sig credential in pdf
This commit is contained in:
parent
0ec40f66eb
commit
c836112f36
|
@ -1,11 +1,14 @@
|
|||
import csv
|
||||
import json
|
||||
import base64
|
||||
import pandas as pd
|
||||
|
||||
from pyhanko.sign import signers
|
||||
|
||||
from django import forms
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.core.exceptions import ValidationError
|
||||
from utils import credtools
|
||||
from utils import credtools, certs
|
||||
from idhub.models import (
|
||||
DID,
|
||||
File_datas,
|
||||
|
@ -216,3 +219,67 @@ class UserRolForm(forms.ModelForm):
|
|||
raise forms.ValidationError(msg)
|
||||
|
||||
return data['service']
|
||||
|
||||
|
||||
class ImportCertificateForm(forms.Form):
|
||||
label = forms.CharField(label=_("Label"))
|
||||
password = forms.CharField(
|
||||
label=_("Password of certificate"),
|
||||
widget=forms.PasswordInput
|
||||
)
|
||||
file_import = forms.FileField(label=_("File import"))
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
self._did = None
|
||||
self._s = None
|
||||
self._label = None
|
||||
self.user = kwargs.pop('user', None)
|
||||
super().__init__(*args, **kwargs)
|
||||
|
||||
def clean(self):
|
||||
data = super().clean()
|
||||
# import pdb; pdb.set_trace()
|
||||
file_import = data.get('file_import')
|
||||
self.pfx_file = file_import.read()
|
||||
self.file_name = file_import.name
|
||||
self._pss = data.get('password')
|
||||
self._label = data.get('label')
|
||||
if not self.pfx_file or not self._pss:
|
||||
msg = _("Is not a valid certificate")
|
||||
raise forms.ValidationError(msg)
|
||||
|
||||
self.signer_init()
|
||||
if not self._s:
|
||||
msg = _("Is not a valid certificate")
|
||||
raise forms.ValidationError(msg)
|
||||
|
||||
self.new_did()
|
||||
return data
|
||||
|
||||
def new_did(self):
|
||||
cert = self.pfx_file
|
||||
keys = {
|
||||
"cert": base64.b64encode(self.pfx_file).decode('utf-8'),
|
||||
"passphrase": self._pss
|
||||
}
|
||||
key_material = json.dumps(keys)
|
||||
self._did = DID(
|
||||
key_material=key_material,
|
||||
did=self.file_name,
|
||||
label=self._label,
|
||||
eidas1=True,
|
||||
user=self.user
|
||||
)
|
||||
|
||||
def save(self, commit=True):
|
||||
|
||||
if commit:
|
||||
self._did.save()
|
||||
return self._did
|
||||
|
||||
return
|
||||
|
||||
def signer_init(self):
|
||||
self._s = certs.load_cert(
|
||||
self.pfx_file, self._pss.encode('utf-8')
|
||||
)
|
||||
|
|
|
@ -30,6 +30,7 @@ from idhub.admin.forms import (
|
|||
MembershipForm,
|
||||
SchemaForm,
|
||||
UserRolForm,
|
||||
ImportCertificateForm,
|
||||
)
|
||||
from idhub.admin.tables import (
|
||||
DashboardTable
|
||||
|
@ -695,11 +696,27 @@ class WalletCredentialsView(Credentials):
|
|||
wallet = True
|
||||
|
||||
|
||||
class WalletConfigIssuesView(Credentials):
|
||||
class WalletConfigIssuesView(Credentials, FormView):
|
||||
template_name = "idhub/admin/wallet_issues.html"
|
||||
subtitle = _('Configure credential issuance')
|
||||
icon = 'bi bi-patch-check-fill'
|
||||
wallet = True
|
||||
form_class = ImportCertificateForm
|
||||
success_url = reverse_lazy('idhub:admin_dids')
|
||||
|
||||
def get_form_kwargs(self):
|
||||
kwargs = super().get_form_kwargs()
|
||||
kwargs['user'] = self.request.user
|
||||
return kwargs
|
||||
|
||||
def form_valid(self, form):
|
||||
cred = form.save()
|
||||
if cred:
|
||||
messages.success(self.request, _("The credential was imported successfully!"))
|
||||
Event.set_EV_ORG_DID_CREATED_BY_ADMIN(cred)
|
||||
else:
|
||||
messages.error(self.request, _("Error importing the credential!"))
