-did v0.9.1-0.20231130131753-940e6a204184/go.mod h1:lIoZWplLKE5wHejFVCs3pVdT1u659ZOnTRNvF1Q8lqE=
-github.com/nuts-foundation/go-did v0.9.1-0.20231201081127-fe64a8cc4906 h1:5Y5NBQpBeEGzvciWlqtaWKT31la1LdCDqo0LskVQe1g=
-github.com/nuts-foundation/go-did v0.9.1-0.20231201081127-fe64a8cc4906/go.mod h1:lIoZWplLKE5wHejFVCs3pVdT1u659ZOnTRNvF1Q8lqE=
-github.com/nuts-foundation/go-did v0.10.0 h1:PWfmK0zQu8TwMChl4bW+sZdjSemtCNhcqVa2LQLq2+U=
-github.com/nuts-foundation/go-did v0.10.0/go.mod h1:lIoZWplLKE5wHejFVCs3pVdT1u659ZOnTRNvF1Q8lqE=
+github.com/nuts-foundation/go-did v0.10.1 h1:7A2qgqD6XYOWEEn1bOlttOBl59J/bF8qhMwDGB5Ihpk=
+github.com/nuts-foundation/go-did v0.10.1/go.mod h1:lIoZWplLKE5wHejFVCs3pVdT1u659ZOnTRNvF1Q8lqE=
 github.com/nuts-foundation/go-leia/v4 v4.0.1 h1:+Sbk3Bew1QnRUqRXSOwomMw3nIZgncmTX425J7U5Q34=
 github.com/nuts-foundation/go-leia/v4 v4.0.1/go.mod h1:eaZuWIolpU61TMvTMcen85+SOEOnHiALdg5SxqLXzz8=
 github.com/nuts-foundation/go-stoabs v1.9.0 h1:zK+ugfolaJYyBvGwsRuavLVdycXk4Yw/1gI+tz17lWQ=

vcr/api/vcr/v2/types_test.go

@@ -56,10 +56,11 @@ func Test_Marshalling(t *testing.T) {
 		assert.IsType(t, make(map[string]interface{}, 0), result["credentialSubject"]) // single entry should not end up as slice
 	})
 	t.Run("CreateVP200JSONResponse", func(t *testing.T) {
+		issuanceDate := time.Now()
 		r := CreateVP200JSONResponse{
 			VerifiableCredential: []VerifiableCredential{
 				{
-					IssuanceDate: time.Now(),
+					IssuanceDate: &issuanceDate,
 				},
 			},
 		}

vcr/credential/test.go

@@ -38,12 +38,13 @@ import (
 
 func ValidNutsAuthorizationCredential() *vc.VerifiableCredential {
 	id := stringToURI(vdr.TestDIDA.String() + "#38E90E8C-F7E5-4333-B63A-F9DD155A0272")
+	issuanceDate := time.Now()
 	return &vc.VerifiableCredential{
 		Context:      []ssi.URI{vc.VCContextV1URI(), NutsV1ContextURI},
 		ID:           &id,
 		Type:         []ssi.URI{*NutsAuthorizationCredentialTypeURI, vc.VerifiableCredentialTypeV1URI()},
 		Issuer:       stringToURI(vdr.TestDIDA.String()),
-		IssuanceDate: time.Now(),
+		IssuanceDate: &issuanceDate,
 		CredentialSubject: []interface{}{
 			NutsAuthorizationCredentialSubject{
 				ID:           vdr.TestDIDB.String(),

vcr/issuer/issuer.go

@@ -215,8 +215,9 @@ func (i issuer) buildVC(ctx context.Context, template vc.VerifiableCredential, o
 		ExpirationDate:    template.ExpirationDate,
 		IssuanceDate:      template.IssuanceDate,
 	}
-	if unsignedCredential.IssuanceDate.IsZero() {
-		unsignedCredential.IssuanceDate = TimeFunc()
+	if unsignedCredential.IssuanceDate == nil || unsignedCredential.IssuanceDate.IsZero() {
+		issuanceDate := TimeFunc()
+		unsignedCredential.IssuanceDate = &issuanceDate
 	}
 	if !unsignedCredential.ContainsContext(vc.VCContextV1URI()) {
 		unsignedCredential.Context = append(unsignedCredential.Context, vc.VCContextV1URI())
@@ -246,7 +247,7 @@ func (i issuer) buildJSONLDCredential(ctx context.Context, unsignedCredential vc
 	b, _ := json.Marshal(unsignedCredential)
 	_ = json.Unmarshal(b, &credentialAsMap)
 
