@sphereon/ssi-sdk.vc-status-list 0.32.1-next.54 → 0.33.1-feature.jose.vcdm.55

package/src/impl/encoding/cbor.ts

@@ -0,0 +1,177 @@
+import type { BitsPerStatus } from '@sd-jwt/jwt-status-list'
+import { StatusList } from '@sd-jwt/jwt-status-list'
+import { deflate, inflate } from 'pako'
+import pkg from '@sphereon/kmp-mdoc-core';
+const { com, kotlin } = pkg;
+import base64url from 'base64url'
+import type { IRequiredContext, SignedStatusListData } from '../../types'
+import { type DecodedStatusListPayload, resolveIdentifier } from './common'
+
+export type IKey = pkg.com.sphereon.crypto.IKey
+export type CborItem<T> = pkg.com.sphereon.cbor.CborItem<T>
+export const CborByteString = com.sphereon.cbor.CborByteString
+export type CborByteStringType = pkg.com.sphereon.cbor.CborByteString
+export const CborUInt = com.sphereon.cbor.CborUInt
+export type CborUIntType = pkg.com.sphereon.cbor.CborUInt
+export const CborString = com.sphereon.cbor.CborString
+export type CborStringType = pkg.com.sphereon.cbor.CborString
+
+// const cbor = cborpkg.com.sphereon.cbor
+// const kmp = cborpkg.com.sphereon.kmp
+// const kotlin = cborpkg.kotlin
+const decompressRawStatusList = (StatusList as any).decodeStatusList.bind(StatusList)
+
+const CWT_CLAIMS = {
+  SUBJECT: 2,
+  ISSUER: 1,
+  ISSUED_AT: 6,
+  EXPIRATION: 4,
+  TIME_TO_LIVE: 65534,
+  STATUS_LIST: 65533,
+} as const
+
+export const createSignedCbor = async (
+  context: IRequiredContext,
+  statusList: StatusList,
+  issuerString: string,
+  id: string,
+  expiresAt?: Date,
+  keyRef?: string,
+): Promise<SignedStatusListData> => {
+  const identifier = await resolveIdentifier(context, issuerString, keyRef)
+
+  const encodeStatusList = statusList.encodeStatusList()
+  const compressedList = deflate(encodeStatusList, { level: 9 })
+  const compressedBytes = new Int8Array(compressedList)
+
+  const statusListMap = new com.sphereon.cbor.CborMap(
+    kotlin.collections.KtMutableMap.fromJsMap(
+      new Map<CborStringType, CborItem<any>>([
+        [
+          new com.sphereon.cbor.CborString('bits'),
+          new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(statusList.getBitsPerStatus())),
+        ],
+        [new com.sphereon.cbor.CborString('lst'), new com.sphereon.cbor.CborByteString(compressedBytes)],
+      ]),
+    ),
+  )
+
+  const protectedHeader = new com.sphereon.cbor.CborMap(
+    kotlin.collections.KtMutableMap.fromJsMap(
+      new Map([[new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(16)), new com.sphereon.cbor.CborString('statuslist+cwt')]]), // "type"
+    ),
+  )
+  const protectedHeaderEncoded = com.sphereon.cbor.Cbor.encode(protectedHeader)
+  const claimsMap = buildClaimsMap(id, issuerString, statusListMap, expiresAt)
+  const claimsEncoded: Int8Array = com.sphereon.cbor.Cbor.encode(claimsMap)
+
+  const signedCWT: string = await context.agent.keyManagerSign({
+    keyRef: identifier.kmsKeyRef,
+    data: base64url.encode(Buffer.from(claimsEncoded)), // TODO test on RN
+    encoding: undefined,
+  })
+
+  const protectedHeaderEncodedInt8 = new Int8Array(protectedHeaderEncoded)
+  const claimsEncodedInt8 = new Int8Array(claimsEncoded)
+  const signatureBytes = base64url.decode(signedCWT)
+  const signatureInt8 = new Int8Array(Buffer.from(signatureBytes))
+
+  const cwtArrayElements: Array<CborItem<any>> = [
+    new CborByteString(protectedHeaderEncodedInt8),
+    new CborByteString(claimsEncodedInt8),
+    new CborByteString(signatureInt8),
+  ]
+  const cwtArray = new com.sphereon.cbor.CborArray(kotlin.collections.KtMutableList.fromJsArray(cwtArrayElements))
+  const cwtEncoded = com.sphereon.cbor.Cbor.encode(cwtArray)
+  const cwtBuffer = Buffer.from(cwtEncoded)
+  return {
+    statusListCredential: base64url.encode(cwtBuffer),
+    encodedList: base64url.encode(compressedList as Buffer), // JS in @sd-jwt/jwt-status-list drops it in like this, so keep the same method
