def download_http_cert(endpoint): """ Scarica i certificati root e sub CA dall'endpoint :param endpoint: url del certificato da scaricare :return: restituisce il certificato scaricato """ cert = None try: r = requests.get(endpoint) if r.status_code == 200: try: cert = crypto.load_certificate(crypto.FILETYPE_ASN1, r.content) except: cert = crypto.load_certificate(crypto.FILETYPE_PEM, r.content) else: LOG.error('Errore durante il download della CRL con endpoint = {}'. format(endpoint), extra=set_client_ip()) except Exception as e: LOG.error( 'Eccezione durante il download della CRL con endpoint = {}'.format( endpoint), extra=set_client_ip()) LOG.error(str(e), extra=set_client_ip()) return cert
def init_county(request, file='province.csv'): """ Popola le province :param request: request :param file: file province in formato csv :return: JsonResponse con statusCode """ try: table = AddressMunicipality.objects.all() if table: table.delete() table = AddressCity.objects.all() if table: table.delete() with open(os.path.join(settings.DATA_FILES_PATH, file), encoding='utf-8') as csv_file: reader = csv.DictReader(csv_file, delimiter=';', skipinitialspace=True) sa = '' for row in reader: if sa != row["Sigla automobilistica"]: sa = row["Sigla automobilistica"] ac = AddressCity(name=row["Città"], code=row["Sigla automobilistica"]) ac.save() return JsonResponse({'statusCode': StatusCode.OK.value}) except Exception as e: ype, value, tb = sys.exc_info() LOG.error("Exception: {}".format(str(e)), extra=set_client_ip(request)) LOG.error('exception_value = %s, value = %s' % (value, type,), extra=set_client_ip(request)) LOG.error('tb = %s' % traceback.format_exception(type, value, tb), extra=set_client_ip(request)) return JsonResponse({'statusCode': StatusCode.BAD_REQUEST.value})
def init_user(request): """ Popola la tabella ruoli, inserisce il primo operatore e imposta il token di verifica a True :param request :return: JsonResponse con statusCode """ try: response_role = populate_role() response_op = create_first_operator(request) if response_op and response_role: if request.session['activation_token']: vms = VerifyMail.objects.filter(token=request.session['activation_token']).last() vms.isVerified = True vms.save() return JsonResponse({'statusCode': StatusCode.OK.value}) LOG.error("Errore durante la verifica dell'operatore activation_token") return JsonResponse({'statusCode': StatusCode.ERROR.value}) else: LOG.error("Errore durante il popolamento tabella ruoli operatori") return JsonResponse({'statusCode': StatusCode.ERROR.value}) except Exception as e: ype, value, tb = sys.exc_info() LOG.error("Exception: {}".format(str(e)), extra=set_client_ip(request)) LOG.error('exception_value = %s, value = %s' % (value, type,), extra=set_client_ip(request)) LOG.error('tb = %s' % traceback.format_exception(type, value, tb), extra=set_client_ip(request)) return JsonResponse({'statusCode': StatusCode.BAD_REQUEST.value})
def necessary_data_check(): """ Verifica se i dati necessari al corretto funzionamento sono già in tabella :return: True/False """ try: table = AddressNation.objects.all() if not table: return False table = AddressCity.objects.all() if not table: return False table = AddressMunicipality.objects.all() if not table: return False table = Role.objects.all() if not table: return False return True except Exception as e: ype, value, tb = sys.exc_info() LOG.error("Exception: {}".format(str(e)), extra=set_client_ip()) LOG.error('exception_value = %s, value = %s' % (value, type,), extra=set_client_ip()) LOG.error('tb = %s' % traceback.format_exception(type, value, tb), extra=set_client_ip()) return False
