ACA-PY Java Client Library

Convenience library based on okhttp and gson to interact with aries cloud agent python (aca-py) instances.

Use it in your project

<dependency>
   <groupId>network.idu.acapy</groupId>
   <artifactId>aries-client-python</artifactId>
   <version>0.10.0</version>
</dependency>

FAQ

1. Why don't you use swagger codegen?

   For a long time aca-py's swagger.json was not really in sync with the code base. This has been hugely improved lately, so I started to generate model classes based on the stable releases found on dockerhub. There are still issues with complex structures, so one can not simply use the models 1:1, instead each one has to be checked manually before using it. This is tedious work and might take a while to complete. Also, the api is complex so that I found it useful to introduce helper methods directly in the model classes to make them more accessible.

2. Why is endpoint X, or field Y missing?

   aca-py's api is changing rapidly with each release, and until most of the classes are using the generated models this can happen. So, if you are missing something create a PR with a fix or open an issue.

Version Compatibility

Implemented Endpoints

Client Examples

Sending Requests: Create the aca-py Rest Client

The rest client is used to send requests against aca-py's admin rest endpoint.

Related aca-py config flags are: --admin <host> <port>, --admin-api-key <api-key>

The default assumes you are running against a single wallet. In case of multi tenancy with base and sub wallets the bearerToken needs to be set as well.

Example aca-py config flags:

--admin 0.0.0.0 8031
--admin-api-key secret

Example client builder:

AriesClient ac = AriesClient
        .builder()
        .url("http://localhost:8031") // optional - defaults to localhost:8031
        .apiKey("secret") // optional - admin api key if set
        .bearerToken("123.456.789") // optional - jwt token - only when running in multi tenant mode
        .build();

Receiving Events: Webhook and Websocket Handler Support

With aca-py you have three options on how to receive status changes:

1. Poll the rest API - this is not recommended
2. Register a webhook URL
3. Connect to aca-py's websocket

Webhook

Related aca-py config flag: --webhook-url <url#api_key>

Single Tenant Controller Example

If running a single wallet and not in multi tenant mode.

Example aca-py config flag: --webhook-url http://localhost:8080/webhook

@Controller
public class WebhookController {

   private EventHandler handler = new EventHandler.DefaultEventHandler();

   @Post("/webhook/topic/{topic}")
   public void handleWebhookEvent(
           @PathVariable String topic,
           @Body String payload) {
      handler.handleEvent(topic, payload);
   }
}

Multi Tenant Example

If running in multi tenant mode.

Example aca-py config flags:

--webhook-url http://localhost:8080/webhook
--multitenant
--jwt-secret 1234
--multitenant-admin

Example multi tenant webhook controller

@Controller
public class WebhookController {

   private EventHandler handler = new TenantAwareEventHandler.DefaultTenantAwareEventHandler();

   @Post("/webhook/topic/{topic}")
   public void handleWebhookEvent(
           @PathVariable String topic,
           @Body String payload,
           HttpRequest request) {
      String walletId = request.getHeaders().get("x-wallet-id");
      handler.handleEvent(walletId, topic, payload);
   }
}

Websocket

If the admin api is enabled aca-py also supports a websocket endpoint under ws(s)://<host>:<admin-port>/ws

Example aca-py config flag: --admin 0.0.0.0 8031

To connect with the websocket you can use the AriesWebSocketClient like:

@Factory
public class AriesSocketFactory {

   @Value("${acapy.ws.url}")
   private String url;
   @Value("${acapy.admin.apiKey}")
   private String apiKey;
   
   @Singleton
   @Bean(preDestroy = "closeWebsocket")
   public AriesWebSocketClient ariesWebSocketClient() {
      return AriesWebSocketClient
              .builder()
              .url(url) // optional - defaults to ws://localhost:8031/ws
              .apiKey(apiKey) // optional - admin api key if set
              .handler(new EventHandler.DefaultEventHandler()) // optional - your handler implementation
              // .bearerToken(bearer) // optional - jwt token - only when running in multi tenant mode
              .build();
   }
}

Writing Custom Event Handlers

To add your own event handler implementation to use in webhooks or in the websocket client, you can either extend or instantiate one of the following classes:

1. EventHandler
2. TenantAwareEventHandler
3. ReactiveEventHandler

All classes take care of type conversion so that you can immediately start implementing your business logic.

