e-Signet Project

Overview

This repository contains the implementation of Authorization Code flow of OAuth 2.0. Supports all the mandatory features of OIDC (Open ID Connect) specification.

e-Signet repository contains following:

1. esignet-core - Library containing all the common interfaces, DTOs and utils that is used as dependency in the other esignet module libraries and services
2. esignet-service - Deployable API service containing all the OIDC and UI controllers.
3. esignet-integration-api - Library containing all the integration interfaces.
4. client-management-service-impl - Client management implementations classes.
5. oidc-service-impl - Oauth and OIDC implementation classes.
6. binding-service-impl - key and individualId binding service implementation classes.
7. db_scripts - Contains all the db scripts required to setup or upgrade the DB for esignet module.

Databases

Refer to SQL scripts.

Build & run (for developers)

The project requires JDK 11.

1. Build and install:

   $ mvn clean install -Dgpg.skip=true
   

2. Build Docker for a service:

   $ docker build -f Dockerfile
   

Installing in k8s cluster using helm

Pre-requisites

1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC.
2. Make sure DB setup is done.
3. Add / merge below mentioned properties files into existing config branch:
   • esignet-default.properties
   • application-default.properties
4. Below are the dependent services required for esignet service:

   Chart	Chart version
   Keycloak	7.1.18
   Keycloak-init	12.0.1-B3
   Postgres	10.16.2
   Postgres Init	12.0.1-B3
   Minio	10.1.6
   Kafka	0.4.2
   Config-server	12.0.1-B3
   Websub	12.0.1-B2
   Artifactory server	12.0.1-B3
   Keymanager service	12.0.1-B2
   Kernel services	12.0.1-B2
   Biosdk service	12.0.1-B3
   Idrepo services	12.0.1-B2
   Pms services	12.0.1-B3
   IDA services	12.0.1-B3

Install

• Install kubectl and helm utilities.
• Run install-all.sh to deploy esignet services.

  cd helm
  ./install-all.sh
  

• During the execution of the install-all.sh script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
• If the server lacks a public domain and a valid SSL certificate, it is advisable to select the n option. Opting it will enable the init-container with an emptyDir volume and include it in the deployment process.
• The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., cacerts) file.
• This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.

Delete

• Run delete-all.sh to remove esignet services.

  cd helm
  ./delete-all.sh
  

Restart

• Run restart-all.sh to restart esignet services.

  cd helm
  ./restart-all.sh
  

Onboard esignet

• Run onboarder's install.sh script to exchange jwk certificates.

APIs

API documentation is available here.

License

This project is licensed under the terms of Mozilla Public License 2.0.