feat: implemented cwt status list

src/credential-status/index.ts

@@ -0,0 +1,3 @@
+export * from './status-array'
+export * from './status-list'
+export * from './status-token'

src/credential-status/status-array.ts

@@ -0,0 +1,58 @@
+import * as zlib from "zlib";
+
+const allowedBitsPerEntry = [1, 2, 4, 8] as const
+type AllowedBitsPerEntry = typeof allowedBitsPerEntry[number]
+
+export class StatusArray {
+    private readonly bitsPerEntry: 1 | 2 | 4 | 8;
+    private readonly statusBitMask: number;
+    private readonly data: Uint8Array;
+
+    constructor(bitsPerEntry: AllowedBitsPerEntry, totalEntries: number) {
+        if (!allowedBitsPerEntry.includes(bitsPerEntry)) {
+            throw new Error("Only 1, 2, 4, or 8 bits per entry are allowed.");
+        }
+
+        this.bitsPerEntry = bitsPerEntry;
+        this.statusBitMask = (1 << bitsPerEntry) - 1;
+
+        const totalBits = totalEntries * bitsPerEntry;
+        const byteSize = Math.ceil(totalBits / 8);
+        this.data = new Uint8Array(byteSize);
+    }
+
+    private computeByteAndOffset(index: number): [number, number] {
+        const byteIndex = Math.floor((index * this.bitsPerEntry) / 8);
+        const bitOffset = (index * this.bitsPerEntry) % 8;
+
+        return [byteIndex, bitOffset];
+    }
+
+    getBitsPerEntry(): 1 | 2 | 4 | 8 {
+        return this.bitsPerEntry;
+    }
+
+    set(index: number, status: number): void {
+        if (status < 0 || status > this.statusBitMask) {
+            throw new Error(`Invalid status: ${status}. Must be between 0 and ${this.statusBitMask}.`);
+        }
+
+        const [byteIndex, bitOffset] = this.computeByteAndOffset(index);
+
+        // Clear current bits
+        this.data[byteIndex] &= ~(this.statusBitMask << bitOffset);
+
+        // Set new status bits
+        this.data[byteIndex] |= (status & this.statusBitMask) << bitOffset;
+    }
+
+    get(index: number): number {
+        const [byteIndex, bitOffset] = this.computeByteAndOffset(index);
+
+        return (this.data[byteIndex] >> bitOffset) & this.statusBitMask;
+    }
+
+    compress(): Uint8Array {
+        return zlib.deflateSync(this.data, { level: zlib.constants.Z_BEST_COMPRESSION });
+    }
+}

src/credential-status/status-list.ts

@@ -0,0 +1,23 @@
+import { StatusArray } from "./status-array";
+import { cborEncode } from "../cbor";
+
+interface CborStatusListOptions {
+    statusArray: StatusArray;
+    aggregationUri?: string;
+}
+
+export class StatusList {
+    static buildCborStatusList(options: CborStatusListOptions): Uint8Array {
+        const compressed = options.statusArray.compress();
+
+        const statusList: Record<string, any> = {
+            bits: options.statusArray.getBitsPerEntry(),
+            lst: compressed,
+        };
+
+        if (options.aggregationUri) {
+            statusList.aggregation_uri = options.aggregationUri;
+        }
+        return cborEncode(statusList);
+    }
+}

src/credential-status/status-token.ts

@@ -0,0 +1,38 @@
+import { StatusArray } from "./status-array";
+import { StatusList } from "./status-list";
+import { cborEncode } from "../cbor";
+import { CoseKey } from "../cose";
+import { CWT } from "../cwt";
+
+interface CWTStatusTokenOptions {
+    statusArray: StatusArray;
+    aggregationUri?: string;
+    type: 'sign1' | 'mac0';
+    key: CoseKey;
+}
+
+enum CWTProtectedHeaders {
+    TYPE = 16
+}
+enum CWTClaims {
+    STATUS_LIST_URI = 2,
+    ISSUED_AT = 6,
+    STATUS_LIST = 65533
+}
+
+export class CWTStatusToken {
+    static async build(options: CWTStatusTokenOptions): Promise<Uint8Array> {
+        const cwt = new CWT()
+        cwt.setHeaders({
+            protected: {
+                [CWTProtectedHeaders.TYPE]: 'application/statuslist+cwt',
+            }
+        });
+        cwt.setClaims({
+            [CWTClaims.STATUS_LIST_URI]: 'https://example.com/statuslist', // Where the status list is going to be hosted
+            [CWTClaims.ISSUED_AT]: Math.floor(Date.now() / 1000),
+            [CWTClaims.STATUS_LIST]: StatusList.buildCborStatusList({ statusArray: options.statusArray, aggregationUri: options.aggregationUri }),
+        });
+        return cborEncode(await cwt.create({ type: options.type, key: options.key }))
+    }
+}

