# Summative Evaluation

## SSI Complete Workflow - Issuer, Holder & Verifier

Dieses Notebook demonstriert den kompletten Self-Sovereign Identity Workflow mit drei ACA-Py Agenten:
- **Issuer Agent** (Port 8021): Gibt Credentials aus
- **Holder Agent** (Port 8031): Empf√§ngt und speichert Credentials
- **Verifier Agent** (Port 8041): Verifiziert Presentations

### Voraussetzungen
1. VON-Network l√§uft: `cd ../von-network && ./manage start --wait`
2. Alle drei Agenten laufen: `docker-compose up -d`
3. Python-Pakete installiert: `pip install requests pandas matplotlib plotly networkx`

## Teil 1: Setup & Vorbereitung

In [None]:
# Cell 1: Imports und Konfiguration
import requests
import json
import time
import pandas as pd
from IPython.display import display, Markdown, HTML
from datetime import datetime
import warnings
warnings.filterwarnings('ignore')

# SSL Warnung f√ºr self-signed Zertifikate unterdr√ºcken (PQC Proxy)
# import urllib3
# urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

# Agent URLs
ISSUER_ADMIN_URL = "https://localhost:8021"
HOLDER_ADMIN_URL = "https://localhost:8031"
VERIFIER_ADMIN_URL = "https://localhost:8041"
VON_NETWORK_URL = "https://localhost:8000"  # PQC HTTPS Reverse Proxy

# Farben f√ºr Visualisierungen
ISSUER_COLOR = "#3498db"  # Blau
HOLDER_COLOR = "#2ecc71"  # Gr√ºn
VERIFIER_COLOR = "#e74c3c"  # Rot

print("‚úÖ Imports erfolgreich")
print(f"üìç Issuer:   {ISSUER_ADMIN_URL}")
print(f"üìç Holder:   {HOLDER_ADMIN_URL}")
print(f"üìç Verifier: {VERIFIER_ADMIN_URL}")
print(f"üìç Ledger:   {VON_NETWORK_URL}")

# ========================================
# Tails-Server Konfiguration (f√ºr Revocation)
# ========================================
TAILS_SERVER_URL = "https://localhost:6543"
TAILS_FILE_COUNT = 100  # Max Credentials per Registry

print(f"üìç Tails:    {TAILS_SERVER_URL}")
print(f"   Max Credentials per Registry: {TAILS_FILE_COUNT}")

# ========================================
# Helper Functions
# ========================================

def api_get(base_url, path):
    """GET Request zu ACA-Py Admin API"""
    url = f"{base_url}{path}"
    response = requests.get(url)
    return response.json() if response.status_code == 200 else None

def api_post(base_url, path, data):
    """POST Request zu ACA-Py Admin API"""
    url = f"{base_url}{path}"
    headers = {"Content-Type": "application/json"}
    response = requests.post(url, json=data, headers=headers)
    return response.json() if response.status_code == 200 else None

def pretty_print(data, title=""):
    """Pretty print JSON data"""
    if title:
        print(f"\n{'='*60}")
        print(f"  {title}")
        print('='*60)
    print(json.dumps(data, indent=2))
    print()

print("\n‚úÖ Setup komplett!")


In [None]:
# Cell 2: Helper-Funktionen f√ºr API-Calls

def api_get(url, path):
    """GET Request an ACA-Py Admin API"""
    try:
        response = requests.get(f"{url}{path}")
        response.raise_for_status()
        return response.json()
    except Exception as e:
        print(f"‚ùå GET Fehler: {e}")
        return None

def api_post(url, path, data=None):
    """POST Request an ACA-Py Admin API"""
    try:
        response = requests.post(
            f"{url}{path}",
            json=data,
            headers={"Content-Type": "application/json"}
        )
        response.raise_for_status()
        return response.json()
    except Exception as e:
        print(f"‚ùå POST Fehler: {e}")
        if hasattr(e, 'response') and e.response:
            print(f"   Response: {e.response.text}")
        return None

def pretty_print(data, title=""):
    """Formatierte JSON-Ausgabe"""
    if title:
        print(f"\n{'='*60}")
        print(f"  {title}")
        print(f"{'='*60}")
    print(json.dumps(data, indent=2))

def wait_for_status(url, path, field, expected_value, timeout=30, interval=1):
    """Wartet bis ein Feld einen bestimmten Wert hat"""
    start_time = time.time()
    while time.time() - start_time < timeout:
        response = api_get(url, path)
        if response and response.get(field) == expected_value:
            return response
        time.sleep(interval)
    print(f"‚ö†Ô∏è  Timeout: {field} erreichte nicht '{expected_value}' nach {timeout}s")
    return None

def status_badge(status, label="Status"):
    """HTML Badge f√ºr Status"""
    colors = {
        "active": "green",
        "completed": "green",
        "done": "green",
        "ready": "green",
        "pending": "orange",
        "failed": "red",
        "error": "red"
    }
    color = colors.get(status.lower(), "gray")
    return f'<span style="background-color:{color};color:white;padding:3px 8px;border-radius:3px;font-weight:bold">{label}: {status}</span>'

print("‚úÖ Helper-Funktionen geladen")

In [None]:
# Cell 3: Agenten-Status pr√ºfen (Health Check)

def check_agent_status(name, url):
    """Pr√ºft ob ein Agent bereit ist"""
    try:
        response = api_get(url, "/status/ready")
        if response and response.get("ready"):
            return f"‚úÖ {name}: Bereit"
        else:
            return f"‚ö†Ô∏è  {name}: Nicht bereit"
    except:
        return f"‚ùå {name}: Nicht erreichbar"

print("üîç Agenten-Status Check...\n")
print(check_agent_status("Issuer", ISSUER_ADMIN_URL))
print(check_agent_status("Holder", HOLDER_ADMIN_URL))
print(check_agent_status("Verifier", VERIFIER_ADMIN_URL))

# Detaillierte Informationen mit Conductor-Statistiken
print("\nüìä Detaillierte Agent-Informationen:\n")
agents_info = []
for name, url in [("Issuer", ISSUER_ADMIN_URL), ("Holder", HOLDER_ADMIN_URL), ("Verifier", VERIFIER_ADMIN_URL)]:
    status = api_get(url, "/status")
    if status:
        conductor = status.get("conductor", {})
        agents_info.append({
            "Agent": name,
            "Label": status.get("label", "N/A"),
            "Version": status.get("version", "N/A"),
            "In Sessions": conductor.get("in_sessions", 0),
            "Out Encode": conductor.get("out_encode", 0),
            "Out Deliver": conductor.get("out_deliver", 0),
            "Active": conductor.get("task_active", 0),
            "Done": conductor.get("task_done", 0),
            "Failed": conductor.get("task_failed", 0),
            "Pending": conductor.get("task_pending", 0)
        })

df = pd.DataFrame(agents_info)
display(df)

In [None]:
# Cell 4: VON-Network Verbindung testen

print("üîó VON-Network Verbindung testen...\n")

try:
    # Genesis-Datei abrufen
    genesis_response = requests.get(f"{VON_NETWORK_URL}/genesis")
    if genesis_response.status_code == 200:
        print("‚úÖ VON-Network erreichbar")
        print(f"   Genesis-Datei: {len(genesis_response.text)} Bytes")
    
    # Ledger-Status abrufen
    status_response = requests.get(f"{VON_NETWORK_URL}/status")
    if status_response.status_code == 200:
        print("‚úÖ Ledger-Status abrufbar")
        
except Exception as e:
    print(f"‚ùå VON-Network nicht erreichbar: {e}")
    print("   Bitte starte VON-Network: cd ../von-network && ./manage start --wait")

## Teil 2: Ledger-Verbindung & DIDs

In diesem Abschnitt erstellen und registrieren wir DIDs f√ºr Issuer und Verifier auf dem Ledger.
Der Holder ben√∂tigt keine Public DID, da er nur Peer-DIDs f√ºr Connections nutzt.

In [None]:
# Cell 5: Performance Tracking Setup

# Dictionary um alle Performance-Metriken zu sammeln
performance_metrics = {
    "did_creation": [],
    "ledger_registration": [],
    "schema_creation": [],
    "cred_def_creation": [],
    "connection_establishment": [],
    "credential_issuance": [],
    "proof_presentation": []
}

def measure_time(operation_name):
    """Decorator f√ºr Performance-Messung"""
    def decorator(func):
        def wrapper(*args, **kwargs):
            start_time = time.time()
            result = func(*args, **kwargs)
            end_time = time.time()
            duration = end_time - start_time
            performance_metrics[operation_name].append(duration)
            print(f"‚è±Ô∏è  {operation_name}: {duration:.3f}s")
            return result
        return wrapper
    return decorator

print("‚úÖ Performance Tracking aktiviert")

In [None]:
# Cell 6: Issuer - DID erstellen

print("üîë Issuer: DID erstellen...\n")

# DID-Erstellungs-Parameter f√ºr did:indy
# API: POST /did/indy/create
did_params = {
    "options": {
        "key_type": "ed25519",  # Kryptografischer Key-Type (EdDSA)
        "seed": "000000000000000000000000Issuer01"  # 32 Zeichen f√ºr reproduzierbare DID
    }
}

print(f"üìã DID-Parameter:")
print(f"   Method:   indy")
print(f"   Endpoint: /did/indy/create")
print(f"   Key Type: {did_params['options']['key_type']}")
print(f"   Seed:     {'(zuf√§llig)' if 'seed' not in did_params['options'] else did_params['options']['seed']}")
print(f"   Format:   did:indy:<identifier>\n")

# DID erstellen mit korrektem Endpunkt
issuer_did_response = api_post(
    ISSUER_ADMIN_URL,
    "/did/indy/create",  # Korrekter Endpunkt f√ºr did:indy
    did_params
)

if issuer_did_response is not None:
    # Response-Format: {"did": "did:indy:...", "verkey": "..."}
    issuer_did = issuer_did_response.get("did")
    issuer_verkey = issuer_did_response.get("verkey")
    
    print(f"‚úÖ Issuer DID erstellt:")
    print(f"   DID:    {issuer_did}")
    print(f"   Verkey: {issuer_verkey}")
    
    # Zeige vollst√§ndige Response
    pretty_print(issuer_did_response, "DID-Erstellungs-Response (Issuer)")
    
    # Speichern f√ºr sp√§tere Verwendung
    issuer_info = {
        "did": issuer_did,
        "verkey": issuer_verkey,
        "method": "indy",
        "key_type": did_params["options"]["key_type"],
        "role": "ENDORSER"
    }
    
    print(f"\nüí° Format: {issuer_did} (vollst√§ndige qualified DID)")
else:
    print("‚ùå Fehler beim Erstellen der Issuer DID")

In [None]:
# Cell 7: Issuer DID auf Ledger registrieren

print("üìù Issuer DID auf Ledger registrieren (via VON-Network)...\n")

start_time = time.time()

# Registrierungs-Daten f√ºr VON-Network (DID-Based Registration)
# Nutzt DID+Verkey aus Cell 6 statt Seed
register_data = {
    "did": issuer_did,        # DID aus Cell 6 (ACA-Py Wallet)
    "verkey": issuer_verkey,  # Verkey aus Cell 6 (ACA-Py Wallet)
    "alias": "Issuer Agent",
    "role": "ENDORSER"  # TRUST_ANCHOR oder ENDORSER f√ºr Issuer-Rechte
}

print(f"üìã Registrierungs-Parameter:")
print(f"   Ledger URL: {VON_NETWORK_URL}/register")
print(f"   DID:        {register_data['did']}")
print(f"   Verkey:     {register_data['verkey'][:20]}...")
print(f"   Alias:      {register_data['alias']}")
print(f"   Role:       {register_data['role']}\n")

# Registriere DID auf VON-Network Ledger
# Wie in demo code: resp = await self.client_session.post(von_network_url + "/register", json=data)
print(f"üåê POST {VON_NETWORK_URL}/register")

try:
    response = requests.post(
        f"{VON_NETWORK_URL}/register",
        json=register_data,
        timeout=10
    )
    
    response.raise_for_status()
    
    # Response format: {"did": "did:indy:...", "verkey": "..."}
    nym_info = response.json()
    
    issuer_did = nym_info["did"]
    issuer_verkey = nym_info["verkey"]
    
    duration = time.time() - start_time
    performance_metrics["ledger_registration"].append(duration)
    
    print(f"‚úÖ Issuer DID auf Ledger registriert")
    print(f"   DID:    {issuer_did}")
    print(f"   Verkey: {issuer_verkey}")
    print(f"‚è±Ô∏è  Zeit: {duration:.3f}s")
    
    # Zeige vollst√§ndige Ledger-Response
    pretty_print(nym_info, "VON-Network Registration Response (Issuer)")
    
    # JETZT: Setze DID als Public DID im ACA-Py Wallet
    # Wie in demo code: await self.admin_POST("/wallet/did/public?did=" + self.did)
    print(f"\nüîë Setze DID als Public DID im Wallet...")
    public_did_response = api_post(
        ISSUER_ADMIN_URL,
        f"/wallet/did/public?did={issuer_did}"
    )
    
    if public_did_response is not None:
        print(f"‚úÖ Issuer DID als Public DID gesetzt")
    else:
        print(f"‚ö†Ô∏è  Warnung: Public DID konnte nicht gesetzt werden")
    
    # Speichern f√ºr sp√§tere Verwendung
    issuer_info = {
        "did": issuer_did,
        "verkey": issuer_verkey,
        "method": "indy",
        "key_type": "ed25519",
        "role": "ENDORSER"
    }
    
    # Hole NYM Role vom Ledger zur Verifikation
    print(f"\nüîç NYM Role vom Ledger verifizieren...")
    nym_role_response = api_get(
        ISSUER_ADMIN_URL,
        f"/ledger/get-nym-role?did={issuer_did}"
    )
    
    if nym_role_response is not None:
        print(f"‚úÖ NYM Role vom Ledger abgerufen")
        pretty_print(nym_role_response, "Ledger NYM Role (Issuer DID)")
        
        # Extrahiere Role
        role = nym_role_response.get('role', 'N/A')
        print(f"\nüìã Verifizierte Rolle: {role}")
    else:
        print(f"‚ö†Ô∏è  NYM Role konnte nicht abgerufen werden")
        
except requests.exceptions.RequestException as e:
    print(f"‚ùå POST Fehler: {e}")
    print(f"   Stelle sicher dass VON-Network l√§uft: cd von-network && ./manage start")


In [None]:
# Cell 8: Verifier - DID erstellen und registrieren

print("üîë Verifier: DID erstellen und registrieren...\n")

start_time = time.time()

# DID-Erstellungs-Parameter f√ºr did:indy
# API: POST /did/indy/create
did_params = {
    "options": {
        "key_type": "ed25519"  # Kryptografischer Key-Type (EdDSA)
        # "seed": "00000000000000000000000Verifier1"  # Optional: 32 Zeichen f√ºr reproduzierbare DIDs
    }
}

print(f"üìã DID-Parameter:")
print(f"   Method:   indy")
print(f"   Endpoint: /did/indy/create")
print(f"   Key Type: {did_params['options']['key_type']}")
print(f"   Seed:     {'(zuf√§llig)' if 'seed' not in did_params['options'] else did_params['options']['seed']}")
print(f"   Format:   did:indy:<identifier>\n")

