From adac5e3d1495823ee80a143b09bd877d9f365427 Mon Sep 17 00:00:00 2001 From: peppelinux Date: Mon, 28 Aug 2023 09:44:56 +0000 Subject: [PATCH 1/5] fix: added openid_credential_issuer --- spid_cie_oidc/entity/settings.py | 1 + 1 file changed, 1 insertion(+) diff --git a/spid_cie_oidc/entity/settings.py b/spid_cie_oidc/entity/settings.py index 5bf1379c..4b1986e9 100644 --- a/spid_cie_oidc/entity/settings.py +++ b/spid_cie_oidc/entity/settings.py @@ -76,6 +76,7 @@ ENTITY_TYPE_LEAFS = [ "openid_relying_party", "openid_provider", + "openid_credential_issuer", "oauth_resource", "wallet_provider", "wallet_relying_party" From 48174e129cff4b6bf8641a34897a2346d404b248 Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Mon, 28 Aug 2023 11:47:14 +0200 Subject: [PATCH 2/5] fix: added openid_credential_issuer --- spid_cie_oidc/entity/settings.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spid_cie_oidc/entity/settings.py b/spid_cie_oidc/entity/settings.py index 5bf1379c..082e4602 100644 --- a/spid_cie_oidc/entity/settings.py +++ b/spid_cie_oidc/entity/settings.py @@ -75,7 +75,8 @@ ENTITY_TYPE_LEAFS = [ "openid_relying_party", - "openid_provider", + "openid_provider", + "openid_credential_issuer", "oauth_resource", "wallet_provider", "wallet_relying_party" From b8ce588c9219a28da33e5222c0bcf36708d74502 Mon Sep 17 00:00:00 2001 From: peppelinux Date: Thu, 31 Aug 2023 15:19:04 +0200 Subject: [PATCH 3/5] fix: missing property --- spid_cie_oidc/authority/admin.py | 3 +-- spid_cie_oidc/authority/models.py | 5 ++++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/spid_cie_oidc/authority/admin.py b/spid_cie_oidc/authority/admin.py index 811f5954..e65a8fa2 100644 --- a/spid_cie_oidc/authority/admin.py +++ b/spid_cie_oidc/authority/admin.py @@ -23,13 +23,12 @@ class FederationDescendantAdmin(admin.ModelAdmin): readonly_fields = ( "created", "modified", - "entity_statement_as_json", + "entity_statement_preview", ) inlines = ( FederationDescendantContactAdminInline, ) - @admin.register(FederationEntityProfile) class FederationEntityProfileAdmin(admin.ModelAdmin): list_display = ("name", "profile_id") diff --git a/spid_cie_oidc/authority/models.py b/spid_cie_oidc/authority/models.py index cafe4744..50c6bfbf 100644 --- a/spid_cie_oidc/authority/models.py +++ b/spid_cie_oidc/authority/models.py @@ -171,7 +171,7 @@ def entity_profiles(self): i.profile.profile_category for i in FederationEntityAssignedProfile.objects.filter(descendant=self) ] - + def entity_statement_as_dict(self, iss: str = None, aud: list = None) -> dict: policies = { @@ -224,6 +224,9 @@ def entity_statement_as_dict(self, iss: str = None, aud: list = None) -> dict: def entity_statement_as_json(self, iss: str = None, aud: list = None) -> str: return json.dumps(self.entity_statement_as_dict(iss, aud)) + def entity_statement_preview(self): + return self.entity_statement_as_json() + def entity_statement_as_jws(self, iss: str = None, aud: list = None) -> str: issuer = get_first_self_trust_anchor(iss) return create_jws( From edde4ca212cdd836d29634694efe9351c8366910 Mon Sep 17 00:00:00 2001 From: peppelinux Date: Thu, 31 Aug 2023 13:49:37 +0000 Subject: [PATCH 4/5] fix: policy loading on missing profiles --- spid_cie_oidc/authority/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spid_cie_oidc/authority/models.py b/spid_cie_oidc/authority/models.py index 50c6bfbf..b908a83c 100644 --- a/spid_cie_oidc/authority/models.py +++ b/spid_cie_oidc/authority/models.py @@ -175,7 +175,7 @@ def entity_profiles(self): def entity_statement_as_dict(self, iss: str = None, aud: list = None) -> dict: policies = { - k: FEDERATION_DEFAULT_POLICY[k] for k in self.entity_profiles + k: FEDERATION_DEFAULT_POLICY.get(k, {}) for k in self.entity_profiles } # apply custom policies if defined From 3aba70954aa6ab4ac968a2e348f3c29a27e0b4c1 Mon Sep 17 00:00:00 2001 From: peppelinux Date: Thu, 31 Aug 2023 16:20:21 +0200 Subject: [PATCH 5/5] feat: trust marked listing endpoint --- spid_cie_oidc/__init__.py | 2 +- spid_cie_oidc/authority/admin.py | 1 + spid_cie_oidc/authority/models.py | 6 +++--- spid_cie_oidc/authority/urls.py | 9 ++++++++- spid_cie_oidc/authority/views.py | 25 +++++++++++++++++++++++++ spid_cie_oidc/entity/validators.py | 2 +- spid_cie_oidc/entity/x509.py | 2 -- 7 files changed, 39 insertions(+), 8 deletions(-) diff --git a/spid_cie_oidc/__init__.py b/spid_cie_oidc/__init__.py index 5becc17c..6849410a 100644 --- a/spid_cie_oidc/__init__.py +++ b/spid_cie_oidc/__init__.py @@ -1 +1 @@ -__version__ = "1.0.0" +__version__ = "1.1.0" diff --git a/spid_cie_oidc/authority/admin.py b/spid_cie_oidc/authority/admin.py index e65a8fa2..60e1eff5 100644 --- a/spid_cie_oidc/authority/admin.py +++ b/spid_cie_oidc/authority/admin.py @@ -29,6 +29,7 @@ class FederationDescendantAdmin(admin.ModelAdmin): FederationDescendantContactAdminInline, ) + @admin.register(FederationEntityProfile) class FederationEntityProfileAdmin(admin.ModelAdmin): list_display = ("name", "profile_id") diff --git a/spid_cie_oidc/authority/models.py b/spid_cie_oidc/authority/models.py index 50c6bfbf..80e01ed8 100644 --- a/spid_cie_oidc/authority/models.py +++ b/spid_cie_oidc/authority/models.py @@ -171,7 +171,7 @@ def entity_profiles(self): i.profile.profile_category for i in FederationEntityAssignedProfile.objects.filter(descendant=self) ] - + def entity_statement_as_dict(self, iss: str = None, aud: list = None) -> dict: policies = { @@ -188,10 +188,10 @@ def entity_statement_as_dict(self, iss: str = None, aud: list = None) -> dict: "sub": self.sub, "jwks": {"keys": self.jwks} } - + if policies: data["metadata_policy"] = policies - + if ta.fetch_endpoint: data["source_endpoint"] = ta.fetch_endpoint diff --git a/spid_cie_oidc/authority/urls.py b/spid_cie_oidc/authority/urls.py index 56f411f6..270f44c7 100644 --- a/spid_cie_oidc/authority/urls.py +++ b/spid_cie_oidc/authority/urls.py @@ -16,7 +16,13 @@ from django.conf import settings from django.urls import path -from .views import entity_list, fetch, trust_mark_status, advanced_entity_listing +from .views import ( + entity_list, + fetch, + trust_mark_status, + advanced_entity_listing, + trust_marked_list +) _PREF = getattr(settings, "OIDC_PREFIX", "") urlpatterns = [ @@ -32,4 +38,5 @@ advanced_entity_listing, name="oidcfed_advanced_entity_listing", ), + path(f"{_PREF}trust_marked_list", trust_marked_list, name="oidcfed_tm_list"), ] diff --git a/spid_cie_oidc/authority/views.py b/spid_cie_oidc/authority/views.py index fe48a093..eb4f3bb1 100644 --- a/spid_cie_oidc/authority/views.py +++ b/spid_cie_oidc/authority/views.py @@ -111,6 +111,31 @@ def entity_list(request): return JsonResponse(list(set(entries)), safe=False) +# TODO - add the schema +# @schema( + # methods=['GET'], + # get_request_schema = { + # "application/x-www-form-urlencoded": ListRequest + # }, + # get_response_schema = { + # "400": FedAPIErrorResponse, + # "404": FedAPIErrorResponse, + # "200": ListResponse + # }, + # tags = ['Federation API'] +# ) +def trust_marked_list(request): + if request.GET.get("trust_mark_id", "").lower(): + _q = {"profile__profile_id": request.GET["trust_mark_id"]} + else: + _q = {} + + entries = FederationEntityAssignedProfile.objects.filter(**_q).values_list( + "descendant__sub", flat=True + ) + return JsonResponse(list(set(entries)), safe=False) + + @schema( methods=['GET'], get_request_schema = { diff --git a/spid_cie_oidc/entity/validators.py b/spid_cie_oidc/entity/validators.py index 26b00c0c..fc80c357 100644 --- a/spid_cie_oidc/entity/validators.py +++ b/spid_cie_oidc/entity/validators.py @@ -88,7 +88,7 @@ def validate_entity_metadata(value): raise ValidationError( f"RP metadata fail {e}. " ) - + # TODO - add wallet_provider and wallet_relying_party once standardized diff --git a/spid_cie_oidc/entity/x509.py b/spid_cie_oidc/entity/x509.py index 725d50ba..9282c961 100644 --- a/spid_cie_oidc/entity/x509.py +++ b/spid_cie_oidc/entity/x509.py @@ -1,5 +1,3 @@ -import datetime -import os from cryptography import x509 from cryptography.x509.oid import NameOID