Skip to content

Commit

Permalink
Merge pull request #606 from wultra/develop
Browse files Browse the repository at this point in the history
Merge develop to master
  • Loading branch information
zcgandcomp authored Jan 11, 2023
2 parents 394a7f8 + e137b76 commit 3d1dac5
Show file tree
Hide file tree
Showing 416 changed files with 38,583 additions and 243 deletions.
11 changes: 11 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
- package-ecosystem: "maven"
directory: "/"
schedule:
interval: "weekly"
16 changes: 16 additions & 0 deletions .github/workflows/coverity-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Run Coverity scan and upload results

on:
workflow_dispatch:
schedule:
- cron: '0 10 1 * *' # monthly


jobs:
coverity-scan:
uses: wultra/wultra-infrastructure/.github/workflows/coverity-scan.yml@develop
secrets: inherit
with:
project-name: ${{ github.event.repository.name }}
version: ${{ github.sha }}
description: ${{ github.ref }}
52 changes: 52 additions & 0 deletions .github/workflows/maven-deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Deploy with Maven

on:
workflow_dispatch:
branches:
- 'develop'
- 'master'
- 'releases/*'
- 'test/ci'
inputs:
release_type:
type: choice
description: releasing to snapshot or release
default: snapshot
options:
- snapshot
- release
environment:
type: environment
default: internal-publish
description: internal or external repository
push:
branches:
- 'develop'
- 'test/ci'



jobs:
maven-deploy-push:
if: ${{ github.event_name == 'push' }}
name: Deploy to jfrog
uses: wultra/wultra-infrastructure/.github/workflows/maven-deploy.yml@develop
with:
environment: internal-publish
release_type: snapshot
secrets:
username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}

maven-deploy-manual:
if: ${{ github.event_name == 'workflow_dispatch' }}
name: Deploy by parameter
uses: wultra/wultra-infrastructure/.github/workflows/maven-deploy.yml@develop
with:
environment: ${{ inputs.environment }}
release_type: ${{ inputs.release_type }}
secrets:
username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
gpg_passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
gpg_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
18 changes: 18 additions & 0 deletions .github/workflows/maven-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Test with Maven

on:
workflow_dispatch:
push:
branches:
- 'master'
- 'releases/**'
pull_request:
branches:
- 'develop'
- 'master'
- 'releases/**'

jobs:
maven-tests:
uses: wultra/wultra-infrastructure/.github/workflows/maven-test.yml@develop
secrets: inherit
12 changes: 12 additions & 0 deletions .github/workflows/owasp-dependecy-check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: Run OWASP Dependency Check
on:
workflow_dispatch:

push:
branches:
- 'develop'

jobs:
owasp-check:
uses: wultra/wultra-infrastructure/.github/workflows/owasp-dependency-check.yml@develop
secrets: inherit
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,7 @@ dist/

### JRebel
rebel.xml

### Swagger
.swagger-codegen
.swagger-codegen-ignore
16 changes: 16 additions & 0 deletions .run/EnrollmentServerApplication.run.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
<component name="ProjectRunConfigurationManager">
<configuration default="false" name="EnrollmentServerApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
<option name="ACTIVE_PROFILES" value="dev" />
<envs>
<env name="JDBC_DATABASE_SCHEMA" value="powerauth" />
<env name="JDBC_DATABASE_USERNAME" value="powerauth" />
<env name="JDBC_DATABASE_PASSWORD" value="" />
</envs>
<module name="enrollment-server" />
<option name="SPRING_BOOT_MAIN_CLASS" value="com.wultra.app.enrollmentserver.EnrollmentServerApplication" />
<option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/enrollment-server -Dserver.port=8081" />
<method v="2">
<option name="Make" enabled="true" />
</method>
</configuration>
</component>
16 changes: 16 additions & 0 deletions .run/EnrollmentServerOnboardingApplication.run.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
<component name="ProjectRunConfigurationManager">
<configuration default="false" name="EnrollmentServerOnboardingApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
<option name="ACTIVE_PROFILES" value="dev" />
<envs>
<env name="JDBC_DATABASE_SCHEMA" value="powerauth" />
<env name="JDBC_DATABASE_USERNAME" value="powerauth" />
<env name="JDBC_DATABASE_PASSWORD" value="" />
</envs>
<module name="enrollment-server-onboarding" />
<option name="SPRING_BOOT_MAIN_CLASS" value="com.wultra.app.onboardingserver.OnboardingServerApplication" />
<option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/enrollment-server-onboarding -Dserver.port=8083" />
<method v="2">
<option name="Make" enabled="true" />
</method>
</configuration>
</component>
25 changes: 25 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
FROM tomcat:jdk11-adoptopenjdk-openj9
LABEL maintainer="petr@wultra.com"