# DID erstellen mit korrektem Endpunkt
verifier_did_response = api_post(
    VERIFIER_ADMIN_URL,
    "/did/indy/create",  # Korrekter Endpunkt f√ºr did:indy
    did_params
)

if verifier_did_response is not None:
    # Response-Format: {"did": "did:indy:...", "verkey": "..."}
    verifier_did = verifier_did_response.get("did")
    verifier_verkey = verifier_did_response.get("verkey")
    
    duration_create = time.time() - start_time
    performance_metrics["did_creation"].append(duration_create)
    
    print(f"‚úÖ Verifier DID erstellt:")
    print(f"   DID:    {verifier_did}")
    print(f"   Verkey: {verifier_verkey}")
    print(f"‚è±Ô∏è  Zeit: {duration_create:.3f}s\n")
    
    # Registriere auf VON-Network Ledger
    # Wie in demo code: resp = await self.client_session.post(von_network_url + "/register", json=data)
    print("üìù Registriere NYM auf VON-Network Ledger...")
    start_time = time.time()
    
    register_data = {
        "did": verifier_did,
        "verkey": verifier_verkey,
        "alias": "Verifier Agent",
        "role": "ENDORSER"
    }
    
    print(f"üìã Registrierungs-Parameter:")
    print(f"   Ledger URL: {VON_NETWORK_URL}/register")
    print(f"   DID:        {verifier_did}")
    print(f"   Alias:      {register_data['alias']}")
    print(f"   Role:       {register_data['role']}\n")
    
    print(f"üåê POST {VON_NETWORK_URL}/register")
    
    try:
        response = requests.post(
            f"{VON_NETWORK_URL}/register",
            json=register_data,
            timeout=10
        )
        
        response.raise_for_status()
        
        nym_info = response.json()
        
        duration_register = time.time() - start_time
        performance_metrics["ledger_registration"].append(duration_register)
        
        print(f"‚úÖ Verifier DID auf Ledger registriert")
        print(f"‚è±Ô∏è  Zeit: {duration_register:.3f}s")
        
        # Zeige vollst√§ndige Ledger-Response
        pretty_print(nym_info, "VON-Network Registration Response (Verifier)")
        
        # JETZT: Setze DID als Public DID im ACA-Py Wallet
        print(f"\nüîë Setze DID als Public DID im Wallet...")
        public_did_response = api_post(
            VERIFIER_ADMIN_URL,
            f"/wallet/did/public?did={verifier_did}"
        )
        
        if public_did_response is not None:
            print(f"‚úÖ Verifier DID als Public DID gesetzt")
        else:
            print(f"‚ö†Ô∏è  Warnung: Public DID konnte nicht gesetzt werden")
        
        verifier_info = {
            "did": verifier_did,
            "verkey": verifier_verkey,
            "method": "indy",
            "key_type": did_params["options"]["key_type"],
            "role": "ENDORSER"
        }
        
        # Warte kurz damit die Transaction auf dem Ledger verf√ºgbar ist
        time.sleep(1)
        
        # Hole NYM Role vom Ledger zur Verifikation
        print(f"\nüîç NYM Role vom Ledger verifizieren...")
        nym_role_response = api_get(
            VERIFIER_ADMIN_URL,
            f"/ledger/get-nym-role?did={verifier_did}"
        )
        
        if nym_role_response is not None:
            print(f"‚úÖ NYM Role vom Ledger abgerufen")
            pretty_print(nym_role_response, "Ledger NYM Role (Verifier DID)")
            
            # Extrahiere Role
            role = nym_role_response.get('role', 'N/A')
            print(f"\nüìã Verifizierte Rolle: {role}")
        else:
            print(f"‚ö†Ô∏è  NYM Role konnte nicht abgerufen werden")
        
        print(f"\nüí° Format: {verifier_did} (vollst√§ndige qualified DID)")
        
    except requests.exceptions.RequestException as e:
        print(f"‚ùå POST Fehler: {e}")
        print(f"   Stelle sicher dass VON-Network l√§uft: cd von-network && ./manage start")
else:
    print("‚ùå Fehler beim Erstellen der Verifier DID")

In [None]:
# Cell 9: Domain Ledger Transaktionen

print("üìã Domain Ledger - Letzte Transaktionen")
print("üîí Verbindung √ºber PQC HTTPS Reverse Proxy\n")

try:
    # Hole alle Domain Ledger Transaktionen vom VON-Network
    ledger_response = requests.get(f"{VON_NETWORK_URL}/ledger/domain")
    
    if ledger_response.status_code == 200:
        # FIX: Response ist ein paginiertes Objekt, nicht direkt ein Array
        ledger_data = ledger_response.json()
        ledger_txns = ledger_data.get('results', [])
        total_txns = ledger_data.get('total', 0)
        page = ledger_data.get('page', 1)
        page_size = ledger_data.get('page_size', 100)
        
        print(f"‚úÖ Domain Ledger abgerufen")
        print(f"   Total Transaktionen: {total_txns}")
        print(f"   Seite: {page} (Page Size: {page_size})\n")
        
        # Zeige die letzten 10 Transaktionen
        recent_txns = ledger_txns[-10:] if len(ledger_txns) > 10 else ledger_txns
        
        print("üìä Letzte 10 Transaktionen:\n")
        txn_summary = []
        
        for txn in recent_txns:
            # FIX: Korrekte verschachtelte Struktur-Zugriffe
            txn_metadata = txn.get('txnMetadata', {})
            txn_data = txn.get('txn', {})
            txn_type = txn_data.get('type', 'N/A')
            
            # Transaction Type Namen
            type_names = {
                '1': 'NYM',
                '100': 'ATTRIB',
                '101': 'SCHEMA',
                '102': 'CRED_DEF',
                '113': 'REVOC_REG_DEF',
                '114': 'REVOC_REG_ENTRY'
            }
            
            type_name = type_names.get(str(txn_type), f"Type {txn_type}")
            
            # FIX: Extrahiere 'from' aus txn.metadata (nicht txn_metadata)
            requester = txn_data.get('metadata', {}).get('from', 'N/A')
            #requester_short = requester[:20] + '...' if len(requester) > 20 else requester
            
            txn_summary.append({
                "Seq No": txn_metadata.get('seqNo', 'N/A'),
                "Type": type_name,
                "Transaction Time": txn_metadata.get('txnTime', 'N/A'),
                "Requester": requester
            })
        
        if txn_summary:
            df_txns = pd.DataFrame(txn_summary)
            display(df_txns)
        
        # Detaillierte Ansicht der letzten Transaction
        if recent_txns:
            print("\nüîç Detaillierte Ansicht der letzten Transaction:")
            pretty_print(recent_txns[-1], "Letzte Ledger-Transaction")
    else:
        print(f"‚ö†Ô∏è  Konnte Ledger nicht abrufen: {ledger_response.status_code}")
        
except Exception as e:
    print(f"‚ùå Fehler beim Abrufen des Ledgers: {e}")

print("\nüí° Transaction Types:")
print("   ‚Ä¢ NYM (1)           = DID Registration")
print("   ‚Ä¢ ATTRIB (100)      = DID Attribute")
print("   ‚Ä¢ SCHEMA (101)      = Schema Definition")
print("   ‚Ä¢ CRED_DEF (102)    = Credential Definition")
print("   ‚Ä¢ REVOC_REG_* (113/114) = Revocation Registry")

In [None]:
# Cell 10: Ledger-√úbersicht - Alle DIDs anzeigen

print("üìã Ledger-√úbersicht - Alle DIDs:\n")

# Alle DIDs von allen Agenten abrufen
issuer_dids = api_get(ISSUER_ADMIN_URL, "/wallet/did")
holder_dids = api_get(HOLDER_ADMIN_URL, "/wallet/did")
verifier_dids = api_get(VERIFIER_ADMIN_URL, "/wallet/did")

# Zeige originale Responses
print("üîç Originale /wallet/did Responses:\n")
if issuer_dids:
    pretty_print(issuer_dids, "Issuer Wallet DIDs")
if holder_dids:
    pretty_print(holder_dids, "Holder Wallet DIDs")
if verifier_dids:
    pretty_print(verifier_dids, "Verifier Wallet DIDs")

# Erstelle erweiterte √úbersicht
print("\nüìä DID-√úbersicht (Detailliert):\n")
ledger_overview = []

# Issuer DIDs
if issuer_dids and "results" in issuer_dids:
    for did_info in issuer_dids["results"]:
        posture = did_info.get("posture", "unknown")
        # Zeige alle DIDs (posted und wallet_only)
        ledger_overview.append({
            "Agent": "Issuer",
            "DID": did_info["did"],
            "Verkey": did_info.get("verkey", "N/A"),
            "Posture": posture,
            "Method": did_info.get("method", "sov"),
            "Key Type": did_info.get("key_type", "N/A"),
            "On Ledger": "‚úÖ" if posture in ["public", "posted"] else "‚ùå",
            "Endpoint": did_info.get("metadata", {}).get("endpoint", "N/A")
        })

# Holder DIDs
if holder_dids and "results" in holder_dids:
    for did_info in holder_dids["results"]:
        posture = did_info.get("posture", "unknown")
        ledger_overview.append({
            "Agent": "Holder",
            "DID": did_info["did"],
            "Verkey": did_info.get("verkey", "N/A"),
            "Posture": posture,
            "Method": did_info.get("method", "sov"),
            "Key Type": did_info.get("key_type", "N/A"),
            "On Ledger": "‚úÖ" if posture in ["public", "posted"] else "‚ùå",
            "Endpoint": did_info.get("metadata", {}).get("endpoint", "N/A")
        })

# Verifier DIDs
if verifier_dids and "results" in verifier_dids:
    for did_info in verifier_dids["results"]:
        posture = did_info.get("posture", "unknown")
        ledger_overview.append({
            "Agent": "Verifier",
            "DID": did_info["did"],
            "Verkey": did_info.get("verkey", "N/A"),
            "Posture": posture,
            "Method": did_info.get("method", "sov"),
            "Key Type": did_info.get("key_type", "N/A"),
            "On Ledger": "‚úÖ" if posture in ["public", "posted"] else "‚ùå",
            "Endpoint": did_info.get("metadata", {}).get("endpoint", "N/A")
        })

# Als DataFrame anzeigen
if ledger_overview:
    df_ledger = pd.DataFrame(ledger_overview)
    display(df_ledger)
else:
    print("‚ö†Ô∏è  Keine DIDs gefunden")

# Zusammenfassung
print("\nüí° Posture-Bedeutung:")
print("   ‚Ä¢ posted       = DID auf Ledger registriert und ver√∂ffentlicht")
print("   ‚Ä¢ public       = DID als Public DID gesetzt")
print("   ‚Ä¢ wallet_only  = DID nur im Wallet, nicht auf Ledger")
print("\nüí° Hinweis:")
print("   - Issuer & Verifier ben√∂tigen Public DIDs f√ºr Schema/CredDef")
print("   - Holder nutzt nur Peer-DIDs f√ºr sichere P2P-Verbindungen")
print("   - Alte DIDs (wallet_only) k√∂nnen aus vergangenen Runs stammen")

## Teil 3: Schema & Credential Definition

Der Issuer erstellt jetzt ein Schema auf dem Ledger und eine Credential Definition, die f√ºr die Ausstellung von Credentials ben√∂tigt wird.

In [None]:
# Cell 11: Schema erstellen (Indy)

print("üìã Schema erstellen...\n")

start_time = time.time()

# Schema-Daten f√ºr Indy API
# API: POST /schemas
# Format: {"schema_name": "...", "schema_version": "...", "attributes": [...]}
schema_data = {
    "schema_name": "university_degree",
    "schema_version": "1.0",
    "attributes": [
        "name",
        "degree",
        "university",
        "graduation_date",
        "age",
        "gpa"
    ]
}

print(f"üìã Schema-Parameter (Indy):")
print(f"   Endpoint:  /schemas")
print(f"   Name:      {schema_data['schema_name']}")
print(f"   Version:   {schema_data['schema_version']}")
print(f"   Attribute: {', '.join(schema_data['attributes'])}\n")

# Schema auf Ledger registrieren (Indy endpoint)
schema_response = api_post(
    ISSUER_ADMIN_URL,
    "/schemas",  # Indy endpoint
    schema_data
)

if schema_response is not None:
    # Response Format: {"schema_id": "...", "schema": {...}}
    schema_id = schema_response.get("schema_id")
    
    duration = time.time() - start_time
    performance_metrics["schema_creation"].append(duration)
    
    print(f"‚úÖ Schema erstellt (Indy)")
    print(f"   Schema ID: {schema_id}")
    print(f"‚è±Ô∏è  Zeit: {duration:.3f}s")
    
    # Zeige vollst√§ndige Schema-Response
    pretty_print(schema_response, "Indy Schema Response")
    
else:
    print("‚ùå Fehler beim Erstellen des Schemas")


In [None]:
# Cell 12: Credential Definition erstellen (Indy)

print("\nüîê Credential Definition erstellen...\n")

start_time = time.time()

# Credential Definition Daten f√ºr Indy API
# API: POST /credential-definitions
# Format: {"schema_id": "...", "tag": "...", "support_revocation": ...}
cred_def_data = {
    "schema_id": schema_id,    # Schema ID aus Cell 11
    "tag": "default",
    "support_revocation": True,
    "revocation_registry_size": TAILS_FILE_COUNT
}

print(f"üìã Credential Definition Parameter (Indy):")
print(f"   Endpoint:           /credential-definitions")
print(f"   Schema ID:          {cred_def_data['schema_id']}")
print(f"   Tag:                {cred_def_data['tag']}")
print(f"   Support Revocation: {cred_def_data['support_revocation']}")
print(f"   Support Revocation: {cred_def_data['revocation_registry_size']}\n")

# Credential Definition auf Ledger registrieren (Indy endpoint)
cred_def_response = api_post(
    ISSUER_ADMIN_URL,
    "/credential-definitions",  # Indy endpoint
    cred_def_data
)

if cred_def_response is not None:
    # Response Format: {"credential_definition_id": "...", "credential_definition": {...}}
    cred_def_id = cred_def_response.get("credential_definition_id")
    
    duration = time.time() - start_time
    performance_metrics["cred_def_creation"].append(duration)
    
    print(f"‚úÖ Credential Definition erstellt (Indy)")
    print(f"   Cred Def ID: {cred_def_id}")
    print(f"‚è±Ô∏è  Zeit: {duration:.3f}s")
    
    # Zeige vollst√§ndige Cred Def Response
    pretty_print(cred_def_response, "Indy Credential Definition Response")
    
    # Info: Indy Format
    print(f"\nüí° Indy Format:")
    print(f"   ‚Ä¢ Request:  {{\"schema_id\": ..., \"tag\": ..., \"support_revocation\": ...}}")
    print(f"   ‚Ä¢ Response: {{\"credential_definition_id\": ..., \"credential_definition\": {{...}}}}")
    print(f"   ‚Ä¢ Cred Def ID direkt aus Response")
    print(f"   ‚Ä¢ support_revocation ist top-level Parameter")
    
    print(f"\nüìù N√§chste Schritte:")
    print(f"   ‚Ä¢ Schema ID:   {schema_id}")
    print(f"   ‚Ä¢ Cred Def ID: {cred_def_id}")
    print(f"   ‚Üí Bereit f√ºr Connection und Credential Issuance")
else:
    print("‚ùå Fehler beim Erstellen der Credential Definition")


## Teil 4: Connections zwischen Agenten

Jetzt verbinden wir die Agenten untereinander:
1. **Issuer ‚Üî Holder**: F√ºr Credential-Ausstellung
2. **Holder ‚Üî Verifier**: F√ºr Proof-Pr√§sentation

