//! Generated by `trust-tasks-codegen` — do not edit by hand.
//!
//! Spec slug: `vault/sign-trust-task`. Version: `0.1`.
#[allow(unused_imports)]
use serde::{Deserialize, Serialize};
/// Error types.
pub mod error {
/// Error from a `TryFrom` or `FromStr` implementation.
pub struct ConversionError(::std::borrow::Cow<'static, str>);
impl ::std::error::Error for ConversionError {}
impl ::std::fmt::Display for ConversionError {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> Result<(), ::std::fmt::Error> {
::std::fmt::Display::fmt(&self.0, f)
}
}
impl ::std::fmt::Debug for ConversionError {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> Result<(), ::std::fmt::Error> {
::std::fmt::Debug::fmt(&self.0, f)
}
}
impl From<&'static str> for ConversionError {
fn from(value: &'static str) -> Self {
Self(value.into())
}
}
impl From<String> for ConversionError {
fn from(value: String) -> Self {
Self(value.into())
}
}
}
///`ConsumerContext`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "title": "ConsumerContext",
/// "type": "object",
/// "properties": {
/// "deviceId": {
/// "description": "Device-binding id assigned at registration. The maintainer cross-checks this against the authenticated transport identity.",
/// "type": "string",
/// "minLength": 1
/// },
/// "lastUserVerificationAt": {
/// "description": "Most recent local user-verification on the consumer device (WebAuthn UV, biometric unlock). The maintainer's policy may require this to be within N seconds.",
/// "type": "string",
/// "format": "date-time"
/// },
/// "networkClass": {
/// "description": "Producer-supplied network classification. Advisory.",
/// "type": "string",
/// "enum": [
/// "unknown",
/// "home",
/// "corp",
/// "public",
/// "vpn"
/// ]
/// }
/// },
/// "additionalProperties": false
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct ConsumerContext {
///Device-binding id assigned at registration. The maintainer cross-checks this against the authenticated transport identity.
#[serde(
rename = "deviceId",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub device_id: ::std::option::Option<ConsumerContextDeviceId>,
///Most recent local user-verification on the consumer device (WebAuthn UV, biometric unlock). The maintainer's policy may require this to be within N seconds.
#[serde(
rename = "lastUserVerificationAt",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub last_user_verification_at: ::std::option::Option<::chrono::DateTime<::chrono::offset::Utc>>,
///Producer-supplied network classification. Advisory.
#[serde(
rename = "networkClass",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub network_class: ::std::option::Option<ConsumerContextNetworkClass>,
}
impl ::std::convert::From<&ConsumerContext> for ConsumerContext {
fn from(value: &ConsumerContext) -> Self {
value.clone()
}
}
impl ::std::default::Default for ConsumerContext {
fn default() -> Self {
Self {
device_id: Default::default(),
last_user_verification_at: Default::default(),
network_class: Default::default(),
}
}
}
///Device-binding id assigned at registration. The maintainer cross-checks this against the authenticated transport identity.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Device-binding id assigned at registration. The maintainer cross-checks this against the authenticated transport identity.",
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct ConsumerContextDeviceId(::std::string::String);
impl ::std::ops::Deref for ConsumerContextDeviceId {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<ConsumerContextDeviceId> for ::std::string::String {
fn from(value: ConsumerContextDeviceId) -> Self {
value.0
}
}
impl ::std::convert::From<&ConsumerContextDeviceId> for ConsumerContextDeviceId {
fn from(value: &ConsumerContextDeviceId) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for ConsumerContextDeviceId {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for ConsumerContextDeviceId {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for ConsumerContextDeviceId {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for ConsumerContextDeviceId {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for ConsumerContextDeviceId {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///Producer-supplied network classification. Advisory.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Producer-supplied network classification. Advisory.",
/// "type": "string",
/// "enum": [
/// "unknown",
/// "home",
/// "corp",
/// "public",
/// "vpn"
/// ]
///}
/// ```
/// </details>
#[derive(
::serde::Deserialize,
::serde::Serialize,
Clone,
Copy,
Debug,
Eq,
Hash,
Ord,
PartialEq,
PartialOrd,
)]
pub enum ConsumerContextNetworkClass {
#[serde(rename = "unknown")]
Unknown,
#[serde(rename = "home")]
Home,
#[serde(rename = "corp")]
Corp,
#[serde(rename = "public")]
Public,
#[serde(rename = "vpn")]
Vpn,
}
impl ::std::convert::From<&Self> for ConsumerContextNetworkClass {
fn from(value: &ConsumerContextNetworkClass) -> Self {
value.clone()
}
}
impl ::std::fmt::Display for ConsumerContextNetworkClass {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result {
match *self {
Self::Unknown => f.write_str("unknown"),
Self::Home => f.write_str("home"),
Self::Corp => f.write_str("corp"),
Self::Public => f.write_str("public"),
Self::Vpn => f.write_str("vpn"),
}
}
}
