# Part 1 - Exploring Sub Wallet Management

This agent has been initialised using the multitenant flag. This means a single ACA-Py instance can be used to manage multiple subwallets. Each tenant gets their own encrypted data storage for managing their own connections, credentials and interactions etc. 

A mutli-tenant ACA-Py instance contains a base wallet that is only capable of managing the creation and deletion of subwallets. Subwallets then must authenticate to the ACA-Py agent using a JWT Token generated when the subwallet is created. A tenant agent can do all funcationality of a standard ACA-Py instance.

### Useful links

* [What is mult-tenancy](https://whatis.techtarget.com/definition/multi-tenancy)
* [ACA-Py mult-tenant documentation](https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md)



### Tutorial Structure

1. Create a subwallet for Alice (this notebook)
2. Authenticate as Alice using the tenant_jwt and configure a mediator
3. Issue Alice a Credential from an External Agent
4. Alice Issues a Credential to the External Agent

### Initialise the multitenant agent controller

In [1]:
%autoawait
import time
import asyncio
import pprint

from aries_basic_controller.aries_controller import AriesAgentController
    
# Create a small utility to print json formatted outout more human-readable    
pp = pprint.PrettyPrinter(indent=4)
    
WEBHOOK_HOST = "0.0.0.0"
WEBHOOK_BASE = ""

WEBHOOK_PORT = 8022
ADMIN_URL = "http://multitenant-agent:8021"

IPython autoawait is `on`, and set to use `asyncio`


In [2]:
from aries_basic_controller.aries_multitenant_controller import AriesMultitenantController


In [3]:
# Based on the aca-py agent you wish to control
agent_controller = AriesAgentController(webhook_host=WEBHOOK_HOST, webhook_port=WEBHOOK_PORT,
                                       webhook_base=WEBHOOK_BASE, admin_url=ADMIN_URL, is_multitenant=True, api_key="password")

In [4]:
await agent_controller.webhook_listener.listen_webhooks()

### Check for subwallets on the agent

This should yield an empty result, but not error. That means we successfully asked the base wallet of the multitenant agent about subwallets it has stored. ACA-Py instances not in the multitenant configuration will not have access to this API.

In [7]:
subwallets = await agent_controller.multitenant.query_subwallets()
pp.pprint(subwallets)


{   'results': [   {   'created_at': '2021-04-01 13:45:25.609821Z',
                       'key_management_mode': 'managed',
                       'settings': {   'default_label': 'Alice',
                                       'image_url': 'https://aries.ca/images/sample.png',
                                       'wallet.dispatch_type': 'default',
                                       'wallet.id': 'f99bc8ad-50ce-4f39-ae5b-c716867d3d12',
                                       'wallet.name': 'AlicesWallet',
                                       'wallet.type': 'indy',
                                       'wallet.webhook_urls': [   'http://multitenant-notebook:8022/f99bc8ad-50ce-4f39-ae5b-c716867d3d12']},
                       'updated_at': '2021-04-01 13:45:32.232507Z',
                       'wallet_id': 'f99bc8ad-50ce-4f39-ae5b-c716867d3d12'},
                   {   'created_at': '2021-04-01 13:45:28.128625Z',
                       'key_management_mode': 'managed',
           

In [8]:
await agent_controller.multitenant.remove_subwallet_by_id(subwallets['results'][0]['settings']['wallet.id'])
await agent_controller.multitenant.remove_subwallet_by_id(subwallets['results'][1]['settings']['wallet.id'])

{}

### Let's create a subwallet for Alice

Below is an example payload to achieve this. These properties should be fairly familiar to you if you have been through the other tutorials and looked in the manage file before.

A key different is the `key_management_mode` which is this case is set to `managed`. The base wallet, is managing the keys of Alice's agent. Alice is dependent on them to do this trustworthily

In [9]:
## First let's create the payload

payload = {
  "image_url": "https://aries.ca/images/sample.png",
  "key_management_mode": "managed",
  "label": "Alice",
  "wallet_dispatch_type": "default",
  "wallet_key": "MySecretKey1234",
  "wallet_name": "AlicesWallet",
  "wallet_type": "indy",
}

In [10]:
## Now, we create the wallet on the agent 
response_alice = await agent_controller.multitenant.create_subwallet(payload)
pp.pprint(response_alice)

{   'created_at': '2021-04-01 13:49:50.404193Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Alice',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'base',
                    'wallet.id': '1683fbcd-772a-46a9-ad74-79fa524ae3f9',
                    'wallet.name': 'AlicesWallet',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': []},
    'token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiIxNjgzZmJjZC03NzJhLTQ2YTktYWQ3NC03OWZhNTI0YWUzZjkifQ.vdkrVn_Xc15Dy8J7bC-dhWlku8WhuC3K8sj2XzK5EhM',
    'updated_at': '2021-04-01 13:49:50.404193Z',
    'wallet_id': '1683fbcd-772a-46a9-ad74-79fa524ae3f9'}


### Let's create another wallet for Joe

Note, that here we have changed the `label` and the `wallet_name` values. The `wallet_name` has to be unique. If you were to try and create another subwallet with the same wallet name, you would receive an error, because wallet names are unique identifiers.

