Skip to content

Commit

Permalink
pass through salts for vc create to facilitate command line multisig (#…
Browse files Browse the repository at this point in the history
…902)

* pass through salts for vc create to facilitate command line multisig

Signed-off-by: Kevin Griffin <[email protected]>

* updates type hints for all

Signed-off-by: Kevin Griffin <[email protected]>

---------

Signed-off-by: Kevin Griffin <[email protected]>
  • Loading branch information
m00sey authored Dec 13, 2024
1 parent ae0ba01 commit b35fee7
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 42 deletions.
21 changes: 17 additions & 4 deletions src/keri/app/cli/commands/vc/create.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import argparse
import json
from typing import Optional

from hio.base import doing

Expand Down Expand Up @@ -35,6 +36,10 @@
parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', required=True)
parser.add_argument("--private", help="flag to indicate if this credential needs privacy preserving features",
action="store_true")
parser.add_argument("--private-credential-nonce", help="nonce for vc",
action="store_true")
parser.add_argument("--private-subject-nonce", help="nonce for subject",
action="store_true")
parser.add_argument('--passcode', '-p', help='21 character encryption passcode for keystore (is not saved)',
dest="bran", default=None) # passcode => bran
parser.add_argument("--time", help="timestamp for the credential creation", required=False, default=None)
Expand Down Expand Up @@ -98,7 +103,10 @@ def issueCredential(args):
rules=rules,
credential=credential,
timestamp=args.time,
private=args.private)
private=args.private,
private_credential_nonce=args.private_credential_nonce,
private_subject_nonce=args.private_subject_nonce,
)

doers = [issueDoer]
return doers
Expand All @@ -111,7 +119,8 @@ class CredentialIssuer(doing.DoDoer):
"""

def __init__(self, name, alias, base, bran, registryName=None, schema=None, edges=None, recipient=None, data=None,
rules=None, credential=None, timestamp=None, private=False):
rules=None, credential=None, timestamp=None, private:bool=False, private_credential_nonce:Optional[str]=None,
private_subject_nonce:Optional[str]=None,):
""" Create DoDoer for issuing a credential and managing the processes needed to complete issuance
Parameters:
Expand All @@ -123,7 +132,9 @@ def __init__(self, name, alias, base, bran, registryName=None, schema=None, edge
data: (dict) credential data dict
credential: (dict) full credential to issue when joining a multisig issuance
out (str): Filename for credential output
private: (bool) privacy preserving
private (bool): apply nonce used for privacy preserving ACDC
private_credential_nonce (Optional[str]): nonce used for privacy vc
private_subject_nonce (Optional[str]): nonce used for subject
"""
self.name = name
Expand Down Expand Up @@ -172,7 +183,9 @@ def __init__(self, name, alias, base, bran, registryName=None, schema=None, edge
source=edges,
rules=rules,
data=data,
private=private)
private=private,
private_credential_nonce=private_credential_nonce,
private_subject_nonce=private_subject_nonce)
else:
self.creder = serdering.SerderACDC(sad=credential) # proving.Creder(ked=credential)
self.credentialer.validate(creder=self.creder)
Expand Down
53 changes: 26 additions & 27 deletions src/keri/vc/proving.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,52 +4,51 @@
"""

from collections.abc import Iterable
from typing import Union

from .. import help
from typing import Optional, Union

from .. import core
from .. import help
from ..core import coring, serdering
from ..core.coring import (Kinds, versify)
from ..db import subing
from ..kering import Version
from ..help import helping
from ..kering import Version

KERI_REGISTRY_TYPE = "KERICredentialRegistry"

logger = help.ogler.getLogger()


def credential(schema,
issuer,
data,
recipient=None,
private=False,
salt=None,
status=None,
source=None,
rules=None,
version=Version,
kind=Kinds.json):
def credential(schema:str,
issuer:str,
data:dict,
recipient:Optional[str]=None,
private:bool=False,
private_credential_nonce:Optional[str]=None,
private_subject_nonce:Optional[str]=None,
status:str=None,
source:Union[dict, list]=None,
rules:Union[dict, list]=None,
version:Version=Version,
kind:Kinds=Kinds.json):
"""Utility function to create an ACDC. Creates dict SAD for credential from
parameters and Saidifyies it before creation.
Parameters:
schema (SAID): of schema for this credential
schema (str): SAID of schema for this credential
issuer (str): qb64 identifier prefix of the issuer
status (str): qb64 said of the credential registry
recipient (Option[str|None]): qb64 identifier prefix of the recipient
data (dict): of the values being assigned to the subject of this credential
recipient (Optional[str]): qb64 identifier prefix of the recipient
private (bool): apply nonce used for privacy preserving ACDC
salt (string): salt for nonce
source (dict | list): of source credentials to which this credential is chained
rules (dict | list): ACDC rules section for credential
private_credential_nonce (Optional[str]): nonce used for privacy vc
private_subject_nonce (Optional[str]): nonce used for subject
status (str): qb64 said of the credential registry
source (Union[dict, list]): of source credentials to which this credential is chained
rules (Union[dict, list]): ACDC rules section for credential
version (Version): version instance
kind (Serials): serialization kind
kind (Kinds): serialization kind
Returns:
SerderACDC: credential instance
serdering.SerderACDC: credential instance
"""
vs = versify(protocol=coring.Protocols.acdc, version=version, kind=kind, size=0)
Expand All @@ -64,8 +63,8 @@ def credential(schema,
)

