Merge branch 'main' into main

Author: ianco

.github/workflows/nightly-tests.yml

@@ -0,0 +1,39 @@
+name: Nightly Tests
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  tests:
+    name: Tests
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu-latest"]
+        python-version: ["3.7", "3.8", "3.9", "3.10"]
+        include:
+          - os: "ubuntu-20.04"
+            python-version: "3.6"
+    uses: ./.github/workflows/tests.yml
+    with:
+      python-version: ${{ matrix.python-version }}
+      os: ${{ matrix.os }}
+
+  tests-indy:
+    name: Tests (Indy)
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu-latest"]
+        python-version: ["3.7", "3.8", "3.9", "3.10"]
+        include:
+          - os: "ubuntu-20.04"
+            python-version: "3.6"
+
+    uses: ./.github/workflows/tests-indy.yml
+    with:
+      python-version: ${{ matrix.python-version }}
+      os: ${{ matrix.os }}
+      indy-version: "1.16.0"

.github/workflows/pr-tests.yml

@@ -0,0 +1,20 @@
+name: PR Tests
+
+on:
+  pull_request:
+
+jobs:
+  tests:
+    name: Tests
+    uses: ./.github/workflows/tests.yml
+    with:
+      python-version: "3.6"
+      os: "ubuntu-20.04"
+
+  tests-indy:
+    name: Tests (Indy)
+    uses: ./.github/workflows/tests-indy.yml
+    with:
+      python-version: "3.6"
+      indy-version: "1.16.0"
+      os: "ubuntu-20.04"

.github/workflows/tests-indy.yml

@@ -0,0 +1,58 @@
+name: Tests (Indy)
+
+on:
+  workflow_call:
+    inputs:
+      python-version:
+        required: true
+        type: string
+      indy-version:
+        required: true
+        type: string
+      os:
+        required: true
+        type: string
+
+jobs:
+  tests:
+    name: Test Python ${{ inputs.python-version }} on Indy ${{ inputs.indy-version }}
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Cache image layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache-test
+          key: ${{ runner.os }}-buildx-test-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-test-
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build test image
+        uses: docker/build-push-action@v3
+        with:
+          load: true
+          context: .
+          file: docker/Dockerfile.indy
+          target: acapy-test
+          tags: acapy-test:latest
+          build-args: |
+            python_version=${{ inputs.python-version }}
+            indy_version=${{ inputs.indy-version }}
+          cache-from: type=local,src=/tmp/.buildx-cache-test
+          cache-to: type=local,dest=/tmp/.buildx-cache-test-new,mode=max
+
+      # Temp fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache-test
+          mv /tmp/.buildx-cache-test-new /tmp/.buildx-cache-test
+
+      - name: Run pytest
+        run: |
+          docker run --rm acapy-test:latest

.github/workflows/tests.yml

@@ -0,0 +1,35 @@
+name: Tests
+
+on:
+  workflow_call:
+    inputs:
+      python-version:
+        required: true
+        type: string
+      os:
+        required: true
+        type: string
+
+jobs:
+  tests:
+    name: Test Python ${{ inputs.python-version }}
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ inputs.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ inputs.python-version }}
+          cache: 'pip'
+          cache-dependency-path: 'requirements*.txt'
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip3 install --no-cache-dir \
+            -r requirements.txt \
+            -r requirements.askar.txt \
+            -r requirements.bbs.txt \
+            -r requirements.dev.txt
+      - name: Tests
+        run: |
+          pytest

aries_cloudagent/ledger/multiple_ledger/indy_manager.py

@@ -9,6 +9,7 @@
 
 from ...cache.base import BaseCache
 from ...core.profile import Profile
+from ...ledger.base import BaseLedger
 from ...ledger.error import LedgerError
 from ...wallet.crypto import did_is_self_certified
 
@@ -53,7 +54,11 @@ def __init__(
 
     async def get_write_ledger(self) -> Optional[Tuple[str, IndySdkLedger]]:
         """Return the write IndySdkLedger instance."""
-        return self.write_ledger_info
+        # return self.write_ledger_info
+        if self.write_ledger_info:
+            return (self.write_ledger_info[0], self.profile.inject_or(BaseLedger))
+        else:
+            return None
 
