@dxos/echo-db 2.33.1 → 2.33.2-dev.0f8f9225

package/src/halo/identity-manager.ts

@@ -6,11 +6,10 @@ import assert from 'assert';
 import debug from 'debug';
 
 import { Event, synchronized, waitForCondition } from '@dxos/async';
-import { Keyring, SecretProvider } from '@dxos/credentials';
+import { Filter, KeyRecord, Keyring, KeyType, SecretProvider } from '@dxos/credentials';
 
 import { InvitationDescriptor } from '../invitations';
-import { MetadataStore } from '../metadata';
-import { PartyInternal } from '../parties';
+import { MetadataStore } from '../pipeline';
 import { HaloCreationOptions, HaloFactory } from './halo-factory';
 import { HaloParty } from './halo-party';
 import { Identity } from './identity';
@@ -21,7 +20,7 @@ const log = debug('dxos:echo-db:identity-manager');
  * Manages the keyring and HALO party.
  */
 export class IdentityManager {
-  private readonly _identity: Identity;
+  private _identity: Identity | undefined;
 
   public readonly ready = new Event();
 
@@ -29,30 +28,25 @@ export class IdentityManager {
     private readonly _keyring: Keyring,
     private readonly _haloFactory: HaloFactory,
     private readonly _metadataStore: MetadataStore
-  ) {
-    this._identity = Identity.fromKeyring(_keyring);
-  }
+  ) {}
 
-  get identity () {
+  get identity (): Identity | undefined {
     return this._identity;
   }
 
   get initialized (): boolean {
-    const haloParty = this._identity.halo;
-    return haloParty !== undefined &&
-      haloParty.isOpen &&
-      !!haloParty!.memberKeys.length &&
-      !!haloParty!.identityGenesis &&
+    return this._identity !== undefined &&
+      !!this._identity.halo &&
+      this._identity.halo.isOpen &&
+      !!this._identity.halo!.memberKeys.length &&
+      !!this._identity.halo!.identityGenesis &&
       !!this._identity.deviceKeyChain;
   }
 
-  private async _initialize (halo: PartyInternal) {
-    assert(this._identity.identityKey, 'No identity key.');
-    assert(this._identity.deviceKey, 'No device key.');
+  private async _initialize (halo: HaloParty) {
     assert(halo.isOpen, 'HALO must be open.');
 
-    const haloParty = new HaloParty(halo, this._identity.identityKey!.publicKey, this._identity.deviceKey.publicKey);
-    this._identity.setHalo(haloParty);
+    this._identity = new Identity(this._keyring, halo);
 
     // Wait for the minimum set of keys and messages we need for proper function.
     await waitForCondition(() => this.initialized);
@@ -61,16 +55,28 @@ export class IdentityManager {
     this.ready.emit();
   }
 
+  async close () {
+    const identity = this._identity;
+    this._identity = undefined;
+
+    await identity?.halo.close();
+  }
+
+  getIdentityKey (): KeyRecord | undefined {
+    return this._keyring.findKey(Filter.matches({ type: KeyType.IDENTITY, own: true, trusted: true }));
+  }
+
   @synchronized
   async loadFromStorage () {
-    if (this._identity.identityKey) {
-      if (this._metadataStore.getParty(this._identity.identityKey.publicKey)) {
+    const identityKey = this.getIdentityKey();
+    if (identityKey) {
+      if (this._metadataStore.getParty(identityKey.publicKey)) {
         // TODO(marik-d): Snapshots for halo party?
-        const halo = await this._haloFactory.constructParty(this._identity.identityKey.publicKey);
+        const halo = await this._haloFactory.constructParty([]);
         // Always open the HALO.
         await halo.open();
         await this._initialize(halo);
-      } else if (!this._identity.keyring.hasSecretKey(this._identity.identityKey)) {
+      } else if (!this._keyring.hasSecretKey(identityKey)) {
         throw new Error('HALO missing and identity key has no secret.');
       }
     }
@@ -80,8 +86,8 @@ export class IdentityManager {
    * Creates the Identity HALO.
    */
    @synchronized
-  async createHalo (options: HaloCreationOptions = {}): Promise<PartyInternal> {
-    assert(!this._identity.halo, 'HALO already exists.');
+  async createHalo (options: HaloCreationOptions = {}): Promise<HaloParty> {
+    assert(!this._identity, 'Identity already initialized.');
 
