openwallet-foundation · GHkrishna · Oct 29, 2024 · Oct 29, 2024 · Oct 29, 2024 · Dec 3, 2024
@@ -58,6 +58,7 @@
     "luxon": "^3.5.0",
     "make-error": "^1.3.6",
     "object-inspect": "^1.10.3",
+    "pako": "^2.1.0",
     "query-string": "^7.0.1",
     "reflect-metadata": "^0.1.13",
     "rxjs": "^7.8.0",
@@ -71,6 +72,7 @@
     "@types/events": "^3.0.0",
     "@types/luxon": "^3.2.0",
     "@types/object-inspect": "^1.8.0",
+    "@types/pako": "^2.0.3",
     "@types/uuid": "^9.0.1",
     "@types/varint": "^6.0.0",
     "rimraf": "^4.4.0",

@@ -62,7 +62,7 @@ export interface CredentialsApi<CPs extends CredentialProtocol[]> {
   // Issue Credential Methods
   acceptCredential(options: AcceptCredentialOptions): Promise<CredentialExchangeRecord>
 
-  // Revoke Credential Methods
+  // Send Credential revocation notification Methods
   sendRevocationNotification(options: SendRevocationNotificationOptions): Promise<void>
 
   // out of band

@@ -1,6 +1,7 @@
 import type { JsonObject } from '../../../../types'
 import type { SingleOrArray } from '../../../../utils'
 import type { W3cIssuerOptions } from '../../../vc/models/credential/W3cIssuer'
+import type { W3cCredentialStatusOptions } from '../../../vc/models/credential/w3c-credential-status/W3cCredentialStatus'
 import type { CredentialFormat } from '../CredentialFormat'
 
 export interface JsonCredential {
@@ -11,6 +12,7 @@ export interface JsonCredential {
   issuanceDate: string
   expirationDate?: string
   credentialSubject: SingleOrArray<JsonObject>
+  credentialStatus?: SingleOrArray<W3cCredentialStatusOptions>
   [key: string]: unknown
 }
 

@@ -22,6 +22,7 @@ import type { Query, QueryOptions } from '../../storage/StorageService'
 import { CredoError } from '../../error'
 import { injectable } from '../../plugins'
 
+import { RevokeCredentialOptions } from './W3cCredentialServiceOptions'
 import { CREDENTIALS_CONTEXT_V1_URL } from './constants'
 import { W3cJsonLdVerifiableCredential } from './data-integrity'
 import { W3cJsonLdCredentialService } from './data-integrity/W3cJsonLdCredentialService'
@@ -186,6 +187,35 @@ export class W3cCredentialService {
     return w3cCredentialRecord
   }
 
+  /**
+   * Revoke a credential by issuer
+   * associated with the credential record.
+   *
+   * @param credentialRecordId The id of the credential record for which to revoke the credential
+   * @returns Revoke credential notification message
+   *
+   */
+  public async revokeCredential<Format extends ClaimFormat.JwtVp | ClaimFormat.LdpVp>(
+    agentContext: AgentContext,
+    options: RevokeCredentialOptions
+  ) {
+    const credentialRecod = await this.getCredentialRecordById(agentContext, options.credentialRecordId)
+    if (!credentialRecod) {
+      throw new CredoError(`Credential with id ${options.credentialRecordId} not found`)
+    }
+    const tags = credentialRecod.getTags()
+
+    if (tags.claimFormat === ClaimFormat.JwtVc) {
+      const revoked = await this.w3cJwtCredentialService.revokeCredential(agentContext, options)
+      return revoked as unknown as W3cVerifiablePresentation<Format>
+    } else if (tags.claimFormat === ClaimFormat.LdpVc) {
+      const revoked = await this.w3cJsonLdCredentialService.revokeCredential(agentContext, options)
+      return revoked as unknown as W3cVerifiablePresentation<Format>
+    } else {
+      throw new CredoError(`Unsupported format in options. Format must be either 'jwt_vc' or 'ldp_vc'`)
+    }
+  }
+
   public async removeCredentialRecord(agentContext: AgentContext, id: string) {
     await this.w3cCredentialRepository.deleteById(agentContext, id)
   }

