fix: issue where attributes and predicates match

demo/src/Faber.ts

@@ -43,7 +43,6 @@ export class Faber extends BaseAgent {
 
   public async acceptConnection(invitation_url: string) {
     const connectionRecord = await this.receiveConnectionRequest(invitation_url)
-
     this.connectionRecordAliceId = await this.waitForConnection(connectionRecord)
   }
 

packages/core/src/modules/proofs/services/ProofService.ts

@@ -16,6 +16,7 @@ import { EventEmitter } from '../../../agent/EventEmitter'
 import { InjectionSymbols } from '../../../constants'
 import { Attachment, AttachmentData } from '../../../decorators/attachment/Attachment'
 import { AriesFrameworkError } from '../../../error'
+import { checkProofRequestForDuplicates } from '../../../utils'
 import { JsonEncoder } from '../../../utils/JsonEncoder'
 import { JsonTransformer } from '../../../utils/JsonTransformer'
 import { uuid } from '../../../utils/uuid'
@@ -257,8 +258,8 @@ export class ProofService {
       comment?: string
     }
   ): Promise<ProofProtocolMsgReturnType<RequestPresentationMessage>> {
-    // Assert attribute and predicate group names do not match
-    this.assertAttributePredicateGroupNamesDoNotMatch(proofRequest)
+    // Assert attribute and predicate (group) names do not match
+    checkProofRequestForDuplicates(proofRequest)
 
     // Assert
     proofRecord.assertState(ProofState.ProposalReceived)
@@ -305,8 +306,8 @@ export class ProofService {
   ): Promise<ProofProtocolMsgReturnType<RequestPresentationMessage>> {
     this.logger.debug(`Creating proof request`)
 
-    // Assert attribute and predicate group names do not match
-    this.assertAttributePredicateGroupNamesDoNotMatch(proofRequest)
+    // Assert attribute and predicate (group) names do not match
+    checkProofRequestForDuplicates(proofRequest)
 
     // Assert
     connectionRecord?.assertReady()
@@ -369,8 +370,8 @@ export class ProofService {
     }
     await validateOrReject(proofRequest)
 
-    // Assert attribute and predicate group names do not match
-    this.assertAttributePredicateGroupNamesDoNotMatch(proofRequest)
+    // Assert attribute and predicate (group) names do not match
+    checkProofRequestForDuplicates(proofRequest)
 
     this.logger.debug('received proof request', proofRequest)
 

