Merge branch 'main' into feature/enable-aggr-vcs

Author: teanas

aries_cloudagent/core/conductor.py

@@ -26,6 +26,7 @@
 from ..config.logging import LoggingConfigurator
 from ..config.provider import ClassProvider
 from ..config.wallet import wallet_config
+from ..connections.models.conn_record import ConnRecord
 from ..core.profile import Profile
 from ..indy.verifier import IndyVerifier
 from ..ledger.base import BaseLedger
@@ -450,14 +451,23 @@ async def start(self) -> None:
                         if mediation_connections_invite
                         else OutOfBandManager(self.root_profile)
                     )
-
-                    conn_record = await mgr.receive_invitation(
-                        invitation=invitation_handler.from_url(
-                            mediation_invite_record.invite
-                        ),
-                        auto_accept=True,
-                    )
                     async with self.root_profile.session() as session:
+                        invitation = invitation_handler.from_url(
+                            mediation_invite_record.invite
+                        )
+                        if isinstance(mgr, OutOfBandManager):
+                            oob_record = await mgr.receive_invitation(
+                                invitation=invitation,
+                                auto_accept=True,
+                            )
+                            conn_record = await ConnRecord.retrieve_by_id(
+                                session, oob_record.connection_id
+                            )
+                        else:
+                            conn_record = await mgr.receive_invitation(
+                                invitation=invitation,
+                                auto_accept=True,
+                            )
                         await (
                             MediationInviteStore(
                                 session.context.inject(BaseStorage)

aries_cloudagent/core/dispatcher.py

@@ -296,10 +296,10 @@ async def make_message(
         if not isinstance(parsed_msg, dict):
             raise MessageParseError("Expected a JSON object")
         message_type = parsed_msg.get("@type")
-        message_type_rec_version = get_version_from_message_type(message_type)
 
         if not message_type:
             raise MessageParseError("Message does not contain '@type' parameter")
+        message_type_rec_version = get_version_from_message_type(message_type)
 
         registry: ProtocolRegistry = self.profile.inject(ProtocolRegistry)
         try:

aries_cloudagent/core/tests/test_conductor.py

@@ -1161,7 +1161,9 @@ async def test_mediator_invitation_0434(self, mock_from_url, _):
                 "test": async_mock.MagicMock(schemes=["http"])
             }
             await conductor.setup()
-
+        conductor.root_profile.context.update_settings(
+            {"mediation.connections_invite": False}
+        )
         conn_record = ConnRecord(
             invitation_key="3Dn1SJNPaCXcvvJvSbsFWP2xaCjMom3can8CQNhWrTRx",
             their_label="Hello",
@@ -1170,12 +1172,15 @@ async def test_mediator_invitation_0434(self, mock_from_url, _):
         )
         conn_record.accept = ConnRecord.ACCEPT_MANUAL
         await conn_record.save(await conductor.root_profile.session())
+        oob_record = async_mock.MagicMock(
+            connection_id=conn_record.connection_id,
+        )
         with async_mock.patch.object(
             test_module,
             "OutOfBandManager",
             async_mock.MagicMock(
                 return_value=async_mock.MagicMock(
-                    receive_invitation=async_mock.AsyncMock(return_value=conn_record)
+                    receive_invitation=async_mock.AsyncMock(return_value=oob_record)
                 )
             ),
         ) as mock_mgr, async_mock.patch.object(
@@ -1185,10 +1190,10 @@ async def test_mediator_invitation_0434(self, mock_from_url, _):
                 return_value=async_mock.MagicMock(value=f"v{__version__}")
             ),
         ):
+            assert not conductor.root_profile.settings["mediation.connections_invite"]
             await conductor.start()
             await conductor.stop()
             mock_from_url.assert_called_once_with("test-invite")
-            mock_mgr.return_value.receive_invitation.assert_called_once()
 
     @async_mock.patch.object(test_module, "MediationInviteStore")
     @async_mock.patch.object(test_module.ConnectionInvitation, "from_url")

aries_cloudagent/protocols/connections/v1_0/routes.py

@@ -10,7 +10,7 @@
     request_schema,
     response_schema,
 )
-
+from typing import cast
 from marshmallow import fields, validate, validates_schema
 
 from ....admin.request_context import AdminRequestContext
@@ -115,7 +115,7 @@ class CreateInvitationRequestSchema(OpenAPISchema):
     mediation_id = fields.Str(
         required=False,
         description="Identifier for active mediation record to be used",
-        **MEDIATION_ID_SCHEMA
+        **MEDIATION_ID_SCHEMA,
     )
 
 
@@ -247,7 +247,7 @@ class ReceiveInvitationQueryStringSchema(OpenAPISchema):
     mediation_id = fields.Str(
         required=False,
         description="Identifier for active mediation record to be used",
-        **MEDIATION_ID_SCHEMA
+        **MEDIATION_ID_SCHEMA,
     )
 
