forked from mosip/inji-certify
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* [INJICERT-567] Local InjiStack Docker-compose setup Signed-off-by: Hitesh C <[email protected]> * [INJICERT-456] Updated Readme to reflect references to relevent docs Signed-off-by: Hitesh C <[email protected]> * [INJICERT-456] Updated mimoto url in docker-compose Signed-off-by: Hitesh C <[email protected]> * Update docker-compose/docker-compose-injistack/config/certify-mock-identity.properties Co-authored-by: Harsh Vardhan <[email protected]> Signed-off-by: Hitesh Jain <[email protected]> --------- Signed-off-by: Hitesh C <[email protected]> Signed-off-by: Hitesh Jain <[email protected]> Co-authored-by: Harsh Vardhan <[email protected]>
- Loading branch information
1 parent
60dc0e8
commit 9abd4b8
Showing
12 changed files
with
1,088 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,159 @@ | ||
# Inji Stack Setup | ||
|
||
This guide provides instructions for setting up and running Inji Stack. | ||
|
||
## Prerequisites | ||
- Docker and Docker Compose installed on your system | ||
- Git (to clone the repository) | ||
- Basic understanding of Docker and container operations | ||
### Building inji-web-proxy | ||
Before running the docker-compose, you need to build the inji-web-proxy image: | ||
|
||
```bash | ||
# Clone the repository | ||
git clone https://github.com/mosip/inji-web.git -b release-0.11.x | ||
cd inji-web/inji-web-proxy | ||
|
||
# Build the Docker image | ||
docker build -t inji-web-proxy:local . | ||
``` | ||
|
||
## Directory Structure Setup | ||
Create the following directory structure before proceeding: | ||
|
||
``` | ||
docker-compose-injistack/ | ||
├── data/ | ||
│ └── CERTIFY_PKCS12/(p12 file generated at runtime) | ||
├── certs/ | ||
│ └── oidckeystore.p12 (to be obtained during onboarding of mimoto to esignet) | ||
├── loader_path/ | ||
│ └── certify/ (plugin jar to be placed here) | ||
├── config/ (default setup should work as is for csvplugin, any other config changes user can make as per their setup) | ||
│ ├── certify-default.properties | ||
│ ├── certify-mock-identity.properties | ||
│ ├── mimoto-default.properties | ||
│ ├── mimoto-issuers-config.json | ||
│ ├── mimoto-trusted-verifiers.json | ||
│ └── credential-template.html | ||
├── nginx.conf | ||
├── certify_init.sql | ||
└── docker-compose.yml | ||
``` | ||
|
||
## Mock Certify Plugin Setup | ||
You have two options for the certify plugin: | ||
|
||
### Option 1: Use Existing Mock Plugin | ||
- Supported versions: 0.3.0 and above | ||
- Download the snapshot JAR from: | ||
``` | ||
https://oss.sonatype.org/content/repositories/snapshots/io/mosip/certify/mock-certify-plugin/0.3.0-SNAPSHOT/ | ||
``` | ||
- Place the downloaded JAR in `loader_path/certify/` | ||
|
||
### Option 2: Create Custom Plugin | ||
You can create your own plugin by implementing the following interface and place the resultant jar in loader_path: | ||
|
||
Reference Implementation: [CSVDataProviderPlugin](https://github.com/mosip/digital-credential-plugins/blob/develop/mock-certify-plugin/src/main/java/io.mosip.certify.mock.integration/service/MockCSVDataProviderPlugin.java) | ||
```java | ||
public interface DataProviderPlugin { | ||
// Implement your custom logic here | ||
} | ||
``` | ||
|
||
## Configuration Setup | ||
|
||
|
||
|
||
### 1. Certificate Setup | ||
- Place your PKCS12 certificate file (obtained from esignet onboarding) in: | ||
``` | ||
certs/oidckeystore.p12 | ||
``` | ||
[Collab Env OIDCKeystore](https://docs.inji.io/inji-wallet/inji-mobile/customization-overview/credential_providers#onboarding-mimoto-as-oidc-client-for-a-new-issuer) | ||
|
||
### 2. Configuration Files | ||
Ensure all configuration files are properly updated in the config directory: | ||
- certify-default.properties | ||
- certify-mock-identity.properties | ||
- mimoto-default.properties | ||
- mimoto-issuers-config.json | ||
- mimoto-trusted-verifiers.json | ||
- credential-template.html | ||
|
||
[Mimoto Docker Compose Configuration Docs](https://github.com/mosip/mimoto/tree/release-0.15.x/docker-compose) | ||
[Inji Certify Configuration Docs](../../README.md) | ||
## Running the Application | ||
|
||
### 1. Start the Services | ||
```bash | ||