packages/core/src/utils/__tests__/indyProofRequest.test.ts

@@ -0,0 +1,240 @@
+import type { IndyCredentialMetadata } from '../../modules/credentials/models/CredentialInfo'
+import type { CustomCredentialTags, CredentialPreviewAttribute, RequestCredentialMessage } from '@aries-framework/core'
+
+import { checkProofRequestForDuplicates } from '..'
+import { Attachment, AttachmentData } from '../../decorators/attachment/Attachment'
+
+import {
+  CredentialMetadataKeys,
+  AriesFrameworkError,
+  AttributeFilter,
+  PredicateType,
+  ProofAttributeInfo,
+  ProofPredicateInfo,
+  ProofRequest,
+  CredentialState,
+  OfferCredentialMessage,
+  CredentialRecord,
+  CredentialPreview,
+} from '@aries-framework/core'
+
+export const INDY_CREDENTIAL_OFFER_ATTACHMENT_ID = 'libindy-cred-offer-0'
+
+const credentialPreview = CredentialPreview.fromRecord({
+  name: 'John',
+  age: '99',
+})
+
+const offerAttachment = new Attachment({
+  id: INDY_CREDENTIAL_OFFER_ATTACHMENT_ID,
+  mimeType: 'application/json',
+  data: new AttachmentData({
+    base64:
+      'eyJzY2hlbWFfaWQiOiJhYWEiLCJjcmVkX2RlZl9pZCI6IlRoN01wVGFSWlZSWW5QaWFiZHM4MVk6MzpDTDoxNzpUQUciLCJub25jZSI6Im5vbmNlIiwia2V5X2NvcnJlY3RuZXNzX3Byb29mIjp7fX0',
+  }),
+})
+
+const mockCredentialRecord = ({
+  state,
+  requestMessage,
+  metadata,
+  threadId,
+  connectionId,
+  tags,
+  id,
+  credentialAttributes,
+}: {
+  state?: CredentialState
+  requestMessage?: RequestCredentialMessage
+  metadata?: IndyCredentialMetadata & { indyRequest: Record<string, unknown> }
+  tags?: CustomCredentialTags
+  threadId?: string
+  connectionId?: string
+  id?: string
+  credentialAttributes?: CredentialPreviewAttribute[]
+} = {}) => {
+  const offerMessage = new OfferCredentialMessage({
+    comment: 'some comment',
+    credentialPreview: credentialPreview,
+    offerAttachments: [offerAttachment],
+  })
+
+  const credentialRecord = new CredentialRecord({
+    offerMessage,
+    id,
+    credentialAttributes: credentialAttributes || credentialPreview.attributes,
+    requestMessage,
+    state: state || CredentialState.OfferSent,
+    threadId: threadId ?? offerMessage.id,
+    connectionId: connectionId ?? '123',
+    tags,
+  })
+
+  if (metadata?.indyRequest) {
+    credentialRecord.metadata.set(CredentialMetadataKeys.IndyRequest, { ...metadata.indyRequest })
+  }
+
+  if (metadata?.schemaId) {
+    credentialRecord.metadata.add(CredentialMetadataKeys.IndyCredential, {
+      schemaId: metadata.schemaId,
+    })
+  }
+
+  if (metadata?.credentialDefinitionId) {
+    credentialRecord.metadata.add(CredentialMetadataKeys.IndyCredential, {
+      credentialDefinitionId: metadata.credentialDefinitionId,
+    })
+  }
+
+  return credentialRecord
+}
+
+describe('Present Proof', () => {
+  let secCredDef: CredentialRecord
+  let credDef: CredentialRecord
+
+  beforeAll(async () => {
+    credDef = mockCredentialRecord({ state: CredentialState.OfferSent })
+    secCredDef = mockCredentialRecord({ state: CredentialState.OfferSent })
+  })
+
+  test('attribute names match, same cred def filter', async () => {
+    const attributes = {
+      name: new ProofAttributeInfo({
+        name: 'age',
+        restrictions: [
+          new AttributeFilter({
+            credentialDefinitionId: credDef.id,
+          }),
+        ],
+      }),
+      age: new ProofAttributeInfo({
+        name: 'age',
+        restrictions: [
+          new AttributeFilter({
+            credentialDefinitionId: credDef.id,
+          }),
+        ],
+      }),
+    }
+
+    const nonce = 'testtesttest12345'
+
+    const proofRequest = new ProofRequest({
+      name: 'proof-request',
+      version: '1.0',
+      nonce,
+      requestedAttributes: attributes,
+    })
+
+    expect(() => checkProofRequestForDuplicates(proofRequest)).toThrowError(AriesFrameworkError)
+  })
+
+  test('attribute names match with predicates name, same cred def filter', async () => {
+    const attributes = {
+      name: new ProofAttributeInfo({
+        name: 'age',
+        restrictions: [
+          new AttributeFilter({
+            credentialDefinitionId: credDef.id,
+          }),
+        ],
+      }),
+    }
+
+    const predicates = {
+      age: new ProofPredicateInfo({
+        name: 'age',
+        predicateType: PredicateType.GreaterThanOrEqualTo,
+        predicateValue: 50,
+        restrictions: [
+          new AttributeFilter({
+            credentialDefinitionId: credDef.id,
+          }),
+        ],
+      }),
+    }
+
+    const nonce = 'testtesttest12345'
+
+    const proofRequest = new ProofRequest({
+      name: 'proof-request',
+      version: '1.0',
+      nonce,
+      requestedAttributes: attributes,
+      requestedPredicates: predicates,
+    })
+
+    expect(() => checkProofRequestForDuplicates(proofRequest)).toThrowError(AriesFrameworkError)
+  })
+
+  test('attribute names match, different cred def filter', async () => {
+    const attributes = {
+      name: new ProofAttributeInfo({
+        name: 'age',
+        restrictions: [
+          new AttributeFilter({
+            credentialDefinitionId: credDef.id,
+          }),
+        ],
+      }),
+      age: new ProofAttributeInfo({
+        name: 'age',
+        restrictions: [
+          new AttributeFilter({
+            credentialDefinitionId: secCredDef.id,
+          }),
+        ],
+      }),
+    }
+
+    const nonce = 'testtesttest12345'
+
+    const proofRequest = new ProofRequest({
+      name: 'proof-request',
+      version: '1.0',
+      nonce,
+      requestedAttributes: attributes,
+    })
+
+    expect(() => checkProofRequestForDuplicates(proofRequest)).toThrowError(AriesFrameworkError)
+  })
+
+  test('attribute name matches with predicate name, different cred def filter', async () => {
+    const attributes = {
+      name: new ProofAttributeInfo({
+        name: 'age',
+        restrictions: [
+          new AttributeFilter({
+            credentialDefinitionId: credDef.id,
+          }),
+        ],
+      }),
+    }
+
+    const predicates = {
+      age: new ProofPredicateInfo({
+        name: 'age',
+        predicateType: PredicateType.GreaterThanOrEqualTo,
+        predicateValue: 50,
+        restrictions: [
+          new AttributeFilter({
+            credentialDefinitionId: secCredDef.id,
+          }),
+        ],
+      }),
+    }
+
+    const nonce = 'testtesttest12345'
+
+    const proofRequest = new ProofRequest({
+      name: 'proof-request',
+      version: '1.0',
+      nonce,
+      requestedAttributes: attributes,
+      requestedPredicates: predicates,
+    })
+
+    expect(() => checkProofRequestForDuplicates(proofRequest)).toThrowError(AriesFrameworkError)
+  })
+})

