@sphereon/ssi-sdk.vc-status-list
Version:
Sphereon SSI-SDK plugin for Status List management, like StatusList2021.
1 lines • 80.3 kB
Source Map (JSON)
{"version":3,"sources":["../src/index.ts","../src/types/index.ts","../src/functions.ts","../src/utils.ts","../src/impl/StatusList2021.ts","../src/impl/OAuthStatusList.ts","../src/impl/encoding/jwt.ts","../src/impl/encoding/common.ts","../src/impl/encoding/cbor.ts","../src/impl/StatusListFactory.ts"],"sourcesContent":["/**\n */\n\nexport * from './types'\nexport * from './functions'\n","import type { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport {\n type ICredential,\n type ICredentialStatus,\n type IIssuer,\n type IVerifiableCredential,\n type OrPromise,\n type CredentialProofFormat,\n type StatusListCredential,\n StatusListCredentialIdMode,\n StatusListDriverType,\n type StatusListIndexingDirection,\n StatusListType,\n type StatusPurpose2021,\n} from '@sphereon/ssi-types'\nimport type {\n CredentialPayload,\n IAgentContext,\n ICredentialIssuer,\n ICredentialPlugin,\n ICredentialVerifier,\n IKeyManager,\n IPluginMethodMap,\n} from '@veramo/core'\nimport { DataSource } from 'typeorm'\nimport type { BitsPerStatus } from '@sd-jwt/jwt-status-list'\nimport type { SdJwtVcPayload } from '@sd-jwt/sd-jwt-vc'\nimport type { StatusListOpts } from '@sphereon/oid4vci-common'\n\nexport enum StatusOAuth {\n Valid = 0,\n Invalid = 1,\n Suspended = 2,\n}\n\nexport enum Status2021 {\n Valid = 0,\n Invalid = 1,\n}\n\nexport type StatusList2021Args = {\n indexingDirection: StatusListIndexingDirection\n statusPurpose?: StatusPurpose2021\n // todo: validFrom and validUntil\n}\n\nexport type OAuthStatusListArgs = {\n bitsPerStatus?: BitsPerStatus\n expiresAt?: Date\n}\n\nexport type BaseCreateNewStatusListArgs = {\n type: StatusListType\n id: string\n issuer: string | IIssuer\n correlationId?: string\n length?: number\n proofFormat?: CredentialProofFormat\n keyRef?: string\n statusList2021?: StatusList2021Args\n oauthStatusList?: OAuthStatusListArgs\n driverType?: StatusListDriverType\n}\n\nexport type UpdateStatusList2021Args = {\n statusPurpose: StatusPurpose2021\n}\n\nexport type UpdateOAuthStatusListArgs = {\n bitsPerStatus: BitsPerStatus\n expiresAt?: Date\n}\n\nexport interface UpdateStatusListFromEncodedListArgs {\n type?: StatusListType\n statusListIndex: number | string\n value: boolean\n proofFormat?: CredentialProofFormat\n keyRef?: string\n correlationId?: string\n encodedList: string\n issuer: string | IIssuer\n id: string\n statusList2021?: UpdateStatusList2021Args\n oauthStatusList?: UpdateOAuthStatusListArgs\n}\n\nexport interface UpdateStatusListFromStatusListCredentialArgs {\n statusListCredential: StatusListCredential // | CompactJWT\n keyRef?: string\n statusListIndex: number | string\n value: number | Status2021 | StatusOAuth\n}\n\nexport interface StatusListResult {\n encodedList: string\n statusListCredential: StatusListCredential\n length: number\n type: StatusListType\n proofFormat: CredentialProofFormat\n id: string\n statuslistContentType: string\n issuer: string | IIssuer\n statusList2021?: StatusList2021Details\n oauthStatusList?: OAuthStatusDetails\n\n // These cannot be deduced from the VC, so they are present when callers pass in these values as params\n correlationId?: string\n driverType?: StatusListDriverType\n credentialIdMode?: StatusListCredentialIdMode\n}\n\ninterface StatusList2021Details {\n indexingDirection: StatusListIndexingDirection\n statusPurpose?: StatusPurpose2021\n}\n\ninterface OAuthStatusDetails {\n bitsPerStatus?: BitsPerStatus\n expiresAt?: Date\n}\n\nexport interface StatusList2021EntryCredentialStatus extends ICredentialStatus {\n type: 'StatusList2021Entry'\n statusPurpose: StatusPurpose2021\n statusListIndex: string\n statusListCredential: string\n}\n\nexport interface StatusListOAuthEntryCredentialStatus extends ICredentialStatus {\n type: 'OAuthStatusListEntry'\n bitsPerStatus: number\n statusListIndex: string\n statusListCredential: string\n expiresAt?: Date\n}\n\nexport interface StatusList2021ToVerifiableCredentialArgs {\n issuer: string | IIssuer\n id: string\n type?: StatusListType\n proofFormat?: CredentialProofFormat\n keyRef?: string\n encodedList: string\n statusPurpose: StatusPurpose2021\n}\n\nexport interface CreateStatusListArgs {\n issuer: string | IIssuer\n id: string\n proofFormat?: CredentialProofFormat\n keyRef?: string\n correlationId?: string\n length?: number\n statusList2021?: StatusList2021Args\n oauthStatusList?: OAuthStatusListArgs\n}\n\nexport interface UpdateStatusListIndexArgs {\n statusListCredential: StatusListCredential // | CompactJWT\n statusListIndex: number | string\n value: number | Status2021 | StatusOAuth\n keyRef?: string\n expiresAt?: Date\n}\n\nexport interface CheckStatusIndexArgs {\n statusListCredential: StatusListCredential // | CompactJWT\n statusListIndex: string | number\n}\n\nexport interface ToStatusListDetailsArgs {\n statusListPayload: StatusListCredential\n correlationId?: string\n driverType?: StatusListDriverType\n}\n\n/**\n * The interface definition for a plugin that can add statuslist info to a credential\n *\n * @remarks Please see {@link https://www.w3.org/TR/vc-data-model | W3C Verifiable Credentials data model}\n *\n * @beta This API is likely to change without a BREAKING CHANGE notice\n */\nexport interface IStatusListPlugin extends IPluginMethodMap {\n /**\n * Create a new status list\n *\n * @param args Status list information like type and size\n * @param context - This reserved param is automatically added and handled by the framework, *do not override*\n *\n * @returns - The details of the newly created status list\n */\n slCreateStatusList(args: CreateNewStatusListArgs, context: IRequiredContext): Promise<StatusListResult>\n\n /**\n * Ensures status list info like index and list id is added to a credential\n *\n * @param args - Arguments necessary to add the statuslist info.