baseid_vc/

signing.rs

//! JWT-VC signing and verification.
//!
//! Signs and verifies W3C Verifiable Credentials and Presentations as JWTs
//! per the VC-JWT specification. Includes `nbf`, `exp`, and `iat` claims
//! per the VC-JWT mapping, with time validation on verification.

use baseid_core::error::{CredentialError, SerializationError};
use baseid_crypto::jwt::{self, alg_to_str, JwtHeader};
use baseid_crypto::signer::{Signer, Verifier};
use serde_json::Value;

use crate::credential::{Issuer, VerifiableCredential};
use crate::presentation::VerifiablePresentation;

/// Clock skew tolerance in seconds for `nbf`/`exp` validation.
const TIME_LEEWAY_SECS: i64 = 60;

/// Extract the DID string from an `Issuer`.
pub fn issuer_id(issuer: &Issuer) -> &str {
    match issuer {
        Issuer::Uri(uri) => uri.as_str(),
        Issuer::Object { id, .. } => id.as_str(),
    }
}

/// Sign a `VerifiableCredential` as a JWT.
///
/// Returns the compact JWT serialization. The `kid` should be a DID URL
/// identifying the verification method (e.g., `did:key:z6Mk...#z6Mk...`).
///
/// Per the VC-JWT spec, `valid_from` maps to `nbf` and `valid_until` maps
/// to `exp`. An `iat` (issued-at) claim is always included.
pub fn sign_credential_jwt(
    vc: &VerifiableCredential,
    signer: &dyn Signer,
    kid: &str,
) -> baseid_core::Result<String> {
    let header = JwtHeader {
        alg: alg_to_str(signer.algorithm()).to_string(),
        typ: Some("JWT".to_string()),
        kid: Some(kid.to_string()),
        additional: serde_json::Map::new(),
    };

    let vc_value = serde_json::to_value(vc).map_err(SerializationError::Json)?;

    let mut claims = serde_json::Map::new();
    claims.insert(
        "iss".to_string(),
        Value::String(issuer_id(&vc.issuer).to_string()),
    );
    if let Some(id) = &vc.id {
        claims.insert("jti".to_string(), Value::String(id.clone()));
    }
    // Extract subject id if present
    if let Some(sub) = vc.credential_subject.get("id").and_then(|v| v.as_str()) {
        claims.insert("sub".to_string(), Value::String(sub.to_string()));
    }

    // VC-JWT time claims: nbf from valid_from, exp from valid_until, iat = now
    if let Some(ref valid_from) = vc.valid_from {
        if let Some(epoch) = parse_rfc3339_to_epoch(valid_from) {
            claims.insert("nbf".to_string(), Value::Number(epoch.into()));
        }
    }
    if let Some(ref valid_until) = vc.valid_until {
        if let Some(epoch) = parse_rfc3339_to_epoch(valid_until) {
            claims.insert("exp".to_string(), Value::Number(epoch.into()));
        }
    }
    claims.insert("iat".to_string(), Value::Number(current_epoch().into()));

    claims.insert("vc".to_string(), vc_value);

    jwt::encode_jwt(&header, &Value::Object(claims), signer)
}

/// Verify a JWT-encoded Verifiable Credential.
///
/// Verifies the signature, validates `nbf`/`exp` time claims (with 60s
/// leeway for clock skew), and extracts the `VerifiableCredential` from
/// the `vc` claim.
///
/// Returns `CredentialError::Expired` if the credential has expired, and
/// `CredentialError::InvalidCredential` if the credential is not yet valid.
pub fn verify_credential_jwt(
    jwt_str: &str,
    verifier: &dyn Verifier,
) -> baseid_core::Result<VerifiableCredential> {
    let (_header, claims) = jwt::decode_jwt(jwt_str, verifier)?;

