cargo clippy, fmt, code

examples/1_advanced/11_linked_verifiable_presentation.rs

@@ -1,3 +1,6 @@
+// Copyright 2020-2024 IOTA Stiftung
+// SPDX-License-Identifier: Apache-2.0
+
 use examples::create_did;
 use examples::random_stronghold_path;
 use examples::MemStorage;
@@ -33,6 +36,8 @@ use iota_sdk::types::block::output::AliasOutput;
 use iota_sdk::types::block::output::AliasOutputBuilder;
 use iota_sdk::types::block::output::RentStructure;
 
+const VP_JWT: &str = "eyJraWQiOiJkaWQ6aW90YTpybXM6MHg2Y2I5MWUyMGMxMzhhMTQ1MTUzMDY4ZTEwODNhMGEyYTUwYjU2ZDI1MGI3YjUzYzYwYmEzOTI4NGJkMWRjNzQxI1k5TUppd1k4U0s0NjlNcW0weXBZYzRYSUl5TnVpMzZIejdreVdkUEkyejQiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6aW90YTpybXM6MHg2Y2I5MWUyMGMxMzhhMTQ1MTUzMDY4ZTEwODNhMGEyYTUwYjU2ZDI1MGI3YjUzYzYwYmEzOTI4NGJkMWRjNzQxIiwibmJmIjoxNzI0Njg0NTEzLCJ2cCI6eyJAY29udGV4dCI6Imh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwidHlwZSI6IlZlcmlmaWFibGVQcmVzZW50YXRpb24iLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6WyJleUpyYVdRaU9pSmthV1E2YVc5MFlUcHliWE02TUhnek5ERTVNek5qWW1ReU1USm1NalkzT1dOaE5tSTFZbU00WXpGbE5EazROREV4WlRWaFpHUXdZMk0zWkRnNU1qZzVZV1ppTmpaaVpEZGtNMk5tTWpObEkyRlZkMTgyZGw5bGRUQlJlVFJQWWtOTFIwUlJNWFJEUW00elJGcGxVVzUxYmtkNlRWWlJlRWxrYjJNaUxDSjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSkZaRVJUUVNKOS5leUpwYzNNaU9pSmthV1E2YVc5MFlUcHliWE02TUhnek5ERTVNek5qWW1ReU1USm1NalkzT1dOaE5tSTFZbU00WXpGbE5EazROREV4WlRWaFpHUXdZMk0zWkRnNU1qZzVZV1ppTmpaaVpEZGtNMk5tTWpObElpd2libUptSWpveE56STBOamcwTlRFekxDSnFkR2tpT2lKb2RIUndjem92TDJWNFlXMXdiR1V1WldSMUwyTnlaV1JsYm5ScFlXeHpMek0zTXpJaUxDSnpkV0lpT2lKa2FXUTZhVzkwWVRweWJYTTZNSGcyWTJJNU1XVXlNR014TXpoaE1UUTFNVFV6TURZNFpURXdPRE5oTUdFeVlUVXdZalUyWkRJMU1HSTNZalV6WXpZd1ltRXpPVEk0TkdKa01XUmpOelF4SWl3aWRtTWlPbnNpUUdOdmJuUmxlSFFpT2lKb2RIUndjem92TDNkM2R5NTNNeTV2Y21jdk1qQXhPQzlqY21Wa1pXNTBhV0ZzY3k5Mk1TSXNJblI1Y0dVaU9sc2lWbVZ5YVdacFlXSnNaVU55WldSbGJuUnBZV3dpTENKVmJtbDJaWEp6YVhSNVJHVm5jbVZsUTNKbFpHVnVkR2xoYkNKZExDSmpjbVZrWlc1MGFXRnNVM1ZpYW1WamRDSTZleUpqWlhKMGFXWnBZMkYwWlNJNmV5SjBlWEJsSWpvaVFXTmpjbVZrYVhSaGRHbHZiaUlzSW14bGRtVnNJam96ZlgxOWZRLm5ldEpyMkZEaWlPYmRFVWVaaTkwcW90dG9BcFlYLVhacmxMQ0ZwOTA2RHZCMlJUbEw2WDVWb3JhYy1reFpNUThwMkpIUEZMbUk5ZzM5c3NuSG1MWkNnIl19fQ.vcpp_imMMv6inSOy9L-IsvF_WPfEYsuTpcPfEAHQfrBJ_O_zhZxZ0pzcbbvwJqh-wcmMgas0DuR_0NGcZK8CAw";
+
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
   // Create a new client to interact with the IOTA ledger.
@@ -71,7 +76,7 @@ async fn main() -> anyhow::Result<()> {
   // Create a Linked Verifiable Presentation Service to enable the discovery of the linked VPs through the DID Document.
   // This is optional since it is not a hard requirement by the specs.
   let service_url: DIDUrl = did.clone().join("#linked-vp")?;
-  let linked_verifiable_presentation_service: LinkedVerifiablePresentationService =
+  let linked_verifiable_presentation_service =
     LinkedVerifiablePresentationService::new(service_url, verifiable_presentation_urls, Object::new())?;
   did_document.insert_service(linked_verifiable_presentation_service.into())?;
   let updated_did_document: IotaDocument = publish_document(client.clone(), secret_manager, did_document).await?;
@@ -123,8 +128,6 @@ async fn main() -> anyhow::Result<()> {
       &presentation_validation_options,
     );
 
