[INJICERT-189] add keymanager dependency to certify service

Signed-off-by: Challarao <[email protected]>
mosip · Jun 12, 2024 · ae2b8a1 · ae2b8a1
1 parent 02fd32d
commit ae2b8a1
Show file tree

Hide file tree

Showing 6 changed files with 190 additions and 2 deletions.
diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
@@ -21,6 +21,7 @@ on:
       - MOSIP*
       - release*
       - INJICERT-13
+      - INJICERT-189
 
 jobs:
   build-maven-inji-certify:

diff --git a/certify-service/pom.xml b/certify-service/pom.xml
@@ -36,7 +36,31 @@
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-bootstrap</artifactId>
         </dependency>
-
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.mosip.kernel</groupId>
+            <artifactId>kernel-keymanager-service</artifactId>
+            <version>1.2.1-java21-SNAPSHOT</version>
+            <classifier>lib</classifier>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.cloud</groupId>
+                    <artifactId>spring-cloud-starter-sleuth</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework.security</groupId>
+                    <artifactId>spring-security-test</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
     </dependencies>
 
     <build>

diff --git a/certify-service/src/main/java/io/mosip/certify/CertifyServiceApplication.java b/certify-service/src/main/java/io/mosip/certify/CertifyServiceApplication.java
@@ -8,12 +8,28 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.domain.EntityScan;
 import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.scheduling.annotation.EnableAsync;
 
 @EnableAsync
 @EnableCaching
 @SpringBootApplication(scanBasePackages = "io.mosip.certify,"+
+        "io.mosip.kernel.crypto," +
+        "io.mosip.kernel.keymanager.hsm," +
+        "io.mosip.kernel.cryptomanager.util," +
+        "io.mosip.kernel.keymanagerservice.helper," +
+        "io.mosip.kernel.keymanagerservice.repository," +
+        "io.mosip.kernel.keymanagerservice.service," +
+        "io.mosip.kernel.keymanagerservice.util," +
+        "io.mosip.kernel.keygenerator.bouncycastle," +
+        "io.mosip.kernel.signature.service," +
+        "io.mosip.kernel.pdfgenerator.itext.impl,"+
+        "io.mosip.kernel.partnercertservice.service," +
+        "io.mosip.kernel.keymanagerservice.repository,"+
+        "io.mosip.kernel.keymanagerservice.entity,"+
+        "io.mosip.kernel.partnercertservice.helper," +
         "${mosip.certify.integration.scan-base-package}")
 public class CertifyServiceApplication {
     public static void main(String[] args) {

diff --git a/certify-service/src/main/java/io/mosip/certify/config/AppConfig.java b/certify-service/src/main/java/io/mosip/certify/config/AppConfig.java
@@ -15,12 +15,16 @@
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
 
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.domain.EntityScan;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.web.client.RestTemplate;
 
 @Configuration
+@EnableJpaRepositories(basePackages = {"io.mosip.kernel.keymanagerservice.repository"})
+@EntityScan(basePackages = {"io.mosip.kernel.keymanagerservice.entity"})
 @Slf4j
 public class AppConfig {
 

diff --git a/certify-service/src/main/resources/application-local.properties b/certify-service/src/main/resources/application-local.properties
@@ -22,7 +22,7 @@ mosip.certify.supported.jwt-proof-alg={'RS256','PS256'}
 
 ##  ---------------------------------------------- VCI ------------------------------------------------------------------
 ##----- These are properties for any oauth resource server providing jwk------------###
-mosip.certify.identifier=http://localhost:8088
+mosip.certify.identifier=http://localhost:8090
 mosip.certify.authn.filter-urls={ '${server.servlet.path}/issuance/credential', '${server.servlet.path}/issuance/vd12/credential', '${server.servlet.path}/issuance/vd11/credential'}
 mosip.certify.authn.issuer-uri=http://localhost:8088/v1/esignet
 mosip.certify.authn.jwk-set-uri=http://localhost:8088/v1/esignet/oauth/.well-known/jwks.json
@@ -221,6 +221,29 @@ mosip.certify.integration.scan-base-package=io.mosip.certify.sunbirdrc.integrati
 mosip.certify.integration.vci-plugin=SunbirdRCVCIssuancePlugin
 mosip.certify.integration.audit-plugin=LoggerAuditService
 