+  }
+}
+
+function buildClaimsMap(id: string, issuerString: string, statusListMap: pkg.com.sphereon.cbor.CborMap<CborStringType, CborItem<any>>, expiresAt?: Date) {
+  const ttl = 65535 // FIXME figure out what value should be / come from and what the difference is with exp
+  const claimsEntries: Array<[CborUIntType, CborItem<any>]> = [
+    [new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.SUBJECT)), new com.sphereon.cbor.CborString(id)], // "sub"
+    [new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.ISSUER)), new com.sphereon.cbor.CborString(issuerString)], // "iss"
+    [
+      new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.ISSUED_AT)),
+      new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(Math.floor(Date.now() / 1000))), // "iat"
+    ],
+  ]
+
+  if (expiresAt) {
+    claimsEntries.push([
+      new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.EXPIRATION)),
+      new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(Math.floor(expiresAt.getTime() / 1000))), // "exp"
+    ])
+  }
+
+  if (ttl) {
+    claimsEntries.push([
+      new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.TIME_TO_LIVE)),
+      new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(ttl)), // "time to live"
+    ])
+  }
+
+  claimsEntries.push([new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.STATUS_LIST)), statusListMap])
+
+  const claimsMap = new com.sphereon.cbor.CborMap(kotlin.collections.KtMutableMap.fromJsMap(new Map(claimsEntries)))
+  return claimsMap
+}
+
+const getCborValueFromMap = <T>(map: Map<CborItem<any>, CborItem<any>>, key: number): T => {
+  const value = getCborOptionalValueFromMap<T>(map, key)
+  if (value === undefined) {
+    throw new Error(`Required claim ${key} not found`)
+  }
+  return value
+}
+
+const getCborOptionalValueFromMap = <T>(map: Map<CborItem<any>, CborItem<any>>, key: number): T | undefined | never => {
+  const value = map.get(new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(key)))
+  if (!value) {
+    return undefined
+  }
+  return value.value as T
+}
+
+export const decodeStatusListCWT = (cwt: string): DecodedStatusListPayload => {
+  const encodedCbor = base64url.toBuffer(cwt)
+  const encodedCborArray = new Int8Array(encodedCbor)
+  const decodedCbor = com.sphereon.cbor.Cbor.decode(encodedCborArray)
+
+  if (!(decodedCbor instanceof com.sphereon.cbor.CborArray)) {
+    throw new Error('Invalid CWT format: Expected a CBOR array')
+  }
+
+  const [, payload] = decodedCbor.value.asJsArrayView()
+  if (!(payload instanceof com.sphereon.cbor.CborByteString)) {
+    throw new Error('Invalid payload format: Expected a CBOR ByteString')
+  }
+
+  const claims = com.sphereon.cbor.Cbor.decode(payload.value)
+  if (!(claims instanceof com.sphereon.cbor.CborMap)) {
+    throw new Error('Invalid claims format: Expected a CBOR map')
+  }
+
+  const claimsMap = claims.value.asJsMapView()
+
+  const statusListMap = claimsMap.get(new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(65533))).value.asJsMapView()
+
+  const bits = Number(statusListMap.get(new CborString('bits')).value) as BitsPerStatus
+  const decoded = new Uint8Array(statusListMap.get(new CborString('lst')).value)
+  const uint8Array = inflate(decoded)
+  const rawStatusList = decompressRawStatusList(uint8Array, bits)
+  const statusList = new StatusList(rawStatusList, bits)
+
+  return {
+    issuer: getCborValueFromMap<string>(claimsMap, CWT_CLAIMS.ISSUER),
+    id: getCborValueFromMap<string>(claimsMap, CWT_CLAIMS.SUBJECT),
+    statusList,
+    iat: Number(getCborValueFromMap<number>(claimsMap, CWT_CLAIMS.ISSUED_AT)),
+    exp: getCborOptionalValueFromMap<number>(claimsMap, CWT_CLAIMS.EXPIRATION),
+    ttl: getCborOptionalValueFromMap<number>(claimsMap, CWT_CLAIMS.TIME_TO_LIVE),
+  }
+}

