Skip to content

Commit

Permalink
[INJICERT-212] Docker file for inji certify repo and integration of c…
Browse files Browse the repository at this point in the history
…ertify with eSignet + sunbird C installation

Signed-off-by: Challarao <[email protected]>
  • Loading branch information
challabeehyv committed May 31, 2024
1 parent 12aa009 commit 8f3ea05
Show file tree
Hide file tree
Showing 17 changed files with 1,721 additions and 38 deletions.
63 changes: 43 additions & 20 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Execute installation script

```
1. Sunbird RC
2. Esignet
2. Certify
0. Exit
Select:
```
Expand All @@ -45,33 +45,56 @@ Execute installation script
* Set the hostname of the endpoints correctly as per your docker setup
* Now generate a DID, create a credential schema and create an issuance registry
* take note of `$.schema[0].author` and `$.schema[0].id` from the create credential schema request
6. Add the jar file of Digital Credential Stack(DCS) plugin implementation in [loader_path](docker-compose/docker-compose-esignet/loader_path). The JAR can be built [from source](https://github.com/mosip/digital-credential-plugins/) or [downloaded directly](https://mvnrepository.com/artifact/io.mosip.esignet.sunbirdrc/sunbird-rc-esignet-integration-impl).
7. Modify the properties of the Esignet service located in the [esignet-default.properties](docker-compose/docker-compose-esignet/config/esignet-default.properties) file:
- Include Issuer ID and credential schema ID for the following properties: `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId`, `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential-type}.cred-schema-id`.
6. Add the jar file of Digital Credential Stack(DCS) plugin implementations for eSignet and certify:
* For eSignet add the jar file [here](docker-compose/docker-compose-certify/loader_path/esignet). The JAR can be built [from source](https://github.com/mosip/digital-credential-plugins/) or [downloaded directly](https://mvnrepository.com/artifact/io.mosip.esignet.sunbirdrc/sunbird-rc-esignet-integration-impl).
* For certify add the jar file [here](docker-compose/docker-compose-certify/loader_path/certify). THE JAR can be built [from source](https://github.com/mosip/digital-credential-plugins/tree/INJICERT-13/sunbird-rc-certify-integration-impl).
7. Modify the properties of the Esignet and Certify services located in the [esignet-default.properties](docker-compose/docker-compose-certify/config/esignet-default.properties) and [certify-default.properties](docker-compose/docker-compose-certify/config/certify-default.properties) files respectively.
- Include Issuer ID and credential schema ID for the following properties:
- esignet-default-properties:
- `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId`.
- `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential-type}.cred-schema-id`.
- certify-default.properties:
- `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId`.
- `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential-type}.cred-schema-id`.
- The `$.schema[0].author` DID goes to the config ending in issuerId and `$.schema[0].id` DID goes to the config ending in `cred-schema-id`.
8. Once the Esignet properties are configured, proceed to select Esignet from the options provided for eSignet.
9. Download the postman collection and environment for sunbird use case from [here](https://github.com/mosip/digital-credential-plugins/tree/master/sunbird-rc-esignet-integration-impl/postman-collections).
10. Create Client from Create OIDC client API, add redirect uri 'http://localhost:3001', add auth-factor 'mosip:idp:acr:knowledge' to the request body.
11. Change `aud` variable in environment to 'http://localhost:8088/v1/esignet/oauth/v2/token' and set `audUrl` to http://localhost:8088
12. Perform a Knowledge based authentication(KBA) as specified in the Postman collection.
8. Once the Esignet and Certify properties are configured, proceed to select Certify from the option provided in the installation steps.
9. The installation of Certify will encompass the following services:
* [Esignet Service](https://github.com/mosip/esignet)
* [Certify Service](https://github.com/mosip/inji-certify)
10. Download the postman collection and environment for sunbird use case from [here](docker-compose/docker-compose-certify/postman-collections).
11. Create Client from Create OIDC client API, add redirect uri 'http://localhost:3001'.
12. Change `aud` variable in environment to 'http://localhost:8088/v1/esignet/oauth/v2/token' and set `audUrl` to http://localhost:8088
13. Perform a Knowledge based authentication(KBA) as specified in the Postman collection.
* perform the authorize callback request
* in the /authorization/authenticate request update the challenge to a URL-safe base64 encoded string with the KBA details such as `{"fullName":"Abhishek Gangwar","dob":"1967-10-24"}`, one can use an [online base64 encoding service](https://base64encode.org) for the same.
* in the /vci/credential api inside pre-request script section change the aud env variable to -> "aud" : pm.environment.get('audUrl')
* in the /issuance/credential api inside pre-request script section change the aud env variable to -> "aud" : pm.environment.get('audUrl')

