Merge from release-1.5.x to develop

README.md

@@ -2,20 +2,22 @@
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=mosip_esignet&id=mosip_esignet&metric=alert_status)](https://sonarcloud.io/dashboard?id=mosip_esignet)
 # eSignet Project
 ## Overview
+
+eSignet offers a seamless and straightforward solution for incorporating an existing trusted identity database into the digital realm via plugins.
+
 This repository contains limited OpenId protocol implementation with:
 * OAuth 2.0 RFC 6749 - Authorization code flow support
 * OAuth 2.0 RFC 7636 - PKCE security extension
 * OAuth 2.0 RFC 7523 - JWT profile for client authentication
 * RFC 7519 - ID token and access token as JWT
 * OpenID Connect Discovery 1.0 - /.well-known/openid-configuration
 * RFC 5785 - Followed for both openid and oauth well-knowns
-* Identity assurance 1.0
+* Identity Assurance 1.0
 
 ## High level overview of eSignet with external systems
 
-![esignet-architecture-overview.png](docs/esignet-architecture-overview.png)
+![esignet-overview.png](docs/esignet-overview.png)
 
-`Note: Kindly refer `[eSignet signup repository](https://github.com/mosip/esignet-signup)` for more details on eSignet signup module.`
 
 eSignet repository contains following:
 
@@ -43,7 +45,7 @@ Refer to [SQL scripts](db_scripts).
 The project requires JDK 11.
 1. Build:
     ```
-    $ mvn clean install -Dgpg.skip=true
+    $ mvn clean install -Dgpg.skip=true -Dmaven.gitcommitid.skip=true
     ```
 ## [Deployment in K8 cluster](deploy/README.md)
 

api-test/pom.xml

@@ -8,7 +8,7 @@
 	<name>apitest-esignet</name>
 	<description>Parent project of MOSIP Esignet apitests</description>
 	<url>https://github.com/mosip/esignet</url>
-	<version>1.2.1-SNAPSHOT</version>
+	<version>1.5.1-SNAPSHOT</version>
 
 	<licenses>
 		<license>
@@ -49,14 +49,14 @@
 		<maven.source.plugin.version>2.2.1</maven.source.plugin.version>
 
 		<git.commit.id.plugin.version>3.0.1</git.commit.id.plugin.version>
-		<fileName>apitest-esignet-1.2.1-SNAPSHOT-jar-with-dependencies</fileName>
+		<fileName>apitest-esignet-1.5.1-SNAPSHOT-jar-with-dependencies</fileName>
 	</properties>
 
 	<dependencies>
 		<dependency>
-			<groupId>io.mosip.testrig.apirig.apitest.commons</groupId>
+			<groupId>io.mosip.testrig.apitest.commons</groupId>
 			<artifactId>apitest-commons</artifactId>
-			<version>1.2.2-SNAPSHOT</version>
+			<version>1.3.0</version>
 		</dependency>
 	</dependencies>
 

api-test/src/main/java/io/mosip/testrig/apirig/esignet/testrunner/MosipTestRunner.java

@@ -159,13 +159,13 @@ public static void suiteSetup(String runType) {
 		BaseTestCase.certsForModule = GlobalConstants.ESIGNET;
 		DBManager.executeDBQueries(EsignetConfigManager.getKMDbUrl(), EsignetConfigManager.getKMDbUser(),
 				EsignetConfigManager.getKMDbPass(), EsignetConfigManager.getKMDbSchema(),
-				getGlobalResourcePath() + "/" + "config/keyManagerCertDataDeleteQueries.txt");
+				getGlobalResourcePath() + "/" + "config/keyManagerDataDeleteQueriesForEsignet.txt");
 		DBManager.executeDBQueries(EsignetConfigManager.getIdaDbUrl(), EsignetConfigManager.getIdaDbUser(),
 				EsignetConfigManager.getPMSDbPass(), EsignetConfigManager.getIdaDbSchema(),
-				getGlobalResourcePath() + "/" + "config/idaCertDataDeleteQueries.txt");
+				getGlobalResourcePath() + "/" + "config/idaDeleteQueriesForEsignet.txt");
 		DBManager.executeDBQueries(EsignetConfigManager.getMASTERDbUrl(), EsignetConfigManager.getMasterDbUser(),
 				EsignetConfigManager.getMasterDbPass(), EsignetConfigManager.getMasterDbSchema(),
-				getGlobalResourcePath() + "/" + "config/masterDataCertDataDeleteQueries.txt");
+				getGlobalResourcePath() + "/" + "config/masterDataDeleteQueriesForEsignet.txt");
 		AdminTestUtil.initiateesignetTest();
 		BaseTestCase.otpListener = new OTPListener();
 		BaseTestCase.otpListener.run();

api-test/src/main/java/io/mosip/testrig/apirig/esignet/testscripts/PostWithAutogenIdWithOtpGenerate.java