     const halo = await this._haloFactory.createHalo(options);
     await this._initialize(halo);
@@ -97,10 +103,9 @@ export class IdentityManager {
     */
    @synchronized
    async recoverHalo (seedPhrase: string) {
-     assert(!this._identity.halo, 'HALO already exists.');
-     assert(!this._identity.identityKey, 'Identity key already exists.');
+     assert(!this._identity, 'Identity already initialized.');
 
-     const halo = await this._haloFactory.recoverHalo(this.identity, seedPhrase);
+     const halo = await this._haloFactory.recoverHalo(seedPhrase);
      await this._initialize(halo);
      return halo;
    }
@@ -110,7 +115,7 @@ export class IdentityManager {
     */
    @synchronized
    async joinHalo (invitationDescriptor: InvitationDescriptor, secretProvider: SecretProvider) {
-     assert(!this._identity.halo, 'HALO already exists.');
+     assert(!this._identity, 'Identity already initialized.');
 
      const halo = await this._haloFactory.joinHalo(invitationDescriptor, secretProvider);
      await this._initialize(halo);

package/src/halo/identity.ts

@@ -5,7 +5,10 @@
 import debug from 'debug';
 
 import { Filter, KeyChain, KeyRecord, Keyring, KeyType, Signer } from '@dxos/credentials';
+import { raise } from '@dxos/debug';
 
+import { IdentityNotInitializedError } from '../errors';
+import { CredentialsSigner } from '../protocol/credentials-signer';
 import { ContactManager } from './contact-manager';
 import { HaloParty } from './halo-party';
 import { Preferences } from './preferences';
@@ -22,22 +25,12 @@ export class Identity {
   private _deviceKey?: KeyRecord;
   private _deviceKeyChain?: KeyChain;
 
-  static fromKeyring (keyring: Keyring) {
-    return new Identity(
-      keyring,
-      undefined
-    );
-  }
-
-  static createFromHalo (keyring: Keyring, halo: HaloParty) {
-    const identity = Identity.fromKeyring(keyring);
-    identity.setHalo(halo);
-    return identity;
-  }
-
+  /**
+   * @param _halo HALO party. Must be open.
+   */
   constructor (
     private readonly _keyring: Keyring,
-    private _halo: HaloParty | undefined
+    private readonly _halo: HaloParty
   ) {}
 
   get signer (): Signer {
@@ -88,7 +81,10 @@ export class Identity {
     return this._halo?.identityGenesis;
   }
 
-  get halo (): HaloParty | undefined {
+  /**
+   * HALO party. Must be open.
+   */
+  get halo (): HaloParty {
     return this._halo;
   }
 
@@ -96,17 +92,17 @@ export class Identity {
     return this._keyring;
   }
 
-  /**
-   * @internal
-   *
-   * Called by `IdentityManager` when HALO party is initialized.
-   */
-  setHalo (halo: HaloParty) {
-    this._halo = halo;
+  createCredentialsSigner (): CredentialsSigner {
+    return new CredentialsSigner(
+      this._keyring,
+      () => this.identityKey ?? raise(new IdentityNotInitializedError()),
+      () => this.deviceKey ?? raise(new IdentityNotInitializedError()),
+      () => this.deviceKeyChain ?? this.deviceKey ?? raise(new IdentityNotInitializedError())
+    );
   }
 }
 
