ereuse
/
IdHub
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'pyvckit' (#1) from pyvckit into release 

Reviewed-on: #1
This commit is contained in:
cayop 2024-06-11 15:10:31 +00:00
parent 32ad6edd9d afd771fb50
commit 5b5afa5c4c
25 changed files with 399 additions and 574 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -31,23 +31,19 @@ The application's backend is responsible for issuing credentials upun user reque
python -m venv venv
source venv/bin/activate
```
3. Install the DIDKit wheel
```
wget https://gitea.pangea.org/trustchain-oc1-orchestral/ssikit_trustchain/raw/branch/master/didkit-0.3.2-cp311-cp311-manylinux_2_34_x86_64.whl
```
4. Install the required packages:
3. Install the required packages:
```
pip install -r requirements.txt
```
5. Run migrations:
4. Run migrations:
```
python manage.py migrate
```
6. Optionally you can install a minumum data set:
5. Optionally you can install a minumum data set:
```
python manage.py initial_datas
```
7. Start the development server:
6. Start the development server:
```
python manage.py runserver
```

1
cache_context.json Normal file
View File

File diff suppressed because one or more lines are too long

9
context/base.jsonld Normal file
View File

@ -0,0 +1,9 @@
{
"@context": {
"credentialSchema": "https://idhub.pangea.org/context/#credentialSchema",
"value": "https://idhub.pangea.org/context/#value",
"lang": "https://idhub.pangea.org/context/#lang",
"description": "https://idhub.pangea.org/context/#description",
"name": "https://idhub.pangea.org/context/#name"
}
}

22
context/course-credential.jsonld Normal file
View File

@ -0,0 +1,22 @@
{
"@context": {
"firstName": "https://idhub.pangea.org/context/#firstName",
"lastName": "https://idhub.pangea.org/context/#lastName",
"personalIdentifier": "https://idhub.pangea.org/context/#personalIdentifier",
"issuedDate": "https://idhub.pangea.org/context/#issuedDate",
"modeOfInstruction": "https://idhub.pangea.org/context/#modeOfInstruction",
"courseDuration": "https://idhub.pangea.org/context/#courseDuration",
"courseDays": "https://idhub.pangea.org/context/#courseDays",
"courseName": "https://idhub.pangea.org/context/#courseName",
"courseDescription": "https://idhub.pangea.org/context/#courseDescription",
"gradingScheme": "https://idhub.pangea.org/context/#gradingScheme",
"scoreAwarded": "https://idhub.pangea.org/context/#scoreAwarded",
"qualificationAwarded": "https://idhub.pangea.org/context/#qualificationAwarded",
"courseLevel": "https://idhub.pangea.org/context/#courseLevel",
"courseFramework": "https://idhub.pangea.org/context/#courseFramework",
"courseCredits": "https://idhub.pangea.org/context/#courseCredits",
"dateOfAssessment": "https://idhub.pangea.org/context/#dateOfAssessment",
"evidenceAssessment": "https://idhub.pangea.org/context/#evidenceAssessment",
"email": "https://idhub.pangea.org/context/#email"
}
}

11
context/e-operator-claim.jsonld Normal file
View File

@ -0,0 +1,11 @@
{
"@context": {
"legalName": "https://idhub.pangea.org/context/#legalName",
"accreditedBy": "https://idhub.pangea.org/context/#accreditedBy",
"operatorNumber": "https://idhub.pangea.org/context/#operatorNumber",
"limitJurisdiction": "https://idhub.pangea.org/context/#limitJurisdiction",
"accreditedFor": "https://idhub.pangea.org/context/#accreditedFor",
"role": "https://idhub.pangea.org/context/#role",
"email": "https://idhub.pangea.org/context/#email"
}
}

22
context/federation-membership.jsonld Normal file
View File

@ -0,0 +1,22 @@
{
"@context": {
"federation": "https://idhub.pangea.org/context/#federation",
"legalName": "https://idhub.pangea.org/context/#legalName",
"shortName": "https://idhub.pangea.org/context/#shortName",
"registrationIdentifier": "https://idhub.pangea.org/context/#registrationIdentifier",
"publicRegistry": "https://idhub.pangea.org/context/#publicRegistry",
"streetAddress": "https://idhub.pangea.org/context/#streetAddress",
"postCode": "https://idhub.pangea.org/context/#postCode",
"city": "https://idhub.pangea.org/context/#city",
"taxReference": "https://idhub.pangea.org/context/#taxReference",
"membershipType": "https://idhub.pangea.org/context/#membershipType",
"membershipStatus": "https://idhub.pangea.org/context/#membershipStatus",
"membershipId": "https://idhub.pangea.org/context/#membershipId",
"membershipSince": "https://idhub.pangea.org/context/#membershipSince",
"email": "https://idhub.pangea.org/context/#email",
"phone": "https://idhub.pangea.org/context/#phone",
"website": "https://idhub.pangea.org/context/#website",
"evidence": "https://idhub.pangea.org/context/#evidence",
"certificationDate": "https://idhub.pangea.org/context/#certificationDate"
}
}

17
context/financial-vulnerability.jsonld Normal file
View File

@ -0,0 +1,17 @@
{
"@context": {
"firstName": "https://idhub.pangea.org/context/#firstName",
"lastName": "https://idhub.pangea.org/context/#lastName",
"email": "https://idhub.pangea.org/context/#email",
"phoneNumber": "https://idhub.pangea.org/context/#phoneNumber",
"identityDocType": "https://idhub.pangea.org/context/#identityDocType",
"identityNumber": "https://idhub.pangea.org/context/#identityNumber",
