fix: status list credential issuer did (#357)

service-matrix.properties

@@ -14,3 +14,6 @@ id.walt.signatory.Signatory=id.walt.signatory.WaltIdSignatory:config/signatory.c
 id.walt.custodian.Custodian=id.walt.custodian.WaltIdCustodian
 id.walt.auditor.Auditor=id.walt.auditor.WaltIdAuditor
 id.walt.services.ecosystems.gaiax.GaiaxService=id.walt.services.ecosystems.gaiax.WaltIdGaiaxService
+id.walt.signatory.revocation.statuslist2021.storage.StatusListCredentialStorageService=id.walt.signatory.revocation.statuslist2021.storage.WaltIdStatusListCredentialStorageService
+id.walt.signatory.revocation.statuslist2021.index.IndexingStrategy=id.walt.signatory.revocation.statuslist2021.index.IncrementalIndexingStrategy
+id.walt.signatory.revocation.statuslist2021.index.StatusListIndexService=id.walt.signatory.revocation.statuslist2021.index.WaltIdStatusListIndexService

src/main/kotlin/id/walt/auditor/policies/CredentialPropertyVerificationPolicies.kt

@@ -8,7 +8,7 @@ import id.walt.credentials.w3c.VerifiableCredential
 import id.walt.credentials.w3c.VerifiablePresentation
 import id.walt.model.credential.status.CredentialStatus
 import id.walt.signatory.revocation.CredentialStatusCredential
-import id.walt.signatory.revocation.RevocationClientService
+import id.walt.signatory.revocation.CredentialStatusClientService
 import id.walt.signatory.revocation.RevocationStatus
 import id.walt.signatory.revocation.TokenRevocationStatus
 import java.text.SimpleDateFormat
@@ -53,7 +53,7 @@ class CredentialStatusPolicy : SimpleVerificationPolicy() {
     override fun doVerify(vc: VerifiableCredential): VerificationPolicyResult {
         val maybeCredentialStatus = Klaxon().parse<CredentialStatusCredential>(vc.toJson())!!.credentialStatus
         return maybeCredentialStatus?.let { cs -> runCatching {
-                RevocationClientService.check(vc).let {
+                CredentialStatusClientService.check(vc).let {
                     if (!it.isRevoked) VerificationPolicyResult.success()
                     else failResult(it, cs)
                 }

src/main/kotlin/id/walt/cli/VcCommand.kt

@@ -32,7 +32,7 @@ import id.walt.signatory.ProofConfig
 import id.walt.signatory.ProofType
 import id.walt.signatory.Signatory
 import id.walt.signatory.dataproviders.CLIDataProvider
-import id.walt.signatory.revocation.RevocationClientService
+import id.walt.signatory.revocation.CredentialStatusClientService
 import io.ktor.util.date.*
 import io.ktor.util.reflect.*
 import mu.KotlinLogging
@@ -561,7 +561,7 @@ class VcRevocationCheckCommand : CliktCommand(
     override fun run() = vcFile.takeIf { it.exists() }?.run {
         println("Checking revocation status for credential stored at: ${vcFile.absolutePath}")
         runWithErrorHandling(
-            runner = { RevocationClientService.check(this.readText().toVerifiableCredential()) },
+            runner = { CredentialStatusClientService.check(this.readText().toVerifiableCredential()) },
             onSuccess = {
                 println("Revocation status:")
                 println(Klaxon().toJsonString(it).prettyPrint())
@@ -577,7 +577,7 @@ class VcRevocationRevokeCommand: CliktCommand(
     override fun run() = vcFile.takeIf { it.exists() }?.run {
         println("Revoking credential stored at: ${vcFile.absolutePath}")
         runWithErrorHandling(
-            runner = { RevocationClientService.revoke(this.readText().toVerifiableCredential()) },
+            runner = { CredentialStatusClientService.revoke(this.readText().toVerifiableCredential()) },
             onSuccess = {
                 println("Revocation result:")
                 println(Klaxon().toJsonString(it).prettyPrint())

src/main/kotlin/id/walt/common/CommonUtils.kt

@@ -88,7 +88,10 @@ fun buildRawBitString(bitSet: BitSet): ByteArray{
     return builder.toString().toByteArray()
 }
 
