PyPI - interop-verifier - Versions diffs - 1.0.0__py3-none-any.whl - Mend

interop-verifier 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

interop_verifier/__init__.py +3 -0
interop_verifier/app/__init__.py +1 -0
interop_verifier/app/cli.py +107 -0
interop_verifier/core/__init__.py +1 -0
interop_verifier/core/basing.py +54 -0
interop_verifier/core/credentials.py +32 -0
interop_verifier/core/handling.py +208 -0
interop_verifier/core/httping.py +90 -0
interop_verifier/core/monitoring.py +23 -0
interop_verifier/core/policy.py +97 -0
interop_verifier/core/serving.py +270 -0
interop_verifier/core/verifying.py +40 -0
interop_verifier/data/__init__.py +1 -0
interop_verifier/data/interop-verifier-incept-no-wits.json +9 -0
interop_verifier-1.0.0.dist-info/METADATA +79 -0
interop_verifier-1.0.0.dist-info/RECORD +18 -0
interop_verifier-1.0.0.dist-info/WHEEL +4 -0
interop_verifier-1.0.0.dist-info/entry_points.txt +2 -0

interop_verifier/__init__.py ADDED Viewed

@@ -0,0 +1,3 @@
+"""Generalized Sally-style verifier for KERI interop tests."""
+__version__ = "1.0.0"

interop_verifier/app/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ """CLI package for interop-verifier."""

interop_verifier/app/cli.py ADDED Viewed

@@ -0,0 +1,107 @@
+"""Command line entrypoint."""
+import argparse
+import json
+from keri.app import configing, habbing, keeping
+import interop_verifier
+from interop_verifier.core import serving
+from interop_verifier.core.policy import VerificationPolicy
+def main():
+    parser = argparse.ArgumentParser(prog="interop-verifier")
+    sub = parser.add_subparsers(dest="command", required=True)
+    start = sub.add_parser("start", help="Start the interop verifier service")
+    start.add_argument("-p", "--http", default=9723, type=int)
+    start.add_argument("-n", "--name", default="interop-verifier")
+    start.add_argument("-b", "--base", default="")
+    start.add_argument("--head-dir", dest="headDirPath", default=None)
+    start.add_argument("-a", "--alias", required=True)
+    start.add_argument("-s", "--salt")
+    start.add_argument("--passcode", dest="bran", default=None)
+    start.add_argument("-i", "--incept-file", dest="inceptFile", default=None)
+    start.add_argument("-c", "--config-dir", dest="configDir", default=None)
+    start.add_argument("-f", "--config-file", dest="configFile", default=None)
+    start.add_argument("-w", "--web-hook", dest="webHook", required=True)
+    start.add_argument("--policy", dest="policyFile", default=None)
+    start.add_argument("--schema", dest="schemas", action="append", default=[])
+    start.add_argument("-r", "--retry-delay", default=3, type=int)
+    start.add_argument("-e", "--escrow-timeout", default=10, type=int)
+    start.add_argument("--no-clear-escrows", action="store_true", default=False)
+    start.set_defaults(handler=start_command)
+    version = sub.add_parser("version", help="Print version")
+    version.set_defaults(handler=lambda args: print(interop_verifier.__version__))
+    args = parser.parse_args()
+    args.handler(args)
+def start_command(args):
+    hby = init_habery(
+        name=args.name,
+        base=args.base,
+        bran=args.bran,
+        config_file=args.configFile,
+        config_dir=args.configDir,
+        salt=args.salt,
+        head_dir_path=args.headDirPath,
+    )
+    incept_args = {
+        "name": args.name,
+        "base": args.base,
+        "alias": args.alias,
+        "bran": args.bran,
+        "incept_file": args.inceptFile,
+        "config_dir": args.configDir,
+    }
+    hab = serving.incept_if_new(hby, args.alias, incept_args)
+    serving.load_schemas(hby, args.schemas)
+    policy = VerificationPolicy(load_policy(args.policyFile))
+    doers = serving.setupDoers(
+        hby,
+        hab,
+        alias=args.alias,
+        http_port=args.http,
+        hook=args.webHook,
+        policy=policy,
+        timeout=args.escrow_timeout,
+        retry=args.retry_delay,
+        clear_escrows=not args.no_clear_escrows,
+        head_dir_path=args.headDirPath,
+    )
+    print(f"Interop verifier {hab.pre} listening on http://127.0.0.1:{args.http}", flush=True)
+    serving.run_doers(doers)
+def init_habery(name, base, bran, config_file, config_dir, salt, head_dir_path=None):
+    ks = keeping.Keeper(name=name, base=base, temp=False, reopen=True, headDirPath=head_dir_path)
+    aeid = ks.gbls.get("aeid")
+    if aeid is None:
+        cf = None
+        if config_file is not None:
+            cf = configing.Configer(name=config_file, base=base, headDirPath=config_dir, temp=False, reopen=True, clear=False)
+        return habbing.Habery(
+            name=name,
+            base=base,
+            bran=bran,
+            cf=cf,
+            ks=ks,
+            salt=salt if salt else None,
+            headDirPath=head_dir_path,
+        )
+    return habbing.Habery(name=name, base=base, bran=bran, ks=ks, headDirPath=head_dir_path)
+def load_policy(path):
+    if not path:
+        return {}
+    with open(path, "r", encoding="utf-8") as fp:
+        return json.load(fp)
+if __name__ == "__main__":
+    main()

interop_verifier/core/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ """Core verifier components."""