|
||||
return super().form_valid(form)
|
||||
|
||||
|
||||
class SchemasView(SchemasMix):
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Generated by Django 4.2.5 on 2023-12-11 08:35
|
||||
# Generated by Django 4.2.5 on 2024-01-10 11:52
|
||||
|
||||
from django.conf import settings
|
||||
from django.db import migrations, models
|
||||
|
@ -26,9 +26,10 @@ class Migration(migrations.Migration):
|
|||
),
|
||||
),
|
||||
('created_at', models.DateTimeField(auto_now=True)),
|
||||
('label', models.CharField(max_length=50)),
|
||||
('label', models.CharField(max_length=50, verbose_name='Label')),
|
||||
('did', models.CharField(max_length=250)),
|
||||
('key_material', models.CharField(max_length=250)),
|
||||
('key_material', models.TextField()),
|
||||
('eidas1', models.BooleanField(default=False)),
|
||||
(
|
||||
'user',
|
||||
models.ForeignKey(
|
||||
|
@ -256,8 +257,11 @@ class Migration(migrations.Migration):
|
|||
verbose_name='ID',
|
||||
),
|
||||
),
|
||||
('created', models.DateTimeField(auto_now=True)),
|
||||
('message', models.CharField(max_length=350)),
|
||||
('created', models.DateTimeField(auto_now=True, verbose_name='Date')),
|
||||
(
|
||||
'message',
|
||||
models.CharField(max_length=350, verbose_name='Description'),
|
||||
),
|
||||
(
|
||||
'type',
|
||||
models.PositiveSmallIntegerField(
|
||||
|
@ -295,7 +299,8 @@ class Migration(migrations.Migration):
|
|||
(28, 'Organisational DID deleted by admin'),
|
||||
(29, 'User deactivated'),
|
||||
(30, 'User activated'),
|
||||
]
|
||||
],
|
||||
verbose_name='Event',
|
||||
),
|
||||
),
|
||||
(
|
||||
|
@ -327,6 +332,7 @@ class Migration(migrations.Migration):
|
|||
on_delete=django.db.models.deletion.CASCADE,
|
||||
related_name='users',
|
||||
to='idhub.service',
|
||||
verbose_name='Service',
|
||||
),
|
||||
),
|
||||
(
|
||||
|
|
|
@ -409,7 +409,8 @@ class DID(models.Model):
|
|||
# In JWK format. Must be stored as-is and passed whole to library functions.
|
||||
# Example key material:
|
||||
# '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}'
|
||||
key_material = models.CharField(max_length=250)
|
||||
key_material = models.TextField()
|
||||
eidas1 = models.BooleanField(default=False)
|
||||
user = models.ForeignKey(
|
||||
User,
|
||||
on_delete=models.CASCADE,
|
||||
|
|
|
@ -6,4 +6,27 @@
|
|||
<i class="{{ icon }}"></i>
|
||||
{{ subtitle }}
|
||||
</h3>
|
||||
{% load django_bootstrap5 %}
|
||||
<form role="form" method="post" enctype="multipart/form-data">
|
||||
{% csrf_token %}
|
||||
{% if form.errors %}
|
||||
<div class="alert alert-danger alert-icon alert-icon-border alert-dismissible" role="alert">
|
||||
<div class="icon"><span class="mdi mdi-close-circle-o"></span></div>
|
||||
<div class="message">
|
||||
<button class="close" type="button" data-dismiss="alert" aria-label="Close">
|
||||
<span class="mdi mdi-close" aria-hidden="true"></span>
|
||||
</button>
|
||||
{% for field, error in form.errors.items %}
|
||||
{{ error }}
|
||||
{% endfor %}
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% bootstrap_form form %}
|
||||
<div class="form-actions-no-box">
|
||||
<a class="btn btn-grey" href="{% url 'idhub:admin_import' %}">{% translate "Cancel" %}</a>
|
||||
<input class="btn btn-green-admin" type="submit" name="submit" value="{% translate 'Upload' %}" />
|
||||
</div>
|
||||
|
||||
</form>
|
||||
{% endblock %}
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
import os
|
||||
import json
|
||||
import base64
|
||||
import qrcode
|
||||
import logging
|
||||
import datetime
|
||||
import weasyprint
|
||||
