-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #606 from wultra/develop
Merge develop to master
- Loading branch information
Showing
416 changed files
with
38,583 additions
and
243 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# To get started with Dependabot version updates, you'll need to specify which | ||
# package ecosystems to update and where the package manifests are located. | ||
# Please see the documentation for all configuration options: | ||
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | ||
|
||
version: 2 | ||
updates: | ||
- package-ecosystem: "maven" | ||
directory: "/" | ||
schedule: | ||
interval: "weekly" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
name: Run Coverity scan and upload results | ||
|
||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: '0 10 1 * *' # monthly | ||
|
||
|
||
jobs: | ||
coverity-scan: | ||
uses: wultra/wultra-infrastructure/.github/workflows/coverity-scan.yml@develop | ||
secrets: inherit | ||
with: | ||
project-name: ${{ github.event.repository.name }} | ||
version: ${{ github.sha }} | ||
description: ${{ github.ref }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: Deploy with Maven | ||
|
||
on: | ||
workflow_dispatch: | ||
branches: | ||
- 'develop' | ||
- 'master' | ||
- 'releases/*' | ||
- 'test/ci' | ||
inputs: | ||
release_type: | ||
type: choice | ||
description: releasing to snapshot or release | ||
default: snapshot | ||
options: | ||
- snapshot | ||
- release | ||
environment: | ||
type: environment | ||
default: internal-publish | ||
description: internal or external repository | ||
push: | ||
branches: | ||
- 'develop' | ||
- 'test/ci' | ||
|
||
|
||
|
||
jobs: | ||
maven-deploy-push: | ||
if: ${{ github.event_name == 'push' }} | ||
name: Deploy to jfrog | ||
uses: wultra/wultra-infrastructure/.github/workflows/maven-deploy.yml@develop | ||
with: | ||
environment: internal-publish | ||
release_type: snapshot | ||
secrets: | ||
username: ${{ secrets.MAVEN_CENTRAL_USERNAME }} | ||
password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} | ||
|
||
maven-deploy-manual: | ||
if: ${{ github.event_name == 'workflow_dispatch' }} | ||
name: Deploy by parameter | ||
uses: wultra/wultra-infrastructure/.github/workflows/maven-deploy.yml@develop | ||
with: | ||
environment: ${{ inputs.environment }} | ||
release_type: ${{ inputs.release_type }} | ||
secrets: | ||
username: ${{ secrets.MAVEN_CENTRAL_USERNAME }} | ||
password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} | ||
gpg_passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | ||
gpg_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
name: Test with Maven | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: | ||
- 'master' | ||
- 'releases/**' | ||
pull_request: | ||
branches: | ||
- 'develop' | ||
- 'master' | ||
- 'releases/**' | ||
|
||
jobs: | ||
maven-tests: | ||
uses: wultra/wultra-infrastructure/.github/workflows/maven-test.yml@develop | ||
secrets: inherit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
name: Run OWASP Dependency Check | ||
on: | ||
workflow_dispatch: | ||
|
||
push: | ||
branches: | ||
- 'develop' | ||
|
||
jobs: | ||
owasp-check: | ||
uses: wultra/wultra-infrastructure/.github/workflows/owasp-dependency-check.yml@develop | ||
secrets: inherit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,3 +22,7 @@ dist/ | |
|
||
### JRebel | ||
rebel.xml | ||
