Bug/33

README.md

@@ -8,7 +8,7 @@ the GLEIF Internal Autonomic Identifier (AID)
 ## Repository Layout
 This repository contains documentation in the `./docs` directory and Bash shell scripts in the `./scripts` directory.  The 
 scripts make it easy to use the KERI command line tool `kli` to perform all functions required of a GAR.  It utilizes the KERI
-docker image `weboftrust/keri:1.1.32` with mounts to local directories to minimize the requirements on the local system.  
+docker image `gleif/keri:1.1.41` with mounts to local directories to minimize the requirements on the local system.  
 
 ## Getting Started
 The steps needed to bootstrap your system are described in [Getting Started](./docs/getting-started.md).  After following

check-connectivity.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+##################################################################
+##                                                              ##
+##          Connectivity check for QARs and Witnesses           ##
+##                                                              ##
+##################################################################
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+NC='\033[0m' # No Color
+
+check_url() {
+    local label=$1
+    local url=$2
+    local http_code
+
+    http_code=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 5 "$url")
+    if [ "$http_code" -ge 200 ] && [ "$http_code" -lt 400 ]; then
+        echo -e "${GREEN}[OK]${NC}   $label ($http_code) - $url"
+    else
+        echo -e "${RED}[FAIL]${NC} $label ($http_code) - $url"
+    fi
+}
+
+echo "=== QAR Connectivity ==="
+check_url "QAR1" "http://103.145.42.173:3902/oobi/EKOxfxc96O3-NToaQcPczVKT8pyvXAMK7pb6zLDmJcRj/agent/EIfjEczKc-Wtey_Atamo9yq1O8XkpdK9hhQMLsScmmYz"
+check_url "QAR2" "http://103.145.42.173:3902/oobi/EFglXcQgeEBidw5Xr_QZfqAbvb0Mjxs-nBs40rixU0u7/agent/EGlPJGNFSTv7_t6VuPuXguYrIgPTFI9IGYH9aO4Ysdma"
+check_url "QAR3" "http://103.145.42.173:3902/oobi/ELJvHKGl6c13SoM-WaKOgVx9U7SbL4kEjGAu6PDddjC5/agent/EHC2xaMNirQZXnUBETisbxRcfSW0euHDpY2nxHR_XuDL"
+
+echo ""
+echo "=== Witness Pool Connectivity ==="
+check_url "Witness 1 (115.172.32.109:5642)" "http://115.172.32.109:5642/oobi"
+check_url "Witness 2 (115.172.32.112:5643)" "http://115.172.32.112:5643/oobi"
+check_url "Witness 3 (115.172.32.118:5644)" "http://115.172.32.118:5644/oobi"
+check_url "Witness 4 (103.145.42.160:5646)" "http://103.145.42.160:5646/oobi"
+check_url "Witness 5 (115.172.32.43:5645)"  "http://115.172.32.43:5645/oobi"

docs/getting-started.md

@@ -42,11 +42,11 @@ The output should resemble:
 ```bash
 enc-notifications: Pulling from gleif/keri
 Digest: sha256:5dead12388be0a814c00044369a2dc52465318af329b1c7f4956810c83ae4e6c
-Status: Image is up to date for weboftrust/keri:1.1.32
-docker.io/weboftrust/keri:1.1.32
+Status: Image is up to date for gleif/keri:1.1.41
+docker.io/gleif/keri:1.1.41
 
 ```
-
+        
 This script will perform a docker pull for the KERIpy image as well as creating your local directory that stores the
 datastore, keystore and configuration information generated as a GAR.  You will not need to run this script again.
 

