SD-JWT VC implementation

Cargo.toml

@@ -34,7 +34,6 @@ edition = "2021"
 homepage = "https://www.iota.org"
 license = "Apache-2.0"
 repository = "https://github.com/iotaledger/identity.rs"
-rust-version = "1.65"
 
 [workspace.lints.clippy]
 result_large_err = "allow"

bindings/wasm/src/common/imported_document_lock.rs

@@ -79,7 +79,7 @@ impl From<&ArrayIToCoreDocument> for Vec<ImportedDocumentLock> {
 
 pub(crate) struct ImportedDocumentReadGuard<'a>(tokio::sync::RwLockReadGuard<'a, CoreDocument>);
 
-impl<'a> AsRef<CoreDocument> for ImportedDocumentReadGuard<'a> {
+impl AsRef<CoreDocument> for ImportedDocumentReadGuard<'_> {
   fn as_ref(&self) -> &CoreDocument {
     self.0.as_ref()
   }

bindings/wasm/src/error.rs

@@ -151,7 +151,7 @@ fn error_chain_fmt(e: &impl std::error::Error, f: &mut std::fmt::Formatter<'_>)
 
 struct ErrorMessage<'a, E: std::error::Error>(&'a E);
 
-impl<'a, E: std::error::Error> Display for ErrorMessage<'a, E> {
+impl<E: std::error::Error> Display for ErrorMessage<'_, E> {
   fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
     error_chain_fmt(self.0, f)
   }

identity_core/Cargo.toml

@@ -8,7 +8,6 @@ keywords = ["iota", "tangle", "identity"]
 license.workspace = true
 readme = "./README.md"
 repository.workspace = true
-rust-version.workspace = true
 description = "The core traits and types for the identity-rs library."
 
 [dependencies]

identity_core/src/common/mod.rs

@@ -14,6 +14,7 @@ pub use self::single_struct_error::*;
 pub use self::timestamp::Duration;
 pub use self::timestamp::Timestamp;
 pub use self::url::Url;
+pub use string_or_url::StringOrUrl;
 
 mod context;
 mod key_comparable;
@@ -22,5 +23,6 @@ mod one_or_many;
 mod one_or_set;
 mod ordered_set;
 mod single_struct_error;
+mod string_or_url;
 mod timestamp;
 mod url;

identity_core/src/common/string_or_url.rs

@@ -0,0 +1,151 @@
+// Copyright 2020-2024 IOTA Stiftung
+// SPDX-License-Identifier: Apache-2.0
+
+use std::convert::Infallible;
+use std::fmt::Display;
+use std::str::FromStr;
+
+use serde::Deserialize;
+use serde::Serialize;
+
+use super::Url;
+
+/// A type that represents either an arbitrary string or a URL.
+#[derive(Debug, Clone, PartialEq, Eq, Hash, PartialOrd, Ord, Serialize, Deserialize)]
+#[serde(untagged)]
+pub enum StringOrUrl {
+  /// A well-formed URL.
+  Url(Url),
+  /// An arbitrary UTF-8 string.
+  String(String),
+}
+
+impl StringOrUrl {
+  /// Parses a [`StringOrUrl`] from a string.
+  pub fn parse(s: &str) -> Result<Self, Infallible> {
+    s.parse()
+  }
+  /// Returns a [`Url`] reference if `self` is [`StringOrUrl::Url`].
+  pub fn as_url(&self) -> Option<&Url> {
+    match self {
+      Self::Url(url) => Some(url),
+      _ => None,
+    }
+  }
+
+  /// Returns a [`str`] reference if `self` is [`StringOrUrl::String`].
+  pub fn as_string(&self) -> Option<&str> {
+    match self {
+      Self::String(s) => Some(s),
+      _ => None,
+    }
+  }
+
+  /// Returns whether `self` is a [`StringOrUrl::Url`].
+  pub fn is_url(&self) -> bool {
+    matches!(self, Self::Url(_))
+  }
+
+  /// Returns whether `self` is a [`StringOrUrl::String`].
+  pub fn is_string(&self) -> bool {
+    matches!(self, Self::String(_))
+  }
+}
+
+impl Default for StringOrUrl {
+  fn default() -> Self {
+    StringOrUrl::String(String::default())
+  }
+}
+
+impl Display for StringOrUrl {
+  fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+    match self {
+      Self::Url(url) => write!(f, "{url}"),
+      Self::String(s) => write!(f, "{s}"),
+    }
+  }
+}
+
+impl FromStr for StringOrUrl {
+  // Cannot fail.
+  type Err = Infallible;
+  fn from_str(s: &str) -> Result<Self, Self::Err> {
+    Ok(
+      s.parse::<Url>()
+        .map(Self::Url)
+        .unwrap_or_else(|_| Self::String(s.to_string())),
+    )
+  }
+}
+
+impl AsRef<str> for StringOrUrl {
+  fn as_ref(&self) -> &str {
+    match self {
+      Self::String(s) => s,
+      Self::Url(url) => url.as_str(),
+    }
+  }
+}
+
+impl From<Url> for StringOrUrl {
+  fn from(value: Url) -> Self {
+    Self::Url(value)
+  }
+}
+
+impl From<String> for StringOrUrl {
+  fn from(value: String) -> Self {
+    Self::String(value)
+  }
+}
+
+impl From<StringOrUrl> for String {
+  fn from(value: StringOrUrl) -> Self {
+    match value {
+      StringOrUrl::String(s) => s,
+      StringOrUrl::Url(url) => url.into_string(),
+    }
+  }
+}
+
+#[cfg(test)]
+mod tests {
+  use super::*;
+
+  #[derive(Debug, Serialize, Deserialize)]
+  struct TestData {
+    string_or_url: StringOrUrl,
+  }
+
+  impl Default for TestData {
+    fn default() -> Self {
+      Self {
+        string_or_url: StringOrUrl::Url(TEST_URL.parse().unwrap()),
+      }
+    }
+  }
+
+  const TEST_URL: &str = "file:///tmp/file.txt";
+
+  #[test]
+  fn deserialization_works() {
+    let test_data: TestData = serde_json::from_value(serde_json::json!({ "string_or_url": TEST_URL })).unwrap();
+    let target_url: Url = TEST_URL.parse().unwrap();
+    assert_eq!(test_data.string_or_url.as_url(), Some(&target_url));
+  }
+
+  #[test]
+  fn serialization_works() {
+    assert_eq!(
+      serde_json::to_value(TestData::default()).unwrap(),
+      serde_json::json!({ "string_or_url": TEST_URL })
+    )
+  }
+
+  #[test]
+  fn parsing_works() {
+    assert!(TEST_URL.parse::<StringOrUrl>().unwrap().is_url());
+    assert!("I'm a random string :)".parse::<StringOrUrl>().unwrap().is_string());
+  }
+}

