Skip to content

Commit ab01e88

Browse files
netheril96netheril96
committed
Change PNV logic such that the claims are hints rather than musts.
1 parent 17b7344 commit ab01e88

File tree

5 files changed

+248
-13
lines changed

5 files changed

+248
-13
lines changed

matcher/pnv/dcql.c

Lines changed: 94 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
#include <stdio.h>
22
#include <string.h>
3+
#include <stdbool.h>
34

45
#include "../base64.h"
56
#include "../dcql.h"
@@ -24,6 +25,13 @@ int AddAllClaims(cJSON *matched_claim_names, cJSON *candidate_paths)
2425
return 0;
2526
}
2627

28+
cJSON *CreateSingleStringArrayJson(char *string)
29+
{
30+
cJSON *array = cJSON_CreateArray();
31+
cJSON_AddItemReferenceToArray(array, cJSON_CreateString(string));
32+
return array;
33+
}
34+
2735
cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
2836
{
2937
cJSON *matched_credentials = cJSON_CreateArray();
@@ -155,6 +163,19 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
155163
}
156164
else
157165
{
166+
cJSON *matched_claim_paths = cJSON_CreateArray();
167+
168+
cJSON *phone_number_matched_candidates = cJSON_CreateArray();
169+
cJSON *carrier_and_subscription_matched_candidates = cJSON_CreateArray();
170+
cJSON *carrier_matched_candidates = cJSON_CreateArray();
171+
cJSON *sub_matched_candidates = cJSON_CreateArray();
172+
cJSON *other_candidates = cJSON_CreateArray();
173+
174+
cJSON *phone_number_hint_paths = CreateSingleStringArrayJson("phone_number_hint");
175+
cJSON *subscription_hint_paths = CreateSingleStringArrayJson("subscription_hint");
176+
cJSON *carrier_hint_paths = CreateSingleStringArrayJson("carrier_hint");
177+
178+
158179
if (claim_sets == NULL)
159180
{
160181
printf("Matching based on provided claims\n");
@@ -176,7 +197,9 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
176197

177198
cJSON *claim;
178199
cJSON *candidate_claims = cJSON_GetObjectItemCaseSensitive(candidate, "paths");
179-
int matched_claim_count = 0;
200+
bool phone_number_matched = 0;
201+
bool carrier_matched = 0;
202+
bool subscription_matched = 0;
180203
cJSON_ArrayForEach(claim, claims)
181204
{
182205
cJSON *claim_values = cJSON_GetObjectItemCaseSensitive(claim, "values");
@@ -201,6 +224,7 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
201224
break;
202225
}
203226
}
227+
bool match_claim = 0;
204228
if (matched != 0 && curr_claim != NULL)
205229
{
206230
if (claim_values != NULL)
@@ -211,27 +235,43 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
211235
if (cJSON_Compare(v, cJSON_GetObjectItemCaseSensitive(curr_claim, "value"), cJSON_True))
212236
{
213237
printf("- claim value matched.\n");
214-
++matched_claim_count;
238+
match_claim = 1;
215239
break;
216240
}
217241
}
218242
}
219243
else
220244
{
221245
printf("- claim matched.\n");
222-
++matched_claim_count;
246+
match_claim = 1;
223247
}
224248
} else {
225249
printf("- claim did not match\n.");
226250
}
251+
if (match_claim)
252+
{
253+
if (cJSON_Compare(paths, phone_number_hint_paths, cJSON_True)) {
254+
phone_number_matched = 1;
255+
}
256+
else if (cJSON_Compare(paths, subscription_hint_paths, cJSON_True)) {
257+
subscription_matched = 1;
258+
}
259+
else if (cJSON_Compare(paths, carrier_hint_paths, cJSON_True)) {
260+
carrier_matched = 1;
261+
}
262+
}
227263
}
228264
cJSON_AddItemReferenceToObject(matched_credential, "matched_claim_names", matched_claim_names);
229-
if (matched_claim_count == cJSON_GetArraySize(claims))
230-
{
231-
printf("Cred matched.\n");
232-
cJSON_AddItemReferenceToArray(matched_credentials, matched_credential);
265+
if (phone_number_matched){
266+
cJSON_AddItemReferenceToArray(phone_number_matched_candidates, matched_credential);
267+
} else if (carrier_matched && subscription_matched) {
268+
cJSON_AddItemReferenceToArray(carrier_and_subscription_matched_candidates, matched_credential);
269+
} else if (carrier_matched) {
270+
cJSON_AddItemReferenceToArray(carrier_matched_candidates, matched_credential);
271+
} else if (subscription_matched) {
272+
cJSON_AddItemReferenceToArray(sub_matched_candidates, matched_credential);
233273
} else {
234-
printf("Cred did not match. Matched claim count: %d, Expected match count: %d\n.", matched_claim_count, cJSON_GetArraySize(claims));
274+
cJSON_AddItemReferenceToArray(other_candidates, matched_credential);
235275
}
236276
}
237277
}
@@ -255,6 +295,9 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
255295

