waltid-enterprise

#!/bin/bash

# TODO 
# review help
# check dependencies
# check instance running
# formatting
# linux compatibility 
# windows compatibility
# status services?
# verification?
# issuance key_id

set -e

RESTORE='\033[0m'

RED='\033[00;31m'
GREEN='\033[00;32m'
YELLOW='\033[00;33m'
BLUE='\033[00;34m'
PURPLE='\033[00;35m'
CYAN='\033[00;36m'
LIGHTGRAY='\033[00;37m'

LRED='\033[01;31m'
LGREEN='\033[01;32m'
LYELLOW='\033[01;33m'
LBLUE='\033[01;34m'
LPURPLE='\033[01;35m'
LCYAN='\033[01;36m'
WHITE='\033[01;37m'

BBACK='\033[1;30m'       
BRED='\033[1;31m'        
BFGREEN='\033[1;32m'     
BYELLOW='\033[1;33m'     
BBLUE='\033[1;34m'       
BPURPLE='\033[1;35m'     
BCYAN='\033[1;36m'       
BWHITE='\033[1;37m'

BBWHITE='\033[1;97m'

BGCYAN='\033[0;106m'

CLI_NAME=" $0"
export WORKDIR=$(cd $(dirname $0) && pwd)

ENTERPRISE_RELEASE=$(cat .env | grep ENTERPRISE_API_DOCKER_IMAGE_TAG | cut -d= -f2)

ROOT_ORGANIZATION=waltid
TENANT=mycustomer
KMS_SERVICE="kms-service"
DID_SERVICE="did-service"
ISSUER_SERVICE="issuer-service"
VERIFIER_SERVICE="verifier-service"

USER_EMAIL="max.mustermann@example.org"
USER_PASS="password123456"

TTY_WIDTH=$(tput cols)
OUTPUT_WIDTH=$(expr $TTY_WIDTH \* 6 / 10) # 60% the terminal window width

auth_token=""

init() {
    header
    check_dependencies
    check_running_instance
}

header() {
    echo "============================================================================================="
    info "walt.id Enterprise Stack Quickstarter v$(cat $WORKDIR/VERSION)"
    echo "============================================================================================="
}

check_dependencies() {
    info "Checking dependencies..."
    REQUIREMENTS="jq curl tput"
    for c in $REQUIREMENTS; do
        info "  Checking '$c'..." "NO_LINEBREAK_PLEASE"
        if [[ -z "$(which $c)" ]]; then
            echo -e "${RED}FAIL${RESTORE}"
            error "'$c' not found. Please, install it."
            exit -1
        fi
        echo -e "${GREEN}OK${RESTORE}"
        # echo -e "\033[FOK"
        # echo -e "$(tput cuu1)$(tput hpa $(tput cols))OK"
    done
}

log() {
  script_name=${0##*/}
  timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
  if [[ ! -z "$2" ]]; then
    echo -ne "== $script_name $timestamp $1" 
  else
    echo -e "== $script_name $timestamp $1" 
  fi
}

info() {
    log "${YELLOW}[INFO]${RESTORE} $1" "$2"
}

error() {
    log "${RED}[ERROR]${RESTORE} $1" "$2"
}

check_running_instance() {
    info "Checking if walt.id Enterprise is running..."
    
    nc -z localhost 3000 &> /dev/null
    if [[ $? != 0 ]]; then
        error "Sorry. I could not find any running instance of the walt.id Enterprise Stack."
    else
        info "walt.id Enterprise is up and running. Let's rock 🤘"
    fi

}

docker_hub_login(){
    if [ ! -f .docker-token ]; then
        error "I couldn't find and authorization token to log you in the Docker Hub. Please, ask the walt.id team for one and save it in a file called .docker-token in the current directory. To receive access you must be an Enterprise Stack customer."
        exit -1
    fi

    password=$(cat .docker-token | grep -v "#" | grep -v -e '^[[:space:]]*$')
    info "Autheticating to Docker Hub. Please use the password provided..."
    docker login -u waltid -p $password
    echo
}

pull_docker_image() {
    info "Pulling Enterprise Stack v$ENTERPRISE_RELEASE"
    docker pull waltid/waltid-enterprise-api:$ENTERPRISE_RELEASE
    echo
}

start_container() {
    info "Starting up Enterprise Stack v$ENTERPRISE_RELEASE"
    docker compose up
}

run() { 
    docker_hub_login
    pull_docker_image
    start_container
}

get_superadmin_auth_token() {

    info "Checking Super Admin authentication..."
    if [ -f .auth_token ]; then
        info "Super Admin already logged in." 
    else
        info "Logging Super Admin in..."
        superadmin_login
    fi
    
    AUTH_TOKEN=$(cat .auth_token)

    eval $1=$AUTH_TOKEN
}

clean_all() {
    info "Cleaning up..."
    recreate_collections
    rm -f .user_id
    rm -f .auth_token
    rm -f .user_auth_token
    rm -f .did
    rm -f .did_key 
    rm -f .status_key 

    # Remove docker images?
}

check_last_command_failure() {
    if [[ $result < 0 ]]; then
        echo -e"
        ${RED}
        !!!!!!!!!!!
        !! ERROR !!
        !!!!!!!!!!!
        ${RESTORE}
        Oops. I'm sorry. Something went wrong. Contact the walt.id guys to help you with it. Bye.
        "

        return -1
    fi 

    result=0
}

pause() {
    read -n1 -s
}

print() {
    echo -e "\n$1\n" # | fmt -w $OUTPUT_WIDTH
}

pp() {
    print "$1"
    pause
}

get_user_auth_token() {
    if [ -f .user_auth_token ]; then
        info "User already logged in." 
    else
        info "Logging user in..."
        user_admin_login
    fi
    
    USER_AUTH_TOKEN=$(cat .user_auth_token)
    info "Auth token: $USER_AUTH_TOKEN"

    eval $1=$USER_AUTH_TOKEN
}

wizard_pre_message() {
    echo -e "$(
cat <<EOF | fmt -w $OUTPUT_WIDTH
$1
EOF
)"
    pause
    result=0
}


wizard_pos_message() {
    check_last_command_failure

    echo -e "$(
cat <<EOF | fmt -w $OUTPUT_WIDTH
$1
EOF
)"

}

wizard_welcome() {
    wizard_pre_message "
    Welcome to the Quickstart Wizard of the walt.id Enterprise Stack! We will now guide you through each step to get you onboarded on our platform.

