Add more logging to matcher

QZHelen · QZHelen · commit 05361238244d · 2025-08-04T21:35:46.000Z
diff --git a/app/src/main/assets/pnv.wasm b/app/src/main/assets/pnv.wasm
diff --git a/matcher/pnv/dcql.c b/matcher/pnv/dcql.c
@@ -64,6 +64,7 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
             cJSON *cred_auth_json = cJSON_Parse(decoded_cred_auth_json);
             if (!cJSON_HasObjectItem(cred_auth_json, "iss"))
             {
+                printf("The dcql request has no iss value. No match. \n");
                 return matched_credentials;
             }
             cJSON *iss_value = cJSON_GetObjectItemCaseSensitive(cred_auth_json, "iss");
@@ -81,13 +82,15 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
                     cJSON *iss_allowlist = cJSON_GetObjectItemCaseSensitive(curr_candidate, "iss_allowlist");
                     if (iss_allowlist == NULL)
                     {
+                        printf("A candidate credential of type %s passed null iss allowlist check.\n", cJSON_GetStringValue(vct_value));
                         cJSON_AddItemReferenceToArray(candidates, curr_candidate);
                     }
                     else
                     {   
                         cJSON *allowed_iss;
                         cJSON_ArrayForEach(allowed_iss, iss_allowlist) {
                                 if (cJSON_Compare(allowed_iss, iss_value, cJSON_True)) {
+                                    printf("A candidate credential of type %s passed iss allowlist check.\n", cJSON_GetStringValue(vct_value));
                                     cJSON_AddItemReferenceToArray(candidates, curr_candidate);
                                     break;
                                 }
@@ -97,13 +100,17 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
             }
             if (cJSON_HasObjectItem(cred_auth_json, "consent_data"))
             {
+                printf("Request has consent data\n");
                 char *consent_data = cJSON_GetStringValue(cJSON_GetObjectItemCaseSensitive(cred_auth_json, "consent_data"));
                 char *decoded_consent_data_json;
                 int decoded_consent_data_json_len = B64DecodeURL(consent_data, &decoded_consent_data_json);
                 cJSON *consent_data_json = cJSON_Parse(decoded_consent_data_json);
                 aggregator_consent = cJSON_GetObjectItemCaseSensitive(consent_data_json, "consent_text");
+                printf("aggregator_consent %s\n", cJSON_Print(aggregator_consent));
                 aggregator_policy_url = cJSON_GetObjectItemCaseSensitive(consent_data_json, "policy_link");
+                printf("aggregator_policy_url %s\n", cJSON_Print(aggregator_policy_url));
                 aggregator_policy_text = cJSON_GetObjectItemCaseSensitive(consent_data_json, "policy_text");
+                printf("aggregator_policy_text %s\n", cJSON_Print(aggregator_policy_text));
             }
         }
         else
@@ -124,6 +131,7 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
     // Match on the claims
     if (claims == NULL)
     {
+        printf("No claims provided, matching on the whole credential.\n");
         // Match every candidate
         cJSON *candidate;
         cJSON_ArrayForEach(candidate, candidates)
@@ -148,6 +156,7 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
     {
         if (claim_sets == NULL)
         {
+            printf("Matching based on provided claims\n");
             cJSON *candidate;
             cJSON_ArrayForEach(candidate, candidates)
             {
@@ -173,15 +182,19 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
                     cJSON *curr_path;
                     cJSON *curr_claim = candidate_claims;
