From 84f4c0547c56312858193fc33480a4adb6b36ae7 Mon Sep 17 00:00:00 2001 From: kameshsr Date: Thu, 16 Dec 2021 14:58:38 +0530 Subject: [PATCH] MOSIP-18085: Generate openapi.json for IDA-Internal service. --- .../authentication-internal-service/pom.xml | 94 ++ .../src/test/resources/application.properties | 1203 ++++++++++++++++- .../src/test/resources/ida-mapping.json | 230 ++-- 3 files changed, 1411 insertions(+), 116 deletions(-) diff --git a/authentication/authentication-internal-service/pom.xml b/authentication/authentication-internal-service/pom.xml index d3172e08607..e2c9a19b4ad 100644 --- a/authentication/authentication-internal-service/pom.xml +++ b/authentication/authentication-internal-service/pom.xml @@ -137,4 +137,98 @@ + + + openapi-doc-generate-profile + + + io.mosip.kernel + kernel-auth-adapter + 1.2.0-SNAPSHOT + + + io.mosip.authentication + authentication-childauthfilter-impl + 1.2.0-SNAPSHOT + + + io.mosip.biosdk + biosdk-client + 1.2.0-SNAPSHOT + + + io.mosip.demosdk + demosdk-client + 1.2.0-SNAPSHOT + + + + + + org.springframework.boot + spring-boot-maven-plugin + ${spring.boot.version} + + true + ZIP + 1000 + 180 + + + + pre-integration-test + + start + + + + src/test/resources + + + openapi-profile + + + --server.port=8090 + --server.servlet.context-path=/app/generic + + + + + post-integration-test + + stop + + + + + build-info + repackage + + + + + + org.springdoc + springdoc-openapi-maven-plugin + 0.2 + + + integration-test + + generate + + + + + http://localhost:8090/app/generic/v3/api-docs/Id%20Authentication%20Internal%20Service + + openapi.json + ${project.build.directory} + false + + + + + + diff --git a/authentication/authentication-internal-service/src/test/resources/application.properties b/authentication/authentication-internal-service/src/test/resources/application.properties index accb24ededd..649a1c8e0d0 100644 --- a/authentication/authentication-internal-service/src/test/resources/application.properties +++ b/authentication/authentication-internal-service/src/test/resources/application.properties @@ -286,7 +286,1204 @@ ida.sign.refid=ida ida.sign.applicationid=ida -mosip.role.idauth.postauth=RESIDENT,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,REGISTRATION_PROCESSOR -mosip.role.idauth.postverifyidentity=RESIDENT,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,REGISTRATION_PROCESSOR + + +# The MOSIP public URL passed as environment variable "mosipbox_public_url" +domain.url=dev.mosip.net +mosipbox.public.url=https://${domain.url} + +##################### Dynamic Properties - this may change for different deployemnts ############################## +# Database hostname +mosip.ida.database.hostname=${domain.url} +# Database port +mosip.ida.database.port=30090 +# Database user +mosip.ida.database.user=idauser +# Database password +mosip.ida.database.password=mosip123 +# Kernel auth client ID for IDA +mosip.ida.auth.clientId=mosip-ida-client +# Kernel auth secret key for IDA +mosip.ida.auth.secretKey=abc123 +# Kernel auth application ID for IDA +mosip.ida.auth.appId=ida + + +######################## Spring and Hibernate Configurations #################### +# ***************** Postgres Properties *********************** +javax.persistence.jdbc.driverClassName=org.postgresql.Driver +javax.persistence.jdbc.driver=org.postgresql.Driver +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.ida.database.hostname}:${mosip.ida.database.port}/mosip_ida +javax.persistence.jdbc.user=${mosip.ida.database.user} +javax.persistence.jdbc.username=${mosip.ida.database.user} +javax.persistence.jdbc.password=${mosip.ida.database.password} +javax.persistence.jdbc.schema=ida +javax.persistence.jdbc.uinHashTable=uin_hash_salt +javax.persistence.jdbc.uinEncryptTable=uin_encrypt_salt + +# *********** Hibernate Properties ************* +hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect +hibernate.jdbc.lob.non_contextual_creation=true +hibernate.hbm2ddl.auto=none +hibernate.show_sql=true +hibernate.format_sql=true +hibernate.connection.charSet=utf8 +hibernate.cache.use_second_level_cache=false +hibernate.cache.use_query_cache=false +hibernate.cache.use_structured_entries=false +hibernate.generate_statistics=false +spring.datasource.initialization-mode=never +hibernate.temp.use_jdbc_metadata_defaults=false +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +log4j.logger.org.hibernate=warn +hibernate.show_sql=false + +######################### ID-Authentication Application Configurations ############## +# The Online Verification partner ID associated to the IDA instance. +# This is used to subscribe to the credential issuance event notification sent by credential service. +# for the particular Online Verification partner. +# This credential issueance notification is handled inside Internal Authentication module. +# The credentials issued to the partner will be as per the data-share policy associated to the partner. +# TO DO: Change the property key to online-verification-partner-id +ida-auth-partner-id=mpartner-default-auth + +# Application ID of IDA +application.id=IDA +# Application name of IDA +application.name=ID-Authentication + +# Reference ID used for crypto manager in authentication (for request body) +partner.reference.id=PARTNER +# Reference ID used for crypto manager in internal authentication (for request body) +internal.reference.id=INTERNAL +# Reference ID used for crypto manager in authentication for biometrics +# TO DO: Value to be Changed to IDA-BIO +partner.biometric.reference.id=IDA-FIR +# Reference ID used for crypto manager in internal authentication for biometrics +internal.biometric.reference.id=INTERNAL + +# Reference ID for Identity Cache data encryption +identity-cache.reference.id=IDENTITY_CACHE +# Application id for signing key +mosip.sign.applicationid=${application.id} +# Reference id for signing key +mosip.sign.refid=SIGN + +# Kernel Symmetric Key decryption bytes count for AAD +ida.aad.lastbytes.num=16 +# Kernel Symmetric Key decryption bytes count for Salt +ida.salt.lastbytes.num=12 + +# Request timeout used across all REST API calls in IDA +mosip.ida.request.timeout.secs=10 +# Common JSON media type used across all REST API calls in IDA +mosip.ida.request.mediaType=application/json + +#*** ID-Authentication Mapping json configurations *** +# IDA Mapping JSON file name +# IDA Mapping JSON file URI +mosip.ida.mapping.json-urimosip.ida.mapping.json-uri=https://dev.mosip.net/config/id-authentication/mz/develop/identity-mapping.json + +#--------------------------Bio SDK Integration - Bio extractor Service ----------------------------------------# +mosip.biosdk.default.host=http://13.233.66.241 +mosip.biosdk.default.service.url=${mosip.biosdk.default.host}/biosdk-service + +# The fully qualified Class Name of the BIO SDK API implemented for Finger modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.provider.finger.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Finger modality +mosip.biometric.sdk.provider.finger.version=0.9 +# The default URL will be taken if no format specified in the extraction or the incoming extraction format is not configured. +# If the below default configuration is not configured, the one of the configured url will be used as the default URL. +# If no URL is configured, the default URL will be taken from the environment variable 'mosip_biosdk_service'. +mosip.biometric.sdk.provider.finger.format.url.default=${mosip.biosdk.default.service.url} + +# The fully qualified Class Name of the BIO SDK API implemented for Iris modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.provider.iris.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Iris modality +mosip.biometric.sdk.provider.iris.version=0.9 +mosip.biometric.sdk.provider.iris.format.url.default=${mosip.biosdk.default.service.url} + +# The fully qualified Class Name of the BIO SDK API implemented for Face modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.provider.face.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Face modality +mosip.biometric.sdk.provider.face.version=0.9 +mosip.biometric.sdk.provider.face.format.url.default=${mosip.biosdk.default.service.url} + +#------ + +#--------------------------Demo SDK Integration ----------------------------------------# +# demographic api instance class name +mosip.demographic.sdk.api.classname=io.mosip.demosdk.client.impl.spec_1_0.Client_V_1_0 + +# normalizer api instance class name +mosip.normalizer.sdk.api.classname=io.mosip.demosdk.client.impl.spec_1_0.Normalizer_V_1_0 + + +# *********** REST-services ***************** +# Kernel-Audit +audit.rest.uri=${mosipbox.public.url}/v1/auditmanager/audits +audit.rest.httpMethod=POST +audit.rest.headers.mediaType=${mosip.ida.request.mediaType} +#In seconds +audit.rest.timeout=${mosip.ida.request.timeout.secs} + +# Kernel OTP Validator +otp-validate.rest.uri=${mosipbox.public.url}/v1/otpmanager/otp/validate +otp-validate.rest.httpMethod=GET +otp-validate.rest.headers.mediaType=${mosip.ida.request.mediaType} +otp-validate.rest.timeout=${mosip.ida.request.timeout.secs} + +# Kernel OTP Generator +otp-generate.rest.uri=${mosipbox.public.url}/v1/otpmanager/otp/generate +otp-generate.rest.httpMethod=POST +otp-generate.rest.headers.mediaType=${mosip.ida.request.mediaType} +otp-generate.rest.timeout=${mosip.ida.request.timeout.secs} + +# Mail Notification +mail-notification.rest.uri=${mosipbox.public.url}/v1/notifier/email/send +mail-notification.rest.httpMethod=POST +mail-notification.rest.headers.mediaType=multipart/form-data +mail-notification.rest.timeout=${mosip.ida.request.timeout.secs} + +# SMS Notification +sms-notification.rest.uri=${mosipbox.public.url}/v1/notifier/sms/send +sms-notification.rest.httpMethod=POST +sms-notification.rest.headers.mediaType=${mosip.ida.request.mediaType} +sms-notification.rest.timeout=${mosip.ida.request.timeout.secs} + +#Get Identity Data for RID (with type specified as query param) - Used in Internal Auth based on User ID +rid-uin.rest.uri=${mosipbox.public.url}/idrepository/v1/identity/idvid/{rid}?type={type} +rid-uin.rest.httpMethod=GET +rid-uin.rest.headers.mediaType=${mosip.ida.request.mediaType} +rid-uin.rest.timeout=${mosip.ida.request.timeout.secs} + +#Get Identity Data for RID (without type specified) - Used in Internal Auth based on User ID +rid-uin-auth.rest.uri=${mosipbox.public.url}/idrepository/v1/identity/idvid/{rid} +rid-uin-auth.rest.httpMethod=GET +rid-uin-auth.rest.headers.mediaType=${mosip.ida.request.mediaType} +rid-uin-auth.rest.timeout=${mosip.ida.request.timeout.secs} + +#Auth token generation and validation URLs +auth-token-generator.rest.uri=${mosipbox.public.url}/v1/authmanager/authenticate/clientidsecretkey +auth-token-validator.rest.uri=${mosipbox.public.url}/v1/authmanager/authorize/validateToken +auth-token-generator.rest.clientId=${mosip.ida.auth.clientId} +auth-token-generator.rest.secretKey=${mosip.ida.auth.secretKey} +auth-token-generator.rest.appId=${mosip.ida.auth.appId} + +# Partner service API to validate MISP Lisence Key - Partner ID - Partner API Key combination +id-pmp-service.rest.uri=${mosipbox.public.url}/v1/partnermanager/partners/{partner_id}/apikey/{partner_api_key}/misp/{misp_license_key}/validate?needPartnerCert={need_partner_cert} +id-pmp-service.rest.httpMethod=GET +id-pmp-service.rest.headers.mediaType=${mosip.ida.request.mediaType} +id-pmp-service.rest.timeout=${mosip.ida.request.timeout.secs} + +# Data Share API configurations - used to download data from data share URL provided in credential issueance event +data-share-get.rest.uri=dummy_url_to_be_replaced_in_runtime +data-share-get.rest.httpMethod=GET +data-share-get.rest.headers.mediaType=application/octet-stream +data-share-get.rest.timeout=100 +data-share-get-decrypt-ref-id=${ida-auth-partner-id} + +# Title Service rest api-GET +id-masterdata-title-service.rest.uri=${mosipbox.public.url}/v1/masterdata/title +id-masterdata-title-service.rest.httpMethod=GET +id-masterdata-title-service.rest.headers.mediaType=${mosip.ida.request.mediaType} +id-masterdata-title-service.rest.timeout=${mosip.ida.request.timeout.secs} + +#Master Data - Template Single Language +id-masterdata-template-service.rest.uri=${mosipbox.public.url}/v1/masterdata/templates/{langcode}/{templatetypecode} +id-masterdata-template-service.rest.httpMethod=GET +id-masterdata-template-service.rest.headers.mediaType=${mosip.ida.request.mediaType} +id-masterdata-template-service.rest.timeout=${mosip.ida.request.timeout.secs} + +#Master Data - Template Multi language +id-masterdata-template-service-multilang.rest.uri=${mosipbox.public.url}/v1/masterdata/templates/templatetypecodes/{code} +id-masterdata-template-service-multilang.rest.httpMethod=GET +id-masterdata-template-service-multilang.rest.headers.mediaType=${mosip.ida.request.mediaType} +id-masterdata-template-service-multilang.rest.timeout=${mosip.ida.request.timeout.secs} + +# Credential Request API to get Request IDs for the given status, pageStart and page +cred-request-service-get-request-ids.pageSize=10 +cred-request-service-get-request-ids.statusCode=ISSUED +ida-max-credential-pull-window-days=2 +cred-request-service-get-request-ids.rest.uri=${mosipbox.public.url}/v1/credentialrequest/getRequestIds?direction=ASC&orderBy=updateDateTime&pageNumber={pageNumber}&pageSize=${cred-request-service-get-request-ids.pageSize}&statusCode=${cred-request-service-get-request-ids.statusCode}&effectivedtimes={effectivedtimes} +cred-request-service-get-request-ids.rest.httpMethod=GET +cred-request-service-get-request-ids.rest.headers.mediaType=${mosip.ida.request.mediaType} +cred-request-service-get-request-ids.rest.timeout=${mosip.ida.request.timeout.secs} + +# Credential Request API to get Request IDs for the given status, pageStart and page +cred-request-service-retrigger-cred-issuance.rest.uri=${mosipbox.public.url}/v1/credentialrequest/retrigger/{requestId} +cred-request-service-retrigger-cred-issuance.rest.httpMethod=PUT +cred-request-service-retrigger-cred-issuance.rest.headers.mediaType=${mosip.ida.request.mediaType} +cred-request-service-retrigger-cred-issuance.rest.timeout=${mosip.ida.request.timeout.secs} + +#-----Websub configurations------ +# Secret for auth type status update callback +ida-websub-authtype-callback-secret=Kslk30SNF2AChs2 +# Secret for credtial issueance callback +ida-websub-credential-issue-callback-secret=Kslk30SNF2AChs2 +# Secret for credtial issueance callback +ida-websub-partner-service-callback-secret=Kslk30SNF2AChs2 +# Secret for partner CA certification upload callback +ida-websub-ca-certificate-callback-secret=Kslk30SNF2AChs2 +# Secret for partner CA certification upload callback +ida-websub-hotlist-callback-secret=Kslk30SNF2AChs2 +ida-websub-masterdata-templates-callback-secret=Kslk30SNF2AChs2 +ida-websub-masterdata-titles-callback-secret=Kslk30SNF2AChs2 +application.base.url=${mosipbox.public.url} +# Callback url for auth type status update event notification +ida-websub-auth-type-callback-url=${application.base.url}/idauthentication/v1/internal/callback/authTypeCallback/{partnerId} +# Callback url for credential issueance event notification, including id remove/deactivate/activate events +ida-websub-credential-issue-callback-url=${application.base.url}/idauthentication/v1/internal/callback/idchange/{eventType}/{partnerId} +# Callback url for MISP/Partner change notification events +ida-websub-partner-service-callback-url=${application.base.url}${server.servlet.context-path}/callback/partnermanagement/{eventType} +# Callback url for partner CA certification upload event +ida-websub-ca-cert-callback-url=${application.base.url}${server.servlet.context-path}/callback/partnermanagement/ca_certificate +# Callback url for hotlist event +ida-websub-hotlist-callback-url=${application.base.url}${server.servlet.context-path}/callback/hotlist +ida-websub-masterdata-templates-callback-url=${application.base.url}${server.servlet.context-path}/callback/masterdata/templates +ida-websub-masterdata-titles-callback-url=${application.base.url}${server.servlet.context-path}/callback/masterdata/titles + +#Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub. +subscriptions-delay-on-startup_millisecs=1000 +#Delay (in milliseconds) after initial topic subscriptions (after subscriptions-delay-on-startup_millisecs) to invoke retriggering of missing credential issuances. +delay-to-pull-missing-credential-after-topic-subscription_millisecs=1000 + +# The time interval in seconds to schedule subscription of topics which is done as a +# work-around for the bug: MOSIP-9496. By default the +# this property value is set to 0 that disables this workaround. +# To enable the resubscrition scheduling, this property should be assigned with a positive +# number like 1 * 60 * 60 = 3600 for one hour +ida-websub-resubscription-delay-secs=43200 + +#------ Web sub Event Topis used in IDA --- +# Topic for Auth Type Status Update Event +ida-topic-auth-type-status-updated=${ida-auth-partner-id}/AUTH_TYPE_STATUS_UPDATE +# Topic for Credential Issueance Event (for UIN/VID create/update events) +ida-topic-credential-issued=${ida-auth-partner-id}/CREDENTIAL_ISSUED +# Topic for ID Remove Event (UIN blocked / VID revoked events) +ida-topic-remove-id=${ida-auth-partner-id}/REMOVE_ID +# Topic for ID Deactivate Event (UIN/VID deactivate events) +ida-topic-deactivate-id=${ida-auth-partner-id}/DEACTIVATE_ID +# Topic for ID Activate Event (UIN/VID activate events) +ida-topic-activate-id=${ida-auth-partner-id}/ACTIVATE_ID +# Topic for Fraud analysis Event +ida-topic-fraud-analysis=IDA_FRAUD_ANALYTICS + +# Topic for MISP license generated event +ida-topic-pmp-misp-license-generated=MISP_LICENSE_GENERATED +# Topic for MISP update event +ida-topic-pmp-misp-updated=MISP_UPDATED +ida-topic-pmp-misp-license-updated=MISP_LICENSE_UPDATED +# Topic for API key approved event +ida-topic-pmp-partner-api-key-approved=APIKEY_APPROVED +# Topic for Partner update event +ida-topic-pmp-partner-updated=PARTNER_UPDATED +# Topic for Partner API Key update event +ida-topic-pmp-partner-api-key-updated=APIKEY_UPDATED +# Topic for Policy update event +ida-topic-pmp-policy-updated=POLICY_UPDATED +# Topic for Partner CA Certificate Upload event +ida-topic-pmp-ca-certificate-uploaded=CA_CERTIFICATE_UPLOADED + +# Topic for Hotlisting event +ida-topic-hotlist=MOSIP_HOTLIST +ida-topic-credential-status-update=CREDENTIAL_STATUS_UPDATE +ida-topic-auth-type-status-update-acknowledge=AUTH_TYPE_STATUS_UPDATE_ACK +ida-topic-auth-transaction-status=AUTHENTICATION_TRANSACTION_STATUS + +ida-topic-masterdata-templates=masterdata/idauthentication_templates +ida-topic-masterdata-titles=masterdata/titles +#----------------------- + +#**************IDA cache properties************** +# IDA cache Time to live in days - To clear cache scheduled based on the days provided. +# value <= 0 means cache clearing based on schedule is disabled. +ida-cache-ttl-in-days=1 + +# To disable cache, set value to NONE, otherwise SIMPLE to enable cache. +# Value is based on CacheType enum provided by Spring Boot +spring.cache.type=SIMPLE +#================================================ + +########################## Functional configurations ################################ + +#The modulo value to be calculated for a UIN/VID used to get salt value to be used in UIN/VID hashing +ida.uin.salt.modulo=1000 + +#**************** IDA DEMO NORMALIZATION ************* + +# This is used to define the seperator for normalizing regex(pattern) and the replacement word. Default is set to '='. +ida.norm.sep== + +####### Demo Name/Address Normalization Regular Expressions and their replacement configurations +#Format: +# ida.demo..normalization.regex.[]=${ida.norm.sep} +# If replacement string is not specified that regular expression will be replaced with empty string +# Note: The sequence should not break in the middle, otherwise all normalization properties will not be read for the particular type. + +#**************** IDA DEMO NORMALIZATION address(for 'eng' language)************* +ida.demo.address.normalization.regex.eng[0]=[CcSsDdWwHh]/[Oo] +ida.demo.address.normalization.regex.eng[1]=(M|m|D|d)(rs?)(.) +ida.demo.address.normalization.regex.eng[2]=(N|n)(O|o)(\\.)? + +ida.demo.address.normalization.regex.eng[3]=[aA][pP][aA][rR][tT][mM][eE][nN][tT]${ida.norm.sep}apt +ida.demo.address.normalization.regex.eng[4]=[sS][tT][rR][eE][eE][tT]${ida.norm.sep}st +ida.demo.address.normalization.regex.eng[5]=[rR][oO][aA][dD]${ida.norm.sep}rd +ida.demo.address.normalization.regex.eng[6]=[mM][aA][iI][nN]${ida.norm.sep}mn +ida.demo.address.normalization.regex.eng[7]=[cC][rR][oO][sS][sS]${ida.norm.sep}crs +ida.demo.address.normalization.regex.eng[8]=[oO][pP][pP][oO][sS][iI][tT][eE]${ida.norm.sep}opp +ida.demo.address.normalization.regex.eng[9]=[mM][aA][rR][kK][eE][tT]${ida.norm.sep}mkt + +ida.demo.address.normalization.regex.eng[10]=1[sS][tT]${ida.norm.sep}1 +ida.demo.address.normalization.regex.eng[11]=1[tT][hH]${ida.norm.sep}1 +ida.demo.address.normalization.regex.eng[12]=2[nN][dD]${ida.norm.sep}2 +ida.demo.address.normalization.regex.eng[13]=2[tT][hH]${ida.norm.sep}2 +ida.demo.address.normalization.regex.eng[14]=3[rR][dD]${ida.norm.sep}3 +ida.demo.address.normalization.regex.eng[15]=3[tT][hH]${ida.norm.sep}3 +ida.demo.address.normalization.regex.eng[16]=4[tT][hH]${ida.norm.sep}4 +ida.demo.address.normalization.regex.eng[17]=5[tT][hH]${ida.norm.sep}5 +ida.demo.address.normalization.regex.eng[18]=6[tT][hH]${ida.norm.sep}6 +ida.demo.address.normalization.regex.eng[19]=7[tT][hH]${ida.norm.sep}7 +ida.demo.address.normalization.regex.eng[20]=8[tT][hH]${ida.norm.sep}8 +ida.demo.address.normalization.regex.eng[21]=9[tT][hH]${ida.norm.sep}9 +ida.demo.address.normalization.regex.eng[22]=0[tT][hH]${ida.norm.sep}0 + +#**************** IDA DEMO NORMALISATION common************* +# Note: the common normalization attributes will be replaced at the end. +# Special characters are removed : . , - * ( ) [ ] ` ' / \ # " +ida.demo.common.normalization.regex.any[0]=[\\.|,|\\-|\\*|\\(|\\)|\\[|\\]|`|\\'|/|\\|#|\"] +# Trailing space is removed from property. As a workaround first replacing with " ." then removing the "." +ida.demo.common.normalization.regex.any[1]=\\s+${ida.norm.sep} . +ida.demo.common.normalization.regex.any[2]=\\.${ida.norm.sep} + + +# ********* ADMIN Configurations ************ +# Configure N time period threshold for accepting auth/OTP/KYC request for a country +authrequest.received-time-allowed.minutes=30 +# Configuration for +/- time period adjustment in minutes for the request time validation, so that +# The requests originating from a system that is not in time-sync will be accepted for the time period +authrequest.received-time-adjustment.minutes=5 + +# Language Code +ida.errormessages.default-lang=en + + +# *********** Otp Flooding ************ +# Configure Time limit for OTP Flooding scenario (in minutes) +otp.request.flooding.duration=3 +# Configure no of requests for OTP Flooding scenario +otp.request.flooding.max-count=3 + +#------------- Notification message template names Configuration ---------------- +## Mail Message template names +# Authenticaiton notification email template +ida.auth.mail.content.template=auth-email-content +ida.auth.mail.subject.template=auth-email-subject + +# OTP notification email template +ida.otp.mail.content.template=ida-auth-otp-email-content-template +ida.otp.mail.subject.template=ida-auth-otp-email-subject-template + +## SMS template names +# Authenticaiton notification SMS template +ida.auth.sms.template=auth-sms +# OTP notification SMS template +ida.otp.sms.template=ida-auth-otp-sms-template +#--------------------------------------------------------------------------------- + +# UIN/VID