Skip to content

Commit

Permalink
Working with BCCR Externo
Browse files Browse the repository at this point in the history
  • Loading branch information
@luisza
luisza committed May 22, 2021
1 parent 7f69feb commit db0f287
Show file tree
Hide file tree
Showing 15 changed files with 206 additions and 64 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ WORKDIR /dfva_app
RUN apt-get update && \
apt-get install -y build-essential libssl1.1 libnss3 libssl-dev libffi-dev libnss3-dev
RUN pip install --trusted-host pypi.python.org --no-cache-dir --upgrade pip && \
pip install soapfish2==0.7.0
pip install soapfish2==0.7.1
# Copy the current directory contents into the container at /app

COPY requirements.txt /dfva_app
Expand Down
54 changes: 54 additions & 0 deletions DockerfileReceptorApache
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# Use an official Python runtime as a parent image
FROM python:3.7-buster
ENV PYTHONUNBUFFERED 1

MAINTAINER Luis Zarate @luisza

RUN mkdir -p /dfva_app/
RUN mkdir -p /logs/
RUN mkdir -p /certs/
# Set the working directory to /app
WORKDIR /dfva_app

RUN apt-get update && \
apt-get install -y build-essential libssl1.1 libnss3 libssl-dev libffi-dev libnss3-dev apache2 nano
RUN apt-get --no-install-recommends install cron
RUN pip install --trusted-host pypi.python.org --no-cache-dir --upgrade pip && \
pip install soapfish2==0.7.0
# Copy the current directory contents into the container at /app

COPY requirements.txt /dfva_app
COPY dogtag_requirements.txt /dfva_app

RUN mkdir -p /etc/nginx/certs/
RUN openssl dhparam -out /etc/nginx/certs/dhparam.pem 2048

# Install any needed packages specified in requirements.txt

RUN pip install --trusted-host pypi.python.org --no-cache-dir -r requirements.txt && \
pip install --trusted-host pypi.python.org --no-cache-dir -r dogtag_requirements.txt && \
pip install python-logstash django-elasticsearch-dsl 'elasticsearch-dsl>=5.0,<6.0'
RUN apt-get remove -y build-essential libssl-dev libffi-dev libnss3-dev && \
apt-get -y autoremove && \
apt-get -y clean

ADD src /dfva_app
RUN python manage.py collectstatic --settings=dfva.settings
COPY deploy/receptor_entrypoint.sh /entrypoint.sh
COPY deploy/apache.conf /etc/apache2/sites-enabled/dfva.conf
COPY deploy/update_crl.sh /usr/bin/update_crl.sh

RUN rm /etc/apache2/sites-enabled/000-default.conf
RUN chmod +x /usr/bin/update_crl.sh
RUN sed -i 's/nginx/apache2/g' /usr/bin/update_crl.sh
RUN cp /usr/bin/update_crl.sh /etc/cron.daily/update_crl
RUN sed -i 's/nginx/apache2/g' /entrypoint.sh
RUN mkdir -p /internal_ca
RUN a2enmod ssl && a2enmod proxy && a2enmod proxy_http
RUN sed -i 's/Listen 443/Listen 8443/g' /etc/apache2/ports.conf

VOLUME /internal_ca
STOPSIGNAL SIGQUIT
EXPOSE 8443

ENTRYPOINT ["/entrypoint.sh"]
37 changes: 37 additions & 0 deletions deploy/apache.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

<VirtualHost *:8443>
ServerAdmin sitio@solvosoft.com

ServerName www.firmadigital.solvosoft.com
# ServerAlias www.example.com

LogFormat "%h %{SSL_PROTOCOL}x %{SSL_CIPHER}x %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_S_DN}x\"" combined
ErrorLog /logs/apache_error.log
CustomLog /logs/apache_access.log combined

SSLEngine on
SSLCertificateFile /certs/bccr_agent.pem
SSLCertificateKeyFile /certs/bccr_agent_key.pem

SSLVerifyClient on
SSLVerifyDepth 3
SSLCACertificateFile /certs/ca_nacional_de_CR.pem
SSLCARevocationCheck chain
SSLCARevocationFile /certs/ca_politica_juridica_crl.pem

SSLOCSPEnable leaf
SSLOCSPUseRequestNonce off
SSLOCSPDefaultResponder "http://ocsp.sinpe.fi.cr/ocsp"
SSLOCSPOverrideResponder on
SSLUseStapling on