 
@@ -261,7 +261,7 @@ class AcceptInvitationQueryStringSchema(OpenAPISchema):
     mediation_id = fields.Str(
         required=False,
         description="Identifier for active mediation record to be used",
-        **MEDIATION_ID_SCHEMA
+        **MEDIATION_ID_SCHEMA,
     )
 
 
@@ -536,11 +536,16 @@ async def connections_create_invitation(request: web.BaseRequest):
             metadata=metadata,
             mediation_id=mediation_id,
         )
-
+        invitation_url = invitation.to_url(base_url)
+        base_endpoint = service_endpoint or cast(
+            str, profile.settings.get("default_endpoint")
+        )
         result = {
             "connection_id": connection and connection.connection_id,
             "invitation": invitation.serialize(),
-            "invitation_url": invitation.to_url(base_url),
+            "invitation_url": f"{base_endpoint}{invitation_url}"
+            if invitation_url.startswith("?")
+            else invitation_url,
         }
     except (ConnectionManagerError, StorageError, BaseModelError) as err:
         raise web.HTTPBadRequest(reason=err.roll_up) from err

aries_cloudagent/protocols/endorse_transaction/v1_0/routes.py

@@ -764,11 +764,15 @@ async def on_startup_event(profile: Profile, event: Event):
         invite = InvitationMessage.from_url(endorser_invitation)
         if invite:
             oob_mgr = OutOfBandManager(profile)
-            conn_record = await oob_mgr.receive_invitation(
+            oob_record = await oob_mgr.receive_invitation(
                 invitation=invite,
                 auto_accept=True,
                 alias=endorser_alias,
             )
+            async with profile.session() as session:
+                conn_record = await ConnRecord.retrieve_by_id(
+                    session, oob_record.connection_id
+                )
         else:
             invite = ConnectionInvitation.from_url(endorser_invitation)
             if invite:

aries_cloudagent/protocols/issue_credential/v2_0/formats/ld_proof/handler.py

@@ -503,7 +503,7 @@ async def receive_credential(
 
         # Remove values from cred that are not part of detail
         cred_dict.pop("proof")
-        credential_status = cred_dict.pop("credentialStatus", None)
+        credential_status = cred_dict.get("credentialStatus", None)
         detail_status = detail.options.credential_status
 
         if cred_dict != detail_dict["credential"]:

aries_cloudagent/protocols/issue_credential/v2_0/formats/ld_proof/tests/test_handler.py

@@ -770,13 +770,14 @@ async def test_receive_credential_x_credential_status_ne(self):
 
     async def test_receive_credential_x_credential_status_ne_both_set(self):
         detail = deepcopy(LD_PROOF_VC_DETAIL)
+        status_entry = {"type": "SomeRandomType"}
 
-        # Set credential status so it's only set on the detail
-        # not the issued credential
+        # Set credential status in both request and reference credential
         detail["options"]["credentialStatus"] = {"type": "CredentialStatusType"}
+        detail["credential"]["credentialStatus"] = deepcopy(status_entry)
 
         vc = deepcopy(LD_PROOF_VC)
-        vc["credentialStatus"] = {"type": "SomeRandomType"}
+        vc["credentialStatus"] = deepcopy(status_entry)
 
         cred_issue = V20CredIssue(
             formats=[

demo/docker-agent/Dockerfile.acapy

@@ -0,0 +1,14 @@
+FROM bcgovimages/aries-cloudagent:py36-1.16-1_1.0.0-rc0
+
+USER root
+
+ADD https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 ./jq
+RUN chmod +x ./jq
+COPY ngrok-wait.sh ngrok-wait.sh
+RUN chmod +x ./ngrok-wait.sh
+
+USER $user
+
+# temporary until this PR gets merged/released
+RUN pip uninstall -y aries-cloudagent
+RUN pip install aries-cloudagent[indy,bbs,askar]@git+https://github.com/ianco/aries-cloudagent-python@endorser-write-did

