mosip · swatigoel · Nov 19, 2024 · Nov 18, 2024 · Nov 19, 2024 · Nov 19, 2024
diff --git a/docker-compose/docker-compose-injistack/README.md b/docker-compose/docker-compose-injistack/README.md
@@ -0,0 +1,159 @@
+# Inji Stack Setup
+
+This guide provides instructions for setting up and running Inji Stack.
+
+## Prerequisites
+- Docker and Docker Compose installed on your system
+- Git (to clone the repository)
+- Basic understanding of Docker and container operations
+### Building inji-web-proxy
+Before running the docker-compose, you need to build the inji-web-proxy image:
+
+```bash
+# Clone the repository
+git clone https://github.com/mosip/inji-web.git -b release-0.11.x
+cd inji-web/inji-web-proxy
+
+# Build the Docker image
+docker build -t inji-web-proxy:local .
+```
+
+## Directory Structure Setup
+Create the following directory structure before proceeding:
+
+```
+docker-compose-injistack/
+├── data/
+│   └── CERTIFY_PKCS12/(p12 file generated at runtime)
+├── certs/
+│   └── oidckeystore.p12 (to be obtained during onboarding of mimoto to esignet)
+├── loader_path/
+│   └── certify/ (plugin jar to be placed here)
+├── config/ (default setup should work as is for csvplugin, any other config changes user can make as per their setup)
+│   ├── certify-default.properties
+│   ├── certify-mock-identity.properties
+│   ├── mimoto-default.properties
+│   ├── mimoto-issuers-config.json
+│   ├── mimoto-trusted-verifiers.json
+│   └── credential-template.html
+├── nginx.conf
+├── certify_init.sql
+└── docker-compose.yml
+```
+
+## Mock Certify Plugin Setup
+You have two options for the certify plugin:
+
+### Option 1: Use Existing Mock Plugin
+- Supported versions: 0.3.0 and above
+- Download the snapshot JAR from:
+  ```
+  https://oss.sonatype.org/content/repositories/snapshots/io/mosip/certify/mock-certify-plugin/0.3.0-SNAPSHOT/
+  ```
+- Place the downloaded JAR in `loader_path/certify/`
+
+### Option 2: Create Custom Plugin
+You can create your own plugin by implementing the following interface and place the resultant jar in loader_path:
+
+Reference Implementation: [CSVDataProviderPlugin](https://github.com/mosip/digital-credential-plugins/blob/develop/mock-certify-plugin/src/main/java/io.mosip.certify.mock.integration/service/MockCSVDataProviderPlugin.java)
+```java
+public interface DataProviderPlugin {
+    // Implement your custom logic here
+}
+```
+
+## Configuration Setup
+
+
+
+### 1. Certificate Setup
+- Place your PKCS12 certificate file (obtained from esignet onboarding) in:
+  ```
+  certs/oidckeystore.p12
+  ```
+  [Collab Env OIDCKeystore](https://docs.inji.io/inji-wallet/inji-mobile/customization-overview/credential_providers#onboarding-mimoto-as-oidc-client-for-a-new-issuer)
+
+### 2. Configuration Files
+Ensure all configuration files are properly updated in the config directory:
+- certify-default.properties
+- certify-mock-identity.properties
+- mimoto-default.properties
+- mimoto-issuers-config.json
+- mimoto-trusted-verifiers.json
+- credential-template.html
+
+[Mimoto Docker Compose Configuration Docs](https://github.com/mosip/mimoto/tree/release-0.15.x/docker-compose)
+[Inji Certify Configuration Docs](../../README.md)
+## Running the Application
+
+### 1. Start the Services
+```bash
+docker-compose up -d
+```
+
+### 2. Verify Services
+Check if all services are running:
+```bash
+docker-compose ps
+```
+
+## Service Endpoints
+The following services will be available:
+- Database (PostgreSQL): `localhost:5433`
+- Certify Service: `localhost:8090`
+- Nginx: `localhost:80`
+- Mimoto Service: `localhost:8099`
+- Inji Web Proxy: `localhost:3010`
+- Inji Web: `localhost:3001`
+
+## Using the Application
+
+### Accessing the Web Interface
+1. Open your browser and navigate to `http://localhost:3001`
+2. You can:
+    - Download credentials
+    - View credential status
+    - Manage your digital identity
+
+## Troubleshooting
+
+### Common Issues and Solutions
+1. Container startup issues:
+   ```bash
+   docker-compose logs [service_name]
+   ```
+
+2. Database connection issues:
+    - Verify PostgreSQL container is running
+    - Check database credentials in configuration
+
+3. Plugin loading issues:
+    - Verify plugin JAR is in the correct directory
+    - Check plugin version compatibility
+
+### Health Checks
+Monitor service health:
+```bash
+docker-compose ps
+docker logs [container_name]
+```
+
+## Stopping the Application
