@dwn-protocol/id-sdk 0.2.5 → 0.2.6

package/src/credentials/status-list.ts

@@ -1,365 +0,0 @@
-import type { IDAgent } from '../agent/index.js';
-import type { DwnApi } from '../dwn-api.js';
-import type { Record } from '../record.js';
-import type { VerifiableCredential, SignOptions } from './credential.js';
-import { VerifiableCredential as VC } from './credential.js';
-import { v4 as uuidv4 } from 'uuid';
-import { getCurrentXmlSchema112Timestamp } from './utils.js';
-import { Convert } from '../common/index.js';
-import pako from 'pako';
-
-/**
- * Constants for Status List 2021 implementation
- */
-export const STATUS_LIST_DATA_FORMAT = 'application/vc-status-list+jwt';
-export const STATUS_LIST_SCHEMA = 'StatusList2021Credential';
-export const STATUS_LIST_CONTEXT = 'https://w3id.org/vc/status-list/2021/v1';
-
-/**
- * Status purpose types as per Status List 2021 spec
- */
-export type StatusPurpose = 'revocation' | 'suspension';
-
-/**
- * Options for creating a status list credential
- */
-export type CreateStatusListOptions = {
-  issuer: string;
-  statusPurpose: StatusPurpose;
-  signOptions: SignOptions;
-  size?: number; // Optional: size of bitstring (default: 131072 bits = 16KB uncompressed)
-};
-
-/**
- * Options for revoking a credential
- */
-export type RevokeCredentialOptions = {
-  credentialId: string;
-  statusListRecordId: string;
-  statusListIndex: number;
-  signOptions: SignOptions;
-};
-
-/**
- * Options for checking credential status
- */
-export type CheckStatusOptions = {
-  statusListCredentialId: string;
-  statusListIndex: number;
-  statusListRecordId?: string; // Optional: if status list is in DWN
-};
-
-/**
- * Status List 2021 implementation for credential revocation
- * Based on: https://w3c.github.io/vc-status-list-2021/
- *
- * @beta
- */
-export class StatusListManager {
-  private agent: IDAgent;
-  private connectedDid: string;
-  private dwnApi: DwnApi;
-
-  constructor(options: { agent: IDAgent, connectedDid: string, dwnApi: DwnApi }) {
-    this.agent = options.agent;
-    this.connectedDid = options.connectedDid;
-    this.dwnApi = options.dwnApi;
-  }
-
-  /**
-   * Create a Status List Credential for tracking revocation/suspension status
-   *
-   * @param options - Options for creating the status list
-   * @returns Status list credential and DWN record
-   */
-  async createStatusList(options: CreateStatusListOptions): Promise<{
-    statusListCredential: VerifiableCredential;
-    statusListJwt: string;
-    record: Record;
-  }> {
-    const { issuer, statusPurpose, signOptions, size = 131072 } = options;
-
-    // Create empty bitstring (all zeros = no credentials revoked)
-    const bitstring = new Uint8Array(Math.ceil(size / 8));
-    bitstring.fill(0);
-
-    // Compress bitstring with gzip
-    const compressed = pako.gzip(bitstring);
-
-    // Base64url encode the compressed bitstring
-    const encodedList = Convert.uint8Array(compressed).toBase64Url();
-
-    // Create status list credential subject
-    const statusListId = `urn:uuid:${uuidv4()}`;
-    const credentialSubject = {
-      id: `${statusListId}#list`,
-      type: 'StatusList2021',
-      statusPurpose: statusPurpose,
-      encodedList: encodedList
-    };
-
-    // Create the status list credential
-    // Note: The subject for a status list credential is the list itself
-    // The subject parameter will be overridden by the id in credentialSubject data
-    const statusListCredential = VC.create({
-      issuer: issuer,
-      subject: statusListId, // This will be overridden by id in credentialSubject
-      data: credentialSubject,
-      type: 'StatusList2021Credential'
-    });
-
-    // Add Status List context
-    statusListCredential.vcDataModel['@context'] = [
-      'https://www.w3.org/2018/credentials/v1',
-      STATUS_LIST_CONTEXT
-    ];
-
-    // Update type to include StatusList2021Credential
-    statusListCredential.vcDataModel.type = [
-      'VerifiableCredential',
