Merge pull request #43 from niscy-eudiw/hackathon-dresden

Hackathon dresden

Dockerfile

@@ -0,0 +1,40 @@
+FROM ubuntu:22.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y \
+    python3.10 \
+    python3.10-venv \
+    python3.10-dev \
+    python3-pip \
+    git \
+    gcc \
+    build-essential \
+    libssl-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+COPY app/requirements.txt /app/
+
+RUN mkdir -p /etc/eudiw/pid-issuer/cert/
+
+RUN mkdir -p /etc/eudiw/pid-issuer/privkey/
+
+COPY app/private/certs/ /etc/eudiw/pid-issuer/cert/
+
+COPY app/private/privkeys/ /etc/eudiw/pid-issuer/privkey/
+
+RUN pip3 install --no-cache-dir -r requirements.txt
+
+COPY . /app
+
+ENV REQUESTS_CA_BUNDLE=app/cert.pem
+
+EXPOSE 5000
+
+ENV FLASK_APP=app
+ENV FLASK_RUN_PORT=5000
+ENV FLASK_RUN_HOST=0.0.0.0
+
+CMD ["flask", "run", "--cert=app/cert.pem", "--key=app/key.pem"]

README.md

@@ -1,3 +1,18 @@
+
+----
+
+# NOTICE
+
+:heavy_exclamation_mark: This is a development version provided for the POTENTIAL LSP hackathon in Dresden.
+
+Changes in the configuration process:
+
++ You must copy your IACA trusted certificate(s) (in PEM format) to the trusted_CAs_path folder - you can use the [example test IACA certificate for country Utopia (UT)](api_docs/test_tokens/IACA-token/PIDIssuerCAUThackathon.cacert.pem) -.
+
++ You can use the [example test private DS keys and certificates, for country Utopia (UT)](api_docs/test_tokens/DS-token/PID-DS-hackathon.zip) - the password of the example test private DS keys is b"123456".
+
+----
+
 # EUDIW Issuer
 
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)

api_docs/test_tokens/IACA-token/PIDIssuerCAUThackathon.cacert.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAo2gAwIBAgIUPQnDe9TMdWxD5EU/hKgW8OfMiP8wCgYIKoZIzj0EAwIw
+XDElMCMGA1UEAwwcUElEIElzc3VlciBDQSAtIFVUIGhhY2thdGhvbjEmMCQGA1UE
+CgwdRVVESSBSZWZlcmVuY2UgSW1wbGVtZW50YXRpb24xCzAJBgNVBAYTAlVUMB4X
+DTI0MDgyMzE4MDYyNFoXDTMzMTExOTE4MDYyM1owXDElMCMGA1UEAwwcUElEIElz
+c3VlciBDQSAtIFVUIGhhY2thdGhvbjEmMCQGA1UECgwdRVVESSBSZWZlcmVuY2Ug
+SW1wbGVtZW50YXRpb24xCzAJBgNVBAYTAlVUMFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEsNAL6wdUuFOxlI5A0seZjknuRvUNbPOoMtwWiXtdOOqaxRob5IYUF6g4
+n3riCwj6cjEgKF7IZzk82GnlyeZWBKOCASswggEnMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwHwYDVR0jBBgwFoAUQeybFcEY/LhCJLGM+A+hxxfmseQwFgYDVR0lAQH/BAww
+CgYIK4ECAgAAAQcwSgYDVR0fBEMwQTA/oD2gO4Y5aHR0cHM6Ly9wcmVwcm9kLnBr
+aS5ldWRpdy5kZXYvY3JsL3BpZF9DQV9VVF9oYWNrYXRob24uY3JsMB0GA1UdDgQW
+BBRB7JsVwRj8uEIksYz4D6HHF+ax5DAOBgNVHQ8BAf8EBAMCAQYwXQYDVR0SBFYw
+VIZSaHR0cHM6Ly9naXRodWIuY29tL2V1LWRpZ2l0YWwtaWRlbnRpdHktd2FsbGV0
+L2FyY2hpdGVjdHVyZS1hbmQtcmVmZXJlbmNlLWZyYW1ld29yazAKBggqhkjOPQQD
+AgNIADBFAiEA9mTTG2Id/2cxLO+mr1Q8sKB48ldrL2QfpFPbyFgVsZkCIHlCHaoR
+CdJ9i7MTuracg4VRH69ius0DSvxFYJCfTpy+
+-----END CERTIFICATE-----

