Integration tests for creating verifiable credentials with multiple proofs

266f0e9d · Lyuben Penkovski · f2955641 · 266f0e9d · 266f0e9d · 266f0e9d
Commit 266f0e9d authored 1 year ago by Lyuben Penkovski
--- a/integration/credentials_testdata.go
+++ b/integration/credentials_testdata.go
@@ -9,7 +9,7 @@ var credentialWithSubjectID = `
        "https://schema.org"
    ],
    "type": "VerifiableCredential",
-    "issuer": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+    "issuer": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
    "issuanceDate": "2010-01-01T19:23:24Z",
    "credentialSubject":
    {
@@ -27,7 +27,7 @@ var credentialWithoutSubjectID = `
        "https://schema.org"
    ],
    "type": "VerifiableCredential",
-    "issuer": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+    "issuer": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
    "issuanceDate": "2010-01-01T19:23:24Z",
    "credentialSubject":
    {
@@ -44,7 +44,7 @@ var credentialInvalidSubjectID = `
        "https://schema.org"
    ],
    "type": "VerifiableCredential",
-    "issuer": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+    "issuer": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
    "issuanceDate": "2010-01-01T19:23:24Z",
    "credentialSubject":
    {
@@ -62,7 +62,7 @@ var credentialWithNumericalSubjectID = `
        "https://schema.org"
    ],
    "type": "VerifiableCredential",
-    "issuer": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+    "issuer": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
    "issuanceDate": "2010-01-01T19:23:24Z",
    "credentialSubject":
    {

--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -5,9 +5,13 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"strings"
 	"testing"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/verifiable"
+	"github.com/hyperledger/aries-framework-go/pkg/vdr"
+	"github.com/hyperledger/aries-framework-go/pkg/vdr/key"
+	"github.com/hyperledger/aries-framework-go/pkg/vdr/web"
 	"github.com/piprate/json-gold/ld"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -54,7 +58,7 @@ func TestCreateAndVerifyCredentialProof(t *testing.T) {
 			signer := client.NewSigner(addr)
 			// create proof
-			vcWithProof, err := signer.CreateCredentialProof(test.vc)
+			vcWithProof, err := signer.CreateCredentialProof("key1", test.vc)
 			assert.NoError(t, err)
 			assert.NotNil(t, vcWithProof)
@@ -78,7 +82,7 @@ func TestCreateAndVerifyCredentialProof(t *testing.T) {
 			assert.True(t, ok)
 			// modify the credentialSubject by adding a new value
-			subject[0].CustomFields["newKey"] = "newValue"
+			subject[0].CustomFields["newKey"] = "newValue" // nolint:goconst
 			// marshal the modified credential
 			modifiedVC, err := json.Marshal(vc)
@@ -115,7 +119,7 @@ func TestCreateCredentialProof(t *testing.T) {
 		{
 			name:   "credential with invalid subject id",
 			vc:     []byte(credentialInvalidSubjectID),
-			errMsg: "invalid format of subject id",
+			errMsg: "invalid subject id: must be URI",
 		},
 		{
 			name:   "credential with numerical subject id",
@@ -132,7 +136,7 @@ func TestCreateCredentialProof(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			signer := client.NewSigner(addr)
-			vcWithProof, err := signer.CreateCredentialProof(test.vc)
+			vcWithProof, err := signer.CreateCredentialProof("key1", test.vc)
 			if test.errMsg != "" {
 				require.Error(t, err, fmt.Sprintf("got no error but expected %q", test.errMsg))
 				assert.Contains(t, err.Error(), test.errMsg)
@@ -183,7 +187,7 @@ func TestCreateAndVerifyPresentationProof(t *testing.T) {
 			signer := client.NewSigner(addr)
 			// create proof
-			vpWithProof, err := signer.CreatePresentationProof(test.vp)
+			vpWithProof, err := signer.CreatePresentationProof("key1", test.vp)
 			require.NoError(t, err)
 			assert.NotNil(t, vpWithProof)
@@ -252,7 +256,7 @@ func TestCreatePresentationProof(t *testing.T) {
 		{
 			name:   "presentation with credential with invalid subject id",