|
||
### Swagger | ||
.swagger-codegen | ||
.swagger-codegen-ignore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
<component name="ProjectRunConfigurationManager"> | ||
<configuration default="false" name="EnrollmentServerApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot"> | ||
<option name="ACTIVE_PROFILES" value="dev" /> | ||
<envs> | ||
<env name="JDBC_DATABASE_SCHEMA" value="powerauth" /> | ||
<env name="JDBC_DATABASE_USERNAME" value="powerauth" /> | ||
<env name="JDBC_DATABASE_PASSWORD" value="" /> | ||
</envs> | ||
<module name="enrollment-server" /> | ||
<option name="SPRING_BOOT_MAIN_CLASS" value="com.wultra.app.enrollmentserver.EnrollmentServerApplication" /> | ||
<option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/enrollment-server -Dserver.port=8081" /> | ||
<method v="2"> | ||
<option name="Make" enabled="true" /> | ||
</method> | ||
</configuration> | ||
</component> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
<component name="ProjectRunConfigurationManager"> | ||
<configuration default="false" name="EnrollmentServerOnboardingApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot"> | ||
<option name="ACTIVE_PROFILES" value="dev" /> | ||
<envs> | ||
<env name="JDBC_DATABASE_SCHEMA" value="powerauth" /> | ||
<env name="JDBC_DATABASE_USERNAME" value="powerauth" /> | ||
<env name="JDBC_DATABASE_PASSWORD" value="" /> | ||
</envs> | ||
<module name="enrollment-server-onboarding" /> | ||
<option name="SPRING_BOOT_MAIN_CLASS" value="com.wultra.app.onboardingserver.OnboardingServerApplication" /> | ||
<option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/enrollment-server-onboarding -Dserver.port=8083" /> | ||
<method v="2"> | ||
<option name="Make" enabled="true" /> | ||
</method> | ||
</configuration> | ||
</component> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
FROM tomcat:jdk11-adoptopenjdk-openj9 | ||
LABEL maintainer="petr@wultra.com" | ||
|
||
# Prepare environment variables | ||
ENV JAVA_HOME /opt/java/openjdk | ||
ENV TOMCAT_HOME /usr/local/tomcat | ||
ENV WAR_VERSION 1.4.0 | ||
|
||
# Clear root context | ||
RUN rm -rf $TOMCAT_HOME/webapps/* | ||
|
||
# Add valve for proxy with SSL termination | ||
RUN sed -i 's/<\/Host>/<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto"\/><\/Host>/' $TOMCAT_HOME/conf/server.xml | ||
|
||
# Deploy and run applications | ||
COPY docker/enrollment-server.xml $TOMCAT_HOME/conf/Catalina/localhost/ | ||
COPY target/enrollment-server-$WAR_VERSION.war $TOMCAT_HOME/webapps/enrollment-server.war | ||
|
||
# Create user tomcat and run Tomcat under this user | ||
RUN groupadd -r tomcat | ||
RUN useradd -r -g tomcat -d $TOMCAT_HOME -s /sbin/nologin tomcat | ||
RUN chown -R tomcat:tomcat $TOMCAT_HOME | ||
|
||
USER tomcat | ||
CMD ["catalina.sh", "run"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<Context> | ||
|
||
<!-- Database Configuration - JDBC --> | ||
<Parameter name="spring.datasource.url" value="${ENROLLMENT_SERVER_DATASOURCE_URL}"/> | ||
<Parameter name="spring.datasource.username" value="${ENROLLMENT_SERVER_DATASOURCE_USERNAME}"/> | ||
<Parameter name="spring.datasource.password" value="${ENROLLMENT_SERVER_DATASOURCE_PASSWORD}"/> | ||
<Parameter name="spring.datasource.driver-class-name" value="${ENROLLMENT_SERVER_DATASOURCE_DRIVER}"/> | ||
<Parameter name="spring.jpa.hibernate.ddl-auto" value="${ENROLLMENT_SERVER_JPA_DDL_AUTO}"/> | ||
