Auto-make mailbox non-transferable AID on startup; test script

Signed-off-by: Kent Bull <kent@kentbull.com>

Author: kentbull

scripts/demo/basic/mailbox-local-challenge.sh

@@ -0,0 +1,183 @@
+#!/bin/bash
+set -euo pipefail
+
+
+BASE="${BASE:-${KERI_SCRIPT_DIR}}"
+MAILBOX_URL="${MAILBOX_URL:-http://127.0.0.1:9000/}"
+MAILBOX_LOG="${MAILBOX_LOG:-${BASE}/mailbox.log}"
+
+if [[ -f "${KERI_SCRIPT_DIR}/keri/cf/main/mailbox.json" ]]; then
+  MAILBOX_CONFIG_DIR="${KERI_SCRIPT_DIR}"
+  MAILBOX_CONFIG_FILE="main/mailbox.json"
+elif [[ -f "${KERI_SCRIPT_DIR}/keri/cf/mailbox.json" ]]; then
+  MAILBOX_CONFIG_DIR="${KERI_SCRIPT_DIR}"
+  MAILBOX_CONFIG_FILE="mailbox.json"
+else
+  echo "Could not find a mailbox config file under scripts/keri/cf." >&2
+  exit 1
+fi
+
+ALICE_NAME="${ALICE_NAME:-alice-demo}"
+BOB_NAME="${BOB_NAME:-bob-demo}"
+ALICE_ALIAS="${ALICE_ALIAS:-alice}"
+BOB_ALIAS="${BOB_ALIAS:-bob}"
+MAILBOX_NAME="${MAILBOX_NAME:-mailbox}"
+MAILBOX_ALIAS="${MAILBOX_ALIAS:-mailbox}"
+
+ALICE_SALT="${ALICE_SALT:-0ACDEyMzQ1Njc4OWxtbm9aBc}"
+BOB_SALT="${BOB_SALT:-0ACDEyMzQ1Njc4OWdoaWpsaw}"
+
+wait_for_mailbox() {
+  local url="${1}"
+  for _ in $(seq 1 40); do
+    if curl -fsS "${url}/health" >/dev/null 2>&1; then
+      return 0
+    fi
+    sleep 0.25
+  done
+
+  echo "Mailbox host did not become healthy at ${url}/health" >&2
+  return 1
+}
+
+cleanup() {
+  if [[ -n "${MAILBOX_PID:-}" ]]; then
+    kill "${MAILBOX_PID}" >/dev/null 2>&1 || true
+    wait "${MAILBOX_PID}" >/dev/null 2>&1 || true
+  fi
+}
+
+trap cleanup EXIT
+
+mkdir -p "$(dirname "${MAILBOX_LOG}")"
+
+echo "Using mailbox config: ${MAILBOX_CONFIG_DIR}/keri/cf/${MAILBOX_CONFIG_FILE}"
+echo "Mailbox log: ${MAILBOX_LOG}"
+
+# Start mailbox host
+kli mailbox start \
+  --name "${MAILBOX_NAME}" \
+  --alias "${MAILBOX_ALIAS}" \
+  --config-dir "${MAILBOX_CONFIG_DIR}" \
+  --config-file "${MAILBOX_CONFIG_FILE}" \
+  --loglevel INFO \
+  >"${MAILBOX_LOG}" 2>&1 &
+MAILBOX_PID=$!
+
+wait_for_mailbox "${MAILBOX_URL%/}"
+
+# Create Alice
+kli init --name "${ALICE_NAME}" --salt "${ALICE_SALT}" --nopasscode
+kli incept \
+  --name "${ALICE_NAME}" \
+  --alias "${ALICE_ALIAS}" \
+  --file "${KERI_SCRIPT_DIR}"/demo/data/transferable-sample.json
+
+# Create Bob
+kli init --name "${BOB_NAME}" --salt "${BOB_SALT}" --nopasscode
+kli incept \
+  --name "${BOB_NAME}" \
+  --alias "${BOB_ALIAS}" \
+  --file "${KERI_SCRIPT_DIR}"/demo/data/transferable-sample.json
+
+MAILBOX_CTRL_OOBI="$(kli oobi generate --name "${MAILBOX_NAME}" --alias "${MAILBOX_ALIAS}" --role controller | tail -n 1)"
+MAILBOX_AID="$(echo "${MAILBOX_CTRL_OOBI}" | awk -F/ '{print $(NF-1)}')"
+
+echo
+echo "Mailbox controller OOBI: ${MAILBOX_CTRL_OOBI}"