-  // TODO: Validate the credentials in the presentation ...
-
   assert!(validation_result.is_ok());
 
   Ok(())
@@ -151,5 +154,5 @@ async fn publish_document(
 
 /// A static VP, without nonce and expiry (created using basic example `6_create_vp.rs`).
 fn example_vp() -> Jwt {
-  Jwt::from("eyJraWQiOiJkaWQ6aW90YTpybXM6MHg2Y2I5MWUyMGMxMzhhMTQ1MTUzMDY4ZTEwODNhMGEyYTUwYjU2ZDI1MGI3YjUzYzYwYmEzOTI4NGJkMWRjNzQxI1k5TUppd1k4U0s0NjlNcW0weXBZYzRYSUl5TnVpMzZIejdreVdkUEkyejQiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6aW90YTpybXM6MHg2Y2I5MWUyMGMxMzhhMTQ1MTUzMDY4ZTEwODNhMGEyYTUwYjU2ZDI1MGI3YjUzYzYwYmEzOTI4NGJkMWRjNzQxIiwibmJmIjoxNzI0Njg0NTEzLCJ2cCI6eyJAY29udGV4dCI6Imh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwidHlwZSI6IlZlcmlmaWFibGVQcmVzZW50YXRpb24iLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6WyJleUpyYVdRaU9pSmthV1E2YVc5MFlUcHliWE02TUhnek5ERTVNek5qWW1ReU1USm1NalkzT1dOaE5tSTFZbU00WXpGbE5EazROREV4WlRWaFpHUXdZMk0zWkRnNU1qZzVZV1ppTmpaaVpEZGtNMk5tTWpObEkyRlZkMTgyZGw5bGRUQlJlVFJQWWtOTFIwUlJNWFJEUW00elJGcGxVVzUxYmtkNlRWWlJlRWxrYjJNaUxDSjBlWEFpT2lKS1YxUWlMQ0poYkdjaU9pSkZaRVJUUVNKOS5leUpwYzNNaU9pSmthV1E2YVc5MFlUcHliWE02TUhnek5ERTVNek5qWW1ReU1USm1NalkzT1dOaE5tSTFZbU00WXpGbE5EazROREV4WlRWaFpHUXdZMk0zWkRnNU1qZzVZV1ppTmpaaVpEZGtNMk5tTWpObElpd2libUptSWpveE56STBOamcwTlRFekxDSnFkR2tpT2lKb2RIUndjem92TDJWNFlXMXdiR1V1WldSMUwyTnlaV1JsYm5ScFlXeHpMek0zTXpJaUxDSnpkV0lpT2lKa2FXUTZhVzkwWVRweWJYTTZNSGcyWTJJNU1XVXlNR014TXpoaE1UUTFNVFV6TURZNFpURXdPRE5oTUdFeVlUVXdZalUyWkRJMU1HSTNZalV6WXpZd1ltRXpPVEk0TkdKa01XUmpOelF4SWl3aWRtTWlPbnNpUUdOdmJuUmxlSFFpT2lKb2RIUndjem92TDNkM2R5NTNNeTV2Y21jdk1qQXhPQzlqY21Wa1pXNTBhV0ZzY3k5Mk1TSXNJblI1Y0dVaU9sc2lWbVZ5YVdacFlXSnNaVU55WldSbGJuUnBZV3dpTENKVmJtbDJaWEp6YVhSNVJHVm5jbVZsUTNKbFpHVnVkR2xoYkNKZExDSmpjbVZrWlc1MGFXRnNVM1ZpYW1WamRDSTZleUpqWlhKMGFXWnBZMkYwWlNJNmV5SjBlWEJsSWpvaVFXTmpjbVZrYVhSaGRHbHZiaUlzSW14bGRtVnNJam96ZlgxOWZRLm5ldEpyMkZEaWlPYmRFVWVaaTkwcW90dG9BcFlYLVhacmxMQ0ZwOTA2RHZCMlJUbEw2WDVWb3JhYy1reFpNUThwMkpIUEZMbUk5ZzM5c3NuSG1MWkNnIl19fQ.vcpp_imMMv6inSOy9L-IsvF_WPfEYsuTpcPfEAHQfrBJ_O_zhZxZ0pzcbbvwJqh-wcmMgas0DuR_0NGcZK8CAw".to_string())
+  Jwt::from(VP_JWT.to_string())
 }

