Merge pull request #232 from tw-mosip/release-to-develop

Release to develop
mosip · Jan 15, 2025 · 674727a · 674727a
2 parents 3e27cc9 + 78c46a2
commit 674727a
Show file tree

Hide file tree

Showing 43 changed files with 377 additions and 404 deletions.
diff --git a/docker-compose/README.md b/docker-compose/README.md
@@ -3,14 +3,10 @@
 This is the docker-compose setup to run 
 
 - **mimoto-service** which act as BFF for Inji mobile and backend for Inji web.
-- **inji-web** and **inji-web-proxy** for frontend
+- **inji-web** for frontend
 
 This is not for production use.
 
-## Navigate to inji-web-proxy folder and Build the inji-web-proxy image locally.
-
-> cd inji-web-proxy && docker build -t inji-web-proxy:local .
-
 ## Navigate to inji-web folder and Build the inji-web image locally.
 
 > docker build -t inji-web:local .
@@ -29,9 +25,7 @@ This is not for production use.
 
 3. Start esignet services (authorisation server) or use existing esignet service deployed on cloud and update esignet host references in mimoto-default.properties and mimoto-issuers-config.json
 
-4. Start the data share services and update data share host references in mimoto-default.properties. data share service helm is available in the [Inji Web Helm](https://github.com/mosip/inji-web/tree/release-0.10.x/helm/inji-web)
-
-5. Create certs folder in the same directory and create OIDC client. Add key in oidckeystore.p12 and copy this file under certs folder.
+4. Create certs folder in the same directory and create OIDC client. Add key in oidckeystore.p12 and copy this file under certs folder. Replace oidc_p12_password environment variable value by password provided in documentation.
 Refer [here](https://docs.mosip.io/inji/inji-mobile-wallet/customization-overview/credential_providers) to create client
 * Update client_id and client_alias as per onboarding in mimoto-issuers-config.json file.
 