import qrcode.image.svg
|
||||
|
||||
|
@ -28,6 +30,7 @@ from idhub.user.forms import (
|
|||
RequestCredentialForm,
|
||||
DemandAuthorizationForm
|
||||
)
|
||||
from utils import certs
|
||||
from idhub.mixins import UserView
|
||||
from idhub.models import DID, VerificableCredential, Event
|
||||
|
||||
|
@ -130,17 +133,16 @@ class CredentialJsonView(MyWallet, TemplateView):
|
|||
_pss = '123456'
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
# pk = kwargs['pk']
|
||||
# self.object = get_object_or_404(
|
||||
# VerificableCredential,
|
||||
# pk=pk,
|
||||
# user=self.request.user
|
||||
# )
|
||||
# return self.render_to_response(context=self.get_context_data())
|
||||
pk = kwargs['pk']
|
||||
self.user = self.request.user
|
||||
self.object = get_object_or_404(
|
||||
VerificableCredential,
|
||||
pk=pk,
|
||||
user=self.request.user
|
||||
)
|
||||
|
||||
data = self.build_certificate()
|
||||
doc = self.insert_signature(data)
|
||||
import pdb; pdb.set_trace()
|
||||
response = HttpResponse(doc, content_type="application/pdf")
|
||||
response['Content-Disposition'] = 'attachment; filename={}'.format(self.file_name)
|
||||
return response
|
||||
|
@ -159,10 +161,31 @@ class CredentialJsonView(MyWallet, TemplateView):
|
|||
img_head = base64.b64encode(_f.read()).decode('utf-8')
|
||||
|
||||
qr = self.generate_qr_code("http://localhost")
|
||||
if DID.objects.filter(eidas1=True).exists():
|
||||
qr = ""
|
||||
|
||||
first_name = self.user.first_name and self.user.first_name.upper() or ""
|
||||
last_name = self.user.first_name and self.user.last_name.upper() or ""
|
||||
document_id = "0000000-L"
|
||||
course = "COURSE 1"
|
||||
address = "ADDRESS"
|
||||
date_course = datetime.datetime.now()
|
||||
n_hours = 40
|
||||
n_lections = 5
|
||||
issue_date = datetime.datetime.now()
|
||||
context.update({
|
||||
# 'object': self.object,
|
||||
'object': self.object,
|
||||
"image_signature": img_sig,
|
||||
"image_header": img_head,
|
||||
"first_name": first_name,
|
||||
"last_name": last_name,
|
||||
"document_id": document_id,
|
||||
"course": course,
|
||||
"address": address,
|
||||
"date_course": date_course,
|
||||
"n_hours": n_hours,
|
||||
"n_lections": n_lections,
|
||||
"issue_date": issue_date,
|
||||
"qr": qr
|
||||
})
|
||||
return context
|
||||
|
@ -188,17 +211,31 @@ class CredentialJsonView(MyWallet, TemplateView):
|
|||
|
||||
return base64.b64encode(img_buffer.getvalue()).decode('utf-8')
|
||||
|
||||
def get_pfx_data(self):
|
||||
did = DID.objects.filter(eidas1=True).first()
|
||||
if not did:
|
||||
return None, None
|
||||
key_material = json.loads(did.key_material)
|
||||
cert = key_material.get("cert")
|
||||
passphrase = key_material.get("passphrase")
|
||||
if cert and passphrase:
|
||||
return base64.b64decode(cert), passphrase.encode('utf-8')
|
||||
return None, None
|
||||
|
||||
|
||||
def signer_init(self):
|
||||
fname = "examples/signerDNIe004.pfx"
|
||||
# pfx_buffer = BytesIO()
|
||||
pfx_file= next(Path.cwd().glob(fname))
|
||||
s = signers.SimpleSigner.load_pkcs12(
|
||||
pfx_file=pfx_file, passphrase=self._pss.encode('utf-8')
|
||||
pfx_data, passphrase = self.get_pfx_data()
|
||||
s = certs.load_cert(
|
||||
pfx_data, passphrase
|
||||
)
|
||||
return s
|
||||
|
||||
def insert_signature(self, doc):
|
||||
# import pdb; pdb.set_trace()
|
||||
sig = self.signer_init()
|
||||
if not sig:
|
||||
return
|
||||
|
||||
_buffer = BytesIO()
|
||||
_buffer.write(doc)
|
||||
w = IncrementalPdfFileWriter(_buffer)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Generated by Django 4.2.5 on 2023-12-11 08:35
