## Scenario: A Token Issuer maintains a Token Status List at the Status List Server

In [1]:
from helpers import fixtures, utils
from helpers.utils import tc
import requests
import uuid
import jwt

### Configure the base URL of the Status List Server

In [2]:
BASE_URL = utils.get_base_url()
print(f"Using base URL: {BASE_URL}")

Using base URL: http://localhost:8000


### Test the Health Check Endpoint (GET /)

In [3]:
health_endpoint = f"{BASE_URL}/"
print(f"Testing GET: {health_endpoint}")

response = requests.get(health_endpoint)
tc.assertEqual(response.status_code, 200, "Health check failed")

print("Health check successful! Server is running.")

Testing GET: http://localhost:8000/
Health check successful! Server is running.


### Publish credentials to register as an Issuer (POST /credentials)

In [4]:
issuer_data = fixtures.get_gondwana_digital_pole_issuer()
print("Proceeding with Issuer:", issuer_data.get('label'))

credentials_endpoint = f"{BASE_URL}/credentials"
print(f"Testing POST: {credentials_endpoint}")

payload = {
  "issuer": issuer_data.get('label'),
  "public_key": issuer_data.get('keypair').get('public_key'),
  "alg": issuer_data.get('keypair').get('alg')
}

response = requests.post(credentials_endpoint, json=payload)
tc.assertEqual(response.status_code, 202, "Failed to publish credentials")
print("Credentials published successfully!")

Proceeding with Issuer: gondwana-digital-pole-0h0bx
Testing POST: http://localhost:8000/credentials
Credentials published successfully!


In [5]:
# It should not be possible to replay the request to publish credentials for the same issuer.
response = requests.post(credentials_endpoint, json=payload)
tc.assertEqual(response.status_code, 500)

### Publish token statuses to a status list (POST /statuslists/publish)

In [6]:
status_publish_endpoint = f"{BASE_URL}/statuslists/publish"
print(f"Testing POST: {status_publish_endpoint}")

# Issuers are responsible of the ID of the status list they manage
status_list_id = str(uuid.uuid4())
print("Publishing status list:", status_list_id)

response = requests.post(status_publish_endpoint, json={
    "list_id": status_list_id,
    "bits": 2,
    "updates": [
        {"index": 1, "status": "VALID"},
        {"index": 8, "status": "INVALID"}
    ]
})

tc.assertEqual(response.status_code, 201, "Failed to publish token statuses")
print("Token statuses published successfully!")

Testing POST: http://localhost:8000/statuslists/publish
Publishing status list: a56fce00-36bd-4c54-a9b4-8ac0056362de
Token statuses published successfully!


In [7]:
# Unfortunately, there is currently no means to update status lists
# Attempting to publish again under the same status list ID results in a 409 error.

response = requests.post(status_publish_endpoint, json={
    "list_id": status_list_id,
    "bits": 2,
    "updates": [
        {"index": 1, "status": "VALID"},
        {"index": 8, "status": "INVALID"}
    ]
})

tc.assertEqual(response.status_code, 409)

### A Relying Party retrieves published status lists (GET /statuslists/{status_list_id})

In [8]:
# application/statuslist+jwt

status_retrieve_endpoint = f"{BASE_URL}/statuslists/{status_list_id}"
print(f"Testing GET: {status_retrieve_endpoint}")

headers = {'Accept': 'application/statuslist+jwt'}
response = requests.get(status_retrieve_endpoint, headers=headers)
tc.assertEqual(response.status_code, 200, "Failed to retrieve status list")

print("Retrieved status list successfully:", end=" ")
jwt_token = response.text
print(jwt_token)

# validate JWT

header = jwt.get_unverified_header(jwt_token)
payload = jwt.decode(jwt_token, options={"verify_signature": False})

tc.assertEqual('statuslist+jwt', header.get('typ'))
tc.assertEqual({'bits': 2, 'lst': 'eNpjYGAEAAAEAAI'}, payload.get('status_list'))

lst = payload.get('status_list').get('lst')
tc.assertEqual(bytes([0x00, 0x00, 0x01]), utils.decode_and_decompress(lst))

Testing GET: http://localhost:8000/statuslists/a56fce00-36bd-4c54-a9b4-8ac0056362de
Retrieved status list successfully: eyJ0eXAiOiJzdGF0dXNsaXN0K2p3dCIsImFsZyI6IkVTMjU2In0.eyJleHAiOm51bGwsImlhdCI6MTc0NjQ0NjM3OSwic3RhdHVzX2xpc3QiOnsiYml0cyI6MiwibHN0IjoiZU5wallHQUVBQUFFQUFJIn0sInN1YiI6IiIsInR0bCI6NDMyMDB9.u73oOLUOu-6TeDcvu8ZhuSJrURFc55KYypR58XyC1U8qS_YsvYacEBScRTukThKvqJPtA0p_flPWzTbxYwh2Tg


In [9]:
# application/statuslist+cwt

headers = {'Accept': 'application/statuslist+cwt'}
response = requests.get(status_retrieve_endpoint, headers=headers)
tc.assertEqual(response.status_code, 200, "Failed to retrieve status list")
tc.assertTrue(utils.is_valid_cwt(response.content))

print("Retrieved status list successfully")

Retrieved status list successfully