app/app_config/config_countries.py

@@ -70,6 +70,29 @@ class ConfCountries:
                 "eu.europa.ec.eudi.loyalty_mdoc",
                 "eu.europa.ec.eudi.pseudonym_over18_mdoc",
                 "eu.europa.ec.eudi.pseudonym_over18_mdoc_deferred_endpoint",
+                "eu.europa.ec.eudi.photoid",
+                "eu.europa.ec.eudi.por_mdoc",
+                "eu.europa.ec.eudi.iban_mdoc",
+                "eu.europa.ec.eudi.hiid_mdoc",
+                "eu.europa.ec.eudi.tax_mdoc",
+                "eu.europa.ec.eudi.msisdn_mdoc",
+            ],
+            "dynamic_R2": cfgserv.service_url + "dynamic/form_R2",
+        },
+        "sample": {
+            "name": "Sample",
+            "pid_url": cfgserv.service_url + "pid/form",
+            "pid_mdoc_privkey": "/etc/eudiw/pid-issuer/privkey/PID-DS-0001_UT.pem",
+            # "pid_mdoc_privkey": 'app\certs\PID-DS-0001_UT.pem',
+            "pid_mdoc_privkey_passwd": None,  # None or bytes
+            "pid_mdoc_cert": "/etc/eudiw/pid-issuer/cert/PID-DS-0001_UT_cert.der",
+            "qeaa_func": cfgserv.service_url + "V04/qeaa/form",
+            "un_distinguishing_sign": "FC",
+            "supported_credentials": [
+                "eu.europa.ec.eudi.pid_mdoc",
+                "eu.europa.ec.eudi.pid_jwt_vc_json",
+                "eu.europa.ec.eudi.mdl_jwt_vc_json",
+                "eu.europa.ec.eudi.mdl_mdoc",
             ],
             "dynamic_R2": cfgserv.service_url + "dynamic/form_R2",
         },
@@ -202,3 +225,4 @@ class ConfCountries:
             "dynamic_R2": cfgserv.service_url + "eidasnode/dynamic_R2",
         },
     }
+

app/app_config/config_service.py

@@ -34,9 +34,9 @@ class ConfService:
     # ------------------------------------------------------------------------------------------------
     # PID issuer service URL
     # service_url = "https://preprod.issuer.eudiw.dev:4443/"
-    service_url = "https://issuer.eudiw.dev/"
+    # service_url = "https://issuer.eudiw.dev/"
     # service_url = "https://127.0.0.1:5000/"
-    # service_url = "https://dev.issuer.eudiw.dev/"
+    service_url = "https://dev.issuer.eudiw.dev/"
 
     wallet_test_url = "https://dev.tester.issuer.eudiw.dev/"
 
@@ -271,6 +271,43 @@ class ConfService:
             "validity": qeaa_validity,
             "organization_name": "Test QEAA issuer",
             "namespace": "org.iso.23220.2.photoid.1",
+        },
+        "eu.europa.ec.eudi.por.1": {
+            "issuing_authority": "Test QEAA issuer",
+            "organization_id": pid_organization_id,
+            "validity": qeaa_validity,
+            "organization_name": "Test QEAA issuer",
+            "namespace": "eu.europa.ec.eudi.por.1",
+        },
+        "eu.europa.ec.eudi.iban.1": {
+            "issuing_authority": "Test QEAA issuer",
+            "organization_id": pid_organization_id,
+            "validity": qeaa_validity,
+            "organization_name": "Test QEAA issuer",
+            "namespace": "eu.europa.ec.eudi.iban.1",
+        },
+        "eu.europa.ec.eudi.hiid.1": {
+            "issuing_authority": "Test QEAA issuer",
+            "organization_id": pid_organization_id,
+            "validity": qeaa_validity,
+            "organization_name": "Test QEAA issuer",
+            "namespace": "eu.europa.ec.eudi.hiid.1",
+        },
+        "eu.europa.ec.eudi.tax.1": {
+            "issuing_authority": "Test QEAA issuer",
+            "organization_id": pid_organization_id,
+            "validity": qeaa_validity,
+            "organization_name": "Test QEAA issuer",
+            "namespace": "eu.europa.ec.eudi.tax.1",
+            "credential_type": "Tax Number"
+        },
+        "eu.europa.ec.eudi.msisdn.1": {
+            "issuing_authority": "Test QEAA issuer",
+            "organization_id": pid_organization_id,
+            "validity": qeaa_validity,
+            "organization_name": "Test QEAA issuer",
+            "namespace": "eu.europa.ec.eudi.msisdn.1",
+            "credential_type": "MSISDN",
         }
 
