# Transaction Author

This notebook walks through how an actor, with a public DID that does not have the authority to author transactions on the ledger can request schema and credential definitions get endorsed.

First they create a local DID and share it with the transaction endorser who authors this.


### Imports

In [1]:
from aries_cloudcontroller import AriesAgentController
import os
from termcolor import colored

### Initialise the Agent Controller

In [2]:
api_key = os.getenv("ACAPY_ADMIN_API_KEY")
admin_url = os.getenv("ADMIN_URL")

print(f"Initialising a controller with admin api at {admin_url} and an api key of {api_key}")
agent_controller = AriesAgentController(admin_url,api_key)

Initialising a controller with admin api at http://bob-agent:3021 and an api key of adminApiKey


## Write DID to the Public Ledger

Note: if defined a ACAPY_WALLET_SEED value for your agent then this function will return a DID, but this DID still needs to be written to the ledger. If you did not define a seed you will need to create a DID first.

In [3]:
public_did_response = await agent_controller.wallet.get_public_did()

In [4]:
if public_did_response["result"]:
    did_obj = public_did_response["result"]
else:
    create_did_response = await agent_controller.wallet.create_did()
    did_obj = create_did_response['result']
print("DID", did_obj)

DID {'did': '778LxJAivdj3ZMLYvx7DAv', 'verkey': '4L1eA2NKBCTdHrrSKXew7cgWwvdDb5ysFTAm2aJaNiE8', 'posture': 'wallet_only', 'key_type': 'ed25519', 'method': 'sov'}


## Copy DID and Verkey across to Endorser Who Will Write it to the Ledger

In [5]:
print(f"did='{did_obj['did']}'")
print(f"verkey='{did_obj['verkey']}'")

did='778LxJAivdj3ZMLYvx7DAv'
verkey='4L1eA2NKBCTdHrrSKXew7cgWwvdDb5ysFTAm2aJaNiE8'


## Accept Transaction Author Agreement

Although the Sovrin StagingNet is permissionless, before DID's have the authority to write to the ledger they must accept something called a transaction author agreement by signing it using the DID they have on the ledger.

As a global public ledger, the Sovrin Ledger and all its participants are subject to privacy and data protection regulations such as the EU General Data Protection Regulation (GDPR). These regulations require that the participants be explicit about responsibilities for Personal Data.

To clarify these responsibilities and provide protection for all parties, the Sovrin Governance Framework Working Group developed an agreement between Transaction Authors and the Sovrin Foundation. The TAA can be found at Sovrin.org. It ensures that users are aware of and consent to the fact that all data written to the Sovrin Ledger cannot be removed, even if the original author of the transaction requests its removal.

The TAA outlines the policies that users must follow when interacting with the Sovrin Ledger. When a user’s client software is preparing a transaction for submission to the network, it must include a demonstration that the user had the opportunity to review the current TAA and accept it. This is done by including some additional fields in the ledger write transaction: 

* A hash of the agreement
* A date when the agreement was accepted, and
* A string indicating the user interaction that was followed to obtain the acceptance.

The Indy client API used by Sovrin has been extended to allow users to review current and past agreements and to indicate acceptance through an approved user interaction pattern. - source: https://sovrin.org/preparing-for-the-sovrin-transaction-author-agreement/

For more details on TAA please read more at the following links:
* [Preparing for the Sovrin Transaction Author Agreement](https://sovrin.org/preparing-for-the-sovrin-transaction-author-agreement/)
* [How the recent approval of the Sovrin Governance Framework v2 affects Transaction Authors
](https://sovrin.org/how-the-recent-approval-of-the-sovrin-governance-framework-v2-affects-transaction-authors/)
* [TAA v2](https://github.com/sovrin-foundation/sovrin/blob/master/TAA/TAA.md)
* [TAA Acceptance Mechanism List (AML)](https://github.com/sovrin-foundation/sovrin/blob/master/TAA/AML.md)

In [6]:
taa_response = await agent_controller.ledger.get_taa()
TAA = taa_response['result']['taa_record']
TAA['mechanism'] = "service_agreement"
await agent_controller.ledger.accept_taa(TAA)

{}

## Assign Agent Public DID if Not Set

Will only be ran if ACAPY_WALLET_SEED not initially set.