<location />
Order allow,deny
allow from all
SSLRequire (%{SSL_CLIENT_S_DN} eq "CN=BANCO CENTRAL DE COSTA RICA (AGENTE ELECTRONICO),O=PERSONA JURIDICA,C=CR,serialNumber=CPJ-4-000-004017")
</location>
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
</VirtualHost>
2 changes: 1 addition & 1 deletion deploy/gunicorn_start
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ test -d $RUNDIR || mkdir -p $RUNDIR
# Start your Django Unicorn
# Programs meant to be run under supervisor should not daemonize themselves (do not use --daemon)
exec /home/dfva/environment/bin/gunicorn ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--name $NAME --timeout 180 \
--workers $NUM_WORKERS \
--user=$USER --group=$GROUP \
--bind=unix:$SOCKFILE \
Expand Down
4 changes: 4 additions & 0 deletions deploy/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ server {
ssl_certificate /certs/bccr_agent.pem;
ssl_certificate_key /certs/bccr_agent_key.pem;
ssl_client_certificate /certs/ca_nacional_de_CR.pem;
ssl_crl /certs/ca_politica_juridica_crl.pem;
ssl_stapling_responder http://ocsp.sinpe.fi.cr/ocsp;
ssl_stapling_verify on;
ssl_stapling on;
ssl_verify_client on;
ssl_verify_depth 3;
ssl_dhparam /etc/nginx/certs/dhparam.pem;
Expand Down
2 changes: 1 addition & 1 deletion deploy/receptor_entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ service cron start

gunicorn dfva.wsgi:application \
--name dfva --capture-output \
--bind 127.0.0.1:8000 \
--bind 127.0.0.1:8000 --timeout 180 \
--workers 3 \
--log-level=info \
--log-file=/logs/gunicorn.log \
Expand Down
21 changes: 21 additions & 0 deletions deploy/systemd/ucrfva.systemd
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Copy in /lib/systemd/system
[Unit]
Description=UCR FVA unicorn Servers
After=network.target
After=systemd-user-sessions.service
After=network-online.target

[Service]
User=spark
Type=forking
# change in production and set full path
ExecStart=deploy/gunicorn_start
ExecStop=deploy/gunicorn_stop
TimeoutSec=360
Restart=on-failure
RestartSec=30
StartLimitInterval=350
StartLimitBurst=10

[Install]
WantedBy=multi-user.target
20 changes: 20 additions & 0 deletions deploy/traefik.toml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
defaultEntryPoints = ["http", "https"]

[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/certs/ucrbccr.core.ucr.ac.cr.cert"
keyFile = "/certs/ucrbccr.core.ucr.ac.cr.key"
[[entryPoints.https.tls.certificates]]
certFile = "/certs/firmadigital-dev.ucr.ac.cr.cert"
keyFile = "/certs/firmadigital-dev.ucr.ac.cr.key"
[[entryPoints.https.tls.certificates]]
certFile = "/certs/pki-dbmanager.ucr.ac.cr.cert"
keyFile = "/certs/pki-dbmanager.ucr.ac.cr.key"

6 changes: 3 additions & 3 deletions deploy/update_crl.sh
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
#!/bin/bash

wget -O persona_juridica.crl http://fdi.sinpe.fi.cr/repositorio/CA%20SINPE%20-%20PERSONA%20JURIDICA%20v2(1).crl
wget -O persona_juridica.crl "http://fdi.sinpe.fi.cr/repositorio/CA%20SINPE%20-%20PERSONA%20JURIDICA%20v2(1).crl"

wget --ca-certificate=/certs/ca_nacional_de_CR.pem -O ca_politica_juridica.crl https://www.firmadigital.go.cr/repositorio/CA%20POLITICA%20PERSONA%20JURIDICA%20-%20COSTA%20RICA%20v2.crl
wget --ca-certificate=/certs/ca_nacional_de_CR.pem -O ca_naciona.crl http://www.firmadigital.go.cr/repositorio/CA%20RAIZ%20NACIONAL%20-%20COSTA%20RICA%20v2.crl
wget --ca-certificate=/certs/ca_nacional_de_CR.pem -O ca_politica_juridica.crl "https://www.firmadigital.go.cr/repositorio/CA%20POLITICA%20PERSONA%20JURIDICA%20-%20COSTA%20RICA%20v2.crl"
wget --ca-certificate=/certs/ca_nacional_de_CR.pem -O ca_naciona.crl "http://www.firmadigital.go.cr/repositorio/CA%20RAIZ%20NACIONAL%20-%20COSTA%20RICA%20v2.crl"

openssl crl -in persona_juridica.crl -inform DER -out persona_juridica.pem
openssl crl -in ca_politica_juridica.crl -inform DER -out ca_politica_juridica.pem
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ oscrypto==1.2.1
Pillow==7.2.0
psycopg2-binary==2.8.6
pycryptodome==3.9.8
pyfva==0.0.38
pyfva==0.0.40
pygelf==0.3.6
Pygments==2.7.1
requests==2.24.0
Expand Down
53 changes: 2 additions & 51 deletions src/corebase/validator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
'''
from django.utils import timezone
from rest_framework import serializers
from pyfva.clientes.validador import ClienteValidador
from pyfva.clientes.validadorv2 import ClienteValidador
from corebase.time import parse_datetime
from pyfva.constants import get_text_representation, \
ERRORES_VALIDA_CERTIFICADO,\
Expand Down Expand Up @@ -225,59 +225,10 @@ def call_BCCR(self):
self.time_messages['transaction_success'] = settings.DEFAULT_SUCCESS_BCCR == self.adr.status

