@sphereon/ssi-sdk.vc-status-list 0.32.1-feature.MWALL.717.jwt.decode.crash.15 → 0.32.1-feature.SDK.56.oauth.status.list.39

package/src/functions.ts

@@ -1,41 +1,35 @@
 import { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'
-import {
-  CredentialMapper,
-  DocumentFormat,
-  IIssuer,
-  OriginalVerifiableCredential,
-  StatusListDriverType,
-  StatusListType,
-  StatusPurpose2021,
-} from '@sphereon/ssi-types'
+import { CredentialMapper, ProofFormat, StatusListDriverType, StatusListType, StatusListCredential, StatusPurpose2021 } from '@sphereon/ssi-types'
+import { CredentialStatus, DIDDocument, IAgentContext, ICredentialPlugin, ProofFormat as VmoProofFormat } from '@veramo/core'
 
-import { checkStatus, StatusList } from '@sphereon/vc-status-list'
-import { CredentialStatus, DIDDocument, IAgentContext, ICredentialPlugin, ProofFormat } from '@veramo/core'
+import { checkStatus } from '@sphereon/vc-status-list'
 import { CredentialJwtOrJSON, StatusMethod } from 'credential-status'
 import {
   CreateNewStatusListFuncArgs,
+  Status2021,
   StatusList2021ToVerifiableCredentialArgs,
-  StatusListDetails,
   StatusListResult,
+  StatusOAuth,
   UpdateStatusListFromEncodedListArgs,
   UpdateStatusListFromStatusListCredentialArgs,
 } from './types'
+import { assertValidProofType, determineStatusListType, getAssertedValue, getAssertedValues } from './utils'
+import { getStatusListImplementation } from './impl/StatusListFactory'
 
-export async function fetchStatusListCredential(args: { statusListCredential: string }): Promise<OriginalVerifiableCredential> {
+export async function fetchStatusListCredential(args: { statusListCredential: string }): Promise<StatusListCredential> {
   const url = getAssertedValue('statusListCredential', args.statusListCredential)
   try {
     const response = await fetch(url)
     if (!response.ok) {
-      const error = `Fetching status list ${url} resulted in an error: ${response.status} : ${response.statusText}`
-      throw Error(error)
+      throw Error(`Fetching status list ${url} resulted in an error: ${response.status} : ${response.statusText}`)
     }
     const responseAsText = await response.text()
     if (responseAsText.trim().startsWith('{')) {
-      return JSON.parse(responseAsText) as OriginalVerifiableCredential
+      return JSON.parse(responseAsText) as StatusListCredential
     }
-    return responseAsText as OriginalVerifiableCredential
+    return responseAsText as StatusListCredential
   } catch (error) {
-    console.log(`Fetching status list ${url} resulted in an unexpected error: ${error instanceof Error ? error.message : JSON.stringify(error)}`)
+    console.error(`Fetching status list ${url} resulted in an unexpected error: ${error instanceof Error ? error.message : JSON.stringify(error)}`)
     throw error
   }
 }
@@ -52,7 +46,7 @@ export function statusPluginStatusFunction(args: {
     const result = await checkStatusForCredential({
       ...args,
       documentLoader: args.documentLoader,
-      credential: credential as OriginalVerifiableCredential,
+      credential: credential as StatusListCredential,
       errorUnknownListType: args.errorUnknownListType,
     })
 