     }
@@ -279,6 +316,11 @@ class ConfService:
         "PID_login": [
             "eu.europa.ec.eudi.pseudonym_over18_mdoc",
             "eu.europa.ec.eudi.pseudonym_over18_mdoc_deferred_endpoint",
+            "eu.europa.ec.eudi.por_mdoc",
+            "eu.europa.ec.eudi.iban_mdoc",
+            "eu.europa.ec.eudi.hiid_mdoc",
+            "eu.europa.ec.eudi.tax_mdoc",
+            "eu.europa.ec.eudi.msisdn_mdoc",
         ],
         "country_selection": [
             "eu.europa.ec.eudi.loyalty_mdoc",
@@ -289,6 +331,11 @@ class ConfService:
             "eu.europa.ec.eudi.pseudonym_over18_mdoc",
             "eu.europa.ec.eudi.pseudonym_over18_mdoc_deferred_endpoint",
             "eu.europa.ec.eudi.photoid",
+            "eu.europa.ec.eudi.por_mdoc",
+            "eu.europa.ec.eudi.iban_mdoc",
+            "eu.europa.ec.eudi.hiid_mdoc",
+            "eu.europa.ec.eudi.tax_mdoc",
+            "eu.europa.ec.eudi.msisdn_mdoc",
         ],
     }
 
@@ -348,7 +395,7 @@ class ConfService:
     # ------------------------------------------------------------------------------------------------
     # LOGS
 
-    log_dir = "/tmp/log"
+    log_dir = "/tmp/log_dev"
     # log_dir = "../../log"
     log_file_info = "logs.log"
 

app/app_config/oid_config.json

@@ -32,8 +32,8 @@
       }
     }
   },
-  "port": 5000,
-  "domain": "issuer.eudiw.dev",
+  "port": 6000,
+  "domain": "dev.issuer.eudiw.dev",
   "server_name": "{domain}",
   "base_url": "https://{domain}",
   "op": {
@@ -363,7 +363,7 @@
     "server_key": "certs/client.key",
     "ca_bundle": null,
     "verify_user": false,
-    "port": 5000,
+    "port": 6000,
     "domain": "issuer.eudiw.dev",
     "debug": true
   }

app/data_management.py

@@ -33,6 +33,36 @@
 deferredRequests = {}
 oid4vp_requests = {}
 form_dynamic_data = {}
+session_ids = {}
+
+
+def getSessionId_requestUri(target_request_uri):
+    matching_session_id = None
+    for session_id, session_data in session_ids.items():
+
+        if "request_uri" in session_data and session_data["request_uri"] == target_request_uri:
+            matching_session_id = session_id
+            break
+
+    return matching_session_id
+
+def getSessionId_authCode(target_authCode):
+    matching_session_id = None
+    for session_id, session_data in session_ids.items():
+        if "auth_code" in session_data and session_data["auth_code"] == target_authCode:
+            matching_session_id = session_id
+            break
+
+    return matching_session_id
+
+def getSessionId_accessToken(target_accessToken):
+    matching_session_id = None
+    for session_id, session_data in session_ids.items():
+        if "access_token" in session_data and session_data["access_token"] == target_accessToken:
+            matching_session_id = session_id
+            break
+
+    return matching_session_id
 
 ################################################
 ## To be moved to a file with scheduled jobs
@@ -85,16 +115,20 @@ def clear_par():
 
     for code in transaction_codes.copy():
         if datetime.now() > transaction_codes[code]["expires"]:
-            cfgservice.logger_info.info("Current transaction_codes:\n" + str(transaction_codes))
+            #cfgservice.logger_info.info("Current transaction_codes:\n" + str(transaction_codes))
             cfgservice.logger_info.info("Removing tx_code for code: " + str(code))
             transaction_codes.pop(code)
 
     for id in oid4vp_requests.copy():
         if datetime.now() > oid4vp_requests[id]["expires"]:
-            cfgservice.logger_info.info("Current oid4vp_requests:\n" + str(oid4vp_requests))
+            #cfgservice.logger_info.info("Current oid4vp_requests:\n" + str(oid4vp_requests))
             cfgservice.logger_info.info("Removing oid4vp_requests with id: " + str(id))
             oid4vp_requests.pop(id)
-
+
+    for id in session_ids.copy():
+        if datetime.now() > session_ids[id]["expires"]:
+            cfgservice.logger_info.info("Removing session id: " + str(id))
+            session_ids.pop(id)
 
     """Function to clear app.config['data']"""
     aux = []

app/dynamic_func.py

@@ -134,6 +134,9 @@ def formatter(data, un_distinguishing_sign, doctype, format):
             data.update({"issue_date": today.strftime("%Y-%m-%d")})
             data.update({"expiry_date": expiry.strftime("%Y-%m-%d")})
             data.update({"issuing_authority": doctype_config["issuing_authority"]})
+            if "credential_type" in doctype_config:
+                data.update({"credential_type":doctype_config["credential_type"] })
+
 
             if "driving_privileges" in attributes_req:
                 json_priv = json.loads(data["driving_privileges"])