Update the kli revoke command to support multisig revocation by addin…

…g the date time stamp as an option that must be shared between revocation participants. (#536)
WebOfTrust · Jun 20, 2023 · 5d2b57c · 5d2b57c
1 parent 4f6cfc8
commit 5d2b57c
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 16 deletions.
diff --git a/scripts/demo/credentials/multisig-issuer.sh b/scripts/demo/credentials/multisig-issuer.sh
@@ -14,20 +14,20 @@ kli init --name multisig2 --salt 0ACDEyMzQ1Njc4OWdoaWpsaw --nopasscode --config-
 kli incept --name multisig2 --alias multisig2 --file ${KERI_DEMO_SCRIPT_DIR}/data/multisig-2-sample.json
 
 # Exchange OOBIs between multisig group
-kli oobi resolve --name multisig1 --oobi-alias multisig2 --oobi http://127.0.0.1:5642/oobi/EJccSRTfXYF6wrUVuenAIHzwcx3hJugeiJsEKmndi5q1/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
-kli oobi resolve --name multisig2 --oobi-alias multisig1 --oobi http://127.0.0.1:5642/oobi/EKYLUMmNPZeEs77Zvclf0bSN5IN-mLfLpx2ySb-HDlk4/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
+kli oobi resolve --name multisig1 --oobi-alias multisig2 --oobi http://127.0.0.1:5642/oobi/EJccSRTfXYF6wrUVuenAIHzwcx3hJugeiJsEKmndi5q1/witness
+kli oobi resolve --name multisig2 --oobi-alias multisig1 --oobi http://127.0.0.1:5642/oobi/EKYLUMmNPZeEs77Zvclf0bSN5IN-mLfLpx2ySb-HDlk4/witness
 
 # Create the identifier to which the credential will be issued
 kli init --name holder --salt 0ACDEyMzQ1Njc4OWxtbm9qWc --nopasscode --config-dir ${KERI_SCRIPT_DIR} --config-file demo-witness-oobis
 kli incept --name holder --alias holder --file ${KERI_DEMO_SCRIPT_DIR}/data/gleif-sample.json
 
 # Introduce multisig to Holder
-kli oobi resolve --name holder --oobi-alias multisig2 --oobi http://127.0.0.1:5642/oobi/EJccSRTfXYF6wrUVuenAIHzwcx3hJugeiJsEKmndi5q1/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
-kli oobi resolve --name holder --oobi-alias multisig1 --oobi http://127.0.0.1:5642/oobi/EKYLUMmNPZeEs77Zvclf0bSN5IN-mLfLpx2ySb-HDlk4/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
+kli oobi resolve --name holder --oobi-alias multisig2 --oobi http://127.0.0.1:5642/oobi/EJccSRTfXYF6wrUVuenAIHzwcx3hJugeiJsEKmndi5q1/witness
+kli oobi resolve --name holder --oobi-alias multisig1 --oobi http://127.0.0.1:5642/oobi/EKYLUMmNPZeEs77Zvclf0bSN5IN-mLfLpx2ySb-HDlk4/witness
 
 # Introduce the holder to all participants in the multisig group
-kli oobi resolve --name multisig1 --oobi-alias holder --oobi http://127.0.0.1:5642/oobi/EeWTHzoGK_dNn71CmJh-4iILvqHGXcqEoKGF4VUc6ZXI/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
-kli oobi resolve --name multisig2 --oobi-alias holder --oobi http://127.0.0.1:5642/oobi/EeWTHzoGK_dNn71CmJh-4iILvqHGXcqEoKGF4VUc6ZXI/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
+kli oobi resolve --name multisig1 --oobi-alias holder --oobi http://127.0.0.1:5642/oobi/ELjSFdrTdCebJlmvbFNX9-TLhR2PO0_60al1kQp5_e6k/witness
+kli oobi resolve --name multisig2 --oobi-alias holder --oobi http://127.0.0.1:5642/oobi/ELjSFdrTdCebJlmvbFNX9-TLhR2PO0_60al1kQp5_e6k/witness
 
 # Load Data OOBI for schema of credential to issue
 kli oobi resolve --name multisig1 --oobi-alias vc --oobi http://127.0.0.1:7723/oobi/EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao
@@ -44,7 +44,7 @@ pid=$!
 PID_LIST+=" $pid"
 
 wait $PID_LIST
-kli oobi resolve --name holder --oobi-alias multisig --oobi http://127.0.0.1:5642/oobi/EOWwyMU3XA7RtWdelFt-6waurOTH_aW_Z9VTaU-CshGk/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
+kli oobi resolve --name holder --oobi-alias multisig --oobi http://127.0.0.1:5642/oobi/EC61gZ9lCKmHAS7U5ehUfEbGId5rcY0D7MirFZHDQcE2/witness
 
 # Create a credential registry owned by the multisig issuer
 kli vc registry incept --name multisig1 --alias multisig --registry-name vLEI --nonce AHSNDV3ABI6U8OIgKaj3aky91ZpNL54I5_7-qwtC6q2s &
@@ -69,7 +69,7 @@ wait $PID_LIST
 
 
 # Issue Credential
-kli vc issue --name multisig1 --alias multisig --registry-name vLEI --schema EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao --recipient EeWTHzoGK_dNn71CmJh-4iILvqHGXcqEoKGF4VUc6ZXI --data @${KERI_DEMO_SCRIPT_DIR}/data/credential-data.json &
+kli vc issue --name multisig1 --alias multisig --registry-name vLEI --schema EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao --recipient ELjSFdrTdCebJlmvbFNX9-TLhR2PO0_60al1kQp5_e6k --data @${KERI_DEMO_SCRIPT_DIR}/data/credential-data.json &
 pid=$!
 PID_LIST+=" $pid"
 
@@ -82,3 +82,19 @@ PID_LIST+=" $pid"
 wait $PID_LIST
 
 kli vc list --name holder --alias holder --poll
+
+SAID=`kli vc list --name holder --alias holder --said --schema EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao`
+
+echo "Revoking ${SAID}..."
+TIME=$(date -Iseconds -u)
+kli vc revoke --name multisig1 --alias multisig --registry-name vLEI --said "${SAID}" --time "${TIME}" &
+pid=$!
+PID_LIST=" $pid"
+
+kli vc revoke --name multisig2 --alias multisig --registry-name vLEI --said "${SAID}" --time "${TIME}" &
+pid=$!
+PID_LIST+=" $pid"
+
+
+wait $PID_LIST
+kli vc list --name holder --alias holder --poll
diff --git a/src/keri/app/cli/commands/vc/revoke.py b/src/keri/app/cli/commands/vc/revoke.py
@@ -6,11 +6,11 @@
 import argparse
 
 from hio.base import doing
-from hio.help import decking
 
 from keri import kering
 from keri.app import indirecting, habbing, grouping, forwarding, connecting
 from keri.app.cli.common import existing
+from keri.app.habbing import GroupHab
 from keri.core import coring
 from keri.vdr import credentialing, verifying
 
@@ -27,24 +27,25 @@
 parser.add_argument('--said', help='is SAID vc content qb64')
 parser.add_argument('--send', help='alias of contact to send the revocation events to (can be repeated)',
                     required=False, action="append")
+parser.add_argument("--time", help="timestamp for the revocation", required=False, default=None)
 
 
 def revokeCredential(args):
     name = args.name
 
     revokeDoer = RevokeDoer(name=name, alias=args.alias, said=args.said, base=args.base, bran=args.bran,
-                            registryName=args.registry_name,
-                            send=args.send)
+                            registryName=args.registry_name, timestamp=args.time, send=args.send)
 
     doers = [revokeDoer]
     return doers
 
 
 class RevokeDoer(doing.DoDoer):
 
-    def __init__(self, name, alias, said, base, bran, registryName, send, **kwa):
+    def __init__(self, name, alias, said, base, bran, registryName, send, timestamp, **kwa):
         self.said = said
         self.send = send
+        self.timestamp = timestamp
         self.registryName = registryName
         self.hby = existing.setupHby(name=name, base=base, bran=bran)
         self.hab = self.hby.habByName(alias)
@@ -88,7 +89,11 @@ def revokeDo(self, tymth, tock=0.0, **opts):
                 print(f"invalid credential SAID {self.said}")
                 return
 
-            self.registrar.revoke(regk=registry.regk, said=creder.said)
+            kwargs = dict()
+            if self.timestamp is not None:
+                kwargs['dt'] = self.timestamp
+
+            self.registrar.revoke(regk=registry.regk, said=creder.said, **kwargs)
 
             while not self.registrar.complete(creder.said, sn=1):
                 yield self.tock
@@ -97,6 +102,8 @@ def revokeDo(self, tymth, tock=0.0, **opts):
             if self.send is not None:
                 recps.extend(self.send)
 
+            senderHab = self.hab.mhab if isinstance(self.hab, GroupHab) else self.hab
+
             if len(recps) > 0:
                 msgs = []
                 for msg in self.hby.db.clonePreIter(pre=creder.issuer):
@@ -118,8 +125,7 @@ def revokeDo(self, tymth, tock=0.0, **opts):
                             raise ValueError(f"invalid recipient {send}")
                         recp = recp[0]['id']
                     for (serder, atc) in msgs:
-                        self.postman.send(src=self.hab.pre, dest=recp, topic="credential", serder=serder,
-                                          attachment=atc)
+                        self.postman.send(src=senderHab.pre, dest=recp, topic="credential", serder=serder, attachment=atc)
                         sent += 1
 
                 while not len(self.postman.cues) == sent:

diff --git a/src/keri/vdr/eventing.py b/src/keri/vdr/eventing.py
@@ -291,11 +291,12 @@ def revoke(
                p=dig,
                dt=helping.nowIso8601()
                )
-    _, ked = coring.Saider.saidify(sad=ked)
 
     if dt is not None:
         ked["dt"] = dt
 
+    _, ked = coring.Saider.saidify(sad=ked)
+
     return Serder(ked=ked)  # return serialized ked