@@ -75,7 +69,7 @@ export function vcLibCheckStatusFunction(args: {
 }) {
   const { mandatoryCredentialStatus, verifyStatusListCredential, verifyMatchingIssuers, errorUnknownListType } = args
   return (args: {
-    credential: OriginalVerifiableCredential
+    credential: StatusListCredential
     documentLoader: any
     suite: any
   }): Promise<{
@@ -93,7 +87,7 @@ export function vcLibCheckStatusFunction(args: {
 }
 
 export async function checkStatusForCredential(args: {
-  credential: OriginalVerifiableCredential
+  credential: StatusListCredential
   documentLoader: any
   suite: any
   mandatoryCredentialStatus?: boolean
@@ -132,7 +126,7 @@ export async function simpleCheckStatusFromStatusListUrl(args: {
   type?: StatusListType | 'StatusList2021Entry'
   id?: string
   statusListIndex: string
-}): Promise<boolean> {
+}): Promise<number | Status2021 | StatusOAuth> {
   return checkStatusIndexFromStatusListCredential({
     ...args,
     statusListCredential: await fetchStatusListCredential(args),
@@ -140,163 +134,84 @@ export async function simpleCheckStatusFromStatusListUrl(args: {
 }
 
 export async function checkStatusIndexFromStatusListCredential(args: {
-  statusListCredential: OriginalVerifiableCredential
+  statusListCredential: StatusListCredential
   statusPurpose?: StatusPurpose2021
   type?: StatusListType | 'StatusList2021Entry'
   id?: string
   statusListIndex: string | number
-}): Promise<boolean> {
-  const requestedType = getAssertedStatusListType(args.type?.replace('Entry', '') as StatusListType)
-  const uniform = CredentialMapper.toUniformCredential(args.statusListCredential)
-  const { issuer, type, credentialSubject, id } = uniform
-  getAssertedValue('issuer', issuer) // We are only checking the value here
-  getAssertedValue('credentialSubject', credentialSubject)
-  if (args.statusPurpose && 'statusPurpose' in credentialSubject) {
-    if (args.statusPurpose !== credentialSubject.statusPurpose) {
-      throw Error(
-        `Status purpose in StatusList credential with id ${id} and value ${credentialSubject.statusPurpose} does not match supplied purpose: ${args.statusPurpose}`,
-      )
-    }
-  } else if (args.id && args.id !== id) {
-    throw Error(`Status list id ${id} did not match required supplied id: ${args.id}`)
-  }
-  if (!type || !(type.includes(requestedType) || type.includes(requestedType + 'Credential'))) {
-    throw Error(`Credential type ${JSON.stringify(type)} does not contain requested type ${requestedType}`)
-  }
-  // @ts-ignore
-  const encodedList = getAssertedValue('encodedList', credentialSubject['encodedList'])
-
-  const statusList = await StatusList.decode({ encodedList })
-  const status = statusList.getStatus(typeof args.statusListIndex === 'number' ? args.statusListIndex : Number.parseInt(args.statusListIndex))
-  return status
+}): Promise<number | Status2021 | StatusOAuth> {
+  const statusListType: StatusListType = determineStatusListType(args.statusListCredential)
+  const implementation = getStatusListImplementation(statusListType)
+  return implementation.checkStatusIndex(args)
 }
 
 export async function createNewStatusList(
   args: CreateNewStatusListFuncArgs,
   context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,
 ): Promise<StatusListResult> {
-  const length = args?.length ?? 250000
-  const proofFormat = args?.proofFormat ?? 'lds'
-  const { issuer, type, id } = getAssertedValues(args)
-  const correlationId = getAssertedValue('correlationId', args.correlationId)
-
-  const list = new StatusList({ length })
-  const encodedList = await list.encode()
-  const statusPurpose = args.statusPurpose ?? 'revocation'
-  const statusListCredential = await statusList2021ToVerifiableCredential(
-    {
-      ...args,
-      type,
-      proofFormat,
-      encodedList,
-    },
-    context,
-  )
-
-  return {
-    encodedList,
-    statusListCredential,
-    length,
-    type,
-    proofFormat,
-    id,
-    correlationId,
-    issuer,
-    statusPurpose,
-    indexingDirection: 'rightToLeft',
-  } as StatusListResult
+  const { type } = getAssertedValues(args)
+  const implementation = getStatusListImplementation(type)
+  return implementation.createNewStatusList(args, context)
 }
 