    ${BLUE}>> Press any key to continue...${RESTORE}
    "
}

wizard_disclaimer() {
    echo -e "
    DISCLAIMER 1
    -------------"
    echo -e "
    This is not a CLI for the walt.id Enterprise Stack. This script was built for educational purpose only. Use it to learn the basics of how to setup our product. Nothing else ;-)" | fmt -w $OUTPUT_WIDTH

    echo -e "
    DISCLAIMER 2
    -------------"
    
    echo -e "
    In order to make you experience as smooth as possible, we need to recreate the whole database, just to make sure there's no data there that could cause any confusion and get in the way of the main purpose of this script: learning how to use the product.

    Which means: all the data in your local walt.id Enterprise Stack instance will be lost.
    " | fmt -w $OUTPUT_WIDTH

    printf "%4s${BLUE}>> Are you ok with that? (y/N)${RESTORE} "
    read  -n1 AGREED

    shopt -s nocasematch
    if [[ "$AGREED" != "y" ]]; then
        wizard_disclaimer_disagree
        return -1
    fi
        
    wizard_disclaimer_agreed
}

wizard_disclaimer_disagree() {
    print "
    We understand. No worries. Friendship continues.

    Let us give you 2 options:

    1. Try each command by yourself and deal with eventual issues; or\n
    2. Save the data you don't want to lose and come back again to this wizard ;-)

    Tchüss! 

    "
}

wizard_disclaimer_agreed() {
    print "
    Cool. Thanks for understanding.
    "
}


wizard_pre_clean_all() {
    wizard_pre_message "
    Now, let's clean the database and remove auxiliary files.

    ${BLUE}>> Press any key to run the command below...${RESTORE}

        ${BGCYAN}$CLI_NAME recreate-db \n${RESTORE}
    "
}

wizard_pos_clean_all() {
    wizard_pos_message "
    Database cleaned and auxiliary files deleted.
    "
}

wizard_pre_suerpadmin_create_account() {

    wizard_pre_message "
    The first thing we need to do is the creation of the so called Super Admin user. It's something like the 'root' in your OS.

    ${BLUE}>> Press any key to run the command below...${RESTORE}

        ${BGCYAN}$CLI_NAME superadmin-create-account \n${RESTORE}
    "
}

wizard_pos_suerpadmin_create_account() {
    wizard_pos_message "
    Nice! The Super Admin user has just been created with the email and password specified in the ./config/superadmin-registration.conf file.

    The Super Admin user can do anything in the platform. As the name suggests, he is the admin of the whole instance. He can manage all the resources in any tenant in any organization. So, please, never share this user's credential with anyone not related to the instance administration.

    Learn more about the Super Admin here:

    https://docs.walt.id/enterprise-stack/administration/access-and-permissions/super-admin/overview
    "
}

wizard_pre_superadmin_login() {
    wizard_pre_message "
    Now, it's time to log him in.

    ${BLUE}>> Press any key to run the command below to get access to super powers...${RESTORE}

        ${BGCYAN}$CLI_NAME superadmin-login \n${RESTORE}
    "
}

wizard_pos_superadmin_login() {
    wizard_pos_message "
    The Super Admin is now logged in.

    Every command from now on will be executed with the Super Admin account.
    "
}

wizard_pre_init_db() {
    wizard_pre_message "
    The next step is the database initialization. Since we've just recreated everything from scratch, it's not strictly necessary, but I'll show you how it works anyway.

    ${BLUE}>> Press any key to run the command below...${RESTORE}

        ${BGCYAN}$CLI_NAME init-db ${RESTORE}\n
    "
}

wizard_pos_init_db() {
    wizard_pos_message "
    The database has been initialized according to the information provided in the config/database.conf file.
    "
}

wizard_pre_create_organization() {
    wizard_pre_message "
    It's now time to create the root organization. If you allow me, I will call it '$ROOT_ORGANIZATION'. Once you learn how to do it, you should use your company's name instead.
    
    You can find more info about organizations in the docs:
    
    https://docs.walt.id/enterprise-stack/concepts#the-organization

    ${BLUE}>> Press any key to run the command below and create the '$ROOT_ORGANIZATION' organization...${RESTORE}

       ${BGCYAN}$CLI_NAME create-organization ${RESTORE}\n
    "
}

wizard_pos_create_organization() {
    print "
    Awesome. The '$ROOT_ORGANIZATION' organization has been created.
    "

    # TODO Later
    # This is how you database structure looks like so far.

    #     ┌────────────┐   
    #     │            │   
    #     │   waltid   │   
    #     │            │   
    #     └────────────┘  

    #TODO Parameterize org name in the box
}

wizard_pre_list_organizations() {

    # TODO What's a use case for more than one root organization?

	wizard_pre_message "
    At any time, you can list all the organizations in your Enterprise instance.
    
    ${BLUE}>> Press any key to run the command bellow to list all the organizations...${RESTORE}

        ${BGCYAN}$CLI_NAME list-organizations ${RESTORE}\n
	"
}

wizard_pos_list_organizations() {
	wizard_pos_message "
	"
}

wizard_pre_create_user_account() {
	wizard_pre_message "
    You are probably aware that it's not a good idea to use a user with super powers for daily tasks, right?  And, you know... big power leads to big responsibilities. We'd better create a user with less power.

    We will now use the Super Admin account to create a new 'ordinary' user account.

    Learn more about user accounts here:

    https://docs.walt.id/enterprise-stack/administration/access-and-permissions/accounts/overview

    ${BLUE}>> Press any key to run the command below to create a not-so-super user...${RESTORE}

       ${BGCYAN}$CLI_NAME create-user-account ${RESTORE}\n
	"
}

wizard_pos_create_user_account() {
	wizard_pos_message "
    The account '$USER_EMAIL' was successfully created with password '$USER_PASS'.

    We will use it from now on.
	"
}

wizard_pre_list_accounts() {
	wizard_pre_message "
    ${BLUE}>> Press any key to run the command below to list all accounts registered in your instance...${RESTORE}

        ${BGCYAN}$CLI_NAME list-accounts ${RESTORE}\n
	"
}

wizard_pos_list_accounts1() {
	wizard_pos_message "
    Notice that there are two user accounts: Superadmin and Max.

    Now, before we move on. Let's take a closer look at the "role" property.

    Each property in the 'roles' object represents a set of roles assigned to that user in a specific organization.

    Take Max as our first example. He doesn't have any specific role. Which means he doesn't have any privileges on any resource (we will talk more about it later).

    On the other hand, when we look at the Superadmin account. It has the role 'admin' in the '$ROOT_ORGANIZATION' organization. Now, why does it have these privileges? It's because it was this account who created that organization.

