feat: Add TokenStatusListService

DaevMithran · DaevMithran · commit 3f7033a56e1d · 2025-07-02T13:24:02.000+05:30
Signed-off-by: DaevMithran &lt;daevmithran1999@gmail.com&gt;
diff --git a/packages/core/src/modules/sd-jwt-vc/SdJwtVcService.ts b/packages/core/src/modules/sd-jwt-vc/SdJwtVcService.ts
@@ -488,7 +488,7 @@ export class SdJwtVcService {
     }
   }
 
-  private async extractKeyFromIssuer(agentContext: AgentContext, issuer: SdJwtVcIssuer, forSigning = false) {
+  public async extractKeyFromIssuer(agentContext: AgentContext, issuer: SdJwtVcIssuer, forSigning = false) {
     if (issuer.method === 'did') {
       const parsedDid = parseDid(issuer.didUrl)
       if (!parsedDid.fragment) {
diff --git a/packages/core/src/modules/sd-jwt-vc/credential-status/token-status-list/TokenStatusList.ts b/packages/core/src/modules/sd-jwt-vc/credential-status/token-status-list/TokenStatusList.ts
@@ -0,0 +1,183 @@
+import { StatusList, getListFromStatusListJWT } from '@sd-jwt/jwt-status-list'
+import { isURL } from 'class-validator'
+import { CredoError } from 'packages/core/src/error'
+import { fetchWithTimeout } from 'packages/core/src/utils/fetch'
+import { injectable } from 'tsyringe'
+import { AgentContext } from '../../../../agent'
+import { JwsService, Jwt, JwtPayload } from '../../../../crypto'
+import { parseDid } from '../../../dids'
+import { SdJwtVcIssuer } from '../../SdJwtVcOptions'
+import { SdJwtVcService } from '../../SdJwtVcService'
+import { TokenStatusListError } from './TokenStatusListError'
+
+export interface CreateTokenStatusListOptions {
+  issuer: SdJwtVcIssuer
+  name: string
+  tag: string
+  size: number
+  publish: boolean
+}
+
+export interface CreateTokenStatusListResult {
+  jwt: string
+  uri?: string
+}
+
+export interface RevokeIndicesOptions {
+  issuer: SdJwtVcIssuer
+  publish: boolean
+  indices: number[]
+}
+
+/**
+ * @internal
+ */
+@injectable()
+export class TokenStatusListService {
+  public static type = 'TokenStatusList'
+
+  async createStatusList(
+    agentContext: AgentContext,
+    options: CreateTokenStatusListOptions
+  ): Promise<CreateTokenStatusListResult> {
+    const sdJwtService = agentContext.dependencyManager.resolve(SdJwtVcService)
+    const jwsService = agentContext.dependencyManager.resolve(JwsService)
+
+    const statusList = new StatusList(new Array(options.size).fill(0), 1)
+
+    const issuer = await sdJwtService.extractKeyFromIssuer(agentContext, options.issuer, true)
+
+    // construct jwt payload
+    const jwtPayload = new JwtPayload({
+      iss: issuer.iss,
+      iat: Math.floor(Date.now() / 1000),
+      additionalClaims: {
+        status_list: {
+          bits: statusList.getBitsPerStatus(),
+          lst: statusList.compressStatusList(),
+        },
+      },
+    })
+
+    // sign JWT
+    const jwt = await jwsService.createJwsCompact(agentContext, {
+      payload: jwtPayload,
+      keyId: issuer.publicJwk.keyId,
+      protectedHeaderOptions: {
+        alg: issuer.alg,
+        typ: 'statuslist+jwt',
+      },
+    })
+
+    if (options.publish) {
+      // extended by different registries
+      const uri = await this.publishStatusList(agentContext, jwt)
+      return { jwt, uri }
+    }
+
+    return { jwt }
+  }
+
+  async revokeIndex(agentContext: AgentContext, statusListId: string, options: RevokeIndicesOptions): Promise<boolean> {
+    const sdJwtService = agentContext.dependencyManager.resolve(SdJwtVcService)
+    const jwsService = agentContext.dependencyManager.resolve(JwsService)
+
+    const currentStatusListJwt = await this.getStatusList(agentContext, statusListId)
+    const parsedStatusListJwt = Jwt.fromSerializedJwt(currentStatusListJwt)
+
+    // extract and validate iss
+    const iss = parsedStatusListJwt.payload.iss as string
+    if (options.issuer.method === 'did' && parseDid(options.issuer.didUrl).did !== iss) {
+      throw new TokenStatusListError('Invalid issuer')
+    }
+    if (options.issuer.method === 'x5c' && options.issuer.issuer !== iss) {
