diff --git a/sandbox/CredentialType.json b/CredentialType.json similarity index 98% rename from sandbox/CredentialType.json rename to CredentialType.json index 8c53a1a37f2..cdf19f9654f 100644 --- a/sandbox/CredentialType.json +++ b/CredentialType.json @@ -1,6 +1,6 @@ { - "types": + "types": [ { "id" : "idtype1", diff --git a/README.md b/README.md index b9eeaf9e30a..9f5aa498c98 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,32 @@ -# mosip-config +# MOSIP Configuration -Configuration files for mosip-platform. +## Configuration properties -MOSIP uses Spring CLoud Config Server to read the properties files. So, to use the properties files in this repo, please updated the IP addresses, keys and passwords and then point to this repo in spring cloud config in kernel module. +MOSIP uses Spring CLoud Config Server to read the properties files. So, to use the properties files in this repo, please update the IP addresses, keys and passwords and then point to this repo in spring cloud config in kernel module. +## Config server + +Local Config Server Installation Guide + +### Overview +MOSIP uses Config Server to read the properties files. + +### Download + +1. Download Config server jar [config-server](https://mvnrepository.com/artifact/io.mosip.kernel/kernel-config-server) + +2. Clone the Mosip config repo [mosip-config](https://github.com/mosip/mosip-config/tree/develop2-v2) + +### Run + +To run config server jar set the following attribute + +``` +-Dspring.cloud.config.server.native.search-locations = point to mosip-config repo location +``` + +### Run Config Server Jar + +``` +java -jar -Dspring.profiles.active=native -Dspring.cloud.config.server.native.search-locations=file:C:\mosipcode\mosip-config\sandbox -Dspring.cloud.config.server.accept-empty=true -Dspring.cloud.config.server.git.force-pull=false -Dspring.cloud.config.server.git.cloneOnStart=false -Dspring.cloud.config.server.git.refreshRate=0 kernel-config-server-1.0.6.jar +``` diff --git a/admin-default.properties b/admin-default.properties new file mode 100644 index 00000000000..a20d69c5933 --- /dev/null +++ b/admin-default.properties @@ -0,0 +1,321 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.internal.url +# keycloak.external.url +# mosip.admin.client.secret (convention: ..secret) +# mosip.regproc.client.secret + + +mosip.admin.version-id=v1.0 +mosip.admin.request-id=ADMIN.REQUEST +## Database properties +# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +# If database is external to production, provide the DNS or ip of the host and port +mosip.kernel.database.hostname=postgres-postgresql.postgres +mosip.kernel.database.port=5432 + +## Account management +authmanager.base.url=${mosip.kernel.authmanager.url}/v1/authmanager +mosip.admin.accountmgmt.auth-manager-base-uri=${mosip.kernel.authmanager.url}/v1/authmanager +mosip.admin.accountmgmt.user-name-url=/username/ +mosip.admin.accountmgmt.user-detail-url=/userdetail/ +mosip.admin.accountmgmt.unblock-url=/unblock/ +mosip.admin.accountmgmt.change-passoword-url=/changepassword/ +mosip.admin.accountmgmt.reset-password-url=/resetpassword/ +mosip.admin.app-id=admin + +mosip.kernel.signature.cryptomanager-encrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/private/encrypt +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken +auth.server.refreshToken.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/refreshToken +auth.server.admin.allowed.audience=mosip-regproc-client,mosip-admin-client +auth.role.prefix=ROLE_ +auth.header.name=Authorization + +## Databases +javax.persistence.jdbc.driver=org.postgresql.Driver +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master +javax.persistence.jdbc.user=masteruser +javax.persistence.jdbc.password=${db.dbuser.password} +hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect +hibernate.jdbc.lob.non_contextual_creation=true +hibernate.hbm2ddl.auto=none +hibernate.show_sql=false +hibernate.format_sql=false +hibernate.connection.charSet=utf8 +hibernate.cache.use_second_level_cache=false +hibernate.cache.use_query_cache=false +hibernate.cache.use_structured_entries=false +hibernate.generate_statistics=false + +## Use registration +auth.server.user-register-url=${mosip.kernel.authmanager.url}/v1/authmanager/user +mosip.kernel.emailnotifier-url=${mosip.kernel.notification.url}/v1/notifier/email/send +auth.server.sendotp-url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/sendotp +auth.server.user-add-password-url=${mosip.kernel.authmanager.url}/v1/authmanager/user/addpassword +mosip.admin-appid=admin +mosip.admin-otp-context=auth-otp +mosip.admin-userid-otp-type=USERID + +## Security policy +mosip.admin.security.policy.auth-types=bio,nonbio +mosip.admin.security.policy.bio=finger,iris,face +mosip.admin.security.policy.nonbio=otp,password +mosip.admin.security.policy.policy-types=type1,type2,type3 +mosip.admin.security.policy.type1=password +mosip.admin.security.policy.type2=password,otp +mosip.admin.security.policy.type3=otp +mosip.admin.security.policy.role-policy-mapping={ZONAL_ADMIN:'type2',ZONAL_APPROVER:'type1',CENTRAL_ADMIN:'type1',CENTRAL_APPROVER:'type1',REGISTRATION_OFFICER:'type1',REGISTRATION_SUPERVISOR:'type1',REGISTRATION_OPERATOR:'type1'} +mosip.admin.security.policy.userrole-auth-url=${mosip.kernel.authmanager.url}/v1/authmanager/role/{appId}/{username} + +## Masterdata cards + +mosip.admin.masterdata.lang-code=eng,ara,fra +mosip.admin-services.required.roles=GLOBAL_ADMIN + +#masterdata machine +mosip.admin.masterdata.card.machines-eng=Machines +mosip.admin.masterdata.card.machines-ara=\u0622\u0644\u0627\u062A +mosip.admin.masterdata.card.machines-fra=Machines + +#masterdata machine specs +mosip.admin.masterdata.card.machine-specs-eng=Machine Specifications +mosip.admin.masterdata.card.machine-specs-fra=Spécifications de la machine +mosip.admin.masterdata.card.machine-specs-ara=\u0645\u0648\u0627\u0635\u0641\u0627\u062A \u0627\u0644\u062C\u0647\u0627\u0632 + +#masterdata machine types +mosip.admin.masterdata.card.machine-types-eng=Machine Types +mosip.admin.masterdata.card.machine-types-fra=Types de machines +mosip.admin.masterdata.card.machine-types-ara=\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0645\u0627\u0643\u064A\u0646\u0627\u062A + +#masterdata devices +mosip.admin.masterdata.card.devices-eng=Devices +mosip.admin.masterdata.card.devices-ara=\u0627\u0644\u0623\u062C\u0647\u0632\u0629 +mosip.admin.masterdata.card.devices-fra=Dispositifs + +#masterdata device specs +mosip.admin.masterdata.card.device-specs-eng=Device Specification +mosip.admin.masterdata.card.device-specs-fra=Spécification de l'appareil +mosip.admin.masterdata.card.device-specs-ara=\u0645\u0648\u0627\u0635\u0641\u0627\u062A \u0627\u0644\u062C\u0647\u0627\u0632 + +#masterdata device types +mosip.admin.masterdata.card.device-types-eng=Device Types +mosip.admin.masterdata.card.device-types-fra=Types de périphériques +mosip.admin.masterdata.card.device-types-ara=\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0623\u062C\u0647\u0632\u0629 + +#masterdata registration center +mosip.admin.masterdata.card.centers-eng=Registration Center +mosip.admin.masterdata.card.centers-fra=Centre d'inscription +mosip.admin.masterdata.card.centers-ara=\u0645\u0631\u0643\u0632 \u0627\u0644\u062A\u0633\u062C\u064A\u0644 + +#masterdata regcenter type +mosip.admin.masterdata.card.center-type-eng=Registration Center Type +mosip.admin.masterdata.card.center-type-fra=Type de centre d'inscription +mosip.admin.masterdata.card.center-type-ara=\u0646\u0648\u0639 \u0645\u0631\u0643\u0632 \u0627\u0644\u062A\u0633\u062C\u064A\u0644 + +#masterdata blacklisted words +mosip.admin.masterdata.card.blacklisted-eng=Blacklisted Words +mosip.admin.masterdata.card.blacklisted-fra=Mots sur la liste noire +mosip.admin.masterdata.card.blacklisted-ara=\u0643\u0644\u0645\u0627\u062A \u0641\u064A \u0627\u0644\u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0633\u0648\u062F\u0627\u0621 + +#masterdata title +mosip.admin.masterdata.card.titles-eng=Title +mosip.admin.masterdata.card.titles-fra=Titre +mosip.admin.masterdata.card.titles-ara=\u0639\u0646\u0648\u0627\u0646 + +#masterdata gender +mosip.admin.masterdata.card.genders-eng=Gender +mosip.admin.masterdata.card.genders-fra=le sexe +mosip.admin.masterdata.card.genders-ara=\u062C\u0646\u0633 + +#masterdata individual types +mosip.admin.masterdata.card.individuals-eng=Individual +mosip.admin.masterdata.card.individuals-fra=Individuel +mosip.admin.masterdata.card.individuals-ara=\u0641\u0631\u062F + +#masterdata document types +mosip.admin.masterdata.card.document-types-eng=Document Types +mosip.admin.masterdata.card.document-types-fra=Types de documents +mosip.admin.masterdata.card.document-types-ara=\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0645\u0633\u062A\u0646\u062F\u0627\u062A + +#masterdata document category +mosip.admin.masterdata.card.document-category-eng=Document Category +mosip.admin.masterdata.card.document-category-fra=Catégorie de document +mosip.admin.masterdata.card.document-category-ara=\u0641\u0626\u0629 \u0627\u0644\u0648\u062B\u064A\u0642\u0629 + +## masteradata holidays +mosip.admin.masterdata.card.holidays-eng=Holidays +mosip.admin.masterdata.card.holidays-fra=Vacances +mosip.admin.masterdata.card.holidays-ara=\u0627\u0644\u0639\u0637\u0644 + +## masterdata locations +mosip.admin.masterdata.card.locations-eng=Locations +mosip.admin.masterdata.card.locations-fra=Emplacements +mosip.admin.masterdata.card.locations-ara=\u0645\u0648\u0627\u0642\u0639 + +## masterdata template +mosip.admin.masterdata.card.templates-eng=Templates +mosip.admin.masterdata.card.templates-fra=Modèles +mosip.admin.masterdata.card.templates-ara=\u0642\u0648\u0627\u0644\u0628 + +## masterdata valid document +mosip.admin.masterdata.card.valid-document-eng=Valid Documents +mosip.admin.masterdata.card.valid-document-fra=Documents valides +mosip.admin.masterdata.card.valid-document-ara=\u0648\u062B\u0627\u0626\u0642 \u0635\u0627\u0644\u062D\u0629 + +## UIN activate/deactivate +mosip.admin.uinmgmt.uin-detail-search=${mosip.idrepo.identity.url}/v1/identity/uin/{uin} +mosip.kernel.packet-status-update-url=${mosip.regproc.transaction.service.url}/registrationprocessor/v1/registrationtransaction/search/ +mosip.kernel.packet-reciever-api-url=${mosip.packet.receiver.url}/registrationprocessor/v1/packetreceiver/registrationpackets +mosip.kernel.zone-validation-url=${mosip.kernel.masterdata.url}/v1/masterdata/zones/authorize +mosip.kernel.registrationcenterid.length=5 +mosip.kernel.audit.manager.api=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.kernel.masterdata.audit-url=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits + +mosip.admin-services.audit.manager.api=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.open-id.base-url=${keycloak.internal.url} +mosip.admin-services.open-id.realmid=mosip +mosip.admin-services.open-id.login_flow.name=authorization_code +mosip.admin-services.open-id.clientid=mosip-admin-client +mosip.admin-services.open-id.clientsecret=${mosip.admin.client.secret} +mosip.admin-services.redirecturi=${mosip.api.internal.url}/v1/admin/login-redirect/ +mosip.admin-services.open-id.login_flow.scope=email +mosip.admin-services.open-id.login_flow.response_type=code +mosip.admin-services.open-id.authorization_endpoint=${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/auth +mosip.admin-services.open-id.token_endpoint=${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/token +mosip.admin-services.cookie.security=true + +mosip.ui.spec.default.domain=registration-client + +## Security +mosip.security.csrf-enable=false +mosip.security.cors-enable=false +mosip.security.origins=localhost:8080 +mosip.security.secure-cookie=false + +# IAM +mosip.iam.module.login_flow.name=authorization_code +mosip.iam.module.clientID=mosip-admin-client +mosip.iam.module.clientsecret=${mosip.admin.client.secret} +mosip.iam.module.redirecturi=${mosip.api.internal.url}/v1/admin/login-redirect/ +#mosip.iam.module.redirecturi=${tempuri}/v1/admin/login-redirect/ +#mosip.iam.module.login_flow.scope=cls +mosip.iam.module.login_flow.scope=email +mosip.iam.module.login_flow.response_type=code + +#This is the endpoint use by ui(browser) based applications to redirect to open-id system. This URL should be reachable through the browser. +mosip.iam.authorization_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/auth +mosip.iam.module.admin_realm_id=mosip +mosip.iam.token_endpoint=${keycloak.internal.url}/auth/realms/mosip/protocol/openid-connect/token +mosip.iam.certs_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs + +regproc.token.request.appid=regproc +regproc.token.request.clientId=mosip-regproc-client +regproc.token.request.secretKey=${mosip.regproc.client.secret} +regproc.token.request.id=io.mosip.registration.processor +regproc.token.request.version=1.0 +KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey + +# IAM adapter +mosip.iam.adapter.appid=admin +mosip.iam.adapter.clientid=mosip-admin-client +mosip.iam.adapter.clientsecret=${mosip.admin.client.secret} +mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip +mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +# in minutes +mosip.iam.adapter.validate-expiry-check-rate=1440 +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=1440 +#this should be false if you don?t use this restTemplate true if you do +mosip.iam.adapter.self-token-renewal-enable=true + +# LostRid +mosip.registration.processor.lostrid.id=mosip.registration.lostrid +mosip.registration.processor.lostrid.version=1.0 +LOST_RID_API=${mosip.regproc.status.service.url}/registrationprocessor/v1/registrationstatus/lostridsearch +logging.level.org.springframework.web.client.RestTemplate=INFO + +# Roles +mosip.role.admin.getpacketstatusupdate=REGISTRATION_ADMIN +mosip.role.admin.postbulkupload=GLOBAL_ADMIN,REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.getbulkuploadtranscationtranscationid=GLOBAL_ADMIN,REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.getbulkuploadgetalltransactions=GLOBAL_ADMIN,REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.postauditmanagerlog=GLOBAL_ADMIN,ZONAL_ADMIN + + +mosip.role.admin.getgeneratecsrcertificateapplicationidreferenceid=KEY_MAKER +mosip.role.admin.postuploadcertificate=KEY_MAKER +mosip.role.admin.postgeneratecsr=KEY_MAKER +mosip.role.admin.postuploadotherdomaincertificate=KEY_MAKER + +mosip.role.admin.getlostRiddetailsrid=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.postlostRid=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.getapplicantDetailsrid=DIGITALCARD_ADMIN +mosip.role.admin.getapplicantDetailsgetLoginDetails=DIGITALCARD_ADMIN +mosip.role.admin.getriddigitalcardrid=DIGITALCARD_ADMIN + +# packet-manager +mosip.commons.packetnames=id,evidence,optional +provider.packetreader.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetwriter.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketWriterImpl +objectstore.adapter.name=PosixAdapter +objectstore.crypto.name=OnlinePacketCryptoServiceImpl +default.provider.version=v1.0 +object.store.base.location=./packets +objectstore.packet.source=REGISTRATION_CLIENT +packet.manager.account.name=PACKET_MANAGER_ACCOUNT +objectstore.packet.supervisor_biometrics_file_name=supervisor_bio_cbeff +objectstore.packet.officer_biometrics_file_name=officer_bio_cbeff +mosip.kernel.xsdstorage-uri = LOCAL +mosip.kernel.xsdfile = LOCAL +#----JSON Validator Component---- +#Property Source of the Identity Schema. LOCAL specifies the schema is stored within the application. Should not be modified +mosip.kernel.jsonvalidator.property-source = LOCAL +#Storage Location of the Identity Schema. LOCAL specifies the schema is stored within the application. Should not be modified +mosip.kernel.jsonvalidator.file-storage-uri=LOCAL + +mosip.kernel.machineid.length=5 +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +MACHINE_GET_API=${mosip.kernel.masterdata.url}/v1/masterdata/machines/mappedmachines/ +CRYPTOMANAGERDECRYPT_API=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +CRYPTOMANAGER_DECRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt +mosip.kernel.syncdata-service-get-tpm-publicKey-url=${mosip.kernel.syncdata.url}/v1/syncdata/tpm/publickey/ +mosip.admin.packetupload.packetsync.url=${mosip.regproc.status.service.url}/registrationprocessor/v1/registrationstatus/syncV2 +mosip.admin.packetupload.packetsync.name=fullName,name,firstName,middleName,lastName +mosip.admin.packetupload.packetsync.email=email +mosip.admin.packetupload.packetsync.phone=phone + +mosip.admin.audit.manager.eventName.pattern=^(Click|Page View): ([\\W|\\w]{1,100}$) +registration.processor.identityjson=identity-mapping.json + +###Key manager url's used by KeyManagerDelegation api from admin-service to delegate request +mosip.kernel.keymanager.generatecsr=${mosip.kernel.keymanager.url}/v1/keymanager/generateCSR +mosip.kernel.keymanager.getcertificate=${mosip.kernel.keymanager.url}/v1/keymanager/getCertificate? +mosip.kernel.keymanager.uploadcertificate=${mosip.kernel.keymanager.url}/v1/keymanager/uploadCertificate +mosip.kernel.keymanager.uploadotherdomaincertificate=${mosip.kernel.keymanager.url}/v1/keymanager/uploadOtherDomainCertificate + +# this property are used in AdminProxyService to get base url and version +mosip.admin.masterdata.service.url=http://masterdata.kernel/v1 +mosip.admin.keymanager.service.url=http://keymanager.keymanager/v1 +mosip.admin.masterdata.service.version=masterdata.kernel/v1 +mosip.admin.keymanager.service.version=keymanager.keymanager/v1 +mosip.admin.base.url=http:/ +mosip.service.end-points=/**/masterdata/**,/**/keymanager/** +auth.allowed.urls=https://${mosip.admin.host}/ + +# query param usd to refer url to redirect after logout +mosip.iam.post-logout-uri-param-key=post_logout_redirect_uri +# end session endpoint in OIDC +mosip.iam.end-session-endpoint-path=/protocol/openid-connect/logout + +#--------------------Applicant Details Api----------------------------- +mosip.admin.identityMappingJson=identity-mapping.json +mosip.admin.applicant-details.exposed-identity-fields=dob,applicantPhoto +RETRIEVE_IDENTITY_API=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid +## this property is used to configure max limit of search for the login user to get applicantDetails +mosip.admin.applicant-details.max.login.count=30 + +#-------------------Digital Card Api----------------------------------- +DIGITAL_CARD_STATUS_URL=${mosip.digitalcard.service.url}/v1/digitalcard diff --git a/amr-acr-mapping.json b/amr-acr-mapping.json new file mode 100644 index 00000000000..367cea85b3c --- /dev/null +++ b/amr-acr-mapping.json @@ -0,0 +1,16 @@ +{ + "amr" : { + "PWD" : [{"type" : "PWD" }], + "PIN" : [{ "type": "PIN" }], + "OTP" : [{ "type": "OTP" }], + "Wallet" : [{ "type": "WLA" }], + "L1-bio-device" : [{ "type": "BIO", "count": 1 }] + }, + "acr_amr" : { + "mosip:idp:acr:password" : ["PWD"], + "mosip:idp:acr:static-code" : ["PIN"], + "mosip:idp:acr:generated-code" : ["OTP"], + "mosip:idp:acr:linked-wallet" : [ "Wallet" ], + "mosip:idp:acr:biometrics" : [ "L1-bio-device" ] + } +} diff --git a/applicanttype-document-mapping.json b/applicanttype-document-mapping.json new file mode 100644 index 00000000000..37dd1352fd4 --- /dev/null +++ b/applicanttype-document-mapping.json @@ -0,0 +1,34 @@ +{ + "applicantCategory": [ + { + "applicantType": "adult", + "documentCategory": [ + { + "key": "proofOfAddress", + "values": ["DOC001", "DOC013", "DOC014", "DOC015", "DOC005", "DOC005", "DOC006", "DOC016", "DOC017", "DOC018", "DOC008"] + }, + { + "key": "proofOfIdentity", + "values": ["DOC001", "DOC002", "DOC003", "DOC004", "DOC005", "DOC006", "DOC007", "DOC008", "DOC009", "DOC010", "DOC011", "DOC012"] + } + ] + }, + { + "applicantType": "child", + "documentCategory": [ + { + "key": "proofOfRelation", + "values": ["DOC024", "DOC025", "DOC026", "DOC001", "DOC027", "DOC028"] + }, + { + "key": "proofOfIdentity", + "values": ["DOC001", "DOC006", "DOC009"] + }, + { + "key": "proofOfAddress", + "values": ["DOC001", "DOC013", "DOC014", "DOC006"] + } + ] + } + ] +} diff --git a/applicanttype.mvel b/applicanttype.mvel new file mode 100644 index 00000000000..6dc4daff750 --- /dev/null +++ b/applicanttype.mvel @@ -0,0 +1,185 @@ +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.time.format.DateTimeFormatter; +import java.time.Period; +import java.util.List; +import java.time.ZoneId; +import java.time.temporal.ValueRange; + +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +String CHILD = "INFANT"; +String ADULT = "ADULT"; +String MINOR = "MINOR"; +String MALE = 'MLE'; +String FEMALE = 'FLE'; +String NonResident = "FR"; +String Resident = "NFR"; +String Others = "OTH"; +String DATE_PATTERN = "yyyy/MM/dd"; +String regex = "^\\d{4}(\\/)(((0)[1-9])|((1)[0-2]))(\\/)([0-2][0-9]|(3)[0-1])$"; +Pattern pattern = Pattern.compile(regex); + +def isUpdateFlow(identity) { + Object val = identity.getOrDefault('_flow', null); + return (val == 'Update') ? true : false; +} + +def getResidenceStatus(identity) { + if(identity.containsKey('residenceStatusCode')) { + return identity.getOrDefault('residenceStatusCode', null); + } + + if(identity.containsKey('residenceStatus')) { + Object val = identity.getOrDefault('residenceStatus', null); + return val == null ? null : + (val instanceof String ? ; (String)val : (String) ((List)val).get(0).value); + } + + return null; +} + +def getGenderType(identity) { + if(identity.containsKey('genderCode')) { + return identity.getOrDefault('genderCode', null); + } + + if(identity.containsKey('gender')) { + Object val = identity.getOrDefault('gender', null); + return val == null ? null : + (val instanceof String ? ; (String)val : (String) ((List)val).get(0).value); + } + + return null; +} + +def getAgeCode(identity) { + if(ageGroups == null || !identity.containsKey('dateOfBirth')) + return null; + + String dob = identity.get('dateOfBirth'); + if(!pattern.matcher(dob).matches()) + return null; + + LocalDate date = LocalDate.parse(dob, DateTimeFormatter.ofPattern(DATE_PATTERN)); + LocalDate currentDate = LocalDate.now(ZoneId.of("UTC")); + + if(date.isAfter(currentDate)) { return 'KER-MSD-151'; } + + int ageInYears = Period.between(date, currentDate).getYears(); + + String ageGroup = null; + for(String groupName : ageGroups.keySet()) { + String[] range = ((String)ageGroups.get(groupName)).split('-'); + if(ValueRange.of(Long.valueOf(range[0]), Long.valueOf(range[1])).isValidIntValue(ageInYears)) { + ageGroup = groupName; + } + } + + return ageGroup == null ? null : ageGroup; +} + + +def getBioExceptionFlag(identity) { + if(!identity.containsKey('isBioException')) { return false; } + Object val = identity.getOrDefault('isBioException', null); + return (val == 'true') ? true : (( val == 'false' ) ? false : null); +} + +def getApplicantType() { + String itc = getResidenceStatus(identity); + String genderType = getGenderType(identity); + String ageCode = getAgeCode(identity); + boolean isBioExPresent = getBioExceptionFlag(identity); + + if( ageCode == 'KER-MSD-151' ) { return "KER-MSD-151"; } + + if(itc == null || genderType == null || ageCode == null || isBioExPresent == null ) { + return isUpdateFlow(identity) ? "000" : "KER-MSD-147"; + } + + System.out.println(itc + " - " + genderType + " - " + ageCode + " - " + isBioExPresent); + + if (itc == NonResident && genderType == MALE && ageCode == CHILD && !isBioExPresent) { + return "001"; + } else if (itc == NonResident && genderType == MALE && ageCode == ADULT && !isBioExPresent) { + return "002"; + } else if (itc == NonResident && genderType == MALE && ageCode == MINOR && !isBioExPresent) { + return "002"; + } else if (itc == Resident && genderType == MALE && ageCode == CHILD && !isBioExPresent) { + return "003"; + } else if (itc == Resident && genderType == MALE && ageCode == ADULT && !isBioExPresent) { + return "004"; + } else if (itc == Resident && genderType == MALE && ageCode == MINOR && !isBioExPresent) { + return "004"; + } else if (itc == NonResident && genderType == FEMALE && ageCode == CHILD && !isBioExPresent) { + return "005"; + } else if (itc == NonResident && genderType == FEMALE && ageCode == ADULT && !isBioExPresent) { + return "006"; + } else if (itc == NonResident && genderType == FEMALE && ageCode == MINOR && !isBioExPresent) { + return "006"; + } else if (itc == Resident && genderType == FEMALE && ageCode == CHILD && !isBioExPresent) { + return "007"; + } else if (itc == Resident && genderType == FEMALE && ageCode == ADULT && !isBioExPresent) { + return "008"; + } else if (itc == Resident && genderType == FEMALE && ageCode == MINOR && !isBioExPresent) { + return "008"; + } else if (itc == NonResident && genderType == Others && ageCode == CHILD && !isBioExPresent) { + return "005"; + } else if (itc == NonResident && genderType == Others && ageCode == ADULT && !isBioExPresent) { + return "006"; + } else if (itc == NonResident && genderType == Others && ageCode == MINOR && !isBioExPresent) { + return "006"; + } else if (itc == Resident && genderType == Others && ageCode == CHILD && !isBioExPresent) { + return "007"; + } else if (itc == Resident && genderType == Others && ageCode == ADULT && !isBioExPresent) { + return "008"; + } else if (itc == Resident && genderType == Others && ageCode == MINOR && !isBioExPresent) { + return "008"; + } else if (itc == NonResident && genderType == MALE && ageCode == CHILD && isBioExPresent) { + return "009"; + } else if (itc == NonResident && genderType == MALE && ageCode == ADULT && isBioExPresent) { + return "010"; + } else if (itc == Resident && genderType == MALE && ageCode == CHILD && isBioExPresent) { + return "011"; + } else if (itc == Resident && genderType == MALE && ageCode == ADULT && isBioExPresent) { + return "012"; + } else if (itc == NonResident && genderType == FEMALE && ageCode == CHILD && isBioExPresent) { + return "013"; + } else if (itc == NonResident && genderType == FEMALE && ageCode == ADULT && isBioExPresent) { + return "014"; + } else if (itc == Resident && genderType == FEMALE && ageCode == CHILD && isBioExPresent) { + return "015"; + } else if (itc == Resident && genderType == FEMALE && ageCode == ADULT && isBioExPresent) { + return "016"; + } else if (itc == NonResident && genderType == Others && ageCode == CHILD && isBioExPresent) { + return "013"; + } else if (itc == NonResident && genderType == Others && ageCode == ADULT && isBioExPresent) { + return "014"; + } else if (itc == Resident && genderType == Others && ageCode == CHILD && isBioExPresent) { + return "015"; + } else if (itc == Resident && genderType == Others && ageCode == ADULT && isBioExPresent) { + return "016"; + } + + else if (itc == NonResident && genderType == MALE && ageCode == MINOR && isBioExPresent) { + return "014"; + } else if (itc == Resident && genderType == MALE && ageCode == MINOR && isBioExPresent) { + return "015"; + } + + else if (itc == NonResident && genderType == FEMALE && ageCode == MINOR && isBioExPresent) { + return "014"; + } else if (itc == Resident && genderType == FEMALE && ageCode == MINOR && isBioExPresent) { + return "015"; + } + + else if (itc == NonResident && genderType == Others && ageCode == MINOR && isBioExPresent) { + return "014"; + } else if (itc == Resident && genderType == Others && ageCode == MINOR && isBioExPresent) { + return "015"; + } + + return "000"; +} diff --git a/application-default.properties b/application-default.properties new file mode 100644 index 00000000000..836e20b25cf --- /dev/null +++ b/application-default.properties @@ -0,0 +1,460 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# override below properties for v2 deployment +# keycloak.external.url +# keycloak.internal.url +# mosip.api.internal.host + + +aplication.configuration.level.version=LTS + +## Idobject validator +# This config is used for loading recommended centers based on the value of the config. +# The value depicts the location hierarchy code of the hierarchy based on which the recommended centers is loaded +mosip.recommended.centers.locCode=5 + +## Common properties used across different modules +mosipbox.public.url=${mosip.api.internal.url} +mosip.api.internal.url=https://${mosip.api.internal.host} +mosip.api.public.url=https://${mosip.api.public.host} +mosip.kernel.authmanager.url=http://authmanager.kernel +mosip.kernel.masterdata.url=http://masterdata.kernel +mosip.kernel.keymanager.url=http://keymanager.keymanager +mosip.kernel.auditmanager.url=http://auditmanager.kernel +mosip.kernel.notification.url=http://notifier.kernel +mosip.kernel.idgenerator.url=http://idgenerator.kernel +mosip.kernel.otpmanager.url=http://otpmanager.kernel +mosip.kernel.syncdata.url=http://syncdata.kernel +mosip.kernel.pridgenerator.url=http://pridgenerator.kernel +mosip.kernel.ridgenerator.url=http://ridgenerator.kernel +mosip.idrepo.identity.url=http://identity.idrepo +mosip.idrepo.vid.url=http://vid.idrepo +mosip.admin.hotlist.url=http://admin-hotlist.admin +mosip.admin.service.url=http://admin-service.admin +mosip.admin.ui.url=http://admin-ui.admin +mosip.pms.policymanager.url=http://pms-policy.pms +mosip.pms.partnermanager.url=http://pms-partner.pms +mosip.pms.ui.url=http://pms-ui.pms +mosip.idrepo.credrequest.generator.url=http://credentialrequest.idrepo +mosip.idrepo.credential.service.url=http://credential.idrepo +mosip.datashare.url=http://datashare.datashare +mosip.mock.biosdk.url=http://biosdk-service.biosdk +mosip.idrepo.biosdk.url=http://biosdk-service.biosdk +mosip.regproc.workflow.url=http://regproc-workflow.regproc +mosip.regproc.status.service.url=http://regproc-status.regproc +mosip.regproc.transaction.service.url=http://regproc-trans.regproc +mosip.packet.receiver.url=http://regproc-group1.regproc +mosip.websub.url=http://websub.websub +mosip.regproc.biosdk.url=http://biosdk-service.biosdk +mosip.consolidator.url=http://websub-consolidator.websub +mosip.file.server.url=http://mosip-file-server.mosip-file-server +mosip.ida.internal.url=http://ida-internal.ida +mosip.ida.auth.url=http://ida-auth.ida +mosip.ida.otp.url=http://ida-otp.ida +mosip.resident.url=http://resident.resident +mosip.artifactory.url=http://artifactory.artifactory +mosip.esignet.service.url=http://esignet.esignet +kafka.profile=kafka.svc.cluster.local +kafka.port=9092 +mosip.digitalcard.service.url=http://digitalcard.digitalcard + +config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ + +# masterdata field data url +mosip.idobjectvalidator.masterdata.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/possiblevalues/{subType} +# Path to IDSchemaVersion. Path is defined as per JsonPath.compile. +mosip.kernel.idobjectvalidator.identity.id-schema-version-path=identity.IDSchemaVersion +# Path to dateOfBirth field. Path is defined as per JsonPath.compile. +mosip.kernel.idobjectvalidator.identity.dob-path = identity.dateOfBirth + +# Refresh cache only once for a particular subType for each request, when a value is not found for that subType. By default, it is false +mosip.idobjectvalidator.refresh-cache-on-unknown-value=false + +# Date format expected in identity json. commenting/removing below property will disable dob format validation in identity json. +mosip.kernel.idobjectvalidator.date-format=uuuu/MM/dd +## Properties that need to be updated when Identity Schema has been updated +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.update-uin=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.other=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.lost=IDSchemaVersion +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.biometric_correction=IDSchemaVersion +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.opencrvs_new=IDSchemaVersion +# Value used in IdObjectReferenceValidator when value is not available +mosip.kernel.idobjectvalidator.masterdata.value-not-available=NA + +## Bio attribute allowed to be stored in IDRepo as per Identity Schema +mosip.idrepo.identity.allowedBioAttributes=individualBiometrics + +## List of all bio attriutes defined in Identity Schema +mosip.idrepo.identity.bioAttributes=individualBiometrics,parentOrGuardianBiometrics + +mosip.country.code=MOR + +## Language supported by platform +mosip.supported-languages=eng,ara,fra +mosip.right_to_left_orientation=ara +mosip.left_to_right_orientation=eng,fra + +## Application IDs +mosip.prereg.app-id=PRE_REGISTRATION +mosip.reg.app-id=REGISTRATION +mosip.regproc.app-id=REGISTRATION_PROCESSOR +mosip.ida.app-id=IDA +mosip.ida.ref-id=INTERNAL +mosip.idrepo.app-id=ID_REPO + +mosip.utc-datetime-pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +mosip.sign.header=response-signature +mosip.signed.response.header=response-signature + +## CBEFF util +# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. +mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ +# Cbeff XSD file name in config server +mosip.kernel.xsdfile=mosip-cbeff.xsd + +## Applicant type +mosip.kernel.applicant.type.age.limit = 5 +mosip.kernel.applicantType.mvel.file=applicanttype.mvel +mosip.kernel.config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ + + +## Various length parameters +mosip.kernel.pin.length=6 +mosip.kernel.tspid.length=4 +mosip.kernel.partnerid.length=4 +mosip.kernel.tokenid.length=36 +mosip.kernel.registrationcenterid.length=5 +mosip.kernel.machineid.length=5 + +## RID +mosip.kernel.rid.length=29 +mosip.kernel.rid.timestamp-length=14 +mosip.kernel.rid.sequence-length=5 + +## PRID +mosip.kernel.prid.length=14 +## Upper bound of number of digits in sequence allowed in id. For example if +## limit is 3, then 12 is allowed but 123 is not allowed in id (in both +## ascending and descending order) +mosip.kernel.tokenid.sequence-limit=3 +## Upper bound of number of digits in sequence allowed in id. For example if +## limit is 3, then 12 is allowed but 123 is not allowed in id (in both +## ascending and descending order) +## to disable validation assign zero or negative value +mosip.kernel.prid.sequence-limit=3 +## Number of digits in repeating block allowed in id. For example if limit is 2, +## then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +## to disable validation assign zero or negative value +mosip.kernel.prid.repeating-block-limit=3 +## Lower bound of number of digits allowed in between two repeating digits in +## id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) to disable validation assign zero or negative value +mosip.kernel.prid.repeating-limit=2 +## list of number that id should not be start with to disable null +mosip.kernel.prid.not-start-with=0,1 +## restricted numbers for prid +mosip.kernel.prid.restricted-numbers=786,666 + +## VID +mosip.kernel.vid.length=16 +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 1 +mosip.kernel.vid.length.sequence-limit=3 +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +# to disable repeating block validation assign 0 or negative value +mosip.kernel.vid.length.repeating-block-limit=2 +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.vid.length.repeating-limit=2 +# list of number that id should not be start with to disable null +mosip.kernel.vid.not-start-with=0,1 +mosip.kernel.vid.restricted-numbers=786,666 + +## UIN +mosip.kernel.uin.length=10 +mosip.kernel.uin.min-unused-threshold=200000 +mosip.kernel.uin.uins-to-generate=500000 +mosip.kernel.uin.restricted-numbers=786,666 +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 1 +mosip.kernel.uin.length.sequence-limit=3 +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +#to disable validation assign zero or negative value +mosip.kernel.uin.length.repeating-block-limit=2 +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.uin.length.repeating-limit=2 +#reverse group digit limit for uin filter +mosip.kernel.uin.length.reverse-digits-limit=5 +#group digit limit for uin filter +mosip.kernel.uin.length.digits-limit=5 +#should not start with +mosip.kernel.uin.not-start-with=0,1 +#adjacent even digit limit for uin filter +mosip.kernel.uin.length.conjugative-even-digits-limit=3 + +## Auth adapter +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + +#This is the frontend url configured in the open-id system. This url should match the issuer attribute in JWT. +auth.server.admin.issuer.internal.uri=${keycloak.internal.url}/auth/realms/ +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +auth-token-generator.rest.issuerUrl=${keycloak.internal.url}/auth/realms/mosip +mosip.keycloak.issuerUrl=${keycloak.internal.url}/auth/realms/mosip + +## iam adapter +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter +mosip.kernel.auth.adapter.ssl-bypass=true +mosip.kernel.auth.appid-realm-map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip',hotlist:'mosip',digitalcard:'mosip',signup:'mosip'} +mosip.kernel.auth.appids.realm.map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip',hotlist:'mosip',digitalcard:'mosip',signup:'mosip'} + +## Crypto +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +mosip.kernel.keygenerator.asymmetric-key-length=2048 +mosip.kernel.keygenerator.symmetric-key-length=256 +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +mosip.kernel.crypto.gcm-tag-length=128 +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +mosip.kernel.crypto.hash-symmetric-key-length=256 +mosip.kernel.crypto.hash-iteration=100000 +mosip.kernel.crypto.sign-algorithm-name=RS256 +mosip.kernel.keymanager-service-publickey-url=${mosip.kernel.keymanager.url}/v1/keymanager/publickey/{applicationId} +mosip.kernel.keymanager-service-decrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +mosip.kernel.keymanager-service-auth-decrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/auth/decrypt +mosip.kernel.keymanager-service-sign-url=${mosip.kernel.keymanager.url}/v1/keymanager/sign +mosip.kernel.keymanager.cert.url=${mosip.kernel.keymanager.url}/v1/keymanager/getCertificate +mosip.kernel.keymanager-service-CsSign-url=${mosip.kernel.keymanager.url}/v1/keymanager/cssign +mosip.sign.applicationid=KERNEL +mosip.sign.refid=SIGN +mosip.kernel.cryptomanager.request_id=CRYPTOMANAGER.REQUEST +mosip.kernel.cryptomanager.request_version=v1.0 +mosip.kernel.signature.signature-request-id=SIGNATURE.REQUEST +mosip.kernel.signature.signature-version-id=v1.0 + +## ID repo +mosip.idrepo.identity.uin-status.registered=ACTIVATED +mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED + +## OTP manager +mosip.kernel.otp.default-length=6 +## Default crypto function: HmacSHA512, HmacSHA256, HmacSHA1. +mosip.kernel.otp.mac-algorithm=HmacSHA512 +## OTP expires after the given time (in seconds). +mosip.kernel.otp.expiry-time=180 +## Key is frozen for the given time (in seconds). +mosip.kernel.otp.key-freeze-time=1800 +## Number of validation attempts allowed. +## mosip.kernel.otp.validation-attempt-threshold =3 means , the validation and generation will be blocked from 4th time. +mosip.kernel.otp.validation-attempt-threshold=10 +mosip.kernel.otp.min-key-length=3 +mosip.kernel.otp.max-key-length=64 + +## Licence key manager +mosip.kernel.licensekey.length=16 +# List of permissions +## NOTE: ',' in the below list is used as splitter in the implementation. +## Use of ',' in the values for below key should be avoided. +## Use of spaces before and after ',' also should be avoided. +mosip.kernel.licensekey.permissions=OTP Trigger,OTP Authentication,Demo Authentication - Identity Data Match,Demo Authentication - Address Data Match,Demo Authentication - Full Address Data Match,Demo Authentication - Secondary Language Match,Biometric Authentication - FMR Data Match,Biometric Authentication - IIR Data Match,Biometric Authentication - FID Data Match,Static Pin Authentication,eKYC - limited,eKYC - Full,eKYC - No + +## Virus scanner +# Here we specify the Kubernetes service name if clamav runs inside cluster +mosip.kernel.virus-scanner.host=clamav.clamav +mosip.kernel.virus-scanner.port=3310 + +## Transliteration +mosip.kernel.transliteration.arabic-language-code=ara +mosip.kernel.transliteration.english-language-code=eng +mosip.kernel.transliteration.french-language-code=fra +# Added this property for backward compatibility as it is misspelled in <1.2.0 versions of kernel-transliteration library +mosip.kernel.transliteration.franch-language-code=fra + +## DOB +mosip.default.dob.month=01 +mosip.default.dob.day=01 +mosip.login.mode= email,mobile + +## Notification +mosip.registration.processor.notification.types=EMAIL +mosip.notificationtype=SMS|EMAIL +mosip.kernel.sms.proxy-sms=false +mosip.kernel.auth.proxy-otp=true +mosip.kernel.auth.proxy-email=true +## Notification lanugage types: either PRIMARY or BOTH +mosip.notification.language-type=BOTH + +## System +logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=INFO + +## Admin +mosip.min-digit-longitude-latitude=4 +mosip.kernel.filtervalue.max_columns=20 +auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + +## PDF generation. TODO: this password must be passed as config server env variable +mosip.kernel.pdf_owner_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 + +## Quality check treshold +mosip.iris_threshold=0 +mosip.leftslap_fingerprint_threshold=0 +mosip.rightslap_fingerprint_threshold=0 +mosip.thumbs_fingerprint_threshold=0 +mosip.facequalitythreshold=0 + +## Bio SDK Integration +mosip.fingerprint.