impl ::std::str::FromStr for ConsumerContextNetworkClass {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
match value {
"unknown" => Ok(Self::Unknown),
"home" => Ok(Self::Home),
"corp" => Ok(Self::Corp),
"public" => Ok(Self::Public),
"vpn" => Ok(Self::Vpn),
_ => Err("invalid value".into()),
}
}
}
impl ::std::convert::TryFrom<&str> for ConsumerContextNetworkClass {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for ConsumerContextNetworkClass {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for ConsumerContextNetworkClass {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
///Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "title": "Ext",
/// "description": "Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.",
/// "type": "object",
/// "minProperties": 1,
/// "additionalProperties": true,
/// "propertyNames": {
/// "pattern": "^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$"
/// }
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(transparent)]
pub struct Ext(pub ::std::collections::HashMap<ExtKey, ::serde_json::Value>);
impl ::std::ops::Deref for Ext {
type Target = ::std::collections::HashMap<ExtKey, ::serde_json::Value>;
fn deref(&self) -> &::std::collections::HashMap<ExtKey, ::serde_json::Value> {
&self.0
}
}
impl ::std::convert::From<Ext> for ::std::collections::HashMap<ExtKey, ::serde_json::Value> {
fn from(value: Ext) -> Self {
value.0
}
}
impl ::std::convert::From<&Ext> for Ext {
fn from(value: &Ext) -> Self {
value.clone()
}
}
impl ::std::convert::From<::std::collections::HashMap<ExtKey, ::serde_json::Value>> for Ext {
fn from(value: ::std::collections::HashMap<ExtKey, ::serde_json::Value>) -> Self {
Self(value)
}
}
///`ExtKey`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "type": "string",
/// "pattern": "^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$"
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct ExtKey(::std::string::String);
impl ::std::ops::Deref for ExtKey {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<ExtKey> for ::std::string::String {
fn from(value: ExtKey) -> Self {
value.0
}
}
impl ::std::convert::From<&ExtKey> for ExtKey {
fn from(value: &ExtKey) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for ExtKey {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
static PATTERN: ::std::sync::LazyLock<::regress::Regex> =
::std::sync::LazyLock::new(|| {
::regress::Regex::new("^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$").unwrap()
});
if PATTERN.find(value).is_none() {
return Err("doesn't match pattern \"^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$\"".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for ExtKey {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for ExtKey {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for ExtKey {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for ExtKey {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///Consumer asks the maintainer to attach a Data Integrity proof (eddsa-jcs-2022) to a Trust Task envelope, signing as the principal DID of a `did-self-issued` or `didcomm-peer` vault entry. The long-term signing key never leaves the maintainer. This is the per-envelope signing complement to `vault/proxy-login/0.1`'s session-credential minting: proxy-login mints a session at session-start; sign-trust-task signs individual follow-up tasks during the session.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "$id": "https://trusttasks.org/spec/vault/sign-trust-task/0.1",
/// "title": "Payload",
/// "description": "Consumer asks the maintainer to attach a Data Integrity proof (eddsa-jcs-2022) to a Trust Task envelope, signing as the principal DID of a `did-self-issued` or `didcomm-peer` vault entry. The long-term signing key never leaves the maintainer. This is the per-envelope signing complement to `vault/proxy-login/0.1`'s session-credential minting: proxy-login mints a session at session-start; sign-trust-task signs individual follow-up tasks during the session.",
/// "type": "object",
/// "required": [
/// "entryId",
/// "unsignedEnvelope"
/// ],
/// "properties": {
/// "consumerContext": {
/// "description": "Caller's situational context — fed to the policy engine.",
/// "$ref": "#/definitions/ConsumerContext"
/// },
/// "entryId": {
/// "description": "Identifier of the vault entry whose principal will sign. The maintainer rejects with `not_signable` when `entry.secretKind` is not `did-self-issued` or `didcomm-peer` (other kinds have no DID-based signing identity).",
/// "type": "string",
/// "minLength": 1
/// },
/// "ext": {
/// "$ref": "#/definitions/Ext"
/// },
/// "stepUpProof": {
/// "description": "Step-up proof on retry after `step_up_required`.",
/// "$ref": "#/definitions/StepUpProof"
/// },
/// "unsignedEnvelope": {
/// "description": "The Trust Task document to sign. MUST satisfy the framework's structural requirements (id/type/issuer/recipient/issuedAt/payload). MUST NOT carry a `proof`. `issuer` MUST equal the referenced entry's principalDid — the maintainer refuses to silently rewrite `issuer` (see `envelope_issuer_mismatch`).",
/// "$ref": "#/definitions/UnsignedTrustTaskEnvelope"
/// }
/// },
/// "additionalProperties": false
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct Payload {
///Caller's situational context — fed to the policy engine.
