baseid_wallet_core/

receive.rs

//! Credential receive operations — bridging OID4VCI responses into the wallet store.

use crate::error::WalletError;
use crate::holder::WalletStore;
use crate::AnyCredential;
use baseid_core::types::CredentialId;

/// Parse a credential value from an OID4VCI response into an AnyCredential.
///
/// Uses `format_hint` to determine parsing strategy:
/// - `"jwt_vc_json"`: JWT string -> decode -> parse VerifiableCredential from `vc` claim
/// - `"dc+sd-jwt"` or `"vc+sd-jwt"`: compact SD-JWT string -> `SdJwt::parse()`
/// - Other: attempt W3C VC JSON parsing as fallback
pub fn parse_issued_credential(
    credential_value: &serde_json::Value,
    format_hint: &str,
) -> baseid_core::Result<AnyCredential> {
    match format_hint {
        "jwt_vc_json" => {
            let jwt_str = credential_value.as_str().ok_or_else(|| {
                WalletError::CredentialParseError(
                    "jwt_vc_json credential value must be a string".to_string(),
                )
            })?;

            let (_header, claims) = baseid_crypto::decode_jwt_unverified(jwt_str)?;

            let vc_value = claims.get("vc").ok_or_else(|| {
                WalletError::CredentialParseError("JWT missing 'vc' claim".to_string())
            })?;

            let vc: baseid_vc::VerifiableCredential = serde_json::from_value(vc_value.clone())
                .map_err(|e| WalletError::CredentialParseError(e.to_string()))?;

            Ok(AnyCredential::W3cVc(vc))
        }
        hint if hint.starts_with("dc+sd-jwt") || hint.starts_with("vc+sd-jwt") => {
            let compact = credential_value.as_str().ok_or_else(|| {
                WalletError::CredentialParseError(
                    "SD-JWT credential value must be a string".to_string(),
                )
            })?;

            let sd_jwt = baseid_sd_jwt::SdJwt::parse(compact)?;
            Ok(AnyCredential::SdJwtVc(sd_jwt))
        }
        _ => {
            // Attempt W3C VC JSON parsing as fallback (e.g. ldp_vc)
            let vc: baseid_vc::VerifiableCredential =
                serde_json::from_value(credential_value.clone())
                    .map_err(|_| WalletError::UnsupportedFormat(format_hint.to_string()))?;
            Ok(AnyCredential::W3cVc(vc))
        }
    }
}

/// Tracking info for deferred credential issuance.
#[derive(Debug, Clone)]
pub struct DeferredIssuance {
    /// The transaction ID for polling the deferred credential endpoint.
    pub transaction_id: String,
    /// Polling interval in seconds.
    pub interval: u64,
    /// The credential format hint for parsing when the credential arrives.
    pub format_hint: String,
}

/// Extract deferred issuance info from a `CredentialResponse`, if present.
pub fn extract_deferred(
    response: &baseid_oid4vci::credential::CredentialResponse,
    format_hint: &str,
) -> Option<DeferredIssuance> {
    response
        .transaction_id
        .as_ref()
        .map(|tid| DeferredIssuance {
            transaction_id: tid.clone(),
            interval: response.interval.unwrap_or(5),
            format_hint: format_hint.to_string(),
        })
}

/// Receive credentials from an OID4VCI response and store them.
///
/// Returns the list of newly stored credential IDs.
/// For deferred responses (no credentials, has `transaction_id`), returns an empty vec.
pub async fn receive_oid4vci_credential<S: WalletStore>(
    store: &S,
    response: &baseid_oid4vci::credential::CredentialResponse,
    format_hint: &str,
) -> baseid_core::Result<Vec<CredentialId>> {
    let entries = match &response.credentials {
        Some(creds) => creds,
        None => return Ok(vec![]),
    };

    let mut ids = Vec::with_capacity(entries.len());
    for entry in entries {
        let cred = parse_issued_credential(&entry.credential, format_hint)?;
        let id = store.store_credential(cred).await?;
        ids.push(id);
    }

    Ok(ids)
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::store::InMemoryStore;
    use baseid_core::types::KeyType;
    use baseid_crypto::KeyPair;
    use baseid_oid4vci::credential::{CredentialEntry, CredentialResponse};
    use baseid_vc::credential::Issuer;
    use baseid_vc::VerifiableCredential;

    fn sample_vc() -> VerifiableCredential {
        VerifiableCredential {
            context: vec!["https://www.w3.org/ns/credentials/v2".to_string()],
            id: Some("urn:uuid:test-receive".to_string()),
            r#type: vec![
                "VerifiableCredential".to_string(),
                "UniversityDegreeCredential".to_string(),
            ],
            issuer: Issuer::Uri("did:key:z6MkIssuer".to_string()),
            valid_from: Some("2024-01-01T00:00:00Z".to_string()),
            valid_until: None,
            credential_subject: serde_json::json!({"id": "did:key:z6MkHolder"}),
            credential_status: None,
            proof: None,
        }
    }