 			vp:     []byte(presentationWithInvalidSubjectID),
-			errMsg: "invalid format of subject id",
+			errMsg: "invalid subject id: must be URI",
 		},
 		{
 			name:   "presentation with credential with numerical subject id",
@@ -269,7 +273,7 @@ func TestCreatePresentationProof(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			signer := client.NewSigner(addr)
-			vpWithProof, err := signer.CreatePresentationProof(test.vp)
+			vpWithProof, err := signer.CreatePresentationProof("key1", test.vp)
 			if test.errMsg != "" {
 				require.Error(t, err, fmt.Sprintf("got no error but expected %q", test.errMsg))
 				assert.Contains(t, err.Error(), test.errMsg)
@@ -295,6 +299,90 @@ func TestCreatePresentationProof(t *testing.T) {
 	}
 }
+func TestCreateCredential(t *testing.T) {
+	initTests(t)
+	tests := []struct {
+		name     string
+		req      map[string]interface{}
+		contexts []string
+		errtext  string
+	}{
+		{
+			name:    "empty request",
+			errtext: "400 Bad Request",
+		},
+		{
+			name: "invalid request because issuer is missing",
+			req: map[string]interface{}{
+				"namespace":         "transit",
+				"key":               "key1",
+				"credentialSubject": map[string]interface{}{"cred1": "value1"},
+			},
+			errtext: "400 Bad Request",
+		},
+		{
+			name: "valid request with single credentialSubject claim",
+			req: map[string]interface{}{
+				"issuer":            "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
+				"namespace":         "transit",
+				"key":               "key1",
+				"credentialSubject": map[string]interface{}{"cred1": "value1"},
+			},
+		},
+		{
+			name: "valid request with multiple credentialSubject claims",
+			req: map[string]interface{}{
+				"issuer":    "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
+				"namespace": "transit",
+				"key":       "key1",
+				"credentialSubject": map[string]interface{}{
+					"cred1": "value1",
+					"cred2": "value2",
+				},
+			},
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			reqData, err := json.Marshal(test.req)
+			require.NoError(t, err)
+			signer := client.NewSigner(addr)
+			vcWithProof, err := signer.CreateCredential(reqData)
+			if test.errtext != "" {
+				require.Error(t, err, fmt.Sprintf("got no error but expected %q", test.errtext))
+				assert.Contains(t, err.Error(), test.errtext)
+				return
+			}
+			vc, err := verifyCredentialProofs(vcWithProof)
+			require.NoError(t, err)
+			assert.NotNil(t, vc)
+			assert.NotEmpty(t, vc.Proofs)
+			assert.NotEmpty(t, vc.Proofs[0]["jws"])
+			assert.NotEmpty(t, vc.Proofs[0]["created"])
+			assert.NotEmpty(t, vc.Proofs[0]["verificationMethod"])
+			assert.Equal(t, "assertionMethod", vc.Proofs[0]["proofPurpose"])
+			assert.Equal(t, "JsonWebSignature2020", vc.Proofs[0]["type"])
+			// hyperledger aries always parse the subject map into an array (unless it's just a string)
+			subject, ok := vc.Subject.([]verifiable.Subject)
+			assert.True(t, ok)
+			expectedClaims, ok := test.req["credentialSubject"].(map[string]interface{})
+			assert.True(t, ok)
+			assert.Equal(t, len(expectedClaims), len(subject[0].CustomFields))
+			for key := range expectedClaims {
+				assert.Equal(t, expectedClaims[key], subject[0].CustomFields[key])
+			}
+		})
+	}
+}
 func TestCreatePresentation(t *testing.T) {
 	initTests(t)
@@ -313,14 +401,16 @@ func TestCreatePresentation(t *testing.T) {
 			req: map[string]interface{}{
 				"namespace": "transit",
 				"key":       "key1",
-				"data":      map[string]interface{}{"cred1": "value1"},
+				"data": []map[string]interface{}{
+					{"cred1": "value1"},
+				},
 			},
 			errtext: "400 Bad Request",
 		},
 		{
 			name: "valid request with single credentialSubject entry",
 			req: map[string]interface{}{
-				"issuer":    "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+				"issuer":    "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
 				"namespace": "transit",
 				"key":       "key1",
 				"data": []map[string]interface{}{