+## ------------------------------------------- MOSIP ID Integration properties ------------------------------------------------------------
+#mosip.certify.integration.scan-base-package=io.mosip.certify.mosipid.integration
+#mosip.certify.integration.vci-plugin=IdaVCIssuancePluginImpl
+#mosip.certify.ida.vci-user-info-cache=userinfo
+#mosip.certify.ida.vci-exchange-id=mosip.identity.vciexchange
+#mosip.certify.ida.vci-exchange-version=1.0
+#mosip.certify.ida.vci-exchange-url=http://localhost:8089/idauthentication/v1/vci-exchange/delegated/abc/
+## ------------------------------------------------------------------------------------------------------##
+
+## ---------------------------------------- Cache configuration --------------------------------------------------------
+
+mosip.certify.cache.secure.individual-id=true
+mosip.certify.cache.store.individual-id=true
+mosip.certify.cache.security.secretkey.reference-id=TRANSACTION_CACHE
+mosip.certify.cache.security.algorithm-name=AES/ECB/PKCS5Padding
+
+spring.cache.type=redis
+spring.cache.cache-names=userinfo
+spring.data.redis.host=localhost
+spring.data.redis.port=6379
+management.health.redis.enabled=false
+
+
 ##-----------------------------VCI related demo configuration---------------------------------------------##
 
 mosip.certify.vciplugin.sunbird-rc.issue-credential-url=http://localhost:8000/credential/credentials/issue
@@ -246,3 +269,70 @@ mosip.certify.vciplugin.sunbird-rc.credential-type.InsuranceCredential.registry-
 mosip.certify.vciplugin.sunbird-rc.credential-type.InsuranceCredential.cred-schema-id=did:schema:77ea2b1b-f0aa-4214-acb5-2f3b93bc7ee7
 mosip.certify.vciplugin.sunbird-rc.credential-type.InsuranceCredential.cred-schema-version=1.0.0
 mosip.certify.vciplugin.sunbird-rc.credential-type.InsuranceCredential.registry-search-url=http://localhost:8000/registry/api/v1/Insurance/search
+
+
+#------------------------------------ Key-manager specific properties --------------------------------------------------
+#Crypto asymmetric algorithm name
+mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
+#Crypto symmetric algorithm name
+mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding
+#Keygenerator asymmetric algorithm name
+mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA
+#Keygenerator symmetric algorithm name
+mosip.kernel.keygenerator.symmetric-algorithm-name=AES
+#Asymmetric algorithm key length
+mosip.kernel.keygenerator.asymmetric-key-length=2048
+#Symmetric algorithm key length
+mosip.kernel.keygenerator.symmetric-key-length=256
+#Encrypted data and encrypted symmetric key separator
+mosip.kernel.data-key-splitter=#KEY_SPLITTER#
+#GCM tag length
+mosip.kernel.crypto.gcm-tag-length=128
+#Hash algo name
+mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512
+#Symmtric key length used in hash
+mosip.kernel.crypto.hash-symmetric-key-length=256
+#No of iterations in hash
+mosip.kernel.crypto.hash-iteration=100000
+#Sign algo name
+mosip.kernel.crypto.sign-algorithm-name=RS256
+#Certificate Sign algo name
+mosip.kernel.certificate.sign.algorithm=SHA256withRSA
+
+mosip.kernel.keymanager.hsm.config-path=local.p12
+mosip.kernel.keymanager.hsm.keystore-type=PKCS12
+mosip.kernel.keymanager.hsm.keystore-pass=local
+
+mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io
+mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER
+mosip.kernel.keymanager.certificate.default.organization=IITB
+mosip.kernel.keymanager.certificate.default.location=BANGALORE
+mosip.kernel.keymanager.certificate.default.state=KA
+mosip.kernel.keymanager.certificate.default.country=IN
+
+mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io
+mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP
+mosip.kernel.keymanager.softhsm.certificate.organization=IITB
+mosip.kernel.keymanager.softhsm.certificate.country=IN
+
+# ApplicationId for PMS master key.
+mosip.kernel.partner.sign.masterkey.application.id=PMS
+mosip.kernel.partner.allowed.domains=DEVICE
+
+mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate
+mosip.kernel.keymanager.jwtsign.validate.json=false
+mosip.keymanager.dao.enabled=false
+crypto.PrependThumbprint.enable=true
+
+##----------------------------------------- Database properties --------------------------------------------------------
+
+mosip.certify.database.hostname=localhost
+mosip.certify.database.port=5456
+spring.datasource.url=jdbc:postgresql://${mosip.certify.database.hostname}:${mosip.certify.database.port}/mosip_esignet?currentSchema=esignet
+spring.datasource.username=postgres
+spring.datasource.password=postgres
+
+spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
+spring.jpa.show-sql=false
+spring.jpa.hibernate.ddl-auto=none
+spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
diff --git a/certify-service/src/test/resources/application-test.properties b/certify-service/src/test/resources/application-test.properties
@@ -213,3 +213,56 @@ mosip.certify.key-values={\
    }\
 }
 
