Merge pull request #8 from lalithkota/15.0-develop

Added Encryption Provider Concept, Added Keymanager encryption provider. Reorganized Registry encryption. Added API module with JWKS

README.md

@@ -1,10 +1,10 @@
 
 <!-- /!\ do not modify above this line -->
 
-# OpenG2P Security 
+# OpenG2P Security
 ### (_Alpha version_) ###
 
-This repo contains modules for the encryption of the registry. Refer to [OpenG2P Docs](https://docs.openg2p.org/v/1.1).
+This repo contains modules for the encryption of the registry. Refer to [OpenG2P Docs](https://docs.openg2p.org/).
 
 <!-- /!\ do not modify below this line -->
 
@@ -16,8 +16,10 @@ Available addons
 ----------------
 addon | version | maintainers | summary
 --- | --- | --- | ---
-[g2p_encryption](g2p_encryption/) | 15.0.1.2.0 |  | G2P: Encryption
-[g2p_registry_encryption](g2p_registry_encryption/) | 15.0.1.2.0 |  | G2P:Registry Encryption
+[g2p_encryption](g2p_encryption/) | 15.0.1.2.0 |  | G2P Encryption: Base
+[g2p_encryption_keymanager](g2p_encryption_keymanager/) | 15.0.1.2.0 |  | G2P Encryption: Keymanager
+[g2p_encryption_rest_api](g2p_encryption_rest_api/) | 15.0.1.2.0 |  | G2P Encryption: Rest API
+[g2p_registry_encryption](g2p_registry_encryption/) | 15.0.1.2.0 |  | G2P Registry: Encryption
 
 [//]: # (end addons)
 

g2p_encryption/README.rst

@@ -1,14 +1,11 @@
-===============
-G2P: Encryption
-===============
+====================
+G2P Encryption: Base
+====================
 
-.. 
-   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:04f5f0d02e2f5b06062b0403ad80dc8ba932f2489ce2e21cd6aeb2ca30e8d3da
-   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png
     :target: https://odoo-community.org/page/development-status
@@ -17,9 +14,9 @@ G2P: Encryption
     :target: https://github.com/OpenG2P/openg2p-security/tree/15.0-develop/g2p_encryption
     :alt: OpenG2P/openg2p-security
 
-|badge1| |badge2|
+|badge1| |badge2| 
 
-OpenG2P Encryption
+OpenG2P Encryption: Base
 
 .. IMPORTANT::
    This is an alpha version, the data model and design can change at any time without warning.
@@ -36,7 +33,7 @@ Bug Tracker
 
 Bugs are tracked on `GitHub Issues <https://github.com/OpenG2P/openg2p-security/issues>`_.
 In case of trouble, please check there if your issue has already been reported.
-If you spotted it first, help us to smash it by providing a detailed and welcomed
+If you spotted it first, help us smashing it by providing a detailed and welcomed
 `feedback <https://github.com/OpenG2P/openg2p-security/issues/new?body=module:%20g2p_encryption%0Aversion:%2015.0-develop%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
 
 Do not contact contributors directly about support or help with technical issues.

g2p_encryption/__manifest__.py

@@ -1,5 +1,5 @@
 {
-    "name": "G2P: Encryption",
+    "name": "G2P Encryption: Base",
     "category": "G2P",
     "version": "15.0.1.2.0",
     "sequence": 1,
@@ -8,8 +8,12 @@
     "license": "Other OSI approved licence",
     "development_status": "Alpha",
     "depends": [],
-    "external_dependencies": {"python": ["pycrypto"]},
-    "data": [],
+    "data": [
+        "security/groups.xml",
+        "security/ir.model.access.csv",
+        "views/encryption_provider.xml",
+        "data/default_provider.xml",
+    ],
     "assets": {
         "web.assets_backend": [],
         "web.assets_qweb": [],

g2p_encryption/data/default_provider.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+Part of OpenG2P. See LICENSE file for full copyright and licensing details.
+-->
+<odoo>
+    <record id="encryption_provider_default" model="g2p.encryption.provider">
+        <field name="name">Default Encryption Provider</field>
+    </record>
+</odoo>