-fun createEncodedBitString(bitSet: BitSet): ByteArray = Base64.getEncoder().encode(compressGzip(buildRawBitString(bitSet)))
+fun createEncodedBitString(bitSet: BitSet = BitSet(16 * 1024 * 8)): ByteArray =
+    Base64.getEncoder().encode(compressGzip(buildRawBitString(bitSet)))
+
+fun decodeBitSet(bitString: String): BitSet = uncompressGzip(Base64.getDecoder().decode(bitString)).toBitSet(16 * 1024 * 8)
 
 fun createBaseToken() = UUID.randomUUID().toString() + UUID.randomUUID().toString()
 fun deriveRevocationToken(baseToken: String): String = Base32.toBase32String(DigestUtils.sha256(baseToken)).replace("=", "")

src/main/kotlin/id/walt/credentials/w3c/builder/W3CCredentialBuilder.kt

@@ -7,12 +7,9 @@ import id.walt.model.credential.status.CredentialStatus
 import id.walt.signatory.ProofConfig
 import id.walt.signatory.Signatory
 import id.walt.signatory.SignatoryConfig
-import id.walt.signatory.revocation.SimpleCredentialStatusFactory
+import id.walt.signatory.revocation.CredentialStatusFactory
 import id.walt.signatory.revocation.SimpleStatusFactoryParameter
-import id.walt.signatory.revocation.StatusListEntryFactory
 import id.walt.signatory.revocation.StatusListEntryFactoryParameter
-import id.walt.signatory.revocation.statuslist2021.StatusListCredentialStorageService
-import id.walt.signatory.revocation.statuslist2021.StatusListIndexService
 import io.ktor.http.*
 import kotlinx.serialization.json.JsonElement
 import kotlinx.serialization.json.JsonObject
@@ -24,34 +21,35 @@ import java.time.format.DateTimeFormatterBuilder
 class W3CCredentialBuilderWithCredentialStatus<C : VerifiableCredential, B : AbstractW3CCredentialBuilder<C, B>>(
     private val builder: AbstractW3CCredentialBuilder<C, B>,
     private val proofConfig: ProofConfig,
-):AbstractW3CCredentialBuilder<VerifiableCredential, W3CCredentialBuilder>(builder.type, VerifiableCredential){
+) : AbstractW3CCredentialBuilder<VerifiableCredential, W3CCredentialBuilder>(builder.type, VerifiableCredential) {
 
-    private val statusListEntryFactory = StatusListEntryFactory(
-        StatusListIndexService.getService(),
-        StatusListCredentialStorageService.getService(),
-    )
-    private val simpleStatusFactory = SimpleCredentialStatusFactory()
     private val signatoryConfig = Signatory.getService().configuration as? SignatoryConfig
 
     override fun build(): C = builder.apply {
         getStatusProperty(
+            issuer = proofConfig.issuerDid,
             type = proofConfig.statusType!!,
             purpose = proofConfig.statusPurpose,
-            credentialUrl = proofConfig.credentialsEndpoint ?: signatoryConfig?.proofConfig?.credentialsEndpoint ?: ""
+            credentialUrl = proofConfig.credentialsEndpoint ?: signatoryConfig?.proofConfig?.credentialsEndpoint
+            ?: proofConfig.statusPurpose
         )?.let { this.setProperty("credentialStatus", it) }
     }.build()
 
-    private fun getStatusProperty(type: CredentialStatus.Types, purpose: String, credentialUrl: String) = when (type) {
-        CredentialStatus.Types.SimpleCredentialStatus2022 -> simpleStatusFactory.create(SimpleStatusFactoryParameter(
-            id = URLBuilder().takeFrom(credentialUrl).appendPathSegments("token", createBaseToken()).buildString(),
-        )).asMap()
-        CredentialStatus.Types.StatusList2021Entry -> statusListEntryFactory.create(StatusListEntryFactoryParameter(
-            purpose = purpose,
-            credentialUrl = URLBuilder().takeFrom(credentialUrl).appendPathSegments("status", purpose).buildString(),
-        )).asMap()
-    }.takeIf {
-        it.isNotEmpty()
-    }
+    private fun getStatusProperty(issuer: String, type: CredentialStatus.Types, purpose: String, credentialUrl: String) =
+        when (type) {
+            CredentialStatus.Types.SimpleCredentialStatus2022 -> SimpleStatusFactoryParameter(
+                id = URLBuilder().takeFrom(credentialUrl).appendPathSegments("token", createBaseToken()).buildString(),
+            )
+            CredentialStatus.Types.StatusList2021Entry -> StatusListEntryFactoryParameter(
+                purpose = purpose,
+                credentialUrl = credentialUrl,
+                issuer = issuer,
+            )
+        }.let {
+            CredentialStatusFactory.create(it).asMap()
+        }.takeIf {
+            it.isNotEmpty()
+        }
 }
 
 class W3CCredentialBuilder(type: List<String> = listOf("VerifiableCredential")) :

src/main/kotlin/id/walt/services/vc/JsonLdCredentialService.kt

@@ -19,7 +19,7 @@ enum class VerificationType {
 @Serializable
 data class VerificationResult(val verified: Boolean, val verificationType: VerificationType)
 
