keep nlohmann::json private

lib/hpke/CMakeLists.txt

@@ -13,13 +13,23 @@ find_package(OpenSSL 1.1 REQUIRED)
 file(GLOB_RECURSE LIB_HEADERS CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/include/*.h")
 file(GLOB_RECURSE LIB_SOURCES CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/src/*.cpp")
 
+# https://gitlab.kitware.com/cmake/cmake/-/issues/15415#note_334852
+# Warning: this will fail once nlohman_json stops being header-only!
+get_target_property(JSON_INCLUDE_INTERFACE nlohmann_json::nlohmann_json INTERFACE_INCLUDE_DIRECTORIES)
+
 add_library(${CURRENT_LIB_NAME} ${LIB_HEADERS} ${LIB_SOURCES})
 add_dependencies(${CURRENT_LIB_NAME} bytes tls_syntax)
-target_link_libraries(${CURRENT_LIB_NAME} 
+target_include_directories(${CURRENT_LIB_NAME}
   PRIVATE
-    nlohmann_json::nlohmann_json OpenSSL::Crypto
+    "${JSON_INCLUDE_INTERFACE}")
+
+target_link_libraries(${CURRENT_LIB_NAME} 
   PUBLIC
-    bytes tls_syntax)
+    bytes tls_syntax
+  PRIVATE
+    OpenSSL::Crypto
+)
+
 target_include_directories(${CURRENT_LIB_NAME}
   PUBLIC
     $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>

lib/hpke/include/hpke/userinfo_vc.h

@@ -6,7 +6,6 @@
 #include <chrono>
 #include <hpke/signature.h>
 #include <map>
-#include <nlohmann/json.hpp>
 
 using namespace MLS_NAMESPACE::bytes_ns;
 
@@ -21,7 +20,7 @@ struct UserInfoClaimsAddress
   std::optional<std::string> postal_code;
   std::optional<std::string> country;
 
-  static UserInfoClaimsAddress from_json(const nlohmann::json& address_json);
+  static UserInfoClaimsAddress from_json(const std::string& address);
 };
 
 struct UserInfoClaims
@@ -48,7 +47,7 @@ struct UserInfoClaims
   std::optional<UserInfoClaimsAddress> address;
   std::optional<uint64_t> updated_at;
 
-  static UserInfoClaims from_json(const nlohmann::json& cred_subject_json);
+  static UserInfoClaims from_json(const std::string& cred_subject);
 };
 
 struct UserInfoVC

lib/hpke/src/userinfo_vc.cpp

@@ -265,7 +265,7 @@ struct UserInfoVC::ParsedCredential
       epoch_time(payload.at("nbf").get<int64_t>()),
       epoch_time(payload.at("exp").get<int64_t>()),
 
-      UserInfoClaims::from_json(vc.at("credentialSubject")),
+      UserInfoClaims::from_json(vc.at("credentialSubject").dump()),
       std::move(public_key),
 
       to_be_signed,
@@ -282,8 +282,10 @@ struct UserInfoVC::ParsedCredential
 /// UserInfoClaimsAddress
 ///
 UserInfoClaimsAddress
-UserInfoClaimsAddress::from_json(const nlohmann::json& address_json)
+UserInfoClaimsAddress::from_json(const std::string& address)
 {
+  const auto& address_json = nlohmann::json::parse(address);
+
   return {
     get_optional<std::string>(address_json, address_formatted_attr),
     get_optional<std::string>(address_json, address_street_address_attr),
@@ -298,13 +300,15 @@ UserInfoClaimsAddress::from_json(const nlohmann::json& address_json)
 /// UserInfoClaims
 ///
 UserInfoClaims
-UserInfoClaims::from_json(const nlohmann::json& cred_subject_json)
+UserInfoClaims::from_json(const std::string& cred_subject)
 {
+  const auto& cred_subject_json = nlohmann::json::parse(cred_subject);
+
   std::optional<UserInfoClaimsAddress> address_opt = {};
 
   if (cred_subject_json.contains(address_attr)) {
-    address_opt =
-      UserInfoClaimsAddress::from_json(cred_subject_json.at(address_attr));
+    address_opt = UserInfoClaimsAddress::from_json(
+      cred_subject_json.at(address_attr).dump());
   }
 
   return {

lib/hpke/test/userinfo_vc.cpp

@@ -175,7 +175,8 @@ TEST_CASE("UserInfoClaims Field Parsing")
     { "updated_at", 42 }
   };
 
-  const auto userinfo_claims = UserInfoClaims::from_json(credentialSubject);
+  const auto userinfo_claims =
+    UserInfoClaims::from_json(credentialSubject.dump());
 
   CHECK(userinfo_claims.sub == credentialSubject.at("sub"));
   CHECK(userinfo_claims.name == credentialSubject.at("name"));
@@ -214,14 +215,14 @@ TEST_CASE("UserInfoClaims Field Parsing")
 TEST_CASE("UserInfoClaims Edge Cases")
 {
   CHECK_THROWS_WITH(
-    UserInfoClaims::from_json({ { "updated_at", "42" } }),
+    UserInfoClaims::from_json(R"({"updated_at": "42"})"),
     "[json.exception.type_error.302] type must be number, but is string");
 
   CHECK_THROWS_WITH(
-    UserInfoClaims::from_json({ { "name", true } }),
+    UserInfoClaims::from_json(R"({"name": true})"),
     "[json.exception.type_error.302] type must be string, but is boolean");
 
   CHECK_THROWS_WITH(
-    UserInfoClaims::from_json({ { "email_verified", "true" } }),
+    UserInfoClaims::from_json(R"({"email_verified": "true"})"),
     "[json.exception.type_error.302] type must be boolean, but is string");
 }