feat: support for bitstring status list (#97)

* feat: support for bitstring status list

Signed-off-by: Volodymyr Kit <volodymyr.kit.ua@gmail.com>

* feat: check statusSize

Signed-off-by: Volodymyr Kit <volodymyr.kit.ua@gmail.com>

* feat: use proper encoding for BitstringStatusListEntry

Signed-off-by: Volodymyr Kit <volodymyr.kit.ua@gmail.com>

* feat: remove redundant encoding check

Signed-off-by: Volodymyr Kit <volodymyr.kit.ua@gmail.com>

* feat: fix linter issues

Signed-off-by: Volodymyr Kit <volodymyr.kit.ua@gmail.com>

* feat: improve naming

Signed-off-by: Volodymyr Kit <volodymyr.kit.ua@gmail.com>

---------

Signed-off-by: Volodymyr Kit <volodymyr.kit.ua@gmail.com>

Author: justakit

go.sum

@@ -129,8 +129,6 @@ github.com/tidwall/sjson v1.1.4 h1:bTSsPLdAYF5QNLSwYsKfBKKTnlGbIuhqL3CpRsjzGhg=
 github.com/tidwall/sjson v1.1.4/go.mod h1:wXpKXu8CtDjKAZ+3DrKY5ROCorDFahq8l0tey/Lx1fg=
 github.com/trustbloc/bbs-signature-go v1.0.2 h1:gepEsbLiZHv/vva9FKG5gF38mGtOIyGez7desZxiI1o=
 github.com/trustbloc/bbs-signature-go v1.0.2/go.mod h1:xYotcXHAbcE0TO+SteW0J6XI3geQaXq4wdnXR2k+XCU=
-github.com/trustbloc/did-go v1.3.3-0.20250110131606-76c309e63d32 h1:aikcb3F09R4RFrayA/syZ/aLOutZn/DsdikQd2UWRh4=
-github.com/trustbloc/did-go v1.3.3-0.20250110131606-76c309e63d32/go.mod h1:bb8zEheJbCXvHGEzMGhbCcpiHEwcCZJ3Qua1G05WC4M=
 github.com/trustbloc/did-go v1.3.3-0.20250110150409-989a7364b77c h1:Gzb0MRUeAiTH+SBfjF0zhWIP5RRo8ozY1hTrXggY4lA=
 github.com/trustbloc/did-go v1.3.3-0.20250110150409-989a7364b77c/go.mod h1:bb8zEheJbCXvHGEzMGhbCcpiHEwcCZJ3Qua1G05WC4M=
 github.com/trustbloc/json-gold v0.5.2-0.20241206130328-d2135d9f36a8 h1:DomzdQu7D3CDBsMijT0E9uQl91iFcsIfYq1UKXmI/XQ=

status/api/api.go

@@ -17,6 +17,7 @@ type Validator interface {
 	GetStatusVCURI(vcStatus *verifiable.TypedID) (string, error)
 	GetStatusListIndex(vcStatus *verifiable.TypedID) (int, error)
 	GetStatusPurpose(vcStatus *verifiable.TypedID) (string, error)
+	MultiBaseEncoding() bool
 }
 
 // ValidatorGetter provides the matching Validator for a given credential status type.

status/internal/bitstring/bitstring.go

@@ -13,6 +13,9 @@ import (
 	"compress/gzip"
 	"encoding/base64"
 	"errors"
+	"fmt"
+
+	"github.com/multiformats/go-multibase"
 )
 
 const (
@@ -21,10 +24,27 @@ const (
 )
 
 // Decode decodes a compressed bitstring from a base64URL-encoded string.
-func Decode(src string) ([]byte, error) {
-	decodedBits, err := base64.RawURLEncoding.DecodeString(src)
-	if err != nil {
-		return nil, err
+func Decode(src string, opts ...Opt) ([]byte, error) {
+	options := &options{}
+
+	for _, opt := range opts {
+		opt(options)
+	}
+
+	var decodedBits []byte
+
+	var err error
+
+	if options.multiBaseEncoding {
+		_, decodedBits, err = multibase.Decode(src)
+		if err != nil {
+			return nil, fmt.Errorf("decode: %w", err)
+		}
+	} else {
+		decodedBits, err = base64.RawURLEncoding.DecodeString(src)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	b := bytes.NewReader(decodedBits)
@@ -71,3 +91,16 @@ func Encode(bitString []byte) (string, error) {
 