## Properties for custom use case

- Sample schemas for Insurance registry are provided [here](docker-compose/docker-compose-sunbird/schemas), change it according to use case.
- Change these properties for different use case `mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.field-details`,`mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.individual-id-field`
- Add the Sunbird registry URL for these properties: `mosip.esignet.vciplugin.sunbird-rc.issue-credential-url`,`mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.registry-search-url`.
- Specify the list of supported credential types using the property: `mosip.esignet.vciplugin.sunbird-rc.supported-credential-types`.
- For each supported credential type change the below properties. Sample properties are provided in the [default properties](docker-compose/docker-compose-esignet/config/esignet-default.properties) file.
* Issuer id `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId`
* Credential schema id `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-id`
* Registry Url `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.registry-get-url`
* Template Url `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.template-url`
* Credential schema version `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-version`
- Define the list of supported scopes using: `mosip.esignet.supported.credential.scopes`, and for each scope, map the resource accordingly at `mosip.esignet.credential.scope-resource-mapping`.
- Change this property for different credential types supported `mosip.esignet.vci.key-values` based on OID4VCI version.
- Specify the list of supported credential types for these properties:
- esignet-default-properties:
- `mosip.esignet.vciplugin.sunbird-rc.supported-credential-types`.
- certify-default.properties:
- `mosip.certify.vciplugin.sunbird-rc.supported-credential-types`.
- For each supported credential type change the below properties. Sample properties are provided in the [eSignet default properties](docker-compose/docker-compose-certify/config/esignet-default.properties) and [Certify default properties](docker-compose/docker-compose-certify/config/certify-default.properties).
* esignet-default-properties:
* Issuer id `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId`
* Credential schema id `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-id`
* Registry Url `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.registry-get-url`
* Template Url `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.template-url`
* Credential schema version `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-version`
* Define the list of supported scopes using: `mosip.esignet.supported.credential.scopes`, and for each scope, map the resource accordingly at `mosip.esignet.credential.scope-resource-mapping`.
* Change these properties for different credential types supported `mosip.esignet.vci.key-values` based on OID4VCI version.
* certify-default-properties:
* Issuer id `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId`
* Credential schema id `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-id`
* Registry Url `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.registry-get-url`
* Template Url `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.template-url`
* Credential schema version `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-version`
* Change these properties for different credential types supported `mosip.certify.key-values` based on OID4VCI version.

## Troubleshooting

Expand All @@ -87,4 +110,4 @@ Execute installation script
* [Registry](https://github.com/challabeehyv/sunbird-devops/tree/main/deploy-as-code/helm/demo-mosip-registry)
* [Credential service, Credential schema service & Identity service](https://github.com/Sunbird-RC/devops/tree/main/deploy-as-code/helm/v2)
* [Vault](https://github.com/challabeehyv/sunbird-devops/blob/main/deploy-as-code/helm/v2/README.md#vault-deployment)
* [Esignet](https://github.com/mosip/esignet/tree/develop/helm)
* [Esignet](https://github.com/mosip/esignet/tree/develop/helm)
2 changes: 1 addition & 1 deletion certify-core/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<parent>
<groupId>io.mosip.certify</groupId>
<artifactId>certify-parent</artifactId>
<version>0.0.1-SNAPSHOT</version>
<version>0.9.0-SNAPSHOT</version>
</parent>

<groupId>io.mosip.certify</groupId>
Expand Down
2 changes: 1 addition & 1 deletion certify-integration-api/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<parent>
<groupId>io.mosip.certify</groupId>
<artifactId>certify-parent</artifactId>
<version>0.0.1-SNAPSHOT</version>
<version>0.9.0-SNAPSHOT</version>
</parent>

<groupId>io.mosip.certify</groupId>
Expand Down
94 changes: 94 additions & 0 deletions certify-service/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
FROM openjdk:21

