### OpenID Client Metadata Response Example Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Example JSON response for OpenID client metadata. Includes version, client ID, supported VP formats, and localized client names. ```json { "version": "1.0", "client_id": "", "vp_formats": { "jwt_vp": { "alg": [ "ES256" ] } }, "client_name#de": "Entwicklungs-Demo-Verifizierer (Fallback DE)", "client_name#de-CH": "Entwickligs-Demo-Verifizier", "client_name#fr": "Vérificateur de démonstration de développement", "client_name#de-DE": "Entwicklungs-Demo-Verifizierer", "logo_uri": "www.example.com/logo.png", "client_name#en": "Development Demo Verifier", "logo_uri#fr": "www.example.com/logo_fr.png", "client_name": "DEV Demo Verifier (Base)" } ``` -------------------------------- ### Release Candidate Versioning Example Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md Shows the format for Release Candidate (RC) versions, indicating a pre-release build intended for testing before the final official release. ```text x.y.z-rc.N (e.g., 1.4.0-rc.1, 1.4.0-rc.2) → 1.4.0 (final release) ``` -------------------------------- ### Input Descriptor Example for SD-JWT Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md This is an example of an input descriptor that can be used with the verifier, specifying formats and constraints for SD-JWT credentials. ```json { "id": "00000000-0000-0000-0000-000000000000", "name": "Example Verification", "purpose": "We want to test a new Verifier", "input_descriptors": [ { "id": "11111111-1111-1111-1111-111111111111", "name": "Example Data Request", "format": { "dc+sd-jwt": { "sd-jwt_alg_values": [ "ES256" ], "kb-jwt_alg_values": [ "ES256" ] } }, "constraints": { "fields": [ { "path": [ "$.vct" ], "filter": { "type": "string", "const": "test-sdjwt" } }, { "path": [ "$.dateOfBirth" ] } ] } } ] } ``` -------------------------------- ### Customizing Entrypoint with Vendor JCE Provider Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/migration-guides/v2.x-to-v3.0.0.md Example Dockerfile for baking a vendor JCE provider JAR into the image and configuring the entrypoint to include it via -Xbootclasspath/a. This is necessary when migrating from v2.x where JARs were often dropped into a /lib volume. ```dockerfile FROM ghcr.io/swiyu-admin-ch/swiyu-verifier:3.0.0 USER 0 COPY vendor/primusX-java11.jar /app/lib-ext/primusX-java11.jar # If the provider also ships a native library, add it the same way as 4a above USER nonroot ENTRYPOINT ["java", \ "-Duser.timezone=Europe/Zurich", \ "-Dspring.config.location=classpath:bootstrap.yml,classpath:application.yml,optional:file:/vault/secrets/database-credentials.yml", \ "-Dfile.encoding=UTF-8", \ "-Xbootclasspath/a:/app/lib-ext/primusX-java11.jar", \ "-jar", "/app/app.jar"] ``` -------------------------------- ### Verifier Service Local Development Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md Starts the Spring Boot Java application and a local PostgreSQL database using Docker Compose. API definitions are available at http://localhost:8080/swagger-ui/index.html. ```shell ./mvnw -f verifier-application spring-boot:run -Dspring-boot.run.profiles=local # start spring boot java application ``` -------------------------------- ### Bake Bootclasspath Extras into Custom Docker Image Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/migration-guides/v2.x-to-v3.0.0.md For JARs previously mounted via /lib, bake them into a derived image using a COPY instruction. This example shows adding a custom JCE provider. ```dockerfile FROM ghcr.io/swiyu-admin-ch/swiyu-verifier:3.0.0 USER 0 COPY my-jce-provider.jar /app/lib-ext/my-jce-provider.jar USER nonroot ENTRYPOINT ["java", \ "-Duser.timezone=Europe/Zurich", \ "-Dspring.config.location=classpath:bootstrap.yml,classpath:application.yml,optional:file:/vault/secrets/database-credentials.yml", \ "-Dfile.encoding=UTF-8", \ "-Xbootclasspath/a:/app/lib-ext/my-jce-provider.jar", \ "-jar", "/app/app.jar"] ``` -------------------------------- ### Build Derived Image with HSM Native Libraries Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/migration-guides/v2.x-to-v3.0.0.md This Dockerfile example collects necessary native libraries (like libssl) and the vendor's PKCS#11 library into a derived image. It then layers these onto the hardened verifier image. ```dockerfile # Stage 1: collect vendor + transitive native libs from Debian packages FROM debian:13-slim AS hsm-libs