if private:
vc["u"] = salt if salt is not None else core.Salter().qb64
subject["u"] = salt if salt is not None else core.Salter().qb64
vc["u"] = private_credential_nonce if private_credential_nonce is not None else core.Salter().qb64
subject["u"] = private_subject_nonce if private_subject_nonce is not None else core.Salter().qb64

if recipient is not None:
subject['i'] = recipient
Expand Down
16 changes: 11 additions & 5 deletions src/keri/vdr/credentialing.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,15 @@
VC issuer support
"""
from typing import Optional

from hio.base import doing
from hio.help import decking

from keri.vdr import viring
from .. import kering, help
from .. import help
from .. import kering, core
from ..app import agenting
from ..app.habbing import GroupHab
from .. import kering, core
from ..core import parsing, coring, scheming, serdering
from ..core.coring import Seqner, MtrDex
from ..core.eventing import TraitDex
Expand Down Expand Up @@ -772,7 +773,8 @@ def __init__(self, hby, rgy, registrar, verifier):

super(Credentialer, self).__init__(doers=doers)

def create(self, regname, recp: str, schema, source, rules, data, private=False):
def create(self, regname, recp: str, schema, source, rules, data, private: bool = False,
private_credential_nonce: Optional[str] = None, private_subject_nonce: Optional[str] = None):
""" Create and validate a credential returning the fully populated Creder
Parameters:
Expand All @@ -782,7 +784,9 @@ def create(self, regname, recp: str, schema, source, rules, data, private=False)
source:
rules:
data:
private: add nonce for privacy preserving
private (bool): apply nonce used for privacy preserving ACDC
private_credential_nonce (Optional[str]): nonce used for privacy vc
private_subject_nonce (Optional[str]): nonce used for subject
Returns:
Creder: Creder class for the issued credential
Expand All @@ -803,6 +807,8 @@ def create(self, regname, recp: str, schema, source, rules, data, private=False)
data=data,
source=source,
private=private,
private_credential_nonce=private_credential_nonce,
private_subject_nonce=private_subject_nonce,
rules=rules,
status=registry.regk)
self.validate(creder)
Expand Down
12 changes: 6 additions & 6 deletions tests/vc/test_proving.py
Original file line number Diff line number Diff line change
Expand Up @@ -253,22 +253,22 @@ def test_privacy_preserving_credential(mockHelpingNowIso8601):
engagementContextRole="Project Manager",
)

salt = core.Salter(raw=b'0123456789abcdef').qb64
cred = credential(schema="EZllThM1rLBSMZ_ozM1uAnFvSfC0N1jaQ42aKU5sCZ5Q",
recipient="EM_S2MdMaKgP6P2Yyno6-flV6GqrwPencTIw8tCMR7iB",
private=True,
salt=salt,
private_credential_nonce=core.Salter(raw=b'0123456789abcdef').qb64,
private_subject_nonce=core.Salter(raw=b'abcdef0123456789').qb64,
issuer="EMZeK1yLZd1JV6Ktdq_YUt-YbyoTWB9UMcFzuiDly2Y6",
data=d, status="ETQoH02zJRCTNz-Wl3nnkUD_RVSzSwcoNvmfa18AWt3M")

assert cred.size == len(cred.raw)
assert "u" in cred.sad
print(cred.raw)
assert cred.raw == (b'{"v":"ACDC10JSON00021c_","d":"ELFOCm58xUlId994cS6m6bsfYOkNHEKoe15Cav-Sj8__",'

assert cred.raw == (b'{"v":"ACDC10JSON00021c_","d":"EMMDzhHHlpQP0XNMRThDeIFkYD1WkDHF7Tp-8kt8X5pn",'
b'"u":"0AAwMTIzNDU2Nzg5YWJjZGVm","i":"EMZeK1yLZd1JV6Ktdq_YUt-YbyoTWB9UMcFzuiDl'
b'y2Y6","ri":"ETQoH02zJRCTNz-Wl3nnkUD_RVSzSwcoNvmfa18AWt3M","s":"EZllThM1rLBSM'
b'Z_ozM1uAnFvSfC0N1jaQ42aKU5sCZ5Q","a":{"d":"EFwWs1d_fe_VeLZ0vQQKO-gkRvGrpfWAR'
b'bI4e9tzcqlV","u":"0AAwMTIzNDU2Nzg5YWJjZGVm","i":"EM_S2MdMaKgP6P2Yyno6-flV6Gq'
b'Z_ozM1uAnFvSfC0N1jaQ42aKU5sCZ5Q","a":{"d":"EK3MRnlg-bMUnHtYKyZ8HD_IbBeI0v4N8'
b'YB4UnNVBqrv","u":"0ABhYmNkZWYwMTIzNDU2Nzg5","i":"EM_S2MdMaKgP6P2Yyno6-flV6Gq'
b'rwPencTIw8tCMR7iB","dt":"2021-06-27T21:26:21.233257+00:00","LEI":"254900OPPU'
b'84GM83MG36","personLegalName":"John Doe","engagementContextRole":"Project Ma'
b'nager"}}')
Expand Down

0 comments on commit b35fee7

Please sign in to comment.