    Every time an organization is created, an 'admin' role is automatically generated and assigned to its creator.
	"
}

wizard_pos_list_accounts2() {
    wizard_pos_message "
    Now notice that Max also has the role '$ROOT_ORGANIZATION.admin'.
    "
}


wizard_pre_list_org_resources() {
	wizard_pre_message "
    ${BLUE}>> Press any key to list the resources currently available in our '$ROOT_ORGANIZATION' organization...${RESTORE}

        ${BGCYAN}$CLI_NAME list-org-resources ${RESTORE}\n
	"
}

wizard_pos_list_org_resources() {
	wizard_pos_message "

	"
}

wizard_pre_list_tenant_resources() {
	wizard_pre_message "
    ${BLUE}>> Press any key to list the resources currently available in the '$TENANT' tenant...${RESTORE}

        ${BGCYAN}$CLI_NAME list-tenant-resources ${RESTORE}\n
	"
}

wizard_pos_list_tenant_resources() {
	wizard_pos_message "

	"
}

wizard_pre_list_keys() {
	wizard_pre_message "

	"
}

wizard_pos_list_keys() {
	wizard_pos_message "

	"
}

wizard_pre_add_admin_role() {
	wizard_pre_message "
    What if we now assign the same "$ROOT_ORGANIZATION.admin" role to Max? Does he deserve it?

    ${BLUE}>> Press any key to run the command below and give Max some power on the "$ROOT_ORGANIZATION" organization...${RESTORE}

       ${BGCYAN}$CLI_NAME add-admin-role ${RESTORE}\n
	"
}

wizard_pos_add_admin_role() {
	wizard_pos_message "
    Congratz, Max. You are now a VIP member at "$ROOT_ORGANIZATION". However, you are not quite at the level of the Super Admin. But I’m sure you understand, right? ;-)

    Learn more about roles here:

    https://docs.walt.id/enterprise-stack/administration/access-and-permissions/roles/overview


	"
}


wizard_pre_user_admin_login() {
	wizard_pre_message "
    Let's switch to Max's account and stop using the Super Admin account.

    ${BLUE}>> Press any key to log Max in...${RESTORE}

        ${BGCYAN}$CLI_NAME user-admin-login ${RESTORE}\n
	"
}

wizard_pos_user_admin_login() {
	wizard_pos_message "
    Max is in charge now. He logged in successfully.
	"
}

wizard_pre_list_org_resources_before_tenant() {
    wizard_pre_message "
    

    Let's now talk about a very important concept: resource.

    Almost every entity in the walt.id Enterprise is a resource.

    An organization is composed by resources. Let me show you.

    ${BLUE}>> Press any key to list the resources created by default in the '$ROOT_ORGANIZATION' organization...${RESTORE}

        ${BGCYAN}$CLI_NAME list-org-resources ${RESTORE}\n
    "
}

wizard_pos_list_org_resources_before_tenant() {
    wizard_pos_message "
    By default, any organization is created with 2 resources in it: a role and a host-alias.

    Yeah, roles and the host-alias are also a resource. The host-alias is used to access the enterprise stack API via a specific subdomain (It's a more advanced topic and something we won't discuss in more detail right now).

    Resources are referenced with <organization_name>.<resource_name>. That's why the 'admin' role was referenced with '$ROOT_ORGANIZATION.admin'. It's a structure which will be used everywhere from now on.

    What about adding more resources into the '$ROOT_ORGANIZATION' organization? Let's do it!
    "
}

wizard_pre_create_tenant() {
	wizard_pre_message "
    

   Would it be good to store all your files in the root folder of your storage system? In most cases, the answer is no, correct? Especially when some of these files would refer to similar things but with different contexts. You would have to name each file with the full context to make sure you find them later. That's why we distribute them in a folder hierarchy. Each entry in the hierarchy represents an specific context, which allows you to do
    
    '/Payments/2025/Feb/Company A/Proof of Payment.pdf' 
    
    instead of 
    
    'Proof_of_Payment_for_Company_A_in_Feb_2025.pdf'

    This is what Tenants are about. They are organizations units (or namespaces, if you will) that allow you to isolate resources for different contexts.

    You can give Tenants any semantics you want, just like you do in your file system. However, the most common use case for Tenants is the creation of customer specific contexts in such a way that everything related to one particular customer is isolated from other's.

    So, for example, let's say walt.id has a managed Enterprise instance that is shared by multiple customers. Each customer would be a separated Tenant in the platform. Let's take a look!

    ${BLUE}>> Press any key to create an specific 'folder' for your new customer...

        ${BGCYAN}$CLI_NAME create-tenant ${RESTORE}\n
	"
}

wizard_pos_create_tenant() {
	wizard_pos_message "
    Cool. The '$TENANT' tenant has been successfully created.

    You can learn more about Tenants here:

    https://docs.walt.id/enterprise-stack/administration/tenants/overview    
	"
}


wizard_pre_list_org_resources_after_tenant() {
    wizard_pre_message "
    Oh! Did I say that a tenant is also a resource in the root organization?

    ${BLUE}>> Press any key to list again the '$ROOT_ORGANIZATION' organization resources...${RESTORE}

        ${BGCYAN}$CLI_NAME list-org-resources ${RESTORE}\n
    "
}

wizard_pos_list_org_resources_after_tenant() {
    wizard_pos_message "
    Notice how there are now 3 resources in our organization.

    And, you know what? There is an interesting thing here... Tenants are an special type of resource. Why? Because they can be nested. It means that you can create a tenant inside a tenant, like '$ROOT_ORGANIZATION.$TENANT.a_department'. But it's not a topic for now. Let's move on.
    

    Now it's time to reveal something new to you. If you scroll up a bit, you will see that I said that 'Almost every entity in the walt.id Enterprise is a resource.'. Yes, ALMOST, not 'only'.

    Another very important concept in the Enterprise Stack are SERVICES.

    In a rough definition, we can say that Resources are _static_ while Services are _dynamic_. Or also, Resources provide some _information_ to the instance whilst Services provide some _functionality_.

    So, to enable credential issuance and verification, we need to instantiate Services inside of one or multiple tenants. That's what we are going to do now.

    To learn more about Services in the Enterprise Stack, look at:

    https://docs.walt.id/enterprise-stack/services/


    Now, we are going to create a couple of services. All of them will be created inside the '$TENANT' tenant. Why? Just because we want those services to be customer specific. 
    
