baseid_core/

claims.rs

//! Unified claim types for multi-format credential lifecycle.
//!
//! `ClaimSet` provides a namespace-keyed claim structure that maps naturally
//! to all credential formats: SD-JWT (flat claims), W3C VC (credential subject),
//! mdoc (namespaced data elements), and BBS+ (ordered message list).
//!
//! `DisclosureSelection` controls which claims are revealed, hidden, or proven
//! via zero-knowledge predicates during credential presentation.

use std::collections::BTreeMap;

use serde::{Deserialize, Serialize};
use serde_json::Value;

/// A namespace-keyed set of claims.
///
/// The outer key is a namespace (e.g., `"org.iso.18013.5.1"` for mdoc,
/// `""` or `"vc"` for flat formats like SD-JWT and W3C VC). The inner map
/// holds claim name to value pairs.
///
/// # Examples
///
/// ```
/// use baseid_core::claims::ClaimSet;
/// use serde_json::json;
///
/// let mut claims = ClaimSet::new();
/// claims.insert("", "given_name", json!("Alice"));
/// claims.insert("", "family_name", json!("Smith"));
/// claims.insert("", "birth_date", json!("1990-01-15"));
///
/// assert_eq!(claims.get("", "given_name"), Some(&json!("Alice")));
/// ```
#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq)]
pub struct ClaimSet {
    namespaces: BTreeMap<String, BTreeMap<String, Value>>,
}

impl ClaimSet {
    /// Create an empty claim set.
    pub fn new() -> Self {
        Self::default()
    }

    /// Insert a claim into the given namespace.
    pub fn insert(&mut self, namespace: &str, name: &str, value: Value) {
        self.namespaces
            .entry(namespace.to_string())
            .or_default()
            .insert(name.to_string(), value);
    }

    /// Get a claim value by namespace and name.
    pub fn get(&self, namespace: &str, name: &str) -> Option<&Value> {
        self.namespaces.get(namespace)?.get(name)
    }

    /// Iterate over all namespaces and their claims.
    pub fn namespaces(&self) -> impl Iterator<Item = (&str, &BTreeMap<String, Value>)> {
        self.namespaces.iter().map(|(k, v)| (k.as_str(), v))
    }

    /// Get claims in a specific namespace.
    pub fn namespace(&self, ns: &str) -> Option<&BTreeMap<String, Value>> {
        self.namespaces.get(ns)
    }

    /// Returns the total number of claims across all namespaces.
    pub fn len(&self) -> usize {
        self.namespaces.values().map(|m| m.len()).sum()
    }

    /// Returns true if there are no claims.
    pub fn is_empty(&self) -> bool {
        self.namespaces.values().all(|m| m.is_empty())
    }

    /// Convert flat-namespace claims to a `serde_json::Value` object.
    ///
    /// If a default namespace (`""`) exists, its claims are returned as a
    /// flat JSON object. Otherwise, namespaces are nested.
    pub fn to_json(&self) -> Value {
        if self.namespaces.len() == 1 {
            if let Some(claims) = self.namespaces.get("") {
                return Value::Object(claims.iter().map(|(k, v)| (k.clone(), v.clone())).collect());
            }
        }
        serde_json::to_value(&self.namespaces).unwrap_or(Value::Null)
    }

    /// Convert claims in the default namespace to a flat JSON object.
    ///
    /// Returns `None` if there is no default namespace (`""`).
    /// Claims in other namespaces are ignored.
    pub fn to_json_flat(&self) -> Option<Value> {
        let claims = self.namespaces.get("")?;
        Some(Value::Object(
            claims.iter().map(|(k, v)| (k.clone(), v.clone())).collect(),
        ))
    }

    /// Convert the full claim set to a namespaced JSON object.
    ///
    /// Always returns `{"namespace": {"claim": value, ...}, ...}` regardless
    /// of how many namespaces exist. Use this when you need deterministic
    /// structure (e.g., for mdoc with multiple namespaces).
    pub fn to_json_namespaced(&self) -> Value {
        serde_json::to_value(&self.namespaces).unwrap_or(Value::Null)
    }

