@bedrock/vc-verifier 23.1.0 → 23.3.0

package/lib/config.js

@@ -42,6 +42,7 @@ cfg.supportedSuites = [
 cfg.routes = {
   challenges: '/challenges',
   credentialsVerify: '/credentials/verify',
+  mdl: '/mdl',
   presentationsVerify: '/presentations/verify'
 };
 

package/lib/documentLoader.js

@@ -21,7 +21,7 @@ import '@bedrock/vc-status-list-context';
 import '@bedrock/veres-one-context';
 
 const serviceType = 'vc-verifier';
-let webLoader;
+export let webLoader;
 
 bedrock.events.on('bedrock.init', () => {
   // build web loader if configuration calls for it
@@ -48,14 +48,24 @@ bedrock.events.on('bedrock.init', () => {
  * @param {object} options.config - The verifier instance config.
  * @param {Set} [options.remoteUrlAllowList] - Remote URLs that are
  *   specifically allowed to be loaded (used for status list checks).
+ * @param {Map} [options.cache] - An optional cache of URL => document.
  *
  * @returns {Promise<Function>} The document loader.
  */
-export async function createDocumentLoader({config, remoteUrlAllowList} = {}) {
+export async function createDocumentLoader({
+  config, remoteUrlAllowList, cache = new Map()
+} = {}) {
   const contextDocumentLoader = await createContextDocumentLoader(
     {config, serviceType});
 
   return async function documentLoader(url) {
+    if(cache) {
+      const document = cache.get(url);
+      if(document) {
+        return {contextUrl: null, documentUrl: url, document};
+      }
+    }
+
     // handle DID URLs...
     if(url.startsWith('did:')) {
       let document;

package/lib/envelopes.js

@@ -2,6 +2,7 @@
  * Copyright (c) 2019-2025 Digital Bazaar, Inc. All rights reserved.
  */
 import * as bedrock from '@bedrock/core';
+import * as mdl from './mdl.js';
 import * as vcb from './vcb.js';
 import * as vcjwt from './vcjwt.js';
 
@@ -33,7 +34,7 @@ export async function verifyEnvelopedCredential({
 }
 
 export async function verifyEnvelopedPresentation({
-  config, envelopedPresentation, challenge, domain, checks
+  config, envelopedPresentation, challenge, domain, checks, options
 } = {}) {
   let format;
   try {
@@ -50,6 +51,10 @@ export async function verifyEnvelopedPresentation({
       result = await vcb.verifyEnvelopedPresentation({
         config, contents, format, challenge, checks
       });
+    } else if(format.typeAndSubType === 'application/mdl-vp-token') {
+      result = await mdl.verifyEnvelopedPresentation({
+        config, contents, format, challenge, domain, checks, options
+      });
     } else {
       _throwUnknownFormat(format);
     }
@@ -79,7 +84,7 @@ function _parseEnvelope({envelope}) {
 function _throwUnknownFormat(format) {
   throw new BedrockError(
     `Unknown envelope format "${format.mediaType}".`, {
-      name: 'DataError',
+      name: 'NotSupportedError',
       details: {
         httpStatusCode: 400,
         public: true

package/lib/http.js

@@ -157,7 +157,8 @@ export async function addRoutes({app, service} = {}) {
         const expectedDomain = domain ??
           (presentation?.proof?.domain && 'issuer.example.com');
         const result = await verifyPresentation({
-          config, presentation, challenge, domain: expectedDomain, checks
+          config, presentation, challenge, domain: expectedDomain, checks,
+          options
         });
         response = _createResponse({result, challengeUses, checks});
       } catch(e) {

package/lib/index.js

@@ -6,6 +6,7 @@ import {
   addCborldRoutes, addContextRoutes
 } from '@bedrock/service-context-store';
 import {createService, schemas} from '@bedrock/service-core';
+import {addCaStoreRoutes as addMdlCaStoreRoutes} from './mdl.js';
 import {addRoutes} from './http.js';
 import {initializeServiceAgent} from '@bedrock/service-agent';
 import {verifyOptions} from '../schemas/bedrock-vc-verifier.js';
@@ -53,6 +54,7 @@ bedrock.events.on('bedrock.init', async () => {
   bedrock.events.on('bedrock-express.configure.routes', async app => {
     await addCborldRoutes({app, service});
     await addContextRoutes({app, service});
+    await addMdlCaStoreRoutes({app, service});
     await addRoutes({app, service});
   });
 