\n * @param context - This reserved param is automatically added and handled by the framework, *do not override*\n *\n * @returns - a promise that resolves to the credential now with status support\n *\n * @beta This API is likely to change without a BREAKING CHANGE notice\n */\n slAddStatusToCredential(args: IAddStatusToCredentialArgs, context: IRequiredContext): Promise<CredentialWithStatusSupport>\n\n slAddStatusToSdJwtCredential(args: IAddStatusToSdJwtCredentialArgs, context: IRequiredContext): Promise<SdJwtVcPayload>\n\n /**\n * Get the status list using the configured driver for the SL. Normally a correlationId or id should suffice. Optionally accepts a dbName/datasource\n * @param args\n * @param context\n */\n slGetStatusList(args: GetStatusListArgs, context: IRequiredContext): Promise<StatusListResult>\n\n /**\n * Import status lists when noy yet present\n *\n * @param imports Array of status list information like type and size\n * @param context - This reserved param is automatically added and handled by the framework, *do not override*\n */\n slImportStatusLists(imports: Array<CreateNewStatusListArgs>, context: IRequiredContext): Promise<boolean>\n}\n\nexport type CreateNewStatusListFuncArgs = BaseCreateNewStatusListArgs\n\nexport type CreateNewStatusListArgs = BaseCreateNewStatusListArgs & {\n dbName?: string\n dataSource?: OrPromise<DataSource>\n isDefault?: boolean\n}\n\nexport type IAddStatusToCredentialArgs = Omit<IIssueCredentialStatusOpts, 'dataSource'> & {\n credential: CredentialWithStatusSupport\n}\n\nexport type IAddStatusToSdJwtCredentialArgs = Omit<IIssueCredentialStatusOpts, 'dataSource'> & {\n credential: SdJwtVcPayload\n}\n\nexport interface IIssueCredentialStatusOpts {\n dataSource?: DataSource\n statusLists?: Array<StatusListOpts>\n credentialId?: string // An id to use for the credential. Normally should be set as the crdential.id value\n value?: string\n}\n\nexport type GetStatusListArgs = {\n id?: string\n correlationId?: string\n dataSource?: OrPromise<DataSource>\n dbName?: string\n}\n\nexport type CredentialWithStatusSupport = ICredential | CredentialPayload | IVerifiableCredential\n\nexport type SignedStatusListData = {\n statusListCredential: StatusListCredential\n encodedList: string\n}\n\nexport type IRequiredPlugins = ICredentialPlugin & IIdentifierResolution\nexport type IRequiredContext = IAgentContext<ICredentialIssuer & ICredentialVerifier & IIdentifierResolution & IKeyManager & ICredentialPlugin>\n","import type { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport {\n CredentialMapper,\n DocumentFormat,\n type CredentialProofFormat,\n type StatusListCredential,\n StatusListDriverType,\n StatusListType,\n type StatusPurpose2021,\n} from '@sphereon/ssi-types'\nimport type { CredentialStatus, DIDDocument, IAgentContext, ICredentialPlugin, ProofFormat as VeramoProofFormat } from '@veramo/core'\n\nimport { checkStatus } from '@sphereon/vc-status-list'\n\n// @ts-ignore\nimport { CredentialJwtOrJSON, StatusMethod } from 'credential-status'\nimport {\n CreateNewStatusListFuncArgs,\n Status2021,\n StatusList2021ToVerifiableCredentialArgs,\n StatusListResult,\n StatusOAuth,\n UpdateStatusListFromEncodedListArgs,\n UpdateStatusListIndexArgs,\n} from './types'\nimport { assertValidProofType, determineStatusListType, getAssertedValue, getAssertedValues } from './utils'\nimport { getStatusListImplementation } from './impl/StatusListFactory'\n\nexport async function fetchStatusListCredential(args: { statusListCredential: string }): Promise<StatusListCredential> {\n const url = getAssertedValue('statusListCredential', args.statusListCredential)\n try {\n const response = await fetch(url)\n if (!response.ok) {\n throw Error(`Fetching status list ${url} resulted in an error: ${response.status} : ${response.statusText}`)\n }\n const responseAsText = await response.text()\n if (responseAsText.trim().startsWith('{')) {\n return JSON.parse(responseAsText) as StatusListCredential\n }\n return responseAsText as StatusListCredential\n } catch (error) {\n console.error(`Fetching status list ${url} resulted in an unexpected error: ${error instanceof Error ? error.message : JSON.stringify(error)}`)\n throw error\n }\n}\n\nexport function statusPluginStatusFunction(args: {\n documentLoader: any\n suite: any\n mandatoryCredentialStatus?: boolean\n verifyStatusListCredential?: boolean\n verifyMatchingIssuers?: boolean\n errorUnknownListType?: boolean\n}): StatusMethod {\n return async (credential: CredentialJwtOrJSON, didDoc: DIDDocument): Promise<CredentialStatus> => {\n const result = await checkStatusForCredential({\n ...args,\n documentLoader: args.documentLoader,\n credential: credential as StatusListCredential,\n errorUnknownListType: args.errorUnknownListType,\n })\n\n return {\n revoked: !result.verified || result.error,\n ...(result.error && { error: result.error }),\n }\n }\n}\n\n/**\n * Function that can be used together with @digitalbazar/vc and @digitialcredentials/vc\n * @param args\n */\nexport function vcLibCheckStatusFunction(args: {\n mandatoryCredentialStatus?: boolean\n verifyStatusListCredential?: boolean\n verifyMatchingIssuers?: boolean\n errorUnknownListType?: boolean\n}) {\n const { mandatoryCredentialStatus, verifyStatusListCredential, verifyMatchingIssuers, errorUnknownListType } = args\n return (args: {\n credential: StatusListCredential\n documentLoader: any\n suite: any\n }): Promise<{\n verified: boolean\n error?: any\n }> => {\n return checkStatusForCredential({\n ...args,\n mandatoryCredentialStatus,\n verifyStatusListCredential,\n verifyMatchingIssuers,\n errorUnknownListType,\n })\n }\n}\n\nexport async function checkStatusForCredential(args: {\n credential: StatusListCredential\n documentLoader: any\n suite: any\n mandatoryCredentialStatus?: boolean\n verifyStatusListCredential?: boolean\n verifyMatchingIssuers?: boolean\n errorUnknownListType?: boolean\n}): Promise<{ verified: boolean; error?: any }> {\n const verifyStatusListCredential = args.verifyStatusListCredential ?? true\n const verifyMatchingIssuers = args.verifyMatchingIssuers ?? true\n const uniform = CredentialMapper.toUniformCredential(args.credential)\n if (!