From c54f437d5456ab56e09595355499da2c4a5b27b5 Mon Sep 17 00:00:00 2001 From: vbasiuk Date: Tue, 19 Dec 2023 12:28:31 +0200 Subject: [PATCH] supportSdOperator param (not opts) --- pubsignals/atomicMtpV2.go | 2 +- pubsignals/atomicSigV2.go | 2 +- pubsignals/atomicV3.go | 3 +-- pubsignals/query.go | 13 ++++++++++--- pubsignals/query_test.go | 6 +++--- pubsignals/verifyopts.go | 12 ++---------- 6 files changed, 18 insertions(+), 20 deletions(-) diff --git a/pubsignals/atomicMtpV2.go b/pubsignals/atomicMtpV2.go index b6c166d..f430565 100644 --- a/pubsignals/atomicMtpV2.go +++ b/pubsignals/atomicMtpV2.go @@ -40,7 +40,7 @@ func (c *AtomicQueryMTPV2) VerifyQuery( ClaimPathNotExists: c.ClaimPathNotExists, ValueArraySize: c.ValueArraySize, IsRevocationChecked: c.IsRevocationChecked, - }, verifiablePresentation, opts...) + }, verifiablePresentation, false, opts...) } // VerifyStates verifies user state and issuer claim issuance state in the smart contract. diff --git a/pubsignals/atomicSigV2.go b/pubsignals/atomicSigV2.go index 707fa44..b8ac6d1 100644 --- a/pubsignals/atomicSigV2.go +++ b/pubsignals/atomicSigV2.go @@ -40,7 +40,7 @@ func (c *AtomicQuerySigV2) VerifyQuery( ClaimPathNotExists: c.ClaimPathNotExists, ValueArraySize: c.ValueArraySize, IsRevocationChecked: c.IsRevocationChecked, - }, verifiablePresentation, opts...) + }, verifiablePresentation, false, opts...) if err != nil { return err } diff --git a/pubsignals/atomicV3.go b/pubsignals/atomicV3.go index 0dbbeee..2d8057b 100644 --- a/pubsignals/atomicV3.go +++ b/pubsignals/atomicV3.go @@ -29,7 +29,6 @@ func (c *AtomicQueryV3) VerifyQuery( params map[string]interface{}, opts ...VerifyOpt, ) error { - opts = append(opts, WithSupportSdOperator(true)) err := query.Check(ctx, schemaLoader, &CircuitOutputs{ IssuerID: c.IssuerID, ClaimSchema: c.ClaimSchema, @@ -49,7 +48,7 @@ func (c *AtomicQueryV3) VerifyQuery( OperatorOutput: c.OperatorOutput, Nullifier: c.Nullifier, ProofType: c.ProofType, - }, verifiablePresentation, opts...) + }, verifiablePresentation, true, opts...) if err != nil { return err } diff --git a/pubsignals/query.go b/pubsignals/query.go index 052d1b0..4f08ab0 100644 --- a/pubsignals/query.go +++ b/pubsignals/query.go @@ -102,6 +102,7 @@ func (q Query) Check( loader ld.DocumentLoader, pubSig *CircuitOutputs, verifiablePresentation json.RawMessage, + supportSdOperator bool, opts ...VerifyOpt, ) error { if err := q.verifyIssuer(pubSig); err != nil { @@ -128,7 +129,7 @@ func (q Query) Check( } if err := q.verifyCredentialSubject(pubSig, verifiablePresentation, - schemaBytes, loader, cfg.SupportSdOperator); err != nil { + schemaBytes, loader, supportSdOperator); err != nil { return err } @@ -306,8 +307,14 @@ func (q Query) validateDisclosure(ctx context.Context, pubSig *CircuitOutputs, return errors.New("selective disclosure not available for array of values") } } - } else if pubSig.Operator != circuits.SD { - return errors.New("invalid pub signal operator for selective disclosure") + } else { + if pubSig.Operator != circuits.SD { + return errors.New("invalid pub signal operator for selective disclosure") + } + + if pubSig.OperatorOutput == nil || pubSig.OperatorOutput == big.NewInt(0) { + return errors.New("operator output should be not null or empty") + } } mz, err := merklize.MerklizeJSONLD(ctx, diff --git a/pubsignals/query_test.go b/pubsignals/query_test.go index 9f3b716..490699a 100644 --- a/pubsignals/query_test.go +++ b/pubsignals/query_test.go @@ -289,7 +289,7 @@ func TestCheckRequest_Success(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - err := tt.query.Check(context.Background(), tt.loader, tt.pubSig, tt.vp) + err := tt.query.Check(context.Background(), tt.loader, tt.pubSig, tt.vp, false) require.NoError(t, err) tt.loader.assert(t) }) @@ -501,7 +501,7 @@ func TestCheckRequest_SelectiveDisclosure_Error(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - err := tt.query.Check(context.Background(), tt.loader, tt.pubSig, tt.vp) + err := tt.query.Check(context.Background(), tt.loader, tt.pubSig, tt.vp, false) require.EqualError(t, err, tt.expErr.Error()) tt.loader.assert(t) }) @@ -791,7 +791,7 @@ func TestCheckRequest_Error(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - err := tt.query.Check(context.Background(), tt.loader, tt.pubSig, nil) + err := tt.query.Check(context.Background(), tt.loader, tt.pubSig, nil, false) require.EqualError(t, err, tt.expErr.Error()) tt.loader.assert(t) }) diff --git a/pubsignals/verifyopts.go b/pubsignals/verifyopts.go index eb3cc8e..62b0e49 100644 --- a/pubsignals/verifyopts.go +++ b/pubsignals/verifyopts.go @@ -5,9 +5,9 @@ import ( ) var ( - defaultAuthVerifyOpts = VerifyConfig{AcceptedStateTransitionDelay: time.Minute * 5, SupportSdOperator: false} + defaultAuthVerifyOpts = VerifyConfig{AcceptedStateTransitionDelay: time.Minute * 5} defaultProofVerifyOpts = VerifyConfig{AcceptedStateTransitionDelay: time.Hour, - AcceptedProofGenerationDelay: time.Hour * 24, SupportSdOperator: false} + AcceptedProofGenerationDelay: time.Hour * 24} ) // WithAcceptedStateTransitionDelay sets the delay of the revoked state. @@ -24,13 +24,6 @@ func WithAcceptedProofGenerationDelay(duration time.Duration) VerifyOpt { } } -// WithSupportSdOperator sets the flag of supporting SD operator (v3) or replacing it to EQ (v2). -func WithSupportSdOperator(supportSdOperator bool) VerifyOpt { - return func(v *VerifyConfig) { - v.SupportSdOperator = supportSdOperator - } -} - // VerifyOpt sets options. type VerifyOpt func(v *VerifyConfig) @@ -39,7 +32,6 @@ type VerifyConfig struct { // is the period of time that a revoked state remains valid. AcceptedStateTransitionDelay time.Duration AcceptedProofGenerationDelay time.Duration - SupportSdOperator bool } // ParamNameVerifierDID is a verifier did - specific circuit param for V3, but can be utilized by other circuits