-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #840 from wultra/develop
Merge develop to master
- Loading branch information
Showing
279 changed files
with
7,968 additions
and
3,818 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| name: "CodeQL" | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: [ 'develop', 'main', 'releases/**' ] | ||
| pull_request: | ||
| # The branches below must be a subset of the branches above | ||
| branches: [ 'develop', 'main', 'releases/**' ] | ||
| schedule: | ||
| - cron: '0 2 * * 4' | ||
|
|
||
| jobs: | ||
| codeql-analysis: | ||
| uses: wultra/wultra-infrastructure/.github/workflows/codeql-analysis.yml@develop | ||
| secrets: inherit | ||
| with: | ||
| languages: "['java']" | ||
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | ||
| # Use only 'java' to analyze code written in Java, Kotlin or both | ||
| # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,13 @@ | ||
| <component name="ProjectRunConfigurationManager"> | ||
| <configuration default="false" name="EnrollmentServerApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot"> | ||
| <option name="ACTIVE_PROFILES" value="dev" /> | ||
| <envs> | ||
| <env name="JDBC_DATABASE_SCHEMA" value="powerauth" /> | ||
| <env name="JDBC_DATABASE_USERNAME" value="powerauth" /> | ||
| <env name="JDBC_DATABASE_PASSWORD" value="" /> | ||
| </envs> | ||
| <option name="DEBUG_MODE" value="true" /> | ||
| <module name="enrollment-server" /> | ||
| <option name="SPRING_BOOT_MAIN_CLASS" value="com.wultra.app.enrollmentserver.EnrollmentServerApplication" /> | ||
| <option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/enrollment-server -Dserver.port=8081" /> | ||
| <method v="2"> | ||
| <option name="Make" enabled="true" /> | ||
| <option name="Maven.BeforeRunTask" enabled="true" file="$PROJECT_DIR$/enrollment-server/pom.xml" goal="process-resources" /> | ||
| </method> | ||
| </configuration> | ||
| </component> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,13 @@ | ||
| <component name="ProjectRunConfigurationManager"> | ||
| <configuration default="false" name="EnrollmentServerOnboardingApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot"> | ||
| <option name="ACTIVE_PROFILES" value="dev" /> | ||
| <envs> | ||
| <env name="JDBC_DATABASE_SCHEMA" value="powerauth" /> | ||
| <env name="JDBC_DATABASE_USERNAME" value="powerauth" /> | ||
| <env name="JDBC_DATABASE_PASSWORD" value="" /> | ||
| </envs> | ||
| <option name="DEBUG_MODE" value="true" /> | ||
| <module name="enrollment-server-onboarding" /> | ||
| <option name="SPRING_BOOT_MAIN_CLASS" value="com.wultra.app.onboardingserver.OnboardingServerApplication" /> | ||
| <option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/enrollment-server-onboarding -Dserver.port=8083" /> | ||
| <method v="2"> | ||
| <option name="Make" enabled="true" /> | ||
| <option name="Maven.BeforeRunTask" enabled="true" file="$PROJECT_DIR$/enrollment-server-onboarding/pom.xml" goal="process-resources" /> | ||
| </method> | ||
| </configuration> | ||
| </component> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,25 +1,68 @@ | ||
