RFC 100 compliance

.github/README.md

@@ -0,0 +1,36 @@
+This is a test fork of the [Python-based EUDIW
+issuer](https://github.com/eu-digital-identity-wallet/eudi-srv-web-issuing-eudiw-py/),
+aiming to ease local test deployments.
+
+## Requirements
+
+This setup assumes two devices (one Android, one Linux).
+
+## Set up
+
+### This repo (issuer)
+
+1. Switch to branch "local-deploy-v2".
+
+2. Run `./setup-issuer.sh` to setup the issuer (e.g., set up virtual
+   environment, install dependencies, generate self-signed certificate
+   bound to the local host IP).
+
+4. Run `./run-issuer.sh` to spin up the issuer server.
+
+### Android wallet
+
+1. Clone [the Android app fork](https://github.com/gfour/eudi-app-android-wallet-ui)
+   and switch to branch "local-deploy".
+
+3. Run the issuer as above
+
+4. Build the Android app (`./gradlew assembleDevDebug` or through Android Studio) and deploy
+   it to the connected Android device (`adb install path/to/app.apk`).
+
+## Use
+
+1. Linux device: choose a credential type to issue (`https://<IP>:5000/credential_offer_choice`)
+   and continue to generate a QR code for a credential.
+
+2. Scan the QR code with the Android app. When prompted, use the Form Country (FC).

.gitignore

@@ -203,3 +203,18 @@ app/tests/output.xml
 app/tests/output.xml
 app/tests/report.html
 log
+
+# IP file
+.config.ip
+
+# Local keys, regenerated on server startup
+app/static/jwks.json
+app/private/cookie_jwks.json
+
+# vim swap files
+*.sw*
+
+
+*.pem
+
+.idea/

app/app_config/config_countries.py

@@ -36,10 +36,10 @@ class ConfCountries:
         "EU": {
             "name": "nodeEU",
             "pid_url_oidc": cfgserv.service_url + "eidasnode/lightrequest?country=EU",
-            "pid_mdoc_privkey": "/etc/eudiw/pid-issuer/privKey/PID-DS-0001_EU.pem",
+            "pid_mdoc_privkey": "/etc/eudiw/pid-issuer/privKey/PID-DS-0002.cert.der",
             # "pid_mdoc_privkey": 'app\certs\PID-DS-0001_EU.pem',
-            "pid_mdoc_privkey_passwd": None,  # None or bytes,
-            "pid_mdoc_cert": "/etc/eudiw/pid-issuer/cert/PID-DS-0001_EU_cert.der",
+            "pid_mdoc_privkey_passwd": b"pid-ds-0002",  # None or bytes,
+            "pid_mdoc_cert": "/etc/eudiw/pid-issuer/cert/PID-DS-0002.pid-ds-0002.key.pem",
             "loa": "http://eidas.europa.eu/LoA/high",
             "supported_credentials": [
                 "eu.europa.ec.eudi.pid_mdoc",
@@ -56,11 +56,14 @@ class ConfCountries:
         formCountry: {
             "name": "FormEU",
             "pid_url": cfgserv.service_url + "pid/form",
-            "pid_mdoc_privkey": "/etc/eudiw/pid-issuer/privKey/PID-DS-0001_UT.pem",
+            "pid_mdoc_privkey": "/etc/eudiw/pid-issuer/privKey/PID-DS-0002.pid-ds-0002.key.pem",
+            # "pid_mdoc_privkey": "/etc/eudiw/pid-issuer/privKey/PID-DS-0001_UT.pem",
             # "pid_mdoc_privkey": "/etc/eudiw/pid-issuer/privKey/hackathon-DS-0001_UT.pem",
             # "pid_mdoc_privkey": 'app\certs\PID-DS-0001_UT.pem',
-            "pid_mdoc_privkey_passwd": None,  # None or bytes
-            "pid_mdoc_cert": "/etc/eudiw/pid-issuer/cert/PID-DS-0001_UT_cert.der",
+            # "pid_mdoc_privkey_passwd": None,  # None or bytes
+            "pid_mdoc_privkey_passwd": b"pid-ds-0002",  # None or bytes
+            "pid_mdoc_cert": "/etc/eudiw/pid-issuer/cert/PID-DS-0002.cert.der",
+            # "pid_mdoc_cert": "/etc/eudiw/pid-issuer/cert/PID-DS-0001_UT_cert.der",
             # "pid_mdoc_cert": "/etc/eudiw/pid-issuer/cert/hackathon-DS-0001_UT_cert.der",
             "un_distinguishing_sign": "FC",
             "supported_credentials": [

app/data_management.py

@@ -108,7 +108,7 @@ def clear_par():
                 request_data = json.dumps(request_data)
                 request_headers = deferredRequests[req]["headers"]
 
