Merge remote-tracking branch 'wot/main'

SmithSamuelM · Apr 12, 2024 · c7b9957 · c7b9957
2 parents 18cf918 + 140eeaa
commit c7b9957
Show file tree

Hide file tree

Showing 70 changed files with 338 additions and 114 deletions.
diff --git a/scripts/demo/basic/essr.sh b/scripts/demo/basic/essr.sh
diff --git a/setup.py b/setup.py
@@ -94,7 +94,8 @@
                         'PrettyTable>=3.10.0',
                         'http_sfv>=0.9.9',
                         'cryptography>=42.0.5',
-                        'semver>=3.0.2'
+                        'semver>=3.0.2',
+                        'qrcode>=7.4.2'
     ],
     extras_require={
     },

diff --git a/src/keri/app/agenting.py b/src/keri/app/agenting.py
@@ -39,21 +39,23 @@ def __init__(self, hby, msgs=None, gets=None, cues=None):
 
         super(Receiptor, self).__init__(doers=doers)
 
-    def receipt(self, pre, sn=None):
+    def receipt(self, pre, sn=None, auths=None):
         """ Returns a generator for witness receipting
 
         The returns a generator that will submit the designated event to witnesses for receipts using
-        the synchronous witness API, the propogate the receipts to each of the other witnesses.
+        the synchronous witness API, then propogate the receipts to each of the other witnesses.
 
 
         Parameters:
             pre (str): qualified base64 identifier to gather receipts for
             sn: (Optiona[int]): sequence number of event to gather receipts for, latest is used if not provided
+            auths: (Options[dict]): map of witness AIDs to (time,auth) tuples for providing TOTP auth for witnessing
 
         Returns:
             list: identifiers of witnesses that returned receipts.
 
         """
+        auths = auths if auths is not None else dict()
         if pre not in self.hby.prefixes:
             raise kering.MissingEntryError(f"{pre} not a valid AID")
 
@@ -86,7 +88,11 @@ def receipt(self, pre, sn=None):
 
         rcts = dict()
         for wit, client in clients.items():
-            httping.streamCESRRequests(client=client, dest=wit, ims=bytearray(msg), path="/receipts")
+            headers = dict()
+            if wit in auths:
+                headers["Authorization"] = auths[wit]
+
+            httping.streamCESRRequests(client=client, dest=wit, ims=bytearray(msg), path="receipts", headers=headers)
             while not client.responses:
                 yield self.tock
 
@@ -101,7 +107,7 @@ def receipt(self, pre, sn=None):
                 coring.Counter(qb64b=rct, strip=True)
                 rcts[wit] = rct
             else:
-                logger.error(f"invalid response {rep.status} from witnesses {wit}")
+                print(f"invalid response {rep.status} from witnesses {wit}")
 
         for wit in rcts:
             ewits = [w for w in rcts if w != wit]
@@ -1057,7 +1063,7 @@ def httpClient(hab, wit):
 
     url = urls[kering.Schemes.http] if kering.Schemes.http in urls else urls[kering.Schemes.https]
     up = urlparse(url)
-    client = http.clienting.Client(scheme=up.scheme, hostname=up.hostname, port=up.port)
+    client = http.clienting.Client(scheme=up.scheme, hostname=up.hostname, port=up.port, path=up.path)
     clientDoer = http.clienting.ClientDoer(client=client)
 
     return client, clientDoer

diff --git a/src/keri/app/cli/commands/challenge/respond.py b/src/keri/app/cli/commands/challenge/respond.py
@@ -19,7 +19,7 @@
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
 parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', default=None)
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 parser.add_argument('--words', '-d', help='JSON formatted array of words to sign, \'@\' allowed to load from a file',
                     action="store", required=True)

diff --git a/src/keri/app/cli/commands/challenge/verify.py b/src/keri/app/cli/commands/challenge/verify.py
@@ -28,7 +28,7 @@
                     default=None)
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 
 parser.add_argument('--words', '-d', help='JSON formatted array of words to verfiy, \'@\' allowed to load from a file',

diff --git a/src/keri/app/cli/commands/clean.py b/src/keri/app/cli/commands/clean.py
@@ -36,7 +36,7 @@ def handler(args):
 
 # Parameters for Manager creation
 # passcode => bran
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)
 
 

diff --git a/src/keri/app/cli/commands/contacts/list.py b/src/keri/app/cli/commands/contacts/list.py
@@ -23,7 +23,7 @@
 parser.add_argument('--name', '-n', help='keystore name and file location of KERI keystore', required=True)
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 
 

