# Part 1 - Exploring Sub Wallet Management

This agent has been initialised using the multitenant flag. This means a single ACA-Py instance can be used to manage multiple subwallets. Each tenant gets their own encrypted data storage for managing their own connections, credentials and interactions etc. 

A mutli-tenant ACA-Py instance contains a base wallet that is only capable of managing the creation and deletion of subwallets. Subwallets then must authenticate to the ACA-Py agent using a JWT Token generated when the subwallet is created. A tenant agent can do all funcationality of a standard ACA-Py instance.

### Useful links

* [What is mult-tenancy](https://whatis.techtarget.com/definition/multi-tenancy)
* [ACA-Py mult-tenant documentation](https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md)



### Tutorial Structure

1. Create a subwallet for Alice (this notebook)
2. Authenticate as Alice using the tenant_jwt and configure a mediator
3. Issue Alice a Credential from an External Agent
4. Alice Issues a Credential to the External Agent

### Initialise the multitenant agent controller

In [1]:
%autoawait
import time
import asyncio
import pprint

from aries_basic_controller.aries_controller import AriesAgentController
    
# Create a small utility to print json formatted outout more human-readable    
pp = pprint.PrettyPrinter(indent=4)
    
WEBHOOK_HOST = "0.0.0.0"
WEBHOOK_BASE = ""

WEBHOOK_PORT = 8022
ADMIN_URL = "http://multitenant-agent:8021"

IPython autoawait is `on`, and set to use `asyncio`


In [2]:
# Based on the aca-py agent you wish to control
agent_controller = AriesAgentController(webhook_host=WEBHOOK_HOST, webhook_port=WEBHOOK_PORT,
                                       webhook_base=WEBHOOK_BASE, admin_url=ADMIN_URL, is_multitenant=True, api_key="password")

In [3]:
await agent_controller.webhook_listener.listen_webhooks()

### Check for subwallets on the agent

This should yield an empty result, but not error. That means we successfully asked the base wallet of the multitenant agent about subwallets it has stored. ACA-Py instances not in the multitenant configuration will not have access to this API.

In [4]:
response = await agent_controller.multitenant.query_subwallets()
pp.pprint(response)


{'results': []}


### Let's create a subwallet for Alice

Below is an example payload to achieve this. These properties should be fairly familiar to you if you have been through the other tutorials and looked in the manage file before.

A key different is the `key_management_mode` which is this case is set to `managed`. The base wallet, is managing the keys of Alice's agent. Alice is dependent on them to do this trustworthily

In [5]:
## First let's create the payload

payload = {
  "image_url": "https://aries.ca/images/sample.png",
  "key_management_mode": "managed",
  "label": "Alice",
  "wallet_dispatch_type": "default",
  "wallet_key": "MySecretKey1234",
  "wallet_name": "AlicesWallet",
  "wallet_type": "indy",
}

In [6]:
## Now, we create the wallet on the agent 
response_alice = await agent_controller.multitenant.create_subwallet(payload)
pp.pprint(response_alice)

{   'created_at': '2021-03-31 17:26:32.709404Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Alice',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'base',
                    'wallet.id': 'd302b327-505d-4c64-b57e-9beb4485ed44',
                    'wallet.name': 'AlicesWallet',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': []},
    'token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiJkMzAyYjMyNy01MDVkLTRjNjQtYjU3ZS05YmViNDQ4NWVkNDQifQ.OizgQFyZeS43sqtRbfOoujaOuoMz6O2acGKwSCN8DRA',
    'updated_at': '2021-03-31 17:26:32.709404Z',
    'wallet_id': 'd302b327-505d-4c64-b57e-9beb4485ed44'}


### Let's create another wallet for Joe

Note, that here we have changed the `label` and the `wallet_name` values. The `wallet_name` has to be unique. If you were to try and create another subwallet with the same wallet name, you would receive an error, because wallet names are unique identifiers.

In [7]:
## First let's create the payload

payload = {
  "image_url": "https://aries.ca/images/sample.png",
  "key_management_mode": "managed",
  "label": "Joe",
  "wallet_dispatch_type": "default",
  "wallet_key": "MySecretKey123",
  "wallet_name": "JoesWallet2",
  "wallet_type": "indy",
}

In [8]:
## Now, we create the wallet on the agent 

response_joe = await agent_controller.multitenant.create_subwallet(payload)
pp.pprint(response_joe)

{   'created_at': '2021-03-31 17:26:47.866105Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Joe',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'base',
                    'wallet.id': '6d17e1ff-411b-4904-9e19-0b7a9c6aad1e',
                    'wallet.name': 'JoesWallet2',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': []},
    'token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI2ZDE3ZTFmZi00MTFiLTQ5MDQtOWUxOS0wYjdhOWM2YWFkMWUifQ.vokNw7ggw38K2Gl8Roh18B4tq6EFzNdXN8EcDxy3WKc',
    'updated_at': '2021-03-31 17:26:47.866105Z',
    'wallet_id': '6d17e1ff-411b-4904-9e19-0b7a9c6aad1e'}


### Extract the wallet ID

The wallet id is a unique identifier created by the ACA-Py instance to identify a particular tenant wallet instance. The base wallet controller can use this when interacting with subwallets through the multitenant API.

