From a290b2e45c1fabaa712d83dad7fef23ba1fd61c6 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Fri, 23 Feb 2024 16:50:31 +0100 Subject: [PATCH] registar dids as organization --- idhub/admin/views.py | 1 - idhub/models.py | 22 ++++++++++++++++------ idhub_auth/models.py | 10 ++++++---- oidc4vp/models.py | 22 ++++++++++++++++++++-- 4 files changed, 42 insertions(+), 13 deletions(-) diff --git a/idhub/admin/views.py b/idhub/admin/views.py index b5216a4..ad907a6 100644 --- a/idhub/admin/views.py +++ b/idhub/admin/views.py @@ -781,7 +781,6 @@ class DidRegisterView(Credentials, CreateView): object = None def form_valid(self, form): - form.instance.user = self.request.user form.instance.set_did() form.save() messages.success(self.request, _('DID created successfully')) diff --git a/idhub/models.py b/idhub/models.py index 2f563bf..8db241c 100644 --- a/idhub/models.py +++ b/idhub/models.py @@ -16,6 +16,7 @@ from utils.idhub_ssikit import ( webdid_from_controller_key, verify_credential, ) +from oidc4vp.models import Organization from idhub_auth.models import User @@ -442,18 +443,24 @@ class DID(models.Model): # JSON-serialized DID document didweb_document = models.TextField() - def get_key_material(self): - return self.user.decrypt_data(self.key_material) - - def set_key_material(self, value): - self.key_material = self.user.encrypt_data(value) - @property def is_organization_did(self): if not self.user: return True return False + def get_key_material(self): + user = self.user or self.get_organization() + return user.decrypt_data(self.key_material) + + def set_key_material(self, value): + # import pdb; pdb.set_trace() + user = self.user or self.get_organization() + if not user.encrypted_sensitive_data: + user.set_encrypted_sensitive_data() + user.save() + self.key_material = user.encrypt_data(value) + def set_did(self): new_key_material = generate_did_controller_key() self.set_key_material(new_key_material) @@ -468,6 +475,9 @@ class DID(models.Model): def get_key(self): return json.loads(self.key_material) + def get_organization(self): + return Organization.objects.get(name=settings.ORGANIZATION) + class Schemas(models.Model): type = models.CharField(max_length=250) file_schema = models.CharField(max_length=250) diff --git a/idhub_auth/models.py b/idhub_auth/models.py index 49a6281..c75c7e3 100644 --- a/idhub_auth/models.py +++ b/idhub_auth/models.py @@ -145,17 +145,19 @@ class User(AbstractBaseUser): self.encrypted_sensitive_data = key_crypted def encrypt_data(self, data): - sb = self.get_secret_box() + pw = self.decrypt_sensitive_data() + sb = self.get_secret_box(pw) value_enc = sb.encrypt(data.encode('utf-8')) return base64.b64encode(value_enc).decode('utf-8') def decrypt_data(self, data): - sb = self.get_secret_box() + pw = self.decrypt_sensitive_data() + sb = self.get_secret_box(pw) value = base64.b64decode(data.encode('utf-8')) return sb.decrypt(value).decode('utf-8') - def get_secret_box(self): - sb_key = self.derive_key_from_password() + def get_secret_box(self, password): + sb_key = self.derive_key_from_password(password) return secret.SecretBox(sb_key) def change_password_key(self, new_password): diff --git a/oidc4vp/models.py b/oidc4vp/models.py index 0664532..b0d8b26 100644 --- a/oidc4vp/models.py +++ b/oidc4vp/models.py @@ -69,8 +69,8 @@ class Organization(models.Model): help_text=_("Url where to send the verificable presentation"), max_length=250 ) - encrypted_sensitive_data = models.CharField(max_length=255) - salt = models.CharField(max_length=255) + encrypted_sensitive_data = models.CharField(max_length=255, default=None, null=True) + salt = models.CharField(max_length=255, default=None, null=True) def send(self, vp, code): """ @@ -131,6 +131,8 @@ class Organization(models.Model): return base64.b64encode(sb.encrypt(data)).decode('utf-8') def get_salt(self): + if not self.salt: + return '' return base64.b64decode(self.salt.encode('utf-8')) def set_salt(self): @@ -146,6 +148,22 @@ class Organization(models.Model): key_crypted = self.encrypt_sensitive_data(key) self.encrypted_sensitive_data = key_crypted + def encrypt_data(self, data): + pw = self.decrypt_sensitive_data() + sb = self.get_secret_box(pw) + value_enc = sb.encrypt(data.encode('utf-8')) + return base64.b64encode(value_enc).decode('utf-8') + + def decrypt_data(self, data): + pw = self.decrypt_sensitive_data() + sb = self.get_secret_box(pw) + value = base64.b64decode(data.encode('utf-8')) + return sb.decrypt(value).decode('utf-8') + + def get_secret_box(self, password): + sb_key = self.derive_key_from_password(password) + return secret.SecretBox(sb_key) + def change_password_key(self, new_password): data = self.decrypt_sensitive_data() sb_key = self.derive_key_from_password(new_password)