RUN apt-get update && \ apt-get install -y --no-install-recommends \ libssl3 libgssapi-krb5-2 libkrb5-3 && \ rm -rf /var/lib/apt/lists/* # Vendor PKCS#11 .so brought in from your artifact store COPY vendor/libCryptoki2_64.so /vendor/ # Stage 2: layer onto the hardened verifier image FROM ghcr.io/swiyu-admin-ch/swiyu-verifier:3.0.0 USER 0 COPY --from=hsm-libs /usr/lib/x86_64-linux-gnu/libssl.so.3 /app/lib-native/ COPY --from=hsm-libs /usr/lib/x86_64-linux-gnu/libcrypto.so.3 /app/lib-native/ COPY --from=hsm-libs /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 /app/lib-native/ COPY --from=hsm-libs /usr/lib/x86_64-linux-gnu/libkrb5.so.3 /app/lib-native/ COPY --from=hsm-libs /vendor/libCryptoki2_64.so /app/lib-native/ COPY pkcs11.cfg /app/hsm/pkcs11.cfg USER nonroot ``` -------------------------------- ### Trust Anchors Configuration Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Example JSON snippet demonstrating the use of `trust_anchors` to restrict accepted issuers to those from a trusted registry. ```json { "...": "...", "trust_anchors": [ "YOUR-TRUST-REGISTRY-ENTRY-DID" ] } ``` -------------------------------- ### Verify OpenAPI Spec Content Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/openapi-generate.instruction.md Displays the first 20 lines of the generated openapi.yaml file to confirm it starts with 'openapi: x.x.x' and includes updated API paths. ```bash head -20 /home/gapa/development/swiyu-verifier/openapi.yaml ``` -------------------------------- ### Get OpenID Client Metadata Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Fetch the OpenID client metadata required for wallet integration. This endpoint provides configuration details for the verifier. ```bash curl -X GET \ -H "Accept: application/json" \ http://localhost:8083/oid4vp/api/openid-client-metadata.json ``` -------------------------------- ### Example Presentation Submission JSON Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md This JSON structure represents the data submitted by the wallet when providing a verification presentation. It includes definition IDs and descriptor maps. ```json { "definition_id": "00000000-0000-0000-0000-000000000000", "descriptor_map": [ { "format": "dc+sd-jwt", "id": "11111111-1111-1111-1111-111111111111", "path": "$" } ], "id": "08e443d4-bed8-4dd7-b060-db22fb5eb1f5" } ``` -------------------------------- ### Accepted Issuer DIDs Configuration Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Example JSON snippet showing how to specify accepted issuer DIDs to limit trusted issuers for a verification request. ```json { "...": "...", "accepted_issuer_dids": [ "Your ISSUER_DID" ] } ``` -------------------------------- ### Create Verification Request Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Use this cURL command to send a POST request to create a new verification request. Ensure to replace '' with the actual issuer DID. This example demonstrates setting accepted issuer DIDs and a presentation definition. ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{ "accepted_issuer_dids": [ "" ], "presentation_definition": { "id": "00000000-0000-0000-0000-000000000000", "input_descriptors": [ { "id": "11111111-1111-1111-1111-111111111111", "format": { "dc+sd-jwt": { "sd-jwt_alg_values": [ "ES256" ], "kb-jwt_alg_values": [ "ES256" ] } }, "constraints": { "fields": [ { "path": [ "$.vct" ], "filter": { "type": "string", "const": "betaid-sdjwt" } }, { "path": [ "$.age_over_18" ] } ] } } ] } }' \ http://localhost:8083/management/api/verifications ``` -------------------------------- ### Get OpenID Client Metadata Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Retrieves the OpenID client metadata, which includes details about the verifier's capabilities and identification. This is typically used by Wallets. ```APIDOC ## GET /oid4vp/api/openid-client-metadata.json ### Description Fetches the OpenID client metadata for the verifier service. ### Method GET ### Endpoint `/oid4vp/api/openid-client-metadata.json` ### Response #### Success Response (200) - **version** (string) - The version of the metadata. - **client_id** (string) - The unique identifier for the verifier. - **vp_formats** (object) - Specifies the supported Verifiable Presentation formats. - **client_name#lang** (string) - The client name localized for a specific language (e.g., `client_name#en`). - **logo_uri** (string) - A URL to the client's logo. ``` -------------------------------- ### Get