add a status test

transmute-industries · Feb 5, 2024 · 43832e8 · 43832e8
1 parent 22e2dcc
commit 43832e8
Show file tree

Hide file tree

Showing 5 changed files with 136 additions and 13 deletions.
diff --git a/src/cr1/types.ts b/src/cr1/types.ts
@@ -194,3 +194,13 @@ export type CredentialSchema = {
   id: string
   type: 'JsonSchema'
 }
+
+export type CredentialStatus = {
+  id: string
+  type: 'BitstringStatusListEntry'
+  statusPurpose: 'revocation' | 'suspension'
+  statusListIndex: string
+  statusListCredential: string
+}
+
+
diff --git a/src/cr1/validator/index.ts b/src/cr1/validator/index.ts
@@ -1,17 +1,18 @@
 import Ajv from 'ajv'
 
-import { RequestValidator, SecuredContentType, CredentialSchema } from "../types"
+import { RequestValidator, SecuredContentType, CredentialSchema, CredentialStatus } from "../types"
 
 import { verifier } from "../verifier"
 
 import { decoder, encoder } from "../text"
 
+import { bs } from '../../cr1/status-list'
+
 const ajv = new Ajv({
   strict: false,
 })
 
 export const validator = ({ resolver }: RequestValidator) => {
-
   return {
     validate: async ({ type, content }: SecuredContentType) => {
       const verified = await verifier({ resolver }).verify({ type, content })
@@ -21,16 +22,16 @@ export const validator = ({ resolver }: RequestValidator) => {
         schema: {},
         status: {}
       }
-      const { credentialSchema } = verified
+      const { credentialSchema, credentialStatus } = verified
       if (credentialSchema) {
         const schemas = (Array.isArray(credentialSchema) ? verified.credentialSchema : [credentialSchema]) as CredentialSchema[]
         for (const schema of schemas) {
           if (schema.type === 'JsonSchema') {
-            const resolvedSchema = await resolver.resolve({
+            const credentialSchema = await resolver.resolve({
               type: 'application/schema+json',
               content: encoder.encode(schema.id)
             })
-            const schemaContent = decoder.decode(resolvedSchema.content)
+            const schemaContent = decoder.decode(credentialSchema.content)
             const parsedSchemaContent = JSON.parse(schemaContent)
             const compiledSchemaValidator = ajv.compile(parsedSchemaContent)
             const valid = compiledSchemaValidator(verified)
@@ -42,6 +43,21 @@ export const validator = ({ resolver }: RequestValidator) => {
           }
         }
       }
+      if (credentialStatus) {
+        const statuses = (Array.isArray(credentialStatus) ? verified.credentialStatus : [credentialStatus]) as CredentialStatus[]
+        for (const status of statuses) {
+          if (status.type === 'BitstringStatusListEntry') {
+            const statusListCredential = await resolver.resolve({
+              type: type, // we do not support mixed type credential and status lists!
+              content: encoder.encode(status.statusListCredential)
+            })
+            // TODO create type for bitstring status list instead of ANY here...
+            const verified = await verifier({ resolver }).verify<any>(statusListCredential)
+            const bit = bs(verified.credentialSubject.encodedList).get(parseInt(status.statusListIndex, 10))
+            validation.status[`${status.id}`] = { [`${status.statusPurpose}`]: bit, statusListCredential }
+          }
+        }
+      }
       return validation
     }
   }

diff --git a/src/cr1/verifier/verifier.ts b/src/cr1/verifier/verifier.ts
@@ -40,12 +40,12 @@ const verifyJwt = async ({ resolver }: RequestVerifier, { type, content, audienc
 }
 
 const verifyCoseSign1
-  = async ({ resolver }: RequestVerifier, { content, audience, nonce }: RequestVerify) => {
+  = async ({ resolver }: RequestVerifier, { type, content, audience, nonce }: RequestVerify) => {
     const verifier = cose.attached.verifier({
       resolver: {
         resolve: async () => {
           const key = await resolver.resolve({
-            type: 'application/vc+ld+json+sd-jwt',
+            type,
             content
           })
           return importJWK(key)
@@ -80,12 +80,12 @@ export const verifyUnsecuredPresentation = async ({ resolver }: RequestVerifier,
   return dataModel
 }
 
-const verifySdJwtCredential = async ({ resolver }: RequestVerifier, { content, audience, nonce }: RequestVerify) => {
+const verifySdJwtCredential = async ({ resolver }: RequestVerifier, { type, content, audience, nonce }: RequestVerify) => {
   const verifier = sd.verifier({
     resolver: {
       resolve: async () => {
         const key = await resolver.resolve({
-          type: 'application/vc+ld+json+sd-jwt',
+          type,
           content
         })
         return importJWK(key)
@@ -100,12 +100,12 @@ const verifySdJwtCredential = async ({ resolver }: RequestVerifier, { content, a
   return verified.claimset
 }
 
