cawg_identity/builder/credential_holder.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
// Copyright 2024 Adobe. All rights reserved.
// This file is licensed to you under the Apache License,
// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
// or the MIT license (http://opensource.org/licenses/MIT),
// at your option.
// Unless required by applicable law or agreed to in writing,
// this software is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
// specific language governing permissions and limitations under
// each license.
use async_trait::async_trait;
use crate::{builder::IdentityBuilderError, SignerPayload};
/// An implementation of `CredentialHolder` is able to generate a signature over
/// the [`SignerPayload`] data structure on behalf of a credential holder.
///
/// Implementations of this trait will specialize based on the kind of
/// credential as specified in [§8. Credentials, signatures, and validation
/// methods] from the CAWG Identity Assertion specification.
///
/// [§8. Credentials, signatures, and validation methods]: https://cawg.io/identity/1.1-draft/#_credentials_signatures_and_validation_methods
#[cfg(not(target_arch = "wasm32"))]
#[async_trait]
pub trait CredentialHolder: Send + Sync {
/// Returns the designated `sig_type` value for this kind of credential.
fn sig_type(&self) -> &'static str;
/// Returns the maximum expected size in bytes of the `signature`
/// field for the identity assertion which will be subsequently
/// returned by the [`sign`] function. Signing will fail if the
/// subsequent signature is larger than this number of bytes.
///
/// [`sign`]: Self::sign
fn reserve_size(&self) -> usize;
/// Signs the [`SignerPayload`] data structure on behalf of the credential
/// holder.
///
/// If successful, returns the exact binary content to be placed in
/// the `signature` field for this identity assertion.
///
/// The signature MUST NOT be larger than the size previously stated
/// by the [`reserve_size`] function.
///
/// [`reserve_size`]: Self::reserve_size
async fn sign(&self, signer_payload: &SignerPayload) -> Result<Vec<u8>, IdentityBuilderError>;
}
/// An implementation of `CredentialHolder` is able to generate a signature over
/// the [`SignerPayload`] data structure on behalf of a credential holder.
///
/// Implementations of this trait will specialize based on the kind of
/// credential as specified in [§8. Credentials, signatures, and validation
/// methods] from the CAWG Identity Assertion specification.
///
/// [§8. Credentials, signatures, and validation methods]: https://cawg.io/identity/1.1-draft/#_credentials_signatures_and_validation_methods
#[cfg(target_arch = "wasm32")]
#[async_trait(?Send)]
pub trait CredentialHolder {
/// Returns the designated `sig_type` value for this kind of credential.
fn sig_type(&self) -> &'static str;
/// Returns the maximum expected size in bytes of the `signature`
/// field for the identity assertion which will be subsequently
/// returned by the [`sign`] function. Signing will fail if the
/// subsequent signature is larger than this number of bytes.
///
/// [`sign`]: Self::sign
fn reserve_size(&self) -> usize;
/// Signs the [`SignerPayload`] data structure on behalf of the credential
/// holder.
///
/// If successful, returns the exact binary content to be placed in
/// the `signature` field for this identity assertion.
///
/// The signature MUST NOT be larger than the size previously stated
/// by the [`reserve_size`] function.
///
/// [`reserve_size`]: Self::reserve_size
async fn sign(&self, signer_payload: &SignerPayload) -> Result<Vec<u8>, IdentityBuilderError>;
}