In [11]:
## First let's create the payload

payload = {
  "image_url": "https://aries.ca/images/sample.png",
  "key_management_mode": "managed",
  "label": "Joe",
  "wallet_dispatch_type": "default",
  "wallet_key": "MySecretKey123",
  "wallet_name": "JoesWallet2",
  "wallet_type": "indy",
}

In [12]:
## Now, we create the wallet on the agent 

response_joe = await agent_controller.multitenant.create_subwallet(payload)
pp.pprint(response_joe)

{   'created_at': '2021-04-01 13:49:52.287039Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Joe',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'base',
                    'wallet.id': '43d3e30d-b50f-4fee-87c1-d08fa10b5723',
                    'wallet.name': 'JoesWallet2',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': []},
    'token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI0M2QzZTMwZC1iNTBmLTRmZWUtODdjMS1kMDhmYTEwYjU3MjMifQ._yjEHAlwSLp5efzldy4hf62iUzbbluoAUT9ICG336XY',
    'updated_at': '2021-04-01 13:49:52.287039Z',
    'wallet_id': '43d3e30d-b50f-4fee-87c1-d08fa10b5723'}


### Extract the wallet ID

The wallet id is a unique identifier created by the ACA-Py instance to identify a particular tenant wallet instance. The base wallet controller can use this when interacting with subwallets through the multitenant API.

In [13]:
wallet_id_alice = response_alice['wallet_id']
wallet_id_joe = response_joe['wallet_id']

print("Alice's ID: " + wallet_id_alice)
print("Joe's ID: "  + wallet_id_joe)

Alice's ID: 1683fbcd-772a-46a9-ad74-79fa524ae3f9
Joe's ID: 43d3e30d-b50f-4fee-87c1-d08fa10b5723



### Update a single subwallet

Let's update Joe's wallet label to Joeseph via the controller

In [14]:
request_body = {
  "wallet_webhook_urls": [
    f"http://multitenant-notebook:8022/{wallet_id_alice}"
  ]
}

response = await agent_controller.multitenant.update_subwallet_by_id(request_body, wallet_id_alice)
pp.pprint(response)

{   'created_at': '2021-04-01 13:49:50.404193Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Alice',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'default',
                    'wallet.id': '1683fbcd-772a-46a9-ad74-79fa524ae3f9',
                    'wallet.name': 'AlicesWallet',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': [   'http://multitenant-notebook:8022/1683fbcd-772a-46a9-ad74-79fa524ae3f9']},
    'updated_at': '2021-04-01 13:49:54.202658Z',
    'wallet_id': '1683fbcd-772a-46a9-ad74-79fa524ae3f9'}


In [15]:
request_body = {
  "wallet_webhook_urls": [
    f"http://multitenant-notebook:8022/{wallet_id_joe}"
  ]
}

response = await agent_controller.multitenant.update_subwallet_by_id(request_body, wallet_id_joe)
pp.pprint(response)

{   'created_at': '2021-04-01 13:49:52.287039Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Joe',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'default',
                    'wallet.id': '43d3e30d-b50f-4fee-87c1-d08fa10b5723',
                    'wallet.name': 'JoesWallet2',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': [   'http://multitenant-notebook:8022/43d3e30d-b50f-4fee-87c1-d08fa10b5723']},
    'updated_at': '2021-04-01 13:49:54.243445Z',
    'wallet_id': '43d3e30d-b50f-4fee-87c1-d08fa10b5723'}


In [16]:
response_all_wallets = await agent_controller.multitenant.query_subwallets()
# response_single_wallet = await agent_controller.multitenant.get_single_subwallet_by_id(wallet_id)