('credentialStatus' in uniform) || !uniform.credentialStatus) {\n if (args.mandatoryCredentialStatus) {\n const error = 'No credential status object found in the Verifiable Credential and it is mandatory'\n console.log(error)\n return { verified: false, error }\n }\n return { verified: true }\n }\n if ('credentialStatus' in uniform && uniform.credentialStatus) {\n if (uniform.credentialStatus.type === 'StatusList2021Entry') {\n return checkStatus({ ...args, verifyStatusListCredential, verifyMatchingIssuers })\n } else if (args?.errorUnknownListType) {\n const error = `Credential status type ${uniform.credentialStatus.type} is not supported, and check status has been configured to not allow for that`\n console.log(error)\n return { verified: false, error }\n } else {\n console.log(`Skipped verification of status type ${uniform.credentialStatus.type} as we do not support it (yet)`)\n }\n }\n return { verified: true }\n}\n\nexport async function simpleCheckStatusFromStatusListUrl(args: {\n statusListCredential: string\n statusPurpose?: StatusPurpose2021\n type?: StatusListType | 'StatusList2021Entry'\n id?: string\n statusListIndex: string\n}): Promise<number | Status2021 | StatusOAuth> {\n return checkStatusIndexFromStatusListCredential({\n ...args,\n statusListCredential: await fetchStatusListCredential(args),\n })\n}\n\nexport async function checkStatusIndexFromStatusListCredential(args: {\n statusListCredential: StatusListCredential\n statusPurpose?: StatusPurpose2021\n type?: StatusListType | 'StatusList2021Entry'\n id?: string\n statusListIndex: string | number\n}): Promise<number | Status2021 | StatusOAuth> {\n const statusListType: StatusListType = determineStatusListType(args.statusListCredential)\n const implementation = getStatusListImplementation(statusListType)\n return implementation.checkStatusIndex(args)\n}\n\nexport async function createNewStatusList(\n args: CreateNewStatusListFuncArgs,\n context: IAgentContext<(ICredentialPlugin | any) /*IvcdMCredentialPlugin is not available*/ & IIdentifierResolution>,\n): Promise<StatusListResult> {\n const { type } = getAssertedValues(args)\n const implementation = getStatusListImplementation(type)\n return implementation.createNewStatusList(args, context)\n}\n\nexport async function updateStatusIndexFromStatusListCredential(\n args: UpdateStatusListIndexArgs,\n context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,\n): Promise<StatusListResult> {\n const credential = getAssertedValue('statusListCredential', args.statusListCredential)\n const statusListType: StatusListType = determineStatusListType(credential)\n const implementation = getStatusListImplementation(statusListType)\n return implementation.updateStatusListIndex(args, context)\n}\n\n// Keeping helper function for backward compatibility\nexport async function statusListCredentialToDetails(args: {\n statusListCredential: StatusListCredential\n correlationId?: string\n driverType?: StatusListDriverType\n}): Promise<StatusListResult> {\n const credential = getAssertedValue('statusListCredential', args.statusListCredential)\n\n let statusListType: StatusListType | undefined\n const documentFormat = CredentialMapper.detectDocumentType(credential)\n if (documentFormat === DocumentFormat.JWT) {\n const [header] = credential.split('.')\n const decodedHeader = JSON.parse(Buffer.from(header, 'base64').toString())\n\n if (decodedHeader.typ === 'statuslist+jwt') {\n statusListType = StatusListType.OAuthStatusList\n }\n } else if (documentFormat === DocumentFormat.MSO_MDOC) {\n statusListType = StatusListType.OAuthStatusList\n // TODO check CBOR content?\n }\n if (!statusListType) {\n const uniform = CredentialMapper.toUniformCredential(credential)\n const type = uniform.type.find((t) => t.includes('StatusList2021') || t.includes('OAuth2StatusList'))\n if (!type) {\n throw new Error('Invalid status list credential type')\n }\n statusListType = type.replace('Credential', '') as StatusListType\n }\n\n const implementation = getStatusListImplementation(statusListType)\n return await implementation.toStatusListDetails({\n statusListPayload: credential,\n correlationId: args.correlationId,\n driverType: args.driverType,\n })\n}\n\nexport async function updateStatusListIndexFromEncodedList(\n args: UpdateStatusListFromEncodedListArgs,\n context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,\n): Promise<StatusListResult> {\n const { type } = getAssertedValue('type', args)\n const implementation = getStatusListImplementation(type!)\n return implementation.updateStatusListFromEncodedList(args, context)\n}\n\nexport async function statusList2021ToVerifiableCredential(\n args: StatusList2021ToVerifiableCredentialArgs,\n context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,\n): Promise<StatusListCredential> {\n const { issuer, id, type } = getAssertedValues(args)\n const identifier = await context.agent.identifierManagedGet({\n identifier: typeof issuer === 'string' ? issuer : issuer.id,\n vmRelationship: 'assertionMethod',\n offlineWhenNoDIDRegistered: true, // FIXME Fix identifier resolution for EBSI\n })\n const proofFormat: CredentialProofFormat = args?.proofFormat ?? 