#[serde(
rename = "consumerContext",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub consumer_context: ::std::option::Option<ConsumerContext>,
///Identifier of the vault entry whose principal will sign. The maintainer rejects with `not_signable` when `entry.secretKind` is not `did-self-issued` or `didcomm-peer` (other kinds have no DID-based signing identity).
#[serde(rename = "entryId")]
pub entry_id: PayloadEntryId,
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub ext: ::std::option::Option<Ext>,
///Step-up proof on retry after `step_up_required`.
#[serde(
rename = "stepUpProof",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub step_up_proof: ::std::option::Option<StepUpProof>,
///The Trust Task document to sign. MUST satisfy the framework's structural requirements (id/type/issuer/recipient/issuedAt/payload). MUST NOT carry a `proof`. `issuer` MUST equal the referenced entry's principalDid — the maintainer refuses to silently rewrite `issuer` (see `envelope_issuer_mismatch`).
#[serde(rename = "unsignedEnvelope")]
pub unsigned_envelope: UnsignedTrustTaskEnvelope,
}
impl ::std::convert::From<&Payload> for Payload {
fn from(value: &Payload) -> Self {
value.clone()
}
}
///Identifier of the vault entry whose principal will sign. The maintainer rejects with `not_signable` when `entry.secretKind` is not `did-self-issued` or `didcomm-peer` (other kinds have no DID-based signing identity).
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Identifier of the vault entry whose principal will sign. The maintainer rejects with `not_signable` when `entry.secretKind` is not `did-self-issued` or `didcomm-peer` (other kinds have no DID-based signing identity).",
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct PayloadEntryId(::std::string::String);
impl ::std::ops::Deref for PayloadEntryId {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<PayloadEntryId> for ::std::string::String {
fn from(value: PayloadEntryId) -> Self {
value.0
}
}
impl ::std::convert::From<&PayloadEntryId> for PayloadEntryId {
fn from(value: &PayloadEntryId) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for PayloadEntryId {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for PayloadEntryId {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for PayloadEntryId {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for PayloadEntryId {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for PayloadEntryId {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///`Response`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "title": "Response",
/// "type": "object",
/// "required": [
/// "signedEnvelope"
/// ],
/// "properties": {
/// "ext": {
/// "$ref": "#/definitions/Ext"
/// },
/// "signedEnvelope": {
/// "description": "The supplied `unsignedEnvelope` with a Data Integrity `proof` attached. `proof.verificationMethod` is `<principalDid>#<signingKeyId>`; `proof.proofPurpose` is `assertionMethod`; `proof.cryptosuite` is `eddsa-jcs-2022`. All other members of the envelope (`id`, `type`, `issuer`, `recipient`, `issuedAt`, `expiresAt`, `payload`, `ext`) are unchanged from the request.",