+To stop all services:
+```bash
+docker-compose down
+```
+
+To stop and remove all containers and volumes:
+```bash
+docker-compose down -v
+```
+
+## Security Considerations
+- Keep your PKCS12 certificate secure
+- Regularly update configurations and credentials
+- Monitor service logs for security issues
+
+
+## Additional Resources
+- [Inji Documentation](https://docs.inji.io/)
diff --git a/docker-compose/docker-compose-injistack/certify_init.sql b/docker-compose/docker-compose-injistack/certify_init.sql
@@ -0,0 +1,166 @@
+CREATE DATABASE inji_certify
+  ENCODING = 'UTF8'
+  LC_COLLATE = 'en_US.UTF-8'
+  LC_CTYPE = 'en_US.UTF-8'
+  TABLESPACE = pg_default
+  OWNER = postgres
+  TEMPLATE  = template0;
+
+COMMENT ON DATABASE inji_certify IS 'certify related data is stored in this database';
+
+\c inji_certify postgres
+
+DROP SCHEMA IF EXISTS certify CASCADE;
+CREATE SCHEMA certify;
+ALTER SCHEMA certify OWNER TO postgres;
+ALTER DATABASE inji_certify SET search_path TO certify,pg_catalog,public;
+
+CREATE TABLE certify.key_alias(
+                                  id character varying(36) NOT NULL,
+                                  app_id character varying(36) NOT NULL,
+                                  ref_id character varying(128),
+                                  key_gen_dtimes timestamp,
+                                  key_expire_dtimes timestamp,
+                                  status_code character varying(36),
+                                  lang_code character varying(3),
+                                  cr_by character varying(256) NOT NULL,
+                                  cr_dtimes timestamp NOT NULL,
+                                  upd_by character varying(256),
+                                  upd_dtimes timestamp,
+                                  is_deleted boolean DEFAULT FALSE,
+                                  del_dtimes timestamp,
+                                  cert_thumbprint character varying(100),
+                                  uni_ident character varying(50),
+                                  CONSTRAINT pk_keymals_id PRIMARY KEY (id),
+                                  CONSTRAINT uni_ident_const UNIQUE (uni_ident)
+);
+
+CREATE TABLE certify.key_policy_def(
+                                       app_id character varying(36) NOT NULL,
+                                       key_validity_duration smallint,
+                                       is_active boolean NOT NULL,
+                                       pre_expire_days smallint,
+                                       access_allowed character varying(1024),
+                                       cr_by character varying(256) NOT NULL,
+                                       cr_dtimes timestamp NOT NULL,
+                                       upd_by character varying(256),
+                                       upd_dtimes timestamp,
+                                       is_deleted boolean DEFAULT FALSE,
+                                       del_dtimes timestamp,
+                                       CONSTRAINT pk_keypdef_id PRIMARY KEY (app_id)
+);
+
+CREATE TABLE certify.key_store(
+                                  id character varying(36) NOT NULL,
+                                  master_key character varying(36) NOT NULL,
+                                  private_key character varying(2500) NOT NULL,
+                                  certificate_data character varying NOT NULL,
+                                  cr_by character varying(256) NOT NULL,
+                                  cr_dtimes timestamp NOT NULL,
+                                  upd_by character varying(256),
+                                  upd_dtimes timestamp,
+                                  is_deleted boolean DEFAULT FALSE,
+                                  del_dtimes timestamp,
+                                  CONSTRAINT pk_keystr_id PRIMARY KEY (id)
+);
+
+CREATE TABLE certify.svg_template (
+                                    id UUID NOT NULL,
+                                    template VARCHAR NOT NULL,
+                                    cr_dtimes timestamp NOT NULL,
+                                    upd_dtimes timestamp,
+                                    CONSTRAINT pk_svgtmp_id PRIMARY KEY (id)
+);
+
+CREATE TABLE certify.template_data(
+                                    context character varying(1024) NOT NULL,