'lds'\n assertValidProofType(StatusListType.StatusList2021, proofFormat)\n const veramoProofFormat: VeramoProofFormat = proofFormat as VeramoProofFormat\n\n const encodedList = getAssertedValue('encodedList', args.encodedList)\n const statusPurpose = getAssertedValue('statusPurpose', args.statusPurpose)\n const credential = {\n '@context': ['https://www.w3.org/2018/credentials/v1', 'https://w3id.org/vc/status-list/2021/v1'],\n id,\n issuer,\n // issuanceDate: \"2021-03-10T04:24:12.164Z\",\n type: ['VerifiableCredential', `${type}Credential`],\n credentialSubject: {\n id,\n type,\n statusPurpose,\n encodedList,\n },\n }\n // TODO copy statuslist schema to local and disable fetching remote contexts\n const verifiableCredential = await context.agent.createVerifiableCredential({\n credential,\n keyRef: identifier.kmsKeyRef,\n proofFormat: veramoProofFormat,\n fetchRemoteContexts: true,\n })\n\n return CredentialMapper.toWrappedVerifiableCredential(verifiableCredential as StatusListCredential).original as StatusListCredential\n}\n","import {\n CredentialMapper,\n type IIssuer,\n type CredentialProofFormat,\n StatusListType,\n StatusListType as StatusListTypeW3C,\n type StatusListCredential,\n DocumentFormat,\n} from '@sphereon/ssi-types'\nimport { jwtDecode } from 'jwt-decode'\n\nexport function getAssertedStatusListType(type?: StatusListType) {\n const assertedType = type ?? StatusListType.StatusList2021\n if (![StatusListType.StatusList2021, StatusListType.OAuthStatusList].includes(assertedType)) {\n throw Error(`StatusList type ${assertedType} is not supported (yet)`)\n }\n return assertedType\n}\n\nexport function getAssertedValue<T>(name: string, value: T): NonNullable<T> {\n if (value === undefined || value === null) {\n throw Error(`Missing required ${name} value`)\n }\n return value\n}\n\nexport function getAssertedValues(args: { issuer: string | IIssuer; id: string; type?: StatusListTypeW3C | StatusListType }) {\n const type = getAssertedStatusListType(args?.type)\n const id = getAssertedValue('id', args.id)\n const issuer = getAssertedValue('issuer', args.issuer)\n return { id, issuer, type }\n}\n\nexport function getAssertedProperty<T extends object>(propertyName: string, obj: T): NonNullable<any> {\n if (!(propertyName in obj)) {\n throw Error(`The input object does not contain required property: ${propertyName}`)\n }\n return getAssertedValue(propertyName, (obj as any)[propertyName])\n}\n\nconst ValidProofTypeMap = new Map<StatusListType, CredentialProofFormat[]>([\n [StatusListType.StatusList2021, ['jwt', 'lds', 'EthereumEip712Signature2021']],\n [StatusListType.OAuthStatusList, ['jwt', 'cbor']],\n])\n\nexport function assertValidProofType(type: StatusListType, proofFormat: CredentialProofFormat) {\n const validProofTypes = ValidProofTypeMap.get(type)\n if (!validProofTypes?.includes(proofFormat)) {\n throw Error(`Invalid proof format '${proofFormat}' for status list type ${type}`)\n }\n}\n\nexport function determineStatusListType(credential: StatusListCredential): StatusListType {\n const proofFormat = determineProofFormat(credential)\n switch (proofFormat) {\n case 'jwt':\n const payload: StatusListCredential = jwtDecode(credential as string)\n const keys = Object.keys(payload)\n if (keys.includes('status_list')) {\n return StatusListType.OAuthStatusList\n } else if (keys.includes('vc')) {\n return StatusListType.StatusList2021\n }\n break\n case 'lds':\n const uniform = CredentialMapper.toUniformCredential(credential)\n const type = uniform.type.find((t) => {\n return Object.values(StatusListType).some((statusType) => t.includes(statusType))\n })\n if (!type) {\n throw new Error('Invalid status list credential type')\n }\n return type.replace('Credential', '') as StatusListType\n\n case 'cbor':\n return StatusListType.OAuthStatusList\n }\n\n throw new Error('Cannot determine status list type from credential payload')\n}\n\nexport function determineProofFormat(credential: StatusListCredential): CredentialProofFormat {\n const type: DocumentFormat = CredentialMapper.detectDocumentType(credential)\n switch (type) {\n case DocumentFormat.JWT:\n return 'jwt'\n case DocumentFormat.MSO_MDOC:\n // Not really mdoc, just assume Cbor for now, I'd need to decode at least the header to what type of Cbor we have\n return 'cbor'\n case DocumentFormat.JSONLD:\n return 'lds'\n default:\n throw Error('Cannot determine credential payload type')\n }\n}\n","import type { IAgentContext, ICredentialPlugin, ProofFormat as VeramoProofFormat } from '@veramo/core'\nimport type { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport {\n CredentialMapper,\n DocumentFormat,\n type IIssuer,\n type CredentialProofFormat,\n type StatusListCredential,\n StatusListType,\n} from '@sphereon/ssi-types'\n\nimport { StatusList } from '@sphereon/vc-status-list'\nimport type { IStatusList } from './IStatusList'\nimport type {\n CheckStatusIndexArgs,\n CreateStatusListArgs,\n StatusListResult,\n ToStatusListDetailsArgs,\n UpdateStatusListFromEncodedListArgs,\n UpdateStatusListIndexArgs,\n} from '../types'\n\nimport { Status2021 } from '../types'\nimport { assertValidProofType, getAssertedProperty, getAssertedValue, getAssertedValues } from '../utils'\n\nexport const DEFAULT_LIST_LENGTH = 250000\nexport const DEFAULT_PROOF_FORMAT = 'lds' as VeramoProofFormat\n\nexport class StatusList2021Implementation implements IStatusList {\n async createNewStatusList(\n args: CreateStatusListArgs,\n context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,\n ): Promise<StatusListResult> {\n const length = args?.length ?? DEFAULT_LIST_LENGTH\n const proofFormat: CredentialProofFormat = args?.proofFormat ?? DEFAULT_PROOF_FORMAT\n assertValidProofType(StatusListType.StatusList2021, proofFormat)\n const veramoProofFormat: VeramoProofFormat = proofFormat as VeramoProofFormat\n\n const { issuer, id } = args\n const correlationId = getAssertedValue('correlationId', args.correlationId)\n\n const list = new StatusList({ length })\n const encodedList = await list.encode()\n const statusPurpose = 'revocation'\n\n const statusListCredential = await this.createVerifiableCredential(\n {\n ...args,\n encodedList,\n proofFormat: veramoProofFormat,\n },\n context,\n )\n\n return {\n encodedList,\n statusListCredential: statusListCredential,\n statusList2021: {\n