[DSD-6382] resolved merge conflicts

Signed-off-by: ckm007 <[email protected]>

README.md

@@ -1,59 +1,7 @@
-# esignet-signup
+# eSignet Signup
 
-signup-service is part of the esignet modules, but has a separate Helm chart so as to install and manage it in a completely independent namespace.
+signup-service is part of the esignet, but has a separate Helm chart to install and manage it in a completely independent namespace.
 
-Below diagram depicts the high level deployment architecture for signup service with MOSIP ID-repo.
-
-![](docs/signup-with-mosip-id-repo.png)
-
-### Configurations
-Signup service and signup UI currently supports default [ID schema](docs/id-schema.json) only.
-
-**Note:**
-Work is in progress to support any ID schema and also to connect with any registry services.
-
-With respect to the default ID schema, below MOSIP configurations are required to be updated.
-
-#### admin-default.properties
-``
-mosip.admin.masterdata.lang-code=eng,khm
-``
-
-#### application-default.properties
-```
-mosip.mandatory-languages=eng,khm
-
-mosip.optional-languages=
-
-mosip.default.template-languages=eng,khm
-```
-
-#### id-authentication-default.properties
-```
-request.idtypes.allowed=UIN,HANDLE
-
-request.idtypes.allowed.internalauth=UIN
-
-ida.mosip.external.auth.filter.classes.in.execution.order=io.mosip.authentication.hotlistfilter.impl.PartnerIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.IndividualIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceProviderHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceHotlistFilterImpl,io.mosip.authentication.authtypelockfilter.impl.AuthTypeLockFilterImpl
-
-mosip.ida.handle-types.regex={ '@phone' : '^\\+91[1-9][0-9]{7,9}@phone$' }
-```
-
-####  id-repository-default.properties
-```
-mosip.idrepo.credential.request.enable-convention-based-id=true
-
-mosip.idrepo.identity.disable-uin-based-credential-request=true
-
-mosip.idrepo.vid.disable-support=true
-
-mosip.identity.fieldid.handle-postfix.mapping={'phone':'@phone'}
-```
-
-#### kernel-default.properties
-``
-mosip.kernel.sms.country.code=+91
-``
 ## Installing in k8s cluster using helm
 ### Pre-requisites
 1. Set the kube config file of the Esignet k8 cluster having esignet services is set correctly in PC.

docker-compose/README.md

@@ -1,64 +1,10 @@
 ## Overview
 
-This is the docker-compose setup to run esignet UI and esignet-service with mock identity system. This is not for production use.
+This is the docker-compose setup to run eSignet Signup service with mock identity system. This is not for production use.
 
-## What is in the docker-compose setup folder?
 
-1. "app" folder holds the Dockerfile required to build custom artifactory-server. This artifactory server will host all the files under app/static folder.
-All the i18n bundles, dummy softhsm conf, signin-with-esignet button plugin files are served from this server. 
-2. "config" folder holds the esignet and mock-identity system properties file.
-3. "docker-compose.yml" file with esignet and mock-identity-system setup with other required services
-4. "init.sql" comprises DDL and DMLs required by esignet and mock-identity-system.
-5. "loader_path" this is esignet mount volume from where all the runtime dependencies are loaded to classpath. If any new esignet plugins to be tested
-should be placed in this folder and respective plugin configuration should be updated in config/esignet-default.properties.
 
-```Note: Refer https://docs.esignet.io/integration to know how to create custom plugins to integrate.```
 
-## How to run this setup?
 
-1. Create loader_path folder in the same directory and Download the eisgnet mock plugin from [here](https://repo1.maven.org/maven2/io/mosip/esignet/mock/mock-esignet-integration-impl/0.9.2/mock-esignet-integration-impl-0.9.2.jar) 
-and copy the downloaded jar under loader_path directory.
 
