Upgrading wallet with exsiting indy creds from askar to askar-anoncreds

[cl0ete]

I am testing upgrading holder wallets from askar to askar-anoncreds with existing indy credentials in them.

We run 2 agents in our stack, author (ACAPY_MULTITENANT: true,ACAPY_MULTITENANCY_CONFIGURATION: '{ "wallet_type":"single-wallet-askar", "wallet_name":"multitenant" }', ACAPY_AUTO_VERIFY_PRESENTATION: true) and endorser.

I am able to issue creds into the holder's wallet, askar to askar . (Endorser created the schema used for cred_def)

Calling POST /anoncreds/wallet/upgrade?wallet_name=Holder succeeds with:

{
  "success": true,
  "message": "Upgrade to anoncreds has been triggered for wallet multitenant"
}

Then doing an indy presentation request against the credential attribs in the holder's askar-anoncreds wallet fails with the following error.

2025-02-13 09:36:36,316 acapy_agent.wallet.anoncreds_upgrade INFO Upgrade in process for wallet: multitenant
2025-02-13 09:36:36,333 acapy_agent.utils.classloader DEBUG Successfully loaded class WalletRecordSchema from module acapy_agent.wallet.models.wallet_record
2025-02-13 09:36:36,343 acapy_agent.wallet.anoncreds_upgrade INFO Upgrade of subwallet Holder has completed. Profile is now askar-anoncreds
  ...
2025-02-13 09:36:49,307 nats_events.v1_0.nats_queue.events DEBUG Handling event: <Event topic=acapy::record::present_proof_v2_0::request-received, payload={'connection_id': '43df13d7-4488-4ec8-9546-6c6adba8e5e5', 'pres_ex_id': '042bcb56-23ca-435c-8d9b-ade62b3db05d', 'role': 'prover', 'initiator': 'external', 'auto_verify': False, 'thread_id': 'e4bde822-ac13-4cd6-93ba-677ea180493e', 'state': 'request-received', 'trace': False, 'by_format': {'pres_request': {'indy': {'name': 'Proof', 'requested_attributes': {'hage': {'name': 'age'}}, 'requested_predicates': {}, 'version': '1.0', 'nonce': '950324410938225700350799'}}}, 'created_at': '2025-02-13T09:36:49.300872Z', 'updated_at': '2025-02-13T09:36:49.300872Z'}>
2025-02-13 09:36:49,308 nats_events.v1_0.nats_queue.events DEBUG Published message to subject acapy.record.5baa29f1-5219-4b03-86c4-b2af8042dc9d with payload b'{"payload":{"wallet_id":"5baa29f1-5219-4b03-86c4-b2af8042dc9d","state":"request-received","topic":"acapy::record::present_proof_v2_0::request-received","category":"present_proof_v2_0","payload":{"connection_id":"43df13d7-4488-4ec8-9546-6c6adba8e5e5","pres_ex_id":"042bcb56-23ca-435c-8d9b-ade62b3db05d","role":"prover","initiator":"external","auto_verify":false,"thread_id":"e4bde822-ac13-4cd6-93ba-677ea180493e","state":"request-received","trace":false,"by_format":{"pres_request":{"indy":{"name":"Proof","requested_attributes":{"hage":{"name":"age"}},"requested_predicates":{},"version":"1.0","nonce":"950324410938225700350799"}}},"created_at":"2025-02-13T09:36:49.300872Z","updated_at":"2025-02-13T09:36:49.300872Z"}},"metadata":{"time_ns":1739439409307264055,"x-wallet-id":"5baa29f1-5219-4b03-86c4-b2af8042dc9d","group_id":"SomeGroupId","origin":"Holder"}}'
2025-02-13 09:37:06,134 acapy_agent.admin.server DEBUG Incoming request: GET /present-proof-2.0/records?descending=true&limit=1000&offset=0&order_by=id
2025-02-13 09:37:06,134 acapy_agent.admin.server DEBUG Match info: <MatchInfo {}: <ResourceRoute [GET] <PlainResource  /present-proof-2.0/records> -> <function present_proof_list at 0x74d91d2db7e0>>
2025-02-13 09:37:06,146 acapy_agent.utils.classloader DEBUG Successfully loaded class V20PresRequestSchema from module acapy_agent.protocols.present_proof.v2_0.messages.pres_request
2025-02-13 09:37:06,149 acapy_agent.utils.classloader DEBUG Successfully loaded class V20PresExRecordSchema from module acapy_agent.protocols.present_proof.v2_0.models.pres_exchange
