feat: implemented cwt status list

package.json

@@ -30,7 +30,8 @@
     "changeset-version": "pnpm changeset version && pnpm style:fix"
   },
   "dependencies": {
-    "buffer": "^6.0.3"
+    "buffer": "^6.0.3",
+    "pako": "^2.1.0"
   },
   "devDependencies": {
     "@biomejs/biome": "^1.9.4",
@@ -40,6 +41,7 @@
     "@panva/hkdf": "^1.2.1",
     "@peculiar/x509": "^1.12.3",
     "@types/node": "^20.14.11",
+    "@types/pako": "^2.0.3",
     "jose": "^5.9.3",
     "tsup": "^8.3.5",
     "typescript": "^5.6.3",

src/cose/index.ts

@@ -3,3 +3,4 @@ export * from './mac0'
 export * from './sign1'
 export * from './error'
 export * from './key'
+export * from './type'

src/cose/type.ts

@@ -0,0 +1,24 @@
+export enum CoseStructureType {
+  Sign = 'sign',
+  Sign1 = 'sign1',
+  Encrypt = 'encrypt',
+  Encrypt0 = 'encrypt0',
+  Mac = 'mac',
+  Mac0 = 'mac0',
+}
+export enum CoseStructureTag {
+  Sign = 98,
+  Sign1 = 18,
+  Encrypt = 96,
+  Encrypt0 = 16,
+  Mac = 97,
+  Mac0 = 17,
+}
+export const CoseTypeToTag: Record<CoseStructureType, CoseStructureTag> = {
+  [CoseStructureType.Sign]: CoseStructureTag.Sign,
+  [CoseStructureType.Sign1]: CoseStructureTag.Sign1,
+  [CoseStructureType.Encrypt]: CoseStructureTag.Encrypt,
+  [CoseStructureType.Encrypt0]: CoseStructureTag.Encrypt0,
+  [CoseStructureType.Mac]: CoseStructureTag.Mac,
+  [CoseStructureType.Mac0]: CoseStructureTag.Mac0,
+}

src/credential-status/error.ts

@@ -0,0 +1,9 @@
+// biome-ignore format:
+class StatusListError extends Error { constructor(message: string = new.target.name) { super(message) } }
+
+export class InvalidStatusListFormatError extends StatusListError {}
+export class InvalidStatusListBitsError extends StatusListError {
+  constructor(bits: number, allowedBits: readonly number[]) {
+    super(`Invalid bits per entry: ${bits}. Allowed values are ${allowedBits.join(', ')}.`)
+  }
+}

src/credential-status/index.ts

@@ -0,0 +1,3 @@
+export * from './status-array'
+export * from './status-list'
+export * from './status-token'

src/credential-status/status-array.ts

@@ -0,0 +1,56 @@
+import * as zlib from 'pako'
+
+const arraySize = 1024
+export const allowedBitsPerEntry = [1, 2, 4, 8] as const
+export type AllowedBitsPerEntry = (typeof allowedBitsPerEntry)[number]
+
+export class StatusArray {
+  private readonly _bitsPerEntry: AllowedBitsPerEntry
+  private readonly statusBitMask: number
+  private readonly data: Uint8Array
+
+  constructor(bitsPerEntry: AllowedBitsPerEntry, byteArr?: Uint8Array) {
+    if (!allowedBitsPerEntry.includes(bitsPerEntry)) {
+      throw new Error(`Only bits ${allowedBitsPerEntry.join(', ')} per entry are allowed.`)
+    }
+
+    this._bitsPerEntry = bitsPerEntry
+    this.statusBitMask = (1 << bitsPerEntry) - 1
+    this.data = byteArr ? byteArr : new Uint8Array(arraySize)
+  }
+
+  private computeByteAndOffset(index: number): { byteIndex: number; bitOffset: number } {
+    const byteIndex = Math.floor((index * this._bitsPerEntry) / 8)
+    const bitOffset = (index * this._bitsPerEntry) % 8
+
+    return { byteIndex, bitOffset }
+  }
+
+  get bitsPerEntry(): AllowedBitsPerEntry {
+    return this._bitsPerEntry
+  }
+
+  set(index: number, status: number): void {
+    if (status < 0 || status > this.statusBitMask) {
+      throw new Error(`Invalid status: ${status}. Must be between 0 and ${this.statusBitMask}.`)
+    }
+
+    const { byteIndex, bitOffset } = this.computeByteAndOffset(index)
+
+    // Clear current bits
+    this.data[byteIndex] &= ~(this.statusBitMask << bitOffset)
+
+    // Set new status bits
+    this.data[byteIndex] |= (status & this.statusBitMask) << bitOffset
+  }
+
+  get(index: number): number {
+    const { byteIndex, bitOffset } = this.computeByteAndOffset(index)
+
+    return (this.data[byteIndex] >> bitOffset) & this.statusBitMask
+  }
+
+  compress(): Uint8Array {
+    return zlib.deflate(this.data)
+  }
+}

src/credential-status/status-list.ts

@@ -0,0 +1,56 @@
+import * as zlib from 'pako'
+import { cborDecode, cborEncode } from '../cbor'
+import { InvalidStatusListBitsError, InvalidStatusListFormatError } from './error'
+import { type AllowedBitsPerEntry, StatusArray, allowedBitsPerEntry } from './status-array'
+
+export interface CborStatusListOptions {
+  statusArray: StatusArray
+  aggregationUri?: string
+}
+
+export interface CborStatusList {
+  bits: AllowedBitsPerEntry
+  lst: Uint8Array
+  aggregation_uri?: string
+}
+
+export class StatusList {
+  static buildCborStatusList(options: CborStatusListOptions): Uint8Array {
+    const compressed = options.statusArray.compress()
+
+    const statusList: CborStatusList = {
+      bits: options.statusArray.bitsPerEntry,
+      lst: compressed,
+    }
+
+    if (options.aggregationUri) {
+      statusList.aggregation_uri = options.aggregationUri
+    }
+    return cborEncode(statusList)
+  }
+
+  static verifyStatus(cborStatusList: Uint8Array, index: number, expectedStatus: number): boolean {
+    const decoded = cborDecode(cborStatusList)
+    if (!(decoded instanceof Map)) {
+      throw new Error('Decoded CBOR data is not a Map.')
+    }
+
+    const statusList: CborStatusList = {
+      bits: decoded.get('bits') as AllowedBitsPerEntry,
+      lst: decoded.get('lst') as Uint8Array,
+      aggregation_uri: decoded.get('aggregation_uri') as string | undefined,
+    }
+    const { bits, lst } = statusList
+
+    if (!statusList || !lst || !bits) {
+      throw new InvalidStatusListFormatError()
+    }
+    if (!allowedBitsPerEntry.includes(bits)) {
+      throw new InvalidStatusListBitsError(bits, allowedBitsPerEntry)
+    }
+
+    const statusArray = new StatusArray(bits, zlib.inflate(lst))
+    const actualStatus = statusArray.get(index)
+    return actualStatus === expectedStatus
+  }
+}