docker-compose up -d | ||
``` | ||
|
||
### 2. Verify Services | ||
Check if all services are running: | ||
```bash | ||
docker-compose ps | ||
``` | ||
|
||
## Service Endpoints | ||
The following services will be available: | ||
- Database (PostgreSQL): `localhost:5433` | ||
- Certify Service: `localhost:8090` | ||
- Nginx: `localhost:80` | ||
- Mimoto Service: `localhost:8099` | ||
- Inji Web Proxy: `localhost:3010` | ||
- Inji Web: `localhost:3001` | ||
|
||
## Using the Application | ||
|
||
### Accessing the Web Interface | ||
1. Open your browser and navigate to `http://localhost:3001` | ||
2. You can: | ||
- Download credentials | ||
- View credential status | ||
- Manage your digital identity | ||
|
||
## Troubleshooting | ||
|
||
### Common Issues and Solutions | ||
1. Container startup issues: | ||
```bash | ||
docker-compose logs [service_name] | ||
``` | ||
|
||
2. Database connection issues: | ||
- Verify PostgreSQL container is running | ||
- Check database credentials in configuration | ||
|
||
3. Plugin loading issues: | ||
- Verify plugin JAR is in the correct directory | ||
- Check plugin version compatibility | ||
|
||
### Health Checks | ||
Monitor service health: | ||
```bash | ||
docker-compose ps | ||
docker logs [container_name] | ||
``` | ||
|
||
## Stopping the Application | ||
To stop all services: | ||
```bash | ||
docker-compose down | ||
``` | ||
|
||
To stop and remove all containers and volumes: | ||
```bash | ||
docker-compose down -v | ||
``` | ||
|
||
## Security Considerations | ||
- Keep your PKCS12 certificate secure | ||
- Regularly update configurations and credentials | ||
- Monitor service logs for security issues | ||
|
||
|
||
## Additional Resources | ||
- [Inji Documentation](https://docs.inji.io/) |
166 changes: 166 additions & 0 deletions
166
docker-compose/docker-compose-injistack/certify_init.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,166 @@ | ||
CREATE DATABASE inji_certify | ||
ENCODING = 'UTF8' | ||
LC_COLLATE = 'en_US.UTF-8' | ||
LC_CTYPE = 'en_US.UTF-8' | ||
TABLESPACE = pg_default | ||
OWNER = postgres | ||
TEMPLATE = template0; | ||
|
||
COMMENT ON DATABASE inji_certify IS 'certify related data is stored in this database'; | ||
|
||
\c inji_certify postgres | ||
|
||
DROP SCHEMA IF EXISTS certify CASCADE; | ||
CREATE SCHEMA certify; | ||
ALTER SCHEMA certify OWNER TO postgres; | ||
ALTER DATABASE inji_certify SET search_path TO certify,pg_catalog,public; | ||
|
||
CREATE TABLE certify.key_alias( | ||
id character varying(36) NOT NULL, | ||
app_id character varying(36) NOT NULL, | ||
ref_id character varying(128), | ||
key_gen_dtimes timestamp, | ||
key_expire_dtimes timestamp, | ||
status_code character varying(36), | ||
lang_code character varying(3), | ||
cr_by character varying(256) NOT NULL, | ||
cr_dtimes timestamp NOT NULL, | ||
upd_by character varying(256), | ||
upd_dtimes timestamp, | ||
is_deleted boolean DEFAULT FALSE, | ||
del_dtimes timestamp, | ||
cert_thumbprint character varying(100), | ||
uni_ident character varying(50), | ||
CONSTRAINT pk_keymals_id PRIMARY KEY (id), | ||
CONSTRAINT uni_ident_const UNIQUE (uni_ident) | ||
); | ||
|
||
CREATE TABLE certify.key_policy_def( | ||
app_id character varying(36) NOT NULL, | ||
key_validity_duration smallint, | ||
is_active boolean NOT NULL, | ||
pre_expire_days smallint, | ||
access_allowed character varying(1024), | ||
cr_by character varying(256) NOT NULL, | ||
cr_dtimes timestamp NOT NULL, | ||
upd_by character varying(256), | ||
upd_dtimes timestamp, | ||
is_deleted boolean DEFAULT FALSE, | ||
del_dtimes timestamp, | ||
CONSTRAINT pk_keypdef_id PRIMARY KEY (app_id) | ||
); | ||
|
||
CREATE TABLE certify.key_store( | ||
id character varying(36) NOT NULL, | ||
master_key character varying(36) NOT NULL, | ||
private_key character varying(2500) NOT NULL, | ||
certificate_data character varying NOT NULL, | ||
cr_by character varying(256) NOT NULL, | ||
cr_dtimes timestamp NOT NULL, | ||
upd_by character varying(256), | ||
upd_dtimes timestamp, | ||
is_deleted boolean DEFAULT FALSE, | ||
del_dtimes timestamp, | ||
CONSTRAINT pk_keystr_id PRIMARY KEY (id) | ||
); | ||
|
||
CREATE TABLE certify.svg_template ( | ||
id UUID NOT NULL, | ||