    By doing this, in addition to the security isolation that is created between the environments of each customer, preventing one customer from accessing the services of another, it also becomes possible to customize the services to the specifics of each of them.
    "
}


wizard_pre_create_kms_service() {
	wizard_pre_message "
    The most basic resource in a decentralized identity solution is criptographic keys.

    Before creating, we need to decide where to store them.

    Despite the fact that we support several KMS solutions on the market (AWS, Oracle and Hashicorp), we're going to use a local key storage implementation which, although not ideal for production environment, is good enough for the educational purpose of this script.

    ${BLUE}>> Press any key to instantiate a Local KMS service in the '$TENANT' tenant...${RESTORE}

        ${BGCYAN}$CLI_NAME create-kms-service ${RESTORE}\n
	"
}

wizard_pos_create_kms_service() {
	wizard_pos_message "
    The Local KMS has been successfully created and is eagerly awaiting some keys.

    Learn more about the KMS Services here:

    https://docs.walt.id/enterprise-stack/services/key-management-service/overview
	"
}


wizard_pre_generate_did_key() {
	wizard_pre_message "
    Let's create your first key, which will be necessary for generating a Decentralized Identifier (DID). Both the key and the DID are needed for issuing a credential later on.

    ${BLUE}>> Press any key to create an asymetric key pair...${RESTORE}

        ${BGCYAN}$CLI_NAME generate-did-key ${RESTORE}\n
	"
}

wizard_pos_generate_did_key() {
	wizard_pos_message "
    The key was created and saved in the local KMS (database of the Enterprise Stack). It was created with the Ed25519 algorithm and it's resource ID has been saved in the .did_key local file.

    Learn more about the KMS service, here:

    https://docs.walt.id/enterprise-stack/services/key-management-service/overview
	"
}


# wizard_pre_generate_status_key() {
# 	wizard_pre_message "
#     Another key will be needed: the key for the status... #TODO
#     "
# }

# wizard_pos_generate_status_key() {
# 	wizard_pos_message "
#     Status key successfuly created. #TODO
# 	"
# }


wizard_pre_create_did_service() {
	wizard_pre_message "
    One important concept in most Decentralized Identity ecosystems are... Decentralized Identifiers, also called DID ❤️

    DIDs are a way to uniquely identify an entity. In the current context, we use DIDs to identify Issuers and Subjects.
    
    You can learn more about it at:

    https://docs.walt.id/community-stack/concepts/decentralised-identifiers

    Let's now create the DID service, which we will later use to create our DIDs.

    ${BLUE}>> Press any key to run the command below...${RESTORE}

        ${BGCYAN}$CLI_NAME create-did-service ${RESTORE}\n
	"
}

wizard_pos_create_did_service() {
	wizard_pos_message "
    DID service successfully created in the scope of tenant '$TENANT'.

    Learn more about it at:

    https://docs.walt.id/enterprise-stack/services/did-service/overview
	"
}


wizard_pre_create_did() {
	wizard_pre_message "
    Now, it's time to use the DID service to generate the DID that will be used to identify our Issuer.

    ${BLUE}>> Press any key to run the command below...${RESTORE}

        ${BGCYAN}$CLI_NAME create-did ${RESTORE}\n
	"
}

wizard_pos_create_did() {
	wizard_pos_message "
    Issuer DID of type did:key successfully created and saved in the '.did' file.
	"
}

# wizard_pre_create_credential_status_service() {
# 	wizard_pre_message "
#     ${BLUE}>> Press any key to run the command below...${RESTORE}

#         ${BGCYAN}$CLI_NAME create-credential-status-service ${RESTORE}\n
# 	"
# }

# wizard_pos_create_credential_status_service() {
# 	wizard_pos_message "

# 	"
# }

wizard_pre_create_issuer_service() {
	wizard_pre_message "
    Creating Issuer Service...

    ${BLUE}>> Press any key to run the command below...${RESTORE}

        ${BGCYAN}$CLI_NAME create-issuer-service ${RESTORE}\n
	"
}

wizard_pos_create_issuer_service() {
	wizard_pos_message "
    Issuer Service successfully created. Your are now ready to issue credentials.

    Learn more about the issuer service here:

    https://docs.walt.id/enterprise-stack/services/issuer-service/overview
	"
}

wizard_pre_create_verifier_service() {
	wizard_pre_message "
    In order to verify a credential, we need to instantiate a Verifier Service in the respective tenant. 
    
    ${BLUE}>> Press any key to run the command below...${RESTORE}

        ${BGCYAN}$CLI_NAME create-verifier-service ${RESTORE}\n
	"
}

wizard_pos_create_verifier_service() {
	wizard_pos_message "
    Verifier Service successfully created. You are now ready to verify credentials.

    Learn more about the verifier service here:
    https://docs.walt.id/enterprise-stack/services/verifier-service/overview
	"
}


wizard_pre_issue_jwt_vc() {
	wizard_pre_message "
    Everything we have done so far has had two main goals: to be able to issue and verify credentials. Let's start with the first one.
    
    ${BLUE}>> Press any key to run the command below and issue a W3C Credential...${RESTORE}

        ${BGCYAN}$CLI_NAME issue-jwt-vct ${RESTORE}\n
	"
}

wizard_pos_issue_jwt_vc() {
	wizard_pos_message "
    The credential offer has been successfully created and saved in the .vc-offer file.

    According to the OID4VC protocol, this offer can now be accepted by any compatible wallet.

    Unfortunately, our Enterprise stack wallet service is still under development. Therefore we cannot move beyond this point yet.
	"
}

thanks() {
    wizard_pos_message "
    Thanks for your attention and patience. We hope this wizard could give you a simple and straight overview of how our Enterprise Stack works.

    Should you have any feedback, do not hesitate to get in touch.