/// "type": "object",
/// "required": [
/// "id",
/// "issuedAt",
/// "issuer",
/// "payload",
/// "proof",
/// "recipient",
/// "type"
/// ]
/// }
/// },
/// "additionalProperties": false,
/// "$anchor": "response"
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct Response {
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub ext: ::std::option::Option<Ext>,
#[serde(rename = "signedEnvelope")]
pub signed_envelope: ResponseSignedEnvelope,
}
impl ::std::convert::From<&Response> for Response {
fn from(value: &Response) -> Self {
value.clone()
}
}
///The supplied `unsignedEnvelope` with a Data Integrity `proof` attached. `proof.verificationMethod` is `<principalDid>#<signingKeyId>`; `proof.proofPurpose` is `assertionMethod`; `proof.cryptosuite` is `eddsa-jcs-2022`. All other members of the envelope (`id`, `type`, `issuer`, `recipient`, `issuedAt`, `expiresAt`, `payload`, `ext`) are unchanged from the request.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "The supplied `unsignedEnvelope` with a Data Integrity `proof` attached. `proof.verificationMethod` is `<principalDid>#<signingKeyId>`; `proof.proofPurpose` is `assertionMethod`; `proof.cryptosuite` is `eddsa-jcs-2022`. All other members of the envelope (`id`, `type`, `issuer`, `recipient`, `issuedAt`, `expiresAt`, `payload`, `ext`) are unchanged from the request.",
/// "type": "object",
/// "required": [
/// "id",
/// "issuedAt",
/// "issuer",
/// "payload",
/// "proof",
/// "recipient",
/// "type"
/// ]
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
pub struct ResponseSignedEnvelope {
pub id: ::serde_json::Value,
#[serde(rename = "issuedAt")]
pub issued_at: ::serde_json::Value,
pub issuer: ::serde_json::Value,
pub payload: ::serde_json::Value,
pub proof: ::serde_json::Value,
pub recipient: ::serde_json::Value,
#[serde(rename = "type")]
pub type_: ::serde_json::Value,
}
impl ::std::convert::From<&ResponseSignedEnvelope> for ResponseSignedEnvelope {
fn from(value: &ResponseSignedEnvelope) -> Self {
value.clone()
}
}
///`StepUpProof`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "title": "StepUpProof",
/// "type": "object",
/// "required": [
/// "challengeId",
/// "kind",
/// "proof"
/// ],
/// "properties": {
/// "challengeId": {
/// "description": "Maintainer-issued challenge id the proof responds to.",
/// "type": "string",
/// "minLength": 1
/// },
/// "kind": {
/// "type": "string",
/// "enum": [
/// "webauthn-uv",
/// "push-approval",
/// "totp"
/// ]
/// },
/// "proof": {
/// "description": "Format depends on kind: WebAuthn assertion (base64url), DIDComm approval-response message id, or 6–8-digit TOTP code.",
/// "type": "string"
/// }
/// },
/// "additionalProperties": false
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct StepUpProof {
///Maintainer-issued challenge id the proof responds to.
#[serde(rename = "challengeId")]
pub challenge_id: StepUpProofChallengeId,
pub kind: StepUpProofKind,
///Format depends on kind: WebAuthn assertion (base64url), DIDComm approval-response message id, or 6–8-digit TOTP code.