 export async function updateStatusIndexFromStatusListCredential(
   args: UpdateStatusListFromStatusListCredentialArgs,
   context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,
-): Promise<StatusListDetails> {
-  return updateStatusListIndexFromEncodedList(
-    {
-      ...(await statusListCredentialToDetails(args)),
-      statusListIndex: args.statusListIndex,
-      value: args.value,
-    },
-    context,
-  )
+): Promise<StatusListResult> {
+  const credential = getAssertedValue('statusListCredential', args.statusListCredential)
+  const statusListType: StatusListType = determineStatusListType(credential)
+  const implementation = getStatusListImplementation(statusListType)
+  return implementation.updateStatusListIndex(args, context)
 }
 
+// Keeping helper function for backward compatibility
 export async function statusListCredentialToDetails(args: {
-  statusListCredential: OriginalVerifiableCredential
+  statusListCredential: StatusListCredential
   correlationId?: string
   driverType?: StatusListDriverType
-}): Promise<StatusListDetails> {
+}): Promise<StatusListResult> {
   const credential = getAssertedValue('statusListCredential', args.statusListCredential)
   const uniform = CredentialMapper.toUniformCredential(credential)
-  const { issuer, type, credentialSubject } = uniform
-  if (!type.includes('StatusList2021Credential')) {
-    throw Error('StatusList2021Credential type should be present in the Verifiable Credential')
-  }
-  const id = getAssertedValue('id', uniform.id)
-  // @ts-ignore
-  const { encodedList, statusPurpose } = credentialSubject
-  const proofFormat: ProofFormat = CredentialMapper.detectDocumentType(credential) === DocumentFormat.JWT ? 'jwt' : 'lds'
-  return {
-    id,
-    encodedList,
-    issuer,
-    type: StatusListType.StatusList2021,
-    proofFormat,
-    indexingDirection: 'rightToLeft',
-    length: (await StatusList.decode({ encodedList })).length,
-    statusPurpose,
-    statusListCredential: credential,
-    ...(args.correlationId && { correlationId: args.correlationId }),
-    ...(args.driverType && { driverType: args.driverType }),
+  const type = uniform.type.find((t) => t.includes('StatusList2021') || t.includes('OAuth2StatusList'))
+  if (!type) {
+    throw new Error('Invalid status list credential type')
   }
+  const statusListType = type.replace('Credential', '') as StatusListType
+  const implementation = getStatusListImplementation(statusListType)
+  return implementation.updateStatusListIndex(
+    {
+      statusListCredential: args.statusListCredential,
+      statusListIndex: 0,
+      value: 0,
+    },
+    {} as IAgentContext<ICredentialPlugin & IIdentifierResolution>,
+  )
 }
 
 export async function updateStatusListIndexFromEncodedList(
   args: UpdateStatusListFromEncodedListArgs,
   context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,
-): Promise<StatusListDetails> {
-  const { issuer, type, id } = getAssertedValues(args)
-  const proofFormat = args?.proofFormat ?? 'lds'
-  const origEncodedList = getAssertedValue('encodedList', args.encodedList)
-  const index = getAssertedValue('index', typeof args.statusListIndex === 'number' ? args.statusListIndex : Number.parseInt(args.statusListIndex))
-  const value = getAssertedValue('value', args.value)
-  const statusPurpose = getAssertedValue('statusPurpose', args.statusPurpose)
-
-  const statusList = await StatusList.decode({ encodedList: origEncodedList })
-  statusList.setStatus(index, value)
-  const encodedList = await statusList.encode()
-  const statusListCredential = await statusList2021ToVerifiableCredential(
-    {
-      ...args,
-      type,
-      proofFormat,
-      encodedList,
-    },
-    context,
-  )
-  return {
-    encodedList,
-    statusListCredential,
-    length: statusList.length - 1,
-    type,
-    proofFormat,
-    id,
-    issuer,
-    statusPurpose,
-    indexingDirection: 'rightToLeft',
-  }
+): Promise<StatusListResult> {
+  const { type } = getAssertedValue('type', args)
+  const implementation = getStatusListImplementation(type!)
+  return implementation.updateStatusListFromEncodedList(args, context)
 }
 
