@sphereon/ssi-sdk.vc-status-list 0.32.1-feature.MWALL.717.jwt.decode.crash.15 → 0.32.1-feature.SDK.56.oauth.status.list.34

package/src/types/index.ts

@@ -4,72 +4,107 @@ import {
   ICredentialStatus,
   IIssuer,
   IVerifiableCredential,
-  OriginalVerifiableCredential,
   OrPromise,
+  ProofFormat,
   StatusListCredentialIdMode,
   StatusListDriverType,
   StatusListIndexingDirection,
   StatusListType,
+  StatusListVerifiableCredential,
   StatusPurpose2021,
 } from '@sphereon/ssi-types'
-import {
-  CredentialPayload,
-  IAgentContext,
-  ICredentialIssuer,
-  ICredentialPlugin,
-  ICredentialVerifier,
-  IPluginMethodMap,
-  ProofFormat,
-} from '@veramo/core'
+import { CredentialPayload, IAgentContext, ICredentialIssuer, ICredentialPlugin, ICredentialVerifier, IPluginMethodMap } from '@veramo/core'
 import { DataSource } from 'typeorm'
+import { BitsPerStatus } from '@sd-jwt/jwt-status-list/dist'
 
-export interface CreateNewStatusListFuncArgs extends Omit<StatusList2021ToVerifiableCredentialArgs, 'encodedList'> {
-  correlationId: string
-  length?: number
+export enum StatusOAuth {
+  Valid = 0,
+  Invalid = 1,
+  Suspended = 2,
 }
 
-export interface UpdateStatusListFromEncodedListArgs extends StatusList2021ToVerifiableCredentialArgs {
-  statusListIndex: number | string
-  value: boolean
+export enum Status2021 {
+  Valid = 0,
+  Invalid = 1,
 }
 
-export interface UpdateStatusListFromStatusListCredentialArgs {
-  statusListCredential: OriginalVerifiableCredential
-  keyRef?: string
-  statusListIndex: number | string
-  value: boolean
+export type StatusList2021Args = {
+  indexingDirection: StatusListIndexingDirection
+  statusPurpose?: StatusPurpose2021
+  // todo: validFrom and validUntil
 }
 
-export interface StatusList2021ToVerifiableCredentialArgs {
-  issuer: string | IIssuer
+export type OAuthStatusListArgs = {
+  bitsPerStatus?: BitsPerStatus
+  expiresAt?: string
+}
+
+export type BaseCreateNewStatusListArgs = {
+  type: StatusListType
   id: string
-  type?: StatusListType
+  issuer: string | IIssuer
+  correlationId?: string
+  length?: number
+  proofFormat?: ProofFormat
+  keyRef?: string
+  statusList2021?: StatusList2021Args
+  oauthStatusList?: OAuthStatusListArgs
+}
+
+export type UpdateStatusList2021Args = {
   statusPurpose: StatusPurpose2021
-  encodedList: string
+}
+
+export type UpdateOAuthStatusListArgs = {
+  bitsPerStatus: BitsPerStatus
+  expiresAt?: string
+}
+
+export interface UpdateStatusListFromEncodedListArgs {
+  type?: StatusListType
+  statusListIndex: number | string
+  value: boolean
   proofFormat?: ProofFormat
   keyRef?: string
+  correlationId?: string
+  encodedList: string
+  issuer: string | IIssuer
+  id: string
+  statusList2021?: UpdateStatusList2021Args
+  oauthStatusList?: UpdateOAuthStatusListArgs
+}
 
-  // todo: validFrom and validUntil
+export interface UpdateStatusListFromStatusListCredentialArgs {
+  statusListCredential: StatusListVerifiableCredential // | CompactJWT
+  keyRef?: string
+  statusListIndex: number | string
+  value: number | Status2021 | StatusOAuth
 }
 
-export interface StatusListDetails {
+export interface StatusListResult {
   encodedList: string
+  statusListCredential: StatusListVerifiableCredential // | CompactJWT
   length: number
   type: StatusListType
   proofFormat: ProofFormat
-  statusPurpose: StatusPurpose2021
   id: string
   issuer: string | IIssuer
-  indexingDirection: StatusListIndexingDirection
-  statusListCredential: OriginalVerifiableCredential
+  statusList2021?: StatusList2021Details
+  oauthStatusList?: OAuthStatusDetails
+
   // These cannot be deduced from the VC, so they are present when callers pass in these values as params
   correlationId?: string
   driverType?: StatusListDriverType
   credentialIdMode?: StatusListCredentialIdMode
 }
 