2025-02-13 09:37:06,152 aiohttp.access INFO 127.0.0.6 [13/Feb/2025:09:37:06 +0000] "GET /present-proof-2.0/records?descending=true&limit=1000&offset=0&order_by=id HTTP/1.1" 200 1316 "-" "OpenAPI-Generator/1.2.0-20241205/python"
2025-02-13 09:37:27,246 acapy_agent.admin.server DEBUG Incoming request: GET /present-proof-2.0/records/042bcb56-23ca-435c-8d9b-ade62b3db05d/credentials?limit=1000&offset=0
2025-02-13 09:37:27,246 acapy_agent.admin.server DEBUG Match info: <MatchInfo {'pres_ex_id': '042bcb56-23ca-435c-8d9b-ade62b3db05d'}: <ResourceRoute [GET] <DynamicResource  /present-proof-2.0/records/{pres_ex_id}/credentials> -> <function present_proof_credentials_list at 0x74d91cf38900>>
2025-02-13 09:37:27,253 acapy_agent.utils.classloader DEBUG Successfully loaded class V20PresRequestSchema from module acapy_agent.protocols.present_proof.v2_0.messages.pres_request
2025-02-13 09:37:27,260 aiohttp.access INFO 127.0.0.6 [13/Feb/2025:09:37:27 +0000] "GET /present-proof-2.0/records/042bcb56-23ca-435c-8d9b-ade62b3db05d/credentials?limit=1000&offset=0 HTTP/1.1" 200 583 "-" "OpenAPI-Generator/1.2.0-20241205/python"
2025-02-13 09:37:43,464 acapy_agent.admin.server DEBUG Incoming request: GET /present-proof-2.0/records/042bcb56-23ca-435c-8d9b-ade62b3db05d
2025-02-13 09:37:43,464 acapy_agent.admin.server DEBUG Match info: <MatchInfo {'pres_ex_id': '042bcb56-23ca-435c-8d9b-ade62b3db05d'}: <ResourceRoute [GET] <DynamicResource  /present-proof-2.0/records/{pres_ex_id}> -> <function present_proof_retrieve at 0x74d91cf38360>>
2025-02-13 09:37:43,471 acapy_agent.utils.classloader DEBUG Successfully loaded class V20PresRequestSchema from module acapy_agent.protocols.present_proof.v2_0.messages.pres_request
2025-02-13 09:37:43,474 acapy_agent.utils.classloader DEBUG Successfully loaded class V20PresExRecordSchema from module acapy_agent.protocols.present_proof.v2_0.models.pres_exchange
2025-02-13 09:37:43,476 aiohttp.access INFO 127.0.0.6 [13/Feb/2025:09:37:43 +0000] "GET /present-proof-2.0/records/042bcb56-23ca-435c-8d9b-ade62b3db05d HTTP/1.1" 200 1301 "-" "OpenAPI-Generator/1.2.0-20241205/python"
2025-02-13 09:37:43,478 acapy_agent.admin.server DEBUG Incoming request: GET /present-proof-2.0/records/042bcb56-23ca-435c-8d9b-ade62b3db05d
2025-02-13 09:37:43,478 acapy_agent.admin.server DEBUG Match info: <MatchInfo {'pres_ex_id': '042bcb56-23ca-435c-8d9b-ade62b3db05d'}: <ResourceRoute [GET] <DynamicResource  /present-proof-2.0/records/{pres_ex_id}> -> <function present_proof_retrieve at 0x74d91cf38360>>
2025-02-13 09:37:43,484 acapy_agent.utils.classloader DEBUG Successfully loaded class V20PresRequestSchema from module acapy_agent.protocols.present_proof.v2_0.messages.pres_request
2025-02-13 09:37:43,486 acapy_agent.utils.classloader DEBUG Successfully loaded class V20PresExRecordSchema from module acapy_agent.protocols.present_proof.v2_0.models.pres_exchange
2025-02-13 09:37:43,487 aiohttp.access INFO 127.0.0.6 [13/Feb/2025:09:37:43 +0000] "GET /present-proof-2.0/records/042bcb56-23ca-435c-8d9b-ade62b3db05d HTTP/1.1" 200 1301 "-" "OpenAPI-Generator/1.2.0-20241205/python"
2025-02-13 09:37:43,489 acapy_agent.admin.server DEBUG Incoming request: GET /connections/43df13d7-4488-4ec8-9546-6c6adba8e5e5
2025-02-13 09:37:43,489 acapy_agent.admin.server DEBUG Match info: <MatchInfo {'conn_id': '43df13d7-4488-4ec8-9546-6c6adba8e5e5'}: <ResourceRoute [GET] <DynamicResource  /connections/{conn_id}> -> <function connections_retrieve at 0x74d91d3e0a40>>
2025-02-13 09:37:43,495 acapy_agent.utils.classloader DEBUG Successfully loaded class MaybeStoredConnRecordSchema from module acapy_agent.connections.models.conn_record
2025-02-13 09:37:43,496 aiohttp.access INFO 127.0.0.6 [13/Feb/2025:09:37:43 +0000] "GET /connections/43df13d7-4488-4ec8-9546-6c6adba8e5e5 HTTP/1.1" 200 650 "-" "OpenAPI-Generator/1.2.0-20241205/python"
