Merge pull request #95 from italia/dev

fix: resolve statement endpoint and trust chain on missing final metata
italia · Mar 9, 2022 · 7cfa8d7 · 7cfa8d7
2 parents 98f3402 + e1d8f5c
commit 7cfa8d7
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 15 deletions.
diff --git a/spid_cie_oidc/__init__.py b/spid_cie_oidc/__init__.py
@@ -1 +1 @@
-__version__ = "0.4.3"
+__version__ = "0.4.4"
diff --git a/spid_cie_oidc/authority/views.py b/spid_cie_oidc/authority/views.py
@@ -12,6 +12,10 @@
 from spid_cie_oidc.entity.settings import HTTPC_PARAMS
 from spid_cie_oidc.entity.trust_chain_operations import get_or_create_trust_chain
 
+import logging
+
+logger = logging.getLogger(__name__)
+
 
 def fetch(request):
  if request.GET.get("iss"):
@@ -80,24 +84,42 @@ def resolve_entity_statement(request, format: str = "jose"):
  else:
  iss = get_first_self_trust_anchor()
 
- _q = dict(sub=request.GET["sub"], trust_anchor__sub=request.GET["anchor"])
- if request.GET.get("type", None):
- _q["type"] = request.GET["type"]
+ _q = dict(
+ sub=request.GET["sub"], 
+ trust_anchor__sub=request.GET["anchor"],
+ is_active=True
+ )
+ entity = TrustChain.objects.filter(**_q)
 
- entity = TrustChain.objects.filter(**_q).first()
- if entity and not entity.is_active:
+ if not entity:
  raise Http404("entity not found.")
- else:
- get_or_create_trust_chain(
+ elif entity and request.GET.get("type", None):
+ _q["type"] = request.GET["type"]
+ typed_entity = entity.filter(type=request.GET["type"]).first()
+ if not typed_entity:
+ logger.warning(
+ f'Resolve statement endpoint not found for {request.GET["sub"]} '
+ f'with metadata_type {request.GET["type"]}.'
+ )
+ raise Http404("entity metadata type not found.")
+ else:
+ entity = typed_entity
+
+ try:
+ tc_data = dict(
  httpc_params=HTTPC_PARAMS,
  # TODO
  # required_trust_marks = [],
  subject=_q["sub"],
- trust_anchor=_q["trust_anchor__sub"],
+ trust_anchor=_q["trust_anchor__sub"]
+ )
+ if _q.get('type', None):
+ tc_data["metadata_type"] = _q['type']
+ entity = get_or_create_trust_chain(**tc_data)
+ except Exception as e:
+ logger.error(
+ f"Failed Trust Chain on resolve statement endpoint: {e}"
  )
- entity = TrustChain.objects.filter(**_q).first()
-
- if not entity:
  raise Http404("entity not found.")
 
  res = {
@@ -106,7 +128,7 @@ def resolve_entity_statement(request, format: str = "jose"):
  # "aud": [],
  "iat": entity.iat_as_timestamp,
  "exp": entity.exp_as_timestamp,
- "trust_marks": [],
+ "trust_marks": entity.trust_marks,
  "metadata": entity.metadata,
  }
 

diff --git a/spid_cie_oidc/entity/exceptions.py b/spid_cie_oidc/entity/exceptions.py
@@ -45,5 +45,9 @@ class InvalidTrustchain(ValidationError):
  pass
 
 
+class TrustchainMissingMetadata(ValidationError):
+ pass
+
+
 class InvalidEntityConfiguration(ValidationError):
  pass
diff --git a/spid_cie_oidc/entity/trust_chain_operations.py b/spid_cie_oidc/entity/trust_chain_operations.py
@@ -2,7 +2,7 @@
 
 from typing import Union
 
-from .exceptions import InvalidTrustchain
+from .exceptions import InvalidTrustchain, TrustchainMissingMetadata
 from .models import FetchedEntityStatement, TrustChain
 from .statements import EntityConfiguration, get_entity_configurations
 from .settings import HTTPC_PARAMS
@@ -161,13 +161,19 @@ def get_or_create_trust_chain(
  subject=subject,
  trust_anchor=ta_conf,
  required_trust_marks=required_trust_marks,
- metadata_type=metadata_type,
+ metadata_type=metadata_type
  )
  if not trust_chain or not trust_chain.is_valid:
  raise InvalidTrustchain(
  f"Trust chain for subject {subject} and "
  f"trust_anchor {trust_anchor} is not valid"
  )
+ elif not trust_chain.final_metadata:
+ raise TrustchainMissingMetadata(
+ f"Trust chain for subject {subject} and "
+ f"trust_anchor {trust_anchor} doesn't have any "
+ f"metadata of type '{metadata_type}'"
+ )
  dumps_statements_from_trust_chain_to_db(trust_chain)
 
  tc = TrustChain.objects.filter(