Implement PresentationDefinition field filter schema

config/detekt.yml

@@ -152,6 +152,8 @@ style:
     excludeGuardClauses: true
   SpacingBetweenPackageAndImports:
     active: true
+  ThrowsCount:
+    active: false
   UnnecessaryAbstractClass:
     active: true
   UnnecessaryInheritance:

credentials/src/main/kotlin/web5/sdk/credentials/PresentationDefinition.kt

@@ -127,6 +127,7 @@ public class SubmissionRequirement(
 /**
  * Enumeration representing presentation rule options.
  */
+// TODO this does not serialize correctly but sub reqs not supported right now
 public enum class Rules {
   All, Pick
 }

credentials/src/main/kotlin/web5/sdk/credentials/PresentationExchange.kt

@@ -1,59 +1,127 @@
 package web5.sdk.credentials
 
+import com.fasterxml.jackson.databind.JsonNode
+import com.networknt.schema.JsonSchema
+import com.nfeld.jsonpathkt.JsonPath
+import com.nfeld.jsonpathkt.extension.read
+import com.nimbusds.jose.Payload
+import com.nimbusds.jwt.JWTParser
+import com.nimbusds.jwt.SignedJWT
+
 /**
- * A utility object for performing operations related to presentation exchanges.
+ * The `PresentationExchange` object provides functions for working with Verifiable Credentials
+ * and Presentation Definitions during a presentation exchange process.
  */
 public object PresentationExchange {
   /**
-   * Selects credentials from the given list that satisfy the provided presentation definition.
+   * Selects credentials that satisfy a given presentation definition.
    *
-   * @param credentials A list of verifiable credentials.
-   * @param presentationDefinition The Presentation Definition to be satisfied.
-   * @return A list of verifiable credentials that meet the presentation definition criteria.
+   * @param credentials The list of Verifiable Credentials to select from.
+   * @param presentationDefinition The Presentation Definition to match against.
+   * @return A list of Verifiable Credentials that satisfy the Presentation Definition.
+   * @throws UnsupportedOperationException If the method is untested and not recommended for use.
    */
   public fun selectCredentials(
     credentials: List<VerifiableCredential>,
     presentationDefinition: PresentationDefinitionV2
   ): List<VerifiableCredential> {
     throw UnsupportedOperationException("pex is untested")
-//    return credentials.filter { satisfiesPresentationDefinition(it, presentationDefinition) }
+    // Uncomment the following line to filter credentials based on the Presentation Definition
+    // return credentials.filter { satisfiesPresentationDefinition(it, presentationDefinition) }
   }
 
   /**
-   * Checks if the given [presentationDefinition] is satisfied based on the provided input descriptors and constraints.
+   * Validates if a Verifiable Credential JWT satisfies a Presentation Definition.
    *
-   * @param presentationDefinition The Presentation Definition to be evaluated.
-   * @return `true` if the Presentation Definition is satisfied, `false` otherwise.
-   * @throws UnsupportedOperationException if certain features like Submission Requirements or Field Filters are not implemented.
+   * @param vcJwt The Verifiable Credential JWT as a string.
+   * @param presentationDefinition The Presentation Definition to validate against.
+   * @throws UnsupportedOperationException If the Presentation Definition's Submission Requirements
+   * feature is not implemented.
    */
   public fun satisfiesPresentationDefinition(
-    credential: VerifiableCredential,
+    vcJwt: String,
     presentationDefinition: PresentationDefinitionV2
-  ): Boolean {
+  ) {
+    val vc = JWTParser.parse(vcJwt) as SignedJWT
+
     if (!presentationDefinition.submissionRequirements.isNullOrEmpty()) {
       throw UnsupportedOperationException(
         "Presentation Definition's Submission Requirements feature is not implemented"
       )
     }
 