@@ -72,10 +74,13 @@ async function validateConfigFn({config} = {}) {
     // set default `verifyOptions` if not given
     const {verifyOptions} = config;
     if(verifyOptions === undefined) {
+      config.verifyOptions = {};
+    }
+    // set default `documentLoader` options
+    if(config.verifyOptions.documentLoader === undefined) {
       config.verifyOptions = {
-        documentLoader: {
-          allowRemoteContexts: false
-        }
+        ...config.verifyOptions,
+        documentLoader: {allowRemoteContexts: false}
       };
     }
   } catch(error) {

package/lib/mdl.js

@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 2025 Digital Bazaar, Inc. All rights reserved.
+ */
+import * as bedrock from '@bedrock/core';
+import {addDocumentRoutes, documentStores} from '@bedrock/service-agent';
+import {
+  createMdlCaStoreBody, updateMdlCaStoreBody
+} from '../schemas/bedrock-vc-verifier.js';
+import {DataItem, Verifier} from '@auth0/mdl';
+
+const {util: {BedrockError}} = bedrock;
+
+const VC_CONTEXT_2 = 'https://www.w3.org/ns/credentials/v2';
+
+const MDL_NAMESPACE = 'org.iso.18013.5.1';
+const MDOC_TYPE_MDL = `${MDL_NAMESPACE}.mDL`;
+const MDL_CA_STORE_TYPE = 'MdlCAStore';
+
+const serviceType = 'vc-verifier';
+
+export async function addCaStoreRoutes({app, service} = {}) {
+  const cfg = bedrock.config['vc-verifier'];
+  const basePath = `${cfg.routes.mdl}/ca-stores`;
+  addDocumentRoutes({
+    app, service,
+    type: MDL_CA_STORE_TYPE,
+    typeName: 'mDL Certificate Authority Store',
+    contentProperty: 'trustedCertificates',
+    basePath,
+    pathParam: 'caStoreId',
+    createBodySchema: createMdlCaStoreBody(),
+    updateBodySchema: updateMdlCaStoreBody()
+  });
+}
+
+export async function verifyEnvelopedPresentation({
+  config, contents, format, challenge, domain, options
+} = {}) {
+  // base64 encoding must NOT be used; vp token is `base64url` encoded
+  if(format.parameters.has('base64')) {
+    throw new BedrockError(
+      `Unknown envelope format "${format.mediaType}".`, {
+        name: 'DataError',
+        details: {
+          httpStatusCode: 400,
+          public: true
+        },
+      });
+  }
+
+  // decoded `contents` is the mDL device response
+  const deviceResponse = Buffer.from(contents, 'base64url');
+
+  // session transcription must be provided modulo:
+  // `domain` which is used as the `responseUri`
+  // `challenge` which is used as the `verifierGeneratedNonce`
+  const sessionTranscript = {
+    ..._getSessionTranscriptFromOptions({options}),
+    responseUri: domain,
+    verifierGeneratedNonce: challenge
+  };
+
+  // fetch CA store(s)
+  const {documentStore} = await documentStores.get({config, serviceType});
+  const caStoreIds = config.verifyOptions?.mdl?.caStores;
+  const caStore = new Set();
+  // FIXME: implement parallel lookup w/limits, for now one CA store is
+  // expected and multiples will be slow, discouraging too many from being used
+  for(const url of caStoreIds) {
+    const doc = await _getCAStoreDocument({documentStore, url});
+    doc.content.trustedCertificates.forEach(caStore.add, caStore);
+  }
+
+  return verifyPresentation({
+    deviceResponse, sessionTranscript, trustedCertificates: [...caStore]
+  });
+}
+
+export async function verifyPresentation({
+  deviceResponse, sessionTranscript, trustedCertificates
+} = {}) {
+  try {
+    const verifier = new Verifier(trustedCertificates);
+    const encodedSessionTranscript = _encodeSessionTranscript(
+      sessionTranscript);
