WadeBarnes
diff --git a/‎aries_cloudagent/indy/credx/issuer.py‎
Lines changed: 9 additions & 0 deletions b/‎aries_cloudagent/indy/credx/issuer.py‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎aries_cloudagent/ledger/routes.py‎
Lines changed: 20 additions & 1 deletion b/‎aries_cloudagent/ledger/routes.py‎
Lines changed: 20 additions & 1 deletion
diff --git a/‎aries_cloudagent/ledger/tests/test_routes.py‎
Lines changed: 8 additions & 2 deletions b/‎aries_cloudagent/ledger/tests/test_routes.py‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎aries_cloudagent/revocation/indy.py‎
Lines changed: 33 additions & 6 deletions b/‎aries_cloudagent/revocation/indy.py‎
Lines changed: 33 additions & 6 deletions
diff --git a/‎aries_cloudagent/revocation/recover.py‎
Lines changed: 119 additions & 0 deletions b/‎aries_cloudagent/revocation/recover.py‎
Lines changed: 119 additions & 0 deletions
@@ -480,6 +480,15 @@ async def revoke_credentials(
                 await txn.handle.replace(
                     CATEGORY_REV_REG_INFO, revoc_reg_id, value_json=rev_info
                 )
+                for cred_rev_id in rev_crids:
+                    issuer_cr_rec = await IssuerCredRevRecord.retrieve_by_ids(
+                        txn,
+                        revoc_reg_id,
+                        str(cred_rev_id),
+                    )
+                    await issuer_cr_rec.set_state(
+                        txn, IssuerCredRevRecord.STATE_REVOKED
+                    )
                 if not transaction:
                     await txn.commit()
             except AskarError as err:
 
@@ -1,6 +1,7 @@
 """Ledger admin routes."""
 
 import json
+import logging
 
 from aiohttp import web
 from aiohttp_apispec import docs, querystring_schema, request_schema, response_schema
@@ -53,6 +54,9 @@
 from .util import notify_register_did_event
 
 
+LOGGER = logging.getLogger(__name__)
+
+
 class LedgerModulesResultSchema(OpenAPISchema):
     """Schema for the modules endpoint."""
 
@@ -590,20 +594,35 @@ async def ledger_accept_taa(request: web.BaseRequest):
             raise web.HTTPForbidden(reason=reason)
 
     accept_input = await request.json()
+    LOGGER.info(">>> accepting TAA with: %s", accept_input)
     async with ledger:
         try:
             taa_info = await ledger.get_txn_author_agreement()
             if not taa_info["taa_required"]:
                 raise web.HTTPBadRequest(
                     reason=f"Ledger {ledger.pool_name} TAA not available"
                 )
+            LOGGER.info("TAA on ledger: ", taa_info)
+            # this is a bit of a hack, but the "\ufeff" code is included in the
+            # ledger TAA and digest calculation, so it needs to be included in the
+            # TAA text that the user is accepting
+            # (if you copy the TAA text using swagger it won't include this character)
+            if taa_info["taa_record"]["text"].startswith("\ufeff"):
+                if not accept_input["text"].startswith("\ufeff"):
+                    LOGGER.info(
+                        ">>> pre-pending -endian character to TAA acceptance text"
+                    )
+                    accept_input["text"] = "\ufeff" + accept_input["text"]
             taa_record = {
                 "version": accept_input["version"],
                 "text": accept_input["text"],
                 "digest": ledger.taa_digest(
-                    accept_input["version"], accept_input["text"]
+                    accept_input["version"],
+                    accept_input["text"],
                 ),
             }
+            taa_record_digest = taa_record["digest"]
+            LOGGER.info(">>> accepting with digest: %s", taa_record_digest)
             await ledger.accept_txn_author_agreement(
                 taa_record, accept_input["mechanism"]
             )
 
