traction icon indicating copy to clipboard operation
traction copied to clipboard
verified publisher icon bcgov

Connecting to BC Wallet does not complete with OOB invitations

Open loneil opened this issue 1 year ago • 15 comments

Tracking the issues I've seen scanning invitation QR codes with the BC Wallet when creating an invitation through the Tenant UI. Not sure if these are a specific ACA-Py problem, or if it's an issue with the BC Wallet app? If existing issues I can close this one.

This is using Traction in the Dev environment with a Tenant that's on the bcovrin-test ledger.

image

Same type of issue with both Single and Multi use. Not setting anything in the optional settings.

Note we are able to connect Traction Tenant to (another) Traction Tenant through OOB successfully.

Creating an OOB single use from the TenantUI and scanning QR with Trac

  • Wallet appears to successfully connect in the BC Wallet, a connection appears in the wallet,
  • can message but the messages don't seem to go to Traction Tenant (nothing logged or anything)
  • Connection does not progress in Traction, stays in state: invitation

There is a problem in the callback in the Traction Tenant ACA-Py logs when scanning. ValueError: Bad specification did:peer:1zQmR4vLev39FVRRWfoJQp9BjfEu1CuHnxo69qLqwPnE4jJJ does not correspond to a sovrin DID

2024-01-18 21:39:48,880 None INFO /home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/protocols/routing/v1_0/manager.py:63 >>> fetching routing record for verkey: G3Bo3MuQwFygxLe9zdM8Lt1F7FyLsmG18LWR1AMBeLiN
2024-01-18 21:39:48,903 None INFO /home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/protocols/routing/v1_0/manager.py:68 >>> FOUND routing record for verkey: G3Bo3MuQwFygxLe9zdM8Lt1F7FyLsmG18LWR1AMBeLiN
2024-01-18 21:39:48,932 None INFO /home/aries/.venv/lib/python3.9/site-packages/aiohttp/web_log.py:206 10.97.0.1 [18/Jan/2024:21:39:48 +0000] "POST / HTTP/1.1" 200 149 "-" "okhttp/4.9.2"
2024-01-18 21:39:48,949 None WARNING /home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/connections/base_manager.py:755 No corresponding DID found for sender verkey: Bjr4fdTdqzqKXATFG3ESJe5hDEYT8Kh2YtBhNmQwcJoY
2024-01-18 21:39:48,953 None WARNING /home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/connections/base_manager.py:777 No corresponding DID found for recipient verkey: G3Bo3MuQwFygxLe9zdM8Lt1F7FyLsmG18LWR1AMBeLiN
2024-01-18 21:39:48,967 None ERROR /home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/core/conductor.py:580 Exception in message handler:
Traceback (most recent call last):
    File "/usr/local/lib/python3.9/asyncio/tasks.py", line 256, in __step
        result = coro.send(None)
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/core/dispatcher.py", line 253, in handle_message
        await handler(context, responder)
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/protocols/didexchange/v1_0/handlers/request_handler.py", line 39, in handle
        conn_rec = await mgr.receive_request(
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/protocols/didexchange/v1_0/manager.py", line 486, in receive_request
        conn_did_doc = await self.verify_diddoc(wallet, request.did_doc_attach)
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/protocols/didexchange/v1_0/manager.py", line 943, in verify_diddoc
        return DIDDoc.deserialize(json.loads(signed_diddoc_bytes.decode()))
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/connections/models/diddoc/diddoc.py", line 248, in deserialize
        rv = DIDDoc(did_doc["id"])
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/connections/models/diddoc/diddoc.py", line 57, in __init__
        self._did = canon_did(did) if did else None # allow specification post-hoc
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/connections/models/diddoc/util.py", line 57, in canon_did
        raise ValueError(
ValueError: Bad specification did:peer:1zQmR4vLev39FVRRWfoJQp9BjfEu1CuHnxo69qLqwPnE4jJJ does not correspond to a sovrin DID
2024-01-18 21:39:48,968 None ERROR /home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/core/conductor.py:594 DON'T shutdown on ValueError Bad specification did:peer:1zQmR4vLev39FVRRWfoJQp9BjfEu1CuHnxo69qLqwPnE4jJJ does not correspond to a sovrin DID
2024-01-18 21:39:48,968 None ERROR /home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/core/dispatcher.py:80 Handler error: Dispatcher.handle_message
Traceback (most recent call last):
    File "/usr/local/lib/python3.9/asyncio/tasks.py", line 256, in __step
        result = coro.send(None)
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/core/dispatcher.py", line 253, in handle_message
        await handler(context, responder)
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/protocols/didexchange/v1_0/handlers/request_handler.py", line 39, in handle
        conn_rec = await mgr.receive_request(
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/protocols/didexchange/v1_0/manager.py", line 486, in receive_request
        conn_did_doc = await self.verify_diddoc(wallet, request.did_doc_attach)
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/protocols/didexchange/v1_0/manager.py", line 943, in verify_diddoc
        return DIDDoc.deserialize(json.loads(signed_diddoc_bytes.decode()))
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/connections/models/diddoc/diddoc.py", line 248, in deserialize
        rv = DIDDoc(did_doc["id"])
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/connections/models/diddoc/diddoc.py", line 57, in __init__
        self._did = canon_did(did) if did else None # allow specification post-hoc
    File "/home/aries/.venv/lib/python3.9/site-packages/aries_cloudagent/connections/models/diddoc/util.py", line 57, in canon_did
        raise ValueError(
ValueError: Bad specification did:peer:1zQmR4vLev39FVRRWfoJQp9BjfEu1CuHnxo69qLqwPnE4jJJ does not correspond to a sovrin DID