pub proof: ::std::string::String,
}
impl ::std::convert::From<&StepUpProof> for StepUpProof {
fn from(value: &StepUpProof) -> Self {
value.clone()
}
}
///Maintainer-issued challenge id the proof responds to.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Maintainer-issued challenge id the proof responds to.",
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct StepUpProofChallengeId(::std::string::String);
impl ::std::ops::Deref for StepUpProofChallengeId {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<StepUpProofChallengeId> for ::std::string::String {
fn from(value: StepUpProofChallengeId) -> Self {
value.0
}
}
impl ::std::convert::From<&StepUpProofChallengeId> for StepUpProofChallengeId {
fn from(value: &StepUpProofChallengeId) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for StepUpProofChallengeId {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for StepUpProofChallengeId {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for StepUpProofChallengeId {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for StepUpProofChallengeId {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for StepUpProofChallengeId {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///`StepUpProofKind`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "type": "string",
/// "enum": [
/// "webauthn-uv",
/// "push-approval",
/// "totp"
/// ]
///}
/// ```
/// </details>
#[derive(
::serde::Deserialize,
::serde::Serialize,
Clone,
Copy,
Debug,
Eq,
Hash,
Ord,
PartialEq,
PartialOrd,
)]
pub enum StepUpProofKind {
#[serde(rename = "webauthn-uv")]
WebauthnUv,
#[serde(rename = "push-approval")]
PushApproval,
#[serde(rename = "totp")]
Totp,
}
impl ::std::convert::From<&Self> for StepUpProofKind {
fn from(value: &StepUpProofKind) -> Self {
value.clone()
}
}
impl ::std::fmt::Display for StepUpProofKind {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result {
match *self {
Self::WebauthnUv => f.write_str("webauthn-uv"),
Self::PushApproval => f.write_str("push-approval"),
Self::Totp => f.write_str("totp"),
}
}
}
impl ::std::str::FromStr for StepUpProofKind {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
match value {
"webauthn-uv" => Ok(Self::WebauthnUv),
"push-approval" => Ok(Self::PushApproval),
"totp" => Ok(Self::Totp),
_ => Err("invalid value".into()),
}
}
}
impl ::std::convert::TryFrom<&str> for StepUpProofKind {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for StepUpProofKind {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for StepUpProofKind {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
///Permissive shape for an unsigned Trust Task document — the framework-required members MUST be present, and `proof` MUST NOT be. The maintainer does not validate the inner `payload` against the embedded `type`'s schema; that validation is the recipient's responsibility.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "title": "Unsigned Trust Task envelope",
/// "description": "Permissive shape for an unsigned Trust Task document — the framework-required members MUST be present, and `proof` MUST NOT be. The maintainer does not validate the inner `payload` against the embedded `type`'s schema; that validation is the recipient's responsibility.",
/// "type": "object",
/// "not": {
/// "required": [
/// "proof"
/// ]
/// },
/// "required": [
/// "id",
/// "issuedAt",
/// "issuer",
/// "payload",
/// "recipient",
/// "type"
/// ],
/// "properties": {
/// "expiresAt": {
/// "description": "Optional inner-task expiry. The maintainer rejects with `envelope_expired` when this is in the past at sign time.",
/// "type": "string",
/// "format": "date-time"
/// },
/// "ext": {
/// "$ref": "#/definitions/Ext"
/// },
/// "id": {
/// "description": "Envelope identifier. Set by the producer of the inner task.",
/// "type": "string",
/// "minLength": 1
/// },
/// "issuedAt": {
/// "description": "Producer's wall-clock when the inner task was constructed. Maintainer copies through; the proof's `created` is the maintainer's wall-clock at signing.",
/// "type": "string",
/// "format": "date-time"
/// },
/// "issuer": {
/// "description": "Issuer DID of the inner task. MUST equal the vault entry's principalDid — the maintainer rejects mismatches with `envelope_issuer_mismatch` rather than overwriting.",
/// "type": "string",
/// "minLength": 1
/// },
/// "payload": {
/// "description": "Inner task's payload object. Opaque to the maintainer — passed through unchanged into the signed envelope."
/// },
/// "recipient": {
/// "description": "Recipient DID — the relying party / audience the signed envelope will be delivered to.",
/// "type": "string",
/// "minLength": 1
/// },
/// "threadId": {
/// "description": "Optional thread/correlation id, per framework §4.x.",
/// "type": "string",
/// "minLength": 1
/// },
/// "type": {
/// "description": "Type URI of the inner Trust Task (e.g. `https://trusttasks.org/spec/acl/grant/0.1`).",
/// "type": "string",
/// "format": "uri",
/// "minLength": 1
/// }
/// },
/// "$anchor": "unsigned-envelope"
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
pub struct UnsignedTrustTaskEnvelope {
///Optional inner-task expiry. The maintainer rejects with `envelope_expired` when this is in the past at sign time.
#[serde(
rename = "expiresAt",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub expires_at: ::std::option::Option<::chrono::DateTime<::chrono::offset::Utc>>,
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub ext: ::std::option::Option<Ext>,
///Envelope identifier. Set by the producer of the inner task.
pub id: UnsignedTrustTaskEnvelopeId,
///Producer's wall-clock when the inner task was constructed. Maintainer copies through; the proof's `created` is the maintainer's wall-clock at signing.