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.face.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.iris.provider=io.mosip.kernel.bioapi.impl.BioApiImpl + +## UIN alias +mosip.uin.alias= + +## Kernel salt generator +mosip.kernel.salt-generator.chunk-size=10 +mosip.kernel.salt-generator.start-sequence=0 +mosip.kernel.salt-generator.end-sequence=999 + +## HTTP +server.max-http-header-size=10000000 + + +## Prometheus +management.endpoint.metrics.enabled=true +management.endpoints.web.exposure.include=* +management.endpoint.prometheus.enabled=true +management.metrics.export.prometheus.enabled=true + +mosip.kernel.syncdata-service-idschema-url=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest +mosip.kernel.syncdata-service-dynamicfield-url=${mosip.kernel.masterdata.url}/v1/masterdata/dynamicfields +mosip.kernel.syncdata-service-get-tpm-publicKey-url=${mosip.kernel.syncdata.url}/v1/syncdata/tpm/publickey/ +mosip.kernel.keymanager-service-validate-url=${mosip.kernel.keymanager.url}/v1/keymanager/validate +mosip.kernel.keymanager-service-csverifysign-url=${mosip.kernel.keymanager.url}/v1/keymanager/csverifysign + +## GPS +mosip.registration.gps_device_enable_flag=n + +## Packet manager +## if source is not passed, packetmanager supports below default strategy - +## 1. 'exception' : it will throw exception. +## 2. 'defaultPriority' : use default priority packetmanager.default.priority. +packetmanager.default.read.strategy=defaultPriority +packetmanager.default.priority=source:REGISTRATION_CLIENT\/process:BIOMETRIC_CORRECTION|NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT,source:OPENCRVS\/process:OPENCRVS_NEW +packetmanager.name.source={default:'REGISTRATION_CLIENT',resident:'RESIDENT',opencrvs:'OPENCRVS'} +packetmanager.packet.signature.disable-verification=true +mosip.commons.packetnames=id,evidence,optional +provider.packetreader.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetreader.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetreader.opencrvs=source:OPENCRVS,process:OPENCRVS_NEW,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetwriter.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketWriterImpl +provider.packetwriter.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketWriterImpl +provider.packetwriter.opencrvs=source:OPENCRVS,process:OPENCRVS_NEW,classname:io.mosip.commons.packet.impl.PacketWriterImpl +objectstore.adapter.name=S3Adapter +## When we use AWS as an object store, we see that buckets with the same name across deployments cannot be created.so use the prefix with bucket name +object.store.s3.bucket-name-prefix=${s3.pretext.value:} +# the idschema is double by default. If country wish to change it to string then make this property false +mosip.commons.packet.manager.schema.validator.convertIdSchemaToDouble=true +## can be OnlinePacketCryptoServiceImpl OR OfflinePacketCryptoServiceImpl +objectstore.crypto.name=OnlinePacketCryptoServiceImpl +default.provider.version=v1.0 +## posix adapter config +object.store.base.location=/home/mosip +hazelcast.config=classpath:hazelcast_default.xml + + + +## Swift +object.store.swift.username=test +object.store.swift.password=test +object.store.swift.url=http://localhost:8080 + +packet.manager.account.name=${s3.pretext.value:}packet-manager +CRYPTOMANAGER_DECRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt +IDSCHEMAURL=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest +KEYMANAGER_SIGN=${mosip.kernel.keymanager.url}/v1/keymanager/sign +AUDIT_URL=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +packet.default.source=id +schema.default.fieldCategory=pvt,none + +## Device registration/deregistration config +mosip.stage.environment=Developer + +## Log level + +logging.level.root=INFO +logging.level.io.mosip=INFO +logging.level.io.vertx=INFO +logging.level.io.mosip.registration.processor.status=INFO +logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO + +## Tomcat access logs +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.directory=/dev +server.tomcat.accesslog.prefix=stdout +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.suffix= +server.tomcat.accesslog.file-date-format= +server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}","req.userAgent":"%{User-Agent}i","req.xForwardedFor":"%{X-Forwarded-For}i","req.referer":"%{Referer}i","req.method":"%m","req.remoteHost":"%a"} +server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve + +## Websub (internal url) +websub.hub.url=${mosip.websub.url}/hub/ +websub.publish.url=${mosip.websub.url}/hub/ + +mosip.mandatory-languages=eng +## Leave blank if no optional langauges +mosip.optional-languages=ara,fra +mosip.min-languages.count=2 +mosip.max-languages.count=3 + +# These are default languages used for sending notifications +mosip.default.template-languages=eng,ara,fra + +# Config key to pick the preferred language for communicating to the Resident +mosip.default.user-preferred-language-attribute=preferredLang + +# Path to identity mapping json file +mosip.identity.mapping-file=${mosip.kernel.xsdstorage-uri}/identity-mapping.json + +mosip.notification.timezone=GMT+05:30 + +# registration center type validation regex, used to restrict the special charecter +mosip.centertypecode.validate.regex=^[a-zA-Z0-9]([_-](?![_-])|[a-zA-Z0-9]){0,34}[a-zA-Z0-9]$ + +## Swagger +openapi.service.servers[0].url=${mosip.api.internal.url}${server.servlet.context-path:${server.servlet.path:}} +openapi.service.servers[0].description=For Swagger + +mosip.auth.filter_disable=false + +# PDF Digital card is protected with password using below property based on define attribute it will encrypt by taking first 4 character. +mosip.digitalcard.uincard.password=fullName|dateOfBirth +mosip.digitalcard.pdf.password.enable.flag=true + +# Comma separated values of allowed auth types +auth.types.allowed=otp-email,otp-phone,demo,bio-FINGER,bio-IRIS,bio-FACE,otp + +mosip.access_token.subject.claim-name=sub + +# It is used as a suffix for creating credential request ID using the RID. +mosip.registration.processor.rid.delimiter=-PDF + +# Web UI Idle timeout related properties +mosip.webui.auto.logout.idle=180 +mosip.webui.auto.logout.ping=30 +mosip.webui.auto.logout.timeout=60 + diff --git a/auth-policy-schema.json b/auth-policy-schema.json new file mode 100644 index 00000000000..d8ddb7f7e4d --- /dev/null +++ b/auth-policy-schema.json @@ -0,0 +1,66 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "allowedKycAttributes":{ + "type":"array", + "additionalItems": false, + "items": + { + "type":"object", + "properties":{ + "attributeName":{ + "type":"string" + } + }, + "required":[ + "attributeName" + ], + "additionalProperties": false + } + + }, + "allowedAuthTypes":{ + "type":"array", + "additionalItems": false, + "items": + { + "type":"object", + "properties":{ + "authType":{ + "type":"string" + }, + "authSubType":{ + "type":"string" + }, + "mandatory":{ + "type":"boolean" + } + }, + "required":[ + "authType", + "mandatory" + ], + "additionalProperties": false + } + + }, + "authTokenType":{ + "type":"string", + "enum":["random","partner","policy"] + }, + "kycLanguages": { + "type": "array", + "items": { + "type": "string" + } + } + }, + + "required":[ + "authTokenType", + "allowedAuthTypes", + "allowedKycAttributes" + ], + "additionalProperties": false +} diff --git a/biosdk-service-default.properties b/biosdk-service-default.properties new file mode 100644 index 00000000000..bf202460333 --- /dev/null +++ b/biosdk-service-default.properties @@ -0,0 +1,16 @@ +#iam mock-sdk config +sdk_check_iso_timestamp_format=true +mosip.role.biosdk.getservicestatus=REGISTRATION_PROCESSOR +biosdk_bioapi_impl=io.mosip.mock.sdk.impl.SampleSDKV2 + + +logging.level.root=INFO + +mosip.biosdk.log-request-response-enabled=false +# Uncomment below when mosip.biosdk.log-request-response-enabled is set to true. +#logging.level.io.mosip.biosdk.services.impl.spec_1_0.BioSdkServiceProviderImpl_V_1_0=DEBUG + +#iam image-compressor config +mosip.bio.image.compressor.resize.factor.fx=0.25 +mosip.bio.image.compressor.resize.factor.fy=0.25 +mosip.bio.image.compressor.compression.ratio=50 diff --git a/compliance-toolkit-default.properties b/compliance-toolkit-default.properties new file mode 100644 index 00000000000..bc8520a2430 --- /dev/null +++ b/compliance-toolkit-default.properties @@ -0,0 +1,197 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# mosip.toolkit.client.secret +# keycloak.internal.host +# keycloak.internal.url +# s3.accesskey +# s3.region +# s3.secretkey + +## Database properties +# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +# If database is external to production, provide the DNS or ip of the host and port + +##DB properties +javax.persistence.jdbc.driver=org.postgresql.Driver +mosip.database.ip=postgres-postgresql.postgres +mosip.database.port=5432 +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.database.ip}:${mosip.database.port}/mosip_toolkit?useSSL=false +javax.persistence.jdbc.user=toolkituser +javax.persistence.jdbc.password=${db.dbuser.password} + +## Hibernate +hibernate.hbm2ddl.auto=none +hibernate.show_sql=false +hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect +hibernate.jdbc.lob.non_contextual_creation=true + +logging.level.com.zaxxer.hikari=DEBUG + +## Project Version for the API response +version=1.0 + +server.servlet.context-path=/v1/toolkit + +## Security properties +mosip.security.csrf-enable=false +mosip.security.cors-enable=true +mosip.security.origins=http://localhost +mosip.security.secure-cookie=false + +#iam +mosip.api.internal.url=https://${mosip.api.internal.host} +#keycloak.external.url=${mosip.api.internal.url}/keycloak +iam.base.url=${keycloak.external.url} + +#iam adapter setup +mosip.service-context=${server.servlet.context-path} +mosip.service.end-points=/**/toolkit/** +mosip.global.end-points=/**/swagger-ui/**,/**/api-docs/**,/**/assets/**,/**/icons/**,/**/screenshots/**,/favicon**,/**/favicon**,/**/css/**,/**/js/**,/**/error**,/**/webjars/**,/**/csrf,/*/,/**/authenticate/**,/**/actuator/**,/sendOtp,/validateOtp,/invalidateToken,/config,/login,/logout,/validateOTP,/sendOTP,/**/login,/**/login/**,/**/login-redirect/**,/**/logout/**,/**/h2-console/**,/**/**/license/**,/**/callback/**,/**/authenticate/** +#mosip.service.exclude.auth.allowed.method=POST,GET,PATCH,PUT,DELETE +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter +mosip.auth.filter_disable=false +mosip.kernel.auth.adapter.ssl-bypass=true +mosip.kernel.auth.appid-realm-map={toolkit:'mosip'} +mosip.kernel.auth.appids.realm.map={toolkit:'mosip'} + +#iam adapter +mosip.iam.adapter.appid=toolkit +mosip.iam.adapter.clientid=mosip-toolkit-client +mosip.iam.adapter.clientsecret=${mosip.toolkit.client.secret} + +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +auth.server.admin.allowed.audience=mosip-toolkit-client,mosip-toolkit-android-client +auth.allowed.urls=https://${mosip.compliance.host}/ +mosip.iam.certs_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs + +auth.server.validate.url=${mosip.api.internal.url}/v1/authmanager/authorize/admin/validateToken + +## below are required for kernel-authcodeflowproxy-api dependency +mosip.iam.module.login_flow.name=authorization_code +mosip.iam.module.login_flow.scope=email +mosip.iam.module.login_flow.response_type=code +mosip.iam.module.clientid=mosip-toolkit-client +mosip.iam.module.clientsecret=${mosip.toolkit.client.secret} +mosip.iam.module.redirecturi=${mosip.api.internal.url}/v1/toolkit/login-redirect/ +mosip.iam.module.admin_realm_id=mosip +mosip.iam.base-url=${iam.base.url} +mosip.iam.authorization_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/auth +mosip.iam.token_endpoint=${iam.base.url}/auth/realms/mosip/protocol/openid-connect/token +auth.server.admin.validate.url=${mosip.api.internal.url}/v1/authmanager/authorize/admin/validateToken + +## below are required for kernel CBEFF util dependency +mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ +mosip.kernel.xsdfile=mosip-cbeff.xsd + +## Minio +object.store.s3.use.account.as.bucketname=true + +## To store documents +mosip.kernel.objectstore.account-name=compliance-toolkit + +# Object store +object.store.s3.accesskey=${s3.accesskey} +object.store.s3.secretkey=${s3.secretkey} +## For Minio: object.store.s3.url=http://minio.minio:9000 +## For AWS: object.store.s3.url=s3.${s3.region}.amazonaws.com +object.store.s3.url=http://minio.minio:9000 +object.store.s3.region=${s3.region} +object.store.s3.readlimit=10000000 + +## Trust Validation of SBI +mosip.service.auth.appid=regproc +mosip.service.auth.clientid=mosip-pms-client +mosip.service.auth.secretkey=${mosip.pms.client.secret} +#mosip.service.validation.url=${mosip.api.internal.url}/v1/partnermanager/deviceprovidermanagement/validate +mosip.service.authmanager.url=${mosip.api.internal.url}/v1/authmanager/authenticate/clientidsecretkey +mosip.service.keymanager.verifyCertificateTrust.url=${mosip.api.internal.url}/v1/keymanager/verifyCertificateTrust + +mosip.toolkit.sbi.ports=4501,4502,4503,4504,4505,4506,4507,4508,4509,4510 +mosip.toolkit.sbi.timeout=10000 +mosip.toolkit.sbi.keyrotation.iterations=2 + +## To decrypt biometrics in SBI Auth +mosip.service.keymanager.decrypt.appid=COMPLIANCE_TOOLKIT +mosip.service.keymanager.decrypt.refid=COMP-FIR +mosip.service.keymanager.decrypt.url=${mosip.api.internal.url}/v1/keymanager/decrypt +mosip.service.keymanager.encryption.key.url=${mosip.api.internal.url}/v1/keymanager/getCertificate?applicationId=COMPLIANCE_TOOLKIT&referenceId=COMP-FIR + +# Threshold value against which the quality check score value will be evaluated for Fingerprint biometric type. +mosip.toolkit.sdk.finger.qualitycheck.threshold.value=60 +# Threshold value against which the quality check score value will be evaluated for Face biometric type. +mosip.toolkit.sdk.face.qualitycheck.threshold.value=30 +# Threshold value against which the quality check score value will be evaluated for Iris biometric type. +mosip.toolkit.sdk.iris.qualitycheck.threshold.value=60 + +# TestRuns more than this limit will be moved to archives +mosip.toolkit.testrun.archive.offset=5 + +mosip.kernel.virus-scanner.host=clamav.clamav +mosip.kernel.virus-scanner.port=3310 + +#Enable or disable the virus scanner(true/false) +mosip.toolkit.document.scan=true + +##the id for API +mosip.toolkit.api.id.projects.get=mosip.toolkit.projects.retrieve +mosip.toolkit.api.id.sbi.project.get=mosip.toolkit.sbi.project.retrieve +mosip.toolkit.api.id.collections.get=mosip.toolkit.collections.retrieve +mosip.toolkit.api.id.collection.get=mosip.toolkit.collection.retrieve +mosip.toolkit.api.id.sdk.project.get=mosip.toolkit.sdk.project.retrieve +mosip.toolkit.api.id.sdk.project.put=mosip.toolkit.sdk.project.update +mosip.toolkit.api.id.sdk.project.post=mosip.toolkit.sdk.project.add +mosip.toolkit.api.id.collection.post=mosip.toolkit.collection.add +mosip.toolkit.api.id.sbi.project.post=mosip.toolkit.sbi.project.add +mosip.toolkit.api.id.testcase.project.get=mosip.toolkit.testcase.project.retrieve +mosip.toolkit.api.id.validations.post=mosip.toolkit.api.id.validations +mosip.toolkit.api.id.generate.sdk.request.post=mosip.toolkit.api.id.generate.sdk.request +mosip.toolkit.api.id.collection.testcases.get=mosip.toolkit.collection.testcases.retrieve +mosip.toolkit.api.id.collection.testcase.post=mosip.toolkit.collection.testcase.add +mosip.toolkit.api.id.testrun.post=mosip.toolkit.testrun.add +mosip.toolkit.api.id.testrun.put=mosip.toolkit.testrun.update +mosip.toolkit.api.id.testrun.details.post=mosip.toolkit.testrun.details.add +mosip.toolkit.api.id.testrun.details.get=mosip.toolkit.testrun.details.retrieve +mosip.toolkit.api.id.testcase.get=mosip.toolkit.testcase.retrieve +mosip.toolkit.api.id.testrun.history.get=mosip.toolkit.testrun.history.retrieve +mosip.toolkit.api.id.testrun.status.get=mosip.toolkit.testrun.status.retrieve +mosip.toolkit.api.id.sdk.generate.request=mosip.toolkit.api.id.sdk.generate.request +mosip.toolkit.api.id.biometric.testdata.get=mosip.toolkit.biometric.testdata.retrieve +mosip.toolkit.api.id.biometric.testdata.post=mosip.toolkit.biometric.testdata.add +mosip.toolkit.api.id.biometric.testdata.filenames.get=mosip.toolkit.biometric.testdata.filenames.retrieve +mosip.toolkit.api.id.resource.file.post=mosip.toolkit.resource.file.add + +#Roles for validation +mosip.toolkit.roles.uploadResource=GLOBAL_ADMIN +mosip.toolkit.roles.saveTestCases=GLOBAL_ADMIN + +## Determines file upload type allowed in UI +mosip.toolkit.documentupload.allowed.file.type = application/zip +# Determines the file name length(with extension) allowed in UI +mosip.toolkit.documentupload.allowed.file.nameLength = 50 + +# Determines maximum size of file allowed uploaded 20 MB +mosip.toolkit.documentupload.allowed.file.size = 20000000 + +mosip.toolkit.max.allowed.gallery.files=5 + +#Swagger +openapi.info.title=Compliance-Toolkit +openapi.info.description=Compliance Toolkit Services +openapi.info.version=1.0 +openapi.info.license.name=Mosip +openapi.info.license.url=https://docs.mosip.io/platform/license +mosipbox.public.url=${mosip.api.internal.url} +openapi.service.servers[0].url=${mosipbox.public.url}${server.servlet.context-path} +openapi.service.servers[0].description=Compliance Toolkit Services +openapi.group.name=${openapi.info.title} +openapi.group.paths[0]=/** +springdoc.swagger-ui.disable-swagger-default-url=true +springdoc.swagger-ui.tagsSorter=alpha +springdoc.swagger-ui.operationsSorter=alpha + +#SBI BiometricsQualityCheckValidator +mosip.toolkit.sbi.qualitycheck.finger.sdk.urls=[{"name": "Mock SDK","url": "http://localhost:9099/biosdk-service","healthUrl": "http://localhost:9099/biosdk-service/actuator/health", "includeInResults":false},{"name": "Mock SDK ${mosip.api.internal.host} Env","url": "${mosip.api.internal.url}/biosdk-service","healthUrl": "${mosip.api.internal.url}/biosdk-service/actuator/health", "includeInResults":true},{"name": "Mock SDK ${mosip.api.internal.host} Env","url": "${mosip.api.internal.url}/biosdk-service","healthUrl": "${mosip.api.internal.url}/biosdk-service/actuator/health", "includeInResults":true}] +mosip.toolkit.sbi.qualitycheck.face.sdk.urls=[{"name": "Mock SDK ${mosip.api.internal.host} Env","url": "${mosip.api.internal.url}/biosdk-service","healthUrl": "${mosip.api.internal.url}/biosdk-service/actuator/health", "includeInResults":false}] +mosip.toolkit.sbi.qualitycheck.iris.sdk.urls=[{"name": "Mock SDK ${mosip.api.internal.host} Env","url": "${mosip.api.internal.url}/biosdk-service","healthUrl": "${mosip.api.internal.url}/biosdk-service/actuator/health", "includeInResults":true}] diff --git a/controller.json b/controller.json new file mode 100644 index 00000000000..ed238229ab5 --- /dev/null +++ b/controller.json @@ -0,0 +1,7 @@ +{ + "@context": "https://w3id.org/security/v2", + "id": "https://${mosip.api.public.host}/.well-known/controller.json", + "assertionMethod": [ + "https://${mosip.api.public.host}/.well-known/public-key.json" + ] +} \ No newline at end of file diff --git a/cred-v1.jsonld b/cred-v1.jsonld new file mode 100644 index 00000000000..26169278c43 --- /dev/null +++ b/cred-v1.jsonld @@ -0,0 +1,237 @@ +{ + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "VerifiableCredential": { + "@id": "https://www.w3.org/2018/credentials#VerifiableCredential", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "cred": "https://www.w3.org/2018/credentials#", + "sec": "https://w3id.org/security#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "credentialSchema": { + "@id": "cred:credentialSchema", + "@type": "@id", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "cred": "https://www.w3.org/2018/credentials#", + + "JsonSchemaValidator2018": "cred:JsonSchemaValidator2018" + } + }, + "credentialStatus": {"@id": "cred:credentialStatus", "@type": "@id"}, + "credentialSubject": {"@id": "cred:credentialSubject", "@type": "@id"}, + "evidence": {"@id": "cred:evidence", "@type": "@id"}, + "expirationDate": {"@id": "cred:expirationDate", "@type": "xsd:dateTime"}, + "holder": {"@id": "cred:holder", "@type": "@id"}, + "issued": {"@id": "cred:issued", "@type": "xsd:dateTime"}, + "issuer": {"@id": "cred:issuer", "@type": "@id"}, + "issuanceDate": {"@id": "cred:issuanceDate", "@type": "xsd:dateTime"}, + "proof": {"@id": "sec:proof", "@type": "@id", "@container": "@graph"}, + "refreshService": { + "@id": "cred:refreshService", + "@type": "@id", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "cred": "https://www.w3.org/2018/credentials#", + + "ManualRefreshService2018": "cred:ManualRefreshService2018" + } + }, + "termsOfUse": {"@id": "cred:termsOfUse", "@type": "@id"}, + "validFrom": {"@id": "cred:validFrom", "@type": "xsd:dateTime"}, + "validUntil": {"@id": "cred:validUntil", "@type": "xsd:dateTime"} + } + }, + + "VerifiablePresentation": { + "@id": "https://www.w3.org/2018/credentials#VerifiablePresentation", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "cred": "https://www.w3.org/2018/credentials#", + "sec": "https://w3id.org/security#", + + "holder": {"@id": "cred:holder", "@type": "@id"}, + "proof": {"@id": "sec:proof", "@type": "@id", "@container": "@graph"}, + "verifiableCredential": {"@id": "cred:verifiableCredential", "@type": "@id", "@container": "@graph"} + } + }, + + "EcdsaSecp256k1Signature2019": { + "@id": "https://w3id.org/security#EcdsaSecp256k1Signature2019", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "challenge": "sec:challenge", + "created": {"@id": "http://purl.org/dc/terms/created", "@type": "xsd:dateTime"}, + "domain": "sec:domain", + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "jws": "sec:jws", + "nonce": "sec:nonce", + "proofPurpose": { + "@id": "sec:proofPurpose", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + + "assertionMethod": {"@id": "sec:assertionMethod", "@type": "@id", "@container": "@set"}, + "authentication": {"@id": "sec:authenticationMethod", "@type": "@id", "@container": "@set"} + } + }, + "proofValue": "sec:proofValue", + "verificationMethod": {"@id": "sec:verificationMethod", "@type": "@id"} + } + }, + + "EcdsaSecp256r1Signature2019": { + "@id": "https://w3id.org/security#EcdsaSecp256r1Signature2019", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "challenge": "sec:challenge", + "created": {"@id": "http://purl.org/dc/terms/created", "@type": "xsd:dateTime"}, + "domain": "sec:domain", + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "jws": "sec:jws", + "nonce": "sec:nonce", + "proofPurpose": { + "@id": "sec:proofPurpose", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + + "assertionMethod": {"@id": "sec:assertionMethod", "@type": "@id", "@container": "@set"}, + "authentication": {"@id": "sec:authenticationMethod", "@type": "@id", "@container": "@set"} + } + }, + "proofValue": "sec:proofValue", + "verificationMethod": {"@id": "sec:verificationMethod", "@type": "@id"} + } + }, + + "Ed25519Signature2018": { + "@id": "https://w3id.org/security#Ed25519Signature2018", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "challenge": "sec:challenge", + "created": {"@id": "http://purl.org/dc/terms/created", "@type": "xsd:dateTime"}, + "domain": "sec:domain", + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "jws": "sec:jws", + "nonce": "sec:nonce", + "proofPurpose": { + "@id": "sec:proofPurpose", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + + "assertionMethod": {"@id": "sec:assertionMethod", "@type": "@id", "@container": "@set"}, + "authentication": {"@id": "sec:authenticationMethod", "@type": "@id", "@container": "@set"} + } + }, + "proofValue": "sec:proofValue", + "verificationMethod": {"@id": "sec:verificationMethod", "@type": "@id"} + } + }, + + "RsaSignature2018": { + "@id": "https://w3id.org/security#RsaSignature2018", + "@context": { + "@version": 1.1, + "@protected": true, + + "challenge": "sec:challenge", + "created": {"@id": "http://purl.org/dc/terms/created", "@type": "xsd:dateTime"}, + "domain": "sec:domain", + "expires": {"@id": "sec:expiration", "@type": "xsd:dateTime"}, + "jws": "sec:jws", + "nonce": "sec:nonce", + "proofPurpose": { + "@id": "sec:proofPurpose", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + + "assertionMethod": {"@id": "sec:assertionMethod", "@type": "@id", "@container": "@set"}, + "authentication": {"@id": "sec:authenticationMethod", "@type": "@id", "@container": "@set"} + } + }, + "proofValue": "sec:proofValue", + "verificationMethod": {"@id": "sec:verificationMethod", "@type": "@id"} + } + }, + + "proof": {"@id": "https://w3id.org/security#proof", "@type": "@id", "@container": "@graph"} + } +} \ No newline at end of file diff --git a/credential-request-default.properties b/credential-request-default.properties new file mode 100644 index 00000000000..886ce20acb4 --- /dev/null +++ b/credential-request-default.properties @@ -0,0 +1,11 @@ +#IDRepo credential request generator authentication detalis +mosip.idrepo.credential-req-generator.auth.client-id=mosip-crereq-client +mosip.idrepo.credential-req-generator.auth.secret-key=${mosip.crereq.client.secret} +mosip.idrepo.credential-req-generator.auth.app-id=crereq + +#------------------------- Kernel Auth Adapter self token generator properties ----------------------------# +mosip.iam.adapter.clientid.credential-request=${mosip.idrepo.credential-req-generator.auth.client-id} +mosip.iam.adapter.clientsecret.credential-request=${mosip.idrepo.credential-req-generator.auth.secret-key} +mosip.iam.adapter.appid.credential-request=${mosip.idrepo.credential-req-generator.auth.app-id} + +mosip.auth.filter_disable=false diff --git a/credential-service-default.properties b/credential-service-default.properties new file mode 100644 index 00000000000..947703614bf --- /dev/null +++ b/credential-service-default.properties @@ -0,0 +1,46 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# mosip.creser.client.secret +# + +# IDRepo credential service authentication details +mosip.idrepo.credential.auth.client-id=mosip-creser-client +mosip.idrepo.credential.auth.secret-key=${mosip.creser.client.secret} +mosip.idrepo.credential.auth.app-id=creser + +## Kernel Auth Adapter self token generator properties +mosip.iam.adapter.clientid.credential-service=${mosip.idrepo.credential.auth.client-id} +mosip.iam.adapter.clientsecret.credential-service=${mosip.idrepo.credential.auth.secret-key} +mosip.iam.adapter.appid.credential-service=${mosip.idrepo.credential.auth.app-id} + +mosip.auth.filter_disable=false + +mosip.credential.service.vercred.context.url.map={"https://www.w3.org/ns/odrl.jsonld" : "odrl.jsonld", "https://www.w3.org/2018/credentials/v1" : "cred-v1.jsonld", "https://${mosip.api.public.host}/.well-known/mosip-context.json" : "mosip-context.json"} +mosip.credential.service.vercred.context.uri=vccontext.jsonld +mosip.credential.service.vercred.id.url=${mosip.idrepo.credential.service.url}/credentials/ +mosip.credential.service.vercred.issuer.url=https://${mosip.api.public.host}/.well-known/controller.json +mosip.credential.service.vercred.types=VerifiableCredential,MOSIPVerifiableCredential +mosip.credential.service.vercred.proof.purpose=assertionMethod +mosip.credential.service.vercred.proof.type=RsaSignature2018 +mosip.credential.service.vercred.proof.verificationmethod=https://${mosip.api.public.host}/.well-known/public-key.json + +KEYMANAGER_VERCRED_SIGN=${mosip.kernel.keymanager.url}/v1/keymanager/jwsSign +credentialType.formatter.VERCRED=VerCredProvider +credentialType.formatter.PDFCARD=VerCredProvider +GENERATE_VID=${mosip.idrepo.vid.url}/idrepository/v1/vid +RETRIEVE_VID=${mosip.idrepo.vid.url}/idrepository/v1/vid/uin +credential.service.default.vid.type=PERPETUAL + +mosip.mask.function.identityAttributes=convertToMaskData +mosip.mask.function.date=convertToMaskDate +mosip.format.function.address=formatAddress +mosip.format.function.name=formatName +mosip.format.function.dateTimeFormat=convertDateFormat + +mosip.mask.function.identityAttributes.default=convertToMaskData +mosip.mask.function.identityAttributes.phone=maskPhone +mosip.mask.function.identityAttributes.email=maskEmail +mosip.credential.photo.attribute.names=photo,face +mosip.credential.name.attribute.names=fullName,name +mosip.credential.address.attribute.names=fullAddress,address \ No newline at end of file diff --git a/credentialdata.mvel b/credentialdata.mvel new file mode 100644 index 00000000000..17f98203899 --- /dev/null +++ b/credentialdata.mvel @@ -0,0 +1,73 @@ +def convertDateFormat(value, inputformat, outputformat) { + import io.mosip.kernel.core.util.DateUtils; + import java.util.Date; + Date date=DateUtils.parseToDate(value, inputformat); + String formattedDate= DateUtils.formatDate(date, outputformat); + return formattedDate; +}; + +def convertToMaskData(maskData) { + int maskDataLength = 0; + char ch = 'X'; + if (maskData.indexOf("@") > 0){ + maskDataLength = maskData.indexOf("@"); + } else { + maskDataLength = maskData.length(); + } + maskDataLength -= 2; + for (int i = 1; i < maskDataLength; ++i) { + maskData = maskData.substring(0, i) + ch + maskData.substring(i + 1); + } + return maskData; +}; + +def formatName(names) { + StringBuilder name = new StringBuilder(""); + for (int i = 0; i < names.size(); i++) { + name.append(names[i]); + if(i < names.size() - 1) { + name.append(" "); + } + } + return name.toString() +}; + +def formatAddress(addressLines) { + StringBuilder address = new StringBuilder(""); + for (int i = 0; i < addressLines.size(); i++) { + address.append(addressLines[i]); + if(i < addressLines.size() - 1) { + address.append(", "); + } + } + return address.toString() +}; + +def maskPhone(inputPhoneNum) { + return inputPhoneNum.replaceAll(".(?=.{4})", "*"); +}; + +def maskEmail(inputEmailAddr) { + return inputEmailAddr.replaceAll("(^[^@]{3}|(?!^)\\G)[^@]", "$1*"); +}; + +def getPassword(attributeValues) { + String pdfPwd = ""; + for(String attribute:attributeValues) { + attribute = getFormattedPasswordAttribute(attribute); + pdfPwd = pdfPwd.concat(attribute.substring(0, 4)); + } + return pdfPwd.toUpperCase(); +}; + +def getFormattedPasswordAttribute(password){ + if(password.length()==3){ + return password=password.concat(password.substring(0,1)); + }else if(password.length()==2){ + return password=password.repeat(2); + }else if(password.length()==1) { + return password=password.repeat(4); + }else { + return password.toUpperCase(); + } +}; \ No newline at end of file diff --git a/data-share-default.properties b/data-share-default.properties new file mode 100644 index 00000000000..e0679de3ef0 --- /dev/null +++ b/data-share-default.properties @@ -0,0 +1,53 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# keycloak.external.host +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# mosip.datsha.client.secret +# s3.accesskey +# s3.region +# s3.secretkey + +mosip.data.share.service.id=mosip.data.share +mosip.data.share.service.version=1.0 + +CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt +KEYMANAGER_JWTSIGN=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign +PARTNER_POLICY=${mosip.pms.policymanager.url}/v1/policymanager/policies/{policyId}/partner/{partnerId} +KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey + + +data.share.application.id=PARTNER +mosip.data.share.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +!-- if value is true then please set servlet path to / --! +mosip.data.share.urlshortner=false +data.share.token.request.appid=datsha +data.share.token.request.clientId=mosip-datsha-client +data.share.token.request.secretKey=${mosip.datsha.client.secret} +data.share.token.request.password= +data.share.token.request.username= +data.share.token.request.version=1.0 +data.share.token.request.id=io.mosip.datashare +data.share.token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip +spring.servlet.multipart.max-file-size=4MB +mosip.data.share.protocol=http +mosip.data.share.includeCertificateHash=false +mosip.data.share.includeCertificate=false +mosip.data.share.includePayload=false +mosip.data.share.digest.algorithm=SHA256 +mosip.data.share.prependThumbprint=true +mosip.role.durian.postcreatepolicyidsubscriberid=CREATE_SHARE +auth.server.admin.allowed.audience=mosip-partner-client,mosip-creser-client,mpartner-default-auth,mosip-regproc-client,mosip-reg-client,mosip-syncdata-client,mpartner-default-print,mosip-resident-client,opencrvs-partner,mpartner-default-digitalcard,mosip-admin-client,mosip-pms-client + +mosip.auth.filter_disable=false + +# Object store +object.store.s3.accesskey=${s3.accesskey} +object.store.s3.secretkey=${s3.secretkey} +## For Minio: object.store.s3.url=http://minio.minio:9000 +## For AWS: object.store.s3.url=s3.${s3.region}.amazonaws.com +object.store.s3.url=http://minio.minio:9000 +object.store.s3.region=${s3.region} +object.store.s3.readlimit=10000000 diff --git a/data-share-policy-schema.json b/data-share-policy-schema.json new file mode 100644 index 00000000000..c5a0e362c56 --- /dev/null +++ b/data-share-policy-schema.json @@ -0,0 +1,126 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "dataSharePolicies": { + "type": "object", + "properties": { + "typeOfShare": { + "type": "string", + "enum":["Data Share","direct"] + }, + "validForInMinutes": { + "type": "string" + }, + "transactionsAllowed": { + "type": "string" + }, + "encryptionType": { + "type": "string", + "enum":["Partner Based","none"] + }, + "shareDomain": { + "type": "string" + }, + "source": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "required": [ + "typeOfShare", + "validForInMinutes", + "transactionsAllowed", + "encryptionType", + "shareDomain", + "source" + ] + }, + "shareableAttributes": { + "type": "array", + "additionalItems": false, + "items": { + "type": "object", + "properties": { + "attributeName": { + "type": "string" + }, + "group": { + "type": "string" + }, + "source": { + "type": "array", + "items": { + "type": "object", + "properties": { + "attribute": { + "type": "string" + }, + "filter": { + "type": "array", + "items": [{ + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + { + "type": "object", + "properties": { + "type": { + "type": "string" + }, + "subType": { + "type": "array", + "items": [{ + "type": "string" + }, + { + "type": "string" + } + ] + } + } + }, + { + "type": "object", + "properties": { + "language": { + "type": "string" + } + } + } + ] + } + }, + "required": [ + "attribute" + ] + } + }, + "encrypted": { + "type": "boolean" + }, + "format": { + "type": "string" + } + }, + "required": [ + "attributeName", + "source", + "encrypted" + ], + "additionalProperties": false + } + } + }, + "required": [ + "dataSharePolicies", + "shareableAttributes" + ], + "additionalProperties": false +} diff --git a/digital-card-default.properties b/digital-card-default.properties new file mode 100644 index 00000000000..909445230d5 --- /dev/null +++ b/digital-card-default.properties @@ -0,0 +1,117 @@ +## Database properties +# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +# If database is external to production, provide the DNS or ip of the host and port +mosip.digitalcard.database.hostname=postgres-postgresql.postgres +mosip.digitalcard.database.port=5432 + +# Websub +## webusb properties that used to subscribe and publish event based on specified topic +mosip.digitalcard.websub.secret=test +mosip.digitalcard.credential.request.partner.id=mpartner-default-digitalcard +mosip.digitalcard.websub.publish.topic=CREDENTIAL_STATUS_UPDATE +mosip.digitalcard.subscription-delay-millisecs=120000 +mosip.digitalcard.resubscription-delay-millisecs=1000000 +mosip.digitalcard.generate.identity.create.websub.topic=IDENTITY_CREATED +mosip.digitalcard.generate.identity.update.websub.topic=IDENTITY_UPDATED +mosip.digitalcard.partner.id=mpartner-default-digitalcard +mosip.digitalcard.generate.credential.websub.topic=${mosip.digitalcard.partner.id}/CREDENTIAL_ISSUED +mosip.digitalcard.generate.identity.create.callbackurl=${mosipbox.public.url}/v1/digitalcard/idCreateEventHandle/callback/notifyStatus +mosip.digitalcard.generate.identity.update.callbackurl=${mosipbox.public.url}/v1/digitalcard/idUpdateEventHandle/callback/notifyStatus +mosip.digitalcard.generate.credential.callbackurl=${mosipbox.public.url}/v1/digitalcard/credential/callback/notifyStatus + +# Based on credentialType we are sending credential request +mosip.digitalcard.credential.type=PDFCard + +#Token generator properties Digital Card Service +digitalcard.token.request.appid=admin +digitalcard.token.request.clientId=mpartner-default-digitalcard +digitalcard.token.request.secretKey=${mpartner.default.digitalcard.secret} +digitalcard.token.request.version=1.0 +digitalcard.token.request.id=io.mosip.digitalcard +digitalcard.token.request.issuerUrl=${mosip.keycloak.issuerUrl} +KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +mosip.digitalcard.service.