diff --git a/docker-compose/config/data-share-inji-default.properties b/docker-compose/config/data-share-inji-default.properties
@@ -0,0 +1,64 @@
+# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
+# DO NOT define these in any of the property files.  They must be passed as env variables.  Refer to config-server
+# helm chart:
+# keycloak.external.host
+# keycloak.external.url
+# keycloak.internal.host
+# keycloak.internal.url
+# mosip.datsha.client.secret
+# s3.accesskey
+# s3.region
+# s3.secretkey
+
+mosip.data.share.service.id=mosip.data.share
+mosip.data.share.service.version=1.0
+
+CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt
+KEYMANAGER_JWTSIGN=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign
+PARTNER_POLICY=${mosip.pms.policymanager.url}/v1/policymanager/policies/{policyId}/partner/{partnerId}
+KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey
+
+
+data.share.application.id=PARTNER
+mosip.data.share.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
+!-- if value is true then  please set servlet path to /   --!
+mosip.data.share.urlshortner=false
+data.share.token.request.appid=datsha
+data.share.token.request.clientId=mosip-datsha-client
+data.share.token.request.secretKey=${mosip.datsha.client.secret}
+data.share.token.request.password=
+data.share.token.request.username=
+data.share.token.request.version=1.0
+data.share.token.request.id=io.mosip.datashare
+data.share.token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip
+spring.servlet.multipart.max-file-size=14MB
+mosip.data.share.protocol=http
+mosip.data.share.includeCertificateHash=false
+mosip.data.share.includeCertificate=false
+mosip.data.share.includePayload=false
+mosip.data.share.digest.algorithm=SHA256
+mosip.data.share.prependThumbprint=false
+mosip.role.durian.postcreatepolicyidsubscriberid=CREATE_SHARE
+auth.server.admin.allowed.audience=mosip-creser-client,mpartner-default-auth,mosip-regproc-client,mosip-reg-client,mosip-syncdata-client,mpartner-default-print,mosip-resident-client,opencrvs-partner,mosip-pms-client,mpartner-default-digitalcard,mosip-admin-client,mosip-abis-client,mpartner-default-mobile
+
+mosip.auth.filter_disable=false
+
+# Object store
+object.store.s3.accesskey=minioadmin
+object.store.s3.secretkey=minioadmin
+object.store.s3.url=http://minio-service:9000
+object.store.s3.region=us-east-1
+object.store.s3.readlimit=10000000
+
+#specific to Compliance Toolkit, to ABIS DataShare testcases
+auth.handle.ctk.flow=true
+mosip.api.internal.toolkit.url=https://${mosip.api.internal.host}/v1/toolkit
+mosip.compliance.toolkit.saveDataShareToken.url=${mosip.api.internal.toolkit.url}/saveDataShareToken
+mosip.compliance.toolkit.invalidateDataShareToken.url=${mosip.api.internal.toolkit.url}/invalidateDataShareToken
+mosip.compliance.toolkit.invalidateDataShareToken.testCaseId=ABIS3031
+logging.level.org.springframework.web: DEBUG
+#cache schedular
+mosip.data.share.policy-cache.expiry-time-millisec=7200000
+
+mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter
+mosip.pms.policymanager.url=http://pms-policy.pms
diff --git a/docker-compose/config/data-share-standalone.properties b/docker-compose/config/data-share-standalone.properties
@@ -0,0 +1,15 @@
+# Enables the data-share application in standalone mode.
+mosip.data.share.standalone.mode.enabled=true
+# Defines the policy json which will be taken into consideration if
+# "mosip.data.share.standalone.mode.enabled" is set as true.
+# If we are using "encryptionType" as "Partner based" then subscriberId must be a valid subscriberId
+# i.e. should exist in system.
+mosip.data.share.static-policy.policy-json={"typeOfShare":"","transactionsAllowed":"250","shareDomain":"datashare-service:8097","encryptionType":"NONE","source":"","validForInMinutes":"30"}
+# Defines the policyId which will be taken into consideration if "
+# mosip.data.share.standalone.mode.enabled" is set as true.
+mosip.data.share.static-policy.policy-id=static-policyid
+# Defines the subscriberId which will be taken into consideration if
+# "mosip.data.share.standalone.mode.enabled" is set as true.
+mosip.data.share.static-policy.subscriber-id=static-subscriberid
+# Disables JWT signature computation while storing object in object store.
+mosip.data.share.signature.disabled=true
diff --git a/docker-compose/config/mimoto-default.properties b/docker-compose/config/mimoto-default.properties
@@ -30,7 +30,7 @@ mosip.inji.warningDomainName=${mosip.api.public.url}
 #timeout for vc download api via openid4vci flow in milliseconds
 mosip.inji.openId4VCIDownloadVCTimeout=30000
 # inji documentation url
-mosip.inji.aboutInjiUrl=https://docs.mosip.io/inji/inji-mobile-wallet/overview
+mosip.inji.aboutInjiUrl=https://docs.inji.io/inji-wallet/inji-mobile
 # minimum storage space required for making audit entry in MB
 mosip.inji.minStorageRequiredForAuditEntry=2
 # minimum storage space required for downloading / receiving vc in MB
@@ -260,7 +260,7 @@ mosip.openid.issuers=mimoto-issuers-config.json
 mosip.openid.htmlTemplate=credential-template.html
 mosip.oidc.client.assertion.type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
 mosip.oidc.p12.filename=oidckeystore.p12
-mosip.oidc.p12.password=mosip123
+mosip.oidc.p12.password=${oidc_p12_password}
 mosip.oidc.p12.path=certs/
 
 
@@ -270,21 +270,20 @@ mosip.oidc.p12.path=certs/
 mosip.openid.verifiers=mimoto-trusted-verifiers.json
 
