baseid_bbs/

lifecycle.rs

use baseid_core::claims::{ClaimDisclosure, ClaimPath, ClaimSet, DisclosureSelection};
use baseid_core::lifecycle::*;
use baseid_core::types::CredentialFormat;

use crate::credential::{BbsClaim, BbsCredential, BbsDerivedProof};
use crate::keys::BbsKeyPair;
use crate::proof::{bbs_proof_gen, bbs_proof_verify};
use crate::signing::{bbs_sign, bbs_verify};

/// BBS+ credential lifecycle -- issue, verify, and present with unlinkable selective disclosure.
pub struct BbsLifecycle {
    key_pair: BbsKeyPair,
}

impl BbsLifecycle {
    pub fn new(key_pair: BbsKeyPair) -> Self {
        Self { key_pair }
    }

    pub fn public_key_bytes(&self) -> &[u8] {
        &self.key_pair.public_key
    }
}

impl CredentialIssuer for BbsLifecycle {
    fn format(&self) -> CredentialFormat {
        CredentialFormat::Bbs
    }

    fn issue(
        &self,
        issuer_did: &str,
        subject_did: Option<&str>,
        claims: &ClaimSet,
        options: &IssuanceOptions,
    ) -> baseid_core::Result<IssuedCredential> {
        // Convert ClaimSet to ordered BbsClaims
        let mut bbs_claims: Vec<BbsClaim> = Vec::new();
        for (ns, claims_map) in claims.namespaces() {
            for (name, value) in claims_map {
                bbs_claims.push(BbsClaim {
                    namespace: ns.to_string(),
                    name: name.clone(),
                    value: value.clone(),
                });
            }
        }

        let cred = BbsCredential {
            issuer: issuer_did.to_string(),
            subject: subject_did.map(|s| s.to_string()),
            types: if options.types.is_empty() {
                vec!["VerifiableCredential".to_string()]
            } else {
                options.types.clone()
            },
            claims: bbs_claims,
            signature: vec![], // placeholder
            issuer_public_key: self.key_pair.public_key.clone(),
        };

        // Encode and sign
        let messages = cred.encode_messages();
        let signature = bbs_sign(&self.key_pair, &messages, None)
            .map_err(|e| -> baseid_core::Error { e.into() })?;

        let mut signed_cred = cred;
        signed_cred.signature = signature;

        let data = signed_cred.to_bytes()?;

        Ok(IssuedCredential {
            data,
            format: CredentialFormat::Bbs,
            id: options.credential_id.clone(),
            issuer: issuer_did.to_string(),
            subject: subject_did.map(|s| s.to_string()),
        })
    }
}

impl CredentialVerifier for BbsLifecycle {
    fn format(&self) -> CredentialFormat {
        CredentialFormat::Bbs
    }

    fn verify(&self, credential_data: &[u8]) -> baseid_core::Result<VerificationOutcome> {
        let cred = BbsCredential::from_bytes(credential_data)?;
        let messages = cred.encode_messages();

        let valid = bbs_verify(&cred.issuer_public_key, &cred.signature, &messages, None)
            .map_err(|e| -> baseid_core::Error { e.into() })?;

        // Reconstruct ClaimSet
        let mut claim_set = ClaimSet::new();
        for claim in &cred.claims {
            claim_set.insert(&claim.namespace, &claim.name, claim.value.clone());
        }

        Ok(VerificationOutcome {
            valid,
            format: CredentialFormat::Bbs,
            issuer: cred.issuer,
            subject: cred.subject,
            claims: claim_set,
            unlinkable: false, // full credential verification is NOT unlinkable
            predicates_verified: vec![],
            valid_until: None,
            revocation_status: RevocationStatus::NotChecked,
        })
    }
}

impl CredentialPresenter for BbsLifecycle {
    fn format(&self) -> CredentialFormat {
        CredentialFormat::Bbs
    }

    fn present(
        &self,
        credential_data: &[u8],
        disclosure: &DisclosureSelection,
        options: &PresentationOptions,
    ) -> baseid_core::Result<PresentedCredential> {
        let cred = BbsCredential::from_bytes(credential_data)?;
        let messages = cred.encode_messages();

        // Determine disclosed indices from DisclosureSelection
        let mut disclosed_indices = Vec::new();
        let mut disclosed_claims = Vec::new();
        let mut predicate_results = Vec::new();

        for (i, claim) in cred.claims.iter().enumerate() {
            match disclosure.get(&claim.namespace, &claim.name) {
                Some(ClaimDisclosure::Reveal) | None => {
                    // Default to reveal if not specified
                    disclosed_indices.push(i);
                    disclosed_claims.push((i, claim.clone()));
                }
                Some(ClaimDisclosure::Hide) => {
                    // Not disclosed -- hidden in ZK proof
                }
                Some(ClaimDisclosure::Predicate(predicate)) => {
                    // For predicates, the claim is hidden but we evaluate the predicate
                    let satisfied = crate::predicates::evaluate_predicate(&claim.value, predicate);
                    predicate_results.push((claim.name.clone(), satisfied));
                    // Claim is NOT disclosed (hidden in ZK)
                }
            }
        }

        // Generate BBS+ proof
        let nonce = options.nonce.as_deref().map(|n| n.as_bytes());
        let proof = bbs_proof_gen(
            &cred.issuer_public_key,
            &cred.signature,
            &messages,
            &disclosed_indices,
            None,
            nonce,
        )
        .map_err(|e| -> baseid_core::Error { e.into() })?;

        let derived = BbsDerivedProof {
            issuer: cred.issuer,
            subject: cred.subject,
            types: cred.types,
            proof,
            disclosed_claims,
            total_claims: cred.claims.len(),
            issuer_public_key: cred.issuer_public_key,
            predicate_results,
            nonce: nonce.map(|n| n.to_vec()),
        };

        let data = derived.to_bytes()?;

        Ok(PresentedCredential {
            data,
            format: CredentialFormat::Bbs,
            unlinkable: true,
        })
    }
}

/// Verify a BBS+ derived proof (presented credential).
pub fn verify_derived_proof(proof_data: &[u8]) -> baseid_core::Result<VerificationOutcome> {
    let derived = BbsDerivedProof::from_bytes(proof_data)?;

    let disclosed_msgs: Vec<(usize, Vec<u8>)> = derived
        .disclosed_claims
        .iter()
        .map(|(i, claim)| {
            let canonical = serde_json::json!({
                "ns": claim.namespace,
                "name": claim.name,
                "value": claim.value,
            });
            (*i, serde_json::to_vec(&canonical).unwrap_or_default())
        })
        .collect();

    let nonce_ref = derived.nonce.as_deref();
    let valid = bbs_proof_verify(
        &derived.issuer_public_key,
        &derived.proof,
        &disclosed_msgs,
        None,
        nonce_ref,
    )
    .map_err(|e| -> baseid_core::Error { e.into() })?;

    // Reconstruct ClaimSet from disclosed claims only
    let mut claim_set = ClaimSet::new();
    for (_, claim) in &derived.disclosed_claims {
        claim_set.insert(&claim.namespace, &claim.name, claim.value.clone());
    }

    let predicates_verified: Vec<(ClaimPath, baseid_core::claims::PredicateType)> = vec![];

    Ok(VerificationOutcome {
        valid,
        format: CredentialFormat::Bbs,
        issuer: derived.issuer,
        subject: derived.subject,
        claims: claim_set,
        unlinkable: true,
        predicates_verified,
        valid_until: None,
        revocation_status: RevocationStatus::NotChecked,
    })
}