#[serde(rename = "issuedAt")]
pub issued_at: ::chrono::DateTime<::chrono::offset::Utc>,
///Issuer DID of the inner task. MUST equal the vault entry's principalDid — the maintainer rejects mismatches with `envelope_issuer_mismatch` rather than overwriting.
pub issuer: UnsignedTrustTaskEnvelopeIssuer,
///Inner task's payload object. Opaque to the maintainer — passed through unchanged into the signed envelope.
pub payload: ::serde_json::Value,
///Recipient DID — the relying party / audience the signed envelope will be delivered to.
pub recipient: UnsignedTrustTaskEnvelopeRecipient,
///Optional thread/correlation id, per framework §4.x.
#[serde(
rename = "threadId",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub thread_id: ::std::option::Option<UnsignedTrustTaskEnvelopeThreadId>,
///Type URI of the inner Trust Task (e.g. `https://trusttasks.org/spec/acl/grant/0.1`).
#[serde(rename = "type")]
pub type_: ::std::string::String,
}
impl ::std::convert::From<&UnsignedTrustTaskEnvelope> for UnsignedTrustTaskEnvelope {
fn from(value: &UnsignedTrustTaskEnvelope) -> Self {
value.clone()
}
}
///Envelope identifier. Set by the producer of the inner task.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Envelope identifier. Set by the producer of the inner task.",
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct UnsignedTrustTaskEnvelopeId(::std::string::String);
impl ::std::ops::Deref for UnsignedTrustTaskEnvelopeId {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<UnsignedTrustTaskEnvelopeId> for ::std::string::String {
fn from(value: UnsignedTrustTaskEnvelopeId) -> Self {
value.0
}
}
impl ::std::convert::From<&UnsignedTrustTaskEnvelopeId> for UnsignedTrustTaskEnvelopeId {
fn from(value: &UnsignedTrustTaskEnvelopeId) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for UnsignedTrustTaskEnvelopeId {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for UnsignedTrustTaskEnvelopeId {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for UnsignedTrustTaskEnvelopeId {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for UnsignedTrustTaskEnvelopeId {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for UnsignedTrustTaskEnvelopeId {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///Issuer DID of the inner task. MUST equal the vault entry's principalDid — the maintainer rejects mismatches with `envelope_issuer_mismatch` rather than overwriting.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Issuer DID of the inner task. MUST equal the vault entry's principalDid — the maintainer rejects mismatches with `envelope_issuer_mismatch` rather than overwriting.",
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct UnsignedTrustTaskEnvelopeIssuer(::std::string::String);
impl ::std::ops::Deref for UnsignedTrustTaskEnvelopeIssuer {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<UnsignedTrustTaskEnvelopeIssuer> for ::std::string::String {
fn from(value: UnsignedTrustTaskEnvelopeIssuer) -> Self {
value.0
}
}
impl ::std::convert::From<&UnsignedTrustTaskEnvelopeIssuer> for UnsignedTrustTaskEnvelopeIssuer {
fn from(value: &UnsignedTrustTaskEnvelopeIssuer) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for UnsignedTrustTaskEnvelopeIssuer {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for UnsignedTrustTaskEnvelopeIssuer {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for UnsignedTrustTaskEnvelopeIssuer {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for UnsignedTrustTaskEnvelopeIssuer {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for UnsignedTrustTaskEnvelopeIssuer {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///Recipient DID — the relying party / audience the signed envelope will be delivered to.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Recipient DID — the relying party / audience the signed envelope will be delivered to.",
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct UnsignedTrustTaskEnvelopeRecipient(::std::string::String);
impl ::std::ops::Deref for UnsignedTrustTaskEnvelopeRecipient {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<UnsignedTrustTaskEnvelopeRecipient> for ::std::string::String {
fn from(value: UnsignedTrustTaskEnvelopeRecipient) -> Self {
value.0
}
}
impl ::std::convert::From<&UnsignedTrustTaskEnvelopeRecipient>
for UnsignedTrustTaskEnvelopeRecipient
{