@@ -93,16 +93,12 @@ public void test(TestCaseDTO testCaseDTO)
 
 
 		if (testCaseDTO.getTestCaseName().contains("VID") || testCaseDTO.getTestCaseName().contains("Vid")) {
-
-
-
-
-
 			if (!BaseTestCase.getSupportedIdTypesValue().contains("VID")
 					&& !BaseTestCase.getSupportedIdTypesValue().contains("vid")) {
 				throw new SkipException(GlobalConstants.VID_FEATURE_NOT_SUPPORTED);
 			}
 		}
+
 		String inputJson = testCaseDTO.getInput().toString();
 		JSONObject req = new JSONObject(testCaseDTO.getInput());
 

api-test/src/main/java/io/mosip/testrig/apirig/esignet/utils/EsignetUtil.java

@@ -185,9 +185,8 @@ public static String isTestCaseValidForExecution(TestCaseDTO testCaseDTO) {
 			// Let run test cases eSignet & MOSIP API calls --- both UIN and VID
 
 //			BaseTestCase.setSupportedIdTypes(Arrays.asList("UIN", "VID"));
-
 			getSupportedIdTypesValueFromActuator();
-
+			
 			logger.info("supportedIdType = " + supportedIdType);
 
 			String endpoint = testCaseDTO.getEndPoint();
@@ -251,4 +250,4 @@ public static String replaceKeywordValue(String jsonString, String keyword, Stri
 			throw new SkipException("Marking testcase as skipped as required fields are empty " + keyword);
 	}
 
-}
+}

api-test/src/main/resources/config/esignet.properties

@@ -5,9 +5,9 @@ tokenEndpoint=/v1/esignet/oauth/token
 validateBindingEndpoint=ida-binding
 esignetWellKnownEndPoint=/v1/esignet/oidc/.well-known/openid-configuration
 signupSettingsEndPoint=/v1/signup/settings
-esignetActuatorPropertySection=application-default.properties
+esignetActuatorPropertySection=classpath:/application-default.properties
 # uncomment below property while executing on camdgc env locally
-servicesNotDeployed=resident,ridgenerator,admin,hotlist,preregistration,registrationprocessor,hub,print,packetcreator,packetmanager,mock-abis-service,mockmv,sunbirdrc
+servicesNotDeployed=sunbirdrc
 # uncomment below property while executing on non camdgc env locally
 #servicesNotDeployed=
 esignetMockBaseURL=esignet-insurance.
@@ -17,4 +17,4 @@ sunBirdBaseURL=https://registry.dev1.mosip.net
 
 #------------------------- Need to check if these are used or not ------------------------#
 OTPTimeOut = 181
-attempt = 10
+attempt = 10

api-test/src/main/resources/esignet/WalletBinding/WalletBinding.yml

@@ -407,7 +407,7 @@ WalletBinding:
        "errors": [
     {
       "errorCode": "IDA-MLC-009",
-      "errorMessage": "request.individualId: invalid_individual_id"
+      "errorMessage": "$IGNORE$"
     }
   ],
         "sendOtpResp": {
@@ -2789,4 +2789,4 @@ WalletBinding:
            "sendOtpResTemplate":"esignet/SendBindingOtp/SendBindingOtpResult",
            "maskedEmail": "$IGNORE$"
        }
-}'
+}'

api-test/testNgXmlFiles/esignetSuite.xml

@@ -7,6 +7,7 @@
 	<listeners>
 		<listener class-name="io.mosip.testrig.apirig.report.EmailableReport"/>
 	</listeners>
+
 	<test name="OIDCClientV2">
 		<parameter name="ymlFile"
 			value="esignet/OIDCClientV2/OIDCClientV2.yml" />
@@ -494,6 +495,5 @@
 		<classes>
 			<class name="io.mosip.testrig.apirig.esignet.testscripts.PostWithAutogenIdWithOtpGenerate" />
 		</classes>
-	</test> -->	
-
-</suite>
+	</test> -->
+</suite>