    Have a wonderful day,
    walt.id
    "
}

wizard() {

    clear
    init

    wizard_welcome
    wizard_disclaimer

    wizard_pre_clean_all
    clean_all
    wizard_pos_clean_all

    wizard_pre_suerpadmin_create_account
    superadmin_create_account
    wizard_pos_suerpadmin_create_account

    wizard_pre_superadmin_login
    superadmin_login
    wizard_pos_superadmin_login

    wizard_pre_init_db
    init_db
    wizard_pos_init_db

    wizard_pre_create_organization
    create_organization $ROOT_ORGANIZATION
    wizard_pos_create_organization

    wizard_pre_list_organizations
    list_organizations
    wizard_pos_list_organizations

    wizard_pre_create_user_account
    create_user_account
    wizard_pos_create_user_account

    wizard_pre_list_accounts
    list_accounts
    wizard_pos_list_accounts1

    wizard_pre_add_admin_role
    add_admin_role_to_user
    wizard_pos_add_admin_role

    wizard_pre_list_accounts 
    list_accounts "$ROOT_ORGANIZATION"
    wizard_pos_list_accounts2

    wizard_pre_user_admin_login
    user_admin_login
    wizard_pos_user_admin_login

    wizard_pre_list_org_resources_before_tenant
    list_org_resources
    wizard_pos_list_org_resources_before_tenant

    wizard_pre_create_tenant
    create_tenant
    wizard_pos_create_tenant

    wizard_pre_list_org_resources_after_tenant
    list_org_resources
    wizard_pos_list_org_resources_after_tenant

    wizard_pre_create_kms_service
    create_kms_service
    wizard_pos_create_kms_service

    wizard_pre_list_tenant_resources
    list_tenant_resources
    wizard_pos_list_tenant_resources

    wizard_pre_generate_did_key
    generate_did_key
    wizard_pos_generate_did_key

    # wizard_pre_generate_status_key
    # generate_status_key
    # wizard_pos_generate_status_key

    wizard_pre_create_did_service
    create_did_service
    wizard_pos_create_did_service

    wizard_pre_list_tenant_resources
    list_tenant_resources
    wizard_pos_list_tenant_resources

    wizard_pre_create_did
    create_did
    wizard_pos_create_did

    # wizard_pre_create_credential_status_service
    # create_credential_status_service
    # wizard_pos_create_credential_status_service

    wizard_pre_create_issuer_service
    create_issuer_service
    wizard_pos_create_issuer_service

    wizard_pre_list_tenant_resources
    list_tenant_resources
    wizard_pos_list_tenant_resources

    wizard_pre_create_verifier_service
    create_verifier_service
    wizard_pos_create_verifier_service

    wizard_pre_list_tenant_resources
    list_tenant_resources
    wizard_pos_list_tenant_resources

    wizard_pre_issue_jwt_vc
    issue_jwt_vc
    wizard_pos_issue_jwt_vc

    thanks
}


superadmin_create_account() {
    superadmin_token=$(cat config/superadmin-registration.conf | sed -n '2 p' | cut -d \" -f 2)

    info "Registering token \"${superadmin_token}\" provided in the config/superadmin-registration.conf file"
    response=$(curl -X 'POST' \
        'http://localhost:3000/v1/superadmin/create-by-token' \
        -H 'accept: */*' \
        -H 'Content-Type: application/json' \
        -d "${superadmin_token}" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Super admin account could not be created."
        error "$response"
        result=-1
    else 
        info "Super admin account successfully created."
    fi
}

superadmin_login() {

    superadmin_email=$(cat config/superadmin-registration.conf | grep identifier | cut -d \" -f 2)
    superadmin_password=$(cat config/superadmin-registration.conf | grep password | cut -d \" -f 2)

    info "Logging in super admin with credentials provided in the superadmin-registration.conf file"
    response=$(curl -X 'POST' \
        'http://localhost:3000/auth/account/emailpass' \
        -H 'accept: application/json' \
        -H 'Content-Type: application/json' \
        -d "{
            \"email\": \"${superadmin_email}\",
            \"password\": \"${superadmin_password}\"
        }" 2> /dev/null)
    if [[ $response == *"exception"* ]]; then
        error "Super admin could not be logged in."
        error "$response"
        result=-1
    else
        info "Super admin logged in successfully."
        info "$response"

        AUTH_TOKEN=$(echo $response | jq .token | tr -d '"')
        echo $AUTH_TOKEN > .auth_token
    fi
}

init_db() {

    get_superadmin_auth_token AUTH_TOKEN

    info "Initializing the database based on the config/database.conf file"
    response=$(curl -X 'POST' \
        'http://localhost:3000/v1/admin/initial-setup' \
        -H 'accept: */*' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -d '' 2> /dev/null)

    if [[ $response == *"Unauthorized"* ]]; then
        error "Database could not be initialized. Access denied."
        error "$response"
        result=-1
    else
        info "Database successfully initialized."
    fi
}

recreate_collections() {

    # get_superadmin_auth_token AUTH_TOKEN

    info "Recreating all database collections..."
    response=$(curl -X 'POST' \
        'http://localhost:3000/v1/dev/database-recreate' \
        -H 'accept: */*' \
        -d '' 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Database could not be recreated."
        error "$response"
        result=-1
    else
        info "Database successfully recreated."
    fi
}

create_organization() {

    ORG_ID=$1

    if [ -z "$ORG_ID" ]; then
        ORG_ID=$ROOT_ORGANIZATION
    fi

    get_superadmin_auth_token AUTH_TOKEN

    info "Creating organization '$ORG_ID'..." 
    response=$(curl -X 'POST' \
        'http://localhost:3000/v1/organization/create' \
        -H 'accept: */*' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -H 'Content-Type: application/json' \
        -d "{
            \"_id\": \"$ORG_ID\",
            \"profile\": {
                \"name\": \"walt.id GmbH\"
            },
            \"billing\": {
                \"billingCountry\": \"AT\",
                \"billingAddress\": \"Liechtensteinstraße 111/115, 1090 Vienna\",
                \"vatNr\": \"ATU75569617\"
            }
        }" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Organization '$ORG_ID' could not be created."
        error "$response"
        result=-1
    else
        info "Organization '$ORG_ID' successfully created."
    fi

}

create_user_account() {

    get_superadmin_auth_token AUTH_TOKEN

    rm -f .user_id

    info "Creating '$USER_EMAIL' account..."
    response=$(curl -X 'POST' \
        'http://localhost:3000/v1/admin/account/register' \
        -H 'accept: application/json' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -H 'Content-Type: application/json' \
        -d "{
        \"profile\": {
            \"name\": \"Max Mustermann\",
            \"email\": \"$USER_EMAIL\",
            \"addressCountry\": \"AT\",
            \"address\": \"Liechtensteinstraße 111/115, 1090 Vienna\"
        },
        \"preferences\": {
            \"timeZone\": \"UTC\",
            \"languagePreference\": \"EN\"
        },
        \"initialAuth\": {
            \"type\": \"email\",
            \"identifier\": {
            \"type\": \"email\",
            \"email\": \"$USER_EMAIL\"
            },
            \"data\": {
            \"type\": \"email\",
            \"password\": \"$USER_PASS\"
            }
        }
        }" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "User account '$USER_EMAIL' could not be created."
        error "$response"

        # TODO Offer to select an existing user to be used
        result=-1
    else

        # TODO Handle user already exists

        info "User account '$USER_EMAIL' successfully created."