"streetAddress": "https://idhub.pangea.org/context/#streetAddress",
"socialWorkerName": "https://idhub.pangea.org/context/#socialWorkerName",
"socialWorkerSurname": "https://idhub.pangea.org/context/#socialWorkerSurname",
"financialVulnerabilityScore": "https://idhub.pangea.org/context/#financialVulnerabilityScore",
"amountCoveredByOtherAids": "https://idhub.pangea.org/context/#amountCoveredByOtherAids",
"connectivityOptionList": "https://idhub.pangea.org/context/#connectivityOptionList",
"assessmentDate": "https://idhub.pangea.org/context/#assessmentDate"
}
}

15
context/membership-card.jsonld Normal file
View File

@ -0,0 +1,15 @@
{
"@context": {
"firstName": "https://idhub.pangea.org/context/#firstName",
"lastName": "https://idhub.pangea.org/context/#lastName",
"email": "https://idhub.pangea.org/context/#email",
"organisation": "https://idhub.pangea.org/context/#organisation",
"membershipType": "https://idhub.pangea.org/context/#membershipType",
"membershipId": "https://idhub.pangea.org/context/#membershipId",
"affiliatedSince": "https://idhub.pangea.org/context/#iaffiliatedSince",
"affiliatedUntil": "https://idhub.pangea.org/context/#affiliatedUntil",
"typeOfPerson": "https://idhub.pangea.org/context/#typeOfPerson",
"identityDocType": "https://idhub.pangea.org/context/#identityDocType",
"identityNumber": "https://idhub.pangea.org/context/#identityNumber"
}
}

113
idhub/models.py
View File

@ -6,16 +6,17 @@ import datetime
from collections import OrderedDict
from django.db import models
from django.conf import settings
from django.urls import reverse
from django.template.loader import get_template
from django.utils.translation import gettext_lazy as _
from utils.idhub_ssikit import (
generate_did_controller_key,
keydid_from_controller_key,
sign_credential,
webdid_from_controller_key,
verify_credential,
from pyvckit.did import (
generate_keys,
generate_did,
gen_did_document,
)
from pyvckit.sign import sign
from pyvckit.verify import verify_vc
from oidc4vp.models import Organization
from idhub_auth.models import User
@ -95,7 +96,7 @@ class Event(models.Model):
message=msg,
user=user
)
# Is required?
@classmethod
def set_EV_DATA_UPDATE_REQUESTED_BY_USER(cls, user):
@ -106,7 +107,7 @@ class Event(models.Model):
type=cls.Types.EV_DATA_UPDATE_REQUESTED_BY_USER,
message=msg,
)
# Is required?
@classmethod
def set_EV_DATA_UPDATE_REQUESTED(cls, user):
@ -117,7 +118,7 @@ class Event(models.Model):
message=msg,
user=user
)
@classmethod
def set_EV_USR_UPDATED_BY_ADMIN(cls, user):
msg = "The admin has updated the following user 's information: "
@ -144,7 +145,7 @@ class Event(models.Model):
message=msg,
user=user
)
@classmethod
def set_EV_USR_DELETED_BY_ADMIN(cls, user):
msg = _("The admin has deleted the user: username: {username}").format(
@ -154,7 +155,7 @@ class Event(models.Model):
type=cls.Types.EV_USR_DELETED_BY_ADMIN,
message=msg
)
@classmethod
def set_EV_DID_CREATED_BY_USER(cls, did):
msg = _("New DID with DID-ID: '{did}' created by user '{username}'").format(
@ -165,7 +166,7 @@ class Event(models.Model):
type=cls.Types.EV_DID_CREATED_BY_USER,
message=msg,
)
@classmethod
def set_EV_DID_CREATED(cls, did):
msg = _("New DID with label: '{label}' and DID-ID: '{did}' was created'").format(
@ -177,10 +178,10 @@ class Event(models.Model):
message=msg,
user=did.user
)
@classmethod
def set_EV_DID_DELETED(cls, did):
msg = _("The DID with label '{label}' and DID-ID: '{did}' was deleted from your wallet").format(
msg = _("The DID with label '{label}' and DID-ID: '{did}' was deleted from your wallet").format(
label=did.label,
did=did.did
)
@ -189,7 +190,7 @@ class Event(models.Model):
message=msg,
user=did.user
)
@classmethod
def set_EV_CREDENTIAL_DELETED_BY_ADMIN(cls, cred):
msg = _("The credential of type '{type}' and ID: '{id}' was deleted").format(
@ -200,7 +201,7 @@ class Event(models.Model):
type=cls.Types.EV_CREDENTIAL_DELETED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_CREDENTIAL_DELETED(cls, cred):
msg = _("The credential of type '{type}' and ID: '{id}' was deleted from your wallet").format(
@ -212,7 +213,7 @@ class Event(models.Model):
message=msg,
user=cred.user
)
@classmethod
def set_EV_CREDENTIAL_ISSUED_FOR_USER(cls, cred):
msg = _("The credential of type '{type}' and ID: '{id}' was issued for user {username}").format(
@ -224,7 +225,7 @@ class Event(models.Model):
type=cls.Types.EV_CREDENTIAL_ISSUED_FOR_USER,
message=msg,
)
@classmethod
def set_EV_CREDENTIAL_ISSUED(cls, cred):
msg = _("The credential of type '{type}' and ID: '{id}' was issued and stored in your wallet").format(
@ -236,7 +237,7 @@ class Event(models.Model):
message=msg,
user=cred.user
)
@classmethod
def set_EV_CREDENTIAL_PRESENTED_BY_USER(cls, cred, verifier):
msg = "The credential of type '{type}' and ID: '{id}' "
@ -251,7 +252,7 @@ class Event(models.Model):
type=cls.Types.EV_CREDENTIAL_PRESENTED_BY_USER,
message=msg,
)
@classmethod
def set_EV_CREDENTIAL_PRESENTED(cls, cred, verifier):
msg = "The credential of type '{type}' and ID: '{id}' "
@ -266,7 +267,7 @@ class Event(models.Model):
message=msg,
user=cred.user
)
@classmethod