-export type IdentityProvider = () => Identity;
+export type IdentityProvider = () => Identity | undefined;
 
 function getDeviceKeyChainFromHalo (halo: HaloParty, deviceKey: KeyRecord) {
   try {

package/src/halo/index.ts

@@ -2,7 +2,7 @@
 // Copyright 2020 DXOS.org
 //
 
-export * from './party-preferences';
+export * from '../parties/party-preferences';
 export * from './contact-manager';
 export * from './halo-factory';
 export * from './halo-party';

package/src/halo/party-opener.ts

@@ -24,7 +24,7 @@ export function autoPartyOpener (preferences: Preferences, partyManager: PartyMa
 
     for (const partyDesc of values) {
       if (!partyManager.parties.some(x => x.key === partyDesc.partyKey)) {
-        log(`Auto-opening new Party from HALO: ${partyDesc.partyKey.toHex()}`);
+        log(`Auto-opening new Party from HALO: ${partyDesc.partyKey.toHex()} hints=${JSON.stringify(partyDesc.keyHints)}`);
         await partyManager.addParty(partyDesc.partyKey, partyDesc.keyHints);
       }
     }

package/src/halo/preferences.ts

@@ -9,10 +9,12 @@ import defaultsDeep from 'lodash.defaultsdeep';
 import { Event } from '@dxos/async';
 import { KeyHint } from '@dxos/credentials';
 import { PublicKey } from '@dxos/crypto';
+import { raise } from '@dxos/debug';
 import { ObjectModel } from '@dxos/object-model';
 
-import { Item, ResultSet } from '../api';
-import { PartyInternal } from '../parties';
+import { Database, Item, ResultSet } from '../api';
+import { IdentityNotInitializedError } from '../errors';
+import { DataParty } from '../parties';
 import {
   HALO_PARTY_DESCRIPTOR_TYPE, HALO_PARTY_DEVICE_PREFERENCES_TYPE, HALO_PARTY_PREFERENCES_TYPE, JoinedParty
 } from './halo-party';
@@ -23,8 +25,7 @@ import {
 // TODO(burdon): Split into device settings, user preferences, etc. (Expose subset as public API).
 export class Preferences {
   constructor (
-    // TODO(burdon): Only requires key.
-    private readonly _party: PartyInternal,
+    private readonly _getDatabase: () => Database | undefined,
     private readonly _deviceKey: PublicKey
   ) {}
 
@@ -42,8 +43,10 @@ export class Preferences {
   }
 
   subscribeToPreferences (callback: (preferences: any) => void) {
-    const globalResults = this._party.database.select({ type: HALO_PARTY_PREFERENCES_TYPE }).exec();
-    const deviceResults = this._party.database.select({ type: HALO_PARTY_DEVICE_PREFERENCES_TYPE }).exec();
+    const database = this._getDatabase() ?? raise(new IdentityNotInitializedError());
+
+    const globalResults = database.select({ type: HALO_PARTY_PREFERENCES_TYPE }).exec();
+    const deviceResults = database.select({ type: HALO_PARTY_DEVICE_PREFERENCES_TYPE }).exec();
 
     const event = new Event<any>();
 
@@ -74,18 +77,20 @@ export class Preferences {
   }
 
   getGlobalPreferences () {
-    if (!this._party.isOpen) {
-      return null;
+    const database = this._getDatabase();
+    if (!database) {
+      return;
     }
-    const [globalItem] = this._party.database.select({ type: HALO_PARTY_PREFERENCES_TYPE }).exec().entities;
+    const [globalItem] = database.select({ type: HALO_PARTY_PREFERENCES_TYPE }).exec().entities;
     return globalItem;
   }
 
   getDevicePreferences () {
-    if (!this._party.isOpen) {
-      return null;
+    const database = this._getDatabase();
+    if (!database) {
+      return;
     }
-    const deviceItems = this._party.database.select({ type: HALO_PARTY_DEVICE_PREFERENCES_TYPE }).exec().entities;
+    const deviceItems = database.select({ type: HALO_PARTY_DEVICE_PREFERENCES_TYPE }).exec().entities;
     return deviceItems.find(item => this._deviceKey.equals(item.model.get('publicKey')));
   }
 