|
||
<!-- Configuration of Database Charset --> | ||
<Parameter name="spring.jpa.properties.hibernate.connection.CharSet" value="${ENROLLMENT_SERVER_JPA_CHARSET}"/> | ||
<Parameter name="spring.jpa.properties.hibernate.connection.characterEncoding" value="${ENROLLMENT_SERVER_JPA_CHARACTER_ENCODING}"/> | ||
<Parameter name="spring.jpa.properties.hibernate.connection.useUnicode" value="${ENROLLMENT_SERVER_JPA_USE_UNICODE}"/> | ||
|
||
<!-- Additional JPA Configuration --> | ||
<Parameter name="spring.jpa.database-platform" value="${ENROLLMENT_SERVER_JPA_DATABASE_PLATFORM}"/> | ||
|
||
<!-- Database Lock Timeout Configuration --> | ||
<Parameter name="spring.jpa.properties.lock.timeout" value="${ENROLLMENT_SERVER_JPA_LOCK_TIMEOUT}"/> | ||
|
||
<!-- Database Configuration - JNDI --> | ||
<Parameter name="spring.datasource.jndi-name" value="${ENROLLMENT_SERVER_DATASOURCE_JNDI_NAME}"/> | ||
|
||
<!-- JMX Configuration --> | ||
<Parameter name="spring.jmx.enabled" value="${ENROLLMENT_SERVER_SPRING_JMX_ENABLED}"/> | ||
<Parameter name="spring.jmx.default-domain" value="${ENROLLMENT_SERVER_SPRING_JMX_DEFAULT_DOMAIN}"/> | ||
|
||
<!-- PowerAuth Service Configuration --> | ||
<Parameter name="powerauth.service.url" value="${ENROLLMENT_SERVER_POWERAUTH_SERVICE_URL}"/> | ||
<Parameter name="powerauth.service.security.clientToken" value="${ENROLLMENT_SERVER_SECURITY_CLIENT_TOKEN}"/> | ||
<Parameter name="powerauth.service.security.clientSecret" value="${ENROLLMENT_SERVER_SECURITY_CLIENT_SECRET}"/> | ||
|
||
<!-- PowerAuth Push Service Configuration --> | ||
<Parameter name="powerauth.push.service.url" value="${ENROLLMENT_SERVER_PUSH_SERVER_URL}"/> | ||
|
||
<!-- Enrollment Server Configuration --> | ||
<Parameter name="enrollment-server.mtoken.enabled" value="${ENROLLMENT_SERVER_MTOKEN_ENABLED}"/> | ||
<Parameter name="enrollment-server.inbox.enabled" value="${ENROLLMENT_SERVER_INBOX_ENABLED}"/> | ||
<Parameter name="enrollment-server.activation-spawn.enabled" value="${ENROLLMENT_SERVER_ACTIVATION_SPAWN_ENABLED}"/> | ||
|
||
<!-- Correlation HTTP Header Configuration --> | ||
<Parameter name="powerauth.service.correlation-header.enabled" value="${ENROLLMENT_SERVER_CORRELATION_HEADER_ENABLED}"/> | ||
<Parameter name="powerauth.service.correlation-header.name" value="${ENROLLMENT_SERVER_CORRELATION_HEADER_NAME}"/> | ||
<Parameter name="powerauth.service.correlation-header.value.validation-regexp" value="${ENROLLMENT_SERVER_CORRELATION_HEADER_VALUE_VALIDATION_REGEXP}"/> | ||
</Context> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
ENROLLMENT_SERVER_POWERAUTH_SERVICE_URL=http://localhost:8080/powerauth-java-server/rest | ||
ENROLLMENT_SERVER_SECURITY_CLIENT_TOKEN= | ||
ENROLLMENT_SERVER_SECURITY_CLIENT_SECRET= | ||
ENROLLMENT_SERVER_PUSH_SERVER_URL= | ||
ENROLLMENT_SERVER_MTOKEN_ENABLED=true | ||
ENROLLMENT_SERVER_INBOX_ENABLED=true | ||
ENROLLMENT_SERVER_ACTIVATION_SPAWN_ENABLED=false | ||
ENROLLMENT_SERVER_CORRELATION_HEADER_ENABLED=false | ||
ENROLLMENT_SERVER_CORRELATION_HEADER_NAME=X-Correlation-ID | ||
ENROLLMENT_SERVER_CORRELATION_HEADER_VALUE_VALIDATION_REGEXP=[a-zA-Z0-9\\-]{8,1024} | ||
ENROLLMENT_SERVER_DATASOURCE_URL= | ||
ENROLLMENT_SERVER_DATASOURCE_USERNAME= | ||
ENROLLMENT_SERVER_DATASOURCE_PASSWORD= | ||
ENROLLMENT_SERVER_DATASOURCE_DRIVER= | ||
ENROLLMENT_SERVER_JPA_DDL_AUTO= | ||
ENROLLMENT_SERVER_JPA_CHARSET= | ||
