69 lines
2.5 KiB
Python
69 lines
2.5 KiB
Python
"""Offline client-managed registry creation (same structure as demo/setup_managed_demo)."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import base64
|
|
import json
|
|
from pathlib import Path
|
|
|
|
import zkac
|
|
|
|
from zkac_cli import creds
|
|
|
|
|
|
def create_registry_bundle(
|
|
slug: str,
|
|
role_names: list[str],
|
|
out_dir: Path,
|
|
) -> dict[str, str]:
|
|
"""
|
|
Build a new registry with admin issuer = role issuer for all listed roles.
|
|
Writes admin.json, registry.json under out_dir.
|
|
"""
|
|
out_dir.mkdir(parents=True, exist_ok=True)
|
|
admin_issuer = zkac.BbsIssuer()
|
|
admin_pk = admin_issuer.public_key()
|
|
admin_rid = zkac.admin_role_id()
|
|
|
|
req = zkac.prepare_blind_request()
|
|
sig = admin_issuer.issue_blind(req.commitment_with_proof(), admin_rid, 0)
|
|
admin_cred = zkac.Credential.finalize(
|
|
sig, req.member_secret(), req.prover_blind(), admin_rid, 0, admin_pk
|
|
)
|
|
|
|
issuance_kp = zkac.IssuanceKeypair()
|
|
role_entries = [(zkac.role_id(name), admin_pk, 1) for name in role_names]
|
|
|
|
state = zkac.RegistryState.build(
|
|
admin_pk, issuance_kp.public_key_bytes(), 1, b"\x00" * 32, role_entries
|
|
)
|
|
state_bytes = state.serialize()
|
|
state_cert = state.certify(admin_cred)
|
|
registry_id = state.registry_id()
|
|
|
|
admin_payload = {
|
|
"slug": slug,
|
|
"admin_issuer_secret_b64": base64.b64encode(admin_issuer.secret_key_bytes()).decode(),
|
|
"admin_issuer_public_key_b64": base64.b64encode(admin_pk.to_bytes()).decode(),
|
|
"admin_member_secret_b64": base64.b64encode(req.member_secret()).decode(),
|
|
"admin_prover_blind_b64": base64.b64encode(req.prover_blind()).decode(),
|
|
"admin_blind_sig_b64": base64.b64encode(sig).decode(),
|
|
"issuance_secret_b64": base64.b64encode(issuance_kp.secret_bytes()).decode(),
|
|
"issuance_public_key_b64": base64.b64encode(issuance_kp.public_key_bytes()).decode(),
|
|
"registry_id_hex": registry_id.hex(),
|
|
}
|
|
creds.save_json(out_dir / "admin.json", admin_payload)
|
|
|
|
reg_payload = {
|
|
"slug": slug,
|
|
"registry_id_hex": registry_id.hex(),
|
|
"state_bytes_b64": base64.b64encode(state_bytes).decode(),
|
|
"state_cert_b64": base64.b64encode(bytes(state_cert)).decode(),
|
|
"admin_issuer_public_key_b64": base64.b64encode(admin_pk.to_bytes()).decode(),
|
|
"issuance_public_key_b64": base64.b64encode(issuance_kp.public_key_bytes()).decode(),
|
|
"roles": role_names,
|
|
}
|
|
creds.save_json(out_dir / "registry.json", reg_payload)
|
|
|
|
return {"registry_id_hex": registry_id.hex(), "path": str(out_dir)}
|