Creating an OOB multi use from the TenantUI and scanning QR with Traction

  • Same as single on wallet side (connects but messages don't go through)
  • A separate Connection gets created (as with successful multi use scans), but stays in request state
  • Same type of error as above

loneil avatar Jan 19 '24 01:01 loneil

I'm not sure we support did:peer:1 in ACA-Py, but not certain. @dbluhm @Jsyro, can you please remind me? We don’t need to emit a DID:peer:1, but it would be good to be able to receive one in a DIDComm connection.

Next issue is the verification of the DID types we support. This is the second time this week this issue has come (Issue 2714 in ACA-Py. For now, lets track them down as we hit them and get the correct verification check in place. Likely this is doing a “indyDID” validation instead of “supportedDID” verification — something like that.

swcurran avatar Jan 19 '24 17:01 swcurran

Nice to track down where the ACA-Py problem is and add an ACA-Py issue.

swcurran avatar Jan 19 '24 17:01 swcurran

Also — we want BC Wallet to use (ideally) peer:did:4 — I’ll see if that is feasible.

swcurran avatar Jan 19 '24 17:01 swcurran

@swcurran We support resolving did:peer:1 that we've received in a did exchange now. That's in main but not in a release yet.

dbluhm avatar Jan 19 '24 17:01 dbluhm

Awesome - thanks @dbluhm — good to know. I think we need to push a release out. Lots in the pipeline.

swcurran avatar Jan 19 '24 17:01 swcurran

That does mean we still have to eliminate the overly aggressive validation check. @loneil — great if you could track down where that is happening and raise the issue in the ACA-Py repo.

swcurran avatar Jan 19 '24 17:01 swcurran

@swcurran I just ran a quick test; on 0.11.0, the overly aggressive validation is present (as we see here in this report). On nightly, we passed the validation and it was actually the version of AFJ I was testing against that failed on processing our response from ACA-Py. So I think this is resolved in 0.12.0rc0.

dbluhm avatar Jan 24 '24 20:01 dbluhm

Ah great, thanks for the info @dbluhm . I'm going to try tests with 0.12.0rc0 when I have a moment so can try this out with that.

loneil avatar Jan 24 '24 21:01 loneil

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Feb 24 '24 02:02 github-actions[bot]

Testing this in ACA-Py 0.12.0rc2 I no longer run into ValueError: Bad specification did:peer:1zQmR4vLev39FVRRWfoJQp9BjfEu1CuHnxo69qLqwPnE4jJJ does not correspond to a sovrin DID type errors so that is probably the validation fix @swcurran and @dbluhm are mentioning.

However the behaviour of the issue seems to remain (mostly) the same as described in this issue.

For single and multi use OOB invitations I can accept them in the BC Wallet and the connection still appears to be finishing on the wallet side (though it does spin on the "making a connection screen), however on the Traction tenant I still see the connection only progressing to response and messages sent from the wallet don't appear to go through.

So might be additional issue that needs investigating on the BC Wallet (or Bifold? or Credo?) side with sending a response back... not sure. Can follow up at a later time

So the validation error seen on ACA-Py is no longer there, but I will leave this ticket open until determining cause or raising with wallet/credo side.