self.time_messages['start_save_database'] = timezone.now()
self.adr.validation_data = data
self.adr.save()
self.get_warnings(data['advertencias'])
self.get_found_errors(data['errores_encontrados'])
self.get_signers(data['firmantes'])

def get_signers(self, signers):
"""
Extrae la información de los firmantes del documento
:param signers: Lista de firmantes del documento recibido del BCCR
:return: Nada
"""
if signers is None:
return
for signer in signers:
signerobj = Signer.objects.create(
identification_number=signer['identificacion'],
signature_date=signer['fecha_firma'],
full_name=signer['nombre']
)
self.adr.signers.add(signerobj)

def get_found_errors(self, errors):
"""
Retorna la lista de errores encontrados en el documento

:param errors: Lista datos de error del BCCR
:return: Nada
"""
if errors is None:
return
for error in errors:
error, _ = ErrorFound.objects.get_or_create(
code=error[0],
detail=error[1]
)
self.adr.errors.add(error)

def get_warnings(self, warnings):
"""
Extrae las advertencias del documento de la información obtenida del BCCR
:param warnings: Lista de advertencias del BCCR
:return: Nada
"""
if warnings is None:
return
for warning in warnings:
if warning:
adv, _ = WarningReceived.objects.get_or_create(
description=warning
)
self.adr.warnings.add(adv)

def save(self, **kwargs):
"""
Expand Down
34 changes: 34 additions & 0 deletions src/institution/migrations/0003_auto_20210521_1141.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# Generated by Django 3.1.2 on 2021-05-21 17:41

from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
('institution', '0002_auto_20210408_0816'),
]

operations = [
migrations.RemoveField(
model_name='validatedocumentdatarequest',
name='code',
),
migrations.RemoveField(
model_name='validatedocumentdatarequest',
name='errors',
),
migrations.RemoveField(
model_name='validatedocumentdatarequest',
name='signers',
),
migrations.RemoveField(
model_name='validatedocumentdatarequest',
name='warnings',
),
migrations.AddField(
model_name='validatedocumentdatarequest',
name='validation_data',
field=models.JSONField(blank=True, null=True),
),
]
25 changes: 24 additions & 1 deletion src/institution/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
'''

from dateutil.relativedelta import relativedelta
from django.core.serializers.json import DjangoJSONEncoder
from django.db import models
from django.utils import timezone
from corebase.models import identification_validator, BaseDocument, \
Expand Down Expand Up @@ -296,9 +297,31 @@ class ValidateCertificateRequest(BaseInstitutionRequestModel):
class Meta:
ordering = ('arrived_time',)

class ValidateDocumentDataRequest(BaseDocument):
class ValidateDocumentDataRequest(models.Model):
FORMATS = (
('cofirma', 'CoFirma'),
('contrafirma', 'ContraFirma'),
('msoffice', 'MS Office'),
('odf', 'Open Document Format'),
('pdf', 'PDF')
)

institution = models.ForeignKey(Institution, on_delete=models.CASCADE)
notification_url = models.URLField()
validation_data = models.JSONField(null=True, blank=True, encoder=DjangoJSONEncoder)
#: Formato del documento a validar
format = models.CharField(max_length=15, default='n/d', choices=FORMATS)
#: Hora en la que se recibió la petición por parte del usuario
request_datetime = models.DateTimeField()
status = models.IntegerField(default=0)
#: Traduce el código del status para ser leido por personas
status_text = models.CharField(max_length=256, default='n/d')
#: El documento es válido
was_successfully = models.BooleanField(default=True)
#: Hora en la que se recibe la solicitud de validación (metricas)
arrived_time = models.DateTimeField(auto_now_add=True)
#: Hora en la que se recibe la respuesta de la validación por parte del BCCR
update_time = models.DateTimeField(auto_now=True)

def __str__(self):
return repr(self)
Expand Down
4 changes: 1 addition & 3 deletions src/institution/validator/serializer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,7 @@ class ValidateDocumentRequest_Response_Serializer(
ValidateDocument_ResponseSerializer):
class Meta:
model = ValidateDocumentDataRequest
fields = ('request_datetime',
'code', 'status', 'status_text',
'warnings', 'errors', 'signers',
fields = ('request_datetime', 'status', 'status_text', 'validation_data',
'was_successfully')


Expand Down
4 changes: 2 additions & 2 deletions src/person/signer/serializer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,8 +105,8 @@ def create(self, validated_data):

class Meta:
model = SignPersonRequest
fields = ('person', 'identification', 'request_datetime', 'document', 'format',
'algorithm_hash', 'document_hash', 'resume', 'public_certificate')
fields = ('person', 'identification', 'request_datetime', 'document', 'format', 'place',
'reason', 'algorithm_hash', 'document_hash', 'resume', 'public_certificate')


class Sign_Person_Response_Serializer(serializers.ModelSerializer):
Expand Down

0 comments on commit db0f287

Please sign in to comment.