Basic EventHandler

@Singleton
public class MyHandler extends EventHandler {
    @Override
    public void handleProof(PresentationExchangeRecord proof) {
        if (proof.roleIsVerifierAndVerified()) {    // received a validated proof
            MyCredential myCredential = proof.from(MyCredential.class);
            // If the presentation is based on multiple credentials this can be done multiple times
            // given that the POJO is annotated with @AttributeGroup e.g.
            MyOtherCredential otherCredential = proof.from(MyOtherCredential.class);
        }
    }
}

Reactive Event Handler

As the websocket client already implements the EventHandler interface you can directly use it like:

AriesWebSocketClient ws = AriesWebSocketClient.builder().build();

// do some stuff, create a connection, or receive invitation

// blocking wait 
ConnectionRecord active = ws.connection()
    .filter(ConnectionRecord::stateIsActive)
    .blockFirst(Duration.ofSeconds(5));
// none blocking
ws.connection()
    .filter(ConnectionRecord::stateIsActive)
    .subscribe(System.out::println);

A Word on Credential POJO's

The library assumes credentials are flat Pojo's like:

@Data @NoArgsConstructor @Builder
@AttributeGroupName("referent") // the referent that should be matched in the proof request
public final class MyCredential {
   private String street;

   @AttributeName("e-mail")
   private String email;       // schema attribute name is e-mail

   @AttributeName(excluded = true)
   private String comment;     // internal field
}

How fields are serialised/deserialized can be changed by using the @AttributeName or @AttributeGroupName annotations.

Create a connection

ac.connectionsReceiveInvitation(
        ReceiveInvitationRequest.builder()
            .did(did)
            .label(label)
            .build(), 
        ConnectionReceiveInvitationFilter
            .builder()
            .alias("alias")
            .build())    
.ifPresent(connection -> {
    log.debug("{}", connection.getConnectionId());
});

Issue a Credential

MyCredential myCredential = MyCredential
        .builder()
        .email("[email protected]")
        .build();
ac.issueCredentialSend(
        new V1CredentialProposalRequest(connectionId, credentialdefinitionId, myCredential));

Present Proof Request

PresentProofRequest proofRequest = PresentProofRequestHelper.buildForEachAttribute(
    connectionId,
    MyCredential.class,
    ProofRestrictions.builder()
        .credentialDefinitionId(credentialDefinitionId)
        .build());
ac.presentProofSendRequest(proofRequest);

Build Connectionless Proof Request

Connectionless proofs are more a thing of mobile wallets, because mostly they involve something that is presented to a human like a barcode, but the java client supports this by providing models and builders.

A flow has the usually following steps:

1. The user is presented with a QRCode that contains an invitation URL like: https://myhost.com/url/1234
2. The server side HTTP handler of this URL responds with an HTTP.FOUND response that has the proof request encoded in the m parameter
3. The mobile wallet tries to match a stored credential, and then responds with a proof presentation if possible
4. The server side WebhookHandler waits for the proof and then triggers further actions

@Get("/url/{requestId}")
public HttpResponse<Object> connectionLessProof(@QueryValue String requestId) {
    boolean matchingRequest = false; // TODO manage request states
    String proofRequestBase64 = ""; // TODO on how to build this see the example below
    if (matchingRequest) {
        return HttpResponse
                .status(HttpStatus.FOUND)
                .header("location", deploymentUri + "?m=" + proofRequestBase64;
    }
    return HttpResponse.notFound();
}

Proof Request Builder Example

ProofRequestPresentationBuilder builder = new ProofRequestPresentationBuilder(ariesClient);

PresentProofRequest presentProofRequest = PresentProofRequestHelper.buildForEachAttribute(
        connectionId,
        List.of("name", "email"),
        ProofRestrictions
            .builder()
            .schemaId("WgWxqztrNooG92RXvxSTWv:2:schema_name:1.0")
            .build());

Optional<String> base64 = builder.buildRequest(presentProofRequest);