sig credential in pdf

2024-01-10 13:53:43 +01:00 · 2024-01-10 13:53:43 +01:00 · c836112f36
parent 0ec40f66eb
commit c836112f36
10 changed files with 228 additions and 31 deletions
--- a/idhub/admin/forms.py
+++ b/idhub/admin/forms.py
@ -1,11 +1,14 @@
 import csv
 import json
+import base64
 import pandas as pd

+from pyhanko.sign import signers
+
 from django import forms
 from django.utils.translation import gettext_lazy as _
 from django.core.exceptions import ValidationError
-from utils import credtools
+from utils import credtools, certs
 from idhub.models import (
    DID,
    File_datas,
@ -216,3 +219,67 @@ class UserRolForm(forms.ModelForm):
            raise forms.ValidationError(msg)

        return data['service']
+
+
+class ImportCertificateForm(forms.Form):
+    label = forms.CharField(label=_("Label"))
+    password = forms.CharField(
+        label=_("Password of certificate"),
+        widget=forms.PasswordInput
+    )
+    file_import = forms.FileField(label=_("File import"))
+
+    def __init__(self, *args, **kwargs):
+        self._did = None
+        self._s = None
+        self._label = None
+        self.user = kwargs.pop('user', None)
+        super().__init__(*args, **kwargs)
+
+    def clean(self):
+        data = super().clean()
+        # import pdb; pdb.set_trace()
+        file_import = data.get('file_import')
+        self.pfx_file = file_import.read()
+        self.file_name = file_import.name
+        self._pss = data.get('password')
+        self._label = data.get('label')
+        if not self.pfx_file or not self._pss:
+            msg = _("Is not a valid certificate")
+            raise forms.ValidationError(msg)
+
+        self.signer_init()
+        if not self._s:
+            msg = _("Is not a valid certificate")
+            raise forms.ValidationError(msg)
+
+        self.new_did()
+        return data
+
+    def new_did(self):
+        cert = self.pfx_file
+        keys = {
+            "cert": base64.b64encode(self.pfx_file).decode('utf-8'),
+            "passphrase": self._pss
+        }
+        key_material = json.dumps(keys)
+        self._did = DID(
+            key_material=key_material,
+            did=self.file_name,
+            label=self._label,
+            eidas1=True,
+            user=self.user
+        )
+
+    def save(self, commit=True):
+
+        if commit:
+            self._did.save()
+            return self._did
+
+        return
+
+    def signer_init(self):
+        self._s = certs.load_cert(
+            self.pfx_file, self._pss.encode('utf-8')
+        )
--- a/idhub/admin/views.py
+++ b/idhub/admin/views.py
@ -30,6 +30,7 @@ from idhub.admin.forms import (
    MembershipForm,
    SchemaForm,
    UserRolForm,
+    ImportCertificateForm,
 )
 from idhub.admin.tables import (
        DashboardTable
@ -695,11 +696,27 @@ class WalletCredentialsView(Credentials):
    wallet = True


-class WalletConfigIssuesView(Credentials):
+class WalletConfigIssuesView(Credentials, FormView):
    template_name = "idhub/admin/wallet_issues.html"
    subtitle = _('Configure credential issuance')
    icon = 'bi bi-patch-check-fill'
    wallet = True
+    form_class = ImportCertificateForm
+    success_url = reverse_lazy('idhub:admin_dids')
+
+    def get_form_kwargs(self):
+        kwargs = super().get_form_kwargs()
+        kwargs['user'] = self.request.user
+        return kwargs
+
+    def form_valid(self, form):
+        cred = form.save()
+        if cred:
+            messages.success(self.request, _("The credential was imported successfully!"))
+            Event.set_EV_ORG_DID_CREATED_BY_ADMIN(cred)
+        else:
+            messages.error(self.request, _("Error importing the credential!"))
+        return super().form_valid(form)


 class SchemasView(SchemasMix):
--- a/idhub/migrations/0001_initial.py
+++ b/idhub/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 4.2.5 on 2023-12-11 08:35
+# Generated by Django 4.2.5 on 2024-01-10 11:52