identity_credential/Cargo.toml

@@ -8,25 +8,27 @@ keywords = ["iota", "tangle", "identity"]
 license.workspace = true
 readme = "./README.md"
 repository.workspace = true
-rust-version.workspace = true
 description = "An implementation of the Verifiable Credentials standard."
 
 [dependencies]
+anyhow = { version = "1" }
 async-trait = { version = "0.1.64", default-features = false }
 bls12_381_plus = { workspace = true, optional = true }
 flate2 = { version = "1.0.28", default-features = false, features = ["rust_backend"], optional = true }
-futures = { version = "0.3", default-features = false, optional = true }
+futures = { version = "0.3", default-features = false, features = ["alloc"], optional = true }
 identity_core = { version = "=1.4.0", path = "../identity_core", default-features = false }
 identity_did = { version = "=1.4.0", path = "../identity_did", default-features = false }
 identity_document = { version = "=1.4.0", path = "../identity_document", default-features = false }
 identity_verification = { version = "=1.4.0", path = "../identity_verification", default-features = false }
 indexmap = { version = "2.0", default-features = false, features = ["std", "serde"] }
 itertools = { version = "0.11", default-features = false, features = ["use_std"], optional = true }
 json-proof-token = { workspace = true, optional = true }
+jsonschema = { version = "0.19", optional = true, default-features = false }
 once_cell = { version = "1.18", default-features = false, features = ["std"] }
 reqwest = { version = "0.11", default-features = false, features = ["default-tls", "json", "stream"], optional = true }
 roaring = { version = "0.10.2", default-features = false, features = ["serde"], optional = true }
 sd-jwt-payload = { version = "0.2.1", default-features = false, features = ["sha"], optional = true }
+sd-jwt-payload-rework = { package = "sd-jwt-payload", git = "https://github.com/iotaledger/sd-jwt-payload.git", branch = "feat/sd-jwt-v11", default-features = false, features = ["sha"], optional = true }
 serde.workspace = true
 serde-aux = { version = "4.3.1", default-features = false }
 serde_json.workspace = true
@@ -40,6 +42,7 @@ zkryptium = { workspace = true, optional = true }
 anyhow = "1.0.62"
 identity_eddsa_verifier = { path = "../identity_eddsa_verifier", default-features = false, features = ["ed25519"] }
 iota-crypto = { version = "0.23.2", default-features = false, features = ["ed25519", "std", "random"] }
+josekit = "0.8"
 proptest = { version = "1.4.0", default-features = false, features = ["std"] }
 tokio = { version = "1.35.0", default-features = false, features = ["rt-multi-thread", "macros"] }
 
@@ -50,7 +53,15 @@ all-features = true
 rustdoc-args = ["--cfg", "docsrs"]
 
