-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DIDComm V2 Initial Implementation #2959
base: main
Are you sure you want to change the base?
DIDComm V2 Initial Implementation #2959
Conversation
@frostyfrog Some minor conflicts in this PR after #2892 was merged |
Why not return a DIDComm v2 problem report? |
I hadn't created a base message class for V2 problem reports to be based off of. My focus was on getting a response back that could be decoded on the other end. So I just used what was already available |
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
And move to binding to profile and session from default context Signed-off-by: Daniel Bluhm <dbluhm@pm.me> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com> Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
1a2e7a1
to
30107e8
Compare
Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some of these comments are requested changes. Others are notes for other reviewers to pay attention to. Others still are open questions. Probably not all of them need to be answered before I would feel good about merging this PR.
That being said, I had a hand in these changes so I defer to other ACA-Py contributors for a full review.
Nice work to this point, @frostyfrog and @mepeltier!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Calling out a limitation: experimental v2 support will only work using did:peer:2 right now.
Should we implement it for did:peer:4 as well at this stage?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given how early we are in the process, I don't think its necessary, but at the same time, it might be worth getting it in before our changes are more solidified. It'll also probably make it easier to switch off of did:peer:2, which is a good thing imo
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do believe that it's not limited to did:peer:2
. Other did:peer
methods should be supported as well. Once I have something better to key off of for outbound, things like did:web
should work (in theory). Though you are right in that all did
methods, aside from did:peer:2
, are currently untested
@abstractmethod | ||
async def assign_kid_to_key(self, verkey: str, kid: str) -> KeyInfo: | ||
"""Assign a KID to a key. | ||
|
||
This is separate from the create_key method because some DIDs are only | ||
known after keys are created. | ||
|
||
Args: | ||
verkey: The verification key of the keypair | ||
kid: The kid to assign to the keypair | ||
|
||
Returns: | ||
A `KeyInfo` representing the keypair | ||
|
||
""" | ||
|
||
@abstractmethod | ||
async def get_key_by_kid(self, kid: str) -> KeyInfo: | ||
"""Fetch a key by looking up its kid. | ||
|
||
Args: | ||
kid: the key identifier | ||
|
||
Returns: | ||
The key identified by kid | ||
|
||
""" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Calling out a fundamental paradigm shift starting here for ACA-Py: to work with DCv2, these changes start using full DID URL references to verification methods to identify keys instead of the base58 encoding of the public key.
And a limitation: There is only one kid associated with a key. Does it make sense for a key to be looked up by multiple different key ids?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that I think on it, the way we implemented the interface, it doesn't actually preclude the ability to associate a key with multiple kids. But the implementation of the interface does impose this limitation.
receipt.sender_verkey = message_unpack.sender_kid.split("#")[0] | ||
receipt.recipient_verkey = message_unpack.recipient_kid.split("#")[0] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Calling out another start of a paradigm shift: sender and receiver are identified by DIDs instead of by base58 encoded public keys.
Should the sender/receiver be a kid rather than a DID? Technically, as seen in the unpack result metadata, it is fundamentally a kid that the message is sent to and received by. Perhaps it would be better to prefer keeping that specificity around until it is no longer needed.
if sender_key and recipient_keys: | ||
message = await messaging.pack( | ||
message=message_json, | ||
to=recipient_keys[0], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should the pack
method of DMP that we're using here support multiple recipients?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It probably should. Another problem that I ran into is that it implicitly forward wraps the message, even if we are responding on the same connection. Something I planned to look at later
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
…tech/aries-cloudagent-python into feat/didcommv2-proof-of-concept Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Most of the feedback so far has been from those who have already had a hand in the PR; it would be great to get more feedback from outside that group. The ability to assign a kid to a key has been identified as something we would like to see before we lose some of the old JSON-LD endpoints. This PR adds that ability incidentally as this same support is required for efficient key lookup when using kids in DIDComm v2. If we end up having issues that prevent this PR from going forward, we should consider breaking that component out. cc @PatStLouis |
I can't add any good comments about the approach other than it like it's been done well as a non intrusive way to add the changes and the code generally looks really good. This isn't a strong area for me. We will need to fix the unit testing and add some coverage. Also, a couple integration tests would be good to have setup before we got this merged into v1.0.0. Could probably be done as another task if there's been good manual testing. |
Thank you for your feedback! I was worried that we weren't getting any eyes on the changes
In regards to testing, I used the docker-compose within this repo of mine. It uses the same underlying The new code should be gated under the experimental flag and the changes were designed to allow for a series of many PRs, rather than one large PR with everything done all at once. This being the first PR of many. |
Sounds good. We'll need to at least get the unit tests passing and then we can consider getting this merged as a experimental feature. |
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
I think this is getting pretty close. I'm not opposed to merging it with the unit testing and integration testing coming later. Sonarcloud flagged a few minor things that should be addressed. https://sonarcloud.io/project/issues?resolved=false&sinceLeakPeriod=true&pullRequest=2959&id=hyperledger_aries-cloudagent-python |
I'm happy to tackle the first few issues that SonarCloud brought up, but I'm not sure about the last one: https://sonarcloud.io/project/issues?resolved=false&sinceLeakPeriod=true&pullRequest=2959&id=hyperledger_aries-cloudagent-python&open=AY_jne_SO865kDwTsb7n&tab=code I'm also not sure what's going on with the integration tests, I'll have to take a look at those |
I'm not really concerned about these. We might have to change sonarcloud settings to get this passing. We haven't really done this anywhere in the project. However, when we have the same error message in many places we should have a constant for it. It's just good practice to not need to find and replace all if we ever wanted to change it. |
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
Signed-off-by: Micah Peltier <micah6_8@yahoo.com>
I finally got to give this a look. @frostyfrog when building the image and running with the flag To build the image I checked out the Full error track:
|
Did you install it with the didcommv2 extra (similar to installing with Askari)? This is how it's done for my test docker container: https://github.com/frostyfrog/didcomm-v2-test-util/blob/main/Dockerfile.acapy |
Yeah, you'll need to run something like |
Wait, @mepeltier, wasn't your custom import error supposed to trigger to talk about the extra, or am I thinking of something else? |
@frostyfrog I'm using the dockerfile from the project, I'll give these solutions a try. |
@PatStLouis looking at that Dockerfile, it looks like there's a build argument called: |
It was discussed in Today's ACA-Pug call to add the didcommv2 extra to the docker file, so I'm doing that now. |
Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
It was requested in today's ACA-Pug by @PatStLouis to add the didcommv2 extra to the docker images that are built, and multiple people in the call agreed with the idea. Myself included. Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
…of-concept Signed-off-by: Colton Wolkins (Indicio work address) <colton@indicio.tech>
|
The purpose of this PR is to add basic DIDComm V2 support to ACA-Py. It is our intention to add support gradually with small PRs, rather than one massive PR. To that end, at present, here's what we've added:
--experimental-didcomm-v2
flag to enable the DIDComm V2 code