interop_verifier/core/basing.py ADDED Viewed

@@ -0,0 +1,54 @@
+"""Sally-style cue database for verifier communication state."""
+from keri.core import coring, serdering
+from keri.db import dbing, subing
+class CueBaser(dbing.LMDBer):
+    """Stores verifier presentation, revocation, delivery, and ack queues."""
+    TailDirPath = "interop-verifier/db"
+    AltTailDirPath = ".interop-verifier/db"
+    TempPrefix = "interop_verifier_db_"
+    def __init__(self, name="cb", headDirPath=None, reopen=True, **kwa):
+        self.snd = None
+        self.iss = None
+        self.rev = None
+        self.recv = None
+        self.revk = None
+        self.ack = None
+        super().__init__(name=name, headDirPath=headDirPath, reopen=reopen, **kwa)
+    def reopen(self, **kwa):
+        super().reopen(**kwa)
+        self.snd = subing.CesrSuber(db=self, subkey="snd.", klas=coring.Prefixer)
+        self.iss = subing.CesrSuber(db=self, subkey="iss.", klas=coring.Dater)
+        self.rev = subing.CesrSuber(db=self, subkey="rev.", klas=coring.Dater)
+        self.recv = subing.SerderSuber(db=self, subkey="recv", klas=serdering.SerderACDC)
+        self.revk = subing.SerderSuber(db=self, subkey="revk", klas=serdering.SerderACDC)
+        self.ack = subing.SerderSuber(db=self, subkey="ack", klas=serdering.SerderACDC)
+        return self.env
+    def clearEscrows(self):
+        self.iss.trim()
+        self.rev.trim()
+        self.recv.trim()
+        self.revk.trim()
+        self.ack.trim()
+    @staticmethod
+    def items(suber, keys=""):
+        if hasattr(suber, "getItemIter"):
+            return suber.getItemIter(keys=keys)
+        return suber.getTopItemIter(keys=keys)
+    def getCounts(self):
+        return {
+            "senders": self.snd.cntAll(),
+            "iss": self.iss.cntAll(),
+            "rev": self.rev.cntAll(),
+            "recv": self.recv.cntAll(),
+            "revk": self.revk.cntAll(),
+            "ack": self.ack.cntAll(),
+        }

interop_verifier/core/credentials.py ADDED Viewed

@@ -0,0 +1,32 @@
+"""TEL revocation cue bridge."""
+from hio.base import doing
+from hio.help import decking
+from keri.core import coring
+class TeveryCuery(doing.Doer):
+    """Moves KERIpy TEL revocation cues into the verifier cue database."""
+    def __init__(self, cdb, reger, cues=None, **kwa):
+        self.cdb = cdb
+        self.reger = reger
+        self.cues = cues if cues is not None else decking.Deck()
+        super().__init__(**kwa)
+    def do(self, tymth, *, tock=0.0, **opts):
+        self.wind(tymth)
+        self.tock = tock
+        yield self.tock
+        while True:
+            while self.cues:
+                cue = self.cues.popleft()
+                if cue.get("kin") == "revoked":
+                    serder = cue["serder"]
+                    said = serder.ked["i"]
+                    creder = self.reger.creds.get(said)
+                    if creder is not None:
+                        self.cdb.snd.pin(keys=(said,), val=coring.Prefixer(qb64=creder.issuer))
+                        self.cdb.rev.pin(keys=(said,), val=coring.Dater())
+                yield self.tock
+            yield self.tock