Masking to be done on SMS/EMAIL notification +#Configure the no of digits to be masked while masking UIN/VID. +#For example if UIN is 1234567890 and mask count is 6, masked UIN will be: XXXXXX7890 +notification.uin.masking.charcount=8 + +#*************** Notification Date/time Format ********** +notification.date.format=dd-MM-yyyy +notification.time.format=HH:mm:ss + + +#********* Allowed authentication types for Authentciation/E-KYC/Internal Authentication requests ********* +# Accepted values otp-request, otp, demo, bio-Finger, bio-Iris, bio-Face + +#Configure authentications permissable for a country +auth.types.allowed=demo,otp,bio-Finger,bio-Iris,bio-Face + +#Configure authentications permissable for e-KYC for a country +ekyc.auth.types.allowed=demo,otp,bio-Finger,bio-Iris,bio-Face + +#Configure authentication types permissable for internal authentication +internal.auth.types.allowed=otp,bio-Finger,bio-Iris,bio-Face,demo + +#---------------- Allowed IdTypes for hotlisting ------------------- +mosip.ida.internal.hotlist.idtypes.allowed=UIN,VID,PARTNER_ID,DEVICE + + +#---------------- IDA services request time date pattern ------------------- +#Example allowed date time formats: "2020-10-23T12:21:38.660Z" , 2019-03-28T10:01:57.086+05:30 +datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSSXXX +# Below timestap is for timestamps in biometric data and digital id. If timestamp with this format is present it will try to use previous datetime.pattern as fallback +# Example allowed date time formats: "2020-10-23T12:21:38Z" , 2019-03-28T10:01:57+05:30 +biometrics.datetime.pattern=yyyy-MM-dd'T'HH:mm:ssXXX + +#------------Request IDs--------------------- +# The request IDs used in IDA REST APIs +ida.api.id.auth=mosip.identity.auth +ida.api.id.kyc=mosip.identity.kyc +ida.api.id.otp=mosip.identity.otp +ida.api.id.staticpin=mosip.identity.staticpin +ida.api.id.vid=mosip.identity.vid +ida.api.id.internal=mosip.identity.auth.internal +ida.api.id.auth.transactions=mosip.identity.authtransactions.read +ida.api.id.otp.internal=mosip.identity.otp.internal + +#------------Request Versions--------------------- +# The request versions used in IDA REST APIs +ida.api.version.auth=1.0 +ida.api.version.kyc=1.0 +ida.api.version.otp=1.0 +ida.api.version.staticpin=1.0 +ida.api.version.vid=1.0 +ida.api.version.internal=1.0 +ida.api.version.auth.transactions=1.0 +ida.api.version.otp.internal=1.0 + + +#------ Authentication Response Token Configuration --------------- +#Preference to turn on/off of authentication response token for a Country +#A partner specific policy will govern how the response token is generated, whether it should be Random/Partner or Policy specific +# TO DO: Remane static.token.enable to auth.token.enable +static.token.enable=true + +#-------Configure Allowed ID Types (allowed values : UIN/VID) ------------- +#The ID types to be supported for Authentication/KYC/OTP Requests +request.idtypes.allowed=VID,UIN + +#The ID types to be supported for Internal Authentication/OTP Requests +request.idtypes.allowed.internalauth=UIN,VID + +#------ Encrypted Credential Attributes list ----------- +#The list of attributes in identity that are Zero Knowledge encrpted in IDA while storing the credential in DB. +#This list is used to identify the attributes to decrypt when fetching the records from DB +ida-zero-knowledge-encrypted-credential-attributes=individualBiometrics,fullName,dateOfBirth,phone,email,postalCode + + +#### Cryptograpic/Signature verificate related configurations +mosip.ida.auth.trust-validation-required=false + +mosip.ida.kyc.trust-validation-required=false + +mosip.ida.otp.trust-validation-required=false + +mosip.ida.internal.thumbprint-validation-required=false +mosip.ida.internal.trust-validation-required=false + + +#-------Kernel Retry Configurations---------------- +# The retry limit excluding the first attempt before attempting for retries. Default is set to 5. +kernel.retry.attempts.limit=5 +# The initial interval to be used for exponential backoff in milli seconds. If the exponential backoff is disabled by setting 'kernel.retry.exponential.backoff.multiplier' value as 1, this initial interval will be used as the fixed backoff interval for every retries. Default value is 200 millisecs +kernel.retry.exponential.backoff.initial.interval.millisecs=100 +# The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount) +kernel.retry.exponential.backoff.multiplier=1.5 +kernel.retry.exponential.backoff.max.interval.millisecs=1000 +# Whether to traverse to the root cause exception from the exception thrown and use the same root cause to decide whether to retry or not. Default is true. +kernel.retry.traverse.root.cause.enabled=false +#Comma separated List of fully qualified Exceptions which are retryable (inclusion list). Their subclasses will also be considered in the evaluation. +kernel.retry.retryable.exceptions=io.mosip.authentication.core.exception.IdAuthRetryException,io.mosip.authentication.core.exception.IdAuthenticationBaseException +#Comma separated List of fully qualified Exceptions which are not-retryable (exclusion list). Their subclasses will also be considered in the evaluation. +kernel.retry.nonretryable.exceptions= + +#-------Credential Store batch and retry configurations--- +# To disable automatic job launch in startup, setting to false. +spring.batch.job.enabled=false + +# The chunk size of items to be processed in spring batch. This value also assigned to the thread count, and hence all the items are processed in parellel asynchronusly. +ida.batch.credential.store.chunk.size=5 +ida.batch.credential.store.job.delay=100 + +# The retry limit excluding the first attempt before attempting for retries +ida.credential.store.retry.max.limit=10 +ida.credential.store.retry.backoff.interval.millisecs=100 +# The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount) +ida.credential.store.retry.backoff.exponential.multiplier=1.5 +ida.credential.store.retry.backoff.exponential.max.interval.millisecs=120000 + + + +############## Configurations needed for dependent libraries ##### +#-----------------------------------Softhsm -------------------------------------- +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.hsm.config-path= +mosip.kernel.keymanager.hsm.keystore-type=OFFLINE +mosip.kernel.keymanager.hsm.keystore-pass= + + +#----------Security Properties - used in Internal Authentication Services by default Kernel Auth Adapter------------------ +# CSRF switch +mosip.security.csrf-enable=false + +# CORS switch +mosip.security.cors-enable=false + +# Comma separated allowed origins +mosip.security.origins=localhost:8080 + +# Secure cookie switch +mosip.security.secure-cookie=false + +#------------- Key-manager properties ------------------------- +# ROOT key identifier +mosip.root.key.applicationid=ROOT + +# Certificate signing algorithm +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +# Default certificate params +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +# Zero Knowledge Master & Public Key identifier. +mosip.kernel.zkcrypto.masterkey.application.id=${application.id} +mosip.kernel.zkcrypto.masterkey.reference.id=${identity-cache.reference.id} +mosip.kernel.zkcrypto.publickey.application.id=${application.id} +mosip.kernel.zkcrypto.publickey.reference.id=CRED_SERVICE +mosip.kernel.zkcrypto.wrap.algorithm-name=AES/ECB/NoPadding +mosip.kernel.zkcrypto.derive.encrypt.algorithm-name=AES/ECB/PKCS5Padding + +# Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS + + +#---------------------------------kernel Salt Generator---------------------------------------------------# +mosip.kernel.salt-generator.db.key-alias=javax.persistence.jdbc +mosip.kernel.salt-generator.schemaName=${javax.persistence.jdbc.schema} +#----------------------------------------------------------------------------------------------------------# + +#--------------------------------TokenId