statusPurpose,\n indexingDirection: 'rightToLeft',\n },\n length,\n type: StatusListType.StatusList2021,\n proofFormat,\n id,\n correlationId,\n issuer,\n statuslistContentType: this.buildContentType(proofFormat),\n }\n }\n\n async updateStatusListIndex(\n args: UpdateStatusListIndexArgs,\n context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,\n ): Promise<StatusListResult> {\n const credential = args.statusListCredential\n const uniform = CredentialMapper.toUniformCredential(credential)\n const { issuer, credentialSubject } = uniform\n const id = getAssertedValue('id', uniform.id)\n const origEncodedList = getAssertedProperty('encodedList', credentialSubject)\n\n const index = typeof args.statusListIndex === 'number' ? args.statusListIndex : parseInt(args.statusListIndex)\n const statusList = await StatusList.decode({ encodedList: origEncodedList })\n statusList.setStatus(index, args.value != 0)\n const encodedList = await statusList.encode()\n\n const proofFormat = CredentialMapper.detectDocumentType(credential) === DocumentFormat.JWT ? 'jwt' : 'lds'\n const updatedCredential = await this.createVerifiableCredential(\n {\n ...args,\n id,\n issuer,\n encodedList,\n proofFormat: proofFormat,\n },\n context,\n )\n\n return {\n statusListCredential: updatedCredential,\n encodedList,\n statusList2021: {\n ...('statusPurpose' in credentialSubject ? { statusPurpose: credentialSubject.statusPurpose } : {}),\n indexingDirection: 'rightToLeft',\n },\n length: statusList.length - 1,\n type: StatusListType.StatusList2021,\n proofFormat: proofFormat,\n id,\n issuer,\n statuslistContentType: this.buildContentType(proofFormat),\n }\n }\n\n async updateStatusListFromEncodedList(\n args: UpdateStatusListFromEncodedListArgs,\n context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,\n ): Promise<StatusListResult> {\n if (!args.statusList2021) {\n throw new Error('statusList2021 options required for type StatusList2021')\n }\n const proofFormat: CredentialProofFormat = args?.proofFormat ?? DEFAULT_PROOF_FORMAT\n assertValidProofType(StatusListType.StatusList2021, proofFormat)\n const veramoProofFormat: VeramoProofFormat = proofFormat as VeramoProofFormat\n\n const { issuer, id } = getAssertedValues(args)\n const statusList = await StatusList.decode({ encodedList: args.encodedList })\n const index = typeof args.statusListIndex === 'number' ? args.statusListIndex : parseInt(args.statusListIndex)\n statusList.setStatus(index, args.value)\n\n const newEncodedList = await statusList.encode()\n const credential = await this.createVerifiableCredential(\n {\n id,\n issuer,\n encodedList: newEncodedList,\n proofFormat: veramoProofFormat,\n keyRef: args.keyRef,\n },\n context,\n )\n\n return {\n type: StatusListType.StatusList2021,\n statusListCredential: credential,\n encodedList: newEncodedList,\n statusList2021: {\n statusPurpose: args.statusList2021.statusPurpose,\n indexingDirection: 'rightToLeft',\n },\n length: statusList.length,\n proofFormat: args.proofFormat ?? 'lds',\n id: id,\n issuer: issuer,\n statuslistContentType: this.buildContentType(proofFormat),\n }\n }\n\n async checkStatusIndex(args: CheckStatusIndexArgs): Promise<number | Status2021> {\n const uniform = CredentialMapper.toUniformCredential(args.statusListCredential)\n const { credentialSubject } = uniform\n const encodedList = getAssertedProperty('encodedList', credentialSubject)\n\n const statusList = await StatusList.decode({ encodedList })\n const status = statusList.getStatus(typeof args.statusListIndex === 'number' ? args.statusListIndex : parseInt(args.statusListIndex))\n return status ? Status2021.Invalid : Status2021.Valid\n }\n\n async toStatusListDetails(args: ToStatusListDetailsArgs): Promise<StatusListResult> {\n const { statusListPayload } = args\n const uniform = CredentialMapper.toUniformCredential(statusListPayload)\n const { issuer, credentialSubject } = uniform\n const id = getAssertedValue('id', uniform.id)\n const encodedList = getAssertedProperty('encodedList', credentialSubject)\n const proofFormat: CredentialProofFormat = CredentialMapper.detectDocumentType(statusListPayload) === DocumentFormat.JWT ? 'jwt' : 'lds'\n\n const statusPurpose = getAssertedProperty('statusPurpose', credentialSubject)\n const list = await StatusList.decode({ encodedList })\n\n return {\n id,\n encodedList,\n issuer,\n type: StatusListType.StatusList2021,\n proofFormat,\n length: list.length,\n statusListCredential: statusListPayload,\n statuslistContentType: this.buildContentType(proofFormat),\n statusList2021: {\n indexingDirection: 'rightToLeft',\n statusPurpose,\n },\n ...(args.correlationId && { correlationId: args.correlationId }),\n ...(args.driverType && { driverType: args.driverType }),\n }\n }\n\n private async createVerifiableCredential(\n args: {\n id: string\n issuer: string | IIssuer\n encodedList: string\n proofFormat: VeramoProofFormat\n keyRef?: string\n },\n context: IAgentContext<ICredentialPlugin & IIdentifierResolution>,\n ): Promise<StatusListCredential> {\n const identifier = await context.agent.identifierManagedGet({\n identifier: typeof args.issuer === 'string' ? args.issuer : args.issuer.id,\n vmRelationship: 'assertionMethod',\n offlineWhenNoDIDRegistered: true,\n })\n\n const credential = {\n '@context': ['https://www.w3.org/2018/credentials/v1', 'https://w3id.org/vc/status-list/2021/v1'],\n id: args.id,\n issuer: args.issuer,\n type: ['VerifiableCredential', 'StatusList2021Credential'],\n credentialSubject: {\n id: args.id,\n type: 'StatusList2021',\n statusPurpose: 'revocation',\n encodedList: args.encodedList,\n },\n }\n\n const verifiableCredential = await context.agent.createVerifiableCredential({\n credential,\n keyRef: args.keyRef ?? identifier.kmsKeyRef,\n proofFormat: args.proofFormat,\n fetchRemoteContexts: true,\n })\n\n return CredentialMapper.toWrappedVerifiableCredential(verifiableCredential as StatusListCredential).original