deploy/.gitignore

@@ -0,0 +1 @@
+esignet-global-cm.yaml

deploy/README.md

@@ -24,19 +24,51 @@
       * __Logging__ : Setup logging as per [steps](https://github.com/mosip/k8s-infra/tree/v1.2.0.2/logging).
       * __Monitoring__ : Setup monitoring consisting elasticsearch, kibana, grafana using [steps](https://github.com/mosip/k8s-infra/tree/v1.2.0.2/monitoring).
 ### Install Pre-requisites
-```
-./install-prereq.sh
-```
+* `esignet-global` configmap: For eSignet K8's env, `esignet-global` configmap in `esignet` namespace contains Domain related information. Follow below steps to add domain details for `esignet-global` configmap.
+  * Copy `esignet-global-cm.yaml.sample` to `esignet-global-cm.yaml`.
+  * Update the domain names in `esignet-global-cm.yaml` correctly for your environment.
+  * Create a google recaptcha v2 ("I am not a Robot") from Google with required domain name ex:[sandbox.mosip.net] [Recaptcha Admin](https://www.google.com/recaptcha/about/) and set esignet captcha.
+* Install pre-requisites
+  ```
+  ./install-prereq.sh
+  ```
 ### Initialise pre-requisites
 * Update values file for postgres init [here](postgres/init_values.yaml).
-* Execute `initialise-prereq.sh` script to initialise postgres and keycloak and set esignet captcha.
+* Execute `initialise-prereq.sh` script to initialise postgres and keycloak.
   ```
   ./initialise-prereq.sh
   ```
-### Install esignet, oidc and captcha service
+### Install esignet and oidc
+During deployment, the system will prompt for user input to select the appropriate plugin. The available options are listed below:
+1. esignet-mock-plugin.jar
+2. mosip-identity-plugin.jar
+
+For current scope of deployment, as it is limited to mock functionality, 
+select option 1 (esignet-mock-plugin.jar).
 ```
 ./install-esignet.sh
 ```
 ## Onboarder
-* If Esignet is getting deployed with MOSIP than we need to execute the onboarder for MISP partner.
+* There are two ways to proceed, either with mosip identity plugin or with mock plugin.
+### MOSIP Identity Plugin
+* If Esignet is getting deployed with MOSIP then we need to execute the onboarder for MISP partner and mock-rp oidc clientId.
 * Onboarder [scripts](../partner-onboarder/).
+
+### MOCK Plugin
+* Download postman collection from [here](../postman-collection)
+* Fetch auth token from esignet keycloak. Update the "client_secret" in the request body.
+* Run the request under "OIDC Client Mgmt" -> "Mock" -> "Get Auth token"
+* Run the requests under
+
+    a. "OIDC Client Mgmt" -> "Mock" -> "Get CSRF token"
+
+    b. "OIDC Client Mgmt" -> "Mock" -> "Create OIDC client"
+
+### NOTE:
+This deployment is limited to mock
+Below section related to configuring IDA is not tested. Still it can be tried out
+
+### CONFIGURE IDA for Esignet :
+Onboard eSignet as MISP partner in MOSIP PMS using our onboarder script
+We should override properties defined [here](https://github.com/mosip/esignet-plugins/blob/release-1.3.x/mosip-identity-plugin/src/main/resources/application.properties)  if there is any change in the MOSIP IDA domain names.
+Update the 'MOSIP_ESIGNET_AUTHENTICATOR_IDA_SECRET_KEY' property with MOSIP IDA keycloak client secret.

deploy/captcha/install.sh

@@ -1,20 +1,31 @@
 #!/bin/bash
-## Installing captcha validation server.
+## Combined Script: Installing Captcha Validation Server and Initializing Prerequisites
 ## Usage: ./install.sh [kubeconfig]
 
 if [ $# -ge 1 ] ; then
   export KUBECONFIG=$1
 fi
 
+ROOT_DIR=`pwd`
 NS=captcha
 CHART_VERSION=0.1.0-develop
 
-echo Create $NS namespace
-kubectl create ns $NS
-
 function installing_captcha() {
-  echo Istio label
+  while true; do
+      read -p "Do you want to continue installing captcha validation service? (y/n): " ans
+      if [ "$ans" = "Y" ] || [ "$ans" = "y" ]; then
+          break
+      elif [ "$ans" = "N" ] || [ "$ans" = "n" ]; then
+          exit 1
+      else
+          echo "Please provide a correct option (Y or N)"
+      fi
+  done
+
+  echo "Creating $NS namespace"
+  kubectl create ns $NS || true
 
+  echo "Applying Istio label to namespace"
   kubectl label ns $NS istio-injection=disabled --overwrite
   helm repo update
 
@@ -31,11 +42,47 @@ function installing_captcha() {
     fi
   done
 
-  echo Installing captcha
+  echo "Installing captcha"
   helm -n $NS install captcha mosip/captcha --version $CHART_VERSION --set metrics.serviceMonitor.enabled=$servicemonitorflag --wait
 