-2. Start the docker-compose file
-
-> docker-compose up
-
-3. Download the postman script from [here](../docs/postman-collections/esignet-with-mock-IDA.postman_collection.json)
-and its environment from [here](../docs/postman-collections/esignet-with-mock-IDA.postman_environment.json)
-
-4. Import the downloaded collection and environment into postman.
-
-5. To create an OIDC/OAuth client, run the below request from the postman collection "OIDC Client mgmt" folder
-   * Get CSRF token
-   * Create OIDC Client
-
-6. To Create a Mock identity, run the below request from the postman collection "Mock-Identity-System" folder
-   * Create Mock Identity
-
-7. To run the OIDC flow with mock identity run the below request(same order) from the postman collection "AuthCode flow with OTP login" folder.
-   * Get CSRF token
-   * Authorize / OAuthdetails request
-   * Send OTP
-   * Authenticate User
-   * Authorization Code
-   * Get Tokens
-   * Get userInfo
-
-8. To run the Verifiable Credential Issuance flow with mock identity run the below request(same order) from the postman collection "VCI" folder.
-   * Get CSRF token
-   * Authorize / OAuthdetails request
-   * Send OTP
-   * Authenticate User
-   * Authorization Code
-   * Get Tokens
-   * Get Credential
-
-
-## How to Access esignet UI?
-
-To invoke the authorize endpoint of esignet UI to start OIDC/VCI flow, use the below URL:
-
-http://localhost:3000/authorize?nonce=ere973eieljznge2311&state=eree2311&client_id=health-service-client&redirect_uri=https://healthservices.com/callback&scope=openid&response_type=code&acr_values=mosip:idp:acr:generated-code&claims=%7B%22userinfo%22:%7B%22name%22:%7B%22essential%22:false%7D,%22phone_number%22:%7B%22essential%22:true%7D%7D,%22id_token%22:%7B%7D%7D&claims_locales=en&display=page&state=consent&ui_locales=en-IN
-
-```Note: Change the value of client_id, redirect_uri, acr_values and claims as per your requirement in the above URL.```
 

docker-compose/dependent-docker-compose.yml

@@ -1,7 +1,7 @@
 services:
 
   database:
-    image: 'postgres:latest'
+    image: 'postgres:bookworm'
     ports:
       - 5455:5432
     environment:
@@ -25,7 +25,7 @@ services:
       - database
 
   redis:
-    image: redis:latest
+    image: redis:6.0
     container_name: redis-server
     ports:
       - "6379:6379"

docker-compose/docker-compose.yml

@@ -0,0 +1,88 @@
+services:
+  database:
+    image: 'postgres:bookworm'
+    ports:
+      - 5455:5432
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    volumes:
+      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
+
+  mock-identity-system:
+    image: 'mosipdev/mock-identity-system:develop'
+    user: root
+    ports:
+      - 8082:8082
+    environment:
+      - container_user=mosip
+      - active_profile_env=local
+      - SPRING_DATASOURCE_URL=jdbc:postgresql://database:5432/mosip_mockidentitysystem?currentSchema=mockidentitysystem
+      - SPRING_DATASOURCE_USERNAME=postgres
+      - SPRING_DATASOURCE_PASSWORD=postgres
+    depends_on:
+      - database
+
+  zookeeper:
+    image: wurstmeister/zookeeper
+    container_name: zookeeper
+    ports:
+      - "2181:2181"
+
+  kafka:
+    image: wurstmeister/kafka
+    container_name: kafka
+    ports:
+      - "9092:9092"
+    environment:
+      KAFKA_ADVERTISED_LISTENERS: INSIDE://kafka:9092,OUTSIDE://localhost:9093
+      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT
+      KAFKA_LISTENERS: INSIDE://0.0.0.0:9092,OUTSIDE://0.0.0.0:9093
+      KAFKA_INTER_BROKER_LISTENER_NAME: INSIDE
+      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
+
+  esignet:
+    image: 'mosipdev/esignet:develop'
+    user: root
+    ports:
+      - 8088:8088
+    environment:
+      - container_user=mosip
+      - active_profile_env=local
+      - plugin_name_env=esignet-mock-plugin.jar
+      - KAFKA_ENABLED=false
+      - SPRING_AUTOCONFIGURE_EXCLUDE=org.springframework.boot.autoconfigure.kafka.KafkaAutoConfiguration
+      - SPRING_DATASOURCE_URL=jdbc:postgresql://database:5432/mosip_esignet?currentSchema=esignet
+      - SPRING_CACHE_TYPE=simple
+      - MOSIP_ESIGNET_MOCK_DOMAIN_URL=http://mock-identity-system:8082
+    depends_on:
+      - database
+      - mock-identity-system
+
+  esignet-ui:
+    image: 'mosipdev/oidc-ui:develop'
+    user: root
+    ports:
+      - 3000:3000
+    environment:
+      - container_user=mosip
+      - DEFAULT_WELLKNOWN=%5B%7B%22name%22%3A%22OpenID%20Configuration%22%2C%22value%22%3A%22%2F.well-known%2Fopenid-configuration%22%7D%2C%7B%22name%22%3A%22Jwks%20Json%22%2C%22value%22%3A%22%2F.well-known%2Fjwks.json%22%7D%2C%7B%22name%22%3A%22Authorization%20Server%22%2C%22value%22%3A%22%2F.well-known%2Foauth-authorization-server%22%7D%5D
+      - SIGN_IN_WITH_ESIGNET_PLUGIN_URL=https://raw.githubusercontent.com/mosip/artifactory-ref-impl/master/artifacts/src/mosip-plugins/sign-in-with-esignet/sign-in-with-esignet.zip
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf
+    depends_on:
+      - esignet
+
+  signup:
+    image: 'mosipdev/signup-service:develop'
+    user: root
+    ports:
+      - 8089:8089
+    environment:
+      - container_user=mosip
+      - active_profile_env=local
+      - plugin_name_env=esignet-mock-plugin.jar
+      - MOSIP_ESIGNET_MOCK_DOMAIN_URL=http://mock-identity-system:8082
+    depends_on:
+      - database
+      - mock-identity-system

docker-compose/init.sql

@@ -1,13 +1,153 @@
+CREATE DATABASE mosip_esignet
+  ENCODING = 'UTF8'
+  LC_COLLATE = 'en_US.UTF-8'
+  LC_CTYPE = 'en_US.UTF-8'
+  TABLESPACE = pg_default
+  OWNER = postgres
+  TEMPLATE  = template0;
+
+COMMENT ON DATABASE mosip_esignet IS 'e-Signet related data is stored in this database';
+
 CREATE DATABASE mosip_mockidentitysystem
-  ENCODING = 'UTF8' 
-  LC_COLLATE = 'en_US.UTF-8' 
-  LC_CTYPE = 'en_US.UTF-8' 
-  TABLESPACE = pg_default 
+  ENCODING = 'UTF8'
+  LC_COLLATE = 'en_US.UTF-8'
+  LC_CTYPE = 'en_US.UTF-8'
+  TABLESPACE = pg_default
   OWNER = postgres
   TEMPLATE  = template0;
 
 COMMENT ON DATABASE mosip_mockidentitysystem IS 'Mock identity related data is stored in this database';
 
+\c mosip_esignet postgres
+
+DROP SCHEMA IF EXISTS esignet CASCADE;
+CREATE SCHEMA esignet;
+ALTER SCHEMA esignet OWNER TO postgres;
+ALTER DATABASE mosip_esignet SET search_path TO esignet,pg_catalog,public;
+
+CREATE TABLE esignet.client_detail(
+  id character varying(100) NOT NULL,
+  name character varying(256) NOT NULL,
+  rp_id character varying(100) NOT NULL,
+  logo_uri character varying(2048) NOT NULL,
+  redirect_uris character varying NOT NULL,
+  claims character varying NOT NULL,
+  acr_values character varying NOT NULL,
+  public_key character varying NOT NULL,
+  grant_types character varying NOT NULL,
+  auth_methods character varying NOT NULL,
+  status character varying(20) NOT NULL,
+  cr_dtimes timestamp NOT NULL,
+  upd_dtimes timestamp,
+  CONSTRAINT pk_clntdtl_id PRIMARY KEY (id),
+  CONSTRAINT uk_clntdtl_key UNIQUE (public_key)
+);
+
+create table esignet.consent_detail (
+    id UUID NOT NULL,
+    client_id VARCHAR NOT NULL,
+    psu_token VARCHAR NOT NULL,
+    claims VARCHAR NOT NULL,
+    authorization_scopes VARCHAR NOT NULL,
+    cr_dtimes TIMESTAMP DEFAULT NOW() NOT NULL,
+    expire_dtimes TIMESTAMP,
+    signature VARCHAR,
+    hash VARCHAR,
+    accepted_claims VARCHAR,
+    permitted_scopes VARCHAR,
+    PRIMARY KEY (id),
+    CONSTRAINT unique_client_token UNIQUE (client_id, psu_token)
+);
+
+CREATE INDEX IF NOT EXISTS idx_consent_psu_client ON esignet.consent_detail(psu_token, client_id);
+
+create table esignet.consent_history (
+    id UUID NOT NULL,
+    client_id VARCHAR NOT NULL,
+    psu_token VARCHAR NOT NULL,
+    claims VARCHAR NOT NULL,
+    authorization_scopes VARCHAR NOT NULL,
+    cr_dtimes TIMESTAMP DEFAULT NOW() NOT NULL,
+    expire_dtimes TIMESTAMP,
+    signature VARCHAR,
+    hash VARCHAR,
+    accepted_claims VARCHAR,
+    permitted_scopes VARCHAR,
+    PRIMARY KEY (id)
+);
+CREATE INDEX IF NOT EXISTS idx_consent_history_psu_client ON esignet.consent_history(psu_token, client_id);
+
+CREATE TABLE esignet.key_alias(
+    id character varying(36) NOT NULL,
+    app_id character varying(36) NOT NULL,
+    ref_id character varying(128),
+    key_gen_dtimes timestamp,
+    key_expire_dtimes timestamp,
+    status_code character varying(36),
+    lang_code character varying(3),
+    cr_by character varying(256) NOT NULL,
+    cr_dtimes timestamp NOT NULL,
+    upd_by character varying(256),
+    upd_dtimes timestamp,
+    is_deleted boolean DEFAULT FALSE,
+    del_dtimes timestamp,
+    cert_thumbprint character varying(100),
+    uni_ident character varying(50),
+    CONSTRAINT pk_keymals_id PRIMARY KEY (id),
+    CONSTRAINT uni_ident_const UNIQUE (uni_ident)
+);
+
+CREATE TABLE esignet.key_policy_def(
+    app_id character varying(36) NOT NULL,
+    key_validity_duration smallint,
+    is_active boolean NOT NULL,
+    pre_expire_days smallint,
+    access_allowed character varying(1024),
+    cr_by character varying(256) NOT NULL,
+    cr_dtimes timestamp NOT NULL,
+    upd_by character varying(256),
+    upd_dtimes timestamp,
+    is_deleted boolean DEFAULT FALSE,
+    del_dtimes timestamp,
+    CONSTRAINT pk_keypdef_id PRIMARY KEY (app_id)
+);
+
+CREATE TABLE esignet.key_store(
+  id character varying(36) NOT NULL,
+  master_key character varying(36) NOT NULL,
+  private_key character varying(2500) NOT NULL,
+  certificate_data character varying NOT NULL,
+  cr_by character varying(256) NOT NULL,
+  cr_dtimes timestamp NOT NULL,
+  upd_by character varying(256),
+  upd_dtimes timestamp,
+  is_deleted boolean DEFAULT FALSE,
+  del_dtimes timestamp,
+  CONSTRAINT pk_keystr_id PRIMARY KEY (id)
+);
+
+CREATE TABLE esignet.public_key_registry(
+    id_hash character varying(100) NOT NULL,
+    auth_factor character varying(25) NOT NULL,
+  psu_token character varying(256) NOT NULL,
+  public_key character varying NOT NULL,
+  expire_dtimes timestamp NOT NULL,
+  wallet_binding_id character varying(256) NOT NULL,
+  public_key_hash character varying(100) NOT NULL,
+  certificate character varying NOT NULL,
+  cr_dtimes timestamp NOT NULL,
+  thumbprint character varying NOT NULL,
+  CONSTRAINT pk_public_key_registry PRIMARY KEY (id_hash, auth_factor)
+);
+
+
+INSERT INTO esignet.KEY_POLICY_DEF(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('ROOT', 2920, 1125, 'NA', true, 'mosipadmin', now());
+INSERT INTO esignet.KEY_POLICY_DEF(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('OIDC_SERVICE', 1095, 50, 'NA', true, 'mosipadmin', now());
+INSERT INTO esignet.KEY_POLICY_DEF(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('OIDC_PARTNER', 1095, 50, 'NA', true, 'mosipadmin', now());
+INSERT INTO esignet.KEY_POLICY_DEF(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('BINDING_SERVICE', 1095, 50, 'NA', true, 'mosipadmin', now());
+INSERT INTO esignet.KEY_POLICY_DEF(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('MOCK_BINDING_SERVICE', 1095, 50, 'NA', true, 'mosipadmin', now());
+
+
 \c mosip_mockidentitysystem postgres
 
 DROP SCHEMA IF EXISTS mockidentitysystem CASCADE;