@@ -686,7 +686,10 @@ async def test_accept_taa(self):
         with async_mock.patch.object(
             test_module.web, "json_response", async_mock.Mock()
         ) as json_response:
-            self.ledger.get_txn_author_agreement.return_value = {"taa_required": True}
+            self.ledger.get_txn_author_agreement.return_value = {
+                "taa_record": {"text": "text"},
+                "taa_required": True,
+            }
             result = await test_module.ledger_accept_taa(self.request)
             json_response.assert_called_once_with({})
             self.ledger.accept_txn_author_agreement.assert_awaited_once_with(
@@ -707,7 +710,10 @@ async def test_accept_taa_x(self):
                 "mechanism": "mechanism",
             }
         )
-        self.ledger.get_txn_author_agreement.return_value = {"taa_required": True}
+        self.ledger.get_txn_author_agreement.return_value = {
+            "taa_record": {"text": "text"},
+            "taa_required": True,
+        }
         self.ledger.accept_txn_author_agreement.side_effect = test_module.StorageError()
         with self.assertRaises(test_module.web.HTTPBadRequest):
             await test_module.ledger_accept_taa(self.request)
 
@@ -3,6 +3,7 @@
 from typing import Sequence
 
 from ..core.profile import Profile
+from ..ledger.base import BaseLedger
 from ..ledger.multiple_ledger.ledger_requests_executor import (
     GET_CRED_DEF,
     GET_REVOC_REG_DEF,
@@ -108,11 +109,42 @@ async def list_issuer_registries(self) -> Sequence["IssuerRevRegRecord"]:
         async with self._profile.session() as session:
             return await IssuerRevRegRecord.query(session)
 
+    async def get_issuer_rev_reg_delta(
+        self, rev_reg_id: str, fro: int = None, to: int = None
+    ) -> dict:
+        """
+        Check ledger for revocation status for a given revocation registry.
+
+        Args:
+            rev_reg_id: ID of the revocation registry
+
+        """
+        ledger = await self.get_ledger_for_registry(rev_reg_id)
+        async with ledger:
+            (rev_reg_delta, _) = await ledger.get_revoc_reg_delta(
+                rev_reg_id,
+                fro,
+                to,
+            )
+
+        return rev_reg_delta
+
     async def get_ledger_registry(self, revoc_reg_id: str) -> "RevocationRegistry":
         """Get a revocation registry from the ledger, fetching as necessary."""
         if revoc_reg_id in IndyRevocation.REV_REG_CACHE:
             return IndyRevocation.REV_REG_CACHE[revoc_reg_id]
 
