baseid_sd_jwt/

disclosure.rs

//! SD-JWT disclosure types and encoding.

use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _};
use baseid_core::error::CryptoError;
use rand::Rng;
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};

/// A decoded SD-JWT disclosure.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Disclosure {
    /// Random salt.
    pub salt: String,
    /// Claim name (None for array elements).
    pub claim_name: Option<String>,
    /// Claim value.
    pub claim_value: serde_json::Value,
}

impl Disclosure {
    /// Create a new disclosure with a random 128-bit salt.
    pub fn new(claim_name: Option<String>, value: serde_json::Value) -> Self {
        let mut salt_bytes = [0u8; 16];
        rand::thread_rng().fill(&mut salt_bytes);
        let salt = URL_SAFE_NO_PAD.encode(salt_bytes);
        Self {
            salt,
            claim_name,
            claim_value: value,
        }
    }

    /// Encode this disclosure as a base64url string.
    ///
    /// Format: base64url(`[salt, name, value]`) for object claims,
    /// or base64url(`[salt, value]`) for array elements.
    pub fn encode(&self) -> baseid_core::Result<String> {
        let array = match &self.claim_name {
            Some(name) => serde_json::json!([self.salt, name, self.claim_value]),
            None => serde_json::json!([self.salt, self.claim_value]),
        };
        let json =
            serde_json::to_string(&array).map_err(baseid_core::error::SerializationError::Json)?;
        Ok(URL_SAFE_NO_PAD.encode(json.as_bytes()))
    }

    /// Decode a disclosure from a base64url-encoded string.
    pub fn decode(encoded: &str) -> baseid_core::Result<Self> {
        let bytes = URL_SAFE_NO_PAD
            .decode(encoded)
            .map_err(|_| CryptoError::VerificationFailed)?;
        let array: Vec<serde_json::Value> =
            serde_json::from_slice(&bytes).map_err(baseid_core::error::SerializationError::Json)?;

        match array.len() {
            // Array element disclosure: [salt, value]
            2 => {
                let salt = array[0]
                    .as_str()
                    .ok_or(CryptoError::VerificationFailed)?
                    .to_string();
                Ok(Self {
                    salt,
                    claim_name: None,
                    claim_value: array[1].clone(),
                })
            }
            // Object claim disclosure: [salt, name, value]
            3 => {
                let salt = array[0]
                    .as_str()
                    .ok_or(CryptoError::VerificationFailed)?
                    .to_string();
                let name = array[1]
                    .as_str()
                    .ok_or(CryptoError::VerificationFailed)?
                    .to_string();
                Ok(Self {
                    salt,
                    claim_name: Some(name),
                    claim_value: array[2].clone(),
                })
            }
            _ => Err(CryptoError::VerificationFailed.into()),
        }
    }

    /// Compute the SHA-256 digest of the encoded disclosure (base64url of the hash).
    pub fn digest(&self) -> baseid_core::Result<String> {
        let encoded = self.encode()?;
        let hash = Sha256::digest(encoded.as_bytes());
        Ok(URL_SAFE_NO_PAD.encode(hash))
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn encode_decode_roundtrip_object() {
        let d = Disclosure::new(Some("name".to_string()), serde_json::json!("Alice"));
        let encoded = d.encode().unwrap();
        let decoded = Disclosure::decode(&encoded).unwrap();
        assert_eq!(decoded.salt, d.salt);
        assert_eq!(decoded.claim_name, Some("name".to_string()));
        assert_eq!(decoded.claim_value, serde_json::json!("Alice"));
    }

    #[test]
    fn encode_decode_roundtrip_array() {
        let d = Disclosure::new(None, serde_json::json!(42));
        let encoded = d.encode().unwrap();
        let decoded = Disclosure::decode(&encoded).unwrap();
        assert_eq!(decoded.salt, d.salt);
        assert_eq!(decoded.claim_name, None);
        assert_eq!(decoded.claim_value, serde_json::json!(42));
    }

    #[test]
    fn random_salt_uniqueness() {
        let d1 = Disclosure::new(Some("a".to_string()), serde_json::json!(1));
        let d2 = Disclosure::new(Some("a".to_string()), serde_json::json!(1));
        assert_ne!(d1.salt, d2.salt);
    }

    #[test]
    fn digest_determinism() {
        let d = Disclosure {
            salt: "fixed_salt".to_string(),
            claim_name: Some("name".to_string()),
            claim_value: serde_json::json!("Alice"),
        };
        let h1 = d.digest().unwrap();
        let h2 = d.digest().unwrap();
        assert_eq!(h1, h2);
    }

    // --- B2: SD-JWT test vector verification ---

    fn verify_disclosure_vector(v: &baseid_test_vectors::sd_jwt::DisclosureVector) {
        let d = Disclosure {
            salt: v.salt.to_string(),
            claim_name: v.claim_name.map(|s| s.to_string()),
            claim_value: serde_json::from_str(v.claim_value).unwrap(),
        };

        // Verify encoding matches expected
        let encoded = d.encode().unwrap();
        assert_eq!(encoded, v.encoded, "encoding mismatch for salt={}", v.salt);

        // Verify digest matches expected
        let digest = d.digest().unwrap();
        assert_eq!(digest, v.digest, "digest mismatch for salt={}", v.salt);

        // Verify decode roundtrip
        let decoded = Disclosure::decode(&encoded).unwrap();
        assert_eq!(decoded.salt, v.salt);
        assert_eq!(decoded.claim_name.as_deref(), v.claim_name);
        assert_eq!(decoded.claim_value, d.claim_value);
    }

    #[test]
    fn vector_all_disclosures() {
        for v in baseid_test_vectors::sd_jwt::ALL {
            verify_disclosure_vector(v);
        }
    }

    #[test]
    fn vector_ietf_disclosure_decode() {
        use baseid_test_vectors::sd_jwt;

        // IETF spec uses spaces in JSON; our decoder should handle it
        let d = Disclosure::decode(sd_jwt::IETF_DISCLOSURE_WITH_SPACES).unwrap();
        assert_eq!(d.salt, sd_jwt::IETF_DISCLOSURE_SALT);
        assert_eq!(d.claim_name.as_deref(), Some(sd_jwt::IETF_DISCLOSURE_NAME));
        assert_eq!(
            d.claim_value,
            serde_json::json!(sd_jwt::IETF_DISCLOSURE_VALUE)
        );
    }
}