Updates in support of group multisig endpoints for Agents (#550)

* Add support for reloading a SignifyGroupHab from the HabitatRecord.

* Update end role authorization handling to support multiple end roles per rpy

* Undo previous commit

* `kli ends add` and `kli multisig ends add` command added to support exposing multiple endpoint role authorizations for a group multisig AID.

* Removing some new exceptions that were in for debugging purposes.

scripts/demo/basic/multisig.sh

@@ -6,12 +6,14 @@
 
 kli init --name multisig1 --base "${KERI_TEMP_DIR}"  --salt 0ACDEyMzQ1Njc4OWxtbm9aBc --nopasscode --config-dir ${KERI_SCRIPT_DIR} --config-file demo-witness-oobis
 kli incept --name multisig1 --base "${KERI_TEMP_DIR}"  --alias multisig1 --file ${KERI_DEMO_SCRIPT_DIR}/data/multisig-1-sample.json
+kli ends add --name multisig1 --alias multisig1 --eid BLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM --role mailbox
 
 kli init --name multisig2 --base "${KERI_TEMP_DIR}"  --salt 0ACDEyMzQ1Njc4OWdoaWpsaw --nopasscode --config-dir ${KERI_SCRIPT_DIR} --config-file demo-witness-oobis
 kli incept --name multisig2 --base "${KERI_TEMP_DIR}"  --alias multisig2 --file ${KERI_DEMO_SCRIPT_DIR}/data/multisig-2-sample.json
+kli ends add --name multisig2 --alias multisig2 --eid BIKKuvBwpmDVA4Ds-EpL5bt9OqPzWPja2LigFYZN2YfX --role mailbox
 
-kli oobi resolve --name multisig1 --base "${KERI_TEMP_DIR}"  --oobi-alias multisig2 --oobi http://127.0.0.1:5642/oobi/EJccSRTfXYF6wrUVuenAIHzwcx3hJugeiJsEKmndi5q1/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
-kli oobi resolve --name multisig2 --base "${KERI_TEMP_DIR}"  --oobi-alias multisig1 --oobi http://127.0.0.1:5642/oobi/EKYLUMmNPZeEs77Zvclf0bSN5IN-mLfLpx2ySb-HDlk4/witness/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha
+kli oobi resolve --name multisig1 --base "${KERI_TEMP_DIR}"  --oobi-alias multisig2 --oobi http://127.0.0.1:5642/oobi/EJccSRTfXYF6wrUVuenAIHzwcx3hJugeiJsEKmndi5q1
+kli oobi resolve --name multisig2 --base "${KERI_TEMP_DIR}"  --oobi-alias multisig1 --oobi http://127.0.0.1:5642/oobi/EKYLUMmNPZeEs77Zvclf0bSN5IN-mLfLpx2ySb-HDlk4
 
 # Follow commands run in parallel
 kli multisig incept --name multisig1 --base "${KERI_TEMP_DIR}"  --alias multisig1 --group multisig --file ${KERI_DEMO_SCRIPT_DIR}/data/multisig-sample.json &

src/keri/app/cli/commands/did/generate.py

@@ -72,7 +72,7 @@ def generate(tymth, tock=0.0, **opts):
                 print(f"{alias} identifier {hab.pre} does not have any witnesses.")
                 sys.exit(-1)
 
-            wit  = random.choice(hab.kever.wits)
+            wit = random.choice(hab.kever.wits)
             urls = hab.fetchUrls(eid=wit, scheme=kering.Schemes.http)
             if not urls:
                 raise kering.ConfigurationError(f"unable to query witness {wit}, no http endpoint")