def set_EV_CREDENTIAL_ENABLED(cls, cred):
msg = _("The credential of type '{type}' was enabled for user {username}").format(
@ -277,7 +278,7 @@ class Event(models.Model):
type=cls.Types.EV_CREDENTIAL_ENABLED,
message=msg,
)
@classmethod
def set_EV_CREDENTIAL_CAN_BE_REQUESTED(cls, cred):
msg = _("You can request the '{type}' credential").format(
@ -288,7 +289,7 @@ class Event(models.Model):
message=msg,
user=cred.user
)
@classmethod
def set_EV_CREDENTIAL_REVOKED_BY_ADMIN(cls, cred):
msg = _("The credential of type '{type}' and ID: '{id}' was revoked for ").format(
@ -299,7 +300,7 @@ class Event(models.Model):
type=cls.Types.EV_CREDENTIAL_REVOKED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_CREDENTIAL_REVOKED(cls, cred):
msg = _("The credential of type '{type}' and ID: '{id}' was revoked by admin").format(
@ -311,7 +312,7 @@ class Event(models.Model):
message=msg,
user=cred.user
)
@classmethod
def set_EV_ROLE_CREATED_BY_ADMIN(cls):
msg = _('A new role was created by admin')
@ -319,7 +320,7 @@ class Event(models.Model):
type=cls.Types.EV_ROLE_CREATED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_ROLE_MODIFIED_BY_ADMIN(cls):
msg = _('The role was modified by admin')
@ -327,7 +328,7 @@ class Event(models.Model):
type=cls.Types.EV_ROLE_MODIFIED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_ROLE_DELETED_BY_ADMIN(cls):
msg = _('The role was removed by admin')
@ -335,7 +336,7 @@ class Event(models.Model):
type=cls.Types.EV_ROLE_DELETED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_SERVICE_CREATED_BY_ADMIN(cls):
msg = _('A new service was created by admin')
@ -343,7 +344,7 @@ class Event(models.Model):
type=cls.Types.EV_SERVICE_CREATED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_SERVICE_MODIFIED_BY_ADMIN(cls):
msg = _('The service was modified by admin')
@ -351,7 +352,7 @@ class Event(models.Model):
type=cls.Types.EV_SERVICE_MODIFIED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_SERVICE_DELETED_BY_ADMIN(cls):
msg = _('The service was removed by admin')
@ -359,7 +360,7 @@ class Event(models.Model):
type=cls.Types.EV_SERVICE_DELETED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_ORG_DID_CREATED_BY_ADMIN(cls, did):
msg = _("New Organisational DID with label: '{label}' and DID-ID: '{did}' was created").format(
@ -370,7 +371,7 @@ class Event(models.Model):
type=cls.Types.EV_ORG_DID_CREATED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_ORG_DID_DELETED_BY_ADMIN(cls, did):
msg = _("Organisational DID with label: '{label}' and DID-ID: '{did}' was removed").format(
@ -381,7 +382,7 @@ class Event(models.Model):
type=cls.Types.EV_ORG_DID_DELETED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_USR_DEACTIVATED_BY_ADMIN(cls, user):
msg = "The user '{username}' was temporarily deactivated: "
@ -395,7 +396,7 @@ class Event(models.Model):
type=cls.Types.EV_USR_DEACTIVATED_BY_ADMIN,
message=msg,
)
@classmethod
def set_EV_USR_ACTIVATED_BY_ADMIN(cls, user):
msg = "The user '{username}' was activated: "
@ -417,7 +418,7 @@ class Event(models.Model):
message=msg,
user=user
)
@classmethod
def set_EV_USR_SEND_CREDENTIAL(cls, msg):
cls.objects.create(
@ -467,17 +468,24 @@ class DID(models.Model):
user.set_encrypted_sensitive_data()
user.save()
self.key_material = user.encrypt_data(value)
def set_did(self):
new_key_material = generate_did_controller_key()
new_key_material = generate_keys()
self.set_key_material(new_key_material)
if self.type == self.Types.KEY:
self.did = keydid_from_controller_key(new_key_material)
self.did = generate_did(new_key_material)
elif self.type == self.Types.WEB:
didurl, document = webdid_from_controller_key(new_key_material, settings.DOMAIN)
self.did = didurl
self.didweb_document = document
url = "https://{}".format(settings.DOMAIN)
path = reverse("idhub:serve_did", args=["a"])
if path:
path = path.split("/a/did.json")[0]
url = "https://{}/{}".format(settings.DOMAIN, path)
self.did = generate_did(new_key_material, url)
key = json.loads(new_key_material)
url, self.didweb_document = gen_did_document(self.did, key)
def get_key(self):
return json.loads(self.key_material)
@ -681,15 +689,18 @@ class VerificableCredential(models.Model):
# hash of credential without sign
self.hash = hashlib.sha3_256(self.render(domain).encode()).hexdigest()
data = sign_credential(
self.render(domain),
self.issuer_did.get_key_material()
)
valid, reason = verify_credential(data)
key = self.issuer_did.get_key_material()
credential = self.render(domain)
vc = sign(credential, key, self.issuer_did.did)
vc_str = json.dumps(vc)
valid = verify_vc(vc_str)
if not valid:
return
self.data = self.user.encrypt_data(data)
self.data = self.user.encrypt_data(vc_str)
self.status = self.Status.ISSUED
@ -761,7 +772,7 @@ class VerificableCredential(models.Model):
tmpl = get_template(template_name)
d = json.loads(tmpl.render({}))
self.type = d.get('type')[-1]
def filter_dict(self, dic):
new_dict = OrderedDict()
@ -788,7 +799,7 @@ class File_datas(models.Model):
class Membership(models.Model):
"""
This model represent the relation of this user with the ecosystem.
This model represent the relation of this user with the ecosystem.