-export interface StatusListResult extends StatusListDetails {
-  statusListCredential: OriginalVerifiableCredential
+interface StatusList2021Details {
+  indexingDirection: StatusListIndexingDirection
+  statusPurpose?: StatusPurpose2021
+}
+
+interface OAuthStatusDetails {
+  bitsPerStatus?: BitsPerStatus
 }
 
 export interface StatusList2021EntryCredentialStatus extends ICredentialStatus {
@@ -79,6 +114,47 @@ export interface StatusList2021EntryCredentialStatus extends ICredentialStatus {
   statusListCredential: string
 }
 
+export interface StatusListOAuthEntryCredentialStatus extends ICredentialStatus {
+  type: 'OAuthStatusListEntry'
+  bitsPerStatus: number
+  statusListIndex: string
+  statusListCredential: string
+  expiresAt?: string
+}
+
+export interface StatusList2021ToVerifiableCredentialArgs {
+  issuer: string | IIssuer
+  id: string
+  type?: StatusListType
+  proofFormat?: ProofFormat
+  keyRef?: string
+  encodedList: string
+  statusPurpose: StatusPurpose2021
+}
+
+export interface CreateStatusListArgs {
+  issuer: string | IIssuer
+  id: string
+  proofFormat?: ProofFormat
+  keyRef?: string
+  correlationId?: string
+  length?: number
+  statusList2021?: StatusList2021Args
+  oauthStatusList?: OAuthStatusListArgs
+}
+
+export interface UpdateStatusListIndexArgs {
+  statusListCredential: StatusListVerifiableCredential // | CompactJWT
+  keyRef?: string
+  statusListIndex: number | string
+  value: number | Status2021 | StatusOAuth
+}
+
+export interface CheckStatusIndexArgs {
+  statusListCredential: StatusListVerifiableCredential // | CompactJWT
+  statusListIndex: string | number
+}
+
 /**
  * The interface definition for a plugin that can add statuslist info to a credential
  *
@@ -95,7 +171,7 @@ export interface IStatusListPlugin extends IPluginMethodMap {
    *
    * @returns - The details of the newly created status list
    */
-  slCreateStatusList(args: CreateNewStatusListArgs, context: IRequiredContext): Promise<StatusListDetails>
+  slCreateStatusList(args: CreateNewStatusListArgs, context: IRequiredContext): Promise<StatusListResult>
 
   /**
    * Ensures status list info like index and list id is added to a credential
@@ -114,7 +190,15 @@ export interface IStatusListPlugin extends IPluginMethodMap {
    * @param args
    * @param context
    */
-  slGetStatusList(args: GetStatusListArgs, context: IRequiredContext): Promise<StatusListDetails>
+  slGetStatusList(args: GetStatusListArgs, context: IRequiredContext): Promise<StatusListResult>
+}
+
+export type CreateNewStatusListFuncArgs = BaseCreateNewStatusListArgs
+
+export type CreateNewStatusListArgs = BaseCreateNewStatusListArgs & {
+  dataSource?: OrPromise<DataSource>
+  dbName?: string
+  isDefault?: boolean
 }
 
 export type IAddStatusToCredentialArgs = Omit<IIssueCredentialStatusOpts, 'dataSource'> & {
@@ -123,7 +207,6 @@ export type IAddStatusToCredentialArgs = Omit<IIssueCredentialStatusOpts, 'dataS
 
 export interface IIssueCredentialStatusOpts {
   dataSource?: DataSource
-
   credentialId?: string // An id to use for the credential. Normally should be set as the crdential.id value
   statusListId?: string // Explicit status list to use. Determines the id from the credentialStatus object in the VC itself or uses the default otherwise
   statusListIndex?: number | string
@@ -138,13 +221,12 @@ export type GetStatusListArgs = {
   dbName?: string
 }
 
-export type CreateNewStatusListArgs = CreateNewStatusListFuncArgs & {
-  dataSource?: OrPromise<DataSource>
-  dbName?: string
-  isDefault?: boolean
-}
-
 export type CredentialWithStatusSupport = ICredential | CredentialPayload | IVerifiableCredential
 
