# Revocation - Bob

## Role: Credential Holder

There will be two parts to this notebook:

- Part 1: Alice issues a revocable credential to [Bob](http://localhost:8889/lab/tree/5%20Advanced%20Concepts/Part%202%20-%20Revocation.ipynb). Bob will store this credential and present proof of it back to Alice while it is not revoked, and Alice will verify the presentation.
- Part 2: Alice then revokes the credential issued to Bob in Part 1 and requests another proof from Bob. This second presentation from Bob will fail to verify.

For details on how revocation works on Hyperledger Indy, you can read more [here](https://github.com/hyperledger/indy-hipe/tree/master/text/0011-cred-revocation).

# Part 1 - Issuing & Proving Non-Revoked Credential

## Complete steps 1-6 in [Alice's revocation notebook](http://localhost:8888/lab/tree/5%20Advanced%20Concepts/Part%202%20-%20Revocation.ipynb)

## 7. Initialise Bob's controller

In [None]:
%autoawait
import time
import asyncio

from aries_basic_controller.aries_controller import AriesAgentController
    
WEBHOOK_HOST = "0.0.0.0"
WEBHOOK_PORT = 8052
WEBHOOK_BASE = ""
ADMIN_URL = "http://bob-agent:8051"

agent_controller = AriesAgentController(admin_url=ADMIN_URL)

In [None]:
agent_controller.init_webhook_server(webhook_host=WEBHOOK_HOST,
                                     webhook_port=WEBHOOK_PORT,
                                     webhook_base=WEBHOOK_BASE)

## 8. Register listeners

The handler should get called every time the controller receives a webhook with the topic `issue_credential` and `present_proof`, printing out the payload. The agent calls to this webhook every time it receives protocol messages for these topics from a credential.

In [None]:
loop = asyncio.get_event_loop()
loop.create_task(agent_controller.listen_webhooks())

In [None]:
def cred_handler(payload):
    print("Handle Credentials")
    global connection_id
    connection_id = payload['connection_id']
    exchange_id = payload['credential_exchange_id']
    state = payload['state']
    role = payload['role']
    attributes = payload['credential_proposal_dict']['credential_proposal']['attributes']
    print(f"Credential exchange {exchange_id}, role: {role}, state: {state}")
    print(f"Offering: {attributes}")
    
cred_listener = {
    "topic": "issue_credential",
    "handler": cred_handler
}

def proof_handler(payload):
    print("Handle present proof")
    role = payload["role"]
    global pres_ex_id
    pres_ex_id = payload["presentation_exchange_id"]
    state = payload["state"]
    print(f"Role {role}, Exchange {pres_ex_id} in state {state}")

proof_listener = {
    "topic": "present_proof",
    "handler": proof_handler
}

agent_controller.register_listeners([cred_listener, proof_listener], defaults=True)

## 9. Continue to [Alice's Notebook](http://localhost:8888/lab/tree/5%20Advanced%20Concepts/Part%202%20-%20Revocation.ipynb)

Alice will issue Bob a revocable credential.

## 10. Check your credential records

You should have one recording the credential offer from Alice. This should also have shown up as as a print statement from the handler function.

In [None]:
response = await agent_controller.issuer.get_records()
results = response["results"]
print(len(results))
if len(results) == 0:
    print("You need to first send a credential from the issuer notebook (Alice)")
else:
    cred_record = results[0]
    cred_ex_id = cred_record['credential_exchange_id']
    state = cred_record['state']
    role = cred_record['role']
    attributes = results[0]['credential_proposal_dict']['credential_proposal']['attributes']
    print(f"Credential exchange {cred_ex_id}, role: {role}, state: {state}")
    print(f"Being offered: {attributes}")

## 11. Request credential from Alice

If happy with the attributes being offered in the credential, then the holder requests the credential from the issuer to proceed with the issuance.

It is only possible to request a credential from an exchange when it is in the `offer_received` state.

In [None]:
record = await agent_controller.issuer.send_request_for_record(cred_ex_id)
state = record['state']
role = record['role']
print(f"Credential exchange {cred_ex_id}, role: {role}, state: {state}")

## 12. Store the redential

Once the issuer has responded to a request by sending the credential, the holder needs to store it to save the credential for later.

First check that the credential record is in the `credential_received` state.

In [None]:
# This can be anything you want. You will use it later to fetch this credential from the agent storage.
credential_id = "My Revocable Credential"

In [None]:
response = await agent_controller.issuer.store_credential(cred_ex_id, credential_id)
state = response['state']
role = response['role']
print(f"Credential exchange {cred_ex_id}, role: {role}, state: {state}")

## 13. Check revocation status of the credential

It should not be revoked.

In [None]:
response = await agent_controller.credentials.is_revoked(credential_id)
response

## 14. Continue in [Alice's Notebook](http://localhost:8888/lab/tree/5%20Advanced%20Concepts/Part%202%20-%20Revocation.ipynb)

Send a presentation request for a non revoked credential proof.


## 15. Fetch redentials for presentation

Note `pres_ex_id` is set in the proofs handler.

TODO: make these steps clearer.