-      'StatusList2021Credential'
-    ];
-
-    // Set the ID
-    statusListCredential.vcDataModel.id = statusListId;
-
-    // Sign the status list credential
-    const statusListJwt = await statusListCredential.sign(signOptions);
-
-    // Store in DWN
-    const { record } = await this.dwnApi.records.create({
-      data: statusListJwt,
-      message: {
-        schema: STATUS_LIST_SCHEMA,
-        dataFormat: STATUS_LIST_DATA_FORMAT,
-      },
-    });
-
-    return {
-      statusListCredential,
-      statusListJwt,
-      record
-    };
-  }
-
-  /**
-   * Add credentialStatus to a credential, linking it to a status list
-   *
-   * @param vc - The verifiable credential to add status to
-   * @param statusListCredentialId - The ID of the status list credential
-   * @param statusListIndex - The index in the status list for this credential
-   * @param statusPurpose - The purpose (revocation or suspension)
-   * @returns The credential with credentialStatus added
-   */
-  addCredentialStatus(
-    vc: VerifiableCredential,
-    statusListCredentialId: string,
-    statusListIndex: number,
-    statusPurpose: StatusPurpose = 'revocation'
-  ): VerifiableCredential {
-    const credentialStatus = {
-      id: `${statusListCredentialId}#${statusListIndex}`,
-      type: 'StatusList2021Entry',
-      statusPurpose: statusPurpose,
-      statusListIndex: statusListIndex.toString(),
-      statusListCredential: statusListCredentialId
-    };
-
-    // Add credentialStatus to the VC
-    vc.vcDataModel.credentialStatus = credentialStatus;
-
-    // Add Status List context if not already present
-    const contexts = Array.isArray(vc.vcDataModel['@context'])
-      ? vc.vcDataModel['@context']
-      : [vc.vcDataModel['@context']];
-    
-    if (!contexts.includes(STATUS_LIST_CONTEXT)) {
-      vc.vcDataModel['@context'] = [...contexts, STATUS_LIST_CONTEXT];
-    }
-
-    return vc;
-  }
-
-  /**
-   * Revoke a credential by updating the status list bitstring
-   *
-   * @param options - Options for revoking the credential
-   * @returns Updated status list credential and record
-   */
-  async revokeCredential(options: RevokeCredentialOptions): Promise<{
-    statusListCredential: VerifiableCredential;
-    statusListJwt: string;
-    record: Record;
-  }> {
-    return this.updateCredentialStatus({
-      ...options,
-      revoked: true
-    });
-  }
-
-  /**
-   * Suspend a credential by updating the status list bitstring
-   *
-   * @param options - Options for suspending the credential
-   * @returns Updated status list credential and record
-   */
-  async suspendCredential(options: RevokeCredentialOptions): Promise<{
-    statusListCredential: VerifiableCredential;
-    statusListJwt: string;
-    record: Record;
-  }> {
-    return this.updateCredentialStatus({
-      ...options,
-      revoked: true // Suspension also sets the bit to 1
-    });
-  }
-
-  /**
-   * Check if a credential is revoked or suspended
-   *
-   * @param options - Options for checking status
-   * @returns Status information
-   */
-  async checkStatus(options: CheckStatusOptions): Promise<{
-    revoked: boolean;
-    suspended: boolean;
-  }> {
-    const { statusListCredentialId, statusListIndex, statusListRecordId } = options;
-
-    let statusListJwt: string;
-
-    // Resolve status list credential
-    if (statusListRecordId) {
-      // Read from DWN
-      const { record } = await this.dwnApi.records.read({
-        message: {
-          filter: {
-            recordId: statusListRecordId
-          }
-        }
-      });
-
-      statusListJwt = await record.data.text();
-    } else {
-      // Try to resolve from URL (external status list)
-      // For now, we'll require statusListRecordId for SDK-native status lists
-      throw new Error('statusListRecordId is required for DWN-based status lists');
-    }
-
-    // Parse the status list credential
-    const statusListVc = VC.parseJwt(statusListJwt);