 [features]
-default = ["revocation-bitmap", "validator", "credential", "presentation", "domain-linkage-fetch", "sd-jwt"]
+default = [
+  "revocation-bitmap",
+  "validator",
+  "credential",
+  "presentation",
+  "domain-linkage-fetch",
+  "sd-jwt",
+  "sd-jwt-vc",
+]
 credential = []
 presentation = ["credential"]
 revocation-bitmap = ["dep:flate2", "dep:roaring"]
@@ -59,7 +70,15 @@ validator = ["dep:itertools", "dep:serde_repr", "credential", "presentation"]
 domain-linkage = ["validator"]
 domain-linkage-fetch = ["domain-linkage", "dep:reqwest", "dep:futures"]
 sd-jwt = ["credential", "validator", "dep:sd-jwt-payload"]
-jpt-bbs-plus = ["credential", "validator", "dep:zkryptium", "dep:bls12_381_plus", "dep:json-proof-token"]
+sd-jwt-vc = ["sd-jwt", "dep:sd-jwt-payload-rework", "dep:jsonschema", "dep:futures"]
+jpt-bbs-plus = [
+  "credential",
+  "validator",
+  "dep:zkryptium",
+  "dep:bls12_381_plus",
+  "dep:json-proof-token",
+  "dep:futures",
+]
 
 [lints]
 workspace = true

identity_credential/src/credential/jwt_serialization.rs

@@ -67,7 +67,7 @@ impl<'credential, T> CredentialJwtClaims<'credential, T>
 where
   T: ToOwned<Owned = T> + Serialize + DeserializeOwned,
 {
-  pub(super) fn new(credential: &'credential Credential<T>, custom: Option<Object>) -> Result<Self> {
+  pub(crate) fn new(credential: &'credential Credential<T>, custom: Option<Object>) -> Result<Self> {
     let Credential {
       context,
       id,
@@ -118,7 +118,7 @@ where
 }
 
 #[cfg(feature = "validator")]
-impl<'credential, T> CredentialJwtClaims<'credential, T>
+impl<T> CredentialJwtClaims<'_, T>
 where
   T: ToOwned<Owned = T> + Serialize + DeserializeOwned,
 {

identity_credential/src/domain_linkage/domain_linkage_validator.rs

@@ -21,7 +21,6 @@ use super::DomainLinkageValidationResult;
 use crate::utils::url_only_includes_origin;
 
 /// A validator for a Domain Linkage Configuration and Credentials.
-
 pub struct JwtDomainLinkageValidator<V: JwsVerifier> {
   validator: JwtCredentialValidator<V>,
 }

identity_credential/src/error.rs

@@ -79,4 +79,9 @@ pub enum Error {
   /// Cause by an invalid attribute path
   #[error("Attribute Not found")]
   SelectiveDisclosureError,
+
+  /// Failure of an SD-JWT VC operation.
+  #[cfg(feature = "sd-jwt-vc")]
+  #[error(transparent)]
+  SdJwtVc(#[from] crate::sd_jwt_vc::Error),
 }

identity_credential/src/lib.rs

@@ -27,8 +27,15 @@ mod utils;
 #[cfg(feature = "validator")]
 pub mod validator;
 
+/// Implementation of the SD-JWT VC token specification.
+#[cfg(feature = "sd-jwt-vc")]
+pub mod sd_jwt_vc;
+
 pub use error::Error;
 pub use error::Result;
 
 #[cfg(feature = "sd-jwt")]
 pub use sd_jwt_payload;
+
+#[cfg(feature = "sd-jwt-vc")]
+pub use sd_jwt_payload_rework as sd_jwt_v2;

identity_credential/src/presentation/jwt_serialization.rs

@@ -136,7 +136,7 @@ where
 }
 
 #[cfg(feature = "validator")]
-impl<'presentation, CRED, T> PresentationJwtClaims<'presentation, CRED, T>
+impl<CRED, T> PresentationJwtClaims<'_, CRED, T>
 where
   CRED: ToOwned<Owned = CRED> + Serialize + DeserializeOwned + Clone,
   T: ToOwned<Owned = T> + Serialize + DeserializeOwned,

identity_credential/src/revocation/status_list_2021/entry.rs

@@ -18,7 +18,7 @@ where
   D: serde::Deserializer<'de>,
 {
   struct ExactStrVisitor(&'static str);
-  impl<'a> Visitor<'a> for ExactStrVisitor {
+  impl Visitor<'_> for ExactStrVisitor {
     type Value = &'static str;
     fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
       write!(formatter, "the exact string \"{}\"", self.0)

identity_credential/src/revocation/validity_timeframe_2024/revocation_timeframe_status.rs

@@ -18,7 +18,7 @@ where
   D: serde::Deserializer<'de>,
 {
   struct ExactStrVisitor(&'static str);
-  impl<'a> Visitor<'a> for ExactStrVisitor {
+  impl Visitor<'_> for ExactStrVisitor {
     type Value = &'static str;
     fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
       write!(formatter, "the exact string \"{}\"", self.0)