as StatusListCredential\n }\n\n private buildContentType(proofFormat: 'jwt' | 'lds' | 'EthereumEip712Signature2021' | 'cbor' | undefined) {\n switch (proofFormat) {\n case 'jwt':\n return `application/statuslist+jwt`\n case 'cbor':\n return `application/statuslist+cwt`\n case 'lds':\n return 'application/statuslist+ld+json'\n default:\n throw Error(`Unsupported content type '${proofFormat}' for status lists`)\n }\n }\n}\n","import type { IAgentContext, ICredentialPlugin, IKeyManager } from '@veramo/core'\nimport { type CompactJWT, type CWT, type CredentialProofFormat, StatusListType } from '@sphereon/ssi-types'\nimport type {\n CheckStatusIndexArgs,\n CreateStatusListArgs,\n SignedStatusListData,\n StatusListResult,\n StatusOAuth,\n ToStatusListDetailsArgs,\n UpdateStatusListFromEncodedListArgs,\n UpdateStatusListIndexArgs,\n} from '../types'\nimport { determineProofFormat, getAssertedValue, getAssertedValues } from '../utils'\nimport type { IStatusList } from './IStatusList'\nimport { StatusList } from '@sd-jwt/jwt-status-list'\nimport type { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport type { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { createSignedJwt, decodeStatusListJWT } from './encoding/jwt'\nimport { createSignedCbor, decodeStatusListCWT } from './encoding/cbor'\n\ntype IRequiredContext = IAgentContext<ICredentialPlugin & IJwtService & IIdentifierResolution & IKeyManager>\n\nexport const DEFAULT_BITS_PER_STATUS = 1 // 1 bit is sufficient for 0x00 - \"VALID\" 0x01 - \"INVALID\" saving space in the process\nexport const DEFAULT_LIST_LENGTH = 250000\nexport const DEFAULT_PROOF_FORMAT = 'jwt' as CredentialProofFormat\n\nexport class OAuthStatusListImplementation implements IStatusList {\n async createNewStatusList(args: CreateStatusListArgs, context: IRequiredContext): Promise<StatusListResult> {\n if (!args.oauthStatusList) {\n throw new Error('OAuthStatusList options are required for type OAuthStatusList')\n }\n\n const proofFormat = args?.proofFormat ?? DEFAULT_PROOF_FORMAT\n const { issuer, id, oauthStatusList, keyRef } = args\n const { bitsPerStatus, expiresAt } = oauthStatusList\n const length = args.length ?? DEFAULT_LIST_LENGTH\n const issuerString = typeof issuer === 'string' ? issuer : issuer.id\n const correlationId = getAssertedValue('correlationId', args.correlationId)\n\n const statusList = new StatusList(new Array(length).fill(0), bitsPerStatus ?? DEFAULT_BITS_PER_STATUS)\n const encodedList = statusList.compressStatusList()\n const { statusListCredential } = await this.createSignedStatusList(proofFormat, context, statusList, issuerString, id, expiresAt, keyRef)\n\n return {\n encodedList,\n statusListCredential,\n oauthStatusList: { bitsPerStatus },\n length,\n type: StatusListType.OAuthStatusList,\n proofFormat,\n id,\n correlationId,\n issuer,\n statuslistContentType: this.buildContentType(proofFormat),\n }\n }\n\n async updateStatusListIndex(args: UpdateStatusListIndexArgs, context: IRequiredContext): Promise<StatusListResult> {\n const { statusListCredential, value, expiresAt, keyRef } = args\n if (typeof statusListCredential !== 'string') {\n return Promise.reject('statusListCredential in neither JWT nor CWT')\n }\n\n const proofFormat = determineProofFormat(statusListCredential)\n const decoded = proofFormat === 'jwt' ? decodeStatusListJWT(statusListCredential) : decodeStatusListCWT(statusListCredential)\n const { statusList, issuer, id } = decoded\n\n const index = typeof args.statusListIndex === 'number' ? args.statusListIndex : parseInt(args.statusListIndex)\n if (index < 0 || index >= statusList.statusList.length) {\n throw new Error('Status list index out of bounds')\n }\n\n statusList.setStatus(index, value)\n const { statusListCredential: signedCredential, encodedList } = await this.createSignedStatusList(\n proofFormat,\n context,\n statusList,\n issuer,\n id,\n expiresAt,\n keyRef,\n )\n\n return {\n statusListCredential: signedCredential,\n encodedList,\n oauthStatusList: {\n bitsPerStatus: statusList.getBitsPerStatus(),\n },\n length: statusList.statusList.length,\n type: StatusListType.OAuthStatusList,\n proofFormat,\n id,\n issuer,\n statuslistContentType: this.buildContentType(proofFormat),\n }\n }\n\n // FIXME: This still assumes only two values (boolean), whilst this list supports 8 bits max\n async updateStatusListFromEncodedList(args: UpdateStatusListFromEncodedListArgs, context: IRequiredContext): Promise<StatusListResult> {\n if (!args.oauthStatusList) {\n throw new Error('OAuthStatusList options are required for type OAuthStatusList')\n }\n const { proofFormat, oauthStatusList, keyRef } = args\n const { bitsPerStatus, expiresAt } = oauthStatusList\n\n const { issuer, id } = getAssertedValues(args)\n const issuerString = typeof issuer === 'string' ? issuer : issuer.id\n\n const listToUpdate = StatusList.decompressStatusList(args.encodedList, bitsPerStatus ?? DEFAULT_BITS_PER_STATUS)\n const index = typeof args.statusListIndex === 'number' ? args.statusListIndex : parseInt(args.statusListIndex)\n // FIXME: See above.\n listToUpdate.setStatus(index, args.value ? 1 : 0)\n\n const { statusListCredential, encodedList } = await this.createSignedStatusList(\n proofFormat ?? DEFAULT_PROOF_FORMAT,\n context,\n listToUpdate,\n issuerString,\n id,\n expiresAt,\n keyRef,\n )\n\n return {\n encodedList,\n statusListCredential,\n oauthStatusList: {\n bitsPerStatus,\n expiresAt,\n },\n length: listToUpdate.statusList.length,\n type: StatusListType.OAuthStatusList,\n proofFormat: proofFormat ?? DEFAULT_PROOF_FORMAT,\n id,\n issuer,\n statuslistContentType: this.buildContentType(proofFormat),\n }\n }\n\n private buildContentType(proofFormat: 'jwt' | 'lds' | 'EthereumEip712Signature2021' | 'cbor' | undefined) {\n return `application/statuslist+${proofFormat === 'cbor' ? 