Support credential_sets, but only for single document case.

Author: QZHelen

app/src/main/assets/openid4vp.wasm

@@ -236,11 +236,13 @@ class GetCredentialActivity : FragmentActivity() {
                     val selectedEntryId = JSONObject(entryId!!)
                     val providerIdx = selectedEntryId.getInt("provider_idx")
                     val selectedId = selectedEntryId.getString("id")
+                    val dqclCredId = selectedEntryId.getString("dcql_cred_id")
 
                     val response = processDigitalCredentialOption(
                         it.requestJson,
                         providerIdx,
                         selectedId,
+                        dqclCredId,
                         webOriginOrAppOrigin(
                             origin,
                             request.callingAppInfo.signingInfoCompat.signingCertificateHistory[0].toByteArray()
@@ -407,6 +409,7 @@ class GetCredentialActivity : FragmentActivity() {
         requestJson: String,
         providerIdx: Int,
         selectedID: String,
+        dcqlCredId: String,
         origin: String
     ): DigitalCredentialResult {
         val selectedCredential = CmWalletApplication.credentialRepo.getCredential(selectedID)
@@ -429,7 +432,7 @@ class GetCredentialActivity : FragmentActivity() {
                 val openId4VPRequest = OpenId4VP(requestData, computeClientId(request!!.callingAppInfo))
                 Log.i("GetCredentialActivity", "nonce ${openId4VPRequest.nonce}")
                 val matchedCredential =
-                    openId4VPRequest.performQueryOnCredential(selectedCredential)
+                    openId4VPRequest.performQueryOnCredential(selectedCredential, dcqlCredId)
                 Log.i("GetCredentialActivity", "matchedCredential $matchedCredential")
 
 

app/src/main/java/com/credman/cmwallet/getcred/GetCredentialActivity.kt

@@ -21,12 +21,25 @@ data class MatchedCredential(
 
 fun performQueryOnCredential(
     query: JSONObject,
-    selectedCredential: CredentialItem
+    selectedCredential: CredentialItem,
+    dcqlCredId: String? // Only support a single document
 ): OpenId4VPMatchedCredential {
     require(query.has("credentials")) { "dcql_query must contain a credentials" }
     val credentials = query.getJSONArray("credentials")
-    require(credentials.length() == 1) { "Only support returning a single document" }
-    val credential = credentials.getJSONObject(0)!!
+    val credential = if (dcqlCredId == null) {
+        require(credentials.length() == 1) { "Only support a single document" }
+        credentials.getJSONObject(0)!!
+    } else {
+        credentials.let {
+            for (i in 0..<it.length()) {
+                val dcqlCred = it.getJSONObject(i)
+                if (dcqlCred.optString("id") == dcqlCredId) {
+                    return@let dcqlCred
+                }
+            }
+            throw IllegalStateException("Could not find a matching dcql credential query")
+        }
+    }
 
     require(credential.has("id")) { "dcql_query credential must contain an id" }
     val dcqlId = credential.getString(("id"))

app/src/main/java/com/credman/cmwallet/openid4vp/DCQL.kt

@@ -123,8 +123,8 @@ class OpenId4VP(var requestJson: JSONObject, var clientId: String) {
         return DCQLQuery(dcqlQuery, credentialStore)
     }
 
-    fun performQueryOnCredential(selectedCredential: CredentialItem): OpenId4VPMatchedCredential {
-        return performQueryOnCredential(dcqlQuery, selectedCredential)
+    fun performQueryOnCredential(selectedCredential: CredentialItem, dcqlCredId: String? = null): OpenId4VPMatchedCredential {
+        return performQueryOnCredential(dcqlQuery, selectedCredential, dcqlCredId)
     }
 
     fun getHandover(origin: String): List<Any> {

app/src/main/java/com/credman/cmwallet/openid4vp/OpenId4VP.kt

@@ -206,7 +206,8 @@ cJSON* dcql_query(cJSON* query, cJSON* credential_store) {
             cJSON_AddItemReferenceToObject(candidate_matched_credentials, id, m);
         }
 
-        if (cJSON_GetArraySize(credentials) == cJSON_GetArraySize(candidate_matched_credentials)) {
+        // Only support matching 1 credential for now
+        if (cJSON_GetArraySize(candidate_matched_credentials) > 0) {
             matched_credentials = candidate_matched_credentials;
         }
     }

matcher/dcql.c

@@ -135,6 +135,7 @@ int main() {
                 cJSON* matched_id = cJSON_GetObjectItem(c, "id");
 
                 cJSON_AddItemReferenceToObject(id_obj, "id", matched_id);
+                cJSON_AddItemReferenceToObject(id_obj, "dcql_cred_id", doc_id);
                 cJSON_AddItemReferenceToObject(id_obj, "provider_idx", cJSON_CreateNumber(i));
                 char* id = cJSON_PrintUnformatted(id_obj);