# Aries Basic Controller - Issuer Alice

### This notebook walks through how to issue a credential across a previously established connection. It should be run in parallel with the [Holder notebook](http://localhost:8889/notebooks/holder.ipynb) controlling the agent receiving the credential.

If unfamiliar with the protocol it is worth reading through the [aries-rfs](https://github.com/hyperledger/aries-rfcs/tree/master/features/0036-issue-credential)


## 1. Initialise a controller for Alice

In [1]:
%autoawait
import time
import asyncio
from aries_basic_controller.aries_controller import AriesAgentController
    
WEBHOOK_HOST = "0.0.0.0"
WEBHOOK_PORT = 8022
WEBHOOK_BASE = ""
ADMIN_URL = "http://alice-agent:8021"

# Based on the aca-py agent you wish to control
agent_controller = AriesAgentController(webhook_host=WEBHOOK_HOST, webhook_port=WEBHOOK_PORT,
                                       webhook_base=WEBHOOK_BASE, admin_url=ADMIN_URL)
    

IPython autoawait is `on`, and set to use `asyncio`


## 2. Register Listeners

The handler should get called every time the controller receives a webhook with the topic issue_credential, printing out the payload. The agent calls to this webhook every time it receives an issue-credential protocol message from a credential.

In [2]:
loop = asyncio.get_event_loop()
loop.create_task(agent_controller.listen_webhooks())

def cred_handler(payload):
    print("Handle Credentials")
    exchange_id = payload['credential_exchange_id']
    state = payload['state']
    role = payload['role']
    attributes = payload['credential_proposal_dict']['credential_proposal']['attributes']
    print(f"Credential exchange {exchange_id}, role: {role}, state: {state}")
    print(f"Offering: {attributes}")
    
cred_listener = {
    "topic": "issue_credential",
    "handler": cred_handler
}
agent_controller.register_listeners([cred_listener], defaults=True)


## 3. Check the agent has an active connection

**Note: An active connection is required, this should have been established on start up through the python script create_connection.py in the setup folder. If not it is possible to run through the did-exchange tutorial to create one between Alice and Bob**

* [Alice](http://localhost:8888/notebooks/did-exchange-inviter.ipynb)
* [Bob](http://localhost:8889/notebooks/did-exchange-invitee.ipynb)

In [3]:
response = await agent_controller.connections.get_connections()
results = response['results']
print("Results : ", results)
if len(results) > 0:
    connection = response['results'][0]
    print("Connection :", connection)
    if connection['state'] == 'active':       
        connection_id = connection["connection_id"]
        print("Active Connection ID : ", connection_id)
else:
    print("You must create a connection")
    


Results :  [{'their_role': 'admin', 'routing_state': 'none', 'connection_id': '040c673c-32e2-4f28-98af-f59e4e8d44be', 'invitation_key': 'YbmDUhxN4euv5q8q551wLrgiqQ7n5W8bx8xQebfBrAM', 'initiator': 'self', 'updated_at': '2020-09-10 14:21:37.366052Z', 'state': 'invitation', 'created_at': '2020-09-10 14:21:37.366052Z', 'invitation_mode': 'once', 'accept': 'auto'}]
Connection : {'their_role': 'admin', 'routing_state': 'none', 'connection_id': '040c673c-32e2-4f28-98af-f59e4e8d44be', 'invitation_key': 'YbmDUhxN4euv5q8q551wLrgiqQ7n5W8bx8xQebfBrAM', 'initiator': 'self', 'updated_at': '2020-09-10 14:21:37.366052Z', 'state': 'invitation', 'created_at': '2020-09-10 14:21:37.366052Z', 'invitation_mode': 'once', 'accept': 'auto'}


## 4. Write a Schema to the Ledger

For more details see the [schema-api notebook](http://localhost:8888/notebooks/schema_api.ipynb)

**Note: You will only be able to do this once unless you change the schema_name or version. Or tear down the current ledger using ./manage down**

In [4]:
# Define you schema name - must be unique on the ledger
schema_name = "testabc"
# Can version the schema if you wish to update it
schema_version = "0.0.1"
# Define any list of attributes you wish to include in your schema
attributes = ["name", "skill", "age"]

response = await agent_controller.schema.write_schema(schema_name, attributes, schema_version)
schema_id = response["schema_id"]
print(schema_id)


PQRXDxdGqQGSZ8z69p4xZP:2:testabc:0.0.1


## 5. Write a Credential Definition to the Ledger

More details in the [definitions notebook](http://localhost:8888/notebooks/definitions_api.ipynb)

**Note: Again this can only be done once per issuer, per schema_id.**

In [5]:
response = await agent_controller.definitions.write_cred_def(schema_id)

cred_def_id = response["credential_definition_id"]
print(cred_def_id)

PQRXDxdGqQGSZ8z69p4xZP:3:CL:10:default


**Note: You should be able to see both schema and definition transactions on the local network [here](http://localhost:9000)**

## 6. Populate the Attribues to Issue to Bob

The schema defines two attributes: name and skill. Both must be populated with attribute values that Alice wishes to issue in a credential to Bob. To do this a list of objects must be created, each object containing the name of the attribute and it's value at a minimum. You can set the values to anything you wish.