2025-02-13 09:37:43,533 acapy_agent.admin.server DEBUG Incoming request: GET /credential/42d0197e-70ea-426a-990c-8b94bd213b4e
2025-02-13 09:37:43,533 acapy_agent.admin.server DEBUG Match info: <MatchInfo {'credential_id': '42d0197e-70ea-426a-990c-8b94bd213b4e'}: <ResourceRoute [GET] <DynamicResource  /credential/{credential_id}> -> <function credentials_get at 0x74d91d8f4f40>>
2025-02-13 09:37:43,542 aiohttp.access INFO 127.0.0.6 [13/Feb/2025:09:37:43 +0000] "GET /credential/42d0197e-70ea-426a-990c-8b94bd213b4e HTTP/1.1" 200 512 "-" "OpenAPI-Generator/1.2.0-20241205/python"
2025-02-13 09:37:43,552 acapy_agent.admin.server DEBUG Incoming request: POST /present-proof-2.0/records/042bcb56-23ca-435c-8d9b-ade62b3db05d/send-presentation
2025-02-13 09:37:43,553 acapy_agent.admin.server DEBUG Match info: <MatchInfo {'pres_ex_id': '042bcb56-23ca-435c-8d9b-ade62b3db05d'}: <ResourceRoute [POST] <DynamicResource  /present-proof-2.0/records/{pres_ex_id}/send-presentation> -> <function present_proof_send_presentation at 0x74d91cf5ccc0>>
2025-02-13 09:37:43,553 acapy_agent.admin.server DEBUG Body: {"indy":{"requested_attributes":{"hage":{"cred_id":"42d0197e-70ea-426a-990c-8b94bd213b4e","revealed":true}},"requested_predicates":{},"self_attested_attributes":{}}}
2025-02-13 09:37:43,559 acapy_agent.utils.classloader DEBUG Successfully loaded class V20PresRequestSchema from module acapy_agent.protocols.present_proof.v2_0.messages.pres_request
2025-02-13 09:37:43,568 acapy_agent.core.dispatcher ERROR Handler error: upgrade_middleware
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/asyncio/tasks.py", line 314, in __step_run_and_handle_result
    result = coro.send(None)
             ^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/admin/server.py", line 198, in upgrade_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/aiohttp_apispec/middlewares.py", line 51, in validation_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/admin/decorators/auth.py", line 80, in tenant_auth
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/protocols/present_proof/v2_0/routes.py", line 1266, in present_proof_send_presentation
    pres_ex_record, pres_message = await pres_manager.create_pres(
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/protocols/present_proof/v2_0/manager.py", line 274, in create_pres
    pres_tuple = await pres_exch_format.handler(self._profile).create_pres(
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/protocols/present_proof/v2_0/formats/indy/handler.py", line 153, in create_pres
    return await self.anoncreds_handler.create_pres(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/protocols/present_proof/v2_0/formats/anoncreds/handler.py", line 169, in create_pres
    presentation_proof = await handler.return_presentation(
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/protocols/present_proof/anoncreds/pres_exch_handler.py", line 260, in return_presentation
    schemas, cred_defs, revocation_registries = await self._get_ledger_objects(
                                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/protocols/present_proof/anoncreds/pres_exch_handler.py", line 120, in _get_ledger_objects
    await anoncreds_registry.get_schema(self._profile, schema_id)
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/anoncreds/registry.py", line 79, in get_schema
    resolver = await self._resolver_for_identifier(schema_id)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/aries/.local/lib/python3.12/site-packages/acapy_agent/anoncreds/registry.py", line 51, in _resolver_for_identifier
    raise AnonCredsResolutionError(
acapy_agent.anoncreds.base.AnonCredsResolutionError: No resolver available for identifier 2WkBvUzBd1iFSHXhJNBwXi:2:test_schema:0.3