"""
class Types(models.IntegerChoices):
BENEFICIARY = 1, _('Beneficiary')
@ -838,7 +849,7 @@ class Service(models.Model):
if self.rol.exists():
return ", ".join([x.name for x in self.rol.order_by("name")])
return _("None")
def __str__(self):
return "{} -> {}".format(self.domain, self.get_roles())

132
idhub/templates/credentials/course-credential.json
View File

@ -1,71 +1,71 @@
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://idhub.pangea.org/credentials/base/v1",
"https://idhub.pangea.org/credentials/course-credential/v1"
],
"id": "{{ vc_id }}",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"CourseCredential"
],
"issuer": {
"id": "{{ issuer_did }}",
"name": "{{ organisation }}"
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://idhub.pangea.org/context/base.jsonld",
"https://idhub.pangea.org/context/course-credential.jsonld"
],
"id": "{{ vc_id }}",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"CourseCredential"
],
"issuer": {
"id": "{{ issuer_did }}",
"name": "{{ organisation }}"
},
"issuanceDate": "{{ issuance_date }}",
"validFrom": "{{ issuance_date }}",
"validUntil": "{{ validUntil }}",
"name": [
{
"value": "NGO Course Credential for participants",
"lang": "en"
},
"issuanceDate": "{{ issuance_date }}",
"validFrom": "{{ issuance_date }}",
"validUntil": "{{ validUntil }}",
"name": [
{
"value": "NGO Course Credential for participants",
"lang": "en"
},
{
"value": "Credencial per participants d'un curs impartit per una ONG",
"lang": "ca_ES"
},
{
"value": "Credencial para participantes de un curso impartido por una ONG",
"lang": "es"
}
],
"description": [
{
"value": "A NGO Course Credential Schema awarded by a NGO federation and their NGO members, as proposed by Lafede.cat",
"lang": "en"
}
],
"credentialSubject": {
"id": "{{ subject_did }}",
"firstName": "{{ firstName }}",
"lastName": "{{ lastName }}",
"email": "{{ email }}",
"personalIdentifier": "{{ personalIdentifier }}",
"issuedDate": "{{ issuedDate }}",
"modeOfInstruction": "{{ modeOfInstruction }}",
"courseDuration": "{{ courseDuration }}",
"courseDays": "{{ courseDays }}",
"courseName": "{{ courseName }}",
"courseDescription": "{{ courseDescription }}",
"gradingScheme": "{{ gradingScheme }}",
"scoreAwarded": "{{ scoreAwarded }}",
"qualificationAwarded": "{{ qualificationAwarded }}",
"courseLevel": "{{ courseLevel }}",
"courseFramework": "{{ courseFramework }}",
"courseCredits": "{{ courseCredits }}",
"dateOfAssessment": "{{ dateOfAssessment }}",
"evidenceAssessment": "{{ evidenceAssessment }}"
{
"value": "Credencial per participants d'un curs impartit per una ONG",
"lang": "ca_ES"
},
"credentialStatus": {
"id": "{{ credential_status_id}}",
"type": "RevocationBitmap2022",
"revocationBitmapIndex": "{{ id_credential }}"
},
"credentialSchema": {
"id": "https://idhub.pangea.org/vc_schemas/course-credential.json",
"type": "FullJsonSchemaValidator2021"
{
"value": "Credencial para participantes de un curso impartido por una ONG",
"lang": "es"
}
}
],
"description": [
{
"value": "A NGO Course Credential Schema awarded by a NGO federation and their NGO members, as proposed by Lafede.cat",
"lang": "en"
}
],
"credentialSubject": {
"id": "{{ subject_did }}",
"firstName": "{{ firstName }}",
"lastName": "{{ lastName }}",
"email": "{{ email }}",
"personalIdentifier": "{{ personalIdentifier }}",
"issuedDate": "{{ issuedDate }}",
"modeOfInstruction": "{{ modeOfInstruction }}",
"courseDuration": "{{ courseDuration }}",
"courseDays": "{{ courseDays }}",
"courseName": "{{ courseName }}",
"courseDescription": "{{ courseDescription }}",
"gradingScheme": "{{ gradingScheme }}",
"scoreAwarded": "{{ scoreAwarded }}",
"qualificationAwarded": "{{ qualificationAwarded }}",
"courseLevel": "{{ courseLevel }}",
"courseFramework": "{{ courseFramework }}",
"courseCredits": "{{ courseCredits }}",
"dateOfAssessment": "{{ dateOfAssessment }}",
"evidenceAssessment": "{{ evidenceAssessment }}"
},
"credentialStatus": {
"id": "{{ credential_status_id}}",
"type": "RevocationBitmap2022",
"revocationBitmapIndex": "{{ id_credential }}"
},
"credentialSchema": {
"id": "https://idhub.pangea.org/vc_schemas/course-credential.json",
"type": "FullJsonSchemaValidator2021"
}
}

124
idhub/templates/credentials/e-operator-claim.json
View File

@ -1,67 +1,67 @@
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://idhub.pangea.org/credentials/base/v1",
"https://idhub.pangea.org/credentials/e-operator-claim/v1"
],
"id": "{{ vc_id }}",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"EOperatorClaim"
],
"issuer": {
"id": "{{ issuer_did }}",
"name": "{{ organisation }}"
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://idhub.pangea.org/context/base.jsonld",
"https://idhub.pangea.org/context/e-operator-claim.jsonld"
],
"id": "{{ vc_id }}",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"EOperatorClaim"
],
"issuer": {
"id": "{{ issuer_did }}",
"name": "{{ organisation }}"
},
"issuanceDate": "{{ issuance_date }}",
"validFrom": "{{ issuance_date }}",
"validUntil": "{{ validUntil }}",