+// TODO Is this still in use? Or do we need to redesign this after having multiple status list types?
 export async function statusList2021ToVerifiableCredential(
   args: StatusList2021ToVerifiableCredentialArgs,
   context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,
-): Promise<OriginalVerifiableCredential> {
+): Promise<StatusListCredential> {
   const { issuer, id, type } = getAssertedValues(args)
   const identifier = await context.agent.identifierManagedGet({
     identifier: typeof issuer === 'string' ? issuer : issuer.id,
     vmRelationship: 'assertionMethod',
     offlineWhenNoDIDRegistered: true, // FIXME Fix identifier resolution for EBSI
   })
+  const proofFormat: ProofFormat = args?.proofFormat ?? 'lds'
+  assertValidProofType(StatusListType.StatusList2021, proofFormat)
+  const vmoProofFormat: VmoProofFormat = proofFormat as VmoProofFormat
+
   const encodedList = getAssertedValue('encodedList', args.encodedList)
   const statusPurpose = getAssertedValue('statusPurpose', args.statusPurpose)
   const credential = {
@@ -316,31 +231,9 @@ export async function statusList2021ToVerifiableCredential(
   const verifiableCredential = await context.agent.createVerifiableCredential({
     credential,
     keyRef: identifier.kmsKeyRef,
-    proofFormat: args.proofFormat ?? 'lds',
+    proofFormat: vmoProofFormat,
     fetchRemoteContexts: true,
   })
 
-  return CredentialMapper.toWrappedVerifiableCredential(verifiableCredential as OriginalVerifiableCredential).original
-}
-
-function getAssertedStatusListType(type?: StatusListType) {
-  const assertedType = type ?? StatusListType.StatusList2021
-  if (assertedType !== StatusListType.StatusList2021) {
-    throw Error(`StatusList type ${assertedType} is not supported (yet)`)
-  }
-  return assertedType
-}
-
-function getAssertedValue<T>(name: string, value: T): NonNullable<T> {
-  if (value === undefined || value === null) {
-    throw Error(`Missing required ${name} value`)
-  }
-  return value
-}
-
-function getAssertedValues(args: { issuer: string | IIssuer; id: string; type?: StatusListType }) {
-  const type = getAssertedStatusListType(args?.type)
-  const id = getAssertedValue('id', args.id)
-  const issuer = getAssertedValue('issuer', args.issuer)
-  return { id, issuer, type }
+  return CredentialMapper.toWrappedVerifiableCredential(verifiableCredential as StatusListCredential).original as StatusListCredential
 }

package/src/impl/IStatusList.ts

@@ -0,0 +1,36 @@
+import { IAgentContext, ICredentialPlugin } from '@veramo/core'
+import { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'
+import {
+  CheckStatusIndexArgs,
+  CreateStatusListArgs,
+  Status2021,
+  StatusListResult,
+  StatusOAuth,
+  UpdateStatusListFromEncodedListArgs,
+  UpdateStatusListIndexArgs,
+} from '../types'
+
+export interface IStatusList {
+  /**
+   * Creates a new status list of the specific type
+   */
+  createNewStatusList(args: CreateStatusListArgs, context: IAgentContext<ICredentialPlugin & IIdentifierResolution>): Promise<StatusListResult>
+
+  /**
+   * Updates a status at the given index in the status list
+   */
+  updateStatusListIndex(args: UpdateStatusListIndexArgs, context: IAgentContext<ICredentialPlugin & IIdentifierResolution>): Promise<StatusListResult>
+
+  /**
+   * Updates a status list using a base64 encoded list of statuses
+   */
+  updateStatusListFromEncodedList(
+    args: UpdateStatusListFromEncodedListArgs,
+    context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,
+  ): Promise<StatusListResult>
+
+  /**
+   * Checks the status at a given index in the status list
+   */
+  checkStatusIndex(args: CheckStatusIndexArgs): Promise<number | Status2021 | StatusOAuth>
+}