examples/Cargo.toml

@@ -9,7 +9,7 @@ publish = false
 anyhow = "1.0.62"
 bls12_381_plus.workspace = true
 identity_eddsa_verifier = { path = "../identity_eddsa_verifier", default-features = false }
-identity_iota = { path = "../identity_iota", default-features = false, features = ["iota-client", "client", "memstore", "domain-linkage", "revocation-bitmap", "status-list-2021", "jpt-bbs-plus"] }
+identity_iota = { path = "../identity_iota", default-features = false, features = ["iota-client", "client", "memstore", "domain-linkage", "revocation-bitmap", "status-list-2021", "jpt-bbs-plus", "resolver"] }
 identity_stronghold = { path = "../identity_stronghold", default-features = false, features = ["bbs-plus"] }
 iota-sdk = { version = "1.0", default-features = false, features = ["tls", "client", "stronghold"] }
 json-proof-token.workspace = true

identity_credential/src/credential/jwt_serialization.rs

@@ -32,7 +32,7 @@ use crate::Result;
 /// This type is opinionated in the following ways:
 /// 1. Serialization tries to duplicate as little as possible between the required registered claims and the `vc` entry.
 /// 2. Only allows serializing/deserializing claims "exp, iss, nbf &/or iat, jti, sub and vc". Other custom properties
-/// must be set in the `vc` entry.
+///    must be set in the `vc` entry.
 #[derive(Serialize, Deserialize)]
 pub(crate) struct CredentialJwtClaims<'credential, T = Object>
 where

identity_credential/src/credential/linked_verifiable_presentation_service.rs

@@ -1,3 +1,6 @@
+// Copyright 2020-2024 IOTA Stiftung
+// SPDX-License-Identifier: Apache-2.0
+
 use identity_core::common::Object;
 use identity_core::common::OrderedSet;
 use identity_core::common::Url;
@@ -36,7 +39,8 @@ impl LinkedVerifiablePresentationService {
     "LinkedVerifiablePresentation"
   }
 
-  /// Constructs a new `LinkedVerifiablePresentationService` that wraps a spec compliant [Linked Verifiable Presentation Service Endpoint](https://identity.foundation/linked-vp/#linked-verifiable-presentation-service-endpoint)
+  /// Constructs a new `LinkedVerifiablePresentationService` that wraps a spec compliant
+  /// [Linked Verifiable Presentation Service Endpoint](https://identity.foundation/linked-vp/#linked-verifiable-presentation-service-endpoint).
   pub fn new(
     did_url: DIDUrl,
     verifiable_presentation_urls: impl Into<OrderedSet<Url>>,
@@ -47,17 +51,15 @@ impl LinkedVerifiablePresentationService {
       .id(did_url)
       .type_(Self::linked_verifiable_presentation_service_type());
     if verifiable_presentation_urls.len() == 1 {
-      Ok(Self {
-        service: builder
-          .service_endpoint(ServiceEndpoint::One(
-            verifiable_presentation_urls
-              .into_iter()
-              .next()
-              .expect("the len should be 1"),
-          ))
-          .build()
-          .map_err(|err| LinkedVerifiablePresentationError(Box::new(err)))?,
-      })
+      let vp_url = verifiable_presentation_urls
+        .into_iter()
+        .next()
+        .expect("element 0 exists");
+      let service = builder
+        .service_endpoint(vp_url)
+        .build()
+        .map_err(|err| LinkedVerifiablePresentationError(Box::new(err)))?;
+      Ok(Self { service })
     } else {
       let service = builder
         .service_endpoint(ServiceEndpoint::Set(verifiable_presentation_urls))
@@ -69,8 +71,8 @@ impl LinkedVerifiablePresentationService {
 