-    return presentationDefinition.inputDescriptors
+    presentationDefinition.inputDescriptors
       .filter { !it.constraints.fields.isNullOrEmpty() }
-      .all { inputDescriptorWithFields ->
-        val requiredFields = inputDescriptorWithFields.constraints.fields!!.filter { it.optional != true }
-
-        var satisfied = true
-        for (field in requiredFields) {
-          // we ignore field filters
-          if (field.filterSchema != null) {
-            throw UnsupportedOperationException("Field Filter is not implemented")
-          }
+      .forEach { inputDescriptorWithFields ->
+        validateInputDescriptorsWithFields(inputDescriptorWithFields, vc.payload)
+      }
+  }
+
+  /**
+   * Validates the input descriptors with associated fields in a Verifiable Credential.
+   *
+   * @param inputDescriptorWithFields The Input Descriptor with associated fields.
+   * @param vcPayload The payload of the Verifiable Credential.
+   */
+  private fun validateInputDescriptorsWithFields(
+    inputDescriptorWithFields: InputDescriptorV2,
+    vcPayload: Payload
+  ) {
+    val requiredFields = inputDescriptorWithFields.constraints.fields!!.filter { it.optional != true }
+
+    requiredFields.forEach { field ->
+      val vcPayloadJson = JsonPath.parse(vcPayload.toString())
+        ?: throw PresentationExchangeError("Failed to parse VC $vcPayload as JsonNode")
+
+      val matchedFields = field.path.mapNotNull { path -> vcPayloadJson.read<JsonNode>(path) }
+      if (matchedFields.isEmpty()) {
+        throw PresentationExchangeError("Could not find matching field for path: ${field.path.joinToString()}")
+      }
 
-          if (field.path.any { path -> credential.getFieldByJsonPath(path) == null }) {
-            satisfied = false
-            break
+      when {
+        field.filterSchema != null -> {
+          matchedFields.any { fieldValue ->
+            when {
+              // When the field is an array, JSON schema is applied to each array item.
+              fieldValue.isArray -> {
+                if (fieldValue.none { valueSatisfiesFieldFilterSchema(it, field.filterSchema!!) })
+                  throw PresentationExchangeError("Validating $fieldValue against ${field.filterSchema} failed")
+                true
+              }
+
+              // Otherwise, JSON schema is applied to the entire value.
+              else -> {
+                valueSatisfiesFieldFilterSchema(fieldValue, field.filterSchema!!)
+              }
+            }
           }
         }
-        return satisfied
+
+        else -> return
       }
+    }
+  }
+
+  /**
+   * Checks if a field's value satisfies the given JSON schema.
+   *
+   * @param fieldValue The JSON field value to validate.
+   * @param schema The JSON schema to validate against.
+   * @return `true` if the value satisfies the schema, `false` otherwise.
+   */
+  private fun valueSatisfiesFieldFilterSchema(fieldValue: JsonNode, schema: JsonSchema): Boolean {
+    val validationMessages = schema.validate(fieldValue)
+    return when {
+      validationMessages.isEmpty() -> true
+      // TODO try and surface the validation messages in error
+      else -> false
+    }
   }
 }
+
+/**
+ * Custom error class for exceptions related to the Presentation Exchange.
+ *
+ * @param message The error message.
+ */
+public class PresentationExchangeError(message: String) : Error(message)

credentials/src/test/kotlin/web5/sdk/credentials/PresentationDefinitionTest.kt

@@ -11,11 +11,11 @@ import org.erdtman.jcs.JsonCanonicalizer
 import org.junit.jupiter.api.Assertions.assertEquals
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.assertDoesNotThrow
+import java.io.File
 
 class PresentationDefinitionTest {
   val jsonMapper: ObjectMapper = ObjectMapper()
     .registerKotlinModule()
-    .findAndRegisterModules()
     .setSerializationInclusion(JsonInclude.Include.NON_NULL)
 