-    const credentialSubject = statusListVc.vcDataModel.credentialSubject as any;
-
-    if (!credentialSubject || !credentialSubject.encodedList) {
-      throw new Error('Invalid status list credential: missing encodedList');
-    }
-
-    // Decode and decompress the bitstring
-    const encodedList = credentialSubject.encodedList;
-    const compressed = Convert.base64Url(encodedList).toUint8Array();
-    const bitstring = pako.ungzip(compressed);
-
-    // Check the bit at the specified index
-    const byteIndex = Math.floor(statusListIndex / 8);
-    const bitIndex = statusListIndex % 8;
-
-    if (byteIndex >= bitstring.length) {
-      throw new Error(`Status list index ${statusListIndex} is out of bounds`);
-    }
-
-    const byte = bitstring[byteIndex];
-    const bit = (byte >> bitIndex) & 1;
-    const isRevoked = bit === 1;
-
-    // Determine if it's revocation or suspension based on statusPurpose
-    const statusPurpose = credentialSubject.statusPurpose as StatusPurpose;
-    const revoked = isRevoked && statusPurpose === 'revocation';
-    const suspended = isRevoked && statusPurpose === 'suspension';
-
-    return { revoked, suspended };
-  }
-
-  /**
-   * Private method to update credential status in a status list
-   */
-  private async updateCredentialStatus(options: RevokeCredentialOptions & { revoked: boolean }): Promise<{
-    statusListCredential: VerifiableCredential;
-    statusListJwt: string;
-    record: Record;
-  }> {
-    const { statusListRecordId, statusListIndex, signOptions, revoked } = options;
-
-    // Read the existing status list record
-    const { record } = await this.dwnApi.records.read({
-      message: {
-        filter: {
-          recordId: statusListRecordId
-        }
-      }
-    });
-
-    const statusListJwt = await record.data.text();
-    const statusListVc = VC.parseJwt(statusListJwt);
-
-    // Get the credential subject
-    const credentialSubject = statusListVc.vcDataModel.credentialSubject as any;
-    if (!credentialSubject || !credentialSubject.encodedList) {
-      throw new Error('Invalid status list credential: missing encodedList');
-    }
-
-    // Decode and decompress the bitstring
-    const encodedList = credentialSubject.encodedList;
-    const compressed = Convert.base64Url(encodedList).toUint8Array();
-    const bitstring = pako.ungzip(compressed);
-
-    // Update the bit at the specified index
-    const byteIndex = Math.floor(statusListIndex / 8);
-    const bitIndex = statusListIndex % 8;
-
-    if (byteIndex >= bitstring.length) {
-      throw new Error(`Status list index ${statusListIndex} is out of bounds`);
-    }
-
-    // Set or clear the bit
-    if (revoked) {
-      bitstring[byteIndex] |= (1 << bitIndex); // Set bit to 1
-    } else {
-      bitstring[byteIndex] &= ~(1 << bitIndex); // Clear bit to 0
-    }
-
-    // Re-compress and encode
-    const newCompressed = pako.gzip(bitstring);
-    const newEncodedList = Convert.uint8Array(newCompressed).toBase64Url();
-
-    // Update the credential subject
-    credentialSubject.encodedList = newEncodedList;
-
-    // Create updated status list credential
-    const updatedStatusListVc = VC.create({
-      issuer: statusListVc.issuer,
-      subject: statusListVc.vcDataModel.id || `urn:uuid:${uuidv4()}`,
-      data: credentialSubject,
-      type: 'StatusList2021Credential'
-    });
-
-    // Preserve context and type
-    updatedStatusListVc.vcDataModel['@context'] = statusListVc.vcDataModel['@context'];
-    updatedStatusListVc.vcDataModel.type = statusListVc.vcDataModel.type;
-    updatedStatusListVc.vcDataModel.id = statusListVc.vcDataModel.id;
-
-    // Sign the updated credential
-    const updatedStatusListJwt = await updatedStatusListVc.sign(signOptions);
-
-    // Update the DWN record
-    await record.update({
-      data: updatedStatusListJwt
-    });
-
-    return {
-      statusListCredential: updatedStatusListVc,
-      statusListJwt: updatedStatusListJwt,
-      record
-    };
-  }
-}
-

