# ACA-Py & ACC-Py Basic Template

## Copy this template into the root folder of your notebook workspace to get started

### Imports

In [1]:
from aries_cloudcontroller import AriesAgentController
import os
from termcolor import colored

### Initialise the Agent Controller

In [2]:
api_key = os.getenv("ACAPY_ADMIN_API_KEY")
admin_url = os.getenv("ADMIN_URL")

print(f"Initialising a controller with admin api at {admin_url} and an api key of {api_key}")
agent_controller = AriesAgentController(admin_url,api_key)

Initialising a controller with admin api at http://issuer-agent:3021 and an api key of adminApiKey


### Start a Webhook Server

In [3]:
webhook_port = int(os.getenv("WEBHOOK_PORT"))
webhook_host = "0.0.0.0"

await agent_controller.init_webhook_server(webhook_host, webhook_port)

print(f"Listening for webhooks from agent at http://{webhook_host}:{webhook_port}")

Listening for webhooks from agent at http://0.0.0.0:3010


## Register Agent Event Listeners

You can see some examples within the webhook_listeners recipe. Copy any relevant cells across and fill in additional logic as needed.

In [4]:
listeners = []

In [5]:
## YOUR LISTENERS HERE
# Receive connection messages
def connections_handler(payload):
    state = payload['state']
    connection_id = payload["connection_id"]
    their_role = payload["their_role"]
    routing_state = payload["routing_state"]
    
    print("----------------------------------------------------------")
    print("Connection Webhook Event Received")
    print("Connection ID : ", connection_id)
    print("State : ", state)
    print("Routing State : ", routing_state)
    print("Their Role : ", their_role)
    print("----------------------------------------------------------")
    if state == "active":
        # Your business logic
        print(colored("Connection ID: {0} is now active.".format(connection_id), "green", attrs=["bold"]))

connection_listener = {
    "handler": connections_handler,
    "topic": "connections"
}

listeners.append(connection_listener)

In [6]:
def issuer_handler(payload):
    connection_id = payload['connection_id']
    exchange_id = payload['credential_exchange_id']
    state = payload['state']
    role = payload['role']
    print("\n---------------------------------------------------\n")
    print("Handle Issue Credential Webhook")
    print(f"Connection ID : {connection_id}")
    print(f"Credential exchange ID : {exchange_id}")
    print("Agent Protocol Role : ", role)
    print("Protocol State : ", state )
    print("\n---------------------------------------------------\n")
    
    
    if state == "offer_sent":
        proposal = payload["credential_proposal_dict"]
        attributes = proposal['credential_proposal']['attributes']

        print(f"Offering credential with attributes  : {attributes}")
        ## YOUR LOGIC HERE
    elif state == "request_received":
        print("Request for credential received")
        ## YOUR LOGIC HERE
    elif state == "credential_sent":
        print("Credential Sent")
        ## YOUR LOGIC HERE
    
issuer_listener = {
    "topic": "issue_credential",
    "handler": issuer_handler
}

listeners.append(issuer_listener)

In [7]:
agent_controller.register_listeners(listeners)

## Store Issuing Schema and Cred Def Identifiers

If you intend for this agent to issue credentials you should first initialise your agent as an issuer and author the relevant identifiers to the public ledger. The issuer_initialisation recipe notebook can be duplicated and used as a starting point.

Once schema and cred def identifiers are created copy across and store in variables as illustrated in the cell below. Be sure to use unique names for each variable.

In [8]:
schema_id='FcxPAqjKdAERAAUz6Bi5YT:2:aries_playground:0.0.1'
cred_def_id='FcxPAqjKdAERAAUz6Bi5YT:3:CL:9912:default'

# %store <schema_id>
# %store <cred_def_id>

## Load any Identifiers from Store

If you are writing your logic across multiple notebooks, which I have found can make it easier to break things up, then rather than defining the schema and cred def identifiers every time it can be easier to load them from the jupyter store. Note: this assumes they have been written to the store in a previous notebook during the time the current docker containers have been running.