# print(response_single_wallet)
pp.pprint(response_all_wallets)

{   'results': [   {   'created_at': '2021-04-01 13:49:50.404193Z',
                       'key_management_mode': 'managed',
                       'settings': {   'default_label': 'Alice',
                                       'image_url': 'https://aries.ca/images/sample.png',
                                       'wallet.dispatch_type': 'default',
                                       'wallet.id': '1683fbcd-772a-46a9-ad74-79fa524ae3f9',
                                       'wallet.name': 'AlicesWallet',
                                       'wallet.type': 'indy',
                                       'wallet.webhook_urls': [   'http://multitenant-notebook:8022/1683fbcd-772a-46a9-ad74-79fa524ae3f9']},
                       'updated_at': '2021-04-01 13:49:54.202658Z',
                       'wallet_id': '1683fbcd-772a-46a9-ad74-79fa524ae3f9'},
                   {   'created_at': '2021-04-01 13:49:52.287039Z',
                       'key_management_mode': 'managed',
           

### Get the auth token for a  subwallet

Subwallets have unique authentication tokens that can be obtained via the controller

In [17]:
response_alice = await agent_controller.multitenant.get_subwallet_authtoken_by_id(wallet_id_alice)
response_joe = await agent_controller.multitenant.get_subwallet_authtoken_by_id(wallet_id_joe)

## Store Alice's JWT for use in later tutorials

The % is a magic method to store variables from a notebook to the jupyter runtime

In [18]:
alice_jwt = response_alice["token"]
joe_jwt = response_joe["token"]

print("Alice JWT", alice_jwt)
print("Joe JWT", joe_jwt)

Alice JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiIxNjgzZmJjZC03NzJhLTQ2YTktYWQ3NC03OWZhNTI0YWUzZjkifQ.vdkrVn_Xc15Dy8J7bC-dhWlku8WhuC3K8sj2XzK5EhM
Joe JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI0M2QzZTMwZC1iNTBmLTRmZWUtODdjMS1kMDhmYTEwYjU3MjMifQ._yjEHAlwSLp5efzldy4hf62iUzbbluoAUT9ICG336XY


In [19]:
%store alice_jwt
%store wallet_id_alice

Stored 'alice_jwt' (str)
Stored 'wallet_id_alice' (str)


In [20]:
# Based on the aca-py agent you wish to control
alice_agent_controller = AriesMultitenantController(webhook_host=WEBHOOK_HOST, webhook_port=WEBHOOK_PORT,
                                       webhook_base=WEBHOOK_BASE, admin_url=ADMIN_URL, is_multitenant=True, wallet_id=wallet_id_alice, tenant_jwt=alice_jwt)

In [21]:
joe_agent_controller = AriesMultitenantController(webhook_host=WEBHOOK_HOST, webhook_port=WEBHOOK_PORT,
                                       webhook_base=WEBHOOK_BASE, admin_url=ADMIN_URL, is_multitenant=True, wallet_id=wallet_id_joe, tenant_jwt=joe_jwt)

In [22]:
def connection_handler(payload):
    print("Alices Connection Handler Called")
    connection_id = payload["connection_id"]
    state = payload["state"]
    print(f"Connection {connection_id} in State {state}")
    
connection_listener = {
    "handler": connection_handler,
    "topic": "connections"
}

def messages_handler(payload):
    print("Alices Recieved a Message")
    connection_id = payload["connection_id"]

    print("Handle message", payload, connection_id)
    
message_listener = {
    "handler": messages_handler,
    "topic": "basicmessages"
}

alice_agent_controller.register_listeners([message_listener,connection_listener], defaults=True)

Subscribing too: 1683fbcd-772a-46a9-ad74-79fa524ae3f9.basicmessages
Subscribing too: 1683fbcd-772a-46a9-ad74-79fa524ae3f9.connections


In [23]:
def joe_connection_handler(payload):
    print("Joes Connection Handler Called")
    connection_id = payload["connection_id"]
    state = payload["state"]
    print(f"Connection {connection_id} in State {state}")
    
joe_connection_listener = {
    "handler": joe_connection_handler,
    "topic": "connections"
}

def joe_messages_handler(payload):
    connection_id = payload["connection_id"]
    asyncio.get_event_loop().create_task(joe_agent_controller.messaging.send_message(connection_id, "This is a response from Joe"))
    print("Handling Joes message", payload, connection_id)


joe_message_listener = {
    "handler": joe_messages_handler,
    "topic": "basicmessages"
}


joe_agent_controller.register_listeners([joe_message_listener,joe_connection_listener], defaults=True)

Subscribing too: 43d3e30d-b50f-4fee-87c1-d08fa10b5723.basicmessages
Subscribing too: 43d3e30d-b50f-4fee-87c1-d08fa10b5723.connections


In [24]:
response = await alice_agent_controller.connections.create_invitation()
print(response["invitation"])
joe_connection_id = response["connection_id"]

joes_invitation = response["invitation"]