   @Test
@@ -54,19 +54,19 @@ class PresentationDefinitionTest {
 
   @Test
   fun `serialization is idempotent`(){
-    val pdString = PRESENTATION_DEFINITION.trimIndent()
+    val pdString = File("src/test/resources/pd_sanctions.json").readText().trimIndent()
     val parsedPd = jsonMapper.readValue(pdString, PresentationDefinitionV2::class.java)
     val parsedString = jsonMapper.writeValueAsString(parsedPd)
 
     assertEquals(
-      JsonCanonicalizer(PRESENTATION_DEFINITION).encodedString,
+      JsonCanonicalizer(pdString).encodedString,
       JsonCanonicalizer(parsedString).encodedString,
     )
   }
 
   @Test
   fun `can deserialize`() {
-    val pdString = PRESENTATION_DEFINITION.trimIndent()
+    val pdString = File("src/test/resources/pd_sanctions.json").readText().trimIndent()
 
     assertDoesNotThrow { jsonMapper.readValue(pdString, PresentationDefinitionV2::class.java) }
   }

credentials/src/test/kotlin/web5/sdk/credentials/PresentationExchangeTest.kt

@@ -0,0 +1,113 @@
+package web5.sdk.credentials
+
+import assertk.assertFailure
+import assertk.assertions.messageContains
+import com.fasterxml.jackson.annotation.JsonInclude
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.module.kotlin.registerKotlinModule
+import org.junit.jupiter.api.Nested
+import org.junit.jupiter.api.assertDoesNotThrow
+import web5.sdk.crypto.InMemoryKeyManager
+import web5.sdk.dids.DidKey
+import java.io.File
+import kotlin.test.Test
+
+class PresentationExchangeTest {
+  private val keyManager = InMemoryKeyManager()
+  private val issuerDid = DidKey.create(keyManager)
+  private val holderDid = DidKey.create(keyManager)
+  private val jsonMapper: ObjectMapper = ObjectMapper()
+    .registerKotlinModule()
+    .setSerializationInclusion(JsonInclude.Include.NON_NULL)
+  @Suppress("MaximumLineLength")
+  val sanctionsVcJwt =
+    "eyJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6a2V5Ono2TWtrdU5tSmF0ZUNUZXI1V0JycUhCVUM0YUM3TjlOV1NyTURKNmVkQXY1V0NmMiIsInN1YiI6ImRpZDprZXk6ejZNa2t1Tm1KYXRlQ1RlcjVXQnJxSEJVQzRhQzdOOU5XU3JNREo2ZWRBdjVXQ2YyIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiIxNjk4NDIyNDAxMzUyIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlNhbmN0aW9uc0NyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmtleTp6Nk1ra3VObUphdGVDVGVyNVdCcnFIQlVDNGFDN045TldTck1ESjZlZEF2NVdDZjIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTEwLTI3VDE2OjAwOjAxWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOmtleTp6Nk1ra3VObUphdGVDVGVyNVdCcnFIQlVDNGFDN045TldTck1ESjZlZEF2NVdDZjIiLCJiZWVwIjoiYm9vcCJ9fX0.Xhd9nDdkGarYFr6FP7wqsgj5CK3oGTfKU2LHNMvFIsvatgYlSucShDPI8uoeJ_G31uYPke-LJlRy-WVIhkudDg"
+
+
+  private fun readPd(path: String): String {
+    return File(path).readText().trimIndent()
+  }
+
+  @Nested
+  inner class SatisfiesPresentationDefinition {
+    @Test
+    fun `does not throw when VC satisfies tbdex PD`() {
+      val pd = jsonMapper.readValue(
+        readPd("src/test/resources/pd_sanctions.json"),
+        PresentationDefinitionV2::class.java
+      )
+
+      assertDoesNotThrow { PresentationExchange.satisfiesPresentationDefinition(sanctionsVcJwt, pd) }
+    }
+
+    @Test
+    fun `does not throw when VC satisfies PD with field filter schema on array`() {
+      val pd = jsonMapper.readValue(
+        readPd("src/test/resources/pd_filter_array.json"),
+        PresentationDefinitionV2::class.java
