KERI VDR API¶
keri.vdr.credentialing¶
KERI keri.vdr.credentialing module
VC issuer support
- class keri.vdr.credentialing.BaseRegistry(hab, reger, tvy, psr, name='test', regk=None, cues=None)[source]¶
Issuer provides encapsulation of creating a Verifiable Credential Registry with issuance and revocation of VCs against that registry.
The Registry consists of 1 management TEL for maintaining the state of the registry wrt special Backers that can act as witnesses of VC events, and 1 VC TEL for each VC issued that tracks the issuance and revocation status of those VCs.
- __init__(hab, reger, tvy, psr, name='test', regk=None, cues=None)[source]¶
Initialize Instance
- Parameters:
hab (Habitat) – instance of local controller’s context
name (str) – alias for this issuer
reger (Reger) – database instance for controller’s credentials
- anchorMsg(pre, regd, seqner, saider)[source]¶
Create key event with seal to serder anchored as data.
Performs a rotation or interaction event for single sig or multiple sig identifier to anchor the provide registry event. Inserts outbound cues for external processing of resulting events or multisig handling.
- processEvent(serder)[source]¶
Process registry events
- Parameters:
serder (Serder) – Registry TEL event to process
- property tevers¶
tevers property
Returns .reger.tevers
- class keri.vdr.credentialing.Credentialer(hby, rgy, registrar, verifier)[source]¶
- create(regname, recp: str, schema, source, rules, data, private=False)[source]¶
Create and validate a credential returning the fully populated Creder
- Parameters:
regname
recp (str)
schema
source
rules
data
private – add nonce for privacy preserving
- Returns:
Creder class for the issued credential
- Return type:
Creder
- escrowDo(tymth, tock=1.0)[source]¶
Process escrows of group multisig identifiers waiting to be completed.
- Steps involve:
Sending local event with sig to other participants
Waiting for signature threshold to be met.
If elected and delegated identifier, send complete event to delegator
If delegated, wait for delegator’s anchor
If elected, send event to witnesses and collect receipts.
Otherwise, wait for fully receipted event
- Parameters:
tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value. Default to 1.0 to slow down processing
- class keri.vdr.credentialing.Registrar(hby, rgy, counselor)[source]¶
- complete(pre, sn=0)[source]¶
Determine if registry event (inception, issuance, revocation, etc.) is finished validation
- Parameters:
pre (str) – qb64 identifier of registry event
sn (int) – integer sequence number of regsitry event
- Returns:
True means event has completed and is commited to database
- Return type:
bool
- escrowDo(tymth, tock=1.0)[source]¶
Process escrows of group multisig identifiers waiting to be compeleted.
- Steps involve:
Sending local event with sig to other participants
Waiting for signature threshold to be met.
If elected and delegated identifier, send complete event to delegator
If delegated, wait for delegator’s anchor
If elected, send event to witnesses and collect receipts.
Otherwise, wait for fully receipted event
- Parameters:
tymth (function) – injected function wrapper closure returned by .tymen() of Tymist instance. Calling tymth() returns associated Tymist .tyme.
tock (float) – injected initial tock value. Default to 1.0 to slow down processing
- incept(iserder, anc)[source]¶
- Parameters:
iserder (SerderKERI) – Serder object of TEL iss event
anc (SerderKERI) – Serder object of anchoring event
- Returns:
created registry
- Return type:
- issue(creder, iserder, anc)[source]¶
Create and process the credential issuance TEL events on the given registry
- Parameters:
creder (SerderACDC) – credential to issue
iserder (SerderKERI) – Serder object of TEL iss event
anc (SerderKERI) – Serder object of anchoring event
- processMultisigEscrow()[source]¶
Process escrow of group multisig events that do not have a full compliment of receipts from witnesses yet. When receipting is complete, remove from escrow and cue up a message that the event is complete.
- class keri.vdr.credentialing.Registry(hab, reger, tvy, psr, name='test', regk=None, cues=None)[source]¶
- issue(said, dt=None)[source]¶
Create and process an iss or bis message event
- Parameters:
said (str) – qb64 SAID of credential to issue
dt (str) – iso8601 formatted date time string of issuance
- Returns:
True if issuance is successful
- Return type:
boolean
- make(*, nonce=None, noBackers=True, baks=None, toad=None, estOnly=False, vcp=None)[source]¶
Delayed initialization of Issuer.
Actual initialization of Issuer from properties or loaded from .reger. Should only be called after .hab is initied.
- Parameters:
nonce (str)
noBackers (boolean) – True to allow specification of TEL specific backers
baks (list) – initial list of backer prefixes qb64 for VCs in the Registry
toad (str) – hex of witness threshold
estOnly (boolean) – True for forcing rotation events for every TEL event.
vcp (Serder) – optional vcp event serder if configured outside the Registry
- revoke(said, dt=None)[source]¶
Perform revocation of credential
Create and process rev or brv message event
- Parameters:
said (str) – qb64 SAID of the credential to revoke
dt (str) – iso8601 formatted date time string of revocation
- Returns:
True if revocation is successful.
- Return type:
boolean
- rotate(toad=None, cuts=None, adds=None)[source]¶
Rotate backer list for registry
- Parameters:
toad (int) – or str hex of backer threshold after cuts and adds
cuts (list) – of qb64 pre of backers to be removed from witness list
adds (list) – of qb64 pre of backers to be added to witness list
- Returns:
True if rotation is successful
- Return type:
boolean
- class keri.vdr.credentialing.SignifyRegistry(hab, reger, tvy, psr, name='test', regk=None, cues=None)[source]¶
- issue(said, dt=None)[source]¶
Create and process an iss or bis message event
- Parameters:
said (str) – qb64 SAID of credential to issue
dt (str) – iso8601 formatted date time string of issuance
- Returns:
True if issuance is successful
- Return type:
boolean
- make(*, regser)[source]¶
Delayed initialization of Issuer.