ClientResponseError: 401, message='Unauthorized', url=URL('http://multitenant-agent:8021/connections/create-invitation')

[0m[?7h[0;34mError during POST /connections/create-invitation: 401, message='Unauthorized', url=URL('http://multitenant-agent:8021/connections/create-invitation')[0m
[0m

In [22]:
response = await joe_agent_controller.connections.accept_connection(joes_invitation)

wallet c95e483c-9608-4109-ba85-d4e1250bd687
Joes Connection Handler Called
Connection d30da987-8663-4360-825e-842be8472043 in State invitation
wallet c95e483c-9608-4109-ba85-d4e1250bd687
Joes Connection Handler Called
Connection d30da987-8663-4360-825e-842be8472043 in State request
wallet c9c05b7a-ca3f-4487-b854-63c8c801490c
Alices Connection Handler Called
Connection 4f69322c-2f6e-40ed-958e-63d048410c15 in State request
wallet c9c05b7a-ca3f-4487-b854-63c8c801490c
Alices Connection Handler Called
Connection 4f69322c-2f6e-40ed-958e-63d048410c15 in State response
wallet c95e483c-9608-4109-ba85-d4e1250bd687
Joes Connection Handler Called
Connection d30da987-8663-4360-825e-842be8472043 in State response
wallet c9c05b7a-ca3f-4487-b854-63c8c801490c
Alices Connection Handler Called
Connection 4f69322c-2f6e-40ed-958e-63d048410c15 in State active
wallet c95e483c-9608-4109-ba85-d4e1250bd687
Joes Connection Handler Called
Connection d30da987-8663-4360-825e-842be8472043 in State active


In [23]:
await alice_agent_controller.messaging.send_message(joe_connection_id, "Hey Joe, it's Alice here")

{}

wallet c95e483c-9608-4109-ba85-d4e1250bd687
Handling Joes message {'connection_id': 'd30da987-8663-4360-825e-842be8472043', 'message_id': '6244147c-cc14-46c5-91eb-fcb2dc74c2a0', 'content': "Hey Joe, it's Alice here", 'state': 'received'} d30da987-8663-4360-825e-842be8472043
wallet c9c05b7a-ca3f-4487-b854-63c8c801490c
Alices Recieved a Message
Handle message {'connection_id': '4f69322c-2f6e-40ed-958e-63d048410c15', 'message_id': '6e4a2afc-d016-4113-8061-7743dad9fa54', 'content': 'This is a response from Joe', 'state': 'received'} 4f69322c-2f6e-40ed-958e-63d048410c15


### Remove the subwallet from the agent 

We can easily use the controller to remove the subwallets. Note that Joe has no immediate control over the decision of the base wallet controller to remove their wallet. Again Joe trusts the Base controller of the multitenant agent to manage his wallet in good faith, or in line with some contractual agreement etc.

Let's go ahead and remove Joe's wallets from the base wallet.

In [25]:
response_joe = await agent_controller.multitenant.remove_subwallet_by_id(wallet_id_joe)

pp.pprint(response_joe)

{}


### Check Joe's wallet has been removed

This should now give a result only containing Alice's wallet

In [26]:
response_all_wallets = await agent_controller.multitenant.query_subwallets()
# response_single_wallet = await agent_controller.multitenant.get_single_subwallet_by_id(wallet_id)

# print(response_single_wallet)
pp.pprint(response_all_wallets)

{   'results': [   {   'created_at': '2021-03-31 17:26:32.709404Z',
                       'key_management_mode': 'managed',
                       'settings': {   'default_label': 'Alice',
                                       'image_url': 'https://aries.ca/images/sample.png',
                                       'wallet.dispatch_type': 'default',
                                       'wallet.id': 'd302b327-505d-4c64-b57e-9beb4485ed44',
                                       'wallet.name': 'AlicesWallet',
                                       'wallet.type': 'indy',
                                       'wallet.webhook_urls': [   'http://multitenant-notebook:8022/d302b327-505d-4c64-b57e-9beb4485ed44']},
                       'updated_at': '2021-03-31 17:27:12.482239Z',
                       'wallet_id': 'd302b327-505d-4c64-b57e-9beb4485ed44'}]}


### Terminate the controller

Let's alos terminate the controller.

In [28]:
response = await agent_controller.webhook_listener.terminate()
print(response)



Terminating webhooks listener failed! AttributeError("'AriesWebhookListener' object has no attribute 'client_session'") occurred.
None


### Continue to [Part 2](http://localhost:8888/lab/tree/Alice/Part%202%20-%20Mediation%20of%20communication%20-%20Alice.ipynb) where you will learn how to interact with the ACA-Py instance as Alice