package/src/impl/OAuthStatusList.ts

@@ -0,0 +1,165 @@
+import { IAgentContext, ICredentialPlugin } from '@veramo/core'
+import { ProofFormat, StatusListType } from '@sphereon/ssi-types'
+import {
+  CheckStatusIndexArgs,
+  CreateStatusListArgs,
+  SignedStatusListData,
+  StatusListResult,
+  StatusOAuth,
+  UpdateStatusListFromEncodedListArgs,
+  UpdateStatusListIndexArgs,
+} from '../types'
+import { determineProofFormat, getAssertedValue, getAssertedValues } from '../utils'
+import { IStatusList } from './IStatusList'
+import { StatusList, StatusListJWTHeaderParameters } from '@sd-jwt/jwt-status-list'
+import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'
+import { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'
+import { createSignedJwt, decodeStatusListJWT } from './encoding/jwt'
+import { createSignedCbor, decodeStatusListCWT } from './encoding/cbor'
+
+type IRequiredContext = IAgentContext<ICredentialPlugin & IJwtService & IIdentifierResolution>
+
+export const BITS_PER_STATUS_DEFAULT = 2 // 2 bits are sufficient for 0x00 - "VALID"  0x01 - "INVALID" & 0x02 - "SUSPENDED"
+export const DEFAULT_LIST_LENGTH = 250000
+export const DEFAULT_PROOF_FORMAT = 'jwt' as ProofFormat
+export const STATUS_LIST_JWT_HEADER: StatusListJWTHeaderParameters = {
+  alg: 'EdDSA',
+  typ: 'statuslist+jwt',
+}
+
+export class OAuthStatusListImplementation implements IStatusList {
+  async createNewStatusList(args: CreateStatusListArgs, context: IRequiredContext): Promise<StatusListResult> {
+    if (!args.oauthStatusList) {
+      throw new Error('OAuthStatusList options are required for type OAuthStatusList')
+    }
+
+    const proofFormat = args?.proofFormat ?? DEFAULT_PROOF_FORMAT
+    const { issuer, id, keyRef } = args
+    const length = args.length ?? DEFAULT_LIST_LENGTH
+    const bitsPerStatus = args.oauthStatusList.bitsPerStatus ?? BITS_PER_STATUS_DEFAULT
+    const issuerString = typeof issuer === 'string' ? issuer : issuer.id
+    const correlationId = getAssertedValue('correlationId', args.correlationId)
+
+    const statusList = new StatusList(new Array(length).fill(0), bitsPerStatus)
+    const encodedList = statusList.compressStatusList()
+    const { statusListCredential } = await this.createSignedStatusList(proofFormat, context, statusList, issuerString, id, keyRef)
+
+    return {
+      encodedList,
+      statusListCredential,
+      oauthStatusList: { bitsPerStatus },
+      length,
+      type: StatusListType.OAuthStatusList,
+      proofFormat,
+      id,
+      correlationId,
+      issuer,
+    }
+  }
+
+  async updateStatusListIndex(args: UpdateStatusListIndexArgs, context: IRequiredContext): Promise<StatusListResult> {
+    const { statusListCredential, value, keyRef } = args
+    if (typeof statusListCredential !== 'string') {
+      return Promise.reject('statusListCredential in neither JWT nor CWT')
+    }
+
+    const proofFormat = determineProofFormat(statusListCredential)
+    const decoded = proofFormat === 'jwt' ? decodeStatusListJWT(statusListCredential) : decodeStatusListCWT(statusListCredential)
+    const { statusList, issuer, id } = decoded
+
+    const index = typeof args.statusListIndex === 'number' ? args.statusListIndex : parseInt(args.statusListIndex)
+    if (index < 0 || index >= statusList.statusList.length) {