package/src/impl/encoding/common.ts

@@ -0,0 +1,20 @@
+import type { IRequiredContext } from '../../types'
+import { StatusList } from '@sd-jwt/jwt-status-list'
+
+export interface DecodedStatusListPayload {
+  issuer: string
+  id: string
+  statusList: StatusList
+  exp?: number
+  ttl?: number
+  iat: number
+}
+
+export const resolveIdentifier = async (context: IRequiredContext, issuer: string, keyRef?: string) => {
+  return await context.agent.identifierManagedGet({
+    identifier: issuer,
+    vmRelationship: 'assertionMethod',
+    offlineWhenNoDIDRegistered: true,
+    ...(keyRef && { kmsKeyRef: keyRef }), // TODO the getDid resolver should look at this ASAP
+  })
+}

package/src/impl/encoding/jwt.ts

@@ -0,0 +1,80 @@
+import { type CompactJWT, JoseSignatureAlgorithm } from '@sphereon/ssi-types'
+import { createHeaderAndPayload, StatusList, type StatusListJWTHeaderParameters, type StatusListJWTPayload } from '@sd-jwt/jwt-status-list'
+import base64url from 'base64url'
+import type { JWTPayload } from 'did-jwt'
+import type { IRequiredContext, SignedStatusListData } from '../../types'
+import { type DecodedStatusListPayload, resolveIdentifier } from './common'
+import type { TKeyType } from '@veramo/core'
+import { ensureManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
+
+const STATUS_LIST_JWT_TYP = 'statuslist+jwt'
+
+export const createSignedJwt = async (
+  context: IRequiredContext,
+  statusList: StatusList,
+  issuerString: string,
+  id: string,
+  expiresAt?: Date,
+  keyRef?: string,
+): Promise<SignedStatusListData> => {
+  const identifier = await resolveIdentifier(context, issuerString, keyRef)
+  const resolution = await ensureManagedIdentifierResult(identifier, context)
+
+  const payload: JWTPayload = {
+    iss: issuerString,
+    sub: id,
+    iat: Math.floor(Date.now() / 1000),
+    ...(expiresAt && { exp: Math.floor(expiresAt.getTime() / 1000) }),
+  }
+
+  const header: StatusListJWTHeaderParameters = {
+    alg: getSigningAlgo(resolution.key.type),
+    typ: STATUS_LIST_JWT_TYP,
+  }
+  const values = createHeaderAndPayload(statusList, payload, header)
+  const signedJwt = await context.agent.jwtCreateJwsCompactSignature({
+    issuer: { ...identifier, noIssPayloadUpdate: false },
+    protectedHeader: values.header,
+    payload: values.payload,
+  })
+
+  return {
+    statusListCredential: signedJwt.jwt,
+    encodedList: (values.payload as StatusListJWTPayload).status_list.lst,
+  }
+}
+
+export const decodeStatusListJWT = (jwt: CompactJWT): DecodedStatusListPayload => {
+  const [, payloadBase64] = jwt.split('.')
+  const payload = JSON.parse(base64url.decode(payloadBase64))
+
+  if (!payload.iss || !payload.sub || !payload.status_list) {
+    throw new Error('Missing required fields in JWT payload')
+  }
+
+  const statusList = StatusList.decompressStatusList(payload.status_list.lst, payload.status_list.bits)
+
+  return {
+    issuer: payload.iss,
+    id: payload.sub,
+    statusList,
+    exp: payload.exp,
+    ttl: payload.ttl,
+    iat: payload.iat,
+  }
+}
+
+export const getSigningAlgo = (type: TKeyType): JoseSignatureAlgorithm => {
+  switch (type) {
+    case 'Ed25519':
+      return JoseSignatureAlgorithm.EdDSA
+    case 'Secp256k1':
+      return JoseSignatureAlgorithm.ES256K
+    case 'Secp256r1':
+      return JoseSignatureAlgorithm.ES256
+    case 'RSA':
+      return JoseSignatureAlgorithm.RS256
+    default:
+      throw Error('Key type not yet supported')
+  }
+}