def init_nation(request, file='nazioni.csv'): """ Popola la tabella delle nazioni :param request: :param file: file nazioni in formato csv :return: JsonResponse con statusCode """ try: table = AddressNation.objects.all() if table: table.delete() with open(os.path.join(settings.DATA_FILES_PATH, file), encoding='utf-8') as csv_file: reader = csv.DictReader(csv_file, delimiter=';', skipinitialspace=True) for row in reader: if row["Denominazione IT"] == '': continue code = row["Codice AT"] if row["Codice AT"] != 'n.d.' else "Z998" an = AddressNation(name=row["Denominazione IT"], code=code if row["Denominazione IT"] != 'Italia' else "Z000", lettersCode=row["Codice ISO 3166 alpha3"]) an.save() return JsonResponse({'statusCode': StatusCode.OK.value}) except Exception as e: ype, value, tb = sys.exc_info() LOG.error("Exception: {}".format(str(e)), extra=set_client_ip(request)) LOG.error('exception_value = %s, value = %s' % (value, type,), extra=set_client_ip(request)) LOG.error('tb = %s' % traceback.format_exception(type, value, tb), extra=set_client_ip(request)) return JsonResponse({'statusCode': StatusCode.BAD_REQUEST.value})
def _download_http_crl(endpoint, key_identifier): """ :param endpoint: url della crl :param key_identifier: chiave identificativa dell'issuer del certificato :return: """ crl_dest = make_crl_store_path(endpoint, key_identifier) + ".crl" crl_meta_dest = make_crl_store_path(endpoint, key_identifier) + ".txt" try: r = requests.get(endpoint) if r.status_code == 200: try: crl = crypto.load_crl(crypto.FILETYPE_PEM, r.content) except: crl_x509 = x509.load_der_x509_crl(r.content, default_backend()) crl = crypto.CRL.from_cryptography(crl_x509) with open(crl_dest, 'w') as f: f.write(crypto.dump_crl(crypto.FILETYPE_PEM, crl).decode()) with open(crl_meta_dest, 'w') as f: f.write(endpoint) else: LOG.error('Errore durante il download della CRL con endpoint = {}'. format(endpoint), extra=set_client_ip()) except Exception as e: LOG.error( 'Eccezione durante il download della CRL con key_identifier = {}'. format(key_identifier), extra=set_client_ip()) LOG.error("Exception: {}".format(str(e)), extra=set_client_ip())
def init_prefix(request, file='prefissi.csv', encoding='utf-8'): """ Popola i prefissi sulla tabella delle nazioni :param request: request :param file: file prefissi in formato csv :param encoding: default 'utf-8' :return: JsonResponse con statusCode """ try: with open(os.path.join(settings.DATA_FILES_PATH, file), encoding='utf-8') as csv_file: reader = csv.DictReader(csv_file, delimiter=';', skipinitialspace=True) for row in reader: try: an = AddressNation.objects.filter(name=row['Nazione']).first() if an: an.prefix = row['Prefisso'] an.save() except Exception as e: LOG.error("Exception: {}".format(str(e)), extra=set_client_ip(request)) return JsonResponse({'statusCode': StatusCode.OK.value}) except Exception as e: ype, value, tb = sys.exc_info() LOG.error("Exception: {}".format(str(e)), extra=set_client_ip(request)) LOG.error('exception_value = %s, value = %s' % (value, type,), extra=set_client_ip(request)) LOG.error('tb = %s' % traceback.format_exception(type, value, tb), extra=set_client_ip(request)) return JsonResponse({'statusCode': StatusCode.BAD_REQUEST.value})