 from django.conf import settings
 from django.db import migrations, models
@ -26,9 +26,10 @@ class Migration(migrations.Migration):
                    ),
                ),
                ('created_at', models.DateTimeField(auto_now=True)),
-                ('label', models.CharField(max_length=50)),
+                ('label', models.CharField(max_length=50, verbose_name='Label')),
                ('did', models.CharField(max_length=250)),
-                ('key_material', models.CharField(max_length=250)),
+                ('key_material', models.TextField()),
+                ('eidas1', models.BooleanField(default=False)),
                (
                    'user',
                    models.ForeignKey(
@ -256,8 +257,11 @@ class Migration(migrations.Migration):
                        verbose_name='ID',
                    ),
                ),
-                ('created', models.DateTimeField(auto_now=True)),
-                ('message', models.CharField(max_length=350)),
+                ('created', models.DateTimeField(auto_now=True, verbose_name='Date')),
+                (
+                    'message',
+                    models.CharField(max_length=350, verbose_name='Description'),
+                ),
                (
                    'type',
                    models.PositiveSmallIntegerField(
@ -295,7 +299,8 @@ class Migration(migrations.Migration):
                            (28, 'Organisational DID deleted by admin'),
                            (29, 'User deactivated'),
                            (30, 'User activated'),
-                        ]
+                        ],
+                        verbose_name='Event',
                    ),
                ),
                (
@ -327,6 +332,7 @@ class Migration(migrations.Migration):
                        on_delete=django.db.models.deletion.CASCADE,
                        related_name='users',
                        to='idhub.service',
+                        verbose_name='Service',
                    ),
                ),
                (
--- a/idhub/models.py
+++ b/idhub/models.py
@ -409,7 +409,8 @@ class DID(models.Model):
    # In JWK format. Must be stored as-is and passed whole to library functions.
    # Example key material:
    # '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}'
-    key_material = models.CharField(max_length=250)
+    key_material = models.TextField()
+    eidas1 = models.BooleanField(default=False)
    user = models.ForeignKey(
        User,
        on_delete=models.CASCADE,
--- a/idhub/templates/idhub/admin/wallet_issues.html
+++ b/idhub/templates/idhub/admin/wallet_issues.html
@ -6,4 +6,27 @@
  <i class="{{ icon }}"></i>
  {{ subtitle }}
 </h3>
+{% load django_bootstrap5 %}
+<form role="form" method="post" enctype="multipart/form-data">
+{% csrf_token %}
+{% if form.errors %}
+<div class="alert alert-danger alert-icon alert-icon-border alert-dismissible" role="alert">
+  <div class="icon"><span class="mdi mdi-close-circle-o"></span></div>
+  <div class="message">
+    <button class="close" type="button" data-dismiss="alert" aria-label="Close">
+    <span class="mdi mdi-close" aria-hidden="true"></span>
+    </button>
+    {% for field, error in form.errors.items %}
+      {{ error }}
+    {% endfor %}
+  </div>
+</div>
+{% endif %}
+{% bootstrap_form form %}
+<div class="form-actions-no-box">
+  <a class="btn btn-grey" href="{% url 'idhub:admin_import' %}">{% translate "Cancel" %}</a>
+  <input class="btn btn-green-admin" type="submit" name="submit" value="{% translate 'Upload' %}" />
+</div>
+
+</form>
 {% endblock %}
--- a/idhub/user/views.py
+++ b/idhub/user/views.py
@ -1,7 +1,9 @@
 import os
+import json
 import base64
 import qrcode
 import logging
+import datetime
 import weasyprint
 import qrcode.image.svg

@ -28,6 +30,7 @@ from idhub.user.forms import (
    RequestCredentialForm,
    DemandAuthorizationForm
 )
+from utils import certs
 from idhub.mixins import UserView
 from idhub.models import DID, VerificableCredential, Event

@ -130,17 +133,16 @@ class CredentialJsonView(MyWallet, TemplateView):
    _pss = '123456'

    def get(self, request, *args, **kwargs):
-        # pk = kwargs['pk']
-        # self.object = get_object_or_404(
-        #     VerificableCredential,
-        #     pk=pk,
-        #     user=self.request.user
-        # )
-        # return self.render_to_response(context=self.get_context_data())
+        pk = kwargs['pk']
+        self.user = self.request.user
+        self.object = get_object_or_404(
+            VerificableCredential,
+            pk=pk,
+            user=self.request.user
+        )

        data = self.build_certificate()
        doc = self.insert_signature(data)
-        import pdb; pdb.set_trace()
        response = HttpResponse(doc, content_type="application/pdf")
        response['Content-Disposition'] = 'attachment; filename={}'.format(self.file_name)
        return response
@ -159,10 +161,31 @@ class CredentialJsonView(MyWallet, TemplateView):
            img_head = base64.b64encode(_f.read()).decode('utf-8')

        qr = self.generate_qr_code("http://localhost")
+        if DID.objects.filter(eidas1=True).exists():
+            qr = ""
+
+        first_name = self.user.first_name and self.user.first_name.upper() or ""
+        last_name = self.user.first_name and self.user.last_name.upper() or ""
+        document_id = "0000000-L"
+        course = "COURSE 1"
+        address = "ADDRESS"
+        date_course = datetime.datetime.now()
+        n_hours = 40
+        n_lections = 5
+        issue_date = datetime.datetime.now()
        context.update({
-        #     'object': self.object,
+            'object': self.object,
            "image_signature": img_sig,
            "image_header": img_head,
+            "first_name": first_name,
+            "last_name": last_name,
+            "document_id": document_id,
+            "course": course,
+            "address": address,
+            "date_course": date_course,
+            "n_hours": n_hours,
+            "n_lections": n_lections,
+            "issue_date": issue_date,
            "qr": qr
        })
        return context
@ -188,17 +211,31 @@ class CredentialJsonView(MyWallet, TemplateView):

        return base64.b64encode(img_buffer.getvalue()).decode('utf-8')

