Merge pull request #270 from italia/jwks_validator

fixes for httpd connections parameters and jwks evaluation and added openid_credential_issuer

spid_cie_oidc/__init__.py

@@ -1 +1 @@
-__version__ = "1.0.0"
+__version__ = "1.1.0"

spid_cie_oidc/authority/admin.py

@@ -23,7 +23,7 @@ class FederationDescendantAdmin(admin.ModelAdmin):
     readonly_fields = (
         "created",
         "modified",
-        "entity_statement_as_json",
+        "entity_statement_preview",
     )
     inlines = (
         FederationDescendantContactAdminInline,

spid_cie_oidc/authority/models.py

@@ -175,7 +175,7 @@ def entity_profiles(self):
     def entity_statement_as_dict(self, iss: str = None, aud: list = None) -> dict:
 
         policies = {
-            k: FEDERATION_DEFAULT_POLICY[k] for k in self.entity_profiles
+            k: FEDERATION_DEFAULT_POLICY.get(k, {}) for k in self.entity_profiles
         }
 
         # apply custom policies if defined
@@ -188,10 +188,10 @@ def entity_statement_as_dict(self, iss: str = None, aud: list = None) -> dict:
             "sub": self.sub,
             "jwks": {"keys": self.jwks}
         }
-        
+
         if policies:
             data["metadata_policy"] = policies
-        
+
         if ta.fetch_endpoint:
             data["source_endpoint"] = ta.fetch_endpoint
 
@@ -224,6 +224,9 @@ def entity_statement_as_dict(self, iss: str = None, aud: list = None) -> dict:
     def entity_statement_as_json(self, iss: str = None, aud: list = None) -> str:
         return json.dumps(self.entity_statement_as_dict(iss, aud))
 
+    def entity_statement_preview(self):
+        return self.entity_statement_as_json()
+
     def entity_statement_as_jws(self, iss: str = None, aud: list = None) -> str:
         issuer = get_first_self_trust_anchor(iss)
         return create_jws(

spid_cie_oidc/authority/urls.py

@@ -16,7 +16,13 @@
 from django.conf import settings
 from django.urls import path
 
-from .views import entity_list, fetch, trust_mark_status, advanced_entity_listing
+from .views import (
+    entity_list,
+    fetch,
+    trust_mark_status,
+    advanced_entity_listing,
+    trust_marked_list
+)
 
 _PREF = getattr(settings, "OIDC_PREFIX", "")
 urlpatterns = [
@@ -32,4 +38,5 @@
         advanced_entity_listing,
         name="oidcfed_advanced_entity_listing",
     ),
+    path(f"{_PREF}trust_marked_list", trust_marked_list, name="oidcfed_tm_list"),
 ]

spid_cie_oidc/authority/views.py

@@ -111,6 +111,31 @@ def entity_list(request):
     return JsonResponse(list(set(entries)), safe=False)
 
 
+# TODO - add the schema
+# @schema(
+    # methods=['GET'],
+    # get_request_schema = {
+    # "application/x-www-form-urlencoded": ListRequest
+    # },
+    # get_response_schema = {
+    # "400": FedAPIErrorResponse,
+    # "404": FedAPIErrorResponse,
+    # "200": ListResponse
+    # },
+    # tags = ['Federation API']
+# )
+def trust_marked_list(request):
+    if request.GET.get("trust_mark_id", "").lower():
+        _q = {"profile__profile_id": request.GET["trust_mark_id"]}
+    else:
+        _q = {}
+
+    entries = FederationEntityAssignedProfile.objects.filter(**_q).values_list(
+        "descendant__sub", flat=True
+    )
+    return JsonResponse(list(set(entries)), safe=False)
+
+
 @schema(
     methods=['GET'],
     get_request_schema = {

spid_cie_oidc/entity/settings.py

@@ -76,6 +76,7 @@
 ENTITY_TYPE_LEAFS = [
     "openid_relying_party",
     "openid_provider",
+    "openid_credential_issuer",
     "oauth_resource",
     "wallet_provider",
     "wallet_relying_party"