 	return base64.RawURLEncoding.EncodeToString(buf.Bytes()), nil
 }
+
+type Opt func(*options)
+
+type options struct {
+	multiBaseEncoding bool
+}
+
+// WithMultiBaseEncoding sets support of multiBase encoding.
+func WithMultiBaseEncoding(multiBaseEncoding bool) Opt {
+	return func(options *options) {
+		options.multiBaseEncoding = multiBaseEncoding
+	}
+}

status/status.go

@@ -98,7 +98,7 @@ func (c *Client) verifyStatus( //nolint:gocyclo,funlen
 		return errors.New("encodedList must be a string")
 	}
 
-	bitString, err := bitstring.Decode(encodedList)
+	bitString, err := bitstring.Decode(encodedList, bitstring.WithMultiBaseEncoding(validator.MultiBaseEncoding()))
 	if err != nil {
 		return fmt.Errorf("failed to decode bits: %w", err)
 	}

status/status_test.go

@@ -349,6 +349,10 @@ func (m *mockValidator) GetStatusPurpose(vcStatus *verifiable.TypedID) (string,
 	return m.GetStatusPurposeVal, m.GetStatusPurposeErr
 }
 
+func (v *mockValidator) MultiBaseEncoding() bool {
+	return false
+}
+
 type mockResolver struct {
 	Cred *verifiable.Credential
 	Err  error