Traction logs when scanning OOB invitation with BC Wallet

2024-03-07 23:58:06,971 aiohttp.access INFO 10.97.210.159 [07/Mar/2024:23:58:06 +0000] "GET /connections HTTP/1.0" 200 1816 "https://pr-1025-traction-tenant-ui-dev.apps.silver.devops.gov.bc.ca/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
2024-03-07 23:58:19,068 aries_cloudagent.protocols.routing.v1_0.manager INFO >>> fetching routing record for verkey: CGbKM9Nu88psngDFcuB41K7EviTWqMQuW3WMWMBvDXVM
2024-03-07 23:58:19,073 aries_cloudagent.protocols.routing.v1_0.manager INFO >>> FOUND routing record for verkey: CGbKM9Nu88psngDFcuB41K7EviTWqMQuW3WMWMBvDXVM
2024-03-07 23:58:19,078 aiohttp.access INFO 10.97.28.1 [07/Mar/2024:23:58:19 +0000] "POST / HTTP/1.1" 200 149 "-" "okhttp/4.9.2"
2024-03-07 23:58:19,082 aries_cloudagent.connections.base_manager WARNING No corresponding DID found for sender verkey: 3YuEyUAD4oMmpGiFVah5ytvPGwkGGJxz2jd9AcagVigF
2024-03-07 23:58:19,084 aries_cloudagent.connections.base_manager WARNING No corresponding DID found for recipient verkey: CGbKM9Nu88psngDFcuB41K7EviTWqMQuW3WMWMBvDXVM
2024-03-07 23:58:19,169 traction_plugins.traction_innkeeper.v1_0.endorser.endorser_connection_service INFO > connections_event_handler
2024-03-07 23:58:19,170 traction_plugins.traction_innkeeper.v1_0.endorser.endorser_connection_service INFO < connections_event_handler
2024-03-07 23:58:19,185 aries_cloudagent.multitenant.route_manager INFO Add route record for recipient H2cvtePmYrRbAncRP17yGuwd2T4X5nEM4Bw8w3ZYgzNn to wallet 30d67ebf-a775-4132-8995-e1b049addca8
2024-03-07 23:58:19,186 aries_cloudagent.protocols.routing.v1_0.manager INFO >>> creating routing record for verkey: H2cvtePmYrRbAncRP17yGuwd2T4X5nEM4Bw8w3ZYgzNn
2024-03-07 23:58:19,190 aries_cloudagent.protocols.routing.v1_0.manager INFO >>> CREATED routing record for verkey: H2cvtePmYrRbAncRP17yGuwd2T4X5nEM4Bw8w3ZYgzNn
2024-03-07 23:58:19,195 traction_plugins.traction_innkeeper.v1_0.endorser.endorser_connection_service INFO > connections_event_handler
2024-03-07 23:58:19,195 traction_plugins.traction_innkeeper.v1_0.endorser.endorser_connection_service INFO < connections_event_handler
2024-03-07 23:58:22,418 aiohttp.access INFO 10.97.210.159 [07/Mar/2024:23:58:22 +0000] "GET /status/ready HTTP/1.0" 200 172 "-" "kube-probe/1.26"

loneil avatar Mar 08 '24 00:03 loneil

@ianco perhaps you can work on this with @loneil as you wrap up your “reuse” work. This is in the same area. Ideally, you can do a Zoom session together so @loneil can demonstrate the issue in an setup environment and @ianco can see what is going on.

swcurran avatar Mar 08 '24 03:03 swcurran

I think https://github.com/hyperledger/aries-cloudagent-python/pull/2748 and AFJ/Credo version >= 0.5.0 will be required to complete an OOB exchange with ACA-Py from the BC Wallet

dbluhm avatar Mar 08 '24 22:03 dbluhm

If we add support for emitting did:peer:1 to ACA-Py, we could get away with AFJ/Credo versions < 0.5.0

dbluhm avatar Mar 08 '24 22:03 dbluhm

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Apr 08 '24 02:04 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar Apr 14 '24 03:04 github-actions[bot]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar May 16 '24 02:05 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar May 22 '24 02:05 github-actions[bot]

Reopening as we're on 0.12.x (and trying 1.0.0) and Credo 0.5.x and still seeing with BC Wallet. Will track this for investigations

loneil avatar Jul 23 '24 20:07 loneil

Tested in https://github.com/bcgov/traction/pull/1279

Fix from https://github.com/hyperledger/aries-cloudagent-python/pull/3050 did the trick

loneil avatar Jul 25 '24 22:07 loneil