Skip to content
This repository has been archived by the owner on Mar 27, 2024. It is now read-only.

Commit

Permalink
feat: added JWT handlong for limit disclosure Presentation Definition…
Browse files Browse the repository at this point in the history
… query

Signed-off-by: Mykhailo Sizov <mykhailo.sizov@securekey.com>
  • Loading branch information
mishasizov-SK committed May 17, 2023
1 parent 0284074 commit fcab965
Show file tree
Hide file tree
Showing 2 changed files with 108 additions and 2 deletions.
24 changes: 23 additions & 1 deletion pkg/doc/presexch/definition.go
Original file line number Diff line number Diff line change
Expand Up @@ -933,7 +933,8 @@ func limitDisclosure(filterResults []constraintsFilterResult,
}
}

if (constraints.LimitDisclosure.isRequired() || predicate) && credential.SDJWTHashAlg == "" {
// Non-SDJWT case.
if (constraints.LimitDisclosure.isRequired() || predicate) && credential.SDJWTHashAlg == "" { //nolint:nestif
template := credentialSrc

var contexts []interface{}
Expand Down Expand Up @@ -962,14 +963,35 @@ func limitDisclosure(filterResults []constraintsFilterResult,

var err error

isJWTVC := credential.JWT != ""

credential, err = createNewCredential(constraints, credentialSrc, template, credential, opts...)
if err != nil {
return nil, fmt.Errorf("create new credential: %w", err)
}

if isJWTVC {
var jwtClaims *verifiable.JWTCredClaims

jwtClaims, err = credential.JWTClaims(false)
if err != nil {
return nil, fmt.Errorf("limitDisclosure JWTClaims: %w", err)
}

var jwtVC string
jwtVC, err = jwtClaims.MarshalUnsecuredJWT()

if err != nil {
return nil, fmt.Errorf("limitDisclosure MarshalUnsecuredJWT: %w", err)
}

credential.JWT = jwtVC
}

credential.ID = tmpID(credential.ID)
}

// SDJWT case.
if constraints.LimitDisclosure.isRequired() && credential.SDJWTHashAlg != "" {
limitedDisclosures, err := getLimitedDisclosures(constraints, credentialSrc, credential)
if err != nil {
Expand Down
86 changes: 85 additions & 1 deletion pkg/doc/presexch/definition_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -480,7 +480,7 @@ func TestPresentationDefinition_CreateVP(t *testing.T) {
checkVP(t, vp)
})

t.Run("Predicate (limit disclosure)", func(t *testing.T) {
t.Run("Predicate (limit disclosure) LDP", func(t *testing.T) {
required := Required

pd := &PresentationDefinition{
Expand Down Expand Up @@ -530,6 +530,90 @@ func TestPresentationDefinition_CreateVP(t *testing.T) {

require.True(t, vc.CustomFields["first_name"].(bool))
require.True(t, vc.CustomFields["last_name"].(bool))
require.Empty(t, vc.JWT)
require.Nil(t, vc.Proofs)

_, ok = vc.CustomFields["info"]
require.False(t, ok)

checkSubmission(t, vp, pd)
checkVP(t, vp)
})

t.Run("Predicate (limit disclosure) JWT", func(t *testing.T) {
required := Required

pd := &PresentationDefinition{
ID: uuid.New().String(),
InputDescriptors: []*InputDescriptor{{
ID: uuid.New().String(),
Schema: []*Schema{{
URI: fmt.Sprintf("%s#%s", verifiable.ContextID, verifiable.VCType),
}},
Constraints: &Constraints{
LimitDisclosure: &required,
Fields: []*Field{{
Path: []string{"$.first_name", "$.last_name"},
Predicate: &required,
Filter: &Filter{Type: &strFilterType},
}},
},
}},
}

cred := &verifiable.Credential{
Context: []string{verifiable.ContextURI},
Types: []string{verifiable.VCType},
ID: "http://example.edu/credentials/1872",
Subject: "did:example:76e12ec712ebc6f1c221ebfeb1f",
Issued: &util.TimeWrapper{
Time: time.Now(),
},
Issuer: verifiable.Issuer{
ID: "did:example:76e12ec712ebc6f1c221ebfeb1f",
},
CustomFields: map[string]interface{}{
"first_name": "First name",
"last_name": "Last name",
"info": "Info",
},
}

claims, err := cred.JWTClaims(false)
require.NoError(t, err)
credJWT, err := claims.MarshalUnsecuredJWT()
require.NoError(t, err)

cred.JWT = credJWT

vp, err := pd.CreateVP([]*verifiable.Credential{cred},
lddl, verifiable.WithJSONLDDocumentLoader(createTestJSONLDDocumentLoader(t)))

require.NoError(t, err)
require.NotNil(t, vp)
require.Equal(t, 1, len(vp.Credentials()))

vc, ok := vp.Credentials()[0].(*verifiable.Credential)
require.True(t, ok)

require.True(t, vc.CustomFields["first_name"].(bool))
require.True(t, vc.CustomFields["last_name"].(bool))
require.Nil(t, vc.Proofs)

_, ok = vc.CustomFields["info"]
require.False(t, ok)

// Check parsed JWT.
require.NotEmpty(t, vc.JWT)
require.False(t, vc.JWT == credJWT)
vc, err = verifiable.ParseCredential([]byte(vc.JWT),
verifiable.WithDisabledProofCheck(),
verifiable.WithJSONLDDocumentLoader(createTestJSONLDDocumentLoader(t)))
require.NoError(t, err)

require.True(t, vc.CustomFields["first_name"].(bool))
require.True(t, vc.CustomFields["last_name"].(bool))
require.Nil(t, vc.Proofs)

_, ok = vc.CustomFields["info"]
require.False(t, ok)
Expand Down

0 comments on commit fcab965

Please sign in to comment.