Implement PresentationDefinition field filter schema

[phoebe-lew]

No description provided.

[codecov]

Codecov Report

Merging #102 (b71e073) into main (934eb70) will increase coverage by 1.95%.
The diff coverage is 85.18%.

@@            Coverage Diff             @@
##             main     #102      +/-   ##
==========================================
+ Coverage   70.10%   72.06%   +1.95%     
==========================================
  Files          21       21              
  Lines        1201     1217      +16     
  Branches      137      140       +3     
==========================================
+ Hits          842      877      +35     
+ Misses        292      269      -23     
- Partials       67       71       +4     

Components	Coverage Δ
credentials	75.00% <85.18%> (+7.87%)	⬆️
crypto	34.67% <ø> (ø)
dids	92.81% <ø> (ø)
common	60.83% <ø> (ø)

[nitro-neal]

Does this cover the scenario:
if there are no filter and only a path?

[phoebe-lew]

it should via ln79 but will add a test :)

[nitro-neal]

Should add another test where there is no filter, only a path

[nitro-neal]

Good job! I would say add a few more tests to make sure it works with the old test too basically ( a pd without a filter, just a path)

[phoebe-lew]

matched field could be either an array or a single value.
if array, filterSchema needs to be applied to each item in the array. If any items satisfy the schema, return true
if single value, apply schema

[phoebe-lew]

matched field could also be an object

[andresuribe87]

I don't quite follow what this comment means. Would you mind elaborating? And perhaps also opening an issue?

[phoebe-lew]

Jackson does not know how to serialize/deserialize enum class Rules and enum class Optionality in a SubmissionRequirement, we probably need to write custom serializers/deserializers. However, the PEX impl throws an exception if SubmissionRequirement is present, so it doesn't seem worth writing the custom modules.

Want to have a convo with @decentralgabe around whether we should drop SubmissionRequirement from our data model entirely.

Can open an issue to track.

[decentralgabe]

I'd just drop it for now - can add it back when/if needed

[andresuribe87]

Curious what was the motivation behind this change?

I worry that people may forget to verify the jwt, before doing anything with it. How do you propose we can handle that concern?

[nitro-neal]

I think its because ssome of the filter could be for the actual payload of the vc
$.iss is the correct way to filter by issuer not vc.issuer (this will be removed as per spec)

[phoebe-lew]

Context starting here: https://sq-tbd.slack.com/archives/C05SXUR39FE/p1698361441821219?thread_ts=1698337236.592429&cid=C05SXUR39FE

[decentralgabe]

agree w/ the concern, but it's better to decouple the logic IMO

[andresuribe87]

Sounds like you're advocating for leaving as is. I remain cautious about the approach. Agree with the intent of decoupling verification logic from validation.

My proposal is to stick to the following convention:

• When a function is dealing with data that's assumed to be trusted, use the VerifiableCredential type.
• When a function is dealing with data that needs to be verified, use the secured representation (i.e. vcJwt or DI).

For this function, the data is assumed to be trusted already. Given that, it would fall to the first bucket.
On the other hand, the VerifiableCredential.verify function would follow the second pattern.

Alternatively, we could define types to represent:

• A secured verifiable credential: JwVerifiableCredential and DataIntegrityVerifiableCredential.
• An unsecured verifiable credential UnsecuredVerifiableCredential.

This would make it very difficult for users to screw up.

Either of these two would be more beneficial IMHO. Those are my suggestions, I'll leave it up to @phoebe-lew to decide whether they're useful or not.

[andresuribe87]

Couldn't find where error is defined, is it an exception?

[phoebe-lew]

Error is java.lang.Error, I'm actually not sure when to use error vs exception

[andresuribe87]

From https://docs.oracle.com/javase%2F7%2Fdocs%2Fapi%2F%2F/java/lang/Error.html

An Error is a subclass of Throwable that indicates serious problems that a reasonable application should not try to catch.

That sounds really scary 😱

In other PRs, we've tried to stick subclassing RuntimeException, like what's below https://github.com/TBD54566975/web5-kt/blob/02ea4b31a28cf68a4a3f9a9abc745e3273ceee79/dids/src/main/kotlin/web5/sdk/dids/DidIonManager.kt#L720

[andresuribe87]

Curious what this does?

[phoebe-lew]

Actually don't need this anymore! If we define custom serialization/deserialization modules, this tells the object mapper to pick those up. But managed to just use annotations to get the PD to serialize.

[andresuribe87]

Curious what this does?

[phoebe-lew]

This one gets jackson's objectmapper to work nicely with kotlin

[andresuribe87]

Interesting! First time i've seen this. Thanks!

[andresuribe87]

Personally, I think it's a better practice to commit the contents of TBDEX_PD into a separate file called tbdex_pd.json. Then you can load from disk and verify. This is advantageous because then we can start reusing test cases in other implementations.

A similar comment applies to VC_JWT.

What do you think?

[phoebe-lew]

sure, can do that

[andresuribe87]

Awesome!

[andresuribe87]

Sounds like you're advocating for leaving as is. I remain cautious about the approach. Agree with the intent of decoupling verification logic from validation.

My proposal is to stick to the following convention:

• When a function is dealing with data that's assumed to be trusted, use the VerifiableCredential type.
• When a function is dealing with data that needs to be verified, use the secured representation (i.e. vcJwt or DI).

For this function, the data is assumed to be trusted already. Given that, it would fall to the first bucket.
On the other hand, the VerifiableCredential.verify function would follow the second pattern.

Alternatively, we could define types to represent:

• A secured verifiable credential: JwVerifiableCredential and DataIntegrityVerifiableCredential.
• An unsecured verifiable credential UnsecuredVerifiableCredential.

This would make it very difficult for users to screw up.

Either of these two would be more beneficial IMHO. Those are my suggestions, I'll leave it up to @phoebe-lew to decide whether they're useful or not.

[andresuribe87]

From https://docs.oracle.com/javase%2F7%2Fdocs%2Fapi%2F%2F/java/lang/Error.html

An Error is a subclass of Throwable that indicates serious problems that a reasonable application should not try to catch.

That sounds really scary 😱

In other PRs, we've tried to stick subclassing RuntimeException, like what's below https://github.com/TBD54566975/web5-kt/blob/02ea4b31a28cf68a4a3f9a9abc745e3273ceee79/dids/src/main/kotlin/web5/sdk/dids/DidIonManager.kt#L720

[andresuribe87]

Interesting! First time i've seen this. Thanks!

[andresuribe87]

Suggested change

	return File(path).readText().trimIndent()
	return File(path).readText()

[andresuribe87]

Suggested change

	private fun readPd(path: String): String {
	private fun readFile(path: String): String {