generator---------------------------------------------------# +mosip.kernel.tokenid.uin.salt=zHuDEAbmbxiUbUShgy6pwUhKh9DE0EZn9kQDKPPKbWscGajMwf +mosip.kernel.tokenid.partnercode.salt=yS8w5Wb6vhIKdf1msi4LYTJks7mqkbmITk2O63Iq8h0bkRlD0d +#----------------------------------------------------------------------------------------------------# + +# Partner Management Service allowed partner domains +mosip.kernel.partner.allowed.domains=AUTH,DEVICE,FTM + +######################### IDA Key Generator configurations ############################# +keymanager.persistence.jdbc.driver=org.postgresql.Driver +keymanager_database_url=jdbc:postgresql://${mosip.ida.database.hostname}:${mosip.ida.database.port}/mosip_ida +keymanager_database_username=${mosip.ida.database.user} +keymanager_database_password=abc123 +mosip.kernel.keymanager.autogen.appids.list=ROOT,${application.id},${mosip.sign.applicationid}:${mosip.sign.refid},${application.id}:${mosip.kernel.zkcrypto.masterkey.reference.id} +mosip.kernel.keymanager.autogen.basekeys.list=${application.id}:${internal.reference.id},${application.id}:${partner.reference.id},${application.id}:${partner.biometric.reference.id},${application.id}:${mosip.kernel.zkcrypto.publickey.reference.id},${application.id}:${ida-auth-partner-id} +zkcrypto.random.key.generate.count=0 + +keymanager.persistence.jdbc.schema=ida +######################################################################################### + + +mosip.location.profile.attribute.name=locationHierarchyForProfiling +mosip.preferred.language.attribute.name=preferredLanguage +ida-topic-auth-anonymous-profile=ANONYMOUS_PROFILE +#----------------------------Auth Filters ----------------------------------# +# Comma Seperated list of fully qualified classes of the auth filters in the order in which they have to be executed. +# If validation with one filter fails with an error, the rest of the filter in the sequence will be skipped +# and error will be returned in the auth response. + +#Auth Filters for external auth +ida.mosip.external.auth.filter.classes.in.execution.order=io.mosip.authentication.hotlistfilter.impl.PartnerIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.IndividualIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceProviderHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceHotlistFilterImpl,io.mosip.authentication.childauthfilter.impl.ChildAuthFilterImpl,io.mosip.authentication.authtypelockfilter.impl.AuthTypeLockFilterImpl +#Auth Filters for internal auth +ida.mosip.internal.auth.filter.classes.in.execution.order= + + + +# Child Auth Filter configurations +ida.child-auth-filter.child.max.age=5 +ida.child-auth-filter.factors.denied=otp,bio + +##****** IAM Adapter Properties ****** +#mosip.iam.adapter.clientid=${mosip.ida.auth.clientId} +#mosip.iam.adapter.clientsecret=${mosip.ida.auth.secretKey} +#mosip.iam.adapter.appid=${mosip.ida.auth.appId} +#mosip.authmanager.client-token-endpoint=${mosipbox.public.url}/v1/authmanager/authenticate/clientidsecretkey +# +#mosip.authmanager.base-url=https://dev.mosip.net/v1/authmanager + + + +mosip.iam.adapter.clientid=mosip-ida-client +mosip.iam.adapter.clientsecret=abc123 +mosip.iam.adapter.appid=ida +mosip.authmanager.base-url=https://dev.mosip.net/v1/authmanager +mosip.authmanager.client-token-endpoint=${mosip.authmanager.base-url}/authenticate/clientidsecretkey + +##------------------------- Kernel Auth Adapter self token generator properties ----------------------------# +#mosip.iam.adapter.clientid.id-repository=mosip-regproc-client +#mosip.iam.adapter.clientsecret.id-repository=mosip123 +#mosip.iam.adapter.appid.id-repository=regproc +##mosip.authmanager.client-token-endpoint=http://kernel-auth-service/v1/authmanager/authenticate/clientidsecretkey + + +# Used in Child Auth Filter +mosip.date-of-birth.attribute.name=dateOfBirth +# Used in DOB matching and Child Auth filter +mosip.date-of-birth.pattern=yyyy/MM/dd + + +# The fully qualified Class Name of the BIO SDK API implemented for Finger modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Finger modality +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.version=0.9 +# The default URL will be taken if no format specified in the extraction or the incoming extraction format is not configured. +# If the below default configuration is not configured, the one of the configured url will be used as the default URL. +# If no URL is configured, the default URL will be taken from the environment variable 'mosip_biosdk_service'. +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url} + +# The fully qualified Class Name of the BIO SDK API implemented for Iris modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Iris modality +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url} + +# The fully qualified Class Name of the BIO SDK API implemented for Face modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Face modality +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url} + +# ********* ADMIN Configurations ************ +# Configure N time period threshold for accepting auth/OTP/KYC request for a country +authrequest.received-time-allowed.seconds=30 +# Configuration for +/- time period adjustment in minutes for the request time validation, so that +# The requests originating from a system that is not in time-sync will be accepted for the time period +authrequest.received-time-adjustment.seconds=30 +#Configuration for time period difference between each biometric segment and digital Id capture +authrequest.biometrics.allowed-segment-time-difference-in-seconds=120 + + + +#------ Un-encrypted Credential Attributes list ----------- +#The list of attributes in identity that not are Zero Knowledge encrpted while creating the credential in credential service as per the datashare policy. The same credential format is dumped in IDA DB (identity_cache table). +#These attributes will not be decrypted when fetching the records from IDA DB for Authentication/EKYC/OTP requests. +#By default all attributes are assumed to be Zero Knowledge encrypted. +#Specify the attributes here only if they are not encrypted as per the datashare policy. +ida-zero-knowledge-unencrypted-credential-attributes= + + +#------Default identity filter attributes list------------ +#The list of attributes in identity that are to be decrypted by default +ida-default-identity-filter-attributes=phone,fullName,dateOfBirth,email,preferredLang + +# The chunk size of failed message items to be processed in spring batch. This value also assigned to the thread count, and hence all the items are processed in parellel asynchronusly. +ida.fetch.failed.websub.messages.chunk.size=10 + + + +# The target enviornment. This values should be comma separted. +#Ex.Staging,Developer +mosip.ida.allowed.enviromemnts=Staging,Developer,Pre-Production,Production + +# Allowed domain Uris. This values should be comma separted. +#Ex. https://dev.mosip.net,https://qa2.mosip.net +mosip.ida.allowed.domain.uris=${mosipbox.public.url} + + + + + + +######################################################################################### + +#-------------------------Hotlist cleanup schedule details ------------------------------------------------# +#Fixed delay in which cleanup will be done in Hours +mosip.hotlist.cleanup-schedule.fixed-delay-in-hours=24 +#----------------------------------------------------------------------------------------------------------# + + + +mosip.role.idauth.postotp=RESIDENT +mosip.role.idauth.postauth=REGISTRATION_PROCESSOR,REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT +mosip.role.idauth.postverifyidentity=REGISTRATION_PROCESSOR,REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT mosip.role.idauth.getauthtransactionsindividualid=RESIDENT -mosip.role.idauth.postotp=RESIDENT \ No newline at end of file + +#---------------------------------------Common properties----------------------- + +# The below needs to be overwritten during installation. This is just a placeholder +mosipbox_public_url=https://dev.mosip.net +# Value used in IdObjectReferenceValidator when location is not available +mosip.kernel.idobjectvalidator.masterdata.locations.locationNotAvailable=NA + +# Masterdata apis used to retreive data for IdObjectReferenceValidator +mosip.masterdata.base.url = ${mosipbox.public.url} +mosip.kernel.idobjectvalidator.masterdata.languages.