'cwt' : 'jwt'}`\n }\n\n async checkStatusIndex(args: CheckStatusIndexArgs): Promise<number | StatusOAuth> {\n const { statusListCredential, statusListIndex } = args\n if (typeof statusListCredential !== 'string') {\n return Promise.reject('statusListCredential in neither JWT nor CWT')\n }\n\n const proofFormat = determineProofFormat(statusListCredential)\n const { statusList } = proofFormat === 'jwt' ? decodeStatusListJWT(statusListCredential) : decodeStatusListCWT(statusListCredential)\n\n const index = typeof statusListIndex === 'number' ? statusListIndex : parseInt(statusListIndex)\n if (index < 0 || index >= statusList.statusList.length) {\n throw new Error('Status list index out of bounds')\n }\n\n return statusList.getStatus(index)\n }\n\n async toStatusListDetails(args: ToStatusListDetailsArgs): Promise<StatusListResult> {\n const { statusListPayload } = args as { statusListPayload: CompactJWT | CWT }\n const proofFormat = determineProofFormat(statusListPayload)\n const decoded = proofFormat === 'jwt' ? decodeStatusListJWT(statusListPayload) : decodeStatusListCWT(statusListPayload)\n const { statusList, issuer, id, exp } = decoded\n\n return {\n id,\n encodedList: statusList.compressStatusList(),\n issuer,\n type: StatusListType.OAuthStatusList,\n proofFormat,\n length: statusList.statusList.length,\n statusListCredential: statusListPayload,\n statuslistContentType: this.buildContentType(proofFormat),\n oauthStatusList: {\n bitsPerStatus: statusList.getBitsPerStatus(),\n ...(exp && { expiresAt: new Date(exp * 1000) }),\n },\n ...(args.correlationId && { correlationId: args.correlationId }),\n ...(args.driverType && { driverType: args.driverType }),\n }\n }\n\n private async createSignedStatusList(\n proofFormat: 'jwt' | 'lds' | 'EthereumEip712Signature2021' | 'cbor',\n context: IAgentContext<ICredentialPlugin & IJwtService & IIdentifierResolution & IKeyManager>,\n statusList: StatusList,\n issuerString: string,\n id: string,\n expiresAt?: Date,\n keyRef?: string,\n ): Promise<SignedStatusListData> {\n switch (proofFormat) {\n case 'jwt': {\n return await createSignedJwt(context, statusList, issuerString, id, expiresAt, keyRef)\n }\n case 'cbor': {\n return await createSignedCbor(context, statusList, issuerString, id, expiresAt, keyRef)\n }\n default:\n throw new Error(`Invalid proof format '${proofFormat}' for OAuthStatusList`)\n }\n }\n}\n","import { type CompactJWT, JoseSignatureAlgorithm } from '@sphereon/ssi-types'\nimport { createHeaderAndPayload, StatusList, type StatusListJWTHeaderParameters, type StatusListJWTPayload } from '@sd-jwt/jwt-status-list'\nimport base64url from 'base64url'\nimport type { JWTPayload } from 'did-jwt'\nimport type { IRequiredContext, SignedStatusListData } from '../../types'\nimport { type DecodedStatusListPayload, resolveIdentifier } from './common'\nimport type { TKeyType } from '@veramo/core'\nimport { ensureManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\n\nconst STATUS_LIST_JWT_TYP = 'statuslist+jwt'\n\nexport const createSignedJwt = async (\n context: IRequiredContext,\n statusList: StatusList,\n issuerString: string,\n id: string,\n expiresAt?: Date,\n keyRef?: string,\n): Promise<SignedStatusListData> => {\n const identifier = await resolveIdentifier(context, issuerString, keyRef)\n const resolution = await ensureManagedIdentifierResult(identifier, context)\n\n const payload: JWTPayload = {\n iss: issuerString,\n sub: id,\n iat: Math.floor(Date.now() / 1000),\n ...(expiresAt && { exp: Math.floor(expiresAt.getTime() / 1000) }),\n }\n\n const header: StatusListJWTHeaderParameters = {\n alg: getSigningAlgo(resolution.key.type),\n typ: STATUS_LIST_JWT_TYP,\n }\n const values = createHeaderAndPayload(statusList, payload, header)\n const signedJwt = await context.agent.jwtCreateJwsCompactSignature({\n issuer: { ...identifier, noIssPayloadUpdate: false },\n protectedHeader: values.header,\n payload: values.payload,\n })\n\n return {\n statusListCredential: signedJwt.jwt,\n encodedList: (values.payload as StatusListJWTPayload).status_list.lst,\n }\n}\n\nexport const decodeStatusListJWT = (jwt: CompactJWT): DecodedStatusListPayload => {\n const [, payloadBase64] = jwt.split('.')\n const payload = JSON.parse(base64url.decode(payloadBase64))\n\n if (!payload.iss || !payload.sub || !payload.status_list) {\n throw new Error('Missing required fields in JWT payload')\n }\n\n const statusList = StatusList.decompressStatusList(payload.status_list.lst, payload.status_list.bits)\n\n return {\n issuer: payload.iss,\n id: payload.sub,\n statusList,\n exp: payload.exp,\n ttl: payload.ttl,\n iat: payload.iat,\n }\n}\n\nexport const getSigningAlgo = (type: TKeyType): JoseSignatureAlgorithm => {\n switch (type) {\n case 'Ed25519':\n return JoseSignatureAlgorithm.EdDSA\n case 'Secp256k1':\n return JoseSignatureAlgorithm.ES256K\n case 'Secp256r1':\n return JoseSignatureAlgorithm.ES256\n case 'RSA':\n return JoseSignatureAlgorithm.RS256\n default:\n throw Error('Key type not yet supported')\n }\n}\n","import type { IRequiredContext } from '../../types'\nimport { StatusList } from '@sd-jwt/jwt-status-list'\n\nexport interface DecodedStatusListPayload {\n issuer: string\n id: string\n statusList: StatusList\n exp?: number\n ttl?: number\n iat: number\n}\n\nexport const resolveIdentifier = async (context: IRequiredContext, issuer: string, keyRef?: string) => {\n return await context.agent.identifierManagedGet({\n identifier: issuer,\n vmRelationship: 'assertionMethod',\n offlineWhenNoDIDRegistered: true,\n ...