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' + +#----------------------- DB-------------------------------------------------- +javax.persistence.jdbc.driver=org.postgresql.Driver +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.digitalcard.database.hostname}:${mosip.digitalcard.database.port}/mosip_digitalcard +javax.persistence.jdbc.user=digitalcarduser +javax.persistence.jdbc.password=${db.dbuser.password} +hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect +hibernate.jdbc.lob.non_contextual_creation=true +hibernate.hbm2ddl.auto=none +hibernate.show_sql=false +hibernate.format_sql=false +hibernate.connection.charSet=utf8 +hibernate.cache.use_second_level_cache=false +hibernate.cache.use_query_cache=false +hibernate.cache.use_structured_entries=false +hibernate.generate_statistics=false + + +#----------------------- CBEFF Util-------------------------------------------------- +# Cbeff XSD file name in config server +mosip.kernel.xsdfile=mosip-cbeff.xsd +mosip.digitalcard.demographic.identity=identity +mosip.digitalcard.identityjson=identity-mapping.json + +#----------------------- Crypto property for encryption and decryption-------------------------------------------------- +mosip.digitalcard.crypto.partner.id=mpartner-default-digitalcard +mosip.digitalcard.crypto.application.id=DIGITAL_CARD +CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt +CRYPTOMANAGER_DECRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt + + +#----------------------- dataShare property to create dataShareUrl-------------------------------------------------- +mosip.digitalcard.datashare.partner.id=mpartner-default-digitalcard +mosip.digitalcard.datashare.policy.id=mpolicy-default-digitalcard +CREATEDATASHARE=${mosip.datashare.url}/v1/datashare/create + +#header length to be removed from iso image to get actual image +mosip.digitalcard.uin.header.length=75 + +#Rectangle coordinates for pfd signataured data +mosip.digitalcard.service.uincard.lowerleftx=73 +mosip.digitalcard.service.uincard.lowerlefty=100 +mosip.digitalcard.service.uincard.upperrightx=300 +mosip.digitalcard.service.uincard.upperrighty=300 +mosip.digitalcard.service.uincard.signature.reason="signing" + +#Digital card template language and templateType code that used to generate pdf card. +mosip.template-language=eng +mosip.digitalcard.templateTypeCode=RPR_UIN_CARD_TEMPLATE +TEMPLATES=${mosip.kernel.masterdata.url}/v1/masterdata/templates + +# Credential api that used to created credential and get the credential details +CREDENTIAL_REQ_URL=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/requestgenerator +CREDENTIAL_STATUS_URL=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/get +IDREPOGETIDBYUIN=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid + +# PDFSIGN to signed the pdf card +PDFSIGN=${mosip.kernel.keymanager.url}/v1/keymanager/pdf/sign + +#verifiable credential property that used to enable vc check. +mosip.digitalcard.verify.credentials.flag=true + +mosip.digitalcard.credentials.request.initiate.flag=true +logging.level.io.mosip=INFO + +# websub authentication +mosip.iam.adapter.clientid=mpartner-default-digitalcard +mosip.iam.adapter.clientsecret=${mpartner.default.digitalcard.secret} +mosip.iam.adapter.appid=admin +mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip +mosip.authmanager.base-url=${mosip.kernel.authmanager.url}/v1/authmanager +mosip.authmanager.client-token-endpoint=${mosip.authmanager.base-url}/authenticate/clientidsecretkey +# in minutes + +mosip.iam.adapter.validate-expiry-check-rate=1440 + +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=1440 + +#this should be false if you don?t use this restTemplate true if you do + +mosip.iam.adapter.self-token-renewal-enable=true +mosip.auth.filter_disable=false +auth.server.admin.allowed.audience=mosip-admin-client,mosip-resident-client \ No newline at end of file diff --git a/digitalcard-template.properties b/digitalcard-template.properties new file mode 100644 index 00000000000..1d8a52898e5 --- /dev/null +++ b/digitalcard-template.properties @@ -0,0 +1,2 @@ +RPR_UIN_CARD_TEMPLATE=PCFET0NUWVBFIGh0bWw+IDxodG1sPiA8aGVhZD4gPG1ldGEgY2hhcnNldD0idXRmLTgiPiA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEiPiA8dGl0bGU+VUlOIENhcmQ8L3RpdGxlPiA8c3R5bGU+IC5tYWluLXRhYmxlIHsgbWFyZ2luLWxlZnQ6IDYwcHg7OyB3aWR0aDogNjAwcHg7IGhlaWdodDogMzUwcHg7IGJvcmRlcjogMXB4IHNvbGlkIGJsYWNrOyB9IC5jaXIgeyBkaXNwbGF5OiBpbmxpbmUtYmxvY2s7IGJvcmRlci1yYWRpdXM6IDYwcHg7IGJveC1zaGFkb3c6IDBweCAwcHggMnB4ICMwMDAwMDA7IHBhZGRpbmc6IDAuNWVtIDAuNmVtOyB9IC5uYW1lLWhlYWQtY29sb3IgeyBjb2xvcjogYmxhY2s7IH0gLmhlYWQtdGl0bGUgeyBtYXJnaW4tbGVmdDogLTg1cHg7IH0gLmJhci1jb2RlLXBhZGRpbmcgeyBtYXJnaW4tdG9wOiAyMHB4OyBtYXJnaW4tbGVmdDogMjBweDsgfSAudG9wLWJ1ZmZlciB7IG1hcmdpbi1sZWZ0OjEwcHg7IH0gPC9zdHlsZT4gPC9oZWFkPiA8Ym9keT4gPHRhYmxlIGNsYXNzPSJtYWluLXRhYmxlIj4gPHRyPiA8dGQ+Jm5ic3A7IDxkaXYgY2xhc3M9ImNpciI+PGZvbnQgc2l6ZT0iMSI+PGltZyBzcmMgPSAiaHR0cHM6Ly9tb3NpcC5pby9pbWFnZXMvbW9zaXBuLWxvZ28ucG5nIiBzdHlsZT0id2lkdGg6IDUwcHg7IGhlaWdodDogMzBweDsiPjwvZm9udD48L2Rpdj4gPC90ZD4gPHRkPjxsYWJlbCBjbGFzcz0ibmFtZS1oZWFkLWNvbG9yIj48Zm9udCBzaXplPSI1ImNsYXNzPSIgaGVhZC10aXRsZSI+ICZuYnNwOyZuYnNwOyBLaW5nZG9tIG9mIE15Q291bnRyeSAmbmJzcDsmbmJzcDsmbmJzcDsgPC9mb250PiA8L2xhYmVsPjwvdGQ+IDx0ZCByb3dzcGFuPSI0Ij4gPGRpdj4gPGRpdiBzdHlsZT0iYm9yZGVyOiBzb2xpZCBibGFjayAxcHg7IGhlaWdodDogMTUwcHg7IHdpZHRoOiAxMjBweDsiPiAjaWYoJGlzUGhvdG9TZXQpPGltZyBzcmMgPSAkIUFwcGxpY2FudFBob3RvIHN0eWxlPSJ3aWR0aDogMTIwcHg7IGhlaWdodDogMTUwcHgiPiAjZW5kICA8L2Rpdj4gPC9kaXY+IDwvdGQ+IDwvdHI+IDx0cj4gPHRkIHJvd3NwYW49IjEiPiA8ZGl2IGNsYXNzPSJibG9jayB0b3AtYnVmZmVyIj4gPGxhYmVsIGNsYXNzPSJuYW1lLWhlYWQtY29sb3IiPjxiPlVJTiZuYnNwOzombmJzcDs8L2I+PC9sYWJlbD4gPHNwYW4gY2xhc3M9Im5hbWUtY29sb3IiPiAkIVVJTiA8L3NwYW4+IDwvZGl2PiA8L3RkPiA8L3RyPiA8dHI+IDx0ZCByb3dzcGFuPSIxIj4gPGRpdiBjbGFzcz0iYmxvY2sgdG9wLWJ1ZmZlciI+IDxsYWJlbCBjbGFzcz0ibmFtZS1oZWFkLWNvbG9yIj48Yj5OYW1lJm5ic3A7OiZuYnNwOzwvYj48L2xhYmVsPiA8c3BhbiBjbGFzcz0ibmFtZS1jb2xvciI+ICQhZnVsbE5hbWVfZW5nPC9zcGFuPiA8L2Rpdj4gPC90ZD4gPC90cj4gPHRyPiA8dGQgcm93c3Bhbj0iMSI+IDxkaXYgY2xhc3M9ImJsb2NrIHRvcC1idWZmZXIiPiA8bGFiZWwgY2xhc3M9Im5hbWUtaGVhZC1jb2xvciI+PGI+2KfYs9mFJm5ic3A7OiZuYnNwOzwvYj48L2xhYmVsPiA8c3Bhbj4kIWZ1bGxOYW1lX2FyYTwvc3Bhbj4gPC9kaXY+IDwvdGQ+IDwvdHI+IDx0cj4gPHRkIHJvd3NwYW49IjEiPiA8ZGl2IGNsYXNzPSJibG9jayB0b3AtYnVmZmVyIj4gPGxhYmVsIGNsYXNzPSJuYW1lLWhlYWQtY29sb3IiPjxiPkRPQi/Yqtin2LHZitiuJm5ic3A7OiZuYnNwOzwvYj48L2xhYmVsPiA8c3Bhbj4kIWRhdGVPZkJpcnRoPC9zcGFuPiA8L2Rpdj4gPC90ZD4gPC90cj4gPHRyPiA8dGQgY29sc3Bhbj0iMiI+IDxkaXYgY2xhc3M9ImJsb2NrIHRvcC1idWZmZXIiPiA8bGFiZWwgY2xhc3M9Im5hbWUtaGVhZC1jb2xvciI+PGI+R2VuZGVyJm5ic3A7OiZuYnNwOzwvYj48L2xhYmVsPiA8c3Bhbj4kIWdlbmRlcl9lbmc8L3NwYW4+ICZuYnNwOyZuYnNwOyA8bGFiZWwgY2xhc3M9Im5hbWUtaGVhZC1jb2xvciI+PGI+2KzZhtizJm5ic3A7OiZuYnNwOzwvYj48L2xhYmVsPiA8c3Bhbj4kIWdlbmRlcl9hcmE8L3NwYW4+IDwvZGl2PiA8L3RkPiA8L3RyPiA8dHI+IDx0ZCBjb2xzcGFuPSIzIj4gPGRpdiBjbGFzcz0icm93IiBzdHlsZT0ibWFyZ2luLXJpZ2h0OiAwcHg7IG1hcmdpbi1sZWZ0OiAtMTBweDsiPiA8ZGl2IGNsYXNzPSJjb2wtbWQtMiB0b3AtYnVmZmVyIj4gPGRpdiBjbGFzcz0iYmxvY2sgdG9wLWJ1ZmZlciI+IDx0YWJsZT4gPHRyPiA8dGQ+PGxhYmVsIGNsYXNzPSJuYW1lLWhlYWQtY29sb3IiPjxiPkFkZHJlc3MmbmJzcDs6Jm5ic3A7PC9iPjwvbGFiZWw+IDwvdGQ+IDx0ZD48c3Bhbj4kIWFkZHJlc3NMaW5lMV9lbmcsICQhYWRkcmVzc0xpbmUyX2VuZywgJCFhZGRyZXNzTGluZTNfZW5nLCAkIXJlZ2lvbl9lbmcsICQhcHJvdmluY2VfZW5nLCAkIWNpdHlfZW5nLCAkIXBvc3RhbENvZGUgPC9zcGFuPjwvdGQ+IDwvdHI+IDx0cj4gPHRkPjxsYWJlbCBjbGFzcz0ibmFtZS1oZWFkLWNvbG9yIj48Yj7YudmG2YjYp9mGJm5ic3A7OiZuYnNwOzwvYj48L2xhYmVsPiA8L3RkPiA8dGQ+PHNwYW4+JCFhZGRyZXNzTGluZTFfYXJhLCAkIWFkZHJlc3NMaW5lMl9hcmEsICQhYWRkcmVzc0xpbmUzX2FyYSwgJCFyZWdpb25fYXJhLCAkIXByb3ZpbmNlX2FyYSwgJCFjaXR5X2FyYSwgJCFwb3N0YWxDb2RlIDwvc3Bhbj4gPC90ZD4gPC90cj4gPC90YWJsZT4gPC9kaXY+IDwvZGl2PiA8L2Rpdj4gPC90ZD4gPC90cj4gPC90YWJsZT4gPGRpdj4mbmJzcDs8L2Rpdj4gPHRhYmxlIGNsYXNzPSJtYWluLXRhYmxlIiBzdHlsZT0iaGVpZ2h0OiAzMDBweCI+IDx0cj4gPHRkPiA8ZGl2IHN0eWxlPSJtYXJnaW4tbGVmdDogMTBweDsgbWFyZ2luLXJpZ2h0OiAxMHB4OyBib3JkZXI6IHNvbGlkIGJsYWNrIDFweDsgaGVpZ2h0OiAyNTBweDsgd2lkdGg6IDI1MHB4OyI+IDxkaXYgY2xhc3M9ImNvbC1tZC02Ij4gPGRpdiBjbGFzcz0iYmFyLWNvZGUtcGFkZGluZyI+PC9kaXY+IDxpbWcgc3JjPSQhUXJDb2RlIHN0eWxlPSJ3aWR0aDogMjUwcHg7IGhlaWdodDogMjUwcHg7IG1hcmdpbi10b3A6IC0yMHB4Ij4gPC9kaXY+IDwvZGl2PiA8L3RkPiA8dGQ+IDxkaXYgY2xhc3M9Im5hbWUtaGVhZC1jb2xvciBjb2wtbWQtNiI+IDxicj4gRm9yIGFueSBpc3N1ZXMgcGxlYXNlIGNvbnRhY3QgdXMgYXQ8YnI+IDxicj4gUmVnaXN0cmF0aW9uIFByb2NjZXNzb3IsSGFuZ2luZyBHYXJkZW5zLEdsb2JhbCBWaWxsYWdlIFRlY2ggUGFyaywgTXlzb3JlIFJkLFJWQ0UsQmVuZ2FsdXJ1LCBLYXJuYXRha2EgNTYwMDU5PGJyPiA8YnI+INmE2KPZitipINmF2LTYp9mD2YQg2YrYsdis2Ykg2KfZhNin2KrYtdin2YQg2KjZhtinINi52YTZiSA8YnI+2KfZhNiq2LPYrNmK2YQg2KfZhNmF2LnYp9mE2KzYjCDYp9mE2K3Yr9in2KbZgiDYp9mE2YXYudmE2YLYqSDYjCDYp9mE2YLYsdmK2Kkg2KfZhNi52KfZhNmF2YrYqSBUZWNoIFBhcmssIE15c29yZSBSZCxSVkNFIDU2MDA1OSDYqNmG2LrYp9mE2YjYsdmI2Iwg2YPYp9ix2YbYp9iq2KfZg9inIDxicj4gPGJyPiA8L2Rpdj4gPC90ZD4gPC90cj4gPC90YWJsZT4gPC9ib2R5PiA8L2h0bWw+ +vid-card-type=PGh0bWw+PGhlYWQ+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyIgY2hhcnNldD0id2luZG93cy0xMjUyIj4KPG1ldGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQiIHdvcmQ9IiIgMTU9IiIgKGZpbHRlcmVkKT0iIj4KPC9oZWFkPjxib2R5IGxhbmc9IkVOLVVTIj4KCjxkaXYgc3R5bGU9IndpZHRoOjEwMCU7aGVpZ2h0OjEwMHZoOyI+Cgk8dGFibGUgc3R5bGU9IndpZHRoOiAzMzlweDttYXJnaW46IDAgYXV0bztiYWNrZ3JvdW5kOiAjRkZGRkZGO2JvcmRlci1yYWRpdXM6IDEwcHg7b3BhY2l0eTogMTtib3JkZXI6MXB4IHNvbGlkICNFMkUyRTI7Ij4KPHRib2R5Pjx0cj4KI2lmKCRpc1Bob3RvU2V0KQo8dGQgc3R5bGU9IndpZHRoOjI1JTt2ZXJ0aWNhbC1hbGlnbjogdG9wO3BhZGRpbmc6NXB4OyI+PGltZyBzdHlsZT0idG9wOiA1MXB4O2xlZnQ6IDQ1cHg7d2lkdGg6IDgwcHg7aGVpZ2h0OiA5M3B4O29wYWNpdHk6IDE7Ym9yZGVyOjFweCBzb2xpZCAjRTJFMkUyO2JvcmRlci1yYWRpdXM6NXB4OyIgc3JjPSQhQXBwbGljYW50UGhvdG8+PC90ZD4KI2VuZAo8dGQgc3R5bGU9IndpZHRoOjY1JSI+CgkJPHRhYmxlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItY29sbGFwc2U6IGNvbGxhcHNlO3dpZHRoOiAxMDAlOyI+CgkJICA8dGJvZHk+CiAgICAgICAgICAgIDx0cj4KCQkJPHRkIGNvbHNwYW49IjIiIHN0eWxlPSJwYWRkaW5nOjNweDsiPjxsYWJlbCBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDtmb250OiBub3JtYWwgbm9ybWFsIG5vcm1hbCAxMXB4LzE0cHggSW50ZXI7bGV0dGVyLXNwYWNpbmc6IDBweDtjb2xvcjogIzY2NjY2NjtvcGFjaXR5OiAxO3BhZGRpbmc6IDNweDsiPkZ1bGwgTmFtZSA8L2xhYmVsPgogICAgICAgICAgICA8ZGl2IGNvbHNwYW49IjIiIHN0eWxlPSIvKiBmb250LXdlaWdodDogYm9sZDsgKi90ZXh0LWFsaWduOiBsZWZ0O2ZvbnQ6IG5vcm1hbCBub3JtYWwgNjAwIDEycHgvMTVweCBJbnRlcjtsZXR0ZXItc3BhY2luZzogMHB4O2NvbG9yOiAjMDAwMDAwO29wYWNpdHk6IDE7cGFkZGluZzowcHggM3B4OyB3aWR0aDoyMDBweDtvdmVyZmxvdy13cmFwOiBicmVhay13b3JkOyI+PHA+JGZ1bGxOYW1lX2VuZzwvcD48L2Rpdj48L3RkPgoJCSAgPC90cj4KCQkgIAoJCSAgPHRyPgoJCQk8dGQgc3R5bGU9InBhZGRpbmc6M3B4OyI+PGxhYmVsIHN0eWxlPSJ0ZXh0LWFsaWduOiBsZWZ0O2ZvbnQ6IG5vcm1hbCBub3JtYWwgbm9ybWFsIDExcHgvMTRweCBJbnRlcjtsZXR0ZXItc3BhY2luZzogMHB4O2NvbG9yOiAjNjY2NjY2O29wYWNpdHk6IDE7cGFkZGluZzogM3B4OyI+RG9CPC9sYWJlbD4KICAgICAgICAgICAgPGRpdiBjb2xzcGFuPSIyIiBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDtmb250OiBub3JtYWwgbm9ybWFsIDYwMCAxMnB4LzE1cHggSW50ZXI7bGV0dGVyLXNwYWNpbmc6IDBweDtjb2xvcjogIzAwMDAwMDtvcGFjaXR5OiAxO3BhZGRpbmc6MHB4IDNweDsiPiRkb2I8L2Rpdj48L3RkPgoJCQk8dGQgc3R5bGU9InBhZGRpbmc6M3B4OyI+PGxhYmVsIHN0eWxlPSJ0ZXh0LWFsaWduOiBsZWZ0O2ZvbnQ6IG5vcm1hbCBub3JtYWwgbm9ybWFsIDExcHgvMTRweCBJbnRlcjtsZXR0ZXItc3BhY2luZzogMHB4O2NvbG9yOiAjNjY2NjY2O29wYWNpdHk6IDE7Ij5JRCBUeXBlPC9sYWJlbD48ZGl2IGNvbHNwYW49IjIiIHN0eWxlPSJ0ZXh0LWFsaWduOiBsZWZ0O2ZvbnQ6IG5vcm1hbCBub3JtYWwgNjAwIDEycHgvMTVweCBJbnRlcjtsZXR0ZXItc3BhY2luZzogMHB4O2NvbG9yOiAjMDAwMDAwO29wYWNpdHk6IDE7LyogcGFkZGluZzogMHB4IDBweDsgKi8iPlZJRDwvZGl2PjwvdGQ+CgkJICA8L3RyPgoJCQoJCTwvdGJvZHk+PC90YWJsZT4KCTwvdGQ+Cgk8dGQgc3R5bGU9IndpZHRoOiAxNSU7dmVydGljYWwtYWxpZ246dG9wOy8qIG1hcmdpbi10b3A6IDEwJTsgKi8iPjxpbWcgc3R5bGU9Ii8qIHRvcDogNDZweDsgKi8vKiBsZWZ0OiAzMjRweDsgKi93aWR0aDogMzVweDtoZWlnaHQ6IDI1cHg7YmFja2dyb3VuZDogdHJhbnNwYXJlbnQgdXJsKCdpbWcvbG9nbyAoMikucG5nJykgMCUgMCUgbm8tcmVwZWF0IHBhZGRpbmctYm94O29wYWNpdHk6IDE7IiBzcmM9Imh0dHBzOi8vbW9zaXAuaW8vaW1hZ2VzL21vc2lwbi1sb2dvLnBuZyIgYWx0PSJtb3NpcCI+PC90ZD4KPC90cj4KPHRyPgoJPHRkIGNvbHNwYW49IjYiPgoJCTx0YWJsZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWNvbGxhcHNlOiBjb2xsYXBzZTt3aWR0aDogMTAwJTsiPgoJCQk8dGJvZHk+PHRyPgoJCQkKCgkJCQk8dGQgc3R5bGU9IndpZHRoOiA1MCU7cGFkZGluZzogNXB4OyI+CgkJCQk8ZGl2IGNvbHNwYW49IjEyIj4KCQkJCQkJPGRpdiBjb2xzcGFuPSI2IiA+CgkJCQk8bGFiZWwgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Zm9udDogbm9ybWFsIG5vcm1hbCBub3JtYWwgMTFweC8xNHB4IEludGVyO2xldHRlci1zcGFjaW5nOiAwcHg7Y29sb3I6ICM2NjY2NjY7b3BhY2l0eTogMTsiPlZJRDwvbGFiZWw+PGRpdiBjb2xzcGFuPSIyIiBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDtmb250OiBub3JtYWwgbm9ybWFsIDYwMCAxMnB4LzE1cHggSW50ZXI7bGV0dGVyLXNwYWNpbmc6IDBweDtjb2xvcjogIzAwMDAwMDtvcGFjaXR5OiAxOyI+JHZpZDwvZGl2PjwvZGl2PjwvdGQ+CgkJCQkKCQkJCTx0ZCBzdHlsZT0id2lkdGg6IDUwJTtwYWRkaW5nOiA1cHg7Ij48ZGl2IGNvbHNwYW49IjYiIHN0eWxlPSJwYWRkaW5nLWxlZnQ6IDMycHg7IiA+PGxhYmVsIHN0eWxlPSJ0ZXh0LWFsaWduOiBsZWZ0O2ZvbnQ6IG5vcm1hbCBub3JtYWwgbm9ybWFsIDExcHgvMTRweCBJbnRlcjtsZXR0ZXItc3BhY2luZzogMHB4O2NvbG9yOiAjNjY2NjY2O29wYWNpdHk6IDE7Ij5WSUQgVHlwZTwvbGFiZWw+PGRpdiBjb2xzcGFuPSIyIiBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDtmb250OiBub3JtYWwgbm9ybWFsIDYwMCAxMnB4LzE1cHggSW50ZXI7bGV0dGVyLXNwYWNpbmc6IDBweDtjb2xvcjogIzAwMDAwMDtvcGFjaXR5OiAxOyI+JHZpZFR5cGU8L2Rpdj48L2Rpdj48L3RkPgoJCQkJPC9kaXY+CgkJCQkKCQkJPC90cj4KCQkKCQkJPHRyPgoJCQkJPHRkIHN0eWxlPSJ3aWR0aDogNTAlOyI+CgkJCQk8ZGl2IGNvbHNwYW49IjEyIj4KCQkJCTxkaXYgY29sc3Bhbj0iNiIgPgoJCQkJPGxhYmVsIHN0eWxlPSJ0ZXh0LWFsaWduOiBsZWZ0O2ZvbnQ6IG5vcm1hbCBub3JtYWwgbm9ybWFsIDExcHgvMTRweCBJbnRlcjtsZXR0ZXItc3BhY2luZzogMHB4O2NvbG9yOiAjNjY2NjY2O29wYWNpdHk6IDE7Ij5HZW5lcmF0ZWQgb248L2xhYmVsPjxkaXYgY29sc3Bhbj0iMiIgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Zm9udDogbm9ybWFsIG5vcm1hbCA2MDAgMTJweC8xNXB4IEludGVyO2xldHRlci1zcGFjaW5nOiAwcHg7Y29sb3I6ICMwMDAwMDA7b3BhY2l0eTogMTtwYWRkaW5nOiAycHggMXB4OyI+JGdlbnJhdGVkT25UaW1lc3RhbXA8L2Rpdj48L2Rpdj48L3RkPgoJCQkJPHRkIHN0eWxlPSJ3aWR0aDogNTAlOyI+PGRpdiBjb2xzcGFuPSI2IiBzdHlsZT0icGFkZGluZy1sZWZ0OiAzMnB4OyIgPjxsYWJlbCBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDtmb250OiBub3JtYWwgbm9ybWFsIG5vcm1hbCAxMXB4LzE0cHggSW50ZXI7bGV0dGVyLXNwYWNpbmc6IDBweDtjb2xvcjogIzY2NjY2NjtvcGFjaXR5OiAxOyI+RXhwaXJlcyBvbjwvbGFiZWw+PGRpdiBjb2xzcGFuPSIyIiBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDtmb250OiBub3JtYWwgbm9ybWFsIDYwMCAxMnB4LzE1cHggSW50ZXI7bGV0dGVyLXNwYWNpbmc6IDBweDtjb2xvcjogIzAwMDAwMDtvcGFjaXR5OiAxO3BhZGRpbmc6IDJweCAycHg7Ij4kZXhwaXJ5VGltZXN0YW1wPC9kaXY+PC9kaXY+PC90ZD4KCQkJCTwvZGl2PgoJCQk8L3RyPgoKCQk8L3Rib2R5PjwvdGFibGU+Cgk8L3RkPgo8L3RyPgo8dHI+Cgk8dGQgY29sc3Bhbj0iMyIgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Zm9udDogbm9ybWFsIG5vcm1hbCA2MDAgMTJweC8xNXB4IEludGVyO2NvbG9yOiAjMDAwMDAwO29wYWNpdHk6IDE7aGVpZ2h0OiA0MHB4O3RleHQtYWxpZ246IGNlbnRlcjtib3JkZXItdG9wOjFweCBzb2xpZCAjRTJFMkUyOyI+PGltZyBzdHlsZT0idG9wOiA1MXB4O2xlZnQ6IDQ1cHg7IG1hcmdpbi1ib3R0b206IC00cHg7IiBzcmM9ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCwgaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUE0QUFBQU9DQVlBQUFBZlNDM1JBQUFBQm1KTFIwUUEvd0QvQVArZ3ZhZVRBQUFBZ0VsRVFWUW9rYzNSd1EyQ1lBeUc0WWRFamdSaEEyUGlnVEdjUTVkaEFIYUJBVHc3Z1FkUEx1QU1ldUEzS2xGVGIzeEpEMDN6dGw5YjVxb2NMY3Avd1FMSEZHL3dEcmRnREpBbHNNYnF4OFFNSFRiWTRoUzF1c1FCemFkaWs0cFZwTk5pQXAyeE51N3lUUmRjSDBrdmZwejlhNWZTODl4RnhPb1VibzNQbnFIdW5na2pOR0NyVlVjQUFBQUFTVVZPUks1Q1lJST0iPjxzcGFuIHN0eWxlPSJtYXJnaW4tbGVmdDogNXB4OyI+IDwvc3Bhbj5UcmFuc2FjdGlvbnMgYWxsb3dlZCA6ICR0cmFuc2FjdGlvbnNMZWZ0Q291bnQ8L3RkPgo8L3RyPgo8L3Rib2R5PjwvdGFibGU+CjwvZGl2Pgo8L2JvZHk+PC9odG1sPg== \ No newline at end of file diff --git a/esignet-default.properties b/esignet-default.properties new file mode 100644 index 00000000000..e946e1573cc --- /dev/null +++ b/esignet-default.properties @@ -0,0 +1,569 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# keycloak.admin.password +# mosip.auth.client.secret (convention: ..secret) +# mosip.ida.client.secret +# mosip.admin.client.secret +# mosip.reg.client.secret +# mosip.prereg.client.secret +# softhsm.kernel.pin +# softhsm-security-pin +# email.smtp.host +# email.smtp.username +# email.smtp.secret +# mosip.kernel.tokenid.uin.salt +# mosip.kernel.tokenid.partnercode.salt +# mosip.api.internal.url +# mosip.api.public.url + + +## ------------------------------------------------- e-Signet ---------------------------------------------------------- +mosip.esignet.misp.license.key=${mosip.esignet.misp.key} +mosip.esignet.amr-acr-mapping-file-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/amr-acr-mapping.json +mosip.esignet.auth-txn-id-length=10 +mosip.esignet.supported-id-regex=\\S* +# Generated ID and access tokens 'exp' depends on the below properties, default value is 1-hour +mosip.esignet.id-token-expire-seconds=3600 +mosip.esignet.access-token-expire-seconds=3600 +# By default, only 2 link codes can be active, and the time period it can be active is defined here, default value is 1 minute +mosip.esignet.link-code-expire-in-secs=60 +# Number of link code allowed to be generated in a transaction, the default value is 10 +mosip.esignet.generate-link-code.limit-per-transaction=10 +# Time to complete consent after successful authentication, the default value is 120 +mosip.esignet.authentication-expire-in-secs=120 + +# Auth challenge type & format mapping. Auth challenge length validations for each auth factor type. +mosip.esignet.auth-challenge.OTP.format=alpha-numeric +mosip.esignet.auth-challenge.OTP.min-length=6 +mosip.esignet.auth-challenge.OTP.max-length=6 + +mosip.esignet.auth-challenge.PWD.format=alpha-numeric +mosip.esignet.auth-challenge.PWD.min-length=8 +mosip.esignet.auth-challenge.PWD.max-length=30 + +mosip.esignet.auth-challenge.BIO.format=encoded-json +mosip.esignet.auth-challenge.BIO.min-length=5000 +mosip.esignet.auth-challenge.BIO.max-length=300000 + +mosip.esignet.auth-challenge.WLA.format=jwt +mosip.esignet.auth-challenge.WLA.min-length=100 +mosip.esignet.auth-challenge.WLA.max-length=1500 + +mosip.esignet.auth-challenge.KBA.format=base64url-encoded-json +mosip.esignet.auth-challenge.KBA.min-length=50 +mosip.esignet.auth-challenge.KBA.max-length=500 + +mosip.esignet.auth-challenge.PIN.format=number +mosip.esignet.auth-challenge.PIN.min-length=4 +mosip.esignet.auth-challenge.PIN.max-length=4 + + +# Endpoints required to have oauth-details-hash and oauth-details-key HTTP header +mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ + '${server.servlet.path}/authorization/authenticate', \ + '${server.servlet.path}/authorization/v2/authenticate', \ + '${server.servlet.path}/authorization/v3/authenticate', \ + '${server.servlet.path}/authorization/auth-code'} + +#This property is used for captcha validation and allowed values are send-otp, pwd and kba. +#captcha validation is enabled for send-otp, pwd and kba. +mosip.esignet.captcha.required=send-otp,pwd + +#Properties used to ratelimit the incoming requests +mosip.esignet.send-otp.attempts=3 +mosip.esignet.authenticate.attempts=3 + +## ------------------------------------------ e-Signet binding --------------------------------------------------------- + +mosip.esignet.binding.salt-length=16 +mosip.esignet.binding.audience-id=esignet-binding +mosip.esignet.binding.key-expire-days=10 +mosip.esignet.binding.encrypt-binding-id=false + +## -------------------------------------- Authentication & Authorization ----------------------------------------------- + +mosip.esignet.security.auth.post-urls={'${server.servlet.path}/client-mgmt/**' : {'SCOPE_add_oidc_client'} , \ + \ '${server.servlet.path}/system-info/**' : { 'SCOPE_upload_certificate'},\ + \ '${server.servlet.path}/binding/wallet-binding' : { 'SCOPE_wallet_binding'}, \ + \ '${server.servlet.path}/binding/binding-otp' : { 'SCOPE_send_binding_otp'}} +mosip.esignet.security.auth.put-urls={'${server.servlet.path}/client-mgmt/**' : { 'SCOPE_update_oidc_client'} } +mosip.esignet.security.auth.get-urls={'${server.servlet.path}/system-info/**' : { 'SCOPE_get_certificate'} } + +mosip.esignet.security.ignore-csrf-urls=${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,\ + ${server.servlet.path}/swagger-ui/**,${server.servlet.path}/v3/api-docs/**,\ + ${server.servlet.path}/linked-authorization/link-transaction,${server.servlet.path}/linked-authorization/authenticate,\ + ${server.servlet.path}/linked-authorization/consent,${server.servlet.path}/binding/**,${server.servlet.path}/client-mgmt/**,\ + ${server.servlet.path}/vci/**,${server.servlet.path}/system-info/**,${server.servlet.path}/linked-authorization/v2/link-transaction,\ + ${server.servlet.path}/linked-authorization/v2/authenticate,${server.servlet.path}/linked-authorization/v2/consent + +mosip.esignet.security.ignore-auth-urls=${server.servlet.path}/csrf/**,${server.servlet.path}/authorization/**,\ + ${server.servlet.path}/linked-authorization/**,${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/**,\ + ${server.servlet.path}/v3/api-docs/**,${server.servlet.path}/binding/**,${server.servlet.path}/vci/** + +spring.security.oauth2.resourceserver.jwt.issuer-uri=${keycloak.external.url}/auth/realms/mosip +spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs + +##------------------------------------------ Kafka configurations ------------------------------------------------------ +spring.kafka.bootstrap-servers=kafka-0.kafka-headless.${kafka.profile}:${kafka.port},kafka-1.kafka-headless.${kafka.profile}:${kafka.port},kafka-2.kafka-headless.${kafka.profile}:${kafka.port} +spring.kafka.consumer.group-id=esignet-consumer +spring.kafka.consumer.enable-auto-commit=true +#spring.kafka.listener.concurrency=1 + +mosip.esignet.kafka.linked-session.topic=esignet-linked +mosip.esignet.kafka.linked-auth-code.topic=esignet-consented + +## ------------------------------------------- Integrations ------------------------------------------------------------ + +mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration +mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl +mosip.esignet.integration.authenticator=IdaAuthenticatorImpl +mosip.esignet.integration.key-binder=IdaKeyBinderImpl +mosip.esignet.integration.audit-plugin=IdaAuditPluginImpl +mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService +mosip.esignet.integration.vci-plugin=IdaVCIssuancePluginImpl + +# captcha validator +mosip.esignet.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify +mosip.esignet.captcha-validator.secret=${esignet.captcha.secret.key} +mosip.esignet.captcha-validator.site-key=${esignet.captcha.site.key} + +# IDA integration props +mosip.esignet.authenticator.ida-auth-id=mosip.identity.kycauth +mosip.esignet.authenticator.ida-exchange-id=mosip.identity.kycexchange +mosip.esignet.authenticator.ida-send-otp-id=mosip.identity.otp +mosip.esignet.authenticator.ida-version=1.0 +mosip.esignet.authenticator.ida-domainUri=https://${mosip.esignet.host} +mosip.esignet.authenticator.ida.cert-url=${mosip.file.server.url}/mosip-certs/ida-partner.cer +mosip.esignet.authenticator.ida.kyc-auth-url=${mosip.ida.auth.url}/idauthentication/v1/kyc-auth/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.kyc-exchange-url=${mosip.ida.auth.url}/idauthentication/v1/kyc-exchange/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.send-otp-url=${mosip.ida.otp.url}/idauthentication/v1/otp/${mosip.esignet.misp.license.key}/ +mosip.esignet.binder.ida.key-binding-url=${mosip.ida.auth.url}/idauthentication/v1/identity-key-binding/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.get-certificates-url=${mosip.ida.internal.url}/idauthentication/v1/internal/getAllCertificates +mosip.esignet.authenticator.ida.auth-token-url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +mosip.esignet.authenticator.ida.audit-manager-url=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.esignet.authenticator.ida.client-id=mosip-ida-client +mosip.esignet.authenticator.ida.secret-key=${mosip.ida.client.secret} +mosip.esignet.authenticator.ida.app-id=ida +mosip.esignet.authenticator.ida-env=Developer +mosip.esignet.authenticator.ida.otp-channels=email,phone + +mosip.esignet.ida.vci-user-info-cache=userinfo +mosip.esignet.ida.vci-exchange-id=mosip.identity.vciexchange +mosip.esignet.ida.vci-exchange-version=1.0 +mosip.esignet.ida.vci-exchange-url=https://${mosip.api.internal.host}/idauthentication/v1/vci-exchange/delegated/${mosip.esignet.misp.license.key}/ + +# Mock IDA integration props +mosip.esignet.mock.authenticator.get-identity-url=https://${mosip.api.public.host}/v1/mock-identity-system/identity +mosip.esignet.mock.authenticator.kyc-auth-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-auth +mosip.esignet.mock.authenticator.kyc-exchange-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-exchange +mosip.esignet.mock.authenticator.ida.otp-channels=${mosip.esignet.authenticator.ida.otp-channels} +mosip.esignet.mock.authenticator.send-otp=https://${mosip.api.public.host}/v1/mock-identity-system/send-otp +mosip.esignet.mock.supported.bind-auth-factor-types={'WLA'} +mosip.esignet.mock.vciplugin.verification-method=${mosip.esignet.vci.authn.jwk-set-uri} + +## ------------------------------------------ oauth & openid supported values ------------------------------------------ + +## supported scopes +mosip.esignet.supported.authorize.scopes={'Manage-Identity-Data','Manage-VID','Manage-Authentication','Manage-Service-Requests','Manage-Credentials'} +mosip.esignet.supported.openid.scopes={'profile','email','phone'} +mosip.esignet.openid.scope.claims={'profile' : {'name','address','gender','birthdate','picture','email','phone_number'},'email' : {'email'}, 'phone' : {'phone_number'}} +mosip.esignet.supported.credential.scopes={'mock_identity_vc_ldp', 'mosip_identity_vc_ldp'} +mosip.esignet.credential.scope-resource-mapping={'mock_identity_vc_ldp' : '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', 'mosip_identity_vc_ldp': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential'} + +## supported authorization processing flow to be used, Currently only supports Authorization Code Flow. +mosip.esignet.supported.response.types={'code'} + +## Form of Authorization Grant presented to token endpoint +mosip.esignet.supported.grant.types={'authorization_code'} + +## specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User +# page-The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. +# popup-The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. +# touch-The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. +# wap-The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display. +mosip.esignet.supported.ui.displays={'page','popup','touch','wap'} + +## specifies whether the Authorization Server prompts the End-User for reauthentication and consent +# none-The Authorization Server MUST NOT display any authentication or consent user interface pages. +# An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent +# for the requested Claims or does not fulfill other conditions for processing the request. +# The error code will typically be login_required, interaction_required, or another code defined in Section 3.1.2.6. +# This can be used as a method to check for existing authentication and/or consent. +# login-The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, \ +# it MUST return an error, typically login_required. +# consent-The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. +# If it cannot obtain consent, it MUST return an error, typically consent_required. +# select_account-The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User +# who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current +# sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, +# typically account_selection_required. +mosip.esignet.supported.ui.prompts={'none','login','consent','select_account'} + +## Type of the client assertion +mosip.esignet.supported.client.assertion.types={'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'} + +## Type of the client authentication methods for token endpoint +mosip.esignet.supported.client.auth.methods={'private_key_jwt'} + +## Only S256 method supported +mosip.esignet.supported-pkce-methods={'S256'} + +## ---------------------------------------- Cache configuration -------------------------------------------------------- + +mosip.esignet.cache.secure.individual-id=true +mosip.esignet.cache.store.individual-id=true +mosip.esignet.cache.security.secretkey.reference-id=TRANSACTION_CACHE +mosip.esignet.cache.security.algorithm-name=AES/ECB/PKCS5Padding + +mosip.esignet.cache.names=clientdetails,preauth,authenticated,authcodegenerated,userinfo,linkcodegenerated,linked,linkedcode,linkedauth,consented,authtokens,bindingtransaction,vcissuance,apiRateLimit,blocked + +#spring.cache.type=redis +#spring.cache.cache-names=${mosip.esignet.cache.names} +#spring.redis.host=localhost +#spring.redis.port=6379 +management.health.redis.enabled=false + +# 'simple' cache type is only applicable only for Non-Production setup +spring.cache.type=simple +mosip.esignet.cache.key.hash.algorithm=SHA3-256 + +# Cache size setup is applicable only for 'simple' cache type. +# Cache size configuration will not be considered with 'Redis' cache type +mosip.esignet.cache.size={'clientdetails' : 200, \ +'preauth': 200, \ +'authenticated': 200, \ +'authcodegenerated': 200, \ +'userinfo': 200, \ +'linkcodegenerated' : 500, \ +'linked': 200 , \ +'linkedcode': 200, \ +'linkedauth' : 200 , \ +'consented' :200, \ +'authtokens': 2, \ +'bindingtransaction': 200, \ +'vcissuance' : 200, \ +'apiRateLimit' : 500, \ +'blocked': 500 } + +# Cache expire in seconds is applicable for both 'simple' and 'Redis' cache type +mosip.esignet.cache.expire-in-seconds={'clientdetails' : 86400, \ +'preauth': 300,\ +'authenticated': ${mosip.esignet.authentication-expire-in-secs}, \ +'authcodegenerated': 60, \ +'userinfo': ${mosip.esignet.access-token-expire-seconds}, \ +'linkcodegenerated' : ${mosip.esignet.link-code-expire-in-secs}, \ +'linked': 120, \ +'linkedcode': ${mosip.esignet.link-code-expire-in-secs}, \ +'linkedauth' : ${mosip.esignet.authentication-expire-in-secs}, \ +'consented': 60, \ +'authtokens': 86400, \ +'bindingtransaction': 600, \ +'vcissuance': ${mosip.esignet.access-token-expire-seconds}, \ +'apiRateLimit' : 180, \ +'blocked': 300 } + +## ------------------------------------------ Discovery openid-configuration ------------------------------------------- + +mosip.esignet.domain.url=https://${mosip.esignet.host} +mosip.esignet.discovery.issuer-id=${mosip.esignet.domain.url}${server.servlet.path} + +# This property holds ./wellknown/jwks.json URL, +# for local deployments without esignet-ui nginx change the value to ${mosip.esignet.domain.url}${server.servlet.path}/oauth/.well-known/jwks.json +mosip.esignet.jwks-uri=${mosip.esignet.domain.url}/.well-known/jwks.json + +mosip.esignet.token.endpoint=${mosip.esignet.domain.url}${server.servlet.path}/oauth/v2/token + +mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ + \ 'token_endpoint': '${mosip.esignet.token.endpoint}' , \ + \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'},\ + \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'grant_types_supported' : ${mosip.esignet.supported.grant.types},\ + \ 'response_types_supported' : ${mosip.esignet.supported.response.types}} + +mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ + \ 'token_endpoint': '${mosip.esignet.token.endpoint}' ,\ + \ 'userinfo_endpoint' : '${mosip.esignet.domain.url}${server.servlet.path}/oidc/userinfo' ,\ + \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ + \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ + \ 'response_types_supported' : ${mosip.esignet.supported.response.types}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'}, \ + \ 'userinfo_signing_alg_values_supported' : {'RS256'}, \ + \ 'userinfo_encryption_alg_values_supported' : {'RSAXXXXX'},\ + \ 'userinfo_encryption_enc_values_supported' : {'A128GCM'}, \ + \ 'id_token_signing_alg_values_supported' : {'RS256'}, \ + \ 'claim_types_supported': {'normal'}, \ + \ 'claims_parameter_supported' : true, \ + \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ + \ 'subject_types_supported' : { 'pairwise' }, \ + \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id'}, \ + \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics', 'mosip:idp:acr:knowledge'},\ + \ 'request_parameter_supported' : false, \ + \ 'claims_locales_supported' : {'en'}, \ + \ 'ui_locales_supported' : {'en'} } + +##----------------------------------------- Database properties -------------------------------------------------------- + +mosip.esignet.database.hostname=postgres-postgresql.postgres +mosip.esignet.database.port=5432 +spring.datasource.url=jdbc:postgresql://${mosip.esignet.database.hostname}:${mosip.esignet.database.port}/mosip_esignet?currentSchema=esignet +spring.datasource.username=esignetuser +spring.datasource.password=${db.dbuser.password} + +spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect +spring.jpa.show-sql=false +spring.jpa.hibernate.ddl-auto=none +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +#------------------------------------ Key-manager specific properties -------------------------------------------------- +#Crypto asymmetric algorithm name +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +#Crypto symmetric algorithm name +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +#Keygenerator asymmetric algorithm name +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +#Keygenerator symmetric algorithm name +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +#Asymmetric algorithm key length +mosip.kernel.keygenerator.asymmetric-key-length=2048 +#Symmetric algorithm key length +mosip.kernel.keygenerator.symmetric-key-length=256 +#Encrypted data and encrypted symmetric key separator +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +#GCM tag length +mosip.kernel.crypto.gcm-tag-length=128 +#Hash algo name +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +#Symmtric key length used in hash +mosip.kernel.crypto.hash-symmetric-key-length=256 +#No of iterations in hash +mosip.kernel.crypto.hash-iteration=100000 +#Sign algo name +mosip.kernel.crypto.sign-algorithm-name=RS256 +#Certificate Sign algo name +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +#mosip.kernel.keymanager.hsm.config-path=local.p12 +#mosip.kernel.keymanager.hsm.keystore-type=PKCS12 +#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin} + +#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE +mosip.kernel.keymanager.hsm.keystore-type=PKCS11 +# For PKCS11 provide Path of config file. +# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. +# For Offline & JCE property can be left blank, specified value will be ignored. +mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf +# Passkey of keystore for PKCS11, PKCS12 +# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.esignet.security.pin} + + +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io +mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP +mosip.kernel.keymanager.softhsm.certificate.organization=IITB +mosip.kernel.keymanager.softhsm.certificate.country=IN + +# Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS +mosip.kernel.partner.allowed.domains=DEVICE + +mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate +mosip.kernel.keymanager.jwtsign.validate.json=false +mosip.keymanager.dao.enabled=false +crypto.PrependThumbprint.enable=true + +mosip.kernel.keymgr.hsm.health.check.enabled=true +mosip.kernel.keymgr.hsm.health.key.app-id=OIDC_SERVICE +mosip.kernel.keymgr.hsm.healthkey.ref-id=TRANSACTION_CACHE +mosip.kernel.keymgr.hsm.health.check.encrypt=true + +## -------------------------------------------- IDP-UI config ---------------------------------------------------------- +# NOTE: +# 1. linked-transaction-expire-in-secs value should be a sum of 'mosip.esignet.authentication-expire-in-secs' and 'linked' cache expire in seconds under mosip.esignet.cache.expire-in-seconds property +# 2. A new Qrcode will be autogenerated before the expiry of current qr-code, and the time difference in seconds for the same is defined in wallet.qr-code-buffer-in-secs property +# 3. If esignet is deployed with MOSIP IDA, then 'resend.otp.delay.secs' must be the same as 'mosip.kernel.otp.expiry-time' + +mosip.esignet.ui.wallet.config={{'wallet.name': 'walletName', 'wallet.logo-url': '/images/qr_code.png', 'wallet.download-uri': '#', \ + 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' }} + +mosip.esignet.ui.signup.config={'signup.banner': true, 'signup.url': 'https://${mosip.signup.host}/signup'} + +mosip.esignet.ui.forgot-password.config={'forgot-password': true, 'forgot-password.url': 'https://${mosip.signup.host}/reset-password'} + +## Configuration required to display KBI form. +# individual-id-field is set with field id which should be considered as an individual ID in the authenticate request. +# form-details holds the list of field details like below: +# id -> unique field Id, type -> holds datatype, format -> only supported for date fields, regex -> pattern to validate the input value, maxLength -> number of allowed characters +# Example: mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id': '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^[A-Za-z\\s]{1,}[\\.]{0,1}[A-Za-z\\s]{0,}$'},{'id':'dob', 'type':'date', 'format':'dd/mm/yyyy'}} +mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field= +mosip.esignet.authenticator.default.auth-factor.kba.field-details={} + +## Configuration Map input to UI at the start of every transaction. +mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ + 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \ + 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \ + 'resend.otp.delay.secs': ${mosip.kernel.otp.expiry-time}, 'send.otp.channels' : '${mosip.esignet.authenticator.ida.otp-channels}', \ + 'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '${mosip.esignet.captcha.required}', \ + 'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ + 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': '4501-4600', \ + 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': ${mosip.esignet.auth-challenge.OTP.max-length}, \ + 'password.regex': '^.{8,20}$', \ + 'password.max-length': ${mosip.esignet.auth-challenge.PWD.max-length}, \ + 'username.regex': '^[0-9]{10,30}$',\ + 'username.prefix': '', \ + 'username.postfix': '', \ + 'username.max-length': 16, \ + 'username.input-type': 'number', 'wallet.config': ${mosip.esignet.ui.wallet.config}, \'signup.config': ${mosip.esignet.ui.signup.config}, \ + 'forgot-password.config': ${mosip.esignet.ui.forgot-password.config}, \ + 'error.banner.close-timer': 10,\ + 'auth.factor.kba.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}',\ + 'auth.factor.kba.field-details': ${mosip.esignet.authenticator.default.auth-factor.kba.field-details} } + +## ---------------------------------------------- VCI ------------------------------------------------------------------ +# Used to verify audience in the PoP JWT +mosip.esignet.vci.identifier=${mosip.esignet.domain.url} +mosip.esignet.vci.authn.filter-urls={ '${server.servlet.path}/vci/credential' } +# Change this if the VCI is used with different OAUTH2.0 server +mosip.esignet.vci.authn.issuer-uri=${mosip.esignet.discovery.issuer-id} +mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.jwks-uri} + +mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential' } + +mosip.esignet.cnonce-expire-seconds=40 +mosip.esignet.vci.supported.jwt-proof-alg={'RS256','PS256'} +mosip.esignet.vci.key-values={\ + 'v11' : { \ + 'credential_issuer': '${mosip.esignet.vci.identifier}', \ + 'credential_endpoint': '${mosipbox.public.url}${server.servlet.path}/vci/credential', \ + 'credentials_supported': {\ + {\ + 'format': 'ldp_vc',\ + 'id': 'MockVerifiableCredential_ldp', \ + 'scope' : 'mock_identity_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'RsaSignature2018'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential','MockVerifiableCredential'},\ + 'credentialSubject': {\ + 'name': { 'display': {{'name': 'Given Name', 'locale': 'en' }}}, \ + 'age': { 'display': {{ 'name': 'Age', 'locale': 'en'}}}\ + }\ + },\ + 'display': {{'name': 'Mock Verifiable Credential by e-Signet', \ + 'locale': 'en', \ + 'logo': {'url': '${mosipbox.public.url}/logo.png', 'alt_text': 'a square logo of a MOSIP'},\ + 'background_color': '#12107c',\ + 'text_color': '#FFFFFF'}}\ + },\ + {\ + 'format': 'ldp_vc',\ + 'id': 'MOSIPVerifiableCredential', \ + 'scope' : 'mosip_identity_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'RsaSignature2018'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential','MOSIPVerifiableCredential'},\ + 'credentialSubject': {\ + 'fullName': { 'display': {{'name': 'Full Name', 'locale': 'en' }}},\ + 'phone': { 'display': {{'name': 'Phone Number', 'locale': 'en' }}},\ + 'dateOfBirth': { 'display': {{'name': 'DOB', 'locale': 'en' }}},\ + 'gender': { 'display': {{'name': 'Gender', 'locale': 'en' }}},\ + 'residenceStatus': { 'display': {{'name': 'Residence Status', 'locale': 'en' }}},\ + 'email': { 'display': {{'name': 'Email Id', 'locale': 'en' }}},\ + 'region': { 'display': {{'name': 'Region', 'locale': 'en' }}},\ + 'province': { 'display': {{'name': 'Province', 'locale': 'en' }}},\ + 'city': { 'display': {{'name': 'City', 'locale': 'en' }}},\ + 'postalCode': { 'display': {{'name': 'Postal Code', 'locale': 'en' }}}\ + }\ + },\ + 'display': {{'name': 'MOSIP Verifiable Credential by e-Signet', \ + 'locale': 'en', \ + 'logo': {'url': '${mosipbox.public.url}/logo.png','alt_text': 'a square logo of a MOSIP'},\ + 'background_color': '#12107c',\ + 'text_color': '#FFFFFF'}}\ + }\ + }\ + },\ + 'latest' : {\ + 'credential_issuer': '${mosip.esignet.vci.identifier}', \ + 'credential_endpoint': '${mosipbox.public.url}${server.servlet.path}/vci/credential', \ + 'display': {{'name': 'e-Signet', 'locale': 'en'}},\ + 'credentials_supported' : { \ + "MockVerifiableCredential_ldp" : {\ + 'format': 'ldp_vc',\ + 'scope' : 'mock_identity_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'RsaSignature2018'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential','MockVerifiableCredential'},\ + 'credentialSubject': {\ + 'name': { 'display': {{'name': 'Given Name', 'locale': 'en' }}}, \ + 'age': { 'display': {{ 'name': 'Age', 'locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Mock Verifiable Credential by e-Signet', \ + 'locale': 'en', \ + 'logo': {'url': '${mosipbox.public.url}/logo.png',\ + 'alt_text': 'a square logo of a MOSIP'},\ + 'background_color': '#12107c',\ + 'text_color': '#FFFFFF'}}\ + }, \ + 'MOSIPVerifiableCredential_ldp' : {\ + 'format': 'ldp_vc',\ + 'scope' : 'mosip_identity_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'RsaSignature2018'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential','MOSIPVerifiableCredential'},\ + 'credentialSubject': {\ + 'fullName': { 'display': {{'name': 'Full Name', 'locale': 'en' }}},\ + 'phone': { 'display': {{'name': 'Phone Number', 'locale': 'en' }}},\ + 'dateOfBirth': { 'display': {{'name': 'DOB', 'locale': 'en' }}},\ + 'gender': { 'display': {{'name': 'Gender', 'locale': 'en' }}},\ + 'residenceStatus': { 'display': {{'name': 'Residence Status', 'locale': 'en' }}},\ + 'email': { 'display': {{'name': 'Email Id', 'locale': 'en' }}},\ + 'region': { 'display': {{'name': 'Region', 'locale': 'en' }}},\ + 'province': { 'display': {{'name': 'Province', 'locale': 'en' }}},\ + 'city': { 'display': {{'name': 'City', 'locale': 'en' }}},\ + 'postalCode': { 'display': {{'name': 'Postal Code', 'locale': 'en' }}}\ + }},\ + 'display': {{'name': 'MOSIP Verifiable Credential by e-Signet', \ + 'locale': 'en', \ + 'logo': {'url': '${mosipbox.public.url}/logo.png','alt_text': 'a square logo of a MOSIP'},\ + 'background_color': '#12107c',\ + 'text_color': '#FFFFFF'}}\ + }\ + }\ + }\ + } +## -------------------------------------------- Others ---------------------------------------------------------- + +#logging.level.org.springframework.web.client.RestTemplate=DEBUG +#logging.level.io.mosip.esignet=INFO diff --git a/sandbox/hazelcast_cache-mz.xml b/hazelcast_cache.xml similarity index 55% rename from sandbox/hazelcast_cache-mz.xml rename to hazelcast_cache.xml index 3009e119cb0..b9d53358e65 100644 --- a/sandbox/hazelcast_cache-mz.xml +++ b/hazelcast_cache.xml @@ -1,53 +1,92 @@ - - - - - + http://www.hazelcast.com/schema/config/hazelcast-config-3.12.xsd"> - dev + + dev + + 5701 + + + 0 + - - + + 224.2.2.3 + 54327 + + + 127.0.0.1 + + 127.0.0.1 + + + + my-access-key + my-secret-key + + us-west-1 + + ec2.amazonaws.com + + hazelcast-sg + type + hz-nodes + + + us-east1-b,us-east1-c + + + CLIENT_ID + CLIENT_SECRET + TENANT_ID + SUB_ID + HZLCAST001 + GROUP-NAME + + + packetmanager + + + true + hazelcast + - - - service-hazelcast-server.default.svc.cluster.local - - + + 10.10.1.