                     int matched = 1;
+                    printf("Credential claim: %s ", cJSON_Print(curr_claim));
                     cJSON_ArrayForEach(curr_path, paths)
                     {
+                        printf("- requested path %s ", cJSON_Print(curr_path));
                         char *path_value = cJSON_GetStringValue(curr_path);
                         if (cJSON_HasObjectItem(curr_claim, path_value))
                         {
+                            printf("- path found ");
                             curr_claim = cJSON_GetObjectItemCaseSensitive(curr_claim, path_value);
                         }
                         else
                         {
+                            printf("- path not found ");
                             matched = 0;
                             break;
                         }
@@ -195,26 +208,34 @@ cJSON *MatchCredential(cJSON *credential, cJSON *credential_store)
                             {
                                 if (cJSON_Compare(v, cJSON_GetObjectItemCaseSensitive(curr_claim, "value"), cJSON_True))
                                 {
+                                    printf("- claim value matched.\n");
                                     ++matched_claim_count;
                                     break;
                                 }
                             }
                         }
                         else
                         {
+                            printf("- claim matched.\n");
                             ++matched_claim_count;
                         }
+                    } else {
+                        printf("- claim did not match\n.");
                     }
                 }
                 cJSON_AddItemReferenceToObject(matched_credential, "matched_claim_names", matched_claim_names);
                 if (matched_claim_count == cJSON_GetArraySize(claims))
                 {
+                    printf("Cred matched.\n");
                     cJSON_AddItemReferenceToArray(matched_credentials, matched_credential);
+                } else {
+                    printf("Cred did not match. Matched claim count: %d, Expected match count: %d\n.", matched_claim_count, cJSON_GetArraySize(claims));
                 }
             }
         }
         else
         {
+            printf("Matching based on provided claims and claim_sets\n");
             cJSON *candidate;
             cJSON_ArrayForEach(candidate, candidates)
             {
@@ -325,5 +346,7 @@ cJSON *dcql_query(cJSON *query, cJSON *credential_store)
             matched_credentials = candidate_matched_credentials;
         }
     }
+
+    printf("dcql_query return: %s\n", cJSON_Print(matched_credentials));
     return matched_credentials;
 }
diff --git a/matcher/pnv/openid4vp1_0.c b/matcher/pnv/openid4vp1_0.c
@@ -128,7 +128,7 @@ int main() {
                 cJSON* doc_id = cJSON_GetObjectItem(matched_doc, "id");
                 cJSON* c;
                 cJSON_ArrayForEach(c, matched_cred) {
-    //                printf("cred %s\n", cJSON_Print(c));
+                    printf("Attempting to add cred %s\n", cJSON_Print(c));
                     cJSON* id_obj = cJSON_CreateObject();
                     cJSON* matched_id = cJSON_GetObjectItem(c, "id");
 
@@ -179,11 +179,13 @@ int main() {
                             }
                         }
                         matched = 1;
+                        printf("AddStringIdEntry %s\n", id);
                         AddStringIdEntry(id, creds_blob + icon_start_int, icon_len, title, subtitle, disclaimer, NULL);
                         SetAdditionalDisclaimerAndUrlForVerificationEntry(id, aggregator_consent, aggregator_policy_text, aggregator_policy_url);