+      )
+      val vc = VerifiableCredential.create(
+        type = "StreetCred",
+        issuer = issuerDid.uri,
+        subject = holderDid.uri,
+        data = StreetCredibility(localRespect = "high", legit = true)
+      )
+      val vcJwt = vc.sign(issuerDid)
+
+      assertDoesNotThrow { PresentationExchange.satisfiesPresentationDefinition(vcJwt, pd) }
+    }
+
+    @Test
+    fun `does not throw when VC satisfies PD with field filter schema on value`() {
+      val pd = jsonMapper.readValue(
+        readPd("src/test/resources/pd_filter_value.json"),
+        PresentationDefinitionV2::class.java
+      )
+      val vc = VerifiableCredential.create(
+        type = "StreetCred",
+        issuer = issuerDid.uri,
+        subject = holderDid.uri,
+        data = StreetCredibility(localRespect = "high", legit = true)
+      )
+      val vcJwt = vc.sign(issuerDid)
+
+      assertDoesNotThrow { PresentationExchange.satisfiesPresentationDefinition(vcJwt, pd) }
+    }
+
+    @Test
+    fun `does not throw when VC satisfies PD with field constraint`() {
+      val pd = jsonMapper.readValue(
+        readPd("src/test/resources/pd_path_no_filter.json"),
+        PresentationDefinitionV2::class.java
+      )
+      val vc = VerifiableCredential.create(
+        type = "StreetCred",
+        issuer = issuerDid.uri,
+        subject = holderDid.uri,
+        data = StreetCredibility(localRespect = "high", legit = true)
+      )
+      val vcJwt = vc.sign(issuerDid)
+
+      assertDoesNotThrow { PresentationExchange.satisfiesPresentationDefinition(vcJwt, pd) }
+    }
+
+    @Test
+    fun `throws when VC does not satisfy requirements`() {
+      val pd = jsonMapper.readValue(
+        readPd("src/test/resources/pd_sanctions.json"),
+        PresentationDefinitionV2::class.java
+      )
+      val vc = VerifiableCredential.create(
+        type = "StreetCred",
+        issuer = issuerDid.uri,
+        subject = holderDid.uri,
+        data = StreetCredibility(localRespect = "high", legit = true)
+      )
+      val vcJwt = vc.sign(issuerDid)
+
+      assertFailure {
+        PresentationExchange.satisfiesPresentationDefinition(vcJwt, pd)
+      }.messageContains("Validating [\"VerifiableCredential\",\"StreetCred\"]")
+    }
+  }
+}

credentials/src/test/kotlin/web5/sdk/credentials/StatusListCredentialTest.kt

@@ -21,7 +21,7 @@ class StatusListCredentialTest {
 
   @Test
   fun `should parse valid VerifiableCredential from specification example`() {
-    val specExampleRevocableVcText = File("src/test/testdata/revocableVc.json").readText()
+    val specExampleRevocableVcText = File("src/test/resources/revocable_vc.json").readText()
 
     val specExampleRevocableVc = VerifiableCredential.fromJson(
       specExampleRevocableVcText

credentials/src/test/resources/pd_filter_array.json

@@ -0,0 +1,25 @@
+{
+  "id": "ec11a434-fe24-479b-aae0-511428b37e4f",
+  "input_descriptors": [
+    {
+      "id": "7b928839-f0b1-4237-893d-b27124b57952",
+      "constraints": {
+        "fields": [
+          {
+            "path": [
+              "$.vc.type[*]",
+              "$.type[*]"
+            ],
+            "filter": {
+              "type": "string",
+              "contains": {
+                "type": "string",
+                "const": "StreetCred"
+              }
+            }
+          }
+        ]
+      }
+    }
+  ]
+}