feat(mso_mdoc): rewrite using isomdl-uniffi & migrate to uv #10
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
In an effort to push the mDL integration tests as far as possible, I have made the tweaks necessary to get the Sphereon test harness to recognize the service as adhering to the oid4vc draft 13 spec. I have also pushed the credo tests as far as I possibly could to the point where we are now seeing the same error that we're seeing within the Sphereon mobile app. Despite these changes, the Paradym wallet is still refusing to recognize the service as a valid oid4vc service. Interop Integration test status: - Sphereon now passes - Credo now complains about receiving all the data for the credential but not able to read everything needed to decode. If I understood the error correctly that is. It's late and I'm tired. Great progress made today! Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
…at/mdoc Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
…at/mdoc Signed-off-by: Colton Wolkins (Laptop) <colton@indicio.tech>
Signed-off-by: Char Howland <char@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
…repo - Convert pyproject.toml files from Poetry to UV format - Add isomdl-uniffi dependency from GitHub repository - Remove old local isomdl-uniffi binary files and wrapper - Delete poetry.lock file (no longer needed with UV) - Add missing dependencies (cwt, pycose, jsonpointer) for mso_mdoc and sd_jwt functionality Signed-off-by: Adam Burdett <burdettadam@gmail.com>
…compliance - Replace uniffi_scratch with isomdl-uniffi GitHub dependency for production-ready mDoc operations - Implement comprehensive credential processor with real cryptographic operations using P-256 ECDSA - Add persistent storage manager for secure key and certificate management - Introduce key generation utilities supporting EC P-256 and X.509 certificate creation - Remove mock-based testing in favor of real functional tests with actual mDoc operations - Add comprehensive test suite (49 tests) covering real integration, storage, and processing - Enhance documentation with ISO 18013-5 compliance references and API documentation - Implement robust string/bytes handling for various isomdl-uniffi output formats - Add security validations with proper exception handling and error context - Support selective disclosure and CBOR/COSE encoding per mobile document standards This implementation provides a complete, production-ready ISO 18013-5 compliant mobile document credential format with real cryptographic operations, comprehensive testing, and proper integration with ACA-Py's credential issuance framework. Files changed: 30 files changed, 4457 insertions(+), 4344 deletions(-) Key additions: storage.py, key_generation.py, 7 new comprehensive test files Key removals: uniffi_scratch/ directory, x509.py, mock-based test files Signed-off-by: Adam Burdett <burdettadam@gmail.com>
- Add extensive real data test suite (2600+ lines) achieving 49.57% coverage - Migrate from Poetry to UV package manager with isomdl-uniffi integration - Update credential configurations to OID4VCI 1.0 spec compliance - Transform mocked tests to real data implementations across all modules - Add comprehensive public route functionality tests with authentic workflows - Update MSO mDOC and JWT VC JSON credential processors for real data - Enhance integration test infrastructure with realistic credential scenarios - Add end-to-end OID4VC flows with university degrees, employment, identity credentials This commit represents a major improvement in test quality and specification compliance, moving from artificial mocked scenarios to production-ready test patterns with real credential data and authentic protocol workflows. Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Major changes to support containerized integration testing: ## Docker Build Fixes - Fix docker/Dockerfile to use wheel file for isomdl-uniffi private dependency - Add isomdl_uniffi-0.1.0-py3-none-any.whl to docker/ directory - Remove entrypoint.sh and simplify container startup - Update integration/Dockerfile to use uv package manager - Remove isomdl_wrapper references, add wheel file support ## Integration Test Infrastructure - Simplified docker-compose.yml with core OID4VC services: - ACA-Py issuer/verifier agents with OID4VC plugin - Credo agent for credential wallet functionality - Add comprehensive health checks and service dependencies - Update pyproject.toml files to comment out git dependencies for Docker compatibility ## Test Coverage Additions - Add test_docker_connectivity.py: Network connectivity validation - Add test_acapy_oid4vc_simple.py: Basic OID4VC flow testing - Add