@@ -95,7 +100,7 @@ export class Preferences {
     return this._getPartyPreference(item, partyKey, key);
   }
 
-  public async setGlobalPartyPreference (party: PartyInternal, key: string, value: any) {
+  public async setGlobalPartyPreference (party: DataParty, key: string, value: any) {
     const item = this.getGlobalPreferences();
     assert(item, 'Global preference item required.');
     return this._setPartyPreference(item, party, key, value);
@@ -107,7 +112,7 @@ export class Preferences {
     return this._getPartyPreference(item, partyKey, key);
   }
 
-  public async setDevicePartyPreference (party: PartyInternal, key: string, value: any) {
+  public async setDevicePartyPreference (party: DataParty, key: string, value: any) {
     const item = this.getDevicePreferences();
     assert(item, 'Device preference item required.');
     return this._setPartyPreference(item, party, key, value);
@@ -121,7 +126,7 @@ export class Preferences {
   }
 
   // TODO(burdon): DO NOT USE THE PARTY KEY AS A TOP-LEVEL KEY!
-  public async _setPartyPreference (preferences: Item<any>, party: PartyInternal, key: string, value: any) {
+  public async _setPartyPreference (preferences: Item<any>, party: DataParty, key: string, value: any) {
     const path = party.key.toHex();
     const partyPrefs = preferences.model.get(path, {});
     partyPrefs[key] = value;
@@ -130,13 +135,17 @@ export class Preferences {
   }
 
   async recordPartyJoining (joinedParty: JoinedParty) {
-    const [partyDesc] = this._party.database
+    const database = this._getDatabase();
+    if (!database) {
+      return;
+    }
+    const [partyDesc] = database
       .select({ type: HALO_PARTY_DESCRIPTOR_TYPE })
       .filter(partyMarker => joinedParty.partyKey.equals(partyMarker.model.get('publicKey')))
       .exec().entities;
     assert(!partyDesc, `Descriptor already exists for Party: ${joinedParty.partyKey.toHex()}`);
 
-    await this._party.database.createItem({
+    await database.createItem({
       model: ObjectModel,
       type: HALO_PARTY_DESCRIPTOR_TYPE,
       props: {
@@ -148,6 +157,8 @@ export class Preferences {
   }
 
   subscribeToJoinedPartyList (callback: (parties: JoinedParty[]) => void): () => void {
+    const database = this._getDatabase() ?? raise(new IdentityNotInitializedError());
+
     const converter = (partyDesc: Item<any>) => {
       // TODO(burdon): Define type.
       return {
@@ -159,7 +170,7 @@ export class Preferences {
       };
     };
 
-    const result = this._party.database.select({ type: HALO_PARTY_DESCRIPTOR_TYPE }).exec();
+    const result = database.select({ type: HALO_PARTY_DESCRIPTOR_TYPE }).exec();
 
     // Wrap the query event so we can have manual control.
     const event = new Event();

package/src/index.ts

@@ -10,7 +10,7 @@ export * from './echo';
 export * from './errors';
 export * from './halo';
 export * from './invitations';
-export * from './metadata';
+export * from './protocol';
 export * from './parties';
 export * from './pipeline';
 export * from './snapshots';

package/src/invitations/greeting-initiator.ts

@@ -19,12 +19,13 @@ import {
   Message,
   SecretProvider,
   WithTypeUrl,
-  ERR_GREET_CONNECTED_TO_SWARM_TIMEOUT
+  ERR_GREET_CONNECTED_TO_SWARM_TIMEOUT,
+  SignedMessage
 } from '@dxos/credentials';
 import { keyToString, PublicKey } from '@dxos/crypto';
 import { FullyConnectedTopology, NetworkManager } from '@dxos/network-manager';
 