    // Validate time claims
    let now = current_epoch();
    if let Some(nbf) = claims.get("nbf").and_then(|v| v.as_i64()) {
        if now < nbf - TIME_LEEWAY_SECS {
            return Err(CredentialError::InvalidCredential.into());
        }
    }
    if let Some(exp) = claims.get("exp").and_then(|v| v.as_i64()) {
        if now > exp + TIME_LEEWAY_SECS {
            return Err(CredentialError::Expired.into());
        }
    }

    let vc_value = claims.get("vc").ok_or(CredentialError::InvalidCredential)?;

    let vc: VerifiableCredential =
        serde_json::from_value(vc_value.clone()).map_err(SerializationError::Json)?;

    Ok(vc)
}

/// Sign a `VerifiablePresentation` as a JWT.
///
/// The `nonce` and `audience` parameters are included as `nonce` and `aud`
/// claims respectively, as required by the VP JWT spec.
pub fn sign_presentation_jwt(
    vp: &VerifiablePresentation,
    signer: &dyn Signer,
    kid: &str,
    nonce: &str,
    audience: &str,
) -> baseid_core::Result<String> {
    let header = JwtHeader {
        alg: alg_to_str(signer.algorithm()).to_string(),
        typ: Some("JWT".to_string()),
        kid: Some(kid.to_string()),
        additional: serde_json::Map::new(),
    };

    let vp_value = serde_json::to_value(vp).map_err(SerializationError::Json)?;

    let mut claims = serde_json::Map::new();
    if let Some(holder) = &vp.holder {
        claims.insert("iss".to_string(), Value::String(holder.clone()));
    }
    claims.insert("vp".to_string(), vp_value);
    claims.insert("nonce".to_string(), Value::String(nonce.to_string()));
    claims.insert("aud".to_string(), Value::String(audience.to_string()));

    jwt::encode_jwt(&header, &Value::Object(claims), signer)
}

/// Verify a JWT-encoded Verifiable Presentation.
///
/// Verifies the signature and extracts the `VerifiablePresentation` from the
/// `vp` claim. If `expected_nonce` or `expected_audience` are provided, the
/// corresponding JWT claims are validated.
pub fn verify_presentation_jwt(
    jwt_str: &str,
    verifier: &dyn Verifier,
    expected_nonce: Option<&str>,
    expected_audience: Option<&str>,
) -> baseid_core::Result<VerifiablePresentation> {
    let (_header, claims) = jwt::decode_jwt(jwt_str, verifier)?;

    // Validate nonce if expected
    if let Some(expected) = expected_nonce {
        let actual = claims
            .get("nonce")
            .and_then(|v| v.as_str())
            .ok_or(CredentialError::InvalidCredential)?;
        if actual != expected {
            return Err(CredentialError::InvalidCredential.into());
        }
    }

    // Validate audience if expected
    if let Some(expected) = expected_audience {
        let actual = claims
            .get("aud")
            .and_then(|v| v.as_str())
            .ok_or(CredentialError::InvalidCredential)?;
        if actual != expected {
            return Err(CredentialError::InvalidCredential.into());
        }
    }

    let vp_value = claims.get("vp").ok_or(CredentialError::InvalidCredential)?;

    let vp: VerifiablePresentation =
        serde_json::from_value(vp_value.clone()).map_err(SerializationError::Json)?;

    Ok(vp)
}

/// Get current Unix epoch seconds.
fn current_epoch() -> i64 {
    std::time::SystemTime::now()
        .duration_since(std::time::UNIX_EPOCH)
        .unwrap_or_default()
        .as_secs() as i64
}

/// Parse an RFC 3339 timestamp to Unix epoch seconds.
///
/// Handles `Z` (UTC), `+HH:MM`, and `-HH:MM` timezone offsets, and
/// optional fractional seconds.
fn parse_rfc3339_to_epoch(s: &str) -> Option<i64> {
    // Minimum: "YYYY-MM-DDTHH:MM:SS" = 19 chars
    if s.len() < 19 {
        return None;
    }
    let b = s.as_bytes();
    // Validate separators
    if b[4] != b'-'
        || b[7] != b'-'
        || (b[10] != b'T' && b[10] != b't')
        || b[13] != b':'
        || b[16] != b':'
    {
        return None;
    }
    let year = parse_u32(&b[0..4])? as i64;
    let month = parse_u32(&b[5..7])? as i64;
    let day = parse_u32(&b[8..10])? as i64;
    let hour = parse_u32(&b[11..13])? as i64;
    let minute = parse_u32(&b[14..16])? as i64;
    let second = parse_u32(&b[17..19])? as i64;

