Make TrustResult enum more expressive (#326)

* Make TrustResult enum for expressive

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* make id in Credential Query optional

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* remove credneitalSet overasking

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

---------

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

Author: JoTiTu

src/WalletFramework.Oid4Vc/Dcql/Models/CredentialQuery.cs

@@ -38,7 +38,7 @@ public class CredentialQuery
     ///     This MUST be a string identifying the Credential in the response.
     /// </summary>
     [JsonProperty(IdJsonKey)]
-    public string Id { get; set; } = null!;
+    public string? Id { get; set; } = null!;
 
     /// <summary>
     ///     Represents a collection, where each value contains a collection of identifiers for elements in claims that
@@ -59,7 +59,7 @@ public static Validation<CredentialQuery> FromJObject(JObject json)
                 }
 
                 return ValidationFun.Valid(value.Value.ToString());
-            });
+            }).ToOption();
 
         var format = json.GetByKey(FormatJsonKey)
             .OnSuccess(token => token.ToJValue())
@@ -112,13 +112,13 @@ public static Validation<CredentialQuery> FromJObject(JObject json)
     }
 
     private static CredentialQuery Create(
-        string id,
+        Option<string> id,
         string format,
         CredentialMetaQuery meta,
         Option<IEnumerable<CredentialClaimQuery>> claims,
         Option<IEnumerable<IEnumerable<string>>> claimSets) => new()
     {
-        Id = id,
+        Id = id.ToNullable(),
         Format = format,
         Meta = meta,
         Claims = claims.ToNullable()?.ToArray(),

src/WalletFramework.Oid4Vc/Oid4Vp/Models/AuthorizationRequest.cs

@@ -112,7 +112,7 @@ public record AuthorizationRequest
     public X509Chain? X509TrustChain { get; init; }
 
     [JsonIgnore] 
-    public RpAuthResult RpAuthResult { get; init; } = RpAuthResult.GetWithLevelAbort();
+    public RpAuthResult RpAuthResult { get; init; } = RpAuthResult.GetWithLevelUnknown();
 
     [JsonIgnore]
     public OneOf<DcqlQuery, PresentationDefinition> Requirements =>

src/WalletFramework.Oid4Vc/RelyingPartyAuthentication/RegistrationCertificate/OverAskingValidationResult.cs

@@ -22,7 +22,6 @@ internal static OverAskingValidationResult Validate(RequestObject requestObject)
                     .Where(attachment => attachment.Format == Constants.RegistrationCertificateFormat) ?? [];
 
                 List<string> certifiedClaims = [];
-                List<IEnumerable<string>> certifiedClaimSets = [];
 
                 var areTrustChainsValid = true;
                 foreach (var registrationCertificateAttachment in registrationCertificateAttachments)
@@ -37,17 +36,6 @@ internal static OverAskingValidationResult Validate(RequestObject requestObject)
                                 })
                             );
 
-                            var registrationCertifiedClaimSets = registrationCertificate.CredentialSets.Match(
-                                credentialsSets =>
-                                {
-                                    return credentialsSets.SelectMany(
-                                        set => set.Options ?? Enumerable.Empty<string[]>()
-                                    );
-                                },
-                                () => []);
-
-                            certifiedClaimSets.AddRange(registrationCertifiedClaimSets);
-
                             var isValidChain = registrationCertificate.Certificates.IsTrustChainValid();
                             if (!isValidChain)
                             {
@@ -76,20 +64,7 @@ internal static OverAskingValidationResult Validate(RequestObject requestObject)
                     return certifiedClaims.Contains(requestedAttribute);
                 });
 
-                var requestedClaimSets = authorizationRequest
-                    .DcqlQuery!
-                    .CredentialSetQueries?
-                    .SelectMany(query => query.Options ?? []) ?? [];
-                
-                var isOverAskingClaimSets = !requestedClaimSets.All(requestedClaimSet =>
-                {
-                    return certifiedClaimSets.Any(certifiedClaimSet =>
-                    {
-                        return requestedClaimSet.All(certifiedClaimSet.Contains);
-                    });
-                });
-
-                return new OverAskingValidationResult(!isOverAskingClaims && !isOverAskingClaimSets);
+                return new OverAskingValidationResult(!isOverAskingClaims);
             },
             _ => new OverAskingValidationResult(true)
         );

src/WalletFramework.Oid4Vc/RelyingPartyAuthentication/RpAuthResult.cs

@@ -30,11 +30,11 @@ from accessCertificate in AccessCertificate.FromRequestObject(requestObject)
         return result.Match(
             rpAuthResult => rpAuthResult,
             // TODO: Log
-            _ => new RpAuthResult(RpTrustLevel.Abort)
+            _ => new RpAuthResult(RpTrustLevel.ValidationFailed)
         );
     }
 
-    public static RpAuthResult GetWithLevelAbort() => new(RpTrustLevel.Abort);
+    public static RpAuthResult GetWithLevelUnknown() => new(RpTrustLevel.Unknown);
 }
 
 public static class RpAuthResultFun
@@ -45,11 +45,11 @@ public static RpTrustLevel CalculateTrustLevel(
     {
         if (accessCertificateValidationResult.IsValid is false)
         {
-            return RpTrustLevel.Abort;
+            return RpTrustLevel.AccessCertificateValidationFailed;
         }
 
         return overAskingValidationResult.IsValid
-            ? RpTrustLevel.Green
-            : RpTrustLevel.Red;
+            ? RpTrustLevel.ValidationSuccessful
+            : RpTrustLevel.OverAskingValidationFailed;
     }
 }

src/WalletFramework.Oid4Vc/RelyingPartyAuthentication/RpTrustLevel.cs

@@ -2,7 +2,9 @@ namespace WalletFramework.Oid4Vc.RelyingPartyAuthentication;
 
 public enum RpTrustLevel
 {
-    Green,
-    Red,
-    Abort
+    ValidationSuccessful,
+    AccessCertificateValidationFailed,
+    OverAskingValidationFailed,
+    ValidationFailed,
+    Unknown
 }

test/WalletFramework.Oid4Vc.Tests/RelyingPartyAuthentication/RPAuthenticationTests.cs

@@ -41,6 +41,6 @@ public void Valid_Request_results_in_Trust_Level_Green()
 
         var sut = RpAuthResult.ValidateRequestObject(requestObject, rpRegistrarCert);
 
-        sut.TrustLevel.Should().Be(RpTrustLevel.Green);
+        sut.TrustLevel.Should().Be(RpTrustLevel.ValidationSuccessful);
     }
 }