+echo "Mailbox AID: ${MAILBOX_AID}"
+
+# Resolve mailbox controller OOBI into both local stores
+kli oobi resolve \
+  --name "${ALICE_NAME}" \
+  --oobi-alias "${MAILBOX_ALIAS}" \
+  --oobi "${MAILBOX_CTRL_OOBI}"
+
+kli oobi resolve \
+  --name "${BOB_NAME}" \
+  --oobi-alias "${MAILBOX_ALIAS}" \
+  --oobi "${MAILBOX_CTRL_OOBI}"
+
+# Add the mailbox to both AIDs
+kli mailbox add \
+  --name "${ALICE_NAME}" \
+  --alias "${ALICE_ALIAS}" \
+  --mailbox "${MAILBOX_ALIAS}"
+
+kli mailbox add \
+  --name "${BOB_NAME}" \
+  --alias "${BOB_ALIAS}" \
+  --mailbox "${MAILBOX_ALIAS}"
+
+echo
+echo "Mailbox lists after authorization:"
+echo "  alice mailbox: "
+echo "    $(kli mailbox list --name ${ALICE_NAME} --alias ${ALICE_ALIAS})"
+echo "  bob mailbox: "
+echo "    $(kli mailbox list --name ${BOB_NAME} --alias ${BOB_ALIAS})"
+
+ALICE_MBX_OOBI="$(kli oobi generate --name "${ALICE_NAME}" --alias "${ALICE_ALIAS}" --role mailbox | tail -n 1)"
+BOB_MBX_OOBI="$(kli oobi generate --name "${BOB_NAME}" --alias "${BOB_ALIAS}" --role mailbox | tail -n 1)"
+
+echo
+echo "Alice mailbox OOBI: ${ALICE_MBX_OOBI}"
+echo "Bob mailbox OOBI:   ${BOB_MBX_OOBI}"
+
+# Exchange mailbox OOBIs so each side can contact the other through the mailbox
+kli oobi resolve \
+  --name "${ALICE_NAME}" \
+  --oobi-alias "${BOB_ALIAS}" \
+  --oobi "${BOB_MBX_OOBI}"
+
+kli oobi resolve \
+  --name "${BOB_NAME}" \
+  --oobi-alias "${ALICE_ALIAS}" \
+  --oobi "${ALICE_MBX_OOBI}"
+
+WORDS_ALICE="$(kli challenge generate --out string)"
+WORDS_BOB="$(kli challenge generate --out string)"
+
+echo
+echo "Alice challenges Bob with: ${WORDS_ALICE}"
+# Alice -> Bob challenge over mailbox delivery
+kli challenge respond \
+  --name "${ALICE_NAME}" \
+  --alias "${ALICE_ALIAS}" \
+  --recipient "${BOB_ALIAS}" \
+  --words "${WORDS_ALICE}"
+kli challenge verify \
+  --name "${BOB_NAME}" \
+  --signer "${ALICE_ALIAS}" \
+  --words "${WORDS_ALICE}"
+
+echo
+echo "Bob challenges Alice with: ${WORDS_BOB}"
+# Bob -> Alice challenge over mailbox delivery
+kli challenge respond \
+  --name "${BOB_NAME}" \
+  --alias "${BOB_ALIAS}" \
+  --recipient "${ALICE_ALIAS}" \
+  --words "${WORDS_BOB}"
+kli challenge verify \
+  --name "${ALICE_NAME}" \
+  --signer "${BOB_ALIAS}" \
+  --words "${WORDS_BOB}"
+
+echo
+echo "Mailbox debug snapshots:"
+# Inspect mailbox state from each side
+kli mailbox debug \
+  --name "${ALICE_NAME}" \
+  --alias "${ALICE_ALIAS}" \
+  --witness "${MAILBOX_AID}" \
+  --verbose
+
+kli mailbox debug \
+  --name "${BOB_NAME}" \
+  --alias "${BOB_ALIAS}" \
+  --witness "${MAILBOX_AID}" \
+  --verbose
+
+echo
+echo "Mailbox host log: ${MAILBOX_LOG}"
+echo "Done."