@@ -331,7 +421,7 @@ func TestCreatePresentation(t *testing.T) {
 		{
 			name: "valid request with multiple credentialSubject entry",
 			req: map[string]interface{}{
-				"issuer":    "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+				"issuer":    "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
 				"namespace": "transit",
 				"key":       "key1",
 				"data": []map[string]interface{}{
@@ -343,7 +433,7 @@ func TestCreatePresentation(t *testing.T) {
 		{
 			name: "valid request with additional context",
 			req: map[string]interface{}{
-				"issuer":    "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+				"issuer":    "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
 				"namespace": "transit",
 				"key":       "key1",
 				"context": []string{
@@ -389,7 +479,7 @@ func TestCreatePresentation(t *testing.T) {
 			creds := vp.Credentials()
 			requiredCreds, ok := test.req["data"].([]map[string]interface{})
 			assert.True(t, ok)
-			assert.Equal(t, len(creds), len(requiredCreds))
+			assert.Equal(t, len(requiredCreds), len(creds))
 			for i, cred := range creds {
 				c, ok := cred.(map[string]interface{})
@@ -402,3 +492,142 @@ func TestCreatePresentation(t *testing.T) {
 		})
 	}
 }
+func TestCreateCredentialMultipleProofs(t *testing.T) {
+	initTests(t)
+	// first create a credential with one proof
+	signer := client.NewSigner(addr)
+	cred := []byte(credentialWithSubjectID)
+	// create first proof
+	vcWithProof, err := signer.CreateCredentialProof("key1", cred)
+	assert.NoError(t, err)
+	assert.NotNil(t, vcWithProof)
+	// verify signature
+	_, err = verifyCredentialProofs(vcWithProof)
+	assert.NoError(t, err)
+	// create second proof
+	vc2Proofs, err := signer.CreateCredentialProof("key1", vcWithProof)
+	assert.NoError(t, err)
+	assert.NotNil(t, vc2Proofs)
+	// verify signatures
+	_, err = verifyCredentialProofs(vc2Proofs)
+	require.NoError(t, err)
+	// run tests modifying the contents of the VC and do proof verifications afterwards
+	t.Run("modify credential subject and check proofs afterwards", func(t *testing.T) {
+		correctVC := make([]byte, len(vc2Proofs))
+		copy(correctVC, vc2Proofs)
+		parsedVC, err := verifyCredentialProofs(correctVC)
+		assert.NoError(t, err)
+		// modify the credentialSubject by adding a new value
+		// which MUST break signature verification
+		subject, ok := parsedVC.Subject.([]verifiable.Subject)
+		assert.True(t, ok)
+		subject[0].CustomFields["newKey"] = "newValue"
+		// marshal the modified credential
+		modifiedVC, err := json.Marshal(parsedVC)
+		assert.NoError(t, err)
+		assert.NotNil(t, modifiedVC)
+		_, err = verifyCredentialProofs(modifiedVC)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "invalid signature")
+	})
+	t.Run("modify first signature and check proofs afterwards", func(t *testing.T) {
+		correctVC := make([]byte, len(vc2Proofs))
+		copy(correctVC, vc2Proofs)
+		parsedVC, err := verifyCredentialProofs(correctVC)
+		assert.NoError(t, err)
+		// modify JWS value of the first proof by removing the last character
+		proof1 := parsedVC.Proofs[0]
+		if jws, ok := proof1["jws"].(string); ok && jws != "" {
+			modifiedSignature, err := modifySignature(jws)
+			require.NoError(t, err)
+			parsedVC.Proofs[0]["jws"] = modifiedSignature
+		} else {
+			t.Errorf("expected to have proof 1 but it's missing or invalid")
+		}
+		// marshal the modified credential
+		modifiedVC, err := json.Marshal(parsedVC)
+		assert.NoError(t, err)
+		assert.NotNil(t, modifiedVC)
+		_, err = verifyCredentialProofs(modifiedVC)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "invalid signature")
+	})
+	t.Run("modifiy second signature and check proofs afterwards", func(t *testing.T) {
+		correctVC := make([]byte, len(vc2Proofs))
+		copy(correctVC, vc2Proofs)
+		parsedVC, err := verifyCredentialProofs(correctVC)
+		assert.NoError(t, err)
+		// modify JWS value of the second proof by removing the last character
+		proof2 := parsedVC.Proofs[1]
+		if jws, ok := proof2["jws"].(string); ok && jws != "" {