"name": [
{
"value": "Product and waste electronics operator claim",
"lang": "en"
},
"issuanceDate": "{{ issuance_date }}",
"validFrom": "{{ issuance_date }}",
"validUntil": "{{ validUntil }}",
"name": [
{
"value": "Product and waste electronics operator claim",
"lang": "en"
},
{
"value": "Declaració d'operador de productes i residus electrònics",
"lang": "ca_ES"
},
{
"value": "Declaración de operador de productos y residuos electrónicos",
"lang": "es"
}
],
"description": [
{
"value": "Credential for e-product and e-waste operator claim",
"lang": "en"
},
{
"value": "Credencial per operador de productes i residus electrònics",
"lang": "ca_ES"
},
{
"value": "Credencial para operador de productos y residuos electrónicos",
"lang": "es"
}
],
"credentialSubject": {
"id": "{{ subject_did }}",
"legalName": "{{ legalName }}",
"accreditedBy": "{{ accreditedBy }}",
"operatorNumber": "{{ operatorNumber }}",
"limitJurisdiction": "{{ limitJurisdiction }}",
"accreditedFor": "{{ accreditedFor }}",
"role": "{{ role }}",
"email": "{{ email }}"
{
"value": "Declaració d'operador de productes i residus electrònics",
"lang": "ca_ES"
},
"credentialStatus": {
"id": "{{ credential_status_id}}",
"type": "RevocationBitmap2022",
"revocationBitmapIndex": "{{ id_credential }}"
},
"credentialSchema": {
"id": "https://idhub.pangea.org/vc_schemas/federation-membership.json",
"type": "FullJsonSchemaValidator2021"
{
"value": "Declaración de operador de productos y residuos electrónicos",
"lang": "es"
}
],
"description": [
{
"value": "Credential for e-product and e-waste operator claim",
"lang": "en"
},
{
"value": "Credencial per operador de productes i residus electrònics",
"lang": "ca_ES"
},
{
"value": "Credencial para operador de productos y residuos electrónicos",
"lang": "es"
}
],
"credentialSubject": {
"id": "{{ subject_did }}",
"legalName": "{{ legalName }}",
"accreditedBy": "{{ accreditedBy }}",
"operatorNumber": "{{ operatorNumber }}",
"limitJurisdiction": "{{ limitJurisdiction }}",
"accreditedFor": "{{ accreditedFor }}",
"role": "{{ role }}",
"email": "{{ email }}"
},
"credentialStatus": {
"id": "{{ credential_status_id}}",
"type": "RevocationBitmap2022",
"revocationBitmapIndex": "{{ id_credential }}"
},
"credentialSchema": {
"id": "https://idhub.pangea.org/vc_schemas/federation-membership.json",
"type": "FullJsonSchemaValidator2021"
}
}

146
idhub/templates/credentials/federation-membership.json
View File

@ -1,78 +1,78 @@
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://idhub.pangea.org/credentials/base/v1",
"https://idhub.pangea.org/credentials/federation-membership/v1"
],
"id": "{{ vc_id }}",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"FederationMembership"
],
"issuer": {
"id": "{{ issuer_did }}",
"name": "{{ organisation }}"
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://idhub.pangea.org/context/base.jsonld",
"https://idhub.pangea.org/context/federation-membership.jsonld"
],
"id": "{{ vc_id }}",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"FederationMembership"
],
"issuer": {
"id": "{{ issuer_did }}",
"name": "{{ organisation }}"
},
"issuanceDate": "{{ issuance_date }}",
"validFrom": "{{ issuance_date }}",
"validUntil": "{{ validUntil }}",
"name": [
{
"value": "NGO federation membership attestation credential",
"lang": "en"
},
"issuanceDate": "{{ issuance_date }}",
"validFrom": "{{ issuance_date }}",
"validUntil": "{{ validUntil }}",
"name": [
{
"value": "NGO federation membership attestation credential",
"lang": "en"
},
{
"value": "Credencial d'atestat de pertinença a federació d'ONG",
"lang": "ca_ES"
},
{
"value": "Credencial de atestado de membresía de Federación de ONG",
"lang": "es"
}
],
"description": [
{
"value": "Credential for NGOs that are members of a NGO federation",
"lang": "en"
},
{
"value": "Credencial para ONG que son miembros de una federación de ONG",
"lang": "es"
},
{
"value": "Credencial per a les ONG que són membres d'una federació d'ONG",
"lang": "ca_ES"
}
],
"credentialSubject": {
"id": "{{ subject_did }}",
"federation": "{{ federation }}",
"legalName": "{{ legalName }}",
"shortName": "{{ shortName }}",
"registrationIdentifier": "{{ registrationIdentifier }}",
"publicRegistry": "{{ publicRegistry }}",
"streetAddress": "{{ streetAddress }}",
"postCode": "{{ postCode }}",
"city": "{{ city }}",
"taxReference": "{{ taxReference }}",
"membershipType": "{{ membershipType }}",
"membershipStatus": "{{ membershipStatus }}",
"membershipId": "{{ membershipId }}",
"membershipSince": "{{ membershipSince }}",
"email": "{{ email }}",
"phone": "{{ phone }}",
"website": "{{ website }}",
"evidence": "{{ evidence }}",
"certificationDate": "{{ certificationDate }}"
{
"value": "Credencial d'atestat de pertinença a federació d'ONG",
"lang": "ca_ES"
},
"credentialStatus": {
"id": "{{ credential_status_id}}",
"type": "RevocationBitmap2022",
"revocationBitmapIndex": "{{ id_credential }}"
},
"credentialSchema": {
"id": "https://idhub.pangea.org/vc_schemas/federation-membership.json",
