identity_credential/validator/jwt_credential_validation/jwt_credential_validation_options.rs
1// Copyright 2020-2023 IOTA Stiftung
2// SPDX-License-Identifier: Apache-2.0
3
4use identity_core::common::Timestamp;
5use identity_core::common::Url;
6use identity_document::verifiable::JwsVerificationOptions;
7use serde::Deserialize;
8use serde::Serialize;
9
10use crate::validator::SubjectHolderRelationship;
11
12/// Options to declare validation criteria for [`Credential`](crate::credential::Credential)s.
13#[non_exhaustive]
14#[derive(Debug, Default, Clone, Serialize, Deserialize)]
15#[serde(rename_all = "camelCase")]
16pub struct JwtCredentialValidationOptions {
17 /// Declares that the credential is **not** considered valid if it expires before this
18 /// [`Timestamp`].
19 /// Uses the current datetime during validation if not set.
20 #[serde(default)]
21 pub earliest_expiry_date: Option<Timestamp>,
22
23 /// Declares that the credential is **not** considered valid if it was issued later than this
24 /// [`Timestamp`].
25 /// Uses the current datetime during validation if not set.
26 #[serde(default)]
27 pub latest_issuance_date: Option<Timestamp>,
28
29 /// Validation behaviour for [`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
30 ///
31 /// Default: [`StatusCheck::Strict`](crate::validator::StatusCheck::Strict).
32 #[serde(default)]
33 pub status: crate::validator::StatusCheck,
34
35 /// Declares how credential subjects must relate to the presentation holder during validation.
36 ///
37 /// <https://www.w3.org/TR/vc-data-model/#subject-holder-relationships>
38 pub subject_holder_relationship: Option<(Url, SubjectHolderRelationship)>,
39
40 /// Options which affect the verification of the signature on the credential.
41 #[serde(default)]
42 pub verification_options: JwsVerificationOptions,
43}
44
45impl JwtCredentialValidationOptions {
46 /// Constructor that sets all options to their defaults.
47 pub fn new() -> Self {
48 Self::default()
49 }
50
51 /// Declare that the credential is **not** considered valid if it expires before this [`Timestamp`].
52 /// Uses the current datetime during validation if not set.
53 pub fn earliest_expiry_date(mut self, timestamp: Timestamp) -> Self {
54 self.earliest_expiry_date = Some(timestamp);
55 self
56 }
57
58 /// Declare that the credential is **not** considered valid if it was issued later than this [`Timestamp`].
59 /// Uses the current datetime during validation if not set.
60 pub fn latest_issuance_date(mut self, timestamp: Timestamp) -> Self {
61 self.latest_issuance_date = Some(timestamp);
62 self
63 }
64
65 /// Sets the validation behaviour for [`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
66 pub fn status_check(mut self, status_check: crate::validator::StatusCheck) -> Self {
67 self.status = status_check;
68 self
69 }
70
71 /// Declares how credential subjects must relate to the presentation holder during validation.
72 ///
73 /// <https://www.w3.org/TR/vc-data-model/#subject-holder-relationships>
74 pub fn subject_holder_relationship(
75 mut self,
76 holder: Url,
77 subject_holder_relationship: SubjectHolderRelationship,
78 ) -> Self {
79 self.subject_holder_relationship = Some((holder, subject_holder_relationship));
80 self
81 }
82
83 /// Set options which affect the verification of the JWS signature.
84 pub fn verification_options(mut self, options: JwsVerificationOptions) -> Self {
85 self.verification_options = options;
86 self
87 }
88}