ENROLLMENT_SERVER_JPA_CHARACTER_ENCODING= | ||
ENROLLMENT_SERVER_JPA_USE_UNICODE= | ||
ENROLLMENT_SERVER_JPA_DATABASE_PLATFORM= | ||
ENROLLMENT_SERVER_JPA_LOCK_TIMEOUT= | ||
ENROLLMENT_SERVER_DATASOURCE_JNDI_NAME= | ||
ENROLLMENT_SERVER_SPRING_JMX_ENABLED= | ||
ENROLLMENT_SERVER_SPRING_JMX_DEFAULT_DOMAIN= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Developer - How to Start Guide | ||
|
||
|
||
## Enrollment Server | ||
|
||
|
||
### Standalone Run | ||
|
||
- Enable maven profile `standalone` | ||
- Use IntelliJ Idea run configuration at `../.run/EnrollmentServerApplication.run.xml` | ||
- Open [http://localhost:8081/enrollment-server/actuator/health](http://localhost:8081/enrollment-server/actuator/health) and you should get `{"status":"UP"}` | ||
|
||
|
||
## Enrollment Server Onboarding | ||
|
||
|
||
### Standalone Run | ||
|
||
- Enable maven profile `standalone` | ||
- Use IntelliJ Idea run configuration at `../.run/EnrollmentServerOnboardingApplication.run.xml` | ||
- Open [http://localhost:8083/enrollment-server-onboarding/actuator/health](http://localhost:8083/enrollment-server-onboarding/actuator/health) and you should get `{"status":"UP"}` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# External providers | ||
|
||
## API schema | ||
To update API schema use `https://editor.swagger.io/#/` to get the yaml version | ||
1. File -> Import | ||
2. File -> Save as YAML | ||
3. Update the schema files in the `src/main/resources/api` | ||
|
||
## Presence check providers | ||
|
||
### iProov | ||
The [iProov](https://www.iproov.com/) solution can be used for the presence check phase. | ||
|
||
There has to be enabled per service feature to get the user's selfie from the verified person check. | ||
|
||
[claim validation response](https://secure.iproov.me/docs.html#operation/userVerifyValidate) | ||
- frame_available | ||
``` | ||
Present and True if there is frame available for returning to the integrator. | ||
Enabled on a per service provider basis. Contact support@iproov.com to request this functionality. | ||
``` | ||
- the jpeg is base64 encoded with escaped slashes (https://stackoverflow.com/questions/1580647/json-why-are-forward-slashes-escaped) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Testing guidelines and approaches | ||
|
||
## Integration tests on external services | ||
|
||
There are prepared basic integration tests on external services. All such tests | ||
are [tagged](https://junit.org/junit5/docs/current/user-guide/#writing-tests-tagging-and-filtering) with `external-service`. | ||
None of these tests is run during a standard build by default. Run maven command with `-Dgroups="external-service"` to include | ||
also all tests on external services. | ||
|
||
Following subchapters list needed system variables to be defined before run of the tests. | ||
|
||
### iProov | ||
|
||
Following system variables need to be defined: | ||
- IPROOV_API_KEY - api key value | ||
- IPROOV_API_SECRET - api secret value | ||
- IPROOV_ASSURANCE_TYPE - assurance type of the claim, accepts `genuine_presence` (default) or `liveness` values | ||
- IPROOV_RISK_PROFILE - optional configuration of risk tolerance for an authentication attempt | ||
- IPROOV_SERVICE_BASE_URL - e.g. `https://secure.iproov.me/api/v2` | ||
- IPROOV_SERVICE_HOSTNAME - hostname value where the service runs, used in the `Host` header, e.g. `secure.iproov.me` | ||