interop_verifier/core/handling.py ADDED Viewed

@@ -0,0 +1,208 @@
+"""Generic Sally-style IPEX presentation and webhook handling."""
+import datetime
+import json
+from base64 import urlsafe_b64encode as encodeB64
+from urllib import parse
+from hio.base import doing, Doer
+from hio.core import http
+from hio.help import Hict
+from keri import kering
+from keri.core import coring
+from keri.end import ending
+from keri.help import helping
+from keri.peer import exchanging
+from interop_verifier.core import httping
+from interop_verifier.core.policy import VerificationPolicy, credential_payload, revocation_payload
+def loadHandlers(cdb, hby, notifier, parser):
+    return [PresentationProofHandler(cdb=cdb, hby=hby, notifier=notifier, parser=parser)]
+class PresentationProofHandler(doing.Doer):
+    """Processes IPEX grant notifications and parses embedded proof material."""
+    def __init__(self, cdb, hby, notifier, parser, **kwa):
+        self.cdb = cdb
+        self.hby = hby
+        self.notifier = notifier
+        self.parser = parser
+        super().__init__(**kwa)
+    def processNotes(self):
+        for keys, notice in self.cdb.items(self.notifier.noter.notes):
+            attrs = notice.attrs
+            route = attrs.get("r")
+            if route in ("/exn/ipex/grant", "/ipex/grant"):
+                said = attrs["d"]
+                exn, pathed = exchanging.cloneMessage(self.hby, said=said)
+                embeds = exn.ked["e"]
+                for label in ("anc", "iss", "acdc"):
+                    if label not in embeds:
+                        continue
+                    sadder = coring.Sadder(ked=embeds[label])
+                    attachment = pathed[label] if label in pathed else bytearray()
+                    self.parser.parseOne(ims=bytearray(sadder.raw) + attachment)
+                acdc = embeds["acdc"]
+                credential = acdc["d"]
+                sender = acdc["i"]
+                self.cdb.snd.pin(keys=(credential,), val=coring.Prefixer(qb64=sender))
+                self.cdb.iss.pin(keys=(credential,), val=coring.Dater())
+            self.notifier.noter.notes.rem(keys=keys)
+        return False
+    def recur(self, tyme):
+        self.processNotes()
+        return False
+class Communicator(doing.DoDoer):
+    """Moves verified credentials to webhook delivery queues and posts callbacks."""
+    def __init__(self, hby, hab, cdb, reger, hook, policy=None, timeout=10, retry=3.0):
+        self.hby = hby
+        self.hab = hab
+        self.cdb = cdb
+        self.reger = reger
+        self.hook = hook
+        self.policy = policy or VerificationPolicy()
+        self.timeout = timeout
+        self.retry = retry
+        self.clients = {}
+        super().__init__(doers=[doing.doify(self.escrowDo)])
+    def processPresentations(self):
+        for (said,), dater in self.cdb.items(self.cdb.iss):
+            now = helping.nowUTC()
+            if now - dater.datetime > datetime.timedelta(minutes=self.timeout):
+                self.cdb.iss.rem(keys=(said,))
+                continue
+            if self.reger.saved.get(keys=(said,)) is None:
+                continue
+            creder = self.reger.creds.get(keys=(said,))
+            try:
+                state = self.reger.tevers[creder.regid].vcState(creder.said)
+                if state is None or state.et not in (kering.Ilks.iss, kering.Ilks.bis):
+                    raise kering.ValidationError(f"credential {creder.said} is not currently issued")
+                self.policy.validate(creder)
+            except kering.ValidationError:
+                self.cdb.iss.rem(keys=(said,))
+            else:
+                self.cdb.recv.pin(keys=(said, dater.qb64), val=creder)
+                self.cdb.iss.rem(keys=(said,))
+    def processRevocations(self):
+        for (said,), dater in self.cdb.items(self.cdb.rev):
+            now = helping.nowUTC()
+            if now - dater.datetime > datetime.timedelta(minutes=self.timeout):
+                self.cdb.rev.rem(keys=(said,))
+                continue
+            creder = self.reger.creds.get(keys=(said,))
+            if creder is None:
+                continue
+            state = self.reger.tevers[creder.regid].vcState(creder.said)
+            if state is None or state.et in (kering.Ilks.iss, kering.Ilks.bis):
+                continue
+            if state.et in (kering.Ilks.rev, kering.Ilks.brv):
+                self.cdb.rev.rem(keys=(said,))
+                self.cdb.revk.pin(keys=(said, dater.qb64), val=creder)
+    def processReceived(self, db, action):
+        for (said, dates), creder in self.cdb.items(db):
+            if said not in self.clients:
+                data = (
+                    credential_payload(self.reger, creder, self.policy)
+                    if action == "iss"
+                    else revocation_payload(self.reger, creder, self.policy)
+                )
+                self.request(creder.said, creder.schema, action, creder.issuer, data)
+                continue
+            client, clientDoer = self.clients[said]
+            if client.responses:
+                response = client.responses.popleft()
+                self.remove([clientDoer])
+                client.close()
+                del self.clients[said]
+                if 200 <= response["status"] < 300:
+                    db.rem(keys=(said, dates))
+                    self.cdb.ack.pin(keys=(said,), val=creder)
+                else:
+                    dater = coring.Dater(qb64=dates)
+                    if helping.nowUTC() - dater.datetime > datetime.timedelta(minutes=self.timeout):
+                        db.rem(keys=(said, dates))
+    def processAcks(self):
+        for (said,), _ in self.cdb.items(self.cdb.ack):
+            self.cdb.ack.rem(keys=(said,))
+    def escrowDo(self, tymth, tock=1.0, **opts):
+        self.wind(tymth)
+        self.tock = tock
+        _ = yield self.tock
+        while True:
+            self.processEscrows()
+            yield self.retry
+    def processEscrows(self):
+        self.processPresentations()
+        self.processRevocations()
+        self.processReceived(db=self.cdb.recv, action="iss")
+        self.processReceived(db=self.cdb.revk, action="rev")
+        self.processAcks()
+    def request(self, said, resource, action, actor, data):
+        purl = parse.urlparse(self.hook)
+        client = http.clienting.Client(hostname=purl.hostname, port=purl.port or 80)
+        clientDoer = http.clienting.ClientDoer(client=client)
+        self.extend([clientDoer])
+        raw = json.dumps({"action": action, "actor": actor, "data": data}).encode("utf-8")
+        headers = Hict([
+            ("Content-Type", "application/json"),
+            ("Content-Length", len(raw)),
+            ("Connection", "close"),
+            ("Sally-Resource", resource),
+            ("Sally-Timestamp", helping.nowIso8601()),
+        ])
+        path = purl.path or "/"
+        keyid = encodeB64(self.hab.kever.serder.verfers[0].raw).decode("utf-8")
+        header, unq = httping.siginput(
+            self.hab,
+            "sig0",
+            "POST",
+            path,
+            headers,
+            fields=["Sally-Resource", "@method", "@path", "Sally-Timestamp"],
+            alg="ed25519",
+            keyid=keyid,
+        )
+        headers.extend(header)
+        signage = ending.Signage(
+            markers={"sig0": unq},
+            indexed=True,
+            signer=self.hab.pre,
+            ordinal=None,
+            digest=None,
+            kind=None,
+        )
+        headers.extend(ending.signature([signage]))
+        client.request(
+            method="POST",
+            path=path,
+            qargs=parse.parse_qs(purl.query),
+            headers=headers,
+            body=raw,
+        )
+        self.clients[said] = (client, clientDoer)

