generated from iotaledger/template
-
Notifications
You must be signed in to change notification settings - Fork 3
/
sd_jwt.rs
85 lines (73 loc) · 2.78 KB
/
sd_jwt.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Copyright 2020-2024 IOTA Stiftung
// SPDX-License-Identifier: Apache-2.0
use std::error::Error;
use josekit::jws::JwsHeader;
use josekit::jws::HS256;
use josekit::jwt::JwtPayload;
use josekit::jwt::{self};
use sd_jwt_payload::Disclosure;
use sd_jwt_payload::SdJwt;
use sd_jwt_payload::SdObjectDecoder;
use sd_jwt_payload::SdObjectEncoder;
use sd_jwt_payload::HEADER_TYP;
use serde_json::json;
fn main() -> Result<(), Box<dyn Error>> {
let object = json!({
"sub": "user_42",
"given_name": "John",
"family_name": "Doe",
"email": "[email protected]",
"phone_number": "+1-202-555-0101",
"phone_number_verified": true,
"address": {
"street_address": "123 Main St",
"locality": "Anytown",
"region": "Anystate",
"country": "US"
},
"birthdate": "1940-01-01",
"updated_at": 1570000000,
"nationalities": [
"US",
"DE"
]
});
let mut encoder: SdObjectEncoder = object.try_into()?;
let disclosures: Vec<Disclosure> = vec![
encoder.conceal("/email", None)?,
encoder.conceal("/phone_number", None)?,
encoder.conceal("/address/street_address", None)?,
encoder.conceal("/address", None)?,
encoder.conceal("/nationalities/0", None)?,
];
encoder.add_decoys("/nationalities", 3)?;
encoder.add_decoys("", 4)?; // Add decoys to the top level.
encoder.add_sd_alg_property();
println!("encoded object: {}", serde_json::to_string_pretty(encoder.object()?)?);
// Create the JWT.
// Creating JWTs is outside the scope of this library, josekit is used here as an example.
let mut header = JwsHeader::new();
header.set_token_type(HEADER_TYP);
// Use the encoded object as a payload for the JWT.
let payload = JwtPayload::from_map(encoder.object()?.clone())?;
let key = b"0123456789ABCDEF0123456789ABCDEF";
let signer = HS256.signer_from_bytes(key)?;
let jwt = jwt::encode_with_signer(&payload, &header, &signer)?;
// Create an SD_JWT by collecting the disclosures and creating an `SdJwt` instance.
let disclosures: Vec<String> = disclosures
.into_iter()
.map(|disclosure| disclosure.to_string())
.collect();
let sd_jwt: SdJwt = SdJwt::new(jwt, disclosures.clone(), None);
let sd_jwt: String = sd_jwt.presentation();
// Decoding the SD-JWT
// Extract the payload from the JWT of the SD-JWT after verifying the signature.
let sd_jwt: SdJwt = SdJwt::parse(&sd_jwt)?;
let verifier = HS256.verifier_from_bytes(key)?;
let (payload, _header) = jwt::decode_with_verifier(&sd_jwt.jwt, &verifier)?;
// Decode the payload by providing the disclosures that were parsed from the SD-JWT.
let decoder = SdObjectDecoder::new_with_sha256();
let decoded = decoder.decode(payload.claims_set(), &sd_jwt.disclosures)?;
println!("decoded object: {}", serde_json::to_string_pretty(&decoded)?);
Ok(())
}