WIP JwtVcJson

Author: cicnavi

src/Codebooks/ClaimsEnum.php

@@ -46,7 +46,8 @@ enum ClaimsEnum: string
     case CredentialResponseEncryption = 'credential_response_encryption';
     // CredentialSigningAlgorithmValuesSupported
     case CredentialSigningAlgValuesSupported = 'credential_signing_alg_values_supported';
-    case CredentialSubject = 'credential_subject';
+    case Credential_Status = 'credentialStatus';
+    case Credential_Subject = 'credentialSubject';
     case CryptographicBindingMethodsSupported = 'cryptographic_binding_methods_supported';
     case DeferredCredentialEndpoint = 'deferred_credential_endpoint';
     case Delegation = 'delegation';
@@ -55,6 +56,7 @@ enum ClaimsEnum: string
     case EndSessionEndpoint = 'end_session_endpoint';
     // ExpirationTime
     case Exp = 'exp';
+    case Expiration_Date = 'expirationDate';
     case EncryptionRequired = 'encryption_required';
     // EncryptionValuesSupported
     case EncValuesSupported = 'enc_values_supported';
@@ -76,6 +78,7 @@ enum ClaimsEnum: string
     'introspection_endpoint_auth_signing_alg_values_supported';
     // Issuer
     case Iss = 'iss';
+    case Issuance_Date = 'issuanceDate';
     case Issuer = 'issuer';
     // JWT ID
     case Jti = 'jti';
@@ -107,6 +110,7 @@ enum ClaimsEnum: string
     case PolicyUri = 'policy_uri';
     case PostLogoutRedirectUris = 'post_logout_redirect_uris';
     case PreAuthorizedGrantAnonymousAccessSupported = 'pre-authorized_grant_anonymous_access_supported';
+    case Proof = 'proof';
     // ProofSigningAlgorithmValuesSupported
     case ProofSigningAlgValuesSupported = 'proof_signing_alg_values_supported';
     case ProofTypesSupported = 'proof_types_supported';

src/Helpers.php

@@ -5,6 +5,7 @@
 namespace SimpleSAML\OpenID;
 
 use SimpleSAML\OpenID\Helpers\Arr;
+use SimpleSAML\OpenID\Helpers\DateTime;
 use SimpleSAML\OpenID\Helpers\Json;
 use SimpleSAML\OpenID\Helpers\Type;
 use SimpleSAML\OpenID\Helpers\Url;
@@ -19,6 +20,8 @@ class Helpers
 
     protected static ?Type $type = null;
 
+    protected static ?DateTime $dateTime = null;
+
     public function url(): Url
     {
         return self::$url ??= new Url();
@@ -38,4 +41,9 @@ public function type(): Type
     {
         return self::$type ??= new Type();
     }
+
+    public function dateTime(): DateTime
+    {
+        return self::$dateTime ??= new DateTime();
+    }
 }

src/Helpers/DateTime.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\Helpers;
+
+use DateTimeImmutable;
+use DateTimeInterface;
+use DateTimeZone;
+
+class DateTime
+{
+    /**
+     * @throws \Exception
+     */
+    public function parseXsDateTime(string $input, ?DateTimeZone $tz = null): DateTimeImmutable
+    {
+        // Try extended RFC3339 (with microseconds)
+        $dt = DateTimeImmutable::createFromFormat(
+            DateTimeInterface::RFC3339_EXTENDED,
+            $input,
+            $tz,
+        );
+        if ($dt !== false) {
+            return $dt;
+        }
+
+        // Fall back to standard atom format (no microseconds)
+        $dt = DateTimeImmutable::createFromFormat(
+            DateTimeInterface::ATOM,
+            $input,
+            $tz,
+        );
+        if ($dt !== false) {
+            return $dt;
+        }
+
+        // Finally, let the constructor attempt flexible ISO8601 parsing
+        return new DateTimeImmutable($input, $tz);
+    }
+}

src/VerifiableCredentials/VcDataModel/Claims/VcClaimValue.php

@@ -4,6 +4,7 @@
 
 namespace SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims;
 