interop_verifier/core/httping.py ADDED Viewed

@@ -0,0 +1,90 @@
+"""HTTP helper functions copied from Sally and kept schema-agnostic."""
+from base64 import urlsafe_b64encode as encodeB64
+from collections import namedtuple
+import falcon
+from http_sfv import Dictionary
+from keri.help import helping
+Inputage = namedtuple("Inputage", "name fields created keyid alg expires nonce context")
+def normalize(param):
+    return str(param).strip()
+def cors_middleware():
+    return falcon.CORSMiddleware(
+        allow_origins="*",
+        allow_credentials="*",
+        expose_headers=cesr_headers(),
+    )
+def cesr_headers():
+    return ["cesr-attachment", "cesr-date", "content-type"]
+def siginput(hab, name, method, path, headers, fields, expires=None, nonce=None, alg=None, keyid=None, context=None):
+    items = []
+    ifields = []
+    for field in fields:
+        if field.startswith("@"):
+            if field == "@method":
+                items.append(f'"{field}": {method}')
+                ifields.append(field)
+            elif field == "@path":
+                items.append(f'"{field}": {path}')
+                ifields.append(field)
+            continue
+        lower = field.lower()
+        if lower not in headers:
+            continue
+        ifields.append(lower)
+        items.append(f'"{lower}": {normalize(headers[lower])}')
+    sid = Dictionary()
+    sid[name] = ifields
+    now = helping.nowUTC()
+    sid[name].params["created"] = int(now.timestamp())
+    values = [f"({' '.join(ifields)})", f"created={int(now.timestamp())}"]
+    if expires is not None:
+        values.append(f"expires={expires}")
+        sid[name].params["expires"] = expires
+    if nonce is not None:
+        values.append(f"nonce={nonce}")
+        sid[name].params["nonce"] = nonce
+    if keyid is not None:
+        values.append(f"keyid={keyid}")
+        sid[name].params["keyid"] = keyid
+    if context is not None:
+        values.append(f"context={context}")
+        sid[name].params["context"] = context
+    if alg is not None:
+        values.append(f"alg={alg}")
+        sid[name].params["alg"] = alg
+    items.append(f'"@signature-params: {";".join(values)}"')
+    ser = "\n".join(items).encode("utf-8")
+    sigers = hab.sign(ser=ser, verfers=hab.kever.verfers, indexed=False)
+    return {"Signature-Input": f"{sid}"}, Unqualified(raw=sigers[0].raw)
+class Unqualified:
+    def __init__(self, raw):
+        self._raw = raw
+    @property
+    def raw(self):
+        return self._raw
+    @property
+    def qb64(self):
+        return self.qb64b.decode("utf-8")
+    @property
+    def qb64b(self):
+        return encodeB64(self.raw)

interop_verifier/core/monitoring.py ADDED Viewed

@@ -0,0 +1,23 @@
+"""Health endpoint."""
+import falcon
+from keri.help import nowIso8601
+import interop_verifier
+class HealthEnd:
+    def __init__(self, cdb=None, hab=None, stats=None):
+        self.cdb = cdb
+        self.hab = hab
+        self.stats = stats
+    def on_get(self, req, resp):
+        resp.status = falcon.HTTP_OK
+        resp.media = {
+            "message": f"Health is okay. Time is {nowIso8601()}",
+            "version": interop_verifier.__version__,
+            "pre": self.hab.pre if self.hab else None,
+            "counts": self.cdb.getCounts() if self.cdb else {},
+            "stats": self.stats() if self.stats else {},
+        }

