WIP JwtVcJson

cicnavi · cicnavi · commit 68b189da8f7d · 2025-04-24T16:12:42.000+02:00
diff --git a/src/Codebooks/ClaimsEnum.php b/src/Codebooks/ClaimsEnum.php
@@ -44,6 +44,7 @@ enum ClaimsEnum: string
     case CredentialEndpoint = 'credential_endpoint';
     case CredentialIssuer = 'credential_issuer';
     case CredentialResponseEncryption = 'credential_response_encryption';
+    case Credential_Schema = 'credentialSchema';
     // CredentialSigningAlgorithmValuesSupported
     case CredentialSigningAlgValuesSupported = 'credential_signing_alg_values_supported';
     case Credential_Status = 'credentialStatus';
diff --git a/src/VerifiableCredentials/VcDataModel/Claims/AbstractIdentifiedTypedClaimValue.php b/src/VerifiableCredentials/VcDataModel/Claims/AbstractIdentifiedTypedClaimValue.php
@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims;
+
+use SimpleSAML\OpenID\Claims\ClaimInterface;
+use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
+
+abstract class AbstractIdentifiedTypedClaimValue implements ClaimInterface
+{
+    /** @var non-empty-array<mixed> */
+    protected array $data;
+
+    /**
+     * @param non-empty-string $id,
+     * @param non-empty-string $type
+     * @param mixed[] $otherClaims
+     */
+    public function __construct(
+        protected string $id,
+        protected string $type,
+        array $otherClaims = [],
+    ) {
+        $this->data = array_merge(
+            $otherClaims,
+            [ClaimsEnum::Id->value => $this->$id],
+            [ClaimsEnum::Type->value => $this->type],
+        );
+    }
+
+    /**
+     * @return non-empty-string
+     */
+    public function getId(): string
+    {
+        return $this->id;
+    }
+
+    /**
+     * @return non-empty-string
+     */
+    public function getType(): string
+    {
+        return $this->type;
+    }
+
+    public function getKey(int|string $key): mixed
+    {
+        return $this->data[$key] ?? null;
+    }
+
+    abstract public function getName(): string;
+
+    /**
+     * @return non-empty-array<mixed>
+     */
+    public function getValue(): array
+    {
+        return $this->data;
+    }
+
+    /**
+     * @return non-empty-array<mixed>
+     */
+    public function jsonSerialize(): array
+    {
+        return $this->getValue();
+    }
+}
diff --git a/src/VerifiableCredentials/VcDataModel/Claims/VcClaimValue.php b/src/VerifiableCredentials/VcDataModel/Claims/VcClaimValue.php
@@ -26,6 +26,7 @@ public function __construct(
         protected readonly ?VcProofClaimValue $proofClaimValue,
         protected readonly ?DateTimeImmutable $expirationDate,
         protected readonly ?VcCredentialStatusClaimValue $credentialStatusClaimValue,
+        protected readonly ?VcCredentialSchemaClaimBag $credentialSchemaClaimBag,
     ) {
     }
 
@@ -88,6 +89,11 @@ public function getCredentialStatus(): ?VcCredentialStatusClaimValue
         return $this->credentialStatusClaimValue;
     }
 
+    public function getCredentialSchema(): ?VcCredentialSchemaClaimBag
+    {
+        return $this->credentialSchemaClaimBag;
+    }
+
     public function getName(): string
     {
         return ClaimsEnum::Vc->value;
diff --git a/src/VerifiableCredentials/VcDataModel/Claims/VcCredentialSchemaClaimBag.php b/src/VerifiableCredentials/VcDataModel/Claims/VcCredentialSchemaClaimBag.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims;
+
+use SimpleSAML\OpenID\Claims\ClaimInterface;
+use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
+
+class VcCredentialSchemaClaimBag implements ClaimInterface
+{
+    /** @var \SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcCredentialSchemaClaimValue[] */
+    protected array $vcCredentialSchemaClaimValueValues;
+
+    public function __construct(
+        VcCredentialSchemaClaimValue $vcCredentialSchemaClaimValue,
+        VcCredentialSchemaClaimValue ...$vcCredentialSchemaClaimValueValues,
+    ) {
+        $this->vcCredentialSchemaClaimValueValues = [
+            $vcCredentialSchemaClaimValue,
+            ...$vcCredentialSchemaClaimValueValues,
+        ];
+    }
+
+    /**
+     * @return mixed[]
+     */
+    public function jsonSerialize(): array
+    {
+        return $this->getValue();
+    }
+
+    public function getName(): string
+    {
+        return ClaimsEnum::Credential_Schema->value;
+    }
+
+    /**
+     * @return mixed[]
+     */
+    public function getValue(): array
+    {
+        return array_map(
+            fn(
+                VcCredentialSchemaClaimValue $vcCredentialSchemaClaimValue,
+            ): array => $vcCredentialSchemaClaimValue->jsonSerialize(),
+            $this->vcCredentialSchemaClaimValueValues,
+        );
+    }
+}
diff --git a/src/VerifiableCredentials/VcDataModel/Claims/VcCredentialSchemaClaimValue.php b/src/VerifiableCredentials/VcDataModel/Claims/VcCredentialSchemaClaimValue.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims;
+
+use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
+
+class VcCredentialSchemaClaimValue extends AbstractIdentifiedTypedClaimValue
+{
+    public function getName(): string
+    {
+        return ClaimsEnum::Credential_Schema->value;
+    }
+}
diff --git a/src/VerifiableCredentials/VcDataModel/Claims/VcCredentialStatusClaimValue.php b/src/VerifiableCredentials/VcDataModel/Claims/VcCredentialStatusClaimValue.php
@@ -4,70 +4,12 @@
 