src/cwt/index.ts

@@ -0,0 +1,58 @@
+import { CoseKey, Mac0, Mac0Options, Mac0Structure, Sign1, Sign1Options, Sign1Structure } from '../cose';
+import { mdocContext } from '../../tests/context';
+import { cborEncode } from '../cbor';
+
+type Header = {
+    protected?: Record<string, any>;
+    unprotected?: Record<string, any>;
+};
+
+type CWTOptions = {
+    type: 'sign1' | 'mac0' | 'encrypt0';
+    key: CoseKey;
+};
+
+export class CWT {
+    private claimsSet: Record<string, any> = {};
+    private headers: Header = {};
+
+    setClaims(claims: Record<string, any>): void {
+        this.claimsSet = claims;
+    }
+
+    setHeaders(headers: Header): void {
+        this.headers = headers;
+    }
+
+    async create({ type, key }: CWTOptions): Promise<Sign1Structure | Mac0Structure> {
+        switch (type) {
+            case 'sign1':
+                const sign1Options: Sign1Options = {
+                    protectedHeaders: this.headers.protected ? cborEncode(this.headers.protected) : undefined,
+                    unprotectedHeaders: this.headers.unprotected ? new Map(Object.entries(this.headers.unprotected)) : undefined,
+                    payload: this.claimsSet ? cborEncode(this.claimsSet) : null, // Need to encode this to binary format
+                };
+
+                const sign1 = new Sign1(sign1Options);
+                await sign1.addSignature({ signingKey: key }, { cose: mdocContext.cose });
+                return sign1.encodedStructure()
+            case 'mac0':
+                if (!this.headers.protected || !this.headers.unprotected) {
+                    throw new Error('Protected and unprotected headers must be defined for MAC0');
+                }
+                const mac0Options: Mac0Options = {
+                    protectedHeaders: this.headers.protected ? cborEncode(this.headers.protected) : undefined,
+                    unprotectedHeaders: this.headers.unprotected ? new Map(Object.entries(this.headers.unprotected)) : undefined,
+                    payload: this.claimsSet ? cborEncode(this.claimsSet) : null, // Need to encode this to binary format
+                };
+
+                const mac0 = new Mac0(mac0Options);
+            // await mac0.addTag({ privateKey: key, ephemeralKey: key, sessionTranscript: new SessionTranscript({ handover: new QrHandover() }) }, mdocContext);
+            // return mac0.encodedStructure();
+            case 'encrypt0':
+                throw new Error('Encrypt0 is not yet implemented');
+            default:
+                throw new Error('Unsupported CWT type');
+        }
+    }
+}

src/index.ts

@@ -6,6 +6,9 @@ export * from './mdoc'
 export * from './cose'
 export * from './utils'
 
+export * from './cwt'
+export * from './credential-status'
+
 export * from './holder'
 export * from './verifier'
 export * from './issuer'

tests/credential-status/cred-status.test.ts

@@ -0,0 +1,17 @@
+import { describe, expect, test } from 'vitest'
+import { CoseKey, CWTStatusToken, StatusArray } from '../../src'
+import { ISSUER_PRIVATE_KEY_JWK } from '../issuing/config';
+
+describe('status-array', () => {
+    test('should create a status array and set/get values', async () => {
+        const statusArray = new StatusArray(2, 10);
+
+        statusArray.set(0, 2);
+        statusArray.set(1, 3);
+        expect(statusArray.get(0)).toBe(2);
+        expect(statusArray.get(1)).toBe(3);
+
+        // Will remove it before merging
+        console.log(await CWTStatusToken.build({ statusArray, type: 'sign1', key: CoseKey.fromJwk(ISSUER_PRIVATE_KEY_JWK) }));
+    })
+})