TODO: Some additional fields such as mime-type can be defined.

In [6]:
credential_attributes = [
    {"name": "name", "value": "Bob"},
    {"name": "skill", "value": "researcher"},
    {"name": "age", "value": "21"}
]
print(credential_attributes)

[{'name': 'name', 'value': 'Bob'}, {'name': 'skill', 'value': 'researcher'}, {'name': 'age', 'value': '21'}]


## 7. Continue to the [Holder Notebook](http://localhost:8889/notebooks/holder.ipynb)

It works best if this notebook is already initialised and has listeners registered.


## 9. Send Credential

This sends a credential to a holder (Bob), and automates the rest of the protocol.

There are other ways to issue a credential that require multiple api calls.

**Arguments**
* connection_id: The connection_id of the holder you wish to issue to (MUST be in active state)
* schema_id: The id of the schema you wish to issue
* cred_def_id: The definition (public key) to sign the credential object. This must refer to the schema_id and be written to the ledger by the same public did that is currently being used by the agent.
* attributes: A list of attribute objects as defined above. Must match the schema attributes.
* comment (optional): Any string, defaults to ""
* auto_remove (optional): Boolean, defaults to True. I believe this removes the record of this credential once it has been issued. (TODO: double check)
* trace (optional): Boolean, defaults to False. **Not entirely sure about this one, believe its for logging. Also when set to True it throws an error**

In [7]:
record = await agent_controller.issuer.send_credential(connection_id, schema_id, cred_def_id, credential_attributes, trace=False)
record_id = record['credential_exchange_id']
state = record['state']
role = record['role']
print(f"Credential exchange {record_id}, role: {role}, state: {state}")


{'issuer_did': 'PQRXDxdGqQGSZ8z69p4xZP', 'auto_remove': True, 'credential_proposal': {'@type': 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview', 'attributes': [{'name': 'name', 'value': 'Bob'}, {'name': 'skill', 'value': 'researcher'}, {'name': 'age', 'value': '21'}]}, 'connection_id': '4a3bfb5d-483c-4ba3-b7f8-3755d09a3fb9', 'trace': False, 'comment': '', 'cred_def_id': 'PQRXDxdGqQGSZ8z69p4xZP:3:CL:10:default', 'schema_id': 'PQRXDxdGqQGSZ8z69p4xZP:2:open_mined_contributor:0.0.1', 'schema_name': 'open_mined_contributor', 'schema_version': '0.0.1', 'schema_issuer_did': 'PQRXDxdGqQGSZ8z69p4xZP'}
Credential exchange 1a7aca80-0d1b-4232-9888-1f270a9f3886, role: issuer, state: offer_sent
Handle Credentials
Credential exchange 1a7aca80-0d1b-4232-9888-1f270a9f3886, role: issuer, state: offer_sent
Being offered: [{'name': 'name', 'value': 'Bob'}, {'name': 'skill', 'value': 'researcher'}, {'name': 'age', 'value': '21'}]
Handle Credentials
Credential exchange 1a7aca80-

## 10. Continue on Holder Notebook



## Misc Api Calls (Optional)

## Get Credential Exchange Records

The state of the protocol is stored in an object called a Credential Exchange. These can be retrieved from the agent either individually by ID or the full list.

Each record has a state, representing the stage of the protocol the record is at and a role. Either issuer or holder.

In [10]:
response = await agent_controller.issuer.get_records()
print(response['results'])

[{'auto_offer': False, 'schema_id': 'PQRXDxdGqQGSZ8z69p4xZP:2:open_mined_contributor:0.0.1', 'credential_definition_id': 'PQRXDxdGqQGSZ8z69p4xZP:3:CL:11:default', 'credential_offer_dict': {'@type': 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/offer-credential', '@id': '70f3281b-cfec-4a14-9bea-303f0cf4c73a', '~thread': {}, 'credential_preview': {'@type': 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview', 'attributes': [{'name': 'name', 'value': 'Bob'}, {'name': 'skill', 'value': 'researcher'}]}, 'comment': 'create automated credential exchange', 'offers~attach': [{'@id': 'libindy-cred-offer-0', 'mime-type': 'application/json', 'data': {'base64': 'eyJzY2hlbWFfaWQiOiAiUFFSWER4ZEdxUUdTWjh6NjlwNHhaUDoyOm9wZW5fbWluZWRfY29udHJpYnV0b3I6MC4wLjEiLCAiY3JlZF9kZWZfaWQiOiAiUFFSWER4ZEdxUUdTWjh6NjlwNHhaUDozOkNMOjExOmRlZmF1bHQiLCAia2V5X2NvcnJlY3RuZXNzX3Byb29mIjogeyJjIjogIjEwNDc1MjQ3MzE2Mjc1NjM1NTY5NzQyMzE3MTAzMDg4OTEwMDU4NDMxNjYyMzMwNTk3MTM1NjE1Nzc3NDQxMDI5OTU2M