-	proofOptions := proof.ProofOptions{Created: unsignedCredential.IssuanceDate}
+	proofOptions := proof.ProofOptions{Created: *unsignedCredential.IssuanceDate}
 
 	webSig := signature.JSONWebSignature2020{ContextLoader: i.jsonldManager.DocumentLoader(), Signer: i.keyStore}
 	signingResult, err := proof.NewLDProof(proofOptions).Sign(ctx, credentialAsMap, webSig, key)

vcr/issuer/issuer_test.go

@@ -66,7 +66,7 @@ func Test_issuer_buildVC(t *testing.T) {
 		Context:        []ssi.URI{schemaOrgContext},
 		Type:           []ssi.URI{credentialType},
 		Issuer:         issuerID,
-		IssuanceDate:   issuance,
+		IssuanceDate:   &issuance,
 		ExpirationDate: &expirationDate,
 		CredentialSubject: []interface{}{map[string]interface{}{
 			"id": subjectDID,
@@ -151,11 +151,12 @@ func Test_issuer_buildVC(t *testing.T) {
 		jsonldManager := jsonld.NewTestJSONLDManager(t)
 		sut := issuer{keyResolver: keyResolverMock, jsonldManager: jsonldManager, keyStore: keyStore}
 
+		issuanceDate := time.Now()
 		template := vc.VerifiableCredential{
 			Context:      []ssi.URI{vc.VCContextV1URI()},
 			Type:         []ssi.URI{credentialType},
 			Issuer:       issuerID,
-			IssuanceDate: time.Now(),
+			IssuanceDate: &issuanceDate,
 		}
 
 		result, err := sut.buildVC(ctx, template, CredentialOptions{})

vcr/issuer/network_publisher.go

@@ -86,7 +86,7 @@ func (p networkPublisher) PublishCredential(ctx context.Context, verifiableCrede
 
 	payload, _ := json.Marshal(verifiableCredential)
 	tx := network.TransactionTemplate(types.VcDocumentType, payload, key).
-		WithTimestamp(verifiableCredential.IssuanceDate).
+		WithTimestamp(*verifiableCredential.IssuanceDate).
 		WithAdditionalPrevs(meta.SourceTransactions).
 		WithPrivate(participants)
 

vcr/pe/presentation_definition_test.go

@@ -486,13 +486,13 @@ func Test_matchField(t *testing.T) {
 	testCredentialMap, _ := remarshalToMap(testCredential)
 
 	t.Run("single path match", func(t *testing.T) {
-		match, err := matchField(Field{Path: []string{"$.credentialSubject.field"}}, testCredentialMap)
+		match, err := matchField(Field{Path: []string{"$.credentialSubject[0].field"}}, testCredentialMap)
 
 		require.NoError(t, err)
 		assert.True(t, match)
 	})
 	t.Run("multi path match", func(t *testing.T) {
-		match, err := matchField(Field{Path: []string{"$.other", "$.credentialSubject.field"}}, testCredentialMap)
+		match, err := matchField(Field{Path: []string{"$.other", "$.credentialSubject[0].field"}}, testCredentialMap)
 
 		require.NoError(t, err)
 		assert.True(t, match)

vcr/pe/presentation_submission_test.go

@@ -204,7 +204,7 @@ func TestPresentationSubmission_Resolve(t *testing.T) {
     {
       "format": "ldp_vc",
       "id": "1",
-      "path": "$.verifiableCredential"
+      "path": "$.verifiableCredential[0]"
     }
   ]
 }
@@ -265,7 +265,7 @@ func TestPresentationSubmission_Resolve(t *testing.T) {
       "path_nested": {
         "id": "1",
         "format": "ldp_vc",
-        "path": "$.verifiableCredential"
+        "path": "$.verifiableCredential[0]"
       }
     },
     {
@@ -275,7 +275,7 @@ func TestPresentationSubmission_Resolve(t *testing.T) {
       "path_nested": {
         "id": "2",
         "format": "ldp_vc",
-        "path": "$.verifiableCredential"
+        "path": "$.verifiableCredential[0]"
       }
     }
   ]
@@ -301,7 +301,7 @@ func TestPresentationSubmission_Resolve(t *testing.T) {
     {
       "format": "ldp_vp",
       "id": "1",
-      "path": "$.verifiableCredential"
+      "path": "$.verifiableCredential[0]"
     }
   ]
 }
@@ -311,7 +311,7 @@ func TestPresentationSubmission_Resolve(t *testing.T) {
 
 		credentials, err := submission.Resolve(toEnvelope(t, vp))
 