docs/rotating-qvi-group-aid.md

@@ -0,0 +1,10 @@
+# Rotating the QVI group (multisig) AID
+
+When rotating the QVI group AID then the raw `kli.sh` script and `multisig-join.sh` must be used as follows for the GARs to approve the delegation.
+
+```bash
+# GAR 1
+./scripts/kli.sh delegate confirm --alias "GLEIF External AID" --interact
+# GAR 2
+./scripts/multisig-join.s
+```

external/Dockerfile

@@ -1,4 +1,4 @@
-FROM weboftrust/keri:1.1.32
+FROM gleif/keri:1.1.41
 
 RUN apt-get update
 RUN apt-get install -y vim

external/data/qvi-data.json

@@ -1,3 +1,3 @@
 {
-  "LEI": "836800VC81GMPMG59W77"
+  "LEI": "83680008RNIDW9LD8Z21"
 }

external/scripts/dev-reset.sh

@@ -0,0 +1,110 @@
+#!/bin/bash
+
+##################################################################
+##                                                              ##
+##     Dev Reset Script - Teardown and recreate External GAR    ##
+##     with test pool for development purposes                  ##
+##                                                              ##
+##################################################################
+
+PWD=$(pwd)
+source $PWD/source.sh
+
+BACKUP_DIR="$HOME/.gar-backups"
+TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+BACKUP_PATH="$BACKUP_DIR/ext-gar-$TIMESTAMP"
+
+echo "Creating backup directory: $BACKUP_PATH"
+mkdir -p "$BACKUP_PATH"
+
+# Export existing keychain secrets to backup
+passcode=$(security find-generic-password -w -a "${LOGNAME}" -s ext-gar-passcode 2>/dev/null)
+salt=$(security find-generic-password -w -a "${LOGNAME}" -s ext-gar-salt 2>/dev/null)
+
+if [ -n "$passcode" ] && [ -n "$salt" ]; then
+    echo "Backing up keychain secrets..."
+    cat > "$BACKUP_PATH/secrets.json" << EOF
+{
+  "passcode": "$passcode",
+  "salt": "$salt",
+  "timestamp": "$TIMESTAMP",
+  "type": "external"
+}
+EOF
+    echo "Secrets backed up to: $BACKUP_PATH/secrets.json"
+else
+    echo "No existing keychain secrets found to backup"
+fi
+
+# Backup ~/.gar folder if it exists
+if [ -d "$HOME/.gar" ]; then
+    echo "Backing up ~/.gar directory..."
+    cp -r "$HOME/.gar" "$BACKUP_PATH/gar-data"
+    echo "GAR data backed up to: $BACKUP_PATH/gar-data"
+else
+    echo "No existing ~/.gar directory to backup"
+fi
+
+# Backup ~/.keri folder if it exists
+if [ -d "$HOME/.keri" ]; then
+    echo "Backing up ~/.keri directory..."
+    cp -r "$HOME/.keri" "$BACKUP_PATH/keri-data"
+    echo "KERI data backed up to: $BACKUP_PATH/keri-data"
+else
+    echo "No existing ~/.keri directory to backup"
+fi
+
+echo ""
+echo "=== Teardown ==="
+
+# Remove directories
+echo "Removing ~/.gar and ~/.keri directories..."
+rm -rf "$HOME/.gar"
+rm -rf "$HOME/.keri"
+mkdir "$HOME/.gar"
+
+# Delete keychain entries
+passcode_item="$(security find-generic-password -a "${LOGNAME}" -s ext-gar-passcode 2>/dev/null)"
+if [ -n "${passcode_item}" ]; then
+    echo "Deleting ext-gar-passcode from Keychain"
+    security delete-generic-password -a "${LOGNAME}" -s ext-gar-passcode
+else
+    echo "Passcode not found in Keychain"
+fi
+
+salt_item="$(security find-generic-password -a "${LOGNAME}" -s ext-gar-salt 2>/dev/null)"
+if [ -n "${salt_item}" ]; then
+    echo "Deleting ext-gar-salt from Keychain"
+    security delete-generic-password -a "${LOGNAME}" -s ext-gar-salt
+else
+    echo "Salt not found in Keychain"
+fi
+
+echo ""
+echo "=== Setting up new environment ==="
+
+# Re-source to regenerate new secrets in keychain
+source $PWD/source.sh
+
+# Get new credentials
+passcode=$(security find-generic-password -w -a "${LOGNAME}" -s ext-gar-passcode)
+salt=$(security find-generic-password -w -a "${LOGNAME}" -s ext-gar-salt)
+
+echo ""
+echo "=== Creating new AID with test pool ==="
+
+# Initialize local database environment
+kli init --name "${EXT_GAR_NAME}" --salt "${salt}" --passcode "${passcode}" --config-dir /scripts --config-file test-ext-gar-config.json
+
+# Create local AID with test pool witnesses
+kli incept --name "${EXT_GAR_NAME}" --alias "${EXT_GAR_ALIAS}" --passcode "${passcode}" --file /scripts/test-incept-pool-1.json
+
+# Show status
+echo ""
+echo "=== New AID Status ==="
+kli status --name "${EXT_GAR_NAME}" --alias "${EXT_GAR_ALIAS}" --passcode "${passcode}"
+
+echo ""
+echo "=== Complete ==="
+echo "Backup saved to: $BACKUP_PATH"
+echo "New External GAR AID created with test pool"

