baseid-verifier-core
The verifier-core crate provides the business logic for credential verification, orchestrating signature checks, trust registry lookups, and policy evaluation into a single pipeline.
Key Features
Section titled “Key Features”- Verification pipeline — runs signature verification, issuer trust check, and policy compliance as sequenced steps with individual pass/fail/skip results
- Trust registry —
TrustRegistrytrait withInMemoryTrustRegistryimplementation for managing trusted issuers and verifiers with Active/Suspended/Revoked status - Policy engine —
VerificationPolicyenforces required credential types, trusted issuer lists, and minimum assurance levels - DID-based verification — resolves issuer DID documents to extract public keys, then verifies JWT-VC signatures via
baseid-vc - OID4VP integration —
Verifierorchestrator creates OID4VP authorization requests fromPresentationDefinitionusingdirect_postmode - Bilingual errors — all error variants provide English and French messages via the
BilingualErrortrait
Quick Start
Section titled “Quick Start”use baseid_verifier_core::trust_registry::{ InMemoryTrustRegistry, TrustRegistryEntry, EntityType, TrustStatus,};use baseid_verifier_core::verifier::Verifier;use baseid_verifier_core::VerifierConfig;use baseid_core::types::CredentialFormat;
// 1. Set up the trust registrylet mut registry = InMemoryTrustRegistry::new();registry.register(TrustRegistryEntry { did: "did:key:issuer123".to_string(), entity_type: EntityType::Issuer, credential_types: vec!["VerifiableCredential".into(), "IDCard".into()], status: TrustStatus::Active,});
// 2. Create a verifierlet config = VerifierConfig { verifier_did: "did:web:verifier.example.com".to_string(), accepted_formats: vec![CredentialFormat::W3cVc],};let verifier = Verifier::new(config, registry);
// 3. Verify a credential through the full pipelinelet result = verifier.verify_credential(&jwt, &resolver).await?;assert!(result.valid);for (step_name, step_result) in &result.steps { println!("{step_name}: {step_result:?}");}Pipeline Steps
Section titled “Pipeline Steps”| Step | Description |
|---|---|
signature_verification | Resolves issuer DID and verifies the JWT signature |
issuer_trust | Looks up issuer in the trust registry; passes if Active |
policy_compliance | Evaluates the optional VerificationPolicy (required types, trusted issuers) |
Trust Registry API
Section titled “Trust Registry API”| Method | Description |
|---|---|
lookup(did) | Returns the TrustRegistryEntry for a DID, if registered |
is_trusted_issuer(did, type) | Returns true if the DID is Active and authorized for the credential type |
register(entry) | Adds or replaces an entry in the registry |
Creating Presentation Requests
Section titled “Creating Presentation Requests”The Verifier can build OID4VP authorization requests for credential presentation:
use baseid_oid4vp::definition::{PresentationDefinition, InputDescriptor, Constraints, Field};
let definition = PresentationDefinition { id: "pd-1".to_string(), name: Some("Age Verification".to_string()), purpose: Some("Verify age >= 18".to_string()), input_descriptors: vec![InputDescriptor { id: "id-card".to_string(), name: Some("ID Card".to_string()), purpose: None, constraints: Constraints { fields: vec![Field { path: vec!["$.credentialSubject.dateOfBirth".to_string()], filter: None, }], limit_disclosure: None, }, format: None, }],};
let request = verifier.create_presentation_request(definition, "nonce-123");assert_eq!(request.response_type, "vp_token");assert_eq!(request.response_mode.as_deref(), Some("direct_post"));Related Crates
Section titled “Related Crates”- baseid-oid4vp — OID4VP protocol layer used for presentation requests
- baseid-vc — JWT-VC credential format verified by the pipeline
- baseid-did — DID resolution for issuer key extraction
- baseid-wallet-core — wallet-side counterpart for credential selection and presentation