interop_verifier/core/policy.py ADDED Viewed

@@ -0,0 +1,97 @@
+"""Generic credential policy and webhook payload helpers."""
+from keri import kering
+class VerificationPolicy:
+    """Schema-agnostic verifier policy with optional config restrictions."""
+    def __init__(self, config=None):
+        config = config or {}
+        schemas = config.get("schemas") or {}
+        if isinstance(schemas, list):
+            schemas = {said: {"name": said} for said in schemas}
+        self.schemas = schemas
+        self.allow_unknown_schemas = bool(config.get("allowUnknownSchemas", True))
+        self.issuers = set(config.get("issuers") or [])
+    def validate(self, creder):
+        if self.schemas and creder.schema not in self.schemas and not self.allow_unknown_schemas:
+            raise kering.ValidationError(f"unsupported credential schema {creder.schema}")
+        if self.issuers and creder.issuer not in self.issuers:
+            raise kering.ValidationError(f"credential issuer {creder.issuer} is not allowed")
+    def schema_name(self, schema):
+        entry = self.schemas.get(schema)
+        if isinstance(entry, dict):
+            return entry.get("name") or schema
+        if isinstance(entry, str):
+            return entry
+        return schema
+def credential_payload(reger, creder, policy):
+    attrs = dict(creder.sad.get("a") or {})
+    edges = creder.edge or creder.sad.get("e") or {}
+    data = {
+        "type": policy.schema_name(creder.schema),
+        "schema": creder.schema,
+        "issuer": creder.issuer,
+        "issueTimestamp": attrs.get("dt"),
+        "credential": creder.said,
+        "recipient": attrs.get("i"),
+        "attributes": attrs,
+        "edges": edges,
+        "rules": creder.sad.get("r"),
+        "chain": chain_summary(reger, creder),
+    }
+    return {key: value for key, value in data.items() if value is not None}
+def revocation_payload(reger, creder, policy):
+    state = reger.tevers[creder.regi].vcState(creder.said)
+    return {
+        "type": policy.schema_name(creder.schema),
+        "schema": creder.schema,
+        "credential": creder.said,
+        "issuer": creder.issuer,
+        "revocationTimestamp": state.dt if state is not None else None,
+    }
+def chain_summary(reger, creder):
+    seen = set()
+    out = []
+    def visit(current, label=None):
+        edges = current.edge or current.sad.get("e") or {}
+        if not isinstance(edges, dict):
+            return
+        for edge_label, edge in edges.items():
+            if not isinstance(edge, dict):
+                continue
+            said = edge.get("n")
+            if not said or said in seen:
+                continue
+            seen.add(said)
+            source = credential_by_said(reger, said)
+            out.append({
+                "label": label or edge_label,
+                "edge": edge_label,
+                "credential": said,
+                "schema": source.schema if source is not None else edge.get("s"),
+                "issuer": source.issuer if source is not None else None,
+                "operator": edge.get("o"),
+            })
+            if source is not None:
+                visit(source, edge_label)
+    visit(creder)
+    return out
+def credential_by_said(reger, said):
+    try:
+        return reger.creds.get(keys=(said,))
+    except TypeError:
+        return reger.creds.get(said)