Verification by ID Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Retrieves the current status and provided data of a specific verification request by its ID. This is intended for Business Verifiers. ```APIDOC ## GET /management/api/verifications/${VERIFICATION_ID} ### Description Returns the current status and provided data of a verification request to the business verifier. ### Method GET ### Endpoint `/management/api/verifications/${VERIFICATION_ID}` ### Parameters #### Path Parameters - **VERIFICATION_ID** (string) - Required - The unique identifier of the verification request. ### Response #### Success Response (200) - **id** (string) - The ID of the verification. - **request_nonce** (string) - A nonce associated with the request. - **state** (string) - The current state of the verification (e.g., PENDING). - **presentation_definition** (object) - Defines the structure and constraints of the data to be presented. - **verification_url** (string) - The URL to initiate the verification process. - **verification_deeplink** (string) - A deep link to start the verification on a mobile device. ``` -------------------------------- ### Get Request Object for Wallet Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Retrieve the request object needed by a wallet to process a verification. This is accessed using the REQUEST_ID obtained from the verification deeplink. ```bash curl -X GET \ -H "Accept: application/oauth-authz-req+jwt" \ http://localhost:8083/oid4vp/api/request-object/{REQUEST_ID} ``` -------------------------------- ### Get Verification Status by ID Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Retrieve the current status and data of a verification request using its unique ID. This is typically used by a business verifier. ```bash curl -X GET \ -H "Accept: application/json" \ http://localhost:8083/management/api/verifications/${VERIFICATION_ID} ``` -------------------------------- ### Get Request Object Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Retrieves the request object, which is a signed JWT or JSON object, used by a Wallet to present credentials. The URL for this object is obtained by decoding a verification deeplink. ```APIDOC ## GET /oid4vp/api/request-object/{REQUEST_ID} ### Description Retrieves the request object needed by a Wallet to present credentials. This object is fetched after decoding a verification deeplink. ### Method GET ### Endpoint `/oid4vp/api/request-object/{REQUEST_ID}` ### Parameters #### Path Parameters - **REQUEST_ID** (string) - Required - The identifier for the request object. ### Response #### Success Response (200) - Returns a signed JWT or JSON request object. ``` -------------------------------- ### Docker Image Promotion Workflow Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md Illustrates the automated and manual promotion steps for Docker images through different environments (dev, staging, rc, stable). ```text [Commit → dev] ↓ build & push :dev [Feature completed / Sprint end] ↓ promote → :staging [Release candidate created] ↓ promote → :rc [QA & penetration test passed] ↓ promote → :stable ``` -------------------------------- ### Base Image Entrypoint Configuration Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/migration-guides/v2.x-to-v3.0.0.md This is the default entrypoint for the base image, specifying Java runtime options and the application JAR. Ensure any custom configurations align with this structure. ```dockerfile ENTRYPOINT ["java", \ "-Duser.timezone=Europe/Zurich", \ "-Dspring.config.location=classpath:bootstrap.yml,classpath:application.yml,optional:file:/vault/secrets/database-credentials.yml", \ "-Dfile.encoding=UTF-8", \ "-jar", "/app/app.jar"] ``` -------------------------------- ### Semantic Versioning (SemVer) Format Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md Defines the standard format for versioning used in this project, including MAJOR, MINOR, PATCH, and optional release candidate/build metadata. ```text MAJOR.MINOR.PATCH[-rc][+BUILD] ``` -------------------------------- ### Submit Verification Presentation Request Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md This curl command demonstrates how a wallet sends a verification presentation to the verifier service. It includes the vp_token and the presentation_submission as form parameters. ```bash curl -X POST \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "vp_token=string&presentation_submission=%7B%22definition_id%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22descriptor_map%22%3A%5B%7B%22format%22%3A%22vc%2Bsd-jwt%22%2C%22id%22%3A%2211111111-1111-1111-1111-111111111111%22%2C%22path%22%3A%22%24%22%7D%5D%2C%22id%22%3A%2208e443d4-bed8-4dd7-b060-db22fb5eb1f5%22%7D" \ http://localhost:8083/oid4vp/api/request-object/${REQUEST_ID}/response-data ``` -------------------------------- ### Configure Proxy Settings with JAVA_TOOL_OPTIONS Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/migration-guides/v2.x-to-v3.0.0.md Adopt the default hardened image by setting JVM proxy system properties via JAVA_TOOL_OPTIONS. This replaces the older proxy environment variables and allows custom port configurations. ```yaml ```yaml services: verifier-service: image: ghcr.io/swiyu-admin-ch/swiyu-verifier:3.0.0 environment: JAVA_TOOL_OPTIONS: >- -Dhttp.proxyHost=proxy.example.com -Dhttp.proxyPort=8080 -Dhttps.proxyHost=proxy.example.com -Dhttps.proxyPort=8080 -Dhttp.nonProxyHosts=localhost|127.0.0.1|*.internal.example.com ``` ``` -------------------------------- ### Build Dockerfile for SunPKCS11 Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/examples/hsm/README.md Builds a Docker image using the Dockerfile.sunpkcs11. This is useful when using the JDK-bundled SunPKCS11 bridge to communicate with a vendor PKCS11 module. ```bash docker build \ --build-arg VERIFIER_IMAGE=ghcr.io/swiyu-admin-ch/swiyu-verifier:3.0.0 \ -f examples/hsm/Dockerfile.sunpkcs11 \ -t my-org/swiyu-verifier-hsm:3.0.0-sunpkcs11 \ . ``` -------------------------------- ### Build Dockerfile for Securosys HSM Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/examples/hsm/README.md Builds a Docker image using the Dockerfile.securosys. This is suitable for Securosys Primus HSM integration via the vendor JCE provider JAR, configured using standard HSM_* environment variables. ```bash docker build \ --build-arg VERIFIER_IMAGE=ghcr.io/swiyu-admin-ch/swiyu-verifier:3.0.0 \ -f examples/hsm/Dockerfile.securosys \ -t my-org/swiyu-verifier-hsm:3.0.0-securosys \ . ``` -------------------------------- ### Generate OpenAPI Spec with Curl Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/openapi-generate.instruction.md Fetches the live API documentation from the running Spring Boot application and saves it to openapi.yaml. Ensure the application is running on port 8080 with the 'local' profile active. ```bash cd /home/gapa/development/swiyu-verifier curl -s http://localhost:8080/v3/api-docs.yaml -o openapi.yaml ``` -------------------------------- ### Perform a verification Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md Initiates a verification process by creating a request. You can specify which data to reveal by including fields with a "path" key. Filters are supported for `$.vct` (Verifiable Credential Type). ```APIDOC ## POST /management/verifications ### Description Initiates a verification process by creating a request. You can specify which data to reveal by including fields with a "path" key. Filters are supported for `$.vct` (Verifiable Credential Type). ### Method POST ### Endpoint /management/verifications ### Parameters #### Request Body - **path** (string) - Required - The path to the data to be revealed or filtered. ### Request Example ```json { "path": "$.vct" } ``` ### Response #### Success Response (200) - **verificationId** (string) - Description of the verification ID. - **status** (string) - The current status of the verification. #### Response Example ```json { "verificationId": "some-uuid", "status": "pending" } ``` ``` -------------------------------- ### Mermaid Sequence Diagram of Verification V1 Process Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Illustrates the sequence of interactions between the Business Verifier, Wallet, Verifier Service, Verifier DB, and Registries during the verification process. ```mermaid sequenceDiagram actor bv as Business Verifier actor w as Wallet participant vs as Verifier Service participant db as Verifier DB participant registry as Registries bv->>+vs : create verification request vs->>vs : check offer vs ->>db : store offer vs-->>-bv : return verification request incl. deeplink (qr-code) bv ->>+w : pass deeplink w->>+vs : get verification request object vs ->>db : return verification request object vs-->>-w : verification presentation Definition w->>+vs : get verifier metadata vs-->>-w : return