 namespace SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims;
 
-use SimpleSAML\OpenID\Claims\ClaimInterface;
 use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
 
-class VcCredentialStatusClaimValue implements ClaimInterface
+class VcCredentialStatusClaimValue extends AbstractIdentifiedTypedClaimValue
 {
-    /** @var non-empty-array<mixed> */
-    protected array $data;
-
-    /**
-     * @param non-empty-string $id,
-     * @param non-empty-string $type
-     * @param mixed[] $otherClaims
-     */
-    public function __construct(
-        protected string $id,
-        protected string $type,
-        array $otherClaims = [],
-    ) {
-        $this->data = array_merge(
-            $otherClaims,
-            [ClaimsEnum::Id->value => $this->$id],
-            [ClaimsEnum::Type->value => $this->type],
-        );
-    }
-
-    /**
-     * @return non-empty-string
-     */
-    public function getId(): string
-    {
-        return $this->id;
-    }
-
-    /**
-     * @return non-empty-string
-     */
-    public function getType(): string
-    {
-        return $this->type;
-    }
-
-    public function getKey(int|string $key): mixed
-    {
-        return $this->data[$key] ?? null;
-    }
-
     public function getName(): string
     {
         return ClaimsEnum::Credential_Status->value;
     }
-
-    /**
-     * @return non-empty-array<mixed>
-     */
-    public function getValue(): array
-    {
-        return $this->data;
-    }
-
-    /**
-     * @return non-empty-array<mixed>
-     */
-    public function jsonSerialize(): array
-    {
-        return $this->getValue();
-    }
 }
diff --git a/src/VerifiableCredentials/VcDataModel/Factories/VcDataModelClaimFactory.php b/src/VerifiableCredentials/VcDataModel/Factories/VcDataModelClaimFactory.php
@@ -11,6 +11,8 @@
 use SimpleSAML\OpenID\Helpers;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcAtContextClaimValue;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcClaimValue;
+use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcCredentialSchemaClaimBag;
+use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcCredentialSchemaClaimValue;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcCredentialStatusClaimValue;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcCredentialSubjectClaimBag;
 use SimpleSAML\OpenID\VerifiableCredentials\VcDataModel\Claims\VcCredentialSubjectClaimValue;
@@ -39,6 +41,7 @@ public function buildVcClaimValue(
         ?VcProofClaimValue $vcProofClaimValue,
         ?DateTimeImmutable $vcExpirationDate,
         ?VcCredentialStatusClaimValue $vcCredentialStatusClaimValue,
+        ?VcCredentialSchemaClaimBag $vcCredentialSchemaClaimBag,
     ): VcClaimValue {
         return new VcClaimValue(
             $vcAtContextClaimValue,
@@ -50,6 +53,7 @@ public function buildVcClaimValue(
             $vcProofClaimValue,
             $vcExpirationDate,
             $vcCredentialStatusClaimValue,
+            $vcCredentialSchemaClaimBag,
         );
     }
 
@@ -71,10 +75,17 @@ public function buildVcCredentialSubjectClaimValue(array $data): VcCredentialSub
     }
 
     /**
-     * @param non-empty-array<non-empty-array<mixed>> $data
+     * @param mixed[] $data
+     * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
      */
     public function buildVcCredentialSubjectClaimBag(array $data): VcCredentialSubjectClaimBag
     {
+        if ($this->helpers->arr()->isAssociative($data)) {
+            $data = [$data];
+        }
+
+        $data = $this->helpers->type()->enforceNonEmptyArrayOfNonEmptyArrays($data);
+
         $vcCredentialSubjectClaimValueData =  array_shift($data);
 
         $vcCredentialSubjectClaimValue = $this->buildVcCredentialSubjectClaimValue($vcCredentialSubjectClaimValueData);
@@ -91,14 +102,14 @@ public function buildVcCredentialSubjectClaimBag(array $data): VcCredentialSubje
     }
 