    /// Create a ClaimSet from a flat JSON object (uses default namespace `""`).
    pub fn from_json(value: &Value) -> Option<Self> {
        let obj = value.as_object()?;
        let mut cs = Self::new();
        for (k, v) in obj {
            cs.insert("", k, v.clone());
        }
        Some(cs)
    }
}

/// A path identifying a specific claim, optionally within a namespace.
#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub struct ClaimPath {
    /// Namespace (empty string for default/flat namespace).
    pub namespace: String,
    /// Claim name within the namespace.
    pub name: String,
}

impl ClaimPath {
    /// Create a claim path in the default namespace.
    pub fn new(name: &str) -> Self {
        Self {
            namespace: String::new(),
            name: name.to_string(),
        }
    }

    /// Create a claim path in a specific namespace.
    pub fn with_namespace(namespace: &str, name: &str) -> Self {
        Self {
            namespace: namespace.to_string(),
            name: name.to_string(),
        }
    }
}

/// How a specific claim should be disclosed during presentation.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum ClaimDisclosure {
    /// Reveal the claim value to the verifier.
    Reveal,
    /// Prove a predicate about the claim without revealing its value.
    /// Only supported by ZK-capable formats (BBS+, AnonCreds).
    Predicate(PredicateType),
    /// Do not disclose this claim at all.
    Hide,
}

/// Zero-knowledge predicates that can be proven about a claim value.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum PredicateType {
    /// Prove claim value > threshold (e.g., age > 18).
    GreaterThan(Value),
    /// Prove claim value >= threshold.
    GreaterThanOrEqual(Value),
    /// Prove claim value < threshold (e.g., birth_date < "2008-03-01").
    LessThan(Value),
    /// Prove claim value <= threshold.
    LessThanOrEqual(Value),
    /// Prove claim value is one of the given set.
    InSet(Vec<Value>),
    /// Prove claim value is NOT one of the given set.
    NotInSet(Vec<Value>),
    /// Prove the credential has not been revoked (via accumulator witness).
    NonRevoked,
}

/// Selection of which claims to reveal, hide, or prove predicates about.
///
/// Used by `CredentialPresenter::present()` to control selective disclosure.
///
/// # Examples
///
/// ```
/// use baseid_core::claims::{DisclosureSelection, ClaimDisclosure, PredicateType};
/// use serde_json::json;
///
/// let disclosure = DisclosureSelection::new()
///     .set("given_name", ClaimDisclosure::Reveal)
///     .set("family_name", ClaimDisclosure::Reveal)
///     .set("birth_date", ClaimDisclosure::Predicate(
///         PredicateType::LessThan(json!("2008-03-01"))
///     ))
///     .set("address", ClaimDisclosure::Hide);
/// ```
#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq)]
pub struct DisclosureSelection {
    selections: BTreeMap<String, BTreeMap<String, ClaimDisclosure>>,
}

impl DisclosureSelection {
    /// Create an empty disclosure selection.
    pub fn new() -> Self {
        Self::default()
    }

    /// Set disclosure for a claim in the default namespace.
    pub fn set(mut self, name: &str, disclosure: ClaimDisclosure) -> Self {
        self.selections
            .entry(String::new())
            .or_default()
            .insert(name.to_string(), disclosure);
        self
    }

    /// Set disclosure for a claim in a specific namespace.
    pub fn set_namespaced(
        mut self,
        namespace: &str,
        name: &str,
        disclosure: ClaimDisclosure,
    ) -> Self {
        self.selections
            .entry(namespace.to_string())
            .or_default()
            .insert(name.to_string(), disclosure);
        self
    }

    /// Convenience: reveal a claim in the default namespace.
    pub fn reveal(self, name: &str) -> Self {
        self.set(name, ClaimDisclosure::Reveal)
    }

    /// Convenience: hide a claim in the default namespace.
    pub fn hide(self, name: &str) -> Self {
        self.set(name, ClaimDisclosure::Hide)
    }

    /// Convenience: set a predicate for a claim in the default namespace.
    pub fn predicate(self, name: &str, predicate: PredicateType) -> Self {
        self.set(name, ClaimDisclosure::Predicate(predicate))
    }

    /// Get the disclosure selection for a claim.
    pub fn get(&self, namespace: &str, name: &str) -> Option<&ClaimDisclosure> {
        self.selections.get(namespace)?.get(name)
    }