In [None]:
# Cell 13: Issuer Discovery - Identifikation via Ledger Identifier

print("üîç Issuer Discovery - Identifikation vertrauensw√ºrdiger Aussteller")
print("="*80)
print("üìñ KRITIS-Anforderung: Identity Holder m√ºssen vertrauensw√ºrdige Issuers")
print("   f√ºr gew√ºnschte Credentials entdecken und deren Identit√§t validieren.\n")

# Phase 1: Ledger-basierte Issuer Discovery
print("üìã Phase 1: Ledger-basierte Issuer Discovery\n")

try:
    # Hole Domain Ledger Transaktionen
    ledger_response = requests.get(f"{VON_NETWORK_URL}/ledger/domain")
    
    if ledger_response.status_code == 200:
        ledger_data = ledger_response.json()
        ledger_txns = ledger_data.get('results', [])
        
        # Filter: Nur NYM-Transaktionen (DID-Registrierungen, Type '1')
        nym_txns = [
            txn for txn in ledger_txns 
            if txn.get('txn', {}).get('type') == '1'
        ]
        
        # Filter: Nur Transaktionen mit TRUST_ANCHOR Role (= Issuers)
        issuer_identities = []
        for txn in nym_txns:
            txn_data = txn.get('txn', {}).get('data', {})
            role = txn_data.get('role')
            
            # Role '101' = TRUST_ANCHOR (berechtigt, Credentials auszustellen)
            if role == '101':
                full_verkey = txn_data.get('verkey', 'N/A')
                issuer_identities.append({
                    'did': txn_data.get('dest'),
                    'verkey_full': full_verkey,
                    'verkey_short': full_verkey[:30] + '...' if len(full_verkey) > 30 else full_verkey,
                    'alias': txn_data.get('alias', 'N/A'),
                    'registered_by': txn.get('txn', {}).get('metadata', {}).get('from', 'N/A'),
                    'txn_time': txn.get('txnMetadata', {}).get('txnTime'),
                    'seq_no': txn.get('txnMetadata', {}).get('seqNo')
                })
        
        print(f"‚úÖ {len(issuer_identities)} TRUST_ANCHOR Issuer(s) auf dem Ledger gefunden:\n")
        
        if issuer_identities:
            # Zeige nur relevante Spalten f√ºr Identifikation
            df_issuers = pd.DataFrame([{
                'Alias': i['alias'],
                'DID': i['did'],
                'Verkey (gek√ºrzt)': i['verkey_short'],
                'Seq No': i['seq_no']
            } for i in issuer_identities])
            display(df_issuers)
        else:
            print("‚ö†Ô∏è  Keine TRUST_ANCHOR gefunden (Ledger noch leer?)")
            
except Exception as e:
    print(f"‚ùå Fehler bei Issuer Discovery: {e}")
    import traceback
    traceback.print_exc()

# Phase 2: Issuer Identifier Verification
print(f"\n{'='*80}")
print("üîê Phase 2: Issuer Identifier Verification\n")

def verify_issuer_identity(issuer_did, issuer_data, all_txns):
    """
    Verifiziert die Identit√§t eines Issuers anhand von Ledger-Daten.
    
    Identit√§ts-Eigenschaften:
    1. DID (Decentralized Identifier)
    2. Verkey (Public Key f√ºr Signaturverifikation)
    3. TRUST_ANCHOR Role
    4. Registrierungs-Endorser (Wer hat die Identit√§t best√§tigt?)
    5. On-Ledger Aktivit√§ten (Schemas, CRED_DEFs, etc.)
    """
    identity_info = {
        'verified': True,
        'properties': []
    }
    
    # 1. DID Identifier
    identity_info['properties'].append({
        'property': 'DID (Identifier)',
        'value': issuer_did,
        'verified': True
    })
    
    # 2. Verkey (Public Key)
    verkey = issuer_data.get('verkey_full', 'N/A')
    identity_info['properties'].append({
        'property': 'Verkey (Public Key)',
        'value': verkey,
        'verified': verkey != 'N/A'
    })
    
    # 3. TRUST_ANCHOR Role
    identity_info['properties'].append({
        'property': 'TRUST_ANCHOR Role',
        'value': 'Ja (Role 101)',
        'verified': True
    })
    
    # 4. Endorser (Wer hat registriert?)
    registered_by = issuer_data.get('registered_by', 'N/A')
    identity_info['properties'].append({
        'property': 'Registriert von',
        'value': registered_by,
        'verified': registered_by != 'N/A'
    })
    
    # 5. On-Ledger Aktivit√§ten
    activities = []
    
    # Schemas (Type '101' im Ledger)
    schemas = [
        txn for txn in all_txns 
        if txn.get('txn', {}).get('type') == '101'
        and txn.get('txn', {}).get('metadata', {}).get('from') == issuer_did
    ]
    if schemas:
        activities.append(f"{len(schemas)} Schema(s)")
    
    # Credential Definitions (Type '102')
    cred_defs = [
        txn for txn in all_txns 
        if txn.get('txn', {}).get('type') == '102'
        and txn.get('txn', {}).get('metadata', {}).get('from') == issuer_did
    ]
    if cred_defs:
        activities.append(f"{len(cred_defs)} CRED_DEF(s)")
    
    # Revocation Registries (Type '113' oder '114')
    revoc_regs = [
        txn for txn in all_txns 
        if txn.get('txn', {}).get('type') in ['113', '114']
        and txn.get('txn', {}).get('metadata', {}).get('from') == issuer_did
    ]
    if revoc_regs:
        activities.append(f"{len(revoc_regs)} REVOC_REG(s)")
    
    activity_summary = ', '.join(activities) if activities else 'Keine'
    identity_info['properties'].append({
        'property': 'On-Ledger Aktivit√§ten',
        'value': activity_summary,
        'verified': len(activities) > 0
    })
    
    # 6. Zeitstempel (Registrierungszeitpunkt)
    import datetime
    txn_time = issuer_data.get('txn_time')
    if txn_time:
        registration_date = datetime.datetime.fromtimestamp(txn_time)
        age_days = (datetime.datetime.now() - registration_date).days
        identity_info['properties'].append({
            'property': 'Registriert seit',
            'value': f"{registration_date.strftime('%Y-%m-%d')} ({age_days} Tage)",
            'verified': True
        })
    
    return identity_info

# Zeige Identifier-Details f√ºr alle gefundenen Issuers
if 'issuer_identities' in locals() and issuer_identities:
    for issuer in issuer_identities[:3]:  # Zeige nur erste 3 Issuers
        print(f"{'='*80}")
        print(f"üè¢ Issuer: {issuer['alias']}")
        print(f"{'='*80}")
        
        identity = verify_issuer_identity(issuer['did'], issuer, ledger_txns)
        
        for prop in identity['properties']:
            status = "‚úÖ" if prop['verified'] else "‚ö†Ô∏è "
            value = prop['value']
            # K√ºrze lange Werte (z.B. Verkey)
            if len(str(value)) > 50:
                value = str(value)[:47] + "..."
            print(f"   {status} {prop['property']:25s} {value}")
        
        print()

# Phase 3: Issuer-Suche f√ºr spezifisches Schema
print(f"{'='*80}")
print("üîé Phase 3: Issuer-Identifikation f√ºr Schema\n")

# Suche nach dem Schema aus Cell 11
desired_schema_name = "university_degree"

try:
    # Hole alle Schemas vom Ledger (Type '101')
    schemas = [
        txn for txn in ledger_txns 
        if txn.get('txn', {}).get('type') == '101'
    ]
    
    # Filter nach Schema-Namen
    matching_schemas = []
    for schema_txn in schemas:
        schema_data = schema_txn.get('txn', {}).get('data', {}).get('data', {})
        schema_name = schema_data.get('name', '')
        
        if desired_schema_name.lower() in schema_name.lower():
            schema_version = schema_data.get('version', 'N/A')
            created_by = schema_txn.get('txn', {}).get('metadata', {}).get('from', 'N/A')
            
            matching_schemas.append({
                'schema_name': schema_name,
                'schema_version': schema_version,
                'schema_id': f"{created_by}:2:{schema_name}:{schema_version}",
                'created_by_did': created_by
            })
    
    if matching_schemas:
        print(f"‚úÖ {len(matching_schemas)} Schema(s) gefunden f√ºr '{desired_schema_name}':\n")
        df_schemas = pd.DataFrame(matching_schemas)
        display(df_schemas)
        
        # Identifiziere die Issuers dieser Schemas
        print(f"\n{'='*80}")
        print("üîê Issuer-Identifikation f√ºr gefundene Schemas:\n")
        
        for schema in matching_schemas:
            schema_issuer_did = schema['created_by_did']
            
            # Finde Issuer-Identit√§t
            issuer_info = next(
                (i for i in issuer_identities if i['did'] == schema_issuer_did), 
                None
            )
            
            print(f"Schema: {schema['schema_name']} v{schema['schema_version']}")
            print(f"{'-'*80}")
            
            if issuer_info:
                # Zeige Issuer-Identifikation
                print(f"‚úÖ Issuer identifiziert:")
                print(f"   Alias:         {issuer_info['alias']}")
                print(f"   DID:           {issuer_info['did']}")
                print(f"   Verkey:        {issuer_info['verkey_short']}")
                print(f"   TRUST_ANCHOR:  Ja (Role 101)")
                print(f"   Ledger Seq No: {issuer_info['seq_no']}")
                
                # Zeige vollst√§ndige Identit√§ts-Verifikation
                print(f"\n   üìã Vollst√§ndige Identit√§ts-Verifikation:")
                identity = verify_issuer_identity(schema_issuer_did, issuer_info, ledger_txns)
                for prop in identity['properties']:
                    status = "‚úÖ" if prop['verified'] else "‚ö†Ô∏è "
                    value = prop['value']
                    if len(str(value)) > 40:
                        value = str(value)[:37] + "..."
                    print(f"   {status} {prop['property']:20s} {value}")
                
                print(f"\n   ‚úÖ Issuer erfolgreich √ºber DID identifiziert und verifiziert")
            else:
                print(f"‚ö†Ô∏è  Issuer NICHT als TRUST_ANCHOR registriert")
                print(f"   DID: {schema_issuer_did}")
                print(f"   Status: Keine TRUST_ANCHOR Role auf dem Ledger")
            
            print(f"\n{'='*80}\n")
    else:
        print(f"‚ö†Ô∏è  Keine Schemas gefunden f√ºr '{desired_schema_name}'")
        print(f"üí° Tipp: Stelle sicher, dass Cell 11 (Schema erstellen) ausgef√ºhrt wurde")
        
except Exception as e:
    print(f"‚ùå Fehler bei Schema-Suche: {e}")
    import traceback
    traceback.print_exc()

print(f"\n{'='*80}")
print("üí° Issuer Identifier-basierte Discovery:")
print("   1. ‚úÖ DID (Decentralized Identifier) - Eindeutiger Identifier")
print("   2. ‚úÖ Verkey (Public Key) - Kryptografische Identit√§t")
print("   3. ‚úÖ TRUST_ANCHOR Role - Berechtigung zum Ausstellen")
print("   4. ‚úÖ Ledger Endorsement - Wer hat die Identit√§t best√§tigt?")
print("   5. ‚úÖ On-Ledger Aktivit√§ten - Schemas, CRED_DEFs, REVOC_REGs")
print(f"{'='*80}")
print("üéØ Identifikations-Methode:")
print("   Der Issuer wird √ºber seinen DID (Decentralized Identifier) eindeutig")
print("   identifiziert. Der DID ist im Schema-Identifier eingebettet:")
print("   Format: <issuer_did>:2:<schema_name>:<version>")
print("   ")
print("   Die Vertrauensw√ºrdigkeit wird durch die TRUST_ANCHOR Role auf dem")
print("   Hyperledger Indy Ledger garantiert (Byzantine Fault Tolerant).")
print(f"{'='*80}")


In [None]:
# Cell 14: Connection Issuer ‚Üí Holder erstellen

print("ü§ù Connection: Issuer ‚Üí Holder erstellen...\n")

start_time = time.time()

# ========================================
# 1. PRE-CHECK: Existierende Connections pr√ºfen
# ========================================
print("üîç Pre-Check: Pr√ºfe existierende Connections...\n")

existing_conn_issuer_holder = None
existing_conn_holder = None

# Pr√ºfe Issuer-Seite: GET /connections
issuer_conns_response = api_get(ISSUER_ADMIN_URL, "/connections")
if issuer_conns_response and "results" in issuer_conns_response:
    print(f"   Issuer: {len(issuer_conns_response['results'])} Connection(s) gefunden")
    for conn in issuer_conns_response["results"]:
        if conn.get("state") == "completed":
            existing_conn_issuer_holder = conn["connection_id"]
            print(f"     ‚Üí Connection {existing_conn_issuer_holder} (State: completed)")
            break
else:
    print("   Issuer: Keine Connections gefunden")

# Pr√ºfe Holder-Seite: GET /connections
holder_conns_response = api_get(HOLDER_ADMIN_URL, "/connections")
if holder_conns_response and "results" in holder_conns_response:
    print(f"   Holder: {len(holder_conns_response['results'])} Connection(s) gefunden")
    for conn in holder_conns_response["results"]:
        if conn.get("state") == "completed":
            existing_conn_holder = conn["connection_id"]
            print(f"     ‚Üí Connection {existing_conn_holder} (State: completed)")
            break
else:
    print("   Holder: Keine Connections gefunden")

if existing_conn_issuer_holder and existing_conn_holder:
    print(f"\n‚úÖ Existierende Connection gefunden!")
    print(f"   Issuer Connection ID: {existing_conn_issuer_holder}")
    print(f"   Holder Connection ID: {existing_conn_holder}")
    print("   √úberspringe Connection-Erstellung\n")
    conn_id_issuer_holder = existing_conn_issuer_holder
    conn_id_holder = existing_conn_holder
else:
    print("\n   Keine vollst√§ndige existierende Connection gefunden")
    print("   Erstelle neue Connection mit did:peer:2...\n")
    
    # ========================================
    # 2. HAUPT-WORKFLOW: Connection mit did:peer erstellen
    # ========================================
    
    # Initialisiere Variablen
    conn_id_issuer_holder = None
    conn_id_holder = None
    invitation_msg_id = None
    invitation_key = None
    
    # Issuer erstellt Out-of-Band Invitation mit did:peer:2
    invitation_data = {
        "handshake_protocols": ["https://didcomm.org/didexchange/1.1"],
        "use_did_method": "did:peer:4",
        "my_label": "Issuer Agent - University Credentials",
        "goal": "Establish connection for credential issuance",
        "goal_code": "issue-vc",
        "accept": [
            "didcomm/aip1",
            "didcomm/aip2;env=rfc19"
        ]
    }
    
    print("üìã Invitation-Modus: did:peer:2 (P2P Connection)")
    
    # API Call mit Query-Parametern f√ºr auto-accept
    invitation_response = api_post(
        ISSUER_ADMIN_URL,
        "/out-of-band/create-invitation?auto_accept=true&multi_use=false",
        invitation_data
    )
    
    if invitation_response and "invitation" in invitation_response:
        invitation = invitation_response["invitation"]
        oob_id = invitation_response.get("oob_id")
        invitation_url = invitation_response.get("invitation_url", "")
        state = invitation_response.get("state")
        
        # WICHTIG: Speichere invitation_msg_id aus der Invitation
        invitation_msg_id = invitation.get("@id")
        
        # Optional: Extrahiere invitation_key aus services (falls vorhanden)
        services = invitation.get("services", [])
        if services and len(services) > 0:
            # Bei did:peer:2 ist der Service oft inline
            service = services[0]
            if isinstance(service, dict):
                recipient_keys = service.get("recipientKeys", [])
                if recipient_keys:
                    invitation_key = recipient_keys[0]
        
        print(f"‚úÖ Issuer: Invitation erstellt")
        print(f"   OOB ID: {oob_id}")
        print(f"   State: {state}")
        print(f"   Invitation Msg ID: {invitation_msg_id}")
        if invitation_key:
            print(f"   Invitation Key: {invitation_key[:30]}...")
        print(f"   Services: {len(invitation.get('services', []))} service(s)")
        print(f"   Label: {invitation_data['my_label']}")
        print(f"   Goal: {invitation_data['goal']}")
        
        # Holder akzeptiert Invitation (mit auto-accept)
        receive_response = api_post(
            HOLDER_ADMIN_URL,
            "/out-of-band/receive-invitation?auto_accept=true",
            invitation
        )
        
        if receive_response is not None:
            conn_id_holder = receive_response.get("connection_id")
            print(f"\n‚úÖ Holder: Invitation akzeptiert")
            print(f"   Connection ID (Holder): {conn_id_holder}")
            
            # Issuer findet seine Connection via invitation_msg_id
            print(f"\n   Issuer sucht Connection via invitation_msg_id...")
            time.sleep(2)  # Kurze Wartezeit f√ºr DIDExchange Protocol
            
            # Hole alle Issuer Connections
            issuer_conns = api_get(ISSUER_ADMIN_URL, "/connections")
            if issuer_conns and "results" in issuer_conns:
                connections = issuer_conns["results"]
                
                print(f"     Pr√ºfe {len(connections)} Connection(s)...")
                