external/scripts/prepare.sh

@@ -6,7 +6,7 @@
 ##################################################################
 
 # Pull container required to run all KERI/ACDC commands
-docker pull weboftrust/keri:1.1.32
+docker pull gleif/keri:1.1.41
 
 # Create local directory for datastore, keystore and configuration
 mkdir -p "${HOME}"/.gar/cf

external/scripts/revoke-qvi-credential.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+##################################################################
+##                                                              ##
+##          Script for revoking qvi                             ##
+##                                                              ##
+##################################################################
+
+PWD=$(pwd)
+source $PWD/source.sh
+
+# Capture password
+passcode="$(security find-generic-password -w -a "${LOGNAME}" -s ext-gar-passcode)"
+
+read -p "Enter the credential SAID: " -r SAID
+read -p "Enter the datetime to use: " -r datetime
+
+kli vc revoke --name "${EXT_GAR_NAME}" --passcode "${passcode}" --alias "${EXT_GAR_AID_ALIAS}" --registry-name "${EXT_GAR_REG_NAME}" --said "${SAID}" --time "${datetime}"

external/scripts/sn.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+##################################################################
+##                                                              ##
+##          Script for converting a sequence number.            ##
+##                                                              ##
+##################################################################
+
+PWD=$(pwd)
+source $PWD/source.sh
+
+kli sn kli sn "$@"

external/scripts/submit.sh

@@ -14,4 +14,4 @@ passcode="$(security find-generic-password -w -a "${LOGNAME}" -s ext-gar-passcod
 
 read -p "Enter the Alias to submit: " -r alias
 
-kli witness submit --name "${EXT_GAR_NAME}" --passcode "${passcode}" --alias "${alias}"
+kli witness submit --name "${EXT_GAR_NAME}" --passcode "${passcode}" --alias "${alias}" "$@"

external/scripts/witness-catchup.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+##################################################################
+##                                                              ##
+##       Script for sending full KEL to a witness to catch up   ##
+##                                                              ##
+##################################################################
+
+PWD=$(pwd)
+source $PWD/source.sh
+
+# Capture password
+passcode="$(security find-generic-password -w -a "${LOGNAME}" -s ext-gar-passcode)"
+
+read -p "Enter the Alias: " -r alias
+read -p "Enter the Witness AID: " -r witness
+
+kli witness catchup --name "${EXT_GAR_NAME}" --passcode "${passcode}" --alias "${alias}" --witness "${witness}" "$@"

external/source.sh

@@ -32,7 +32,7 @@ function kli() {
     -v "${EXT_GAR_DATA_DIR}":/data \
     -e PYTHONWARNINGS="ignore::SyntaxWarning" \
     -e DEBUG_KLI="${DEBUG}" \
-    weboftrust/keri:1.1.32 "$@"
+    gleif/keri:1.1.41 "$@"
 }
 
 export -f kli

internal/Dockerfile

@@ -1,4 +1,4 @@
-FROM weboftrust/keri:1.1.32
+FROM gleif/keri:1.1.41
 
 RUN apt-get update
 RUN apt-get install -y vim

internal/data/ecr-auth-data.json

@@ -1,6 +1,6 @@
 {
-  "AID": "EKlGNR3vvuf9PnayNgKG2ccEDJP2pEN2YKWSsKjsSAQd",
+  "AID": "EJl9nYg-viHFZYFCYN6AAZOSN05nTpduodAA3SVWoqEo",
   "LEI": "506700GE1G29325QX363",
   "personLegalName": "Kent Bull",
-  "engagementContextRole": "cat herder"
+  "engagementContextRole": "Executive Assistant"
 }