"type": "FullJsonSchemaValidator2021"
{
"value": "Credencial de atestado de membresía de Federación de ONG",
"lang": "es"
}
],
"description": [
{
"value": "Credential for NGOs that are members of a NGO federation",
"lang": "en"
},
{
"value": "Credencial para ONG que son miembros de una federación de ONG",
"lang": "es"
},
{
"value": "Credencial per a les ONG que són membres d'una federació d'ONG",
"lang": "ca_ES"
}
],
"credentialSubject": {
"id": "{{ subject_did }}",
"federation": "{{ federation }}",
"legalName": "{{ legalName }}",
"shortName": "{{ shortName }}",
"registrationIdentifier": "{{ registrationIdentifier }}",
"publicRegistry": "{{ publicRegistry }}",
"streetAddress": "{{ streetAddress }}",
"postCode": "{{ postCode }}",
"city": "{{ city }}",
"taxReference": "{{ taxReference }}",
"membershipType": "{{ membershipType }}",
"membershipStatus": "{{ membershipStatus }}",
"membershipId": "{{ membershipId }}",
"membershipSince": "{{ membershipSince }}",
"email": "{{ email }}",
"phone": "{{ phone }}",
"website": "{{ website }}",
"evidence": "{{ evidence }}",
"certificationDate": "{{ certificationDate }}"
},
"credentialStatus": {
"id": "{{ credential_status_id}}",
"type": "RevocationBitmap2022",
"revocationBitmapIndex": "{{ id_credential }}"
},
"credentialSchema": {
"id": "https://idhub.pangea.org/vc_schemas/federation-membership.json",
"type": "FullJsonSchemaValidator2021"
}
}

4
idhub/templates/credentials/financial-vulnerability.json
View File

@ -1,8 +1,8 @@
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://idhub.pangea.org/credentials/base/v1",
"https://idhub.pangea.org/credentials/financial-vulnerability/v1"
"https://idhub.pangea.org/context/base.jsonld",
"https://idhub.pangea.org/context/financial-vulnerability.jsonld"
],
"id": "{{ vc_id }}",
"type": [

4
idhub/templates/credentials/membership-card.json
View File

@ -1,8 +1,8 @@
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://idhub.pangea.org/credentials/base/v1",
"https://idhub.pangea.org/credentials/membership-card/v1"
"https://idhub.pangea.org/context/base.jsonld",
"https://idhub.pangea.org/context/membership-card.jsonld"
],
"type": [
"VerifiableCredential",

4
idhub/urls.py
View File

@ -21,7 +21,7 @@ from .views import (
LoginView,
PasswordResetView,
PasswordResetConfirmView,
serve_did,
ServeDidView,
DobleFactorSendView,
)
from .admin import views as views_admin
@ -183,7 +183,7 @@ urlpatterns = [
name='admin_2fauth'),
path('admin/auth/2f/', DobleFactorSendView.as_view(), name='confirm_send_2f'),
path('did-registry/<str:did_id>/did.json', serve_did)
path('did-registry/<str:did_id>/did.json', ServeDidView, name="serve_did")
# path('verification_portal/verify/', views_verification_portal.verify,
# name="verification_portal_verify")

2
idhub/views.py
View File

@ -90,7 +90,7 @@ class PasswordResetView(auth_views.PasswordResetView):
return HttpResponseRedirect(self.success_url)
def serve_did(request, did_id):
def ServeDidView(request, did_id):
domain = settings.DOMAIN
id_did = f'did:web:{domain}:did-registry:{did_id}'
did = get_object_or_404(DID, did=id_did)

15
oidc4vp/forms.py
View File

@ -1,11 +1,12 @@
import json
import uuid
from django import forms
from django.template.loader import get_template
from django.utils.translation import gettext_lazy as _
from django.core.exceptions import ValidationError
from utils.idhub_ssikit import create_verifiable_presentation
from pyvckit.sign import sign
from idhub.models import VerificableCredential
@ -72,13 +73,19 @@ class AuthorizeForm(forms.Form):
def get_verificable_presentation(self):
did = self.subject_did
vc_list = [json.loads(x) for x in self.list_credentials]
vp_template = get_template('credentials/verifiable_presentation.json')
vc_list = json.dumps([json.loads(x) for x in self.list_credentials])
context = {
"holder_did": did.did,
"verifiable_credential_list": vc_list
"id": str(uuid.uuid4())
}
unsigned_vp = vp_template.render(context)
vp = json.loads(unsigned_vp)
vp["verifiableCredential"] = vc_list
vp_str = json.dumps(vp)
key_material = did.get_key_material()
self.vp = create_verifiable_presentation(key_material, unsigned_vp)
vp = sign(vp_str, key_material, did.did)
self.vp = json.dumps(vp)

19
oidc4vp/models.py
View File

@ -12,7 +12,7 @@ from django.http import QueryDict
from django.utils.translation import gettext_lazy as _
from idhub_auth.models import User
from django.db import models
from utils.idhub_ssikit import verify_presentation
from pyvckit.verify import verify_vp
SALT_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
@ -22,7 +22,7 @@ def gen_salt(length: int) -> str:
"""Generate a random string of SALT_CHARS with specified ``length``."""
if length <= 0:
raise ValueError("Salt length must be positive")
return "".join(secrets.choice(SALT_CHARS) for _ in range(length))
@ -48,7 +48,7 @@ class Organization(models.Model):
For use the packages requests we need use my_client_id
For use in the get or post method of a View, then we need use client_id
and secret_id.
