Merge remote-tracking branch 'origin/feat/jpt-bbs+-sd' into feat/refa…

…ctor-revocation-status

README.md

@@ -24,7 +24,7 @@
 
 ## Introduction
 
-IOTA Identity is a [Rust](https://www.rust-lang.org/) implementation of decentralized digital identity, also known as Self-Sovereign Identity (SSI). It implements the W3C [Decentralized Identifiers (DID)](https://www.w3.org/TR/did-core/) and [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) specifications. This library can be used to create, resolve and authenticate digital identities and to create verifiable credentials and presentations in order to share information in a verifiable manner and establish trust in the digital world. It does so while supporting secure storage of cryptographic keys, which can be implemented for your preferred key management system. Many of the individual libraries (Rust crates) are agnostic over the concrete DID method, with the exception of some libraries dedicated to implement the [IOTA DID method](https://wiki.iota.org/shimmer/identity.rs/specs/did/iota_did_method_spec/), which is an implementation of decentralized digital identity on the IOTA and Shimmer networks. Written in stable Rust, IOTA Identity has strong guarantees of memory safety and process integrity while maintaining exceptional performance.
+IOTA Identity is a [Rust](https://www.rust-lang.org/) implementation of decentralized digital identity, also known as Self-Sovereign Identity (SSI). It implements the W3C [Decentralized Identifiers (DID)](https://www.w3.org/TR/did-core/) and [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) specifications. This library can be used to create, resolve and authenticate digital identities and to create verifiable credentials and presentations in order to share information in a verifiable manner and establish trust in the digital world. It does so while supporting secure storage of cryptographic keys, which can be implemented for your preferred key management system. Many of the individual libraries (Rust crates) are agnostic over the concrete DID method, with the exception of some libraries dedicated to implement the [IOTA DID method](https://wiki.iota.org/identity.rs/specs/did/iota_did_method_spec/), which is an implementation of decentralized digital identity on the IOTA and Shimmer networks. Written in stable Rust, IOTA Identity has strong guarantees of memory safety and process integrity while maintaining exceptional performance.
 
 ## Bindings
 
@@ -36,8 +36,8 @@ IOTA Identity is a [Rust](https://www.rust-lang.org/) implementation of decentra
 
 - API References:
   - [Rust API Reference](https://docs.rs/identity_iota/latest/identity_iota/): Package documentation (cargo docs).
-  - [Wasm API Reference](https://wiki.iota.org/shimmer/identity.rs/libraries/wasm/api_reference/): Wasm Package documentation.
-- [Identity Documentation Pages](https://wiki.iota.org/shimmer/identity.rs/introduction): Supplementing documentation with context around identity and simple examples on library usage.
+  - [Wasm API Reference](https://wiki.iota.org/identity.rs/libraries/wasm/api_reference/): Wasm Package documentation.
+- [Identity Documentation Pages](https://wiki.iota.org/identity.rs/introduction): Supplementing documentation with context around identity and simple examples on library usage.
 - [Examples](https://github.com/iotaledger/identity.rs/blob/HEAD/examples): Practical code snippets to get you started with the library.
 
 ## Prerequisites
@@ -238,7 +238,7 @@ For detailed development progress, see the IOTA Identity development [kanban boa
 
 We would love to have you help us with the development of IOTA Identity. Each and every contribution is greatly valued!
 
-Please review the [contribution](https://wiki.iota.org/shimmer/identity.rs/contribute) and [workflow](https://wiki.iota.org/shimmer/identity.rs/workflow) sections in the [IOTA Wiki](https://wiki.iota.org/).
+Please review the [contribution](https://wiki.iota.org/identity.rs/contribute) and [workflow](https://wiki.iota.org/identity.rs/workflow) sections in the [IOTA Wiki](https://wiki.iota.org/).
 
 To contribute directly to the repository, simply fork the project, push your changes to your fork and create a pull request to get them included!
 

bindings/wasm/src/common/types.rs

@@ -75,3 +75,9 @@ impl TryFrom<&Object> for MapStringAny {
     Ok(map.unchecked_into::<MapStringAny>())
   }
 }
+
+impl Default for MapStringAny {
+  fn default() -> Self {
+    js_sys::Map::new().unchecked_into()
+  }
+}