+			modifiedSignature, err := modifySignature(jws)
+			require.NoError(t, err)
+			parsedVC.Proofs[1]["jws"] = modifiedSignature
+		} else {
+			t.Errorf("expected to have proof 2 but it's missing or invalid")
+		}
+		// marshal the modified credential
+		modifiedVC, err := json.Marshal(parsedVC)
+		assert.NoError(t, err)
+		assert.NotNil(t, modifiedVC)
+		_, err = verifyCredentialProofs(modifiedVC)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "invalid signature")
+	})
+}
+func verifyCredentialProofs(vcBytes []byte) (*verifiable.Credential, error) {
+	webVDR := web.New()
+	keyVDR := key.New()
+	registry := vdr.New(
+		vdr.WithVDR(webVDR),
+		vdr.WithVDR(keyVDR),
+	)
+	keyResolver := verifiable.NewVDRKeyResolver(registry)
+	// parse it to object to modify credentialSubject attribute
+	vc, err := verifiable.ParseCredential(
+		vcBytes,
+		verifiable.WithJSONLDDocumentLoader(loader),
+		verifiable.WithStrictValidation(),
+		verifiable.WithJSONLDValidation(),
+		verifiable.WithJSONLDOnlyValidRDF(),
+		verifiable.WithPublicKeyFetcher(keyResolver.PublicKeyFetcher()),
+	)
+	return vc, err
+}
+func modifySignature(jws string) (string, error) {
+	parts := strings.Split(jws, ".")
+	if len(parts) != 3 {
+		return "", fmt.Errorf("invalid jws signature")
+	}
+	modifiedJWS := parts[0] + "." + parts[1] + "." + "8hiz2aWSW_AWnZ_GnoQyHrYgGia0HxdYTQGYOVYkPLU"
+	return modifiedJWS, nil
+}
--- a/integration/internal/client/signer.go
+++ b/integration/internal/client/signer.go
@@ -16,7 +16,7 @@ func NewSigner(addr string) *Signer {
 	return &Signer{addr: addr}
 }
-func (s *Signer) CreateCredentialProof(vc []byte) ([]byte, error) {
+func (s *Signer) CreateCredentialProof(key string, vc []byte) ([]byte, error) {
 	var cred map[string]interface{}
 	if err := json.Unmarshal(vc, &cred); err != nil {
 		return nil, err
@@ -24,7 +24,7 @@ func (s *Signer) CreateCredentialProof(vc []byte) ([]byte, error) {
 	payload := map[string]interface{}{
 		"namespace":  "transit",
-		"key":        "key2",
+		"key":        key,
 		"credential": cred,
 	}
@@ -83,16 +83,16 @@ func (s *Signer) VerifyCredentialProof(vc []byte) error {
 	return nil
 }
-func (s *Signer) CreatePresentationProof(vp []byte) ([]byte, error) {
+func (s *Signer) CreatePresentationProof(key string, vp []byte) ([]byte, error) {
 	var pres map[string]interface{}
 	if err := json.Unmarshal(vp, &pres); err != nil {
 		return nil, err
 	}
 	payload := map[string]interface{}{
-		"issuer":       "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+		"issuer":       "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
 		"namespace":    "transit",
-		"key":          "key2",
+		"key":          key,
 		"presentation": pres,
 	}
@@ -170,6 +170,25 @@ func (s *Signer) CreatePresentation(data []byte) ([]byte, error) {
 	return io.ReadAll(resp.Body)
 }
+func (s *Signer) CreateCredential(data []byte) ([]byte, error) {
+	req, err := http.NewRequest(http.MethodPost, s.addr+"/v1/credential", bytes.NewReader(data))
+	if err != nil {
+		return nil, err
+	}
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return nil, newErrorResponse(resp)
+	}
+	return io.ReadAll(resp.Body)
+}
 type errorResponse struct {
 	Code     int
 	Status   string

--- a/integration/presentations_testdata.go
+++ b/integration/presentations_testdata.go
@@ -8,7 +8,7 @@ var presentationWithSubjectID = `
 		"https://w3id.org/security/suites/jws-2020/v1",
 		"https://schema.org"
    ],
-    "id": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+    "id": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
    "type": "VerifiablePresentation",
    "verifiableCredential":
    [
@@ -18,9 +18,9 @@ var presentationWithSubjectID = `
 				"https://www.w3.org/2018/credentials/v1",
 				"https://schema.org"
            ],
-            "id": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+            "id": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
            "type": "VerifiableCredential",