* + + + + + + PBEWithMD5AndDES + + thesalt + + thepass + + 19 + + + + - 16 @@ -118,16 +157,41 @@ will get automatically evicted from the map. Any integer between 0 and Integer.MAX_VALUE. 0 means infinite. Default is 0 --> - 30 + 300 - 60 - - + 300 + + LRU + + 0 + + 25 + + 100 com.hazelcast.spi.merge.PutIfAbsentMergePolicy @@ -156,6 +219,34 @@ + + + mapName + 10000 + 0 + + + + cacheName + 10000 + 0 + + + + + mapName + 10 + + 1 SET @@ -179,6 +270,22 @@ com.hazelcast.spi.merge.PutIfAbsentMergePolicy + + 0 + + 0 + 0 + 1000 + true + CANCEL_RUNNING_OPERATION + + + + 0 + 1 + 0 + + 10 BLOCK @@ -197,18 +304,27 @@ 100 600000 - 1514764800000 + 0 0 - 6 - 16 - 15000 true + + com.hazelcast.spi.merge.PutIfAbsentMergePolicy + + + + com.hazelcast.spi.merge.PutIfAbsentMergePolicy + + + + 0 + + @@ -237,7 +353,7 @@ 0 0 - 30 + 300 5 14400 false @@ -251,12 +367,5 @@ 100 - - - - 5 - - - 5 - + diff --git a/sandbox/hazelcast_mz-mz.xml b/hazelcast_default.xml similarity index 90% rename from sandbox/hazelcast_mz-mz.xml rename to hazelcast_default.xml index 040c52de759..b817639f0be 100644 --- a/sandbox/hazelcast_mz-mz.xml +++ b/hazelcast_default.xml @@ -13,7 +13,7 @@ xmlns="http://www.hazelcast.com/schema/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - true + false slf4j @@ -25,10 +25,10 @@ - - service-hazelcast-server.default.svc.cluster.local + service-hazelcast-server.default diff --git a/sandbox/hotlist-mz.properties b/hotlist-default.properties similarity index 51% rename from sandbox/hotlist-mz.properties rename to hotlist-default.properties index cd7e18bf639..cbf0d64c517 100644 --- a/sandbox/hotlist-mz.properties +++ b/hotlist-default.properties @@ -1,71 +1,83 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# mosip.hotlist.client.secret spring.application.name=HOTLIST -#------------------------- Dynamic properties ------------------------------------------------------------# -# Hotlist database url -mosip.hotlist.db.url=postgres - -# Hotlist database port -mosip.hotlist.db.port=80 - -# Hotlist database name +## DB +mosip.hotlist.db.url=postgres-postgresql.postgres +mosip.hotlist.db.port=5432 mosip.hotlist.db.db-name=mosip_hotlist - -# Hotlist database username mosip.hotlist.db.username=hotlistuser - -# Hotlist database password (encrypted) -mosip.hotlist.db.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -# Hotlist database drive class name +mosip.hotlist.db.password=${db.dbuser.password} mosip.hotlist.db.driverClassName=org.postgresql.Driver - -# Hotlist database dialect mosip.hotlist.db.dialect=org.hibernate.dialect.PostgreSQL92Dialect -#------------------------- Data validation properties -----------------------------------------------------# -mosip.hotlist.allowedIdTypes=UIN,VID,MACHINE_ID,PARTNER_API_KEY,OPERATOR_ID,CENTER_ID,DEVICE_ID,DEVICE_MODEL,FTM_PUBLIC_KEY +## Data validation +mosip.hotlist.allowedIdTypes=UIN,VID,MACHINE_ID,PARTNER_ID,OPERATOR_ID,CENTER_ID,DEVICE,DEVICE_MODEL,FTM_PUBLIC_KEY,DEVICE_PROVIDER -#------------------------- Data Source properties ---------------------------------------------------------# +## Data source mosip.hotlist.datasource.driverClassName=${mosip.hotlist.db.driverClassName} mosip.hotlist.datasource.username=${mosip.hotlist.db.username} mosip.hotlist.datasource.password=${mosip.hotlist.db.password} mosip.hotlist.datasource.url=jdbc:postgresql://${mosip.hotlist.db.url}:${mosip.hotlist.db.port}/${mosip.hotlist.db.db-name} mosip.hotlist.datasource.dialect=${mosip.hotlist.db.dialect} -#------------------------- Web sub properties -------------------------------------------------------------# -#Web sub topic -mosip.hotlist.topic-to-publish=HOTLIST +#Admin hotlist service authentication details +mosip.admin.hotlist.auth.client-id=mosip-hotlist-client +mosip.admin.hotlist.auth.secret-key=${mosip.hotlist.client.secret} +mosip.admin.hotlist.auth.app-id=hotlist + +# Websub +mosip.hotlist.topic-to-publish=MOSIP_HOTLIST -#------------------------- Encryption/Decryption properties -----------------------------------------------# -# App Id for Encryption/Decryption -mosip.hotlist.crypto.app-id=hotlist +#Auth Adapter +mosip.iam.adapter.clientid.HOTLIST=${mosip.admin.hotlist.auth.client-id} +mosip.iam.adapter.clientsecret.HOTLIST=${mosip.admin.hotlist.auth.secret-key} +mosip.iam.adapter.appid.HOTLIST=${mosip.admin.hotlist.auth.app-id} +mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey -# Ref Id for Encryption/Decryption -mosip.hotlist.crypto.app-id=id_encrypt_decrypt +## Encryption/decyrption +mosip.hotlist.crypto.app-id=ADMIN_SERVICES +mosip.hotlist.crypto.ref-id=hotlist_service -#-------------------------Hotlist cleanup schedule details ------------------------------------------------# +## Cleanup schedule # Initial delay in Hours mosip.hotlist.cleanup-schedule.init-delay=24 - #Fixed delay in which cleanup will be done in Hours mosip.hotlist.cleanup-schedule.fixed-rate=24 -#----------------------------------REST-services ----------------------------------------------------------# -mosip.idrepo.audit.rest.uri=http://kernel-auditmanager-service/v1/auditmanager/audits +## REST services +mosip.idrepo.audit.rest.uri=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits mosip.idrepo.audit.rest.httpMethod=POST mosip.idrepo.audit.rest.headers.mediaType=application/json -mosip.hotlist.encryptor.rest.uri=http://kernel-keymanager-service/v1/keymanager/encrypt +mosip.hotlist.encryptor.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt mosip.hotlist.encryptor.rest.httpMethod=POST mosip.hotlist.encryptor.rest.headers.mediaType=application/json mosip.hotlist.encryptor.rest.timeout=100 -mosip.hotlist.decryptor.rest.uri=http://kernel-keymanager-service/v1/keymanager/decrypt +mosip.hotlist.decryptor.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt mosip.hotlist.decryptor.rest.httpMethod=POST mosip.hotlist.decryptor.rest.headers.mediaType=application/json mosip.hotlist.decryptor.rest.timeout=100 -#----------------------------------Kernel Retry Configurations --------------------------------------------# +mosip.hotlist.audit.rest.uri=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.hotlist.audit.rest.httpMethod=POST +mosip.hotlist.audit.rest.headers.mediaType=application/json + +# in minutes +mosip.iam.adapter.validate-expiry-check-rate=15 +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=15 +#this should be false if you don?t use the self token restTemplate from auth adapter true if you do (needed for websubclient). +mosip.iam.adapter.self-token-renewal-enable=true +mosip.auth.filter_disable=false + + + +## Retry configs # The retry limit excluding the first attempt before attempting for retries. Default is set to 5. kernel.retry.attempts.limit=5 # The initial interval to be used for exponential backoff in milli seconds. If the exponential backoff is disabled by setting 'kernel.retry.exponential.backoff.multiplier' value as 1, this initial interval will be used as the fixed backoff interval for every retries. Default value is 200 millisecs @@ -78,4 +90,11 @@ kernel.retry.traverse.root.cause.enabled=false #Comma separated List of fully qualified Exceptions which are retryable (inclusion list). Their subclasses will also be considered in the evaluation. kernel.retry.retryable.exceptions=io.mosip.hotlist.exception.HotlistRetryException #Comma separated List of fully qualified Exceptions which are not-retryable (exclusion list). Their subclasses will also be considered in the evaluation. -kernel.retry.nonretryable.exceptions= \ No newline at end of file +kernel.retry.nonretryable.exceptions= + +# Roles authorized for hotlist APIs +mosip.role.admin.hotlist.postHotlistBlock=HOTLIST_ADMIN,HOTLIST_ADMIN +mosip.role.admin.hotlist.getHotlistStatus=HOTLIST_ADMIN,HOTLIST_ADMIN,REGISTRATION_PROCESSOR,RESIDENT,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,ID_AUTHENTICATION,ID_REPOSITORY +mosip.role.admin.hotlist.postHotlistUnblock=HOTLIST_ADMIN,HOTLIST_ADMIN + +auth.server.admin.allowed.audience=mosip-hotlist-client,mosip-regproc-client,mosip-ida-client,mosip-idrepo-client diff --git a/id-authentication-default.properties b/id-authentication-default.properties new file mode 100644 index 00000000000..198c3aab59e --- /dev/null +++ b/id-authentication-default.properties @@ -0,0 +1,662 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# ida.websub.authtype.callback.secret +# ida.websub.credential.issue.callback.secret +# ida.websub.partner.service.callback.secret +# ida.websub.ca.certificate.callback.secret +# ida.websub.hotlist.callback.secret +# mosip.kernel.tokenid.uin.salt +# mpartner.default.auth.secret +# mosip.kernel.tokenid.partnercode.salt +# softhsm.ida.security.pin +# ida.websub.masterdata.templates.callback.secret +# ida.websub.masterdata.titles.callback.secret + +## Client +# The Online Verification partner ID associated to the IDA instance. +# This is used to subscribe to the credential issuance event notification sent by credential service. +# for the particular Online Verification partner. +# This credential issueance notification is handled inside Internal Authentication module. +# The credentials issued to the partner will be as per the data-share policy associated to the partner. +# TO DO: Change the property key to online-verification-partner-id +ida-auth-partner-id=mpartner-default-auth +# Kernel auth client ID for IDA +#Note: since the Online verification Partner ID is used as client ID, for a different IDA instance, this needs to be changed accordingly +#and also to be added to the 'auth.server.admin.allowed.audience' property of all dependency modules. +mosip.ida.auth.clientId=${ida-auth-partner-id} +mosip.ida.auth.secretKey=${mpartner.default.auth.secret} + +mosip.ida.auth.appId=ida + +## Database +# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +# If database is external to production, provide the DNS or ip of the host and port +mosip.ida.database.hostname=postgres-postgresql.postgres +mosip.ida.database.port=5432 +mosip.ida.database.user=idauser +mosip.ida.database.password=${db.dbuser.password} + +javax.persistence.jdbc.driverClassName=org.postgresql.Driver +javax.persistence.jdbc.driver=org.postgresql.Driver +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.ida.database.hostname}:${mosip.ida.database.port}/mosip_ida +javax.persistence.jdbc.user=${mosip.ida.database.user} +javax.persistence.jdbc.username=${mosip.ida.database.user} +javax.persistence.jdbc.password=${mosip.ida.database.password} +javax.persistence.jdbc.schema=ida +javax.persistence.jdbc.uinHashTable=uin_hash_salt +javax.persistence.jdbc.uinEncryptTable=uin_encrypt_salt + +## Hibernate +hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect +hibernate.jdbc.lob.non_contextual_creation=true +hibernate.hbm2ddl.auto=none +hibernate.format_sql=true +hibernate.connection.charSet=utf8 +hibernate.cache.use_second_level_cache=false +hibernate.cache.use_query_cache=false +hibernate.cache.use_structured_entries=false +hibernate.generate_statistics=false +spring.datasource.initialization-mode=never +hibernate.temp.use_jdbc_metadata_defaults=false +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +log4j.logger.org.hibernate=warn +hibernate.show_sql=false + +application.id=IDA +application.name=ID-Authentication + +## Reference ID used for crypto manager in authentication (for request body) +partner.reference.id=PARTNER +## Reference ID used for crypto manager in internal authentication (for request body) +internal.reference.id=INTERNAL +## Reference ID used for crypto manager in authentication for biometrics +## TO DO: Value to be Changed to IDA-BIO +partner.biometric.reference.id=IDA-FIR +## Reference ID used for crypto manager in internal authentication for biometrics +internal.biometric.reference.id=INTERNAL + +identity-cache.reference.id=IDENTITY_CACHE +mosip.sign.applicationid=${application.id} +mosip.sign.refid=SIGN + +## Kernel Symmetric Key decryption bytes count for AAD +ida.aad.lastbytes.num=16 +## Kernel Symmetric Key decryption bytes count for Salt +ida.salt.lastbytes.num=12 + +## Request timeout used across all REST API calls in IDA +mosip.ida.request.timeout.secs=10 +## Common JSON media type used across all REST API calls in IDA +mosip.ida.request.mediaType=application/json + +## IDA mapping +ida.mapping.json.filename=identity-mapping.json +mosip.ida.mapping.json-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/${ida.mapping.json.filename} +ida.mapping.property.source=url:${mosip.ida.mapping.json-uri} + +idp.amr-acr.mapping.json.filename=amr-acr-mapping.json +mosip.idp.amr-acr.mapping.json-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/${idp.amr-acr.mapping.json.filename} +idp.amr-acr.ida.mapping.property.source=${mosip.idp.amr-acr.mapping.json-uri} + +# The attribute name in the Mapping Json used to fetch Anonymous profile preferred language attribute +mosip.preferred.language.attribute.name=preferredLanguage +# The attribute name in the Mapping Json used to fetch Anonymous profile location attributes +mosip.location.profile.attribute.name=locationHierarchyForProfiling +# Used in Child Auth Filter +mosip.date-of-birth.attribute.name=dateOfBirth +# Used in DOB matching and Child Auth filter +mosip.date-of-birth.pattern=yyyy/MM/dd + +# The separators for composite ID Attribute such as fullAddress. +# By default the separator is space. +# Usage: ida.id.attribute.separator.= +# For Example, full address attributes are separated with comman (,). +ida.id.attribute.separator.fullAddress=, + +## Biosdk +## Url below assumes the biosdk server is running inside cluster in `biosdk` namespace +mosip.biosdk.default.service.url=${mosip.mock.biosdk.url}/biosdk-service +## For real biosdk +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Finger modality +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.version=0.9 +# The default URL will be taken if no format specified in the extraction or the incoming extraction format is not configured. +# If the below default configuration is not configured, the one of the configured url will be used as the default URL. +# If no URL is configured, the default URL will be taken from the environment variable 'mosip_biosdk_service'. +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url} +# The fully qualified Class Name of the BIO SDK API implemented for Iris modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Iris modality +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url} +# The fully qualified Class Name of the BIO SDK API implemented for Face modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Face modality +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url} + +## Kernel-Audit +audit.rest.uri=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +audit.rest.httpMethod=POST +audit.rest.headers.mediaType=${mosip.ida.request.mediaType} +audit.rest.timeout=${mosip.ida.request.timeout.secs} + +## Kernel OTP Validator +otp-validate.rest.uri=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/validate +otp-validate.rest.httpMethod=GET +otp-validate.rest.headers.mediaType=${mosip.ida.request.mediaType} +otp-validate.rest.timeout=${mosip.ida.request.timeout.secs} + +## Kernel OTP Generator +otp-generate.rest.uri=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/generate +otp-generate.rest.httpMethod=POST +otp-generate.rest.headers.mediaType=${mosip.ida.request.mediaType} +otp-generate.rest.timeout=${mosip.ida.request.timeout.secs} + +## Mail Notification +mail-notification.rest.uri=${mosip.kernel.notification.url}/v1/notifier/email/send +mail-notification.rest.httpMethod=POST +mail-notification.rest.headers.mediaType=multipart/form-data +mail-notification.rest.timeout=${mosip.ida.request.timeout.secs} + +## SMS Notification +sms-notification.rest.uri=${mosip.kernel.notification.url}/v1/notifier/sms/send +sms-notification.rest.httpMethod=POST +sms-notification.rest.headers.mediaType=${mosip.ida.request.mediaType} +sms-notification.rest.timeout=${mosip.ida.request.timeout.secs} + +## Get Identity Data for RID (with type specified as query param) - Used in Internal Auth based on User ID +rid-uin.rest.uri=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid/{rid}?type={type} +rid-uin.rest.httpMethod=GET +rid-uin.rest.headers.mediaType=${mosip.ida.request.mediaType} +rid-uin.rest.timeout=${mosip.ida.request.timeout.secs} + +## Get Identity Data for RID (without type specified) - Used in Internal Auth based on User ID +rid-uin-auth.rest.uri=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid/{rid} +rid-uin-auth.rest.httpMethod=GET +rid-uin-auth.rest.headers.mediaType=${mosip.ida.request.mediaType} +rid-uin-auth.rest.timeout=${mosip.ida.request.timeout.secs} + +## Partner service API to validate MISP Lisence Key - Partner ID - Partner API Key combination +id-pmp-service.rest.uri=${mosip.pms.partnermanager.url}/v1/partnermanager/partners/{partner_id}/apikey/{partner_api_key}/misp/{misp_license_key}/validate?needPartnerCert={need_partner_cert} +id-pmp-service.rest.httpMethod=GET +id-pmp-service.rest.headers.mediaType=${mosip.ida.request.mediaType} +id-pmp-service.rest.timeout=${mosip.ida.request.timeout.secs} + +## Data Share API configurations - used to download data from data share URL provided in credential issueance event +data-share-get.rest.uri=dummy_url_to_be_replaced_in_runtime +data-share-get.rest.httpMethod=GET +data-share-get.rest.headers.mediaType=application/octet-stream +data-share-get.rest.timeout=10 +data-share-get-decrypt-ref-id=${ida-auth-partner-id} + +## Title Service rest api-GET +id-masterdata-title-service.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/title +id-masterdata-title-service.rest.httpMethod=GET +id-masterdata-title-service.rest.headers.mediaType=${mosip.ida.request.mediaType} +id-masterdata-title-service.rest.timeout=${mosip.ida.request.timeout.secs} + +## Master Data - Template Single Language +id-masterdata-template-service.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/templates/{langcode}/{templatetypecode} +id-masterdata-template-service.rest.httpMethod=GET +id-masterdata-template-service.rest.headers.mediaType=${mosip.ida.request.mediaType} +id-masterdata-template-service.rest.timeout=${mosip.ida.request.timeout.secs} + +## Master Data - Template Multi language +id-masterdata-template-service-multilang.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/templates/templatetypecodes/{code} +id-masterdata-template-service-multilang.rest.httpMethod=GET +id-masterdata-template-service-multilang.rest.headers.mediaType=${mosip.ida.request.mediaType} +id-masterdata-template-service-multilang.rest.timeout=${mosip.ida.request.timeout.secs} + +## Websub +ida-websub-authtype-callback-secret=${ida.websub.authtype.callback.secret} +ida-websub-credential-issue-callback-secret=${ida.websub.credential.issue.callback.secret} +ida-websub-partner-service-callback-secret=${ida.websub.partner.service.callback.secret} +ida-websub-hotlist-callback-secret=${ida.websub.hotlist.callback.secret} +ida-websub-masterdata-templates-callback-secret=${ida.websub.masterdata.templates.callback.secret} +ida-websub-masterdata-titles-callback-secret=${ida.websub.masterdata.titles.callback.secret} +ida-websub-credential-issue-callback-url= +## Callback url for MISP/Partner change notification events +ida-websub-partner-service-callback-url=${mosip.ida.internal.url}/${server.servlet.context-path}/callback/partnermanagement/{eventType} +ida-websub-partner-service-apikey-approved-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/apikey_approved +ida-websub-partner-service-partner-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/partner_updated +ida-websub-partner-service-policy-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/policy_updated +ida-websub-partner-service-partner-api-key-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/partner_api_key_updated +ida-websub-partner-service-misp-license-generated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/misp_license_generated +ida-websub-partner-service-misp-license-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/misp_license_updated +ida-websub-partner-service-oidc-client-created-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/oidc_client_created +ida-websub-partner-service-oidc-client-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/oidc_client_updated + + +#Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub. +subscriptions-delay-on-startup_millisecs=120000 + +# The time interval in seconds to schedule subscription of topics which is done as a +# work-around for the bug: MOSIP-9496. By default the +# this property value is set to 0 that disables this workaround. +# To enable the resubscrition scheduling, this property should be assigned with a positive +# number like 1 * 60 * 60 = 3600 for one hour +ida-websub-resubscription-delay-secs=43200 + +delay-to-pull-missing-credential-after-topic-subscription_millisecs=60000 + +## Websub even topics +ida-topic-auth-type-status-updated=${ida-auth-partner-id}/AUTH_TYPE_STATUS_UPDATE +## Topic for Credential Issueance Event (for UIN/VID create/update events) +ida-topic-credential-issued=${ida-auth-partner-id}/CREDENTIAL_ISSUED +## Topic for ID Remove Event (UIN blocked / VID revoked events) +ida-topic-remove-id=${ida-auth-partner-id}/REMOVE_ID +## Topic for ID Deactivate Event (UIN/VID deactivate events) +ida-topic-deactivate-id=${ida-auth-partner-id}/DEACTIVATE_ID +## Topic for ID Activate Event (UIN/VID activate events) +ida-topic-activate-id=${ida-auth-partner-id}/ACTIVATE_ID +ida-topic-pmp-partner-updated=PARTNER_UPDATED +ida-topic-pmp-partner-api-key-updated=APIKEY_UPDATED +ida-topic-pmp-policy-updated=POLICY_UPDATED +ida-topic-hotlist=MOSIP_HOTLIST +ida-topic-credential-status-update=CREDENTIAL_STATUS_UPDATE +ida-topic-auth-type-status-update-acknowledge=AUTH_TYPE_STATUS_UPDATE_ACK +ida-topic-auth-transaction-status=AUTHENTICATION_TRANSACTION_STATUS +ida-topic-masterdata-templates=MASTERDATA_IDAUTHENTICATION_TEMPLATES +ida-topic-masterdata-titles=MASTERDATA_TITLES +ida-topic-pmp-misp-license-generated=MISP_LICENSE_GENERATED +ida-topic-pmp-misp-license-updated=MISP_LICENSE_UPDATED +ida-topic-pmp-partner-api-key-approved=APIKEY_APPROVED +ida-topic-fraud-analysis=IDA_FRAUD_ANALYTICS +ida-topic-auth-anonymous-profile=ANONYMOUS_PROFILE +ida-topic-pmp-oidc-client-created=OIDC_CLIENT_CREATED +ida-topic-pmp-oidc-client-updated=OIDC_CLIENT_UPDATED + +# in minutes +mosip.iam.adapter.validate-expiry-check-rate=15 +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=15 +#this should be false if you don?t use the self token restTemplate from auth adapter true if you do (needed for websubclient). +mosip.iam.adapter.self-token-renewal-enable=true +mosip.auth.filter_disable=false + +## IDA cache +## IDA cache Time to live in days - To clear cache scheduled based on the days provided. +## value <= 0 means cache clearing based on schedule is disabled. +ida-cache-ttl-in-days=1 +## To disable cache, set value to NONE, otherwise SIMPLE to enable cache. +## Value is based on CacheType enum provided by Spring Boot +## spring.cache.type=SIMPLE +spring.cache.type=SIMPLE + +## Function configs +#The modulo value to be calculated for a UIN/VID used to get salt value to be used in UIN/VID hashing +ida.uin.salt.modulo=1000 + +## ID demographic normalization +# This is used to define the seperator for normalizing regex(pattern) and the replacement word. Default is set to '='. +ida.norm.sep== +####### Demo Name/Address Normalization Regular Expressions and their replacement configurations +#Format: +# ida.demo..normalization.regex.[]=${ida.norm.sep} +# If replacement string is not specified that regular expression will be replaced with empty string +# Note: The sequence should not break in the middle, otherwise all normalization properties will not be read for the particular type. +## For eng. +ida.demo.address.normalization.regex.eng[0]=[CcSsDdWwHh]/[Oo] +ida.demo.address.normalization.regex.eng[1]=(M|m|D|d)(rs?)(.) +ida.demo.address.normalization.regex.eng[2]=(N|n)(O|o)(\\.)? +ida.demo.address.normalization.regex.eng[3]=[aA][pP][aA][rR][tT][mM][eE][nN][tT]${ida.norm.sep}apt +ida.demo.address.normalization.regex.eng[4]=[sS][tT][rR][eE][eE][tT]${ida.norm.sep}st +ida.demo.address.normalization.regex.eng[5]=[rR][oO][aA][dD]${ida.norm.sep}rd +ida.demo.address.normalization.regex.eng[6]=[mM][aA][iI][nN]${ida.norm.sep}mn +ida.demo.address.normalization.regex.eng[7]=[cC][rR][oO][sS][sS]${ida.norm.sep}crs +ida.demo.address.normalization.regex.eng[8]=[oO][pP][pP][oO][sS][iI][tT][eE]${ida.norm.sep}opp +ida.demo.address.normalization.regex.eng[9]=[mM][aA][rR][kK][eE][tT]${ida.norm.sep}mkt +ida.demo.address.normalization.regex.eng[10]=1[sS][tT]${ida.norm.sep}1 +ida.demo.address.normalization.regex.eng[11]=1[tT][hH]${ida.norm.sep}1 +ida.demo.address.normalization.regex.eng[12]=2[nN][dD]${ida.norm.sep}2 +ida.demo.address.normalization.regex.eng[13]=2[tT][hH]${ida.norm.sep}2 +ida.demo.address.normalization.regex.eng[14]=3[rR][dD]${ida.norm.sep}3 +ida.demo.address.normalization.regex.eng[15]=3[tT][hH]${ida.norm.sep}3 +ida.demo.address.normalization.regex.eng[16]=4[tT][hH]${ida.norm.sep}4 +ida.demo.address.normalization.regex.eng[17]=5[tT][hH]${ida.norm.sep}5 +ida.demo.address.normalization.regex.eng[18]=6[tT][hH]${ida.norm.sep}6 +ida.demo.address.normalization.regex.eng[19]=7[tT][hH]${ida.norm.sep}7 +ida.demo.address.normalization.regex.eng[20]=8[tT][hH]${ida.norm.sep}8 +ida.demo.address.normalization.regex.eng[21]=9[tT][hH]${ida.norm.sep}9 +ida.demo.address.normalization.regex.eng[22]=0[tT][hH]${ida.norm.sep}0 +# Note: the common normalization attributes will be replaced at the end. +# Special characters are removed : . , - * ( ) [ ] ` ' / \ # " +# Replace spcial char with space.Trailing space is removed from property. As a workaround first replacing with " ." then removing the "." +ida.demo.common.normalization.regex.any[0]=[\\.|,|\\-|\\*|\\(|\\)|\\[|\\]|`|\\'|/|\\|#|\"]${ida.norm.sep} . +# Trailing space is removed from property. As a workaround first replacing with " ." then removing the "." +ida.demo.common.normalization.regex.any[1]=\\s+${ida.norm.sep} . +ida.demo.common.normalization.regex.any[2]=\\.${ida.norm.sep} + +# Language Code +ida.errormessages.default-lang=en + +## OTP flooding +## Configure Time limit for OTP Flooding scenario (in minutes) +otp.request.flooding.duration=1 +otp.request.flooding.max-count=100 +## OTP Freezing. When user attempts multiple times with invalid OTP consecutively, it will be allowed only for certain number of attempts as per the theshold. After that it will go to frozen state for the user for the given duration. During the frozen time the OTP Request and validation both will be throwing error. After that it will be unfrozen and both actions will be allowed. Default is 5 if unspecified. +mosip.ida.otp.validation.attempt.count.threshold=5 +# The duration in minutes for which the OTP will be frozen for a user, after that it it will be unfrozen. Default is 30 mins if unspecified. +mosip.ida.otp.frozen.duration.minutes=30 + +## Notification templates +ida.auth.mail.content.template=auth-email-content +ida.auth.mail.subject.template=auth-email-subject +ida.otp.mail.content.template=ida-auth-otp-email-content-template +ida.otp.mail.subject.template=ida-auth-otp-email-subject-template +ida.auth.sms.template=auth-sms +ida.otp.sms.template=ida-auth-otp-sms-template + +## UIN/VID/USERID Masking to be done on SMS/EMAIL notification +## Configure the no of digits to be masked while masking UIN/VID/USERID. +## For example if UIN is 1234567890 and mask count is 6, masked UIN will be: XXXXXX7890 +notification.uin.masking.charcount=8 +notification.date.format=dd-MM-yyyy +notification.time.format=HH:mm:ss + +## Allowed authentication types for Authentciation/E-KYC/Internal Authentication requests +## Accepted values otp-request, otp, demo, bio-Finger, bio-Iris, bio-Face +## Configure authentications permissable for a country +auth.types.allowed=demo,otp,bio-Finger,bio-Iris,bio-Face,pwd,kbt +## Configure authentications permissable for e-KYC for a country +ekyc.auth.types.allowed=demo,otp,bio-Finger,bio-Iris,bio-Face +## Configure authentication types permissable for internal authentication +internal.auth.types.allowed=otp,bio-Finger,bio-Iris,bio-Face + +## Allowed IdTypes for hotlisting +mosip.ida.internal.hotlist.idtypes.allowed=UIN,VID,PARTNER_ID,DEVICE,DEVICE_PROVIDER + +## Datetime +#Example allowed date time formats: "2020-10-23T12:21:38.660Z" , 2019-03-28T10:01:57.086+05:30 +datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSSXXX + +# Request IDs used in IDA REST APIs +ida.api.id.auth=mosip.identity.auth +ida.api.id.kyc=mosip.identity.kyc +ida.api.id.otp=mosip.identity.otp +ida.api.id.staticpin=mosip.identity.staticpin +ida.api.id.vid=mosip.identity.vid +ida.api.id.internal=mosip.identity.auth.internal +ida.api.id.auth.transactions=mosip.identity.authtransactions.read +ida.api.id.otp.internal=mosip.identity.otp.internal +ida.api.id.kycauth=mosip.identity.kycauth +ida.api.id.kycexchange=mosip.identity.kycexchange + +## Request versions +ida.api.version.auth=1.0 +ida.api.version.kyc=1.0 +ida.api.version.otp=1.0 +ida.api.version.staticpin=1.0 +ida.api.version.vid=1.0 +ida.api.version.internal=1.0 +ida.api.version.auth.transactions=1.0 +ida.api.version.otp.internal=1.0 +ida.api.version.kycauth=1.0 +ida.api.version.kycexchange=1.0 + +## Auth response token config +## Preference to turn on/off of authentication response token for a Country +## A partner specific policy will govern how the response token is generated, whether it should be Random/Partner or Policy specific +## TO DO: Remane static.token.enable to auth.token.enable +static.token.enable=true + +## Allowed ID Types (allowed values : UIN/VID/USERID) to be supported for Authentication/KYC/OTP Requests +request.idtypes.allowed=UIN,VID,HANDLE +## The ID types to be supported for Internal Authentication/OTP Requests +request.idtypes.allowed.internalauth=UIN,VID + +## Cryptograpic/Signature verificate related configurations +mosip.ida.internal.thumbprint-validation-required=false +mosip.ida.internal.trust-validation-required=false + +## Kernel retry +# The retry limit excluding the first attempt before attempting for retries. Default is set to 5. +kernel.retry.attempts.limit=5 +## The initial interval to be used for exponential backoff in milli seconds. If the exponential backoff is disabled by setting 'kernel.retry.exponential.backoff.multiplier' value as 1, this initial interval will be used as the fixed backoff interval for every retries. Default value is 200 millisecs +kernel.retry.exponential.backoff.initial.interval.millisecs=100 +## The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount) +kernel.retry.exponential.backoff.multiplier=1.5 +kernel.retry.exponential.backoff.max.interval.millisecs=1000 +## Whether to traverse to the root cause exception from the exception thrown and use the same root cause to decide whether to retry or not. Default is true. +kernel.retry.traverse.root.cause.enabled=false +## Comma separated List of fully qualified Exceptions which are retryable (inclusion list). Their subclasses will also be considered in the evaluation. +kernel.retry.retryable.exceptions=io.mosip.idrepository.core.exception.IdRepoRetryException,org.springframework.dao.DataIntegrityViolationException,org.hibernate.exception.ConstraintViolationException,org.springframework.orm.ObjectOptimisticLockingFailureExceptionf +## Comma separated List of fully qualified Exceptions which are not-retryable (exclusion list). Their subclasses will also be considered in the evaluation. +kernel.retry.nonretryable.exceptions= + +## Credential Store batch and retry configurations +## To disable automatic job launch in startup, setting to false. +spring.batch.job.enabled=false +## Chunk size of items to be processed in spring batch. This value also assigned to the thread count, and hence all the items are processed in parellel asynchronusly. +ida.batch.credential.store.chunk.size=5 +ida.batch.credential.store.job.delay=1000 +## The retry limit excluding the first attempt before attempting for retries +ida.credential.store.retry.max.limit=10 +ida.credential.store.retry.backoff.interval.millisecs=5000 +## The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount) +ida.credential.store.retry.backoff.exponential.multiplier=1.5 +ida.credential.store.retry.backoff.exponential.max.interval.millisecs=120000 + +## Configurations needed for dependent libraries +## Softhsm +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf +mosip.kernel.keymanager.hsm.keystore-type=PKCS11 +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.ida.security.pin} + +## Security - used in Internal Authentication Services by default Kernel Auth Adapter +mosip.security.csrf-enable=false +mosip.security.cors-enable=false +mosip.security.origins=localhost:8080 +mosip.security.secure-cookie=false + +## Key-manager +mosip.root.key.applicationid=ROOT +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +## Default certificate params +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +## Zero Knowledge Master & Public Key identifier. +mosip.kernel.zkcrypto.masterkey.application.id=${application.id} +mosip.kernel.zkcrypto.masterkey.reference.id=${identity-cache.reference.id} +mosip.kernel.zkcrypto.publickey.application.id=${application.id} +mosip.kernel.zkcrypto.publickey.reference.id=CRED_SERVICE +mosip.kernel.zkcrypto.wrap.algorithm-name=AES/ECB/NoPadding +mosip.kernel.zkcrypto.derive.encrypt.algorithm-name=AES/ECB/PKCS5Padding + +## Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS + +## Kernel salt generator +mosip.kernel.salt-generator.db.key-alias=javax.persistence.jdbc +mosip.kernel.salt-generator.schemaName=${javax.persistence.jdbc.schema} + +## TokenId generator +mosip.kernel.tokenid.uin.salt=${mosip.kernel.uin.salt} +mosip.kernel.tokenid.partnercode.salt=${mosip.kernel.partnercode.salt} + +## Partner Management Service allowed partner domains +mosip.kernel.partner.allowed.domains=AUTH,DEVICE,FTM,MISP + +# IAM Adapter +mosip.iam.adapter.clientid=${mosip.ida.auth.clientId} +mosip.iam.adapter.clientsecret=${mosip.ida.auth.secretKey} +mosip.iam.adapter.appid=${mosip.ida.auth.appId} +mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey + +## IDA key generator +keymanager.persistence.jdbc.driver=org.postgresql.Driver +keymanager_database_url=jdbc:postgresql://${mosip.ida.database.hostname}:${mosip.ida.database.port}/mosip_ida +keymanager_database_username=${mosip.ida.database.user} +keymanager_database_password=${db.dbuser.password} +mosip.kernel.keymanager.autogen.appids.list=ROOT,${application.id},${mosip.sign.applicationid}:${mosip.sign.refid},${application.id}:${mosip.kernel.zkcrypto.masterkey.reference.id},IDA_KYC_EXCHANGE,IDA_KEY_BINDING,IDA_VCI_EXCHANGE +mosip.kernel.keymanager.autogen.basekeys.list=${application.id}:${internal.reference.id},${application.id}:${partner.reference.id},${application.id}:${partner.biometric.reference.id},${application.id}:${mosip.kernel.zkcrypto.publickey.reference.id},${application.id}:${ida-auth-partner-id} +zkcrypto.random.key.generate.count=0 +keymanager.persistence.jdbc.schema=ida + +## TODO: For testing. Revert in production +mosip.kernel.keymanager.keystore.keyreference.enable.cache=false + +## Admin +# Configure N time period threshold for accepting auth/OTP/KYC request for a country +authrequest.received-time-allowed.seconds=30 +# Configuration for +/- time period adjustment in minutes for the request time validation, so that +# The requests originating from a system that is not in time-sync will be accepted for the time period +authrequest.received-time-adjustment.seconds=30 +#Configuration for time period difference between each biometric segment and digital Id capture +authrequest.biometrics.allowed-segment-time-difference-in-seconds=120 + +# Credential Request API to get Request IDs for the given status, pageStart and page +cred-request-service-get-request-ids.pageSize=10 +cred-request-service-get-request-ids.statusCode=ISSUED +ida-max-credential-pull-window-days=2 +ida-max-websub-messages-pull-window-days=2 +cred-request-service-get-request-ids.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/getRequestIds?direction=ASC&orderBy=updateDateTime&pageNumber={pageNumber}&pageSize=${cred-request-service-get-request-ids.pageSize}&statusCode=${cred-request-service-get-request-ids.statusCode}&effectivedtimes={effectivedtimes} +cred-request-service-get-request-ids.rest.httpMethod=GET +cred-request-service-get-request-ids.rest.headers.mediaType=${mosip.ida.request.mediaType} +cred-request-service-get-request-ids.rest.timeout=${mosip.ida.request.timeout.secs} + +# Credential Request API to get Request IDs for the given status, pageStart and page +cred-request-service-retrigger-cred-issuance.