package/src/credentials/utils.ts

@@ -1,58 +0,0 @@
-/**
- * Retrieves the current timestamp in XML Schema 1.1.2 date-time format.
- *
- * This function omits the milliseconds part from the ISO 8601 timestamp, returning a date-time
- * string in the format "yyyy-MM-ddTHH:mm:ssZ".
- *
- * @returns The current timestamp in XML Schema 1.1.2 format.
- *
- * @example
- * const currentTimestamp = getCurrentXmlSchema112Timestamp(); // "2023-08-23T12:34:56Z"
- */
-export function getCurrentXmlSchema112Timestamp(): string {
-  // Omit the milliseconds part from toISOString() output
-  return new Date().toISOString().replace(/\.\d+Z$/, 'Z');
-}
-
-/**
- * Calculates a future timestamp in XML Schema 1.1.2 date-time format based on a given number of
- * seconds.
- *
- * This function takes a number of seconds and adds it to the current timestamp, returning a
- * date-time string in the format "yyyy-MM-ddTHH:mm:ssZ" without milliseconds.
- *
- * @param secondsInFuture - The number of seconds to project into the future.
- * @returns The future timestamp in XML Schema 1.1.2 format.
- *
- * @example
- * const futureTimestamp = getFutureXmlSchema112Timestamp(60); // "2023-08-23T12:35:56Z"
- */
-export function getFutureXmlSchema112Timestamp(secondsInFuture: number): string {
-  const futureDate = new Date(Date.now() + secondsInFuture * 1000);
-  return futureDate.toISOString().replace(/\.\d+Z$/, 'Z');
-}
-
-/**
- * Validates a timestamp string against the XML Schema 1.1.2 date-time format.
- *
- * This function checks whether the provided timestamp string conforms to the
- * format "yyyy-MM-ddTHH:mm:ssZ", without milliseconds, as defined in XML Schema 1.1.2.
- *
- * @param timestamp - The timestamp string to validate.
- * @returns `true` if the timestamp is valid, `false` otherwise.
- *
- * @example
- * const isValid = isValidXmlSchema112Timestamp('2023-08-23T12:34:56Z'); // true
- */
-export function isValidXmlSchema112Timestamp(timestamp: string): boolean {
-  // Format: yyyy-MM-ddTHH:mm:ssZ
-  const regex = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/;
-  if (!regex.test(timestamp)) {
-    return false;
-  }
-
-  const date = new Date(timestamp);
-
-  return !isNaN(date.getTime());
-}
-

package/src/credentials/validators.ts

@@ -1,52 +0,0 @@
-import {
-  DEFAULT_CONTEXT,
-  DEFAULT_VC_TYPE,
-  VerifiableCredential
-} from './credential.js';
-
-import { isValidXmlSchema112Timestamp } from './utils.js';
-
-import type {
-  ICredentialContextType,
-  ICredentialSubject
-} from '@sphereon/ssi-types';
-
-export class VcValidator {
-  static validateCredentialPayload(vc: VerifiableCredential): void {
-    this.validateContext(vc.vcDataModel['@context']);
-    this.validateVcType(vc.type);
-    this.validateCredentialSubject(vc.vcDataModel.credentialSubject);
-    if (vc.vcDataModel.issuanceDate) this.validateTimestamp(vc.vcDataModel.issuanceDate);
-    if (vc.vcDataModel.expirationDate) this.validateTimestamp(vc.vcDataModel.expirationDate);
-  }
-
-  static validateContext(value: ICredentialContextType | ICredentialContextType[]): void {
-    const input = this.asArray(value);
-    if (input.length < 1 || input.indexOf(DEFAULT_CONTEXT) === -1) {
-      throw new Error(`@context is missing default context "${DEFAULT_CONTEXT}"`);
-    }
-  }
-
-  static validateVcType(value: string | string[]): void {
-    const input = this.asArray(value);
-    if (input.length < 1 || input.indexOf(DEFAULT_VC_TYPE) === -1) {
-      throw new Error(`type is missing default "${DEFAULT_VC_TYPE}"`);
-    }
-  }
-
-  static validateCredentialSubject(value: ICredentialSubject | ICredentialSubject[]): void {
-    if (Object.keys(value).length === 0) {
-      throw new Error(`credentialSubject must not be empty`);
-    }
-  }
-
-  static validateTimestamp(timestamp: string) {
-    if(!isValidXmlSchema112Timestamp(timestamp)){
-      throw new Error(`timestamp is not valid xml schema 112 timestamp`);
-    }
-  }
-
-  static asArray(arg: any | any[]): any[] {
-    return Array.isArray(arg) ? arg : [arg];
-  }
-}