| FROM tomcat:jdk11-adoptopenjdk-openj9 | ||
| FROM ibm-semeru-runtimes:open-17.0.8_7-jre | ||
| LABEL maintainer="petr@wultra.com" | ||
|
|
||
| # Prepare environment variables | ||
| ENV JAVA_HOME /opt/java/openjdk | ||
| ENV TOMCAT_HOME /usr/local/tomcat | ||
| ENV WAR_VERSION 1.4.0 | ||
| ENV JAVA_HOME=/opt/java/openjdk \ | ||
| LB_HOME=/usr/local/liquibase \ | ||
| LB_VERSION=4.23.2 \ | ||
| PKG_RELEASE=1~jammy \ | ||
| TOMCAT_HOME=/usr/local/tomcat \ | ||
| TOMCAT_MAJOR=10 \ | ||
| TOMCAT_VERSION=10.1.13 \ | ||
| TZ=UTC | ||
|
|
||
| ENV PATH=$PATH:$LB_HOME:$TOMCAT_HOME/bin | ||
|
|
||
| # Init | ||
| RUN apt-get -y update \ | ||
| && apt-get -y upgrade \ | ||
| && apt-get -y install bash curl wget | ||
|
|
||
| # Install tomcat | ||
| RUN curl -jkSL -o /tmp/apache-tomcat.tar.gz http://archive.apache.org/dist/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz \ | ||
| && [ "406c0c367ac6ad95bb724ecc3a3c340ad7ded8c62287d657811eeec496eaaca1f5add52d2f46111da1426ae67090c543f6deccfeb5fdf4bdae32f9b39e773265 /tmp/apache-tomcat.tar.gz" = "$(sha512sum /tmp/apache-tomcat.tar.gz)" ] \ | ||
| && gunzip /tmp/apache-tomcat.tar.gz \ | ||
| && tar -C /opt -xf /tmp/apache-tomcat.tar \ | ||
| && ln -s /opt/apache-tomcat-$TOMCAT_VERSION $TOMCAT_HOME | ||
|
|
||
| # Clear root context | ||
| RUN rm -rf $TOMCAT_HOME/webapps/* | ||
|
|
||
| # This setup was inspired by https://github.com/mobtitude/liquibase/blob/master/Dockerfile | ||
| RUN set -x \ | ||
| && wget -q -O /tmp/liquibase.tar.gz "https://github.com/liquibase/liquibase/releases/download/v$LB_VERSION/liquibase-$LB_VERSION.tar.gz" \ | ||
| && [ "fc7d2a9fa97d91203d639b664715d40953c6c9155a5225a0ddc4c8079b9a3641 /tmp/liquibase.tar.gz" = "$(sha256sum /tmp/liquibase.tar.gz)" ] \ | ||
| && mkdir -p "$LB_HOME" \ | ||
| && tar -xzf /tmp/liquibase.tar.gz -C "$LB_HOME" \ | ||
| && rm -rf "$LB_HOME/sdk" \ | ||
| # Uninstall packages which are no longer needed and clean apt caches | ||
| && apt-get -y remove wget curl gettext-base \ | ||
| && apt-get -y purge --auto-remove \ | ||
| && rm -rf /tmp/* /var/cache/apt/* | ||
|
|
||
| # Liquibase - changesets | ||
| RUN rm -rf $LB_HOME/data | ||
| COPY docs/db/changelog $LB_HOME/db/changelog | ||
|
|
||
| # Add valve for proxy with SSL termination | ||
| RUN sed -i 's/<\/Host>/<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto"\/><\/Host>/' $TOMCAT_HOME/conf/server.xml | ||
|
|
||
| # Deploy and run applications | ||
| COPY docker/enrollment-server.xml $TOMCAT_HOME/conf/Catalina/localhost/ | ||
| COPY target/enrollment-server-$WAR_VERSION.war $TOMCAT_HOME/webapps/enrollment-server.war | ||
| COPY deploy/enrollment-server.xml $TOMCAT_HOME/conf/Catalina/localhost/ | ||
| COPY enrollment-server/target/enrollment-server-*.war $TOMCAT_HOME/webapps/enrollment-server.war | ||
|
|
||
| # Add PowerAuth User | ||
| RUN groupadd -r powerauth \ | ||
| && useradd -r -g powerauth -s /sbin/nologin powerauth \ | ||
| && chown -R powerauth:powerauth $TOMCAT_HOME \ | ||
| && chown -R powerauth:powerauth /opt/apache-tomcat-$TOMCAT_VERSION | ||
|
|