                # Finde Connection anhand invitation_msg_id (exaktes Match!)
                connection_found = False
                for conn in connections:
                    conn_invitation_msg_id = conn.get("invitation_msg_id")
                    conn_invitation_key = conn.get("invitation_key")
                    
                    # Match via invitation_msg_id (bevorzugt)
                    if invitation_msg_id and conn_invitation_msg_id == invitation_msg_id:
                        conn_id_issuer_holder = conn["connection_id"]
                        conn_state = conn.get("state")
                        print(f"\n   ‚úÖ Issuer: Connection gefunden via invitation_msg_id!")
                        print(f"      ‚Ä¢ Connection ID: {conn_id_issuer_holder}")
                        print(f"      ‚Ä¢ State: {conn_state}")
                        print(f"      ‚Ä¢ Invitation Msg ID: {conn_invitation_msg_id}")
                        print(f"      ‚Ä¢ Their Label: {conn.get('their_label', 'N/A')}")
                        print(f"      ‚Ä¢ Updated At: {conn.get('updated_at', 'N/A')}")
                        connection_found = True
                        break
                    
                    # Fallback: Match via invitation_key
                    elif invitation_key and conn_invitation_key == invitation_key:
                        conn_id_issuer_holder = conn["connection_id"]
                        conn_state = conn.get("state")
                        print(f"\n   ‚úÖ Issuer: Connection gefunden via invitation_key!")
                        print(f"      ‚Ä¢ Connection ID: {conn_id_issuer_holder}")
                        print(f"      ‚Ä¢ State: {conn_state}")
                        print(f"      ‚Ä¢ Invitation Key: {conn_invitation_key[:30]}...")
                        print(f"      ‚Ä¢ Their Label: {conn.get('their_label', 'N/A')}")
                        connection_found = True
                        break
                
                if not connection_found:
                    print(f"     ‚ö†Ô∏è  Keine Connection mit matching invitation_msg_id gefunden")
                    print(f"     Gesuchte invitation_msg_id: {invitation_msg_id}")
            else:
                print(f"     ‚ùå Konnte Issuer Connections nicht abrufen")
        else:
            print("‚ùå Holder konnte Invitation nicht akzeptieren")
    else:
        print("‚ùå Fehler beim Erstellen der Invitation")

# ========================================
# 3. POST-VALIDATION: Connection-Status verifizieren
# ========================================
print("\nüîç Post-Validation: Verifiziere Connection-Status...\n")

validation_success = False
issuer_state = None
holder_state = None

if conn_id_issuer_holder:
    # Pr√ºfe Issuer-Seite mit spezifischem Endpoint: GET /connections/{conn_id}
    issuer_conn_detail = api_get(
        ISSUER_ADMIN_URL,
        f"/connections/{conn_id_issuer_holder}"
    )
    
    if issuer_conn_detail:
        issuer_state = issuer_conn_detail.get("state")
        issuer_their_label = issuer_conn_detail.get("their_label")
        issuer_their_role = issuer_conn_detail.get("their_role")
        issuer_invitation_msg_id = issuer_conn_detail.get("invitation_msg_id")
        
        print(f"   üìã Issuer Connection {conn_id_issuer_holder}:")
        print(f"      ‚Ä¢ State: {issuer_state}")
        print(f"      ‚Ä¢ Their Label: {issuer_their_label}")
        print(f"      ‚Ä¢ Their Role: {issuer_their_role}")
        print(f"      ‚Ä¢ Invitation Msg ID: {issuer_invitation_msg_id}")

# Pr√ºfe Holder-Seite (falls conn_id_holder bekannt)
if conn_id_holder:
    # Pr√ºfe Holder-Seite mit spezifischem Endpoint: GET /connections/{conn_id}
    holder_conn_detail = api_get(
        HOLDER_ADMIN_URL,
        f"/connections/{conn_id_holder}"
    )
    
    if holder_conn_detail:
        holder_state = holder_conn_detail.get("state")
        holder_their_label = holder_conn_detail.get("their_label")
        holder_their_role = holder_conn_detail.get("their_role")
        holder_invitation_msg_id = holder_conn_detail.get("invitation_msg_id")
        
        print(f"\n   üìã Holder Connection {conn_id_holder}:")
        print(f"      ‚Ä¢ State: {holder_state}")
        print(f"      ‚Ä¢ Their Label: {holder_their_label}")
        print(f"      ‚Ä¢ Their Role: {holder_their_role}")
        print(f"      ‚Ä¢ Invitation Msg ID: {holder_invitation_msg_id}")
        
        # Verifiziere dass invitation_msg_id √ºbereinstimmt
        if invitation_msg_id and issuer_invitation_msg_id == holder_invitation_msg_id:
            print(f"      ‚úÖ Invitation Msg IDs stimmen √ºberein!")

# Validierung
if issuer_state == "active" and holder_state == "active":
    validation_success = True
elif issuer_state == "active" and not conn_id_holder:
    # Bei existierender Connection nur Issuer-Seite bekannt
    validation_success = True

duration = time.time() - start_time
performance_metrics["connection_establishment"].append(duration)

# Finale Ausgabe
print(f"\n{'='*60}")
if validation_success:
    print(f"‚úÖ CONNECTION ESTABLISHED (did:peer:2): Issuer ‚Üî Holder")
    print(f"   Issuer Connection ID: {conn_id_issuer_holder}")
    if conn_id_holder:
        print(f"   Holder Connection ID: {conn_id_holder}")
    print(f"   Issuer State: {issuer_state}")
    if holder_state:
        print(f"   Holder State: {holder_state}")
    if invitation_msg_id:
        print(f"   Invitation Msg ID: {invitation_msg_id}")
else:
    print(f"‚ö†Ô∏è  CONNECTION STATUS UNCLEAR")
    print(f"   Issuer State: {issuer_state if issuer_state else 'N/A'}")
    print(f"   Holder State: {holder_state if holder_state else 'N/A'}")
    if conn_id_issuer_holder:
        print(f"   Issuer Connection ID: {conn_id_issuer_holder}")
    if conn_id_holder:
        print(f"   Holder Connection ID: {conn_id_holder}")

print(f"‚è±Ô∏è  Gesamtzeit: {duration:.3f}s")
print(f"{'='*60}")


In [None]:
# Cell 15: Connection Holder ‚Üí Verifier erstellen

print("ü§ù Connection: Holder ‚Üí Verifier erstellen...\n")

start_time = time.time()

# ========================================
# 1. PRE-CHECK: Existierende Connections pr√ºfen
# ========================================
print("üîç Pre-Check: Pr√ºfe existierende Connections...\n")

existing_conn_verifier_holder = None
existing_conn_holder_verifier = None

# Pr√ºfe Verifier-Seite: GET /connections
verifier_conns_response = api_get(VERIFIER_ADMIN_URL, "/connections")
if verifier_conns_response and "results" in verifier_conns_response:
    print(f"   Verifier: {len(verifier_conns_response['results'])} Connection(s) gefunden")
    for conn in verifier_conns_response["results"]:
        if conn.get("state") == "completed":
            existing_conn_verifier_holder = conn["connection_id"]
            print(f"     ‚Üí Connection {existing_conn_verifier_holder} (State: completed)")
            break
else:
    print("   Verifier: Keine Connections gefunden")

# Pr√ºfe Holder-Seite: GET /connections (f√ºr Holder‚ÜíVerifier)
holder_conns_response = api_get(HOLDER_ADMIN_URL, "/connections")
if holder_conns_response and "results" in holder_conns_response:
    print(f"   Holder: {len(holder_conns_response['results'])} Connection(s) gefunden")
    # Finde Connection zum Verifier (basierend auf Label oder neueste)
    holder_verifier_conns = [c for c in holder_conns_response["results"] if c.get("their_label") == "Verifier Agent"]
    if holder_verifier_conns:
        for conn in holder_verifier_conns:
            if conn.get("state") == "completed":
                existing_conn_holder_verifier = conn["connection_id"]
                print(f"     ‚Üí Connection {existing_conn_holder_verifier} (State: completed, Partner: Verifier)")
                break
else:
    print("   Holder: Keine Connections gefunden")

if existing_conn_verifier_holder and existing_conn_holder_verifier:
    print(f"\n‚úÖ Existierende Connection gefunden!")
    print(f"   Verifier Connection ID: {existing_conn_verifier_holder}")
    print(f"   Holder Connection ID: {existing_conn_holder_verifier}")
    print("   √úberspringe Connection-Erstellung\n")
    conn_id_verifier_holder = existing_conn_verifier_holder
    conn_id_holder_verifier = existing_conn_holder_verifier
else:
    print("\n   Keine vollst√§ndige existierende Connection gefunden")
    print("   Erstelle neue Connection mit did:peer:2...\n")
    
    # ========================================
    # 2. HAUPT-WORKFLOW: Connection mit did:peer erstellen
    # ========================================
    
    # Initialisiere Variablen
    conn_id_verifier_holder = None
    conn_id_holder_verifier = None
    invitation_msg_id = None
    invitation_key = None
    
    # Verifier erstellt Out-of-Band Invitation mit did:peer:2
    invitation_data = {
        "handshake_protocols": ["https://didcomm.org/didexchange/1.1"],
        "use_did_method": "did:peer:4",
        "my_label": "Verifier Agent - Credential Verification",
        "goal": "Establish connection for credential verification",
        "goal_code": "verify-vc",
        "accept": [
            "didcomm/aip1",
            "didcomm/aip2;env=rfc19"
        ]
    }
    
    print("üìã Invitation-Modus: did:peer:2 (P2P Connection)")
    
    # API Call mit Query-Parametern f√ºr auto-accept
    invitation_response = api_post(
        VERIFIER_ADMIN_URL,
        "/out-of-band/create-invitation?auto_accept=true&multi_use=false",
        invitation_data
    )
    
    if invitation_response and "invitation" in invitation_response:
        invitation = invitation_response["invitation"]
        oob_id = invitation_response.get("oob_id")
        invitation_url = invitation_response.get("invitation_url", "")
        state = invitation_response.get("state")
        
        # WICHTIG: Speichere invitation_msg_id aus der Invitation
        invitation_msg_id = invitation.get("@id")
        
        # Optional: Extrahiere invitation_key aus services (falls vorhanden)
        services = invitation.get("services", [])
        if services and len(services) > 0:
            service = services[0]
            if isinstance(service, dict):
                recipient_keys = service.get("recipientKeys", [])
                if recipient_keys:
                    invitation_key = recipient_keys[0]
        
        print(f"‚úÖ Verifier: Invitation erstellt")
        print(f"   OOB ID: {oob_id}")
        print(f"   State: {state}")
        print(f"   Invitation Msg ID: {invitation_msg_id}")
        if invitation_key:
            print(f"   Invitation Key: {invitation_key}")
        print(f"   Services: {len(invitation.get('services', []))} service(s)")
        print(f"   Label: {invitation_data['my_label']}")
        print(f"   Goal: {invitation_data['goal']}")
        
        # Holder akzeptiert Invitation (mit auto-accept)
        receive_response = api_post(
            HOLDER_ADMIN_URL,
            "/out-of-band/receive-invitation?auto_accept=true",
            invitation
        )
        
        if receive_response is not None:
            conn_id_holder_verifier = receive_response.get("connection_id")
            print(f"\n‚úÖ Holder: Invitation akzeptiert")
            print(f"   Connection ID (Holder): {conn_id_holder_verifier}")
            
            # Verifier findet seine Connection via invitation_msg_id
            print(f"\n   Verifier sucht Connection via invitation_msg_id...")
            time.sleep(2)  # Kurze Wartezeit f√ºr DIDExchange Protocol
            
            # Hole alle Verifier Connections
            verifier_conns = api_get(VERIFIER_ADMIN_URL, "/connections")
            if verifier_conns and "results" in verifier_conns:
                connections = verifier_conns["results"]
                
                print(f"     Pr√ºfe {len(connections)} Connection(s)...")
                
                # Finde Connection anhand invitation_msg_id (exaktes Match!)
                connection_found = False
                for conn in connections:
                    conn_invitation_msg_id = conn.get("invitation_msg_id")
                    conn_invitation_key = conn.get("invitation_key")
                    
                    # Match via invitation_msg_id (bevorzugt)
                    if invitation_msg_id and conn_invitation_msg_id == invitation_msg_id:
                        conn_id_verifier_holder = conn["connection_id"]
                        conn_state = conn.get("state")
                        print(f"\n   ‚úÖ Verifier: Connection gefunden via invitation_msg_id!")
                        print(f"      ‚Ä¢ Connection ID: {conn_id_verifier_holder}")
                        print(f"      ‚Ä¢ State: {conn_state}")
                        print(f"      ‚Ä¢ Invitation Msg ID: {conn_invitation_msg_id}")
                        print(f"      ‚Ä¢ Their Label: {conn.get('their_label', 'N/A')}")
                        print(f"      ‚Ä¢ Updated At: {conn.get('updated_at', 'N/A')}")
                        connection_found = True
                        break
                    
                    # Fallback: Match via invitation_key
                    elif invitation_key and conn_invitation_key == invitation_key:
                        conn_id_verifier_holder = conn["connection_id"]
                        conn_state = conn.get("state")
                        print(f"\n   ‚úÖ Verifier: Connection gefunden via invitation_key!")
                        print(f"      ‚Ä¢ Connection ID: {conn_id_verifier_holder}")
                        print(f"      ‚Ä¢ State: {conn_state}")
                        print(f"      ‚Ä¢ Invitation Key: {conn_invitation_key}...")
                        print(f"      ‚Ä¢ Their Label: {conn.get('their_label', 'N/A')}")
                        connection_found = True
                        break
                
                if not connection_found:
                    print(f"     ‚ö†Ô∏è  Keine Connection mit matching invitation_msg_id gefunden")
                    print(f"     Gesuchte invitation_msg_id: {invitation_msg_id}")
            else:
                print(f"     ‚ùå Konnte Verifier Connections nicht abrufen")
        else:
            print("‚ùå Holder konnte Invitation nicht akzeptieren")
    else:
        print("‚ùå Fehler beim Erstellen der Invitation")

# ========================================
# 3. POST-VALIDATION: Connection-Status verifizieren
# ========================================
print("\nüîç Post-Validation: Verifiziere Connection-Status...\n")

validation_success = False
verifier_state = None
holder_state = None

if conn_id_verifier_holder:
    # Pr√ºfe Verifier-Seite mit spezifischem Endpoint: GET /connections/{conn_id}
    verifier_conn_detail = api_get(
        VERIFIER_ADMIN_URL,
        f"/connections/{conn_id_verifier_holder}"
    )
    
    if verifier_conn_detail:
        verifier_state = verifier_conn_detail.get("state")
        verifier_their_label = verifier_conn_detail.get("their_label")
        verifier_their_role = verifier_conn_detail.get("their_role")
        verifier_invitation_msg_id = verifier_conn_detail.get("invitation_msg_id")
        
        print(f"   üìã Verifier Connection {conn_id_verifier_holder}:")
        print(f"      ‚Ä¢ State: {verifier_state}")
        print(f"      ‚Ä¢ Their Label: {verifier_their_label}")
        print(f"      ‚Ä¢ Their Role: {verifier_their_role}")
        print(f"      ‚Ä¢ Invitation Msg ID: {verifier_invitation_msg_id}")

# Pr√ºfe Holder-Seite (falls conn_id_holder_verifier bekannt)
if conn_id_holder_verifier:
    # Pr√ºfe Holder-Seite mit spezifischem Endpoint: GET /connections/{conn_id}
    holder_conn_detail = api_get(
        HOLDER_ADMIN_URL,
        f"/connections/{conn_id_holder_verifier}"
    )
    
    if holder_conn_detail:
        holder_state = holder_conn_detail.get("state")
        holder_their_label = holder_conn_detail.get("their_label")
        holder_their_role = holder_conn_detail.get("their_role")
        holder_invitation_msg_id = holder_conn_detail.get("invitation_msg_id")
        
        print(f"\n   üìã Holder Connection {conn_id_holder_verifier}:")
        print(f"      ‚Ä¢ State: {holder_state}")
        print(f"      ‚Ä¢ Their Label: {holder_their_label}")
        print(f"      ‚Ä¢ Their Role: {holder_their_role}")
        print(f"      ‚Ä¢ Invitation Msg ID: {holder_invitation_msg_id}")
        
        # Verifiziere dass invitation_msg_id √ºbereinstimmt
        if invitation_msg_id and verifier_invitation_msg_id == holder_invitation_msg_id:
            print(f"      ‚úÖ Invitation Msg IDs stimmen √ºberein!")

# Validierung
if verifier_state == "active" and holder_state == "active":
    validation_success = True
elif verifier_state == "active" and not conn_id_holder_verifier:
    # Bei existierender Connection nur Verifier-Seite bekannt
    validation_success = True

duration = time.time() - start_time
performance_metrics["connection_establishment"].append(duration)

# Finale Ausgabe
print(f"\n{'='*60}")
if validation_success:
    print(f"‚úÖ CONNECTION ESTABLISHED (did:peer:2): Holder ‚Üî Verifier")
    print(f"   Verifier Connection ID: {conn_id_verifier_holder}")
    if conn_id_holder_verifier:
        print(f"   Holder Connection ID: {conn_id_holder_verifier}")
    print(f"   Verifier State: {verifier_state}")
    if holder_state:
        print(f"   Holder State: {holder_state}")
    if invitation_msg_id:
        print(f"   Invitation Msg ID: {invitation_msg_id}")
else:
    print(f"‚ö†Ô∏è  CONNECTION STATUS UNCLEAR")
    print(f"   Verifier State: {verifier_state if verifier_state else 'N/A'}")
    print(f"   Holder State: {holder_state if holder_state else 'N/A'}")
    if conn_id_verifier_holder:
        print(f"   Verifier Connection ID: {conn_id_verifier_holder}")
    if conn_id_holder_verifier:
        print(f"   Holder Connection ID: {conn_id_holder_verifier}")

print(f"‚è±Ô∏è  Gesamtzeit: {duration:.3f}s")
print(f"{'='*60}")


In [None]:
# Cell 16: Connection-√úbersicht anzeigen

print("üìä Connection-√úbersicht:\n")

connections_overview = []

# Issuer Connections
issuer_conns = api_get(ISSUER_ADMIN_URL, "/connections")
if issuer_conns and "results" in issuer_conns:
    for conn in issuer_conns["results"]:
        connections_overview.append({
            "Agent": "Issuer",
            "Partner": conn.get("their_label", "Unknown"),
            "Connection ID": conn["connection_id"],
            "State": conn["state"],
            "Invitation Msg ID": conn.get("invitation_msg_id", "N/A") if conn.get("invitation_msg_id") else "N/A",
            "Status": "‚úÖ" if conn["state"] == "active" else "‚è≥"
        })

# Holder Connections
holder_conns = api_get(HOLDER_ADMIN_URL, "/connections")
if holder_conns and "results" in holder_conns:
    for conn in holder_conns["results"]:
        partner = conn.get("their_label", "Unknown")
        connections_overview.append({
            "Agent": "Holder",
            "Partner": partner,
            "Connection ID": conn["connection_id"],
            "State": conn["state"],
            "Invitation Msg ID": conn.get("invitation_msg_id", "N/A") if conn.get("invitation_msg_id") else "N/A",
            "Status": "‚úÖ" if conn["state"] == "active" else "‚è≥"
        })

# Verifier Connections
verifier_conns = api_get(VERIFIER_ADMIN_URL, "/connections")
if verifier_conns and "results" in verifier_conns:
    for conn in verifier_conns["results"]:
        connections_overview.append({
            "Agent": "Verifier",
            "Partner": conn.get("their_label", "Unknown"),
            "Connection ID": conn["connection_id"],
            "State": conn["state"],
            "Invitation Msg ID": conn.get("invitation_msg_id", "N/A") if conn.get("invitation_msg_id") else "N/A",
            "Status": "‚úÖ" if conn["state"] == "active" else "‚è≥"
        })

df_connections = pd.DataFrame(connections_overview)
display(df_connections)

# Detaillierte Connection-Informationen
print("\nüìã Detaillierte Connection-Informationen:\n")

# Gruppiere nach invitation_msg_id um zusammengeh√∂rige Connections zu finden
all_connections = []
if issuer_conns and "results" in issuer_conns:
    for conn in issuer_conns["results"]:
        all_connections.append(("Issuer", conn))
if holder_conns and "results" in holder_conns:
    for conn in holder_conns["results"]:
        all_connections.append(("Holder", conn))
if verifier_conns and "results" in verifier_conns:
    for conn in verifier_conns["results"]:
        all_connections.append(("Verifier", conn))

# Gruppiere nach invitation_msg_id
from collections import defaultdict
connection_groups = defaultdict(list)
for agent, conn in all_connections:
    invitation_msg_id = conn.get("invitation_msg_id")
    if invitation_msg_id:
        connection_groups[invitation_msg_id].append((agent, conn))

# Zeige gruppierte Connections
for idx, (inv_msg_id, group) in enumerate(connection_groups.items(), 1):
    print(f"Connection Group {idx}:")
    print(f"   Invitation Msg ID: {inv_msg_id}")
    for agent, conn in group:
        print(f"   ‚Ä¢ {agent}: {conn['connection_id']} (State: {conn['state']})")
    print()


In [None]:
# Cell 17 Wallet DID √úbersicht anzeigen

print("üìã Wallet DID √úbersicht - Alle DIDs:\n")

# Alle DIDs von allen Agenten abrufen
issuer_dids = api_get(ISSUER_ADMIN_URL, "/wallet/did")
holder_dids = api_get(HOLDER_ADMIN_URL, "/wallet/did")
verifier_dids = api_get(VERIFIER_ADMIN_URL, "/wallet/did")

# Zeige originale Responses
print("üîç Originale /wallet/did Responses:\n")
if issuer_dids:
    pretty_print(issuer_dids, "Issuer Wallet DIDs")
if holder_dids:
    pretty_print(holder_dids, "Holder Wallet DIDs")
if verifier_dids:
    pretty_print(verifier_dids, "Verifier Wallet DIDs")

# Erstelle erweiterte √úbersicht
print("\nüìä DID-√úbersicht (Detailliert):\n")
ledger_overview = []

# Issuer DIDs
if issuer_dids and "results" in issuer_dids:
    for did_info in issuer_dids["results"]:
        posture = did_info.get("posture", "unknown")
        # Zeige alle DIDs (posted und wallet_only)
        ledger_overview.append({
            "Agent": "Issuer",
            "DID": did_info["did"],
            "Verkey": did_info.get("verkey", "N/A"),
            "Posture": posture,
            "Method": did_info.get("method", "sov"),
            "Key Type": did_info.get("key_type", "N/A"),
            "On Ledger": "‚úÖ" if posture in ["public", "posted"] else "‚ùå",
            "Endpoint": did_info.get("metadata", {}).get("endpoint", "N/A")
        })

# Holder DIDs
if holder_dids and "results" in holder_dids:
    for did_info in holder_dids["results"]:
        posture = did_info.get("posture", "unknown")
        ledger_overview.append({
            "Agent": "Holder",
            "DID": did_info["did"],
            "Verkey": did_info.get("verkey", "N/A"),
            "Posture": posture,
            "Method": did_info.get("method", "sov"),
            "Key Type": did_info.get("key_type", "N/A"),
            "On Ledger": "‚úÖ" if posture in ["public", "posted"] else "‚ùå",
            "Endpoint": did_info.get("metadata", {}).get("endpoint", "N/A")
        })

# Verifier DIDs
if verifier_dids and "results" in verifier_dids:
    for did_info in verifier_dids["results"]:
        posture = did_info.get("posture", "unknown")
        ledger_overview.append({
            "Agent": "Verifier",
            "DID": did_info["did"],
            "Verkey": did_info.get("verkey", "N/A"),
            "Posture": posture,
            "Method": did_info.get("method", "sov"),
            "Key Type": did_info.get("key_type", "N/A"),
            "On Ledger": "‚úÖ" if posture in ["public", "posted"] else "‚ùå",
            "Endpoint": did_info.get("metadata", {}).get("endpoint", "N/A")
        })

# Als DataFrame anzeigen
if ledger_overview:
    df_ledger = pd.DataFrame(ledger_overview)
    display(df_ledger)
else:
    print("‚ö†Ô∏è  Keine DIDs gefunden")

# Zusammenfassung
print("\nüí° Posture-Bedeutung:")
print("   ‚Ä¢ posted       = DID auf Ledger registriert und ver√∂ffentlicht")
print("   ‚Ä¢ public       = DID als Public DID gesetzt")
print("   ‚Ä¢ wallet_only  = DID nur im Wallet, nicht auf Ledger")
print("\nüí° Hinweis:")
print("   - Issuer & Verifier ben√∂tigen Public DIDs f√ºr Schema/CredDef")
print("   - Holder nutzt nur Peer-DIDs f√ºr sichere P2P-Verbindungen")
print("   - Alte DIDs (wallet_only) k√∂nnen aus vergangenen Runs stammen")

## Teil 5: Credential Issuance (Issuer ‚Üí Holder)

Der Issuer stellt jetzt ein Credential an den Holder aus, das dessen Universit√§tsabschluss bescheinigt.

In [None]:
# Cell 18: Credential Offer senden (Issuer ‚Üí Holder)

print("üìú Credential Issuance: Issuer ‚Üí Holder\n")

if conn_id_issuer_holder and cred_def_id:
    start_time = time.time()
    
    # Credential-Daten f√ºr Alice (Holder)
    credential_data = {
        "connection_id": conn_id_issuer_holder,
        "filter": {
            "indy": {
                "cred_def_id": cred_def_id
            }
        },
        "credential_preview": {
            "@type": "issue-credential/2.0/credential-preview",
            "attributes": [
                {"name": "name", "value": "Alice Smith"},
                {"name": "degree", "value": "Master of Computer Science"},
                {"name": "university", "value": "Technical University Munich"},
                {"name": "graduation_date", "value": "2024-07-15"},
                {"name": "age", "value": "26"},
                {"name": "gpa", "value": "3.8"}
            ]
        }
    }
    
    print("üìã Credential Preview:")
    for attr in credential_data["credential_preview"]["attributes"]:
        print(f"   ‚Ä¢ {attr['name']}: {attr['value']}")
    
    print("\nüì§ Issuer sendet Credential Offer...")
    offer_response = api_post(
        ISSUER_ADMIN_URL,
        "/issue-credential-2.0/send-offer",
        credential_data
    )
    
    if offer_response and "cred_ex_id" in offer_response:
        cred_ex_id_issuer = offer_response["cred_ex_id"]
        initial_state = offer_response.get("state", "N/A")
        
        print(f"‚úÖ Credential Offer gesendet")
        print(f"   Issuer Exchange ID: {cred_ex_id_issuer}")
        print(f"   Initial State: {initial_state}")
        
        # Warte auf Credential-Ausstellung (auto-accept auf Holder-Seite!)
        print("\n   Warte auf Credential-Ausstellung (auto-store auf Holder)...")
        time.sleep(5)
        
        # ========================================
        # STATUS-CHECK AUF BEIDEN SEITEN
        # ========================================
        print("\nüîç Status-Check auf beiden Seiten:\n")
        
        # 1. Issuer-Seite Status
        issuer_state = None
        preserve_flag_active = False
        cred_status_issuer = api_get(
            ISSUER_ADMIN_URL,
            f"/issue-credential-2.0/records/{cred_ex_id_issuer}"
        )
        
        if cred_status_issuer:
            preserve_flag_active = True
            issuer_state = cred_status_issuer.get("cred_ex_record", {}).get("state", None)
            print(f"   üìã Issuer Exchange (via GET /records/{cred_ex_id_issuer}):")
            print(f"      ‚Ä¢ Exchange ID: {cred_ex_id_issuer}")
            print(f"      ‚Ä¢ State: {issuer_state}")
            print(f"      ‚Ä¢ Role: {cred_status_issuer.get("cred_ex_record", {}).get('role', 'N/A')}")
            print(f"      ‚Ä¢ Connection ID: {cred_status_issuer.get("cred_ex_record", {}).get('connection_id', 'N/A')}")
            print(f"      ‚Ä¢ Thread ID: {cred_status_issuer.get("cred_ex_record", {}).get('thread_id', 'N/A')}")
            print(f"      ‚Ä¢ Initiator: {cred_status_issuer.get("cred_ex_record", {}).get('initiator', 'N/A')}")
            print(f"      ‚úÖ Record verf√ºgbar (--preserve-exchange-records aktiv!)")
        else:
            print(f"   ‚ö†Ô∏è  Issuer Exchange nicht abrufbar via spezifischer ID")
            print(f"      ‚ùå --preserve-exchange-records ist NICHT aktiv!")
            print(f"      üîß L√∂sung: docker-compose restart issuer")
        
        # 2. Holder-Seite Status
        print("\n   üìã Holder Exchange(s):")
        holder_exchanges = api_get(HOLDER_ADMIN_URL, "/issue-credential-2.0/records")
        
        holder_cred_ex = None
        if holder_exchanges and "results" in holder_exchanges:
            for ex in holder_exchanges["results"]:
                ex_cred_def_id = None
                if "cred_offer" in ex:
                    cred_offer = ex.get("cred_offer", {})
                    ex_cred_def_id = cred_offer.get("cred_def_id")
                
                if ex_cred_def_id == cred_def_id:
                    holder_cred_ex = ex
                    print(f"      ‚Ä¢ Exchange ID: {ex['cred_ex_id']}")
                    print(f"      ‚Ä¢ State: {ex.get('state')}")
                    print(f"      ‚Ä¢ Role: {ex.get('role', 'N/A')}")
                    print(f"      ‚Ä¢ Cred Def ID: {ex_cred_def_id[:50]}...")
                    break
        