                         cJSON *matched_claim_names = cJSON_GetObjectItem(c, "matched_claim_names");
                         cJSON *claim;
                         cJSON_ArrayForEach(claim, matched_claim_names) {
+                            printf("AddFieldForStringIdEntry %s, claim value: %s\n", id, cJSON_Print(claim));
                             AddFieldForStringIdEntry(id, cJSON_GetStringValue(claim), NULL);
                         }
                     }

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,7 @@ cJSON MatchCredential(cJSON credential, cJSON *credential_store)`
`64`	`64`	`cJSON *cred_auth_json = cJSON_Parse(decoded_cred_auth_json);`
`65`	`65`	`if (!cJSON_HasObjectItem(cred_auth_json, "iss"))`
`66`	`66`	`{`
	`67`	`+ printf("The dcql request has no iss value. No match. \n");`
`67`	`68`	`return matched_credentials;`
`68`	`69`	`}`
`69`	`70`	`cJSON *iss_value = cJSON_GetObjectItemCaseSensitive(cred_auth_json, "iss");`
`@@ -81,13 +82,15 @@ cJSON MatchCredential(cJSON credential, cJSON *credential_store)`
`81`	`82`	`cJSON *iss_allowlist = cJSON_GetObjectItemCaseSensitive(curr_candidate, "iss_allowlist");`
`82`	`83`	`if (iss_allowlist == NULL)`
`83`	`84`	`{`
	`85`	`+ printf("A candidate credential of type %s passed null iss allowlist check.\n", cJSON_GetStringValue(vct_value));`
`84`	`86`	`cJSON_AddItemReferenceToArray(candidates, curr_candidate);`
`85`	`87`	`}`
`86`	`88`	`else`
`87`	`89`	`{`
`88`	`90`	`cJSON *allowed_iss;`
`89`	`91`	`cJSON_ArrayForEach(allowed_iss, iss_allowlist) {`
`90`	`92`	`if (cJSON_Compare(allowed_iss, iss_value, cJSON_True)) {`
	`93`	`+ printf("A candidate credential of type %s passed iss allowlist check.\n", cJSON_GetStringValue(vct_value));`
`91`	`94`	`cJSON_AddItemReferenceToArray(candidates, curr_candidate);`
`92`	`95`	`break;`
`93`	`96`	`}`
`@@ -97,13 +100,17 @@ cJSON MatchCredential(cJSON credential, cJSON *credential_store)`
`97`	`100`	`}`
`98`	`101`	`if (cJSON_HasObjectItem(cred_auth_json, "consent_data"))`
`99`	`102`	`{`
	`103`	`+ printf("Request has consent data\n");`
`100`	`104`	`char *consent_data = cJSON_GetStringValue(cJSON_GetObjectItemCaseSensitive(cred_auth_json, "consent_data"));`
`101`	`105`	`char *decoded_consent_data_json;`
`102`	`106`	`int decoded_consent_data_json_len = B64DecodeURL(consent_data, &decoded_consent_data_json);`
`103`	`107`	`cJSON *consent_data_json = cJSON_Parse(decoded_consent_data_json);`
`104`	`108`	`aggregator_consent = cJSON_GetObjectItemCaseSensitive(consent_data_json, "consent_text");`
	`109`	`+ printf("aggregator_consent %s\n", cJSON_Print(aggregator_consent));`
`105`	`110`	`aggregator_policy_url = cJSON_GetObjectItemCaseSensitive(consent_data_json, "policy_link");`
	`111`	`+ printf("aggregator_policy_url %s\n", cJSON_Print(aggregator_policy_url));`
`106`	`112`	`aggregator_policy_text = cJSON_GetObjectItemCaseSensitive(consent_data_json, "policy_text");`
	`113`	`+ printf("aggregator_policy_text %s\n", cJSON_Print(aggregator_policy_text));`
`107`	`114`	`}`
`108`	`115`	`}`
`109`	`116`	`else`
`@@ -124,6 +131,7 @@ cJSON MatchCredential(cJSON credential, cJSON *credential_store)`
`124`	`131`	`// Match on the claims`
`125`	`132`	`if (claims == NULL)`
`126`	`133`	`{`
	`134`	`+ printf("No claims provided, matching on the whole credential.\n");`
`127`	`135`	`// Match every candidate`
`128`	`136`	`cJSON *candidate;`
`129`	`137`	`cJSON_ArrayForEach(candidate, candidates)`
`@@ -148,6 +156,7 @@ cJSON MatchCredential(cJSON credential, cJSON *credential_store)`
`148`	`156`	`{`
`149`	`157`	`if (claim_sets == NULL)`
`150`	`158`	`{`
	`159`	`+ printf("Matching based on provided claims\n");`
`151`	`160`	`cJSON *candidate;`
`152`	`161`	`cJSON_ArrayForEach(candidate, candidates)`
`153`	`162`	`{`