     async def get_prod_ledgers(self) -> Mapping:
         """Return production ledgers mapping."""
@@ -83,7 +88,11 @@ async def _get_ledger_by_did(
         """
         try:
             indy_sdk_ledger = None
-            if ledger_id in self.production_ledgers:
+            if self.write_ledger_info and ledger_id == self.write_ledger_info[0]:
+                indy_sdk_ledger = await self.get_write_ledger()
+                if indy_sdk_ledger:
+                    indy_sdk_ledger = indy_sdk_ledger[1]
+            elif ledger_id in self.production_ledgers:
                 indy_sdk_ledger = self.production_ledgers.get(ledger_id)
             else:
                 indy_sdk_ledger = self.non_production_ledgers.get(ledger_id)
@@ -134,7 +143,9 @@ async def lookup_did_in_configured_ledgers(
         cache_key = f"did_ledger_id_resolver::{did}"
         if bool(cache_did and self.cache and await self.cache.get(cache_key)):
             cached_ledger_id = await self.cache.get(cache_key)
-            if cached_ledger_id in self.production_ledgers:
+            if self.write_ledger_info and cached_ledger_id == self.write_ledger_info[0]:
+                return self.get_write_ledger()
+            elif cached_ledger_id in self.production_ledgers:
                 return (cached_ledger_id, self.production_ledgers.get(cached_ledger_id))
             elif cached_ledger_id in self.non_production_ledgers:
                 return (

aries_cloudagent/ledger/multiple_ledger/manager_provider.py

@@ -84,24 +84,27 @@ def provide(self, settings: BaseSettings, injector: BaseInjector):
                         pool_name = config.get("pool_name")
                         ledger_is_production = config.get("is_production")
                         ledger_is_write = config.get("is_write")
-                        ledger_pool = pool_class(
-                            pool_name,
-                            keepalive=keepalive,
-                            cache=cache,
-                            genesis_transactions=genesis_transactions,
-                            read_only=read_only,
-                            socks_proxy=socks_proxy,
-                        )
-                        ledger_instance = ledger_class(
-                            pool=ledger_pool,
-                            profile=self.root_profile,
-                        )
                         if ledger_is_write:
-                            write_ledger_info = (ledger_id, ledger_instance)
-                        if ledger_is_production:
-                            indy_sdk_production_ledgers[ledger_id] = ledger_instance
+                            write_ledger_info = (ledger_id, None)
                         else:
-                            indy_sdk_non_production_ledgers[ledger_id] = ledger_instance
+                            ledger_pool = pool_class(
+                                pool_name,
+                                keepalive=keepalive,
+                                cache=cache,
+                                genesis_transactions=genesis_transactions,
+                                read_only=read_only,
+                                socks_proxy=socks_proxy,
+                            )
+                            ledger_instance = ledger_class(
+                                pool=ledger_pool,
+                                profile=self.root_profile,
+                            )
+                            if ledger_is_production:
+                                indy_sdk_production_ledgers[ledger_id] = ledger_instance
+                            else:
+                                indy_sdk_non_production_ledgers[
+                                    ledger_id
+                                ] = ledger_instance
                     if settings.get_value("ledger.genesis_transactions"):
                         ledger_instance = self.root_profile.inject_or(BaseLedger)
                         ledger_id = "startup::" + ledger_instance.pool.name

aries_cloudagent/ledger/multiple_ledger/tests/test_indy_manager.py

@@ -11,6 +11,7 @@
 from ....cache.base import BaseCache
 from ....cache.in_memory import InMemoryCache
 from ....core.in_memory import InMemoryProfile
+from ....ledger.base import BaseLedger
 from ....messaging.responder import BaseResponder
 
 from ...error import LedgerError
@@ -36,6 +37,7 @@ async def setUp(self):
             IndySdkLedgerPool("test_prod_1", checked=True), self.profile
         )
         test_write_ledger = ("test_prod_1", test_prod_ledger)
+        self.context.injector.bind_instance(BaseLedger, test_prod_ledger)
         self.production_ledger["test_prod_1"] = test_prod_ledger
         self.production_ledger["test_prod_2"] = IndySdkLedger(
             IndySdkLedgerPool("test_prod_2", checked=True), self.profile
@@ -385,13 +387,13 @@ async def test_lookup_did_in_configured_ledgers_prod_not_cached(
 
     async def test_lookup_did_in_configured_ledgers_cached_prod_ledger(self):
         cache = InMemoryCache()
-        await cache.set("did_ledger_id_resolver::Av63wJYM7xYR4AiygYq4c3", "test_prod_1")
+        await cache.set("did_ledger_id_resolver::Av63wJYM7xYR4AiygYq4c3", "test_prod_2")
         self.profile.context.injector.bind_instance(BaseCache, cache)
         (ledger_id, ledger_inst,) = await self.manager.lookup_did_in_configured_ledgers(
             "Av63wJYM7xYR4AiygYq4c3", cache_did=True
         )
-        assert ledger_id == "test_prod_1"
-        assert ledger_inst.pool.name == "test_prod_1"
+        assert ledger_id == "test_prod_2"
+        assert ledger_inst.pool.name == "test_prod_2"
 
     async def test_lookup_did_in_configured_ledgers_cached_non_prod_ledger(self):
         cache = InMemoryCache()

demo/bdd_support/agent_backchannel_client.py

@@ -130,10 +130,12 @@ def aries_container_receive_credential(
 def aries_container_request_proof(
     the_container: AgentContainer,
     proof_request: dict,
+    explicit_revoc_required: bool = False,
 ):
     return run_coroutine(
         the_container.request_proof,
         proof_request,
+        explicit_revoc_required=explicit_revoc_required,
     )
 