        regex="\"_id\":\"([0-9a-z-]+)\","
        if [[ "$response" =~ $regex ]]; then
            user_id=${BASH_REMATCH[1]}
            info "User ID: $user_id"

            echo $user_id > .user_id
            info "User ID saved at .user_id"
        else
            error "User ID not found in the HTTP response."
        fi
    fi

}

get_user_id() {

    if [ -f .user_id ]; then
        USER_ID=$(cat .user_id)
        info "User ID found: $USER_ID"
    else
        error "No user id found. Please run '$0 create-user-account' first. "
        exit -1
    fi

    eval $1=$USER_ID
}

add_admin_role_to_user() {

    # TODO Parameterise USER and ORG 

    get_superadmin_auth_token AUTH_TOKEN
    get_user_id USER_ID

    ROLE="$ROOT_ORGANIZATION.admin"

    info "Adding role '$ROLE' to user '$USER_ID' from organization '$ROOT_ORGANIZATION'..."
    response=$(curl -X 'POST' \
        "http://localhost:3000/v1/admin/account/$USER_ID/roles/add/$ROOT_ORGANIZATION/$ROLE" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -d '' 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Role could not be added."
        error "$response"
        result=-1
    else
        # TODO If response = {}, role hasn't been added either
        
        info "Role '$ROLE' successfully added."
        info $response
    fi
}

user_admin_login() {

    response=$(curl -X 'POST' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/auth/account/emailpass" \
        -H 'accept: application/json' \
        -H 'Content-Type: application/json' \
        -d "{
            \"email\": \"$USER_EMAIL\",
            \"password\": \"$USER_PASS\"
        }" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "User '$USER_EMAIL' could not be logged in."
        error "$response"
        result=-1
    else
        
        regex="\"token\":\"([A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+)\""
        if [[ "$response" =~ $regex ]]; then
            AUTH_TOKEN=${BASH_REMATCH[1]}
            # info "User ID: $user_id"

            rm -f .user_auth_token 
            echo $AUTH_TOKEN > .user_auth_token
            info "User '$USER_EMAIL' successfully logged in with token '$AUTH_TOKEN'"
        else
            error "User '$USER_EMAIL' not authenticated. Auth token not found in the HTTP response."
            result=-1
        fi
    fi
}
         
create_tenant() {
    
    get_user_auth_token AUTH_TOKEN

    TENANT_ID="$ROOT_ORGANIZATION.$TENANT"

    info "Creating tenant '$TENANT_ID'..."
    response=$(curl -X 'POST' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/$TENANT_ID/resource-api/tenants/create" \
        -H 'accept: */*' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -H 'Content-Type: application/json' \
        -d '{
            "name":"My first Tenant"
        }' 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Tenant '$TENANT_ID' could not be created."
        error "$response"
        result=-1
    else
        info "Tenant '$TENANT_ID' successfully created."
    fi
}

create_service() {
    
    get_user_auth_token AUTH_TOKEN

    SERVICE_TYPE=$1
    SERVICE_NAME=$2

    SERVICE_ID="$ROOT_ORGANIZATION.$TENANT.$SERVICE_NAME"

    response=$(curl -X 'POST' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/$SERVICE_ID/resource-api/services/create" \
        -H 'accept: */*' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -H 'Content-Type: application/json' \
        -d "{
            \"type\": \"$SERVICE_TYPE\"
        }" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "$SERVICE_ID could not be created."
        error "$response"
        result=-1
    else
        info "$SERVICE_ID successfully created."
        echo "$response" | jq
    fi
}

create_kms_service() {
    create_service "kms" "kms1"
}

generate_key() {
    
    get_user_auth_token AUTH_TOKEN

    PURPOSE=$1
    KEY_FILE=$2

    KMS_ID="$ROOT_ORGANIZATION.mycustomer.kms1"

    response=$(curl -X 'POST' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/$KMS_ID/kms-service-api/keys/generate" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -H 'Content-Type: application/json' \
        -d '{
            "backend": "jwk",
            "keyType": "Ed25519"
        }' 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "$PURPOSE key could not be generate from $KMS_ID."
        error "$response"
        result=-1
    else
        info "$PURPOSE key successfully generated."
        echo "$response" | jq
        echo "$response"

        DID_KEY=$(echo $response | jq "._id" | cut -d\" -f2)
        echo $DID_KEY > $KEY_FILE

        info "The resource identifier of the key has been saved in the $KEY_FILE file"
    fi
}

generate_did_key() {
    generate_key "DID" ".did_key"
}

generate_status_key() {
    generate_key "Credential Status" ".status_key"
}

create_did_service() {
   create_service "did" "did-service"
}

create_did() {

    get_user_auth_token AUTH_TOKEN

    DID_SERVICE_ID="$ROOT_ORGANIZATION.mycustomer.did-service"
    
    if [[ ! -f .did_key ]]; then
        info "DID key doesn't exist. Let's create one..."
        generate_did_key
    fi

    KEY_ID=$(cat .did_key)

    response=$(curl -X 'POST' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/$DID_SERVICE_ID/did-service-api/dids/create/key" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -H 'Content-Type: application/json' \
        -d "{
            \"keyId\": \"$KEY_ID\",
            \"useJwkJcsPub\": true
        }" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "did:key could not be created."
        error "$response"
        result=-1
    else
        echo $response > .did
        info "did:key successfully created and saved in the .did file:"
        echo "$response" | jq ".did"
    fi

}

create_issuer_service() {

    ISSUER_SERVICE_ID="$ROOT_ORGANIZATION.$TENANT.issuer1"
    KMS_SERVICE_ID="$ROOT_ORGANIZATION.$TENANT.kms1"
    KEY_ID=$(cat .did_key) #TODO Should I create another key?