 #Inji Web Config
-mosip.inji.web.url=https://injiweb.collab.mosip.net
-mosip.inji.web.redirect.url=https://injiweb.collab.mosip.net/authorize
+mosip.inji.web.url=http://localhost:3004
+mosip.inji.web.redirect.url=${mosip.inji.web.url}/authorize
 mosip.inji.qr.data.size.limit=10000
 mosip.inji.qr.code.height=650
 mosip.inji.qr.code.width=650
 
 #OVP Config
-mosip.inji.ovp.qrdata.pattern=INJI_OVP://https://injiweb.collab.mosip.net/authorize?response_type=vp_token&resource=%s&presentation_definition=%s
+mosip.inji.ovp.qrdata.pattern=INJI_OVP://http://localhost:${server.port}/v1/mimoto/authorize?response_type=vp_token&resource=%s&presentation_definition=%s
 mosip.inji.ovp.redirect.url.pattern=%s#vp_token=%s&presentation_submission=%s
 mosip.inji.ovp.error.redirect.url.pattern=%s?error=%s&error_description=%s
 
 #DataShare Config
-mosip.data.share.url=https://datashare-inji.collab.mosip.net
-mosip.data.share.create.url=https://datashare-inji.collab.mosip.net/v1/datashare/create/static-policyid/static-subscriberid
+mosip.data.share.url=http://datashare-service:8097
+mosip.data.share.create.url=http://datashare-service:8097/v1/datashare/create/static-policyid/static-subscriberid
+mosip.data.share.get.url.pattern=http://datashare-service:8097/v1/datashare/get/static-policyid/static-subscriberid/*
 mosip.data.share.create.retry.count=3
-mosip.data.share.get.url.pattern=https://datashare-inji.collab.mosip.net/v1/datashare/get/static-policyid/static-subscriberid/*
-
 #OpenId4VP related Configuration END
diff --git a/docker-compose/config/mimoto-issuers-config.json b/docker-compose/config/mimoto-issuers-config.json
@@ -1,133 +1,29 @@
 {
   "issuers": [
     {
-      "issuer_id": "Mosip",
-      "protocol": "OpenId4VCI",
-      "display": [
-        {
-          "name": "National Identity Department",
-          "logo": {
-            "url": "https://api.collab.mosip.net/inji/mosip-logo.png",
-            "alt_text": "mosip-logo"
-          },
-          "title": "National Identity Department",
-          "description": "Download MOSIP National / Foundational Identity Credential",
-          "language": "en"
-        },
-        {
-          "name": "دائرة الهوية الوطنية",
-          "logo": {
-            "url": "https://api.collab.mosip.net/inji/mosip-logo.png",
-            "alt_text": "شعار موسيب"
-          },
-          "title": "دائرة الهوية الوطنية",
-          "description": "قم بتنزيل بيانات اعتماد الهوية الوطنية / التأسيسية MOSIP",
-          "language": "ar"
-        },
-        {
-          "name": "राष्ट्रीय पहचान विभाग",
-          "logo": {
-            "url": "https://api.collab.mosip.net/inji/mosip-logo.png",
-            "alt_text": "मोसिप लोगो"
-          },
-          "title": "राष्ट्रीय पहचान विभाग",
-          "description": "MOSIP नेशनल/फाउंडेशनल आइडेंटिटी क्रेडेंशियल डाउनलोड करेंं",
-          "language": "hi"
-        },
-        {
-          "name": "ರಾಷ್ಟ್ರೀಯ ಗುರುತಿನ ಇಲಾಖೆ",
-          "logo": {
-            "url": "https://api.collab.mosip.net/inji/mosip-logo.png",
-            "alt_text": "mosip ಲೋಗೋ"
-          },
-          "title": "ರಾಷ್ಟ್ರೀಯ ಗುರುತಿನ ಇಲಾಖೆ",
-          "description": "MOSIP ರಾಷ್ಟ್ರೀಯ / ಫೌಂಡೇಶನಲ್ ಐಡೆಂಟಿಟಿ ರುಜುವಾತು ಡೌನ್‌ಲೋಡ್ ಮಾಡಿ",
-          "language": "kn"
-        },
-        {
-          "name": "தேசிய அடையாளத் துறை",
-          "logo": {
-            "url": "https://api.collab.mosip.net/inji/mosip-logo.png",
-            "alt_text": "mosip லோகோ"
-          },
-          "title": "தேசிய அடையாளத் துறை",
-          "description": "MOSIP தேசிய / அடிப்படை அடையாளச் சான்றிதழைப் பதிவிறக்கவும்",
-          "language": "ta"
-        },
-        {
-          "name": "National Identity Department",
-          "logo": {
-            "url": "https://api.collab.mosip.net/inji/mosip-logo.png",
-            "alt_text": "logo ng mosip"
-          },
-          "title": "National Identity Department",
-          "description": "I-download ang MOSIP National / Foundational Identity Credential",
-          "language": "fil"