256296
cJSON *claim;
257297
cJSON *candidate_claims = cJSON_GetObjectItemCaseSensitive(candidate, "paths");
298+
bool phone_number_matched = 0;
299+
bool carrier_matched = 0;
300+
bool subscription_matched = 0;
258301
cJSON_ArrayForEach(claim, claims)
259302
{
260303
cJSON *claim_values = cJSON_GetObjectItemCaseSensitive(claim, "values");
@@ -276,6 +319,7 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
276319
break;
277320
}
278321
}
322+
bool match_claim = 0;
279323
if (matched != 0 && curr_claim != NULL)
280324
{
281325
if (claim_values != NULL)
@@ -285,14 +329,26 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
285329
{
286330
if (cJSON_Compare(v, cJSON_GetObjectItemCaseSensitive(curr_claim, "value"), cJSON_True))
287331
{
288-
cJSON_AddItemReferenceToObject(matched_claim_ids, claim_id, cJSON_CreateString("PLACEHOLDER"));
332+
match_claim = 1;
289333
break;
290334
}
291335
}
292336
}
293337
else
294338
{
295-
cJSON_AddItemReferenceToObject(matched_claim_ids, claim_id, cJSON_CreateString("PLACEHOLDER"));
339+
match_claim = 1;
340+
}
341+
}
342+
if (match_claim) {
343+
cJSON_AddItemReferenceToObject(matched_claim_ids, claim_id, cJSON_CreateString("PLACEHOLDER"));
344+
if (cJSON_Compare(paths, phone_number_hint_paths, cJSON_True)) {
345+
phone_number_matched = 1;
346+
}
347+
else if (cJSON_Compare(paths, subscription_hint_paths, cJSON_True)) {
348+
subscription_matched = 1;
349+
}
350+
else if (cJSON_Compare(paths, carrier_hint_paths, cJSON_True)) {
351+
carrier_matched = 1;
296352
}
297353
}
298354
}
@@ -317,8 +373,36 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
317373
break;
318374
}
319375
}
376+
if (phone_number_matched){
377+
cJSON_AddItemReferenceToArray(phone_number_matched_candidates, matched_credential);
378+
} else if (carrier_matched && subscription_matched) {
379+
cJSON_AddItemReferenceToArray(carrier_and_subscription_matched_candidates, matched_credential);
380+
} else if (carrier_matched) {
381+
cJSON_AddItemReferenceToArray(carrier_matched_candidates, matched_credential);
382+
} else if (subscription_matched) {
383+
cJSON_AddItemReferenceToArray(sub_matched_candidates, matched_credential);
384+
} else {
385+
cJSON_AddItemReferenceToArray(other_candidates, matched_credential);
386+
}
320387
}
321388
}
389+
390+
cJSON *c;
391+
cJSON_ArrayForEach(c, phone_number_matched_candidates) {
392+
cJSON_AddItemReferenceToArray(matched_credentials, c);
393+
}
394+
cJSON_ArrayForEach(c, carrier_and_subscription_matched_candidates) {
395+
cJSON_AddItemReferenceToArray(matched_credentials, c);
396+
}
397+
cJSON_ArrayForEach(c, carrier_matched_candidates) {
398+
cJSON_AddItemReferenceToArray(matched_credentials, c);
399+
}
400+
cJSON_ArrayForEach(c, sub_matched_candidates) {
401+
cJSON_AddItemReferenceToArray(matched_credentials, c);
402+
}
403+
cJSON_ArrayForEach(c, other_candidates) {
404+
cJSON_AddItemReferenceToArray(matched_credentials, c);
405+
}
322406
}
323407

324408
return matched_credentials;

matcher/pnv/test/common.hpp

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,4 +36,11 @@ struct TestCredmanState {
3636
static TestCredmanState& instance();
3737
};
3838

39+
struct TestCredmanStateGuard {
40+
~TestCredmanStateGuard() {
41+
TestCredmanState::instance().string_id_entries.clear();
42+
TestCredmanState::instance().payment_entries.clear();
43+
}
44+
};
45+
3946
extern TestCredmanState testCredmanState;

matcher/pnv/test/data/request2.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"requests": [
3+
{
4+
"protocol": "openid4vp-v1-unsigned",
5+
"data": {
6+
"dcql_query": {
7+
"credentials": [
8+
{
9+
"claims": [
10+
{
11+
"path": [
12+
"subscription_hint"
13+
],
14+
"values": [
15+
2
16+
]
17+
},
18+
{
19+
"path": [
20+
"carrier_hint"
21+
],
22+
"values": [
23+
"310250"
24+
]
25+
},
26+
{
27+
"path": [
28+
"android_carrier_hint"
29+
],
30+
"values": [
31+
3
32+
]
33+
}
34+
],
35+
"format": "dc-authorization+sd-jwt",
36+
"id": "aggregator1",
37+
"meta": {
38+
"credential_authorization_jwt": "eyJhbGciOiJFUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJ4NWMiOlsiTUlJQ3BUQ0NBa3VnQXdJQkFnSVVDOWZOSnBkVU1RWWRCbDFuaDgrUml0UndNRDh3Q2dZSUtvWkl6ajBFQXdJd2VERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeEZqQVVCZ05WQkFjTURVMXZkVzUwWVdsdUlGWnBaWGN4R3pBWkJnTlZCQW9NRWtWNFlXMXdiR1VnUVdkbmNtVm5ZWFJ2Y2pFZk1CMEdBMVVFQXd3V1pYaGhiWEJzWlMxaFoyZHlaV2RoZEc5eUxtUmxkakFlRncweU5UQTFNVEV5TWpRd01EVmFGdzB6TlRBME1qa3lNalF3TURWYU1IZ3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saE1SWXdGQVlEVlFRSERBMU5iM1Z1ZEdGcGJpQldhV1YzTVJzd0dRWURWUVFLREJKRmVHRnRjR3hsSUVGblozSmxaMkYwYjNJeEh6QWRCZ05WQkFNTUZtVjRZVzF3YkdVdFlXZG5jbVZuWVhSdmNpNWtaWFl3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVJRcW5LTGw5U2g4dFcwM0h5aVBnOVRUcGlyQVg2V2haKzlJSWhVWFJGcDlxRFM0eW5YeG1GbjMzWk5nMTlQR1VzRWpxNGwzam9Penh2cHhqWDRoL1JlbzRHeU1JR3ZNQjBHQTFVZERnUVdCQlFBV1I5czRrWFRjeHJPeTFLSE12UldTSkg5YmpBZkJnTlZIU01FR0RBV2dCUUFXUjlzNGtYVGN4ck95MUtITXZSV1NKSDliakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJSGdEQXBCZ05WSFJJRUlqQWdoaDVvZEhSd2N6b3ZMMlY0WVcxd2JHVXRZV2RuY21WbllYUnZjaTVqYjIwd0lRWURWUjBSQkJvd0dJSVdaWGhoYlhCc1pTMWhaMmR5WldkaGRHOXlMbU52YlRBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlCeERROUZiby9EUVRkbVNaS0NURUlHOXZma0JkWU5jVHcxUkkzT0k2L25KUUloQUw1NmU3YkVNOTlSTTFTUDAyd3gzbHhxZFZCWnhiVEhJcllCQkY3Y0FzYjMiXX0.eyJpc3MiOiAiZGNhZ2dyZWdhdG9yLmRldiIsICJub25jZSI6ICJrazQzSkthUHNjYWpqWHAzNGZSOHB1SGp0UE1yY09CMzJLNXdLTUQ1Q2J3IiwgImVuY3J5cHRlZF9yZXNwb25zZV9lbmNfdmFsdWVzX3N1cHBvcnRlZCI6IFsiQTEyOEdDTSJdLCAiandrcyI6IHsia2V5cyI6IFt7Imt0eSI6ICJFQyIsICJ1c2UiOiAiZW5jIiwgImFsZyI6ICJFQ0RILUVTIiwgImtpZCI6ICIxIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIjl5TGgtNkJJQ1pMUWdKcGEzdl9FQS1ZbkIyU2FhV1BLWGZQWGNKa2EwMGciLCAieSI6ICJKNkRFWXV5SW90NDM0WG5WOE5GTWppb1cxLUFtSkVCRHdwTW9wRUt4WUdrIn1dfSwgImNvbnNlbnRfZGF0YSI6ICJleUpqYjI1elpXNTBYM1JsZUhRaU9pQWlVbWxrWlhJZ2NISnZZMlZ6YzJWeklIbHZkWElnY0dWeWMyOXVZV3dnWkdGMFlTQmhZMk52Y21ScGJtY2dkRzhnYjNWeUlIQnlhWFpoWTNrZ2NHOXNhV041SWl3Z0luQnZiR2xqZVY5c2FXNXJJam9nSW1oMGRIQnpPaTh2WkdWMlpXeHZjR1Z5TG1GdVpISnZhV1F1WTI5dEwybGtaVzUwYVhSNUwyUnBaMmwwWVd3dFkzSmxaR1Z1ZEdsaGJITXZZM0psWkdWdWRHbGhiQzEyWlhKcFptbGxjaUlzSUNKd2IyeHBZM2xmZEdWNGRDSTZJQ0pNWldGeWJpQmhZbTkxZENCd2NtbDJZV041SUhCdmJHbGplU0o5IiwgInN0YXRlIjogIm9wdGlvbmFsX3N0YXRlX3ZhbHVlIn0.w7_X5hLwjDxw26GguGjxuJnhxfcmqtbcCPiTobUrGpoFIvYWat9Luqi5r8ZTu_CIfC3rismGsYZH6ozNQwXgnw",
39+
"vct_values": [
40+
"number-verification/device-phone-number/ts43"
41+
]
42+
}
43+
}
44+
]
45+
},
46+
"nonce": "kk43JKaPscajjXp34fR8puHjtPMrcOB32K5wKMD5Cbw",
47+
"response_mode": "dc_api",
48+
"response_type": "vp_token"
49+
}
50+
}
51+
]
52+
}

matcher/pnv/test/data/request3.json

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
{
2+
"requests": [
3+
{
4+
"protocol": "openid4vp-v1-unsigned",
5+
"data": {
6+
"dcql_query": {
7+
"credentials": [
8+
{
9+
"claims": [
10+
{
11+
"path": [
12+
"subscription_hint"
13+
],
14+
"values": [
15+
2
16+
]
17+
},
18+
{
19+
"path": [
20+
"carrier_hint"
21+
],
22+
"values": [
23+
"910250"
24+
]
25+
},
26+
{
27+
"path": [
28+
"android_carrier_hint"
29+
],
30+
"values": [
31+
3
32+
]
33+
},
34+
{
35+
"path": [
36+
"phone_number_hint"
37+
],
38+
"values": [
39+
"+17502157890",
40+
"+16502157890"
41+
]
42+
}
43+
],
44+
"format": "dc-authorization+sd-jwt",
45+
"id": "aggregator1",
46+
"meta": {
47+
"credential_authorization_jwt": "eyJhbGciOiJFUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJ4NWMiOlsiTUlJQ3BUQ0NBa3VnQXdJQkFnSVVDOWZOSnBkVU1RWWRCbDFuaDgrUml0UndNRDh3Q2dZSUtvWkl6ajBFQXdJd2VERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeEZqQVVCZ05WQkFjTURVMXZkVzUwWVdsdUlGWnBaWGN4R3pBWkJnTlZCQW9NRWtWNFlXMXdiR1VnUVdkbmNtVm5ZWFJ2Y2pFZk1CMEdBMVVFQXd3V1pYaGhiWEJzWlMxaFoyZHlaV2RoZEc5eUxtUmxkakFlRncweU5UQTFNVEV5TWpRd01EVmFGdzB6TlRBME1qa3lNalF3TURWYU1IZ3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saE1SWXdGQVlEVlFRSERBMU5iM1Z1ZEdGcGJpQldhV1YzTVJzd0dRWURWUVFLREJKRmVHRnRjR3hsSUVGblozSmxaMkYwYjNJeEh6QWRCZ05WQkFNTUZtVjRZVzF3YkdVdFlXZG5jbVZuWVhSdmNpNWtaWFl3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVJRcW5LTGw5U2g4dFcwM0h5aVBnOVRUcGlyQVg2V2haKzlJSWhVWFJGcDlxRFM0eW5YeG1GbjMzWk5nMTlQR1VzRWpxNGwzam9Penh2cHhqWDRoL1JlbzRHeU1JR3ZNQjBHQTFVZERnUVdCQlFBV1I5czRrWFRjeHJPeTFLSE12UldTSkg5YmpBZkJnTlZIU01FR0RBV2dCUUFXUjlzNGtYVGN4ck95MUtITXZSV1NKSDliakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJSGdEQXBCZ05WSFJJRUlqQWdoaDVvZEhSd2N6b3ZMMlY0WVcxd2JHVXRZV2RuY21WbllYUnZjaTVqYjIwd0lRWURWUjBSQkJvd0dJSVdaWGhoYlhCc1pTMWhaMmR5WldkaGRHOXlMbU52YlRBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlCeERROUZiby9EUVRkbVNaS0NURUlHOXZma0JkWU5jVHcxUkkzT0k2L25KUUloQUw1NmU3YkVNOTlSTTFTUDAyd3gzbHhxZFZCWnhiVEhJcllCQkY3Y0FzYjMiXX0.eyJpc3MiOiAiZGNhZ2dyZWdhdG9yLmRldiIsICJub25jZSI6ICJrazQzSkthUHNjYWpqWHAzNGZSOHB1SGp0UE1yY09CMzJLNXdLTUQ1Q2J3IiwgImVuY3J5cHRlZF9yZXNwb25zZV9lbmNfdmFsdWVzX3N1cHBvcnRlZCI6IFsiQTEyOEdDTSJdLCAiandrcyI6IHsia2V5cyI6IFt7Imt0eSI6ICJFQyIsICJ1c2UiOiAiZW5jIiwgImFsZyI6ICJFQ0RILUVTIiwgImtpZCI6ICIxIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIjl5TGgtNkJJQ1pMUWdKcGEzdl9FQS1ZbkIyU2FhV1BLWGZQWGNKa2EwMGciLCAieSI6ICJKNkRFWXV5SW90NDM0WG5WOE5GTWppb1cxLUFtSkVCRHdwTW9wRUt4WUdrIn1dfSwgImNvbnNlbnRfZGF0YSI6ICJleUpqYjI1elpXNTBYM1JsZUhRaU9pQWlVbWxrWlhJZ2NISnZZMlZ6YzJWeklIbHZkWElnY0dWeWMyOXVZV3dnWkdGMFlTQmhZMk52Y21ScGJtY2dkRzhnYjNWeUlIQnlhWFpoWTNrZ2NHOXNhV041SWl3Z0luQnZiR2xqZVY5c2FXNXJJam9nSW1oMGRIQnpPaTh2WkdWMlpXeHZjR1Z5TG1GdVpISnZhV1F1WTI5dEwybGtaVzUwYVhSNUwyUnBaMmwwWVd3dFkzSmxaR1Z1ZEdsaGJITXZZM0psWkdWdWRHbGhiQzEyWlhKcFptbGxjaUlzSUNKd2IyeHBZM2xmZEdWNGRDSTZJQ0pNWldGeWJpQmhZbTkxZENCd2NtbDJZV041SUhCdmJHbGplU0o5IiwgInN0YXRlIjogIm9wdGlvbmFsX3N0YXRlX3ZhbHVlIn0.w7_X5hLwjDxw26GguGjxuJnhxfcmqtbcCPiTobUrGpoFIvYWat9Luqi5r8ZTu_CIfC3rismGsYZH6ozNQwXgnw",
48+
"vct_values": [
49+
"number-verification/verify/ts43"
50+
]
51+
}
52+
}
53+
]
54+
},
55+
"nonce": "kk43JKaPscajjXp34fR8puHjtPMrcOB32K5wKMD5Cbw",
56+
"response_mode": "dc_api",
57+
"response_type": "vp_token"
58+
}
59+
}
60+
]
61+
}

0 commit comments

Comments
 (0)