status/validator/bitstringstatus/bitstringstatus.go

@@ -0,0 +1,155 @@
+/*
+Copyright Avast Software. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+// Package bitstringstatus handles client-side validation and parsing for
+// Credential Status fields of type BitstringStatusList, as per spec: https://www.w3.org/TR/vc-bitstring-status-list/
+package bitstringstatus
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+
+	"github.com/trustbloc/vc-go/verifiable"
+)
+
+const (
+	// BitstringStatusListType represents the implementation of Bitstring Status List.
+	//  VC.Status.Type
+	// 	Doc: https://www.w3.org/TR/vc-bitstring-status-list/#bitstringstatuslistentry
+	BitstringStatusListType = "BitstringStatusListEntry"
+
+	// StatusListCredential stores the link to the status list VC.
+	//  VC.Status.CustomFields key.
+	StatusListCredential = "statusListCredential"
+
+	// StatusListIndex identifies the bit position of the status value of the VC.
+	//  VC.Status.CustomFields key.
+	StatusListIndex = "statusListIndex"
+
+	// StatusPurpose for BitstringStatusList.
+	//  VC.Status.CustomFields key. Only "revocation" value is supported.
+	// TODO: check if it's really only 'revocation'. Spec allows: refresh, revocation, suspension, message.
+	StatusPurpose = "statusPurpose"
+	// StatusSize indicates the size of the status entry in bits.
+	StatusSize = "statusSize"
+	// StatusMessage represents custom descriptive messages about the status of the verifiable credential.
+	StatusMessage = "statusMessage"
+)
+
+// Validator validates a Verifiable Credential's Status field against the BitstringStatusList specification, and
+// returns fields for status verification.
+//
+// Implements spec: https://www.w3.org/TR/vc-bitstring-status-list/#bitstringstatuslistentry
+type Validator struct{}
+
+// ValidateStatus validates that a Verifiable Credential's Status field matches the BitstringStatusList specification.
+func (v *Validator) ValidateStatus(vcStatus *verifiable.TypedID) error {
+	if vcStatus == nil {
+		return errors.New("vc status does not exist")
+	}
+
+	if vcStatus.Type != BitstringStatusListType {
+		return fmt.Errorf("vc status %s not supported", vcStatus.Type)
+	}
+
+	for _, field := range []string{StatusListCredential, StatusListIndex, StatusPurpose} {
+		if err := isMissingField(vcStatus, field); err != nil {
+			return err
+		}
+	}
+
+	err := checkStatusSize(vcStatus)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func isMissingField(vcStatus *verifiable.TypedID, field string) error {
+	if vcStatus.CustomFields[field] == nil {
+		return fmt.Errorf("%s field does not exist in vc status", field)
+	}
+
+	return nil
+}
+
+func checkStatusSize(vcStatus *verifiable.TypedID) error {
+	statusSizeRaw := vcStatus.CustomFields[StatusSize]
+	if statusSizeRaw == nil {
+		return nil
+	}
+
+	statusSizeF, ok := statusSizeRaw.(float64)
+	if !ok {
+		return errors.New("statusSize must be an integer")
+	}
+
+	statusSize := int(statusSizeF)
+
+	if statusSize <= 0 {
+		return fmt.Errorf("statusSize must be greater than 0, but got %d", statusSize)
+	}
+
+	if statusSize == 1 {
+		return nil
+	}
+
+	possibleStatusSizes := 1<<statusSize - 1
+
+	statusMessages, ok := vcStatus.CustomFields[StatusMessage].([]any)
+	if !ok {
+		return fmt.Errorf("%s must be an array", StatusMessage)
+	}
+
+	if len(statusMessages) != possibleStatusSizes {
+		return fmt.Errorf("the length of %s must be equal to %d", StatusMessage, possibleStatusSizes)
+	}
+
+	return nil
+}
+
+// GetStatusVCURI returns the ID (URL) of status VC.
+func (v *Validator) GetStatusVCURI(vcStatus *verifiable.TypedID) (string, error) {
+	statusListVC, ok := vcStatus.CustomFields[StatusListCredential].(string)
+	if !ok {
+		return "", errors.New("failed to cast URI of statusListCredential")
+	}
+
+	return statusListVC, nil
+}
+
+// GetStatusListIndex returns the bit position of the status value of the VC.
+func (v *Validator) GetStatusListIndex(vcStatus *verifiable.TypedID) (int, error) {
+	statusListIndex, ok := vcStatus.CustomFields[StatusListIndex].(string)
+	if !ok {
+		return -1, fmt.Errorf("%s must be a string", StatusListIndex)
+	}
+
+	idx, err := strconv.Atoi(statusListIndex)
+	if err != nil {
+		return -1, fmt.Errorf("unable to get statusListIndex: %w", err)
+	}
+
+	return idx, nil
+}
+
+// GetStatusPurpose returns the purpose of the status list. For example, "revocation", "suspension".
+func (v *Validator) GetStatusPurpose(vcStatus *verifiable.TypedID) (string, error) {
+	statusPurpose, ok := vcStatus.CustomFields[StatusPurpose].(string)
+	if !ok {
+		return "", fmt.Errorf("%s must be a string", StatusPurpose)
+	}
+
+	return statusPurpose, nil
+}
+
+// MultiBaseEncoding indicates that status uses MultiBase encoding.
+// See https://www.w3.org/TR/cid-1.0/#multibase-0 for more details.
+func (v *Validator) MultiBaseEncoding() bool {
+	return true
+}

status/validator/statuslist2021/statuslist2021.go

@@ -102,3 +102,8 @@ func (v *Validator) GetStatusPurpose(vcStatus *verifiable.TypedID) (string, erro
 
 	return statusPurpose, nil
 }
+
+// MultiBaseEncoding indicates that status uses MultiBase encoding.
+func (v *Validator) MultiBaseEncoding() bool {
+	return false
+}

status/validator/validator.go

@@ -12,6 +12,7 @@ import (
 	"fmt"
 
 	"github.com/trustbloc/vc-go/status/api"
+	"github.com/trustbloc/vc-go/status/validator/bitstringstatus"
 	"github.com/trustbloc/vc-go/status/validator/statuslist2021"
 )
 
@@ -20,6 +21,8 @@ func GetValidator(statusType string) (api.Validator, error) { //nolint:ireturn
 	switch statusType {
 	case statuslist2021.StatusList2021Type:
 		return &statuslist2021.Validator{}, nil
+	case bitstringstatus.BitstringStatusListType:
+		return &bitstringstatus.Validator{}, nil
 	default:
 		return nil, fmt.Errorf("unsupported VCStatusListType %s", statusType)
 	}