package/src/types/index.ts

@@ -1,75 +1,123 @@
-import { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'
+import type { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'
 import {
-  ICredential,
-  ICredentialStatus,
-  IIssuer,
-  IVerifiableCredential,
-  OriginalVerifiableCredential,
-  OrPromise,
+  type ICredential,
+  type ICredentialStatus,
+  type IIssuer,
+  type IVerifiableCredential,
+  type OrPromise,
+  type CredentialProofFormat,
+  type StatusListCredential,
   StatusListCredentialIdMode,
   StatusListDriverType,
-  StatusListIndexingDirection,
+  type StatusListIndexingDirection,
   StatusListType,
-  StatusPurpose2021,
+  type StatusPurpose2021,
 } from '@sphereon/ssi-types'
-import {
+import type {
   CredentialPayload,
   IAgentContext,
   ICredentialIssuer,
   ICredentialPlugin,
   ICredentialVerifier,
+  IKeyManager,
   IPluginMethodMap,
-  ProofFormat,
 } from '@veramo/core'
 import { DataSource } from 'typeorm'
+import type { BitsPerStatus } from '@sd-jwt/jwt-status-list'
+import type { SdJwtVcPayload } from '@sd-jwt/sd-jwt-vc'
+import type { StatusListOpts } from '@sphereon/oid4vci-common'
 
-export interface CreateNewStatusListFuncArgs extends Omit<StatusList2021ToVerifiableCredentialArgs, 'encodedList'> {
-  correlationId: string
-  length?: number
+export enum StatusOAuth {
+  Valid = 0,
+  Invalid = 1,
+  Suspended = 2,
 }
 
-export interface UpdateStatusListFromEncodedListArgs extends StatusList2021ToVerifiableCredentialArgs {
-  statusListIndex: number | string
-  value: boolean
+export enum Status2021 {
+  Valid = 0,
+  Invalid = 1,
 }
 
-export interface UpdateStatusListFromStatusListCredentialArgs {
-  statusListCredential: OriginalVerifiableCredential
-  keyRef?: string
-  statusListIndex: number | string
-  value: boolean
+export type StatusList2021Args = {
+  indexingDirection: StatusListIndexingDirection
+  statusPurpose?: StatusPurpose2021
+  // todo: validFrom and validUntil
 }
 