+                                    credential_type character varying(512) NOT NULL,
+                                    template VARCHAR NOT NULL,
+                                    cr_dtimes timestamp NOT NULL default now(),
+                                    upd_dtimes timestamp,
+                                    CONSTRAINT pk_template PRIMARY KEY (context, credential_type)
+);
+
+INSERT INTO certify.template_data (context, credential_type, template, cr_dtimes, upd_dtimes) VALUES ('https://vharsh.github.io/DID/mock-context.json,https://www.w3.org/2018/credentials/v1', 'MockVerifiableCredential,VerifiableCredential', '{
+    "@context": [
+    "https://www.w3.org/2018/credentials/v1",
+    "https://vharsh.github.io/DID/mock-context.json"],
+    "issuer": "${issuer}",
+    "type": ["VerifiableCredential", "MockVerifiableCredential"],
+    "issuanceDate": "${validFrom}",
+    "expirationDate": "${validUntil}",
+    "credentialSubject": {
+        "gender": ${gender},
+        "postalCode": ${postalCode},
+        "fullName": ${fullName},
+        "dateOfBirth": "${dateOfBirth}",
+        "province": ${province},
+        "phone": "${phone}",
+        "addressLine1": ${addressLine1},
+        "region": ${region},
+        "vcVer": "${vcVer}",
+        "UIN": ${UIN},
+        "email": "${email}",
+        "face": "${face}"
+    }
+}', '2024-10-22 17:08:17.826851', NULL);
+INSERT INTO certify.template_data (context, credential_type, template, cr_dtimes, upd_dtimes) VALUES ('https://vharsh.github.io/DID/mock-context.json,https://www.w3.org/ns/credentials/v2', 'MockVerifiableCredential,VerifiableCredential', '{
+    "@context": [
+            "https://www.w3.org/ns/credentials/v2", "https://vharsh.github.io/DID/mock-context.json"],
+    "issuer": "${issuer}",
+    "type": ["VerifiableCredential", "MockVerifiableCredential"],
+    "validFrom": "${validFrom}",
+    "validUntil": "${validUntil}",
+    "credentialSubject": {
+    "gender": ${gender},
+        "postalCode": ${postalCode},
+        "fullName": ${fullName},
+        "dateOfBirth": "${dateOfBirth}",
+        "province": ${province},
+        "phone": "${phone}",
+        "addressLine1": ${addressLine1},
+        "region": ${region},
+        "vcVer": "${vcVer}",
+        "UIN": ${UIN},
+        "email": "${email}",
+        "face": "${face}"
+    }
+}', '2024-10-22 17:08:17.826851', NULL);
+INSERT INTO certify.template_data (context, credential_type, template, cr_dtimes, upd_dtimes) VALUES ('https://www.w3.org/2018/credentials/v1', 'FarmerCredential,VerifiableCredential', '{
+     "@context": [
+                "https://www.w3.org/2018/credentials/v1",
+                "https://vharsh.github.io/DID/farmer.json",
+    "https://w3id.org/security/suites/ed25519-2020/v1"
+        ],
+        "issuer": "${issuer}",
+        "type": [
+            "VerifiableCredential",
+            "FarmerCredential"
+        ],
+        "issuanceDate": "${validFrom}",
+        "expirationDate": "${validUntil}",
+        "credentialSubject": {
+            "name": "${name}",
+            "dateOfBirth": "${dateOfBirth}",
+            "highestEducation": "${highestEducation}",
+            "maritalStatus": "${maritalStatus}",
+            "typeOfHouse": "${typeOfHouse}",
+            "numberOfDependents": "${numberOfDependents}",
+            "phoneNumber": "${phoneNumber}",
+            "works": "${works}",
+            "landArea": "${landArea}",
+            "landOwnershipType": "${landOwnershipType}",
+            "primaryCropType": "${primaryCropType}",
+            "secondaryCropType": "${secondaryCropType}"
+        }
+}
+', '2024-10-24 12:32:38.065994', NULL);
+
+
+INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('ROOT', 2920, 1125, 'NA', true, 'mosipadmin', now());
+INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_SERVICE', 1095, 60, 'NA', true, 'mosipadmin', now());
+INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_PARTNER', 1095, 60, 'NA', true, 'mosipadmin', now());
+INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_MOCK_RSA', 1095, 60, 'NA', true, 'mosipadmin', now());
+INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('CERTIFY_MOCK_ED25519', 1095, 60, 'NA', true, 'mosipadmin', now());
+INSERT INTO certify.key_policy_def(APP_ID,KEY_VALIDITY_DURATION,PRE_EXPIRE_DAYS,ACCESS_ALLOWED,IS_ACTIVE,CR_BY,CR_DTIMES) VALUES('BASE', 1095, 60, 'NA', true, 'mosipadmin', now());
+