From ff1a77de3405160db5b5b4c19e8ae55929da134c Mon Sep 17 00:00:00 2001
From: Paul Latzelsperger <43503240+paullatzelsperger@users.noreply.github.com>
Date: Tue, 2 Jul 2024 15:42:38 +0200
Subject: [PATCH] fix: make equality comparison of VCs based on ID (#387)

* fix: make Credential equality comparison based on ID

* DEPENDENCIES, added a test

* DEPENDENCIES
---
 DEPENDENCIES                                  | 11 ++++---
 .../query/CredentialQueryResolverImpl.java    |  3 +-
 .../CredentialQueryResolverImplTest.java      | 32 ++++++++++++++-----
 3 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/DEPENDENCIES b/DEPENDENCIES
index 221fdf42d..1f3d658b1 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -350,17 +350,20 @@ maven/mavencentral/org.jetbrains/annotations/24.1.0, Apache-2.0, approved, clear
 maven/mavencentral/org.junit-pioneer/junit-pioneer/2.2.0, EPL-2.0, approved, #11857
 maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.1, EPL-2.0, approved, #9714
 maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.2, EPL-2.0, approved, #9714
+maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.3, EPL-2.0, approved, #9714
 maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.1, EPL-2.0, approved, #9711
-maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.2, EPL-2.0, approved, #9711
+maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.3, EPL-2.0, approved, #9711
 maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.1, EPL-2.0, approved, #15304
-maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.2, EPL-2.0, approved, #15250
+maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.3, EPL-2.0, approved, #15250
 maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.1, EPL-2.0, approved, #9715
 maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.2, EPL-2.0, approved, #9715
+maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.3, EPL-2.0, approved, #9715
 maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.1, EPL-2.0, approved, #9709
-maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.2, EPL-2.0, approved, #9709
-maven/mavencentral/org.junit.platform/junit-platform-launcher/1.10.2, EPL-2.0, approved, #15216
+maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.3, EPL-2.0, approved, #9709
+maven/mavencentral/org.junit.platform/junit-platform-launcher/1.10.3, EPL-2.0, approved, #15216
 maven/mavencentral/org.junit/junit-bom/5.10.1, EPL-2.0, approved, #9844
 maven/mavencentral/org.junit/junit-bom/5.10.2, EPL-2.0, approved, #9844
+maven/mavencentral/org.junit/junit-bom/5.10.3, EPL-2.0, approved, #9844
 maven/mavencentral/org.junit/junit-bom/5.9.2, EPL-2.0, approved, #4711
 maven/mavencentral/org.jvnet.mimepull/mimepull/1.9.15, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ21484
 maven/mavencentral/org.mock-server/mockserver-client-java/5.15.0, Apache-2.0 AND LGPL-3.0-only, approved, #9324
diff --git a/core/lib/credential-query-lib/src/main/java/org/eclipse/edc/identityhub/query/CredentialQueryResolverImpl.java b/core/lib/credential-query-lib/src/main/java/org/eclipse/edc/identityhub/query/CredentialQueryResolverImpl.java
index 5ac1b7ee8..f3bea1118 100644
--- a/core/lib/credential-query-lib/src/main/java/org/eclipse/edc/identityhub/query/CredentialQueryResolverImpl.java
+++ b/core/lib/credential-query-lib/src/main/java/org/eclipse/edc/identityhub/query/CredentialQueryResolverImpl.java
@@ -90,7 +90,8 @@ public QueryResult query(String participantContextId, PresentationQueryMessage q
 
         // now narrow down the requested credentials to only contain allowed credentials
         var content = allowedCred.getContent();
-        var isValidQuery = new HashSet<>(content).containsAll(requestedCredentials);
+        var isValidQuery = new HashSet<>(content.stream().map(VerifiableCredentialResource::getId).toList())
+                .containsAll(requestedCredentials.stream().map(VerifiableCredentialResource::getId).toList());
 
         // filter out any expired, revoked or suspended credentials
         return isValidQuery ?
diff --git a/core/lib/credential-query-lib/src/test/java/org/eclipse/edc/identityhub/query/CredentialQueryResolverImplTest.java b/core/lib/credential-query-lib/src/test/java/org/eclipse/edc/identityhub/query/CredentialQueryResolverImplTest.java
index 5a89b0e4b..95fafd882 100644
--- a/core/lib/credential-query-lib/src/test/java/org/eclipse/edc/identityhub/query/CredentialQueryResolverImplTest.java
+++ b/core/lib/credential-query-lib/src/test/java/org/eclipse/edc/identityhub/query/CredentialQueryResolverImplTest.java
@@ -60,14 +60,6 @@ class CredentialQueryResolverImplTest {
     private final Monitor monitor = mock();
     private final CredentialQueryResolverImpl resolver = new CredentialQueryResolverImpl(storeMock, new EdcScopeToCriterionTransformer(), revocationServiceMock, monitor);
 
-    private static VerifiableCredentialResource.Builder createCredentialResource(VerifiableCredential cred) {
-        return VerifiableCredentialResource.Builder.newInstance()
-                .credential(new VerifiableCredentialContainer("foobar", CredentialFormat.JSON_LD, cred))
-                .holderId("test-holder")
-                .issuerId("test-issuer")
-                .participantId(TEST_PARTICIPANT_CONTEXT_ID);
-    }
-
     @BeforeEach
     void setUp() {
         when(revocationServiceMock.checkValidity(any())).thenReturn(Result.success());
@@ -119,6 +111,22 @@ void query_singleScopeString() {
         assertThat(res.getContent()).containsExactly(credential.getVerifiableCredential());
     }
 
+    @Test
+    void query_verifyDifferentObjects() {
+        var credential1 = createCredentialResource(createCredential("TestCredential").build()).id("id1").build();
+        var credential2 = createCredentialResource(createCredential("TestCredential").build()).id("id1").build();
+
+        when(storeMock.query(any()))
+                .thenAnswer(i -> success(List.of(credential1)))
+                .thenAnswer(i -> success(List.of(credential2)));
+
+        var res = resolver.query(TEST_PARTICIPANT_CONTEXT_ID,
+                createPresentationQuery("org.eclipse.edc.vc.type:TestCredential:read"), List.of("org.eclipse.edc.vc.type:TestCredential:read"));
+
+        assertThat(res.succeeded()).withFailMessage(res::getFailureDetail).isTrue();
+        assertThat(res.getContent()).usingRecursiveFieldByFieldElementComparator().containsExactly(credential1.getVerifiableCredential());
+    }
+
     @Test
     void query_whenParticipantIdMismatch_expectEmptyResult() {
         when(storeMock.query(any())).thenAnswer(i -> success(List.of()));
@@ -291,6 +299,14 @@ void query_whenRevokedCredential_doesNotInclude() {
         verify(monitor).warning(eq("Credential '%s' not valid: revoked".formatted(credential.getId())));
     }
 
+    private VerifiableCredentialResource.Builder createCredentialResource(VerifiableCredential cred) {
+        return VerifiableCredentialResource.Builder.newInstance()
+                .credential(new VerifiableCredentialContainer("foobar", CredentialFormat.JSON_LD, cred))
+                .holderId("test-holder")
+                .issuerId("test-issuer")
+                .participantId(TEST_PARTICIPANT_CONTEXT_ID);
+    }
+
     private VerifiableCredential.Builder createCredential(String... type) {
         return VerifiableCredential.Builder.newInstance()
                 .types(Arrays.asList(type))