+export type SignedStatusListData = {
+  statusListCredential: StatusListVerifiableCredential
+  encodedList: string
+}
+
 export type IRequiredPlugins = ICredentialPlugin & IIdentifierResolution
 export type IRequiredContext = IAgentContext<ICredentialIssuer & ICredentialVerifier & IIdentifierResolution>

package/src/utils.ts

@@ -0,0 +1,91 @@
+import {
+  CredentialMapper,
+  IIssuer,
+  ProofFormat,
+  StatusListType,
+  StatusListType as StatusListTypeW3C,
+  StatusListVerifiableCredential,
+} from '@sphereon/ssi-types'
+import { jwtDecode } from 'jwt-decode'
+
+export function getAssertedStatusListType(type?: StatusListType) {
+  const assertedType = type ?? StatusListType.StatusList2021
+  if (![StatusListType.StatusList2021, StatusListType.OAuthStatusList].includes(assertedType)) {
+    throw Error(`StatusList type ${assertedType} is not supported (yet)`)
+  }
+  return assertedType
+}
+
+export function getAssertedValue<T>(name: string, value: T): NonNullable<T> {
+  if (value === undefined || value === null) {
+    throw Error(`Missing required ${name} value`)
+  }
+  return value
+}
+
+export function getAssertedValues(args: { issuer: string | IIssuer; id: string; type?: StatusListTypeW3C | StatusListType }) {
+  const type = getAssertedStatusListType(args?.type)
+  const id = getAssertedValue('id', args.id)
+  const issuer = getAssertedValue('issuer', args.issuer)
+  return { id, issuer, type }
+}
+
+export function getAssertedProperty<T extends object>(propertyName: string, obj: T): NonNullable<any> {
+  if (!(propertyName in obj)) {
+    throw Error(`The input object does not contain required property: ${propertyName}`)
+  }
+  return getAssertedValue(propertyName, (obj as any)[propertyName])
+}
+
+const ValidProofTypeMap = new Map<StatusListType, ProofFormat[]>([
+  [StatusListType.StatusList2021, ['jwt', 'lds', 'EthereumEip712Signature2021']],
+  [StatusListType.OAuthStatusList, ['jwt', 'cbor']],
+])
+
+export function assertValidProofType(type: StatusListType, proofFormat: ProofFormat) {
+  const validProofTypes = ValidProofTypeMap.get(type)
+  if (!validProofTypes?.includes(proofFormat)) {
+    throw Error(`Invalid proof format '${proofFormat}' for status list type ${type}`)
+  }
+}
+
+export function determineStatusListType(credential: StatusListVerifiableCredential): StatusListType {
+  const proofFormat = determineProofFormat(credential)
+  switch (proofFormat) {
+    case 'jwt':
+      const payload: StatusListVerifiableCredential = jwtDecode(credential as string)
+      const keys = Object.keys(payload)
+      if (keys.includes('status_list')) {
+        return StatusListType.OAuthStatusList
+      } else if (keys.includes('vc')) {
+        return StatusListType.StatusList2021
+      }
+      break
+    case 'lds':
+      const uniform = CredentialMapper.toUniformCredential(credential)
+      const type = uniform.type.find((t) => {
+        return Object.values(StatusListType).some((statusType) => t.includes(statusType))
+      })
+      if (!type) {
+        throw new Error('Invalid status list credential type')
+      }
+      return type.replace('Credential', '') as StatusListType
+
+    case 'cbor':
+      return StatusListType.OAuthStatusList
+  }
+
+  throw new Error('Cannot determine status list type from credential payload')
+}
+
+export function determineProofFormat(credential: StatusListVerifiableCredential): ProofFormat {
+  if (CredentialMapper.isJwtEncoded(credential)) {
+    return 'jwt'
+  } else if (CredentialMapper.isMsoMdocOid4VPEncoded(credential)) {
+    // Just assume Cbor for now, I'd need to decode at least the header to what type of Cbor we have
+    return 'cbor'
+  } else if (CredentialMapper.isCredential(credential)) {
+    return 'lds'
+  }
+  throw Error('Cannot determine credential payload type')
+}