`@@ -173,15 +182,19 @@ cJSON MatchCredential(cJSON credential, cJSON *credential_store)`
`173`	`182`	`cJSON *curr_path;`
`174`	`183`	`cJSON *curr_claim = candidate_claims;`
`175`	`184`	`int matched = 1;`
	`185`	`+ printf("Credential claim: %s ", cJSON_Print(curr_claim));`
`176`	`186`	`cJSON_ArrayForEach(curr_path, paths)`
`177`	`187`	`{`
	`188`	`+ printf("- requested path %s ", cJSON_Print(curr_path));`
`178`	`189`	`char *path_value = cJSON_GetStringValue(curr_path);`
`179`	`190`	`if (cJSON_HasObjectItem(curr_claim, path_value))`
`180`	`191`	`{`
	`192`	`+ printf("- path found ");`
`181`	`193`	`curr_claim = cJSON_GetObjectItemCaseSensitive(curr_claim, path_value);`
`182`	`194`	`}`
`183`	`195`	`else`
`184`	`196`	`{`
	`197`	`+ printf("- path not found ");`
`185`	`198`	`matched = 0;`
`186`	`199`	`break;`
`187`	`200`	`}`
`@@ -195,26 +208,34 @@ cJSON MatchCredential(cJSON credential, cJSON *credential_store)`
`195`	`208`	`{`
`196`	`209`	`if (cJSON_Compare(v, cJSON_GetObjectItemCaseSensitive(curr_claim, "value"), cJSON_True))`
`197`	`210`	`{`
	`211`	`+ printf("- claim value matched.\n");`
`198`	`212`	`++matched_claim_count;`
`199`	`213`	`break;`
`200`	`214`	`}`
`201`	`215`	`}`
`202`	`216`	`}`
`203`	`217`	`else`
`204`	`218`	`{`
	`219`	`+ printf("- claim matched.\n");`
`205`	`220`	`++matched_claim_count;`
`206`	`221`	`}`
	`222`	`+ } else {`
	`223`	`+ printf("- claim did not match\n.");`
`207`	`224`	`}`
`208`	`225`	`}`
`209`	`226`	`cJSON_AddItemReferenceToObject(matched_credential, "matched_claim_names", matched_claim_names);`
`210`	`227`	`if (matched_claim_count == cJSON_GetArraySize(claims))`
`211`	`228`	`{`
	`229`	`+ printf("Cred matched.\n");`
`212`	`230`	`cJSON_AddItemReferenceToArray(matched_credentials, matched_credential);`
	`231`	`+ } else {`
	`232`	`+ printf("Cred did not match. Matched claim count: %d, Expected match count: %d\n.", matched_claim_count, cJSON_GetArraySize(claims));`
`213`	`233`	`}`
`214`	`234`	`}`
`215`	`235`	`}`
`216`	`236`	`else`
`217`	`237`	`{`
	`238`	`+ printf("Matching based on provided claims and claim_sets\n");`
`218`	`239`	`cJSON *candidate;`
`219`	`240`	`cJSON_ArrayForEach(candidate, candidates)`
`220`	`241`	`{`
`@@ -325,5 +346,7 @@ cJSON dcql_query(cJSON query, cJSON *credential_store)`
`325`	`346`	`matched_credentials = candidate_matched_credentials;`
`326`	`347`	`}`
`327`	`348`	`}`
	`349`	`+`
	`350`	`+ printf("dcql_query return: %s\n", cJSON_Print(matched_credentials));`
`328`	`351`	`return matched_credentials;`
`329`	`352`	`}`
Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,7 @@ int main() {`
`128`	`128`	`cJSON* doc_id = cJSON_GetObjectItem(matched_doc, "id");`
`129`	`129`	`cJSON* c;`
`130`	`130`	`cJSON_ArrayForEach(c, matched_cred) {`
`131`		`- // printf("cred %s\n", cJSON_Print(c));`
	`131`	`+ printf("Attempting to add cred %s\n", cJSON_Print(c));`
`132`	`132`	`cJSON* id_obj = cJSON_CreateObject();`
`133`	`133`	`cJSON* matched_id = cJSON_GetObjectItem(c, "id");`
`134`	`134`
`@@ -179,11 +179,13 @@ int main() {`
`179`	`179`	`}`
`180`	`180`	`}`
`181`	`181`	`matched = 1;`
	`182`	`+ printf("AddStringIdEntry %s\n", id);`
`182`	`183`	`AddStringIdEntry(id, creds_blob + icon_start_int, icon_len, title, subtitle, disclaimer, NULL);`
`183`	`184`	`SetAdditionalDisclaimerAndUrlForVerificationEntry(id, aggregator_consent, aggregator_policy_text, aggregator_policy_url);`
`184`	`185`	`cJSON *matched_claim_names = cJSON_GetObjectItem(c, "matched_claim_names");`
`185`	`186`	`cJSON *claim;`
`186`	`187`	`cJSON_ArrayForEach(claim, matched_claim_names) {`
	`188`	`+ printf("AddFieldForStringIdEntry %s, claim value: %s\n", id, cJSON_Print(claim));`
`187`	`189`	`AddFieldForStringIdEntry(id, cJSON_GetStringValue(claim), NULL);`
`188`	`190`	`}`
`189`	`191`	`}`