+    def get_pfx_data(self):
+        did = DID.objects.filter(eidas1=True).first()
+        if not did:
+            return None, None
+        key_material = json.loads(did.key_material)
+        cert = key_material.get("cert")
+        passphrase = key_material.get("passphrase")
+        if cert and passphrase:
+            return base64.b64decode(cert), passphrase.encode('utf-8')
+        return None, None
+        
+
    def signer_init(self):
-        fname = "examples/signerDNIe004.pfx"
-        # pfx_buffer = BytesIO()
-        pfx_file= next(Path.cwd().glob(fname))
-        s = signers.SimpleSigner.load_pkcs12(
-            pfx_file=pfx_file, passphrase=self._pss.encode('utf-8')
+        pfx_data, passphrase = self.get_pfx_data()
+        s = certs.load_cert(
+            pfx_data, passphrase
        )
        return s

    def insert_signature(self, doc):
+        # import pdb; pdb.set_trace()
        sig = self.signer_init()
+        if not sig:
+            return
+
        _buffer = BytesIO()
        _buffer.write(doc)
        w = IncrementalPdfFileWriter(_buffer)
--- a/idhub_auth/migrations/0001_initial.py
+++ b/idhub_auth/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 4.2.5 on 2023-12-11 08:35
+# Generated by Django 4.2.5 on 2024-01-10 11:52

 from django.db import migrations, models

@ -31,13 +31,23 @@ class Migration(migrations.Migration):
                (
                    'email',
                    models.EmailField(
-                        max_length=255, unique=True, verbose_name='email address'
+                        max_length=255, unique=True, verbose_name='Email address'
                    ),
                ),
                ('is_active', models.BooleanField(default=True)),
                ('is_admin', models.BooleanField(default=False)),
-                ('first_name', models.CharField(blank=True, max_length=255, null=True)),
-                ('last_name', models.CharField(blank=True, max_length=255, null=True)),
+                (
+                    'first_name',
+                    models.CharField(
+                        blank=True, max_length=255, null=True, verbose_name='First name'
+                    ),
+                ),
+                (
+                    'last_name',
+                    models.CharField(
+                        blank=True, max_length=255, null=True, verbose_name='Last name'
+                    ),
+                ),
            ],
            options={
                'abstract': False,
--- a/oidc4vp/migrations/0001_initial.py
+++ b/oidc4vp/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 4.2.5 on 2023-12-11 08:35
+# Generated by Django 4.2.5 on 2024-01-10 11:52

 from django.conf import settings
 from django.db import migrations, models
@ -30,7 +30,7 @@ class Migration(migrations.Migration):
                    'code',
                    models.CharField(default=oidc4vp.models.set_code, max_length=24),
                ),
-                ('code_used', models.BooleanField()),
+                ('code_used', models.BooleanField(default=False)),
                ('created', models.DateTimeField(auto_now=True)),
                ('presentation_definition', models.CharField(max_length=250)),
            ],
@ -91,7 +91,7 @@ class Migration(migrations.Migration):
                    models.ForeignKey(
                        null=True,
                        on_delete=django.db.models.deletion.SET_NULL,
-                        related_name='oauth2vptoken',
+                        related_name='vp_tokens',
                        to='oidc4vp.authorization',
                    ),
                ),
--- a/promotion/migrations/0001_initial.py
+++ b/promotion/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 4.2.5 on 2023-12-11 08:35
+# Generated by Django 4.2.5 on 2024-01-10 11:52

 from django.db import migrations, models
 import django.db.models.deletion
--- a/utils/certs.py
+++ b/utils/certs.py
@ -0,0 +1,36 @@
+from pyhanko.sign.signers import SimpleSigner
+from cryptography.hazmat.primitives.serialization import pkcs12
+from pyhanko_certvalidator.registry import SimpleCertificateStore
+from pyhanko.keys import _translate_pyca_cryptography_cert_to_asn1
+from pyhanko.keys import _translate_pyca_cryptography_key_to_asn1
+
+
+def load_cert(pfx_bytes, passphrase):
+    try:
+        (
+        private_key,
+        cert,
+        other_certs_pkcs12,
+        ) = pkcs12.load_key_and_certificates(pfx_bytes, passphrase)
+    except (IOError, ValueError, TypeError) as e:
+        # logger.error(
+        #     'Could not load key material from PKCS#12 file', exc_info=e
+        # )
+        return None
+
+    kinfo = _translate_pyca_cryptography_key_to_asn1(private_key)
+    cert = _translate_pyca_cryptography_cert_to_asn1(cert)
+    other_certs_pkcs12 = set(
+        map(_translate_pyca_cryptography_cert_to_asn1, other_certs_pkcs12)
+    )
+
+    cs = SimpleCertificateStore()
+    certs_to_register = set(other_certs_pkcs12)
+    cs.register_multiple(certs_to_register)
+    return SimpleSigner(
+        signing_key=kinfo,
+        signing_cert=cert,
+        cert_registry=cs,
+        signature_mechanism=None,
+        prefer_pss=False,
+    )