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/retrigger/{requestId} +cred-request-service-retrigger-cred-issuance.rest.httpMethod=PUT +cred-request-service-retrigger-cred-issuance.rest.headers.mediaType=${mosip.ida.request.mediaType} +cred-request-service-retrigger-cred-issuance.rest.timeout=${mosip.ida.request.timeout.secs} + +# Child Auth Filter configurations +ida.child-auth-filter.factors.denied=otp,bio +ida.child-auth-filter.child.max.age=5 + +# The chunk size of failed message items to be processed in spring batch. This value also assigned to the thread count, and hence all the items are processed in parellel asynchronusly. +ida.fetch.failed.websub.messages.chunk.size=10 + +## Auth filters +# Comma Seperated list of fully qualified classes of the auth filters in the order in which they have to be executed. +# If validation with one filter fails with an error, the rest of the filter in the sequence will be skipped +# and error will be returned in the auth response. + +#Auth Filters for external auth +ida.mosip.external.auth.filter.classes.in.execution.order=io.mosip.authentication.hotlistfilter.impl.PartnerIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.IndividualIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceProviderHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceHotlistFilterImpl,io.mosip.authentication.childauthfilter.impl.ChildAuthFilterImpl,io.mosip.authentication.authtypelockfilter.impl.AuthTypeLockFilterImpl +#Auth Filters for kyc auth +ida.mosip.internal.auth.filter.classes.in.execution.order=io.mosip.authentication.hotlistfilter.impl.IndividualIdHotlistFilterImpl,io.mosip.authentication.childauthfilter.impl.ChildAuthFilterImpl + +## Demo SDK integration +mosip.demographic.sdk.api.classname=io.mosip.demosdk.client.impl.spec_1_0.Client_V_1_0 +mosip.normalizer.sdk.api.classname=io.mosip.demosdk.client.impl.spec_1_0.Normalizer_V_1_0 + +#This is the frontend url configured in the open-id system. This url should match the issuer attribute in JWT. +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + +#This url should be reachable internally to issue token. +auth-token-generator.rest.issuerUrl=${keycloak.internal.url}/auth/realms/mosip + +#Fixed delay in which cleanup will be done in Hours +mosip.hotlist.cleanup-schedule.fixed-delay-in-hours=24 + +# The target enviornment. This values should be comma separted. +#Ex.Staging,Developer +mosip.ida.allowed.enviromemnts=Staging,Developer,Pre-Production,Production +# Allowed domain Uris. This values should be comma separted. +#Ex. https://dev.mosip.net,https://qa2.mosip.net +mosip.ida.allowed.domain.uris=${mosip.api.internal.url},https://${mosip.esignet.host} + +biometrics.datetime.pattern=yyyy-MM-dd'T'HH:mm:ssXXX + +#The list of attributes in identity that are to be decrypted by default +ida-default-identity-filter-attributes=phone,fullName,dateOfBirth,email,preferredLang + +#------ Un-encrypted Credential Attributes list ----------- +#The list of attributes in identity that not are Zero Knowledge encrpted while creating the credential in credential service as per the datashare policy. The same credential format is dumped in IDA DB (identity_cache table). +#These attributes will not be decrypted when fetching the records from IDA DB for Authentication/EKYC/OTP requests. +#By default all attributes are assumed to be Zero Knowledge encrypted. +#Specify the attributes here only if they are not encrypted as per the datashare policy. +ida-zero-knowledge-unencrypted-credential-attributes=preferredLang + +#openapi properties to sort tags and operations in Id Authentication +springdoc.swagger-ui.tagsSorter=alpha +springdoc.swagger-ui.operationsSorter=alpha + +# for Fraud management +mosip.ida.fraud-analysis-enabled=true + +mosip.ida.active-async-thread-count=100 + +# Logging of thread queue done based on below value in ms. Logging is done only if queue value of any one thread group crosses below specified threshold. +mosip.ida.monitor-thread-queue-in-ms=600000 +mosip.ida.max-thread-queue-threshold=100 + +## Roles +mosip.role.idauth.postotp=RESIDENT +mosip.role.idauth.postauth=REGISTRATION_PROCESSOR,REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT +mosip.role.idauth.postverifyidentity=REGISTRATION_PROCESSOR,REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT +mosip.role.idauth.getauthtransactionsindividualid=RESIDENT +mosip.role.keymanager.postencrypt=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,CREDENTIAL_REQUEST +mosip.role.keymanager.postdecrypt=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,CREDENTIAL_REQUEST +mosip.role.keymanager.postencryptwithpin=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postdecryptwithpin=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postencryptdt=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postdecryptdt=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postgeneratemasterkeyobjecttype=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.getgetcertificate=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,KEY_MAKER +mosip.role.keymanager.postgeneratecsr=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,KEY_MAKER +mosip.role.keymanager.postuploadcertificate=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,KEY_MAKER +mosip.role.keymanager.postuploadotherdomaincertificate=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,KEY_MAKER +mosip.role.keymanager.postgeneratesymmetrickey=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.putrevokekey=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postuploadcacertificate=PARTNER_ADMIN +mosip.role.keymanager.postuploadpartnercertificate=PARTNER_ADMIN,PARTNER +mosip.role.keymanager.getgetpartnercertificatepartnercertid=PARTNER_ADMIN,PARTNER +mosip.role.keymanager.postverifycertificatetrust=PARTNER_ADMIN,PARTNER +mosip.role.keymanager.postsign=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postvalidate=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postpdfsign=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postjwtsign=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postjwtverify=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT + +#logging.level.root=DEBUG + +# Secret will be used during kyc token generation. +mosip.ida.kyc.token.secret=${mosip.ida.kyc.token.secret} +mosip.ida.kyc.token.expire.time.adjustment.seconds=3000 +mosip.ida.kyc.exchange.default.lang=eng +mosip.ida.idp.consented.address.subset.attributes=street_address,locality,region,postal_code,country +mosip.kernel.keymgr.hsm.health.key.app-id=IDA + +mosip.ida.config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ +mosip.ida.vercred.context.url.map={"https://www.w3.org/ns/odrl.jsonld" : "odrl.jsonld", "https://www.w3.org/2018/credentials/v1" : "cred-v1.jsonld", "https://${mosip.api.public.host}/.well-known/mosip-ida-context.json" : "mosip-ida-context.json"} +mosip.ida.vercred.context.uri=vccontext-ida.jsonld +mosip.ida.vercred.id.url=https://${mosip.api.public.host}/credentials/ +mosip.ida.vercred.issuer.url=https://${mosip.api.public.host}/.well-known/ida-controller.json +mosip.ida.vercred.proof.purpose=assertionMethod +mosip.ida.vercred.proof.type=RsaSignature2018 +mosip.ida.vercred.proof.verificationmethod=https://${mosip.api.public.host}/.well-known/ida-public-key.json +mosip.ida.vci.supported.cred.types=VerifiableCredential,MOSIPVerifiableCredential + +# Regex to validate handles with provided key as the postfix +# if the input handle is +855345353453@phone then the provided regex is used to validate the input. +mosip.ida.handle-types.regex={ '@phone' : '^\\+91[1-9][0-9]{7,9}@phone$' } + +#-------------------------------- Authentication error eventing------------------------------- +#It enable and disable the bean init of kafka and Authentication error eventing +mosip.ida.authentication.error.eventing.enabled=true +#If we enable authentication error eventing as true we need all the below property +ida-topic-authentication-error-eventing=AUTHENTICATION_ERRORS +# Partner Id for encryption used in ondemand template extraction +mosip.ida.authentication.error.eventing.encrypt.partner.id=mpartner-default-tempextraction +#kafka Configuration +mosip.ida.kafka.bootstrap.servers=kafka-0.kafka-headless.${kafka.profile}:${kafka.port},kafka-1.kafka-headless.${kafka.profile}:${kafka.port},kafka-2.kafka-headless.${kafka.profile}:${kafka.port} +spring.kafka.admin.properties.allow.auto.create.topics=true +logging.level.org.apache.kafka=DEBUG +#----------------------------------------------------end------------------------------------------ +mosip.kernel.keymgr.hsm.health.check.enabled=false \ No newline at end of file diff --git a/id-authentication-external-default.properties b/id-authentication-external-default.properties new file mode 100644 index 00000000000..651d4dbb2a5 --- /dev/null +++ b/id-authentication-external-default.properties @@ -0,0 +1,18 @@ +ida-websub-masterdata-templates-callback-relative-url=${server.servlet.context-path}/callback/masterdata/templates +ida-websub-masterdata-templates-callback-url=${mosip.ida.auth.url}${ida-websub-masterdata-templates-callback-relative-url} +ida-websub-masterdata-titles-callback-relative-url=${server.servlet.context-path}/callback/masterdata/titles +ida-websub-masterdata-titles-callback-url=${mosip.ida.auth.url}${ida-websub-masterdata-titles-callback-relative-url} + +# Callback url for partner CA certification upload event +ida-websub-ca-cert-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/ca_certificate +ida-websub-ca-cert-callback-url=${mosip.ida.auth.url}${ida-websub-ca-cert-callback-relative-url} + +# Secret for partner CA certification upload callback +ida-websub-ca-certificate-callback-secret=${ida.websub.ca.certificate.callback.secret} +# Topic for Partner CA Certificate Upload event +ida-topic-pmp-ca-certificate-uploaded=CA_CERTIFICATE_UPLOADED + + +mosip.service-context=${server.servlet.context-path} +mosip.service.end-points=/**/* +mosip.service.exclude.auth.allowed.method=GET,POST diff --git a/id-authentication-internal-default.properties b/id-authentication-internal-default.properties new file mode 100644 index 00000000000..00b138791e4 --- /dev/null +++ b/id-authentication-internal-default.properties @@ -0,0 +1,41 @@ +ida-websub-masterdata-templates-callback-relative-url=${server.servlet.context-path}/callback/masterdata/templates +ida-websub-masterdata-templates-callback-url=${mosip.ida.internal.url}${ida-websub-masterdata-templates-callback-relative-url} +ida-websub-masterdata-titles-callback-relative-url=${server.servlet.context-path}/callback/masterdata/titles +ida-websub-masterdata-titles-callback-url=${mosip.ida.internal.url}${ida-websub-masterdata-titles-callback-relative-url} +## Callback url for hotlist event +ida-websub-hotlist-callback-relative-url=${server.servlet.context-path}/callback/hotlist +ida-websub-hotlist-callback-url=${mosip.ida.internal.url}${ida-websub-hotlist-callback-relative-url} + +ida-websub-auth-type-callback-relative-url=${server.servlet.context-path}/callback/authTypeCallback/${ida-auth-partner-id} +ida-websub-auth-type-callback-url=${mosip.ida.internal.url}${ida-websub-auth-type-callback-relative-url} +## Callback url for credential issueance event notification, including id remove/deactivate/activate events +ida-websub-idchage-callback-url=${mosip.ida.internal.url}${server.servlet.context-path}/callback/idchange/{eventType}/${ida-auth-partner-id} +ida-websub-idchange-credential-issued-callback-relative-url=${server.servlet.context-path}/callback/idchange/credential_issued/${ida-auth-partner-id} +ida-websub-idchange-remove-id-callback-relative-url=${server.servlet.context-path}/callback/idchange/remove_id/${ida-auth-partner-id} +ida-websub-idchange-deactivate-id-callback-relative-url=${server.servlet.context-path}/callback/idchange/deactivate_id/${ida-auth-partner-id} +ida-websub-idchange-activate-id-callback-relative-url=${server.servlet.context-path}/callback/idchange/activate_id/${ida-auth-partner-id} + +# Callback url for partner CA certification upload event +ida-websub-ca-cert-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/ca_certificate +ida-websub-ca-cert-callback-url=${mosip.ida.internal.url}${ida-websub-ca-cert-callback-relative-url} + +# Secret for partner CA certification upload callback +ida-websub-ca-certificate-callback-secret=${ida.websub.ca.certificate.callback.secret} +# Topic for Partner CA Certificate Upload event +ida-topic-pmp-ca-certificate-uploaded=CA_CERTIFICATE_UPLOADED + +# ********* ADMIN Configurations ************ +# Configure N time period threshold for accepting auth/OTP/KYC request for a country +authrequest.received-time-allowed.seconds=120 +# Configuration for +/- time period adjustment in minutes for the request time validation, so that +# The requests originating from a system that is not in time-sync will be accepted for the time period +authrequest.received-time-adjustment.seconds=30 +#Configuration for time period difference between each biometric segment and digital Id capture +authrequest.biometrics.allowed-segment-time-difference-in-seconds=60 +auth.server.admin.allowed.audience=mosip-resident-client,mosip-regproc-client,mosip-admin-client,mosip-reg-client,mosip-ida-client,mosip-deployment-client + +# Configuration to enable the enable/disable the retriggering of missing credential in IDA internal service startup. +# If the property is not defined, it is disabled by default. +# Note: if enabled, a setup with more than one pod of ida-internal-service will result in multiple retriggering of credentials by each pods. +# To avoid that issue, first keep one pod applied the with enabled flag, then disable the configuration and then scale it up. +ida-missing-credential-retrigger-enabled=false \ No newline at end of file diff --git a/id-authentication-mapping.json b/id-authentication-mapping.json new file mode 100644 index 00000000000..430504860af --- /dev/null +++ b/id-authentication-mapping.json @@ -0,0 +1,70 @@ +{ + "ida-mapping": { + "name": [ + "fullName" + ], + "dob": [ + "dateOfBirth" + ], + "age": [ + "dateOfBirth" + ], + "gender": [ + "gender" + ], + "phoneNumber": [ + "phone" + ], + "emailId": [ + "email" + ], + "addressLine1": [ + "addressLine1" + ], + "addressLine2": [ + "addressLine2" + ], + "addressLine3": [ + "addressLine3" + ], + "location1": [ + "city" + ], + "location2": [ + "region" + ], + "location3": [ + "province" + ], + "postalCode": [ + "postalCode" + ], + "fullAddress": [ + "addressLine1", + "addressLine2", + "addressLine3", + "city", + "region", + "province", + "postalCode" + ], + "iris": [ + "CBEFF" + ], + "fingerprint": [ + "CBEFF" + ], + "face": [ + "CBEFF" + ], + "location4" : [ "zone" ], + "residenceStatus" : ["residenceStatus" ], + "preferredLanguage" : ["preferredLang" ], + "locationProfile": [ + "city", + "region", + "province", + "zone" + ] + } +} diff --git a/id-authentication-otp-default.properties b/id-authentication-otp-default.properties new file mode 100644 index 00000000000..97e243469f4 --- /dev/null +++ b/id-authentication-otp-default.properties @@ -0,0 +1,18 @@ +ida-websub-masterdata-templates-callback-relative-url=${server.servlet.context-path}/callback/masterdata/templates +ida-websub-masterdata-templates-callback-url=${mosip.ida.otp.url}${ida-websub-masterdata-templates-callback-relative-url} +ida-websub-masterdata-titles-callback-relative-url=${server.servlet.context-path}/callback/masterdata/titles +ida-websub-masterdata-titles-callback-url=${mosip.ida.otp.url}${ida-websub-masterdata-titles-callback-relative-url} + +# Callback url for partner CA certification upload event +ida-websub-ca-cert-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/ca_certificate +ida-websub-ca-cert-callback-url=${mosip.ida.otp.url}${ida-websub-ca-cert-callback-relative-url} + +# Secret for partner CA certification upload callback +ida-websub-ca-certificate-callback-secret=${ida.websub.ca.certificate.callback.secret} +# Topic for Partner CA Certificate Upload event +ida-topic-pmp-ca-certificate-uploaded=CA_CERTIFICATE_UPLOADED + +#Endpoints to access without authentication +mosip.service-context=${server.servlet.context-path} +mosip.service.end-points=/**/* +mosip.service.exclude.auth.allowed.method=GET,POST diff --git a/id-repository-default.properties b/id-repository-default.properties new file mode 100644 index 00000000000..7f21f014640 --- /dev/null +++ b/id-repository-default.properties @@ -0,0 +1,456 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# mosip.crereq.client.secret +# mosip.creser.client.secret +# mosip.regproc.client.secret +# mosip.kernel.tokenid.uin.salt +# mosip.kernel.tokenid.partnercode.salt +# idrepo.websub.vid.credential.update.secret +# keycloak.internal.url +# s3.accesskey +# s3.region +# s3.secretkey + +management.endpoint.restart.enabled=true + +# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +# If database is external to production, provide the DNS or ip of the host and port +mosip.idrepo.db.url=postgres-postgresql.postgres +mosip.idrepo.db.port=5432 +mosip.idrepo.db.identity.db-name=mosip_idrepo +mosip.idrepo.db.identity.username=idrepouser +mosip.idrepo.db.identity.password=${db.dbuser.password} +mosip.idrepo.db.vid.db-name=mosip_idmap +mosip.idrepo.db.vid.username=idmapuser +mosip.idrepo.db.vid.password=${db.dbuser.password} +mosip.idrepo.objectstore.account-name=idrepo +mosip.idrepo.objectstore.bucket-name=${s3.pretext.value:}idrepo +mosip.idrepo.objectstore.adapter-name=s3Adapter + +#IDRepo identity/vid service authentication details +mosip.idrepo.auth.client-id=mosip-idrepo-client +mosip.idrepo.auth.secret-key=${mosip.idrepo.client.secret} +mosip.idrepo.auth.app-id=idrepo + +# For auditing +mosip.idrepo.application.name=ID-Repository +mosip.idrepo.application.version.pattern=^v\\d+(\\.\\d+)?$ +# Configuration for +/- time period adjustment in minutes for the request time validation, so that +#the requests originating from a system that is not in time-sync will be accepted for the time period +mosip.idrepo.datetime.future-time-adjustment=2 +# Reference IDs of base keys used for encryption/decryption +mosip.idrepo.crypto.refId.uin=uin +mosip.idrepo.crypto.refId.uin-data=identity_data +mosip.idrepo.crypto.refId.demo-doc-data=demographic_data +mosip.idrepo.crypto.refId.bio-doc-data=biometric_data + + +# Limit the number of async threads created in IDRepo services. This count is divided into 4 thread groups configured in IdRepoConfig.class +mosip.idrepo.active-async-thread-count=100 + +# Logging of thread queue done based on below value in ms. Logging is done only if queue value of any one thread group crosses below specified threshold. +mosip.idrepo.monitor-thread-queue-in-ms=600000 +mosip.idrepo.max-thread-queue-threshold=100 + +## Kernel retry +# The retry limit excluding the first attempt before attempting for retries. Default is set to 5. +kernel.retry.attempts.limit=5 +# The initial interval to be used for exponential backoff in milli seconds. If the exponential backoff is disabled by setting 'kernel.retry.exponential.backoff.multiplier' value as 1, this initial interval will be used as the fixed backoff interval for every retries. Default value is 200 millisecs +kernel.retry.exponential.backoff.initial.interval.millisecs=100 +# The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount) +kernel.retry.exponential.backoff.multiplier=1.5 +kernel.retry.exponential.backoff.max.interval.millisecs=1000 +# Whether to traverse to the root cause exception from the exception thrown and use the same root cause to decide whether to retry or not. Default is true. +kernel.retry.traverse.root.cause.enabled=false +#Comma separated List of fully qualified Exceptions which are retryable (inclusion list). Their subclasses will also be considered in the evaluation. +kernel.retry.retryable.exceptions=io.mosip.idrepository.core.exception.IdRepoRetryException +#Comma separated List of fully qualified Exceptions which are not-retryable (exclusion list). Their subclasses will also be considered in the evaluation. +kernel.retry.nonretryable.exceptions= + +## Identity service +# Application version expected in the request +mosip.idrepo.identity.application.version=v1 +# Application ids expected in the requests +mosip.idrepo.identity.id.create=mosip.id.create +mosip.idrepo.identity.id.read=mosip.id.read +mosip.idrepo.identity.id.update=mosip.id.update +mosip.identity.get.drafts.id=mosip.identity.get.drafts +mosip.identity.get.drafts.version=1.0 + +#database mappings for identity service +mosip.idrepo.identity.db.url=jdbc:postgresql://${mosip.idrepo.db.url}:${mosip.idrepo.db.port}/${mosip.idrepo.db.identity.db-name} +mosip.idrepo.identity.db.username=${mosip.idrepo.db.identity.username} +mosip.idrepo.identity.db.password=${mosip.idrepo.db.identity.password} +mosip.idrepo.identity.db.driverClassName=org.postgresql.Driver +# Path of UIN expected in the input idrepo request. This path is based on Identity schema. +mosip.idrepo.identity.json.path=identity.UIN +# UIN status value which is stored in database for newly inserted UIN/active UINs. +mosip.idrepo.identity.uin-status.registered=ACTIVATED +# List of allowed UIN status in ID-Repo +mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED + +# idobjectvalidator +# Class name of the referenceValidator. Commenting or removing this property will disable reference validator. +mosip.kernel.idobjectvalidator.referenceValidator=io.mosip.kernel.idobjectvalidator.impl.IdObjectReferenceValidator + +# VID +# Application version expected in the request +mosip.idrepo.vid.application.version=v1 +# Application ids expected in the requests +mosip.idrepo.vid.id.create=mosip.vid.create +mosip.idrepo.vid.id.read=mosip.vid.read +mosip.idrepo.vid.id.update=mosip.vid.update +mosip.idrepo.vid.id.regenerate=mosip.vid.regenerate +mosip.idrepo.vid.id.reactivate=mosip.vid.reactivate +mosip.idrepo.vid.id.deactivate=mosip.vid.deactivate +# Database mapping for VID service +mosip.idrepo.vid.db.url=jdbc:postgresql://${mosip.idrepo.db.url}:${mosip.idrepo.db.port}/${mosip.idrepo.db.vid.db-name} +mosip.idrepo.vid.db.username=${mosip.idrepo.db.vid.username} +mosip.idrepo.vid.db.password=${mosip.idrepo.db.vid.password} +mosip.idrepo.vid.db.driverClassName=org.postgresql.Driver +# VID status value which is stored in database for newly inserted VID/active VIDs. +mosip.idrepo.vid.active-status=ACTIVE +# VID status for which unlimited txn is not allowed +mosip.idrepo.vid.unlimited-txn-status=USED +# VID status which are allowed for VID regeneration +mosip.idrepo.vid.regenerate.allowed-status=ACTIVE,REVOKED,EXPIRED,USED +# List of allowed VID status in ID-Repo +mosip.idrepo.vid.allowedstatus=ACTIVE,REVOKED,EXPIRED,USED,INVALIDATED,DEACTIVATED +# VID status value which is stored in database for deactivated VIDs. Used in deactivate-all-vids api. +mosip.idrepo.vid.deactive-status=DEACTIVATED +# VID status value which is stored in database for reactivated VIDs. Used in reactivate-all-vids api. +mosip.idrepo.vid.reactive-status=ACTIVE + +#RID +# Application version expected in the request +mosip.idrepo.rid.get.version=1.0 +# Application ids expected in the requests +mosip.idrepo.rid.get.id=mosip.idrepo.rid.get + +# Config server url +mosip.idrepo.mosip-config-url=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ +# VID policy schema against which VID policy is validated +mosip.idrepo.vid.policy-schema-url=${mosip.idrepo.mosip-config-url}mosip-vid-policy-schema.json +# VID policy based on which VID is created +mosip.idrepo.vid.policy-file-url=${mosip.idrepo.mosip-config-url}mosip-vid-policy.json + +# Default type of VID to be created automatically while publishing UIN +mosip.idrepo.draft-vid.default-type-to-create=PERPETUAL + +## Rest servies +mosip.idrepo.audit.rest.uri=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.idrepo.audit.rest.httpMethod=POST +mosip.idrepo.audit.rest.headers.mediaType=application/json + +mosip.idrepo.encryptor.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt +mosip.idrepo.encryptor.rest.httpMethod=POST +mosip.idrepo.encryptor.rest.headers.mediaType=application/json +mosip.idrepo.encryptor.rest.timeout=100 + +mosip.idrepo.decryptor.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +mosip.idrepo.decryptor.rest.httpMethod=POST +mosip.idrepo.decryptor.rest.headers.mediaType=application/json +mosip.idrepo.decryptor.rest.timeout=100 + +mosip.idrepo.vid-service.rest.uri=${mosip.idrepo.vid.url}/idrepository/v1/vid/uin/{uin} +mosip.idrepo.vid-service.rest.httpMethod=GET +mosip.idrepo.vid-service.rest.headers.mediaType=application/json +mosip.idrepo.vid-service.rest.timeout=100 + +mosip.idrepo.retrieve-uin-by-vid.rest.uri=${mosip.idrepo.vid.url}/idrepository/v1/vid/{vid} +mosip.idrepo.retrieve-uin-by-vid.rest.httpMethod=GET +mosip.idrepo.retrieve-uin-by-vid.rest.headers.mediaType=application/json +mosip.idrepo.retrieve-uin-by-vid.rest.timeout=100 + +# in minutes +mosip.iam.adapter.validate-expiry-check-rate=15 +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=15 +#this should be false if you don?t use the self token restTemplate from auth adapter true if you do (needed for websubclient). +mosip.iam.adapter.self-token-renewal-enable=true +mosip.auth.filter_disable=false + +mosip.idrepo.bio-extractor-service.rest.uri=${mosip.mock.biosdk.url}/biosdk-service/{extractionFormat}/extracttemplates +mosip.idrepo.bio-extractor-service.rest.httpMethod=POST +mosip.idrepo.bio-extractor-service.rest.headers.mediaType=application/json +mosip.idrepo.bio-extractor-service.rest.timeout=100 + +mosip.idrepo.syncdata-service.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest +mosip.idrepo.syncdata-service.rest.httpMethod=GET +mosip.idrepo.syncdata-service.rest.headers.mediaType=application/json +mosip.idrepo.syncdata-service.rest.timeout=100 + +mosip.idrepo.pmp.partner.rest.uri=${mosip.pms.partnermanager.url}/v1/partnermanager/partners?partnerType=Online_Verification_Partner +mosip.idrepo.pmp.partner.rest.httpMethod=GET +mosip.idrepo.pmp.partner.rest.headers.mediaType=application/json +mosip.idrepo.pmp.partner.rest.timeout=100 + +mosip.idrepo.credential.request.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/requestgenerator +mosip.idrepo.credential.request.rest.httpMethod=POST +mosip.idrepo.credential.request.rest.headers.mediaType=application/json +mosip.idrepo.credential.request.rest.timeout=100 + +mosip.idrepo.credential.cancel-request.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/cancel/{requestId} +mosip.idrepo.credential.cancel-request.rest.httpMethod=GET +mosip.idrepo.credential.cancel-request.rest.headers.mediaType=application/json +mosip.idrepo.credential.cancel-request.rest.timeout=100 + +## Credential status job +# Fixed delay time after which job will be triggered again to process the created/updated credential details. +mosip.idrepo.credential-status-update-job.fixed-delay-in-ms=10000 + +# Dummy partner id used to create a credential request record in credential_request_status. +# Credential won't be issued for the below provided. id-repository-credential-feeder will utilize +# the credential request with below partner id to issue credential to new IDA partners. +idrepo-dummy-online-verification-partner-id=MOVP + +mosip.idrepo.retrieve-by-uin.rest.uri=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid/{uin} +mosip.idrepo.retrieve-by-uin.rest.httpMethod=GET +mosip.idrepo.retrieve-by-uin.rest.headers.mediaType=application/json +mosip.idrepo.retrieve-by-uin.rest.timeout=100 + +mosip.idrepo.vid-generator.rest.uri=${mosip.kernel.idgenerator.url}/v1/idgenerator/vid +mosip.idrepo.vid-generator.rest.httpMethod=GET +mosip.idrepo.vid-generator.rest.headers.mediaType=application/json +mosip.idrepo.vid-generator.rest.timeout=100 + +## Websub +mosip.idrepo.websub.vid-credential-update.callback-url=${mosip.idrepo.identity.url}/idrepository/v1/identity/callback/vid_credential_status_update +mosip.idrepo.websub.vid-credential-update.topic=VID_CRED_STATUS_UPDATE +mosip.idrepo.websub.vid-credential-update.secret= ${idrepo.websub.vid.credential.update.secret} +mosip.idrepo.websub.credential-status-update.topic=CREDENTIAL_STATUS_UPDATE + +## Auth adapter +mosip.iam.adapter.clientid.id-repository=${mosip.idrepo.auth.client-id} +mosip.iam.adapter.clientsecret.id-repository=${mosip.idrepo.auth.secret-key} +mosip.iam.adapter.appid.id-repository=${mosip.idrepo.auth.app-id} +mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey + +mosip.idrepo.uin-generator.rest.uri=${mosip.kernel.idgenerator.url}/v1/idgenerator/uin +mosip.idrepo.uin-generator.rest.httpMethod=GET +mosip.idrepo.uin-generator.rest.headers.mediaType=application/json +mosip.idrepo.uin-generator.rest.timeout=100 + +mosip.idrepo.draft-vid.rest.uri=${mosip.idrepo.vid.url}/idrepository/v1/draft/vid +mosip.idrepo.draft-vid.rest.httpMethod=POST +mosip.idrepo.draft-vid.rest.headers.mediaType=application/json +mosip.idrepo.draft-vid.rest.timeout=100 + +mosip.idrepo.update-vid.rest.uri=${mosip.idrepo.vid.url}/idrepository/v1/vid/{vid} +mosip.idrepo.update-vid.rest.httpMethod=PATCH +mosip.idrepo.update-vid.rest.headers.mediaType=application/json +mosip.idrepo.update-vid.rest.timeout=100 + +## Credential request generator +mosip.credential.service.database.hostname=postgres-postgresql.postgres +mosip.credential.service.database.port=5432 + +mosip.credential.service.jdbc.url=jdbc:postgresql://${mosip.credential.service.database.hostname}:${mosip.credential.service.database.port}/mosip_credential?currentSchema=credential +mosip.credential.service.jdbc.user=credentialuser +mosip.credential.service.jdbc.password=${db.dbuser.password} +mosip.credential.service.jdbc.driver=org.postgresql.Driver +hibernate.hbm2ddl.auto=none +spring.jpa.hibernate.ddl-auto=none +hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect +hibernate.jdbc.lob.non_contextual_creation=true +hibernate.show_sql=false +# Token generator properties +credential.request.token.request.appid=${mosip.idrepo.credential-req-generator.auth.app-id} +credential.request.token.request.clientId=${mosip.idrepo.credential-req-generator.auth.client-id} +credential.request.token.request.secretKey=${mosip.idrepo.credential-req-generator.auth.secret-key} +credential.request.token.request.version=1.0 +credential.request.token.request.id=io.mosip.credentialrequestgenerator +credential.request.token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip +mosip.credential.request.service.id=mosip.credential.request.generator +mosip.credential.request.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +mosip.credential.request.service.version=1.0 + +# Reference Id which is used for encryption/decryption of credential request using keymanager +mosip.credential.request.crypto-ref-id=credential_request + + ## Batch job +# batch job time intervel in miliseconds +mosip.credential.request.job.timedelay=3000 +#Reprocessing job timeintervel in miliseconds +mosip.credential.request.reprocess.job.timedelay=1200000 +credential.request.type=auth +credential.request.retry.max.count=10 +credential.request.reprocess.statuscodes=FAILED,RETRY +credential.batch.page.size=10 +credential.request.process.locktimeout=60000 +credential.request.reprocess.locktimeout=60000 +credential.batch.status=NEW + +## Rest services +CRDENTIALSERVICE=${mosip.idrepo.credential.service.url}/v1/credentialservice/issue +KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +CALLBACKURL=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/callback/notifyStatus +ENCRYPTION=${mosip.idrepo.encryptor.rest.uri} +DECRYPTION=${mosip.idrepo.decryptor.rest.uri} + +# Websub +#Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub. +subscription-delay-secs=120000 +# The time interval in seconds to schedule subscription of topics which is done as a +# work-around , By default the +# this property value is set to 0 that disables this workaround. +# To enable the resubscrition scheduling, this property should be assigned with a positive +# number like 1 * 60 * 60 = 3600 for one hour +resubscription-delay-secs=43200 +WEBSUBSECRET=test + +# Credential service +credential.service.token.request.appid=${mosip.idrepo.credential.auth.app-id} +credential.service.token.request.clientId=${mosip.idrepo.credential.auth.client-id} +credential.service.token.request.secretKey=${mosip.creser.client.secret} +credential.service.token.request.id=io.mosip.credentialstore +# Credential formatter properties +mosip.credential.vc.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss'Z' +mosip.credential.service.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +mosip.credential.service.service.id=mosip.credential.store +mosip.credential.service.service.version=1.0 +credential.service.credentialtype.file=CredentialType.json +credential.service.mvel.file=credentialdata.mvel +credential.service.dob.format=yyyy/MM/dd +mosip.credential.service.credential.schema=MOSIPVerifiableCredential +mosip.credential.service.type.name=mosip +mosip.credential.service.type.namespace=mosip +credentialType.formatter.AUTH=IdAuthProvider +credentialType.formatter.QRCODE=QrCodeProvider +credentialType.formatter.MOSIP=CredentialProvider +credentialType.formatter.EUIN=QrCodeProvider +credentialType.formatter.REPRINT=QrCodeProvider +credentialType.formatter.EUIN_WITH_QR=QrCodeProvider +credentialType.formatter.EUIN_WITH_FACEQR=QrCodeProvider +mosip.credential.service.format.id=http://mosip.io/credentials/ +mosip.credential.service.format.issuer=https://mosip.io/issuers/ +mosip.credential.service.application.id=PARTNER +mosip.credential.service.includeCertificateHash=true +mosip.credential.service.includeCertificate=true +mosip.credential.service.includePayload=false +mosip.credential.service.share.prependThumbprint=false +mosip.credential.service.retry.maxAttempts=3 +mosip.credential.service.retry.maxDelay=100 + +IDREPOGETIDBYID=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid +mosip.data.share.protocol=http +mosip.data.share.internal.domain.name=datashare.datashare +CREATEDATASHARE=/v1/datashare/create +KEYMANAGER_JWTSIGN=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign +KEYMANAGER_ENCRYPT_PIN=${mosip.kernel.keymanager.url}/v1/keymanager/encryptWithPin +KEYMANAGER_ENCRYPT_ZK=${mosip.kernel.keymanager.url}/v1/keymanager/zkEncrypt +PARTNER_POLICY=${mosip.pms.partnermanager.url}/v1/partnermanager/partners/{partnerId}/credentialtype/{credentialType}/policies +PARTNER_EXTRACTION_POLICY=${mosip.pms.partnermanager.url}/v1/partnermanager/partners/{partnerId}/bioextractors/{policyId} +credential.service.token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip + +# BioSDK service +mosip.biosdk.default.service.url=${mosip.mock.biosdk.url}/biosdk-service +# The fully qualified Class Name of the BIO SDK API implemented for Finger modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Finger modality +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.format.url.mock-1.1=${mosip.biosdk.default.service.url} +# The default URL will be taken if no format specified in the extraction or the incoming extraction format is not configured. +# If the below default configuration is not configured, the one of the configured url will be used as the default URL. +# If no URL is configured, the default URL will be taken from the environment variable 'mosip_biosdk_service'. +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url} + +# The fully qualified Class Name of the BIO SDK API implemented for Iris modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Iris modality +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.format.url.mock-1.1=${mosip.biosdk.default.service.url} + +# The fully qualified Class Name of the BIO SDK API implemented for Face modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Face modality +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.format.url.mock-1.1=${mosip.biosdk.default.service.url} + +# Credential issuance Event properties +id-repo-ida-event-type-namespace=mosip +id-repo-ida-event-type-name=ida +id-repo-ida-credential-type=auth +id-repo-ida-credential-recepiant=IDA + +# Kernel token ID generator properties +mosip.kernel.tokenid.uin.salt=${mosip.kernel.uin.salt} +mosip.kernel.tokenid.partnercode.salt=${mosip.kernel.partnercode.salt} + +# Enabling below property will start logging performance logs in identity and vid service +mosip.idrepo.aspect-logging.enabled=false + +auth.server.admin.allowed.audience=mosip-regproc-client,mosip-prereg-client,mosip-admin-client,mosip-crereq-client,mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-resident-client,mosip-reg-client,mpartner-default-print,mosip-idrepo-client,mpartner-default-auth,mosip-syncdata-client,mosip-masterdata-client,mosip-idrepo-client,mosip-pms-client,mosip-hotlist-client,opencrvs-partner,mpartner-default-digitalcard,mpartner-default-mobile,mosip-signup-client +#openapi properties to sort tag and operations of id-repository services +springdoc.swagger-ui.tagsSorter=alpha +springdoc.swagger-ui.operationsSorter=alpha + +# Object store +object.store.s3.accesskey=${s3.accesskey} +object.store.s3.secretkey=${s3.secretkey} +## For Minio: object.store.s3.url=http://minio.minio:9000 +## For AWS: object.store.s3.url=s3.${s3.region}.amazonaws.com +object.store.s3.url=http://minio.minio:9000 +object.store.s3.region=${s3.region} +object.store.s3.readlimit=10000000 + +# Roles +mosip.role.idrepo.credentialrequest.postrequestgenerator=CREDENTIAL_REQUEST,ID_REPOSITORY +mosip.role.idrepo.credentialrequest.postv2requestgeneratorrid=CREDENTIAL_REQUEST,ID_REPOSITORY +mosip.role.idrepo.credentialrequest.getcancelrequestid=CREDENTIAL_REQUEST,ID_REPOSITORY +mosip.role.idrepo.credentialrequest.getgetrequestid=CREDENTIAL_REQUEST +mosip.role.idrepo.credentialrequest.getgetrequestids=CREDENTIAL_REQUEST +mosip.role.idrepo.credentialrequest.putretriggerrequestid=CREDENTIAL_REQUEST +mosip.role.idrepo.credentialservice.postissue=CREDENTIAL_REQUEST +mosip.role.idrepo.identity.postidrepo=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.getidvidid=REGISTRATION_PROCESSOR,RESIDENT,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,ID_AUTHENTICATION,ID_REPOSITORY +mosip.role.idrepo.identity.patchidrepo=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.getauthtypesstatusindividualidtypeindividualid=RESIDENT,ID_REPOSITORY +mosip.role.idrepo.identity.postauthtypesstatus=RESIDENT,ID_REPOSITORY +mosip.role.idrepo.identity.postdraftcreateregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.patchdraftupdateregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.getdraftpublishregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.deletedraftdiscardregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY,RESIDENT +mosip.role.idrepo.identity.draftregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.getdraftregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.putdraftextractbiometricsregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.remainingUpdateCountByIndividualId=RESIDENT,ID_REPOSITORY +mosip.role.idrepo.identity.getRidByIndividualId=RESIDENT,ID_REPOSITORY +mosip.role.idrepo.vid.postvid=RESIDENT,REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.vid.getvid=REGISTRATION_PROCESSOR,ID_AUTHENTICATION,RESIDENT,ID_REPOSITORY +mosip.role.idrepo.vid.getviduin=REGISTRATION_PROCESSOR,ID_REPOSITORY,RESIDENT +mosip.role.idrepo.vid.patchvid=ID_AUTHENTICATION,REGISTRATION_PROCESSOR,RESIDENT,ID_REPOSITORY +mosip.role.idrepo.vid.postvidregenerate=RESIDENT,ID_REPOSITORY +mosip.role.idrepo.vid.postviddeactivate=RESIDENT,ID_REPOSITORY +mosip.role.idrepo.vid.postvidreactivate=RESIDENT,ID_REPOSITORY +mosip.role.idrepo.vid.postdraftvid=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.getdraftUIN=RESIDENT,ID_REPOSITORY + +mosip.mask.function.identityAttributes=convertToMaskData + +mosip.credential.service.fetch-identity.type=bio + +mosip.idrepo.credential.request.enable-convention-based-id=false +mosip.idrepo.credential-request-v2.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/v2/requestgenerator/{rid} +mosip.idrepo.credential-request-v2.rest.httpMethod=POST +mosip.idrepo.credential-request-v2.rest.headers.mediaType=application/json +mosip.idrepo.credential-request-v2.rest.timeout=100 + +# It is recommended to not support UIN based authentication (both external & internal) +# To stop issuing UIN+credential to IDA set flag to true otherwise set the flag to false to issue UIN+credential to IDA. +mosip.idrepo.identity.disable-uin-based-credential-request=false +# Field Id as in the identity schema will be the key and value is the actual postfix to append. Empty values are also supported. +# This configuration is considered only when mentioned fieldId is marked to be a handle in the identity schema and it is one of the selectedHandle in the ID-object. +mosip.identity.fieldid.handle-postfix.mapping={'phone':'@phone'} +mosip.idrepo.identity.max-request-time-deviation-seconds=60 +#Enable this property only when to check cache log +#logging.level.org.springframework.cache=TRACE +# By default, it is false. To enable force merge of data, change it to true. +mosip.idrepo.create-identity.enable-force-merge=false + +mosip.identity.get.excluded.attribute.list=UIN,verifiedAttributes,IDSchemaVersion \ No newline at end of file diff --git a/ida-controller.json b/ida-controller.json new file mode 100644 index 00000000000..0ede3d98626 --- /dev/null +++ b/ida-controller.json @@ -0,0 +1,7 @@ +{ + "@context": "https://w3id.org/security/v2", + "id": "https://${mosip.api.public.host}/.well-known/ida-controller.json", + "assertionMethod": [ + "https://${mosip.api.public.host}/.well-known/ida-public-key.json" + ] +} diff --git a/identity-data-formatter.mvel b/identity-data-formatter.mvel new file mode 100644 index 00000000000..59b10640c43 --- /dev/null +++ b/identity-data-formatter.mvel @@ -0,0 +1,46 @@ + +def maskPhone(inputPhoneNum) { + +return inputPhoneNum.replaceAll(".