In [None]:
# %store -r <schema_id>
# %store -r <cred_def_id>

## Establish Connection

Before you can issue a credential you must first establish a connection across which the credential will be issued to a holder. (see recipes/connection)

In [9]:
# Alias for invited connection
alias = "Friend"
auto_accept = "true"
# Use public DID?
public = "false"
# Should this invitation be usable by multiple invitees?
multi_use = "false"

invitation_response = await agent_controller.connections.create_invitation(alias, auto_accept, public, multi_use)
# Is equivalent to above. Arguments are optionally
# invitation_response = await agent_controller.connections.create_invitation()



# You will use this identifier to issue a credential across this connection
connection_id = invitation_response["connection_id"]

----------------------------------------------------------
Connection Webhook Event Received
Connection ID :  17e96a4e-37bb-423d-8951-427d2df342af
State :  invitation
Routing State :  none
Their Role :  invitee
----------------------------------------------------------


## Share Invitation Object with External Agent

In [10]:
invitation = invitation_response["invitation"]
## Copy this output
print(invitation)

{'@type': 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation', '@id': '1ca3cc90-5dd3-47f1-9122-3af766d86069', 'serviceEndpoint': 'https://8e55-86-18-68-143.ngrok.io', 'recipientKeys': ['EcHYGcUAe7hELoXrRKNz7MYV2boW8W7kKckmScFL7DaL'], 'label': 'Issuer'}
----------------------------------------------------------
Connection Webhook Event Received
Connection ID :  17e96a4e-37bb-423d-8951-427d2df342af
State :  request
Routing State :  none
Their Role :  invitee
----------------------------------------------------------
----------------------------------------------------------
Connection Webhook Event Received
Connection ID :  17e96a4e-37bb-423d-8951-427d2df342af
State :  response
Routing State :  none
Their Role :  invitee
----------------------------------------------------------
----------------------------------------------------------
Connection Webhook Event Received
Connection ID :  17e96a4e-37bb-423d-8951-427d2df342af
State :  active
Routing State :  none
Their Role :  

## Display Invite as QR Code

This is useful if you wish to issue a credential to a mobile wallet.

In [None]:
import qrcode
# Link for connection invitation
invitation_url = invitation_response["invitation_url"]
# Creating an instance of qrcode
qr = qrcode.QRCode(
        version=1,
        box_size=5,
        border=5)
qr.add_data(invitation_url)
qr.make(fit=True)
img = qr.make_image(fill='black', back_color='white')
img

## Populate Credential Attributes

Before you can issue a credential, you must define the values that will be issued in this credential. The attribute names **MUST** match those in the schem identified by the <schema_id> value.

Make sure to change all code enclosed with <>.


In [11]:
comment=input("Please enter some comment: ")
credential_attributes = [
    {"name": "comment", "value": comment},
]
print(credential_attributes)

Please enter some comment:  This is awesome


[{'name': 'comment', 'value': 'This is awesome'}]


## Send Credential

This is the easiest way to issue a credential because it automates the rest of the protocol steps. 

Note: The `connection_id` must be in the active state before a credential can be sent.

In [12]:
# Do you want the ACA-Py instance to trace it's processes (for testing/timing analysis)
trace = False
comment = ""
# Remove credential record after issued?
auto_remove = True

# Change <schema_id> and <cred_def_id> to correct pair. Cred_def_id must identify a definition to which your agent has corresponding private issuing key.
send_cred_response = await agent_controller.issuer.send_credential(connection_id, schema_id, cred_def_id, credential_attributes, comment, auto_remove, trace)

# Note last three args are optional.
# await agent_controller.issuer.send_credential(connection_id, <schema_id>, <cred_def_id, credential_attributes)


---------------------------------------------------

Handle Issue Credential Webhook
Connection ID : 17e96a4e-37bb-423d-8951-427d2df342af
Credential exchange ID : 58ec3ca9-11e8-42c9-ba7c-c887a23e2e64
Agent Protocol Role :  issuer
Protocol State :  offer_sent

---------------------------------------------------

Offering credential with attributes  : [{'name': 'comment', 'value': 'This is awesome'}]

---------------------------------------------------

Handle Issue Credential Webhook
Connection ID : 17e96a4e-37bb-423d-8951-427d2df342af
Credential exchange ID : 58ec3ca9-11e8-42c9-ba7c-c887a23e2e64
Agent Protocol Role :  issuer
Protocol State :  request_received

---------------------------------------------------

Request for credential received

---------------------------------------------------

Handle Issue Credential Webhook
Connection ID : 17e96a4e-37bb-423d-8951-427d2df342af
Credential exchange ID : 58ec3ca9-11e8-42c9-ba7c-c887a23e2e64
Agent Protocol Role :  issuer
Protocol State

## Optional: Revoke Credential

Only possible if the credential issued used a revocable credential definition. (see support_revocation flag in write_cred_def() function).