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/languages +mosip.kernel.idobjectvalidator.masterdata.gendertypes.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/gendertypes +mosip.kernel.idobjectvalidator.masterdata.documentcategories.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/documentcategories +mosip.kernel.idobjectvalidator.masterdata.documenttypes.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/documenttypes/{documentcategorycode}/{langcode} +mosip.kernel.idobjectvalidator.masterdata.locations.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/locations/{langcode} +mosip.kernel.idobjectvalidator.masterdata.locationhierarchy.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/locations/locationhierarchy/{hierarchyname} +mosip.kernel.idobjectvalidator.masterdata.individualtypes.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/individualtypes + +# --------- Properties that needs to be updated when Identity Schema has been updated ---------------# +# Mandatory attributes used by IdObjectSchemaValidator. These values needs to be updated when Identity schema is updated. +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.update-uin=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.pre-registration.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber +mosip.kernel.idobjectvalidator.mandatory-attributes.pre-registration.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-client.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-client.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.other=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.lost=IDSchemaVersion + +# Bio attribute allowed to be stored in IDRepo as per Identity Schema +mosip.idrepo.identity.allowedBioAttributes=individualBiometrics + +# List of all bio attriutes defined in Identity Schema +mosip.idrepo.identity.bioAttributes=individualBiometrics,parentOrGuardianBiometrics +#----------------------------------------------------------------------------------------------------# + +mosip.country.code=MOR + +# Language Supported By Platform - ISO +mosip.supported-languages=eng,ara,fra + +mosip.primary-language=eng +mosip.secondary-language=ara + +# Application IDs +mosip.prereg.app-id=PRE_REGISTRATION +mosip.reg.app-id=REGISTRATION +mosip.regproc.app-id=REGISTRATION_PROCESSOR +mosip.ida.app-id=IDA +mosip.ida.ref-id=INTERNAL +mosip.idrepo.app-id=ID_REPO + +# UTC ISO Date Time Pattern +mosip.utc-datetime-pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +mosip.sign.header=response-signature +mosip.signed.response.header=response-signature + +#----------------------- CBEFF Util-------------------------------------------------- +# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. +mosip.kernel.xsdstorage-uri=https://dev.mosip.net/config/id-authentication/mz/develop/ +# Cbeff XSD file name in config server +mosip.kernel.xsdfile=mosip-cbeff.xsd +spring.application.name=id-authentication,id-authentication-internal +#----------------------------- Applicant Type -------------------------------------------------- +mosip.kernel.applicant.type.age.limit = 5 +mosip.kernel.applicantType.mvel.file=applicanttype.mvel +mosip.kernel.config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ +#----------------------------- Static PIN -------------------------------------------------- +mosip.kernel.pin.length=6 + +#-----------------------------TspId ----------------------------------------------- +#length of the Tsp id +mosip.kernel.tspid.length=4 + +#-----------------------------partnerId ----------------------------------------------- +#length of the partner id +mosip.kernel.partnerid.length=4 + +#-----------------------------TOKEN-ID Properties--------------------------------- +#length of the token id +mosip.kernel.tokenid.length=36 + +#-----------------------------Registration Center Id ----------------------------------------------- +#length of the registration center id +mosip.kernel.registrationcenterid.length=5 + +#-----------------------------Machine Id ----------------------------------------------- +#length of the machine id +mosip.kernel.machineid.length=5 + +#-----------------------------RID Properties--------------------------------------- +# length of the rid +mosip.kernel.rid.length=29 +# length of the timestamp +mosip.kernel.rid.timestamp-length=14 +# rid sequence max digits +mosip.kernel.rid.sequence-length=5 + +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +mosip.kernel.tokenid.sequence-limit=3 + +#-----------------------------PRID Properties------------------------------------ +#prid-length +mosip.kernel.prid.length=14 + +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +#to disable validation assign zero or negative value +mosip.kernel.prid.sequence-limit=3 + +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +#to disable validation assign zero or negative value +mosip.kernel.prid.repeating-block-limit=3 + + +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) to disable validation assign zero or negative value +mosip.kernel.prid.repeating-limit=2 + +# list of number that id should not be start with to disable null +mosip.kernel.prid.not-start-with=0,1 + +#restricted numbers for prid +mosip.kernel.prid.restricted-numbers=786,666 + + +#-----------------------------VID Properties-------------------------------------- +# length of the vid +mosip.kernel.vid.length=16 + +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 0 or negative value +mosip.kernel.vid.length.sequence-limit=3 + +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +# to disable repeating block validation assign 0 or negative value +mosip.kernel.vid.length.repeating-block-limit=2 + + +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.vid.length.repeating-limit=2 + +# list of number that id should not be start with +# to disable null +mosip.kernel.vid.not-start-with=0,1 + +#restricted numbers for vid +mosip.kernel.vid.restricted-numbers=786,666 + +#-----------------------------UIN Properties-------------------------------------- +#length of the uin +mosip.kernel.uin.length=10 +#minimum threshold of unused uin +mosip.kernel.uin.min-unused-threshold=200000 +#number of uins to generate +mosip.kernel.uin.uins-to-generate=500000 +#restricted numbers for uin +mosip.kernel.uin.restricted-numbers=786,666 + +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 0 or negative value +mosip.kernel.uin.length.sequence-limit=3 + +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +#to disable validation assign zero or negative value +mosip.kernel.uin.length.repeating-block-limit=2 + +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.uin.length.repeating-limit=2 + +#reverse group digit limit for uin filter +mosip.kernel.uin.length.reverse-digits-limit=5 + +#group digit limit for uin filter +mosip.kernel.uin.length.digits-limit=5 + +#should not start with +mosip.kernel.uin.not-start-with=0,1 + +#adjacent even digit limit for uin filter +mosip.kernel.uin.length.conjugative-even-digits-limit=3 + + + +#------------------------Auth-Adapter----------------------------------------------- +auth.server.validate.url=${mosipbox.public.url}/v1/authmanager/authorize/admin/validateToken +mosip.keycloak.base-url=http://keycloak +mosip.keycloak.issuerUrl=${mosipbox.public.url}/keycloak/auth/realms/mosip +auth-token-generator.rest.issuerUrl=${mosip.keycloak.issuerUrl} + +#----------------------- Crypto -------------------------------------------------- +#Crypto asymmetric algorithm name +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +#Crypto symmetric algorithm name +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +#Keygenerator asymmetric algorithm name +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +#Keygenerator symmetric algorithm name +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +#Asymmetric algorithm key length +mosip.kernel.keygenerator.asymmetric-key-length=2048 +#Symmetric algorithm key length +mosip.kernel.keygenerator.symmetric-key-length=256 +#Keygenerator symmetric algorithm name +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +# keygenerator asymmetric algorithm name +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +#Encrypted data and encrypted symmetric key separator +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +#GCM tag length +mosip.kernel.crypto.gcm-tag-length=128 +#Hash algo name +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +#Symmtric key length used in hash +mosip.kernel.crypto.hash-symmetric-key-length=256 +#No of iterations in hash +mosip.kernel.crypto.hash-iteration=100000 +#Sign algo name +mosip.kernel.crypto.sign-algorithm-name=RS256 + +mosip.keymanager.base.url=http://kernel-keymanager-service +mosip.kernel.keymanager-service-publickey-url=${mosip.keymanager.base.url}/v1/keymanager/publickey/{applicationId} +mosip.kernel.keymanager-service-decrypt-url=${mosip.keymanager.base.url}/v1/keymanager/decrypt +mosip.kernel.keymanager-service-auth-decrypt-url=${mosip.keymanager.base.url}/v1/keymanager/auth/decrypt +mosip.kernel.keymanager-service-sign-url=${mosip.keymanager.base.url}/v1/keymanager/sign +mosip.kernel.keymanager.cert.url=${mosip.keymanager.base.url}/v1/keymanager/getCertificate +mosip.sign.applicationid=KERNEL +mosip.sign.refid=SIGN +mosip.kernel.cryptomanager.request_id=CRYPTOMANAGER.REQUEST +mosip.kernel.cryptomanager.request_version=v1.0 +mosip.kernel.signature.signature-request-id=SIGNATURE.REQUEST +mosip.kernel.signature.signature-version-id=v1.0 + + + +#----------------------------------ID Repo------------------------------------------ +mosip.idrepo.identity.uin-status.registered=ACTIVATED +mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED + +#---------------------------------------otp manager service------------------------------- +#the default length for otp(in number) +mosip.kernel.otp.default-length=6 +#the default crypto function +#It can be: HmacSHA512, HmacSHA256, HmacSHA1. +mosip.kernel.otp.mac-algorithm=HmacSHA512 +#the OTP expires after the given time(in seconds). +mosip.kernel.otp.expiry-time=180 +#the key is freezed for the given time(in seconds). +mosip.kernel.otp.key-freeze-time=1800 +#the number of validation attempts allowed(in number). +#mosip.kernel.otp.validation-attempt-threshold =3 means , the validation and generation will be blocked from 4th time. +mosip.kernel.otp.validation-attempt-threshold=10 +#minimum length of key(in number). +mosip.kernel.otp.min-key-length=3 +#maximum length of key(in number). +mosip.kernel.otp.max-key-length=64 + + +#--------------------------------------Licensekeymanager Service-------------------------------------- +#the license key length. +mosip.kernel.licensekey.length=16 +#List of permissions +# NOTE: ',' in the below list is used as splitter in the implementation. +# Use of ',' in the values for below key should be avoided. +# Use of spaces before and after ',' also should be avoided. +mosip.kernel.licensekey.permissions=OTP Trigger,OTP Authentication,Demo Authentication - Identity Data Match,Demo Authentication - Address Data Match,Demo Authentication - Full Address Data Match,Demo Authentication - Secondary Language Match,Biometric Authentication - FMR Data Match,Biometric Authentication - IIR Data Match,Biometric Authentication - FID Data Match,Static Pin Authentication,eKYC - limited,eKYC - Full,eKYC - No + + + +#-----------------------------Virus Scanner-------------------------------------- +# Here we specify the Kubernetes service name, as clamav runs in the same cluster +mosip.kernel.virus-scanner.host=clamav +mosip.kernel.virus-scanner.port=80 + +#-------------------------------FS Adapter- HDFS ------------------------------- +mosip.kernel.fsadapter.hdfs.name-node-url=hdfs://hadoop-hdfs-nn:9000 +mosip.kernel.fsadapter.hdfs.authentication-enabled=false +# If HDFS is security is configured with Kerberos, Key Distribution Center domain +mosip.kernel.fsadapter.hdfs.kdc-domain=HDFSKERBEROS1.SOUTHINDIA.CLOUDAPP.AZURE.COM +# HDFS log level. Change this to debug to see hdfs logs +logging.level.org.apache.hadoop=warn +mosip.kernel.fsadapter.hdfs.keytab-file=classpath:mosip.keytab + + + +#------------------------Transliteration----------------------------------------------- +mosip.kernel.transliteration.arabic-language-code=ara +mosip.kernel.transliteration.franch-language-code=fra + + + +#-------Registration processor Notification types------------ +mosip.registration.processor.notification.types=EMAIL + + +mosip.default.dob.month=01 +mosip.default.dob.day=01 +mosip.login.mode= email,mobile + + +#---Language orientation----- +mosip.right_to_left_orientation=ara +mosip.left_to_right_orientation=eng,fra + + +#**************** Notification Type ************* +mosip.notificationtype=SMS|EMAIL +mosip.kernel.sms.proxy-sms=true +mosip.kernel.auth.proxy-otp=true +mosip.kernel.auth.proxy-email=true +#******** Notification lanugage types - either PRIMARY or BOTH ******** + + +#-------------------Admin--------------- +mosip.min-digit-longitude-latitude=4 +mosip.kernel.filtervalue.max_columns=20 + +auth.server.admin.validate.url=${mosipbox.public.url}/v1/authmanager/authorize/admin/validateToken + +#------------------PDF Genration----------------------------------------- +mosip.kernel.pdf_owner_password=abc123 +#------------------Quality Check----------------------------------------- +#Quality threshold for applicant iris +mosip.iris_threshold=0 +#Quality threshold for applicant leftslap fingerprint +mosip.leftslap_fingerprint_threshold=0 +#Quality threshold for applicant rightslap fingerprint +mosip.rightslap_fingerprint_threshold=0 +#Quality threshold for applicant thumbs fingerprint +mosip.thumbs_fingerprint_threshold=0 +#Quality threshold for applicant face +mosip.facequalitythreshold=0 +#Bio SDK Integration +mosip.fingerprint.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.face.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.iris.provider=io.mosip.kernel.bioapi.impl.BioApiImpl + +#-------UIN Alias------------------- +mosip.uin.alias= + +#---------------------------------kernel Salt Generator---------------------------------------------------# +mosip.kernel.salt-generator.chunk-size=10 +mosip.kernel.salt-generator.start-sequence=0 +mosip.kernel.salt-generator.end-sequence=999 +#----------------------------------------------------------------------------------------------------------# +server.max-http-header-size=10000000 + +mosip.kernel.auth.adapter.ssl-bypass=true +mosip.kernel.auth.appid-realm-map={prereg:'preregistration',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip'} + +#---------------------------------prometheus : Metrics related configurations---------------------------------------------------# +management.endpoint.metrics.enabled=true +management.endpoints.web.exposure.include=* +management.endpoint.prometheus.enabled=true +management.metrics.export.prometheus.enabled=true + +mosip.kernel.syncdata-service-idschema-url=${mosip.masterdata.base.url}/v1/masterdata/idschema/latest +mosip.kernel.syncdata-service-dynamicfield-url=${mosip.masterdata.base.url}/v1/masterdata/dynamicfields +mosip.kernel.keymanager-service-validate-url=${mosip.keymanager.base.url}/v1/keymanager/validate + +# ------------ GPS settings --------- + +mosip.registration.gps_device_enable_flag=n + + +# ------------- Packet manager ---------------------- +mosip.commons.packetnames=id,evidence,optional +# reader +provider.packetreader.