Actual initialization of Issuer from properties or loaded from .reger. Should only be called after .hab is initied.
- Parameters:
regser (Serder) – Regsitry inception event
- keri.vdr.credentialing.sendArtifacts(hby, reger, postman, creder, recp)[source]¶
Stream credential artifacts to recipient using postman
- Parameters:
hby
reger
postman (StreamPoster) – poster to stream credential with
creder
recp
Returns:
- keri.vdr.credentialing.sendCredential(hby, hab, reger, postman, creder, recp)[source]¶
Stream credential and all cryptographic artifacts to recipient using postman
- Parameters:
hby
hab
reger
postman (StreamPoster) – poster to stream credential with
creder
recp
Returns:
keri.vdr.eventing¶
KERI keri.vdr.eventing module
VC TEL support
- class keri.vdr.eventing.Tever(cues=None, rsr=None, serder=None, seqner=None, saider=None, bigers=None, db=None, reger=None, noBackers=None, estOnly=None, regk=None, local=False)[source]¶
Tever is KERI/ACDC transaction event log verifier class Only supports current version VERSION
Has the following public attributes and properties:
- Class Attributes:
- .NoBackers is Boolean
True means do not allow backers (default to witnesses of controlling KEL) False means allow backers (ignore witnesses of controlling KEL)
- .db is reference to Baser instance that managers the LMDB database
- .reg is regerence to Registry instance that manages VC LMDB database
- .regk is fully qualified base64 identifier prefix of own Registry if any
- .local is Boolean
True means only process msgs for own events if .regk False means only process msgs for not own events if .regk
- .version is version of current event state
- .prefixer is prefixer instance fParemtersor current event state
- .sn is sequence number int
- .serder is Serder instance of current event with .serder.diger for digest
- .toad is int threshold of accountable duplicity
- .baks is list of qualified qb64 aids for backers
- .cuts is list of qualified qb64 aids for backers cut from prev wits list
- .adds is list of qualified qb64 aids for backers added to prev wits list
- .noBackers is boolean trait True means do not allow backers
- __init__(cues=None, rsr=None, serder=None, seqner=None, saider=None, bigers=None, db=None, reger=None, noBackers=None, estOnly=None, regk=None, local=False)[source]¶
Create incepting tever and state from registry inception serder
Create incepting tever and state from registry inception serder
- Parameters:
serder (Serder) – instance of registry inception event
rsr (RegStateRecord) – transaction state notice state message Serder
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event said from controlling KEL.
bigers (list) – list of Siger instances of indexed backer signatures of event. Index is offset into baks list of latest est event
db (Baser) – instance of baser lmdb database
reger (Reger) – instance of VC lmdb database
noBackers (bool) – True means do not allow backer configuration
estOnly (bool) – True means do not allow interaction events
regk (str) – identifier prefix of own or local registry. May not be the prefix of this Tever’s event. Some restrictions if present
local (bool) – True means only process msgs for own controller’s events if .regk. False means only process msgs for not own events if .regk
- Returns:
instance representing credential Registry
- Return type:
- config(serder, noBackers=None, estOnly=None)[source]¶
Process cnfg field for configuration traits
Parse and validate the configuration options for registry inception from the c field of the provided inception event.
- Parameters:
serder (Serder) – credential registry inception event vcp
noBackers (bool) – override flag for specifying a registry with no additional backers beyond the controlling KEL’s witnesses
- escrowALEvent(serder, seqner, saider, bigers=None, baks=None)[source]¶
Update associated logs for escrow of anchorless event
- Parameters:
- Returns:
True if escrow is successful, False otherwith (eg. already escrowed)
- Return type:
bool
- escrowPWEvent(serder, seqner, saider, bigers=None)[source]¶
Update associated logs for escrow of partially witnessed event
- getBackerState(ked)[source]¶
Calculate and return the current list of backers for event dict
- Parameters:
ked (dict) – event dict
- Returns:
qb64 of current list of backers for state at ked
- Return type:
list
- incept(serder)[source]¶
Validate registry inception event and initialize local attributes
Parse and validate registry inception event for this Tever. Update all local attributes with initial values.
- Parameters:
serder (Serder) – registry inception event (vcp)
- issue(serder, seqner, saider, sn, bigers=None)[source]¶
Process VC TEL issuance events (iss, bis)
Validate and process credential issuance events. If valid, event is persisted in local datastore for TEL. Will escrow event if missing anchor or backer signatures
- Parameters
serder (Serder): instance of issuance or backer issuance event seqner (Seqner): issuing event sequence number from controlling KEL. saider (Saider): issuing event SAID from controlling KEL. sn (int): event sequence event bigers (list): of Siger instances of indexed witness signatures.
Index is offset into wits list of associated witness nontrans pre from which public key may be derived.
- logEvent(pre, sn, serder, seqner, saider, bigers=None, baks=None)[source]¶
Update associated logs for verified event.
Update is idempotent. Logs will not write dup at key if already exists.