fn from(value: &UnsignedTrustTaskEnvelopeRecipient) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for UnsignedTrustTaskEnvelopeRecipient {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for UnsignedTrustTaskEnvelopeRecipient {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for UnsignedTrustTaskEnvelopeRecipient {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for UnsignedTrustTaskEnvelopeRecipient {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for UnsignedTrustTaskEnvelopeRecipient {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///Optional thread/correlation id, per framework §4.x.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Optional thread/correlation id, per framework §4.x.",
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct UnsignedTrustTaskEnvelopeThreadId(::std::string::String);
impl ::std::ops::Deref for UnsignedTrustTaskEnvelopeThreadId {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<UnsignedTrustTaskEnvelopeThreadId> for ::std::string::String {
fn from(value: UnsignedTrustTaskEnvelopeThreadId) -> Self {
value.0
}
}
impl ::std::convert::From<&UnsignedTrustTaskEnvelopeThreadId>
for UnsignedTrustTaskEnvelopeThreadId
{
fn from(value: &UnsignedTrustTaskEnvelopeThreadId) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for UnsignedTrustTaskEnvelopeThreadId {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for UnsignedTrustTaskEnvelopeThreadId {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for UnsignedTrustTaskEnvelopeThreadId {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for UnsignedTrustTaskEnvelopeThreadId {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for UnsignedTrustTaskEnvelopeThreadId {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
impl crate::Payload for Payload {
const TYPE_URI: &'static str = "https://trusttasks.org/spec/vault/sign-trust-task/0.1";
const IS_PROOF_REQUIRED: bool = true;
}
impl crate::Payload for Response {
const TYPE_URI: &'static str = "https://trusttasks.org/spec/vault/sign-trust-task/0.1#response";
const IS_PROOF_REQUIRED: bool = true;
}
#[cfg(feature = "validate")]
impl crate::validate::ValidatedPayload for Payload {
const SCHEMA_JSON: &'static str = "{\n \"$defs\": {\n \"ConsumerContext\": {\n \"additionalProperties\": false,\n \"properties\": {\n \"deviceId\": {\n \"description\": \"Device-binding id assigned at registration. The maintainer cross-checks this against the authenticated transport identity.\",\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"lastUserVerificationAt\": {\n \"description\": \"Most recent local user-verification on the consumer device (WebAuthn UV, biometric unlock). The maintainer's policy may require this to be within N seconds.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"networkClass\": {\n \"description\": \"Producer-supplied network classification. Advisory.\",\n \"enum\": [\n \"unknown\",\n \"home\",\n \"corp\",\n \"public\",\n \"vpn\"\n ],\n \"type\": \"string\"\n }\n },\n \"title\": \"ConsumerContext\",\n \"type\": \"object\"\n },\n \"Ext\": {\n \"additionalProperties\": true,\n \"description\": \"Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.\",\n \"minProperties\": 1,\n \"propertyNames\": {\n \"pattern\": \"^[a-z][a-z0-9-]*(\\\\.[a-z0-9-]+)+$\"\n },\n \"title\": \"Ext\",\n \"type\": \"object\"\n },\n \"Response\": {\n \"$anchor\": \"response\",\n \"additionalProperties\": false,\n \"properties\": {\n \"ext\": {\n \"$ref\": \"#/$defs/Ext\"\n },\n \"signedEnvelope\": {\n \"description\": \"The supplied `unsignedEnvelope` with a Data Integrity `proof` attached. `proof.verificationMethod` is `<principalDid>#<signingKeyId>`; `proof.proofPurpose` is `assertionMethod`; `proof.cryptosuite` is `eddsa-jcs-2022`. All other members of the envelope (`id`, `type`, `issuer`, `recipient`, `issuedAt`, `expiresAt`, `payload`, `ext`) are unchanged from the request.\",\n \"required\": [\n \"id\",\n \"type\",\n \"issuer\",\n \"recipient\",\n \"issuedAt\",\n \"payload\",\n \"proof\"\n ],\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"signedEnvelope\"\n ],\n \"title\": \"Vault Sign Trust Task — response payload\",\n \"type\": \"object\"\n },\n \"StepUpProof\": {\n \"additionalProperties\": false,\n \"properties\": {\n \"challengeId\": {\n \"description\": \"Maintainer-issued challenge id the proof responds to.