+        ledger = await self.get_ledger_for_registry(revoc_reg_id)
+
+        async with ledger:
+            rev_reg = RevocationRegistry.from_definition(
+                await ledger.get_revoc_reg_def(revoc_reg_id), True
+            )
+            IndyRevocation.REV_REG_CACHE[revoc_reg_id] = rev_reg
+            return rev_reg
+
+    async def get_ledger_for_registry(self, revoc_reg_id: str) -> "BaseLedger":
+        """Get the ledger for the given registry."""
         multitenant_mgr = self._profile.inject_or(BaseMultitenantManager)
         if multitenant_mgr:
             ledger_exec_inst = IndyLedgerRequestsExecutor(self._profile)
@@ -124,9 +156,4 @@ async def get_ledger_registry(self, revoc_reg_id: str) -> "RevocationRegistry":
                 txn_record_type=GET_REVOC_REG_DEF,
             )
         )[1]
-        async with ledger:
-            rev_reg = RevocationRegistry.from_definition(
-                await ledger.get_revoc_reg_def(revoc_reg_id), True
-            )
-            IndyRevocation.REV_REG_CACHE[revoc_reg_id] = rev_reg
-            return rev_reg
+        return ledger
@@ -0,0 +1,119 @@
+"""Recover a revocation registry."""
+
+import hashlib
+import importlib
+import logging
+import tempfile
+import time
+
+import aiohttp
+import base58
+
+
+LOGGER = logging.getLogger(__name__)
+
+
+"""
+This module calculates a new ledger accumulator, based on the revocation status
+on the ledger vs revocations recorded in the wallet.
+The calculated transaction can be written to the ledger to get the ledger back
+in sync with the wallet.
+This function can be used if there were previous revocation errors (i.e. the
+credential revocation was successfully written to the wallet but the ledger write
+failed.)
+"""
+
+
+class RevocRecoveryException(Exception):
+    """Raise exception generating the recovery transaction."""
+
+
+async def fetch_txns(genesis_txns, registry_id):
+    """Fetch tails file and revocation registry information."""
+
+    try:
+        vdr_module = importlib.import_module("indy_vdr")
+        credx_module = importlib.import_module("indy_credx")
+    except Exception as e:
+        raise RevocRecoveryException(f"Failed to import library {e}")
+
+    pool = await vdr_module.open_pool(transactions=genesis_txns)
+    LOGGER.debug("Connected to pool")
+
+    LOGGER.debug("Fetch registry: %s", registry_id)
+    fetch = vdr_module.ledger.build_get_revoc_reg_def_request(None, registry_id)
+    result = await pool.submit_request(fetch)
+    if not result["data"]:
+        raise RevocRecoveryException(f"Registry definition not found for {registry_id}")
+    data = result["data"]
+    data["ver"] = "1.0"
+    defn = credx_module.RevocationRegistryDefinition.load(data)
+    LOGGER.debug("Tails URL: %s", defn.tails_location)
+
+    async with aiohttp.ClientSession() as session:
+        data = await session.get(defn.tails_location)
+        tails_data = await data.read()
+        tails_hash = base58.b58encode(hashlib.sha256(tails_data).digest()).decode(
+            "utf-8"
+        )
+        if tails_hash != defn.tails_hash:
+            raise RevocRecoveryException(
+                f"Tails hash mismatch {tails_hash} {defn.tails_hash}"
+            )
+        else:
+            LOGGER.debug("Checked tails hash: %s", tails_hash)
+        tails_temp = tempfile.NamedTemporaryFile(delete=False)
+        tails_temp.write(tails_data)
+        tails_temp.close()
+
+    to_timestamp = int(time.time())
+    fetch = vdr_module.ledger.build_get_revoc_reg_delta_request(
+        None, registry_id, None, to_timestamp
+    )
+    result = await pool.submit_request(fetch)
+    if not result["data"]:
+        raise RevocRecoveryException("Error fetching delta from ledger")
+
+    accum_to = result["data"]["value"]["accum_to"]
+    accum_to["ver"] = "1.0"
+    delta = credx_module.RevocationRegistryDelta.load(accum_to)
+    registry = credx_module.RevocationRegistry.load(accum_to)
+    LOGGER.debug("Ledger registry state: %s", registry.to_json())
+    revoked = set(result["data"]["value"]["revoked"])
+    LOGGER.debug("Ledger revoked indexes: %s", revoked)
+
+    return defn, registry, delta, revoked, tails_temp
+
+
+async def generate_ledger_rrrecovery_txn(genesis_txns, registry_id, set_revoked):
+    """Generate a new ledger accum entry, based on wallet vs ledger revocation state."""
+
+    new_delta = None
+
+    ledger_data = await fetch_txns(genesis_txns, registry_id)
+    if not ledger_data:
+        return new_delta
+    defn, registry, delta, prev_revoked, tails_temp = ledger_data
+
+    set_revoked = set(set_revoked)
+    mismatch = prev_revoked - set_revoked
+    if mismatch:
+        LOGGER.warn(
+            "Credential index(es) revoked on the ledger, but not in wallet: %s",
+            mismatch,
+        )
+
+    updates = set_revoked - prev_revoked
+    if not updates:
+        LOGGER.debug("No updates to perform")
+    else:
+        LOGGER.debug("New revoked indexes: %s", updates)
+
+        LOGGER.debug("tails_temp: %s", tails_temp.name)
+        update_registry = registry.copy()
+        new_delta = update_registry.update(defn, [], updates, tails_temp.name)
+
+        LOGGER.debug("New delta:")
+        LOGGER.debug(new_delta.to_json())
+
+    return new_delta