src/keri/app/cli/commands/ends/add.py

@@ -0,0 +1,102 @@
+# -*- encoding: utf-8 -*-
+"""
+KERI
+keri.kli.commands module
+
+"""
+import argparse
+
+from hio import help
+from hio.base import doing
+
+from keri import kering
+from keri.app import habbing
+from keri.app.agenting import WitnessPublisher
+from keri.app.cli.common import existing
+from keri.core import parsing
+
+logger = help.ogler.getLogger()
+
+parser = argparse.ArgumentParser(description='Add new endpoint role authorization.')
+parser.set_defaults(handler=lambda args: add_end(args),
+                    transferable=True)
+parser.add_argument('--name', '-n', help='keystore name and file location of KERI keystore', required=True)
+parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
+                    required=False, default="")
+parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', required=True)
+parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+                    dest="bran", default=None)  # passcode => bran
+parser.add_argument("--role", "-r", help="KERI enpoint authorization role.",
+                    required=True)
+parser.add_argument("--eid", "-e", help="qualified base64 of AID to authorize with new role for the AID identified "
+                                        "by alias",
+                    required=True)
+
+
+def add_end(args):
+    """ Command line tool for adding endpoint role authorizations
+
+    """
+    ld = RoleDoer(name=args.name,
+                  base=args.base,
+                  alias=args.alias,
+                  bran=args.bran,
+                  role=args.role,
+                  eid=args.eid)
+    return [ld]
+
+
+class RoleDoer(doing.DoDoer):
+
+    def __init__(self, name, base, alias, bran, role, eid):
+        self.role = role
+        self.eid = eid
+
+        self.hby = existing.setupHby(name=name, base=base, bran=bran)
+        self.hab = self.hby.habByName(alias)
+        self.witpub = WitnessPublisher(hby=self.hby)
+
+        if self.hab is None:
+            raise kering.ConfigurationError(f"unknown alias={alias}")
+
+        doers = [self.witpub, doing.doify(self.roleDo)]
+
+        super(RoleDoer, self).__init__(doers=doers)
+
+    def roleDo(self, tymth, tock=0.0):
+        """ Export any end reply messages previous saved for the provided AID
+
+        Parameters:
+            tymth (function): injected function wrapper closure returned by .tymen() of
+                Tymist instance. Calling tymth() returns associated Tymist .tyme.
+            tock (float): injected initial tock value
+
+        Returns:  doifiable Doist compatible generator method
+
+        """
+        # enter context
+        self.wind(tymth)
+        self.tock = tock
+        _ = (yield self.tock)
+        if isinstance(self.hab, habbing.GroupHab):
+            raise ValueError("group AIDs not supported, try `kli multisig ends add` instead.")
+
+        data = dict(cid=self.hab.pre, role=self.role, eid=self.eid)
+
+        route = "/end/role/add"
+        msg = self.hab.reply(route=route, data=data)
+
+        parsing.Parser().parse(ims=bytes(msg), kvy=self.hab.kvy, rvy=self.hab.rvy)
+
+        while not self.hab.loadEndRole(cid=self.hab.pre, role=self.role, eid=self.eid):
+            yield self.tock
+
+        self.witpub.msgs.append(dict(pre=self.hab.pre, msg=bytes(msg)))
+
+        while not self.witpub.cues:
+            yield self.tock
+
+        print(f"End role authorization added for role {self.role}")
+
+        self.remove([self.witpub])
+        return

src/keri/app/cli/commands/ends/export.py

@@ -15,7 +15,7 @@
 
 logger = help.ogler.getLogger()
 
-parser = argparse.ArgumentParser(description='List credentials and check mailboxes for any newly issued credentials')
+parser = argparse.ArgumentParser(description='Export end points')
 parser.set_defaults(handler=lambda args: export_ends(args),
                     transferable=True)
 parser.add_argument('--name', '-n', help='keystore name and file location of KERI keystore', required=True)
@@ -83,9 +83,5 @@ def exportDo(self, tymth, tock=0.0):
                                          cigars=[cigar],
                                          sigers=sigers,
                                          pipelined=True))
-        #
-        # print(
-        #     f"Current {'issued' if self.issued else 'received'} credentials for {self.hab.name} ("
-        #     f"{self.hab.pre}):\n")
 
         return True

src/keri/app/cli/commands/ends/list.py

@@ -0,0 +1,76 @@
+# -*- encoding: utf-8 -*-
+"""
+KERI
+keri.kli.commands module
+
+"""
+import argparse
+import json
+
+from hio import help
+from hio.base import doing
+
+from keri import kering
+from keri.app import indirecting, habbing, forwarding, grouping
+from keri.app.cli.common import existing
+from keri.core import eventing, parsing, coring
+
+logger = help.ogler.getLogger()
+
+parser = argparse.ArgumentParser(description='Add new endpoint role authorization.')
+parser.set_defaults(handler=lambda args: add_end(args),
+                    transferable=True)
+parser.add_argument('--name', '-n', help='keystore name and file location of KERI keystore', required=True)
+parser.add_argument('--base', '-b', help='additional optional prefix to file location of KERI keystore',
+                    required=False, default="")
+parser.add_argument('--alias', '-a', help='human readable alias for the new identifier prefix', required=True)
+parser.add_argument('--passcode', '-p', help='22 character encryption passcode for keystore (is not saved)',
+                    dest="bran", default=None)  # passcode => bran
+parser.add_argument("--aid", help="qualified base64 of AID to export rpy messages for all endpoints.",
+                    required=True)
+
+
+def add_end(args):
+    """ Command line tool for adding endpoint role authorizations
+
+    """
+    ld = RoleDoer(name=args.name,
+                  base=args.base,
+                  alias=args.alias,
+                  bran=args.bran,
+                  aid=args.aid)
+    return [ld]
+
+
+class RoleDoer(doing.DoDoer):
+
+    def __init__(self, name, base, alias, bran, aid):
+        self.hby = existing.setupHby(name=name, base=base, bran=bran)
+        self.hab = self.hby.habByName(alias)
+        if self.hab is None:
+            raise kering.ConfigurationError(f"unknown alias={alias}")
+
+        self.aid = aid
+        doers = [doing.doify(self.roleDo)]
+
+        super(RoleDoer, self).__init__(doers=doers)
+
+    def roleDo(self, tymth, tock=0.0):
+        """ Export any end reply messages previous saved for the provided AID
+
+        Parameters:
+            tymth (function): injected function wrapper closure returned by .tymen() of
+                Tymist instance. Calling tymth() returns associated Tymist .tyme.
+            tock (float): injected initial tock value
+
+        Returns:  doifiable Doist compatible generator method
+
+        """
+        # enter context
+        self.wind(tymth)
+        self.tock = tock
+        _ = (yield self.tock)
+
+        ends = self.hab.endsFor(self.aid)
+        print(json.dumps(ends, indent=1))
+        return