demo/docker-agent/README.md

@@ -0,0 +1,87 @@
+# Running an Author Agent and connecting to an Endorser
+
+This directory contains scripts to run an aca-py agent as an Author, that can conenct to an Endorser service.
+
+## Running the Author Agent
+
+The docker-compose script runs ngrok to expose the agent's port publicly, and stores wallet data in a postgres database.
+
+To run the Author agent in this repo, open a command shell in this directory and run:
+
+- to build the containers:
+
+```bash
+docker-compose build
+```
+
+- to run the author agent:
+
+```bash
+docker-compose up
+```
+
+You can connect to the [agent's api service here](http://localhost:8010).
+
+Note that all the configuration settings are hard-coded in the docker-compose file and ngrok-wait.sh script, so if you change any configs you need to rebuild the docker images.
+
+- to shut down the agent:
+
+```bash
+docker-compose stop
+docker-compose rm -f
+```
+
+This will leave the agent's wallet data, so if you restart the agent it will maintain any created data.
+
+- to remove the agent's wallet:
+
+```bash
+docker volume rm docker-agent_wallet-db-data
+```
+
+Note that the Author agent is not (yet) configured with revocations enabled or a tails server, so revocation is not supported.
+
+## Connecting to an Endorser Service
+
+For this example, we will connect to [this endorser service](https://github.com/bcgov/aries-endorser-service), which you can connect to locally at `http://localhost:5050/endorser/docs`.
+
+Make sure you start the endorser service on the same ledger as your author, and make sure the endorser has a public DID with ENDORSER role.
+
+For example start the endorser service as `LEDGER_URL=http://test.bcovrin.vonx.io TAILS_SERVER_URL=https://tails-test.vonx.io ./manage start --logs` and then make sure the Author agent is started with `--genesis_url http://test.bcovrin.vonx.io/genesis`.
+
+### Connecting the Author to the Endorser
+
+Endorser Service:  Use the `GET /v1/admin/config` endpoint to fetch the endorser's configuration, including the public DID (which the author will need to know).  Also confirm whether the `ENDORSER_AUTO_ACCEPT_CONNECTIONS` and `ENDORSER_AUTO_ENDORSE_REQUESTS` settings are `True` or `False` - for the following we will assume that both are `False` and the endorser must explicitely respond to all requests.
+
+Author Agent:  Use the `POST /didexchange/create-request` to request a connection with the endorser, using the endorser's public DID.  Set the `alias` to `Endorser` - this *MUST* match the `--endorser-alias 'Endorser'` setting (in the ngrok-wait.sh script).  Use the `GET /connections` endpoint to verify the connection is in `request` state.
+
+Endorser Service:  Use the `GET /v1/connections` endpoint to see the connection request (state `request`).  Using the `connection_id`, call the `POST /connections/{connection_id}/accept` endpoint to accept the request.  Verify that the connection state goes to `active`.
+
+Author Agent:  Verify the connection state goes to `active`.  Use the `POST /transactions/{conn_id}/set-endorser-role` to set the connection role to `TRANSACTION_AUTHOR`, and then use `POST /transactions/{conn_id}/set-endorser-info` to set the endorser's alias to `Endorser` and the public DID to the endorser's public DID.  Verify the settings using the `GET /connections/{conn_id}/meta-data` endpoint.
+
+The connection is now setup between the two agents!
+
+### Creating a Public Author DID
+
+Author Agent:  Use the `POST /wallet/did/create` (use an empty `{}` POST body) to create a local did.  Then use `POST /ledger/register-nym` to send the data to the ledger - this will create a transaction and send it to the endorser service.
+
+Endorser Service:  Use the `GET /v1/endorse/transactions` endpoint to see the endorse request - it should be in state `request_received`.  Using the `POST /v1/endorse/transactions/{transaction_id}/endorse` endpoint and the `transaction_id`, approve the request.  The state should now (eventually) go to `transaction_acked`.
+
+Author Service:  Use the `GET /transactions` endpoint to verify the transaction is in `transaction_acked` state.  Then use the `POST /wallet/did/public` to set the new DID to be the Author's public DID.  This will generate another endorser transaction to set the DID's endpoint (ATTRIB transaction) on the ledger.
+
+Endorser Service:  Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.
+
+### Endorsing Author Requests
+
+Author requests to create schema, create credential definition and create revocation registries will all now generate endorse requests to the endorser.
+
+Author Agent:  To create a schema use the `POST /schemas` endpoint.  This will create an endorse request.
+
+Endorser Service:  Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.
+
+Author Agent:  To create a cred def use the `POST /credential-definitions` endpoint.  This will create an endorse request.
+
+Endorser Service:  Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.
+
+
+

demo/docker-agent/docker-compose.yml

@@ -0,0 +1,47 @@
+# Sample docker-compose to start a local aca-py author agent
+# To start aca-py and the postgres database, just run `docker-compose up`
+# To shut down the services run `docker-compose rm` - this will retain the postgres database, so you can change aca-py startup parameters
+# and restart the docker containers without losing your wallet data
+# If you want to delete your wallet data just run `docker volume ls -q | xargs docker volume rm`
+version: "3"
+services:
+  ngrok-agent:
+    image: wernight/ngrok
+    ports:
+      - 4067:4040
+    command: ngrok http author-agent:8001 --log stdout
+
+  author-agent:
+    build:
+      context: .
+      dockerfile: Dockerfile.acapy
+    environment:
+      - NGROK_NAME=ngrok-agent
+    ports:
+      - 8010:8010
+      - 8001:8001
+    depends_on:
+      - wallet-db
+    entrypoint: /bin/bash
+    command: [
+        "-c",
+        "sleep 5; \
+        ./ngrok-wait.sh"
+      ]
+    volumes:
+      - ./ngrok-wait.sh:/home/indy/ngrok-wait.sh
+
+  wallet-db:
+    image: vcr-postgresql
+    environment:
+      - POSTGRESQL_USER=DB_USER
+      - POSTGRESQL_PASSWORD=DB_PASSWORD
+      - POSTGRESQL_DATABASE=DB_USER
+      - POSTGRESQL_ADMIN_PASSWORD=mysecretpassword
+    ports:
+      - 5433:5432
+    volumes:
+      - wallet-db-data:/var/lib/pgsql/data
+
+volumes:
+  wallet-db-data: