Merge pull request mosip#593 from aranaravi/ES-496

[INJIMOB-794]Rebasing the ES-496 with develop branch to get the latest theme related changes.

docs/docker-compose/README.md

@@ -0,0 +1,63 @@
+## Overview
+
+This is the docker-compose setup to run esignet UI and esignet-service with mock identity system. This is not for production use.
+
+## What is in the docker-compose setup folder?
+
+1. "app" folder holds the Dockerfile required to build custom artifactory-server. This artifactory server will host all the files under app/static folder.
+All the i18n bundles, dummy softhsm conf, signin-with-esignet button plugin files are served from this server. 
+2. "config" folder holds the esignet and mock-identity system properties file.
+3. "docker-compose.yml" file with esignet and mock-identity-system setup with other required services
+4. "init.sql" comprises DDL and DMLs required by esignet and mock-identity-system.
+5. "loader_path" this is esignet mount volume from where all the runtime dependencies are loaded to classpath. If any new esignet plugins to be tested
+should be placed in this folder and respective plugin configuration should be updated in config/esignet-default.properties.
+
+```Note: Refer https://docs.esignet.io/integration to know how to create custom plugins to integrate.```
+
+## How to run this setup?
+
+1. Create folder loader_path, download and save eSignet mock plugin from [here](https://oss.sonatype.org/service/local/repositories/snapshots/content/io/mosip/esignet/mock/mock-esignet-integration-impl/0.9.2-SNAPSHOT/mock-esignet-integration-impl-0.9.2-20240206.133850-55.jar) into loader_path folder.
+
+2. Start the docker-compose file
+
+> docker-compose up
+
+3. Download the postman script from [here](https://github.com/mosip/esignet/blob/master/docs/postman-collections/esignet-OIDC-flow-with-mock.postman_collection.json)
+and its environment from [here](https://github.com/mosip/esignet/blob/master/docs/postman-collections/esignet-OIDC-flow-with-mock.postman_environment.json)
+
+4. Import the downloaded collection and environment into postman.
+
+5. To Create a Mock identity, run the below request from the postman collection "Mock-Identity-System" folder
+   * Create Mock Identity
+
+6. To create an OIDC/OAuth client, run the below request from the postman collection "OIDC Client mgmt" folder
+   * Get CSRF token
+   * Create OIDC Client
+
+7. To run the OIDC flow with mock identity run the below request(same order) from the postman collection "AuthCode flow with OTP login" folder.
+   * Get CSRF token
+   * Authorize / OAuthdetails request
+   * Send OTP
+   * Authenticate User
+   * Authorization Code
+   * Get Tokens
+   * Get userInfo
+
+8. To run the Verifiable Credential Issuance flow with mock identity run the below request(same order) from the postman collection "VCI" folder.
+   * Get CSRF token
+   * Authorize / OAuthdetails request
+   * Send OTP
+   * Authenticate User V2
+   * Authorization Code
+   * Get Tokens V2
+   * Get Credential
+
+
+## How to Access esignet UI?
+
+To invoke the authorize endpoint of esignet UI to start OIDC/VCI flow, use the below URL:
+
+http://localhost:3000/authorize?nonce=ere973eieljznge2311&state=eree2311&client_id=health-service-client&redirect_uri=https://healthservices.com/callback&scope=openid&response_type=code&acr_values=mosip:idp:acr:generated-code&claims=%7B%22userinfo%22:%7B%22name%22:%7B%22essential%22:false%7D,%22phone_number%22:%7B%22essential%22:true%7D%7D,%22id_token%22:%7B%7D%7D&claims_locales=en&display=page&state=consent&ui_locales=en-IN
+
+```Note: Change the value of client_id, redirect_uri, acr_values and claims as per your requirement in the above URL.```
+

docs/docker-compose/app/Dockerfile

@@ -0,0 +1,7 @@
+FROM nginx:alpine
+
+WORKDIR /app
+
+COPY . .
+
+COPY ./nginx.conf /etc/nginx/nginx.conf

docs/docker-compose/app/nginx.conf

@@ -0,0 +1,22 @@
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    sendfile on;
+
+    server {
+        listen 8080;
+        listen [::]:8080;
+
+        resolver 127.0.0.11;
+        autoindex off;
+
+        server_name _;
+        server_tokens off;
+
+        root /app/static;
+        gzip_static on;
+    }
+}

docs/docker-compose/config/mock-identity-system-default.properties

@@ -0,0 +1,138 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
+# DO NOT define these in any of the property files.  They must be passed as env variables.  Refer to config-server
+# helm chart:
+# db.dbuser.password
+# keycloak.external.url
+# keycloak.internal.host
+# keycloak.internal.url
+# keycloak.admin.password
+# mosip.auth.client.secret   (convention: <realm>.<keycloak client name>.secret)
+# mosip.ida.client.secret
+# mosip.admin.client.secret
+# mosip.reg.client.secret
+# mosip.prereg.client.secret
+# softhsm.kernel.pin
+# softhsm-security-pin
+# email.smtp.host
+# email.smtp.username
+# email.smtp.secret
+# mosip.kernel.tokenid.uin.salt
+# mosip.kernel.tokenid.partnercode.salt
+# mosip.api.internal.url
+# mosip.api.public.url
+
+
+spring.main.allow-bean-definition-overriding=true
+
+server.port=8082
+#disabling health check so that client doesnt try to load properties from sprint config server every
+# 5 minutes (should not be done in production)
+health.config.enabled=false
+server.servlet.context-path=/v1/mock-identity-system
+management.security.enable=false
+management.endpoint.health.show-details=always
+management.endpoints.web.exposure.include=info,health,refresh,mappings
+management.endpoint.metrics.enabled=true
+management.endpoint.prometheus.enabled=true
+management.metrics.export.prometheus.enabled=true
+
+openapi.info.title=${spring.application.name}
+openapi.info.description=${spring.application.name}
+openapi.info.version=1.0
+openapi.info.license.name=Mosip
+openapi.info.license.url=https://docs.mosip.io/platform/license
+mosipbox.public.url=http://localhost:${server.port}
+openapi.service.servers[0].url=${mosipbox.public.url}${server.servlet.context-path}
+openapi.service.servers[0].description=${spring.application.name}
+openapi.group.name=${openapi.info.title}
+openapi.group.paths[0]=/**
+springdoc.swagger-ui.disable-swagger-default-url=true
+springdoc.swagger-ui.tagsSorter=alpha
+springdoc.swagger-ui.operationsSorter=alpha
+
+##----------------------------------------- Database properties --------------------------------------------------------
+
+mosip.mockidentitysystem.database.hostname=database
+mosip.mockidentitysystem.database.port=5432
+db.dbuser.password=postgres
+
+spring.datasource.url=jdbc:postgresql://${mosip.mockidentitysystem.database.hostname}:${mosip.mockidentitysystem.database.port}/mosip_mockidentitysystem?currentSchema=mockidentitysystem
+spring.datasource.username=postgres
+spring.datasource.password=${db.dbuser.password}
+
+#------------------------------------ Key-manager specific properties --------------------------------------------------
+#Crypto asymmetric algorithm name
+mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
+#Crypto symmetric algorithm name
+mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding
+#Keygenerator asymmetric algorithm name
+mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA
+#Keygenerator symmetric algorithm name
+mosip.kernel.keygenerator.symmetric-algorithm-name=AES
+#Asymmetric algorithm key length
+mosip.kernel.keygenerator.asymmetric-key-length=2048
+#Symmetric algorithm key length
+mosip.kernel.keygenerator.symmetric-key-length=256
+#Encrypted data and encrypted symmetric key separator
+mosip.kernel.data-key-splitter=#KEY_SPLITTER#
+#GCM tag length
+mosip.kernel.crypto.gcm-tag-length=128
+#Hash algo name
+mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512
+#Symmtric key length used in hash
+mosip.kernel.crypto.hash-symmetric-key-length=256
+#No of iterations in hash
+mosip.kernel.crypto.hash-iteration=100000
+#Sign algo name
+mosip.kernel.crypto.sign-algorithm-name=RS256
+#Certificate Sign algo name
+mosip.kernel.certificate.sign.algorithm=SHA256withRSA
+
+mosip.kernel.keymanager.hsm.config-path=local.p12
+mosip.kernel.keymanager.hsm.keystore-type=PKCS12
+mosip.kernel.keymanager.hsm.keystore-pass=local
+
+#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE
+#mosip.kernel.keymanager.hsm.keystore-type=PKCS11
+# For PKCS11 provide Path of config file.
+# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name.
+# For Offline & JCE property can be left blank, specified value will be ignored.
+#mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf
+# Passkey of keystore for PKCS11, PKCS12
+# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties.
+#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.mock.identity.system.security.pin}
+
+mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io
+mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER
+mosip.kernel.keymanager.certificate.default.organization=IITB
+mosip.kernel.keymanager.certificate.default.location=BANGALORE
+mosip.kernel.keymanager.certificate.default.state=KA
+mosip.kernel.keymanager.certificate.default.country=IN
+
+mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io
+mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP
+mosip.kernel.keymanager.softhsm.certificate.organization=IITB
+mosip.kernel.keymanager.softhsm.certificate.country=IN
+
+# Application Id for PMS master key.
+mosip.kernel.partner.sign.masterkey.application.id=PMS
+mosip.kernel.partner.allowed.domains=DEVICE
+
+mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate
+mosip.kernel.keymanager.jwtsign.validate.json=false
+mosip.keymanager.dao.enabled=false
+crypto.PrependThumbprint.enable=true
+
+spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect
+spring.jpa.show-sql=false
+spring.jpa.hibernate.ddl-auto=none
+spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
+mosip.esignet.mock.authenticator.ida.otp-channels=email,phone
+
+mosip.kernel.keymgr.hsm.health.check.enabled=false
+mosip.kernel.keymgr.hsm.health.key.app-id=MOCK_AUTHENTICATION_SERVICE
+mosip.kernel.keymgr.hsm.healthkey.ref-id=HEALTH_KEY

docs/docker-compose/docker-compose.yml

@@ -0,0 +1,88 @@
+version: '3.8'
+
+services:
+  database:
+    image: 'postgres:latest'
+    ports:
+      - 5455:5432
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    volumes:
+      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
+
+  artifactory-server:
+    image: 'anushas/artifactory-server:local'
+    ports:
+      - 8080:8080
+
+  mock-identity-system:
+    image: 'mosipid/mock-identity-system:0.9.1'
+    user: root
+    ports:
+      - 8082:8082
+    environment:
+      - artifactory_url_env=http://artifactory-server:8080/
+      - container_user=mosip
+      - active_profile_env=default
+      - SPRING_CONFIG_NAME=mock-identity-system
+      - SPRING_CONFIG_LOCATION=/home/mosip/mock-identity-system-default.properties
+    depends_on:
+      - database
+      - artifactory-server
+    volumes:
+      - ./config/mock-identity-system-default.properties:/home/mosip/mock-identity-system-default.properties
+
+
+  zookeeper:
+    image: wurstmeister/zookeeper
+    container_name: zookeeper
+    ports:
+      - "2181:2181"
+
+  kafka:
+    image: wurstmeister/kafka
+    container_name: kafka
+    ports:
+      - "9092:9092"
+    environment:
+      KAFKA_ADVERTISED_LISTENERS: INSIDE://kafka:9092,OUTSIDE://localhost:9093
+      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT
+      KAFKA_LISTENERS: INSIDE://0.0.0.0:9092,OUTSIDE://0.0.0.0:9093
+      KAFKA_INTER_BROKER_LISTENER_NAME: INSIDE
+      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
+      KAFKA_CREATE_TOPICS: "esignet-linked:1:1,esignet-consented:1:1"
+
+  esignet:
+    image: 'mosipdev/esignet:develop'
+    user: root
+    ports:
+      - 8088:8088
+    environment:
+      - artifactory_url_env=http://artifactory-server:8080/
+      - container_user=mosip
+      - active_profile_env=default
+      - SPRING_CONFIG_NAME=esignet
+      - SPRING_CONFIG_LOCATION=/home/mosip/esignet-default.properties
+    depends_on:
+      - database
+      - artifactory-server
+      - kafka
+    volumes:
+      - ./config/esignet-default.properties:/home/mosip/esignet-default.properties
+      - ./loader_path/:/home/mosip/additional_jars/
+
+  esignet-ui:
+    image: 'mosipdev/oidc-ui:develop'
+    user: root
+    ports:
+      - 3000:3000
+    depends_on:
+      - esignet
+      - artifactory-server
+    environment:
+      - artifactory_url_env=http://artifactory-server:8080/
+      - container_user=mosip
+      - SIGN_IN_WITH_ESIGNET_PLUGIN_URL=http://artifactory-server:8080/artifactory/libs-release-local/mosip-plugins/sign-in-with-esignet.zip
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf