# EBSI Wallet Conformance (Legal Entity)

## Setup conformance headers

In [1]:
import uuid
import asyncio
from rich.console import Console

console = Console()

loop = asyncio.get_event_loop()

# Visit https://app.preprod.ebsi.eu/users-onboarding to obtain session token.
onboarding_service_session_token = "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NTIxMDk3NzcsImlhdCI6MTY1MjEwODg3NywiaXNzIjoiZGlkOmVic2k6emNHdnFnWlRIQ3Rramd0Y0tSTDdIOGsiLCJvbmJvYXJkaW5nIjoicmVjYXB0Y2hhIiwidmFsaWRhdGVkSW5mbyI6eyJhY3Rpb24iOiJsb2dpbiIsImNoYWxsZW5nZV90cyI6IjIwMjItMDUtMDlUMTU6MDc6NTVaIiwiaG9zdG5hbWUiOiJhcHAucHJlcHJvZC5lYnNpLmV1Iiwic2NvcmUiOjAuOSwic3VjY2VzcyI6dHJ1ZX19.wWPb9xofcgeD3G9J3hShqHOMX-Quvr2kgqw_GXk9ABbYe-YngKojO76ZxkGDBuykkbIP261Gqv5KQLSnSsyRLA"

headers = {
    "Conformance": str(uuid.uuid4()),
    "Authorization": f"Bearer {onboarding_service_session_token}"
}

## Setup wallet

In [2]:
from src.main import wallet

# Setup wallet
client = await wallet("init")

## ONBOARD_01_A - Requests Verifiable Authorisation (VA)

In [3]:
from src.main import onboarding

# Authentication requests
auth_req = await onboarding("authenticationRequests", headers)
console.log("Onboarding Service -- Authentication Requests", auth_req)

## ONBOARD_02_A - Proves control of DID key

In [4]:
from src.util import parse_query_string_parameters_from_url

session_token = auth_req["session_token"].replace("openid://", "")
jwt_auth_req = parse_query_string_parameters_from_url(
    session_token).get("request")[0]
assert jwt_auth_req is not None, "No JWT authentication request found"

headers = {
    "Authorization": f"Bearer {jwt_auth_req}",
    "Content-Type": "application/x-www-form-urlencoded"
}

# Authentication responses
vc = await onboarding("authenticationResponses", headers, options={"client": client, "jwt_auth_req": jwt_auth_req})
console.log("Onboarding Service -- Authentication Responses", vc)

## ONBOARD_051 - Initialise access token request

### Create Verifiable Presentation

In [5]:
from src.main import compute
import json

vp = await compute("createPresentation", None, options={"client": client, "vc": json.dumps(vc["verifiableCredential"])})
console.log("Onboarding Service -- Create Presentation", vp)

### Canonicalize Base64 URL

In [6]:
vp_base64 = await compute("canonicalizeBase64url", None, options={"vp": json.dumps(vp)})
console.log("Onboarding Service -- Canonicalize Base64 URL", vp_base64)

In [7]:
from src.main import authorisation

headers = {
    "Authorization": f"Bearer {jwt_auth_req}",
}

siop_auth_request = await authorisation("siopRequest", headers, None)
console.log("Authorisation Service -- Siop Request", siop_auth_request)

## ONBOARD_052 - Share Verifiable Authorisation

### Verify Authentication Request

In [8]:
uri_decoded = siop_auth_request["uri"].replace("openid://", "")
siop_auth_request_prepared = {
    "request": parse_query_string_parameters_from_url(uri_decoded).get("request")[0],
    "client_id": parse_query_string_parameters_from_url(uri_decoded).get("client_id")[0]
}

callback_url = await compute("verifyAuthenticationRequest", None, {"client": client, "request": siop_auth_request_prepared})
console.log(
    "Authorisation Service -- Verify Authentication Request", callback_url)

### Siop Session

In [9]:
headers = {
        "Authorization": f"Bearer {jwt_auth_req}",
        "Content-Type": "application/x-www-form-urlencoded"
    }

session_response = await authorisation("siopSession", headers, options={"client": client, "callback_url": callback_url, "verified_claims": vp_base64})
console.log("Authorisation Service -- Siop Session", session_response)

### Verify Session Response

In [10]:
access_token = await compute("verifySessionResponse", None, {"client": client, "session_response": session_response})
console.log("Authorisation Service -- Verify Session Response -- Access Token", access_token)

## ONBOARD_061 - Construct a blockchain transaction to register a DID and DID Document

### Prepare unsigned transaction

#### Generate DID Document

In [11]:
did_document = client.generate_did_document()
console.log("Generated DID Document", did_document)

#### Metadata and timestamp

In [12]:
import secrets
import json
import hashlib

metadata = { 
    "meta": secrets.token_bytes(32).hex() 
}

timestamp = { 
    "data": secrets.token_bytes(32).hex() 
}

metadata_bytes = json.dumps(metadata).encode("utf-8")
timestamp_bytes = json.dumps(timestamp).encode("utf-8")
did_document_bytes = json.dumps(did_document).encode("utf-8")
did_document_hash = hashlib.sha256(did_document_bytes).hexdigest()

#### JSON RPC payload

In [13]:
import math
import random
from web3.auto import w3

did_bytes = client.ebsi_did.did.encode("utf-8")
account_address = w3.eth.account.privateKeyToAccount(client.eth.private_key).address

prepared_transaction = {
  "info": {
    "title": "Did document",
    "data": did_document,
  },
  "param": {
    "identifier": f"0x{did_bytes.hex()}",
    "hashAlgorithmId": 1,
    "hashValue": f"0x{did_document_hash}",
    "didVersionInfo": f"0x{did_document_bytes.hex()}",
    "timestampData": f"0x{timestamp_bytes.hex()}",
    "didVersionMetadata": f"0x{metadata_bytes.hex()}",
  },
}

rpc_payload = {
    "jsonrpc": "2.0",
    "method": "insertDidDocument",
    "params": [
        {
            "from": account_address,
            **prepared_transaction["param"]
        }
    ],
    "id": math.ceil(random.random() * 1000),
}

console.log("RPC payload (insertDidDocument)", rpc_payload)

#### HTTP POST /jsonrpc

In [14]:
from src.util import http_call

jsonrpc_endpoint = "https://api.conformance.intebsi.xyz/did-registry/v2/jsonrpc"

headers = {
    "Authorization": f"Bearer {access_token}",
    "Content-Type": "application/json"
}

utx = await http_call(jsonrpc_endpoint, "POST", data=json.dumps(rpc_payload), headers=headers)

console.log("Unsigned transaction", utx)

## ONBOARD_062 - Send a signed blockchain transaction

### Sign transaction

In [15]:
from web3.auto import w3

to_be_signed_transaction = {
    "to": utx["result"]["to"],
    "data": utx["result"]["data"],
    "value": utx["result"]["value"],
    "nonce": int(utx["result"]["nonce"].replace("0x", ""), 16),
    "chainId": int(utx["result"]["chainId"].replace("0x", ""), 16),
    "gas": int(utx["result"]["gasLimit"].replace("0x", ""), 16),
    "gasPrice": int(utx["result"]["gasPrice"].replace("0x", ""), 16),
}

stx = w3.eth.account.sign_transaction(to_be_signed_transaction, private_key=client.eth.private_key)

raw_transaction = stx.rawTransaction.hex()


### Send signed transaction

In [16]:
send_signed_transction_rpc_payload = {
    "protocol": "eth",
    "unsignedTransaction": utx["result"],
    "r": hex(stx.r),
    "s": hex(stx.s),
    "v": hex(stx.v),
    "signedRawTransaction": raw_transaction,
}

rpc_payload = {
    "jsonrpc": "2.0",
    "method": "sendSignedTransaction",
    "params": [send_signed_transction_rpc_payload],
    "id": math.ceil(random.random() * 1000),
}

headers = {
    "Authorization": f"Bearer {access_token}",
    "Content-Type": "application/json"
}

send_stx_response = await http_call(jsonrpc_endpoint, "POST", data=json.dumps(rpc_payload), headers=headers)

console.log("Send signed transaction response", send_stx_response)

### Waiting for transaction to be mined

In [17]:
besu_ledger = "https://api.conformance.intebsi.xyz/ledger/v2/blockchains/besu"

from src.util import http_call_every_n_seconds

rpc_payload = {
    "jsonrpc": "2.0",
    "method": "eth_getTransactionReceipt",
    "params": [send_stx_response["result"]],
    "id": math.ceil(random.random() * 1000),
}

console.log("Waiting for transaction to be mined...")

receipt = await http_call_every_n_seconds(besu_ledger, "POST", data=json.dumps(rpc_payload), headers=headers)

console.log("Transaction mined", receipt)

## ONBOARD_063 - Verify DID

In [18]:
from src.ebsi_did_resolver import resolve
from src.main import app_config

options = {
    "registry": app_config["conformance"]["did"]["api"] + app_config["conformance"]["did"]["endpoints"]["post"]["identifiers"]
}

did_resolution_result = await resolve(client.ebsi_did.did, options)

console.log("DID Resolution Result", did_resolution_result)

## ISSUE_011 


In [19]:
redirect_uri = "https://localhost:3000"

url_params = {
    "scope": "openid conformance_testing",
    "response_type" : "code",
    "redirect_uri": redirect_uri,
    "client_id": redirect_uri,
    "response_mode": "post",
    "state": secrets.token_bytes(6).hex(),
    "nonce": secrets.token_bytes(6).hex(),
}

authorize_url = "https://api.conformance.intebsi.xyz/conformance/v1/issuer-mock/authorize?scope={scope}&response_type={response_type}&redirect_uri={redirect_uri}&client_id={client_id}&response_mode={response_mode}&state={state}&nonce={nonce}"

issuer_authorize_response = await http_call(authorize_url.format(**url_params), "GET", data=None, headers=headers)

console.log("Issuer authorize", issuer_authorize_response)


## ISSUE_021

In [20]:
redirect_uri = "https://localhost:3000"
code = issuer_authorize_response["code"]

token_url = "https://api.conformance.intebsi.xyz/conformance/v1/issuer-mock/token"

payload = {
    "code": code,
    "grant_type": "authorization_code",
    "redirect_uri": redirect_uri
}


token_response = await http_call(token_url, "POST", data=json.dumps(payload), headers=headers)

console.log("Token", token_response)


## ISSUE_031

In [21]:
from src.did_jwt import create_jwt, decode_jwt
from src.did_jwt.signer_algorithm import ES256K_signer_algorithm

c_nonce = token_response["c_nonce"]
redirect_uri = "https://localhost:3000"
access_token = token_response["access_token"]

jwt_payload = { 
    "c_nonce" : c_nonce 
}

jwt_header = {
    "alg": "ES256K",
    "typ": "JWT",
}

SELF_ISSUED_V2 = "https://self-issued.me/v2"

private_key = client.eth.private_key

jws = await create_jwt(
    jwt_payload, 
    {
        "issuer": client.ebsi_did.did,
        "signer": await ES256K_signer_algorithm(private_key),
    },
    jwt_header
)

credential_url = "https://api.conformance.intebsi.xyz/conformance/v1/issuer-mock/credential"

headers = {
    "Authorization": f"Bearer {access_token}",
    "Content-Type": "application/json"
}


payload = {
    "type": "https://api.test.intebsi.xyz/trusted-schemas-registry/v1/schemas/0x1ee207961aba4a8ba018bacf3aaa338df9884d52e993468297e775a585abe4d8",
    "format": "jwt_vc",
    "did": client.ebsi_did.did,
    "proof": {
        "type": "JWS",
        "verificationMethod": f"{client.ebsi_did.did}#keys-1",
        "jws": jws
    },
    "grant_type": "authorization_code",
    "redirect_uri": redirect_uri
}


credential_response = await http_call(credential_url, "POST", data=json.dumps(payload), headers=headers)

console.log("Token", credential_response)

credential = decode_jwt(credential_response["credential"])

console.log("Received credential", credential)


## VERIFY_011

In [22]:
from src.util import http_call_text, parse_query_string_parameters_from_url

url_params = {
    "redirect": "undefined",
}

authentication_requests_url = "https://api.conformance.intebsi.xyz/conformance/v1/verifier-mock/authentication-requests?redirect={redirect}"

authentication_requests_response = await http_call_text(authentication_requests_url.format(**url_params), "GET", data=None, headers=headers)
uri_decoded = authentication_requests_response.replace("openid://", "")
authentication_requests_response = {
    "request": parse_query_string_parameters_from_url(uri_decoded).get("request")[0],
    "client_id": parse_query_string_parameters_from_url(uri_decoded).get("client_id")[0],
    "response_type": parse_query_string_parameters_from_url(uri_decoded).get("response_type")[0],
    "scope": parse_query_string_parameters_from_url(uri_decoded).get("scope")[0],
    "claims": parse_query_string_parameters_from_url(uri_decoded).get("claims")[0]
}

console.log("Authentication requests response", authentication_requests_response)

### Create Verifiable Presentation JWT

In [24]:
from src.util.verifiable_presentation import create_vp_jwt

credential = credential_response["credential"]

config = {
    "issuer": client.ebsi_did.did,
    "signer": await ES256K_signer_algorithm(client.eth.private_key)
}

vp_jwt_res = await create_vp_jwt(credential, config)

console.log("Verifiable Presentation JWT", vp_jwt_res)



## VERIFY_031

In [25]:
jwt_vp = vp_jwt_res["jwtVp"]

authentication_response_url = "https://api.conformance.intebsi.xyz/conformance/v1/verifier-mock/authentication-responses"

payload = {
    "id_token": {},
    "vp_token": [
        {
            "format": "jwt_vp",
            "presentation": jwt_vp
        }
    ]
}

vp_status = await http_call(authentication_response_url, "POST", data=json.dumps(payload), headers=headers)

console.log("Verifiable presentation status", vp_status)