In [7]:
if did_obj["posture"] != "public":
    response = await agent_controller.wallet.assign_public_did(did_obj["did"])
print("Successfully intialised agent with Public DID : ", did_obj["did"])

Successfully intialised agent with Public DID :  778LxJAivdj3ZMLYvx7DAv


## Start Webhook Server

In [8]:
webhook_port = int(os.getenv("WEBHOOK_PORT"))
webhook_host = "0.0.0.0"

await agent_controller.init_webhook_server(webhook_host, webhook_port)

print(f"Listening for webhooks from agent at http://{webhook_host}:{webhook_port}")

Listening for webhooks from agent at http://0.0.0.0:3010


In [9]:
listeners = []

In [10]:
def transaction_handler(payload):
    print("Transaction Handler")
    print(payload)
    
transaction_listener = {
    "topic": "transaction",
    "handler": transaction_handler

}

listeners.append(transaction_listener)

In [11]:
# Receive connection messages
def connections_handler(payload):
    state = payload['state']
    connection_id = payload["connection_id"]
    their_role = payload["their_role"]
    routing_state = payload["routing_state"]
    
    print("----------------------------------------------------------")
    print("Connection Webhook Event Received")
    print("Connection ID : ", connection_id)
    print("State : ", state)
    print("Routing State : ", routing_state)
    print("Their Role : ", their_role)
    print("----------------------------------------------------------")
    if state == "active":
        # Your business logic
        print(colored("Connection ID: {0} is now active.".format(connection_id), "green", attrs=["bold"]))

connection_listener = {
    "handler": connections_handler,
    "topic": "connections"
}

listeners.append(connection_listener)

In [12]:
agent_controller.register_listeners(listeners)

## Connect With Transaction Endorser

In [13]:
invitation = {'@type': 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation', '@id': 'bc085f4d-d757-414a-9692-1c7061250e39', 'recipientKeys': ['8eV6rm7NV7GCqMBZfmHY3uBMaiB3c7PbqRRSfYBn9JmV'], 'serviceEndpoint': 'https://3b77413b8e9a.ngrok.io', 'label': 'Alice'}


In [14]:
auto_accept="false"
alias=None

invite_response = await agent_controller.connections.receive_invitation(invitation, alias, auto_accept)
connection_id = invite_response["connection_id"]

----------------------------------------------------------
Connection Webhook Event Received
Connection ID :  a91054c4-e166-4f99-ac95-d9eacf83a153
State :  invitation
Routing State :  none
Their Role :  inviter
----------------------------------------------------------


In [15]:
# Label for the connection
my_label = None
# Endpoint you expect to recieve messages at
my_endpoint = None

accept_response = await agent_controller.connections.accept_invitation(connection_id, my_label, my_endpoint)

----------------------------------------------------------
Connection Webhook Event Received
Connection ID :  a91054c4-e166-4f99-ac95-d9eacf83a153
State :  request
Routing State :  none
Their Role :  inviter
----------------------------------------------------------
----------------------------------------------------------
Connection Webhook Event Received
Connection ID :  a91054c4-e166-4f99-ac95-d9eacf83a153
State :  response
Routing State :  none
Their Role :  inviter
----------------------------------------------------------
----------------------------------------------------------
Connection Webhook Event Received
Connection ID :  a91054c4-e166-4f99-ac95-d9eacf83a153
State :  active
Routing State :  none
Their Role :  inviter
----------------------------------------------------------
[1m[32mConnection ID: a91054c4-e166-4f99-ac95-d9eacf83a153 is now active.[0m


## Send Trust Ping

Once connection moves to response state one agent, either inviter or invitee needs to send a trust ping.

Note: you may not need to run this cell. It depends one of the agents has the ACAPY_AUTO_PING_CONNECTION=true flag set.

In [None]:
comment = "Some Optional Comment"
message = await agent_controller.messaging.trust_ping(connection_id, comment)

## Set Endorser Role

In [22]:
print(connection_id)

a91054c4-e166-4f99-ac95-d9eacf83a153


In [21]:
transaction_my_job = "TRANSACTION_AUTHOR"
response = await agent_controller.transactions.set_endorser_role(connection_id,transaction_my_job)

ERROR:__name__:Error during POST /transactions/a91054c4-e166-4f99-ac95-d9eacf83a153: 405, message='Method Not Allowed', url=URL('http://bob-agent:3021/transactions/a91054c4-e166-4f99-ac95-d9eacf83a153?transaction_my_job=TRANSACTION_AUTHOR')


ClientResponseError: 405, message='Method Not Allowed', url=URL('http://bob-agent:3021/transactions/a91054c4-e166-4f99-ac95-d9eacf83a153?transaction_my_job=TRANSACTION_AUTHOR')

## Set Endorser Info

Must know the endorser public DID.