In [9]:
wallet_id_alice = response_alice['wallet_id']
wallet_id_joe = response_joe['wallet_id']

print("Alice's ID: " + wallet_id_alice)
print("Joe's ID: "  + wallet_id_joe)

Alice's ID: d302b327-505d-4c64-b57e-9beb4485ed44
Joe's ID: 6d17e1ff-411b-4904-9e19-0b7a9c6aad1e



### Update a single subwallet

Let's update Joe's wallet label to Joeseph via the controller

In [10]:
request_body = {
  "wallet_webhook_urls": [
    f"http://multitenant-notebook:8022/{wallet_id_alice}"
  ]
}

response = await agent_controller.multitenant.update_subwallet_by_id(request_body, wallet_id_alice)
pp.pprint(response)

{   'created_at': '2021-03-31 17:26:32.709404Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Alice',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'default',
                    'wallet.id': 'd302b327-505d-4c64-b57e-9beb4485ed44',
                    'wallet.name': 'AlicesWallet',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': [   'http://multitenant-notebook:8022/d302b327-505d-4c64-b57e-9beb4485ed44']},
    'updated_at': '2021-03-31 17:27:12.482239Z',
    'wallet_id': 'd302b327-505d-4c64-b57e-9beb4485ed44'}


In [11]:
request_body = {
  "wallet_webhook_urls": [
    f"http://multitenant-notebook:8022/{wallet_id_joe}"
  ]
}

response = await agent_controller.multitenant.update_subwallet_by_id(request_body, wallet_id_joe)
pp.pprint(response)

{   'created_at': '2021-03-31 17:26:47.866105Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Joe',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'default',
                    'wallet.id': '6d17e1ff-411b-4904-9e19-0b7a9c6aad1e',
                    'wallet.name': 'JoesWallet2',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': [   'http://multitenant-notebook:8022/6d17e1ff-411b-4904-9e19-0b7a9c6aad1e']},
    'updated_at': '2021-03-31 17:27:15.433296Z',
    'wallet_id': '6d17e1ff-411b-4904-9e19-0b7a9c6aad1e'}


In [12]:
response_all_wallets = await agent_controller.multitenant.query_subwallets()
# response_single_wallet = await agent_controller.multitenant.get_single_subwallet_by_id(wallet_id)

# print(response_single_wallet)
pp.pprint(response_all_wallets)

{   'results': [   {   'created_at': '2021-03-31 17:26:32.709404Z',
                       'key_management_mode': 'managed',
                       'settings': {   'default_label': 'Alice',
                                       'image_url': 'https://aries.ca/images/sample.png',
                                       'wallet.dispatch_type': 'default',
                                       'wallet.id': 'd302b327-505d-4c64-b57e-9beb4485ed44',
                                       'wallet.name': 'AlicesWallet',
                                       'wallet.type': 'indy',
                                       'wallet.webhook_urls': [   'http://multitenant-notebook:8022/d302b327-505d-4c64-b57e-9beb4485ed44']},
                       'updated_at': '2021-03-31 17:27:12.482239Z',
                       'wallet_id': 'd302b327-505d-4c64-b57e-9beb4485ed44'},
                   {   'created_at': '2021-03-31 17:26:47.866105Z',
                       'key_management_mode': 'managed',
           

### Get the auth token for a  subwallet

Subwallets have unique authentication tokens that can be obtained via the controller

In [13]:
response_alice = await agent_controller.multitenant.get_subwallet_authtoken_by_id(wallet_id_alice)
response_joe = await agent_controller.multitenant.get_subwallet_authtoken_by_id(wallet_id_joe)

{   'token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiJkMzAyYjMyNy01MDVkLTRjNjQtYjU3ZS05YmViNDQ4NWVkNDQifQ.OizgQFyZeS43sqtRbfOoujaOuoMz6O2acGKwSCN8DRA'}


## Store Alice's JWT for use in later tutorials

The % is a magic method to store variables from a notebook to the jupyter runtime

In [14]:
alice_jwt = response_alice["token"]
joe_jwt = response_joe["token"]

print("Alice JWT", alice_jwt)
print("Joe JWT", joe_jwt)