def init_municipality(request, file='ANPR_archivio_comuni.csv'): """ Popola i comuni :param request: request :param file: file comuni in formato csv :return: JsonResponse con statusCode """ try: with open(os.path.join(settings.DATA_FILES_PATH, file), encoding='utf-8') as csv_file: reader = csv.DictReader(csv_file, delimiter=',', skipinitialspace=True) buffer = [] mun_name = '' prov_sigla = '' for row in reader: try: ac = AddressCity.objects.filter( code=row['SIGLAPROVINCIA']).first() if not ac: ac = AddressCity(name=row['SIGLAPROVINCIA'], code=row['SIGLAPROVINCIA']) ac.save() if mun_name == row[ "DENOMINAZIONE_IT"] and prov_sigla == row[ 'SIGLAPROVINCIA']: am = buffer.pop() am.dateEnd = row['DATACESSAZIONE'].strip() else: am = AddressMunicipality( name=row["DENOMINAZIONE_IT"], code=row["CODCATASTALE"], dateStart=row['DATAISTITUZIONE'].strip(), dateEnd=row['DATACESSAZIONE'].strip(), city=ac) buffer.append(am) mun_name = row["DENOMINAZIONE_IT"] prov_sigla = row["SIGLAPROVINCIA"] except Exception as e: LOG.error("Exception: {}".format(str(e)), extra=set_client_ip(request)) AddressMunicipality.objects.bulk_create(buffer) return JsonResponse({'statusCode': StatusCode.OK.value}) except Exception as e: ype, value, tb = sys.exc_info() LOG.error("Exception: {}".format(str(e)), extra=set_client_ip(request)) LOG.error('exception_value = %s, value = %s' % ( value, type, ), extra=set_client_ip(request)) LOG.error('tb = %s' % traceback.format_exception(type, value, tb), extra=set_client_ip(request)) return JsonResponse({'statusCode': StatusCode.BAD_REQUEST.value})
def init_settings_rao(rao_name, issuer_code, rao_email, rao_host, rao_pwd, email_crypto_type, email_port, smtp_mail_from=""): """ Popola la tabella impostazioni del RAO :param rao_name: nome visualizzato sul template :param issuer_code: codice identificativo IPA :param rao_email: nome di chi invia l'email :param rao_host: host dell'email :param rao_pwd: password dell'email :param email_crypto_type: tipo di Crittografia (Nessuna/TLS/SSL) :param email_port: porta in uscita :param smtp_mail_from: :return: True/False """ try: password = None if rao_pwd: password = agency.utils.utils.encrypt_data(rao_pwd, settings.SECRET_KEY_ENC) entry_rao = SettingsRAO.objects.first() if not entry_rao: entry_rao = SettingsRAO(name=rao_name, issuerCode=issuer_code, username=rao_email, host=rao_host, password=password, port=email_port, crypto=email_crypto_type, email=smtp_mail_from) else: entry_rao.name = rao_name entry_rao.issuerCode = issuer_code entry_rao.email = smtp_mail_from entry_rao.username = rao_email entry_rao.host = rao_host entry_rao.password = password entry_rao.port = email_port entry_rao.crypto = email_crypto_type entry_rao.save() return True except Exception as e: ype, value, tb = sys.exc_info() LOG.error("Exception: {}".format(str(e)), extra=set_client_ip()) LOG.error('exception_value = %s, value = %s' % ( value, type, ), extra=set_client_ip()) LOG.error('tb = %s' % traceback.format_exception(type, value, tb), extra=set_client_ip()) return False
def get_crl_endpoint(certificate_policies): """ Recupera il primo endpoint per il download della CRL :param certificate_policies: Policy contente i punti di distribuzione CRL :return: String """ for crl_point in certificate_policies: crl_endpoint = crl_point.full_name[0].value if 'ldap' not in crl_endpoint and isinstance(crl_endpoint, str): return crl_endpoint LOG.error('Nessun endpoint trovato.', extra=set_client_ip()) return None
def configuration_check(): """ Verifica se è stata già eseguita la configurazione :return: True/False """ try: table = Operator.objects.all() if not table: return False table = SettingsRAO.objects.all() if not table: return False return True except Exception as e: LOG.error("Exception: {}".format(str(e)), extra=set_client_ip()) return False
def check_expiration_certificate(cert_string): """ :param cert_string: :return: """ try: certificate = x509.load_pem_x509_certificate(cert_string.encode(), default_backend()) if certificate.not_valid_after > datetime.datetime.now( ) > certificate.not_valid_before: return True except Exception as e: LOG.warning('Errore su check_expiration_certificate: {}'.format( str(e)), extra=set_client_ip()) return False