In [20]:
endorser_did="TXdeBWyUnvMhBStbVR6mhQ"
endorser_name="My Super Endorser"
response = await agent_controller.transactions.set_endorser_info(connection_id, endorser_did, endorser_name)

ERROR:__name__:Error during POST /transactions/a91054c4-e166-4f99-ac95-d9eacf83a153/set-endorser-info: 403, message='The transaction related jobs are not set up in connection metadata for this connection record', url=URL('http://bob-agent:3021/transactions/a91054c4-e166-4f99-ac95-d9eacf83a153/set-endorser-info?endorser_did=TXdeBWyUnvMhBStbVR6mhQ&endorser_name=My+Super+Endorser')


ClientResponseError: 403, message='The transaction related jobs are not set up in connection metadata for this connection record', url=URL('http://bob-agent:3021/transactions/a91054c4-e166-4f99-ac95-d9eacf83a153/set-endorser-info?endorser_did=TXdeBWyUnvMhBStbVR6mhQ&endorser_name=My+Super+Endorser')

## Writing Schema

Write as many schema to the ledger as you like. Be sure to store each schema_id, you will need these when it comes to authoring credential defintition transactions and issuing credentials against this schema.

Uncomment and copy the below cell as many times as you need. Be sure to update any arugments surrounded by <> with your own details.

In [16]:
# # Define you schema name - must be unique on the ledger
schema_name = "some schema"
# Can version the schema if you wish to update it
schema_version = "0.0.1"
# Define any list of attributes you wish to include in your schema
attributes = ["data"]



In [17]:
## THIS SHOULD FAIL AS PUBLIC DID DOES NOT HAVE ENDORSER ROLE

In [18]:
response = await agent_controller.schema.write_schema(schema_name, attributes, schema_version)
schema_id = response["schema_id"]

In [19]:

create_txn_for_endorser = "true"
response = await agent_controller.schema.write_schema(schema_name, attributes, schema_version, connection_id, create_txn_for_endorser)
schema_id = response["schema_id"]

ERROR:__name__:Error during POST /schemas: 403, message='Endorser Info is not set up in connection metadata for this connection record', url=URL('http://bob-agent:3021/schemas?conn_id=a91054c4-e166-4f99-ac95-d9eacf83a153&create_transaction_for_endorser=true')


ClientResponseError: 403, message='Endorser Info is not set up in connection metadata for this connection record', url=URL('http://bob-agent:3021/schemas?conn_id=a91054c4-e166-4f99-ac95-d9eacf83a153&create_transaction_for_endorser=true')

## Using External Schema

You do not have to author the schema for the credentials you wish to issue, instead you can identify extisting schema on the ledger that you want to issue against. To do this you must set the schema identifier for any schema you want to use and these MUST be on the ledger your agent is pointing to.

In [None]:
# <EXTERNAL SCHEMA ID> = "<SOME SCHEMA ID>"

## Writing Credential Definitions

For all schema you intend to issue credentials against your agent must author a credential definition transaction to the public ledger. This specifies the public cryptographic material your agent will use to sign all credentials issued against a specific schema. 

Again uncomment and copy this cell as often as you need. Remebering to update the arguments in <> to specify your schema identifiers. Store each credential definition identifier in a unique variable.

In [1]:
# Tag and group specific credential definitions
tag = "default"

# Make Cred Def support revocation. Credentials issued using this definition will be able to be revoked.
# Note: ACAPY_TAILS_SERVER_BASE_URL env var must be properly configured
support_revocation = False

# cred_def_response = await agent_controller.definitions.write_cred_def(<SCHEMA ID>, tag, support_revocation)
# <YOUR CRED DEF ID> = cred_def_response["credential_definition_id"]

## Persist Identifiers for use throughout other business logic notebooks associated with this agent

The schema_id and cred_def_id value pairs are required whenever issuing credentials, and also can be used to constrain acceptable proof requests. In a real application these values might be stored in environment variables or most likely in a database. For notebooks we have found it easier to store as string values in a cell and then load these values into the jupyter store so that they can be fetched across multiple notebooks.

As such you are recommended to print out each of the schema and cred def identifiers used by your agent and copy them across to your **main** business logic notebook where you should store them in a variable and save them to the jupyter store. Remember, you should only be running this notebook once so having this logic in here will not be useful.


In [None]:
print(f"schema_id='{<YOUR SCHEMA ID>}'")
print(f"cred_def_id='{<YOUR CRED DEF ID>}'")

## Terminate Controller


In [27]:
await agent_controller.terminate()