Skip to main content

Dat

idprova_core::dat::token

Struct Dat 

Source 
pub struct Dat {
    pub header: DatHeader,
    pub claims: DatClaims,
    /* private fields */
}
Expand description

A complete Delegation Attestation Token.

Fields§

§header: DatHeader§claims: DatClaims

Implementations§

Source§

impl Dat

Source

pub fn issue( issuer_did: &str, subject_did: &str, scope: Vec<String>, expires_at: DateTime<Utc>, constraints: Option<DatConstraints>, config_attestation: Option<String>, signing_key: &KeyPair, ) -> Result<Self>

Issue a new DAT signed by the issuer’s keypair.

Source

pub fn to_compact(&self) -> Result<String>

Serialize to compact JWS format: header.payload.signature

Source

pub fn from_compact(compact: &str) -> Result<Self>

Parse a compact JWS string into a DAT (without verifying the signature).

Preserves the raw base64url-encoded header.payload as raw_signing_input so that verify_signature can verify against the exact original bytes.

Source

pub fn verify_signature(&self, public_key_bytes: &[u8; 32]) -> Result<()>

Verify the DAT’s signature against a public key.

Uses the raw signing input from the original compact JWS when available, falling back to re-serialization for tokens created via issue().

Source

pub fn is_expired(&self) -> bool

Check if the DAT is expired.

Source

pub fn is_not_yet_valid(&self) -> bool

Check if the DAT is not yet valid (before nbf).

Source

pub fn validate_timing(&self) -> Result<()>

Validate timing constraints (not expired, not before valid).

Source

pub fn verify( &self, public_key_bytes: &[u8; 32], required_scope: &str, ctx: &EvaluationContext, ) -> Result<()>

Full verification pipeline.

Runs all checks in order:

  1. Signature verification
  2. Timing (exp + nbf)
  3. Scope — required_scope must be permitted by the DAT’s scope set
  4. Constraint policy engine (rate limit, IP, trust, depth, geofence, time windows)
  5. Config attestation (if constraint requires it)

Delegation depth is taken as the maximum of ctx.delegation_depth and the length of claims.delegation_chain, so the stricter value always wins.

Pass required_scope = "" to skip the scope check (e.g. for token introspection).

Trait Implementations§

Source§

impl Clone for Dat

Source§

fn clone(&self) -> Dat

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Dat

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl Freeze for Dat

§

impl RefUnwindSafe for Dat

§

impl Send for Dat

§

impl Sync for Dat

§

impl Unpin for Dat

§

impl UnsafeUnpin for Dat

§

impl UnwindSafe for Dat

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V