In [11]:
cred_record = await agent_controller.issuer.get_record_by_id(record_id)
state = cred_record['state']
role = cred_record['role']
print(f"Credential exchange {record_id}, role: {role}, state: {state}")

Credential exchange 238edf23-b161-4611-b6fc-b155962691ff, role: issuer, state: offer_sent
Handle Credentials
Credential exchange 238edf23-b161-4611-b6fc-b155962691ff, role: issuer, state: request_received
Being offered: [{'name': 'name', 'value': 'Bob'}, {'name': 'skill', 'value': 'researcher'}]
Handle Credentials
Credential exchange 238edf23-b161-4611-b6fc-b155962691ff, role: issuer, state: credential_issued
Being offered: [{'name': 'name', 'value': 'Bob'}, {'name': 'skill', 'value': 'researcher'}]
Handle Credentials
Credential exchange 238edf23-b161-4611-b6fc-b155962691ff, role: issuer, state: credential_acked
Being offered: [{'name': 'name', 'value': 'Bob'}, {'name': 'skill', 'value': 'researcher'}]


## Remove Credential Exchange

It is possible to remove stored credential exchanges from an agent. Typically when you are not interested in the credential being offered, or the credential offer that you have sent has become stale (been ignored?). 

**Note: For some usecases keeping these exchange records may be very important. E.g. For audit purposes.**

In [15]:
response = await agent_controller.issuer.remove_record(record_id)
print(response)

ClientResponseError: 404, message='Not Found', url=URL('http://alice-agent:8021/issue-credential/records/22b59951-89c0-40d5-9d96-fa31093b2d25/remove')

ERROR:asyncio:Task exception was never retrieved
future: <Task finished coro=<run_in_terminal.<locals>.run() done, defined at /opt/conda/lib/python3.7/site-packages/prompt_toolkit/application/run_in_terminal.py:50> exception=UnsupportedOperation('fileno')>
Traceback (most recent call last):
  File "/opt/conda/lib/python3.7/site-packages/prompt_toolkit/application/run_in_terminal.py", line 55, in run
    return func()
  File "/workspace/aries_basic_controller/utils.py", line 120, in <lambda>
    run_in_terminal(lambda: print_ext(*msg, color=color, **kwargs))
  File "/workspace/aries_basic_controller/utils.py", line 103, in print_ext
    print_formatted(FormattedText(msg), **kwargs)
  File "/workspace/aries_basic_controller/utils.py", line 83, in print_formatted
    prompt_toolkit.print_formatted_text(*args, **kwargs)
  File "/opt/conda/lib/python3.7/site-packages/prompt_toolkit/shortcuts/utils.py", line 112, in print_formatted_text
    output = get_app_session().output
  File "/opt/cond

In [26]:
response = await agent_controller.issuer.get_records()
print(response)

{'results': [{'connection_id': 'ac53ec32-0c36-4202-a6b0-cbdff9b37ed1', 'credential_exchange_id': 'd318bc42-3bf8-4bdd-997f-3ec37b156ee4', 'schema_id': 'PQRXDxdGqQGSZ8z69p4xZP:2:open_mined_contributor:0.0.1', 'auto_offer': False, 'auto_remove': True, 'auto_issue': True, 'credential_offer': {'schema_id': 'PQRXDxdGqQGSZ8z69p4xZP:2:open_mined_contributor:0.0.1', 'cred_def_id': 'PQRXDxdGqQGSZ8z69p4xZP:3:CL:10:default', 'key_correctness_proof': {'c': '79170176153350620028549950016135935654313248003471236926302455974413396051344', 'xz_cap': '1396235375325619727338321551222113480244211052014874840937160204552798576435859880925148151476722993078399547575807537695585488790036145257604049598327982178818544291205088081644473046348076996514883811028715602948870034170217016503327494499905844178648936888458598945201615966125928353232341132412886093303135418353600987329915719417804180125576821370613932982083996648803277155780075871308305170575550955969658720299874424052627072600097890088914615943336991

### TODO: Document the api calls not used. 

* Send_offer
* send_offer_for_record
* issue_credential - If rather than send_credential the notebook used send_offer then the entity controlling the agent (you with this notebook and agent_controller api) would have to explicitly issue the credential to once Bob requested it. With send_credential this part is automated.

## End of Tutorial

Be sure to terminate the controller so you can run another tutorial.

There are a few api calls not covered in this tutorial so far. Mostly around credential revocation.

In [9]:
response = await agent_controller.terminate()
print(response)

RuntimeError: Site <aiohttp.web_runner.TCPSite object at 0x7f96801e81d0> is not registered in runner <aiohttp.web_runner.AppRunner object at 0x7f9678020b30>