||
| # Docker configuration | ||
| EXPOSE 8080 | ||
| STOPSIGNAL SIGQUIT | ||
|
|
||
| # Create user tomcat and run Tomcat under this user | ||
| RUN groupadd -r tomcat | ||
| RUN useradd -r -g tomcat -d $TOMCAT_HOME -s /sbin/nologin tomcat | ||
| RUN chown -R tomcat:tomcat $TOMCAT_HOME | ||
| USER powerauth | ||
|
|
||
| USER tomcat | ||
| CMD ["catalina.sh", "run"] | ||
| # Define entry point with mandatory commands | ||
| COPY deploy/docker-entrypoint.sh / | ||
| ENTRYPOINT ["/docker-entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| #!/usr/bin/env sh | ||
|
|
||
| liquibase --headless=true --log-level=INFO --changeLogFile=$LB_HOME/db/changelog/changesets/enrollment-server/db.changelog-module.xml \ | ||
| --username=$ENROLLMENT_SERVER_DATASOURCE_USERNAME \ | ||
| --password=$ENROLLMENT_SERVER_DATASOURCE_PASSWORD \ | ||
| --url=$ENROLLMENT_SERVER_DATASOURCE_URL \ | ||
| update | ||
|
|
||
| catalina.sh run |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <Context> | ||
|
|
||
| <!-- Database Configuration - JDBC --> | ||
| <Parameter name="spring.datasource.url" value="${ENROLLMENT_SERVER_DATASOURCE_URL:jdbc:postgresql://host.docker.internal:5432/powerauth}"/> | ||
| <Parameter name="spring.datasource.username" value="${ENROLLMENT_SERVER_DATASOURCE_USERNAME:powerauth}"/> | ||
| <Parameter name="spring.datasource.password" value="${ENROLLMENT_SERVER_DATASOURCE_PASSWORD:}"/> | ||
|
|
||
| <!-- Configuration of Database Charset --> | ||
| <Parameter name="spring.jpa.properties.hibernate.connection.characterEncoding" value="${ENROLLMENT_SERVER_JPA_CHARACTER_ENCODING:utf8}"/> | ||
| <Parameter name="spring.jpa.properties.hibernate.connection.useUnicode" value="${ENROLLMENT_SERVER_JPA_USE_UNICODE:true}"/> | ||
|
|
||
| <!-- Database Lock Timeout Configuration --> | ||
| <Parameter name="spring.jpa.properties.jakarta.persistence.lock.timeout" value="${ENROLLMENT_SERVER_JPA_LOCK_TIMEOUT:10000}"/> | ||
|
|
||
| <!-- JMX Configuration --> | ||
| <Parameter name="spring.jmx.enabled" value="${ENROLLMENT_SERVER_SPRING_JMX_ENABLED:false}"/> | ||
| <Parameter name="spring.jmx.default-domain" value="${ENROLLMENT_SERVER_SPRING_JMX_DEFAULT_DOMAIN:enrollment-server}"/> | ||
|
|
||
| <!-- PowerAuth Service Configuration --> | ||
| <Parameter name="powerauth.service.url" value="${ENROLLMENT_SERVER_POWERAUTH_SERVICE_URL:http://localhost:8080/powerauth-java-server/rest}"/> | ||
| <Parameter name="powerauth.service.security.clientToken" value="${ENROLLMENT_SERVER_SECURITY_CLIENT_TOKEN:}"/> | ||
| <Parameter name="powerauth.service.security.clientSecret" value="${ENROLLMENT_SERVER_SECURITY_CLIENT_SECRET:}"/> | ||
|
|
||
| <!-- PowerAuth Push Service Configuration --> | ||
| <Parameter name="powerauth.push.service.url" value="${ENROLLMENT_SERVER_PUSH_SERVER_URL:}"/> | ||
|
|
||
| <!-- Enrollment Server Configuration --> | ||
| <Parameter name="enrollment-server.mtoken.enabled" value="${ENROLLMENT_SERVER_MTOKEN_ENABLED:true}"/> | ||
| <Parameter name="enrollment-server.inbox.enabled" value="${ENROLLMENT_SERVER_INBOX_ENABLED:true}"/> | ||