Alice JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiJkMzAyYjMyNy01MDVkLTRjNjQtYjU3ZS05YmViNDQ4NWVkNDQifQ.OizgQFyZeS43sqtRbfOoujaOuoMz6O2acGKwSCN8DRA
Joe JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI2ZDE3ZTFmZi00MTFiLTQ5MDQtOWUxOS0wYjdhOWM2YWFkMWUifQ.vokNw7ggw38K2Gl8Roh18B4tq6EFzNdXN8EcDxy3WKc


In [24]:
%store alice_jwt
%store wallet_id_alice

Stored 'alice_jwt' (str)
Stored 'wallet_id_alice' (str)


In [15]:
# Based on the aca-py agent you wish to control
alice_agent_controller = AriesAgentController(webhook_host=WEBHOOK_HOST, webhook_port=WEBHOOK_PORT,
                                       webhook_base=WEBHOOK_BASE, admin_url=ADMIN_URL, is_multitenant=True, wallet_id=wallet_id_alice, tenant_jwt=alice_jwt)

In [16]:
joe_agent_controller = AriesAgentController(webhook_host=WEBHOOK_HOST, webhook_port=WEBHOOK_PORT,
                                       webhook_base=WEBHOOK_BASE, admin_url=ADMIN_URL, is_multitenant=True, wallet_id=wallet_id_joe, tenant_jwt=joe_jwt)

In [17]:
def connection_handler(payload):
    print("Alices Connection Handler Called")
    connection_id = payload["connection_id"]
    state = payload["state"]
    print(f"Connection {connection_id} in State {state}")
    
connection_listener = {
    "handler": connection_handler,
    "topic": "connections"
}

def messages_handler(payload):
    print("Alices Recieved a Message")
    connection_id = payload["connection_id"]

    print("Handle message", payload, connection_id)
    
message_listener = {
    "handler": messages_handler,
    "topic": "basicmessages"
}

alice_agent_controller.register_listeners([message_listener,connection_listener], defaults=True)

Subscribing too: d302b327-505d-4c64-b57e-9beb4485ed44.basicmessages
Subscribing too: d302b327-505d-4c64-b57e-9beb4485ed44.connections


In [18]:
def joe_connection_handler(payload):
    print("Joes Connection Handler Called")
    connection_id = payload["connection_id"]
    state = payload["state"]
    print(f"Connection {connection_id} in State {state}")
    
joe_connection_listener = {
    "handler": joe_connection_handler,
    "topic": "connections"
}

def joe_messages_handler(payload):
    connection_id = payload["connection_id"]
    asyncio.get_event_loop().create_task(joe_agent_controller.messaging.send_message(connection_id, "This is a response from Joe"))
    print("Handling Joes message", payload, connection_id)


joe_message_listener = {
    "handler": joe_messages_handler,
    "topic": "basicmessages"
}


joe_agent_controller.register_listeners([joe_message_listener,joe_connection_listener], defaults=True)

Subscribing too: 6d17e1ff-411b-4904-9e19-0b7a9c6aad1e.basicmessages
Subscribing too: 6d17e1ff-411b-4904-9e19-0b7a9c6aad1e.connections


In [21]:
response = await alice_agent_controller.connections.create_invitation()
print(response["invitation"])
joe_connection_id = response["connection_id"]

joes_invitation = response["invitation"]

{'@type': 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation', '@id': 'aaa15cb4-242c-4c1c-862d-2bc214585672', 'label': 'Alice', 'imageUrl': 'https://aries.ca/images/sample.png', 'recipientKeys': ['EeRTr2425Yh7M9nx2XzjR1TcfWUb5CJvSSEBhhc6HA1F'], 'serviceEndpoint': 'https://0ce6a8196606.ngrok.io'}
wallet d302b327-505d-4c64-b57e-9beb4485ed44
Handle Webhook - d302b327-505d-4c64-b57e-9beb4485ed44.connections {'invitation_key': 'EeRTr2425Yh7M9nx2XzjR1TcfWUb5CJvSSEBhhc6HA1F', 'accept': 'auto', 'connection_id': '2bde2e12-783e-4684-a0ea-3ee58b55c4ce', 'rfc23_state': 'invitation-sent', 'state': 'invitation', 'invitation_mode': 'once', 'created_at': '2021-03-31 17:32:36.060498Z', 'updated_at': '2021-03-31 17:32:36.060498Z', 'routing_state': 'none', 'their_role': 'invitee'}
Alices Connection Handler Called
Connection 2bde2e12-783e-4684-a0ea-3ee58b55c4ce in State invitation