    /// Iterate over all selections grouped by namespace.
    pub fn iter(&self) -> impl Iterator<Item = (&str, &str, &ClaimDisclosure)> {
        self.selections.iter().flat_map(|(ns, claims)| {
            claims
                .iter()
                .map(move |(name, disc)| (ns.as_str(), name.as_str(), disc))
        })
    }

    /// Returns true if any selection uses a predicate.
    pub fn has_predicates(&self) -> bool {
        self.iter()
            .any(|(_, _, d)| matches!(d, ClaimDisclosure::Predicate(_)))
    }

    /// Returns all claims marked as Reveal in the default namespace.
    pub fn revealed_claims(&self) -> Vec<&str> {
        self.selections
            .get("")
            .map(|claims| {
                claims
                    .iter()
                    .filter(|(_, d)| matches!(d, ClaimDisclosure::Reveal))
                    .map(|(name, _)| name.as_str())
                    .collect()
            })
            .unwrap_or_default()
    }

    /// Returns all claims marked as Hide in the default namespace.
    pub fn hidden_claims(&self) -> Vec<&str> {
        self.selections
            .get("")
            .map(|claims| {
                claims
                    .iter()
                    .filter(|(_, d)| matches!(d, ClaimDisclosure::Hide))
                    .map(|(name, _)| name.as_str())
                    .collect()
            })
            .unwrap_or_default()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use serde_json::json;

    #[test]
    fn claim_set_basic_operations() {
        let mut cs = ClaimSet::new();
        assert!(cs.is_empty());
        assert_eq!(cs.len(), 0);

        cs.insert("", "given_name", json!("Alice"));
        cs.insert("", "family_name", json!("Smith"));
        cs.insert("", "age", json!(30));

        assert_eq!(cs.len(), 3);
        assert!(!cs.is_empty());
        assert_eq!(cs.get("", "given_name"), Some(&json!("Alice")));
        assert_eq!(cs.get("", "age"), Some(&json!(30)));
        assert_eq!(cs.get("", "nonexistent"), None);
        assert_eq!(cs.get("other_ns", "given_name"), None);
    }

    #[test]
    fn claim_set_namespaced() {
        let mut cs = ClaimSet::new();
        cs.insert("org.iso.18013.5.1", "family_name", json!("Smith"));
        cs.insert("org.iso.18013.5.1", "given_name", json!("Alice"));
        cs.insert("org.iso.18013.5.1.aamva", "DHS_compliance", json!("F"));

        assert_eq!(cs.len(), 3);
        assert_eq!(
            cs.get("org.iso.18013.5.1", "family_name"),
            Some(&json!("Smith"))
        );
        assert_eq!(
            cs.get("org.iso.18013.5.1.aamva", "DHS_compliance"),
            Some(&json!("F"))
        );
    }

    #[test]
    fn claim_set_json_roundtrip() {
        let mut cs = ClaimSet::new();
        cs.insert("", "name", json!("Alice"));
        cs.insert("", "age", json!(30));

        let json_val = cs.to_json();
        let obj = json_val.as_object().unwrap();
        assert_eq!(obj.get("name"), Some(&json!("Alice")));
        assert_eq!(obj.get("age"), Some(&json!(30)));

        let cs2 = ClaimSet::from_json(&json_val).unwrap();
        assert_eq!(cs, cs2);
    }

    #[test]
    fn disclosure_selection_builder() {
        let ds = DisclosureSelection::new()
            .reveal("given_name")
            .reveal("family_name")
            .predicate("birth_date", PredicateType::LessThan(json!("2008-03-01")))
            .hide("address");

        assert_eq!(ds.get("", "given_name"), Some(&ClaimDisclosure::Reveal));
        assert_eq!(ds.get("", "family_name"), Some(&ClaimDisclosure::Reveal));
        assert_eq!(
            ds.get("", "birth_date"),
            Some(&ClaimDisclosure::Predicate(PredicateType::LessThan(json!(
                "2008-03-01"
            ))))
        );
        assert_eq!(ds.get("", "address"), Some(&ClaimDisclosure::Hide));
        assert!(ds.has_predicates());
    }

