ereuse
/
IdHub
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

registar dids as organization

This commit is contained in:
Cayo Puigdefabregas 2024-02-23 16:50:31 +01:00
parent 365c58d87a
commit a290b2e45c
4 changed files with 42 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
idhub/admin/views.py
View File

@ -781,7 +781,6 @@ class DidRegisterView(Credentials, CreateView):
object = None object = None
def form_valid(self, form): def form_valid(self, form):
form.instance.user = self.request.user
form.instance.set_did() form.instance.set_did()
form.save() form.save()
messages.success(self.request, _('DID created successfully')) messages.success(self.request, _('DID created successfully'))

22
idhub/models.py
View File

@ -16,6 +16,7 @@ from utils.idhub_ssikit import (
webdid_from_controller_key, webdid_from_controller_key,
verify_credential, verify_credential,
) )
from oidc4vp.models import Organization
from idhub_auth.models import User from idhub_auth.models import User
@ -442,18 +443,24 @@ class DID(models.Model):
# JSON-serialized DID document # JSON-serialized DID document
didweb_document = models.TextField() didweb_document = models.TextField()
def get_key_material(self):
return self.user.decrypt_data(self.key_material)
def set_key_material(self, value):
self.key_material = self.user.encrypt_data(value)
@property @property
def is_organization_did(self): def is_organization_did(self):
if not self.user: if not self.user:
return True return True
return False return False
def get_key_material(self):
user = self.user or self.get_organization()
return user.decrypt_data(self.key_material)
def set_key_material(self, value):
# import pdb; pdb.set_trace()
user = self.user or self.get_organization()
if not user.encrypted_sensitive_data:
user.set_encrypted_sensitive_data()
user.save()
self.key_material = user.encrypt_data(value)
def set_did(self): def set_did(self):
new_key_material = generate_did_controller_key() new_key_material = generate_did_controller_key()
self.set_key_material(new_key_material) self.set_key_material(new_key_material)
@ -468,6 +475,9 @@ class DID(models.Model):
def get_key(self): def get_key(self):
return json.loads(self.key_material) return json.loads(self.key_material)
def get_organization(self):
return Organization.objects.get(name=settings.ORGANIZATION)
class Schemas(models.Model): class Schemas(models.Model):
type = models.CharField(max_length=250) type = models.CharField(max_length=250)
file_schema = models.CharField(max_length=250) file_schema = models.CharField(max_length=250)

10
idhub_auth/models.py
View File

@ -145,17 +145,19 @@ class User(AbstractBaseUser):
self.encrypted_sensitive_data = key_crypted self.encrypted_sensitive_data = key_crypted
def encrypt_data(self, data): def encrypt_data(self, data):
sb = self.get_secret_box() pw = self.decrypt_sensitive_data()
sb = self.get_secret_box(pw)
value_enc = sb.encrypt(data.encode('utf-8')) value_enc = sb.encrypt(data.encode('utf-8'))
return base64.b64encode(value_enc).decode('utf-8') return base64.b64encode(value_enc).decode('utf-8')
def decrypt_data(self, data): def decrypt_data(self, data):
sb = self.get_secret_box() pw = self.decrypt_sensitive_data()
sb = self.get_secret_box(pw)
value = base64.b64decode(data.encode('utf-8')) value = base64.b64decode(data.encode('utf-8'))
return sb.decrypt(value).decode('utf-8') return sb.decrypt(value).decode('utf-8')
def get_secret_box(self): def get_secret_box(self, password):
sb_key = self.derive_key_from_password() sb_key = self.derive_key_from_password(password)
return secret.SecretBox(sb_key) return secret.SecretBox(sb_key)
def change_password_key(self, new_password): def change_password_key(self, new_password):

22
oidc4vp/models.py
View File

@ -69,8 +69,8 @@ class Organization(models.Model):
help_text=_("Url where to send the verificable presentation"), help_text=_("Url where to send the verificable presentation"),
max_length=250 max_length=250
) )
encrypted_sensitive_data = models.CharField(max_length=255) encrypted_sensitive_data = models.CharField(max_length=255, default=None, null=True)
salt = models.CharField(max_length=255) salt = models.CharField(max_length=255, default=None, null=True)
def send(self, vp, code): def send(self, vp, code):
""" """
@ -131,6 +131,8 @@ class Organization(models.Model):
return base64.b64encode(sb.encrypt(data)).decode('utf-8') return base64.b64encode(sb.encrypt(data)).decode('utf-8')
def get_salt(self): def get_salt(self):
if not self.salt:
return ''
return base64.b64decode(self.salt.encode('utf-8')) return base64.b64decode(self.salt.encode('utf-8'))
def set_salt(self): def set_salt(self):
@ -146,6 +148,22 @@ class Organization(models.Model):
key_crypted = self.encrypt_sensitive_data(key) key_crypted = self.encrypt_sensitive_data(key)
self.encrypted_sensitive_data = key_crypted self.encrypted_sensitive_data = key_crypted
def encrypt_data(self, data):
pw = self.decrypt_sensitive_data()
sb = self.get_secret_box(pw)
value_enc = sb.encrypt(data.encode('utf-8'))
return base64.b64encode(value_enc).decode('utf-8')
def decrypt_data(self, data):
pw = self.decrypt_sensitive_data()
sb = self.get_secret_box(pw)
value = base64.b64decode(data.encode('utf-8'))
return sb.decrypt(value).decode('utf-8')
def get_secret_box(self, password):
sb_key = self.derive_key_from_password(password)
return secret.SecretBox(sb_key)
def change_password_key(self, new_password): def change_password_key(self, new_password):
data = self.decrypt_sensitive_data() data = self.decrypt_sensitive_data()
sb_key = self.derive_key_from_password(new_password) sb_key = self.derive_key_from_password(new_password)