        # 3. Holder Credentials pr√ºfen (finaler Erfolgs-Check!)
        print("\n   üìã Holder Credentials:")
        holder_creds = api_get(HOLDER_ADMIN_URL, "/credentials")
        
        credential_stored = False
        if holder_creds and "results" in holder_creds:
            for cred in holder_creds["results"]:
                if cred.get("cred_def_id") == cred_def_id:
                    credential_stored = True
                    print(f"      ‚Ä¢ Credential ID: {cred.get('referent', 'N/A')}")
                    print(f"      ‚Ä¢ Schema ID: {cred.get('schema_id', 'N/A')[:50]}...")
                    print(f"      ‚Ä¢ Cred Def ID: {cred.get('cred_def_id', 'N/A')[:50]}...")
                    
                    attrs = cred.get("attrs", {})
                    if attrs:
                        print(f"      ‚Ä¢ Attributes:")
                        for key, value in attrs.items():
                            print(f"         - {key}: {value}")
                    
                    credential_referent = cred.get("referent")
                    break
        
        duration = time.time() - start_time
        performance_metrics["credential_issuance"].append(duration)
        
        # ========================================
        # ISSUER CREDENTIAL REGISTRY (ENHANCED!)
        # ========================================
        print("\n" + "="*60)
        print("üìã ISSUER: Alle ausgestellten Credentials")
        print("="*60)
        
        all_issuer_records = api_get(ISSUER_ADMIN_URL, "/issue-credential-2.0/records")
        
        if all_issuer_records and "results" in all_issuer_records:
            results = all_issuer_records["results"]
            
            if len(results) > 0:
                print(f"\n‚úÖ Issuer hat {len(results)} Credential Exchange Record(s)\n")
                
                for idx, record in enumerate(results, 1):
                    print(f"   Credential #{idx}:")
                    print(f"      ‚Ä¢ Exchange ID: {record['cred_ex_record']['cred_ex_id']}")
                    print(f"      ‚Ä¢ State: {record['cred_ex_record']['state']}")
                    print(f"      ‚Ä¢ Role: {record.get("cred_ex_record", {}).get('role', 'N/A')}")
                    print(f"      ‚Ä¢ Connection ID: {record.get("cred_ex_record", {}).get('connection_id', 'N/A')[:30]}...")
                    print(f"      ‚Ä¢ Thread ID: {record.get("cred_ex_record", {}).get('thread_id', 'N/A')}")
                    print(f"      ‚Ä¢ Initiator: {record.get("cred_ex_record", {}).get('initiator', 'N/A')}")
                    
                    # Cred Def ID aus cred_offer oder cred_issue
                    cred_def_from_record = None
                    if "cred_offer" in record:
                        cred_def_from_record = record.get("cred_offer", {}).get("cred_def_id")
                    elif "cred_issue" in record:
                        cred_def_from_record = record.get("cred_issue", {}).get("cred_def_id")
                    
                    if cred_def_from_record:
                        print(f"      ‚Ä¢ Cred Def ID: {cred_def_from_record[:50]}...")
                    
                    # Attributes aus Preview
                    if "cred_preview" in record:
                        preview = record.get("cred_preview", {})
                        attrs = preview.get("attributes", [])
                        if attrs:
                            print(f"      ‚Ä¢ Attributes:")
                            for attr in attrs[:3]:  # Erste 3 Attributes
                                print(f"         - {attr.get('name')}: {attr.get('value')}")
                            if len(attrs) > 3:
                                print(f"         ... und {len(attrs)-3} weitere")
                    
                    print(f"      ‚Ä¢ Created: {record.get("cred_ex_record", {}).get('created_at', 'N/A')}")
                    print(f"      ‚Ä¢ Updated: {record.get("cred_ex_record", {}).get('updated_at', 'N/A')}")
                    print()
            else:
                # ENHANCED: Better empty registry message
                print("\n‚ö†Ô∏è  Registry ist LEER - keine Credential Exchange Records gefunden\n")
                print("   üìå WICHTIG: Nur Credentials die NACH dem Issuer-Neustart")
                print("              ausgestellt wurden, erscheinen hier!\n")
                
                if not preserve_flag_active:
                    print("   ‚ùå --preserve-exchange-records ist NICHT aktiv!")
                    print("   üîß L√∂sung:")
                    print("      1. Pr√ºfe docker-compose.yml (Zeile 42)")
                    print("      2. F√ºhre aus: docker-compose restart issuer")
                    print("      3. Warte bis Issuer bereit ist (30-60 Sekunden)")
                    print("      4. F√ºhre Cell 16 ERNEUT aus")
                else:
                    print("   ‚úÖ --preserve-exchange-records ist aktiv")
                    print("   üí° Der gerade ausgestellte Credential sollte erscheinen")
                    print("      wenn du Cell 16 NOCHMAL ausf√ºhrst!")
                print()
        else:
            print("\n‚ùå Konnte Registry nicht abrufen")
            print("   API-Fehler beim Zugriff auf /issue-credential-2.0/records")
        
        # ========================================
        # REVOCATION IDs SPEICHERN
        # ========================================
        if cred_status_issuer:
            rev_reg_id = cred_status_issuer.get("indy").get("rev_reg_id")
            cred_rev_id = cred_status_issuer.get("indy").get("cred_rev_id")
            
            if rev_reg_id and cred_rev_id:
                print("\n" + "="*60)
                print("üîë REVOCATION-INFORMATIONEN")
                print("="*60)
                print(f"   ‚Ä¢ Revocation Registry ID: {rev_reg_id}")
                print(f"   ‚Ä¢ Credential Revocation ID: {cred_rev_id}")
                print("   üíæ IDs gespeichert f√ºr Revocation-Workflow (Cell 29-34)")
                print("="*60 + "\n")
        
        # Finale Ausgabe
        print("="*60)
        if credential_stored:
            print(f"‚úÖ CREDENTIAL ERFOLGREICH AUSGESTELLT UND GESPEICHERT")
            print(f"   Issuer State: {issuer_state if issuer_state else 'done'}")
            if holder_cred_ex:
                print(f"   Holder State: {holder_cred_ex.get('state')}")
            print(f"   Credential im Holder Wallet: ‚úÖ")
            
            if preserve_flag_active:
                print(f"   Issuer kann Credential dauerhaft einsehen: ‚úÖ")
            else:
                print(f"   Issuer kann Credential dauerhaft einsehen: ‚ö†Ô∏è  (restart issuer)")
                print(f"   üí° Credential erscheint in Registry nach n√§chstem Issuer-Restart!")
        elif holder_cred_ex and holder_cred_ex.get('state') in ['credential-received', 'done']:
            print(f"‚úÖ CREDENTIAL AUSGESTELLT")
            print(f"   Issuer State: {issuer_state if issuer_state else 'done'}")
            print(f"   Holder State: {holder_cred_ex.get('state')}")
            print(f"   ‚ö†Ô∏è  Credential noch nicht im Wallet sichtbar (evtl. Indizierung)")
        else:
            print(f"‚ö†Ô∏è  CREDENTIAL STATUS UNKLAR")
            print(f"   Issuer State: {issuer_state if issuer_state else 'N/A'}")
            if holder_cred_ex:
                print(f"   Holder State: {holder_cred_ex.get('state')}")
            print(f"   Credential im Wallet: ‚ùå")
        
        print(f"‚è±Ô∏è  Gesamtzeit: {duration:.3f}s")
        print(f"{'='*60}")
        
        # Speichere Credential Referent f√ºr sp√§tere Verwendung
        if credential_stored:
            for cred in holder_creds["results"]:
                if cred.get("cred_def_id") == cred_def_id:
                    credential_referent = cred.get("referent")
                    break
    else:
        print("‚ùå Fehler beim Senden des Credential Offers")
        if offer_response:
            print(f"   Response: {offer_response}")
else:
    print("‚ö†Ô∏è  √úbersprungen: Connection oder Cred Def fehlt")
    if not conn_id_issuer_holder:
        print("   ‚Ä¢ Connection Issuer‚ÜíHolder fehlt (f√ºhre Cell 13 aus)")
    if not cred_def_id:
        print("   ‚Ä¢ Credential Definition fehlt (f√ºhre Cell 12 aus)")


In [None]:
# Cell 19: Holder Credentials im Detail anzeigen

print("üéì Holder Wallet - Gespeicherte Credentials:\n")

holder_creds = api_get(HOLDER_ADMIN_URL, "/credentials")

if holder_creds and "results" in holder_creds and len(holder_creds["results"]) > 0:
    for idx, cred in enumerate(holder_creds["results"], 1):
        print(f"\n{'='*60}")
        print(f"Credential #{idx}")
        print(f"{'='*60}")
        print(f"Referent: {cred.get('referent', 'N/A')}")
        print(f"Schema ID: {cred.get('schema_id', 'N/A')}")
        print(f"Cred Def ID: {cred.get('cred_def_id', 'N/A')}")
        
        # Credentials Revoked Abfrage gegen /credential/revoked/{credential_id ==> Referent}
        print(f"Revoked Status: {api_get(HOLDER_ADMIN_URL, f'/credential/revoked/{cred.get('referent', 'N/A')}').get('revoked', 'N/A')}")

        if "attrs" in cred:
            print("\nAttribute:")
            for attr_name, attr_value in cred["attrs"].items():
                print(f"  - {attr_name}: {attr_value}")
        
        
    
    # Als DataFrame anzeigen
    creds_list = []
    for cred in holder_creds["results"]:
        if "attrs" in cred:
            cred_info = {"Credential ID": cred.get("referent", "N/A")}
            cred_info.update(cred["attrs"])
            creds_list.append(cred_info)
    
    if creds_list:
        print("\nüìä Credential-√úbersicht:")
        df_creds = pd.DataFrame(creds_list)
        display(df_creds)
else:
    print("‚ö†Ô∏è  Holder hat noch keine Credentials")

## Teil 6: Proof Presentation (Holder ‚Üí Verifier)

Der Verifier fordert jetzt einen Proof vom Holder an, um bestimmte Attribute zu verifizieren und Pr√§dikate zu pr√ºfen (z.B. Alter ‚â• 18).

In [None]:
# Cell 20: Proof Request senden (Verifier ‚Üí Holder) - mit REVOCATION ALWAYS-ON
import time

# Aktueller Timestamp f√ºr Non-Revocation Intervall
current_timestamp = int(time.time())

print("üìã PROOF REQUEST mit ALWAYS-ON REVOCATION CHECK")
print(f"   Timestamp: {current_timestamp}")
print(f"   Non-Revoked Intervall: from=0, to={current_timestamp}\n")

# Proof Request Daten
proof_request_data = {
    "connection_id": conn_id_verifier_holder,
    "presentation_request": {
        "indy": {
            "name": "Proof of University Degree",
            "version": "1.0",
            "requested_attributes": {
                "attr1_referent": {
                    "name": "name",
                    "restrictions": [{"cred_def_id": cred_def_id}],
                    "non_revoked": {"from": 0, "to": current_timestamp}  # REVOCATION CHECK
                },
                "attr2_referent": {
                    "name": "degree",
                    "restrictions": [{"cred_def_id": cred_def_id}],
                    "non_revoked": {"from": 0, "to": current_timestamp}  # REVOCATION CHECK
                },
                "attr3_referent": {
                    "name": "university",
                    "restrictions": [{"cred_def_id": cred_def_id}],
                    "non_revoked": {"from": 0, "to": current_timestamp}  # REVOCATION CHECK
                },
                "attr4_referent": {
                    "name": "gpa",
                    "restrictions": [{"cred_def_id": cred_def_id}],
                    "non_revoked": {"from": 0, "to": current_timestamp}  # REVOCATION CHECK
                }
            },
            "requested_predicates": {
                "predicate1_referent": {
                    "name": "age",
                    "p_type": ">=",
                    "p_value": 18,
                    "restrictions": [{"cred_def_id": cred_def_id}],
                    "non_revoked": {"from": 0, "to": current_timestamp}  # REVOCATION CHECK
                }
            },
            "non_revoked": {"to": current_timestamp}  # GLOBAL REVOCATION CHECK
        }
    }
}

# Sende Proof Request
proof_request_response = api_post(
    VERIFIER_ADMIN_URL,
    "/present-proof-2.0/send-request",
    proof_request_data
)

if proof_request_response is not None:
    pres_ex_id = proof_request_response.get("pres_ex_id")
    print(f"‚úÖ Proof Request gesendet!")
    print(f"   Presentation Exchange ID: {pres_ex_id}")
    print(f"\nüîí REVOCATION STATUS:")
    print(f"   ‚Ä¢ Non-Revoked Checks: AKTIV f√ºr alle Attribute & Pr√§dikate")
    print(f"   ‚Ä¢ Credential muss zum Zeitpunkt {current_timestamp} NICHT REVOKED sein")
    print(f"   ‚Ä¢ Falls Credential revoked ‚Üí Verification wird FEHLSCHLAGEN")
else:
    print("‚ùå Fehler beim Senden des Proof Requests")
    pres_ex_id = None


In [None]:
# Cell 21: Holder - Proof Request empfangen und Credentials ausw√§hlen

print("üì• Holder: Proof Request verarbeiten...\n")

if pres_ex_id:
    # Holder pr√ºft empfangene Proof Requests
    time.sleep(2)
    
    holder_pres_ex = api_get(HOLDER_ADMIN_URL, "/present-proof-2.0/records")
    
    if holder_pres_ex and "results" in holder_pres_ex:
        # Finde den aktuellen Presentation Exchange
        current_pres = None
        for pres in holder_pres_ex["results"]:
            if pres.get("state") == "request-received":
                current_pres = pres
                holder_pres_ex_id = pres["pres_ex_id"]
                break
        
        if current_pres:
            print(f"‚úÖ Holder hat Proof Request empfangen")
            print(f"   Presentation Exchange ID: {holder_pres_ex_id}")
            
            # Credentials f√ºr die Presentation abrufen
            creds_for_pres = api_get(
                HOLDER_ADMIN_URL,
                f"/present-proof-2.0/records/{holder_pres_ex_id}/credentials"
            )
            
            if creds_for_pres:
                print(f"\nüìã Verf√ºgbare Credentials f√ºr Presentation:")
                
                # API kann entweder list oder dict zur√ºckgeben
                total_creds = 0
                
                if isinstance(creds_for_pres, list):
                    # Liste von Credential Records
                    total_creds = len(creds_for_pres)
                    print(f"   Gefunden: {total_creds} Credential(s)")
                    
                    # Zeige Details der ersten paar Credentials
                    for idx, cred in enumerate(creds_for_pres[:3], 1):
                        print(f"\n   Credential #{idx}:")
                        if "cred_info" in cred:
                            cred_info = cred["cred_info"]
                            print(f"      ‚Ä¢ Referent: {cred_info.get('referent', 'N/A')}")
                            print(f"      ‚Ä¢ Schema ID: {cred_info.get('schema_id', 'N/A')}")
                            print(f"      ‚Ä¢ Cred Def ID: {cred_info.get('cred_def_id', 'N/A')}")
                            