def verify_policy_certificate(cert_string): """ Verifica la presenza degli oid nel certificato :param cert_string: stringa del certificato, in formato PEM, da esaminare :return: """ try: cert = x509.load_pem_x509_certificate(cert_string.encode(), default_backend()) certificate_policies = cert.extensions.get_extension_for_oid( ExtensionOID.CERTIFICATE_POLICIES).value for p in certificate_policies: if p.policy_identifier.dotted_string in POLICY_OID: qualifiers = p.policy_qualifiers for qualifier in qualifiers: if isinstance(qualifier, UserNotice): return True return False return False except Exception as e: LOG.warning('Errore su check_certificate: {}'.format(str(e)), extra=set_client_ip()) return False
def onCall(request, *args, **kwargs): try: if check_db_not_altered(): return function(request, *args, **kwargs) else: LOG.error("Errore in decorator only_one_admin il db è stato alterato.", extra=set_client_ip(request)) params = { 'rao': get_attributes_RAO(), } return render(request, settings.TEMPLATE_URL_AGENCY + 'error.html', {"statusCode": StatusCode.EXC.value, 'params': params, "message": "Abbiamo rilevato un problema con l’amministratore del sistema. Contatta l’assistenza tecnica."}) except Exception as e: LOG.error("Errore in decorator only_one_admin: {}".format(str(e)), extra=set_client_ip(request)) return redirect(settings.LOGIN_URL)
def verify_certificate_chain(cert_string): """ Verifica la CRL del certificato :param cert_string: stringa del certificato, in formato PEM, da esaminare :return: StatusCode """ try: certificate = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string.encode()) cert_x509 = x509.load_pem_x509_certificate(cert_string.encode(), default_backend()) except Exception as e: LOG.warning(str(e), extra=set_client_ip()) return StatusCode.ERROR.value try: store = crypto.X509Store() store.set_flags(crypto.X509StoreFlags.CRL_CHECK) for tag in list(CertRef): cer = download_http_cert(tag.value) if cer: try: store.add_cert(cer) except: pass try: aki_bin = cert_x509.extensions.get_extension_for_oid( ExtensionOID.AUTHORITY_KEY_IDENTIFIER).value.key_identifier aki = format_ki(aki_bin) certificate_policies = cert_x509.extensions.get_extension_for_oid( ExtensionOID.CRL_DISTRIBUTION_POINTS).value except x509.extensions.ExtensionNotFound: LOG.warning(cert_string) return StatusCode.NOT_FOUND.value crl_uri = get_crl_endpoint(certificate_policies) if crl_uri is None: LOG.warning( 'Impossibile stabilire endpoint per CRL con aki = {}'.format( aki), extra=set_client_ip()) return StatusCode.NOT_FOUND.value crl_latest = make_crl_store_path(crl_uri, aki) + ".crl" if not exists_crl(crl_uri, aki): download_crl(crl_uri, aki) with open(crl_latest) as f: crl_content = f.read() crl = x509.load_pem_x509_crl(crl_content.encode(), default_backend()) crl_crypto = crypto.CRL.from_cryptography(crl) if crl.next_update < datetime.datetime.now(): download_crl(crl_uri, aki) crl = x509.load_pem_x509_crl(crl_content.encode(), default_backend()) crl_crypto = crypto.CRL.from_cryptography(crl) store.set_flags(crypto.X509StoreFlags.CRL_CHECK) store.add_crl(crl_crypto) store_ctx = crypto.X509StoreContext(store, certificate) store_ctx.verify_certificate() return StatusCode.OK.value except Exception as e: type, value, tb = sys.exc_info() LOG.error(e, extra=set_client_ip()) LOG.error('exception_value = {0}, value = {1}'.format( str(value), str(type)), extra=set_client_ip()) LOG.error('tb = {}'.format(traceback.format_exception(type, value, tb)), extra=set_client_ip()) return StatusCode.EXC.value