# Prepare environment variables
ENV JAVA_HOME /opt/java/openjdk
ENV TOMCAT_HOME /usr/local/tomcat
ENV WAR_VERSION 1.4.0

# Clear root context
RUN rm -rf $TOMCAT_HOME/webapps/*

# Add valve for proxy with SSL termination
RUN sed -i 's/<\/Host>/<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto"\/><\/Host>/' $TOMCAT_HOME/conf/server.xml

# Deploy and run applications
COPY docker/enrollment-server.xml $TOMCAT_HOME/conf/Catalina/localhost/
COPY target/enrollment-server-$WAR_VERSION.war $TOMCAT_HOME/webapps/enrollment-server.war

# Create user tomcat and run Tomcat under this user
RUN groupadd -r tomcat
RUN useradd -r -g tomcat -d $TOMCAT_HOME -s /sbin/nologin tomcat
RUN chown -R tomcat:tomcat $TOMCAT_HOME

USER tomcat
CMD ["catalina.sh", "run"]
46 changes: 46 additions & 0 deletions docker/enrollment-server.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<Context>

<!-- Database Configuration - JDBC -->
<Parameter name="spring.datasource.url" value="${ENROLLMENT_SERVER_DATASOURCE_URL}"/>
<Parameter name="spring.datasource.username" value="${ENROLLMENT_SERVER_DATASOURCE_USERNAME}"/>
<Parameter name="spring.datasource.password" value="${ENROLLMENT_SERVER_DATASOURCE_PASSWORD}"/>
<Parameter name="spring.datasource.driver-class-name" value="${ENROLLMENT_SERVER_DATASOURCE_DRIVER}"/>
<Parameter name="spring.jpa.hibernate.ddl-auto" value="${ENROLLMENT_SERVER_JPA_DDL_AUTO}"/>

<!-- Configuration of Database Charset -->
<Parameter name="spring.jpa.properties.hibernate.connection.CharSet" value="${ENROLLMENT_SERVER_JPA_CHARSET}"/>
<Parameter name="spring.jpa.properties.hibernate.connection.characterEncoding" value="${ENROLLMENT_SERVER_JPA_CHARACTER_ENCODING}"/>
<Parameter name="spring.jpa.properties.hibernate.connection.useUnicode" value="${ENROLLMENT_SERVER_JPA_USE_UNICODE}"/>

<!-- Additional JPA Configuration -->
<Parameter name="spring.jpa.database-platform" value="${ENROLLMENT_SERVER_JPA_DATABASE_PLATFORM}"/>

<!-- Database Lock Timeout Configuration -->
<Parameter name="spring.jpa.properties.lock.timeout" value="${ENROLLMENT_SERVER_JPA_LOCK_TIMEOUT}"/>

<!-- Database Configuration - JNDI -->
<Parameter name="spring.datasource.jndi-name" value="${ENROLLMENT_SERVER_DATASOURCE_JNDI_NAME}"/>

<!-- JMX Configuration -->
<Parameter name="spring.jmx.enabled" value="${ENROLLMENT_SERVER_SPRING_JMX_ENABLED}"/>
<Parameter name="spring.jmx.default-domain" value="${ENROLLMENT_SERVER_SPRING_JMX_DEFAULT_DOMAIN}"/>

<!-- PowerAuth Service Configuration -->
<Parameter name="powerauth.service.url" value="${ENROLLMENT_SERVER_POWERAUTH_SERVICE_URL}"/>
<Parameter name="powerauth.service.security.clientToken" value="${ENROLLMENT_SERVER_SECURITY_CLIENT_TOKEN}"/>
<Parameter name="powerauth.service.security.clientSecret" value="${ENROLLMENT_SERVER_SECURITY_CLIENT_SECRET}"/>

<!-- PowerAuth Push Service Configuration -->
<Parameter name="powerauth.push.service.url" value="${ENROLLMENT_SERVER_PUSH_SERVER_URL}"/>