-abstract class JsonLdCredentialService() : WaltIdService() {
+abstract class JsonLdCredentialService : WaltIdService() {
     override val implementation get() = serviceImplementation<JsonLdCredentialService>()
 
     open fun sign(jsonCred: String, config: ProofConfig): String = implementation.sign(jsonCred, config)

src/main/kotlin/id/walt/services/vc/WaltIdJsonLdCredentialService.kt

@@ -31,7 +31,7 @@ import java.util.*
 
 private val log = KotlinLogging.logger {}
 
-open class WaltIdJsonLdCredentialService() : JsonLdCredentialService() {
+open class WaltIdJsonLdCredentialService : JsonLdCredentialService() {
 
     private val keyStore: KeyStoreService get() = ContextManager.keyStore
     private val documentLoaderService: JsonLdDocumentLoaderService get() = JsonLdDocumentLoaderService.getService()

src/main/kotlin/id/walt/signatory/rest/SignatoryController.kt

@@ -12,11 +12,11 @@ import id.walt.signatory.ProofConfig
 import id.walt.signatory.ProofType
 import id.walt.signatory.Signatory
 import id.walt.signatory.dataproviders.MergingDataProvider
-import id.walt.signatory.revocation.RevocationClientService
+import id.walt.signatory.revocation.CredentialStatusClientService
 import id.walt.signatory.revocation.RevocationStatus
 import id.walt.signatory.revocation.TokenRevocationStatus
 import id.walt.signatory.revocation.simplestatus2022.SimpleCredentialStatus2022StorageService
-import id.walt.signatory.revocation.statuslist2021.StatusListCredentialStorageService
+import id.walt.signatory.revocation.statuslist2021.storage.StatusListCredentialStorageService
 import io.javalin.http.BadRequestResponse
 import io.javalin.http.ContentType
 import io.javalin.http.Context
@@ -178,7 +178,7 @@ object SignatoryController {
     }.json<RevocationStatus>("200")
 
     fun checkRevoked(ctx: Context) = runCatching {
-        RevocationClientService.check(ctx.body().toVerifiableCredential())
+        CredentialStatusClientService.check(ctx.body().toVerifiableCredential())
     }.onSuccess {
         ctx.json(it)
     }.onFailure {
@@ -193,7 +193,7 @@ object SignatoryController {
     }.json<String>("201")
 
     fun revoke(ctx: Context) = runCatching {
-        RevocationClientService.revoke(ctx.body().toVerifiableCredential())
+        CredentialStatusClientService.revoke(ctx.body().toVerifiableCredential())
     }.onSuccess {
         ctx.status(if (it.succeed) HttpCode.OK else HttpCode.NOT_FOUND).json(it.message)
     }.onFailure { ctx.status(HttpCode.NOT_FOUND).json(it.localizedMessage) }

src/main/kotlin/id/walt/signatory/revocation/RevocationService.kt → src/main/kotlin/id/walt/signatory/revocation/CredentialStatusClientService.kt

@@ -10,9 +10,10 @@ import id.walt.signatory.revocation.simplestatus2022.SimpleCredentialClientServi
 import id.walt.signatory.revocation.statuslist2021.StatusList2021EntryClientService
 import kotlinx.serialization.Serializable
 
-interface RevocationClientService {
+interface CredentialStatusClientService {
     fun checkRevocation(parameter: RevocationCheckParameter): RevocationStatus
     fun revoke(parameter: RevocationConfig)
+    fun create(parameter: CredentialStatusFactoryParameter): CredentialStatus
 
     companion object {
         fun revoke(vc: VerifiableCredential): RevocationResult =
@@ -39,7 +40,7 @@ interface RevocationClientService {
             is StatusList2021EntryCredentialStatus -> StatusListRevocationCheckParameter(credentialStatus = credentialStatus)
         }
 