main is a field which indicates the organization of this idhub
main is a field which indicates the organization of this idhub
"""
name = models.CharField(max_length=250)
domain = models.CharField(max_length=250, null=True, default=None)
@ -130,7 +130,7 @@ class Organization(models.Model):
sb = secret.SecretBox(sb_key)
if not isinstance(data, bytes):
data = data.encode('utf-8')
return base64.b64encode(sb.encrypt(data)).decode('utf-8')
def get_salt(self):
@ -173,7 +173,7 @@ class Organization(models.Model):
sb = secret.SecretBox(sb_key)
if not isinstance(data, bytes):
data = data.encode('utf-8')
encrypted_data = base64.b64encode(sb.encrypt(data)).decode('utf-8')
self.encrypted_sensitive_data = encrypted_data
@ -261,7 +261,7 @@ class OAuth2VPToken(models.Model):
def __init__(self, *args, **kwargs):
code = kwargs.pop("code", None)
super().__init__(*args, **kwargs)
self.authorization = Authorization.objects.filter(code=code).first()
@property
@ -271,7 +271,7 @@ class OAuth2VPToken(models.Model):
return self.authorization.code
def verifing(self):
self.result_verify = verify_presentation(self.vp_token)
self.result_verify = verify_vp(self.vp_token)
def get_result_verify(self):
if not self.result_verify:
@ -284,11 +284,10 @@ class OAuth2VPToken(models.Model):
"redirect_uri": "",
"response": "",
}
verification = json.loads(self.result_verify)
if verification.get('errors') or verification.get('warnings'):
if not self.result_verify:
response["verify"] = "Error, {}".format(_("Failed verification"))
return response
response["verify"] = "Ok, {}".format(_("Correct verification"))
url = self.get_redirect_url()
if url:

4
oidc4vp/templates/credentials/verifiable_presentation.json
View File

@ -2,10 +2,10 @@
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"id": "http://example.org/presentations/3731",
"id": "{{ id }}",
"type": [
"VerifiablePresentation"
],
"holder": "{{ holder_did }}",
"verifiableCredential": {{ verifiable_credential_list|safe }}
"verifiableCredential": ""
}

6
oidc4vp/views.py
View File

@ -174,11 +174,7 @@ class VerifyView(View):
"""
Send a email when a user is activated.
"""
verification = self.vp_token.get_result_verify()
if not verification:
return
if verification.get('errors') or verification.get('warnings'):
if not self.vp_token.result_verify:
return
email = self.get_email(user)

17
promotion/forms.py
View File

@ -1,14 +1,6 @@
import json
import requests
from django import forms
from django.conf import settings
from django.template.loader import get_template
from django.utils.translation import gettext_lazy as _
from django.core.exceptions import ValidationError
from utils.idhub_ssikit import create_verifiable_presentation
from oidc4vp.models import Organization, Authorization
from promotion.models import Promotion
@ -25,7 +17,7 @@ class WalletForm(forms.Form):
self.fields['organization'].choices = [
(x.id, x.name) for x in Organization.objects.exclude(
domain=settings.DOMAIN
)
)
]
def save(self, commit=True):
@ -51,10 +43,10 @@ class WalletForm(forms.Form):
self.promotion.save()
return self.authorization.authorize()
return
return
class ContractForm(forms.Form):
nif = forms.CharField()
name = forms.CharField()
@ -66,4 +58,3 @@ class ContractForm(forms.Form):
birthday = forms.CharField()
gen = forms.CharField()
lang = forms.CharField()

2
requirements.txt
View File

@ -30,7 +30,7 @@ weasyprint==60.2
ujson==5.9.0
openpyxl==3.1.2
jsonpath_ng==1.6.1
./didkit-0.3.2-cp311-cp311-manylinux_2_34_x86_64.whl
pyroaring==0.4.5
coverage==7.4.3
gunicorn==21.2.0
pyvckit

73
utils/idhub_ssikit/README.md
View File

@ -1,73 +0,0 @@
# Helper routines to manage DIDs/VC/VPs
This module is a wrapper around the functions exported by SpruceID's `DIDKit` framework.
## DID generation and storage
For now DIDs are of the kind `did:key`, with planned support for `did:web` in the near future.
Creation of a DID involves two steps:
* Generate a unique DID controller key
* Derive a `did:key` type from the key
Both must be stored in the IdHub database and linked to a `User` for later retrieval.
```python
# Use case: generate and link a new DID for an existing user
user = request.user # ...
controller_key = idhub_ssikit.generate_did_controller_key()
did_string = idhub_ssikit.keydid_from_controller_key(controller_key)
did = idhub.models.DID(
did = did_string,
user = user
)
did_controller_key = idhub.models.DIDControllerKey(
key_material = controller_key,
owner_did = did
)
did.save()
did_controller_key.save()
```
## Verifiable Credential issuance
Verifiable Credential templates are stored as Jinja2 (TBD) templates in `/schemas` folder. Please examine each template to see what data must be passed to it in order to render.
The data passed to the template must at a minimum include:
* issuer_did
* subject_did
* vc_id
For example, in order to render `/schemas/member-credential.json`:
```python
from jinja2 import Environment, FileSystemLoader, select_autoescape
import idhub_ssikit
env = Environment(
loader=FileSystemLoader("vc_templates"),
autoescape=select_autoescape()
)
unsigned_vc_template = env.get_template("member-credential.json")
issuer_user = request.user
issuer_did = user.dids[0] # TODO: Django ORM pseudocode
issuer_did_controller_key = did.keys[0] # TODO: Django ORM pseudocode
data = {
"vc_id": "http://pangea.org/credentials/3731",
"issuer_did": issuer_did,
"subject_did": "did:web:[...]",
"issuance_date": "2020-08-19T21:41:50Z",
"subject_is_member_of": "Pangea"
}
signed_credential = idhub_ssikit.render_and_sign_credential(
unsigned_vc_template,
issuer_did_controller_key,
data
)
```

15
utils/idhub_ssikit/TENANT_CFG_TEMPLATE
View File

@ -1,15 +0,0 @@
{
"issuerApiUrl": "http://localhost:8080/issuer-api/default",
"issuerClientName": "PANGEA Issuer Portal",
"issuerDid": null,
"issuerUiUrl": "http://localhost:5000",
"wallets": {
"walt.id": {
"description": "walt.id web wallet",
"id": "walt.id",
"presentPath": "api/siop/initiatePresentation",
"receivePath": "api/siop/initiateIssuance",
"url": "http://localhost:3000"
}
}
}

184
utils/idhub_ssikit/__init__.py
View File

@ -1,184 +0,0 @@
import asyncio
import base64
import datetime
import zlib
from ast import literal_eval
import didkit
import json
import urllib
import jinja2
from django.template.backends.django import Template
from django.template.loader import get_template
from pyroaring import BitMap
from trustchain_idhub import settings
def generate_did_controller_key():
return didkit.generate_ed25519_key()
def keydid_from_controller_key(key):
return didkit.key_to_did("key", key)
def resolve_did(keydid):
async def inner():
return await didkit.resolve_did(keydid, "{}")
return asyncio.run(inner())
def webdid_from_controller_key(key, domain):
"""
Se siguen los pasos para generar un webdid a partir de un keydid.