- Parameters:
pre (str) – is event prefix
sn (int) – is event sequence number
serder (Serder) – is Serder instance of current event
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event SAID from controlling KEL.
bigers (list) – is optional list of Siger instance of indexed backer sigs
baks (list) – is optional list of qb64 non-trans identifiers of backers
- reload(rsr)[source]¶
Reload Tever attributes (aka its state) from state serder
Reload Tever attributes (aka its state) from state serder
- Parameters:
rsr (RegStateRecord) – instance of key stat notice ‘ksn’ message body
- revoke(serder, seqner, saider, sn, bigers=None)[source]¶
Process VC TEL revocation events (rev, brv)
Validate and process credential revocation events. If valid, event is persisted in local datastore for TEL. Will escrow event if missing anchor or backer signatures
- Parameters
serder (Serder): instance of issuance or backer issuance event seqner (Seqner): issuing event sequence number from controlling KEL. saider (Saider): issuing event digest from controlling KEL. sn (int): event sequence event bigers (list): of Siger instances of indexed witness signatures.
Index is offset into wits list of associated witness nontrans pre from which public key may be derived.
- rotate(serder, sn)[source]¶
Process registry management TEL, non-inception events (vrt)
- Parameters:
serder (Serder) – registry rotation event
sn (int) – sequence number of event
- Returns:
calculated backer threshold list: new list of backers after applying cuts and adds to previous list list: list of backer adds processed from event list: list of backer cuts processed from event
- Return type:
int
- state()[source]¶
Returns RegStateRecord of state notice of given Registry Event Log (REL)
- Returns:
(RegStateRecord): instance for this Tever
- Return type:
rsr
- update(serder, seqner=None, saider=None, bigers=None)[source]¶
Process registry non-inception events.
Process non-inception registry and credential events and update local Tever state for registry or credential
- Parameters:
serder (Serder) – instance of issuance or backer issuance event
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event SAID from controlling KEL.
bigers (list) – of Siger instances of indexed witness signatures. Index is offset into wits list of associated witness nontrans pre from which public key may be derived.
- valAnchorBigs(serder, seqner, saider, bigers, toad, baks)[source]¶
Validate anchor and backer signatures (bigers) when provided.
- Validates sigers signatures by validating indexes, verifying signatures, and
validating threshold sith.
- Validate backer receipts by validating indexes, verifying
backer signatures and validating toad.
Backer validation is a function of .regk and .local
- Parameters:
serder (Serder) – instance of event
seqner (Seqner) – issuing event sequence number from controlling KEL.
saider (Saider) – issuing event said from controlling KEL.
bigers (list) – Index is offset into wits list of associated witness nontrans pre from which public key may be derived.
toad (int) – str hex of witness threshold
baks (list) – qb64 non-transferable prefixes of backers used to derive werfers for bigers
- Returns:
unique validated signature verified members of inputed bigers
- Return type:
list
- vcSn(vci)[source]¶
Calculates the current seq no of VC from db.
Returns None if never issued from this Registry
- Parameters:
vci (str) – qb64 VC identifier
- Returns:
current TEL sequence number of credential or None if not found
- Return type:
int
- vcState(vci)[source]¶
Calculate state (issued/revoked) of VC from db.
Returns None if never issued from this Registry
- Parameters:
vci (str) – qb64 VC identifier
- Returns:
transaction event state notification message
- Return type:
status (Serder)
- class keri.vdr.eventing.Tevery(Transaction Event Message Processing Facility)[source]¶
Tevery processes an incoming message stream composed of KERI key event related messages and attachments. Tevery acts as a Tever (transaction event verifier) factory for managing transaction state of KERI credential registries and associated credentials.
- local¶
True means only process msgs for own events if .regk False means only process msgs for not own events if .regk
- Type:
bool
- cues¶
notices generated from processing events
- Type:
Deck
- __init__(reger=None, db=None, local=False, lax=False, cues=None, rvy=None)[source]¶
Initialize instance:
- escrowOOEvent(serder, seqner, saider)[source]¶
Escrow out-of-order TEL events.
Saves the serialized event, anchor and event digest in escrow for any event that is received out of order.
- Examples include registry rotation events, credential issuance event
received before the registry inception event or a credential revocation event received before the issuance event.
- property kevers¶
Returns .db.kevers read through cache of key event logs
- processEscrowAnchorless()[source]¶
Process escrow of TEL events received before the anchoring KEL event.
- Process anchorless events in the following way:
loop over event digests saved in taes
deserialize event out of tvts
load backer signatures out of tibs
read anchor information out of ancs
perform process event
Remove event digest from oots if processed successfully or a non-anchorless event occurs.
- processEscrowOutOfOrders()[source]¶
Loop through out of order escrow:
- Process out of order events in the following way:
loop over event digests saved in oots
deserialize event out of tvts
read anchor information out of .ancs
perform process event
Remove event digest from oots if processed successfully or a non-out-of-order event occurs.
- processEvent(serder, seqner=None, saider=None, wigers=None)[source]¶
Process one event serder with attached indexed signatures sigers
Validates event against current state of registry or credential, creating registry on inception events and processing change in state to credential or registry for other events
- processQuery(serder, source=None, sigers=None, cigars=None)[source]¶
Process TEL query event message (qry)
Process query mode replay message for collective or single element query. Will cue response message with kin of “replay”. Assume promiscuous mode for now.
- Parameters:
serder (Serder) – is query message serder
source (qb64) – identifier prefix of querier
sigers (list) – Siger instances of attached controller indexed sigs
cigars (list) – Siger instances of non-transferable signatures
- processReplyCredentialTxnState(*, serder, saider, route, cigars=None, tsgs=None, **kwargs)[source]¶
Process one reply message for key state = /tsn/registry
Process one reply message for key state = /tsn/registry with either attached nontrans receipt couples in cigars or attached trans indexed sig groups in tsgs. Assumes already validated saider, dater, and route from serder.ked
- Parameters:
serder (Serder) – instance of reply msg (SAD)
saider (Saider) – instance from said in serder (SAD)
route (str) – reply route
cigars (list) – of Cigar instances that contain nontrans signing couple signature in .raw and public key in .verfer
tsgs (list) – tuples (quadruples) of form (prefixer, seqner, diger, [sigers]) where: prefixer is pre of trans endorser seqner is sequence number of trans endorser’s est evt for keys for sigs diger is digest of trans endorser’s est evt for keys for sigs [sigers] is list of indexed sigs from trans endorser’s keys from est evt
Reply Message: {
“v” : “KERI10JSON00011c_”, “t” : “rpy”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “/tsn/EgHOJJ9mgNosU2hgt7bsM8AViwgz–ey3ZXWgfIcxdpI”, “a” :
- {
“v”: “KERI10JSON00012d_”, “i”: “EDGhJ8V1tuwH55Bk0fBFe9L0za2BUNOt2FX4GUeOLNHQ”, “s”: “0”, “d”: “ENNTabgWbaNqOKLqEZdQCjxbafwwSoXNzAsE1Enq-kdk”, “ri”: “EoN_Ln_JpgqsIys-jDOH8oWdxgWqs7hzkDGeLWHb9vSY”, “a”: {
“s”: 3, “d”: “Ex7i6wv4YzDRTO9_iHkTQSXrvLYldSd_UEjNfqia3Pqc”
}, “dt”: “2021-01-01T00:00:00.000000+00:00”, “et”: “bis”
}
}
- processReplyRegistryTxnState(*, serder, saider, route, cigars=None, tsgs=None, **kwargs)[source]¶
Process one reply message for key state = /tsn/registry
Process one reply message for key state = /tsn/registry with either attached nontrans receipt couples in cigars or attached trans indexed sig groups in tsgs. Assumes already validated saider, dater, and route from serder.ked
- Parameters:
serder (Serder) – instance of reply msg (SAD)
saider (Saider) – instance from said in serder (SAD)
route (str) – reply route
cigars (list) – of Cigar instances that contain nontrans signing couple signature in .raw and public key in .verfer
tsgs (list) – tuples (quadruples) of form (prefixer, seqner, diger, [sigers]) where: prefixer is pre of trans endorser seqner is sequence number of trans endorser’s est evt for keys for sigs diger is digest of trans endorser’s est evt for keys for sigs [sigers] is list of indexed sigs from trans endorser’s keys from est evt
Reply Message: {
“v” : “KERI10JSON00011c_”, “t” : “rpy”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “/tsn/EgHOJJ9mgNosU2hgt7bsM8AViwgz–ey3ZXWgfIcxdpI”, “a” :
- {
“v”: “KERI10JSON0001b0_”, “i”: “EoN_Ln_JpgqsIys-jDOH8oWdxgWqs7hzkDGeLWHb9vSY”, “s”: “1”, “d”: “EpltHxeKueSR1a7e0_oSAhgO6U7VDnX7x4KqNCwBqbI0”, “ii”: “EaKJ0FoLxO1TYmyuprguKO7kJ7Hbn0m0Wuk5aMtSrMtY”, “dt”: “2021-01-01T00:00:00.000000+00:00”, “et”: “vrt”, “a”: {
“s”: 2, “d”: “Ef12IRHtb_gVo5ClaHHNV90b43adA0f8vRs3jeU-AstY”
}, “bt”: “1”, “br”: [], “ba”: [
“BwFbQvUaS4EirvZVPUav7R_KDHB8AKmSfXNpWnZU_YEU”
], “b”: [
“BwFbQvUaS4EirvZVPUav7R_KDHB8AKmSfXNpWnZU_YEU”
], “c”: []
}
}
- registerReplyRoutes(router)[source]¶
Register the routes for processing messages embedded in rpy event messages
- Parameters:
router (Router) – reply message router
- property registries¶
Returns .reger.registries
- static registryKey(serder)[source]¶
Utility method to extract registry key from any type of TEL serder
- Parameters:
serder (Serder) – event messate
- Returns:
qb64 registry identifier
- Return type:
str
- property tevers¶
Returns .reger.tevers read through cache of credential registries
- keri.vdr.eventing.backerIssue(vcdig, regk, regsn, regd, version=(1, 0), kind='JSON', dt=None)[source]¶
Returns serder of backer issuance (bis) message event
Returns serder of bis message event Utility function to create a VC issuance event
- Parameters:
vcdig (str) – qb64 SAID of credential
regk (str) – qb64 AID of credential registry
regsn (int) – sequence number of anchoring registry TEL event
regd (str) – digest qb64 of anchoring registry TEL event
version (Versionage) – the API version
kind (str) – the event type
dt (str) – ISO 8601 formatted date string of issuance date
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.backerRevoke(vcdig, regk, regsn, regd, dig, version=(1, 0), kind='JSON', dt=None)[source]¶
Returns serder of backer credential revocation (brv) message event
Returns serder of brv message event Utility function to create a VC revocation event
- Parameters:
vcdig (str) – qb64 SAID of credential
regk (str) – qb64 AID of credential registry
regsn (int) – sequence number of anchoring registry TEL event
regd (str) – digest qb64 of anchoring registry TEL event
dig (str)
version (Versionage) – the API version
kind (str) – the event type
dt (str) – ISO 8601 formatted date string of issuance date
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.incept(pre, toad=None, baks=None, nonce=None, cnfg=None, version=(1, 0), kind='JSON', code='E')[source]¶
Returns serder of credential registry inception (vcp) message event
Returns serder of vcp message event Utility function to create a Registry inception event
- Parameters:
pre (str) – issuer identifier prefix qb64
toad (Union(int,str)) – int or str hex of backer threshold
baks (list) – the initial list of backers prefixes for VCs in the Registry
nonce (str) – qb64 encoded ed25519 random seed of credential registry
cnfg (list) – is list of strings TraitDex of configuration traits
version (Versionage) – the API version
kind (str) – the event type
code (str) – default code for Prefixer
- Returns:
Event message Serder
- Return type:
Serder
- keri.vdr.eventing.issue(vcdig, regk, version=(1, 0), kind='JSON', dt=None)[source]¶
Returns serder of issuance (iss) message event
Returns serder of iss message event Utility function to create a VC issuance event
- Parameters:
vcdig (str) – qb64 SAID of credential
regk (str) – qb64 AID of credential registry
version (Versionage) – the API version
kind (str) – the event type
dt (str) – ISO 8601 formatted date string of issuance date
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.query(regk, vcid, route='', replyRoute='', dt=None, dta=None, dtb=None, stamp=None, version=(1, 0), kind='JSON')[source]¶
Returns serder of credentialquery (qry) event message.
Returns serder of query event message. Utility function to automate creation of interaction events.
- Parameters:
regk (str) – qb64 AID of credential registry
vcid (str) – qb64 SAID of credential
route (str) – namesapaced path, ‘/’ delimited, that indicates data flow handler (behavior) to processs the query
replyRoute (str) – namesapaced path, ‘/’ delimited, that indicates data flow handler (behavior) to processs reply message to query if any.
dt (str) – ISO 8601 formatted datetime query
dta (str) – ISO 8601 formatted datetime after query
dtb (str) – ISO 8601 formatted datetime before query
stamp (str) – ISO 8601 formatted current datetime of query message
version (Versionage) – the API version
kind (str) – the event type
- Returns:
query event message Serder
- Return type:
Serder
- keri.vdr.eventing.revoke(vcdig, regk, dig, version=(1, 0), kind='JSON', dt=None)[source]¶
Returns serder of backerless credential revocation (rev) message event
Returns serder of rev message event Utility function to create a VC revocation vent
- Parameters:
vcdig (str) – qb64 SAID of credential
regk (str) – qb64 AID of credential registry
dig (str) – digest of previous event qb64
version (Versionage) – the API version
kind (str) – the event type
dt (str) – ISO 8601 formatted date string of revocation date
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.rotate(regk, dig, sn=1, toad=None, baks=None, cuts=None, adds=None, version=(1, 0), kind='JSON')[source]¶
Returns serder of registry rotation (brt) message event
Returns serder of vrt message event Utility function to create a Registry rotation event
- Parameters:
regk (str) – identifier prefix qb64
dig (str) – qb64 digest or prior event
sn (int) – sequence number
toad (int) – int or str hex of witness threshold
baks (list) – prior backers prefixes qb64
cuts (list) – witness prefixes to cut qb64
adds (list) – witness prefixes to add qb64
version (Versionage) – the API version
kind (str) – the event type
- Returns:
event message Serder
- Return type:
Serder
- keri.vdr.eventing.state(pre, said, sn, ri, eilk, dts=None, toad=None, wits=None, cnfg=None, version=(1, 0))[source]¶
- Utility function to create a RegStateRecord of state notice of a given
Registry Event Log (REL)
- Returns:
rsr: (RegStateRecord): instance
- Parameters:
pre (str) – identifier prefix qb64
sn (int) – int sequence number of latest event
said (str) – digest of latest event
ri (str) – qb64 AID of credential registry
eilk (str) – message type (ilk) oflatest event
a (dict) – key event anchored seal data
dts (str)
toad (int) – int of witness threshold
wits (list) – list of witness prefixes qb64
cnfg (list) – list of strings TraitDex of configuration traits
version (str) – Version instance
kind (str) – serialization kind
- Returns:
Event message Serder
- Return type:
Serder
Key State Dict {
“v”: “KERI10JSON00011c_”, “i”: “EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM”, “s”: “2”:, “p”: “EYAfSVPzhzZ-i0d8JZS6b5CMAoTNZH3ULvaU6JR2nmwy”, “d”: “EAoTNZH3ULvaU6JR2nmwyYAfSVPzhzZ-i0d8JZS6b5CM”, “ri”: “EYAfSVPzhzZ-i0d8JZS6b5CMAoTNZH3ULvaU6JR2nmwy”, “dt”: “2020-08-22T20:35:06.687702+00:00”, “et”: “vrt”, “a”: {i=12, d=”EYAfSVPzhzS6b5CMaU6JR2nmwyZ-i0d8JZAoTNZH3ULv”}, “k”: [“DaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM”], “n”: “EZ-i0d8JZAoTNZH3ULvaU6JR2nmwyYAfSVPzhzS6b5CM”, “bt”: “1”, “b”: [“DnmwyYAfSVPzhzS6b5CMZ-i0d8JZAoTNZH3ULvaU6JR2”], “di”: “EYAfSVPzhzS6b5CMaU6JR2nmwyZ-i0d8JZAoTNZH3ULv”, “c”: [“EO”],
}
- keri.vdr.eventing.vcstate(vcpre, said, sn, ri, eilk, a, ra=None, dts=None, version=(1, 0), kind='JSON')[source]¶
Returns the credential transaction state notification
Returns serder of credential transaction state notification message. Utility function to automate creation of tsn events.
