Skip to content

Commit

Permalink
[INJICERT-567] (mosip#134)
Browse files Browse the repository at this point in the history
* [INJICERT-567]
Local InjiStack Docker-compose setup

Signed-off-by: Hitesh C <[email protected]>

* [INJICERT-456]
Updated Readme to reflect references to relevent docs

Signed-off-by: Hitesh C <[email protected]>

* [INJICERT-456]

Updated mimoto url in docker-compose

Signed-off-by: Hitesh C <[email protected]>

* Update docker-compose/docker-compose-injistack/config/certify-mock-identity.properties

Co-authored-by: Harsh Vardhan <[email protected]>
Signed-off-by: Hitesh Jain <[email protected]>

---------

Signed-off-by: Hitesh C <[email protected]>
Signed-off-by: Hitesh Jain <[email protected]>
Co-authored-by: Harsh Vardhan <[email protected]>
  • Loading branch information
jainhitesh9998 and vharsh authored Nov 19, 2024
1 parent 60dc0e8 commit 9abd4b8
Show file tree
Hide file tree
Showing 12 changed files with 1,088 additions and 0 deletions.
159 changes: 159 additions & 0 deletions docker-compose/docker-compose-injistack/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
# Inji Stack Setup

This guide provides instructions for setting up and running Inji Stack.

## Prerequisites
- Docker and Docker Compose installed on your system
- Git (to clone the repository)
- Basic understanding of Docker and container operations
### Building inji-web-proxy
Before running the docker-compose, you need to build the inji-web-proxy image:

```bash
# Clone the repository
git clone https://github.com/mosip/inji-web.git -b release-0.11.x
cd inji-web/inji-web-proxy

# Build the Docker image
docker build -t inji-web-proxy:local .
```

## Directory Structure Setup
Create the following directory structure before proceeding:

```
docker-compose-injistack/
├── data/
│ └── CERTIFY_PKCS12/(p12 file generated at runtime)
├── certs/
│ └── oidckeystore.p12 (to be obtained during onboarding of mimoto to esignet)
├── loader_path/
│ └── certify/ (plugin jar to be placed here)
├── config/ (default setup should work as is for csvplugin, any other config changes user can make as per their setup)
│ ├── certify-default.properties
│ ├── certify-mock-identity.properties
│ ├── mimoto-default.properties
│ ├── mimoto-issuers-config.json
│ ├── mimoto-trusted-verifiers.json
│ └── credential-template.html
├── nginx.conf
├── certify_init.sql
└── docker-compose.yml
```

## Mock Certify Plugin Setup
You have two options for the certify plugin:

### Option 1: Use Existing Mock Plugin
- Supported versions: 0.3.0 and above
- Download the snapshot JAR from:
```
https://oss.sonatype.org/content/repositories/snapshots/io/mosip/certify/mock-certify-plugin/0.3.0-SNAPSHOT/
```
- Place the downloaded JAR in `loader_path/certify/`

### Option 2: Create Custom Plugin
You can create your own plugin by implementing the following interface and place the resultant jar in loader_path:

Reference Implementation: [CSVDataProviderPlugin](https://github.com/mosip/digital-credential-plugins/blob/develop/mock-certify-plugin/src/main/java/io.mosip.certify.mock.integration/service/MockCSVDataProviderPlugin.java)
```java
public interface DataProviderPlugin {
// Implement your custom logic here
}
```

## Configuration Setup



### 1. Certificate Setup
- Place your PKCS12 certificate file (obtained from esignet onboarding) in:
```
certs/oidckeystore.p12
```
[Collab Env OIDCKeystore](https://docs.inji.io/inji-wallet/inji-mobile/customization-overview/credential_providers#onboarding-mimoto-as-oidc-client-for-a-new-issuer)

### 2. Configuration Files
Ensure all configuration files are properly updated in the config directory:
- certify-default.properties
- certify-mock-identity.properties
- mimoto-default.properties
- mimoto-issuers-config.json
- mimoto-trusted-verifiers.json
- credential-template.html

[Mimoto Docker Compose Configuration Docs](https://github.com/mosip/mimoto/tree/release-0.15.x/docker-compose)
[Inji Certify Configuration Docs](../../README.md)
## Running the Application

### 1. Start the Services
```bash
docker-compose up -d
```

### 2. Verify Services
Check if all services are running:
```bash
docker-compose ps
```

## Service Endpoints
The following services will be available:
- Database (PostgreSQL): `localhost:5433`
- Certify Service: `localhost:8090`
- Nginx: `localhost:80`
- Mimoto Service: `localhost:8099`
- Inji Web Proxy: `localhost:3010`
- Inji Web: `localhost:3001`

## Using the Application

### Accessing the Web Interface
1. Open your browser and navigate to `http://localhost:3001`
2. You can:
- Download credentials
- View credential status
- Manage your digital identity

## Troubleshooting

### Common Issues and Solutions
1. Container startup issues:
```bash
docker-compose logs [service_name]
```

2. Database connection issues:
- Verify PostgreSQL container is running
- Check database credentials in configuration

3. Plugin loading issues:
- Verify plugin JAR is in the correct directory
- Check plugin version compatibility

### Health Checks
Monitor service health:
```bash
docker-compose ps
docker logs [container_name]
```

## Stopping the Application
To stop all services:
```bash
docker-compose down
```

To stop and remove all containers and volumes:
```bash
docker-compose down -v
```

## Security Considerations
- Keep your PKCS12 certificate secure
- Regularly update configurations and credentials
- Monitor service logs for security issues


## Additional Resources
- [Inji Documentation](https://docs.inji.io/)
166 changes: 166 additions & 0 deletions docker-compose/docker-compose-injistack/certify_init.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
CREATE DATABASE inji_certify
ENCODING = 'UTF8'
LC_COLLATE = 'en_US.UTF-8'
LC_CTYPE = 'en_US.UTF-8'
TABLESPACE = pg_default
OWNER = postgres
TEMPLATE = template0;

COMMENT ON DATABASE inji_certify IS 'certify related data is stored in this database';

\c inji_certify postgres

DROP SCHEMA IF EXISTS certify CASCADE;
CREATE SCHEMA certify;
ALTER SCHEMA certify OWNER TO postgres;
ALTER DATABASE inji_certify SET search_path TO certify,pg_catalog,public;

CREATE TABLE certify.key_alias(
id character varying(36) NOT NULL,
app_id character varying(36) NOT NULL,
ref_id character varying(128),
key_gen_dtimes timestamp,
key_expire_dtimes timestamp,
status_code character varying(36),
lang_code character varying(3),
cr_by character varying(256) NOT NULL,
cr_dtimes timestamp NOT NULL,
upd_by character varying(256),
upd_dtimes timestamp,
is_deleted boolean DEFAULT FALSE,
del_dtimes timestamp,
cert_thumbprint character varying(100),
uni_ident character varying(50),
CONSTRAINT pk_keymals_id PRIMARY KEY (id),
CONSTRAINT uni_ident_const UNIQUE (uni_ident)
);

CREATE TABLE certify.key_policy_def(
app_id character varying(36) NOT NULL,
key_validity_duration smallint,
is_active boolean NOT NULL,
pre_expire_days smallint,
access_allowed character varying(1024),
cr_by character varying(256) NOT NULL,
cr_dtimes timestamp NOT NULL,
upd_by character varying(256),
upd_dtimes timestamp,
is_deleted boolean DEFAULT FALSE,
del_dtimes timestamp,
CONSTRAINT pk_keypdef_id PRIMARY KEY (app_id)
);

CREATE TABLE certify.key_store(
id character varying(36) NOT NULL,
master_key character varying(36) NOT NULL,
private_key character varying(2500) NOT NULL,
certificate_data character varying NOT NULL,
cr_by character varying(256) NOT NULL,
cr_dtimes timestamp NOT NULL,
upd_by character varying(256),
upd_dtimes timestamp,
is_deleted boolean DEFAULT FALSE,
del_dtimes timestamp,
CONSTRAINT pk_keystr_id PRIMARY KEY (id)
);

CREATE TABLE certify.svg_template (
id UUID NOT NULL,
template VARCHAR NOT NULL,
cr_dtimes timestamp NOT NULL,
upd_dtimes timestamp,
CONSTRAINT pk_svgtmp_id PRIMARY KEY (id)
);

CREATE TABLE certify.template_data(
context character varying(1024) NOT NULL,
credential_type character varying(512) NOT NULL,
template VARCHAR NOT NULL,
cr_dtimes timestamp NOT NULL default now(),
upd_dtimes timestamp,
CONSTRAINT pk_template PRIMARY KEY (context, credential_type)
);

INSERT INTO certify.template_data (context, credential_type, template, cr_dtimes, upd_dtimes) VALUES ('https://vharsh.github.io/DID/mock-context.json,https://www.w3.org/2018/credentials/v1', 'MockVerifiableCredential,VerifiableCredential', '{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://vharsh.github.io/DID/mock-context.json"],
"issuer": "${issuer}",
"type": ["VerifiableCredential", "MockVerifiableCredential"],
"issuanceDate": "${validFrom}",
"expirationDate": "${validUntil}",
"credentialSubject": {
"gender": ${gender},
"postalCode": ${postalCode},
"fullName": ${fullName},
"dateOfBirth": "${dateOfBirth}",
"province": ${province},
"phone": "${phone}",
"addressLine1": ${addressLine1},
"region": ${region},
"vcVer": "${vcVer}",
"UIN": ${UIN},
"email": "${email}",
"face": "${face}"
}
}', '2024-10-22 17:08:17.826851', NULL);
INSERT INTO certify.template_data (context, credential_type, template, cr_dtimes, upd_dtimes) VALUES ('https://vharsh.github.io/DID/mock-context.json,https://www.w3.org/ns/credentials/v2', 'MockVerifiableCredential,VerifiableCredential', '{
"@context": [
"https://www.w3.org/ns/credentials/v2", "https://vharsh.github.io/DID/mock-context.json"],
"issuer": "${issuer}",
"type": ["VerifiableCredential", "MockVerifiableCredential"],
"validFrom": "${validFrom}",
"validUntil": "${validUntil}",
"credentialSubject": {
"gender": ${gender},
"postalCode": ${postalCode},
"fullName": ${fullName},
"dateOfBirth": "${dateOfBirth}",
"province": ${province},
"phone": "${phone}",
"addressLine1": ${addressLine1},
"region": ${region},
"vcVer": "${vcVer}",
"UIN": ${UIN},
"email": "${email}",
"face": "${face}"
}
}', '2024-10-22 17:08:17.826851', NULL);
INSERT INTO certify.template_data (context, credential_type, template, cr_dtimes, upd_dtimes) VALUES ('https://www.w3.org/2018/credentials/v1', 'FarmerCredential,VerifiableCredential', '{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://vharsh.github.io/DID/farmer.json",
"https://w3id.org/security/suites/ed25519-2020/v1"
],
"issuer": "${issuer}",
"type": [
"VerifiableCredential",
"FarmerCredential"
],
"issuanceDate": "${validFrom}",
"expirationDate": "${validUntil}",
"credentialSubject": {
"name": "${name}",
"dateOfBirth": "${dateOfBirth}",
"highestEducation": "${highestEducation}",
"maritalStatus": "${maritalStatus}",
"typeOfHouse": "${typeOfHouse}",
"numberOfDependents": "${numberOfDependents}",
"phoneNumber": "${phoneNumber}",
"works": "${works}",
"landArea": "${landArea}",
"landOwnershipType": "${landOwnershipType}",
"primaryCropType": "${primaryCropType}",
"secondaryCropType": "${secondaryCropType}"
}
}
', '2024-10-24 12:32:38.065994', NULL);


INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('ROOT', 2920, 1125, 'NA', true, 'mosipadmin', now());
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_SERVICE', 1095, 60, 'NA', true, 'mosipadmin', now());
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_PARTNER', 1095, 60, 'NA', true, 'mosipadmin', now());
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_MOCK_RSA', 1095, 60, 'NA', true, 'mosipadmin', now());
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_MOCK_ED25519', 1095, 60, 'NA', true, 'mosipadmin', now());
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('BASE', 1095, 60, 'NA', true, 'mosipadmin', now());

Loading

0 comments on commit 9abd4b8

Please sign in to comment.