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|CORRECTION|ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketReaderImpl +# writer +provider.packetwriter.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|CORRECTION|ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketWriterImpl +objectstore.adapter.name=S3Adapter +# can be OnlinePacketCryptoServiceImpl OR OfflinePacketCryptoServiceImpl +objectstore.crypto.name=OnlinePacketCryptoServiceImpl +default.provider.version=v1.0 +# posix adapter config +object.store.base.location=/home +#-------------S3adapter------------------- +# s3 adapter config +object.store.s3.accesskey=admin +object.store.s3.secretkey=abc123 +object.store.s3.url=http://minio:9000 +object.store.s3.region= +object.store.s3.readlimit=10000000 + +# swift adapter config +object.store.swift.username=test +object.store.swift.password=test +object.store.swift.url=http://localhost:8080 + +packet.manager.account.name=PACKET_MANAGER_ACCOUNT +CRYPTOMANAGER_DECRYPT=${mosip.keymanager.base.url}/v1/keymanager/decrypt +CRYPTOMANAGER_ENCRYPT=${mosip.keymanager.base.url}/v1/keymanager/encrypt +IDSCHEMAURL=${mosip.masterdata.base.url}/v1/masterdata/idschema/latest +KEYMANAGER_SIGN=${mosip.keymanager.base.url}/v1/keymanager/sign +AUDIT_URL=${mosipbox.public.url}/v1/auditmanager/audits +packet.default.source=id +schema.default.fieldCategory=pvt,none + +# device registration/deregistration config +mosip.stage.environment=Developer + +# log level +logging.level.root=INFO +logging.level.io.mosip=INFO +logging.level.io.vertx=INFO +logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO + +#iam adapter +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter + +# tomcat access logs +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.directory=/dev +server.tomcat.accesslog.prefix=stdout +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.suffix= +server.tomcat.accesslog.file-date-format= +server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}"} +server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve + +#---------------- Web Sub properties ------------------------- +# The base URL of dmz ingress used to point to websub service +dmz.ingress.base.url=${mosipbox.public.url} +# Websub base url +websub.base.url=${dmz.ingress.base.url} +# Websub URL for Topic Subscriptions +websub.hub.url=${websub.base.url}/websub/hub +# Websub URL for Publishing/registering topics +websub.publish.url=${websub.base.url}/websub/publish +#---------------- Web Sub property ---------------------------- + + +mosip.mandatory-languages=eng +mosip.optional-languages=ara,fra +mosip.min-languages.count=2 +mosip.max-languages.count=3 +mosip.recommended.centers.locCode=5 + + +# These are default languages used for sending notifications +mosip.default.template-languages=eng,ara + +#Config key to pick the preferred language for communicating to the Resident +mosip.default.user-preferred-language-attribute=preferredLang + +mosip.kernel.auth.appids.realm.map={prereg:'preregistration',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip'} +# URL to get new Auth Token from OIDC provider & to do online validation of auth token with OIDC provider. +auth.server.admin.issuer.uri=${mosipbox.public.url}/keycloak/auth/realms/ + +openapi.info.title=Id Authentication Internal Service +openapi.info.description=Id Authentication Internal Service +openapi.info.version=1.0 +openapi.info.license.name=Mosip +openapi.info.license.url=https://docs.mosip.io/platform/license +openapi.service.servers[0].url=${mosipbox.public.url}${server.servlet.context-path} +openapi.service.servers[0].description=Id Authentication Internal Service +openapi.group.name=${openapi.info.title} +openapi.group.paths[0]=/** \ No newline at end of file diff --git a/authentication/authentication-internal-service/src/test/resources/ida-mapping.json b/authentication/authentication-internal-service/src/test/resources/ida-mapping.json index 4b0fcf04aff..d7e67304b11 100644 --- a/authentication/authentication-internal-service/src/test/resources/ida-mapping.json +++ b/authentication/authentication-internal-service/src/test/resources/ida-mapping.json @@ -1,116 +1,120 @@ { - "ida-mapping": { - "name": [ - "fullName" - ], - "dob": [ - "dateOfBirth" - ], - "dobType": [ - "dateOfBirthType" - ], - "age": [ - "dateOfBirth" - ], - "gender": [ - "gender" - ], - "phoneNumber": [ - "phone" - ], - "emailId": [ - "email" - ], - "addressLine1": [ - "addressLine1" - ], - "addressLine2": [ - "addressLine2" - ], - "addressLine3": [ - "addressLine3" - ], - "location1": [ - "city" - ], - "location2": [ - "region" - ], - "location3": [ - "province" - ], - "postalCode": [ - "postalCode" - ], - "fullAddress": [ - "addressLine1", - "addressLine2", - "addressLine3", - "city", - "region", - "province", - "postalCode" - ], - "otp": [ - "otp" - ], - "pin": [ - "pin" - ], - "leftIndex": [ - "FINGER_Left IndexFinger_2" - ], - "leftLittle": [ - "FINGER_Left LittleFinger_2" - ], - "leftMiddle": [ - "FINGER_Left MiddleFinger_2" - ], - "leftRing": [ - "FINGER_Left RingFinger_2" - ], - "leftThumb": [ - "FINGER_Left ThumbFinger_2" - ], - "rightIndex": [ - "FINGER_Right IndexFinger_2" - ], - "rightLittle": [ - "FINGER_Right LittleFinger_2" - ], - "rightMiddle": [ - "FINGER_Right MiddleFinger_2" - ], - "rightRing": [ - "FINGER_Right RingFinger_2" - ], - "rightThumb": [ - "FINGER_Right ThumbFinger_2" - ], - "leftEye": [ - "IRIS_Left_9" - ], - "rightEye": [ - "IRIS_Right_9" - ], - "iris": [ - "leftEye", - "rightEye" - ], - "fingerprint": [ - "leftIndex", - "leftLittle", - "leftMiddle", - "leftRing", - "leftThumb", - "rightIndex", - "rightLittle", - "rightMiddle", - "rightRing", - "rightThumb" - ], - "face": [ - "FACE" - ] + "identity": { + "IDSchemaVersion": { + "value": "IDSchemaVersion" + }, + "name": { + "value": "fullName" + }, + "gender": { + "value": "gender" + }, + "dob": { + "value": "dateOfBirth" + }, + "age": { + "value": "age" + }, + "introducerRID": { + "value": "introducerRID" + }, + "introducerUIN": { + "value": "introducerUIN" + }, + "introducerVID": { + "value": "introducerVID" + }, + "introducerName": { + "value": "introducerName" + }, + "phone": { + "value": "phone" + }, + "phoneNumber": { + "value": "phone" + }, + "email": { + "value": "email" + }, + "emailId": { + "value": "email" + }, + "uin": { + "value": "UIN" + }, + "individualBiometrics": { + "value": "individualBiometrics" + }, + "introducerBiometrics": { + "value": "introducerBiometrics" + }, + "individualAuthBiometrics": { + "value": "individualAuthBiometrics" + }, + "officerBiometricFileName": { + "value": "officerBiometricFileName" + }, + "supervisorBiometricFileName": { + "value": "supervisorBiometricFileName" + }, + "residenceStatus": { + "value": "residenceStatus" + }, + "preferredLanguage": { + "value": "preferredLang" + }, + "locationHierarchyForProfiling": { + "value": "zone,postalCode" + }, + "addressLine1": { + "value": "addressLine1" + }, + "addressLine2": { + "value": "addressLine2" + }, + "addressLine3": { + "value": "addressLine3" + }, + "location1": { + "value": "city" + }, + "location2": { + "value": "region" + }, + "location3": { + "value": "province" + }, + "postalCode": { + "value": "postalCode" + }, + "location4": { + "value": "zone" + }, + "fullAddress": { + "value": "addressLine1,addressLine2,addressLine3,city,region,province,postalCode" + } + }, + "metaInfo": { + "value": "metaInfo" + }, + "audits": { + "value": "audits" + }, + "documents": { + "poa": { + "value": "proofOfAddress" + }, + "poi": { + "value": "proofOfIdentity" + }, + "por": { + "value": "proofOfRelationship" + }, + "pob": { + "value": "proofOfDateOfBirth" + }, + "poe": { + "value": "proofOfException" + } } } \ No newline at end of file