- Parameters:
vcpre (str) – is qb64 SAID of the credential
said (str) – is qb64 digest of latest event
sn (int) – sequence number of latest event
ri (str) – registry identifier
ra (dict) – optional registry seal for registries with backers
eilk (str) – is message type (ilk) of latest event
a (dict) – is seal for anchor in KEL
dts (str) – iso8601 formatted date string of state
version (Version) – is KERI version instance
kind (str) – is serialization kind
Credential Transaction State Dict {
“v”: “KERI10JSON00012d_”, “i”: “EDGhJ8V1tuwH55Bk0fBFe9L0za2BUNOt2FX4GUeOLNHQ”, “s”: “0”, “d”: “ENNTabgWbaNqOKLqEZdQCjxbafwwSoXNzAsE1Enq-kdk”, “ri”: “EoN_Ln_JpgqsIys-jDOH8oWdxgWqs7hzkDGeLWHb9vSY”, “a”: {
“s”: 3, “d”: “Ex7i6wv4YzDRTO9_iHkTQSXrvLYldSd_UEjNfqia3Pqc”
}, “dt”: “2021-01-01T00:00:00.000000+00:00”, “et”: “bis”
}
keri.vdr.verifying¶
KERI keri.vdr.verifying module
VC verifier support
- class keri.vdr.verifying.Verifier(hby, reger=None, creds=None, cues=None, expiry=36000000000)[source]¶
Verifier class accepts and validates TEL events.
- __init__(hby, reger=None, creds=None, cues=None, expiry=36000000000)[source]¶
Initialize Verifier instance
- processCredential(creder, prefixer, seqner, saider)[source]¶
Credential data and signature(s) verification
Verify the data of the credential against the schema, the SAID of the credential and the CESR Proof on the credential and if valid, store the credential
- processMessages(creds=None)[source]¶
Process message dicts in msgs or if msgs is None in .msgs
- Parameters:
creds (decking.Deck) – each entry is dict that matches call signature of .processCredential
- query(pre, regk, vcid, *, dt=None, dta=None, dtb=None, **kwa)[source]¶
Returns query message for querying registry
- saveCredential(creder, prefixer, seqner, saider)[source]¶
Write the credential and associated indicies to the database
- setup()[source]¶
Delayed initialization of instance by createing .tvy and .psr.
Should not be called until .hab is initialized
- property tevers¶
Returns .db.tevers
keri.vdr.viring¶
keri.db.viring module
VIR Verifiable Issuance(Revocation) Registry
Provides public simple Verifiable Credential Issuance/Revocation Registry A special purpose Verifiable Data Registry (VDR)
- class keri.vdr.viring.RegStateRecord(vn: list[int] = <factory>, i: str = '', s: str = '0', d: str = '', ii: str = '', dt: str = '', et: str = '', bt: str = '0', b: list = <factory>, c: list[str] = <factory>)[source]¶
Registry Event Log (REL) State information
(see reger.state at ‘stts’ for database that holds these records keyed by Registry SAID, i field)
- vn¶
version number [major, minor]
- Type:
list[int]
- i¶
registry SAID qb64 (registry inception event SAID)
- Type:
str
- s¶
sequence number of latest event in KEL as hex str
- Type:
str
- d¶
latest registry event digest qb64
- Type:
str
- ii¶
registry issuer identifier aid qb64
- Type:
str
- dt¶
datetime iso-8601 of registry state record update, usually now
- Type:
str
- et¶
event packet type (ilk)
- Type:
str
- bt¶
backer threshold hex num
- Type:
str
- b¶
backer aids qb64
- Type:
list[str]
- c¶
config traits
- Type:
list[str]
Note: the seal anchor dict ‘a’ field is not included in the state notice because it may be verbose and would impede the main purpose of a notice which is to trigger the download of the latest events, which would include the anchored seals.