In [None]:
pres_ex_id
response = await agent_controller.proofs.get_record_by_id(pres_ex_id)
presentation_request = response['presentation_request']
presentation_request

In [None]:
if state == "request_received":
    print(
    "Received Request -> Query for credentials in the wallet that satisfy the proof request")
    
if presentation_request != None:
    # include self-attested attributes (not included in credentials)
    credentials_by_reft = {}
    revealed = {}
    self_attested = {}
    predicates = {}

    # select credentials to provide for the proof
    credentials = await agent_controller.proofs.get_presentation_credentials(pres_ex_id)
    print(credentials)

    if credentials:
        for row in sorted(
            credentials,
            key=lambda c: dict(c["cred_info"]["attrs"]),
            reverse=True,
        ):
            for referent in row["presentation_referents"]:
                if referent not in credentials_by_reft:
                    credentials_by_reft[referent] = row

    for referent in presentation_request["requested_attributes"]:
        if referent in credentials_by_reft:
            revealed[referent] = {
                "cred_id": credentials_by_reft[referent]["cred_info"][
                    "referent"
                ],
                "revealed": True,
            }

        else:
            self_attested[referent] = "South Africa"

    for referent in presentation_request["requested_predicates"]:
        if referent in credentials_by_reft:
            predicates[referent] = {
                "cred_id": credentials_by_reft[referent]["cred_info"][
                    "referent"
                ]
            }

    print("\nGenerate the proof")
    proof = {
        "requested_predicates": predicates,
        "requested_attributes": revealed,
        "self_attested_attributes": self_attested,
    }
    print(proof)
    print("\nXXX")
    print("\npredicates:\n{}".format(predicates))
    print("\nrevealed:\n{}".format(revealed))
    print("\nself_attested:\n{}".format(self_attested))
    
else: 
    print("No presenation record identifier")

## 16. Send presentation

Bob sends the proof presentation to Alice for verification.

In [None]:
response = await agent_controller.proofs.send_presentation(pres_ex_id, proof)
print(response)

## 17. Continue in [Alice's Notebook](http://localhost:8888/lab/tree/5%20Advanced%20Concepts/Part%202%20-%20Revocation.ipynb)

Alice will verify the non-revoked credential to be OK.

# Part 2 - Revoking the credential

## 19. Check credential

Bob will check his credential now to find that it is revoked.

In [None]:
response = await agent_controller.credentials.is_revoked(credential_id)
response

## 20. Continue in [Alice's Notebook](http://localhost:8888/lab/tree/5%20Advanced%20Concepts/Part%202%20-%20Revocation.ipynb)

Alice will request for a credential proof once again.

## 21. Fetch credentials for presentation proof

Note `pres_ex_id` is set in the proofs handler.

In [None]:
# fetch credentials for presenting proof
pres_ex_id
response = await agent_controller.proofs.get_record_by_id(pres_ex_id)
presentation_request = response['presentation_request']
presentation_request

In [None]:
if state == "request_received":
    print(
    "Received Request -> Query for credentials in the wallet that satisfy the proof request")
    
if presentation_request != None:
    # include self-attested attributes (not included in credentials)
    credentials_by_reft = {}
    revealed = {}
    self_attested = {}
    predicates = {}

    # select credentials to provide for the proof
    credentials = await agent_controller.proofs.get_presentation_credentials(pres_ex_id)
    print(credentials)

    if credentials:
        for row in sorted(
            credentials,
            key=lambda c: dict(c["cred_info"]["attrs"]),
            reverse=True,
        ):
            for referent in row["presentation_referents"]:
                if referent not in credentials_by_reft:
                    credentials_by_reft[referent] = row

    for referent in presentation_request["requested_attributes"]:
        if referent in credentials_by_reft:
            revealed[referent] = {
                "cred_id": credentials_by_reft[referent]["cred_info"][
                    "referent"
                ],
                "revealed": True,
            }

        else:
            self_attested[referent] = "South Africa"

    for referent in presentation_request["requested_predicates"]:
        if referent in credentials_by_reft:
            predicates[referent] = {
                "cred_id": credentials_by_reft[referent]["cred_info"][
                    "referent"
                ]
            }

    print("\nGenerate the proof")
    proof = {
        "requested_predicates": predicates,
        "requested_attributes": revealed,
        "self_attested_attributes": self_attested,
    }
    print(proof)
    print("\nXXX")
    print("\npredicates:\n{}".format(predicates))
    print("\nrevealed:\n{}".format(revealed))
    print("\nself_attested:\n{}".format(self_attested))
    
else: 
    print("No presenation record identifier")

## 22. Send presentation

Bob sends the proof presentation to Alice for verification.

In [None]:
response = await agent_controller.proofs.send_presentation(pres_ex_id, proof)
print(response)

## 23. Continue in [Alice's Notebook](http://localhost:8888/lab/tree/5%20Advanced%20Concepts/Part%202%20-%20Revocation.ipynb)

Alice will verify the now revoked credential to be NOT OK.

## End of Tutorial

Be sure to terminate the controller.

In [None]:
response = await agent_controller.terminate()
print(response)