+
+    // uncomment to debug
+    /*
+    const diagnostic = await verifier.getDiagnosticInformation(
+      deviceResponse, {encodedSessionTranscript});
+    console.debug('Diagnostic information:', diagnostic);
+    */
+
+    // verify device response and get selectively disclosed mdoc result
+    const mdoc = await verifier.verify(deviceResponse, {
+      encodedSessionTranscript
+    });
+
+    // ensure `mdoc` has one document and its `type` is `MDOC_TYPE_MDL`
+    if(!(mdoc.documents?.length === 1 &&
+      mdoc.documents[0].docType === MDOC_TYPE_MDL)) {
+      throw new BedrockError(
+        `Unknown mdoc document type "${mdoc.documents[0].docType}"; ` +
+        `expecting "${MDOC_TYPE_MDL}".`, {
+          name: 'NotSupportedError',
+          details: {
+            httpStatusCode: 400,
+            public: true
+          }
+        });
+    }
+
+    // express CBOR-encoded mdoc as an enveloped VC in a VP
+    const cborMdoc = mdoc.encode();
+    const b64Mdl = Buffer.from(cborMdoc).toString('base64');
+    const presentation = {
+      '@context': [VC_CONTEXT_2],
+      type: 'VerifiablePresentation',
+      verifiableCredential: {
+        id: `data:application/mdl;base64,${b64Mdl}`,
+        type: 'EnvelopedVerifiableCredential'
+      }
+    };
+    return {verified: true, presentation};
+  } catch(err) {
+    // capture `err` message, name, and code
+    const cause = new Error(err.message);
+    cause.name = err.name;
+    cause.code = err.code;
+    const error = new Error('Verification error.');
+    error.name = 'VerificationError';
+    error.errors = [cause];
+    return {verified: false, error};
+  }
+}
+
+// returns a full or partial session transcript
+function _getSessionTranscriptFromOptions({options}) {
+  if(!options.mdl?.sessionTranscript) {
+    // no `mdl` session transcription options given
+    return {};
+  }
+
+  // `mdocGeneratedNonce` and `verifierGeneratedNonce` are base64url-encoded
+  // values; the others are passthrough strings
+  const sessionTranscript = {...options.mdl.sessionTranscript};
+  if(sessionTranscript.mdocGeneratedNonce) {
+    sessionTranscript.mdocGeneratedNonce = Buffer
+      .from(sessionTranscript.mdocGeneratedNonce, 'base64url')
+      // note: ISO 18013-7 requires `verifierGeneratedNonce` to be a string
+      .toString('utf8');
+  }
+  if(sessionTranscript.verifierGeneratedNonce) {
+    sessionTranscript.verifierGeneratedNonce = Buffer
+      .from(sessionTranscript.verifierGeneratedNonce, 'base64url')
+      // note: ISO 18013-7 requires `verifierGeneratedNonce` to be a string
+      .toString('utf8');
+  }
+  return sessionTranscript;
+}
+
+function _encodeSessionTranscript(sessionTranscript) {
+  const {
+    mdocGeneratedNonce,
+    clientId,
+    responseUri,
+    verifierGeneratedNonce
+  } = sessionTranscript;
+  const encoded = DataItem.fromData([
+    // deviceEngagementBytes
+    null,
+    // eReaderKeyBytes
+    null,
+    [mdocGeneratedNonce, clientId, responseUri, verifierGeneratedNonce],
+  ]);
+  return DataItem.fromData(encoded).buffer;
+}
+
+async function _getCAStoreDocument({documentStore, url}) {
+  const doc = await documentStore.get({id: url});
+  if(doc.meta.type !== MDL_CA_STORE_TYPE) {
+    // wrong meta type; treat as not found error
+    throw new BedrockError(`Document "${url}" not found.`, {
+      name: 'NotFoundError',
+      details: {
+        url,
+        httpStatusCode: 404,
+        public: true
+      }
+    });
+  }
+  return doc;
+}

