Merge pull request #81 from Mahesh-Binayak/release-1.2.0.1

[Took selective changes from develop for release-1.2.0.1]

.github/workflows/push-trigger.yml

@@ -20,6 +20,8 @@ on:
       - 1.*
       - master
       - MOSIP*
+
+
 jobs:
   build-dockers:
     strategy:
@@ -28,7 +30,7 @@ jobs:
           - SERVICE_LOCATION: './'
             SERVICE_NAME: 'partner-onboarder'
       fail-fast: false
-    name: ${{ matrix.SERVICE_NAME }}  
+    name: ${{ matrix.SERVICE_NAME }}
     uses: mosip/kattu/.github/workflows/docker-build.yml@master
     with:
       SERVICE_LOCATION: ${{ matrix.SERVICE_LOCATION }}

Dockerfile

@@ -60,4 +60,4 @@ ENV s3-bucket-name=
 ENV ns_mimoto=
 ENV ns_esignet=
 
-ENTRYPOINT ["./entrypoint.sh"]
+ENTRYPOINT ["./entrypoint.sh"]

README.md

@@ -1,15 +1,17 @@
 # Partner Onboarding Utils
 
 ## Overview
-This repository contains Postman collection to onboard partners on to MOSIP. 
+This repository contains Postman collection to onboard partners on to MOSIP.
 
 * `run-onboard.sh`:  Onboard any partner.
-* `default.sh`: Onboard default partners that are required to run a sandbox.  
+* `default.sh`: Onboard default partners that are required to run a sandbox.
 
 ## Docker
 Docker to run `default.sh` is created to facilitate easy onboarding during installion. Refer `docker-build.sh` and `docker-run.sh`. Use this docker while installing MOSIP on Kubernetes. The docker runs an HTTP server to view the reports. Although this is a one-time job, the docker is run as Kubernetes Deployment with long sleep time set to review reports. If you restart the docker it will run the onboarding again.
 
-The scripts assume a Keycloak client `mosip-deployment-client` with roles `GLOBAL_ADMIN`, `ID_AUTHENTICATION`, `PARTNER_ADMIN` is already created. 
+The scripts assume a Keycloak client `mosip-deployment-client` with roles `GLOBAL_ADMIN`, `ID_AUTHENTICATION`, `PARTNER_ADMIN` is already created.
+
+If the `ENABLE_INSECURE` environment variable is set to `true`, the script will proceed with downloading an SSL certificate and subsequently provide it for utilization in **Newman** collections and **curl** API calls during execution. This functionality is designed for scenarios where the script is required to be used on a server that possesses self-signed SSL certificates.
 
 ## License
 This project is licensed under the terms of [Mozilla Public License 2.0](LICENSE).

certs/create-jwks.sh

@@ -14,7 +14,7 @@ echo "AUTHMANAGER URL : $AUTHMANAGER_URL"
 echo "KEYMANAGER URL : $KEYMANAGER_URL"
 
 #echo "* Request for authorization"
-curl -s -D - -o /dev/null -X "POST" \
+curl $ADD_SSL_CURL -s -D - -o /dev/null -X "POST" \
   "$AUTHMANAGER_URL/v1/authmanager/authenticate/clientidsecretkey" \
   -H "accept: */*" \
   -H "Content-Type: application/json" \
@@ -40,7 +40,7 @@ fi
 
 echo -e "\nGot Authorization token from authmanager"
 
-curl -X "GET" \
+curl $ADD_SSL_CURL -X "GET" \
   -H "Accept: application/json" \
   --cookie "Authorization=$TOKEN" \
   "$KEYMANAGER_URL/v1/keymanager/getCertificate?applicationId=RESIDENT&referenceId=" > result.txt

certs/create-signing-certs.sh

@@ -17,18 +17,20 @@ path=$1
 # orgnisation=$(prop 'partner-org-name')
 # email_id=$(prop 'partner-kc-user-email')
 # common_name=$pname
-# keystore_passowrd=$(prop 'keystore-passowrd')
+# keystore_password=$(prop 'keystore-password')
 
