search

italia / spid-cie-oidc-django

The SPID/CIE OIDC Federation SDK, written in Python
Apache License 2.0
22 stars 25 forks source link

Error in trust chain if docker images are built locally #306

Closed mattebit closed 5 months ago

mattebit commented 5 months ago

If the docker-compose.yml is set to build all the images locally instead of pulling them from the github registry, an exception occours at the entity configuration request to the trust-anchor from the RP.

Commit used: 1faa95e70fe57293d70167300f7489114f761a7c

The changes made to the compose file are just uncommenting the build tags and commenting the image, for example:

trust-anchor.org:
  #image: ghcr.io/italia/spid-cie-oidc-django:latest
  build:
    context: .
    dockerfile: ./Dockerfile

This is the log of the exception.

relying-party.org-1        | 2024-02-07 11:17:48,167 spid_cie_oidc.entity.statements INFO     Starting Entity Configuration Request for http://trust-anchor.org:8000/.well-known/openid-federation
trust-anchor.org-1         | 2024-02-07 11:17:48,208 django.request ERROR    Internal Server Error: /.well-known/openid-federation
trust-anchor.org-1         | Traceback (most recent call last):
trust-anchor.org-1         |   File "/usr/local/lib/python3.10/site-packages/django/core/handlers/exception.py", line 55, in inner
trust-anchor.org-1         |     response = get_response(request)
trust-anchor.org-1         |   File "/usr/local/lib/python3.10/site-packages/django/core/handlers/base.py", line 197, in _get_response
trust-anchor.org-1         |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
trust-anchor.org-1         |   File "/opt/spid_cie_oidc/entity/views.py", line 59, in entity_configuration
trust-anchor.org-1         |     conf.entity_configuration_as_jws, content_type="application/entity-statement+jwt"
trust-anchor.org-1         |   File "/opt/spid_cie_oidc/entity/models.py", line 246, in entity_configuration_as_jws
trust-anchor.org-1         |     self.entity_configuration_as_dict,
trust-anchor.org-1         |   File "/opt/spid_cie_oidc/entity/models.py", line 218, in entity_configuration_as_dict
trust-anchor.org-1         |     "jwks": {"keys": self.public_jwks},
trust-anchor.org-1         |   File "/opt/spid_cie_oidc/entity/models.py", line 180, in public_jwks
trust-anchor.org-1         |     skey = serialize_rsa_key(key_from_jwk_dict(i).public_key())
trust-anchor.org-1         |   File "/opt/spid_cie_oidc/entity/jwks.py", line 67, in serialize_rsa_key
trust-anchor.org-1         |     if isinstance(rsa_key, cryptography.hazmat.backends.openssl.rsa._RSAPublicKey):
trust-anchor.org-1         | AttributeError: module 'cryptography.hazmat.backends.openssl' has no attribute 'rsa'
trust-anchor.org-1         | 2024-02-07 11:17:48,209 django.server ERROR    "GET /.well-known/openid-federation HTTP/1.1" 500 79744
relying-party.org-1        | 2024-02-07 11:17:48,210 spid_cie_oidc.relying_party.views.rp_landing WARNING  Failed trust chain for http://trust-anchor.org:8000/oidc/op to {'sub': 'http://trust-anchor.org:8000'}: Expecting value: line 1 column 1 (char 0)
rglauco commented 5 months ago

With the last release we have corrected this issue, by upgrading to cryptography 42.0.2, please try with v1.3.1 https://github.com/italia/spid-cie-oidc-django/releases/tag/v1.3.1

mattebit commented 5 months ago

With 1.3.1 it works, thank you