package/lib/status.js

@@ -1,10 +1,12 @@
 /*!
- * Copyright (c) 2019-2024 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2019-2025 Digital Bazaar, Inc. All rights reserved.
  */
+import * as bedrock from '@bedrock/core';
 import {
   checkStatus as bitstringStatusListCheckStatus,
   statusTypeMatches as bitstringStatusListStatusTypeMatches
 } from '@digitalbazaar/vc-bitstring-status-list';
+import {createDocumentLoader, webLoader} from './documentLoader.js';
 import {
   checkStatus as revocationListCheckStatus,
   statusTypeMatches as revocationListStatusTypeMatches
@@ -14,13 +16,21 @@ import {
   statusTypeMatches as statusList2020StatusTypeMatches
 } from '@digitalbazaar/vc-status-list';
 import assert from 'assert-plus';
-import {createDocumentLoader} from './documentLoader.js';
+
+const {util: {BedrockError}} = bedrock;
+
+const TERSE_BITSTRING_STATUS_LIST_ENTRY = 'TerseBitstringStatusListEntry';
+// always 2^26 = 67108864 per vc-barcodes spec
+const TERSE_BITSTRING_STATUS_LIST_LENGTH = 67108864;
+const TERSE_STATUS_PURPOSES = ['revocation', 'suspension'];
+const VC_BARCODES_V1_CONTEXT_URL = 'https://w3id.org/vc-barcodes/v1';
 
 const handlerMap = new Map();
 handlerMap.set('BitstringStatusListEntry', {
   checkStatus: bitstringStatusListCheckStatus,
   statusTypeMatches: bitstringStatusListStatusTypeMatches
 });
+// legacy status entry types
 handlerMap.set('RevocationList2020Status', {
   checkStatus: revocationListCheckStatus,
   statusTypeMatches: revocationListStatusTypeMatches
@@ -36,30 +46,66 @@ export function createCheckStatus({config} = {}) {
     assert.object(options.credential, 'options.credential');
 
     try {
-      const {credential} = options;
-      const {credentialStatus} = credential;
-      if(!credentialStatus) {
+      if(!options.credential.credentialStatus) {
         // no status to check
         return {verified: true};
       }
 
-      const handlers = handlerMap.get(credentialStatus.type);
+      // expand every `TerseBitstringStatusListEntry`
+      const cache = new Map();
+      const credential = await _expandAllTerseEntries({
+        credential: options.credential, cache
+      });
+      const {credentialStatus} = credential;
+
+      // normalize credential status to an array
+      const credentialStatuses = Array.isArray(credentialStatus) ?
+        credentialStatus : [credentialStatus];
+
+      // combination of different status types not supported at this time
+      const expectedType = credentialStatuses?.[0]?.type;
+      if(credentialStatuses.some(({type}) => type !== expectedType)) {
+        throw new BedrockError(
+          'Combinations of different credential status types are not ' +
+          'presently supported.', {
+            name: 'NotSupportedError',
+            details: {
+              httpStatusCode: 400,
+              public: true
+            }
+          });
+      }
+
+      // get handlers for `expectedType`
+      const handlers = handlerMap.get(expectedType);
       if(!(handlers && handlers.statusTypeMatches({credential}))) {
-        throw new Error(
-          `Unsupported credentialStatus type "${credentialStatus.type}".`);
+        throw new BedrockError(
+          `Unsupported credentialStatus type "${expectedType}".`, {
+            name: 'NotSupportedError',
+            details: {
+              httpStatusCode: 400,
+              public: true
+            }
+          });
+      }
+
+      // create remote URL allow list from status lists
+      const remoteUrlAllowList = new Set();
+      for(const cs of credentialStatuses) {
+        const url = cs.statusListCredential ?? cs.revocationListCredential;
+        if(url) {
+          remoteUrlAllowList.add(url);
+        }
       }
 