Documentado en la docu de spruceid.
"""
keydid = keydid_from_controller_key(key) # "did:key:<...>"
pubkeyid = keydid.rsplit(":")[-1] # <...>
document = json.loads(resolve_did(keydid)) # Documento DID en terminos "key"
# domain = urllib.parse.urlencode({"domain": settings.DOMAIN})[7:]
webdid_url = f"did:web:{domain}:did-registry:{pubkeyid}" # nueva URL: "did:web:idhub.pangea.org:<...>"
webdid_url_owner = webdid_url + "#owner"
# Reemplazamos los campos del documento DID necesarios:
document["id"] = webdid_url
document["verificationMethod"][0]["id"] = webdid_url_owner
document["verificationMethod"][0]["controller"] = webdid_url
document["authentication"][0] = webdid_url_owner
document["assertionMethod"][0] = webdid_url_owner
document_fixed_serialized = json.dumps(document)
return webdid_url, document_fixed_serialized
def generate_generic_vc_id():
# TODO agree on a system for Verifiable Credential IDs
return "https://pangea.org/credentials/42"
def render_and_sign_credential(vc_template: jinja2.Template, jwk_issuer, vc_data: dict[str, str]):
"""
Populates a VC template with data for issuance, and signs the result with the provided key.
The `vc_data` parameter must at a minimum include:
* issuer_did
* subject_did
* vc_id
and must include whatever other fields are relevant for the vc_template to be instantiated.
The following field(s) will be auto-generated if not passed in `vc_data`:
* issuance_date (to `datetime.datetime.now()`)
"""
async def inner():
unsigned_vc = vc_template.render(vc_data)
signed_vc = await didkit.issue_credential(
unsigned_vc,
'{"proofFormat": "ldp"}',
jwk_issuer
)
return signed_vc
if vc_data.get("issuance_date") is None:
vc_data["issuance_date"] = datetime.datetime.now().replace(microsecond=0).isoformat()
return asyncio.run(inner())
def sign_credential(unsigned_vc: str, jwk_issuer):
"""
Signs the unsigned credential with the provided key.
The credential template must be rendered with all user data.
"""
async def inner():
signed_vc = await didkit.issue_credential(
unsigned_vc,
'{"proofFormat": "ldp"}',
jwk_issuer
)
return signed_vc
return asyncio.run(inner())
def verify_credential(vc):
"""
Returns a (bool, str) tuple indicating whether the credential is valid.
If the boolean is true, the credential is valid and the second argument can be ignored.
If it is false, the VC is invalid and the second argument contains a JSON object with further information.
"""
async def inner():
str_res = await didkit.verify_credential(vc, '{"proofFormat": "ldp"}')
res = literal_eval(str_res)
ok = res["warnings"] == [] and res["errors"] == []
return ok, str_res
valid, reason = asyncio.run(inner())
if not valid:
return valid, reason
# Credential passes basic signature verification. Now check it against its schema.
# TODO: check agasint schema
# pass
# Credential verifies against its schema. Now check revocation status.
vc = json.loads(vc)
if "credentialStatus" in vc:
revocation_index = int(vc["credentialStatus"]["revocationBitmapIndex"]) # NOTE: THIS FIELD SHOULD BE SERIALIZED AS AN INTEGER, BUT IOTA DOCUMENTAITON SERIALIZES IT AS A STRING. DEFENSIVE CAST ADDED JUST IN CASE.
vc_issuer = vc["issuer"]["id"] # This is a DID
if vc_issuer[:7] == "did:web": # Only DID:WEB can revoke
issuer_did_document = json.loads(resolve_did(vc_issuer)) # TODO: implement a caching layer so we don't have to fetch the DID (and thus the revocation list) every time a VC is validated.
issuer_revocation_list = issuer_did_document["service"][0]
assert issuer_revocation_list["type"] == "RevocationBitmap2022"
revocation_bitmap = BitMap.deserialize(
zlib.decompress(
base64.b64decode(
issuer_revocation_list["serviceEndpoint"].rsplit(",")[1].encode('utf-8')
)
)
)
if revocation_index in revocation_bitmap:
return False, "Credential has been revoked by the issuer"
# Fallthrough means all is good.
return True, "Credential passes all checks"
def issue_verifiable_presentation(vp_template: Template, vc_list: list[str], jwk_holder: str, holder_did: str) -> str:
async def inner():
unsigned_vp = vp_template.render(data)
signed_vp = await didkit.issue_presentation(
unsigned_vp,
'{"proofFormat": "ldp"}',
jwk_holder
)
return signed_vp
data = {
"holder_did": holder_did,
"verifiable_credential_list": "[" + ",".join(vc_list) + "]"
}
return asyncio.run(inner())
def create_verifiable_presentation(jwk_holder: str, unsigned_vp: str) -> str:
async def inner():
signed_vp = await didkit.issue_presentation(
unsigned_vp,
'{"proofFormat": "ldp"}',
jwk_holder
)
return signed_vp
return asyncio.run(inner())
def verify_presentation(vp):
"""
Returns a (bool, str) tuple indicating whether the credential is valid.
If the boolean is true, the credential is valid and the second argument can be ignored.
If it is false, the VC is invalid and the second argument contains a JSON object with further information.
"""
async def inner():
proof_options = '{"proofFormat": "ldp"}'
return await didkit.verify_presentation(vp, proof_options)
return asyncio.run(inner())