template VARCHAR NOT NULL, | ||
cr_dtimes timestamp NOT NULL, | ||
upd_dtimes timestamp, | ||
CONSTRAINT pk_svgtmp_id PRIMARY KEY (id) | ||
); | ||
|
||
CREATE TABLE certify.template_data( | ||
context character varying(1024) NOT NULL, | ||
credential_type character varying(512) NOT NULL, | ||
template VARCHAR NOT NULL, | ||
cr_dtimes timestamp NOT NULL default now(), | ||
upd_dtimes timestamp, | ||
CONSTRAINT pk_template PRIMARY KEY (context, credential_type) | ||
); | ||
|
||
INSERT INTO certify.template_data (context, credential_type, template, cr_dtimes, upd_dtimes) VALUES ('https://vharsh.github.io/DID/mock-context.json,https://www.w3.org/2018/credentials/v1', 'MockVerifiableCredential,VerifiableCredential', '{ | ||
"@context": [ | ||
"https://www.w3.org/2018/credentials/v1", | ||
"https://vharsh.github.io/DID/mock-context.json"], | ||
"issuer": "${issuer}", | ||
"type": ["VerifiableCredential", "MockVerifiableCredential"], | ||
"issuanceDate": "${validFrom}", | ||
"expirationDate": "${validUntil}", | ||
"credentialSubject": { | ||
"gender": ${gender}, | ||
"postalCode": ${postalCode}, | ||
"fullName": ${fullName}, | ||
"dateOfBirth": "${dateOfBirth}", | ||
"province": ${province}, | ||
"phone": "${phone}", | ||
"addressLine1": ${addressLine1}, | ||
"region": ${region}, | ||
"vcVer": "${vcVer}", | ||
"UIN": ${UIN}, | ||
"email": "${email}", | ||
"face": "${face}" | ||
} | ||
}', '2024-10-22 17:08:17.826851', NULL); | ||
INSERT INTO certify.template_data (context, credential_type, template, cr_dtimes, upd_dtimes) VALUES ('https://vharsh.github.io/DID/mock-context.json,https://www.w3.org/ns/credentials/v2', 'MockVerifiableCredential,VerifiableCredential', '{ | ||
"@context": [ | ||
"https://www.w3.org/ns/credentials/v2", "https://vharsh.github.io/DID/mock-context.json"], | ||
"issuer": "${issuer}", | ||
"type": ["VerifiableCredential", "MockVerifiableCredential"], | ||
"validFrom": "${validFrom}", | ||
"validUntil": "${validUntil}", | ||
"credentialSubject": { | ||
"gender": ${gender}, | ||
"postalCode": ${postalCode}, | ||
"fullName": ${fullName}, | ||
"dateOfBirth": "${dateOfBirth}", | ||
"province": ${province}, | ||
"phone": "${phone}", | ||
"addressLine1": ${addressLine1}, | ||
"region": ${region}, | ||
"vcVer": "${vcVer}", | ||
"UIN": ${UIN}, | ||
"email": "${email}", | ||
"face": "${face}" | ||
} | ||
}', '2024-10-22 17:08:17.826851', NULL); | ||
INSERT INTO certify.template_data (context, credential_type, template, cr_dtimes, upd_dtimes) VALUES ('https://www.w3.org/2018/credentials/v1', 'FarmerCredential,VerifiableCredential', '{ | ||
"@context": [ | ||
"https://www.w3.org/2018/credentials/v1", | ||
"https://vharsh.github.io/DID/farmer.json", | ||
"https://w3id.org/security/suites/ed25519-2020/v1" | ||
], | ||
"issuer": "${issuer}", | ||
"type": [ | ||
"VerifiableCredential", | ||
"FarmerCredential" | ||
], | ||
"issuanceDate": "${validFrom}", | ||
"expirationDate": "${validUntil}", | ||
"credentialSubject": { | ||
"name": "${name}", | ||
"dateOfBirth": "${dateOfBirth}", | ||
"highestEducation": "${highestEducation}", | ||
"maritalStatus": "${maritalStatus}", | ||
"typeOfHouse": "${typeOfHouse}", | ||
"numberOfDependents": "${numberOfDependents}", | ||
"phoneNumber": "${phoneNumber}", | ||
"works": "${works}", | ||
"landArea": "${landArea}", | ||
"landOwnershipType": "${landOwnershipType}", | ||
"primaryCropType": "${primaryCropType}", | ||
"secondaryCropType": "${secondaryCropType}" | ||
} | ||
} | ||
', '2024-10-24 12:32:38.065994', NULL); | ||
|
||
|
||
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('ROOT', 2920, 1125, 'NA', true, 'mosipadmin', now()); | ||
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_SERVICE', 1095, 60, 'NA', true, 'mosipadmin', now()); | ||
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_PARTNER', 1095, 60, 'NA', true, 'mosipadmin', now()); | ||
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_MOCK_RSA', 1095, 60, 'NA', true, 'mosipadmin', now()); | ||
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_MOCK_ED25519', 1095, 60, 'NA', true, 'mosipadmin', now()); | ||
INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('BASE', 1095, 60, 'NA', true, 'mosipadmin', now()); | ||
|
Oops, something went wrong.