\",\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"kind\": {\n \"enum\": [\n \"webauthn-uv\",\n \"push-approval\",\n \"totp\"\n ],\n \"type\": \"string\"\n },\n \"proof\": {\n \"description\": \"Format depends on kind: WebAuthn assertion (base64url), DIDComm approval-response message id, or 6–8-digit TOTP code.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"kind\",\n \"proof\",\n \"challengeId\"\n ],\n \"title\": \"StepUpProof\",\n \"type\": \"object\"\n },\n \"UnsignedTrustTaskEnvelope\": {\n \"$anchor\": \"unsigned-envelope\",\n \"description\": \"Permissive shape for an unsigned Trust Task document — the framework-required members MUST be present, and `proof` MUST NOT be. The maintainer does not validate the inner `payload` against the embedded `type`'s schema; that validation is the recipient's responsibility.\",\n \"not\": {\n \"required\": [\n \"proof\"\n ]\n },\n \"properties\": {\n \"expiresAt\": {\n \"description\": \"Optional inner-task expiry. The maintainer rejects with `envelope_expired` when this is in the past at sign time.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"ext\": {\n \"$ref\": \"#/$defs/Ext\"\n },\n \"id\": {\n \"description\": \"Envelope identifier. Set by the producer of the inner task.\",\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"issuedAt\": {\n \"description\": \"Producer's wall-clock when the inner task was constructed. Maintainer copies through; the proof's `created` is the maintainer's wall-clock at signing.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"issuer\": {\n \"description\": \"Issuer DID of the inner task. MUST equal the vault entry's principalDid — the maintainer rejects mismatches with `envelope_issuer_mismatch` rather than overwriting.\",\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"payload\": {\n \"description\": \"Inner task's payload object. Opaque to the maintainer — passed through unchanged into the signed envelope.\"\n },\n \"recipient\": {\n \"description\": \"Recipient DID — the relying party / audience the signed envelope will be delivered to.\",\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"threadId\": {\n \"description\": \"Optional thread/correlation id, per framework §4.x.\",\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"type\": {\n \"description\": \"Type URI of the inner Trust Task (e.g. `https://trusttasks.org/spec/acl/grant/0.1`).\",\n \"format\": \"uri\",\n \"minLength\": 1,\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"issuer\",\n \"recipient\",\n \"issuedAt\",\n \"payload\"\n ],\n \"title\": \"Unsigned Trust Task envelope\",\n \"type\": \"object\"\n }\n },\n \"$id\": \"https://trusttasks.org/spec/vault/sign-trust-task/0.1\",\n \"$schema\": \"https://json-schema.org/draft/2020-12/schema\",\n \"additionalProperties\": false,\n \"description\": \"Consumer asks the maintainer to attach a Data Integrity proof (eddsa-jcs-2022) to a Trust Task envelope, signing as the principal DID of a `did-self-issued` or `didcomm-peer` vault entry. The long-term signing key never leaves the maintainer. This is the per-envelope signing complement to `vault/proxy-login/0.1`'s session-credential minting: proxy-login mints a session at session-start; sign-trust-task signs individual follow-up tasks during the session.\",\n \"properties\": {\n \"consumerContext\": {\n \"$ref\": \"#/$defs/ConsumerContext\",\n \"description\": \"Caller's situational context — fed to the policy engine.\"\n },\n \"entryId\": {\n \"description\": \"Identifier of the vault entry whose principal will sign. The maintainer rejects with `not_signable` when `entry.secretKind` is not `did-self-issued` or `didcomm-peer` (other kinds have no DID-based signing identity).\",\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"ext\": {\n \"$ref\": \"#/$defs/Ext\"\n },\n \"stepUpProof\": {\n \"$ref\": \"#/$defs/StepUpProof\",\n \"description\": \"Step-up proof on retry after `step_up_required`.\"\n },\n \"unsignedEnvelope\": {\n \"$ref\": \"#/$defs/UnsignedTrustTaskEnvelope\",\n \"description\": \"The Trust Task document to sign. MUST satisfy the framework's structural requirements (id/type/issuer/recipient/issuedAt/payload). MUST NOT carry a `proof`. `issuer` MUST equal the referenced entry's principalDid — the maintainer refuses to silently rewrite `issuer` (see `envelope_issuer_mismatch`).\"\n }\n },\n \"required\": [\n \"entryId\",\n \"unsignedEnvelope\"\n ],\n \"title\": \"Vault Sign Trust Task — payload\",\n \"type\": \"object\"\n}\n";
}