-import { Identity } from '../halo';
+import { CredentialsSigner } from '../protocol/credentials-signer';
 import { greetingProtocolProvider } from './greeting-protocol-provider';
 import { GreetingState } from './greeting-responder';
 import { InvitationDescriptor, InvitationDescriptorType } from './invitation-descriptor';
@@ -48,11 +49,12 @@ export class GreetingInitiator {
    * @param _identity
    * @param _invitationDescriptor
    * @param _feedInitializer Callback to open or create a write feed for this party and return it's keypair.
+   * @param _getMessagesToNotarize Returns a list of credential messages that the inviter will be asked to write into the control feed.
    */
   constructor (
     private readonly _networkManager: NetworkManager,
-    private readonly _identity: Identity,
-    private readonly _invitationDescriptor: InvitationDescriptor
+    private readonly _invitationDescriptor: InvitationDescriptor,
+    private readonly _getMessagesToNotarize: (partyKey: PublicKey, nonce: Uint8Array) => Promise<Message[]>
   ) {
     assert(InvitationDescriptorType.INTERACTIVE === this._invitationDescriptor.type);
   }
@@ -112,7 +114,6 @@ export class GreetingInitiator {
   async redeemInvitation (secretProvider: SecretProvider) {
     assert(this._state === GreetingState.CONNECTED);
     const { swarmKey } = this._invitationDescriptor;
-    const haloInvitation = !!this._invitationDescriptor.identityKey;
 
     const responderPeerId = Buffer.from(swarmKey);
 
@@ -146,33 +147,7 @@ export class GreetingInitiator {
     const { nonce } = handshakeResponse;
     const partyKey = handshakeResponse.partyKey;
 
-    const credentialMessages = [];
-    if (haloInvitation) {
-      assert(this._identity.deviceKey, 'Device key required');
-
-      // For the HALO, add the DEVICE directly.
-      credentialMessages.push(
-        createKeyAdmitMessage(
-          this._identity.signer,
-          partyKey,
-          this._identity.deviceKey,
-          [],
-          nonce)
-      );
-    } else {
-      assert(this._identity.deviceKeyChain, 'Device key required');
-      assert(this._identity.identityGenesis, 'Identity genesis message required');
-
-      // For any other Party, add the IDENTITY, signed by the DEVICE keychain, which links back to that IDENTITY.
-      credentialMessages.push(
-        createEnvelopeMessage(
-          this._identity.signer,
-          partyKey,
-          wrapMessage(this._identity.identityGenesis),
-          [this._identity.deviceKeyChain],
-          nonce)
-      );
-    }
+    const credentialMessages = await this._getMessagesToNotarize(PublicKey.from(partyKey), nonce);
 
     // Send the signed payload to the greeting responder.
     const notarizeResponse = await this._greeterPlugin.send(responderPeerId,
@@ -213,3 +188,33 @@ export class GreetingInitiator {
     log('Destroyed');
   }
 }
+
+/**
+ * Create credentials messages that should be written to invite new device to the HALO party.
+ */
+export const createHaloPartyAdmissionMessage = (
+  credentialsSigner: CredentialsSigner,
+  nonce: Uint8Array
+): Message => createKeyAdmitMessage(
+  credentialsSigner.signer,
+  credentialsSigner.getIdentityKey().publicKey,
+  credentialsSigner.getDeviceKey(),
+  [],
+  Buffer.from(nonce)
+);
+
+/**
+ * Create credentials messages that should be written to invite member to the data party.
+ */
+export const createDataPartyAdmissionMessages = (
+  credentialsSigner: CredentialsSigner,
+  partyKey: PublicKey,
+  identityGenesis: SignedMessage,
+  nonce: Uint8Array
+): Message => createEnvelopeMessage(
+  credentialsSigner.signer,
+  partyKey,
+  wrapMessage(identityGenesis),
+  [credentialsSigner.getDeviceSigningKeys()],
+  Buffer.from(nonce)
+);

package/src/invitations/greeting-responder.ts

@@ -19,8 +19,8 @@ import { keyToString, randomBytes, PublicKey } from '@dxos/crypto';
 import { SwarmKey } from '@dxos/echo-protocol';
 import { FullyConnectedTopology, NetworkManager } from '@dxos/network-manager';
 