 

demo/features/0454-present-proof.feature

@@ -98,7 +98,7 @@ Feature: RFC 0454 Aries agent present proof
          | Acme   | --revocation --public-did --multitenant    | --multitenant    | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
 
    @T003-RFC0454.1 @GHA
-   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't
+   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, neither credential is revoked
       Given we have "4" agents
          | name  | role     | capabilities         |
          | Acme1 | issuer1  | <Acme1_capabilities> |
@@ -117,8 +117,28 @@ Feature: RFC 0454 Aries agent present proof
          | issuer1 | Acme1_capabilities        | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1     | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request                    |
          | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id |
 
+   @T003-RFC0454.1f
+   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, neither credential is revoked, fails due to requesting request-level revocation
+      Given we have "4" agents
+         | name  | role     | capabilities         |
+         | Acme1 | issuer1  | <Acme1_capabilities> |
+         | Acme2 | issuer2  | <Acme2_capabilities> |
+         | Faber | verifier | <Acme1_capabilities> |
+         | Bob   | prover   | <Bob_cap>   |
+      And "<issuer1>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name_1> credential <Credential_data_1> from "<issuer1>"
+      And "<issuer2>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name_2> credential <Credential_data_2> from "<issuer2>"
+      And "Faber" and "Bob" have an existing connection
+      When "Faber" sends a request for proof presentation <Proof_request> to "Bob"
+      Then "Faber" has the proof verification fail
+
+      Examples:
+         | issuer1 | Acme1_capabilities        | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1     | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request                    |
+         | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id_r2 |
+
    @T003-RFC0454.2 @GHA
-   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, and the revocable credential is revoked
+   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, and the revocable credential is revoked, and the proof checks for revocation and fails
       Given we have "4" agents
          | name  | role     | capabilities         |
          | Acme1 | issuer1  | <Acme1_capabilities> |
@@ -137,3 +157,25 @@ Feature: RFC 0454 Aries agent present proof
       Examples:
          | issuer1 | Acme1_capabilities        | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1     | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request                    |
          | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id |
+         | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id_r2 |
+
+   @T003-RFC0454.3 @GHA
+   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, and the revocable credential is revoked, and the proof doesn't check for revocation and passes
+      Given we have "4" agents
+         | name  | role     | capabilities         |
+         | Acme1 | issuer1  | <Acme1_capabilities> |
+         | Acme2 | issuer2  | <Acme2_capabilities> |
+         | Faber | verifier | <Acme1_capabilities> |
+         | Bob   | prover   | <Bob_cap>   |
+      And "<issuer1>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name_1> credential <Credential_data_1> from "<issuer1>"
+      And "<issuer1>" revokes the credential
+      And "<issuer2>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name_2> credential <Credential_data_2> from "<issuer2>"
+      And "Faber" and "Bob" have an existing connection
+      When "Faber" sends a request with explicit revocation status for proof presentation <Proof_request> to "Bob"
+      Then "Faber" has the proof verified
+
+      Examples:
+         | issuer1 | Acme1_capabilities        | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1     | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request                             |
+         | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id_no_revoc |

demo/features/0586-sign-transaction.feature

@@ -26,6 +26,7 @@ Feature: RFC 0586 Aries sign (endorse) transactions functions
          | --multitenant             | --multitenant             | driverslicense |
          | --mediation --multitenant | --mediation --multitenant | driverslicense |
          | --multitenant --multi-ledger | --multitenant --multi-ledger | driverslicense |
+         | --multitenant --multi-ledger --revocation | --multitenant --multi-ledger --revocation | driverslicense |
 
 
    @T001.1-RFC0586 @GHA
@@ -94,6 +95,7 @@ Feature: RFC 0586 Aries sign (endorse) transactions functions
          | --revocation --public-did --mediation               | --revocation --mediation                  | driverslicense | Data_DL_NormalizedValues |
          | --revocation --public-did --multitenant             | --revocation --multitenant                | driverslicense | Data_DL_NormalizedValues |
          | --revocation --public-did --mediation --multitenant | --revocation --mediation --multitenant    | driverslicense | Data_DL_NormalizedValues |
+         | --multitenant --multi-ledger --revocation --public-did | --multitenant --multi-ledger --revocation | driverslicense | Data_DL_NormalizedValues |
 
    @T002.1-RFC0586 @GHA
    Scenario Outline: endorse a schema and cred def transaction, write to the ledger, issue and revoke a credential, manually invoking each endorsement endpoint