metadata alt Wallet/User can provide (if consent to send) the requested data w->>+vs : authorization response (vp token with verifiable presentation) vs->>+registry : get issuer public key / status list / trust info registry-->>-vs : return vs->>vs : check authorization response vs ->>db : store verification data vs-->>-w : Ok / NOK deactivate w else w->>+vs : wallet sends rejection vs-->>-w : Ok end loop [status == PENDING] bv->>+vs : check verification status vs->>+db : get verification data vs-->>-bv : get verification data end ``` -------------------------------- ### Create Verification Request Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md Initiates a new verification request. The Business Verifier sends a request to the Verifier Service, which stores it and returns a Verification URI to be forwarded to the Holder. ```APIDOC ## POST /management/api/verifications ### Description Creates a new verification request. The Verifier Service stores the request and responds with a Verification URI. ### Method POST ### Endpoint `/management/api/verifications` ### Parameters #### Request Body - **accepted_issuer_dids** (array of string) - Optional - A list of trusted issuer DIDs. - **trust_anchors** (array of string) - Optional - A list of DIDs from the trust registry to restrict accepted issuers. - **presentation_definition** (object) - Required - Defines the criteria for the verifiable credentials to be presented. - **id** (string) - Required - Unique identifier for the presentation definition. - **input_descriptors** (array of object) - Required - Describes the expected verifiable credentials. - **id** (string) - Required - Unique identifier for the input descriptor. - **format** (object) - Required - Specifies the format of the verifiable credential. - **dc+sd-jwt** (object) - Required - Details for SD-JWT VC format. - **sd-jwt_alg_values** (array of string) - Required - Allowed algorithms for SD-JWT. - **kb-jwt_alg_values** (array of string) - Required - Allowed algorithms for KB-JWT. - **constraints** (object) - Required - Constraints on the verifiable credential. - **fields** (array of object) - Required - List of fields to check within the credential. - **path** (array of string) - Required - JSONPath to the field. - **filter** (object) - Optional - Filter criteria for the field. - **type** (string) - Required - Data type of the field. - **const** (string) - Required - Constant value to match. ### Request Example ```json { "accepted_issuer_dids": [ "" ], "presentation_definition": { "id": "00000000-0000-0000-0000-000000000000", "input_descriptors": [ { "id": "11111111-1111-1111-1111-111111111111", "format": { "dc+sd-jwt": { "sd-jwt_alg_values": [ "ES256" ], "kb-jwt_alg_values": [ "ES256" ] } }, "constraints": { "fields": [ { "path": [ "$.vct" ], "filter": { "type": "string", "const": "betaid-sdjwt" } }, { "path": [ "$.age_over_18" ] } ] } } ] } } ``` ### Response #### Success Response (200) - **id** (string) - The unique identifier for the verification request. Store this for future interactions. - **request_nonce** (string) - A nonce associated with the request. - **state** (string) - The current state of the verification (e.g., PENDING). - **presentation_definition** (object) - The presentation definition used for this request. - **verification_url** (string) - The URL for the verification request. - **verification_deeplink** (string) - A deep link that can be used to create a QR code for the wallet. #### Response Example ```json { "id": "${VERIFICATION_ID}", "request_nonce": "a-nonce", "state": "PENDING", "presentation_definition": { "id": "00000000-0000-0000-0000-000000000000", "input_descriptors": [ { "id": "11111111-1111-1111-1111-111111111111", "format": { "dc+sd-jwt": { "sd-jwt_alg_values": [ "ES256" ], "kb-jwt_alg_values": [ "ES256" ] } }, "constraints": { "fields": [ { "path": [ "$.vct" ], "filter": { "type": "string", "const": "betaid-sdjwt" } }, { "path": [ "$.age_over_18" ] } ] } } ] }, "verification_url": "https:///oid4vp/api/request-object/${REQUEST_ID}", "verification_deeplink": "swiyu-verify://?client_id=..." } ``` ``` -------------------------------- ### Request Body with Verification Purpose Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md Provide this JSON object in the request body to enable vqPS registration. It includes the DCQL query and the verification purpose details. ```json { "dcql_query": { ... }, "verification_purpose": { "scope": "com.example.age_verification", "purpose_name": { "en": "Age Verification", "de-CH": "Altersverifikation" }, "purpose_description": { "en": "We verify that you are of age.", "de-CH": "Wir prüfen, ob Sie volljährig sind." } } } ``` -------------------------------- ### Reject Verification Presentation Request Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md This curl command shows how a wallet can reject a verification request. It sends an error code and description to the verifier service. ```bash curl -X POST \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "error=vp_formats_not_supported" \ -d "error_description=I do not want to share this!" \ http://localhost:8083/oid4vp/api/request-object/{request_id}/response-data ``` -------------------------------- ### Sign Commit with DCO Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/CONTRIBUTING.md Add a 'Signed-off-by' line to your commit message to certify your right to submit the work under the project's license. ```git Signed-off-by: Your Name ``` -------------------------------- ### Generate Public Key from Private Key Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md Generates the public key from a private EC key using OpenSSL. The public key is published on the base registry. ```shell openssl ec -in private.pem -pubout -out ec_public.pem ``` -------------------------------- ### Commit and Push Updated OpenAPI Spec Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/openapi-generate.instruction.md Stages, commits, and pushes the regenerated openapi.yaml file to the remote repository. This step should be performed after verifying the generated file. ```bash cd /home/gapa/development/swiyu-verifier git add openapi.yaml git commit -m "docs: regenerate openapi.yaml" git push ``` -------------------------------- ### Update OpenAPI Spec Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md Updates the openapi.yaml file using the generate-doc Maven profile. ```shell mvn verify -P generate-doc ``` -------------------------------- ### Update Spring Profiles in Docker Compose Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/migration-guides/v2.x-to-v3.0.0.md Use the native SPRING_PROFILES_ACTIVE environment variable instead of MY_SPRING_PROFILES. Multiple profiles are comma-separated. ```yaml services: verifier-service: image: ghcr.io/swiyu-admin-ch/swiyu-verifier:3.0.0 environment: SPRING_PROFILES_ACTIVE: prod,vault ``` -------------------------------- ### Generate EC 256 Private Key Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/README.md Generates an EC 256 private key using OpenSSL. Ensure private keys are kept secure and are never transmitted. ```shell openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem ``` -------------------------------- ### Commit and Sign Off Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/CONTRIBUTING.md Use the '-s' flag with git commit to automatically add the 'Signed-off-by' line, assuming your git config is set. ```git git commit -s ``` -------------------------------- ### Verification Request Response Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/documentation/verification_process.md This JSON object represents the successful response after creating a verification request. It includes the verification ID, state, and deep link for the holder's wallet. ```json { "id": "${VERIFICATION_ID}", "request_nonce": "a-nonce", "state": "PENDING", "presentation_definition": { "id": "00000000-0000-0000-0000-000000000000", "input_descriptors": [ { "id": "11111111-1111-1111-1111-111111111111", "format": { "dc+sd-jwt": { "sd-jwt_alg_values": [ "ES256" ], "kb-jwt_alg_values": [ "ES256" ] } }, "constraints": { "fields": [ { "path": [ "$.vct" ], "filter": { "type": "string", "const": "betaid-sdjwt" } }, { "path": [ "$.age_over_18" ] } ] } } ] }, "verification_url": "https:///oid4vp/api/request-object/${REQUEST_ID}", "verification_deeplink": "swiyu-verify://?client_id=..." } ``` -------------------------------- ### Update Image Tag for Unhardened Variant Source: https://github.com/swiyu-admin-ch/swiyu-verifier/blob/main/migration-guides/v2.x-to-v3.0.0.md When staying on the unhardened image variant, update all references to include the '-unhardened' suffix. ```diff ```diff - image: ghcr.io/swiyu-admin-ch/swiyu-verifier:3.0.0 + image: ghcr.io/swiyu-admin-ch/swiyu-verifier:3.0.0-unhardened ``` ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.