Struct identity_iota::client::CredentialValidator

#[non_exhaustive]
pub struct CredentialValidator;

A struct for validating Credentials.

Implementations

impl CredentialValidator

pub fn validate<T, D>(
    credential: &Credential<T>,
    issuer: &D,
    options: &CredentialValidationOptions,
    fail_fast: FailFast
) -> Result<(), CompoundCredentialValidationError> where
    T: Serialize,
    D: AsRef<IotaDocument>, 

Validates a Credential.

The following properties are validated according to options:

• the issuer’s signature,
• the expiration date,
• the issuance date,
• the semantic structure.

Warning

The lack of an error returned from this method is in of itself not enough to conclude that the credential can be trusted. This section contains more information on additional checks that should be carried out before and after calling this method.

The state of the issuer’s DID Document

The caller must ensure that issuer represents an up-to-date DID Document. The convenience method Resolver::resolve_credential_issuer can help extract the latest available state of the issuer’s DID Document.

Properties that are not validated

There are many properties defined in The Verifiable Credentials Data Model that are not validated, such as: credentialStatus, type, credentialSchema, refreshService, and more. These should be manually checked after validation, according to your requirements.

Errors

An error is returned whenever a validated condition is not satisfied.

pub fn check_structure<T>(
    credential: &Credential<T>
) -> Result<(), ValidationError>

Validates the semantic structure of the Credential.

Warning

This does not validate against the credential’s schema nor the structure of the subject claims.

pub fn check_expires_on_or_after<T>(
    credential: &Credential<T>,
    timestamp: Timestamp
) -> Result<(), ValidationError>

Validate that the Credential expires on or after the specified Timestamp.

pub fn check_issued_on_or_before<T>(
    credential: &Credential<T>,
    timestamp: Timestamp
) -> Result<(), ValidationError>

Validate that the Credential is issued on or before the specified Timestamp.

pub fn verify_signature<T, D>(
    credential: &Credential<T>,
    trusted_issuers: &[D],
    options: &VerifierOptions
) -> Result<(), ValidationError> where
    T: Serialize,
    D: AsRef<IotaDocument>, 

Verify the signature using the DID Document of a trusted issuer.

Warning

The caller must ensure that the DID Documents of the trusted issuers are up-to-date.

Errors

This method immediately returns an error if the credential issuer’ url cannot be parsed to a DID belonging to one of the trusted issuers. Otherwise an attempt to verify the credential’s signature will be made and an error is returned upon failure.

pub fn check_subject_holder_relationship<T>(
    credential: &Credential<T>,
    holder: &Url,
    relationship: SubjectHolderRelationship
) -> Result<(), ValidationError>

Validate that the relationship between the holder and the credential subjects is in accordance with relationship.

pub fn check_status<T, D>(
    credential: &Credential<T>,
    trusted_issuers: &[D],
    status_check: StatusCheck
) -> Result<(), ValidationError> where
    D: AsRef<IotaDocument>, 

Checks whether the credential status has been revoked.

Only supports BitmapRevocation2022.

Trait Implementations

impl Clone for CredentialValidator

fn clone(&self) -> CredentialValidator

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CredentialValidator

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.