-import { Identity } from '../halo';
 import { PartyProcessor } from '../pipeline';
+import { CredentialsSigner } from '../protocol/credentials-signer';
 import { InvitationOptions } from './common';
 import { greetingProtocolProvider } from './greeting-protocol-provider';
 
@@ -58,7 +58,7 @@ export class GreetingResponder {
   constructor (
     private readonly _networkManager: NetworkManager,
     private readonly _partyProcessor: PartyProcessor,
-    private readonly _identity: Identity
+    private readonly _credentialsSigner: CredentialsSigner
   ) {
     this._greeter = new Greeter(
       this._partyProcessor.partyKey,
@@ -193,7 +193,6 @@ export class GreetingResponder {
    */
   async _writeCredentialsToParty (messages: any[]) {
     assert(this._state === GreetingState.CONNECTED);
-    assert(this._identity.deviceKeyChain);
 
     /* These messages will be self-signed by keys not yet admitted to the Party,, so we cannot check
      * for a trusted key, only that the signatures are valid.
@@ -217,10 +216,10 @@ export class GreetingResponder {
       };
 
       const envelope = createEnvelopeMessage(
-        this._identity.signer,
+        this._credentialsSigner.signer,
         this._partyProcessor.partyKey,
         message,
-        [this._identity.deviceKeyChain]
+        [this._credentialsSigner.getDeviceSigningKeys()]
       );
 
       await this._partyProcessor.writeHaloMessage(envelope);

package/src/invitations/halo-recovery-initiator.ts

@@ -20,14 +20,14 @@ import {
   codec
 } from '@dxos/credentials';
 import { keyToBuffer, keyToString, PublicKey, randomBytes, verify } from '@dxos/crypto';
-import { raise } from '@dxos/debug';
 import { FullyConnectedTopology, NetworkManager } from '@dxos/network-manager';
 
-import { IdentityNotInitializedError, InvalidInvitationError } from '../errors';
-import { Identity, IdentityProvider } from '../halo';
+import { InvalidInvitationError } from '../errors';
+import { CredentialsSigner } from '../protocol/credentials-signer';
 import { greetingProtocolProvider } from './greeting-protocol-provider';
 import { GreetingState } from './greeting-responder';
 import { InvitationDescriptor, InvitationDescriptorType } from './invitation-descriptor';
+import { InvitationFactory } from './invitation-factory';
 
 const log = debug('dxos:echo-db:halo-recovery-initiator');
 
@@ -47,7 +47,7 @@ export class HaloRecoveryInitiator {
 
   constructor (
     private readonly _networkManager: NetworkManager,
-    private readonly _identity: Identity
+    private readonly _credentialsSigner: CredentialsSigner
   ) {
     this._state = GreetingState.INITIALIZED;
   }
@@ -67,8 +67,7 @@ export class HaloRecoveryInitiator {
     this._peerId = randomBytes();
     log('Local PeerId:', keyToString(this._peerId));
 
-    assert(this._identity.identityKey);
-    const swarmKey = this._identity.identityKey.publicKey.asBuffer();
+    const swarmKey = this._credentialsSigner.getIdentityKey().publicKey.asBuffer();
 
     this._greeterPlugin = new GreetingCommandPlugin(this._peerId, async () => false);
 
@@ -99,16 +98,15 @@ export class HaloRecoveryInitiator {
     assert(this._state === GreetingState.CONNECTED);
     assert(this._greeterPlugin);
     assert(this._peerId);
-    assert(this._identity.identityKey);
 