+      throw new Error('Status list index out of bounds')
+    }
+
+    statusList.setStatus(index, value)
+    const { statusListCredential: signedCredential, encodedList } = await this.createSignedStatusList(
+      proofFormat,
+      context,
+      statusList,
+      issuer,
+      id,
+      keyRef,
+    )
+
+    return {
+      statusListCredential: signedCredential,
+      encodedList,
+      oauthStatusList: {
+        bitsPerStatus: statusList.getBitsPerStatus(),
+      },
+      length: statusList.statusList.length,
+      type: StatusListType.OAuthStatusList,
+      proofFormat,
+      id,
+      issuer,
+    }
+  }
+
+  async updateStatusListFromEncodedList(args: UpdateStatusListFromEncodedListArgs, context: IRequiredContext): Promise<StatusListResult> {
+    if (!args.oauthStatusList) {
+      throw new Error('OAuthStatusList options are required for type OAuthStatusList')
+    }
+
+    const proofFormat = args.proofFormat ?? DEFAULT_PROOF_FORMAT
+    const { issuer, id } = getAssertedValues(args)
+    const bitsPerStatus = args.oauthStatusList.bitsPerStatus ?? BITS_PER_STATUS_DEFAULT
+    const issuerString = typeof issuer === 'string' ? issuer : issuer.id
+
+    const listToUpdate = StatusList.decompressStatusList(args.encodedList, bitsPerStatus)
+    const index = typeof args.statusListIndex === 'number' ? args.statusListIndex : parseInt(args.statusListIndex)
+    listToUpdate.setStatus(index, args.value ? 1 : 0)
+
+    const { statusListCredential, encodedList } = await this.createSignedStatusList(proofFormat, context, listToUpdate, issuerString, id, args.keyRef)
+
+    return {
+      encodedList,
+      statusListCredential,
+      oauthStatusList: {
+        bitsPerStatus,
+      },
+      length: listToUpdate.statusList.length,
+      type: StatusListType.OAuthStatusList,
+      proofFormat,
+      id,
+      issuer,
+    }
+  }
+
+  async checkStatusIndex(args: CheckStatusIndexArgs): Promise<number | StatusOAuth> {
+    const { statusListCredential, statusListIndex } = args
+    if (typeof statusListCredential !== 'string') {
+      return Promise.reject('statusListCredential in neither JWT nor CWT')
+    }
+
+    const proofFormat = determineProofFormat(statusListCredential)
+    const { statusList } = proofFormat === 'jwt' ? decodeStatusListJWT(statusListCredential) : decodeStatusListCWT(statusListCredential)
+
+    const index = typeof statusListIndex === 'number' ? statusListIndex : parseInt(statusListIndex)
+    if (index < 0 || index >= statusList.statusList.length) {
+      throw new Error('Status list index out of bounds')
+    }
+
+    return statusList.getStatus(index)
+  }
+
+  private async createSignedStatusList(
+    proofFormat: 'jwt' | 'lds' | 'EthereumEip712Signature2021' | 'cbor',
+    context: IAgentContext<ICredentialPlugin & IJwtService & IIdentifierResolution>,
+    statusList: StatusList,
+    issuerString: string,
+    id: string,
+    keyRef?: string,
+  ): Promise<SignedStatusListData> {
+    switch (proofFormat) {
+      case 'jwt': {
+        return await createSignedJwt(context, statusList, issuerString, id, keyRef)
+      }
+      case 'cbor': {
+        return await createSignedCbor(context, statusList, issuerString, id, keyRef)
+      }
+      default:
+        throw new Error(`Invalid proof format '${proofFormat}' for OAuthStatusList`)
+    }
+  }
+}