internal/data/ecr-auth-edge-data.json

@@ -1 +1 @@
-{"d": "EDrxOSxVBT_VKIH6fZUhWwV7PzGMXm5JXuC-GQxZ2MGj", "le": {"n": "EGKi9Qalv-ZmaC1hq5ZyuYNB0YbEx4xX5y_H4RB2xr0N", "s": "ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY"}}
+{"d": "EHuq0qQKt-tcyZI-cebG1rGmLM4OPp2wy8M4kmN_bJ8S", "le": {"n": "ENSqR65OvYBmA3ZJst0eI6yX1k5s01r76bMbliWQIV_f", "s": "ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY"}}

internal/data/oor-auth-data.json

@@ -1,6 +1,6 @@
 {
-  "AID": "EKlGNR3vvuf9PnayNgKG2ccEDJP2pEN2YKWSsKjsSAQd",
+  "AID": "EJl9nYg-viHFZYFCYN6AAZOSN05nTpduodAA3SVWoqEo",
   "LEI": "506700GE1G29325QX363",
   "personLegalName": "Kent Bull",
-  "officialRole": "CTO"
+  "officialRole": "HR Manager"
 }

internal/data/oor-auth-edge-data.json

@@ -1 +1 @@
-{"d": "EDrxOSxVBT_VKIH6fZUhWwV7PzGMXm5JXuC-GQxZ2MGj", "le": {"n": "EGKi9Qalv-ZmaC1hq5ZyuYNB0YbEx4xX5y_H4RB2xr0N", "s": "ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY"}}
+{"d": "EHuq0qQKt-tcyZI-cebG1rGmLM4OPp2wy8M4kmN_bJ8S", "le": {"n": "ENSqR65OvYBmA3ZJst0eI6yX1k5s01r76bMbliWQIV_f", "s": "ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY"}}

internal/scripts/create-ecr-credential.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+##################################################################
+##                                                              ##
+##          Script for issuing ecr credential                   ##
+##                                                              ##
+##################################################################
+
+PWD=$(pwd)
+source $PWD/source.sh
+
+# Capture password
+passcode="$(security find-generic-password -w -a "${LOGNAME}" -s int-gar-passcode)"
+
+echo "Use 'kli vc list' to determine the SAID of the legal entity (LE) credential issued to this LE by the QVI"
+read -p "Enter the SAID of the legal entity (LE) credential issued to this LE by the QVI: " -r le_said
+read -p "Enter your LEI : " -r lei
+read -p "Enter requested person legal name: " -r personLegalName
+read -p "Enter requested engagement context role: " -r engagementContextRole
+read -p "Enter the Alias of the recipient: " -r recipient
+read -p "Enter the datetime to use: " -r datetime
+
+# Prepare DATA Section
+echo "[\"${lei}\", \"${personLegalName}\", \"${engagementContextRole}\"]" | jq -f "${INT_GAR_SCRIPT_DIR}/ecr-data.jq" > "${INT_GAR_DATA_DIR}/ecr-data.json"
+
+# Prepare the EDGES Section
+echo "\"${le_said}\"" | jq -f "${INT_GAR_SCRIPT_DIR}/ecr-edges-filter.jq" > "${INT_GAR_DATA_DIR}/ecr-edge-data.json"
+kli saidify --file /data/ecr-edge-data.json
+
+# Prepare the RULES section
+cp "${INT_GAR_SCRIPT_DIR}/ecr-rules.json" "${INT_GAR_DATA_DIR}/ecr-rules.json"
+
+kli vc create --name "${INT_GAR_NAME}" --passcode "${passcode}" --alias "${INT_GAR_AID_ALIAS}" --registry-name "${INT_GAR_REG_NAME}" --schema EEy9PkikFcANV1l7EHukCeXqrzT1hNZjGlUk7wuMO5jw --recipient "${recipient}" --data @"/data/ecr-data.json" --edges @"/data/ecr-edge-data.json" --rules @"/data/ecr-rules.json"  --time "${datetime}"