+      throw new TokenStatusListError('Invalid issuer')
+    }
+
+    const header = parsedStatusListJwt.header
+
+    const statusList = getListFromStatusListJWT(currentStatusListJwt)
+    // update indices
+    for (const revokedIndex of options.indices) {
+      statusList.setStatus(revokedIndex, 1)
+    }
+
+    const issuer = await sdJwtService.extractKeyFromIssuer(agentContext, options.issuer, true)
+
+    // construct jwt payload
+    const jwtPayload = new JwtPayload({
+      iss,
+      iat: Math.floor(Date.now() / 1000),
+      additionalClaims: {
+        status_list: {
+          bits: statusList.getBitsPerStatus(),
+          lst: statusList.compressStatusList(),
+        },
+      },
+    })
+
+    const jwt = await jwsService.createJwsCompact(agentContext, {
+      payload: jwtPayload,
+      keyId: issuer.publicJwk.keyId,
+      protectedHeaderOptions: {
+        alg: issuer.alg,
+        typ: header.typ,
+      },
+    })
+
+    if (options.publish) {
+      await this.publishStatusList(agentContext, jwt)
+    }
+
+    return true
+  }
+
+  async getStatus(agentContext: AgentContext, statusListId: string, index: number): Promise<number> {
+    const currentStatusListJwt = await this.getStatusList(agentContext, statusListId)
+    const statusList = getListFromStatusListJWT(currentStatusListJwt)
+    return statusList.getStatus(index)
+  }
+
+  async getStatusList(agentContext: AgentContext, statusListId: string): Promise<string> {
+    const jwsService = agentContext.dependencyManager.resolve(JwsService)
+
+    let jwt: string
+    if (isURL(statusListId)) {
+      jwt = await this.getStatusListFetcher(agentContext)(statusListId)
+    } else {
+      throw new Error('Not supported')
+    }
+
+    const verified = await jwsService.verifyJws(agentContext, { jws: jwt })
+
+    // verify jwt
+    if (!verified.isValid) {
+      throw new TokenStatusListError('Invalid Jwt in the provided statusListId')
+    }
+    return jwt
+  }
+
+  private getStatusListFetcher(agentContext: AgentContext) {
+    return async (uri: string) => {
+      const response = await fetchWithTimeout(agentContext.config.agentDependencies.fetch, uri, {
+        headers: {
+          Accept: 'application/statuslist+jwt',
+        },
+      })
+
+      if (!response.ok) {
+        throw new CredoError(
+          `Received invalid response with status ${
+            response.status
+          } when fetching status list from ${uri}. ${await response.text()}`
+        )
+      }
+
+      return await response.text()
+    }
+  }
+
+  async publishStatusList(_agentContext: AgentContext, _jwt: string): Promise<string> {
+    throw new Error('Not implemented')
+  }
+}
diff --git a/packages/core/src/modules/sd-jwt-vc/credential-status/token-status-list/TokenStatusListCredential.ts b/packages/core/src/modules/sd-jwt-vc/credential-status/token-status-list/TokenStatusListCredential.ts
diff --git a/packages/core/src/modules/sd-jwt-vc/credential-status/token-status-list/TokenStatusListError.ts b/packages/core/src/modules/sd-jwt-vc/credential-status/token-status-list/TokenStatusListError.ts
@@ -0,0 +1,3 @@
+import { CredoError } from '../../../../error'
+
+export class TokenStatusListError extends CredoError {}

Original file line number	Diff line number	Diff line change
`@@ -488,7 +488,7 @@ export class SdJwtVcService {`
`488`	`488`	`}`
`489`	`489`	`}`
`490`	`490`
`491`		`- private async extractKeyFromIssuer(agentContext: AgentContext, issuer: SdJwtVcIssuer, forSigning = false) {`
	`491`	`+ public async extractKeyFromIssuer(agentContext: AgentContext, issuer: SdJwtVcIssuer, forSigning = false) {`
`492`	`492`	`if (issuer.method === 'did') {`
`493`	`493`	`const parsedDid = parseDid(issuer.didUrl)`
`494`	`494`	`if (!parsedDid.fragment) {`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+import { CredoError } from '../../../../error'`
	`2`	`+`
	`3`	`+export class TokenStatusListError extends CredoError {}`