-        }
-      ],
-      "client_id": "XusU7P1y10lMr9NA1qnrny_fqynODwV4SCvWPP8cfdY",
-      "redirect_uri": "io.mosip.residentapp.inji://oauthredirect",
-      "token_endpoint": "https://api.collab.mosip.net/v1/mimoto/get-token/Mosip",
-      "authorization_audience": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token",
-      "proxy_token_endpoint": "https://esignet-mosipid.collab.mosip.net/v1/esignet/oauth/v2/token",
-      "client_alias": "mpartner-default-test-mosipid",
-      "qr_code_type": "OnlineSharing",
-      "wellknown_endpoint": "https://injicertify-mosipid.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer",
-      "credential_issuer": "https://injicertify-mosipid.collab.mosip.net",
-      "enabled": "true"
-
-    },
-    {
-      "issuer_id": "StayProtected",
-      "protocol": "OpenId4VCI",
+      "credential_issuer": "StayProtected",
       "display": [
         {
           "name": "StayProtected Insurance",
           "logo": {
             "url": "https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png",
             "alt_text": "a square logo of a Sunbird"
           },
+          "language": "en",
           "title": "Download StayProtected Insurance Credentials",
-          "description": "Download insurance credential",
-          "language": "en"
+          "description": "Download insurance credential"
         }
       ],
-      "client_id": "esignet-sunbird-partner",
-      "redirect_uri": "io.mosip.residentapp.inji://oauthredirect",
-      "token_endpoint": "https://api.dev1.mosip.net/v1/mimoto/get-token/StayProtected",
-      "authorization_audience": "https://esignet-insurance.dev1.mosip.net/v1/esignet/oauth/v2/token",
-      "proxy_token_endpoint": "https://esignet-insurance.dev1.mosip.net/v1/esignet/oauth/v2/token",
-      "client_alias": "esignet-sunbird-partner",
-      "qr_code_type": "OnlineSharing",
-      "wellknown_endpoint": "https://injicertify-insurance.dev1.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer",
-      "credential_issuer": "https://injicertify-insurance.dev1.mosip.net",
-      "enabled": "true"
-    },
-    {
-      "issuer_id": "Mock",
       "protocol": "OpenId4VCI",
-      "display": [
-        {
-          "name": "Mock Identity",
-          "logo": {
-            "url": "https://api.collab.mosip.net/inji/mosip-logo.png",
-            "alt_text": "mosip-logo"
-          },
-          "title": "Mock Identity",
-          "description": "Download Mock Identity Credential",
-          "language": "en"
-        }
-      ],
-      "client_id": "mpartner-mock-testing",
+      "client_id": "wallet-demo",
+      "client_alias": "wallet-demo-client",
+      "wellknown_endpoint": "https://injicertify-insurance.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer",
       "redirect_uri": "io.mosip.residentapp.inji://oauthredirect",
-      "token_endpoint": "https://api.collab.mosip.net/v1/mimoto/get-token/Mock",
       "authorization_audience": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token",
-      "proxy_token_endpoint": "https://esignet-mock.collab.mosip.net/v1/esignet/oauth/v2/token",
-      "client_alias": "mpartner-mock-testing",
+      "token_endpoint": "https://localhost:8099/v1/mimoto/get-token/StayProtected",
+      "proxy_token_endpoint": "https://esignet-insurance.collab.mosip.net/v1/esignet/oauth/v2/token",
       "qr_code_type": "OnlineSharing",
-      "wellknown_endpoint": "https://injicertify-mock.collab.mosip.net/v1/certify/issuance/.well-known/openid-credential-issuer",
-      "credential_issuer": "https://injicertify-mock.collab.mosip.net",
       "enabled": "true"
     }
   ]
-}
+}
diff --git a/docker-compose/config/mimoto-trusted-verifiers.json b/docker-compose/config/mimoto-trusted-verifiers.json
@@ -2,7 +2,7 @@
   "verifiers": [
     {
       "client_id": "https://injiverify.collab.mosip.net",
-      "redirect_uri": [
+      "redirect_uris": [
         "https://injiverify.collab.mosip.net/redirect"
       ]
     }

diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml
@@ -2,9 +2,34 @@ version: '3.8'
 
 services:
 
+  minio:
+    container_name: 'minio-service'
+    image: bitnami/minio:2022.2.7-debian-10-r0
+    ports:
+      - "9001:9001"
+      - "9000:9000"
+    environment:
+      MINIO_ROOT_USER: minioadmin      # Access Key
+      MINIO_ROOT_PASSWORD: minioadmin  # Secret Key
+
+  datashare:
+    container_name: 'datashare-service'
+    image: mosipqa/data-share-service:1.3.x
+    ports:
+      - "8097:8097"
+    environment:
+      - active_profile_env=inji-default,standalone
+      - SPRING_CONFIG_NAME=data-share
+      - SPRING_CONFIG_LOCATION=/home/mosip/
+    volumes:
+      - ./config/data-share-inji-default.properties:/home/mosip/data-share-inji-default.properties
+      - ./config/data-share-standalone.properties:/home/mosip/data-share-standalone.properties
+    depends_on:
+      - minio
+
   mimoto-service:
     container_name: 'mimoto-service'
-    image: 'mosipid/mimoto:0.14.0'
+    image: 'mosipqa/mimoto:0.15.x'
     user: root
     ports:
       - '8099:8099'
@@ -13,9 +38,12 @@ services:
       - active_profile_env=default
       - SPRING_CONFIG_NAME=mimoto
       - SPRING_CONFIG_LOCATION=/home/mosip/
+      - oidc_p12_password=dummypassword
     volumes:
       - ./config/mimoto-default.properties:/home/mosip/mimoto-default.properties
       - ./certs/oidckeystore.p12:/home/mosip/certs/oidckeystore.p12
+    depends_on:
+      - datashare
 
   inji-web:
     container_name: 'inji-web'
@@ -26,8 +54,8 @@ services:
       - DEFAULT_LANG=en
       - MIMOTO_HOST=http://localhost:3004/v1/mimoto
     volumes:
-      - ./config/mimoto-default.properties:/home/mosip/mimoto-default.properties
       - ./config/mimoto-issuers-config.json:/home/mosip/mimoto-issuers-config.json
       - ./config/mimoto-trusted-verifiers.json:/home/mosip/mimoto-trusted-verifiers.json
+      - ./config/credential-template.html:/home/mosip/credential-template.html
     depends_on:
-      - mimoto-service
+      - mimoto-service
diff --git a/helm/inji-web/templates/configmap.yaml b/helm/inji-web/templates/configmap.yaml
@@ -21,6 +21,7 @@ data:
     http {
       access_log /var/log/nginx/access1.log;
       error_log /var/log/nginx/error1.log;
+    
       server {
         listen {{ .Values.inji_web.inji_web_port }};
         server_name  localhost;

diff --git a/inji-web-proxy/.env b/inji-web-proxy/.env
diff --git a/inji-web-proxy/.gitignore b/inji-web-proxy/.gitignore