(?=.{4})", "*"); +}; + +def maskEmail(inputEmailAddr) { + +return inputEmailAddr.replaceAll("(^[^@]{3}|(?!^)\\G)[^@]", "$1*"); +}; + +def convertToMaskData(maskData) { + int maskDataLength = 0; + char ch = '*'; + if (maskData.indexOf("@") > 0){ + maskDataLength = maskData.indexOf("@"); + } else { + maskDataLength = maskData.length(); + } + maskDataLength -= 2; + for (int i = 1; i < maskDataLength; ++i) { + maskData = maskData.substring(0, i) + ch + maskData.substring(i + 1); + } + return maskData; +}; + +def getPassword(attributeValues) { + String pdfPwd = ""; + for(String attribute:attributeValues) { + attribute = getFormattedPasswordAttribute(attribute); + pdfPwd = pdfPwd.concat(attribute.substring(0, 4)); + } + return pdfPwd.toUpperCase(); +}; + +def getFormattedPasswordAttribute(password){ + if(password.length()==3){ + return password=password.concat(password.substring(0,1)); + }else if(password.length()==2){ + return password=password.repeat(2); + }else if(password.length()==1) { + return password=password.repeat(4); + }else { + return password.toUpperCase(); + } +}; diff --git a/identity-mapping.json b/identity-mapping.json new file mode 100644 index 00000000000..b72368c67b3 --- /dev/null +++ b/identity-mapping.json @@ -0,0 +1,174 @@ +{ + "identity": { + "IDSchemaVersion": { + "value": "IDSchemaVersion" + }, + "selectedHandles" : { + "value" : "selectedHandles" + }, + "name": { + "value": "fullName" + }, + "gender": { + "value": "gender" + }, + "dob": { + "value": "dateOfBirth" + }, + "age": { + "value": "age" + }, + "introducerRID": { + "value": "introducerRID" + }, + "introducerUIN": { + "value": "introducerUIN" + }, + "introducerVID": { + "value": "introducerVID" + }, + "introducerName": { + "value": "introducerName" + }, + "phone": { + "value": "phone" + }, + "phoneNumber": { + "value": "phone" + }, + "email": { + "value": "email" + }, + "emailId": { + "value": "email" + }, + "uin": { + "value": "UIN" + }, + "vid": { + "value": "VID" + }, + "individualBiometrics": { + "value": "individualBiometrics" + }, + "introducerBiometrics": { + "value": "introducerBiometrics" + }, + "individualAuthBiometrics": { + "value": "individualAuthBiometrics" + }, + "officerBiometricFileName": { + "value": "officerBiometricFileName" + }, + "supervisorBiometricFileName": { + "value": "supervisorBiometricFileName" + }, + "residenceStatus": { + "value": "residenceStatus" + }, + "preferredLanguage": { + "value": "preferredLang" + }, + "locationHierarchyForProfiling": { + "value": "zone,postalCode" + }, + "addressLine1": { + "value": "addressLine1" + }, + "addressLine2": { + "value": "addressLine2" + }, + "addressLine3": { + "value": "addressLine3" + }, + "location1": { + "value": "city" + }, + "location2": { + "value": "region" + }, + "location3": { + "value": "province" + }, + "postalCode": { + "value": "postalCode" + }, + "location4": { + "value": "zone" + }, + "fullAddress": { + "value": "addressLine1,addressLine2,addressLine3,city,region,province,postalCode" + }, + "bestTwoFingers": { + "value": "bestTwoFingers" + }, + "birthdate": { + "value": "dateOfBirth" + }, + "picture": { + "value": "face" + }, + "phone_number": { + "value": "phone" + }, + "address": { + "value": "addressLine1,addressLine2,addressLine3,city,region,province,postalCode" + }, + + "individual_id": { + "value": "individual_id" + }, + "attributes": { + "value": "fln,ad1,ad2,ad3,cit,reg,pro,poc,cph,em,ph,gen,dob" + }, + "street_address": { + "value": "addressLine1,addressLine2,addressLine3" + }, + "locality": { + "value": "city" + }, + "region": { + "value": "region" + }, + "postal_code": { + "value": "postalCode" + }, + "country": { + "value": "province" + }, + "password": { + "value": "password" + } + }, + "metaInfo": { + "value": "metaInfo" + }, + "audits": { + "value": "audits" + }, + "documents": { + "poa": { + "value": "proofOfAddress" + }, + "poi": { + "value": "proofOfIdentity" + }, + "por": { + "value": "proofOfRelationship" + }, + "pob": { + "value": "proofOfDateOfBirth" + }, + "poe": { + "value": "proofOfException" + } + }, + "attributeUpdateCountLimit": { + "fullName": 5, + "gender": 2, + "dateOfBirth": 3 + + + + } +} diff --git a/idobject-document-category-mapping.json b/idobject-document-category-mapping.json new file mode 100644 index 00000000000..0162586552d --- /dev/null +++ b/idobject-document-category-mapping.json @@ -0,0 +1,40 @@ +{ + "identity": { + "fullName": { + "documentCategory": "proofOfIdentity" + }, + "parentOrGuardianRID": { + "documentCategory" : "proofOfRelationship" + }, + "parentOrGuardianUIN": { + "documentCategory" : "proofOfRelationship" + }, + "age": { + "documentCategory" : "proofOfIdentity" + }, + "addressLine1": { + "documentCategory" : "proofOfAddress" + }, + "addressLine2": { + "documentCategory" : "proofOfAddress" + }, + "addressLine3": { + "documentCategory" : "proofOfAddress" + }, + "region": { + "documentCategory" : "proofOfAddress" + }, + "province": { + "documentCategory" : "proofOfAddress" + }, + "postalCode": { + "documentCategory" : "proofOfAddress" + }, + "localAdministrativeAuthority": { + "documentCategory" : "proofOfAddress" + }, + "city": { + "documentCategory" : "proofOfAddress" + } + } +} diff --git a/idp-binding-default.properties b/idp-binding-default.properties new file mode 100644 index 00000000000..4fbe99f2921 --- /dev/null +++ b/idp-binding-default.properties @@ -0,0 +1,128 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# keycloak.admin.password +# mosip.auth.client.secret (convention: ..secret) +# mosip.ida.client.secret +# mosip.admin.client.secret +# mosip.reg.client.secret +# mosip.prereg.client.secret +# softhsm.kernel.pin +# softhsm-security-pin +# email.smtp.host +# email.smtp.username +# email.smtp.secret +# mosip.kernel.tokenid.uin.salt +# mosip.kernel.tokenid.partnercode.salt +# mosip.api.internal.url +# mosip.api.public.url +# mosipbox.public.url + +## -------------------------------------------- IdP Binding ------------------------------------------------------------ +mosip.idp.binding.issuer-id=${mosipbox.public.url}${server.servlet.path} +mosip.idp.binding.public-key-expire-days=10 +mosip.idp.binding.salt-length=16 + +mosip.idp.binding.send-binding-otp=SCOPE_send_binding_otp +mosip.idp.binding.wallet-binding=SCOPE_wallet_binding +mosip.idp.binding.systeminfo.get-certificate=SCOPE_get_certificate + +mosip.idp.binding.auth-ignore-urls=${server.servlet.path}/validate-binding/**,${server.servlet.path}/actuator/**,/favicon.ico,\ + /v1/notifier/actuator/prometheus,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/**,\ + ${server.servlet.path}/v3/api-docs/** + +spring.security.oauth2.resourceserver.jwt.issuer-uri=${keycloak.external.url}/auth/realms/mosip +spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs + +mosip.idp.binding.validate-binding-url=${mosipbox.public.url}${server.servlet.path}/validate-binding +mosip.idp.binding.encrypt-binding-id=false + +mosip.idp.binding.wrapper.impl=MockKeyBindingWrapperService +mosip.idp.authn.wrapper.validate-binding-url=${mosip.idp.binding.validate-binding-url} +mosip.idp.binding.key-expire-days=10 + +management.health.redis.enabled=false + +##----------------------------------------- Database properties -------------------------------------------------------- + +mosip.idp.database.hostname=postgres-postgresql.postgres +mosip.idp.database.port=5432 +spring.datasource.url=jdbc:postgresql://${mosip.idp.database.hostname}:${mosip.idp.database.port}/mosip_idpbinding?currentSchema=idpbinding +spring.datasource.username=idpbindinguser +spring.datasource.password=${db.dbuser.password} + +spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect +spring.jpa.show-sql=false +spring.jpa.hibernate.ddl-auto=none +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +#------------------------------------ Key-manager specific properties -------------------------------------------------- +#Crypto asymmetric algorithm name +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +#Crypto symmetric algorithm name +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +#Keygenerator asymmetric algorithm name +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +#Keygenerator symmetric algorithm name +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +#Asymmetric algorithm key length +mosip.kernel.keygenerator.asymmetric-key-length=2048 +#Symmetric algorithm key length +mosip.kernel.keygenerator.symmetric-key-length=256 +#Encrypted data and encrypted symmetric key separator +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +#GCM tag length +mosip.kernel.crypto.gcm-tag-length=128 +#Hash algo name +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +#Symmtric key length used in hash +mosip.kernel.crypto.hash-symmetric-key-length=256 +#No of iterations in hash +mosip.kernel.crypto.hash-iteration=100000 +#Sign algo name +mosip.kernel.crypto.sign-algorithm-name=RS256 +#Certificate Sign algo name +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +#mosip.kernel.keymanager.hsm.config-path=local.p12 +#mosip.kernel.keymanager.hsm.keystore-type=PKCS12 +#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin} + +#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE +mosip.kernel.keymanager.hsm.keystore-type=PKCS11 +# For PKCS11 provide Path of config file. +# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. +# For Offline & JCE property can be left blank, specified value will be ignored. +mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf +# Passkey of keystore for PKCS11, PKCS12 +# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin} + +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io +mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP +mosip.kernel.keymanager.softhsm.certificate.organization=IITB +mosip.kernel.keymanager.softhsm.certificate.country=IN + +# Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS +mosip.kernel.partner.allowed.domains=DEVICE + +mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate +mosip.kernel.keymanager.jwtsign.validate.json=false +mosip.keymanager.dao.enabled=false +crypto.PrependThumbprint.enable=true \ No newline at end of file diff --git a/idp-claims-mapping.json b/idp-claims-mapping.json new file mode 100644 index 00000000000..25ce4aa2ec6 --- /dev/null +++ b/idp-claims-mapping.json @@ -0,0 +1,28 @@ +{ + "idp-claims-mapping": { + "name": { + "attributeName": "fullName" + }, + "gender": { + "attributeName": "gender" + }, + "birthdate": { + "attributeName": "dateOfBirth" + }, + "email": { + "attributeName": "email" + }, + "phone_number": { + "attributeName": "phone" + }, + "picture": { + "attributeName": "photo" + }, + "individual_id" : { + "attributeName": "individual_id" + }, + "address": { + "attributeName": "addressLine1,addressLine2,addressLine3,city,region,province,postalCode" + } + } +} \ No newline at end of file diff --git a/idp-default.properties b/idp-default.properties new file mode 100644 index 00000000000..224b9fbe411 --- /dev/null +++ b/idp-default.properties @@ -0,0 +1,268 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# keycloak.admin.password +# mosip.auth.client.secret (convention: ..secret) +# mosip.ida.client.secret +# mosip.admin.client.secret +# mosip.reg.client.secret +# mosip.prereg.client.secret +# softhsm.kernel.pin +# softhsm-security-pin +# email.smtp.host +# email.smtp.username +# email.smtp.secret +# mosip.kernel.tokenid.uin.salt +# mosip.kernel.tokenid.partnercode.salt +# mosip.api.internal.url +# mosip.api.public.url + +## IdP MISP License key +mosip.idp.misp.license.key=jj8n2cZww2dzZfszKgxyaOWOzq7hPx2snT52MPMA6k5Z5fZ2X3 + +# Secure endpoints with required authority +mosip.idp.security.auth.post-urls={'${server.servlet.path}/client-mgmt/**' : {'SCOPE_add_oidc_client'} , \ + \ '${server.servlet.path}/system-info/**' : { 'SCOPE_upload_certificate'} } +mosip.idp.security.auth.put-urls={'${server.servlet.path}/client-mgmt/**' : { 'SCOPE_update_oidc_client'} } +mosip.idp.security.auth.get-urls={'${server.servlet.path}/system-info/**' : { 'SCOPE_get_certificate'} } + +# CSRF token check disabled endpoints +mosip.idp.security.ignore-csrf-urls=${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,\ + ${server.servlet.path}/swagger-ui/**,${server.servlet.path}/v3/api-docs/**,\ + ${server.servlet.path}/system-info/**,${server.servlet.path}/linked-authorization/link-transaction,\ + ${server.servlet.path}/linked-authorization/authenticate,${server.servlet.path}/linked-authorization/consent + + +# Authentication ignored endpoint (permit-all) +mosip.idp.security.ignore-auth-urls=${server.servlet.path}/csrf/**,${server.servlet.path}/authorization/**,\ + ${server.servlet.path}/linked-authorization/**,${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/**,\ + ${server.servlet.path}/v3/api-docs/** + +mosip.idp.amr-acr-mapping-file-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/amr-acr-mapping.json + +#spring.autoconfigure.exclude[0]=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration +spring.security.oauth2.resourceserver.jwt.issuer-uri=${keycloak.external.url}/auth/realms/mosip +spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs + +mosip.idp.supported-id-regex=\\S* +mosip.idp.reqtime.leeway-minutes=2 + +#Id and access token validity intervals +mosip.idp.access-token-expire-seconds=7200 +mosip.idp.id-token-expire-seconds=7200 + +## link transaction +mosip.idp.link-code-expire-in-secs=60 +mosip.idp.kafka.linked-session.topic=idp-linked +mosip.idp.kafka.linked-auth-code.topic=idp-consented + +## kafka configurations +spring.kafka.bootstrap-servers=kafka-0.kafka-headless.${kafka.profile}:${kafka.port},kafka-1.kafka-headless.${kafka.profile}:${kafka.port},kafka-2.kafka-headless.${kafka.profile}:${kafka.port} +spring.kafka.consumer.group-id=idp-consumer +spring.kafka.consumer.enable-auto-commit=true +#spring.kafka.listener.concurrency=1 + +mosip.idp.audit.wrapper.impl=LoggerAuditService + +## ---------------------------------------- IdP (oauth & openid) config ------------------------------------------- + +## supported scopes +mosip.idp.supported.authorize.scopes={'identity.readonly','vid.manage','vid.readonly','auth.readonly','auth.method.manage','identity.update','auth.history.readonly','notifications.readonly','notifications.manage','credential.manage','auth.history.manage','card.manage'} +mosip.idp.supported.openid.scopes={'profile','email','phone'} +mosip.idp.openid.scope.claims={'profile' : {'name','address','gender','birthdate','picture','email','phone_number','locale','individual_id'},'email' : {'email'}, 'phone' : {'phone_number'}} + +## supported authorization processing flow to be used, Currently only supports Authorization Code Flow. +mosip.idp.supported.response.types={'code'} + +## Form of Authorization Grant presented to token endpoint +mosip.idp.supported.grant.types={'authorization_code'} + +## specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User +# page-The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. +# popup-The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. +# touch-The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. +# wap-The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display. +mosip.idp.supported.ui.displays={'page','popup','touch','wap'} + +## specifies whether the Authorization Server prompts the End-User for reauthentication and consent +# none-The Authorization Server MUST NOT display any authentication or consent user interface pages. +# An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent +# for the requested Claims or does not fulfill other conditions for processing the request. +# The error code will typically be login_required, interaction_required, or another code defined in Section 3.1.2.6. +# This can be used as a method to check for existing authentication and/or consent. +# login-The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, \ +# it MUST return an error, typically login_required. +# consent-The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. +# If it cannot obtain consent, it MUST return an error, typically consent_required. +# select_account-The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User +# who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current +# sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, +# typically account_selection_required. +mosip.idp.supported.ui.prompts={'none','login','consent','select_account'} + +## Type of the client assertion +mosip.idp.supported.client.assertion.types={'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'} + +## Type of the client authentication methods for token endpoint +mosip.idp.supported.client.auth.methods={'private_key_jwt'} + +## ---------------------------------------- Cache configuration ------------------------------------------- +mosip.idp.cache.secure.individual-id=true +mosip.idp.cache.store.individual-id=true +mosip.idp.cache.security.secretkey.reference-id=TRANSACTION_CACHE +mosip.idp.cache.security.algorithm-name=AES/ECB/PKCS5Padding + +mosip.idp.cache.names=clientdetails,preauth,authenticated,authcodegenerated,userinfo,linkcodegenerated,linked,linkedcode,linkedauth,consented + +#spring.cache.type=redis +#spring.cache.cache-names=${mosip.idp.cache.names} +#spring.redis.host=localhost +#spring.redis.port=6379 +management.health.redis.enabled=false + +spring.cache.type=simple +mosip.idp.cache.key.hash.algorithm=SHA3-256 +mosip.idp.cache.size={'clientdetails' : 200, 'preauth': 200, 'authenticated': 200, 'authcodegenerated': 200, 'userinfo': 200, \ + 'linkcodegenerated' : 500, 'linked': 200 , 'linkedcode': 200, 'linkedauth' : 200 , 'consented' :200 } +mosip.idp.cache.expire-in-seconds={'clientdetails' : 86400, 'preauth': 300, 'authenticated': 300, 'authcodegenerated': 300, \ + 'userinfo': ${mosip.idp.access-token-expire-seconds}, 'linkcodegenerated' : ${mosip.idp.link-code-expire-in-secs}, \ + 'linked': 300 , 'linkedcode': ${mosip.idp.link-code-expire-in-secs}, 'linkedauth' : 300, 'consented': 300 } + +## ------------------------------------------ Auth Wrapper ------------------------------------------------ + +mosip.idp.authn.wrapper.impl=IdentityAuthenticationService +mosip.idp.authn.ida.cert-url=https://${mosip.api.public.host}/mosip-certs/ida-partner.cer +mosip.idp.authn.ida.kyc-auth-url=${mosip.api.internal.url}/idauthentication/v1/kyc-auth/delegated/${mosip.idp.misp.license.key}/ +mosip.idp.authn.ida.kyc-exchange-url=${mosip.api.internal.url}/idauthentication/v1/kyc-exchange/delegated/${mosip.idp.misp.license.key}/ +mosip.idp.authn.ida.send-otp-url=${mosip.api.internal.url}/idauthentication/v1/otp/${mosip.idp.misp.license.key}/ +mosip.idp.authn.wrapper.ida-domainUri=https://${mosip.idp.host} +mosip.idp.authn.wrapper.ida-env=Developer +mosip.idp.authn.ida.otp-channels=email,phone + +#mosip.idp.authn.wrapper.impl=MockAuthenticationService +mosip.idp.authn.mock.impl.token-expire-sec=1800 +mosip.idp.authn.mock.impl.persona-repo=/home/mosip/mock-auth-data +mosip.idp.authn.mock.impl.policy-repo=/home/mosip/mock-auth-data +mosip.idp.authn.mock.impl.claims-mapping-file=/home/mosip/mock-auth-data/claims_attributes_mapping.json + +mosip.idp.authn.wrapper.validate-binding-url=${mosip.api.internal.url}/v1/idpbinding/validate-binding + + +## ------------------------------------------ Discovery openid-configuration ------------------------------------------------ +mosip.idp.domain.url=https://${mosip.api.public.host} +mosip.idp.discovery.issuer-id=${mosip.idp.domain.url}${server.servlet.path} + +mosip.idp.discovery.key-values={'issuer': '${mosip.idp.discovery.issuer-id}' ,\ + \ 'authorization_endpoint': '${mosip.idp.domain.url}${server.servlet.path}/authorize' , \ + \ 'token_endpoint': '${mosip.idp.domain.url}${server.servlet.path}/oauth/token' ,\ + \ 'userinfo_endpoint' : '${mosip.idp.domain.url}${server.servlet.path}/oidc/userinfo' , \ + \ 'registration_endpoint' : '${mosip.idp.domain.url}${server.servlet.path}/client-mgmt/oidc-client' , \ + \ 'jwks_uri' : '${mosip.idp.domain.url}${server.servlet.path}/oauth/jwks.json' , \ + \ 'scopes_supported' : ${mosip.idp.supported.openid.scopes}, \ + \ 'response_types_supported' : ${mosip.idp.supported.response.types}, \ + \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics'},\ + \ 'userinfo_signing_alg_values_supported' : {'RS256'}, \ + \ 'userinfo_encryption_alg_values_supported' : {'RSAXXXXX'},\ + \ 'userinfo_encryption_enc_values_supported' : {'A128GCM'}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.idp.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'}, 'id_token_signing_alg_values_supported' : {'RS256'}, 'claim_types_supported': {'normal'}, \ + \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','locale','individual_id'}, 'claims_locales_supported' : {'en'}, 'display_values_supported' : ${mosip.idp.supported.ui.displays}, 'ui_locales_supported' : {'en'} } + + +##----------------------------------------- Database properties ------------------------------------------- + +mosip.idp.database.hostname=postgres-postgresql.postgres +mosip.idp.database.port=5432 +spring.datasource.url=jdbc:postgresql://${mosip.idp.database.hostname}:${mosip.idp.database.port}/mosip_idp?currentSchema=idp +spring.datasource.username=idpuser +spring.datasource.password=${db.dbuser.password} + +spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect +spring.jpa.show-sql=false +spring.jpa.hibernate.ddl-auto=none +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +#------------------------------------ Key-manager specific properties -------------------------------------- +#Crypto asymmetric algorithm name +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +#Crypto symmetric algorithm name +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +#Keygenerator asymmetric algorithm name +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +#Keygenerator symmetric algorithm name +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +#Asymmetric algorithm key length +mosip.kernel.keygenerator.asymmetric-key-length=2048 +#Symmetric algorithm key length +mosip.kernel.keygenerator.symmetric-key-length=256 +#Encrypted data and encrypted symmetric key separator +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +#GCM tag length +mosip.kernel.crypto.gcm-tag-length=128 +#Hash algo name +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +#Symmtric key length used in hash +mosip.kernel.crypto.hash-symmetric-key-length=256 +#No of iterations in hash +mosip.kernel.crypto.hash-iteration=100000 +#Sign algo name +mosip.kernel.crypto.sign-algorithm-name=RS256 +#Certificate Sign algo name +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +#mosip.kernel.keymanager.hsm.config-path=local.p12 +#mosip.kernel.keymanager.hsm.keystore-type=PKCS12 +#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.security.pin} + +#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE +mosip.kernel.keymanager.hsm.keystore-type=PKCS11 +# For PKCS11 provide Path of config file. +# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. +# For Offline & JCE property can be left blank, specified value will be ignored. +mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf +# Passkey of keystore for PKCS11, PKCS12 +# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.security.pin} + + +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io +mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP +mosip.kernel.keymanager.softhsm.certificate.organization=IITB +mosip.kernel.keymanager.softhsm.certificate.country=IN + +# Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS +mosip.kernel.partner.allowed.domains=DEVICE + +mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate +mosip.kernel.keymanager.jwtsign.validate.json=false +mosip.keymanager.dao.enabled=false +crypto.PrependThumbprint.enable=true + +## ---------------------------------------------- UI configs ------------------------------------------------------------------ + +mosip.idp.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ + 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \ + 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, 'resend.otp.delay.secs': 30, \ + 'send.otp.channels' : '${mosip.idp.authn.ida.otp-channels}' } + + +logging.level.org.springframework.web.client.RestTemplate=DEBUG diff --git a/image-compressor-default.properties b/image-compressor-default.properties new file mode 100644 index 00000000000..160eed54587 --- /dev/null +++ b/image-compressor-default.properties @@ -0,0 +1,7 @@ +#iam image-compressor-service config +mosip.bio.image.compressor.resize.factor.fx=0.25 +mosip.bio.image.compressor.resize.factor.fy=0.25 +mosip.bio.image.compressor.compression.ratio=50 +biosdk_class=io.mosip.image.compressor.sdk.impl.ImageCompressorSDKV2 +mosip.role.biosdk.getservicestatus=REGISTRATION_PROCESSOR +biosdk_bioapi_impl=io.mosip.image.compressor.sdk.impl.ImageCompressorSDKV2 diff --git a/inji-default.properties b/inji-default.properties new file mode 100644 index 00000000000..b55cb175bf2 --- /dev/null +++ b/inji-default.properties @@ -0,0 +1,26 @@ +#################### add prefix as mosip.inji. for all new properties here #################### + +mosip.inji.allowedAuthType=demo,otp,bio-Finger,bio-Iris,bio-Face +mosip.inji.allowedEkycAuthType=demo,otp,bio-Finger,bio-Iris,bio-Face +mosip.inji.allowedInternalAuthType=otp,bio-Finger,bio-Iris,bio-Face +mosip.inji.faceSdkModelUrl=https://${mosip.api.public.host}/inji +# model download maximum retry +mosip.inji.modelDownloadMaxRetry=10 +# maximum number of retry for downloading vc +mosip.inji.vcDownloadMaxRetry=10 +# pool interval in milli seconds +mosip.inji.vcDownloadPoolInterval=6000 +# validate binding audience url to be sent in token +mosip.inji.audience=ida-binding +# issuer to be sent in token +mosip.inji.issuer=residentapp +# warning screen domain name +mosip.inji.warningDomainName=https://${mosip.api.public.host} +# inji documentation url +mosip.inji.aboutInjiUrl=https://docs.mosip.io/inji +# minimum storage space required for making audit entry in MB +mosip.inji.minStorageRequiredForAuditEntry=2 +# minimum storage space required for downloading / receiving vc in MB +mosip.inji.minStorageRequired=5 +#timeout for vc download api via openid4vci flow in milliseconds +mosip.inji.openId4VCIDownloadVCTimeout=30000 \ No newline at end of file diff --git a/kernel-default.properties b/kernel-default.properties new file mode 100644 index 00000000000..ef448f4a506 --- /dev/null +++ b/kernel-default.properties @@ -0,0 +1,758 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# keycloak.admin.password +# mosip.auth.client.secret (convention: ..secret) +# mosip.ida.client.secret +# mosip.admin.client.secret +# mosip.reg.client.secret +# mosip.prereg.client.secret +# softhsm.kernel.security.pin +# softhsm-security-pin +# email.smtp.host +# email.smtp.username +# email.smtp.secret +# mosip.kernel.tokenid.uin.salt +# mosip.kernel.tokenid.partnercode.salt +# mosip.api.internal.url + +softhsm.kernel.security.pin=${softhsm.security.pin} + +## Sync data +mosip.kernel.syncdata.auth-manager-base-uri=${mosip.kernel.authmanager.url}/v1/authmanager +mosip.kernel.syncdata.auth-manager-roles=/roles +mosip.kernel.syncdata.auth-user-details=/userdetails +mosip.kernel.syncdata.syncdata-request-id=SYNCDATA.REQUEST +mosip.kernel.syncdata.syncdata-version-id=v1.0 +# Name of the file that is present in the config server which has registration specific config. +mosip.kernel.syncdata.registration-center-config-file=registration-${spring.profiles.active}.properties +# Name of the file that is present in the config server which has global config. +mosip.kernel.syncdata.global-config-file=application-${spring.profiles.active}.properties +mosip.kernel.syncdata.syncjob-base-url=${mosip.kernel.syncdata.syncjob.url}/v1/syncjob/syncjobdef +mosip.kernel.syncdata-service-idschema-url=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest + +## SMS notification +mosip.kernel.sms.enabled=true +mosip.kernel.sms.country.code=+91 +mosip.kernel.sms.number.length=10 +#mosip.kernel.sms.gateway : "infobip" or "msg91" +mosip.kernel.sms.gateway=${sms.gateway.provider} +## --msg91 gateway-- +mosip.kernel.sms.api=smsapi +mosip.kernel.sms.authkey=${sms.authkey} +mosip.kernel.sms.route=route +mosip.kernel.sms.sender=sender +mosip.kernel.sms.unicode=unicode + +mosip.kernel.sms.enabled=true +mosip.kernel.sms.country.code=+91 +mosip.kernel.sms.number.length=10 +mosip.kernel.sms.api=http://${sms.host}:${sms.port}/sendsms +mosip.kernel.sms.sender=AD-MOSIP +mosip.kernel.sms.password=dummy +mosip.kernel.sms.route=mock + +## Email notification +mosip.kernel.notification.email.from=do-not-reply@mosip.io +spring.mail.host=${smtp.host} +spring.mail.username=${smtp.username} +spring.mail.password=${smtp.secret} +spring.mail.port=${smtp.port} +spring.mail.properties.mail.transport.protocol=smtp +spring.mail.properties.mail.smtp.starttls.required=false +spring.mail.properties.mail.smtp.starttls.enable=false +spring.mail.properties.mail.smtp.auth=false +spring.mail.debug=false +spring.servlet.multipart.enabled=true +spring.servlet.multipart.max-file-size=5MB + + +## Keymanager service +#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE +mosip.kernel.keymanager.hsm.keystore-type=PKCS11 +# For PKCS11 provide Path of config file. +# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. +# For Offline & JCE property can be left blank, specified value will be ignored. +mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf +# Passkey of keystore for PKCS11, PKCS12 +# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.kernel.security.pin} +# Config to allow use of the resident service module keys for client crypto APIs which is used by resident service to sign uin update packets +mosip.kernel.client.crypto.use-resident-service-module-key=true + +## Auditmanager +mosip.kernel.auditmanager-service-logs-location=logs/audit.log + +## Auth service +auth.jwt.secret=authjwtsecret +auth.jwt.base=Mosip-Token +auth.jwt.expiry=6000000 +auth.token.header=Authorization +auth.refreshtoken.header=RefreshToken +auth.jwt.refresh.expiry=86400000 +auth.primary.language=eng + +otp.manager.api.generate=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/generate +otp.manager.api.verify=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/validate +otp.sender.api.email.send=${mosip.kernel.notification.url}/v1/notifier/email/send +otp.sender.api.sms.send=${mosip.kernel.notification.url}/v1/notifier/sms/send +masterdata.api.template=${mosip.kernel.masterdata.url}/v1/masterdata/templates/ +masterdata.api.template.otp=/otp-sms-template +idrepo.api.getuindetails=${mosip.idrepo.identity.url}/v1/identity/uin/{uin} + +mosip.kernel.auth.app.id=auth +mosip.kernel.auth.client.id=mosip-auth-client +mosip.kernel.auth.secret.key=${mosip.auth.client.secret} + +mosip.kernel.ida.app.id=ida +mosip.kernel.ida.client.id=mosip-ida-client +mosip.kernel.ida.secret.key=${mosip.ida.client.secret} + +## VID generator service +mosip.kernel.vid.min-unused-threshold=100000 +mosip.kernel.vid.vids-to-generate=200000 +mosip.kernel.vid.time-to-release-after-expiry=5 +mosip.kernel.vid.pool-population-timeout=10000000 +kernel.vid.revoke-scheduler-type=cron +kernel.vid.revoke-scheduler-seconds=0 +kernel.vid.revoke-scheduler-minutes=0 +kernel.vid.revoke-scheduler-hours=23 +kernel.vid.revoke-scheduler-days_of_month=* +kernel.vid.revoke-scheduler-months=* +kernel.vid.revoke-scheduler-days_of_week=* +kernel.vid.isolator-scheduler-type=cron +kernel.vid.isolator-scheduler-seconds=0 +kernel.vid.isolator-scheduler-minutes=0 +kernel.vid.isolator-scheduler-hours=* +kernel.vid.isolator-scheduler-days_of_month=* +kernel.vid.isolator-scheduler-months=* +kernel.vid.isolator-scheduler-days_of_week=* + +## PRID properties +mosip.kernel.prid.min-unused-threshold=1000 +mosip.kernel.prid.prids-to-generate=2000 +mosip.kernel.prid.pool-population-timeout=10000000 +mosip.kernel.prid.sequence-limit=3 +kernel.prid.revoke-scheduler-type=cron +kernel.prid.revoke-scheduler-seconds=0 +kernel.prid.revoke-scheduler-minutes=0 +kernel.prid.revoke-scheduler-hours=23 +kernel.prid.revoke-scheduler-days_of_month=* +kernel.prid.revoke-scheduler-months=* +kernel.prid.revoke-scheduler-days_of_week=* + +## Database properties +# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +# If database is external to production, provide the DNS or ip of the host and port +mosip.kernel.database.hostname=postgres-postgresql.postgres +mosip.kernel.database.port=5432 + +javax.persistence.jdbc.driver=org.postgresql.Driver +hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect +hibernate.jdbc.lob.non_contextual_creation=true +hibernate.hbm2ddl.auto=none +hibernate.show_sql=false +hibernate.format_sql=false +hibernate.connection.charSet=utf8 +hibernate.cache.use_second_level_cache=false +hibernate.cache.use_query_cache=false +hibernate.cache.use_structured_entries=false +hibernate.generate_statistics=false + +logging.level.org.hibernate.SQL=ERROR +logging.level.org.hibernate.type=ERROR + +admin_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel +admin_database_username=kerneluser +admin_database_password=${db.dbuser.password} + +syncjob_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master +syncjob_database_username=masteruser +syncjob_database_password=${db.dbuser.password} + +audit_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_audit +audit_database_username=audituser +audit_database_password=${db.dbuser.password} + +masterdata_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master +masterdata_database_username=masteruser +masterdata_database_password=${db.dbuser.password} + +uin.swagger.base-url=https://qa.mosip.io +uin_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel +uin_database_username=kerneluser +uin_database_password=${db.dbuser.password} +hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext + +id_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel +id_database_username=kerneluser +id_database_password=${db.dbuser.password} + +vid_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel +vid_database_username=kerneluser +vid_database_password=${db.dbuser.password} + +prid_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel +prid_database_username=kerneluser +prid_database_password=${db.dbuser.password} + +keymanager.persistence.jdbc.driver=org.postgresql.Driver +keymanager_database_url = jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_keymgr +keymanager_database_password=${db.dbuser.password} +keymanager_database_username= keymgruser + +otpmanager_database_username = kerneluser +otpmanager_database_url = jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel +otpmanager_database_password=${db.dbuser.password} + +syncdata_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master +syncdata_database_username=masteruser +syncdata_database_password=${db.dbuser.password} + +ridgenerator_database_username =regprcuser +ridgenerator_database_url =jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_regprc +ridgenerator_database_password=${db.dbuser.password} + +## Keycloak properties +mosip.iam.base.url=${keycloak.internal.url} +mosip.iam.base-url=${mosip.iam.base.url} +mosip.iam.admin-realm-id=admin +mosip.iam.default.realm-id=mosip +mosip.iam.open-id-url=${mosip.iam.base.url}/auth/realms/{realmId}/protocol/openid-connect/ +mosip.iam.realm.operations.base-url=${mosip.iam.base.url}/auth/admin/realms/{realmId} +mosip.iam.admin-url=${mosip.iam.base.url}/auth/admin/ +mosip.iam.roles-extn-url=realms/mosip/roles +mosip.iam.users-extn-url=realms/mosip/users +mosip.iam.role-user-mapping-url=/{userId}/role-mappings/realm +mosip.iam.role-based-user-url=realms/{realm}/roles/{role-name}/users +keycloak.realm=registration-client +keycloak.resource=account +keycloak.auth-server-url=${mosip.iam.base.url}/auth +keycloak.ssl-required=none +keycloak.public-client=true +keycloak.use-resource-role-mappings=true +keycloak.verify-token-audience=true + +#This is the endpoint use by ui(browser) based applications to redirect to open-id system. This URL should be reachable through the browser. +mosip.iam.authorization_endpoint=${keycloak.external.url}/auth/realms/{realmId}/protocol/openid-connect/auth + +mosip.iam.token_endpoint=${mosip.iam.base.url}/auth/realms/{realmId}/protocol/openid-connect/token +mosip.authmanager.base-url=${mosip.kernel.authmanager.url}/v1/authmanager +mosip.admin.login_flow.name=authorization_code +mosip.admin.login_flow.response_type=code +mosip.admin.login_flow.scope=cls +mosip.admin.clientid=mosip-admin-client +mosip.admin.clientsecret=${mosip.admin.client.secret} +mosip.admin.redirecturi=${mosip.authmanager.base-url}/login-redirect/ +mosip.admin_realm_id=mosip +mosip.iam.master.realm-id=master +mosip.iam.pre-reg_user_password=mosip + +## TODO: Below config is not needed anymore. Need to remove init of db_3_DS in authmanager code. For now, we just +## point to a valid db. +#db_3_DS.keycloak.ipaddress= jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/keycloak +db_3_DS.keycloak.ipaddress= jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel +db_3_DS.keycloak.port=${mosip.kernel.database.port} +db_3_DS.keycloak.username=kerneluser +db_3_DS.keycloak.password=${db.dbuser.password} +db_3_DS.keycloak.driverClassName=org.postgresql.Driver + +mosip.keycloak.admin.client.id=admin-cli +mosip.keycloak.admin.user.id=admin +mosip.keycloak.admin.secret.key=${keycloak.admin.password} + +mosip.iam.impl.basepackage=io.mosip.kernel.auth.defaultimpl +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter + + +master.search.maximum.rows=50 +mosip.level=2 +mosip.kernel.masterdata.audit-url= ${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.keycloak.max-no-of-users=20000 + +## Register device +# Keymanager runs in separate namespace "keymanager" +mosip.kernel.sign-url=${mosip.kernel.keymanager.url}/v1/keymanager/sign +masterdata.registerdevice.timestamp.validate=+10 + +## Prereg +mosip.kernel.prereg.realm-id=mosip +mosip.kernel.prereg.client.id=mosip-prereg-client +mosip.kernel.prereg.secret.key=${mosip.prereg.client.secret} + +## UIN scheduler +kernel.uin.transfer-scheduler-type=cron +kernel.uin.transfer-scheduler-seconds=0 +kernel.uin.transfer-scheduler-minutes=0 +kernel.uin.transfer-scheduler-hours=* +kernel.uin.transfer-scheduler-days_of_month=* +kernel.uin.transfer-scheduler-months=* +kernel.uin.transfer-scheduler-days_of_week=* + +## UIN Auth adapter config +auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + + +## Proxy otp +#mosip.kernel.auth.proxy-otp=false +mosip.kernel.auth.proxy-otp-value=111111 +mosip.security.provider.name=SunPKCS11-pkcs11-proxy + +## identity schema backward compatability ######## +mosip.ui.spec.default.domain=registration-client + +## Security properties +mosip.security.csrf-enable=false +mosip.security.cors-enable=false +mosip.security.origins=localhost:8080 +mosip.security.secure-cookie=false + +## ROOT key identifier +mosip.root.key.applicationid=ROOT + +## Certificate signing algorithm +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +## Default certificate params +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +## Zero Knowledge Master & Public Key identifier. +mosip.kernel.zkcrypto.masterkey.application.id=KERNEL +mosip.kernel.zkcrypto.masterkey.reference.id=IDENTITY_CACHE +mosip.kernel.zkcrypto.publickey.application.id=IDA +mosip.kernel.zkcrypto.publickey.reference.id=PUBLIC_KEY +mosip.kernel.zkcrypto.wrap.algorithm-name=AES/ECB/NoPadding +mosip.kernel.zkcrypto.derive.encrypt.algorithm-name=AES/ECB/PKCS5Padding + +## Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS + +datastores=ldap_1_DS,db_1_DS,db_2_DS + +## Partner Management Service allowed partner domains +mosip.kernel.partner.allowed.domains=AUTH,DEVICE,FTM,MISP + +## List of keys to auto generate. +mosip.kernel.keymanager.autogen.appids.list=ROOT,KERNEL:SIGN,PRE_REGISTRATION,REGISTRATION,REGISTRATION_PROCESSOR,ID_REPO,KERNEL:IDENTITY_CACHE,RESIDENT,PMS,ADMIN_SERVICES,DIGITAL_CARD,COMPLIANCE_TOOLKIT + +## Random keys required for ZK encrypt. +zkcrypto.random.key.generate.count=10000 + +mosip.kernel.keymanager.autogen.basekeys.list=RESIDENT:mpartner-default-resident,COMPLIANCE_TOOLKIT:COMP-FIR + +# Keymanager service keystore cache properties +mosip.kernel.keymanager.keystore.keyreference.enable.cache=false + +# API to get machine based on machine id +mosip.kernel.syncdata-service-machine-url=${mosip.kernel.masterdata.url}/v1/masterdata/machines/%s/eng + +# Flag added to choose client crypto implementation in syncdata service +# Needs to be updated to true in prod deployments +mosip.syncdata.tpm.required=false + +mosip.kernel.registrationclient.app.id=registrationclient +mosip.kernel.registrationclient.client.id=mosip-reg-client +# env variable +mosip.kernel.registrationclient.secret.key=${mosip.reg.client.secret} + +# API to fetch auth token and refresh token used by syncdata-service +mosip.kernel.authtoken.NEW.internal.url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/internal/useridPwd +mosip.kernel.authtoken.OTP.internal.url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/internal/userotp +mosip.kernel.authtoken.REFRESH.internal.