       // document loader needs to only allow web loading of status
       // list VCs, nothing else
       const documentLoader = await createDocumentLoader({
-        config,
-        remoteUrlAllowList: new Set([
-          credentialStatus.statusListCredential ??
-          credentialStatus.revocationListCredential
-        ])
+        config, remoteUrlAllowList, cache
       });
       options = {
         ...options,
+        credential,
         documentLoader
       };
       return await handlers.checkStatus(options);
@@ -68,3 +114,122 @@ export function createCheckStatus({config} = {}) {
     }
   };
 }
+
+async function _expandAllTerseEntries({credential, cache} = {}) {
+  try {
+    // check for any terse entries
+    let hasTerseEntries = false;
+    const {credentialStatus} = credential;
+    if(Array.isArray(credentialStatus)) {
+      hasTerseEntries = credentialStatus.some(
+        cs => cs?.type === TERSE_BITSTRING_STATUS_LIST_ENTRY);
+    } else if(credentialStatus?.type === TERSE_BITSTRING_STATUS_LIST_ENTRY) {
+      hasTerseEntries = true;
+    }
+
+    if(!hasTerseEntries) {
+      return credential;
+    }
+
+    // check for expected context
+    const {'@context': contexts} = credential;
+    if(!Array.isArray(contexts)) {
+      throw new TypeError('"@context" must be an array.');
+    }
+    if(!contexts.includes(VC_BARCODES_V1_CONTEXT_URL)) {
+      throw new TypeError(
+        `The "@context" array must include "${VC_BARCODES_V1_CONTEXT_URL}".`);
+    }
+
+    // expand any `TerseBitstringStatusListEntry` to `BitstringStatusListEntry`
+    credential = structuredClone(credential);
+    if(Array.isArray(credentialStatus)) {
+      credential.credentialStatus = (await Promise.all(
+        credentialStatus.map(
+          async credentialStatus => _expandIfTerseEntry({
+            credentialStatus, cache
+          })))).flat();
+    } else {
+      credential.credentialStatus = await _expandIfTerseEntry({
+        credentialStatus, cache
+      });
+    }
+    return credential;
+  } catch(cause) {
+    throw new BedrockError(
+      `Could not expand terse bitstring status list entries: ${cause.message}`,
+      {
+        name: 'DataError',
+        cause,
+        details: {
+          httpStatusCode: 400,
+          public: true
+        }
+      });
+  }
+}
+
+async function _expandIfTerseEntry({credentialStatus, cache}) {
+  if(credentialStatus?.type !== TERSE_BITSTRING_STATUS_LIST_ENTRY) {
+    // nothing to expand
+    return credentialStatus;
+  }
+
+  if(!webLoader) {
+    throw new BedrockError(
+      `Web loader disabled; cannot load credential status list(s) for `
+      `status type "${credentialStatus.type}".`, {
+        name: 'NotSupportedError',
+        details: {
+          httpStatusCode: 400,
+          public: true
+        }
+      });
+  }
+
+  // compute two possible expanded statuses, for purposes `revocation` and
+  // `suspension`...
+  const credentialStatuses = (await Promise.all(
+    TERSE_STATUS_PURPOSES.map(async statusPurpose => {
+      const expanded = _expandTerseEntry({credentialStatus, statusPurpose});
+      const exists = await _fetchStatusListIfExists({expanded, cache});
+      return exists ? expanded : undefined;
+    }))).filter(cs => !!cs);
+
+  return credentialStatuses;
+}
+
+function _expandTerseEntry({credentialStatus, statusPurpose}) {
+  // compute `statusListCredential` from other params
+  const listIndex = Math.floor(
+    credentialStatus.terseStatusListIndex / TERSE_BITSTRING_STATUS_LIST_LENGTH);
+  const statusListIndex = credentialStatus.terseStatusListIndex %
+    TERSE_BITSTRING_STATUS_LIST_LENGTH;
+  const {terseStatusListBaseUrl} = credentialStatus;
+  const statusListCredential =
+    `${terseStatusListBaseUrl}/${statusPurpose}/${listIndex}`;
+  return {
+    type: 'BitstringStatusListEntry',
+    statusListCredential,
+    statusListIndex: `${statusListIndex}`,
+    statusPurpose
+  };
+}
+
+async function _fetchStatusListIfExists({expanded, cache}) {
+  try {
+    const {statusListCredential} = expanded;
+    if(cache.has(statusListCredential)) {
+      return true;
+    }
+    const {document} = await webLoader(statusListCredential);
+    cache.set(statusListCredential, document);
+    return true;
+  } catch(e) {
+    if(e.message === 'NotFoundError') {
+      // ok for a terse bitstring list to not exist
+      return false;
+    }
+    throw e;
+  }
+}

package/lib/verify.js

@@ -30,7 +30,7 @@ export async function verifyCredential({config, credential, checks} = {}) {
 }
 
 export async function verifyPresentation({
-  config, presentation, challenge, domain, checks
+  config, presentation, challenge, domain, checks, options
 } = {}) {
   if(presentation?.type !== 'EnvelopedVerifiablePresentation') {
     const result = await di.verifyPresentation({
@@ -74,20 +74,40 @@ export async function verifyPresentation({
   }
 