   /// Checks the semantic structure of a Linked Verifiable Presentation Service.
   ///
-  /// Note: `{"type": ["LinkedVerifiablePresentation"]}` might be serialized the same way as `{"type": "LinkedVerifiablePresentation"}`
-  /// which passes the semantic check.
+  /// Note: `{"type": ["LinkedVerifiablePresentation"]}` might be serialized the same way as `{"type":
+  /// "LinkedVerifiablePresentation"}` which passes the semantic check.
   pub fn check_structure(service: &Service) -> Result<()> {
     if service.type_().len() != 1 {
       return Err(LinkedVerifiablePresentationError("invalid service type".into()));
@@ -92,12 +94,7 @@ impl LinkedVerifiablePresentationService {
     }
 
     match service.service_endpoint() {
-      ServiceEndpoint::One(endpoint) => {
-        // if endpoint.scheme() != "https" {
-        //   Err(LinkedVerifiablePresentationError("domain does not include `https` scheme".into()))?;
-        // }
-        Ok(())
-      }
+      ServiceEndpoint::One(_) => Ok(()),
       ServiceEndpoint::Set(_) => Ok(()),
       ServiceEndpoint::Map(_) => Err(LinkedVerifiablePresentationError(
         "service endpoints must be either a string or a set".into(),

identity_credential/src/domain_linkage/domain_linkage_validator.rs

@@ -39,14 +39,14 @@ impl<V: JwsVerifier> JwtDomainLinkageValidator<V> {
   /// [`DomainLinkageConfiguration`] is validated according to [DID Configuration Resource Verification](https://identity.foundation/.well-known/resources/did-configuration/#did-configuration-resource-verification).
   ///
   /// * `issuer`: DID Document of the linked DID. Issuer of the Domain Linkage Credential included
-  /// in the Domain Linkage Configuration.
+  ///   in the Domain Linkage Configuration.
   /// * `configuration`: Domain Linkage Configuration fetched from the domain at "/.well-known/did-configuration.json".
   /// * `domain`: domain from which the Domain Linkage Configuration has been fetched.
   /// * `validation_options`: Further validation options to be applied on the Domain Linkage Credential.
   ///
   /// # Note:
   /// - Only the [JSON Web Token Proof Format](https://identity.foundation/.well-known/resources/did-configuration/#json-web-token-proof-format)
-  /// is supported.
+  ///   is supported.
   /// - Only the Credential issued by `issuer` is verified.
   ///
   /// # Errors

identity_credential/src/revocation/status_list_2021/credential.rs

@@ -123,7 +123,7 @@ impl StatusList2021Credential {
   ///
   /// ## Note:
   /// - A revoked credential cannot ever be unrevoked and will lead to a
-  /// [`StatusList2021CredentialError::UnreversibleRevocation`].
+  ///   [`StatusList2021CredentialError::UnreversibleRevocation`].
   /// - Trying to set `revoked_or_suspended` to `false` for an already valid credential will have no impact.
   pub fn set_credential_status(
     &mut self,

identity_credential/src/validator/jwt_presentation_validation/jwt_presentation_validator.rs

@@ -47,11 +47,11 @@ where
   /// # Warning
   ///
   /// * This method does NOT validate the constituent credentials and therefore also not the relationship between the
-  /// credentials' subjects and the presentation holder. This can be done with
-  /// [`JwtCredentialValidationOptions`](crate::validator::JwtCredentialValidationOptions).
+  ///   credentials' subjects and the presentation holder. This can be done with
+  ///   [`JwtCredentialValidationOptions`](crate::validator::JwtCredentialValidationOptions).
   /// * The lack of an error returned from this method is in of itself not enough to conclude that the presentation can
-  /// be trusted. This section contains more information on additional checks that should be carried out before and
-  /// after calling this method.
+  ///   be trusted. This section contains more information on additional checks that should be carried out before and
+  ///   after calling this method.
   ///
   /// ## The state of the supplied DID Documents.
   ///

identity_credential/src/validator/sd_jwt/validator.rs

@@ -53,10 +53,10 @@ impl<V: JwsVerifier> SdJwtCredentialValidator<V> {
   ///
   /// # Warning
   /// * The key binding JWT is not validated. If needed, it must be validated separately using
-  /// `SdJwtValidator::validate_key_binding_jwt`.
+  ///   `SdJwtValidator::validate_key_binding_jwt`.
   /// * The lack of an error returned from this method is in of itself not enough to conclude that the credential can be
-  /// trusted. This section contains more information on additional checks that should be carried out before and after
-  /// calling this method.
+  ///   trusted. This section contains more information on additional checks that should be carried out before and after
+  ///   calling this method.
   ///
   /// ## The state of the issuer's DID Document
   /// The caller must ensure that `issuer` represents an up-to-date DID Document.