    #[test]
    fn disclosure_selection_no_predicates() {
        let ds = DisclosureSelection::new().reveal("name").hide("secret");

        assert!(!ds.has_predicates());
        assert_eq!(ds.revealed_claims(), vec!["name"]);
        assert_eq!(ds.hidden_claims(), vec!["secret"]);
    }

    #[test]
    fn disclosure_selection_namespaced() {
        let ds = DisclosureSelection::new()
            .set_namespaced("org.iso.18013.5.1", "family_name", ClaimDisclosure::Reveal)
            .set_namespaced("org.iso.18013.5.1", "portrait", ClaimDisclosure::Hide);

        assert_eq!(
            ds.get("org.iso.18013.5.1", "family_name"),
            Some(&ClaimDisclosure::Reveal)
        );
        assert_eq!(
            ds.get("org.iso.18013.5.1", "portrait"),
            Some(&ClaimDisclosure::Hide)
        );
    }

    #[test]
    fn predicate_types_serialize() {
        let predicates = vec![
            PredicateType::GreaterThan(json!(18)),
            PredicateType::GreaterThanOrEqual(json!(18)),
            PredicateType::LessThan(json!("2008-03-01")),
            PredicateType::LessThanOrEqual(json!("2008-03-01")),
            PredicateType::InSet(vec![json!("CA"), json!("US")]),
            PredicateType::NotInSet(vec![json!("banned")]),
            PredicateType::NonRevoked,
        ];

        for p in &predicates {
            let serialized = serde_json::to_string(p).unwrap();
            let deserialized: PredicateType = serde_json::from_str(&serialized).unwrap();
            assert_eq!(p, &deserialized);
        }
    }

    #[test]
    fn to_json_flat_default_namespace() {
        let mut cs = ClaimSet::new();
        cs.insert("", "name", json!("Alice"));
        cs.insert("", "age", json!(30));

        let flat = cs.to_json_flat().unwrap();
        let obj = flat.as_object().unwrap();
        assert_eq!(obj.get("name"), Some(&json!("Alice")));
        assert_eq!(obj.get("age"), Some(&json!(30)));
    }

    #[test]
    fn to_json_flat_no_default_namespace() {
        let mut cs = ClaimSet::new();
        cs.insert("org.iso.18013.5.1", "family_name", json!("Smith"));

        assert!(cs.to_json_flat().is_none());
    }

    #[test]
    fn to_json_flat_ignores_other_namespaces() {
        let mut cs = ClaimSet::new();
        cs.insert("", "name", json!("Alice"));
        cs.insert("org.iso.18013.5.1", "family_name", json!("Smith"));

        let flat = cs.to_json_flat().unwrap();
        let obj = flat.as_object().unwrap();
        assert_eq!(obj.len(), 1);
        assert_eq!(obj.get("name"), Some(&json!("Alice")));
    }

    #[test]
    fn to_json_namespaced_always_nests() {
        let mut cs = ClaimSet::new();
        cs.insert("", "name", json!("Alice"));

        let ns = cs.to_json_namespaced();
        let obj = ns.as_object().unwrap();
        // Even a single default namespace is nested under ""
        assert!(obj.contains_key(""));
        let inner = obj.get("").unwrap().as_object().unwrap();
        assert_eq!(inner.get("name"), Some(&json!("Alice")));
    }

    #[test]
    fn to_json_namespaced_multiple() {
        let mut cs = ClaimSet::new();
        cs.insert("ns1", "a", json!(1));
        cs.insert("ns2", "b", json!(2));

        let ns = cs.to_json_namespaced();
        let obj = ns.as_object().unwrap();
        assert!(obj.contains_key("ns1"));
        assert!(obj.contains_key("ns2"));
    }

    #[test]
    fn claim_path_default_namespace() {
        let path = ClaimPath::new("given_name");
        assert_eq!(path.namespace, "");
        assert_eq!(path.name, "given_name");
    }

    #[test]
    fn claim_path_with_namespace() {
        let path = ClaimPath::with_namespace("org.iso.18013.5.1", "family_name");
        assert_eq!(path.namespace, "org.iso.18013.5.1");
        assert_eq!(path.name, "family_name");
    }
}