baseid_anoncreds/

credential.rs

//! AnonCreds credential types with ACA-Py interop and W3C VC mapping.

use std::collections::BTreeMap;

use serde::{Deserialize, Serialize};

use baseid_vc::credential::Issuer;
use baseid_vc::VerifiableCredential;

/// An AnonCreds credential.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AnonCredsCredential {
    /// Schema identifier.
    pub schema_id: String,
    /// Credential definition identifier.
    pub cred_def_id: String,
    /// Optional revocation registry identifier.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub rev_reg_id: Option<String>,
    /// Issuer DID (extracted from schema_id or cred_def_id).
    pub issuer_did: String,
    /// Credential values (attribute name -> raw/encoded value).
    pub values: BTreeMap<String, AttributeValue>,
}

/// An attribute value with both raw and encoded forms.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AttributeValue {
    /// The human-readable value.
    pub raw: String,
    /// The integer-encoded value (used in CL proofs).
    pub encoded: String,
}

impl AnonCredsCredential {
    /// Parse an ACA-Py credential JSON object into an `AnonCredsCredential`.
    ///
    /// ACA-Py format:
    /// ```json
    /// {
    ///   "schema_id": "did:sov:NcYx...:2:degree:1.0",
    ///   "cred_def_id": "did:sov:NcYx...:3:CL:12:default",
    ///   "rev_reg_id": null,
    ///   "values": {
    ///     "name": {"raw": "Alice", "encoded": "27034..."}
    ///   }
    /// }
    /// ```
    pub fn from_aca_py_json(json: &str) -> Result<Self, serde_json::Error> {
        #[derive(Deserialize)]
        struct AcaPyCredential {
            schema_id: String,
            cred_def_id: String,
            rev_reg_id: Option<String>,
            values: BTreeMap<String, AttributeValue>,
        }

        let parsed: AcaPyCredential = serde_json::from_str(json)?;

        // Extract the issuer DID from the cred_def_id.
        // ACA-Py cred_def_ids look like: `did:sov:NcYx...:3:CL:12:default`
        // or Sovrin-style: `NcYxiDXkpYi6ov5FcYDi1e:3:CL:12:default`
        let issuer_did = extract_issuer_did(&parsed.cred_def_id);

        Ok(Self {
            schema_id: parsed.schema_id,
            cred_def_id: parsed.cred_def_id,
            rev_reg_id: parsed.rev_reg_id,
            issuer_did,
            values: parsed.values,
        })
    }

    /// Map this AnonCreds credential to a W3C Verifiable Credential for unified display.
    ///
    /// The resulting VC uses the `AnonCredsCredential` type and places all raw
    /// attribute values into the `credentialSubject`.
    pub fn to_w3c_vc(&self) -> VerifiableCredential {
        let mut subject = serde_json::Map::new();
        for (name, value) in &self.values {
            subject.insert(name.clone(), serde_json::Value::String(value.raw.clone()));
        }

        // Extract a human-readable schema name from the schema_id if possible.
        // e.g. "did:sov:NcYx...:2:degree:1.0" -> "degree"
        let schema_name = extract_schema_name(&self.schema_id);
        let credential_type = schema_name
            .map(|n| format!("AnonCreds:{n}"))
            .unwrap_or_else(|| "AnonCredsCredential".to_string());

        VerifiableCredential {
            context: vec!["https://www.w3.org/ns/credentials/v2".to_string()],
            id: Some(self.cred_def_id.clone()),
            r#type: vec!["VerifiableCredential".to_string(), credential_type],
            issuer: Issuer::Uri(self.issuer_did.clone()),
            valid_from: None,
            valid_until: None,
            credential_subject: serde_json::Value::Object(subject),
            credential_status: None,
            proof: None,
        }
    }

    /// Return the list of attribute names in this credential.
    pub fn attribute_names(&self) -> Vec<&str> {
        self.values.keys().map(|k| k.as_str()).collect()
    }

    /// Get the raw value of a named attribute.
    pub fn get_raw_value(&self, name: &str) -> Option<&str> {
        self.values.get(name).map(|v| v.raw.as_str())
    }
}

/// Extract the issuer DID from a cred_def_id or schema_id.
///
/// Handles both `did:sov:XYZ:3:CL:...` (DID prefix) and
/// bare Sovrin `XYZ:3:CL:...` formats.
fn extract_issuer_did(cred_def_id: &str) -> String {
    if cred_def_id.starts_with("did:") {
        // `did:sov:XYZ:3:CL:12:default` — take the first 3 colon-separated parts
        let parts: Vec<&str> = cred_def_id.splitn(4, ':').collect();
        if parts.len() >= 3 {
            return format!("{}:{}:{}", parts[0], parts[1], parts[2]);
        }
    }
    // Bare Sovrin style: `XYZ:3:CL:12:default` — first segment is the DID
    cred_def_id
        .split(':')
        .next()
        .unwrap_or(cred_def_id)
        .to_string()
}