 
-partner_name=$( printenv PARTNER_KC_USERNAME ) 
+partner_name=$( printenv PARTNER_KC_USERNAME )
 echo "$partner_name is the name of the partner."
 country=IN
 state=Kar
 locality=Blr
 orgnisation=IITB
 email_id=user_$(date +%s%N)@example.com
 common_name=$partner_name
-keystore_passowrd=
+keystore_password=mosip123
+export keystore_password
+echo "$keystore_password" > key.pwd
 
 echo "updating conf"
 sed -i 's/\(^C =\).*/\1 '$country'/' $path/certs/root-openssl.cnf
@@ -64,9 +66,8 @@ else
   openssl req -new -key $cert_path/Client.key -out $cert_path/Client.csr -config $path/certs/client-openssl.cnf
   openssl x509 -req -days 1825 -extensions v3_req -extfile $path/certs/client-openssl.cnf -in $cert_path/Client.csr -CA $cert_path/RootCA.pem -CAkey $cert_path/RootCA.key -CAcreateserial -out $cert_path/Client.pem
 
-  openssl pkcs12 -export -in $cert_path/Client.pem -inkey $cert_path/Client.key -out $cert_path/keystore.p12 -name $partner_name -password pass:$keystore_passowrd
+  openssl pkcs12 -export -in $cert_path/Client.pem -inkey $cert_path/Client.key -out $cert_path/keystore.p12 -name $partner_name -password pass:$keystore_password
 
   echo "Cert generation complete"$'\n'
 
 fi
-

default-auth-policy.json

@@ -1,72 +1,72 @@
 [
-{
-  "id": "string",
-  "metadata": {},
-  "request": {
-    "desc": "{{policy-name}} Policy",
-    "name": "{{policy-name}}",
-    "version" : "1.0",
-    "policies": {
-      "allowedAuthTypes": [
-        {
-          "authSubType": "IRIS",
-          "authType": "bio",
-          "mandatory": false
-        },
-        {
-          "authSubType": "FINGER",
-          "authType": "bio",
-          "mandatory": false
-        },
-        {
-          "authSubType": "FACE",
-          "authType": "bio",
-          "mandatory": false
-        },
-        {
-          "authSubType": "",
-          "authType": "otp",
-          "mandatory": false
-        },
-        {
-           "authSubType": "",
-           "authType": "otp-request",
-           "mandatory": false
-        },       
-        {
-          "authSubType": "",
-          "authType": "kyc",
-          "mandatory": false
-        },
-        {
-          "authSubType": "",
-          "authType": "demo",
-          "mandatory": false
-        }         
-      ],
-      "allowedKycAttributes": [
-        {
-          "attributeName": "fullName"
-        },
-         {
-          "attributeName": "gender"
-        },
-         {
-          "attributeName": "residenceStatus"
-        },
-        {
-          "attributeName": "dateOfBirth"
-        },
-        {
-          "attributeName": "photo"
-        }
-      ],
-     "authTokenType": "policy"      
+  {
+    "id": "string",
+    "metadata": {},
+    "request": {
+      "desc": "{{policy-name}} Policy",
+      "name": "{{policy-name}}",
+      "version" : "1.0",
+      "policies": {
+        "allowedAuthTypes": [
+          {
+            "authSubType": "IRIS",
+            "authType": "bio",
+            "mandatory": false
+          },
+          {
+            "authSubType": "FINGER",
+            "authType": "bio",
+            "mandatory": false
+          },
+          {
+            "authSubType": "FACE",
+            "authType": "bio",
+            "mandatory": false
+          },
+          {
+            "authSubType": "",
+            "authType": "otp",
+            "mandatory": false
+          },
+          {
+            "authSubType": "",
+            "authType": "otp-request",
+            "mandatory": false
+          },
+          {
+            "authSubType": "",
+            "authType": "kyc",
+            "mandatory": false
+          },
+          {
+            "authSubType": "",
+            "authType": "demo",
+            "mandatory": false
+          }
+        ],
+        "allowedKycAttributes": [
+          {
+            "attributeName": "fullName"
+          },
+          {
+            "attributeName": "gender"
+          },
+          {
+            "attributeName": "residenceStatus"
+          },
+          {
+            "attributeName": "dateOfBirth"
+          },
+          {
+            "attributeName": "photo"
+          }
+        ],
+        "authTokenType": "policy"
+      },
+      "policyGroupName": "{{policy-group-name}}",
+      "policyType": "Auth"
     },
-    "policyGroupName": "{{policy-group-name}}",
-    "policyType": "Auth"
-  },
-  "requesttime": "{{request-time}}",
-  "version": "LTS"
-}
+    "requesttime": "{{request-time}}",
+    "version": "LTS"
+  }
 ]