def onCall(request, *args, **kwargs): try: token = str(request.path) token = token.split("/")[-2] params = signing.loads(token, max_age=3600) if (not 'is_authenticated' in request.session) or (not request.session['is_authenticated']): return redirect(settings.LOGIN_URL) if (not 'username' in params) or (not params['username']): return HttpResponseRedirect(reverse('agency:logout_agency')) if (not 'username' in request.session) or (not request.session['username']): return HttpResponseRedirect(reverse('agency:logout_agency')) if not params['username'] == request.session['username']: return HttpResponseRedirect(reverse('agency:logout_agency')) return function(request, *args, **kwargs) except Exception as e: LOG.error("Errore in decorator login_required: {}".format(str(e)), extra=set_client_ip(request)) return HttpResponseRedirect(reverse('agency:logout_agency'))
def signed_token(user, op_username, pin): """ Creazione token_sigillato :param user: dict contenente i dati dell'utente :param op_username: username dell'operatore :param pin: pin dell'operatore :return: dict con statusCode, token e passphrase """ creation_time = datetime.datetime.utcnow() expiration_time = creation_time + datetime.timedelta(days=30) rao = SettingsRAO.objects.last() request_identity = IdentityRequest.objects.filter( fiscalNumberUser=user['fiscalNumber']).order_by( 'timestamp_identification').last() token_to_update = TokenUser.objects.get( uuid_token_user=request_identity.token.uuid_token_user) userToken = user_token(calendar.timegm(creation_time.utctimetuple()), user, rao, request_identity) if token_to_update: token_to_update.token_user = userToken['encryptedData'] token_to_update.save() b64_issuer_code = base64.b64encode(rao.issuerCode.encode()) b64_issuer_internal_reference = base64.b64encode( user['id_operator'].encode()) merge_iss = b64_issuer_code.decode( "utf-8") + "." + b64_issuer_internal_reference.decode("utf-8") payload = { "iss": merge_iss, "sub": str(request_identity.uuid_identity), "jti": str(request_identity.token.uuid_token_user), "iat": calendar.timegm(creation_time.utctimetuple()), "exp": calendar.timegm(expiration_time.utctimetuple()), "fiscalNumber": user['fiscalNumber'], "encryptedData": userToken['encryptedData'] } tokenSigillato = None try: dict_signature = sign_token_api(op_username, payload, pin) if dict_signature: if type(dict_signature) == int: obj = {"statusCode": dict_signature} return obj b64_signature = dict_signature.get("sign") x5c = dict_signature.get("cert") alg = dict_signature.get("alg") headers = {'typ': "JWT", 'alg': alg, 'x5c': [x5c]} b64_all = base64.urlsafe_b64encode(json.dumps(headers).encode()).decode().rstrip("=") + "." + \ base64.urlsafe_b64encode(json.dumps(payload).encode()).decode().rstrip("=") tokenSigillato = b64_all + "." + b64_signature else: obj = {"statusCode": StatusCode.ERROR.value} return obj except Exception as e: LOG.error("Exception: {}".format(str(e)), extra=set_client_ip()) obj = {"statusCode": StatusCode.EXC.value} return obj obj = { "statusCode": StatusCode.OK.value, "token_sigillato": tokenSigillato, "passphrase": userToken['passphrase'] } return obj
def onCall(request, *args, **kwargs): try: token = str(request.path) token = token.split("/")[-2] params = signing.loads(token, max_age=3600) if not is_admin(params['username']): return function(request, *args, **kwargs) else: LOG.error("Errore in decorator operator_required non sei utente Operator", extra=set_client_ip(request)) return HttpResponseRedirect(reverse('agency:list_identity', kwargs={'t', token})) except Exception as e: LOG.error("Errore in decorator operator_required: {}".format(str(e)), extra=set_client_ip(request)) return redirect(settings.LOGIN_URL)