This step is performed by the Support Office and the Development Team of EBSI.
This guide explains how to register a new contract template in the Trusted Contracts Registry (TCR) so that entities can later deploy proxies of it.
Prerequisites
- Both the development team and support office need direct access to the blockchain.
- Support office needs the
TCR:manageTemplatespolicy in the Trusted Policies Registry (TPR). - The smart contract must include an
initializefunction that can accept multiple parameters, with at least the owner address parameter to transfer ownership to the specified address.
Steps
1. Receive source code and audit
Support office receives:
- Source code of the new smart contract
- Audit report of the contract
2. Deploy implementation and beacon
The development team:
- Deploys the contract to the network
- Deploys an upgradeable beacon contract and sets the previous contract as its implementation
See the SampleUpgradeableBeacon repository for an example and the code to deploy it.
Note the beacon address for the next step.
3. Register the template
Support office registers the template using the CLI:
Load the keys:
using user ES256K did1 <private-key> <did>Run the add template command:
proxyledger ptr addTemplate <contractName> <version> <beaconAddress> <repoURI> <auditURI> <contractHash> <initSelector> <storageLayoutHash> <isActive>contractName: Name of the contractversion: Version of the contractbeaconAddress: Address of the upgradeable beaconrepoURI: URI to the source code repositoryauditURI: URI to the audit reportcontractHash: Keccak256 hash of the contract bytecodeinitSelector: Selector of the initializer functionstorageLayoutHash: Keccak256 hash of the storage layoutisActive: Whether the template is active (true/false)
4. Authorise the entity to deploy
Support office authorises the entity to deploy new contracts:
proxyledger tpr insertUserAttributes <address> ["TCR:deployProxy"]
where address is the ethereum address of the entity (derived from the secp256k1 key registered in the DID document).
5. Issue Verifiable Accreditation to the entity
Support office issues a Verifiable Accreditation to the entity to be able to issue verifiable credentials to invoke contracts.
Run the following commands to issue the Verifiable Accreditation:
reservedAttributeId: compute randomID
payloadVcTI: load assets/vcdm1.1/VerifiableAccreditationToAttest.json
set payloadVcTI.issuer user.did
set payloadVcTI.credentialSubject.id <entityDid>
set payloadVcTI.credentialSubject.accreditedFor.0.schemaId tsrUrl /schemas/zH74MKkYTbQ6ZfTxufi6A3Aw8giS4piGm8dpgxFmkJjmu
set payloadVcTI.credentialSubject.accreditedFor.0.types ["VerifiableCredential","VerifiableAttestation","VerifiableAuthorisationToInvoke","CTRevocable"]
set payloadVcTI.termsOfUse.id user.accreditationUrl
set payloadVcTI.credentialSchema.id tsrUrl /schemas/zHXHLkJpZg4w9nt2GbEBbyE8uhkfirbmT3nF7mJ9kFnjv
set payloadVcTI.credentialSubject.reservedAttributeId reservedAttributeId
compute createVcJwt payloadVcTI {} ES256 1.1
where entityDid is the DID of the entity and user.accreditationUrl is the URL of the accreditation certificate of the support office.
now make the preregistration of the entity in the Trusted Issuers Registry:
res: authorisation auth tir_write_presentation ES256
using token res.access_token
tir setAttributeMetadata <entityDid> reservedAttributeId ti user.did user.accreditationId
where entityDid is the DID of the entity and user.accreditationId is the accreditation ID the support office.
The template is now registered and the entity is authorised to deploy proxies. Share the Verifiable Accreditation with the entity so they can proceed to Step 2.