bindings/wasm/src/credential/jpt.rs

@@ -0,0 +1,36 @@
+use identity_iota::credential::Jpt;
+use wasm_bindgen::prelude::*;
+
+/// A JSON Proof Token (JPT).
+#[wasm_bindgen(js_name = Jpt)]
+pub struct WasmJpt(pub(crate) Jpt);
+
+#[wasm_bindgen(js_class = Jpt)]
+impl WasmJpt {
+  /// Creates a new {@link Jpt}.
+  #[wasm_bindgen(constructor)]
+  pub fn new(jpt_string: String) -> Self {
+    WasmJpt(Jpt::new(jpt_string))
+  }
+
+  // Returns the string representation for this {@link Jpt}.
+  #[allow(clippy::inherent_to_string)]
+  #[wasm_bindgen(js_name = "toString")]
+  pub fn to_string(&self) -> String {
+    self.0.as_str().to_owned()
+  }
+}
+
+impl_wasm_clone!(WasmJpt, Jpt);
+
+impl From<Jpt> for WasmJpt {
+  fn from(value: Jpt) -> Self {
+    WasmJpt(value)
+  }
+}
+
+impl From<WasmJpt> for Jpt {
+  fn from(value: WasmJpt) -> Self {
+    value.0
+  }
+}

bindings/wasm/src/credential/jpt_credential_validator/decoded_jpt_credential.rs

@@ -0,0 +1,42 @@
+use identity_iota::core::Object;
+use identity_iota::credential::DecodedJptCredential;
+use wasm_bindgen::prelude::*;
+
+use crate::common::MapStringAny;
+use crate::credential::WasmCredential;
+use crate::error::Result;
+
+#[wasm_bindgen(js_name = DecodedJptCredential)]
+pub struct WasmDecodedJptCredential(pub(crate) DecodedJptCredential<Object>);
+
+impl_wasm_clone!(WasmDecodedJptCredential, DecodedJptCredential);
+
+#[wasm_bindgen(js_class = DecodedJptCredential)]
+impl WasmDecodedJptCredential {
+  /// Returns the {@link Credential} embedded into this JPT.
+  #[wasm_bindgen]
+  pub fn credential(&self) -> WasmCredential {
+    WasmCredential(self.0.credential.clone())
+  }
+
+  /// Returns the custom claims parsed from the JPT.
+  #[wasm_bindgen(js_name = "customClaims")]
+  pub fn custom_claims(&self) -> Result<MapStringAny> {
+    match self.0.custom_claims.clone() {
+      Some(obj) => MapStringAny::try_from(obj),
+      None => Ok(MapStringAny::default()),
+    }
+  }
+}
+
+impl From<DecodedJptCredential> for WasmDecodedJptCredential {
+  fn from(value: DecodedJptCredential) -> Self {
+    WasmDecodedJptCredential(value)
+  }
+}
+
+impl From<WasmDecodedJptCredential> for DecodedJptCredential {
+  fn from(value: WasmDecodedJptCredential) -> Self {
+    value.0
+  }
+}

bindings/wasm/src/credential/jpt_credential_validator/jpt_credential_validation_options.rs

@@ -0,0 +1,77 @@
+use identity_iota::credential::JptCredentialValidationOptions;
+use wasm_bindgen::prelude::*;
+
+use crate::error::Result;
+use crate::error::WasmResult;
+
+/// Options to declare validation criteria for {@link Jpt}.
+#[derive(Debug, Default, Clone)]
+#[wasm_bindgen(js_name = "JptCredentialValidationOptions", inspectable)]
+pub struct WasmJptCredentialValidationOptions(pub(crate) JptCredentialValidationOptions);
+
+impl_wasm_clone!(WasmJptCredentialValidationOptions, JptCredentialValidationOptions);
+impl_wasm_json!(WasmJptCredentialValidationOptions, JptCredentialValidationOptions);
+
+#[wasm_bindgen(js_class = JptCredentialValidationOptions)]
+impl WasmJptCredentialValidationOptions {
+  /// Creates a new default istance.
+  #[wasm_bindgen(constructor)]
+  pub fn new(opts: Option<IJptCredentialValidationOptions>) -> Result<WasmJptCredentialValidationOptions> {
+    if let Some(opts) = opts {
+      opts.into_serde().wasm_result().map(WasmJptCredentialValidationOptions)
+    } else {
+      Ok(WasmJptCredentialValidationOptions::default())
+    }
+  }
+}
+
+impl From<JptCredentialValidationOptions> for WasmJptCredentialValidationOptions {
+  fn from(value: JptCredentialValidationOptions) -> Self {
+    WasmJptCredentialValidationOptions(value)
+  }
+}
+
+impl From<WasmJptCredentialValidationOptions> for JptCredentialValidationOptions {
+  fn from(value: WasmJptCredentialValidationOptions) -> Self {
+    value.0
+  }
+}
+
+#[wasm_bindgen]
+extern "C" {
+  #[wasm_bindgen(typescript_type = "IJptCredentialValidationOptions")]
+  pub type IJptCredentialValidationOptions;
+}
+
+#[wasm_bindgen(typescript_custom_section)]
+const I_JPT_CREDENTIAL_VALIDATION_OPTIONS: &'static str = r#"
+/** Holds options to create a new {@link JptCredentialValidationOptions}. */
+interface IJptCredentialValidationOptions {
+    /**
+     * Declare that the credential is **not** considered valid if it expires before this {@link Timestamp}.
+     * Uses the current datetime during validation if not set. 
+     */
+    readonly earliestExpiryDate?: Timestamp;
+
+    /**
+     * Declare that the credential is **not** considered valid if it was issued later than this {@link Timestamp}.
+     * Uses the current datetime during validation if not set. 
+     */
+    readonly latestIssuanceDate?: Timestamp;
+
+    /**
+     * Validation behaviour for [`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
+     */
+    readonly status?: StatusCheck;
+
+    /** Declares how credential subjects must relate to the presentation holder during validation.
+     *
+     * <https://www.w3.org/TR/vc-data-model/#subject-holder-relationships>
+     */
+    readonly subjectHolderRelationship?: [string, SubjectHolderRelationship];
+
+    /**
+     * Options which affect the verification of the proof on the credential.
+     */
+    readonly verificationOptions?: JwpVerificationOptions;
+}"#;