     /**
-     * @param non-empty-array<mixed> $data
+     * @param mixed[] $data
      * @throws \SimpleSAML\OpenID\Exceptions\VcDataModelException
      * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
      */
     public function buildVcIssuerClaimValue(array $data): VcIssuerClaimValue
     {
         $id = $data[ClaimsEnum::Id->value] ?? throw new VcDataModelException(
-            'No Issuer ID claim value available.',
+            'No ID claim value available.',
         );
 
         $id = $this->helpers->type()->enforceUri($id);
@@ -107,7 +118,7 @@ public function buildVcIssuerClaimValue(array $data): VcIssuerClaimValue
     }
 
     /**
-     * @param non-empty-array<mixed> $data
+     * @param mixed[] $data
      * @throws \SimpleSAML\OpenID\Exceptions\VcDataModelException
      * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
      */
@@ -123,14 +134,14 @@ public function buildVcProofClaimValue(array $data): VcProofClaimValue
     }
 
     /**
-     * @param non-empty-array<mixed> $data
+     * @param mixed[] $data
      * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
      * @throws \SimpleSAML\OpenID\Exceptions\VcDataModelException
      */
     public function buildVcCredentialStatusClaimValue(array $data): VcCredentialStatusClaimValue
     {
         $id = $data[ClaimsEnum::Id->value] ?? throw new VcDataModelException(
-            'No Issuer ID claim value available.',
+            'No ID claim value available.',
         );
         $id = $this->helpers->type()->enforceUri($id);
 
@@ -141,4 +152,52 @@ public function buildVcCredentialStatusClaimValue(array $data): VcCredentialStat
 
         return new VcCredentialStatusClaimValue($id, $type, $data);
     }
+
+    /**
+     * @param non-empty-array<mixed> $data
+     * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
+     * @throws \SimpleSAML\OpenID\Exceptions\VcDataModelException
+     */
+    public function buildVcCredentialSchemaClaimValue(array $data): VcCredentialSchemaClaimValue
+    {
+        $id = $data[ClaimsEnum::Id->value] ?? throw new VcDataModelException(
+            'No ID claim value available.',
+        );
+        $id = $this->helpers->type()->enforceUri($id);
+
+        $type = $data[ClaimsEnum::Type->value] ?? throw new VcDataModelException(
+            'No Type claim value available.',
+        );
+        $type = $this->helpers->type()->ensureNonEmptyString($type);
+
+        return new VcCredentialSchemaClaimValue($id, $type, $data);
+    }
+
+    /**
+     * @param mixed[] $data
+     * @throws \SimpleSAML\OpenID\Exceptions\InvalidValueException
+     * @throws \SimpleSAML\OpenID\Exceptions\VcDataModelException
+     */
+    public function buildVcCredentialSchemaClaimBag(array $data): VcCredentialSchemaClaimBag
+    {
+        if ($this->helpers->arr()->isAssociative($data)) {
+            $data = [$data];
+        }
+
+        $data = $this->helpers->type()->enforceNonEmptyArrayOfNonEmptyArrays($data);
+
+        $vcCredentialSchemaClaimValueData =  array_shift($data);
+
+        $vcCredentialSchemaClaimValue = $this->buildVcCredentialSchemaClaimValue($vcCredentialSchemaClaimValueData);
+
+        $vcCredentialSchemaClaimValues = array_map(
+            fn (array $data): VcCredentialSchemaClaimValue => $this->buildVcCredentialSchemaClaimValue($data),
+            $data,
+        );
+
+        return new VcCredentialSchemaClaimBag(
+            $vcCredentialSchemaClaimValue,
+            ...$vcCredentialSchemaClaimValues,
+        );
+    }
 }
diff --git a/src/VerifiableCredentials/VcDataModel/JwtVcJson.php b/src/VerifiableCredentials/VcDataModel/JwtVcJson.php
diff --git a/tests/src/Jws/JwsDecoratorTest.php b/tests/src/Jws/JwsDecoratorTest.php

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ public function __construct(`
`26`	`26`	`protected readonly ?VcProofClaimValue $proofClaimValue,`
`27`	`27`	`protected readonly ?DateTimeImmutable $expirationDate,`
`28`	`28`	`protected readonly ?VcCredentialStatusClaimValue $credentialStatusClaimValue,`
	`29`	`+ protected readonly ?VcCredentialSchemaClaimBag $credentialSchemaClaimBag,`
`29`	`30`	`) {`
`30`	`31`	`}`
`31`	`32`
`@@ -88,6 +89,11 @@ public function getCredentialStatus(): ?VcCredentialStatusClaimValue`
`88`	`89`	`return $this->credentialStatusClaimValue;`
`89`	`90`	`}`
`90`	`91`
	`92`	`+ public function getCredentialSchema(): ?VcCredentialSchemaClaimBag`
	`93`	`+ {`
	`94`	`+ return $this->credentialSchemaClaimBag;`
	`95`	`+ }`
	`96`	`+`
`91`	`97`	`public function getName(): string`
`92`	`98`	`{`
`93`	`99`	`return ClaimsEnum::Vc->value;`