-export interface StatusList2021ToVerifiableCredentialArgs {
-  issuer: string | IIssuer
+export type OAuthStatusListArgs = {
+  bitsPerStatus?: BitsPerStatus
+  expiresAt?: Date
+}
+
+export type BaseCreateNewStatusListArgs = {
+  type: StatusListType
   id: string
-  type?: StatusListType
+  issuer: string | IIssuer
+  correlationId?: string
+  length?: number
+  proofFormat?: CredentialProofFormat
+  keyRef?: string
+  statusList2021?: StatusList2021Args
+  oauthStatusList?: OAuthStatusListArgs
+  driverType?: StatusListDriverType
+}
+
+export type UpdateStatusList2021Args = {
   statusPurpose: StatusPurpose2021
-  encodedList: string
-  proofFormat?: ProofFormat
+}
+
+export type UpdateOAuthStatusListArgs = {
+  bitsPerStatus: BitsPerStatus
+  expiresAt?: Date
+}
+
+export interface UpdateStatusListFromEncodedListArgs {
+  type?: StatusListType
+  statusListIndex: number | string
+  value: boolean
+  proofFormat?: CredentialProofFormat
   keyRef?: string
+  correlationId?: string
+  encodedList: string
+  issuer: string | IIssuer
+  id: string
+  statusList2021?: UpdateStatusList2021Args
+  oauthStatusList?: UpdateOAuthStatusListArgs
+}
 
-  // todo: validFrom and validUntil
+export interface UpdateStatusListFromStatusListCredentialArgs {
+  statusListCredential: StatusListCredential // | CompactJWT
+  keyRef?: string
+  statusListIndex: number | string
+  value: number | Status2021 | StatusOAuth
 }
 
-export interface StatusListDetails {
+export interface StatusListResult {
   encodedList: string
+  statusListCredential: StatusListCredential
   length: number
   type: StatusListType
-  proofFormat: ProofFormat
-  statusPurpose: StatusPurpose2021
+  proofFormat: CredentialProofFormat
   id: string
+  statuslistContentType: string
   issuer: string | IIssuer
-  indexingDirection: StatusListIndexingDirection
-  statusListCredential: OriginalVerifiableCredential
+  statusList2021?: StatusList2021Details
+  oauthStatusList?: OAuthStatusDetails
+
   // These cannot be deduced from the VC, so they are present when callers pass in these values as params
   correlationId?: string
   driverType?: StatusListDriverType
   credentialIdMode?: StatusListCredentialIdMode
 }
 
-export interface StatusListResult extends StatusListDetails {
-  statusListCredential: OriginalVerifiableCredential
+interface StatusList2021Details {
+  indexingDirection: StatusListIndexingDirection
+  statusPurpose?: StatusPurpose2021
+}
+
+interface OAuthStatusDetails {
+  bitsPerStatus?: BitsPerStatus
+  expiresAt?: Date
 }
 
 export interface StatusList2021EntryCredentialStatus extends ICredentialStatus {
@@ -79,6 +127,54 @@ export interface StatusList2021EntryCredentialStatus extends ICredentialStatus {
   statusListCredential: string
 }
 
+export interface StatusListOAuthEntryCredentialStatus extends ICredentialStatus {
+  type: 'OAuthStatusListEntry'
+  bitsPerStatus: number
+  statusListIndex: string
+  statusListCredential: string
+  expiresAt?: Date
+}
+
+export interface StatusList2021ToVerifiableCredentialArgs {
+  issuer: string | IIssuer
+  id: string
+  type?: StatusListType
+  proofFormat?: CredentialProofFormat
+  keyRef?: string
+  encodedList: string
+  statusPurpose: StatusPurpose2021
+}
+
+export interface CreateStatusListArgs {
+  issuer: string | IIssuer
+  id: string
+  proofFormat?: CredentialProofFormat
+  keyRef?: string
+  correlationId?: string
+  length?: number
+  statusList2021?: StatusList2021Args
+  oauthStatusList?: OAuthStatusListArgs
+}
+
+export interface UpdateStatusListIndexArgs {
+  statusListCredential: StatusListCredential // | CompactJWT
+  statusListIndex: number | string
+  value: number | Status2021 | StatusOAuth
+  keyRef?: string
+  expiresAt?: Date
+}
+
+export interface CheckStatusIndexArgs {
+  statusListCredential: StatusListCredential // | CompactJWT
+  statusListIndex: string | number
+}
+
+export interface ToStatusListDetailsArgs {
+  statusListPayload: StatusListCredential
+  correlationId?: string
+  driverType?: StatusListDriverType
+}
+
 /**
  * The interface definition for a plugin that can add statuslist info to a credential
  *
@@ -95,7 +191,7 @@ export interface IStatusListPlugin extends IPluginMethodMap {
    *
    * @returns - The details of the newly created status list
    */
-  slCreateStatusList(args: CreateNewStatusListArgs, context: IRequiredContext): Promise<StatusListDetails>
+  slCreateStatusList(args: CreateNewStatusListArgs, context: IRequiredContext): Promise<StatusListResult>
 