bindings/wasm/src/credential/jpt_credential_validator/jpt_credential_validator.rs

@@ -0,0 +1,30 @@
+use crate::common::ImportedDocumentLock;
+use crate::credential::WasmDecodedJptCredential;
+use crate::credential::WasmFailFast;
+use crate::credential::WasmJpt;
+use crate::credential::WasmJptCredentialValidationOptions;
+use crate::did::WasmCoreDocument;
+use crate::error::Result;
+use crate::error::WasmResult;
+use identity_iota::credential::JptCredentialValidator;
+use wasm_bindgen::prelude::*;
+
+#[wasm_bindgen(js_name = JptCredentialValidator)]
+pub struct WasmJptCredentialValidator;
+
+#[wasm_bindgen(js_class = JptCredentialValidator)]
+impl WasmJptCredentialValidator {
+  #[wasm_bindgen]
+  pub fn validate(
+    credential_jpt: &WasmJpt,
+    issuer: WasmCoreDocument,
+    options: &WasmJptCredentialValidationOptions,
+    fail_fast: WasmFailFast,
+  ) -> Result<WasmDecodedJptCredential> {
+    let issuer_doc = ImportedDocumentLock::Core(issuer.0);
+    let doc = issuer_doc.try_read()?;
+    JptCredentialValidator::validate(&credential_jpt.0, &doc, &options.0, fail_fast.into())
+      .wasm_result()
+      .map(WasmDecodedJptCredential)
+  }
+}

bindings/wasm/src/credential/jpt_credential_validator/jpt_credential_validator_utils.rs

@@ -0,0 +1,95 @@
+use crate::common::ImportedDocumentLock;
+use crate::common::WasmTimestamp;
+use crate::credential::options::WasmStatusCheck;
+use crate::credential::WasmCredential;
+use crate::credential::WasmJpt;
+use crate::did::WasmCoreDID;
+use crate::did::WasmCoreDocument;
+use crate::error::Result;
+use crate::error::WasmResult;
+use identity_iota::core::Object;
+use identity_iota::credential::JptCredentialValidatorUtils;
+use identity_iota::did::CoreDID;
+use wasm_bindgen::prelude::*;
+
+/// Utility functions for validating JPT credentials.
+#[wasm_bindgen(js_name = JptCredentialValidatorUtils)]
+#[derive(Default)]
+pub struct WasmJptCredentialValidatorUtils;
+
+#[wasm_bindgen(js_class = JptCredentialValidatorUtils)]
+impl WasmJptCredentialValidatorUtils {
+  #[wasm_bindgen(constructor)]
+  pub fn new() -> WasmJptCredentialValidatorUtils {
+    WasmJptCredentialValidatorUtils
+  }
+
+  /// Utility for extracting the issuer field of a {@link `Credential`} as a DID.
+  /// # Errors
+  /// Fails if the issuer field is not a valid DID.
+  #[wasm_bindgen(js_name = "extractIssuer")]
+  pub fn extract_issuer(credential: &WasmCredential) -> Result<WasmCoreDID> {
+    JptCredentialValidatorUtils::extract_issuer::<CoreDID, Object>(&credential.0)
+      .wasm_result()
+      .map(WasmCoreDID::from)
+  }
+  /// Utility for extracting the issuer field of a credential in JPT representation as DID.
+  /// # Errors
+  /// If the JPT decoding fails or the issuer field is not a valid DID.
+  #[wasm_bindgen(js_name = "extractIssuerFromIssuedJpt")]
+  pub fn extract_issuer_from_issued_jpt(credential: &WasmJpt) -> Result<WasmCoreDID> {
+    JptCredentialValidatorUtils::extract_issuer_from_issued_jpt::<CoreDID>(&credential.0)
+      .wasm_result()
+      .map(WasmCoreDID::from)
+  }
+
+  #[wasm_bindgen(js_name = "checkTimeframesWithValidityTimeframe2024")]
+  pub fn check_timeframes_with_validity_timeframe_2024(
+    credential: &WasmCredential,
+    validity_timeframe: Option<WasmTimestamp>,
+    status_check: WasmStatusCheck,
+  ) -> Result<()> {
+    JptCredentialValidatorUtils::check_timeframes_with_validity_timeframe_2024(
+      &credential.0,
+      validity_timeframe.map(|t| t.0),
+      status_check.into(),
+    )
+    .wasm_result()
+  }
+
+  /// Checks whether the credential status has been revoked.
+  ///
+  /// Only supports `RevocationTimeframe2024`.
+  #[wasm_bindgen(js_name = "checkRevocationWithValidityTimeframe2024")]
+  pub fn check_revocation_with_validity_timeframe_2024(
+    credential: &WasmCredential,
+    issuer: WasmCoreDocument,
+    status_check: WasmStatusCheck,
+  ) -> Result<()> {
+    let issuer_doc = ImportedDocumentLock::Core(issuer.0);
+    let doc = issuer_doc.try_read()?;
+    JptCredentialValidatorUtils::check_revocation_with_validity_timeframe_2024(&credential.0, &doc, status_check.into())
+      .wasm_result()
+  }
+
+  /// Checks whether the credential status has been revoked or the timeframe interval is INVALID
+  ///
+  /// Only supports `RevocationTimeframe2024`.
+  #[wasm_bindgen(js_name = "checkTimeframesAndRevocationWithValidityTimeframe2024")]
+  pub fn check_timeframes_and_revocation_with_validity_timeframe_2024(
+    credential: &WasmCredential,
+    issuer: WasmCoreDocument,
+    validity_timeframe: Option<WasmTimestamp>,
+    status_check: WasmStatusCheck,
+  ) -> Result<()> {
+    let issuer_doc = ImportedDocumentLock::Core(issuer.0);
+    let doc = issuer_doc.try_read()?;
+    JptCredentialValidatorUtils::check_timeframes_and_revocation_with_validity_timeframe_2024(
+      &credential.0,
+      &doc,
+      validity_timeframe.map(|t| t.0),
+      status_check.into(),
+    )
+    .wasm_result()
+  }
+}

