identity_credential/validator/sd_jwt/
kb_validation_options.rs

1// Copyright 2020-2023 IOTA Stiftung
2// SPDX-License-Identifier: Apache-2.0
3
4use identity_core::common::Timestamp;
5use identity_document::verifiable::JwsVerificationOptions;
6use serde::Deserialize;
7use serde::Serialize;
8
9/// Criteria for validating a Key Binding JWT (KB-JWT).
10#[derive(Debug, Default, Clone, Serialize, Deserialize)]
11#[non_exhaustive]
12#[serde(rename_all = "camelCase")]
13pub struct KeyBindingJWTValidationOptions {
14  /// Validates the nonce value of the KB-JWT claims.
15  #[serde(skip_serializing_if = "Option::is_none")]
16  pub nonce: Option<String>,
17  /// Validates the `aud` properties in the KB-JWT claims.
18  #[serde(skip_serializing_if = "Option::is_none")]
19  pub aud: Option<String>,
20  /// Options which affect the verification of the signature on the KB-JWT.
21  pub jws_options: JwsVerificationOptions,
22  /// Declares that the KB-JWT is considered invalid if the `iat` value in the claims is
23  /// earlier than this timestamp.
24  #[serde(skip_serializing_if = "Option::is_none")]
25  pub earliest_issuance_date: Option<Timestamp>,
26  /// Declares that the KB-JWT is considered invalid if the `iat` value in the claims is
27  /// later than this timestamp.
28  /// Uses the current timestamp during validation if not set.
29  #[serde(skip_serializing_if = "Option::is_none")]
30  pub latest_issuance_date: Option<Timestamp>,
31}
32
33impl KeyBindingJWTValidationOptions {
34  /// Constructor that sets all options to their defaults.
35  pub fn new() -> Self {
36    Self::default()
37  }
38
39  /// Validates the nonce value of the KB-JWT claims.
40  pub fn nonce(mut self, nonce: impl Into<String>) -> Self {
41    self.nonce = Some(nonce.into());
42    self
43  }
44
45  /// Set options which affect the verification of the signature on the KB-JWT.
46  pub fn jws_verifier_options(mut self, options: JwsVerificationOptions) -> Self {
47    self.jws_options = options;
48    self
49  }
50
51  /// Sets the `aud` property for verification.
52  pub fn aud(mut self, aud: impl Into<String>) -> Self {
53    self.aud = Some(aud.into());
54    self
55  }
56
57  /// Declares that the KB-JWT is considered invalid if the `iat` value in the claims is
58  /// earlier than this timestamp.
59  pub fn earliest_issuance_date(mut self, earliest_issuance_date: Timestamp) -> Self {
60    self.earliest_issuance_date = Some(earliest_issuance_date);
61    self
62  }
63
64  /// Declares that the KB-JWT is considered invalid if the `iat` value in the claims is
65  /// later than this timestamp.
66  /// Uses the current timestamp during validation if not set.
67  pub fn latest_issuance_date(mut self, latest_issuance_date: Timestamp) -> Self {
68    self.latest_issuance_date = Some(latest_issuance_date);
69    self
70  }
71}