-                response = requests.post(cfgservice.service_url+"credential", data=request_data, headers=request_headers)
+                response = requests.post(cfgservice.service_url+"credential", data=request_data, headers=request_headers, verify=False)
                 response_data = response.json()
 
                 if response.status_code == 200:

app/formatter_func.py

@@ -144,7 +144,7 @@ def mdocFormatter(data, doctype, country, device_publickey):
         'X-Api-Key': revocation_api_key
         }
 
-        response = requests.get(cfgservice.revocation_service_url, headers=headers, data=payload)
+        response = requests.get(cfgservice.revocation_service_url, headers=headers, data=payload, verify=False)
 
         if response.status_code == 200:
             revocation_json = response.json()
@@ -241,7 +241,7 @@ def sdjwtFormatter(PID, country):
         'X-Api-Key': revocation_api_key
         }
 
-        response = requests.get(cfgservice.revocation_service_url, headers=headers, data=payload)
+        response = requests.get(cfgservice.revocation_service_url, headers=headers, data=payload, verify=False)
 
         if response.status_code == 200:
             revocation_json = response.json()

app/metadata_config/credentials_supported/pid_jwt_vc_json.json

@@ -1,6 +1,7 @@
 {
     "eu.europa.ec.eudi.pid_jwt_vc_json": {
     "format": "vc+sd-jwt",
+    "doctype": "eu.europa.ec.eudi.pid.1",
     "scope": "eu.europa.ec.eudi.pid.1",
     "cryptographic_binding_methods_supported": [
       "jwk", "cose_key"

app/metadata_config/metadata_config.json

@@ -1,15 +1,15 @@
 {
-  "credential_issuer": "https://issuer.eudiw.dev",
-  "credential_endpoint": "https://issuer.eudiw.dev/credential",
-  "batch_credential_endpoint": "https://issuer.eudiw.dev/batch_credential",
-  "notification_endpoint": "https://issuer.eudiw.dev/notification",
-  "deferred_credential_endpoint": "https://issuer.eudiw.dev/deferred_credential",
+  "credential_issuer": "https://192.168.2.4:5000",
+  "credential_endpoint": "https://192.168.2.4:5000/credential",
+  "batch_credential_endpoint": "https://192.168.2.4:5000/batch_credential",
+  "notification_endpoint": "https://192.168.2.4:5000/notification",
+  "deferred_credential_endpoint": "https://192.168.2.4:5000/deferred_credential",
   "display": [
     {
     "name": "Digital Credentials Issuer",
     "locale": "en",
     "logo": {
-        "uri": "https://issuer.eudiw.dev/ic-logo.png",
+        "uri": "https://192.168.2.4:5000/ic-logo.png",
         "alt_text": "EU Digital Identity Wallet Logo"
     }
     }

app/metadata_config/oauth-authorization-server.json

@@ -1,22 +1,22 @@
 {
     "issuer":
-        "https://issuer.eudiw.dev",
+        "https://192.168.2.4:5000",
     "authorization_endpoint":
-        "https://issuer.eudiw.dev/authorizationV3",
+        "https://192.168.2.4:5000/authorizationV3",
     "token_endpoint":
-        "https://issuer.eudiw.dev/token",
+        "https://192.168.2.4:5000/token",
     "token_endpoint_auth_methods_supported": 
         ["public"],
     "token_endpoint_auth_signing_alg_values_supported":
         ["ES256"],
     "code_challenge_methods_supported": 
         ["S256"],
     "userinfo_endpoint": 
-        "https://issuer.eudiw.dev/userinfo",
+        "https://192.168.2.4:5000/userinfo",
     "jwks_uri":
-        "https://issuer.eudiw.dev/static/jwks.json",
+        "https://192.168.2.4:5000/static/jwks.json",
     "registration_endpoint":
-        "https://issuer.eudiw.dev/registration",
+        "https://192.168.2.4:5000/registration",
     "scopes_supported": [
         "openid"],
     "response_types_supported":