| <Parameter name="enrollment-server.activation-spawn.enabled" value="${ENROLLMENT_SERVER_ACTIVATION_SPAWN_ENABLED:false}"/> | ||
|
|
||
| <!-- User-info configuration --> | ||
| <Parameter name="enrollment-server.user-info.provider" value="${ENROLLMENT_SERVER_USER_INFO_PROVIDER:}"/> | ||
| <Parameter name="enrollment-server.user-info.rest-provider.allowed-stages" value="${ENROLLMENT_SERVER_USER_INFO_REST_ALLOWED_STAGES:USER_INFO_ENDPOINT}"/> | ||
| <Parameter name="enrollment-server.user-info.rest-provider.restClientConfig.baseUrl" value="${ENROLLMENT_SERVER_USER_INFO_REST_URL:}"/> | ||
| <Parameter name="enrollment-server.user-info.rest-provider.restClientConfig.httpBasicAuthEnabled" value="${ENROLLMENT_SERVER_USER_INFO_REST_BASIC_ENABLED:false}"/> | ||
| <Parameter name="enrollment-server.user-info.rest-provider.restClientConfig.httpBasicAuthUsername" value="${ENROLLMENT_SERVER_USER_INFO_REST_BASIC_USERNAME:}"/> | ||
| <Parameter name="enrollment-server.user-info.rest-provider.restClientConfig.httpBasicAuthPassword" value="${ENROLLMENT_SERVER_USER_INFO_REST_BASIC_PASSWORD:}"/> | ||
|
|
||
| <!-- Correlation HTTP Header Configuration --> | ||
| <Parameter name="powerauth.service.correlation-header.enabled" value="${ENROLLMENT_SERVER_CORRELATION_HEADER_ENABLED:false}"/> | ||
| <Parameter name="powerauth.service.correlation-header.name" value="${ENROLLMENT_SERVER_CORRELATION_HEADER_NAME:X-Correlation-ID}"/> | ||
| <Parameter name="powerauth.service.correlation-header.value.validation-regexp" value="${ENROLLMENT_SERVER_CORRELATION_HEADER_VALUE_VALIDATION_REGEXP:[a-zA-Z0-9\\-]{8,1024}}"/> | ||
| </Context> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| ENROLLMENT_SERVER_POWERAUTH_SERVICE_URL=http://localhost:8080/powerauth-java-server/rest | ||
| ENROLLMENT_SERVER_SECURITY_CLIENT_TOKEN= | ||
| ENROLLMENT_SERVER_SECURITY_CLIENT_SECRET= | ||
| ENROLLMENT_SERVER_PUSH_SERVER_URL= | ||
| ENROLLMENT_SERVER_MTOKEN_ENABLED=true | ||
| ENROLLMENT_SERVER_INBOX_ENABLED=true | ||
| ENROLLMENT_SERVER_ACTIVATION_SPAWN_ENABLED=false | ||
| ENROLLMENT_SERVER_CORRELATION_HEADER_ENABLED=false | ||
| ENROLLMENT_SERVER_CORRELATION_HEADER_NAME=X-Correlation-ID | ||
| ENROLLMENT_SERVER_CORRELATION_HEADER_VALUE_VALIDATION_REGEXP=[a-zA-Z0-9\\-]{8,1024} | ||
| ENROLLMENT_SERVER_DATASOURCE_URL=jdbc:postgresql://host.docker.internal:5432/powerauth | ||
| ENROLLMENT_SERVER_DATASOURCE_USERNAME=powerauth | ||
| ENROLLMENT_SERVER_DATASOURCE_PASSWORD= | ||
| ENROLLMENT_SERVER_JPA_CHARACTER_ENCODING=utf8 | ||
| ENROLLMENT_SERVER_JPA_USE_UNICODE=true | ||
| ENROLLMENT_SERVER_JPA_LOCK_TIMEOUT=10000 | ||
| ENROLLMENT_SERVER_SPRING_JMX_ENABLED=false | ||
| ENROLLMENT_SERVER_SPRING_JMX_DEFAULT_DOMAIN=enrollment-server | ||
| ENROLLMENT_SERVER_USER_INFO_PROVIDER= | ||
| ENROLLMENT_SERVER_USER_INFO_REST_ALLOWED_STAGES=USER_INFO_ENDPOINT | ||
| ENROLLMENT_SERVER_USER_INFO_REST_URL= | ||
| ENROLLMENT_SERVER_USER_INFO_REST_BASIC_ENABLED=false | ||
| ENROLLMENT_SERVER_USER_INFO_REST_BASIC_USERNAME= | ||
| ENROLLMENT_SERVER_USER_INFO_REST_BASIC_PASSWORD= |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.