From ab2042e4ce2d3f97f878e0f3638ba90c2eb8c670 Mon Sep 17 00:00:00 2001 From: Gerard Snaauw <33763579+gerardsn@users.noreply.github.com> Date: Fri, 17 Nov 2023 09:18:21 +0100 Subject: [PATCH] also validate Claim Format against InputDescriptor (#2608) --- vcr/pe/presentation_definition.go | 18 +-------- vcr/pe/presentation_definition_test.go | 51 +++++++++++++++----------- 2 files changed, 32 insertions(+), 37 deletions(-) diff --git a/vcr/pe/presentation_definition.go b/vcr/pe/presentation_definition.go index 4b1261641c..027f957fbf 100644 --- a/vcr/pe/presentation_definition.go +++ b/vcr/pe/presentation_definition.go @@ -86,7 +86,8 @@ func (presentationDefinition PresentationDefinition) matchConstraints(vcs []vc.V if err != nil { return nil, err } - if isMatch && matchFormat(presentationDefinition.Format, credential) { + // InputDescriptor formats must be a subset of the PresentationDefinition formats, so it must satisfy both. + if isMatch && matchFormat(presentationDefinition.Format, credential) && matchFormat(inputDescriptor.Format, credential) { match.VC = &credential break } @@ -260,21 +261,6 @@ func matchProofType(proofType string, credential vc.VerifiableCredential) bool { return false } -func matchDescriptor(descriptor InputDescriptor, credential vc.VerifiableCredential) (*InputDescriptorMappingObject, error) { - match, err := matchCredential(descriptor, credential) - if err != nil { - return nil, err - } - if !match { - return nil, nil - } - - return &InputDescriptorMappingObject{ - Id: descriptor.Id, - Format: credential.Format(), - }, nil -} - func matchCredential(descriptor InputDescriptor, credential vc.VerifiableCredential) (bool, error) { // for each constraint in descriptor.constraints: // a vc must match the constraint diff --git a/vcr/pe/presentation_definition_test.go b/vcr/pe/presentation_definition_test.go index 32ecd602d5..03e10aa3fe 100644 --- a/vcr/pe/presentation_definition_test.go +++ b/vcr/pe/presentation_definition_test.go @@ -123,6 +123,36 @@ func TestMatch(t *testing.T) { assert.Len(t, mappingObjects, 1) }) }) + t.Run("Input Descriptor Claim Format matching", func(t *testing.T) { + presentationDefinition := PresentationDefinition{} + _ = json.Unmarshal([]byte(testPresentationDefinition), &presentationDefinition) + // making sure this test doesn't break when testPresentationDefinition changes + fullFormat := presentationDefinition.Format + require.NotNil(t, fullFormat) + require.NotNil(t, (*fullFormat)["jwt_vc"]) + require.NotNil(t, (*fullFormat)["ldp_vc"]) + t.Run("Input Descriptor format only", func(t *testing.T) { + presentationDefinition.Format = nil + presentationDefinition.InputDescriptors[0].Format = fullFormat + + vcs, mappingObjects, err := presentationDefinition.Match([]vc.VerifiableCredential{verifiableCredential}) + + require.NoError(t, err) + assert.Len(t, vcs, 1) + require.Len(t, mappingObjects, 1) + assert.Equal(t, "$.verifiableCredential[0]", mappingObjects[0].Path) + }) + t.Run("Matches format of PD but not Input Descriptor", func(t *testing.T) { + presentationDefinition.Format = fullFormat + presentationDefinition.InputDescriptors[0].Format = &PresentationDefinitionClaimFormatDesignations{"jwt_vc": (*fullFormat)["jwt_vc"]} + + vcs, mappingObjects, err := presentationDefinition.Match([]vc.VerifiableCredential{verifiableCredential}) + + require.NoError(t, err) + assert.Len(t, vcs, 0) + assert.Len(t, mappingObjects, 0) + }) + }) t.Run("Submission requirement feature", func(t *testing.T) { t.Run("Pick", func(t *testing.T) { t.Run("Pick 1", func(t *testing.T) { @@ -317,27 +347,6 @@ func Test_matchFormat(t *testing.T) { }) } -func Test_matchDescriptor(t *testing.T) { - testCredential := vc.VerifiableCredential{} - _ = json.Unmarshal([]byte(testCredentialString), &testCredential) - t.Run("no match", func(t *testing.T) { - field := Field{Path: []string{"$.credentialSubject.foo"}} - - idmo, err := matchDescriptor(InputDescriptor{Constraints: &Constraints{Fields: []Field{field}}}, testCredential) - - require.NoError(t, err) - assert.Nil(t, idmo) - }) - t.Run("match", func(t *testing.T) { - field := Field{Path: []string{"$.credentialSubject.field"}} - - idmo, err := matchDescriptor(InputDescriptor{Constraints: &Constraints{Fields: []Field{field}}}, testCredential) - - require.NoError(t, err) - require.NotNil(t, idmo) - }) -} - func Test_matchCredential(t *testing.T) { t.Run("no constraints is a match", func(t *testing.T) { match, err := matchCredential(InputDescriptor{}, vc.VerifiableCredential{})