/// Extract the schema name from a schema_id.
///
/// e.g. `did:sov:NcYx...:2:degree:1.0` → `Some("degree")`
/// e.g. `NcYx...:2:degree:1.0` → `Some("degree")`
fn extract_schema_name(schema_id: &str) -> Option<String> {
    let parts: Vec<&str> = schema_id.split(':').collect();
    // Sovrin-style schema_id: `ISSUER:2:NAME:VERSION` (4 parts)
    // DID-style: `did:sov:ISSUER:2:NAME:VERSION` (6 parts)
    if parts.len() >= 4 {
        // The name is the second-to-last part
        return Some(parts[parts.len() - 2].to_string());
    }
    None
}

#[cfg(test)]
mod tests {
    use super::*;

    const ACA_PY_JSON: &str = r#"{
        "schema_id": "did:sov:NcYxiDXkpYi6ov5FcYDi1e:2:degree:1.0",
        "cred_def_id": "did:sov:NcYxiDXkpYi6ov5FcYDi1e:3:CL:12:default",
        "rev_reg_id": null,
        "values": {
            "name": {"raw": "Alice", "encoded": "27034640024117331033063128044004318218486816931520886405535659934417438781507"},
            "degree": {"raw": "Computer Science", "encoded": "123456"},
            "university": {"raw": "University of Toronto", "encoded": "789012"}
        }
    }"#;

    #[test]
    fn parse_aca_py_json() {
        let cred = AnonCredsCredential::from_aca_py_json(ACA_PY_JSON).unwrap();
        assert_eq!(
            cred.schema_id,
            "did:sov:NcYxiDXkpYi6ov5FcYDi1e:2:degree:1.0"
        );
        assert_eq!(
            cred.cred_def_id,
            "did:sov:NcYxiDXkpYi6ov5FcYDi1e:3:CL:12:default"
        );
        assert!(cred.rev_reg_id.is_none());
        assert_eq!(cred.issuer_did, "did:sov:NcYxiDXkpYi6ov5FcYDi1e");
        assert_eq!(cred.values.len(), 3);
    }

    #[test]
    fn attribute_access() {
        let cred = AnonCredsCredential::from_aca_py_json(ACA_PY_JSON).unwrap();
        assert_eq!(cred.get_raw_value("name"), Some("Alice"));
        assert_eq!(cred.get_raw_value("degree"), Some("Computer Science"));
        assert_eq!(cred.get_raw_value("missing"), None);

        let names = cred.attribute_names();
        assert!(names.contains(&"name"));
        assert!(names.contains(&"degree"));
        assert!(names.contains(&"university"));
    }

    #[test]
    fn to_w3c_vc_mapping() {
        let cred = AnonCredsCredential::from_aca_py_json(ACA_PY_JSON).unwrap();
        let vc = cred.to_w3c_vc();

        assert_eq!(
            vc.context,
            vec!["https://www.w3.org/ns/credentials/v2".to_string()]
        );
        assert!(vc.r#type.contains(&"VerifiableCredential".to_string()));
        assert!(vc.r#type.contains(&"AnonCreds:degree".to_string()));
        assert_eq!(
            vc.issuer,
            Issuer::Uri("did:sov:NcYxiDXkpYi6ov5FcYDi1e".to_string())
        );
        assert_eq!(vc.credential_subject["name"], "Alice");
        assert_eq!(vc.credential_subject["degree"], "Computer Science");
        assert_eq!(vc.credential_subject["university"], "University of Toronto");
    }

    #[test]
    fn serde_roundtrip() {
        let cred = AnonCredsCredential::from_aca_py_json(ACA_PY_JSON).unwrap();
        let json = serde_json::to_string(&cred).unwrap();
        let deserialized: AnonCredsCredential = serde_json::from_str(&json).unwrap();
        assert_eq!(deserialized.schema_id, cred.schema_id);
        assert_eq!(deserialized.issuer_did, cred.issuer_did);
        assert_eq!(deserialized.values.len(), cred.values.len());
    }

    #[test]
    fn extract_issuer_did_bare_sovrin() {
        let issuer = super::extract_issuer_did("NcYxiDXkpYi6ov5FcYDi1e:3:CL:12:default");
        assert_eq!(issuer, "NcYxiDXkpYi6ov5FcYDi1e");
    }
}