-  echo Installed captcha service
-  return 0
+  echo "Installed captcha service"
+
+  # Set up Captcha secrets for eSignet
+  while true; do
+    read -p "Do you want to continue configuring Captcha secrets for esignet? (y/n): " ans
+    if [[ "$ans" == "Y" || "$ans" == "y" ]]; then
+      ESIGNET_HOST=$(kubectl -n esignet get cm esignet-global -o jsonpath={.data.mosip-esignet-host})
+      echo "Please create captcha site and secret key for esignet domain: $ESIGNET_HOST"
+
+      echo "Please enter the reCAPTCHA admin site key for domain $ESIGNET_HOST:"
+      read ESITE_KEY
+      echo "Please enter the reCAPTCHA admin secret key for domain $ESIGNET_HOST:"
+      read ESECRET_KEY
+
+      echo "Setting up Captcha secrets"
+      kubectl -n esignet create secret generic esignet-captcha --from-literal=esignet-captcha-site-key=$ESITE_KEY --from-literal=esignet-captcha-secret-key=$ESECRET_KEY --dry-run=client -o yaml | kubectl apply -f -
+      echo "Captcha secrets for esignet configured successfully"
+
+      ../copy_cm_func.sh secret esignet-captcha esignet $NS
+
+      # Update or add environment variable
+      ENV_VAR_EXISTS=$(kubectl -n $NS get deployment captcha -o jsonpath="{.spec.template.spec.containers[0].env[?(@.name=='MOSIP_CAPTCHA_SECRET_ESIGNET')].name}")
+      if [[ -z "$ENV_VAR_EXISTS" ]]; then
+          echo "Environment variable 'MOSIP_CAPTCHA_SECRET_ESIGNET' does not exist. Adding it..."
+          kubectl patch deployment -n $NS captcha --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "MOSIP_CAPTCHA_SECRET_ESIGNET", "valueFrom": {"secretKeyRef": {"name": "esignet-captcha", "key": "esignet-captcha-secret-key"}}}}]'
+      else
+          echo "Environment variable 'MOSIP_CAPTCHA_SECRET_ESIGNET' exists. Updating it..."
+          kubectl patch deployment -n $NS captcha --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/env[?(@.name==\"MOSIP_CAPTCHA_SECRET_ESIGNET\")]", "value": {"name": "MOSIP_CAPTCHA_SECRET_ESIGNET", "valueFrom": {"secretKeyRef": {"name": "esignet-captcha", "key": "esignet-captcha-secret-key"}}}}]'
+      fi
+
+      break
+    elif [[ "$ans" == "N" || "$ans" == "n" ]]; then
+      echo "Skipping Captcha secrets configuration."
+      break
+    else
+      echo "Please provide a correct option (Y or N)"
+    fi
+  done
 }
 
 # set commands for error handling.

deploy/config-server/install.sh

@@ -6,17 +6,18 @@ if [ $# -ge 1 ] ; then
   export KUBECONFIG=$1
 fi
 
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+
 NS=esignet
 CHART_VERSION=0.0.1-develop
 
     echo Create $NS namespace
-    kubectl create ns $NS
-    # set commands for error handling.
-    set -e
-    set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
-    set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
-    set -o errtrace  # trace ERR through 'time command' and other functions
-    set -o pipefail  # trace ERR through pipes
+    kubectl create ns $NS || true
 
     echo Istio label
     kubectl label ns $NS istio-injection=enabled --overwrite

deploy/esignet-apitestrig/README.md

@@ -2,13 +2,25 @@
 
 ## Introduction
 ApiTestRig will test the working of APIs of the MOSIP modules.
-
 ## Install
+* Create a directory for apitestrig on the NFS server at `/srv/nfs/mosip/<sandbox>/apitestrig/`:
+```
+mkdir -p /srv/nfs/mosip/<sandbox>/apitestrig/
+```
+* Ensure the directory has 777 permissions:
+```
+chmod 777 /srv/nfs/mosip/<sandbox>/apitestrig
+```
+* Add the following entry to the /etc/exports file:
+```
+/srv/nfs/mosip/<sandbox>/apitestrig *(ro,sync,no_root_squash,no_all_squash,insecure,subtree_check)
+```
 * Review `values.yaml` and, Make sure to enable required modules for apitestrig operation.
-* Install
-```sh
+* run `./install.sh`.
+```
 ./install.sh
 ```
+
 * During the execution of the `install.sh` script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
 * If the server lacks a public domain and a valid SSL certificate, it is advisable to select the `n` option. Opting it will enable the `init-container` with an `emptyDir` volume and include it in the deployment process.
 * The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., `cacerts`) file.
@@ -41,4 +53,4 @@ ApiTestRig will test the working of APIs of the MOSIP modules.
   example:
   ```
   kubectl --kubeconfig=/home/xxx/Downloads/qa4.config -n apitestrig create job --from=cronjob/cronjob-apitestrig-masterdata cronjob-apitestrig-masterdata
-  ```
+  ```

deploy/esignet-apitestrig/delete.sh

@@ -27,4 +27,4 @@ set -o errexit   ## set -e : exit the script if any statement returns a non-true
 set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
 set -o errtrace  # trace ERR through 'time command' and other functions
 set -o pipefail  # trace ERR through pipes
-deleting_apitestrig   # calling function
+deleting_apitestrig   # calling function