Skip to content

Add support for loading issuer certs from AAMVA VICAL in the verifier service#125

Merged
ask77nl merged 2 commits intogoogle:mainfrom
siriscac:main
Jan 14, 2026
Merged

Add support for loading issuer certs from AAMVA VICAL in the verifier service#125
ask77nl merged 2 commits intogoogle:mainfrom
siriscac:main

Conversation

@siriscac
Copy link
Member

@siriscac siriscac commented Jan 13, 2026

Logs from successful run below:

@siriscac ➜ /workspaces/…/reference/verifier-service/server (main) $ go build                  
@siriscac ➜ /workspaces/…/reference/verifier-service/server (main) $  ./server -circuit_dir ../../../lib/circuits/mdoc/circuits
2026/01/13 22:28:58 Reading from dir ../../../lib/circuits/mdoc/circuits
2026/01/13 22:28:59 Read 137e5a75ce72735a37c8a72da1a8a0a5df8d13365c2ae3d2c2bd6a0e7197c7c6
2026/01/13 22:29:01 Read 3546d1e1a59142ded29a26d30ae4155d682b0f7f2b1a78a1cc63f94b211cbda0
2026/01/13 22:29:02 Read 446ffab2fc5bfc71d748dec8ec1785f33b8f399b6ff50d1e0a4a9facd7e66c62
2026/01/13 22:29:03 Read 5aebdaaafe17296a3ef3ca6c80c6e7505e09291897c39700410a365fb278e460
2026/01/13 22:29:05 Read 6a5810683e62b6d7766ebd0d7ca72518a2b8325418142adcadb10d51dbbcd5ad
2026/01/13 22:29:06 Read 7bcb1a2aee2fbd9907aeef97003fe68fbdaccca94bb048f6079877f7b2caee7c
2026/01/13 22:29:07 Read 89288b9aa69d2120d211618fcca8345deb4f85d2e710c220cc9c059bbee4c91f
2026/01/13 22:29:08 Read 8d079211715200ff06c5109639245502bfe94aa869908d31176aae4016182121
2026/01/13 22:29:10 Read 8ee4849ae1293ae6fe5f9082ce3e5e15c4f198f2998c682fa1b727237d6d252f
2026/01/13 22:29:11 Read b2211223b954b34a1081e3fbf71b8ea2de28efc888b4be510f532d6ba76c2010
2026/01/13 22:29:12 Read b4bb6f01b7043f4f51d8302a30b36e3d4d2d0efc3c24557ab9212ad524a9764e
2026/01/13 22:29:13 Read c27195e03e22c9ab4efe9e1dabd2c33aa8b2429cc4e86410c6f12542d3c5e0a1
2026/01/13 22:29:15 Read c70b5f44a1365c53847eb8948ad5b4fdc224251a2bc02d958c84c862823c49d6
2026/01/13 22:29:16 Read c87721054ae14f3a54462ba975a3cf53e65ec648196528053da82067e103e64e
2026/01/13 22:29:17 Read f51b7248b364462854d306326abded169854697d752d3bb6d9a9446ff7605ddb
2026/01/13 22:29:18 Read f88a39e561ec0be02bb3dfe38fb609ad154e98decbbe632887d850fc612fea6f
2026/01/13 22:29:19 Read fa5fadfb2a916d3b71144e9b412eff78f71fd6a6d4607eac10de66b195868b7a
2026/01/13 22:29:19 adding Issuer CA CN=MVMProdCA,OU=IT,O=Arizona Department of Transportation,L=Phoenix,ST=US-AZ,C=US
2026/01/13 22:29:19 adding Issuer CA CN=MVMProdCA,OU=IT,O=Arizona Department of Transportation,L=Phoenix,ST=Arizona,C=US
2026/01/13 22:29:19 adding Issuer CA CN=California DMV IACA Root,O=CA-DMV,ST=US-CA,C=US
2026/01/13 22:29:19 adding Issuer CA CN=Colorado Root Certificate,OU=CO DRIVES,O=Colorado Department of Revenue,L=Denver,ST=US-CO,C=US
2026/01/13 22:29:19 adding Issuer CA CN=CO DRIVES Root,OU=Colorado DRIVES,O=Colorado Department of Revenue,ST=Colorado,C=US
2026/01/13 22:29:19 adding Issuer CA CN=Georgia Root Certificate Authority,OU=DRIVES,O=Georgia Department of Driver Services,L=Conyers,ST=US-GA,C=US
2026/01/13 22:29:19 adding Issuer CA CN=Georgia Root Certificate Authority,OU=DRIVES,O=Georgia Department of Driver Services,L=Conyers,ST=US-GA,C=US
2026/01/13 22:29:19 adding Issuer CA CN=Fast Enterprises Root,O=Maryland MVA,L=Glen Burnie,ST=US-MD,C=US
2026/01/13 22:29:19 adding Issuer CA CN=New Mexico Root Certificate Authority,OU=New Mexico Motor Vehicle Division,O=New Mexico Taxation and Revenue Department,L=Santa Fe,ST=US-NM,C=US
2026/01/13 22:29:19 adding Issuer CA CN=UL TESTING Staging DS,O=Google,C=ZZ
2026/01/13 22:29:19 adding Issuer CA CN=TEST USE ONLY GICI Staging Root,OU=Wallet,O=Google LLC,C=UT
2026/01/13 22:29:19 adding Issuer CA CN=Identity Credential Root IACA,OU=Wallet,O=Google LLC,C=US
2026/01/13 22:29:19 adding Issuer CA CN=Payground Root,O=Google,C=ZZ
2026/01/13 22:29:19 adding Issuer CA CN=Payground Document Signer,O=Google,C=ZZ
2026/01/13 22:29:19 adding Issuer CA CN=TEST USE ONLY GICI Staging Root,OU=Wallet,O=Google LLC,C=ZZ
2026/01/13 22:29:19 adding Issuer CA CN=Identity Credential Root IACA,OU=Wallet,O=Google LLC,C=XG
2026/01/13 22:29:19 adding Issuer CA CN=https://partner.mdl.dot.nd.gov/,OU=LEGEND,O=North Dakota Department of Transportation,L=Bismarck,ST=US-ND,C=US
2026/01/13 22:29:19 Fetching VICAL from https://vical.dts.aamva.org/vical/vc
2026/01/13 22:29:20 Loaded 17 certificates from VICAL
{"time":"2026-01-13T22:29:20.328853692Z","level":"INFO","msg":"Starting server","addr":":8888"}

@siriscac siriscac changed the title Add support for loading issuer certs from AAMVA VICAL in the verifier Add support for loading issuer certs from AAMVA VICAL in the verifier service Jan 13, 2026
ask77nl
ask77nl requested changes Jan 14, 2026
View reviewed changes
@ask77nl ask77nl merged commit a535e9b into google:main Jan 14, 2026
10 checks passed
TallTed
TallTed reviewed Jan 14, 2026
View reviewed changes
reference/verifier-service/server/main.go

if err := zk.LoadVICAL(*vicalUrl); err != nil {
logger.Error("could not load VICAL", "url", *vicalUrl, "err", err)
// We decide not to exit here, as the server might still be useful with just local certs
Copy link
Contributor

@TallTed TallTed Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// We decide not to exit here, as the server might still be useful with just local certs
// We decided not to exit here, as the server might still be useful with just local certs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ask77nl ask77nl ask77nl requested changes

+1 more reviewer

@TallTed TallTed TallTed left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@siriscac @ask77nl @TallTed