packages/core/src/utils/assertNoDuplicates.ts

@@ -0,0 +1,11 @@
+import { AriesFrameworkError } from '../error/AriesFrameworkError'
+
+export function assertNoDuplicatesInArray(arr: string[]) {
+  const arrayLength = arr.length
+  const uniqueArrayLength = new Set(arr).size
+
+  if (arrayLength === uniqueArrayLength) return
+
+  const duplicates = arr.filter((item, index) => arr.indexOf(item) != index)
+  throw new AriesFrameworkError(`The proof request contains duplicate items: ${duplicates.toString()}`)
+}

packages/core/src/utils/index.ts

@@ -5,3 +5,4 @@ export * from './MultiBaseEncoder'
 export * from './buffer'
 export * from './MultiHashEncoder'
 export * from './JWE'
+export * from './indyProofRequest'

packages/core/src/utils/indyProofRequest.ts

@@ -0,0 +1,22 @@
+import type { ProofRequest } from '../modules/proofs/models/ProofRequest'
+
+import { assertNoDuplicatesInArray } from './assertNoDuplicates'
+
+export function attributesToArray(proofRequest: ProofRequest) {
+  // Attributes can contain either a `name` string value or an `names` string array. We reduce it to a single array
+  // containing all attribute names from the requested attributes.
+  return Array.from(proofRequest.requestedAttributes.values()).reduce<string[]>(
+    (names, a) => [...names, ...(a.name ? [a.name] : a.names ? a.names : [])],
+    []
+  )
+}
+
+export function predicatesToArray(proofRequest: ProofRequest) {
+  return Array.from(proofRequest.requestedPredicates.values()).map((a) => a.name)
+}
+
+export function checkProofRequestForDuplicates(proofRequest: ProofRequest) {
+  const attributes = attributesToArray(proofRequest)
+  const predicates = predicatesToArray(proofRequest)
+  assertNoDuplicatesInArray(attributes.concat(predicates))
+}

packages/core/tests/helpers.ts

@@ -664,3 +664,29 @@ export async function setupProofsTest(faberName: string, aliceName: string, auto
     aliceReplay,
   }
 }
+
+export async function setupSecondCredential(
+  faberAgent: Agent,
+  aliceAgent: Agent,
+  faberConnection: ConnectionRecord
+): Promise<string> {
+  const { definition } = await prepareForIssuance(faberAgent, ['name', 'age'])
+
+  const credentialPreview = CredentialPreview.fromRecord({
+    name: 'John',
+    age: '99',
+  })
+
+  await issueCredential({
+    issuerAgent: faberAgent,
+    issuerConnectionId: faberConnection.id,
+    holderAgent: aliceAgent,
+    credentialTemplate: {
+      credentialDefinitionId: definition.id,
+      comment: 'some comment about credential',
+      preview: credentialPreview,
+    },
+  })
+
+  return definition.id
+}

packages/core/tests/proofs.test.ts

@@ -29,6 +29,7 @@ describe('Present Proof', () => {
     testLogger.test('Initializing the agents')
     ;({ faberAgent, aliceAgent, credDefId, faberConnection, aliceConnection, presentationPreview } =
       await setupProofsTest('Faber agent', 'Alice agent'))
+    testLogger.test('Issuing second credential')
   })
 
   afterAll(async () => {
@@ -365,8 +366,6 @@ describe('Present Proof', () => {
         requestedAttributes: attributes,
         requestedPredicates: predicates,
       })
-    ).rejects.toThrowError(
-      `The proof request contains an attribute group name that matches a predicate group name: age`
-    )
+    ).rejects.toThrowError(`The proof request contains duplicate items: age`)
   })
 })