interop_verifier/core/serving.py ADDED Viewed

@@ -0,0 +1,270 @@
+"""KERIpy/Hio service setup for the generalized verifier."""
+import json
+import os
+from importlib import resources
+import falcon
+from hio.base import doing
+from hio.core import http
+from hio.help import decking
+from keri.app import habbing, indirecting, notifying, oobiing, storing
+from keri.app.habbing import Hab, Habery
+from keri import kering
+from keri.core import eventing, parsing, routing, scheming
+from keri.end import ending
+from keri.peer import exchanging
+from keri.vc import protocoling
+from keri.vdr import verifying
+from keri.vdr.eventing import Tevery
+try:
+    from keri.vdr.eventing import Reger
+except ImportError:
+    from keri.vdr.viring import Reger
+from interop_verifier.core import basing, handling, httping, monitoring
+from interop_verifier.core.credentials import TeveryCuery
+from interop_verifier.core.policy import VerificationPolicy
+from interop_verifier.core.verifying import VerificationAgent
+def incept_if_new(hby: Habery, alias: str, incept_args: dict):
+    hab = hby.habByName(name=alias)
+    if hab is not None:
+        return hab
+    return hby.makeHab(name=alias, **inception_config(**incept_args))
+def run_doers(doers, expire=0.0):
+    doist = doing.Doist(limit=expire, tock=0.03125, real=True)
+    doist.do(doers=doers)
+def load_schemas(hby: Habery, paths):
+    for path in paths or []:
+        with open(path, "rb") as fp:
+            schemer = scheming.Schemer(raw=fp.read())
+        hby.db.schema.pin(keys=(schemer.said,), val=schemer)
+def setupDoers(
+    hby: Habery,
+    hab: Hab,
+    alias: str,
+    http_port: int,
+    hook: str,
+    policy: VerificationPolicy,
+    timeout: int = 10,
+    retry: int = 3,
+    clear_escrows: bool = True,
+    head_dir_path: str | None = None,
+):
+    hbyDoer = habbing.HaberyDoer(habery=hby)
+    obl = oobiing.Oobiery(hby=hby)
+    doers = [hbyDoer, *obl.doers]
+    doers += setup(
+        hby,
+        hab,
+        alias=alias,
+        httpPort=http_port,
+        hook=hook,
+        policy=policy,
+        timeout=timeout,
+        retry=retry,
+        clear_escrows=clear_escrows,
+        headDirPath=head_dir_path,
+    )
+    return doers
+def setup(
+    hby: Habery,
+    hab: Hab,
+    alias: str,
+    httpPort: int,
+    hook: str,
+    policy,
+    timeout=10,
+    retry=3,
+    clear_escrows=True,
+    headDirPath=None,
+):
+    cues = decking.Deck()
+    if hab is None:
+        raise ValueError(f"Identifier with alias '{alias}' does not exist")
+    app = falcon.App(middleware=httping.cors_middleware())
+    server = http.Server(port=httpPort, app=app)
+    httpServerDoer = http.ServerDoer(server=server)
+    reger = Reger(name=hab.name, db=hab.db, temp=False, headDirPath=headDirPath)
+    verifier = verifying.Verifier(hby=hby, reger=reger)
+    mbx = storing.Mailboxer(name=hby.name, headDirPath=headDirPath)
+    exc = exchanging.Exchanger(hby=hby, handlers=[])
+    rvy = routing.Revery(db=hby.db)
+    notifier = notifying.Notifier(hby=hby)
+    protocoling.loadHandlers(hby=hby, exc=exc, notifier=notifier)
+    kvy = eventing.Kevery(db=hby.db, lax=True, local=False, rvy=rvy)
+    kvy.registerReplyRoutes(router=rvy.rtr)
+    tvy = Tevery(reger=verifier.reger, db=hby.db, local=False)
+    tvy.registerReplyRoutes(router=rvy.rtr)
+    cdb = basing.CueBaser(name=hby.name, headDirPath=headDirPath)
+    if clear_escrows:
+        cdb.clearEscrows()
+    tc = TeveryCuery(cdb=cdb, reger=reger, cues=tvy.cues)
+    parser = parsing.Parser(framed=True, kvy=kvy, tvy=tvy, rvy=rvy, vry=verifier, exc=exc, version=kering.Vrsn_1_0)
+    comms = handling.Communicator(
+        hby=hby,
+        hab=hab,
+        cdb=cdb,
+        reger=reger,
+        hook=hook,
+        policy=policy,
+        timeout=timeout,
+        retry=retry,
+    )
+    httpEnd = CountingHttpEnd(rxbs=parser.ims, mbx=mbx)
+    app.add_route(
+        "/health",
+        monitoring.HealthEnd(
+            cdb=cdb,
+            hab=hab,
+            stats=lambda: verifier_stats(
+                parser=parser,
+                ingress=httpEnd,
+                hby=hby,
+                reger=reger,
+                notifier=notifier,
+            ),
+        ),
+    )
+    load_verifier_ends(app, hby=hby, hab=hab, httpPort=httpPort)
+    app.add_route("/", httpEnd)
+    agent = VerificationAgent(hab=hab, parser=parser, kvy=kvy, tvy=tvy, rvy=rvy, verifier=verifier, exc=exc, cues=cues)
+    return [
+        httpServerDoer,
+        comms,
+        tc,
+        *handling.loadHandlers(cdb=cdb, hby=hby, notifier=notifier, parser=parser),
+        agent,
+    ]
+def load_verifier_ends(app, hby: Habery, hab: Hab, httpPort: int):
+    app.add_route('/end/{aid}/{role}', ending.PointEnd(hby=hby))
+    app.add_route('/loc', ending.LocationEnd(hby=hby))
+    app.add_route('/admin', ending.AdminEnd(hby=hby))
+    end = VerifierOOBIEnd(hby=hby, hab=hab, httpPort=httpPort)
+    app.add_route("/oobi", end)
+    app.add_route("/oobi/{aid}", end)
+    app.add_route("/oobi/{aid}/{role}", end)
+    app.add_route("/oobi/{aid}/{role}/{eid}", end)
+class VerifierOOBIEnd(ending.OOBIEnd):
+    def __init__(self, hby: Habery, hab: Hab, httpPort: int):
+        super().__init__(hby=hby, default=hab.pre)
+        self.hab = hab
+        self.httpPort = httpPort
+    def on_get(self, req, rep, aid=None, role=None, eid=None):
+        aid = aid if aid is not None else self.default
+        if aid == self.hab.pre and (role is None or role == kering.Roles.controller) and (eid is None or eid == self.hab.pre):
+            if aid not in self.hby.kevers:
+                rep.status = falcon.HTTP_NOT_FOUND
+                return
+            kever = self.hby.kevers[aid]
+            if not self.hby.db.fullyWitnessed(kever.serder):
+                rep.status = falcon.HTTP_NOT_FOUND
+                return
+            url = f"http://127.0.0.1:{self.httpPort}"
+            msgs = bytearray()
+            msgs.extend(self.hab.replay(aid))
+            msgs.extend(self.hab.makeLocScheme(eid=self.hab.pre, scheme="http", url=url))
+            msgs.extend(self.hab.makeEndRole(self.hab.pre, kering.Roles.controller, True))
+            rep.status = falcon.HTTP_200
+            rep.set_header(ending.OOBI_AID_HEADER, aid)
+            rep.content_type = "application/cesr"
+            rep.data = bytes(msgs)
+            return
+        return super().on_get(req, rep, aid=aid, role=role, eid=eid)
+class CountingHttpEnd(indirecting.HttpEnd):
+    def __init__(self, *args, **kwargs):
+        self.posts = 0
+        self.puts = 0
+        self.lastPutSize = 0
+        self.lastPostSize = 0
+        super().__init__(*args, **kwargs)
+    def on_post(self, req, rep):
+        self.posts += 1
+        self.lastPostSize = int(req.get_header("Content-Length", required=False) or 0)
+        return super().on_post(req, rep)
+    def on_put(self, req, rep):
+        self.puts += 1
+        body = req.bounded_stream.read()
+        self.lastPutSize = len(body)
+        self.rxbs.extend(body)
+        rep.set_header('Content-Type', "application/json")
+        rep.status = falcon.HTTP_204
+def count_suber(suber):
+    if suber is None:
+        return 0
+    if hasattr(suber, "cntAll"):
+        return suber.cntAll()
+    if hasattr(suber, "getItemIter"):
+        return len(list(suber.getItemIter()))
+    return len(list(suber.getTopItemIter()))
+def verifier_stats(parser, ingress, hby, reger, notifier):
+    return {
+        "httpPosts": ingress.posts,
+        "httpPuts": ingress.puts,
+        "lastPostSize": ingress.lastPostSize,
+        "lastPutSize": ingress.lastPutSize,
+        "parserBacklog": len(parser.ims),
+        "exns": count_suber(hby.db.exns),
+        "exnEscrows": count_suber(hby.db.epse),
+        "notices": count_suber(notifier.noter.notes),
+        "savedCredentials": count_suber(reger.saved),
+        "missingSchemaEscrows": count_suber(reger.mse),
+        "missingRegistryEscrows": count_suber(reger.mre),
+        "missingChainEscrows": count_suber(reger.mce),
+    }
+def inception_config(name=None, base=None, alias=None, bran=None, incept_file=None, config_dir=None):
+    if incept_file is None:
+        raw = resources.files("interop_verifier.data").joinpath("interop-verifier-incept-no-wits.json").read_text()
+        config = json.loads(raw)
+    else:
+        path = incept_file if config_dir is None else os.path.join(config_dir, incept_file)
+        with open(path, "r", encoding="utf-8") as fp:
+            config = json.load(fp)
+    return {
+        "transferable": config.get("transferable", True),
+        "wits": config.get("wits", []),
+        "toad": config.get("toad", 0),
+        "icount": config.get("icount", 1),
+        "ncount": config.get("ncount", 1),
+        "isith": config.get("isith", "1"),
+        "nsith": config.get("nsith", "1"),
+        "delpre": config.get("delpre"),
+        "estOnly": config.get("estOnly", config.get("est_only", False)),
+        "data": config.get("data"),
+    }