    get_user_auth_token AUTH_TOKEN


    response=$(curl -X 'POST' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/$ISSUER_SERVICE_ID/resource-api/services/create" \
        -H 'accept: */*' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -H 'Content-Type: application/json' \
        -d "{
            \"type\": \"issuer\",
            \"kms\": \"$KMS_SERVICE_ID\",
            \"tokenKeyId\": \"$KEY_ID\",
            \"supportedCredentialTypes\": {
                \"identity_credential_vc+sd-jwt\": {
                \"format\": \"vc+sd-jwt\",
                \"vct\": \"{vctBaseURL}/identity_credential\",
                \"cryptographic_binding_methods_supported\": [
                    \"jwk\"
                ],
                \"credential_signing_alg_values_supported\": [
                    \"ES256\"
                ],
                \"sdJwtVcTypeMetadata\": {
                    \"name\": \"Identity Credential\",
                    \"description\": \"The Identity Verifiable Credential\",
                    \"vct\": \"{vctBaseURL}/identity_credential\"
                }
                },
                \"OpenBadgeCredential_jwt_vc_json\": {
                \"format\": \"jwt_vc_json\",
                \"cryptographic_binding_methods_supported\": [
                    \"did\"
                ],
                \"credential_signing_alg_values_supported\": [
                    \"ES256\"
                ],
                \"credential_definition\": {
                    \"type\": [
                    \"VerifiableCredential\",
                    \"OpenBadgeCredential\"
                    ]
                }
                }
            }
        }" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Issuer Service $ISSUER_SERVICE_ID could not be created."
        error "$response"
        result=-1
    else
        info "Issuer Service $ISSUER_SERVICE_ID successfully created."
    fi
}

create_verifier_service() {
    
    VERIFIER_SERVICE_ID="$ROOT_ORGANIZATION.$TENANT.verifier1"

    get_user_auth_token AUTH_TOKEN

    response=$(curl -X 'POST' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/$VERIFIER_SERVICE_ID/resource-api/services/create" \
        -H 'accept: */*' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -H 'Content-Type: application/json' \
        -d '{
            "type": "verifier",
            "baseUrl": "http://localhost:3000"
        }' 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Verifier Service $VERIFIER_SERVICE_ID could not be created."
        error "$response"
        result=-1
    else
        info "Verifier Service $VERIFIER_SERVICE_ID successfully created."
    fi
}

issue_jwt_vc() {

    ISSUER_SERVICE_ID="$ROOT_ORGANIZATION.$TENANT.issuer1"
    # KMS_SERVICE_ID="$ROOT_ORGANIZATION.$TENANT.kms1"
    KEY_ID=$(cat .did_key)

    # REQUEST_BODY=`cat <<EOF
    #read -r -d '' REQUEST_BODY <<'EOF'

    # TODO Move request body to a separated file
    REQUEST_BODY=$(cat <<EOF
{
    "issuerKeyId": "$KEY_ID",
    "credentialConfigurationId": "OpenBadgeCredential_jwt_vc_json",
    "credentialData":
    {
        "@context":
        [
            "https://www.w3.org/2018/credentials/v1",
            "https://purl.imsglobal.org/spec/ob/v3p0/context.json"
        ],
        "id": "urn:uuid:THIS WILL BE REPLACED WITH DYNAMIC DATA FUNCTION (see below)",
        "type":
        [
            "VerifiableCredential",
            "OpenBadgeCredential"
        ],
        "name": "JFF x vc-edu PlugFest 3 Interoperability",
        "issuer":
        {
            "type":
            [
                "Profile"
            ],
            "name": "Jobs for the Future (JFF)",
            "url": "https://www.jff.org/",
            "image": "https://w3c-ccg.github.io/vc-ed/plugfest-1-2022/images/JFF_LogoLockup.png"
        },
        "credentialSubject":
        {
            "type":
            [
                "AchievementSubject"
            ],
            "achievement":
            {
                "id": "urn:uuid:ac254bd5-8fad-4bb1-9d29-efd938536926",
                "type":
                [
                    "Achievement"
                ],
                "name": "JFF x vc-edu PlugFest 3 Interoperability",
                "description": "This wallet supports the use of W3C Verifiable Credentials and has demonstrated interoperability during the presentation request workflow during JFF x VC-EDU PlugFest 3.",
                "criteria":
                {
                    "type": "Criteria",
                    "narrative": "Wallet solutions providers earned this badge by demonstrating interoperability during the presentation request workflow. This includes successfully receiving a presentation request, allowing the holder to select at least two types of verifiable credentials to create a verifiable presentation, returning the presentation to the requestor, and passing verification of the presentation and the included credentials."
                },
                "image":
                {
                    "id": "https://w3c-ccg.github.io/vc-ed/plugfest-3-2023/images/JFF-VC-EDU-PLUGFEST3-badge-image.png",
                    "type": "Image"
                }
            }
        }
    },
    "mapping":
    {
        "id": "<uuid>",
        "issuer":
        {
            "id": "<issuerDid>"
        },
        "credentialSubject":
        {
            "id": "<subjectDid>"
        },
        "issuanceDate": "<timestamp>",
        "expirationDate": "<timestamp-in:365d>"
    },
    "selectiveDisclosure":
    {
        "fields":
        {
            "name":
            {
                "sd": true
            },
            "credentialSubject":
            {
                "sd": false,
                "children":
                {
                    "fields":
                    {
                        "achievement":
                        {
                            "sd": false,
                            "children":
                            {
                                "fields":
                                {
                                    "name":
                                    {
                                        "sd": true
                                    }
                                },
                                "decoyMode": "NONE",
                                "decoys": 0
                            }
                        }
                    },
                    "decoyMode": "NONE",
                    "decoys": 0
                }
            }
        },
        "decoyMode": "NONE",
        "decoys": 0
    },
    "authenticationMethod": "PRE_AUTHORIZED",
    "issuerDid": "<ISSUER_DID>",
    "expiresInSeconds": 300
}
EOF
    )

    get_user_auth_token AUTH_TOKEN

    response=$(curl -X 'POST' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/$ISSUER_SERVICE_ID/issuer-service-api/credentials/issue" \
        -H 'accept: */*' \
        -H 'statusCallbackUri: https://example.com/status_callback/$id' \
        -H 'statusCallbackApiKey: 1671a86d-84e8-4d0d-a35e-efb49b728b7e' \
        -H "Authorization: Bearer $AUTH_TOKEN" \
        -H 'Content-Type: application/json' \
        -d "$REQUEST_BODY" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Credential could not be issued."
        error "$response"
        result=-1
    else
        echo $response > .vc_offer
        info "A credential offer has been created and saved in the .vc_offer file"
        echo $response
    fi
}



list_organizations() {

    # TODO Print only relevant infos

    get_superadmin_auth_token AUTH_TOKEN

    response=$(curl -X 'GET' \
        'http://localhost:3000/v1/admin/organizations?maxPageSize=100&page=0' \
        -H 'accept: application/json' \
        -H "Authorization: Bearer $AUTH_TOKEN" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Organizations could not be listed."
        error "$response"
        result=-1
    else
        info "Organizations list:"
        echo "$response" | jq
    fi
}

list_accounts() {

    # TODO Print only relevant infos

    get_superadmin_auth_token AUTH_TOKEN

    response=$(curl -X 'GET' \
        'http://localhost:3000/v1/admin/accounts?maxPageSize=100&page=0' \
        -H 'accept: application/json' \
        -H "Authorization: Bearer $AUTH_TOKEN" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Accounts could not be listed."
        error "$response"
        result=-1
    else
        info "Account list:"
        echo "$response" | jq
    fi