<!-- Enrollment Server Configuration -->
<Parameter name="enrollment-server.mtoken.enabled" value="${ENROLLMENT_SERVER_MTOKEN_ENABLED}"/>
<Parameter name="enrollment-server.inbox.enabled" value="${ENROLLMENT_SERVER_INBOX_ENABLED}"/>
<Parameter name="enrollment-server.activation-spawn.enabled" value="${ENROLLMENT_SERVER_ACTIVATION_SPAWN_ENABLED}"/>

<!-- Correlation HTTP Header Configuration -->
<Parameter name="powerauth.service.correlation-header.enabled" value="${ENROLLMENT_SERVER_CORRELATION_HEADER_ENABLED}"/>
<Parameter name="powerauth.service.correlation-header.name" value="${ENROLLMENT_SERVER_CORRELATION_HEADER_NAME}"/>
<Parameter name="powerauth.service.correlation-header.value.validation-regexp" value="${ENROLLMENT_SERVER_CORRELATION_HEADER_VALUE_VALIDATION_REGEXP}"/>
</Context>
23 changes: 23 additions & 0 deletions docker/env.list.tmp
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
ENROLLMENT_SERVER_POWERAUTH_SERVICE_URL=http://localhost:8080/powerauth-java-server/rest
ENROLLMENT_SERVER_SECURITY_CLIENT_TOKEN=
ENROLLMENT_SERVER_SECURITY_CLIENT_SECRET=
ENROLLMENT_SERVER_PUSH_SERVER_URL=
ENROLLMENT_SERVER_MTOKEN_ENABLED=true
ENROLLMENT_SERVER_INBOX_ENABLED=true
ENROLLMENT_SERVER_ACTIVATION_SPAWN_ENABLED=false
ENROLLMENT_SERVER_CORRELATION_HEADER_ENABLED=false
ENROLLMENT_SERVER_CORRELATION_HEADER_NAME=X-Correlation-ID
ENROLLMENT_SERVER_CORRELATION_HEADER_VALUE_VALIDATION_REGEXP=[a-zA-Z0-9\\-]{8,1024}
ENROLLMENT_SERVER_DATASOURCE_URL=
ENROLLMENT_SERVER_DATASOURCE_USERNAME=
ENROLLMENT_SERVER_DATASOURCE_PASSWORD=
ENROLLMENT_SERVER_DATASOURCE_DRIVER=
ENROLLMENT_SERVER_JPA_DDL_AUTO=
ENROLLMENT_SERVER_JPA_CHARSET=
ENROLLMENT_SERVER_JPA_CHARACTER_ENCODING=
ENROLLMENT_SERVER_JPA_USE_UNICODE=
ENROLLMENT_SERVER_JPA_DATABASE_PLATFORM=
ENROLLMENT_SERVER_JPA_LOCK_TIMEOUT=
ENROLLMENT_SERVER_DATASOURCE_JNDI_NAME=
ENROLLMENT_SERVER_SPRING_JMX_ENABLED=
ENROLLMENT_SERVER_SPRING_JMX_DEFAULT_DOMAIN=
22 changes: 22 additions & 0 deletions docs-private/Developer-How-To-Start.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Developer - How to Start Guide


## Enrollment Server


### Standalone Run

- Enable maven profile `standalone`
- Use IntelliJ Idea run configuration at `../.run/EnrollmentServerApplication.run.xml`
- Open [http://localhost:8081/enrollment-server/actuator/health](http://localhost:8081/enrollment-server/actuator/health) and you should get `{"status":"UP"}`


## Enrollment Server Onboarding


### Standalone Run

- Enable maven profile `standalone`
- Use IntelliJ Idea run configuration at `../.run/EnrollmentServerOnboardingApplication.run.xml`
- Open [http://localhost:8083/enrollment-server-onboarding/actuator/health](http://localhost:8083/enrollment-server-onboarding/actuator/health) and you should get `{"status":"UP"}`

23 changes: 23 additions & 0 deletions docs-private/Integration.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# External providers

## API schema
To update API schema use `https://editor.swagger.io/#/` to get the yaml version
1. File -> Import
2. File -> Save as YAML
3. Update the schema files in the `src/main/resources/api`

## Presence check providers

### iProov
The [iProov](https://www.iproov.com/) solution can be used for the presence check phase.

There has to be enabled per service feature to get the user's selfie from the verified person check.