interop_verifier/core/verifying.py ADDED Viewed

@@ -0,0 +1,40 @@
+"""Direct-mode parser and escrow processing doer."""
+from hio.base import doing
+from hio.help import decking
+class VerificationAgent(doing.DoDoer):
+    """Runs KERIpy parser, KEL/TEL/reply/verifier, and exchange escrows."""
+    def __init__(self, hab, parser, kvy, tvy, rvy, verifier, exc, cues=None, **opts):
+        self.hab = hab
+        self.parser = parser
+        self.kvy = kvy
+        self.tvy = tvy
+        self.rvy = rvy
+        self.verifier = verifier
+        self.exc = exc
+        self.cues = cues if cues is not None else decking.Deck()
+        super().__init__(doers=[doing.doify(self.msgDo), doing.doify(self.escrowDo)], **opts)
+    def msgDo(self, tymth=None, tock=0.0, **opts):
+        self.wind(tymth)
+        self.tock = tock
+        _ = yield self.tock
+        done = yield from self.parser.parsator(local=False)
+        return done
+    def escrowDo(self, tymth=None, tock=0.0, **opts):
+        self.wind(tymth)
+        self.tock = tock
+        _ = yield self.tock
+        while True:
+            self.kvy.processEscrows()
+            self.rvy.processEscrowReply()
+            if self.tvy is not None:
+                self.tvy.processEscrows()
+            if self.verifier is not None:
+                self.verifier.processEscrows()
+            self.exc.processEscrow()
+            yield

interop_verifier/data/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ """Package data for interop-verifier."""