bindings/wasm/src/credential/jpt_credential_validator/jwp_verification_options.rs

@@ -0,0 +1,45 @@
+use crate::error::Result;
+use crate::error::WasmResult;
+use identity_iota::document::verifiable::JwpVerificationOptions;
+use wasm_bindgen::prelude::*;
+
+#[wasm_bindgen(js_name = JwpVerificationOptions, inspectable)]
+#[derive(Clone, Debug, Default)]
+pub struct WasmJwpVerificationOptions(pub(crate) JwpVerificationOptions);
+
+impl_wasm_clone!(WasmJwpVerificationOptions, JwpVerificationOptions);
+impl_wasm_json!(WasmJwpVerificationOptions, JwpVerificationOptions);
+
+#[wasm_bindgen(js_class = JwpVerificationOptions)]
+impl WasmJwpVerificationOptions {
+  pub fn new(opts: Option<IJwpVerificationOptions>) -> Result<WasmJwpVerificationOptions> {
+    if let Some(opts) = opts {
+      opts.into_serde().wasm_result().map(WasmJwpVerificationOptions)
+    } else {
+      Ok(WasmJwpVerificationOptions::default())
+    }
+  }
+}
+
+// Interface to allow creating {@link JwpVerificationOptions} easily.
+#[wasm_bindgen]
+extern "C" {
+  #[wasm_bindgen(typescript_type = "IJwpVerificationOptions")]
+  pub type IJwpVerificationOptions;
+}
+
+#[wasm_bindgen(typescript_custom_section)]
+const I_JWP_VERIFICATION_OPTIONS: &'static str = r#"
+/** Holds options to create a new {@link JwpVerificationOptions}. */
+interface IJwpVerificationOptions {
+    /**
+     * Verify the signing verification method relation matches this.
+     */
+    readonly methodScope?: MethodScope;
+
+    /**
+     * The DID URL of the method, whose JWK should be used to verify the JWP.
+     * If unset, the `kid` of the JWP is used as the DID URL.
+     */
+    readonly methodId?: DIDUrl;
+}"#;

bindings/wasm/src/credential/jpt_credential_validator/mod.rs

@@ -0,0 +1,11 @@
+mod decoded_jpt_credential;
+mod jpt_credential_validation_options;
+mod jpt_credential_validator;
+mod jpt_credential_validator_utils;
+mod jwp_verification_options;
+
+pub use decoded_jpt_credential::*;
+pub use jpt_credential_validation_options::*;
+pub use jpt_credential_validator::*;
+pub use jpt_credential_validator_utils::*;
+pub use jwp_verification_options::*;