                            # Zeige Attribute
                            attrs = cred_info.get("attrs", {})
                            if attrs:
                                print(f"      ‚Ä¢ Attributes:")
                                # Zeige erste 3 Attribute
                                shown = 0
                                for key, value in attrs.items():
                                    print(f"         - {key}: {value}")
                    
                elif isinstance(creds_for_pres, dict):
                    # Dictionary mit referent als key
                    for referent, creds in creds_for_pres.items():
                        if isinstance(creds, list):
                            total_creds += len(creds)
                            print(f"   {referent}: {len(creds)} Credential(s)")
                            
                            # Zeige Details des ersten Credentials
                            if len(creds) > 0:
                                cred = creds[0]
                                if "cred_info" in cred:
                                    cred_info = cred["cred_info"]
                                    print(f"      ‚Ä¢ Cred Def ID: {cred_info.get('cred_def_id', 'N/A')}")
                                    attrs = cred_info.get("attrs", {})
                                    if attrs:
                                        attr_count = len(attrs)
                                        print(f"      ‚Ä¢ {attr_count} Attribute(s) verf√ºgbar")
                else:
                    print(f"   ‚ö†Ô∏è  Unbekanntes Format: {type(creds_for_pres).__name__}")
                    total_creds = 0
                
                print(f"\n‚úÖ Total: {total_creds} passende Credential(s) gefunden")
                
                if total_creds == 0:
                    print(f"\n‚ö†Ô∏è  WARNUNG: Keine passenden Credentials gefunden!")
                    print(f"   ‚Ä¢ Stelle sicher dass Cell 16 erfolgreich war")
                    print(f"   ‚Ä¢ Pr√ºfe ob Credential im Holder Wallet ist (Cell 16 Output)")
                    print(f"   ‚Ä¢ Schema/Cred Def m√ºssen mit Proof Request √ºbereinstimmen")
            else:
                print(f"\n‚ö†Ô∏è  Keine Credentials f√ºr Presentation verf√ºgbar")
                print(f"   API-Antwort war leer oder None")
        else:
            print("‚ö†Ô∏è  Kein Proof Request im Status 'request-received'")
            print("\n   Verf√ºgbare Presentation Exchanges:")
            for pres in holder_pres_ex["results"]:
                print(f"      ‚Ä¢ {pres['pres_ex_id']} State: {pres.get('state')}")
    else:
        print("‚ö†Ô∏è  Keine Presentation Exchanges gefunden")
        print("   F√ºhre Cell 18 aus um Proof Request zu senden")
else:
    print("‚ö†Ô∏è  √úbersprungen: Kein Presentation Exchange vorhanden")
    print("   F√ºhre Cell 18 aus um Proof Request zu erstellen")


In [None]:
# Cell 22: Holder - Presentation senden

print("üì§ Holder: Presentation senden...\n")

if pres_ex_id and holder_pres_ex_id:
    start_time = time.time()
    
    # Hole Credentials nochmal
    creds_for_pres = api_get(
        HOLDER_ADMIN_URL,
        f"/present-proof-2.0/records/{holder_pres_ex_id}/credentials"
    )
    
    if creds_for_pres:
        print(f"üìã Credentials f√ºr Presentation gefunden")
        
        # Baue Presentation Request
        requested_credentials = {
            "indy": {
                "requested_attributes": {},
                "requested_predicates": {},
                "self_attested_attributes": {}
            }
        }
        
        # Handle verschiedene API-Response-Formate
        if isinstance(creds_for_pres, list):
            # Liste von Credential-Objekten
            print(f"   Format: Liste mit {len(creds_for_pres)} Credential(s)\n")
            
            # Jedes Credential-Objekt hat presentation_referents
            for cred_item in creds_for_pres:
                if "cred_info" in cred_item:
                    cred_id = cred_item["cred_info"].get("referent")
                    
                    # Hole presentation_referents (welche Felder dieses Cred erf√ºllen kann)
                    pres_referents = cred_item.get("presentation_referents", [])
                    
                    for ref in pres_referents:
                        # Pr√ºfe ob es Attribute oder Predicate ist
                        if "attr" in ref or "attribute" in ref.lower():
                            requested_credentials["indy"]["requested_attributes"][ref] = {
                                "cred_id": cred_id,
                                "revealed": True
                            }
                            print(f"   ‚úì Mapped attribute '{ref}' ‚Üí Credential {cred_id}")
                        elif "pred" in ref or "predicate" in ref.lower():
                            requested_credentials["indy"]["requested_predicates"][ref] = {
                                "cred_id": cred_id
                            }
                            print(f"   ‚úì Mapped predicate '{ref}' ‚Üí Credential {cred_id}")
        
        elif isinstance(creds_for_pres, dict):
            # Dictionary mit referent als key (Legacy-Format)
            print(f"   Format: Dictionary mit {len(creds_for_pres)} Referent(s)\n")
            
            for referent, creds in creds_for_pres.items():
                if isinstance(creds, list) and len(creds) > 0:
                    first_cred = creds[0]
                    cred_id = first_cred.get("cred_info", {}).get("referent")
                    
                    if "attr" in referent:
                        requested_credentials["indy"]["requested_attributes"][referent] = {
                            "cred_id": cred_id,
                            "revealed": True
                        }
                        print(f"   ‚úì Mapped attribute '{referent}' ‚Üí Credential {cred_id[:20]}...")
                    elif "predicate" in referent:
                        requested_credentials["indy"]["requested_predicates"][referent] = {
                            "cred_id": cred_id
                        }
                        print(f"   ‚úì Mapped predicate '{referent}' ‚Üí Credential {cred_id[:20]}...")
        
        # Pr√ºfe ob wir Credentials gemappt haben
        total_mapped = (
            len(requested_credentials["indy"]["requested_attributes"]) +
            len(requested_credentials["indy"]["requested_predicates"])
        )
        
        if total_mapped == 0:
            print("\n‚ö†Ô∏è  WARNUNG: Keine Credentials gemappt!")
            print("   Versuche automatisches Mapping...\n")
            
            # Fallback: Verwende erstes verf√ºgbares Credential f√ºr alle Requests
            # Hole Proof Request Details
            pres_ex_details = api_get(
                HOLDER_ADMIN_URL,
                f"/present-proof-2.0/records/{holder_pres_ex_id}"
            )
            
            if pres_ex_details and "pres_request" in pres_ex_details:
                pres_request = pres_ex_details["pres_request"]
                
                # Hole erstes verf√ºgbares Credential
                first_cred_id = None
                if isinstance(creds_for_pres, list) and len(creds_for_pres) > 0:
                    first_cred_id = creds_for_pres[0].get("cred_info", {}).get("referent")
                elif isinstance(creds_for_pres, dict):
                    for creds in creds_for_pres.values():
                        if isinstance(creds, list) and len(creds) > 0:
                            first_cred_id = creds[0].get("cred_info", {}).get("referent")
                            break
                
                if first_cred_id:
                    # Map alle requested attributes
                    if "requested_attributes" in pres_request:
                        for attr_ref in pres_request["requested_attributes"].keys():
                            requested_credentials["indy"]["requested_attributes"][attr_ref] = {
                                "cred_id": first_cred_id,
                                "revealed": True
                            }
                            print(f"   ‚úì Auto-mapped attribute '{attr_ref}' ‚Üí {first_cred_id[:20]}...")
                    
                    # Map alle requested predicates
                    if "requested_predicates" in pres_request:
                        for pred_ref in pres_request["requested_predicates"].keys():
                            requested_credentials["indy"]["requested_predicates"][pred_ref] = {
                                "cred_id": first_cred_id
                            }
                            print(f"   ‚úì Auto-mapped predicate '{pred_ref}' ‚Üí {first_cred_id[:20]}...")
                    
                    total_mapped = (
                        len(requested_credentials["indy"]["requested_attributes"]) +
                        len(requested_credentials["indy"]["requested_predicates"])
                    )
        
        print(f"\nüìä Presentation Mapping:")
        print(f"   ‚Ä¢ Requested Attributes: {len(requested_credentials['indy']['requested_attributes'])}")
        print(f"   ‚Ä¢ Requested Predicates: {len(requested_credentials['indy']['requested_predicates'])}")
        print(f"   ‚Ä¢ Total Mapped: {total_mapped}")
        
        if total_mapped > 0:
            # Sende Presentation
            print("\nüì§ Sende Presentation...")
            presentation_response = api_post(
                HOLDER_ADMIN_URL,
                f"/present-proof-2.0/records/{holder_pres_ex_id}/send-presentation",
                requested_credentials
            )
            
            if presentation_response is not None:
                print(f"\n‚úÖ Holder hat Presentation gesendet")
                print(f"   Presentation Exchange ID: {holder_pres_ex_id}")
                print(f"   State: {presentation_response.get('state', 'N/A')}")
                print(f"   Role: {presentation_response.get('role', 'N/A')}")
                
                # Warte auf Verification
                print("\n   Warte auf Verification durch Verifier...")
                time.sleep(3)
                
                # Pr√ºfe finalen Status (kann 404 geben wenn abgeschlossen!)
                final_status = api_get(
                    HOLDER_ADMIN_URL,
                    f"/present-proof-2.0/records/{holder_pres_ex_id}"
                )
                
                if final_status:
                    # Record noch vorhanden (--preserve-exchange-records aktiv)
                    final_state = final_status.get("state")
                    print(f"\n   üìã Finaler Holder Status: {final_state}")
                    
                    if final_state in ["done", "presentation-sent"]:
                        print(f"   ‚úÖ Presentation erfolgreich abgeschlossen!")
                        print(f"   ‚úÖ Record bleibt verf√ºgbar (--preserve-exchange-records aktiv)")
                    elif final_state == "abandoned":
                        print(f"   ‚ö†Ô∏è  Presentation wurde abgebrochen")
                    else:
                        print(f"   ‚è≥ Presentation in Bearbeitung...")
                else:
                    # 404 Error = Record wurde gel√∂scht = erfolgreich abgeschlossen!
                    print(f"\n   üìã Finaler Holder Status: completed/archived (404)")
                    print(f"   ‚úÖ Presentation erfolgreich abgeschlossen!")
                    print(f"   ‚ÑπÔ∏è  Record wurde nach Completion gel√∂scht (--preserve-exchange-records nicht aktiv)")
                    print(f"\n   üí° Hinweis: F√ºr dauerhafte Records, starte Holder neu:")
                    print(f"      docker-compose restart holder")
                
                duration = time.time() - start_time
                
                # Initialize key if not exists
                if "presentation" not in performance_metrics:
                    performance_metrics["presentation"] = []
                
                performance_metrics["presentation"].append(duration)
                print(f"\n‚è±Ô∏è  Presentation Zeit: {duration:.3f}s")
            else:
                print("\n‚ùå Fehler beim Senden der Presentation")
                print("   API-Response war leer oder fehlerhaft")
        else:
            print("\n‚ùå Kann Presentation nicht senden - keine Credentials gemappt")
            print("   ‚Ä¢ Pr√ºfe ob Credentials die Proof Request Anforderungen erf√ºllen")
            print("   ‚Ä¢ Pr√ºfe Schema und Cred Def IDs")
    else:
        print("‚ö†Ô∏è  Keine Credentials f√ºr Presentation gefunden")
        print("   ‚Ä¢ F√ºhre Cell 16 aus um Credential auszustellen")
        print("   ‚Ä¢ Pr√ºfe ob Credential im Holder Wallet ist")
else:
    print("‚ö†Ô∏è  √úbersprungen: Presentation Exchange nicht vorhanden")
    if not pres_ex_id:
        print("   ‚Ä¢ Verifier Presentation Exchange ID fehlt (f√ºhre Cell 18 aus)")
    if not holder_pres_ex_id:
        print("   ‚Ä¢ Holder Presentation Exchange ID fehlt (f√ºhre Cell 19 aus)")


In [None]:
# Cell 23: Verifier - Presentation verifizieren (mit Revocation Detection)

print("üîç Verifier: Presentation verifizieren...\n")

if pres_ex_id:
    # ========================================
    # WAIT FOR PRESENTATION (mit Timeout)
    # ========================================
    print("‚è≥ Warte auf Presentation vom Holder...")

    max_wait = 15  # Sekunden
    wait_interval = 2
    waited = 0

    while waited < max_wait:
        verifier_pres_status = api_get(
            VERIFIER_ADMIN_URL,
            f"/present-proof-2.0/records/{pres_ex_id}"
        )

        state = verifier_pres_status.get("state", "N/A")

        if state in ["done", "abandoned", "presentation-received"]:
            break

        time.sleep(wait_interval)
        waited += wait_interval
        print(f"   ... warte ({waited}s, State: {state})")

    duration = time.time() - start_time
    performance_metrics["proof_presentation"].append(duration)

    # ========================================
    # ANALYZE VERIFICATION RESULT
    # ========================================
    if verifier_pres_status:
        state = verifier_pres_status.get("state", "N/A")
        verified = verifier_pres_status.get("verified", "N/A")
        error_msg = verifier_pres_status.get("error_msg")

        print(f"\nüìä Verification Status:")
        print(f"   ‚Ä¢ State: {state}")
        print(f"   ‚Ä¢ Verified: {verified}")
        print(f"   ‚Ä¢ Zeit: {duration:.3f}s")

        # ========================================
        # REVOCATION DETECTION
        # ========================================
        is_revoked = False
        revocation_error = None

        # Check 1: Error message enth√§lt "revoked"
        if error_msg and "revok" in error_msg.lower():
            is_revoked = True
            revocation_error = error_msg

        # Check 2: State ist "abandoned" + verified ist False
        if state == "abandoned" and (verified == "false" or verified is False):
            is_revoked = True

        # Check 3: Verified False aber State Done (revocation after issuance)
        if (verified == "false" or verified is False) and state == "done":
            # Pr√ºfe ob non_revoked war im Request
            pres_request = verifier_pres_status.get("pres_request", {})
            if "non_revoked" in str(pres_request):
                is_revoked = True

        # ========================================
        # OUTPUT BASED ON STATUS
        # ========================================

        if is_revoked:
            # CREDENTIAL WAS REVOKED
            print("\n" + "="*60)
            print("‚ùå CREDENTIAL IST REVOKED!")
            print("="*60)
            print("üö´ Das Credential wurde vom Issuer widerrufen")
            print()
            print("Details:")
            print("   ‚Ä¢ Der Holder kann keinen g√ºltigen Proof erstellen")
            print("   ‚Ä¢ Non-Revocation Check ist fehlgeschlagen")
            if revocation_error:
                print(f"   ‚Ä¢ Error: {revocation_error[:100]}...")
            print()
            print("üí° M√∂gliche Gr√ºnde:")
            print("   ‚Ä¢ Credential wurde in Cell 23 revoked")
            print("   ‚Ä¢ Revocation wurde in Cell 24 published")
            print("   ‚Ä¢ Ledger hat Revocation best√§tigt")
            print("="*60)

        elif verified == "true" or verified is True:
            # VERIFICATION SUCCESSFUL
            print("\n" + "="*60)
            print("‚úÖ PROOF VERIFICATION ERFOLGREICH!")
            print("="*60)