There are two approachs to revoke an revocable credential

### Option 1: Use credential Exchange ID

Note: In a SSI application as an issuer you are might want to keep track of the identifiers for credential echange records. These can be used to retrieve records stored by the agent and also be used to identify a credential to revoke
Note though that applications might not wish to retain these records as they contain sensitive PII

In [35]:
record_id = send_cred_response["credential_exchange_id"]
try:
    record = await agent_controller.issuer.get_record_by_id(record_id)
except:
    print("Record not found. Did your agent automatically remove it?")

if record:
    # For revoke_credential() you only need to provide (cred_ex_id) OR (rev_reg_id AND cred_rev_id).
    response = await agent_controller.revocations.revoke_credential(record_id, publish=True)
    response

### Option 2: Remove Credential using the Registry and Credential Revocation ID

Does not currently work because of bug in code

In [15]:
registry = await agent_controller.revocations.get_active_revocation_registry_by_cred_def(cred_def_id)
print(registry)

{'result': {'issuer_did': '3JgxmaQ5kPctWA9AeVK4Uy', 'updated_at': '2021-05-10 14:56:03.084788Z', 'state': 'active', 'revoc_reg_id': '3JgxmaQ5kPctWA9AeVK4Uy:4:3JgxmaQ5kPctWA9AeVK4Uy:3:CL:211160:default:CL_ACCUM:ca02d4b5-d9cd-4c01-8782-8b9cd69ba802', 'tag': 'ca02d4b5-d9cd-4c01-8782-8b9cd69ba802', 'created_at': '2021-05-10 14:55:57.158589Z', 'max_cred_num': 1000, 'revoc_reg_entry': {'ver': '1.0', 'value': {'accum': '21 12AF91202A3598FDEE55F77A006495DF1BC7B5854847AAA6E349346182D194904 21 12592B44CE3989F6E65123DAF954705473B6DDC6AD88FDE8A0F996914C92A94EC 6 6B26EF8D9B0F6326AF96E5C8F0EBA0EE998FD16442BE0F5DF2946F72CE82E7FF 4 1C2BCCFC10A5D83CFA4C706865AB3A31400BDAAAB359141064DD2D68BEB55E22 6 8068EEB392199785B0D7059CFDE524BF95AA533B2EDA0FD5363002B6F69ADA0A 4 24AA66458B0519040DEEB0BF17FAD971D3105213DFCAE88157F526D08EB570FD'}}, 'cred_def_id': '3JgxmaQ5kPctWA9AeVK4Uy:3:CL:211160:default', 'revoc_def_type': 'CL_ACCUM', 'revoc_reg_def': {'ver': '1.0', 'id': '3JgxmaQ5kPctWA9AeVK4Uy:4:3JgxmaQ5kPctWA9AeV

In [26]:
revoc_reg_id = registry["result"]["revoc_reg_id"]

In [28]:
# Public revocation registry update to ledger
publish = True
# Believe this is index in rev registry starting from 1 also must be a string. Bit weird
cred_rev_id = "1"
response = await agent_controller.revocations.revoke_credential(cred_rev_id = cred_rev_id, rev_reg_id = revoc_reg_id, publish=True)

ClientResponseError: 422, message='Unprocessable Entity', url=URL('http://alice-agent:3021/revocation/revoke')

[0m[?7h[0;34mError during POST /revocation/revoke: 422, message='Unprocessable Entity', url=URL('http://alice-agent:3021/revocation/revoke')[0m
[0m

## Terminate Controller

Whenever you have finished with this notebook, be sure to terminate the controller. This is especially important if your business logic runs across multiple notebooks.

In [None]:
await agent_controller.terminate()