diff --git a/src/keri/app/cli/commands/decrypt.py b/src/keri/app/cli/commands/decrypt.py
@@ -0,0 +1,65 @@
+# -*- encoding: utf-8 -*-
+"""
+keri.kli.commands module
+
+"""
+import argparse
+
+from hio.base import doing
+
+from keri import kering
+from keri.app.cli.common import existing
+from keri.core import indexing, coring, MtrDex
+
+parser = argparse.ArgumentParser(description='Decrypt arbitrary data for AIDs with Ed25519 public keys only')
+parser.set_defaults(handler=lambda args: handler(args))
+parser.add_argument('--name', '-n', help='keystore name and file location of KERI keystore', required=True)
+parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
+                    required=False, default="")
+parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', required=True)
+parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+                    dest="bran", default=None)  # passcode => bran
+parser.add_argument('--data', '-d', help='Encrypted data or file (starts with "@")', required=True)
+
+
+def handler(args):
+    """
+    Verify signatures on arbitrary data
+
+    Args:
+        args(Namespace): arguments object from command line
+    """
+    kwa = dict(args=args)
+    return [doing.doify(decrypt, **kwa)]
+
+
+def decrypt(tymth, tock=0.0, **opts):
+    """ Command line status handler
+
+    """
+    _ = (yield tock)
+    args = opts["args"]
+
+    name = args.name
+    alias = args.alias
+    base = args.base
+    bran = args.bran
+
+    try:
+        with existing.existingHab(name=name, alias=alias, base=base, bran=bran) as (_, hab):
+
+            data = args.data
+            if data.startswith("@"):
+                f = open(data[1:], "r")
+                data = f.read()
+            else:
+                data = data
+
+            m = coring.Matter(qb64=data)
+            d = coring.Matter(qb64=hab.decrypt(m.raw))
+            print(d.raw)
+
+    except kering.ConfigurationError:
+        print(f"prefix for {name} does not exist, incept must be run first", )
+    except FileNotFoundError:
+        print("unable to open file", args.text[1:])
diff --git a/src/keri/app/cli/commands/delegate/confirm.py b/src/keri/app/cli/commands/delegate/confirm.py
@@ -26,7 +26,7 @@
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
 parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', required=True)
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 parser.add_argument("--interact", "-i", help="anchor the delegation approval in an interaction event.  "
                                              "Default is to use a rotation event.", action="store_true")

diff --git a/src/keri/app/cli/commands/delegate/request.py b/src/keri/app/cli/commands/delegate/request.py
@@ -25,7 +25,7 @@
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
 parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', required=True)
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 
 def request(args):

diff --git a/src/keri/app/cli/commands/did/generate.py b/src/keri/app/cli/commands/did/generate.py
@@ -30,7 +30,7 @@
 
 # Parameters for Manager access
 # passcode => bran
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)
 parser.add_argument('--url', '-u', help="generate a DID URL instead of a DID", action="store_true")
 

diff --git a/src/keri/app/cli/commands/ends/add.py b/src/keri/app/cli/commands/ends/add.py
@@ -26,7 +26,7 @@
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
 parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', required=True)
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 parser.add_argument("--role", "-r", help="KERI enpoint authorization role.",
                     required=True)

diff --git a/src/keri/app/cli/commands/ends/export.py b/src/keri/app/cli/commands/ends/export.py
@@ -21,7 +21,7 @@
 parser.add_argument('--name', '-n', help='keystore name and file location of KERI keystore', required=True)
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 
 parser.add_argument("--aid", "-a", help="qualified base64 of AID to export rpy messages for all endpoints.",

diff --git a/src/keri/app/cli/commands/ends/list.py b/src/keri/app/cli/commands/ends/list.py
@@ -24,7 +24,7 @@
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
 parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', required=True)
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 parser.add_argument("--aid", help="qualified base64 of AID to export rpy messages for all endpoints.",
                     required=True)

diff --git a/src/keri/app/cli/commands/escrow.py b/src/keri/app/cli/commands/escrow.py
@@ -24,7 +24,7 @@
 parser.add_argument('--name', '-n', help='keystore name and file location of KERI keystore', required=True)
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 
 parser.add_argument("--escrow", "-e", help="show values for one specific escrow", default=None)

diff --git a/src/keri/app/cli/commands/export.py b/src/keri/app/cli/commands/export.py
@@ -15,15 +15,15 @@
 
 logger = help.ogler.getLogger()
 
-parser = argparse.ArgumentParser(description='List credentials and check mailboxes for any newly issued credentials')
+parser = argparse.ArgumentParser(description='Export key events in CESR stream format')
 parser.set_defaults(handler=lambda args: export(args),
                     transferable=True)
 parser.add_argument('--name', '-n', help='keystore name and file location of KERI keystore', required=True)
 parser.add_argument('--alias', '-a', help='human readable alias for the identifier to whom the credential was issued',
                     required=True)
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 parser.add_argument("--files", help="export artifacts to individual files keyed off of AIDs or SAIDS, default is "
                                     "stdout", action="store_true")

diff --git a/src/keri/app/cli/commands/incept.py b/src/keri/app/cli/commands/incept.py
@@ -29,7 +29,7 @@
 parser.add_argument('--file', '-f', help='Filename to use to create the identifier', default="", required=False)
 