    // Parse optional fractional seconds and timezone
    let rest = &s[19..];
    let tz_part = if let Some(rest) = rest.strip_prefix('.') {
        // Skip fractional seconds digits
        let end = rest
            .find(|c: char| !c.is_ascii_digit())
            .unwrap_or(rest.len());
        &rest[end..]
    } else {
        rest
    };

    let offset_seconds = match tz_part {
        "" | "Z" | "z" => 0i64,
        s if s.len() >= 6 && (s.starts_with('+') || s.starts_with('-')) => {
            let sign: i64 = if s.starts_with('-') { -1 } else { 1 };
            let oh = parse_u32(&s.as_bytes()[1..3])? as i64;
            let om = parse_u32(&s.as_bytes()[4..6])? as i64;
            sign * (oh * 3600 + om * 60)
        }
        _ => return None,
    };

    let days = days_from_civil(year, month, day)?;
    Some(days * 86400 + hour * 3600 + minute * 60 + second - offset_seconds)
}

fn parse_u32(b: &[u8]) -> Option<u32> {
    std::str::from_utf8(b).ok()?.parse().ok()
}

/// Compute days from 1970-01-01 to the given civil date.
/// Uses Howard Hinnant's algorithm.
fn days_from_civil(y: i64, m: i64, d: i64) -> Option<i64> {
    if !(1..=12).contains(&m) || !(1..=31).contains(&d) {
        return None;
    }
    let y = if m <= 2 { y - 1 } else { y };
    let era = if y >= 0 { y } else { y - 399 } / 400;
    let yoe = (y - era * 400) as u64;
    let doy = (153 * (if m > 2 { m - 3 } else { m + 9 }) as u64 + 2) / 5 + d as u64 - 1;
    let doe = yoe * 365 + yoe / 4 - yoe / 100 + doy;
    Some(era * 146097 + doe as i64 - 719468)
}

#[cfg(test)]
mod tests {
    use super::*;
    use baseid_core::types::KeyType;
    use baseid_crypto::KeyPair;

    fn sample_vc(issuer_did: &str) -> VerifiableCredential {
        VerifiableCredential {
            context: vec!["https://www.w3.org/ns/credentials/v2".to_string()],
            id: Some("urn:uuid:12345678-1234-1234-1234-123456789abc".to_string()),
            r#type: vec![
                "VerifiableCredential".to_string(),
                "ExampleCredential".to_string(),
            ],
            issuer: Issuer::Uri(issuer_did.to_string()),
            valid_from: Some("2024-01-01T00:00:00Z".to_string()),
            valid_until: None,
            credential_subject: serde_json::json!({
                "id": "did:key:z6MkHolder...",
                "name": "Alice",
            }),
            credential_status: None,
            proof: None,
        }
    }

    fn vc_sign_verify_roundtrip(key_type: KeyType) {
        let kp = KeyPair::generate(key_type).unwrap();
        let kid = "did:key:test#key-0";
        let vc = sample_vc("did:key:test");

        let jwt = sign_credential_jwt(&vc, &kp, kid).unwrap();
        let decoded = verify_credential_jwt(&jwt, &kp.public).unwrap();

        assert_eq!(decoded.id, vc.id);
        assert_eq!(decoded.r#type, vc.r#type);
        assert_eq!(decoded.issuer, vc.issuer);
        assert_eq!(decoded.credential_subject, vc.credential_subject);
    }