test_acapy_to_credo_issuance.py: End-to-end credential issuance from ACA-Py to Credo - Add test_acapy_to_credo_to_acapy_flow.py: Complete round-trip flow - Fix async test decorators across test files - Update conftest.py with proper fixture configuration ## Credo Agent Updates - Update Credo wrapper to TypeScript with proper OID4VC support - Add @credo-ts dependencies for OpenID4VC protocols - Configure proper API endpoints and credential handling ## Infrastructure Cleanup - Remove Sphereon integration (sphereon/ directory and wrapper) - Remove isomdl_wrapper in favor of direct wheel file usage - Update README.md with new Docker build instructions ## Validation Results All core integration tests passing: - ✅ Docker network connectivity - ✅ ACA-Py health checks and credential offers - ✅ Simple OID4VC flow end-to-end - ✅ ACA-Py to Credo credential issuance This enables reliable containerized development and CI/CD integration testing for the OID4VC plugin with core functionality validated. Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Migrated OID4VCI 1.0 and mDoc compliance tests from development files to the integration test suite. Added test configuration and utilities. Cleaned up consolidated test files. Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Added run-tests.sh helper script and additional docker-compose configurations for development and full test suites. Updated .gitignore to exclude test-results. Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Updated Docker Compose health checks and test commands. Temporarily disabled mso_mdoc plugin in dev config. Updated OID4VP flow to use new API endpoints. Cleaned up error handling in test scripts and fixed imports. Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
…idation Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
- Moved all imports to top of files to satisfy E402 violations - Added missing docstrings for classes and functions (D101/D102/D103) - Fixed line length violations (E501) by refactoring long list comprehensions - Added missing cryptography imports (x509, hashes, serialization, NameOID) - Suppressed F401 warnings for test imports using # noqa comments - Applied ruff and isort formatting across oid4vc directory - All files now pass ruff check cleanly Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
- Fix formatting and linting issues in oid4vc - Update mdoc and sd-jwt-vc implementation details - Add tests for sd-jwt-vc Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
- Fix unit tests by correctly mocking and objects. - Remove unused files: , , , and . - Update files to remove dependency on and use direct command. - Add for Credo integration testing. - Enhance with payload preparation and better JWK handling. - Update public routes to support CWT proofs and improve error handling. - Apply linting and formatting fixes across the codebase (ruff, black, isort). - Update dependencies and linting configuration. Signed-off-by: Adam Burdett <burdettadam@gmail.com>
burdettadam
pushed a commit
that referenced
this pull request
Dec 2, 2025
…allet-foundation#1526) * Add Hedera ACA-Py plugin (#2) Signed-off-by: Paulo Caldas <paulo.caldas@dsr-corporation.com> Signed-off-by: Alexander Shenshin <alexander.shenshin@dsr-corporation.com> * build(deps): bump jinja2 in /firebase_push_notifications (#1) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.4...3.1.5) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Keith Kowal <keith.kowal@hashgraph.com> * Update Hedera plugin to use native Hedera plugin SDK (#10) Signed-off-by: Alexander Shenshin <93187809+AlexanderShenshin@users.noreply.github.com> Signed-off-by: Alexander Shenshin <alexander.shenshin@dsr-corporation.com> * chore(hedera): Use DID SDK dependency from Hiero repo + minor cleanup Signed-off-by: Alexander Shenshin <alexander.shenshin@dsr-corporation.com> * Revert accidental changes to firebase plugin lockfile Signed-off-by: Alexander Shenshin <alexander.shenshin@dsr-corporation.com> * fix(hedera): Add testnet config for integration tests Signed-off-by: Alexander Shenshin <alexander.shenshin@dsr-corporation.com> --------- Signed-off-by: Paulo Caldas <paulo.caldas@dsr-corporation.com> Signed-off-by: Alexander Shenshin <alexander.shenshin@dsr-corporation.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Alexander Shenshin <93187809+AlexanderShenshin@users.noreply.github.com> Co-authored-by: paulo-caldas-code <paulo.caldas@dsr-corporation.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Keith Kowal <keith.kowal@hashgraph.com>
…roof handling
This commit enhances OID4VC integration testing capabilities and fixes several
critical issues in credential issuance and presentation flows.