 # Authentication for keystore
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 parser.add_argument('--aeid', help='qualified base64 of non-transferable identifier prefix for  authentication '
                                    'and encryption of secrets in keystore', default=None)

diff --git a/src/keri/app/cli/commands/init.py b/src/keri/app/cli/commands/init.py
@@ -52,7 +52,7 @@ def handler(args):
 
 # Parameters for Manager creation
 # passcode => bran
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)
 parser.add_argument('--nopasscode', help='create an unencrypted keystore', action='store_true')
 parser.add_argument('--aeid', '-a', help='qualified base64 of non-transferable identifier prefix for  authentication '
@@ -86,7 +86,7 @@ def initialize(self, tymth, tock=0.0):
         configDir = args.configDir
 
         if not args.nopasscode and not bran:
-            print("Creating encrypted keystore, please enter your 22 character passcode:")
+            print("Creating encrypted keystore, please enter your 21 character passcode:")
             while True:
                 bran = getpass.getpass("Passcode: ")
                 retry = getpass.getpass("Re-enter passcode: ")

diff --git a/src/keri/app/cli/commands/interact.py b/src/keri/app/cli/commands/interact.py
@@ -5,11 +5,11 @@
 """
 import argparse
 import json
-from ordered_set import OrderedSet as oset
 
 from hio.base import doing
 
 from keri import kering
+from keri.help import helping
 from ..common import existing
 from ... import habbing, agenting, indirecting
 
@@ -19,9 +19,13 @@
 parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
                     required=False, default="")
 parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', required=True)
-parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
                     dest="bran", default=None)  # passcode => bran
 parser.add_argument('--data', '-d', help='Anchor data, \'@\' allowed', default=None, action="store", required=False)
+parser.add_argument("--receipt-endpoint", help="Attempt to connect to witness receipt endpoint for witness receipts.",
+                    dest="endpoint", action='store_true')
+parser.add_argument("--authenticate", '-z', help="Prompt the controller for authentication codes for each witness",
+                    action='store_true')
 
 
 def interact(args):
@@ -52,7 +56,8 @@ def interact(args):
     else:
         data = None
 
-    ixnDoer = InteractDoer(name=name, base=base, alias=alias, bran=bran, data=data)
+    ixnDoer = InteractDoer(name=name, base=base, alias=alias, bran=bran, data=data, authenticate=args.authenticate,
+                           endpoint=args.endpoint)
 
     return [ixnDoer]
 
@@ -63,7 +68,7 @@ class InteractDoer(doing.DoDoer):
     to all appropriate witnesses
     """
 
-    def __init__(self, name, base, bran, alias, data: list = None):
+    def __init__(self, name, base, bran, alias, data: list = None, endpoint=False, authenticate=False):
         """
         Returns DoDoer with all registered Doers needed to perform interaction event.
 
@@ -75,6 +80,8 @@ def __init__(self, name, base, bran, alias, data: list = None):
 
         self.alias = alias
         self.data = data
+        self.endpoint = endpoint
+        self.authenticate = authenticate
 
         self.hby = existing.setupHby(name=name, base=base, bran=bran)
         self.hbyDoer = habbing.HaberyDoer(habery=self.hby)  # setup doer
@@ -96,20 +103,36 @@ def interactDo(self, tymth, tock=0.0, **opts):
         hab = self.hby.habByName(name=self.alias)
         hab.interact(data=self.data)
 
-        witDoer = agenting.WitnessReceiptor(hby=self.hby)
-        self.extend(doers=[witDoer])
+        if self.endpoint or self.authenticate:
+            receiptor = agenting.Receiptor(hby=self.hby)
+            self.extend([receiptor])
 
-        if hab.kever.wits:
-            witDoer.msgs.append(dict(pre=hab.pre))
-            while not witDoer.cues:
-                _ = yield self.tock
+            auths = {}
+            if self.authenticate:
+                for wit in hab.kever.wits:
+                    code = input(f"Entire code for {wit}: ")
+                    auths[wit] = f"{code}#{helping.nowIso8601()}"
+            yield from receiptor.receipt(hab.pre, sn=hab.kever.sn, auths=auths)
+            self.remove([receiptor])
+
+        else:
+
+            witDoer = agenting.WitnessReceiptor(hby=self.hby)
+            self.extend(doers=[witDoer])
+
+            if hab.kever.wits:
+                witDoer.msgs.append(dict(pre=hab.pre))
+                while not witDoer.cues:
+                    _ = yield self.tock
+
+            self.remove([witDoer])
 
         print(f'Prefix  {hab.pre}')
         print(f'New Sequence No.  {hab.kever.sn}')
         for idx, verfer in enumerate(hab.kever.verfers):
-            print(f'\tPublic key {idx+1}:  {verfer.qb64}')
+            print(f'\tPublic key {idx + 1}:  {verfer.qb64}')
 
-        toRemove = [self.hbyDoer, witDoer, self.mbx]
+        toRemove = [self.hbyDoer, self.mbx]
         self.remove(toRemove)
 
         return