I am expecting these to still be indy credentials. It's not like I need to change my presentation request to an AnoncredsPresentationRequest... Right?

[ff137]

Relevant code (acapy_agent/protocols/present_proof/v2_0/formats/indy/handler.py):

class IndyPresExchangeHandler(V20PresFormatHandler):
    """Indy presentation format handler."""

    format = V20PresFormat.Format.INDY
    anoncreds_handler = None

    def __init__(self, profile: Profile):
        """Shim initialization to check for new AnonCreds library."""
        super().__init__(profile)

        # Temporary shim while the new anoncreds library integration is in progress
        wallet_type = profile.settings.get_value("wallet.type")
        if wallet_type == "askar-anoncreds":
            self.anoncreds_handler = AnonCredsPresExchangeHandler(profile)

...

    async def create_pres(
        self,
        pres_ex_record: V20PresExRecord,
        request_data: Optional[dict] = None,
    ) -> Tuple[V20PresFormat, AttachDecorator]:
        """Create a presentation."""

        if self.anoncreds_handler:
            return await self.anoncreds_handler.create_pres(
                pres_ex_record,
                request_data,
            )

[jamshale]

That error is saying that the 2WkBvUzBd1iFSHXhJNBwXi:2:test_schema:0.3 schema can't be resolved for some reason. Even though it should be resolvable by the anoncreds legacy_indy registry.

The indy presentation request should work. There is tests for this scenario in https://github.com/openwallet-foundation/acapy/blob/main/scenarios/examples/anoncreds_issuance_and_revocation/example.py

I'm having a hard time understanding why that schema isn't resolving to the aoncreds registry.

[ff137]

@jamshale Hmm, I think it could be because we were running an acapy version last updated in December 2024. I see there were some changes to anoncreds in that time period. We upgraded to 1.2.1 in the last week.

@cl0ete We'll have to re-test now that we're on the latest acapy version.