- rsr = viring.RegStateRecord(
vn=list(version), # version number as list [major, minor] i=ri, # qb64 registry SAID s=”{:x}”.format(sn), # lowercase hex string no leading zeros d=said, ii=pre, dt=dts, et=eilk, bt=”{:x}”.format(toad), # hex string no leading zeros lowercase b=wits, # list of qb64 may be empty c=cnfg if cnfg is not None else [], )
- class keri.vdr.viring.Reger(headDirPath=None, reopen=True, **kwa)[source]¶
Reger sets up named sub databases for TEL registry
- see superclass LMDBer for inherited attributes
- .tvts is named sub DB whose values are serialized TEL events
dgKey DB is keyed by identifier prefix plus digest of serialized event Only one value per DB key is allowed
- .tels is named sub DB of transaction event log tables that map sequence
numbers to serialized event digests. snKey Values are digests used to lookup event in .tvts sub DB DB is keyed by identifier prefix plus sequence number of tel event Only one value per DB key is allowed
- .tibs is named sub DB of indexed backer signatures of event
Backers always have nontransferable indetifier prefixes. The index is the offset of the backer into the backer list of the anchored management event wrt the receipted event. dgKey DB is keyed by identifier prefix plus digest of serialized event More than one value per DB key is allowed
- .oots is named sub DB of out of order escrowed event tables
that map sequence numbers to serialized event digests. snKey Values are digests used to lookup event in .tvts sub DB DB is keyed by identifier prefix plus sequence number of key event Only one value per DB key is allowed
- .baks is named sub DB of ordered list of backers at given point in
management TEL. dgKey DB is keyed by identifier prefix plus digest of serialized event More than one value per DB key is allowed
- .twes is named sub DB of partially witnessed escrowed event tables
that map sequence numbers to serialized event digests. snKey Values are digests used to lookup event in .tvts sub DB DB is keyed by identifier prefix plus sequence number of tel event Only one value per DB key is allowed
- .taes is named sub DB of anchorless escrowed event tables
that map sequence numbers to serialized event digests. snKey Values are digests used to lookup event in .tvts sub DB DB is keyed by identifier prefix plus sequence number of tel event Only one value per DB key is allowed
- .ancs is a named sub DB of anchors to KEL events. Quadlet
Each quadruple is concatenation of four fully qualified items of validator. These are: transferable prefix, plus latest establishment event sequence number plus latest establishment event digest, plus indexed event signature. When latest establishment event is multisig then there will be multiple quadruples one per signing key, each a dup at same db key. dgKey DB is keyed by identifier prefix plus digest of serialized event Only one value per DB key is allowed
- .regs is named subDB instance of Komer that maps registry names to registry keys
key is habitat name str value is serialized RegistryRecord dataclass
- __init__(headDirPath=None, reopen=True, **kwa)[source]¶
Setup named sub databases.
- Inherited Parameters:
- name (str): directory path name differentiator for main database
When system employs more than one keri database, name allows differentiating each instance by name
- temp (boolean,): assign to .temp
True then open in temporary directory, clear on close Othewise then open persistent directory, do not clear on close
- headDirPath (Optional(str)): head directory pathname for main database
If not provided use default .HeadDirpath
mode (int): numeric os dir permissions for database directory reopen (boolean,): IF True then database will be reopened by this init
Notes:
dupsort=True for sub DB means allow unique (key,pair) duplicates at a key. Duplicate means that is more than one value at a key but not a redundant copies a (key,value) pair per key. In other words the pair (key,value) must be unique both key and value in combination. Attempting to put the same (key,value) pair a second time does not add another copy.
Duplicates are inserted in lexocographic order by value, insertion order.
- addBak(key, val)[source]¶
Use dgKey() Add prefix val bytes as dup to key in db Adds to existing values at key if any Returns True If at least one of vals is added as dup, False otherwise Duplicates are inserted in insertion order.
- addTib(key, val)[source]¶
Use dgKey() Add indexed witness signature val bytes as dup to key in db Adds to existing values at key if any Returns True if written else False if dup val already exists Duplicates are inserted in lexocographic order not insertion order.
- cloneCred(said)[source]¶
Load base credential and CESR proof signatures from database.
Base credential and all signatures are returned from the credential data store. If root is specified, all signatures are transposed to have that path as the root. This is used to embed the credential in another SAD at the location of the specified root.
- Parameters:
said (str or bytes) – qb64 SAID of credential
- cloneCreds(saids, db)[source]¶
Returns fully expanded credential with chained credentials attached.
- Parameters:
saids (list) – of Saider objects:
db (Baser) – baser object to load schema
- Returns:
fully hydrated credentials with full chains provided
- Return type:
list
- clonePreIter(pre, fn=0)[source]¶
Iterator of first seen event messages
Returns iterator of first seen event messages with attachments for the TEL prefix pre starting at fir`st seen order number, fn. Essentially a replay in first seen order with attachments
- Parameters:
pre (bytes) – qb64 identifier prefix of registry state TEL
fn (int) – first seen ordinal
- Returns:
bytearray per serializeed event msg
- Return type:
iterator
- cntBaks(key)[source]¶
Use dgKey() Return count of backer prefixes at key Returns zero if no entry at key
- cntTels(pre, fn=0)[source]¶
Returns count of all (fn, dig) for all events with same prefix, pre, in database.
- Parameters:
prefix (pre is bytes of itdentifier)
fn=0 (fn is int fn to resume replay. Earliset is)
- cntTibs(key)[source]¶
Use dgKey() Return count of indexed witness signatures at key Returns zero if no entry at key
- delAnc(key)[source]¶
Use dgKey() Deletes value at key. Returns True If key exists in database Else False
- delBak(key, val)[source]¶
Use dgKey() Deletes dup val at key in db. Returns True If dup at exists in db Else False
- Parameters:
keyspace (key is bytes of key within sub db's)
val (val is dup)
- delBaks(key)[source]¶
Use dgKey() Deletes all values at key in db. Returns True If key exists in database Else False
- delOot(key)[source]¶
Use snKey() Deletes value at key. Returns True If key exists in database Else False
- delTae(key)[source]¶
Use snKey() Deletes value at key. Returns True If key exists in database Else False
- delTel(key)[source]¶
Use snKey() Deletes value at key. Returns True If key exists in database Else False
- delTibs(key, val=b'')[source]¶
Use dgKey() Deletes all values at key if val = b’’ else deletes dup val = val. Returns True If key exists in database (or key, val if val not b’’) Else False
- delTvt(key)[source]¶
Use dgKey() Deletes value at key. Returns True If key exists in database Else False
- delTwe(key)[source]¶
Use snKey() Deletes value at key. Returns True If key exists in database Else False
- getBaks(key)[source]¶
Use dgKey() Return list of backer prefixes at key Returns empty list if no entry at key Duplicates are retrieved in insertion order.