   const presentationResult = await verifyEnvelopedPresentation({
-    config, envelopedPresentation: presentation, challenge, domain, checks
+    config, envelopedPresentation: presentation, challenge, domain, checks,
+    options
   });
-  // verify each `verifiableCredential` in the resulting VP
+  // verify each `verifiableCredential` in the resulting VP, unless the VP
+  // format was mDL, which means there will always be one VC (an enveloped mDL)
+  // and it will already have been verified
   let verified = presentationResult.verified;
   let credentialResults;
   if(!verified) {
     credentialResults = [];
+  } else if(
+    presentationResult.format.typeAndSubType === 'application/mdl-vp-token') {
+    let {verifiableCredential} = presentationResult.presentation;
+    if(Array.isArray(verifiableCredential)) {
+      verifiableCredential = verifiableCredential[0];
+    }
+    credentialResults = [{
+      verified: true,
+      credential: verifiableCredential,
+      format: {
+        mediaType: 'application/mdl',
+        typeAndSubType: 'application/mdl',
+        type: 'application',
+        subType: 'mdl',
+        parameters: {}
+      }
+    }];
   } else if(presentationResult.presentation?.proof &&
     presentationResult.format.typeAndSubType === 'application/jwt') {
     // presentation in the envelope has a `proof` and envelope format is JWT,
     // so recurse to check `proof` field
     const proofResult = await verifyPresentation({
       config, presentation: presentationResult.presentation,
-      challenge, domain, checks
+      challenge, domain, checks, options
     });
     verified = !!(verified && proofResult.presentationResult?.verified);
     presentationResult.proofResult = proofResult;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bedrock/vc-verifier",
-  "version": "23.1.0",
+  "version": "23.3.0",
   "type": "module",
   "description": "Bedrock VC Verifier",
   "main": "./lib/index.js",
@@ -25,6 +25,7 @@
   },
   "homepage": "https://github.com/digitalbazaar/bedrock-vc-verifier",
   "dependencies": {
+    "@auth0/mdl": "^3.0.0",
     "@digitalbazaar/bbs-2023-cryptosuite": "^2.0.1",
     "@digitalbazaar/cborld": "^8.0.0",
     "@digitalbazaar/data-integrity": "^2.5.0",

package/schemas/bedrock-vc-verifier.js

@@ -1,5 +1,5 @@
 /*!
- * Copyright (c) 2022-2024 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2022-2025 Digital Bazaar, Inc. All rights reserved.
  */
 import {schemas} from '@bedrock/validation';
 
@@ -182,6 +182,8 @@ export const verifyOptions = {
     required: ['didResolver']
   }, {
     required: ['documentLoader']
+  }, {
+    required: ['mdl']
   }],
   additionalProperties: false,
   properties: {
@@ -207,6 +209,20 @@ export const verifyOptions = {
           type: 'boolean'
         }
       }
+    },
+    mdl: {
+      title: 'mDL Verification Options',
+      type: 'object',
+      required: ['caStores'],
+      additionalProperties: false,
+      properties: {
+        caStores: {
+          title: 'mDL Certificate Authority Store IDs',
+          type: 'array',
+          minItems: 1,
+          items: {type: 'string'}
+        }
+      }
     }
   }
 };
@@ -258,3 +274,47 @@ export function verifyPresentationBody() {
     }
   };
 }
+
+const sequence = {
+  title: 'sequence',
+  type: 'integer',
+  minimum: 0,
+  maximum: Number.MAX_SAFE_INTEGER - 1
+};
+
+const mdlCaStoreBody = {
+  title: 'mDL Certificate Authority Store Record',
+  type: 'object',
+  required: ['id', 'trustedCertificates'],
+  additionalProperties: false,
+  properties: {
+    id: {
+      title: 'CA Store ID',
+      type: 'string',
+      pattern: '^urn:mdl-ca-store:'
+    },
+    trustedCertificates: {
+      type: 'array',
+      items: {type: 'string'}
+    }
+  }
+};
+
+export function createMdlCaStoreBody() {
+  return {
+    ...mdlCaStoreBody,
+    title: 'createMdlCaStoreBody'
+  };
+}
+
+export function updateMdlCaStoreBody() {
+  return {
+    ...mdlCaStoreBody,
+    required: ['id', 'trustedCertificates', 'sequence'],
+    properties: {
+      ...mdlCaStoreBody.properties,
+      sequence
+    },
+    title: 'updateMdlCaStoreBody'
+  };
+}