{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://schemas.ishare.eu/v3/party/claims/x509-certificate/schema.json",
  "title": "Verifiable Credential: iSHARE X509 Certificate Claim",
  "description": "Verifiable Credential envelope for an iSHARE X509 Certificate Claim. VC 2.0 fields at the top level; domain-specific claims under credentialSubject. This schema describes the unsigned VC envelope (without proof).",
  "type": "object",
  "properties": {
    "@context": {
      "type": "array",
      "minItems": 2,
      "maxItems": 2,
      "items": [
        { "const": "https://www.w3.org/ns/credentials/v2" },
        { "const": "https://schemas.ishare.eu/v3/party/claims/x509-certificate/context.jsonld" }
      ]
    },
    "type": {
      "type": "array",
      "minItems": 2,
      "maxItems": 2,
      "items": [
        { "const": "VerifiableCredential" },
        { "const": "X509CertificateCredential" }
      ]
    },
    "id": { "type": "string" },
    "issuer": {
      "oneOf": [
        { "type": "string" },
        {
          "type": "object",
          "properties": { "id": { "type": "string" } },
          "required": ["id"],
          "additionalProperties": true
        }
      ]
    },
    "validFrom": { "type": "string", "format": "date-time" },
    "validUntil": { "type": "string", "format": "date-time" },
    "credentialStatus": {
      "$ref": "https://schemas.ishare.eu/v3/common/credential-status.json#/$defs/CredentialStatus",
      "description": "Credential status for checking revocation, suspension, or refresh status using bitstring status lists (BitstringStatusListEntry) as defined in W3C Bitstring Status List v1.0"
    },
    "credentialSubject": { "$ref": "#/$defs/X509CertificateClaimSubject" }
  },
  "required": ["@context", "type", "issuer", "credentialStatus", "credentialSubject"],
  "additionalProperties": false,
  "$defs": {
    "X509CertificateClaimSubject": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "type": { "type": "string", "const": "x509Certificate" },
        "registrarId": { "type": "string" },
        "subjectName": { 
          "type": "string",
          "description": "subjectName as encoded in the X.509 certificate which corresponds with the party that is being requested from the Participant Registry. Used by the Participant Registry to match the certificate identifier.",
          "example": "CN=Test Service Consumer,organizationIdentifier=NTRNL-10000001,O=Test Service Consumer,C=NL"
        },
        "certificateType": { 
          "type": "string",
          "description": "type of certificate",
          "example": "eSEAL"
        },
        "x5c": { 
          "type": "string",
          "description": "The base64 encoded pem format value of the certificate identified by its subject name and fingerprint"
        },
        "x5t#s256": { 
          "type": "string",
          "description": "The SHA256 fingerprint of the certificate",
          "example": "4E4FD2B1D7D5DF3858CDAA80DE02AD4E0C530939BB65C57E18CEADA431C6872C"
        }
      },
      "required": ["id", "type", "registrarId", "subjectName", "certificateType", "x5c", "x5t#s256"],
      "additionalProperties": false
    }
  }
}