[claim validation response](https://secure.iproov.me/docs.html#operation/userVerifyValidate)
- frame_available
```
Present and True if there is frame available for returning to the integrator.
Enabled on a per service provider basis. Contact support@iproov.com to request this functionality.
```
- the jpeg is base64 encoded with escaped slashes (https://stackoverflow.com/questions/1580647/json-why-are-forward-slashes-escaped)
28 changes: 28 additions & 0 deletions docs-private/Testing.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Testing guidelines and approaches

## Integration tests on external services

There are prepared basic integration tests on external services. All such tests
are [tagged](https://junit.org/junit5/docs/current/user-guide/#writing-tests-tagging-and-filtering) with `external-service`.
None of these tests is run during a standard build by default. Run maven command with `-Dgroups="external-service"` to include
also all tests on external services.

Following subchapters list needed system variables to be defined before run of the tests.

### iProov

Following system variables need to be defined:
- IPROOV_API_KEY - api key value
- IPROOV_API_SECRET - api secret value
- IPROOV_ASSURANCE_TYPE - assurance type of the claim, accepts `genuine_presence` (default) or `liveness` values
- IPROOV_RISK_PROFILE - optional configuration of risk tolerance for an authentication attempt
- IPROOV_SERVICE_BASE_URL - e.g. `https://secure.iproov.me/api/v2`
- IPROOV_SERVICE_HOSTNAME - hostname value where the service runs, used in the `Host` header, e.g. `secure.iproov.me`

### ZenID

Following system variables need to be defined:
- ZENID_ASYNC_PROCESSING_ENABLED - allows asynchronous processing, accepts `true` or `false` values
- ZENID_NTLM_USERNAME - a username value for the ntlm authentication
- ZENID_NTLM_PASSWORD - a password value for the ntlm authentication
- ZENID_SERVICE_BASE_URL - hostname value where the service runs, used in the `Host` header, e.g. `secure.iproov.me`
47 changes: 47 additions & 0 deletions docs/Configuration-Properties.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Configuration Properties

The Enrollment Server uses the following public configuration properties:

## Database Configuration

| Property | Default | Note |
|---|---|---|
| `spring.datasource.url` | `_empty_` | Database JDBC URL |
| `spring.datasource.username` | `_empty_` | Database JDBC username |
| `spring.datasource.password` | `_empty_` | Database JDBC password |
| `spring.datasource.driver-class-name` | `_empty_` | Datasource JDBC class name |
| `spring.jpa.database-platform` | `_empty_` | Database dialect |
| `spring.jpa.hibernate.ddl-auto` | `none` | Configuration of automatic database schema creation |
| `spring.jpa.properties.hibernate.connection.characterEncoding` | `_empty_` | Character encoding |
| `spring.jpa.properties.hibernate.connection.useUnicode` | `_empty_` | Character encoding - Unicode support |

## PowerAuth Service Configuration

| Property | Default | Note |
|---|---|---|
| `powerauth.service.url` | `http://localhost:8080/powerauth-java-server/rest` | PowerAuth service REST API base URL. |
| `powerauth.service.security.clientToken` | `_empty_` | PowerAuth REST API authentication token. |
| `powerauth.service.security.clientSecret` | `_empty_` | PowerAuth REST API authentication secret / password. |

## PowerAuth Push Service Configuration

| Property | Default | Note |
|---|---|---|
| `powerauth.push.service.url` | `http://localhost:8080/powerauth-push-server` | PowerAuth Push service REST API base URL. |

## Enrollment Server Configuration

| Property | Default | Note |
|---|---|---|
| `enrollment-server.mtoken.enabled` | `true` | Publishing of Mobile Token endpoints can be enabled or disabled using this property. |
| `enrollment-server.inbox.enabled` | `true` | Publishing of Inbox endpoints can be enabled or disabled using this property. |
| `enrollment-server.activation-spawn.enabled` | `false` | The activation spawn functionality can be enabled or disabled using this property. |

## Correlation HTTP Header Configuration

| Property | Default | Note |
|---|---|---|
| `powerauth.service.correlation-header.enabled` | `false` | Whether correlation header is enabled |
| `powerauth.service.correlation-header.name` | `X-Correlation-ID` | Correlation header name |
| `powerauth.service.correlation-header.value.validation-regexp` | `[a-zA-Z0-9\\-]{8,1024}` | Regular expression for correlation header value validation |
| `logging.pattern.console` | [See application.properties](https://github.com/wultra/enrollment-server/blob/develop/enrollment-server/src/main/resources/application.properties#L160) | Logging pattern for console which includes the correlation header value |
Loading

0 comments on commit 3d1dac5

Please sign in to comment.