-        private fun getClient(credentialStatus: CredentialStatus): RevocationClientService = when (credentialStatus) {
+        private fun getClient(credentialStatus: CredentialStatus): CredentialStatusClientService = when (credentialStatus) {
             is SimpleCredentialStatus2022 -> SimpleCredentialClientService()
             is StatusList2021EntryCredentialStatus -> StatusList2021EntryClientService()
         }

src/main/kotlin/id/walt/signatory/revocation/CredentialStatusFactory.kt

@@ -1,50 +1,16 @@
 package id.walt.signatory.revocation
 
-import id.walt.common.createEncodedBitString
 import id.walt.model.credential.status.CredentialStatus
-import id.walt.model.credential.status.SimpleCredentialStatus2022
-import id.walt.model.credential.status.StatusList2021EntryCredentialStatus
-import id.walt.signatory.revocation.statuslist2021.StatusListCredentialStorageService
-import id.walt.signatory.revocation.statuslist2021.StatusListIndex
-import id.walt.signatory.revocation.statuslist2021.StatusListIndexService
-import java.util.*
+import id.walt.signatory.revocation.simplestatus2022.SimpleCredentialClientService
+import id.walt.signatory.revocation.statuslist2021.StatusList2021EntryClientService
 
-interface CredentialStatusFactory {
-    fun create(parameter: CredentialStatusFactoryParameter): CredentialStatus
-}
-
-class SimpleCredentialStatusFactory : CredentialStatusFactory {
-    override fun create(parameter: CredentialStatusFactoryParameter) = SimpleCredentialStatus2022(
-        id = (parameter as? SimpleStatusFactoryParameter)?.id ?: ""
-    )
-}
-
-class StatusListEntryFactory(
-    private val indexService: StatusListIndexService,
-    private val storageService: StatusListCredentialStorageService,
-) : CredentialStatusFactory {
-    override fun create(parameter: CredentialStatusFactoryParameter) = let {
-        indexService.read() ?: indexService.create()
-    }.let {
-        val statusParameter = parameter as StatusListEntryFactoryParameter
-        // update index
-        indexService.update(StatusListIndex(
-            index = ((it.index.toIntOrNull() ?: 0) + 1).toString()
-        ))
-        // verify status-credential exists and create one
-        storageService.fetch(statusParameter.credentialUrl) ?: run {
-            storageService.store(
-                statusParameter.credentialUrl,
-                statusParameter.purpose,
-                String(createEncodedBitString(BitSet(16 * 1024 * 8)))
-            )
-        }
-        StatusList2021EntryCredentialStatus(
-            id = statusParameter.credentialUrl + "#${it.index}",
-            statusPurpose = statusParameter.purpose,
-            statusListIndex = it.index,
-            statusListCredential = statusParameter.credentialUrl,
-        )
+object CredentialStatusFactory {
+    private val simpleStatus = SimpleCredentialClientService()
+    private val statusList2021 = StatusList2021EntryClientService()
+    fun create(parameter: CredentialStatusFactoryParameter): CredentialStatus = when (parameter) {
+        is SimpleStatusFactoryParameter -> simpleStatus.create(parameter)
+        is StatusListEntryFactoryParameter -> statusList2021.create(parameter)
+        else -> throw IllegalArgumentException("Status type not supported: ${parameter.javaClass.simpleName}")
     }
 }
 
@@ -54,5 +20,6 @@ data class SimpleStatusFactoryParameter(
 ) : CredentialStatusFactoryParameter
 data class StatusListEntryFactoryParameter(
     val credentialUrl: String,
-    val purpose: String
+    val purpose: String,
+    val issuer: String,
 ) : CredentialStatusFactoryParameter

src/main/kotlin/id/walt/signatory/revocation/simplestatus2022/SimpleCredentialClientService.kt

@@ -1,5 +1,7 @@
 package id.walt.signatory.revocation.simplestatus2022
 
+import id.walt.model.credential.status.CredentialStatus
+import id.walt.model.credential.status.SimpleCredentialStatus2022
 import id.walt.services.WaltIdServices
 import id.walt.signatory.revocation.*
 import io.ktor.client.*
@@ -13,7 +15,7 @@ import io.ktor.serialization.kotlinx.json.*
 import kotlinx.coroutines.runBlocking
 import mu.KotlinLogging
 
-class SimpleCredentialClientService: RevocationClientService {
+class SimpleCredentialClientService: CredentialStatusClientService {
 
     private val logger = KotlinLogging.logger("WaltIdRevocationClientService")
     private val credentialStorage = SimpleCredentialStatus2022StorageService
@@ -50,4 +52,8 @@ class SimpleCredentialClientService: RevocationClientService {
         logger.debug { "Revoking at $baseTokenUrl" }
         credentialStorage.revokeToken(baseToken)
     }
+
+    override fun create(parameter: CredentialStatusFactoryParameter): CredentialStatus = SimpleCredentialStatus2022(
+        id = (parameter as? SimpleStatusFactoryParameter)?.id ?: ""
+    )
 }