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/internal/refreshToken/registrationclient +mosip.kernel.auth.sendotp.url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/sendotp + +# Sample Additional configuration required for real HSM configured though JCE. +# Add the required JCE properties with prefix. - "mosip.kernel.keymanager.hsm.jce" for the property key +# mosip.kernel.keymanager.hsm.jce.className=io.mosip.keymanager.hsm.impl.AnyHSMKeyStoreImpl +# mosip.kernel.keymanager.hsm.jce.keyStoreType=HSMKeyStoreType +# mosip.kernel.keymanager.hsm.jce.keyStoreFile=AnyRequiredKeyStoreFile +# mosip.kernel.keymanager.hsm.jce.localKeyStorePwd=HSMPartitionPassword + +## syncdata-service websub configuration (cacert sync) +syncdata.websub.topic.ca-cert=CA_CERTIFICATE_UPLOADED +# Secret for partner CA certificate CRUD callback +syncdata.websub.callback.secret.ca-cert=secret +# Callback url for partner CA certificate CRUD event +syncdata.websub.callback.url.path.ca-cert=/callback/partner/ca_certificate +syncdata.websub.callback.url.ca-cert=${mosip.kernel.syncdata.url}/v1/syncdata/callback/partner/ca_certificate +# Number of retires on subscription failure +syncdata.websub.resubscription.retry.count=3 +# Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub. +subscriptions-delay-on-startup=120000 + + +# Pause & resume api proeprties +PACKET_RESUME_API=${mosip.api.internal.url}/registrationprocessor/v1/workflowmanager/workflowaction +PACKET_PAUSE_API=${mosip.api.internal.url}/registrationprocessor/v1/workflowmanager/workflow/search +KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey + +## resubscription and subscription initial delay for masterdata service +masterdata.websub.resubscription.delay.millis=48000000 +masterdata.subscriptions-delay-on-startup=120000 + +# The time interval in seconds to schedule subscription of topics which is done as a +# work-around for the bug: MOSIP-9496. By default the +# this property value is set to 0 that disables this workaround. +# To enable the resubscrition scheduling, this property should be assigned with a positive +# number like 1 * 60 * 60 * 1000 = 3600000 for one hour +syncdata.websub.resubscription.delay.millis=48000000 + +## Admin UI +## this pattern like --> display column : configKey. +## We can provide multiple values with ";" separated +mosip.admin.ui.configs=version:${aplication.configuration.level.version};locationHierarchyLevel:${mosip.recommended.centers.locCode};mandatoryLanguages:${mosip.mandatory-languages};optionalLanguages:${mosip.optional-languages};supportedLanguages: ${mosip.mandatory-languages},${mosip.optional-languages};leftToRightOrientation:${mosip.left_to_right_orientation};rightToLeftOrientation:${mosip.right_to_left_orientation};countryCode:${mosip.country.code};filterValueMaxRecords:${mosip.kernel.filtervalue.max_columns};filterValueMaxCount:{"default":${mosip.kernel.filtervalue.max_columns},"registrationcenters":500,"locations":300} + +# Flag to identify the support of no thumbprint in 1.1.3 version. +# Added this for backward compatability. default is false, means support is not required. +# Make it to true if support is required. +mosip.kernel.keymanager.113nothumbprint.support=false + +## Used to get IAM user details. +mosip.kernel.masterdata.auth-manager-base-uri=${mosip.kernel.authmanager.url}/v1/authmanager +mosip.kernel.masterdata.auth-user-details=/userdetails + + +## scheduler do it's job at 2am +scheduling.job.cron=0 0 2 * * ? + +# masterdata swagger openApi +#openapi.service.servers[0].url=${mosip.api.internal.url}/${server.servlet.context-path:${server.servlet.path:}} +#openapi.service.servers[0].description=For Swagger + +#To fetch user details based on user id and user name in zone API's +zone.user.details.url=${mosip.kernel.authmanager.url}/v1/authmanager/userdetails + +auth.server.admin.allowed.audience=mosip-toolkit-android-client,mosip-toolkit-client,mosip-regproc-client,mosip-prereg-client,mosip-admin-client,mosip-crereq-client,mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-resident-client,mosip-reg-client,mpartner-default-print,mosip-idrepo-client,mpartner-default-auth,mosip-syncdata-client,mosip-masterdata-client,mosip-idrepo-client,mosip-pms-client,mosip-hotlist-client,mobileid_newlogic,opencrvs-partner,mosip-deployment-client,mpartner-default-digitalcard,mpartner-default-mobile,mosip-signup-client +mosip.iam.adapter.appid=admin +mosip.iam.adapter.clientid=mosip-admin-client +mosip.iam.adapter.clientsecret=${mosip.admin.client.secret} + +#AdminMaster endpoints to access without authentication +mosip.service-context=/v1/masterdata +mosip.service.end-points={cipher}dd5737cb38b0d354e925a031d1662cae45feb891135577d72d75017f71a3c72d38d157158eb9e12d8e51ffb3e66e1397eb0e20040939ad145363a00c458f247c53a712c564467770d08b0cab22b967ba71d09e75a4c53492f23bb29e4c529a87787e7652c720b8eb7ce61ffc4ea6efe89be9d85034fcb135582af662290eacc0392ea96c15fef0a20694cd24c553ec3325e1450e4fb6ea773b200fcdc5d097014e7ff1794d93330c40f50fce4c20d15fc9b0ddced67877cf51ecf38d7b3fb352e176fe12956e0e2e1d43ac77dd200085dac1d3e3fe49475d5077b6bff6162c53a2d00fdbc5cd12a0aa983165916cb9cd72b2eff9c8bf7bc92bea2619fc0900b5936655a16a96fe8b188fa06a625760f78b1273a66137228095305ca32093b1fda5faac87b1ae172caa990776fa6dc52f6f1863848b21e42eb1af5ee530f12af7ef94aa8bccb254fe65c69870338e7bae1a95f344c9fcb806ac7801466168c81de7262e1a0bf49c62ee0c3676babbc718ba790e7b9428482443f6e612c9ef497702a79c9a49d47ab98d97a868e7f2ce1b7febc3d09afadbf5555e21234290aaaef94681c78326d7c178316b7d211f2a72dfb5a39e6badda11d4ee42b79c003fdf1d83d72aee288f6c8ad6e5f66c2dae350d50f5aec39360b8cce5e3682ef6f8adb7a6377a9580d420944f98c98390d3a2f7a0682d26991a60e3ab79401c63233c5a18b1902f715ebf595107563d9a60d3280c1baed1777e894660ea1e05b6433e2653af499b286fdb6380b29d32953bd23de2ec8f2c441b0e22c3877f85aa23046e2830fb9f94dced2ee55f107c8160f05bfa5436620898b36d18ae26bd4c7400e3d51f85bad2a81665aa7baf7d10cb792067b600fb0277fb0119aa9186c3d1a2079c56ca999ce1d4930b9ea77f80d88bb2afbb93002b77c3d5f5a895822dacc6038112160bf280d392599c268d504aff4e933fa4308ab50d25793c93fd2a51b1c7d2938219ff84202ae286cb1b9650ec5dfd79dabad2acf2b44fbc08170c097c93a9d663b4c130392bd536d86a87cd11ab074d3db666dcf2f40349d1056ce2708cfcfbcdd868a8073acd9a2241159e64cae84eceabd8acb83afbeeafa822defd7616bfd5801f1976392872f61e637bc21c3db4fe30d6c1de644d2291ce9d48ff1afff9f1ab596620553fd669cfa38dc5ccea6286abbcd93ca8b434b2b6d42129d72e7daa91001d43005d781369c054b36a6158d4f2cc6c6136565733b13cd7d306c715809f2d9a5024abcffbc0ef3b58585b881f6509bd1876b923494445a2a430ddf5e517b49b65647f54a2e10a002224269c78a38b6ddbddc02176d93e1e280cfdefc317efe361babe0eb3688c9d3406c4ef7a1851ddc7d511703b1d4e2c449792abd523c6eadfbfea13cf862478d75196f8133deadc31222fa6be3cd1cac015f2af1865d834bda4e7f3352cc72116d732ed384a0b94237810bf5909ea453f9052aeb0ae6d492e7ed4d2c33145e38a79742ca23294f3dc89e3cafcfbc8349aae712172bd661137ad6179df3bcc1f03b80af7c82b8a1aa91140086e663ff257d8084680c00c9a31f9c96e0b3d350192851c0c279b8159070e5f1f06153d132447fddbbf1dbb7378b84c38dc1c5f2f8cbbfcd8a478f78b1ed6ed44a0d81a88be605b66a5caad776ab1ae7c8a88362efef9b43d261dd292324e173606fabd3b8ade5fce14671d274d33e93f975d12071473fa7b0289a99a151ce67b3070f44001b5d74b3087ad1fbd071605fd62fa5f86454b881fd1ad86bd565b33248d47100d862dcc57dc0e9f673e25b0845b27d06b38c30ca975efb8031444459d776f6221a90fa51b971a4054332411de943afd8b + +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +##validity time of mosip-signed certificates + + +## Roles +mosip.role.admin.masterdata.getapplicationconfigs=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.admin.masterdata.getconfigs=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.admin.masterdata.getapplicationtypes=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.admin.masterdata.getapplicationtypeslangcode=PRE_REGISTRATION_ADMIN,RESIDENT,GLOBAL_ADMIN,ZONAL_ADMIN,INDIVIDUAL,REGISTRATION_PROCESSOR,PRE_REGISTRATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,PARTNER,AUTH_PARTNER,PARTNER_ADMIN,DEVICE_PROVIDER,DEVICE_MANAGER +mosip.role.admin.masterdata.getapplicationtypescodelangcode=RESIDENT,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,INDIVIDUAL,REGISTRATION_PROCESSOR,PRE_REGISTRATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,PARTNER,AUTH_PARTNER,PARTNER_ADMIN,DEVICE_PROVIDER,DEVICE_MANAGER +mosip.role.admin.masterdata.postapplicationtypes=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getgetbiometricattributesbyauthtype=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR +mosip.role.admin.masterdata.postbiometricattributes=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getbiometrictypes=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getbiometrictypeslangcode=ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_PROCESSOR,REGISTRATION_OFFICER +mosip.role.admin.masterdata.getbiometrictypescodelangcode=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_PROCESSOR,REGISTRATION_OFFICER +mosip.role.admin.masterdata.postbiometrictypes=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.postblocklistedwordswords=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postblocklistedwords=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putblocklistedwords=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putblocklistedwordsdetails=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.deleteblocklistedwordsword=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getblocklistedwordsall=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postblocklistedwordssearch=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postblocklistedwordsfiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchblocklistedwords=GLOBAL_ADMIN,ZONAL_ADMIN,REGISTRATION_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getdeviceslanguagecode=ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER +mosip.role.admin.masterdata.getdeviceslanguagecodedevicetype=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER +mosip.role.admin.masterdata.postdevices=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putdevices=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getdevicesmappeddevicesregcenterid=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdevicessearch=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdevicesfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putdevicesdecommissiondeviceid=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.patchdevices=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getdeviceshistoriesidlangcodeeffdatetimes=REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postdeviceprovider=GLOBAL_ADMIN,ZONAL_ADMIN,PARTNER_ADMIN,PARTNER,AUTH_PARTNER,DEVICE_MANAGER,DEVICE_PROVIDER +mosip.role.admin.masterdata.putdeviceprovider=GLOBAL_ADMIN,ZONAL_ADMIN,PARTNER_ADMIN,PARTNER,AUTH_PARTNER,DEVICE_MANAGER,DEVICE_PROVIDER +mosip.role.admin.masterdata.postdeviceprovidermanagementvalidate=ZONAL_ADMIN,GLOBAL_ADMIN,DEVICE_PROVIDER,DEVICE_MANAGER +mosip.role.admin.masterdata.deletedevicederegisterdevicecode=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.putdeviceupdatestatus=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getdevicespecifications=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,DEVICE_MANAGER,DEVICE_PROVIDER,PARTNER,AUTH_PARTNER,PARTNER_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getdevicespecificationsdevicetypecode=ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,DEVICE_MANAGER,DEVICE_PROVIDER,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdevicespecifications=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putdevicespecifications=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.deletedevicespecificationsid=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getdevicespecificationsall=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdevicespecificationssearch=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdevicespecificationsfiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchdevicespecifications=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdevicetypes=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putdevicetypes=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getdevicetypesall=ZONAL_ADMIN,GLOBAL_ADMIN,DEVICE_MANAGER,PRE_REGISTRATION_ADMIN,DEVICE_PROVIDER,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdevicetypessearch=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdevicetypesfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchdevicetypes=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getdocumentcategorieslangcode=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,DEVICE_MANAGER,DEVICE_PROVIDER,PARTNER,PARTNER_ADMIN,RESIDENT,INDIVIDUAL,PRE_REGISTRATION,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getdocumentcategoriescode=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,DEVICE_MANAGER,DEVICE_PROVIDER,PARTNER,PARTNER_ADMIN,RESIDENT,INDIVIDUAL,PRE_REGISTRATION,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdocumentcategories=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putdocumentcategories=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.deletedocumentcategoriescode=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getdocumentcategoriesall=PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdocumentcategoriessearch=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdocumentcategoriesfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchdocumentcategories=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdocumenttypes=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putdocumenttypes=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.deletedocumenttypescode=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getdocumenttypesall=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdocumenttypesfiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdocumenttypessearch=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchdocumenttypes=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getdocumenttypesmissingidslangcode=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postdynamicfields=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putdynamicfields =ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchdynamicfieldsall=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchdynamicfields=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.deletedynamicfields=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.deletedynamicfieldsid=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postdynamicfieldssearch=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postfoundationaltrustprovider=ZONAL_ADMIN,GLOBAL_ADMIN,PARTNER,AUTH_PARTNER,PARTNER_ADMIN,DEVICE_PROVIDER,DEVICE_MANAGER +mosip.role.admin.masterdata.putfoundationaltrustprovider=ZONAL_ADMIN,GLOBAL_ADMIN,PARTNER,AUTH_PARTNER,PARTNER_ADMIN,DEVICE_PROVIDER,DEVICE_MANAGER +mosip.role.admin.masterdata.postgendertypes=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.putgendertypes=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.deletegendertypescode=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getgendertypesall=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,CENTRAL_ADMIN +mosip.role.admin.masterdata.postgendertypessearch=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.postgendertypesfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getholidays=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getholidaysholidayid=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getholidaysholidayidlangcode=ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,INDIVIDUAL,PRE_REGISTRATION,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postholidays=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putholidays=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchholidays=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.deleteholidays=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getholidaysall=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postholidayssearch=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postholidaysfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getholidaysmissingidslangcode=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postidtypes=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getindividualtypesall=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,CENTRAL_ADMIN,REGISTRATION_PROCESSOR +mosip.role.admin.masterdata.postindividualtypessearch=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.postindividualtypesfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.postindividualtypes=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.putindividualtypes=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.postlanguages=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getlocations=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.putlocations=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.patchlocations=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.deletelocationslocationcode=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getlocationsall=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.postlocationssearch=ZONAL_ADMIN,GLOBAL_ADMIN,REGISTRATION_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postlocationsfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN,REGISTRATION_ADMIN +mosip.role.admin.masterdata.getlocationslevellangcode=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getlocationsmissingidslangcode=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getlocationhierarchylevels=INDIVIDUAL,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,ZONAL_ADMIN,default,GLOBAL_ADMIN,PRE_REGISTRATION,REGISTRATION_ADMIN,REGISTRATION_OPERATOR +mosip.role.admin.masterdata.getmachinesidlangcode=GLOBAL_ADMIN,ZONAL_ADMIN,REGISTRATION_CLIENT,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,RESIDENT +mosip.role.admin.masterdata.getmachineslangcode=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,REGISTRATION_CLIENT,REGISTRATION_PROCESSOR +mosip.role.admin.masterdata.getmachines=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,REGISTRATION_CLIENT,REGISTRATION_PROCESSOR +mosip.role.admin.masterdata.deletemachinesid=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getmachinesmappedmachinesregcenterid=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,REGISTRATION_CLIENT,REGISTRATION_OFFICER +mosip.role.admin.masterdata.postmachinessearch=GLOBAL_ADMIN,ZONAL_ADMIN,RESIDENT,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postmachinesfiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putmachinesdecommissionmachineid=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postmachines=GLOBAL_ADMIN,ZONAL_ADMIN,RESIDENT,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putmachines=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchmachines=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getmachineshistoriesidlangcode=REGISTRATION_PROCESSOR,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postmachinespecifications=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putmachinespecifications=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchmachinespecifications=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.deletemachinespecificationsid=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getmachinespecificationsall=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_PROCESSOR,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postmachinespecificationssearch=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postmachinespecificationsfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postmachinetypes=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putmachinetypes=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchmachinetypes=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getmachinetypesall=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postmachinetypessearch=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postmachinetypesfiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getmodulesidlangcode=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getmoduleslangcode=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postmosipdeviceservice=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.putmosipdeviceservice=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postpacketrejectionreasonsreasoncategory=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postpacketrejectionreasonsreasonlist=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getpacketrejectionreasonsreasoncategorycodelangcode=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,REGISTRATION_PROCESSOR +mosip.role.admin.masterdata.getpacketrejectionreasons=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR +mosip.role.admin.masterdata.postpacketresume=REGISTRATION_ADMIN +mosip.role.admin.masterdata.postpacketsearch=REGISTRATION_ADMIN +mosip.role.admin.masterdata.getpossiblevaluesfieldname=ZONAL_ADMIN,GLOBAL_ADMIN,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN +mosip.role.admin.masterdata.postregistereddevices=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postregistereddevicesderegister=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.putregistereddevicesupdatestatus=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getgetlocspecificregistrationcenterslangcode=INDIVIDUAL,REGISTRATION_PROCESSOR,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION +mosip.role.admin.masterdata.getgetregistrationcenterholidayslangcode=INDIVIDUAL,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION +mosip.role.admin.masterdata.getgetcoordinatespecificregistrationcenters=INDIVIDUAL,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION,RESIDENT +mosip.role.admin.masterdata.getregistrationcentersidlangcode=INDIVIDUAL,REGISTRATION_PROCESSOR,ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,PRE_REGISTRATION,RESIDENT +mosip.role.admin.masterdata.getregistrationcenters=INDIVIDUAL,ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,PRE_REGISTRATION +mosip.role.admin.masterdata.getregistrationcentersidlangcodehierarchylevel=INDIVIDUAL,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION +mosip.role.admin.masterdata.getregistrationcenterspagelangcode=INDIVIDUAL,REGISTRATION_PROCESSOR,ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,PRE_REGISTRATION,RESIDENT +mosip.role.admin.masterdata.getregistrationcentersvalidateidlangcode=INDIVIDUAL,REGISTRATION_PROCESSOR,ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,PRE_REGISTRATION +mosip.role.admin.masterdata.deleteregistrationcentersregistrationcenterid=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getregistrationcenterslangcodehierarchylevelnames=ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,INDIVIDUAL,PRE_REGISTRATION,RESIDENT +mosip.role.admin.masterdata.getregistrationcentersall=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.postregistrationcenterssearch=ZONAL_ADMIN,GLOBAL_ADMIN,REGISTRATION_ADMIN +mosip.role.admin.masterdata.postregistrationcentersfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN,REGISTRATION_ADMIN +mosip.role.admin.masterdata.postregistrationcenters=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.putregistrationcenters=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.putregistrationcentersdecommission=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.patchregistrationcenters=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.putregistrationcenterslanguage=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.putregistrationcentersnonlanguage=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getregistrationcentersmissingids=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.getgetzonespecificregistrationcenterslangcode=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getregistrationcenterdevicehistoryregcenteriddeviceid=REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,GLOBAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getregistrationcentershistoryregistrationcenterid=ZONAL_ADMIN,GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postregistrationcentertypes=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putregistrationcentertypes=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.deleteregistrationcentertypes=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getregistrationcentertypesall=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,INDIVIDUAL,PRE_REGISTRATION,REGISTRATION_PROCESSOR,REGISTRATION_CLIENT,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postregistrationcentertypesfiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postregistrationcentertypessearch=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchregistrationcentertypes=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getregistrationcentertypesmissingidslangcode=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getgetregistrationmachineusermappinghistory=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,REGISTRATION_PROCESSOR,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postidschema=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.putidschema=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.putidschemapublish=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.deleteidschema=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getidschemaall=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getidschemalatest=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,REGISTRATION_CLIENT,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,RESIDENT,ID_REPOSITORY +mosip.role.admin.masterdata.posttemplates=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.puttemplates=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.deletetemplatesid=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.gettemplatestemplatetypecodescode=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,INDIVIDUAL,PRE_REGISTRATION,ID_AUTHENTICATION,AUTH,PRE_REGISTRATION_ADMIN,RESIDENT,PARTNER,AUTH_PARTNER,PARTNER_ADMIN,DEVICE_PROVIDER,DEVICE_MANAGER,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,PRINT_PARTNER,MASTERDATA_ADMIN +mosip.role.admin.masterdata.gettemplatesall=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.posttemplatessearch=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.posttemplatesfiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.patchtemplates=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.gettemplatesmissingidslangcode=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.posttemplatefileformats=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.puttemplatefileformats=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.deletetemplatefileformatscode=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.gettemplatefileformatscodelangcode=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.gettemplatefileformatslangcode=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.patchtemplatefileformats=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.posttemplatetypes=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.posttitle=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.puttitle=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.puttitlecode=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.gettitleall=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.posttitlesearch=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.posttitlefiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postuispec=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.admin.masterdata.putuispec=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.admin.masterdata.postuispecpublish=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.admin.masterdata.deleteuispec=GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.admin.masterdata.getuispecall=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.admin.masterdata.getusersid=PRE_REGISTRATION_ADMIN,ID_AUTHENTICATION,ZONAL_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_PROCESSOR +mosip.role.admin.masterdata.getusers=PRE_REGISTRATION_ADMIN,ID_AUTHENTICATION,ZONAL_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_PROCESSOR +mosip.role.admin.masterdata.getusercentermapping=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.putusercentermapping=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.patchusercentermapping=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.deleteusersid=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getuserdetails=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getuserssearch=PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getusersideffdtimes=INDIVIDUAL,PRE_REGISTRATION_ADMIN,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,ZONAL_ADMIN,PRE_REGISTRATION,RESIDENT +mosip.role.admin.masterdata.postvaliddocuments=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.deletevaliddocumentsdoccategorycode=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getvaliddocumentsall=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.postvaliddocumentssearch=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postvaliddocumentsfiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.putvaliddocumentsmapdoccategorycode=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.putvaliddocumentsunmapdoccategorycode=GLOBAL_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN +mosip.role.admin.masterdata.getzoneshierarchylangcode=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getzoneszonename=GLOBAL_ADMIN,ZONAL_ADMIN,REGISTRATION_OFFICER,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,PRE_REGISTRATION,REGISTRATION_SUPERVISOR,RESIDENT,INDIVIDUAL,ID_AUTHENTICATION +mosip.role.admin.masterdata.getzonesauthorize=GLOBAL_ADMIN,PRE_REGISTRATION_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postzonesfiltervalues=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.putzoneuser=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postzoneuser=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.deletezoneuseruseridzonecode=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getzoneuserhistoryuserid=ZONAL_ADMIN,REGISTRATION_OFFICER,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,PRE_REGISTRATION,REGISTRATION_SUPERVISOR,RESIDENT,INDIVIDUAL,ID_AUTHENTICATION +mosip.role.admin.masterdata.patchzoneuser=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.postzoneusersearch=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getdocumentcategoriesmissingidslangcode=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.getdynamicfieldmissingidslangcode=GLOBAL_ADMIN,ZONAL_ADMIN +mosip.role.admin.masterdata.deletelanguagescode=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.patchlanguages=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.postdynamicfieldsfiltervalues=ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.admin.masterdata.putlanguages=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,GLOBAL_ADMIN +mosip.role.kernel.postemailsend=ZONAL_ADMIN,PRE_REGISTRATION_ADMIN,AUTH,ID_AUTHENTICATION,RESIDENT,REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,INDIVIDUAL +mosip.role.kernel.postsmssend=PRE_REGISTRATION_ADMIN,AUTH,ID_AUTHENTICATION,RESIDENT,REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,REGISTRATION_SUPERVISOR,INDIVIDUAL +mosip.role.kernel.postotpgenerate=PRE_REGISTRATION_ADMIN,INDIVIDUAL,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,ID_AUTHENTICATION,AUTH,RESIDENT,REGISTRATION_OFFICER +mosip.role.kernel.getotpvalidate=PRE_REGISTRATION_ADMIN,INDIVIDUAL,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,ID_AUTHENTICATION,AUTH,RESIDENT,REGISTRATION_OFFICER +mosip.role.kernel.getgenerateridcenteridmachineid=REGISTRATION_PROCESSOR,RESIDENT +mosip.role.kernel.postaudits=MASTERDATA_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION,PRE_REGISTRATION_ADMIN,RESIDENT,ZONAL_ADMIN,GLOBAL_ADMIN,ID_REPOSITORY,HOTLIST_ADMIN +mosip.role.keymanager.postcssign=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postcsverifysign=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.posttpmencrypt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.posttpmdecrypt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.posttpmsigningpublickey=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.posttpmencryptionpublickey=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postencrypt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,ID_REPOSITORY,CREDENTIAL_REQUEST,HOTLIST_ADMIN +mosip.role.keymanager.postdecrypt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,ID_REPOSITORY,CREDENTIAL_REQUEST,HOTLIST_ADMIN +mosip.role.keymanager.postencryptwithpin=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postdecryptwithpin=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postencryptdt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postdecryptdt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postgeneratemasterkeyobjecttype=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.getgetcertificate=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,KEY_MAKER +mosip.role.keymanager.postgeneratecsr=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postuploadcertificate=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postuploadotherdomaincertificate=PARTNER_ADMIN,ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postgeneratesymmetrickey=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.putrevokekey=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postmigratebasekey=KEY_MIGRATION_ADMIN +mosip.role.keymanager.getzktempcertificate=KEY_MIGRATION_ADMIN +mosip.role.keymanager.postlicensegenerate=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postmigratezkkeys=KEY_MIGRATION_ADMIN +mosip.role.keymanager.postuploadcacertificate=ZONAL_ADMIN,GLOBAL_ADMIN,PARTNER_ADMIN +mosip.role.keymanager.postuploadpartnercertificate=ZONAL_ADMIN,GLOBAL_ADMIN,PARTNER_ADMIN,PARTNER +mosip.role.keymanager.getgetpartnercertificatepartnercertid=ZONAL_ADMIN,GLOBAL_ADMIN,PARTNER_ADMIN,PARTNER +mosip.role.keymanager.postverifycertificatetrust=ZONAL_ADMIN,GLOBAL_ADMIN,PARTNER_ADMIN,PARTNER +mosip.role.keymanager.postsign=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postvalidate=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postpdfsign=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,PRINT_PARTNER,CREDENTIAL_REQUEST +mosip.role.keymanager.postjwtsign=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postjwtverify=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.getuinpartnercode=ZONAL_ADMIN,GLOBAL_ADMIN,ID_AUTHENTICATION,RESIDENT +mosip.role.keymanager.postzkencrypt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postzkdecrypt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postzkreencryptrandomkey=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT +mosip.role.keymanager.postjwssign=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,CREDENTIAL_ISSUANCE +mosip.role.keymanager.postcwtsign=ZONAL_ADMIN,GLOBAL_ADMIN,RESIDENT,PRINT_PARTNER,CREDENTIAL_ISSUANCE +mosip.role.keymanager.postcwtdecode=ZONAL_ADMIN,GLOBAL_ADMIN,RESIDENT,PRINT_PARTNER,CREDENTIAL_ISSUANCE +mosip.role.keymanager.postcwtverify=ZONAL_ADMIN,GLOBAL_ADMIN,RESIDENT,PRINT_PARTNER,CREDENTIAL_ISSUANCE +mosip.role.keymanager.postgenerateargon2hash=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT + +mosip.kernel.keymanager.jwtsign.validate.json=false + +auth.allowed.urls=http://localhost:5000/ + +##These properties are used for validation in kernel-masterdata-service +#For example, Arabic needs to be added along with english +#the unicode range of Arabic (Range: 0600–06FF) has to be added inside the square brackets with \u tag +#the final value in this case might look like [^a-z\u0600-\u06FF] +mosip.kernel.masterdata.code.validate.regex=[^a-z0-9] +mosip.kernel.masterdata.name.validate.regex=[^a-z] +# query param usd to refer url to redirect after logout +mosip.iam.post-logout-uri-param-key=post_logout_redirect_uri +# end session endpoint in OIDC +mosip.iam.end-session-endpoint-path=/protocol/openid-connect/logout +mosip.kernel.keymgr.hsm.health.check.enabled=false diff --git a/mimoto-default.properties b/mimoto-default.properties new file mode 100644 index 00000000000..a1d5afb1d7c --- /dev/null +++ b/mimoto-default.properties @@ -0,0 +1,203 @@ +# MOSIP + +public.url=${mosip.api.internal.url}/residentmobileapp +mosip.resident.base.url=${mosip.resident.url}/resident/v1 +mosip.esignet.base.url=${mosip.esignet.host}/v1/esignet +idp.binding.base.url=https://${mosip.esignet.base.url}/binding + +RESIDENT_OTP=${mosip.resident.base.url}/req/otp +RESIDENT_CREDENTIAL_REQUEST=${mosip.resident.base.url}/req/credential +RESIDENT_CREDENTIAL_REQUEST_STATUS=${RESIDENT_CREDENTIAL_REQUEST}/status +RESIDENT_VID=${mosip.resident.base.url}/vid +RESIDENT_AUTH_LOCK=${mosip.resident.base.url}/req/auth-lock +RESIDENT_AUTH_UNLOCK=${mosip.resident.base.url}/req/auth-unlock +RESIDENT_INDIVIDUALID_OTP=${mosip.resident.base.url}/individualId/otp +RESIDENT_AID_GET_INDIVIDUALID=${mosip.resident.base.url}/aid/status + +BINDING_OTP=${idp.binding.base.url}/binding-otp +WALLET_BINDING=${idp.binding.base.url}/wallet-binding + + +# Resident App +credential.template=template.json +credential.sample=sample_credential.json +credential.data.path=data +safetynet.api.key= +safetynet.api.url=https://www.googleapis.com/androidcheck/v1/attestations/verify?key=${safetynet.api.key} + +registration.processor.print.textfile=registration-processor-print-text-file.json + +# Websub +mosip.event.hubUrl=${mosip.websub.url}/hub/ +mosip.event.hub.subUrl=${mosip.event.hubUrl} +mosip.event.hub.pubUrl=${mosip.event.hubUrl} + + +# MOSIP partner +mosip.partner.id=mpartner-default-mobile +mosip.event.callBackUrl=${public.url}/credentialshare/callback/notify +mosip.event.topic=${mosip.partner.id}/CREDENTIAL_ISSUED +mosip.event.secret=Kslk30SNF2AChs2 + + +mosip.partner.crypto.p12.filename=keystore.p12 +mosip.partner.crypto.p12.password=${mosip.partner.crypto.p12.password} +mosip.partner.crypto.p12.alias=partner +mosip.partner.encryption.key=${mosip.partner.crypto.p12.password} +mosip.partner.prependThumbprint=true + + +mosip.datashare.partner.id=mpartner-default-resident +mosip.datashare.policy.id=mpolicy-default-resident + + +csrf.disabled=true +# Delayed websub subscription. Default is 5 seconds in ms. +mosip.event.delay-millisecs=5000 +# Websub re-subscription workaround for losing subscribed topic when MOSIP websub update or restart. Default is 5 minutes in ms. +websub-resubscription-delay-millisecs=300000 + +#-------------TOKEN GENERATION---------------- +#Token generation request id +token.request.id=io.mosip.registration.processor +#Token generation app id +token.request.appid=regproc +#Token generation username +token.request.username=registrationprocessor +#Token generation password +token.request.password={cipher}b77f8738b7fb8c48f84d587b045fa50099a569c381d1857eddbcd04afd83cd08 +#Token generation version +token.request.version=1.0 +#Token generation Client Id +token.request.clientId=mosip-regproc-client +#Token generation secret key +token.request.secretKey={cipher}b77f8738b7fb8c48f84d587b045fa50099a569c381d1857eddbcd04afd83cd08 +#Token generation issuer url +token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip + +#Audit Service +AUDIT=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +AUDIT_URL=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey + +#Master Data Services +# MASTER=http://kernel-masterdata-service/v1/masterdata +MASTER=${mosip.kernel.masterdata.url}/v1/masterdata +TEMPLATES=${MASTER}/templates + +#Packet receiver application version +mosip.print.application.version=1.0 +#Request Date Time format +mosip.print.