+use DateTimeImmutable;
 use JsonSerializable;
 
 class VcClaimValue implements JsonSerializable
@@ -18,8 +19,12 @@ public function __construct(
         protected readonly null|string $id,
         /** @var non-empty-array<non-empty-string> */
         protected readonly array $type,
-        protected readonly VcCredentialSubjectClaimBag $vcCredentialSubjectClaimBag,
+        protected readonly VcCredentialSubjectClaimBag $credentialSubjectClaimBag,
         protected readonly VcIssuerClaimValue $issuerClaimValue,
+        protected readonly DateTimeImmutable $issuanceDate,
+        protected readonly ?VcProofClaimValue $proofClaimValue,
+        protected readonly ?DateTimeImmutable $expirationDate,
+        protected readonly ?VcCredentialStatusClaimValue $credentialStatusClaimValue,
     ) {
     }
 
@@ -55,11 +60,31 @@ public function getType(): array
 
     public function getCredentialSubject(): VcCredentialSubjectClaimBag
     {
-        return $this->vcCredentialSubjectClaimBag;
+        return $this->credentialSubjectClaimBag;
     }
 
     public function getIssuer(): VcIssuerClaimValue
     {
         return $this->issuerClaimValue;
     }
+
+    public function getIssuanceDate(): DateTimeImmutable
+    {
+        return $this->issuanceDate;
+    }
+
+    public function getProof(): ?VcProofClaimValue
+    {
+        return $this->proofClaimValue;
+    }
+
+    public function getExpirationDate(): ?DateTimeImmutable
+    {
+        return $this->expirationDate;
+    }
+
+    public function getCredentialStatus(): ?VcCredentialStatusClaimValue
+    {
+        return $this->credentialStatusClaimValue;
+    }
 }

src/VerifiableCredentials/VcDataModel/Claims/VcCredentialStatusClaimValue.php

@@ -0,0 +1,73 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims;
+
+use SimpleSAML\OpenID\Claims\ClaimInterface;
+use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
+
+class VcCredentialStatusClaimValue implements ClaimInterface
+{
+    /** @var non-empty-array<mixed> */
+    protected array $data;
+
+    /**
+     * @param non-empty-string $id,
+     * @param non-empty-string $type
+     * @param mixed[] $otherClaims
+     */
+    public function __construct(
+        protected string $id,
+        protected string $type,
+        array $otherClaims = [],
+    ) {
+        $this->data = array_merge(
+            $otherClaims,
+            [ClaimsEnum::Id->value => $this->$id],
+            [ClaimsEnum::Type->value => $this->type],
+        );
+    }
+
+    /**
+     * @return non-empty-string
+     */
+    public function getId(): string
+    {
+        return $this->id;
+    }
+
+    /**
+     * @return non-empty-string
+     */
+    public function getType(): string
+    {
+        return $this->type;
+    }
+
+    public function getKey(int|string $key): mixed
+    {
+        return $this->data[$key] ?? null;
+    }
+
+    public function getName(): string
+    {
+        return ClaimsEnum::Credential_Status->value;
+    }
+
+    /**
+     * @return non-empty-array<mixed>
+     */
+    public function getValue(): array
+    {
+        return $this->data;
+    }
+
+    /**
+     * @return non-empty-array<mixed>
+     */
+    public function jsonSerialize(): array
+    {
+        return $this->getValue();
+    }
+}