-		require.EqualError(t, err, "unable to resolve credential for input descriptor '1': path '$.verifiableCredential' does not reference a credential")
+		require.EqualError(t, err, "unable to resolve credential for input descriptor '1': path '$.verifiableCredential[0]' does not reference a credential")
 		assert.Nil(t, credentials)
 	})
 	t.Run("invalid JSON-LD credential", func(t *testing.T) {
@@ -324,7 +324,7 @@ func TestPresentationSubmission_Resolve(t *testing.T) {
     {
       "format": "ldp_vc",
       "id": "1",
-      "path": "$.verifiableCredential.credentialSubject"
+      "path": "$.verifiableCredential[0].credentialSubject[0]"
     }
   ]
 }
@@ -347,7 +347,7 @@ func TestPresentationSubmission_Resolve(t *testing.T) {
     {
       "format": "ldp_vp",
       "id": "1",
-      "path": "$.verifiableCredential.credentialSubject"
+      "path": "$.verifiableCredential[0].credentialSubject[0]"
     }
   ]
 }
@@ -370,7 +370,7 @@ func TestPresentationSubmission_Resolve(t *testing.T) {
     {
       "format": "ldp_vc",
       "id": "1",
-      "path": "$.verifiableCredential.expirationDate"
+      "path": "$.verifiableCredential[0].expirationDate"
     }
   ]
 }
@@ -380,7 +380,7 @@ func TestPresentationSubmission_Resolve(t *testing.T) {
 
 		credentials, err := submission.Resolve(toEnvelope(t, vp))
 
-		assert.EqualError(t, err, "unable to resolve credential for input descriptor '1': value of Go type 'string' at path '$.verifiableCredential.expirationDate' can't be decoded using format 'ldp_vc'")
+		assert.EqualError(t, err, "unable to resolve credential for input descriptor '1': value of Go type 'string' at path '$.verifiableCredential[0].expirationDate' can't be decoded using format 'ldp_vc'")
 		assert.Nil(t, credentials)
 	})
 }
@@ -420,7 +420,7 @@ func TestPresentationSubmission_Validate(t *testing.T) {
 			DescriptorMap: []InputDescriptorMappingObject{
 				{
 					Id:     "1",
-					Path:   "$.verifiableCredential",
+					Path:   "$.verifiableCredential[0]",
 					Format: "ldp_vc",
 				},
 			},
@@ -484,7 +484,7 @@ func TestPresentationSubmission_Validate(t *testing.T) {
 					Format: "ldp_vp",
 					PathNested: &InputDescriptorMappingObject{
 						Id:     "1",
-						Path:   "$.verifiableCredential",
+						Path:   "$.verifiableCredential[0]",
 						Format: "ldp_vc",
 					},
 				},
@@ -494,7 +494,7 @@ func TestPresentationSubmission_Validate(t *testing.T) {
 					Format: "ldp_vp",
 					PathNested: &InputDescriptorMappingObject{
 						Id:     "2",
-						Path:   "$.verifiableCredential",
+						Path:   "$.verifiableCredential[0]",
 						Format: "ldp_vc",
 					},
 				},
@@ -584,7 +584,7 @@ func TestPresentationSubmission_Validate(t *testing.T) {
 			DescriptorMap: []InputDescriptorMappingObject{
 				{
 					Id:     "1", // actually maps to input descriptor 2, so should cause an error
-					Path:   "$.verifiableCredential",
+					Path:   "$.verifiableCredential[0]",
 					Format: "ldp_vc",
 				},
 			},

vcr/pe/test/definition_mapping.json

@@ -31,13 +31,13 @@
               }
             },
             {
-              "path": ["$.credentialSubject.organization.name"],
+              "path": ["$.credentialSubject[0].organization.name"],
               "filter": {
                 "type": "string"
               }
             },
             {
-              "path": ["$.credentialSubject.organization.city"],
+              "path": ["$.credentialSubject[0].organization.city"],
               "filter": {
                 "type": "string"
               }

vcr/pe/test/pd_jsonld.json

@@ -7,7 +7,7 @@
         "fields": [
           {
             "path": [
-              "$.credentialSubject.organization.city"
+              "$.credentialSubject[0].organization.city"
             ],
             "filter": {
               "type": "string",
@@ -16,7 +16,7 @@
           },
           {
             "path": [
-              "$.credentialSubject.organization.name"
+              "$.credentialSubject[0].organization.name"
             ],
             "filter": {
               "type": "string",

vcr/pe/test/pd_jsonld_jwt.json

@@ -6,7 +6,6 @@
         "fields": [
           {
             "path": [
-              "$.credentialSubject.organization.city",
               "$.credentialSubject[0].organization.city"
             ],
             "filter": {
@@ -16,7 +15,6 @@
           },
           {
             "path": [
-              "$.credentialSubject.organization.name",
               "$.credentialSubject[0].organization.name"
             ],
             "filter": {

vcr/pe/test/pd_jsonld_jwt_pick.json

@@ -17,7 +17,7 @@
         "fields": [
           {
             "path": [
-              "$.credentialSubject.organization.city"
+              "$.credentialSubject[0].organization.city"
             ],
             "filter": {
               "type": "string",
@@ -26,7 +26,7 @@
           },
           {
             "path": [
-              "$.credentialSubject.organization.name"
+              "$.credentialSubject[0].organization.name"
             ],
             "filter": {
               "type": "string",