+#------------------------------------ Key-manager specific properties --------------------------------------------------
+
+#Crypto asymmetric algorithm name
+mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
+#Crypto symmetric algorithm name
+mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding
+#Keygenerator asymmetric algorithm name
+mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA
+#Keygenerator symmetric algorithm name
+mosip.kernel.keygenerator.symmetric-algorithm-name=AES
+#Asymmetric algorithm key length
+mosip.kernel.keygenerator.asymmetric-key-length=2048
+#Symmetric algorithm key length
+mosip.kernel.keygenerator.symmetric-key-length=256
+#Encrypted data and encrypted symmetric key separator
+mosip.kernel.data-key-splitter=#KEY_SPLITTER#
+#GCM tag length
+mosip.kernel.crypto.gcm-tag-length=128
+#Hash algo name
+mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512
+#Symmtric key length used in hash
+mosip.kernel.crypto.hash-symmetric-key-length=256
+#No of iterations in hash
+mosip.kernel.crypto.hash-iteration=100000
+#Sign algo name
+mosip.kernel.crypto.sign-algorithm-name=RS256
+#Certificate Sign algo name
+mosip.kernel.certificate.sign.algorithm=SHA256withRSA
+
+mosip.kernel.keymanager.hsm.config-path=test/local.p12
+mosip.kernel.keymanager.hsm.keystore-type=PKCS12
+mosip.kernel.keymanager.hsm.keystore-pass=test
+
+mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io
+mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER
+mosip.kernel.keymanager.certificate.default.organization=IITB
+mosip.kernel.keymanager.certificate.default.location=BANGALORE
+mosip.kernel.keymanager.certificate.default.state=KA
+mosip.kernel.keymanager.certificate.default.country=IN
+
+mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io
+mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP
+mosip.kernel.keymanager.softhsm.certificate.organization=IITB
+mosip.kernel.keymanager.softhsm.certificate.country=IN
+
+# Application Id for PMS master key.
+mosip.kernel.partner.sign.masterkey.application.id=PMS
+mosip.kernel.partner.allowed.domains=DEVICE
+
+mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate
+mosip.keymanager.dao.enabled=false
+mosip.kernel.keymanager.jwtsign.validate.json=false
+crypto.PrependThumbprint.enable=true