## New Features
### Sphereon Integration Testing
- Add Sphereon wallet server implementation for interoperability testing
- New TypeScript server with OID4VCI/OID4VP support (263 lines)
- Docker configuration for containerized testing
- Package dependencies: @sphereon/ssi-sdk-ext.did-resolver-jwk,
@sphereon/oid4vci-client, @sphereon/did-auth-siop
- Add comprehensive test suites:
- test_sphereon.py: 321 lines of positive flow tests
- test_sphereon_negative.py: 66 lines of error handling tests
- test_cred_offer_uri.py: 112 lines for credential offer URI testing
## Bug Fixes
### Credential Offer Response Schema
- Fix response field naming: rename to for consistency
- Fix to in response schema
- Update credential offer by reference to include exchange_id in URI
### JWT Proof Verification
- Add explicit signature verification failure handling with HTTP 400 response
- Fix JWK extraction: fallback to public key when jwk header is missing
- Improve holder JWK resolution in proof validation
### mDoc Issuance
- Refactor mDL signing to support multi-namespace credentials
- Replace mdl-specific function with generic namespace-based approach
- Add proper CBOR encoding per namespace item
- Support both org.iso.18013.5.1 and org.iso.18013.5.1.aamva namespaces
### Presentation Response
- Change presentation POST response from empty 200 to JSON response
### Supported Credential Schema
- Fix JWT credential type field: rename to
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
…cker build branch Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
…tion, and improve OID4VP spec compliance Integration test infrastructure: - Map issuer admin port 8021→8083 to avoid macOS launchd conflict - Add comprehensive cross-wallet compatibility tests (Credo/Sphereon) for SD-JWT, JWT-VC, and mDOC credential formats - Add edge case tests for error handling, concurrent requests, special characters, large payloads, and replay attack scenarios mDOC/OID4VP fixes: - Fix mDOC selective disclosure test: input descriptor ID must match docType (org.iso.18013.5.1.mDL) for Credo/animo-id/mdoc library - Refactor MsoMdocPresVerifier to use retrieve_or_create_did_jwk for consistent client_id resolution, matching OID4VP request creation - Remove duplicate _get_verifier_did methods and unused imports Revocation test improvements: - Handle Credo 0.6.0 credential response format with nested credentialInstances array structure - Support compactSdJwtVc, compactJwtVc, and credential field variants - Parse SD-JWT format correctly when extracting JWT for status checks OID4VP spec compliance: - Remove deprecated client_id_scheme field from authorization request - DID-based client_id is now recognized via did: prefix per OID4VP v1.0 Test fixture updates: - Add OID4VCI v1.0 required fields (cryptographic_binding_methods_supported, cryptographic_suites_supported) to mDOC validation test Signed-off-by: Adam Burdett <burdettadam@gmail.com>
…ertificate generation - Add WalletTrustStore for wallet-backed mDoc trust anchors - Add trust anchor CRUD API routes (/mso_mdoc/trust-anchors) - Add dynamic certificate generation fixtures for integration tests - Refactor storage module into submodules (keys, certificates, trust_anchors, config) - Add ISO 18013-5 compliant IACA certificate extensions - Update OID4VP SessionTranscript to 2024 spec format Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
- Implement DCQL support for OID4VC flow with mDOC - Refactor and into modular packages Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
- Fix exception class typos: CredVerifeirError → CredVerifierError, PresVerifeirError → PresVerifierError - Change debug LOGGER.error() calls to LOGGER.debug() with proper messages - Move inline imports to top of files (base64 in issuer.py) - Extract duplicated int_to_base64url_uint function to module level - Add proper exception chaining with 'raise ... from e/None' - Replace broad 'except Exception' with specific InjectionError - Remove dead code: oid4vc/routes/x509.py (broken compatibility stubs) - Apply black formatting and fix trailing whitespace - Add noqa comments for intentional availability check imports Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Signed-off-by: Adam Burdett <burdettadam@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces a complete rewrite of the
mso_mdocplugin to useisomdl-uniffifor ISO 18013-5 compliance. It also migrates the project dependency management from Poetry to UV.Key Changes:
isomdl-uniffibindings for better performance and compliance.Note: This PR is being merged into a temporary upstream branch (
temp/upstream-main) for integration testing before merging into the main codebase.