g2p_encryption/models/__init__.py

@@ -1 +1 @@
-from . import crypto
+from . import encryption_provider

g2p_encryption/models/encryption_provider.py

@@ -0,0 +1,63 @@
+from odoo import fields, models
+
+
+class G2PEncryptionProvider(models.Model):
+    _name = "g2p.encryption.provider"
+    _description = "G2P Encryption Provider"
+
+    name = fields.Char(required=True)
+    type = fields.Selection(selection=[])
+
+    def encrypt_data(self, data: bytes, **kwargs) -> bytes:
+        """
+        Both input and output are NOT base64 encoded
+        """
+        try:
+            encrypt_func = getattr(self, f"encrypt_data_{self.type}")
+        except Exception as e:
+            raise NotImplementedError() from e
+        return encrypt_func(data, **kwargs)
+
+    def decrypt_data(self, data: bytes, **kwargs) -> bytes:
+        """
+        Both input and output are NOT base64 encoded
+        """
+        try:
+            decrypt_func = getattr(self, f"decrypt_data_{self.type}")
+        except Exception as e:
+            raise NotImplementedError() from e
+        return decrypt_func(data, **kwargs)
+
+    def jwt_sign(
+        self,
+        data,
+        include_payload=True,
+        include_certificate=False,
+        include_cert_hash=False,
+        **kwargs,
+    ) -> str:
+        try:
+            jwt_func = getattr(self, f"jwt_sign_{self.type}")
+        except Exception as e:
+            raise NotImplementedError() from e
+        return jwt_func(
+            data,
+            include_payload=True,
+            include_certificate=False,
+            include_cert_hash=False,
+            **kwargs,
+        )
+
+    def jwt_verify(self, data: str, **kwargs):
+        try:
+            jwt_func = getattr(self, f"jwt_verify_{self.type}")
+        except Exception as e:
+            raise NotImplementedError() from e
+        return jwt_func(data, **kwargs)
+
+    def get_jwks(self, **kwargs):
+        try:
+            jwk_func = getattr(self, f"get_jwks_{self.type}")
+        except Exception as e:
+            raise NotImplementedError() from e
+        return jwk_func(**kwargs)

g2p_encryption/readme/DESCRIPTION.rst

@@ -1 +1 @@
-OpenG2P Encryption
+OpenG2P Encryption: Base

g2p_encryption/security/groups.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="crypto_admin" model="res.groups">
+        <field name="name">Crypto Admin</field>
+        <field name="category_id" ref="g2p_registry_base.openg2p_module" />
+    </record>
+</odoo>

g2p_encryption/security/ir.model.access.csv

@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+encryption_provider_crypto_admin,Encryption Provider Crypto Admin,g2p_encryption.model_g2p_encryption_provider,g2p_encryption.crypto_admin,1,1,1,1

g2p_encryption/static/description/index.html

@@ -3,18 +3,18 @@
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<meta name="generator" content="Docutils: http://docutils.sourceforge.net/" />
-<title>G2P: Encryption</title>
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>G2P Encryption: Base</title>
 <style type="text/css">
 
 /*
 :Author: David Goodger ([email protected])
-:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
 
-See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
 */
 
@@ -360,17 +360,15 @@
 </style>
 </head>
 <body>
-<div class="document" id="g2p-encryption">
-<h1 class="title">G2P: Encryption</h1>
+<div class="document" id="g2p-encryption-base">
+<h1 class="title">G2P Encryption: Base</h1>
 