package/src/crypto/algorithms-api/aes/base.ts

@@ -1,49 +0,0 @@
-import { universalTypeOf } from '../../../common/index.js';
-
-import type { IDCrypto } from '../../types/iddwn-crypto.js';
-
-import { checkRequiredProperty } from '../../utils.js';
-import { CryptoAlgorithm } from '../crypto-algorithm.js';
-import { InvalidAccessError, OperationError } from '../errors.js';
-
-export abstract class BaseAesAlgorithm extends CryptoAlgorithm {
-
-  public checkGenerateKey(options: {
-    algorithm: IDCrypto.AesGenerateKeyOptions,
-    keyUsages: IDCrypto.KeyUsage[]
-  }): void {
-    const { algorithm, keyUsages } = options;
-    // Algorithm specified in the operation must match the algorithm implementation processing the operation.
-    this.checkAlgorithmName({ algorithmName: algorithm.name });
-    // The algorithm object must contain a length property.
-    checkRequiredProperty({ property: 'length', inObject: algorithm });
-    // The length specified must be a number.
-    if (universalTypeOf(algorithm.length) !== 'Number') {
-      throw new TypeError(`Algorithm 'length' is not of type: Number.`);
-    }
-    // The length specified must be one of the allowed bit lengths for AES.
-    if (![128, 192, 256].includes(algorithm.length)) {
-      throw new OperationError(`Algorithm 'length' must be 128, 192, or 256.`);
-    }
-    // The key usages specified must be permitted by the algorithm implementation processing the operation.
-    this.checkKeyUsages({ keyUsages, allowedKeyUsages: this.keyUsages });
-  }
-
-  public abstract generateKey(options: {
-    algorithm: IDCrypto.AesGenerateKeyOptions,
-    extractable: boolean,
-    keyUsages: IDCrypto.KeyUsage[]
-  }): Promise<IDCrypto.CryptoKey>;
-
-  public override async deriveBits(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'deriveBits' is not valid for ${this.name} keys.`);
-  }
-
-  public override async sign(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'sign' is not valid for ${this.name} keys.`);
-  }
-
-  public override async verify(): Promise<boolean> {
-    throw new InvalidAccessError(`Requested operation 'verify' is not valid for ${this.name} keys.`);
-  }
-}

package/src/crypto/algorithms-api/aes/ctr.ts

@@ -1,51 +0,0 @@
-import { universalTypeOf } from '../../../common/index.js';
-
-import type { IDCrypto } from '../../types/iddwn-crypto.js';
-
-import { BaseAesAlgorithm } from './base.js';
-import { OperationError } from '../errors.js';
-import { checkRequiredProperty } from '../../utils.js';
-
-export abstract class BaseAesCtrAlgorithm extends BaseAesAlgorithm {
-
-  public readonly name = 'AES-CTR';
-
-  public readonly keyUsages: IDCrypto.KeyUsage[] = ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'];
-
-  public checkAlgorithmOptions(options: {
-    algorithm: IDCrypto.AesCtrOptions,
-    key: IDCrypto.CryptoKey
-  }): void {
-    const { algorithm, key } = options;
-    // Algorithm specified in the operation must match the algorithm implementation processing the operation.
-    this.checkAlgorithmName({ algorithmName: algorithm.name });
-    // The algorithm object must contain a counter property.
-    checkRequiredProperty({ property: 'counter', inObject: algorithm });
-    // The counter must a Uint8Array.
-    if (!(universalTypeOf(algorithm.counter) === 'Uint8Array')) {
-      throw new TypeError(`Algorithm 'counter' is not of type: Uint8Array.`);
-    }
-    // The initial value of the counter block must be 16 bytes long (the AES block size).
-    if (algorithm.counter.byteLength !== 16) {
-      throw new OperationError(`Algorithm 'counter' must have length: 16 bytes.`);
-    }
-    // The algorithm object must contain a length property.
-    checkRequiredProperty({ property: 'length', inObject: algorithm });
-    // The length specified must be a number.
-    if (universalTypeOf(algorithm.length) !== 'Number') {
-      throw new TypeError(`Algorithm 'length' is not of type: Number.`);
-    }
-    // The length specified must be between 1 and 128.
-    if ((algorithm.length < 1 || algorithm.length > 128)) {
-      throw new OperationError(`Algorithm 'length' should be in the range: 1 to 128.`);
-    }
-    // The options object must contain a key property.
-    checkRequiredProperty({ property: 'key', inObject: options });
-    // The key object must be a CryptoKey.
-    this.checkCryptoKey({ key });
-    // The key algorithm must match the algorithm implementation processing the operation.
-    this.checkKeyAlgorithm({ keyAlgorithmName: key.algorithm.name });
-    // The CryptoKey object must be a secret key.
-    this.checkKeyType({ keyType: key.type, allowedKeyType: 'secret' });
-  }
-}

package/src/crypto/algorithms-api/aes/index.ts

@@ -1,2 +0,0 @@
-export * from './ctr.js';
-export * from './base.js';