   /**
    * Ensures status list info like index and list id is added to a credential
@@ -109,25 +205,44 @@ export interface IStatusListPlugin extends IPluginMethodMap {
    */
   slAddStatusToCredential(args: IAddStatusToCredentialArgs, context: IRequiredContext): Promise<CredentialWithStatusSupport>
 
+  slAddStatusToSdJwtCredential(args: IAddStatusToSdJwtCredentialArgs, context: IRequiredContext): Promise<SdJwtVcPayload>
+
   /**
    * Get the status list using the configured driver for the SL. Normally a correlationId or id should suffice. Optionally accepts a dbName/datasource
    * @param args
    * @param context
    */
-  slGetStatusList(args: GetStatusListArgs, context: IRequiredContext): Promise<StatusListDetails>
+  slGetStatusList(args: GetStatusListArgs, context: IRequiredContext): Promise<StatusListResult>
+
+  /**
+   * Import status lists when noy yet present
+   *
+   * @param imports Array of status list information like type and size
+   * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+   */
+  slImportStatusLists(imports: Array<CreateNewStatusListArgs>, context: IRequiredContext): Promise<boolean>
+}
+
+export type CreateNewStatusListFuncArgs = BaseCreateNewStatusListArgs
+
+export type CreateNewStatusListArgs = BaseCreateNewStatusListArgs & {
+  dbName?: string
+  dataSource?: OrPromise<DataSource>
+  isDefault?: boolean
 }
 
 export type IAddStatusToCredentialArgs = Omit<IIssueCredentialStatusOpts, 'dataSource'> & {
   credential: CredentialWithStatusSupport
 }
 
+export type IAddStatusToSdJwtCredentialArgs = Omit<IIssueCredentialStatusOpts, 'dataSource'> & {
+  credential: SdJwtVcPayload
+}
+
 export interface IIssueCredentialStatusOpts {
   dataSource?: DataSource
-
+  statusLists?: Array<StatusListOpts>
   credentialId?: string // An id to use for the credential. Normally should be set as the crdential.id value
-  statusListId?: string // Explicit status list to use. Determines the id from the credentialStatus object in the VC itself or uses the default otherwise
-  statusListIndex?: number | string
-  statusEntryCorrelationId?: string // An id to use for correlation. Can be the credential id, but also a business identifier. Will only be used for lookups/management
   value?: string
 }
 
@@ -138,13 +253,12 @@ export type GetStatusListArgs = {
   dbName?: string
 }
 
-export type CreateNewStatusListArgs = CreateNewStatusListFuncArgs & {
-  dataSource?: OrPromise<DataSource>
-  dbName?: string
-  isDefault?: boolean
-}
-
 export type CredentialWithStatusSupport = ICredential | CredentialPayload | IVerifiableCredential
 