-            "issuer": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+            "issuer": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
            "issuanceDate": "2010-01-01T19:23:24Z",
            "credentialSubject":
            {
@@ -39,7 +39,7 @@ var presentationWithoutSubjectID = `
 		"https://w3id.org/security/suites/jws-2020/v1",
 		"https://schema.org"
    ],
-    "id": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+    "id": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
    "type": "VerifiablePresentation",
    "verifiableCredential":
    [
@@ -49,9 +49,9 @@ var presentationWithoutSubjectID = `
 				"https://www.w3.org/2018/credentials/v1",
 				"https://schema.org"
            ],
-            "id": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+            "id": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
            "type": "VerifiableCredential",
-            "issuer": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+            "issuer": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
            "issuanceDate": "2010-01-01T19:23:24Z",
            "credentialSubject":
            {
@@ -69,7 +69,7 @@ var presentationWithInvalidSubjectID = `
 		"https://w3id.org/security/suites/jws-2020/v1",
 		"https://schema.org"
    ],
-    "id": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+    "id": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
    "type": "VerifiablePresentation",
    "verifiableCredential":
    [
@@ -79,9 +79,9 @@ var presentationWithInvalidSubjectID = `
 				"https://www.w3.org/2018/credentials/v1",
 				"https://schema.org"
            ],
-            "id": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+            "id": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
            "type": "VerifiableCredential",
-            "issuer": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+            "issuer": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
            "issuanceDate": "2010-01-01T19:23:24Z",
            "credentialSubject":
            {
@@ -100,7 +100,7 @@ var presentationWithNumericalSubjectID = `
 		"https://w3id.org/security/suites/jws-2020/v1",
 		"https://schema.org"
    ],
-    "id": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+    "id": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
    "type": "VerifiablePresentation",
    "verifiableCredential":
    [
@@ -110,9 +110,9 @@ var presentationWithNumericalSubjectID = `
 				"https://www.w3.org/2018/credentials/v1",
 				"https://schema.org"
            ],
-            "id": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+            "id": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
            "type": "VerifiableCredential",
-            "issuer": "did:web:4db4-85-196-181-2.eu.ngrok.io:policy:policy:example:returnDID:1.0:evaluation",
+            "issuer": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
            "issuanceDate": "2010-01-01T19:23:24Z",
            "credentialSubject":
            {
@@ -131,7 +131,7 @@ var presentationWithMissingCredentialContext = `
 		"https://w3id.org/security/suites/jws-2020/v1",
 		"https://schema.org"
    ],
-    "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+    "id": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
    "type": "VerifiablePresentation",
    "verifiableCredential":
    [
@@ -146,10 +146,10 @@ var presentationWithMissingCredentialContext = `
                "age_over": 18,
                "allow": false,
                "citizenship": "France",
-                "id": "https://gaiax.vereign.com/tsa/policy/example/ProofRequestResponse/1.0"
+                "id": "https://ssi-dev.vereign.com/tsa/policy/policy/example/example/1.0/evaluation"
            },
            "issuanceDate": "2022-07-21T10:24:36.203848291Z",
-            "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+            "issuer": "did:web:yourdomain.com:policy:policies:example:returnDID:1.0:evaluation",
            "type": "VerifiableCredential"
        }
    ]