-const verifySdJwtPresentation = async ({ resolver }: RequestVerifier, { content, audience, nonce }: RequestVerify) => {
+const verifySdJwtPresentation = async ({ resolver }: RequestVerifier, { type, content, audience, nonce }: RequestVerify) => {
   const verifier = sd.verifier({
     resolver: {
       resolve: async () => {
         const key = await resolver.resolve({
-          type: 'application/vp+ld+json+sd-jwt',
+          type,
           content // same a token
         })
         return importJWK(key)

diff --git a/test/w3c-cr-1/3-schema.test.ts b/test/w3c-cr-1/3-schema.test.ts
@@ -31,7 +31,7 @@ describe('JSON Schema Validator for W3C Verifiable Credentials', () => {
       .validator({
         resolver: {
           resolve: async ({ type }) => {
-            if (type === 'application/vc+ld+json+sd-jwt') {
+            if (type === 'application/vc+ld+json+cose') {
               return {
                 type: privateKeyType,
                 content: publicKeyContent

diff --git a/test/w3c-cr-1/4-status.test.ts b/test/w3c-cr-1/4-status.test.ts
@@ -1 +1,98 @@
-it.todo('status tests')
+import fs from 'fs'
+import * as cose from '@transmute/cose'
+import * as transmute from '../../src'
+
+const privateKeyType = 'application/jwk+json'
+const privateKeyContent = fs.readFileSync('./src/cr1/__fixtures__/issuer-0-private-key.json')
+const publicKeyContent = fs.readFileSync('./src/cr1/__fixtures__/issuer-0-public-key.json')
+
+const coseSign1 = {
+  sign: async (bytes: Uint8Array) => {
+    const signer = cose.attached.signer({
+      remote: cose.crypto.signer({
+        secretKeyJwk: await transmute.key.importJWK({
+          type: privateKeyType,
+          content: privateKeyContent
+        })
+      })
+    })
+    const signature = await signer.sign({
+      protectedHeader: new Map([[1, -35]]),
+      unprotectedHeader: new Map(),
+      payload: bytes
+    })
+    return new Uint8Array(signature)
+  }
+}
+
+describe('Bitstring Status List Credential Validator for W3C Verifiable Credentials', () => {
+  it('single schema', async () => {
+    const validation = await transmute
+      .validator({
+        resolver: {
+          resolve: async ({ type, content }) => {
+            // it would be nice to be able to pass back a URL
+            // instead of content for some cases...
+            const statusList = transmute.text.decoder.decode(content)
+            if (statusList === 'https://example.com/credentials/status/3') {
+              return {
+                type: `application/vc+ld+json+cose`,
+                content: await transmute
+                  .issuer({
+                    alg: 'ES384',
+                    type: 'application/vc+ld+json+cose',
+                    signer: coseSign1
+                  })
+                  .issue({
+                    claimset: transmute.text.encoder.encode(
+                      await transmute.status.create({
+                        issuer: "https://issuer.example",
+                        "validFrom": "2021-04-05T14:27:40Z",
+                        "id": "https://example.com/status/3#list",
+                        "purpose": "revocation",
+                      })
+                    )
+                  })
+              }
+            }
+            // public key for credential with status 
+            if (type === 'application/vc+ld+json+cose') {
+              return {
+                type: privateKeyType,
+                content: publicKeyContent
+              }
+            }
+            throw new Error('Unsupported resolver content')
+          }
+        }
+      })
+      .validate({
+        type: 'application/vc+ld+json+cose',
+        content: await transmute
+          .issuer({
+            alg: 'ES384',
+            type: 'application/vc+ld+json+cose',
+            signer: coseSign1
+          })
+          .issue({
+            claimset: transmute.text.encoder.encode(`
+"@context":
+  - https://www.w3.org/ns/credentials/v2
+type:
+  - VerifiableCredential
+issuer: https://issuer.example
+credentialStatus:
+  - id: https://example.com/credentials/status/3#94567
+    type: BitstringStatusListEntry
+    statusPurpose: revocation
+    statusListIndex: "94567"
+    statusListCredential: "https://example.com/credentials/status/3"
+credentialSubject:
+  id: https://issuer.example/issuers/57
+          `)
+          }),
+      })
+    expect(validation.valid).toBe(true);
+    expect(validation.status['https://example.com/credentials/status/3#94567'].revocation).toBe(false);
+  })
+})