-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: mediation routing keys as did key #2516
fix: mediation routing keys as did key #2516
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I've got some integration test issues to sort out. |
need to run tests successfully
Ok, that's good to hear actually. My run of BDD wasn't working (hanging?) but I figured you had run them and that it was just my machine acting up (as it did earlier today) and figured it was time for a reboot. I'll cancel the review/approval and try running BDD after your updates. |
A new development: given our recent tightening up of DID Doc semantics and using PyDID to interact with DID Documents, it came to my attention that we were out of spec with the I have corrected our implementation to send and expect This might present an interop challenge. I'll see if I can check in with AFJ's DID Exchange/OOB implementation and see what it is expecting. |
My investigation suggests that AFJ will accept either a DID Key or a DID Key reference. However, it will emit just a DID Key, not a DID Key reference, in OOB invitations but sends references in the DID Docs it forms for DID Exchange... Perhaps I can adjust things to accept either in OOB but emit the full references for any we send out. |
Ran changes locally...BDD tests look good by pytests are failing. |
We ran into this issue in the AFJ implementation of OOB, but as the RFC just used keys (no reference) and ACA-Py's implementation also did that we went for the non-key reference. I think there is an issue somewhere (but it could also be that this was discussed in discord) |
FYI -- when I ran the AATH acapy run set, the following two tests fail:
To run the specific tests use, update
Example error from run:
|
This PR is now ready for review. I ended up trimming out some additional unused code relating to the previously removed old routing protocol and "inbound connection" handling on the I've adjusted the implementation to make sure that either did:key or the full did:key references are accepted in out-of-band invitations. With the changes from #2536, did:key or did:key refs can be accepted in connections/did exchange protocols. We will always emit did:key refs for both OOB and DIDExchange. AFJ should be able to process this but other agents may have trouble if they were slightly out of spec like ACA-Py was. |
Lots of poking around today and running tests and AATH. Moving on to AATH... there are issues that we need to address in that repo. We need to update Next there is an actual issue with the tests. When there are no inbound transports, the backchannel code doesn't create an endpoint parameter, so we hit an ACA-py config error.
Simple enough to add a default However, then you hit another config error: I am not sure how this scenario ever ran successfully since the test is to not have inbound transport and for 3 years that configuration has been required. At least from what I can see. WIth ALL of that being said, this branch/PR does have an issue to address that is uncovered in AATH... routing keys not Ed25519VerificationKey2018.
fails with:
fails with:
|
That seems like a long comment, but think it boils down to a routing keys fix, and we add issues to AATH for some other things. |
Thanks for the testing @usingtechnology! I'll dig into this when I get a chance. |
I'm able to reproduce the issue in my own test environment. Interestingly, it's specific to the connection protocol Admin API. DID Exchange is working fine. Looks like it's a matter of the connection invitation schema being picky about what the routing keys look like. |
After double checking the RFC for the connection protocol, it does actually say that the routing keys must be raw keys and not references. I'll make sure these changes keep that consistent. |
@usingtechnology @swcurran this PR is ready for review! |
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Don't reinstall all deps just because some local code changed Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
This enables retrieving the base mediation record in connection protocol managers without the managers having to be aware of multitenancy specifics. Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
This makes it more convenient to call from connection protocol managers Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
This makes it easier to call from protocol managers Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
This makes it easier to call from protocol managers Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
In connection protocol. Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
756b513
to
a8cf6ad
Compare
Ran it against the AATH test suite and all passed. Mind you — that was before the 23 commits that @dbluhm just added. Do I need to re-run the AATH test, Daniel? |
Yeah, I think another round of testing is appropriate. |
AATH update requirements-main.txt
Still get the errors like:
|
@usingtechnology I think the commit to checkout should be a8cf6ad |
FYI — when I run PR tests in AATH, I update the requirements-main.txt file to:
So for this one:
|
When I use the correct commit hash, all looks good. pytests and AATH all check out. Great work! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 👍 - pytests and AATH all check out.
Kudos, SonarCloud Quality Gate passed! |
This PR is a minor rethink to #2502; as discussed in my comment on that PR, I think I/we went a bit too far with base58 to did:key normalization. This is the minimum set of changes required to fix the two issues.
Fixes #2492.
Fixes #2357.
These changes also cause did:keys to be sent out in mediation grant messages and, subsequently, connections/did exchange as the
routingKeys
in the DID Document. This has interop implications. A big motivator for these changes however is to enable AFJ/Bifold based agents to connect through a public DID with mediation where AFJ/Bifold is expecting did:keys in the routing keys in the endpoint attrib. So this should help push us towards "good" interop and should only break "bad" interop.Updates: This PR has evolved. Here is the current state of the changes.