- getBaksIter(key)[source]¶
Use dgKey() Return iterator of backer prefixes at key Raises StopIteration Error when empty Duplicates are retrieved in insertion order.
- getTelItemPreIter(pre, fn=0)[source]¶
Returns iterator of all (fn, dig) duples in first seen order for all events with same prefix, pre, in database. Items are sorted by fnKey(pre, fn) where fn is first seen order number int. Returns a First Seen Event Log TEL. Returned items are duples of (fn, dig): Where fn is first seen order number int and dig is event digest for lookup in .evts sub db.
Raises StopIteration Error when empty.
- Parameters:
prefix (pre is bytes of itdentifier)
fn=0 (fn is int fn to resume replay. Earliset is)
- getTibs(key)[source]¶
Use dgKey() Return list of indexed witness signatures at key Returns empty list if no entry at key Duplicates are retrieved in lexocographic order not insertion order.
- getTibsIter(key)[source]¶
Use dgKey() Return iterator of indexed witness signatures at key Raises StopIteration Error when empty Duplicates are retrieved in lexocographic order not insertion order.
- logCred(creder, prefixer, seqner, saider)[source]¶
Save the base credential and seals (est evt+sigs quad) with no indices.
- putAnc(key, val)[source]¶
Use dgKey() Write serialized VC bytes val to key Does not overwrite existing val if any Returns True If val successfully written Else False Return False if key already exists
- putBaks(key, vals)[source]¶
Use dgKey() Write each entry from list of bytes prefixes to key Adds to existing backers at key if any Returns True If at least one of vals is added as dup, False otherwise Duplicates are inserted in insertion order.
- putOot(key, val)[source]¶
Use snKey() Write serialized VC bytes val to key Does not overwrite existing val if any Returns True If val successfully written Else False Return False if key already exists
- putTae(key, val)[source]¶
Use snKey() Write serialized VC bytes val to key Does not overwrite existing val if any Returns True If val successfully written Else False Return False if key already exists
- putTel(key, val)[source]¶
Use snKey() Write serialized VC bytes val to key Does not overwrite existing val if any Returns True If val successfully written Else False Return False if key already exists
- putTibs(key, vals)[source]¶
Use dgKey() Write each entry from list of bytes indexed witness signatures vals to key Adds to existing signatures at key if any Returns True If no error Apparently always returns True (is this how .put works with dupsort=True) Duplicates are inserted in lexocographic order not insertion order.
- putTvt(key, val)[source]¶
Use dgKey() Write serialized VC bytes val to key Does not overwrite existing val if any Returns True If val successfully written Else False Return False if key already exists
- putTwe(key, val)[source]¶
Use snKey() Write serialized VC bytes val to key Does not overwrite existing val if any Returns True If val successfully written Else False Return False if key already exists
- reopen(**kwa)[source]¶
Open sub databases
- Parameters:
**kwa (dict) – keyword arguments passed to super.reopen
- setAnc(key, val)[source]¶
Use dgKey() Write serialized VC bytes val to key Overwrites existing val if any Returns True If val successfully written Else False
- setOot(key, val)[source]¶
Use snKey() Write serialized VC bytes val to key Overwrites existing val if any Returns True If val successfully written Else False
- setTae(key, val)[source]¶
Use snKey() Write serialized VC bytes val to key Overwrites existing val if any Returns True If val successfully written Else False
- setTel(key, val)[source]¶
Use snKey() Write serialized VC bytes val to key Overwrites existing val if any Returns True If val successfully written Else False
- setTvt(key, val)[source]¶
Use dgKey() Write serialized VC bytes val to key Overwrites existing val if any Returns True If val successfully written Else False
- setTwe(key, val)[source]¶
Use snKey() Write serialized VC bytes val to key Overwrites existing val if any Returns True If val successfully written Else False
- sources(db, creder)[source]¶
Returns raw bytes of any source (‘e’) credential that is in our database
- Parameters:
db (LMDBer) – table to search
creder (Creder) – root credential
- Returns:
credential sources as resolved from e in creder.crd
- Return type:
list
- property tevers¶
Returns ._tevers tevers getter
- class keri.vdr.viring.RegistryRecord(registryKey: str, prefix: str)[source]¶
Registry Key keyed by Registry name
- class keri.vdr.viring.VcStateRecord(vn: list[str] = <factory>, i: str = '', s: str = '0', d: str = '', ri: str = '', ra: dict = <factory>, a: dict = <factory>, dt: str = '', et: str = '')[source]¶
- keri.vdr.viring.buildProof(prefixer, seqner, diger, sigers)[source]¶
Create CESR proof attachment from the quadlet of seal plus signatures on the credential
- keri.vdr.viring.messagize(creder, proof)[source]¶
Create a CESR message format with proof attachment for credential
- Parameters
creder (Creder): instance of credential proof (str): CESR proof attachment
- Returns:
serialized credential with attached proof
- Return type:
bytearray
- keri.vdr.viring.openReger(name='test', **kwa)[source]¶
Returns contextmanager generated by openLMDB but with Baser instance
- Parameters:
name (str) – registry database name
**kwa (dict)
- class keri.vdr.viring.rbdict(*pa, **kwa)[source]¶
Reger backed read through cache for registry state
Subclass of dict that has db and reger as attributes and employs read through cache from db Reger.stts of registry states to reload tever from state in database when not found in memory as dict item.