src/VerifiableCredentials/VcDataModel/Claims/VcProofClaimValue.php

@@ -0,0 +1,63 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims;
+
+use SimpleSAML\OpenID\Claims\ClaimInterface;
+use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
+
+class VcProofClaimValue implements ClaimInterface
+{
+    /** @var non-empty-array<mixed> */
+    protected array $data;
+
+    /**
+     * @param non-empty-string $type
+     * @param mixed[] $otherClaims
+     */
+    public function __construct(
+        protected string $type,
+        array $otherClaims = [],
+        protected readonly string $name = ClaimsEnum::Proof->value,
+    ) {
+        $this->data = array_merge(
+            $otherClaims,
+            [ClaimsEnum::Type->value => $this->type],
+        );
+    }
+
+    /**
+     * @return non-empty-string
+     */
+    public function getType(): string
+    {
+        return $this->type;
+    }
+
+    public function getKey(int|string $key): mixed
+    {
+        return $this->data[$key] ?? null;
+    }
+
+    public function getName(): string
+    {
+        return $this->name;
+    }
+
+    /**
+     * @return non-empty-array<mixed>
+     */
+    public function getValue(): array
+    {
+        return $this->data;
+    }
+
+    /**
+     * @return non-empty-array<mixed>
+     */
+    public function jsonSerialize(): array
+    {
+        return $this->getValue();
+    }
+}

src/VerifiableCredentials/VcDataModel/Factories/VcDataModelClaimFactory.php

@@ -4,15 +4,18 @@
 
 namespace SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Factories;
 
+use DateTimeImmutable;
 use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
 use SimpleSAML\OpenID\Exceptions\VcDataModelException;
 use SimpleSAML\OpenID\Factories\ClaimFactory;
 use SimpleSAML\OpenID\Helpers;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcAtContextClaimValue;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcClaimValue;
+use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcCredentialStatusClaimValue;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcCredentialSubjectClaimBag;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcCredentialSubjectClaimValue;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcIssuerClaimValue;
+use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcProofClaimValue;
 
 class VcDataModelClaimFactory
 {
@@ -32,13 +35,21 @@ public function buildVcClaimValue(
         array $vcType,
         VcCredentialSubjectClaimBag $vcCredentialSubjectClaimBag,
         VcIssuerClaimValue $vcIssuerClaimValue,
+        DateTimeImmutable $vcIssuanceDate,
+        ?VcProofClaimValue $vcProofClaimValue,
+        ?DateTimeImmutable $vcExpirationDate,
+        ?VcCredentialStatusClaimValue $vcCredentialStatusClaimValue,
     ): VcClaimValue {
         return new VcClaimValue(
             $vcAtContextClaimValue,
             $vcId,
             $vcType,
             $vcCredentialSubjectClaimBag,
             $vcIssuerClaimValue,
+            $vcIssuanceDate,
+            $vcProofClaimValue,
+            $vcExpirationDate,
+            $vcCredentialStatusClaimValue,
         );
     }
 
@@ -94,4 +105,40 @@ public function buildVcIssuerClaimValue(array $data): VcIssuerClaimValue
 
         return new VcIssuerClaimValue($id, $data);
     }
+
+    /**
+     * @param non-empty-array<mixed> $data
+     * @throws \SimpleSAML\OpenID\Exceptions\VcDataModelException
+     * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
+     */
+    public function buildVcProofClaimValue(array $data): VcProofClaimValue
+    {
+        $type = $data[ClaimsEnum::Type->value] ?? throw new VcDataModelException(
+            'No Type claim value available.',
+        );
+
+        $type = $this->helpers->type()->ensureNonEmptyString($type);
+
+        return new VcProofClaimValue($type, $data);
+    }
+
+    /**
+     * @param non-empty-array<mixed> $data
+     * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
+     * @throws \SimpleSAML\OpenID\Exceptions\VcDataModelException
+     */
+    public function buildVcCredentialStatusClaimValue(array $data): VcCredentialStatusClaimValue
+    {
+        $id = $data[ClaimsEnum::Id->value] ?? throw new VcDataModelException(
+            'No Issuer ID claim value available.',
+        );
+        $id = $this->helpers->type()->enforceUri($id);
+
+        $type = $data[ClaimsEnum::Type->value] ?? throw new VcDataModelException(
+            'No Type claim value available.',
+        );
+        $type = $this->helpers->type()->ensureNonEmptyString($type);
+
+        return new VcCredentialStatusClaimValue($id, $type, $data);
+    }
 }