identity_credential/validator/jwt_credential_validation/
jwt_credential_validation_options.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
// Copyright 2020-2023 IOTA Stiftung
// SPDX-License-Identifier: Apache-2.0

use identity_core::common::Timestamp;
use identity_core::common::Url;
use identity_document::verifiable::JwsVerificationOptions;
use serde::Deserialize;
use serde::Serialize;

use crate::validator::SubjectHolderRelationship;

/// Options to declare validation criteria for [`Credential`](crate::credential::Credential)s.
#[non_exhaustive]
#[derive(Debug, Default, Clone, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct JwtCredentialValidationOptions {
  /// Declares that the credential is **not** considered valid if it expires before this
  /// [`Timestamp`].
  /// Uses the current datetime during validation if not set.
  #[serde(default)]
  pub earliest_expiry_date: Option<Timestamp>,

  /// Declares that the credential is **not** considered valid if it was issued later than this
  /// [`Timestamp`].
  /// Uses the current datetime during validation if not set.
  #[serde(default)]
  pub latest_issuance_date: Option<Timestamp>,

  /// Validation behaviour for [`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
  ///
  /// Default: [`StatusCheck::Strict`](crate::validator::StatusCheck::Strict).
  #[serde(default)]
  pub status: crate::validator::StatusCheck,

  /// Declares how credential subjects must relate to the presentation holder during validation.
  ///
  /// <https://www.w3.org/TR/vc-data-model/#subject-holder-relationships>
  pub subject_holder_relationship: Option<(Url, SubjectHolderRelationship)>,

  /// Options which affect the verification of the signature on the credential.
  #[serde(default)]
  pub verification_options: JwsVerificationOptions,
}

impl JwtCredentialValidationOptions {
  /// Constructor that sets all options to their defaults.
  pub fn new() -> Self {
    Self::default()
  }

  /// Declare that the credential is **not** considered valid if it expires before this [`Timestamp`].
  /// Uses the current datetime during validation if not set.
  pub fn earliest_expiry_date(mut self, timestamp: Timestamp) -> Self {
    self.earliest_expiry_date = Some(timestamp);
    self
  }

  /// Declare that the credential is **not** considered valid if it was issued later than this [`Timestamp`].
  /// Uses the current datetime during validation if not set.
  pub fn latest_issuance_date(mut self, timestamp: Timestamp) -> Self {
    self.latest_issuance_date = Some(timestamp);
    self
  }

  /// Sets the validation behaviour for [`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
  pub fn status_check(mut self, status_check: crate::validator::StatusCheck) -> Self {
    self.status = status_check;
    self
  }

  /// Declares how credential subjects must relate to the presentation holder during validation.
  ///
  /// <https://www.w3.org/TR/vc-data-model/#subject-holder-relationships>
  pub fn subject_holder_relationship(
    mut self,
    holder: Url,
    subject_holder_relationship: SubjectHolderRelationship,
  ) -> Self {
    self.subject_holder_relationship = Some((holder, subject_holder_relationship));
    self
  }

  /// Set options which affect the verification of the JWS signature.
  pub fn verification_options(mut self, options: JwsVerificationOptions) -> Self {
    self.verification_options = options;
    self
  }
}