identity_document/src/document/core_document.rs

@@ -939,7 +939,7 @@ impl CoreDocument {
   /// take place.
   /// - The JWS must be encoded according to the JWS compact serialization.
   /// - The `kid` value in the protected header must be an identifier of a verification method in this DID document,
-  /// or set explicitly in the `options`.
+  ///   or set explicitly in the `options`.
   //
   // NOTE: This is tested in `identity_storage` and `identity_credential`.
   pub fn verify_jws<'jws, T: JwsVerifier>(

identity_jose/src/jwu/serde.rs

@@ -58,7 +58,7 @@ pub(crate) fn validate_jws_headers(protected: Option<&JwsHeader>, unprotected: O
 /// 1. It is integrity protected.
 /// 2. It is not encoded as an empty list.
 /// 3. It does not contain any header parameters defined by the
-///  JOSE JWS/JWA specifications.
+///    JOSE JWS/JWA specifications.
 /// 4. It's values are contained in the given `permitted` array.
 /// 5. All values in "crit" are present in at least one of the `protected` or `unprotected` headers.
 ///

identity_resolver/src/resolution/resolver.rs

@@ -302,9 +302,9 @@ mod iota_handler {
     /// # Note
     ///
     /// - Using `attach_iota_handler` or `attach_handler` for the IOTA method would override all
-    /// previously added clients.
+    ///   previously added clients.
     /// - This function does not validate the provided configuration. Ensure that the provided
-    /// network name corresponds with the client, possibly by using `client.network_name()`.
+    ///   network name corresponds with the client, possibly by using `client.network_name()`.
     pub fn attach_multiple_iota_handlers<CLI, I>(&mut self, clients: I)
     where
       CLI: IotaIdentityClientExt + Send + Sync + 'static,

identity_storage/Cargo.toml

@@ -21,11 +21,11 @@ identity_credential = { version = "=1.3.1", path = "../identity_credential", def
 identity_did = { version = "=1.3.1", path = "../identity_did", default-features = false }
 identity_document = { version = "=1.3.1", path = "../identity_document", default-features = false }
 identity_iota_core = { version = "=1.3.1", path = "../identity_iota_core", default-features = false, optional = true }
-identity_verification = { version = "=1.3.1", path = "../identity_verification", default_features = false }
+identity_verification = { version = "=1.3.1", path = "../identity_verification", default-features = false }
 iota-crypto = { version = "0.23", default-features = false, features = ["ed25519"], optional = true }
 json-proof-token = { workspace = true, optional = true }
 rand = { version = "0.8.5", default-features = false, features = ["std", "std_rng"], optional = true }
-seahash = { version = "4.1.0", default_features = false }
+seahash = { version = "4.1.0", default-features = false }
 serde.workspace = true
 serde_json.workspace = true
 thiserror.workspace = true

identity_stronghold/Cargo.toml

@@ -14,22 +14,22 @@ description = "Secure JWK storage with Stronghold for IOTA Identity"
 [dependencies]
 async-trait = { version = "0.1.64", default-features = false }
 bls12_381_plus = { workspace = true, optional = true }
-identity_storage = { version = "=1.3.1", path = "../identity_storage", default_features = false }
-identity_verification = { version = "=1.3.1", path = "../identity_verification", default_features = false }
+identity_storage = { version = "=1.3.1", path = "../identity_storage", default-features = false }
+identity_verification = { version = "=1.3.1", path = "../identity_verification", default-features = false }
 iota-crypto = { version = "0.23", default-features = false, features = ["ed25519"] }
 iota-sdk = { version = "1.1.5", default-features = false, features = ["client", "stronghold"] }
 iota_stronghold = { version = "2.1.0", default-features = false }
 json-proof-token = { workspace = true, optional = true }
 rand = { version = "0.8.5", default-features = false, features = ["std", "std_rng"] }
 tokio = { version = "1.29.0", default-features = false, features = ["macros", "sync"] }
-zeroize = { version = "1.6.0", default_features = false }
+zeroize = { version = "1.6.0", default-features = false }
 zkryptium = { workspace = true, optional = true }
 
 [dev-dependencies]
 anyhow = "1.0.82"
 bls12_381_plus = { workspace = true }
-identity_did = { version = "=1.3.1", path = "../identity_did", default_features = false }
-identity_storage = { version = "=1.3.1", path = "../identity_storage", default_features = false, features = ["jpt-bbs-plus"] }
+identity_did = { version = "=1.3.1", path = "../identity_did", default-features = false }
+identity_storage = { version = "=1.3.1", path = "../identity_storage", default-features = false, features = ["jpt-bbs-plus"] }
 json-proof-token = { workspace = true }
 tokio = { version = "1.29.0", default-features = false, features = ["macros", "sync", "rt"] }
 zkryptium = { workspace = true }