scripts/keri/cf/mailbox.json

@@ -0,0 +1,9 @@
+{
+  "dt": "2022-01-20T12:57:59.823350+00:00",
+  "mailbox": {
+    "dt": "2022-01-20T12:57:59.823350+00:00",
+    "curls": ["http://127.0.0.1:9000/"]
+  },
+  "iurls": [
+  ]
+}

src/keri/app/mailboxing.py

@@ -20,14 +20,15 @@
 """
 import json
 import platform
+from urllib.parse import urlparse
 
 import falcon
 
 from hio.base import doing
 from hio.core import http
 from hio.help import decking
 
-from ..kering import Vrsn_1_0, Roles, Ilks
+from ..kering import Vrsn_1_0, Roles, Ilks, Schemes
 from ..core import Kevery, parsing, routing, serdering
 from ..end import loadEnds as loadEndingEnds
 from ..peer import Exchanger
@@ -157,6 +158,61 @@ def _ingestCesr(raw, *, kvy, rvy, exc, tvy=None):
         exc.processEscrow()
 
 
+def _mailboxAdminPath(hab):
+    """Return the served mailbox-admin route for one hosted mailbox habitat.
+
+    The route follows the historical KERIpy mailbox-admin convention: append
+    ``/mailboxes`` relative to the stored mailbox endpoint URL path.
+
+    This helper is intentionally strict:
+        - mailbox admin routing must come from the loaded self ``/loc/scheme``
+        - this path-relative rule applies only to mailbox admin, not to every
+          other mailbox-host surface
+    """
+    urls = hab.fetchUrls(eid=hab.pre, scheme=Schemes.https) or hab.fetchUrls(
+        eid=hab.pre,
+        scheme=Schemes.http,
+    )
+    if not urls:
+        raise ValueError("mailbox admin requires a loaded self HTTP(S) location record")
+
+    url = urls[Schemes.https] if Schemes.https in urls else urls[Schemes.http]
+    path = urlparse(url).path.rstrip("/")
+    return f"{path}/mailboxes"
+
+
+def _roleEnabled(hby, cid, role, eid):
+    """Return True when one endpoint role record is active for startup use."""
+    end = hby.db.ends.get(keys=(cid, role, eid))
+    return bool(end and (end.allowed or end.enabled))
+
+
+def _requireMailboxIdentity(hby, hab):
+    """Require authoritative self mailbox identity state before host startup.
+
+    Boot-time invariant:
+        - the hosted non-transferable mailbox AID must already advertise at
+          least one self HTTP(S) location
+        - it must already authorize itself as both controller and mailbox
+
+    This prevents the mailbox host from booting with an invented admin route or
+    an incomplete self-description. Mailbox start is responsible for creating
+    or reconciling this accepted self state before hosting begins; startup here
+    still refuses to serve if that reconciliation did not actually land in the
+    local database.
+    """
+    urls = hab.fetchUrls(eid=hab.pre, scheme=Schemes.https) or hab.fetchUrls(
+        eid=hab.pre,
+        scheme=Schemes.http,
+    )
+    if not urls:
+        raise ValueError("mailbox host startup requires a loaded self HTTP(S) location record")
+    if not _roleEnabled(hby, hab.pre, Roles.controller, hab.pre):
+        raise ValueError("mailbox host startup requires self controller authorization state")
+    if not _roleEnabled(hby, hab.pre, Roles.mailbox, hab.pre):
+        raise ValueError("mailbox host startup requires self mailbox authorization state")
+
+
 def setupMailbox(hby, alias="mailbox", mbx=None, aids=None, httpPort=5632,
                  keypath=None, certpath=None, cafilepath=None):
     """Set up one mailbox host around an existing local habitat.
@@ -166,11 +222,14 @@ def setupMailbox(hby, alias="mailbox", mbx=None, aids=None, httpPort=5632,
         - ``AuthorizedForwardHandler`` gates ``/fwd`` storage by mailbox authz
         - ``Respondant`` owns reply emission for non-stream cues
         - ``MailboxStart`` runs parser ingress, escrow replay, and cue routing
+        - mailbox admin is served at ``<stored-mailbox-url-path>/mailboxes``
 
     Because mailbox hosting here is separate from witness hosting, ``/fwd``
     storage is gated through ``AuthorizedForwardHandler`` so the host stores
     traffic only for recipients that currently authorize the hosted mailbox
-    AID.
+    AID. Only mailbox admin follows the stored location URL path in this
+    module; served OOBIs still come from ``loadEndingEnds(...)`` at their
+    normal root routes.
     """
     from .indirecting import createHttpServer, HttpEnd
 
@@ -186,6 +245,7 @@ def setupMailbox(hby, alias="mailbox", mbx=None, aids=None, httpPort=5632,
         raise ValueError(f"missing local mailbox alias {alias!r}")
     if hab.kever.prefixer.transferable:
         raise ValueError("mailbox host requires a non-transferable identifier")
+    _requireMailboxIdentity(hby, hab)
 
     mbx = mbx if mbx is not None else Mailboxer(name=alias, temp=hby.temp)
     forwarder = AuthorizedForwardHandler(hby=hby, mbx=mbx, mailboxAid=hab.pre)
@@ -212,7 +272,8 @@ def setupMailbox(hby, alias="mailbox", mbx=None, aids=None, httpPort=5632,
     httpEnd = HttpEnd(rxbs=parser.ims, mbx=mbx)
     app.add_route("/", httpEnd)
     app.add_route("/health", HealthEnd())
-    app.add_route("/mailboxes", MailboxAddRemoveEnd(hby=hby, hab=hab, kvy=kvy, rvy=rvy, exc=exchanger))
+    app.add_route(_mailboxAdminPath(hab),
+                  MailboxAddRemoveEnd(hby=hby, hab=hab, kvy=kvy, rvy=rvy, exc=exchanger))
 
     server = createHttpServer(host, httpPort, app, keypath, certpath, cafilepath)
     if not server.reopen():