|
||
### ZenID | ||
|
||
Following system variables need to be defined: | ||
- ZENID_ASYNC_PROCESSING_ENABLED - allows asynchronous processing, accepts `true` or `false` values | ||
- ZENID_NTLM_USERNAME - a username value for the ntlm authentication | ||
- ZENID_NTLM_PASSWORD - a password value for the ntlm authentication | ||
- ZENID_SERVICE_BASE_URL - hostname value where the service runs, used in the `Host` header, e.g. `secure.iproov.me` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# Configuration Properties | ||
|
||
The Enrollment Server uses the following public configuration properties: | ||
|
||
## Database Configuration | ||
|
||
| Property | Default | Note | | ||
|---|---|---| | ||
| `spring.datasource.url` | `_empty_` | Database JDBC URL | | ||
| `spring.datasource.username` | `_empty_` | Database JDBC username | | ||
| `spring.datasource.password` | `_empty_` | Database JDBC password | | ||
| `spring.datasource.driver-class-name` | `_empty_` | Datasource JDBC class name | | ||
| `spring.jpa.database-platform` | `_empty_` | Database dialect | | ||
| `spring.jpa.hibernate.ddl-auto` | `none` | Configuration of automatic database schema creation | | ||
| `spring.jpa.properties.hibernate.connection.characterEncoding` | `_empty_` | Character encoding | | ||
| `spring.jpa.properties.hibernate.connection.useUnicode` | `_empty_` | Character encoding - Unicode support | | ||
|
||
## PowerAuth Service Configuration | ||
|
||
| Property | Default | Note | | ||
|---|---|---| | ||
| `powerauth.service.url` | `http://localhost:8080/powerauth-java-server/rest` | PowerAuth service REST API base URL. | | ||
| `powerauth.service.security.clientToken` | `_empty_` | PowerAuth REST API authentication token. | | ||
| `powerauth.service.security.clientSecret` | `_empty_` | PowerAuth REST API authentication secret / password. | | ||
|
||
## PowerAuth Push Service Configuration | ||
|
||
| Property | Default | Note | | ||
|---|---|---| | ||
| `powerauth.push.service.url` | `http://localhost:8080/powerauth-push-server` | PowerAuth Push service REST API base URL. | | ||
|
||
## Enrollment Server Configuration | ||
|
||
| Property | Default | Note | | ||
|---|---|---| | ||
| `enrollment-server.mtoken.enabled` | `true` | Publishing of Mobile Token endpoints can be enabled or disabled using this property. | | ||
| `enrollment-server.inbox.enabled` | `true` | Publishing of Inbox endpoints can be enabled or disabled using this property. | | ||
| `enrollment-server.activation-spawn.enabled` | `false` | The activation spawn functionality can be enabled or disabled using this property. | | ||
|
||
## Correlation HTTP Header Configuration | ||
|
||
| Property | Default | Note | | ||
|---|---|---| | ||
| `powerauth.service.correlation-header.enabled` | `false` | Whether correlation header is enabled | | ||
| `powerauth.service.correlation-header.name` | `X-Correlation-ID` | Correlation header name | | ||
| `powerauth.service.correlation-header.value.validation-regexp` | `[a-zA-Z0-9\\-]{8,1024}` | Regular expression for correlation header value validation | | ||
| `logging.pattern.console` | [See application.properties](https://github.com/wultra/enrollment-server/blob/develop/enrollment-server/src/main/resources/application.properties#L160) | Logging pattern for console which includes the correlation header value | |
Oops, something went wrong.