interop_verifier/data/interop-verifier-incept-no-wits.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "transferable": true,
+  "wits": [],
+  "toad": 0,
+  "icount": 1,
+  "ncount": 1,
+  "isith": "1",
+  "nsith": "1"
+}

interop_verifier-1.0.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,79 @@
+Metadata-Version: 2.4
+Name: interop-verifier
+Version: 1.0.0
+Summary: Generalized Sally-style KERIpy verifier for ACDC interop tests
+Project-URL: Homepage, https://github.com/kentbull/interop-verifier
+Project-URL: Repository, https://github.com/kentbull/interop-verifier
+Project-URL: Issues, https://github.com/kentbull/interop-verifier/issues
+Author-email: Kent Bull <kent@kentbull.com>
+Keywords: acdc,cesr,ipex,keri,verifier
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security :: Cryptography
+Requires-Python: >=3.12.6
+Requires-Dist: falcon==4.0.2
+Requires-Dist: hio<0.7.0,>=0.6.14
+Requires-Dist: http-sfv==0.9.9
+Requires-Dist: keri<1.3.0,>=1.2.12
+Description-Content-Type: text/markdown
+# interop-verifier
+`interop-verifier` is a generalized Sally-style KERIpy verifier used by the
+`keri-ts` ACDC interop tests. It receives normal CESR/IPEX credential
+presentations, verifies them with KERIpy VDR state, and posts generic webhook
+payloads without hardcoding the vLEI credential chain.
+## Install
+```sh
+uv tool install interop-verifier
+```
+## Run from PyPI
+```sh
+interop-verifier start \
+  --name verifier \
+  --base "" \
+  --alias verifier \
+  --http 9723 \
+  --web-hook http://127.0.0.1:9923/
+```
+The verifier uses a bundled no-witness inception config by default. Pass
+`--incept-file` to use a custom KERIpy-style inception JSON file.
+## Run with Docker
+```sh
+docker run --rm -p 9723:9723 kentbull/interop-verifier:1.0.0 start \
+  --name verifier \
+  --head-dir /data \
+  --alias verifier \
+  --http 9723 \
+  --web-hook http://host.docker.internal:9923/
+```
+Mount `/data` to persist verifier key state.
+## Interfaces
+The verifier serves:
+- `GET /health` for liveness and queue counts.
+- `GET /oobi/{aid}/controller` for KERI controller OOBI resolution.
+- `PUT /` and `POST /` for CESR/KERI ingress.
+- Sally-style signed webhook callbacks for verified credentials.
+## Development
+```sh
+make sync
+make check
+make build
+make docker-build
+```

interop_verifier-1.0.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,18 @@
+interop_verifier/__init__.py,sha256=IH51cY922nVUxZCp0wbn7IZ0Ynattbbdj9wE32PK3N8,86
+interop_verifier/app/__init__.py,sha256=xv9zdJqymAw5KZoy3TU5tiwHRUARg1bfgAimDAs5ZB4,40
+interop_verifier/app/cli.py,sha256=kI97NvlH70mEknvQzzDb_DM7P4j6lBq5fn5ycICw5DE,3805
+interop_verifier/core/__init__.py,sha256=A_3HQyEpftQNnfmvU4KTwqVziB_447iREj_VLOeJlM8,32
+interop_verifier/core/basing.py,sha256=Ra8hdD9t5ZjQJKFE0_qXJ1FCBHpbrpWn_RIA1z0JA9Y,1897
+interop_verifier/core/credentials.py,sha256=s1gPcnrApQOUJ-MyKKLhg9gnG8Pq3lB3BFkD_lHo9Xk,1105
+interop_verifier/core/handling.py,sha256=A8VLGrsHja6z5EnsG_DRGK6Fk2iI0U0n3Sj6oVwHeoQ,7700
+interop_verifier/core/httping.py,sha256=bhMb2Cga7SCev_-mNC_9wmB8denHjR-gSrpkWW-fzCw,2572
+interop_verifier/core/monitoring.py,sha256=BEegMPIOPraNFPutDnRK_SphQqywuJPzw1z2_7ryIKE,643
+interop_verifier/core/policy.py,sha256=ZNrxV8531FCt-_emaIt89rmvQ9yyoJBIR_k3IREQnkg,3295
+interop_verifier/core/serving.py,sha256=QQCjAdrXLQGtPz_bkkhqMN9M8UGff-q1WklOk_HkjXM,8832
+interop_verifier/core/verifying.py,sha256=PtJjUkBn3_LnEvyWVNASIATQ0uvSlsy-ZVrhzp0PRho,1316
+interop_verifier/data/__init__.py,sha256=lrSPAc7jVZLKXQaTv3ZuM1FfvDBE3oatR_ueOTkkXM0,41
+interop_verifier/data/interop-verifier-incept-no-wits.json,sha256=iXEZzfPGPOhVjOSHEjzosUfdkQGvOtGcKOtF_Qb9LoY,116
+interop_verifier-1.0.0.dist-info/METADATA,sha256=uQSkdH1pk1K2xeZdH-AOW6vaDG9cCQekeOACMmIB9Tw,2170
+interop_verifier-1.0.0.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
+interop_verifier-1.0.0.dist-info/entry_points.txt,sha256=cDYQJ2GCQvvzpEGVUEH7kXcZ7UPLYeMbJa_s_AY2qfo,67
+interop_verifier-1.0.0.dist-info/RECORD,,

interop_verifier-1.0.0.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.30.1
+Root-Is-Purelib: true
+Tag: py3-none-any

interop_verifier-1.0.0.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ interop-verifier = interop_verifier.app.cli:main