    #[test]
    fn vc_roundtrip_ed25519() {
        vc_sign_verify_roundtrip(KeyType::Ed25519);
    }

    #[test]
    fn vc_roundtrip_p256() {
        vc_sign_verify_roundtrip(KeyType::P256);
    }

    #[test]
    fn vc_roundtrip_p384() {
        vc_sign_verify_roundtrip(KeyType::P384);
    }

    #[test]
    fn vc_roundtrip_secp256k1() {
        vc_sign_verify_roundtrip(KeyType::Secp256k1);
    }

    #[test]
    fn vc_wrong_key_rejected() {
        let kp1 = KeyPair::generate(KeyType::Ed25519).unwrap();
        let kp2 = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc("did:key:test");
        let jwt = sign_credential_jwt(&vc, &kp1, "did:key:test#key-0").unwrap();

        assert!(verify_credential_jwt(&jwt, &kp2.public).is_err());
    }

    #[test]
    fn vp_roundtrip() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc("did:key:issuer");
        let vp = VerifiablePresentation {
            context: vec!["https://www.w3.org/ns/credentials/v2".to_string()],
            r#type: vec!["VerifiablePresentation".to_string()],
            verifiable_credential: vec![vc],
            holder: Some("did:key:holder".to_string()),
            proof: None,
        };

        let jwt = sign_presentation_jwt(
            &vp,
            &kp,
            "did:key:holder#key-0",
            "nonce123",
            "did:key:verifier",
        )
        .unwrap();
        let decoded =
            verify_presentation_jwt(&jwt, &kp.public, Some("nonce123"), Some("did:key:verifier"))
                .unwrap();

        assert_eq!(decoded.holder, vp.holder);
        assert_eq!(decoded.verifiable_credential.len(), 1);
    }

    #[test]
    fn jwt_claims_structure() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc("did:key:issuer123");
        let jwt = sign_credential_jwt(&vc, &kp, "did:key:issuer123#key-0").unwrap();

        let (_header, claims) = baseid_crypto::decode_jwt_unverified(&jwt).unwrap();
        assert_eq!(claims["iss"], "did:key:issuer123");
        assert_eq!(
            claims["jti"],
            "urn:uuid:12345678-1234-1234-1234-123456789abc"
        );
        assert_eq!(claims["sub"], "did:key:z6MkHolder...");
        assert!(claims.get("vc").is_some());
        // nbf should be present (from valid_from)
        assert!(claims.get("nbf").is_some(), "nbf claim should be present");
        assert!(claims.get("iat").is_some(), "iat claim should be present");
    }

    #[test]
    fn jwt_includes_exp_when_valid_until_set() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let mut vc = sample_vc("did:key:issuer");
        vc.valid_until = Some("2030-12-31T23:59:59Z".to_string());

        let jwt = sign_credential_jwt(&vc, &kp, "kid").unwrap();
        let (_header, claims) = baseid_crypto::decode_jwt_unverified(&jwt).unwrap();

        let exp = claims["exp"].as_i64().expect("exp should be a number");
        // 2030-12-31T23:59:59Z = 1924991999
        assert_eq!(exp, 1924991999);
    }

    #[test]
    fn expired_credential_rejected() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let mut vc = sample_vc("did:key:issuer");
        vc.valid_until = Some("2020-01-01T00:00:00Z".to_string());

        let jwt = sign_credential_jwt(&vc, &kp, "kid").unwrap();
        let result = verify_credential_jwt(&jwt, &kp.public);

        assert!(result.is_err());
        let err = format!("{}", result.unwrap_err());
        assert!(
            err.contains("expired") || err.contains("Expired"),
            "Expected expired error, got: {err}"
        );
    }

    #[test]
    fn future_credential_rejected() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let mut vc = sample_vc("did:key:issuer");
        vc.valid_from = Some("2099-01-01T00:00:00Z".to_string());

        let jwt = sign_credential_jwt(&vc, &kp, "kid").unwrap();
        let result = verify_credential_jwt(&jwt, &kp.public);

        assert!(
            result.is_err(),
            "Credential not yet valid should be rejected"
        );
    }