In [22]:
response = await joe_agent_controller.connections.accept_connection(joes_invitation)

wallet 6d17e1ff-411b-4904-9e19-0b7a9c6aad1e
Handle Webhook - 6d17e1ff-411b-4904-9e19-0b7a9c6aad1e.connections {'invitation_key': 'EeRTr2425Yh7M9nx2XzjR1TcfWUb5CJvSSEBhhc6HA1F', 'accept': 'manual', 'connection_id': '664ac6cf-1902-453d-84f1-e4eb94288844', 'their_label': 'Alice', 'rfc23_state': 'invitation-received', 'state': 'invitation', 'invitation_mode': 'once', 'created_at': '2021-03-31 17:32:41.527965Z', 'updated_at': '2021-03-31 17:32:41.527965Z', 'routing_state': 'none', 'their_role': 'inviter'}
Joes Connection Handler Called
Connection 664ac6cf-1902-453d-84f1-e4eb94288844 in State invitation
wallet 6d17e1ff-411b-4904-9e19-0b7a9c6aad1e
Handle Webhook - 6d17e1ff-411b-4904-9e19-0b7a9c6aad1e.connections {'invitation_key': 'EeRTr2425Yh7M9nx2XzjR1TcfWUb5CJvSSEBhhc6HA1F', 'accept': 'manual', 'connection_id': '664ac6cf-1902-453d-84f1-e4eb94288844', 'request_id': '97900901-e4dc-43c8-bcd9-5c81ac4e9812', 'their_label': 'Alice', 'rfc23_state': 'request-sent', 'state': 'request', 'invitation_

In [23]:
await alice_agent_controller.messaging.send_message(joe_connection_id, "Hey Joe, it's Alice here")

{}

wallet 6d17e1ff-411b-4904-9e19-0b7a9c6aad1e
Handle Webhook - 6d17e1ff-411b-4904-9e19-0b7a9c6aad1e.basicmessages {'connection_id': '664ac6cf-1902-453d-84f1-e4eb94288844', 'message_id': 'a7fbf298-cda7-4ff2-9128-7d56041e54b4', 'content': "Hey Joe, it's Alice here", 'state': 'received'}
Handling Joes message {'connection_id': '664ac6cf-1902-453d-84f1-e4eb94288844', 'message_id': 'a7fbf298-cda7-4ff2-9128-7d56041e54b4', 'content': "Hey Joe, it's Alice here", 'state': 'received'} 664ac6cf-1902-453d-84f1-e4eb94288844
wallet d302b327-505d-4c64-b57e-9beb4485ed44
Handle Webhook - d302b327-505d-4c64-b57e-9beb4485ed44.basicmessages {'connection_id': '2bde2e12-783e-4684-a0ea-3ee58b55c4ce', 'message_id': '852d7e8c-138d-4119-8283-cd5736f0e3ed', 'content': 'This is a response from Joe', 'state': 'received'}
Alices Recieved a Message
Handle message {'connection_id': '2bde2e12-783e-4684-a0ea-3ee58b55c4ce', 'message_id': '852d7e8c-138d-4119-8283-cd5736f0e3ed', 'content': 'This is a response from Joe', 'st

### Remove the subwallet from the agent 

We can easily use the controller to remove the subwallets. Note that Joe has no immediate control over the decision of the base wallet controller to remove their wallet. Again Joe trusts the Base controller of the multitenant agent to manage his wallet in good faith, or in line with some contractual agreement etc.

Let's go ahead and remove Joe's wallets from the base wallet.

In [25]:
response_joe = await agent_controller.multitenant.remove_subwallet_by_id(wallet_id_joe)

pp.pprint(response_joe)

{}


### Check Joe's wallet has been removed

This should now give a result only containing Alice's wallet

In [26]:
response_all_wallets = await agent_controller.multitenant.query_subwallets()
# response_single_wallet = await agent_controller.multitenant.get_single_subwallet_by_id(wallet_id)

# print(response_single_wallet)
pp.pprint(response_all_wallets)

{   'results': [   {   'created_at': '2021-03-31 17:26:32.709404Z',
                       'key_management_mode': 'managed',
                       'settings': {   'default_label': 'Alice',
                                       'image_url': 'https://aries.ca/images/sample.png',
                                       'wallet.dispatch_type': 'default',
                                       'wallet.id': 'd302b327-505d-4c64-b57e-9beb4485ed44',
                                       'wallet.name': 'AlicesWallet',
                                       'wallet.type': 'indy',
                                       'wallet.webhook_urls': [   'http://multitenant-notebook:8022/d302b327-505d-4c64-b57e-9beb4485ed44']},
                       'updated_at': '2021-03-31 17:27:12.482239Z',
                       'wallet_id': 'd302b327-505d-4c64-b57e-9beb4485ed44'}]}


### Terminate the controller

Let's alos terminate the controller.

In [28]:
response = await agent_controller.webhook_listener.terminate()
print(response)



Terminating webhooks listener failed! AttributeError("'AriesWebhookListener' object has no attribute 'client_session'") occurred.
None


### Continue to [Part 2](http://localhost:8888/lab/tree/Alice/Part%202%20-%20Mediation%20of%20communication%20-%20Alice.ipynb) where you will learn how to interact with the ACA-Py instance as Alice