(keyRef && { kmsKeyRef: keyRef }), // TODO the getDid resolver should look at this ASAP\n })\n}\n","import type { BitsPerStatus } from '@sd-jwt/jwt-status-list'\nimport { StatusList } from '@sd-jwt/jwt-status-list'\nimport { deflate, inflate } from 'pako'\nimport pkg from '@sphereon/kmp-mdoc-core'\nconst { com, kotlin } = pkg\nimport base64url from 'base64url'\nimport type { IRequiredContext, SignedStatusListData } from '../../types'\nimport { type DecodedStatusListPayload, resolveIdentifier } from './common'\n\nexport type IKey = pkg.com.sphereon.crypto.IKey\nexport type CborItem<T> = pkg.com.sphereon.cbor.CborItem<T>\nexport const CborByteString = com.sphereon.cbor.CborByteString\nexport type CborByteStringType = pkg.com.sphereon.cbor.CborByteString\nexport const CborUInt = com.sphereon.cbor.CborUInt\nexport type CborUIntType = pkg.com.sphereon.cbor.CborUInt\nexport const CborString = com.sphereon.cbor.CborString\nexport type CborStringType = pkg.com.sphereon.cbor.CborString\n\n// const cbor = cborpkg.com.sphereon.cbor\n// const kmp = cborpkg.com.sphereon.kmp\n// const kotlin = cborpkg.kotlin\nconst decompressRawStatusList = (StatusList as any).decodeStatusList.bind(StatusList)\n\nconst CWT_CLAIMS = {\n SUBJECT: 2,\n ISSUER: 1,\n ISSUED_AT: 6,\n EXPIRATION: 4,\n TIME_TO_LIVE: 65534,\n STATUS_LIST: 65533,\n} as const\n\nexport const createSignedCbor = async (\n context: IRequiredContext,\n statusList: StatusList,\n issuerString: string,\n id: string,\n expiresAt?: Date,\n keyRef?: string,\n): Promise<SignedStatusListData> => {\n const identifier = await resolveIdentifier(context, issuerString, keyRef)\n\n const encodeStatusList = statusList.encodeStatusList()\n const compressedList = deflate(encodeStatusList, { level: 9 })\n const compressedBytes = new Int8Array(compressedList)\n\n const statusListMap = new com.sphereon.cbor.CborMap(\n kotlin.collections.KtMutableMap.fromJsMap(\n new Map<CborStringType, CborItem<any>>([\n [\n new com.sphereon.cbor.CborString('bits'),\n new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(statusList.getBitsPerStatus())),\n ],\n [new com.sphereon.cbor.CborString('lst'), new com.sphereon.cbor.CborByteString(compressedBytes)],\n ]),\n ),\n )\n\n const protectedHeader = new com.sphereon.cbor.CborMap(\n kotlin.collections.KtMutableMap.fromJsMap(\n new Map([[new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(16)), new com.sphereon.cbor.CborString('statuslist+cwt')]]), // \"type\"\n ),\n )\n const protectedHeaderEncoded = com.sphereon.cbor.Cbor.encode(protectedHeader)\n const claimsMap = buildClaimsMap(id, issuerString, statusListMap, expiresAt)\n const claimsEncoded: Int8Array = com.sphereon.cbor.Cbor.encode(claimsMap)\n\n const signedCWT: string = await context.agent.keyManagerSign({\n keyRef: identifier.kmsKeyRef,\n data: base64url.encode(Buffer.from(claimsEncoded)), // TODO test on RN\n encoding: undefined,\n })\n\n const protectedHeaderEncodedInt8 = new Int8Array(protectedHeaderEncoded)\n const claimsEncodedInt8 = new Int8Array(claimsEncoded)\n const signatureBytes = base64url.decode(signedCWT)\n const signatureInt8 = new Int8Array(Buffer.from(signatureBytes))\n\n const cwtArrayElements: Array<CborItem<any>> = [\n new CborByteString(protectedHeaderEncodedInt8),\n new CborByteString(claimsEncodedInt8),\n new CborByteString(signatureInt8),\n ]\n const cwtArray = new com.sphereon.cbor.CborArray(kotlin.collections.KtMutableList.fromJsArray(cwtArrayElements))\n const cwtEncoded = com.sphereon.cbor.Cbor.encode(cwtArray)\n const cwtBuffer = Buffer.from(cwtEncoded)\n return {\n statusListCredential: base64url.encode(cwtBuffer),\n encodedList: base64url.encode(compressedList as Buffer), // JS in @sd-jwt/jwt-status-list drops it in like this, so keep the same method\n }\n}\n\nfunction buildClaimsMap(\n id: string,\n issuerString: string,\n statusListMap: pkg.com.sphereon.cbor.CborMap<CborStringType, CborItem<any>>,\n expiresAt?: Date,\n) {\n const ttl = 65535 // FIXME figure out what value should be / come from and what the difference is with exp\n const claimsEntries: Array<[CborUIntType, CborItem<any>]> = [\n [new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.SUBJECT)), new com.sphereon.cbor.CborString(id)], // \"sub\"\n [new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.ISSUER)), new com.sphereon.cbor.CborString(issuerString)], // \"iss\"\n [\n new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.ISSUED_AT)),\n new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(Math.floor(Date.now() / 1000))), // \"iat\"\n ],\n ]\n\n if (expiresAt) {\n claimsEntries.push([\n new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.EXPIRATION)),\n new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(Math.floor(expiresAt.getTime() / 1000))), // \"exp\"\n ])\n }\n\n if (ttl) {\n claimsEntries.push([\n new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.TIME_TO_LIVE)),\n new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(ttl)), // \"time to live\"\n ])\n }\n\n claimsEntries.push([new com.sphereon.cbor.CborUInt(com.sphereon.kmp.LongKMP.fromNumber(CWT_CLAIMS.STATUS_LIST)), statusListMap])\n\n const claimsMap = new com.sphereon.cbor.CborMap(kotlin.collections.KtMutableMap.fromJsMap(new Map(claimsEntries)))\n return claimsMap\n}\n\nconst getCborValueFromMap = <T>(map: Map<CborItem<any>, CborItem<any>>, key: number): T => {\n const value = getCborOptionalValueFromMap<T>(map, key)\n if (value === undefined) {\n throw new Error(`Required claim ${key} not found`)\n }\n return value\n}\n\nconst getCborOptionalValueFromMap = <T>(map: Map<CborItem<any>, CborItem<any>>, key: number): T | undefined | never => {\n const value = map.get(new CborUInt(com.sphereon.kmp.LongKMP.fromNumber(key)))\n if (!value) {\n return undefined\n }\n return value.value as T\n}\n\nexport const decodeStatusListCWT = (cwt: string): DecodedStatusListPayload => {\n const encodedCbor = base64url.toBuffer(cwt)\n const encodedCborArray = new Int8Array(encodedCbor)\n const decodedCbor = com.sphereon.cbor.Cbor.decode(encodedCborArray)\n\n if (!(decodedCbor instanceof com.sphereon.cbor.CborArray)) {\n throw new Error('Invalid CWT format: Expected a CBOR array')\n }\n\n const [, payload] = decodedCbor.value.asJsArrayView()\n if (!(payload instanceof com.sphereon.cbor.CborByteString)) {\n throw new Error('Invalid payload format: Expect