    #[test]
    fn parse_jwt_vc_credential() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc();
        let jwt = baseid_vc::sign_credential_jwt(&vc, &kp, "did:key:z6MkIssuer#key-0").unwrap();

        let value = serde_json::Value::String(jwt);
        let parsed = parse_issued_credential(&value, "jwt_vc_json").unwrap();

        match &parsed {
            AnyCredential::W3cVc(decoded_vc) => {
                assert_eq!(decoded_vc.id, vc.id);
                assert_eq!(decoded_vc.r#type, vc.r#type);
            }
            _ => panic!("Expected W3cVc variant"),
        }
    }

    #[test]
    fn parse_sd_jwt_credential() {
        let sd_jwt = baseid_sd_jwt::SdJwt {
            jwt: "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJ0ZXN0In0.c2ln".to_string(),
            disclosures: vec![],
            key_binding_jwt: None,
        };
        let compact = sd_jwt.serialize();
        let value = serde_json::Value::String(compact);

        let parsed = parse_issued_credential(&value, "dc+sd-jwt").unwrap();
        match &parsed {
            AnyCredential::SdJwtVc(parsed_sd) => {
                assert_eq!(parsed_sd.jwt, sd_jwt.jwt);
            }
            _ => panic!("Expected SdJwtVc variant"),
        }
    }

    #[test]
    fn parse_json_vc_credential() {
        let vc = sample_vc();
        let value = serde_json::to_value(&vc).unwrap();

        let parsed = parse_issued_credential(&value, "ldp_vc").unwrap();
        match &parsed {
            AnyCredential::W3cVc(decoded_vc) => {
                assert_eq!(decoded_vc.id, vc.id);
                assert_eq!(decoded_vc.issuer, vc.issuer);
            }
            _ => panic!("Expected W3cVc variant"),
        }
    }

    #[tokio::test]
    async fn receive_single_credential() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc();
        let jwt = baseid_vc::sign_credential_jwt(&vc, &kp, "kid").unwrap();

        let response = CredentialResponse {
            credentials: Some(vec![CredentialEntry {
                credential: serde_json::Value::String(jwt),
            }]),
            transaction_id: None,
            notification_id: None,
            interval: None,
        };

        let store = InMemoryStore::new();
        let ids = receive_oid4vci_credential(&store, &response, "jwt_vc_json")
            .await
            .unwrap();

        assert_eq!(ids.len(), 1);
        assert_eq!(store.len(), 1);
    }

    #[tokio::test]
    async fn receive_multiple_credentials() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc1 = sample_vc();
        let mut vc2 = sample_vc();
        vc2.id = Some("urn:uuid:test-receive-2".to_string());

        let jwt1 = baseid_vc::sign_credential_jwt(&vc1, &kp, "kid").unwrap();
        let jwt2 = baseid_vc::sign_credential_jwt(&vc2, &kp, "kid").unwrap();

        let response = CredentialResponse {
            credentials: Some(vec![
                CredentialEntry {
                    credential: serde_json::Value::String(jwt1),
                },
                CredentialEntry {
                    credential: serde_json::Value::String(jwt2),
                },
            ]),
            transaction_id: None,
            notification_id: None,
            interval: None,
        };

        let store = InMemoryStore::new();
        let ids = receive_oid4vci_credential(&store, &response, "jwt_vc_json")
            .await
            .unwrap();

        assert_eq!(ids.len(), 2);
        assert_eq!(store.len(), 2);
    }

    #[tokio::test]
    async fn receive_deferred_returns_empty() {
        let response = CredentialResponse {
            credentials: None,
            transaction_id: Some("txn-123".to_string()),
            notification_id: None,
            interval: Some(5),
        };

        let store = InMemoryStore::new();
        let ids = receive_oid4vci_credential(&store, &response, "jwt_vc_json")
            .await
            .unwrap();

        assert!(ids.is_empty());
        assert!(store.is_empty());
    }

    #[test]
    fn extract_deferred_present() {
        let response = CredentialResponse {
            credentials: None,
            transaction_id: Some("txn-456".to_string()),
            notification_id: None,
            interval: Some(10),
        };

        let deferred = extract_deferred(&response, "jwt_vc_json").unwrap();
        assert_eq!(deferred.transaction_id, "txn-456");
        assert_eq!(deferred.interval, 10);
        assert_eq!(deferred.format_hint, "jwt_vc_json");
    }

    #[test]
    fn extract_deferred_absent() {
        let kp = KeyPair::generate(KeyType::Ed25519).unwrap();
        let vc = sample_vc();
        let jwt = baseid_vc::sign_credential_jwt(&vc, &kp, "kid").unwrap();

        let response = CredentialResponse {
            credentials: Some(vec![CredentialEntry {
                credential: serde_json::Value::String(jwt),
            }]),
            transaction_id: None,
            notification_id: None,
            interval: None,
        };

        assert!(extract_deferred(&response, "jwt_vc_json").is_none());
    }
}