|
||||
# Generated by Django 4.2.5 on 2024-01-10 11:52
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
@ -31,13 +31,23 @@ class Migration(migrations.Migration):
|
|||
(
|
||||
'email',
|
||||
models.EmailField(
|
||||
max_length=255, unique=True, verbose_name='email address'
|
||||
max_length=255, unique=True, verbose_name='Email address'
|
||||
),
|
||||
),
|
||||
('is_active', models.BooleanField(default=True)),
|
||||
('is_admin', models.BooleanField(default=False)),
|
||||
('first_name', models.CharField(blank=True, max_length=255, null=True)),
|
||||
('last_name', models.CharField(blank=True, max_length=255, null=True)),
|
||||
(
|
||||
'first_name',
|
||||
models.CharField(
|
||||
blank=True, max_length=255, null=True, verbose_name='First name'
|
||||
),
|
||||
),
|
||||
(
|
||||
'last_name',
|
||||
models.CharField(
|
||||
blank=True, max_length=255, null=True, verbose_name='Last name'
|
||||
),
|
||||
),
|
||||
],
|
||||
options={
|
||||
'abstract': False,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Generated by Django 4.2.5 on 2023-12-11 08:35
|
||||
# Generated by Django 4.2.5 on 2024-01-10 11:52
|
||||
|
||||
from django.conf import settings
|
||||
from django.db import migrations, models
|
||||
|
@ -30,7 +30,7 @@ class Migration(migrations.Migration):
|
|||
'code',
|
||||
models.CharField(default=oidc4vp.models.set_code, max_length=24),
|
||||
),
|
||||
('code_used', models.BooleanField()),
|
||||
('code_used', models.BooleanField(default=False)),
|
||||
('created', models.DateTimeField(auto_now=True)),
|
||||
('presentation_definition', models.CharField(max_length=250)),
|
||||
],
|
||||
|
@ -91,7 +91,7 @@ class Migration(migrations.Migration):
|
|||
models.ForeignKey(
|
||||
null=True,
|
||||
on_delete=django.db.models.deletion.SET_NULL,
|
||||
related_name='oauth2vptoken',
|
||||
related_name='vp_tokens',
|
||||
to='oidc4vp.authorization',
|
||||
),
|
||||
),
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Generated by Django 4.2.5 on 2023-12-11 08:35
|
||||
# Generated by Django 4.2.5 on 2024-01-10 11:52
|
||||
|
||||
from django.db import migrations, models
|
||||
import django.db.models.deletion
|
||||
|
|
36
utils/certs.py
Normal file
36
utils/certs.py
Normal file
|
@ -0,0 +1,36 @@
|
|||
from pyhanko.sign.signers import SimpleSigner
|
||||
from cryptography.hazmat.primitives.serialization import pkcs12
|
||||
from pyhanko_certvalidator.registry import SimpleCertificateStore
|
||||
from pyhanko.keys import _translate_pyca_cryptography_cert_to_asn1
|
||||
from pyhanko.keys import _translate_pyca_cryptography_key_to_asn1
|
||||
|
||||
|
||||
def load_cert(pfx_bytes, passphrase):
|
||||
try:
|
||||
(
|
||||
private_key,
|
||||
cert,
|
||||
other_certs_pkcs12,
|
||||
) = pkcs12.load_key_and_certificates(pfx_bytes, passphrase)
|
||||
except (IOError, ValueError, TypeError) as e:
|
||||
# logger.error(
|
||||
# 'Could not load key material from PKCS#12 file', exc_info=e
|
||||
# )
|
||||
return None
|
||||
|
||||
kinfo = _translate_pyca_cryptography_key_to_asn1(private_key)
|
||||
cert = _translate_pyca_cryptography_cert_to_asn1(cert)
|
||||
other_certs_pkcs12 = set(
|
||||
map(_translate_pyca_cryptography_cert_to_asn1, other_certs_pkcs12)
|
||||
)
|
||||
|
||||
cs = SimpleCertificateStore()
|
||||
certs_to_register = set(other_certs_pkcs12)
|
||||
cs.register_multiple(certs_to_register)
|
||||
return SimpleSigner(
|
||||
signing_key=kinfo,
|
||||
signing_cert=cert,
|
||||
cert_registry=cs,
|
||||
signature_mechanism=None,
|
||||
prefer_pss=False,
|
||||
)
|
Loading…
Reference in a new issue