     // Send to the first peer (any peer will do).
     const peer = this._greeterPlugin.peers[0];
     const responderPeerId = keyToBuffer(peer.getSession().peerId);
 
     // Synthesize an "invitationID" which is the signature of both peerIds signed by our Identity key.
-    const signature = this._identity.signer.rawSign(
+    const signature = this._credentialsSigner.signer.rawSign(
       Buffer.concat([this._peerId, responderPeerId]),
-      this._identity.identityKey
+      this._credentialsSigner.getIdentityKey()
     );
 
     // We expect to receive a new swarm/rendezvousKey to use for the full Greeting process.
@@ -124,13 +122,12 @@ export class HaloRecoveryInitiator {
       InvitationDescriptorType.INTERACTIVE,
       Buffer.from(rendezvousKey),
       Buffer.from(id),
-      this._identity.identityKey.publicKey
+      this._credentialsSigner.getIdentityKey().publicKey
     );
   }
 
   async disconnect () {
-    assert(this._identity.identityKey);
-    const swarmKey = this._identity.identityKey.publicKey.asBuffer();
+    const swarmKey = this._credentialsSigner.getIdentityKey().publicKey.asBuffer();
     await this._networkManager.leaveProtocolSwarm(PublicKey.from(swarmKey));
     this._state = GreetingState.DISCONNECTED;
   }
@@ -149,23 +146,19 @@ export class HaloRecoveryInitiator {
        * by "info". These values will be validated on the other end.
        */
       createAuthMessage(
-        this._identity.signer,
+        this._credentialsSigner.signer,
         info.id.value,
-        this._identity.identityKey ?? raise(new IdentityNotInitializedError()),
-        this._identity.identityKey ?? raise(new IdentityNotInitializedError()),
+        this._credentialsSigner.getIdentityKey(),
+        this._credentialsSigner.getIdentityKey(),
         undefined,
         info.authNonce.value)
     ));
   }
 
-  static createHaloInvitationClaimHandler (identityProvider: IdentityProvider) {
+  static createHaloInvitationClaimHandler (identityKey: PublicKey, invitationManager: InvitationFactory) {
     const claimHandler = new PartyInvitationClaimHandler(async (invitationID: Buffer, remotePeerId: Buffer, peerId: Buffer) => {
-      const identity = identityProvider();
-      assert(identity.halo, 'HALO is required');
-      assert(identity.identityKey);
-
       // The invitationtId is the signature of both peerIds, signed by the Identity key.
-      const ok = verify(Buffer.concat([remotePeerId, peerId]), invitationID, identity.identityKey.publicKey.asBuffer());
+      const ok = verify(Buffer.concat([remotePeerId, peerId]), invitationID, identityKey.asBuffer());
       if (!ok) {
         throw new InvalidInvitationError();
       }
@@ -175,7 +168,7 @@ export class HaloRecoveryInitiator {
        */
       const keyring = new Keyring();
       await keyring.addPublicKey({
-        publicKey: identity.identityKey.publicKey,
+        publicKey: identityKey,
         type: KeyType.IDENTITY,
         trusted: true,
         own: false
@@ -190,8 +183,7 @@ export class HaloRecoveryInitiator {
       };
 
       // TODO(telackey): Configure expiration.
-      return identity.halo.invitationManager
-        .createInvitation({ secretValidator }, { expiration: Date.now() + 60_000 });
+      return invitationManager.createInvitation({ secretValidator }, { expiration: Date.now() + 60_000 });
     });
 
     return claimHandler.createMessageHandler();

package/src/invitations/index.ts

@@ -8,5 +8,5 @@ export * from './greeting-initiator';
 export * from './greeting-responder';
 export * from './halo-recovery-initiator';
 export * from './invitation-descriptor';
-export * from './invitation-manager';
+export * from './invitation-factory';
 export * from './offline-invitation-claimer';