search

openwallet-foundation / acapy

ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments.
https://aca-py.org
Apache License 2.0
419 stars 512 forks source link

Breaking Bug: hard coded wallet seed in aca-py can't use a different public did #121

Closed SmithSamuelM closed 5 years ago

SmithSamuelM commented 5 years ago

When using aca-py (but with working around this fatal error https://github.com/hyperledger/aries-cloudagent-python/issues/120). I try to run aca-py with a different --seed (wallet seed) than that used by the faber.py agent.

I first go to the von-network web browser and register a new did with a seed. This seed.

0123456789ABCDEF0123456789ABCDEF

dentity successfully registered:

Seed: 0123456789ABCDEF0123456789ABCDEF DID: 3avoBCqDMFHFaKUHug9s8W Verkey: 2QiWG18JjfjUFQMk8xdmhyphRzmbveaYbGM3R8iPbiBx

I then provide this seed to aca-py I then run aca-py with the following command line options:

$ aca-py --inbound-transport http 0.0.0.0 8020 --outbound-transport http --log-level debug --endpoint http://localhost:8020 --label FaberAgent  --seed 0123456789ABCDEF0123456789ABCDEF --pool-name localindypool --admin 0.0.0.0 8021 --admin-insecure-mode --accept-invites --accept-requests --auto-ping-connection --auto-respond-messages --auto-respond-credential-offer --auto-respond-presentation-request --auto-verify-presentation --wallet-key faber_agent_186191 --wallet-name faber_wallet_186191 --wallet-type indy --genesis-url http://localhost:9000/genesis

The following error occurs

2019-08-03 19:50:52,931 asyncio ERROR Task exception was never retrieved
future: <Task finished coro=<start_app() done, defined at /Data/Code/public/hyperledger/aries/cloudagentpy/aries_cloudagent/__init__.py:27> exception=StartupError("New seed provided which doesn't match the registered public did VYb4UdJiKPVAG76YDiHLPb")>
Traceback (most recent call last):
  File "/Data/Code/public/hyperledger/aries/cloudagentpy/aries_cloudagent/__init__.py", line 30, in start_app
    await conductor.start()
  File "/Data/Code/public/hyperledger/aries/cloudagentpy/aries_cloudagent/conductor.py", line 163, in start
    + f" public did {public_did_info.did}"
aries_cloudagent.error.StartupError: New seed provided which doesn't match the registered public did VYb4UdJiKPVAG76YDiHLPb

The source of the error is the following code

class Conductor:
    """
    Conductor class.

    Class responsible for initializing concrete implementations
    of our require interfaces and routing inbound and outbound message data.
    """
....
    async def start(self) -> None:
        """Start the agent."""

        context = self.context
        # Initialize wallet
        wallet: BaseWallet = await context.inject(BaseWallet)
        wallet_seed = context.settings.get("wallet.seed")
        public_did_info = await wallet.get_public_did()
        public_did = None
        if public_did_info:
            public_did = public_did_info.did
            # If we already have a registered public did and it doesn't match
            # the one derived from `wallet_seed` then we error out.
            # TODO: Add a command to change public did explicitly
            if wallet_seed and seed_to_did(wallet_seed) != public_did_info.did:
                raise StartupError(
                    "New seed provided which doesn't match the registered"
                    + f" public did {public_did_info.did}"
                )
        elif wallet_seed:
            public_did_info = await wallet.create_public_d

Notable is the comment #TODO: Add a combed to change public did explicitly.

This appears to be an oversight that prevents aca-py from being used for anything but a fixed public did for any given wallet.

If I change the wallet name and wallet key then it works

$ aca-py --inbound-transport http 0.0.0.0 8020 --outbound-transport http --log-level debug --endpoint http://localhost:8020 --label FaberAgent  --seed 0123456789ABCDEF0123456789ABCDEF --pool-name localindypool --admin 0.0.0.0 8021 --admin-insecure-mode --accept-invites --accept-requests --auto-ping-connection --auto-respond-messages --auto-respond-credential-offer --auto-respond-presentation-request --auto-verify-presentation --wallet-key super_agent-1 --wallet-name super_agent_1 --wallet-type indy --genesis-url http://localhost:9000/genesis

Suggest add tests that test sane configurations of aca-py that are not the pre baked demo ones. Otherwise these sorts of bugs will go undetected.

Suggest add issue to fix the TODO above.

andrewwhitehead commented 5 years ago

As of PR #127 the --replace-public-did option can be passed to allow replacement of the current public DID.