ARG SOURCE
ARG COMMIT_HASH
ARG COMMIT_ID
ARG BUILD_TIME
LABEL source=${SOURCE}
LABEL commit_hash=${COMMIT_HASH}
LABEL commit_id=${COMMIT_ID}
LABEL build_time=${BUILD_TIME}

# can be passed during Docker build as build time environment for github branch to pickup configuration from.
ARG spring_config_label

# can be passed during Docker build as build time environment for spring profiles active
ARG active_profile

# can be passed during Docker build as build time environment for config server URL
ARG spring_config_url

# can be passed during Docker build as build time environment for glowroot
ARG is_glowroot

# can be passed during Docker build as build time environment for artifactory URL
ARG artifactory_url

# environment variable to pass active profile such as DEV, QA etc at docker runtime
ENV active_profile_env=${active_profile}

# environment variable to pass github branch to pickup configuration from, at docker runtime
ENV spring_config_label_env=${spring_config_label}

# environment variable to pass spring configuration url, at docker runtime
ENV spring_config_url_env=${spring_config_url}

# environment variable to pass glowroot, at docker runtime
ENV is_glowroot_env=${is_glowroot}

# environment variable to pass artifactory url, at docker runtime
ENV artifactory_url_env=${artifactory_url}

# can be passed during Docker build as build time environment for github branch to pickup configuration from.
ARG container_user=mosip

# can be passed during Docker build as build time environment for github branch to pickup configuration from.
ARG container_user_group=mosip

# can be passed during Docker build as build time environment for github branch to pickup configuration from.
ARG container_user_uid=1001

# can be passed during Docker build as build time environment for github branch to pickup configuration from.
ARG container_user_gid=1001


# install packages and create user
RUN apt-get -y update \
&& apt-get install -y unzip file sudo \
&& groupadd -g ${container_user_gid} ${container_user_group} \
&& useradd -u ${container_user_uid} -g ${container_user_group} -s /bin/sh -m ${container_user} \
&& id -u ${container_user} &>/dev/null || adduser ${container_user}

RUN id -u ${container_user}
# set working directory for the user
WORKDIR /home/${container_user}

ENV work_dir=/home/${container_user}

ARG loader_path=${work_dir}/additional_jars/

RUN mkdir -p ${loader_path}

ENV loader_path_env=${loader_path}

COPY ./target/certify-service-*.jar certify-service.jar

# change permissions of file inside working dir
RUN chown -R ${container_user}:${container_user} /home/${container_user}

# select container user for all tasks
USER ${container_user_uid}:${container_user_gid}

EXPOSE 8090
EXPOSE 9010

#ENTRYPOINT [ "./configure_start.sh" ]
CMD if [ "$is_glowroot_env" = "present" ]; then \
wget -q --show-progress "${artifactory_url_env}"/artifactory/libs-release-local/io/mosip/testing/glowroot.zip ; \
unzip glowroot.zip ; \
rm -rf glowroot.zip ; \
sed -i 's/<service_name>/idp-service/g' glowroot/glowroot.properties ; \
java -jar -javaagent:glowroot/glowroot.jar -Dloader.path="${loader_path_env}" -Dspring.cloud.config.label="${spring_config_label_env}" -Dspring.profiles.active="${active_profile_env}" -Dspring.cloud.config.uri="${spring_config_url_env}" certify-service.jar ; \
else \
java -jar -Dloader.path="${loader_path_env}" -Dspring.cloud.config.label="${spring_config_label_env}" -Dspring.profiles.active="${active_profile_env}" -Dspring.cloud.config.uri="${spring_config_url_env}" certify-service.jar ; \
fi
4 changes: 2 additions & 2 deletions certify-service/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@
<parent>
<groupId>io.mosip.certify</groupId>
<artifactId>certify-parent</artifactId>
<version>0.0.1-SNAPSHOT</version>
<version>0.9.0-SNAPSHOT</version>
</parent>

<groupId>io.mosip.certify</groupId>
<artifactId>certify-service</artifactId>
<version>0.0.1-SNAPSHOT</version>
<version>0.9.0-SNAPSHOT</version>
<name>certify-service</name>
<description>certify vci service</description>

Expand Down
2 changes: 1 addition & 1 deletion docker-compose/destroy.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash

cd docker-compose-esignet
cd docker-compose-certify
docker compose down
sudo rm -rf data
cd ..
Expand Down
Loading

0 comments on commit 8f3ea05

Please sign in to comment.