            # Pr√§sentierte Daten anzeigen
            if "by_format" in verifier_pres_status and "pres" in verifier_pres_status["by_format"]:
                pres_data = verifier_pres_status["by_format"]["pres"]

                if "indy" in pres_data:
                    indy_pres = pres_data["indy"]

                    print("\nüìã Pr√§sentierte Attribute:")
                    if "requested_proof" in indy_pres:
                        revealed_attrs = indy_pres["requested_proof"].get("revealed_attrs", {})
                        for referent, attr_data in revealed_attrs.items():
                            attr_name = referent.split("_")[1] if "_" in referent else referent
                            print(f"   ‚Ä¢ {attr_name}: {attr_data.get('raw', 'N/A')}")

                    print("\n‚úÖ Verifizierte Pr√§dikate:")
                    if "requested_proof" in indy_pres:
                        predicates = indy_pres["requested_proof"].get("predicates", {})
                        for referent in predicates.keys():
                            pred_name = referent.split("_")[1] if "_" in referent else referent
                            print(f"   ‚Ä¢ {pred_name}: ‚úÖ Erf√ºllt")

                    # Non-Revocation Status
                    print("\nüîì Revocation Status:")
                    if "identifiers" in indy_pres:
                        for identifier in indy_pres["identifiers"]:
                            rev_reg_id = identifier.get("rev_reg_id")
                            timestamp = identifier.get("timestamp")
                            if rev_reg_id:
                                print(f"   ‚Ä¢ Credential ist NICHT revoked")
                                print(f"   ‚Ä¢ Gepr√ºft zum Zeitpunkt: {timestamp}")
                                print(f"   ‚Ä¢ Registry: {rev_reg_id}")
                            else:
                                print(f"   ‚Ä¢ Kein Revocation-Check (Registry nicht verwendet)")

            print("\n" + "="*60)
            print("Der Verifier hat erfolgreich verifiziert:")
            print("  ‚úÖ Alle Attribute sind korrekt")
            print("  ‚úÖ Alle Pr√§dikate sind erf√ºllt")
            print("  ‚úÖ Credential ist NICHT revoked")
            print("  ‚úÖ Zero-Knowledge Proofs sind g√ºltig")
            print("="*60)

        elif state == "request-sent":
            # STILL WAITING
            print("\n‚è∞ TIMEOUT: Holder hat nicht rechtzeitig geantwortet")
            print(f"   State ist noch: {state}")
            print("\nüí° M√∂gliche Ursachen:")
            print("   ‚Ä¢ Holder Agent ist offline")
            print("   ‚Ä¢ Connection ist broken")
            print("   ‚Ä¢ Holder hat Credential nicht im Wallet")
            print("   ‚Ä¢ Holder kann Non-Revocation Proof nicht erstellen (revoked?)")

        else:
            # OTHER ERROR
            print("\n‚ö†Ô∏è  Verification fehlgeschlagen")
            print(f"   State: {state}")
            print(f"   Verified: {verified}")
            if error_msg:
                print(f"   Error: {error_msg}")

            # Try to determine if it's revocation-related
            if error_msg and any(word in error_msg.lower() for word in ["revok", "tail", "registry"]):
                print("\nüí° Hinweis: Fehler k√∂nnte mit Revocation zusammenh√§ngen")
                print("   ‚Ä¢ Pr√ºfe ob Credential revoked wurde (Cell 23-24)")
                print("   ‚Ä¢ Pr√ºfe Tails-Server Logs: docker logs tails-server")
    else:
        print("‚ùå Fehler beim Abrufen des Verification-Status")

else:
    print("‚ö†Ô∏è  √úbersprungen: Kein Presentation Exchange vorhanden")
    print("   ‚Ä¢ F√ºhre Cell 19 aus um Proof Request zu senden")

## Teil 7: Revocation

Jetzt wird revocated.

In [None]:
# Cell 24: Revocation Registries anzeigen

print("="*60)
print("üìã ISSUER: Revocation Registries")
print("="*60 + "\n")

registries = api_get(
    ISSUER_ADMIN_URL,
    "/revocation/registries/created?state=active"
)

if registries and "rev_reg_ids" in registries:
    reg_ids = registries["rev_reg_ids"]
    print(f"‚úÖ Aktive Revocation Registries: {len(reg_ids)}\n")
    
    for idx, reg_id in enumerate(reg_ids, 1):
        print(f"Registry #{idx}: {reg_id}")
        
        # Registry Details abrufen
        reg_info = api_get(ISSUER_ADMIN_URL, f"/revocation/registry/{reg_id}").get('result', 'N/A')
        if reg_info:
            print(f"   ‚Ä¢ State: {reg_info.get('state')}")
            print(f"   ‚Ä¢ Max Credentials: {reg_info.get('max_cred_num')}")
            print(f"   ‚Ä¢ Issuer DID: {reg_info.get('issuer_did', 'N/A')}")
            print(f"   ‚Ä¢ Tails Hash: {reg_info.get('tails_hash', 'N/A')}")
            print(f"   ‚Ä¢ Tails Location: {reg_info.get('tails_local_path', 'N/A')}")
            print(f"   ‚Ä¢ Created: {reg_info.get('created_at', 'N/A')}\n")
else:
    print("‚ö†Ô∏è  Keine aktiven Revocation Registries gefunden")
    print("   ‚Ä¢ Stelle sicher dass Cell 12 mit support_revocation: True l√§uft")
    print("   ‚Ä¢ F√ºhre Cell 16 aus um Credential mit Revocation auszustellen")

print("="*60)


In [None]:
# Cell 25: Credential REVOKEN (staged)

print("="*60)
print("üö´ Credential REVOKEN (staged)")
print("="*60 + "\n")

# Verwende gespeicherte Werte aus Cell 16
if 'rev_reg_id' in locals() and 'cred_rev_id' in locals():
    print(f"üìã Zu revokendes Credential:")
    print(f"   ‚Ä¢ Rev Reg ID: {rev_reg_id}")
    print(f"   ‚Ä¢ Cred Rev ID: {cred_rev_id}\n")
    
    revoke_request = {
        "rev_reg_id": rev_reg_id,
        "cred_rev_id": cred_rev_id,
        "notify": False,  # Kein Notification-Webhook
        "publish": False,  # Staging only, publishe sp√§ter in Cell 31
        "comment": "Revoked for testing purposes"
    }
    
    print("üì§ Sende Revocation Request (staging)...")
    start_time = time.time()
    
    revoke_response = api_post(
        ISSUER_ADMIN_URL,
        "/revocation/revoke",
        revoke_request
    )
    
    duration = time.time() - start_time
    
    if revoke_response is not None:
        print(f"\n‚úÖ Credential erfolgreich REVOKED (staged)")
        print(f"   ‚Ä¢ Status: Pending (noch nicht auf Ledger)")
        print(f"   ‚Ä¢ Zeit: {duration:.3f}s")
        print(f"\nüí° N√§chster Schritt: F√ºhre Cell 31 aus um auf Ledger zu publishen!")
    else:
        print(f"\n‚ùå Revocation fehlgeschlagen")
        print(f"   Pr√ºfe ob die IDs korrekt sind")
else:
    print("‚ö†Ô∏è  Keine Revocation IDs gefunden!")
    print("   ‚Ä¢ F√ºhre Cell 16 aus um Credential auszustellen")
    print("   ‚Ä¢ Die IDs werden automatisch in rev_reg_id und cred_rev_id gespeichert")

print("\n" + "="*60)


In [None]:
# Cell 26: Revocations auf Ledger PUBLISHEN

print("="*60)
print("üì§ PUBLISH Revocations auf Ledger")
print("="*60 + "\n")

print("Publishing alle pending Revocations auf Ledger...")
start_time = time.time()

publish_response = api_post(
    ISSUER_ADMIN_URL,
    "/revocation/publish-revocations",
    {}
)

duration = time.time() - start_time

if publish_response and "rrid2crid" in publish_response:
    revoked_regs = publish_response["rrid2crid"]
    total_revoked = sum(len(creds) for creds in revoked_regs.values())
    
    print(f"\n‚úÖ ERFOLGREICH auf Ledger published:")
    print(f"   ‚Ä¢ Revocation Registries: {len(revoked_regs)}")
    print(f"   ‚Ä¢ Total revoked Credentials: {total_revoked}")
    print(f"   ‚Ä¢ Publish Zeit: {duration:.3f}s\n")
    
    for reg_id, cred_ids in revoked_regs.items():
        print(f"   üìã Registry: {reg_id}")
        print(f"      Revoked Credential IDs: {cred_ids}")
        print()
    
    print("="*60)
    print("‚úÖ Revocations sind jetzt auf dem VON Ledger!")
    print("   üí° Holder kann nun KEINEN Non-Revocation-Proof mehr erstellen")
    print("="*60)
elif publish_response:
    print(f"\n‚ö†Ô∏è  Keine pending Revocations zum Publishen")
    print(f"   Response: {publish_response}")
else:
    print(f"\n‚ùå Publish fehlgeschlagen")

print()


In [None]:
# Cell 27: Proof Request MIT Revocation-Check

print("="*60)
print("üìú Proof Request MIT Revocation-Check")
print("="*60 + "\n")

if conn_id_verifier_holder and cred_def_id:
    current_timestamp = int(time.time())
    
    # Proof Request mit non_revoked Interval
    proof_request = {
        "comment": "Proof Request with Non-Revocation Check",
        "presentation_request": {
            "indy": {
                "name": "Proof of Education (Non-Revoked)",
                "version": "1.0",
                "requested_attributes": {
                    "attr1_referent": {
                        "name": "name",
                        "restrictions": [{"cred_def_id": cred_def_id}],
                        "non_revoked": {
                            "from": 0,
                            "to": current_timestamp
                        }
                    },
                    "attr2_referent": {
                        "name": "degree",
                        "restrictions": [{"cred_def_id": cred_def_id}],
                        "non_revoked": {
                            "from": 0,
                            "to": current_timestamp
                        }
                    }
                },
                "requested_predicates": {},
                "non_revoked": {
                    "from": 0,
                    "to": current_timestamp
                }
            }
        },
        "connection_id": conn_id_verifier_holder
    }
    
    print(f"üìã Non-Revocation Interval:")
    print(f"   ‚Ä¢ From: 0 (Genesis)")
    print(f"   ‚Ä¢ To: {current_timestamp} (jetzt)\n")
    print("üí° Holder muss beweisen: Credential ist NICHT revoked!\n")
    
    print("üì§ Sende Proof Request...")
    start_time = time.time()
    
    pres_ex_response = api_post(
        VERIFIER_ADMIN_URL,
        "/present-proof-2.0/send-request",
        proof_request
    )
    
    duration = time.time() - start_time
    
    if pres_ex_response is not None:
        verifier_pres_ex_id = pres_ex_response["pres_ex_id"]
        print(f"\n‚úÖ Proof Request gesendet")
        print(f"   ‚Ä¢ Pres Ex ID: {verifier_pres_ex_id}")
        print(f"   ‚Ä¢ State: {pres_ex_response.get('state')}")
        print(f"   ‚Ä¢ Zeit: {duration:.3f}s")
        print(f"\n   ‚è≥ Warte auf Holder Response (auto-respond aktiv)...")
    else:
        print(f"\n‚ùå Fehler beim Senden des Proof Request")
else:
    print("‚ö†Ô∏è  √úbersprungen: Connection oder Cred Def fehlt")
    if not conn_id_verifier_holder:
        print("   ‚Ä¢ Connection Verifier‚ÜíHolder fehlt (f√ºhre Cell 14 aus)")
    if not cred_def_id:
        print("   ‚Ä¢ Credential Definition fehlt (f√ºhre Cell 12 aus)")

print("\n" + "="*60)


In [None]:
# Cell 28: Presentation Verification (mit Revocation-Check)

print("\n‚è≥ Warte auf Presentation und Verification...\n")
time.sleep(5)

print("="*60)
print("üîç VERIFICATION Result (mit Revocation-Check)")
print("="*60 + "\n")

if 'verifier_pres_ex_id' in locals():
    # Hole Verifier Presentation Exchange
    verifier_pres = api_get(
        VERIFIER_ADMIN_URL,
        f"/present-proof-2.0/records/{verifier_pres_ex_id}"
    )
    
    if verifier_pres:
        state = verifier_pres.get("state")
        verified = verifier_pres.get("verified")
        
        print(f"üìã Presentation Exchange:")
        print(f"   ‚Ä¢ Pres Ex ID: {verifier_pres_ex_id}")
        print(f"   ‚Ä¢ State: {state}")
        print(f"   ‚Ä¢ Verified: {verified}")
        print(f"   ‚Ä¢ Role: {verifier_pres.get('role')}\n")
        
        if verified == "true":
            print("‚úÖ VERIFICATION SUCCESSFUL!")
            print("   ‚úì Credential ist NICHT revoked")
            print("   ‚úì Non-Revocation Proof wurde erfolgreich verifiziert")
            print("   ‚úì Holder hat Zugriff auf Tails-File vom Tails-Server erhalten")
            print("   ‚úì Zero-Knowledge Proof: Credential Status ist g√ºltig")
        elif verified == "false":
            print("‚ùå VERIFICATION FAILED!")
            print("   ‚úó Credential wurde REVOKED")
            print("   ‚úó Non-Revocation Proof konnte NICHT erstellt werden")
            print("   ‚úó Revocation ist auf Ledger published")
            print("   üí° Credential ist ung√ºltig - Holder kann keinen Beweis erbringen!")
        else:
            print(f"‚è≥ Status: {state}")
            print("   Warte noch auf Verification...")
        
        # Zeige Presentation Details wenn vorhanden
        if "by_format" in verifier_pres:
            print(f"\n   üìã Presentation Format:")
            for fmt, data in verifier_pres["by_format"].items():
                print(f"      ‚Ä¢ Format: {fmt}")
    else:
        print("‚ùå Konnte Presentation Exchange nicht abrufen")
else:
    print("‚ö†Ô∏è  Keine Presentation Exchange ID gefunden")
    print("   F√ºhre Cell 32 aus um Proof Request zu senden")

print("\n" + "="*60)


In [None]:
# Cell 29: Revocation Registry ROTATION (Optional)

print("="*60)
print("üîÑ Revocation Registry ROTATION")
print("="*60 + "\n")

print("üí° Registry Rotation ist n√∂tig wenn:")
print("   ‚Ä¢ Registry voll ist (100 Credentials mit TAILS_FILE_COUNT=100)")
print("   ‚Ä¢ Neue Registry f√ºr weitere Credentials ben√∂tigt wird\n")

if 'cred_def_id' in locals() and cred_def_id:
    print(f"Rotiere Registry f√ºr Cred Def: {cred_def_id[:50]}...\n")
    
    start_time = time.time()
    
    rotate_response = api_post(
        ISSUER_ADMIN_URL,
        f"/revocation/active-registry/{cred_def_id}/rotate",
        {}
    )
    
    duration = time.time() - start_time
    
    if rotate_response and "rev_reg_ids" in rotate_response:
        decom = rotate_response["rev_reg_ids"]
        print(f"‚úÖ Registry erfolgreich rotiert!")
        print(f"   ‚Ä¢ Decommissioned Registries: {len(decom)}")
        for reg_id in decom:
            print(f"      - {reg_id[:50]}...")
        print(f"   ‚Ä¢ Zeit: {duration:.3f}s")
        print(f"\n   üí° Neue aktive Registry wurde erstellt")
        print(f"   üí° Weitere Credentials k√∂nnen jetzt ausgestellt werden")
    else:
        print(f"‚ö†Ô∏è  Rotation nicht m√∂glich")
        print(f"   ‚Ä¢ M√∂glicherweise ist die Registry noch nicht voll")
        print(f"   ‚Ä¢ Oder es gibt keine aktive Registry f√ºr diese Cred Def")
        if rotate_response:
            print(f"   Response: {rotate_response}")
else:
    print("‚ö†Ô∏è  Keine Credential Definition ID gefunden")
    print("   F√ºhre Cell 12 aus um Cred Def zu erstellen")

print("\n" + "="*60)
