From a290b2e45c1fabaa712d83dad7fef23ba1fd61c6 Mon Sep 17 00:00:00 2001
From: Cayo Puigdefabregas <cayo@usody.com>
Date: Fri, 23 Feb 2024 16:50:31 +0100
Subject: [PATCH] registar dids as organization

---
 idhub/admin/views.py |  1 -
 idhub/models.py      | 22 ++++++++++++++++------
 idhub_auth/models.py | 10 ++++++----
 oidc4vp/models.py    | 22 ++++++++++++++++++++--
 4 files changed, 42 insertions(+), 13 deletions(-)

diff --git a/idhub/admin/views.py b/idhub/admin/views.py
index b5216a4..ad907a6 100644
--- a/idhub/admin/views.py
+++ b/idhub/admin/views.py
@@ -781,7 +781,6 @@ class DidRegisterView(Credentials, CreateView):
     object = None
 
     def form_valid(self, form):
-        form.instance.user = self.request.user
         form.instance.set_did()
         form.save()
         messages.success(self.request, _('DID created successfully'))
diff --git a/idhub/models.py b/idhub/models.py
index 2f563bf..8db241c 100644
--- a/idhub/models.py
+++ b/idhub/models.py
@@ -16,6 +16,7 @@ from utils.idhub_ssikit import (
     webdid_from_controller_key,
     verify_credential,
 )
+from oidc4vp.models import Organization
 from idhub_auth.models import User
 
 
@@ -442,18 +443,24 @@ class DID(models.Model):
     # JSON-serialized DID document
     didweb_document = models.TextField()
 
-    def get_key_material(self):
-        return self.user.decrypt_data(self.key_material)
-
-    def set_key_material(self, value):
-        self.key_material = self.user.encrypt_data(value)
-        
     @property
     def is_organization_did(self):
         if not self.user:
             return True
         return False
 
+    def get_key_material(self):
+        user = self.user or self.get_organization()
+        return user.decrypt_data(self.key_material)
+
+    def set_key_material(self, value):
+        # import pdb; pdb.set_trace()
+        user = self.user or self.get_organization()
+        if not user.encrypted_sensitive_data:
+            user.set_encrypted_sensitive_data()
+            user.save()
+        self.key_material = user.encrypt_data(value)
+        
     def set_did(self):
         new_key_material = generate_did_controller_key()
         self.set_key_material(new_key_material)
@@ -468,6 +475,9 @@ class DID(models.Model):
     def get_key(self):
         return json.loads(self.key_material)
 
+    def get_organization(self):
+        return Organization.objects.get(name=settings.ORGANIZATION)
+
 class Schemas(models.Model):
     type = models.CharField(max_length=250)
     file_schema = models.CharField(max_length=250)
diff --git a/idhub_auth/models.py b/idhub_auth/models.py
index 49a6281..c75c7e3 100644
--- a/idhub_auth/models.py
+++ b/idhub_auth/models.py
@@ -145,17 +145,19 @@ class User(AbstractBaseUser):
         self.encrypted_sensitive_data = key_crypted
 
     def encrypt_data(self, data):
-        sb = self.get_secret_box()
+        pw = self.decrypt_sensitive_data()
+        sb = self.get_secret_box(pw)
         value_enc = sb.encrypt(data.encode('utf-8'))
         return base64.b64encode(value_enc).decode('utf-8')
 
     def decrypt_data(self, data):
-        sb = self.get_secret_box()
+        pw = self.decrypt_sensitive_data()
+        sb = self.get_secret_box(pw)
         value = base64.b64decode(data.encode('utf-8'))
         return sb.decrypt(value).decode('utf-8')
 
-    def get_secret_box(self):
-        sb_key = self.derive_key_from_password()
+    def get_secret_box(self, password):
+        sb_key = self.derive_key_from_password(password)
         return secret.SecretBox(sb_key)
 
     def change_password_key(self, new_password):
diff --git a/oidc4vp/models.py b/oidc4vp/models.py
index 0664532..b0d8b26 100644
--- a/oidc4vp/models.py
+++ b/oidc4vp/models.py
@@ -69,8 +69,8 @@ class Organization(models.Model):
         help_text=_("Url where to send the verificable presentation"),
         max_length=250
     )
-    encrypted_sensitive_data = models.CharField(max_length=255)
-    salt = models.CharField(max_length=255)
+    encrypted_sensitive_data = models.CharField(max_length=255, default=None, null=True)
+    salt = models.CharField(max_length=255, default=None, null=True)
 
     def send(self, vp, code):
         """
@@ -131,6 +131,8 @@ class Organization(models.Model):
         return base64.b64encode(sb.encrypt(data)).decode('utf-8')
 
     def get_salt(self):
+        if not self.salt:
+            return ''
         return base64.b64decode(self.salt.encode('utf-8'))
 
     def set_salt(self):
@@ -146,6 +148,22 @@ class Organization(models.Model):
         key_crypted = self.encrypt_sensitive_data(key)
         self.encrypted_sensitive_data = key_crypted
 
+    def encrypt_data(self, data):
+        pw = self.decrypt_sensitive_data()
+        sb = self.get_secret_box(pw)
+        value_enc = sb.encrypt(data.encode('utf-8'))
+        return base64.b64encode(value_enc).decode('utf-8')
+
+    def decrypt_data(self, data):
+        pw = self.decrypt_sensitive_data()
+        sb = self.get_secret_box(pw)
+        value = base64.b64decode(data.encode('utf-8'))
+        return sb.decrypt(value).decode('utf-8')
+
+    def get_secret_box(self, password):
+        sb_key = self.derive_key_from_password(password)
+        return secret.SecretBox(sb_key)
+
     def change_password_key(self, new_password):
         data = self.decrypt_sensitive_data()
         sb_key = self.derive_key_from_password(new_password)