From 454f894d90b9228b195a3c4a9bcb04a8a6ff4cf0 Mon Sep 17 00:00:00 2001
From: Giuseppe <giuseppe.demarco@unical.it>
Date: Tue, 25 May 2021 23:44:27 +0200
Subject: [PATCH 1/2] BREAKAGE: configuration's password, salt and sub_funcs
 now are under session_params

---
 src/oidcop/configure.py        |  4 +---
 src/oidcop/endpoint_context.py |  5 +++--
 src/oidcop/session/manager.py  |  5 +++--
 tests/op_config.json           | 30 +++++++++++++++++-------------
 4 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/src/oidcop/configure.py b/src/oidcop/configure.py
index 567cab44..956fd505 100755
--- a/src/oidcop/configure.py
+++ b/src/oidcop/configure.py
@@ -220,8 +220,7 @@ def __init__(
         self.template_dir = None
         self.token_handler_args = {}
         self.userinfo = None
-        self.password = None
-        self.salt = None
+        self.session_params = None
 
         if file_attributes is None:
             file_attributes = DEFAULT_FILE_ATTRIBUTE_NAMES
@@ -268,7 +267,6 @@ def __init__(
         self.id_token = None
         self.login_hint2acrs = {}
         self.login_hint_lookup = None
-        self.sub_func = {}
 
         EntityConfiguration.__init__(self, conf=conf, base_path=base_path,
                                      entity_conf=entity_conf, domain=domain, port=port,
diff --git a/src/oidcop/endpoint_context.py b/src/oidcop/endpoint_context.py
index dab66128..d733644c 100755
--- a/src/oidcop/endpoint_context.py
+++ b/src/oidcop/endpoint_context.py
@@ -292,8 +292,9 @@ def do_sub_func(self) -> None:
 
         :return: string
         """
-        _conf = self.conf.get("sub_func", {})
-        for key, args in _conf.items():
+        ses_par = self.conf.get("session_params") or {}
+        sub_func = ses_par.get("sub_func") or {}
+        for key, args in sub_func.items():
             if "class" in args:
                 self._sub_func[key] = init_service(args)
             elif "function" in args:
diff --git a/src/oidcop/session/manager.py b/src/oidcop/session/manager.py
index 7e1f85cc..4ca89870 100644
--- a/src/oidcop/session/manager.py
+++ b/src/oidcop/session/manager.py
@@ -77,8 +77,9 @@ def __init__(
         self.conf = conf or {}
 
         # these won't change runtime
-        self._key = self.conf.get("password") or rndstr(24)
-        self._salt = self.conf.get("salt") or rndstr(32)
+        session_params = self.conf.get("session_params") or {}
+        self._key = session_params.get("password") or rndstr(24)
+        self._salt = session_params.get("salt") or rndstr(32)
 
         self.key = self.load_key()
         self.salt = self.load_key()
diff --git a/tests/op_config.json b/tests/op_config.json
index 97ba89de..b1b4e512 100644
--- a/tests/op_config.json
+++ b/tests/op_config.json
@@ -273,19 +273,23 @@
     "type": "OCT",
     "use": "sig"
   },
-  "sub_func": {
-    "public": {
-      "class": "oidcop.session.manager.PublicID",
-      "kwargs": {
-        "filename": "public.salt"
-      }
-    },
-    "pairwise": {
-      "class": "oidcop.session.manager.PairWiseID",
-      "kwargs": {
-        "filename": "pairwise.salt"
-      }
-    }
+  "session_params": {
+      "password": "__password_used_to_encrypt_access_token_sid_value",
+      "salt": "salt involved in session sub hash ",
+      "sub_func": {
+        "public": {
+          "class": "oidcop.session.manager.PublicID",
+          "kwargs": {
+            "salt": "sdfsdfdsf"
+          }
+        },
+        "pairwise": {
+          "class": "oidcop.session.manager.PairWiseID",
+          "kwargs": {
+            "salt": "sdfsdfsdf"
+          }
+        }
+     }
   },
   "template_dir": "templates",
   "token_handler_args": {

From 06228afedfcbbf82ee08bfdd16b7860ede0e61a7 Mon Sep 17 00:00:00 2001
From: Giuseppe <giuseppe.demarco@unical.it>
Date: Tue, 25 May 2021 23:51:48 +0200
Subject: [PATCH 2/2] chore: Documentation session_params and sub_funcs

---
 doc/source/contents/conf.rst | 39 ++++++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/doc/source/contents/conf.rst b/doc/source/contents/conf.rst
index 47680d4c..b28960b4 100644
--- a/doc/source/contents/conf.rst
+++ b/doc/source/contents/conf.rst
@@ -15,19 +15,50 @@ seed
 Used in dynamic client registration endpoint when creating a new client_secret.
 If unset it will be random.
 
---------
+--------------
+session params
+--------------
+
+Configuration parameters used by session manager
+
+    "session_params": {
+      "password": "__password_used_to_encrypt_access_token_sid_value",
+      "salt": "salt involved in session sub hash ",
+      "sub_func": {
+        "public": {
+          "class": "oidcop.session.manager.PublicID",
+          "kwargs": {
+            "salt": "sdfsdfdsf"
+          }
+        },
+        "pairwise": {
+          "class": "oidcop.session.manager.PairWiseID",
+          "kwargs": {
+            "salt": "sdfsdfsdf"
+          }
+        }
+     }
+  },
+
 password
---------
+########
 
 Encryption key used to encrypt the SessionID (sid) in access_token.
 If unset it will be random.
 
-----
+
 salt
-----
+####
 
 Salt, value or filename, used in sub_funcs (pairwise, public) for creating the opaque hash of *sub* claim.
 
+
+sub_funcs
+#########
+
+Functions involved in subject creation (jwt token sub claim).
+
+
 -----------
 session_key
 -----------