 <!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:04f5f0d02e2f5b06062b0403ad80dc8ba932f2489ce2e21cd6aeb2ca30e8d3da
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
-<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Alpha" src="https://img.shields.io/badge/maturity-Alpha-red.png" /></a> <a class="reference external" href="https://github.com/OpenG2P/openg2p-security/tree/15.0-develop/g2p_encryption"><img alt="OpenG2P/openg2p-security" src="https://img.shields.io/badge/github-OpenG2P%2Fopeng2p--security-lightgray.png?logo=github" /></a></p>
-<p>OpenG2P Encryption</p>
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Alpha" src="https://img.shields.io/badge/maturity-Alpha-red.png" /></a> <a class="reference external image-reference" href="https://github.com/OpenG2P/openg2p-security/tree/15.0-develop/g2p_encryption"><img alt="OpenG2P/openg2p-security" src="https://img.shields.io/badge/github-OpenG2P%2Fopeng2p--security-lightgray.png?logo=github" /></a></p>
+<p>OpenG2P Encryption: Base</p>
 <div class="admonition important">
 <p class="first admonition-title">Important</p>
 <p class="last">This is an alpha version, the data model and design can change at any time without warning.
@@ -380,32 +378,32 @@ <h1 class="title">G2P: Encryption</h1>
 <p><strong>Table of contents</strong></p>
 <div class="contents local topic" id="contents">
 <ul class="simple">
-<li><a class="reference internal" href="#bug-tracker" id="id1">Bug Tracker</a></li>
-<li><a class="reference internal" href="#credits" id="id2">Credits</a><ul>
-<li><a class="reference internal" href="#authors" id="id3">Authors</a></li>
-<li><a class="reference internal" href="#maintainers" id="id4">Maintainers</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-1">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-2">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-3">Authors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-4">Maintainers</a></li>
 </ul>
 </li>
 </ul>
 </div>
 <div class="section" id="bug-tracker">
-<h1><a class="toc-backref" href="#id1">Bug Tracker</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-1">Bug Tracker</a></h1>
 <p>Bugs are tracked on <a class="reference external" href="https://github.com/OpenG2P/openg2p-security/issues">GitHub Issues</a>.
 In case of trouble, please check there if your issue has already been reported.
-If you spotted it first, help us to smash it by providing a detailed and welcomed
+If you spotted it first, help us smashing it by providing a detailed and welcomed
 <a class="reference external" href="https://github.com/OpenG2P/openg2p-security/issues/new?body=module:%20g2p_encryption%0Aversion:%2015.0-develop%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
 <p>Do not contact contributors directly about support or help with technical issues.</p>
 </div>
 <div class="section" id="credits">
-<h1><a class="toc-backref" href="#id2">Credits</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-2">Credits</a></h1>
 <div class="section" id="authors">
-<h2><a class="toc-backref" href="#id3">Authors</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-3">Authors</a></h2>
 <ul class="simple">
 <li>OpenG2P</li>
 </ul>
 </div>
 <div class="section" id="maintainers">
-<h2><a class="toc-backref" href="#id4">Maintainers</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-4">Maintainers</a></h2>
 <p>This module is part of the <a class="reference external" href="https://github.com/OpenG2P/openg2p-security/tree/15.0-develop/g2p_encryption">OpenG2P/openg2p-security</a> project on GitHub.</p>
 <p>You are welcome to contribute.</p>
 </div>

g2p_encryption/views/encryption_provider.xml

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+Part of OpenG2P. See LICENSE file for full copyright and licensing details.
+-->
+<odoo>
+    <record id="view_encryption_provider_list_tree" model="ir.ui.view">
+        <field name="name">view_encryption_provider_list_tree</field>
+        <field name="model">g2p.encryption.provider</field>
+        <field name="priority">1</field>
+        <field name="arch" type="xml">
+            <tree>
+                <field name="name" />
+                <field name="type" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="view_encryption_provider_form" model="ir.ui.view">
+        <field name="name">view_encryption_provider_form</field>
+        <field name="model">g2p.encryption.provider</field>
+        <field name="priority">1</field>
+        <field name="arch" type="xml">
+            <form string="Encryption Provider">
+                <group name="Base" string="Base">
+                    <field name="name" />
+                    <field name="type" required="True" />
+                </group>
+            </form>
+        </field>
+    </record>
+
+    <record id="action_encryption_provider" model="ir.actions.act_window">
+        <field name="name">Encryption Provider</field>
+        <field name="res_model">g2p.encryption.provider</field>
+        <field name="view_mode">tree,form</field>
+        <field name="help">Manage encryption providers.</field>
+    </record>
+
+    <menuitem
+        id="menu_encryption_provider"
+        name="Encryption Providers"
+        parent="base.menu_administration"
+        sequence="700"
+        action="action_encryption_provider"
+        groups="crypto_admin"
+    />
+</odoo>