}

list_resources_tree() {
    get_user_auth_token AUTH_TOKEN

    TENANT_ID=$1

    if [[ -z "$TENANT_ID" ]]; then
        TENANT_ID="$ROOT_ORGANIZATION.$TENANT"
    fi

    info "Listing resources tree..."

    response=$(curl -X 'GET' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/resources-api/tree" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer $AUTH_TOKEN" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Resources tree could not be listed."
        error "$response"
        result=-1
    else
        info "Resource tree:"
        echo "$response" | jq
    fi
}

list_org_resources() {
    list_resources $ROOT_ORGANIZATION
}

list_tenant_resources(){
    list_resources $ROOT_ORGANIZATION.$TENANT
}

list_resources() {

    get_user_auth_token AUTH_TOKEN

    TENANT_ID=$1

    if [[ -z "$TENANT_ID" ]]; then
        TENANT_ID="$ROOT_ORGANIZATION.$TENANT"
    fi

    info "Listing $TENANT_ID's resources"
    response=$(curl -X 'GET' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/$TENANT_ID/resource-api/resources/list" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer $AUTH_TOKEN" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "Resources could not be listed."
        error "$response"
        result=-1
    else
        info "Resource list:"
        echo "$response" | jq
    fi
}

list_keys() {
    
    get_user_auth_token AUTH_TOKEN

    KMS_ID="$ROOT_ORGANIZATION.mycustomer.kms1"

    response=$(curl -X 'GET' \
        "http://$ROOT_ORGANIZATION.enterprise.localhost:3000/v1/$KMS_ID/kms-service-api/keys/list" \
        -H 'accept: application/json' \
        -H "Authorization: Bearer $AUTH_TOKEN" 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "$KMS_ID keys could not be listed."
        error "$response"
        result=-1
    else
        info "$KMS_ID keys:"
        echo "$response" | jq
    fi
}

aa() {
    
    get_user_auth_token AUTH_TOKEN

    response=$( 2> /dev/null)

    if [[ $response == *"exception"* ]]; then
        error "XXX could not be added."
        error "$response"
        result=-1
    else
        info "XXX successfully added."
    fi
}

help() {
    echo "Walt.id Enterprise Stack Quickstarter v$(cat $WORKDIR/VERSION)

Usage: 

    $CLI_NAME [command]

Instructions:

    This is a very simple script that aims to give you 
    a first experience of using our Enterprise Stack so 
    that you can assimilate its conceptual architecture 
    in a playful and gradual way.

    We suggest that you open 2 terminals: 
    
    1. one to run the stack 
    2. and another one to run the commands against the 
       running instance

    To start running the commands, there are two options:

    1. Via wizard, which will guide you through each step.
    1. By running each command independently, according to 
       your needs or curiosity.

    Should you have any doubt, just try it out. Nothing will break ;-)
    
    And, if you feel it happened, the last command is there 
    to give you another chance :-)

    !!! Disclaimer !!!

    - This is a tool for demonstration purposes only.
    - This is not a tool to be used in production.
    - Make sure to run it on a local instance.
    - Eventually, we will recreate the whole database in order redo something we did wrong.
    - So, use it for educational purposes only, with no critical data at all.

Commands:

  tl;dr
  -------------
  run                               Run the Enterprise Stack
  wizard                            Start a step by step wizard to guide you 
                                    through all important operations

  expert mode
  -------------
  superadmin-create-account         Create the super admin account
  init-db                           Initialize the database
  superadmin-login                  Log in the super admin
  create-organization               Create (an | the root) Organization
  create-user-account               Create a new user
  add-admin-role                    Assign the 'admin' role to the user previously created
  user-admin-login                  Log in user with admin role
  create-tenant                     Create tenant in the organization created with the superadmin user
  create-kms-service                Create KMS service in the tenant
  generate-did-key                  Generate a key to be later used on DID creation
  create-did-service                Create DID service in the tenant
  create-did                        Create a did:key for the credential issuance
  create-issuer-service             Create issuer service in the tenenant
  issue-jwt-vc                      Issue a W3C JWT credential
  list-organizations                List all organizations under the superadmin account
  list-accounts                     List all accounts in...
  list-org-resources                List organization's resource
  list-tenant-resources             List tenant's resource
  recreate-db                       Delete all data and restart it from scratch
   "
  exit 1

#   ant
#   generate-status-key               Generate a key to be later used on...
#   create-credential-status-service  Create credential status service
#   create-verifier-service           Create verifier service in the t
}

case "$1" in
    run)
        run
        ;;
    wizard)
        init
        wizard
        ;;
    superadmin-create-account)
        init
        superadmin_create_account
        ;;
    superadmin-login)
        init
        superadmin_login
        ;;
    init-db)
        init
        init_db
        ;;
    create-organization)
        init
        create_organization $2
        ;;
    create-user-account)
        init
        create_user_account
        ;;
    add-admin-role)
        init
        add_admin_role_to_user
        ;;
    user-admin-login)
        init
        user_admin_login
        ;;
    create-tenant)
        init
        create_tenant
        ;;
    create-kms-service)
        init
        create_kms_service
        ;;
    generate-did-key)
        init
        generate_did_key
        ;;
    # generate-status-key)
    #     init
    #     generate_status_key
    #     ;;
    create-did-service)
        init
        create_did_service
        ;;
    create-did)
        init
        create_did
        ;;
    # create-credential-status-service)
    #     init
    #     create_credential_status_service
    #     ;;
    create-issuer-service)
        init
        create_issuer_service
        ;;
    # create-verifier-service)
    #     init
    #     create_verifier_service
    #     ;;
    issue-jwt-vc)
        init
        issue_jwt_vc
        ;;
    # verify-vc)
    #     init
    #     verify-vc
    #     ;;
    list-organizations)
        init
        list_organizations
        ;;
    list-accounts)
        init
        list_accounts
        ;;
    list-resources-tree)
        init
        list_resources_tree
        ;;
    list-org-resources)
        init
        list_org_resources
        ;;
    list-tenant-resources)
        init
        list_tenant_resources
        ;;
    list-keys)
        init
        list_keys
        ;;
    recreate-db)
        init
        recreate_collections
        ;;
    *)
        help
        ;;
esac