    #[test]
    fn parse_rfc3339_basic() {
        assert_eq!(
            parse_rfc3339_to_epoch("2024-01-01T00:00:00Z"),
            Some(1704067200)
        );
        assert_eq!(parse_rfc3339_to_epoch("1970-01-01T00:00:00Z"), Some(0));
    }

    #[test]
    fn parse_rfc3339_with_offset() {
        // UTC+05:00 means the local time is 5 hours ahead, so UTC = local - 5h
        let utc = parse_rfc3339_to_epoch("2024-01-01T00:00:00Z").unwrap();
        let plus5 = parse_rfc3339_to_epoch("2024-01-01T05:00:00+05:00").unwrap();
        assert_eq!(utc, plus5);
    }

    #[test]
    fn parse_rfc3339_with_fractional_seconds() {
        let without = parse_rfc3339_to_epoch("2024-01-01T00:00:00Z").unwrap();
        let with = parse_rfc3339_to_epoch("2024-01-01T00:00:00.123456Z").unwrap();
        assert_eq!(without, with);
    }

    #[test]
    fn vp_wrong_nonce_rejected() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc("did:key:issuer");
        let vp = VerifiablePresentation {
            context: vec!["https://www.w3.org/ns/credentials/v2".to_string()],
            r#type: vec!["VerifiablePresentation".to_string()],
            verifiable_credential: vec![vc],
            holder: Some("did:key:holder".to_string()),
            proof: None,
        };

        let jwt = sign_presentation_jwt(&vp, &kp, "kid", "real-nonce", "aud").unwrap();
        let result = verify_presentation_jwt(&jwt, &kp.public, Some("wrong-nonce"), None);
        assert!(result.is_err(), "Wrong nonce should be rejected");
    }

    #[test]
    fn vp_wrong_audience_rejected() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc("did:key:issuer");
        let vp = VerifiablePresentation {
            context: vec!["https://www.w3.org/ns/credentials/v2".to_string()],
            r#type: vec!["VerifiablePresentation".to_string()],
            verifiable_credential: vec![vc],
            holder: Some("did:key:holder".to_string()),
            proof: None,
        };

        let jwt = sign_presentation_jwt(&vp, &kp, "kid", "nonce", "did:key:real-verifier").unwrap();
        let result =
            verify_presentation_jwt(&jwt, &kp.public, None, Some("did:key:wrong-verifier"));
        assert!(result.is_err(), "Wrong audience should be rejected");
    }

    #[test]
    fn vp_nonce_and_audience_accepted_when_correct() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc("did:key:issuer");
        let vp = VerifiablePresentation {
            context: vec!["https://www.w3.org/ns/credentials/v2".to_string()],
            r#type: vec!["VerifiablePresentation".to_string()],
            verifiable_credential: vec![vc],
            holder: Some("did:key:holder".to_string()),
            proof: None,
        };

        let jwt =
            sign_presentation_jwt(&vp, &kp, "kid", "correct-nonce", "did:key:verifier").unwrap();
        let result = verify_presentation_jwt(
            &jwt,
            &kp.public,
            Some("correct-nonce"),
            Some("did:key:verifier"),
        );
        assert!(result.is_ok());
    }

    #[test]
    fn vp_no_validation_when_none_expected() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc("did:key:issuer");
        let vp = VerifiablePresentation {
            context: vec!["https://www.w3.org/ns/credentials/v2".to_string()],
            r#type: vec!["VerifiablePresentation".to_string()],
            verifiable_credential: vec![vc],
            holder: Some("did:key:holder".to_string()),
            proof: None,
        };

        let jwt = sign_presentation_jwt(&vp, &kp, "kid", "any-nonce", "any-aud").unwrap();
        // When None is passed, no validation — should succeed
        let result = verify_presentation_jwt(&jwt, &kp.public, None, None);
        assert!(result.is_ok());
    }
}