app/metadata_config/openid-configuration.json

@@ -13,7 +13,7 @@
         "urn:ietf:params:oauth:grant-type:jwt-bearer",
         "refresh_token"
     ],
-    "jwks_uri": "https://issuer.eudiw.dev/static/jwks.json",
+    "jwks_uri": "https://192.168.2.4:5000/static/jwks.json",
     "scopes_supported": [
         "openid"
     ],
@@ -78,13 +78,13 @@
     "code_challenge_methods_supported": [
         "S256"
     ],
-    "issuer": "https://issuer.eudiw.dev",
-    "registration_endpoint": "https://issuer.eudiw.dev/registration",
-    "introspection_endpoint": "https://issuer.eudiw.dev/introspection",
-    "authorization_endpoint": "https://issuer.eudiw.dev/authorizationV3",
-    "token_endpoint": "https://issuer.eudiw.dev/token",
-    "userinfo_endpoint": "https://issuer.eudiw.dev/userinfo",
-    "end_session_endpoint": "https://issuer.eudiw.dev/session",
-    "pushed_authorization_request_endpoint": "https://issuer.eudiw.dev/pushed_authorizationv2",
-    "credential_endpoint": "https://issuer.eudiw.dev/credential"
+    "issuer": "https://192.168.2.4:5000",
+    "registration_endpoint": "https://192.168.2.4:5000/registration",
+    "introspection_endpoint": "https://192.168.2.4:5000/introspection",
+    "authorization_endpoint": "https://192.168.2.4:5000/authorizationV3",
+    "token_endpoint": "https://192.168.2.4:5000/token",
+    "userinfo_endpoint": "https://192.168.2.4:5000/userinfo",
+    "end_session_endpoint": "https://192.168.2.4:5000/session",
+    "pushed_authorization_request_endpoint": "https://192.168.2.4:5000/pushed_authorizationv2",
+    "credential_endpoint": "https://192.168.2.4:5000/credential"
 }

app/redirect_func.py

@@ -77,5 +77,5 @@ def json_post(url_path: str, json: dict):
     Return: Returns the answer to the HTTP POST
     """
     return requests.post(
-        url_path, json=json, headers={"Content-Type": "application/json"}
+        url_path, json=json, headers={"Content-Type": "application/json"}, verify=False
     )

app/requirements.txt

@@ -28,4 +28,6 @@ git+https://github.com/eu-digital-identity-wallet/openid4v.git
 #git+https://github.com/openwallet-foundation-labs/sd-jwt-python.git@9181a0a4514b7de2cc30a84d320b509e9fc5cb59
 git+https://github.com/openwallet-foundation-labs/sd-jwt-python.git@v0.10.4-1
 git+https://github.com/rohe/fedservice.git@a4bef2e3f230f4b07c6ef45e4c8be55778d0561e
-git+https://github.com/rohe/idpy-sdjwt.git@de1715ef89c7f3db5daf3cdc53fec26d6ade03d9
+git+https://github.com/rohe/idpy-sdjwt.git@de1715ef89c7f3db5daf3cdc53fec26d6ade03d9
+https://github.com/wbond/oscrypto/archive/d5f3437ed24257895ae1edd9e503cfb352e635a8.zip
+pudb

app/route_dynamic.py

@@ -266,7 +266,7 @@ def dynamic_R1(country):
         country_data = cfgcountries.supported_countries[country]["oidc_auth"]
 
         metadata_url = country_data["base_url"] + "/.well-known/openid-configuration"
-        metadata_json = requests.get(metadata_url).json()
+        metadata_json = requests.get(metadata_url, verify=False).json()
 
         authorization_endpoint = metadata_json["authorization_endpoint"]
 
@@ -422,7 +422,7 @@ def red():
 
 
     metadata_url = cfgcountries.supported_countries[session["country"]]["oidc_auth"]["base_url"] + "/.well-known/openid-configuration"
-    metadata_json = requests.get(metadata_url).json()
+    metadata_json = requests.get(metadata_url, verify=False).json()
 
     token_endpoint = metadata_json["token_endpoint"]
 
@@ -626,7 +626,7 @@ def dynamic_R2_data_collect(country, user_id):
         url = attribute_request["url"] + user_id
         # headers = attribute_request["header"]
         try:
-            r2 = requests.get(url)
+            r2 = requests.get(url, verify=False)
 
             json_response = r2.json()
             for attribute in json_response:
@@ -653,7 +653,7 @@ def dynamic_R2_data_collect(country, user_id):
             ]
             + "/.well-known/openid-configuration"
         )
-        metadata_json = requests.get(metadata_url).json()
+        metadata_json = requests.get(metadata_url, verify=False).json()
 
         userinfo_endpoint = metadata_json["userinfo_endpoint"]
 
@@ -667,7 +667,7 @@ def dynamic_R2_data_collect(country, user_id):
             headers["Authorization"] = f"Bearer {user_id}"
 
         try:
-            r2 = requests.get(url, headers=headers)
+            r2 = requests.get(url, headers=headers, verify=False)
             json_response = json.loads(r2.text)
             data = json_response
             if (

app/route_formatter.py

@@ -170,8 +170,9 @@ def cborformatter():
             }
         )
 
+    from samples import inject_sample_data
     base64_mdoc = mdocFormatter(
-        request.json["data"],
+        inject_sample_data(request.json),
         request.json["doctype"],
         request.json["country"],
         request.json["device_publickey"],