@@ -205,3 +205,10 @@ export interface W3cJsonLdVerifyPresentationOptions extends W3cVerifyPresentatio
 export interface StoreCredentialOptions {
   credential: W3cVerifiableCredential
 }
+
+/**
+ * Interface for W3cCredentialsApi.revokeCredential. revoke a w3c credential.
+ */
+export interface RevokeCredentialOptions {
+  credentialRecordId: string
+}
@@ -1,4 +1,5 @@
 import type {
+  RevokeCredentialOptions,
   StoreCredentialOptions,
   W3cCreatePresentationOptions,
   W3cSignCredentialOptions,
@@ -14,6 +15,8 @@ import { AgentContext } from '../../agent'
 import { injectable } from '../../plugins'
 
 import { W3cCredentialService } from './W3cCredentialService'
+import { W3cJsonLdVerifiablePresentation } from './data-integrity'
+import { W3cJwtVerifiablePresentation } from './jwt-vc'
 
 /**
  * @public
@@ -44,6 +47,13 @@ export class W3cCredentialsApi {
     return this.w3cCredentialService.getCredentialRecordById(this.agentContext, id)
   }
 
+  // Revoke Credential Methods
+  public async revokeCredential(
+    options: RevokeCredentialOptions
+  ): Promise<W3cJwtVerifiablePresentation | W3cJsonLdVerifiablePresentation> {
+    return this.w3cCredentialService.revokeCredential(this.agentContext, options)
+  }
+
   public async findCredentialRecordsByQuery(
     query: Query<W3cCredentialRecord>,
     queryOptions?: QueryOptions

@@ -3,6 +3,7 @@ import type { AgentContext } from '../../../agent/context'
 import type { Key } from '../../../crypto/Key'
 import type { SingleOrArray } from '../../../utils'
 import type {
+  RevokeCredentialOptions,
   W3cJsonLdSignCredentialOptions,
   W3cJsonLdSignPresentationOptions,
   W3cJsonLdVerifyCredentialOptions,
@@ -18,6 +19,7 @@ import { asArray, JsonTransformer } from '../../../utils'
 import { VerificationMethod } from '../../dids'
 import { getKeyFromVerificationMethod } from '../../dids/domain/key-type'
 import { W3cCredentialsModuleConfig } from '../W3cCredentialsModuleConfig'
+import { validateStatus } from '../models/credential/w3c-credential-status/W3cCredentialStatus'
 import { w3cDate } from '../util'
 
 import { SignatureSuiteRegistry } from './SignatureSuiteRegistry'
@@ -109,10 +111,12 @@ export class W3cJsonLdCredentialService {
         credential: JsonTransformer.toJSON(options.credential),
         suite: suites,
         documentLoader: this.w3cCredentialsModuleConfig.documentLoader(agentContext),
-        checkStatus: ({ credential }: { credential: W3cJsonCredential }) => {
-          // Only throw error if credentialStatus is present
-          if (verifyCredentialStatus && 'credentialStatus' in credential) {
-            throw new CredoError('Verifying credential status for JSON-LD credentials is currently not supported')
+        checkStatus: async ({ credential }: { credential: W3cJsonCredential }) => {
+          if (verifyCredentialStatus && credential.credentialStatus) {
+            // await verifyBitStringCredentialStatus(credential, agentContext)
+            // Add a verification function that then checks which type of credentailStatus we have
+            // If the type is supported, we validate it and return the result
+            await validateStatus(credential.credentialStatus, agentContext)
           }
           return {
             verified: true,
@@ -259,12 +263,24 @@ export class W3cJsonLdCredentialService {
       )
       const allSuites = presentationSuites.concat(...credentialSuites)
 
+      const verifyCredentialStatus = options.verifyCredentialStatus ?? true
       const verifyOptions: Record<string, unknown> = {
         presentation: JsonTransformer.toJSON(options.presentation),
         suite: allSuites,
         challenge: options.challenge,
         domain: options.domain,
         documentLoader: this.w3cCredentialsModuleConfig.documentLoader(agentContext),
+        checkStatus: async ({ credential }: { credential: W3cJsonCredential }) => {
+          if (verifyCredentialStatus && credential.credentialStatus) {
+            // await verifyBitStringCredentialStatus(credential, agentContext)
+            // Add a verification function that then checks which type of credentailStatus we have
+            // If the type is supported, we validate it and return the result
+            await validateStatus(credential.credentialStatus, agentContext)
+          }
+          return {
+            verified: true,
+          }
+        },
       }
 
       // this is a hack because vcjs throws if purpose is passed as undefined or null
@@ -316,6 +332,13 @@ export class W3cJsonLdCredentialService {
     return proof
   }
 
+  // temporarily disable no unused var
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  public async revokeCredential(_agentContext: AgentContext, _options: RevokeCredentialOptions) {
+    // revoke jwt cred
+    throw new CredoError(`Revocation support not implemented for JsonLd`)
+  }
+
   public getVerificationMethodTypesByProofType(proofType: string): string[] {
     return this.signatureSuiteRegistry.getByProofType(proofType).verificationMethodTypes
   }

@@ -2,6 +2,7 @@ import type { AgentContext } from '../../../agent/context'
 import type { VerifyJwsResult } from '../../../crypto/JwsService'
 import type { DidPurpose, VerificationMethod } from '../../dids'
 import type {
+  RevokeCredentialOptions,
   W3cJwtSignCredentialOptions,
   W3cJwtSignPresentationOptions,
   W3cJwtVerifyCredentialOptions,
@@ -538,4 +539,11 @@ export class W3cJwtCredentialService {
 
     return verificationMethod
   }
+
+  // temporarily disable no unused var
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  public async revokeCredential(_agentContext: AgentContext, _options: RevokeCredentialOptions) {
+    // revoke jwt cred
+    throw new CredoError(`Revocation support not implemented for jwtVc`)
+  }
 }
@@ -13,9 +13,9 @@ import { CREDENTIALS_CONTEXT_V1_URL, VERIFIABLE_CREDENTIAL_TYPE } from '../../co
 import { IsCredentialJsonLdContext } from '../../validators'
 
 import { W3cCredentialSchema } from './W3cCredentialSchema'
-import { W3cCredentialStatus } from './W3cCredentialStatus'
 import { IsW3cCredentialSubject, W3cCredentialSubject, W3cCredentialSubjectTransformer } from './W3cCredentialSubject'
 import { IsW3cIssuer, W3cIssuer, W3cIssuerTransformer } from './W3cIssuer'
+import { W3cCredentialStatus } from './w3c-credential-status/W3cCredentialStatus'
 
 export interface W3cCredentialOptions {
   context?: Array<string | JsonObject>

@@ -1,3 +1,4 @@
+import type { W3cCredentialStatusOptions } from './w3c-credential-status/W3cCredentialStatus'
 import type { JsonObject } from '../../../../types'
 import type { SingleOrArray } from '../../../../utils'
 
@@ -9,5 +10,6 @@ export interface W3cJsonCredential {
   issuanceDate: string
   expirationDate?: string
   credentialSubject: SingleOrArray<JsonObject>
+  credentialStatus?: SingleOrArray<W3cCredentialStatusOptions>
   [key: string]: unknown
 }
@@ -0,0 +1,45 @@
+import { plainToInstance } from 'class-transformer'
+import { IsString, validateOrReject } from 'class-validator'
+
+import { AgentContext } from '../../../../../agent/context'
+import { CredoError } from '../../../../../error'
+import { IsUri } from '../../../../../utils/validators'
+
+export interface W3cCredentialStatusOptions {
+  id: string
+  type: string
+}
+
+export class W3cCredentialStatus {
+  public constructor(options: W3cCredentialStatusOptions) {
+    if (options) {
+      this.id = options.id
+      this.type = options.type
+    }
+  }
+
+  @IsUri()
+  @IsString()
+  public id!: string
+
+  @IsString()
+  public type!: string
+}
+
+// Function to validate the status using the updated method
+export const validateStatus = async (
+  status: W3cCredentialStatus | W3cCredentialStatus[],
+  agentContext: AgentContext
+): Promise<boolean> => {
+  const entry = plainToInstance(W3cCredentialStatus, status)
+
+  try {
+    await validateOrReject(entry)
+    return true
+  } catch (errors) {
+    agentContext.config.logger.debug(`Credential status validation failed: ${errors}`, {
+      stack: errors,
+    })
+    throw new CredoError(`Invalid credential status type: ${errors}`)
+  }
+}