+export type SignedStatusListData = {
+  statusListCredential: StatusListCredential
+  encodedList: string
+}
+
 export type IRequiredPlugins = ICredentialPlugin & IIdentifierResolution
-export type IRequiredContext = IAgentContext<ICredentialIssuer & ICredentialVerifier & IIdentifierResolution>
+export type IRequiredContext = IAgentContext<ICredentialIssuer & ICredentialVerifier & IIdentifierResolution & IKeyManager & ICredentialPlugin>

package/src/utils.ts

@@ -0,0 +1,95 @@
+import {
+  CredentialMapper,
+  type IIssuer,
+  type CredentialProofFormat,
+  StatusListType,
+  StatusListType as StatusListTypeW3C,
+  type StatusListCredential,
+  DocumentFormat,
+} from '@sphereon/ssi-types'
+import { jwtDecode } from 'jwt-decode'
+
+export function getAssertedStatusListType(type?: StatusListType) {
+  const assertedType = type ?? StatusListType.StatusList2021
+  if (![StatusListType.StatusList2021, StatusListType.OAuthStatusList].includes(assertedType)) {
+    throw Error(`StatusList type ${assertedType} is not supported (yet)`)
+  }
+  return assertedType
+}
+
+export function getAssertedValue<T>(name: string, value: T): NonNullable<T> {
+  if (value === undefined || value === null) {
+    throw Error(`Missing required ${name} value`)
+  }
+  return value
+}
+
+export function getAssertedValues(args: { issuer: string | IIssuer; id: string; type?: StatusListTypeW3C | StatusListType }) {
+  const type = getAssertedStatusListType(args?.type)
+  const id = getAssertedValue('id', args.id)
+  const issuer = getAssertedValue('issuer', args.issuer)
+  return { id, issuer, type }
+}
+
+export function getAssertedProperty<T extends object>(propertyName: string, obj: T): NonNullable<any> {
+  if (!(propertyName in obj)) {
+    throw Error(`The input object does not contain required property: ${propertyName}`)
+  }
+  return getAssertedValue(propertyName, (obj as any)[propertyName])
+}
+
+const ValidProofTypeMap = new Map<StatusListType, CredentialProofFormat[]>([
+  [StatusListType.StatusList2021, ['jwt', 'lds', 'EthereumEip712Signature2021']],
+  [StatusListType.OAuthStatusList, ['jwt', 'cbor']],
+])
+
+export function assertValidProofType(type: StatusListType, proofFormat: CredentialProofFormat) {
+  const validProofTypes = ValidProofTypeMap.get(type)
+  if (!validProofTypes?.includes(proofFormat)) {
+    throw Error(`Invalid proof format '${proofFormat}' for status list type ${type}`)
+  }
+}
+
+export function determineStatusListType(credential: StatusListCredential): StatusListType {
+  const proofFormat = determineProofFormat(credential)
+  switch (proofFormat) {
+    case 'jwt':
+      const payload: StatusListCredential = jwtDecode(credential as string)
+      const keys = Object.keys(payload)
+      if (keys.includes('status_list')) {
+        return StatusListType.OAuthStatusList
+      } else if (keys.includes('vc')) {
+        return StatusListType.StatusList2021
+      }
+      break
+    case 'lds':
+      const uniform = CredentialMapper.toUniformCredential(credential)
+      const type = uniform.type.find((t) => {
+        return Object.values(StatusListType).some((statusType) => t.includes(statusType))
+      })
+      if (!type) {
+        throw new Error('Invalid status list credential type')
+      }
+      return type.replace('Credential', '') as StatusListType
+
+    case 'cbor':
+      return StatusListType.OAuthStatusList
+  }
+
+  throw new Error('Cannot determine status list type from credential payload')
+}
+
+export function determineProofFormat(credential: StatusListCredential): CredentialProofFormat {
+  const type: DocumentFormat = CredentialMapper.detectDocumentType(credential)
+  switch (type) {
+    case DocumentFormat.JWT:
+      return 'jwt'
+    case DocumentFormat.MSO_MDOC:
+      // Not really mdoc, just assume Cbor for now, I'd need to decode at least the header to what type of Cbor we have
+      return 'cbor'
+    case DocumentFormat.JSONLD:
+      return 'lds'
+    default:
+      throw Error('Cannot determine credential payload type')
+  }
+}