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' + + +#-------------Printing Service-------------------- +mosip.print.service.id=mosip.print + +#Audit request id +mosip.print.audit.id=mosip.applicanttype.getApplicantType +mosip.country.code=MOR + +#Kernel Crypto signature +registration.processor.signature.isEnabled=true + +# Language Supported By Platform - ISO +mosip.supported-languages=eng,ara,fra + +mosip.template-language=eng +mosip.optional-languages=ara,fra +mosip.mandatory-languages=eng + +# mosip.primary-language=eng +# mosip.secondary-language=ara + +#----------------------- CBEFF Util-------------------------------------------------- +# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. +mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/print/${spring.profiles.active}/${spring.cloud.config.label}/ +# Cbeff XSD file name in config server +mosip.kernel.xsdfile=mosip-cbeff.xsd + +#----------------------------- Applicant Type -------------------------------------------------- +mosip.kernel.applicant.type.age.limit = 5 + +#----------------------------- Static PIN -------------------------------------------------- +mosip.kernel.pin.length=6 + +#-----------------------------TOKEN-ID Properties--------------------------------- +#length of the token id +mosip.kernel.tokenid.length=36 + +# log level +logging.level.root=WARN +logging.level.io.mosip=DEBUG +# logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO +logging.level.io.mosip.kernel.auth.defaultadapter=DEBUG +logging.level.org.springframework.http.client=DEBUG +logging.level.io.mosip.residentapp=INFO +logging.level.reactor.netty.http.client=INFO +# tomcat access logs +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.directory=/dev +server.tomcat.accesslog.prefix=stdout +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.suffix= +server.tomcat.accesslog.file-date-format= +server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","appId":"%{X-AppId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}"} +server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve +registration.processor.unMaskedUin.length=5 + +IDSchema.Version=1.0 +registration.processor.identityjson=identity-mapping.json +registration.processor.demographic.identity=identity +CREATEDATASHARE=${mosip.datashare.url}/v1/datashare/create +DECRYPTPINBASSED=${mosip.kernel.keymanager.url}/v1/keymanager/decryptWithPin + +config.server.file.storage.uri=${spring.cloud.config.uri}/print/${spring.profiles.active}/${spring.cloud.config.label}/ + + +#Auth Adapter rest template authentication configs +mosip.iam.adapter.appid=partner +mosip.iam.adapter.clientid=mpartner-default-mobile +mosip.iam.adapter.clientsecret=${mpartner.default.mobile.secret} +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ + +mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip +mosip.authmanager.base-url=${mosip.kernel.authmanager.url}/v1/authmanager +mosip.authmanager.client-token-endpoint=${mosip.authmanager.base-url}/authenticate/clientidsecretkey +auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + + +# in minutes +mosip.iam.adapter.validate-expiry-check-rate=1440 + +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=1440 + +#this should be false if you don?t use this restTemplate true if you do + +mosip.iam.adapter.self-token-renewal-enable=true +mosip.auth.filter_disable=false +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter +mosip.kernel.auth.appids.realm.map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip'} +vercred.type.vid=VID +mosip.idp.partner.id=mpartner-default-mobile +mosip.idp.partner.encryption.key={cipher}b77f8738b7fb8c48f84d587b045fa50099a569c381d1857eddbcd04afd83cd08 +wallet.binding.partner.id=mpartner-default-mimotokeybinding +wallet.binding.partner.api.key=${mimoto.wallet.binding.partner.api.key} + +mosip.kernel.masterdata.code.validate.regex=[^a-z0-9\u0600-\u06FF\u0C80-\u0CFF] +mosip.kernel.masterdata.name.validate.regex=[^a-z\u0600-\u06FF\u0C80-\u0CFF] + +#mosip notification otp channel config +mosip.notificationtype=SMS|EMAIL|PHONE + +# Configurations related to openid4vci +mosip.openid.issuers=mimoto-issuers-config.json +mosip.openid.issuer.credentialSupported=sunbird-insurance-wellKnown.json +mosip.openid.htmlTemplate=credential-template.html +mosip.oidc.client.assertion.type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer +mosip.oidc.p12.filename=oidckeystore.p12 +mosip.oidc.p12.password=${mimoto.oidc.keystore.password} +#Property to test the mounted p12 file extraction of openid4vci flow. +mosip.oidc.p12.path=certs/ +logging.level.org.springframework.web.client.RestTemplate=INFO diff --git a/mimoto-issuers-config.json b/mimoto-issuers-config.json new file mode 100644 index 00000000000..1b84da834c2 --- /dev/null +++ b/mimoto-issuers-config.json @@ -0,0 +1,311 @@ +{ + "issuers": [ + { + "credential_issuer": "Mosip", + "display": [ + { + "name": "UIN, VID, AID", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "mosip logo" + }, + "title": "Download MOSIP Credentials via OTP", + "description":"Download credentials by providing UIN, VID or AID", + "language": "en" + }, + { + "name": "UIN, VID, AID", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "شعار موسيب" + }, + "title": "قم بتنزيل بيانات اعتماد MOSIP عبر OTP", + "description": "قم بتنزيل بيانات الاعتماد من خلال توفير UIN أو VID أو AID", + "language": "ar" + }, + { + "name": "UIN, VID, AID", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "मोसिप लोगो" + }, + "title": "OTP के माध्यम से MOSIP क्रेडेंशियल डाउनलोड करें", + "description":"यूआईएन, वीआईडी या एआईडी प्रदान करके क्रेडेंशियल डाउनलोड करें", + "language": "hi" + }, + { + "name": "UIN, VID, AID", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "mosip ಲೋಗೋ" + }, + "title": "OTP ಮೂಲಕ MOSIP ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", + "description": "UIN, VID ಅಥವಾ AID ಒದಗಿಸುವ ಮೂಲಕ ರುಜುವಾತುಗಳನ್ನು ಡೌನ್\u200Cಲೋಡ್ ಮಾಡಿ", + "language": "kn" + }, + { + "name": "UIN, VID, AID", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "mosip சின்னம்" + }, + "title": "OTP வழியாக MOSIP சான்றுகளைப் பதிவிறக்கவும்", + "description":"UIN, VID அல்லது AID ஐ வழங்குவதன் மூலம் நற்சான்றிதழ்களைப் பதிவிறக்கவும்", + "language": "ta" + }, + { + "name": "UIN, VID, AID", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "logo ng mosip" + }, + "title": "I-download ang Mga Kredensyal ng MOSIP sa pamamagitan ng OTP", + "description":"Mag-download ng mga kredensyal sa pamamagitan ng pagbibigay ng UIN, VID o AID", + "language": "fil" + } + ], + "protocol": "OTP", + "enabled": "true" + }, + { + "credential_issuer": "ESignet", + "display": [ + { + "name": "e-Signet", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "mosip-logo" + }, + "title": "Download MOSIP Credentials", + "description": "Download credentials by providing UIN or VID", + "language": "en" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "شعار موسيب" + }, + "title": "قم بتنزيل بيانات اعتماد MOSIP", + "description": "توفير UIN أو VIDقم بتنزيل بيانات الاعتماد عن طريق" , + "language": "ar" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "मोसिप लोगो" + }, + "title": "MOSIP क्रेडेंशियल डाउनलोड करेंं", + "description":"यूआईएन या वीआईडी प्रदान करके क्रेडेंशियल डाउनलोड करें", + "language": "hi" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "mosip ಲೋಗೋ" + }, + "title": "MOSIP ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", + "description": "UIN ಅಥವಾ VID ಒದಗಿಸುವ ಮೂಲಕ ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", + "language": "kn" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "mosip லோகோ" + }, + "title": "MOSIP சான்றுகளைப் பதிவிறக்கவும்", + "description":"UIN அல்லது VIDஐ வழங்குவதன் மூலம் நற்சான்றிதழ்களைப் பதிவிறக்கவும்", + "language": "ta" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://${mosip.api.public.host}/inji/mosip-logo.png", + "alt_text": "logo ng mosip" + }, + "title": "I-download ang Mga Kredensyal ng MOSIP", + "description":"Mag-download ng mga kredensyal sa pamamagitan ng pagbibigay ng UIN o VID", + "language": "fil" + } + ], + "protocol": "OpenId4VCI", + "client_id": "${mimoto.oidc.partner.clientid}", + "client_alias": "mpartner-default-mimotooidc", + "scopes_supported": ["mosip_identity_vc_ldp"], + "additional_headers": { "Accept": "application/json" }, + ".well-known": "https://${mosip.esignet.host}/.well-known/openid-credential-issuer?version=v11", + "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", + "authorization_endpoint": "https://${mosip.esignet.host}/authorize", + "authorization_audience": "https://${mosip.esignet.host}/v1/esignet/oauth/v2/token", + "token_endpoint": "https://${mosip.api.public.host}/residentmobileapp/get-token/ESignet", + "proxy_token_endpoint": "https://${mosip.esignet.host}/v1/esignet/oauth/v2/token", + "credential_endpoint": "https://${mosip.esignet.host}/v1/esignet/vci/credential", + "credential_type": ["VerifiableCredential", "MOSIPVerifiableCredential"], + "credential_audience": "https://${mosip.esignet.host}", + "enabled": "true" + }, + { + "credential_issuer": "Sunbird", + "display": [ + { + "name": "Sunbird RC Insurance Verifiable Credential", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "a square logo of a Sunbird" + }, + "language": "en", + "title": "Download Sunbird Credentials", + "description": "Download credentials with your Policy Number" + }, + { + "name": "بيانات الاعتماد التي يمكن التحقق منها للتأمين Sunbird RC", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "شعار مربع لطائر الشمس" + }, + "language": "ar", + "title": "قم بتنزيل بيانات اعتماد Sunbird", + "description": "قم بتنزيل بيانات الاعتماد باستخدام رقم السياسة الخاص بك" + }, + { + "name": "सनबर्ड आरसी बीमा सत्यापन योग्य क्रेडेंशियल", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "सनबर्ड का एक चौकोर लोगो" + }, + "language": "hi", + "title": "सनबर्ड क्रेडेंशियल्स डाउनलोड करेंं", + "description": "अपने पॉलिसी नंबर के साथ क्रेडेंशियल डाउनलोड करें" + }, + { + "name": "ಸನ್ಬರ್ಡ್ ಆರ್ಸಿ ವಿಮೆ ಪರಿಶೀಲಿಸಬಹುದಾದ ರುಜುವಾತು", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "ಸನ್ ಬರ್ಡ್ ನ ಚೌಕಾಕಾರದ ಲೋಗೋ" + }, + "language": "kn", + "title": "ಸನ್ಬರ್ಡ್ ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", + "description": "ನಿಮ್ಮ ಪಾಲಿಸಿ ಸಂಖ್ಯೆಯೊಂದಿಗೆ ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ" + }, + { + "name": "Sunbird RC இன்சூரன்ஸ் சரிபார்க்கக்கூடிய நற்சான்றிதழ்", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "சூரிய பறவையின் சதுர சின்னம்" + }, + "language": "ta", + "title": "Sunbird சான்றுகளைப் பதிவிறக்கவும்", + "description": "உங்கள் பாலிசி எண்ணுடன் நற்சான்றிதழ்களைப் பதிவிறக்கவும்" + }, + { + "name": "Kredensyal na Nabe-verify ng Sunbird RC Insurance", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "isang parisukat na logo ng isang Sunbird" + }, + "language": "fil", + "title": "I-download ang Mga Kredensyal ng Sunbird", + "description": "Mag-download ng mga kredensyal gamit ang iyong Numero ng Patakaran" + } + ], + "protocol": "OpenId4VCI", + "client_id": "${mimoto.oidc.sunbird.partner.clientid}", + "client_alias": "esignet-sunbird-partner", + "scopes_supported": ["sunbird_rc_insurance_vc_ldp"], + "additional_headers": { "Accept": "application/json" }, + ".well-known": "https://${mosip.esignet.insurance.host}/.well-known/openid-credential-issuer?version=v11", + "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", + "authorization_endpoint": "https://${mosip.esignet.insurance.host}/authorize", + "authorization_audience": "https://${mosip.esignet.insurance.host}/v1/esignet/oauth/v2/token", + "token_endpoint": "https://${mosip.api.public.host}/residentmobileapp/get-token/Sunbird", + "proxy_token_endpoint": "https://${mosip.esignet.insurance.host}/v1/esignet/oauth/v2/token", + "credential_endpoint": "https://${mosip.esignet.insurance.host}/v1/esignet/vci/credential", + "credential_type": ["VerifiableCredential", "InsuranceCredential"], + "credential_audience": "https://${mosip.esignet.insurance.host}", + "enabled": "true" + }, +{ + "credential_issuer": "Sunbird140", + "display": [ + { + "name": "Sunbird 140 RC Insurance Verifiable Credential", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "a square logo of a Sunbird" + }, + "language": "en", + "title": "Download Sunbird 140 Credentials", + "description": "Download credentials with your Policy Number" + }, + { + "name": "بيانات الاعتماد التي يمكن التحقق منها للتأمين Sunbird RC", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "شعار مربع لطائر الشمس" + }, + "language": "ar", + "title": "قم بتنزيل بيانات اعتماد Sunbird", + "description": "قم بتنزيل بيانات الاعتماد باستخدام رقم السياسة الخاص بك" + }, + { + "name": "सनबर्ड आरसी बीमा सत्यापन योग्य क्रेडेंशियल", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "सनबर्ड का एक चौकोर लोगो" + }, + "language": "hi", + "title": "सनबर्ड क्रेडेंशियल्स डाउनलोड करेंं", + "description": "अपने पॉलिसी नंबर के साथ क्रेडेंशियल डाउनलोड करें" + }, + { + "name": "ಸನ್ಬರ್ಡ್ ಆರ್ಸಿ ವಿಮೆ ಪರಿಶೀಲಿಸಬಹುದಾದ ರುಜುವಾತು", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "ಸನ್ ಬರ್ಡ್ ನ ಚೌಕಾಕಾರದ ಲೋಗೋ" + }, + "language": "kn", + "title": "ಸನ್ಬರ್ಡ್ ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", + "description": "ನಿಮ್ಮ ಪಾಲಿಸಿ ಸಂಖ್ಯೆಯೊಂದಿಗೆ ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ" + }, + { + "name": "Sunbird RC இன்சூரன்ஸ் சரிபார்க்கக்கூடிய நற்சான்றிதழ்", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "சூரிய பறவையின் சதுர சின்னம்" + }, + "language": "ta", + "title": "Sunbird சான்றுகளைப் பதிவிறக்கவும்", + "description": "உங்கள் பாலிசி எண்ணுடன் நற்சான்றிதழ்களைப் பதிவிறக்கவும்" + }, + { + "name": "Kredensyal na Nabe-verify ng Sunbird RC Insurance", + "logo": { + "url": "https://sunbird.org/images/sunbird-logo-new.png", + "alt_text": "isang parisukat na logo ng isang Sunbird" + }, + "language": "fil", + "title": "I-download ang Mga Kredensyal ng Sunbird", + "description": "Mag-download ng mga kredensyal gamit ang iyong Numero ng Patakaran" + } + ], + "protocol": "OpenId4VCI", + "client_id": "esignet-sunbird-140-partner", + "client_alias": "esignet-sunbird-140-partner", + "scopes_supported": ["sunbird_rc_insurance_vc_ldp"], + "additional_headers": { "Accept": "application/json" }, + ".well-known": "https://esignet-140.qa-inji.mosip.net/.well-known/openid-credential-issuer?version=v11", + "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", + "authorization_endpoint": "https://esignet-140.qa-inji.mosip.net/authorize", + "authorization_audience": "https://esignet-140.qa-inji.mosip.net/v1/esignet/oauth/v2/token", + "token_endpoint": "https://${mosip.api.public.host}/residentmobileapp/get-token/Sunbird140", + "proxy_token_endpoint": "https://esignet-140.qa-inji.mosip.net/v1/esignet/oauth/v2/token", + "credential_endpoint": "https://esignet-140.qa-inji.mosip.net/v1/esignet/vci/credential", + "credential_type": ["VerifiableCredential", "InsuranceCredential"], + "credential_audience": "https://esignet-140.qa-inji.mosip.net", + "enabled": "false" + } + ] +} diff --git a/misp-policy-schema.json b/misp-policy-schema.json new file mode 100644 index 00000000000..bae8f033c51 --- /dev/null +++ b/misp-policy-schema.json @@ -0,0 +1,27 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "allowAuthRequestDelegation": { + "type": "boolean" + }, + "allowKycRequestDelegation": { + "type": "boolean" + }, + "trustBindedAuthVerificationToken": { + "type": "boolean" + }, + "allowKeyBindingDelegation": { + "type": "boolean" + }, + "allowVciRequestDelegation": { + "type": "boolean" + } + }, + "required": [ + "allowAuthRequestDelegation", + "allowKycRequestDelegation", + "allowKeyBindingDelegation" + ], + "additionalProperties": false + } diff --git a/mock-abis-default.properties b/mock-abis-default.properties new file mode 100644 index 00000000000..d261ac1bbe9 --- /dev/null +++ b/mock-abis-default.properties @@ -0,0 +1,21 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# mosip.regproc.client.secret +spring.cloud.config.name=mock-abis +spring.application.name=mock-abis-service +management.endpoint.health.show-details=always +management.endpoits.web.exposure.include=info,health,refresh +server.port=8081 +abis.return.duplicate=false +#iam adapter +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +mosip.iam.adapter.appid=regproc +mosip.iam.adapter.clientid=mosip-regproc-client +mosip.iam.adapter.clientsecret=${mosip.regproc.client.secret} +mosip.kernel.auth.adapter.ssl-bypass=true +mosip.kernel.auth.appid-realm-map={regproc:'mosip'} +mosip.kernel.auth.appids.realm.map={regproc:'mosip'} +#iam adapter disable local end points +mosip.service.end-points=/**/* +mosip.service.exclude.auth.allowed.method=GET,POST,DELETE diff --git a/mock-identity-system-default.properties b/mock-identity-system-default.properties new file mode 100644 index 00000000000..c0c57a255b7 --- /dev/null +++ b/mock-identity-system-default.properties @@ -0,0 +1,107 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# keycloak.admin.password +# mosip.auth.client.secret (convention: ..secret) +# mosip.ida.client.secret +# mosip.admin.client.secret +# mosip.reg.client.secret +# mosip.prereg.client.secret +# softhsm.kernel.pin +# softhsm-security-pin +# email.smtp.host +# email.smtp.username +# email.smtp.secret +# mosip.kernel.tokenid.uin.salt +# mosip.kernel.tokenid.partnercode.salt +# mosip.api.internal.url +# mosip.api.public.url + +##----------------------------------------- Database properties -------------------------------------------------------- + +mosip.mockidentitysystem.database.hostname=postgres-postgresql.postgres +mosip.mockidentitysystem.database.port=5432 +spring.datasource.url=jdbc:postgresql://${mosip.mockidentitysystem.database.hostname}:${mosip.mockidentitysystem.database.port}/mosip_mockidentitysystem?currentSchema=mockidentitysystem +spring.datasource.username=mockidsystemuser +spring.datasource.password=${db.dbuser.password} + +#------------------------------------ Key-manager specific properties -------------------------------------------------- +#Crypto asymmetric algorithm name +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +#Crypto symmetric algorithm name +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +#Keygenerator asymmetric algorithm name +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +#Keygenerator symmetric algorithm name +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +#Asymmetric algorithm key length +mosip.kernel.keygenerator.asymmetric-key-length=2048 +#Symmetric algorithm key length +mosip.kernel.keygenerator.symmetric-key-length=256 +#Encrypted data and encrypted symmetric key separator +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +#GCM tag length +mosip.kernel.crypto.gcm-tag-length=128 +#Hash algo name +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +#Symmtric key length used in hash +mosip.kernel.crypto.hash-symmetric-key-length=256 +#No of iterations in hash +mosip.kernel.crypto.hash-iteration=100000 +#Sign algo name +mosip.kernel.crypto.sign-algorithm-name=RS256 +#Certificate Sign algo name +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +#mosip.kernel.keymanager.hsm.config-path=local.p12 +#mosip.kernel.keymanager.hsm.keystore-type=PKCS12 +#mosip.kernel.keymanager.hsm.keystore-pass=local + +#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE +mosip.kernel.keymanager.hsm.keystore-type=PKCS11 +# For PKCS11 provide Path of config file. +# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. +# For Offline & JCE property can be left blank, specified value will be ignored. +mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf +# Passkey of keystore for PKCS11, PKCS12 +# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.mock.identity.system.security.pin} + +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io +mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP +mosip.kernel.keymanager.softhsm.certificate.organization=IITB +mosip.kernel.keymanager.softhsm.certificate.country=IN + +# Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS +mosip.kernel.partner.allowed.domains=DEVICE + +mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate +mosip.kernel.keymanager.jwtsign.validate.json=false +mosip.keymanager.dao.enabled=false +crypto.PrependThumbprint.enable=true + +spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect +spring.jpa.show-sql=false +spring.jpa.hibernate.ddl-auto=none +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +mosip.esignet.mock.authenticator.ida.otp-channels=email,phone + +mosip.kernel.keymgr.hsm.health.check.enabled=false +mosip.kernel.keymgr.hsm.health.key.app-id=MOCK_AUTHENTICATION_SERVICE +mosip.kernel.keymgr.hsm.healthkey.ref-id=HEALTH_KEY diff --git a/mock-mv-default.properties b/mock-mv-default.properties new file mode 100644 index 00000000000..d102b6e8420 --- /dev/null +++ b/mock-mv-default.properties @@ -0,0 +1,3 @@ +## Mock Manual Verification Properties +# Based on value of below parameter the packets are passed or rejected. Required values are [APPROVED or REJECTED] +mock.mv.default.decision=APPROVED \ No newline at end of file diff --git a/sandbox/mosip-cbeff.xsd b/mosip-cbeff.xsd similarity index 86% rename from sandbox/mosip-cbeff.xsd rename to mosip-cbeff.xsd index 4f53d61be96..1bede505788 100644 --- a/sandbox/mosip-cbeff.xsd +++ b/mosip-cbeff.xsd @@ -1,33 +1,33 @@ - + - + - - + + + @@ -113,6 +113,7 @@ xmlns="http://standards.iso.org/iso-iec/19785/-3/ed-2/" targetNamespace="http:// + @@ -171,4 +172,20 @@ xmlns="http://standards.iso.org/iso-iec/19785/-3/ed-2/" targetNamespace="http:// - + + + + + + + + + + + + + + \ No newline at end of file diff --git a/mosip-context.json b/mosip-context.json new file mode 100644 index 00000000000..4da43560e8f --- /dev/null +++ b/mosip-context.json @@ -0,0 +1,57 @@ +{ + "@context": [{ + "@version": 1.1 + },"https://www.w3.org/ns/odrl.jsonld", { + "mosip": "https://${mosip.api.public.host}/mosip#", + "schema": "http://schema.org/", + "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#", + "vcVer": "mosip:vcVer", + "UIN": "mosip:UIN", + "addressLine1": { + "@id": "https://${mosip.api.public.host}/mosip#addressLine1", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "addressLine2": { + "@id": "https://${mosip.api.public.host}/mosip#addressLine2", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "addressLine3": { + "@id": "https://${mosip.api.public.host}/mosip#addressLine3", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "city": { + "@id": "https://${mosip.api.public.host}/mosip#city", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "gender": { + "@id": "https://${mosip.api.public.host}/mosip#gender", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "residenceStatus": { + "@id": "https://${mosip.api.public.host}/mosip#residenceStatus", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + + "dateOfBirth": "mosip:dateOfBirth", + "email": "mosip:email", + "fullName": { + + "@id": "https://${mosip.api.public.host}/mosip#fullName", + + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "phone": "mosip:phone", + "postalCode": "mosip:postalCode", + "province": { + + "@id": "https://${mosip.api.public.host}/mosip#province", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "region": { + "@id": "https://${mosip.api.public.host}/mosip#region", + + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "biometrics": "mosip:biometrics" + }] +} diff --git a/mosip-ida-context.json b/mosip-ida-context.json new file mode 100644 index 00000000000..66a61871c43 --- /dev/null +++ b/mosip-ida-context.json @@ -0,0 +1,54 @@ +{ + "@context": [{ + "@version": 1.1 + },"https://www.w3.org/ns/odrl.jsonld", { + "mosip": "https://${mosip.api.public.host}/mosip#", + "schema": "http://schema.org/", + "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#", + "vcVer": "mosip:vcVer", + "UIN": "mosip:UIN", + "VID": "mosip:VID", + "addressLine1": { + "@id": "https://${mosip.api.public.host}/mosip#addressLine1", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "addressLine2": { + "@id": "https://${mosip.api.public.host}/mosip#addressLine2", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "addressLine3": { + "@id": "https://${mosip.api.public.host}/mosip#addressLine3", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "city": { + "@id": "https://${mosip.api.public.host}/mosip#city", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "gender": { + "@id": "https://${mosip.api.public.host}/mosip#gender", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "residenceStatus": { + "@id": "https://${mosip.api.public.host}/mosip#residenceStatus", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + + "dateOfBirth": "mosip:dateOfBirth", + "email": "mosip:email", + "fullName": { + "@id": "https://${mosip.api.public.host}/mosip#fullName", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "phone": "mosip:phone", + "postalCode": "mosip:postalCode", + "province": { + "@id": "https://${mosip.api.public.host}/mosip#province", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "region": { + "@id": "https://${mosip.api.public.host}/mosip#region", + "@context": {"value": "rdf:value", "lang": "@language"} + }, + "face": "mosip:face" + }] +} diff --git a/mosip-vid-policy-schema.json b/mosip-vid-policy-schema.json new file mode 100644 index 00000000000..f34aa0ed573 --- /dev/null +++ b/mosip-vid-policy-schema.json @@ -0,0 +1,61 @@ +{ + "$id": "http://mosip.io/vid_policy_object/1.0/vid_policy_object.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "VID Policy schema", + "description": "MOSIP VID Policy schema", + "type": "object", + "additionalProperties": false, + "properties": { + "vidPolicies": { + "title": "vidPolicies", + "description": "This schema holds all the VID policies configured for a country", + "type": "array", + "additionalItems": false, + "uniqueItems": true, + "items": { + "type": "object", + "required": [ + "vidType", + "vidPolicy" + ], + "additionalProperties": false, + "properties": { + "vidType": { + "type": "string", + "pattern": "^(Perpetual|Temporary)$" + }, + "vidPolicy": { + "$ref": "#/definitions/vidPolicyType" + } + } + } + } + }, + "definitions": { + "vidPolicyType": { + "type": "object", + "properties": { + "validForInMinutes": { + "type": ["integer", "null"] + }, + "transactionsAllowed": { + "type": ["integer", "null"], + "minimum": 1, + "maximum": 1 + }, + "instancesAllowed": { + "type": "integer", + "minimum": 1 + }, + "autoRestoreAllowed": { + "type": "boolean" + }, + "restoreOnAction": { + "type": "string", + "pattern": "^(REVOKE|REGENERATE)$" + } + }, + "additionalProperties": false + } + } +} diff --git a/mosip-vid-policy.json b/mosip-vid-policy.json new file mode 100644 index 00000000000..af3eecc2322 --- /dev/null +++ b/mosip-vid-policy.json @@ -0,0 +1,33 @@ +{ + "vidPolicies": [{ + "vidType": "Perpetual", + "vidPolicy": { + "validForInMinutes": null, + "transactionsAllowed": null, + "instancesAllowed": 2, + "autoRestoreAllowed": true, + "restoreOnAction": "REVOKED" + } + }, + { + "vidType": "Temporary", + "vidPolicy": { + "validForInMinutes": 30, + "transactionsAllowed": 1, + "instancesAllowed": 20, + "autoRestoreAllowed": false, + "restoreOnAction": "REGENERATE" + } + }, + { + "vidType": "OneTimeUse", + "vidPolicy": { + "validForInMinutes": null, + "transactionsAllowed": 1, + "instancesAllowed": 20, + "autoRestoreAllowed": false, + "restoreOnAction": "REVOKED" + } + } + ] +} diff --git a/odrl.jsonld b/odrl.jsonld new file mode 100644 index 00000000000..3ac366acc47 --- /dev/null +++ b/odrl.jsonld @@ -0,0 +1,200 @@ +{ + "@context": { + "odrl": "http://www.w3.org/ns/odrl/2/", + "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#", + "rdfs": "http://www.w3.org/2000/01/rdf-schema#", + "owl": "http://www.w3.org/2002/07/owl#", + "skos": "http://www.w3.org/2004/02/skos/core#", + "dct": "http://purl.org/dc/terms/", + "xsd": "http://www.w3.org/2001/XMLSchema#", + "vcard": "http://www.w3.org/2006/vcard/ns#", + "foaf": "http://xmlns.com/foaf/0.1/", + "schema": "http://schema.org/", + "cc": "http://creativecommons.org/ns#", + + "uid": "@id", + "type": "@type", + + "Policy": "odrl:Policy", + "Rule": "odrl:Rule", + "profile": {"@type": "@id", "@id": "odrl:profile"}, + + "inheritFrom": {"@type": "@id", "@id": "odrl:inheritFrom"}, + + "ConflictTerm": "odrl:ConflictTerm", + "conflict": {"@type": "@vocab", "@id": "odrl:conflict"}, + "perm": "odrl:perm", + "prohibit": "odrl:prohibit", + "invalid": "odrl:invalid", + + "Agreement": "odrl:Agreement", + "Assertion": "odrl:Assertion", + "Offer": "odrl:Offer", + "Privacy": "odrl:Privacy", + "Request": "odrl:Request", + "Set": "odrl:Set", + "Ticket": "odrl:Ticket", + + "Asset": "odrl:Asset", + "AssetCollection": "odrl:AssetCollection", + "relation": {"@type": "@id", "@id": "odrl:relation"}, + "hasPolicy": {"@type": "@id", "@id": "odrl:hasPolicy"}, + + "target": {"@type": "@id", "@id": "odrl:target"}, + "output": {"@type": "@id", "@id": "odrl:output"}, + + "partOf": {"@type": "@id", "@id": "odrl:partOf"}, + "source": {"@type": "@id", "@id": "odrl:source"}, + + "Party": "odrl:Party", + "PartyCollection": "odrl:PartyCollection", + "function": {"@type": "@vocab", "@id": "odrl:function"}, + "PartyScope": "odrl:PartyScope", + + "assignee": {"@type": "@id", "@id": "odrl:assignee"}, + "assigner": {"@type": "@id", "@id": "odrl:assigner"}, + "assigneeOf": {"@type": "@id", "@id": "odrl:assigneeOf"}, + "assignerOf": {"@type": "@id", "@id": "odrl:assignerOf"}, + "attributedParty": {"@type": "@id", "@id": "odrl:attributedParty"}, + "attributingParty": {"@type": "@id", "@id": "odrl:attributingParty"}, + "compensatedParty": {"@type": "@id", "@id": "odrl:compensatedParty"}, + "compensatingParty": {"@type": "@id", "@id": "odrl:compensatingParty"}, + "consentingParty": {"@type": "@id", "@id": "odrl:consentingParty"}, + "consentedParty": {"@type": "@id", "@id": "odrl:consentedParty"}, + "informedParty": {"@type": "@id", "@id": "odrl:informedParty"}, + "informingParty": {"@type": "@id", "@id": "odrl:informingParty"}, + "trackingParty": {"@type": "@id", "@id": "odrl:trackingParty"}, + "trackedParty": {"@type": "@id", "@id": "odrl:trackedParty"}, + "contractingParty": {"@type": "@id", "@id": "odrl:contractingParty"}, + "contractedParty": {"@type": "@id", "@id": "odrl:contractedParty"}, + + "Action": "odrl:Action", + "action": {"@type": "@vocab", "@id": "odrl:action"}, + "includedIn": {"@type": "@id", "@id": "odrl:includedIn"}, + "implies": {"@type": "@id", "@id": "odrl:implies"}, + + "Permission": "odrl:Permission", + "permission": {"@type": "@id", "@id": "odrl:permission"}, + + "Prohibition": "odrl:Prohibition", + "prohibition": {"@type": "@id", "@id": "odrl:prohibition"}, + + "obligation": {"@type": "@id", "@id": "odrl:obligation"}, + + "use": "odrl:use", + "grantUse": "odrl:grantUse", + "aggregate": "odrl:aggregate", + "annotate": "odrl:annotate", + "anonymize": "odrl:anonymize", + "archive": "odrl:archive", + "concurrentUse": "odrl:concurrentUse", + "derive": "odrl:derive", + "digitize": "odrl:digitize", + "display": "odrl:display", + "distribute": "odrl:distribute", + "execute": "odrl:execute", + "extract": "odrl:extract", + "give": "odrl:give", + "index": "odrl:index", + "install": "odrl:install", + "modify": "odrl:modify", + "move": "odrl:move", + "play": "odrl:play", + "present": "odrl:present", + "print": "odrl:print", + "read": "odrl:read", + "reproduce": "odrl:reproduce", + "sell": "odrl:sell", + "stream": "odrl:stream", + "textToSpeech": "odrl:textToSpeech", + "transfer": "odrl:transfer", + "transform": "odrl:transform", + "translate": "odrl:translate", + + "Duty": "odrl:Duty", + "duty": {"@type": "@id", "@id": "odrl:duty"}, + "consequence": {"@type": "@id", "@id": "odrl:consequence"}, + "remedy": {"@type": "@id", "@id": "odrl:remedy"}, + + "acceptTracking": "odrl:acceptTracking", + "attribute": "odrl:attribute", + "compensate": "odrl:compensate", + "delete": "odrl:delete", + "ensureExclusivity": "odrl:ensureExclusivity", + "include": "odrl:include", + "inform": "odrl:inform", + "nextPolicy": "odrl:nextPolicy", + "obtainConsent": "odrl:obtainConsent", + "reviewPolicy": "odrl:reviewPolicy", + "uninstall": "odrl:uninstall", + "watermark": "odrl:watermark", + + "Constraint": "odrl:Constraint", + "LogicalConstraint": "odrl:LogicalConstraint", + "constraint": {"@type": "@id", "@id": "odrl:constraint"}, + "refinement": {"@type": "@id", "@id": "odrl:refinement"}, + "Operator": "odrl:Operator", + "operator": {"@type": "@vocab", "@id": "odrl:operator"}, + "RightOperand": "odrl:RightOperand", + "rightOperand": "odrl:rightOperand", + "rightOperandReference":{"@type": "xsd:anyURI", "@id": "odrl:rightOperandReference"}, + "LeftOperand": "odrl:LeftOperand", + "leftOperand": {"@type": "@vocab", "@id": "odrl:leftOperand"}, + "unit": "odrl:unit", + "dataType": {"@type": "xsd:anyType", "@id": "odrl:datatype"}, + "status": "odrl:status", + + "absolutePosition": "odrl:absolutePosition", + "absoluteSpatialPosition": "odrl:absoluteSpatialPosition", + "absoluteTemporalPosition":"odrl:absoluteTemporalPosition", + "absoluteSize": "odrl:absoluteSize", + "count": "odrl:count", + "dateTime": "odrl:dateTime", + "delayPeriod": "odrl:delayPeriod", + "deliveryChannel": "odrl:deliveryChannel", + "elapsedTime": "odrl:elapsedTime", + "event": "odrl:event", + "fileFormat": "odrl:fileFormat", + "industry": "odrl:industry:", + "language": "odrl:language", + "media": "odrl:media", + "meteredTime": "odrl:meteredTime", + "payAmount": "odrl:payAmount", + "percentage": "odrl:percentage", + "product": "odrl:product", + "purpose": "odrl:purpose", + "recipient": "odrl:recipient", + "relativePosition": "odrl:relativePosition", + "relativeSpatialPosition": "odrl:relativeSpatialPosition", + "relativeTemporalPosition":"odrl:relativeTemporalPosition", + "relativeSize": "odrl:relativeSize", + "resolution": "odrl:resolution", + "spatial": "odrl:spatial", + "spatialCoordinates": "odrl:spatialCoordinates", + "systemDevice": "odrl:systemDevice", + "timeInterval": "odrl:timeInterval", + "unitOfCount": "odrl:unitOfCount", + "version": "odrl:version", + "virtualLocation": "odrl:virtualLocation", + + "eq": "odrl:eq", + "gt": "odrl:gt", + "gteq": "odrl:gteq", + "lt": "odrl:lt", + "lteq": "odrl:lteq", + "neq": "odrl:neg", + "isA": "odrl:isA", + "hasPart": "odrl:hasPart", + "isPartOf": "odrl:isPartOf", + "isAllOf": "odrl:isAllOf", + "isAnyOf": "odrl:isAnyOf", + "isNoneOf": "odrl:isNoneOf", + "or": "odrl:or", + "xone": "odrl:xone", + "and": "odrl:and", + "andSequence": "odrl:andSequence", + + "policyUsage": "odrl:policyUsage" + + } +} \ No newline at end of file diff --git a/opencrvs-default.properties b/opencrvs-default.properties new file mode 100644 index 00000000000..3a3268ca33d --- /dev/null +++ b/opencrvs-default.properties @@ -0,0 +1,99 @@ +# Following properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# keycloak.internal.url + +# Following properties get their values from environment variables of mediator helm chart. +# DO NOT define the following properties in this file. + +# opencrvs.receive.credential.url= +# mosip.receive.credential.url= +# opencrvs.auth.url= +# opencrvs.client.id= +# opencrvs.client.id= +# opencrvs.client.secret.key= +# opencrvs.client.sha.secret= +# mosip.opencrvs.client.id=mosip-opencrvs-client +# mosip.opencrvs.client.secret.key= +# mosip.opencrvs.db.datasource.password= +# mosip.opencrvs.partner.client.id=opencrvs-partner +# mosip.opencrvs.partner.client.sha.secret= +# mosip.opencrvs.partner.username=opencrvs-partner +# mosip.opencrvs.partner.password= + +mediator.core.pool.size=20 +mediator.max.pool.size=200 +mediator.queue.capacity=50 + +opencrvs.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' + +opencrvs.center.id=45451 +opencrvs.machine.id=45452 +opencrvs.appid=opencrvs +opencrvs.appName=OPENCRVS +opencrvs.audit.app.id=${opencrvs.appid} +opencrvs.audit.app.name=${opencrvs.appName} +opencrvs.data.gender.default.lang.code=eng +opencrvs.data.lang.code.mapping=eng:eng|english|en,fra:french|fr|fra|fre +opencrvs.data.dummy.address.line1=[{"language":"eng","value":"1234, block 1, road no1"}] +opencrvs.data.dummy.address.line2=[{"language":"eng","value":"Street 1, place1"}] +opencrvs.data.dummy.address.line3=[{"language":"eng","value":"behind place2"}] +opencrvs.data.dummy.region=[{"language":"eng","value":"Rabat Sale Kenitra"}] +opencrvs.data.dummy.province=[{"language":"eng","value":"Kenitra"}] +opencrvs.data.dummy.city=[{"language":"eng","value":"Kenitra"}] +opencrvs.data.dummy.zone=[{"language":"eng","value":"Ben Mansour"}] +opencrvs.data.dummy.postal.code="14022" +opencrvs.data.dummy.phone="9898989898" + +# The following process.type should the same one present in provider.packetwriter.opencrvs and provider.packetreader.opencrvs, in application-default.properties +opencrvs.birth.process.type=OPENCRVS_NEW + +# Incase the mediator encounters error creating and uploading the packet, it will reproduce the same if this is true. +opencrvs.reproduce.on.error=false +opencrvs.reproduce.on.error.delay.ms=10000 + +mosip.opencrvs.websub.resubscribe=true +mosip.opencrvs.websub.resubscribe.init.delay.ms=20000 +mosip.opencrvs.websub.resubscribe.delay.ms=21600000 + +mosip.opencrvs.decrypt.privkey.path=/certs/mnt/mosip-priv.key +mosip.opencrvs.signverify.pubkey.path=/certs/mnt/opencrvs-pub.key + +kernel.auth.adapter.available=false + +mosip.iam.token_endpoint=${keycloak.internal.url}/auth/realms/mosip/protocol/openid-connect/token +mosip.iam.validate_endpoint=${keycloak.internal.url}/auth/realms/mosip/protocol/openid-connect/userinfo + +config.server.file.storage.uri=http://config-server.config-server/config/*/default/release-1.2.0/ +registration.processor.identityjson=identity-mapping.json + +mosip.registration.processor.registration.sync.id=mosip.registration.sync +mosip.registration.processor.application.version=1.0 + +MIDSCHEMAURL=${mosip.kernel.syncdata-service-idschema-url} +SYNCSERVICE=${mosip.regproc.status.service.url}/registrationprocessor/v1/registrationstatus/sync +PACKETRECEIVER=${mosip.packet.receiver.url}/registrationprocessor/v1/packetreceiver/registrationpackets +RIDGENERATION=http://ridgenerator.kernel/v1/ridgenerator/generate/rid + +IDSchema.Version=0.1 +id.repo.update=mosip.id.update +objectstore.crypto.name=OnlinePacketCryptoServiceImpl + +objectstore.adapter.name=PosixAdapter +object.store.base.location=./packets/mosip-opencrvs/ + +mosip.opencrvs.db.datasource.jdbc-url=jdbc:postgresql://postgres-postgresql.postgres:5432/mosip_opencrvs +mosip.opencrvs.db.datasource.username=opencrvsuser +# mosip.opencrvs.db.datasource.password= +mosip.opencrvs.db.datasource.birth.transaction.table=opencrvs.birth_transactions +mosip.opencrvs.db.datasource.cr.by=system +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +mosip.opencrvs.kafka.bootstrap.server=kafka.kafka:9092 +mosip.opencrvs.kafka.topic=OPENCRVS_BIRTH_RECORDS +mosip.opencrvs.kafka.admin.request.timeout.ms=2000 +mosip.opencrvs.kafka.consumer.group.id=mediatorReceiver +mosip.opencrvs.kafka.consumer.poll.interval.ms=1000 +mosip.opencrvs.kafka.consumer.auto.offset.reset=latest +mosip.opencrvs.kafka.consumer.enable.auto.commit=true +mosip.opencrvs.kafka.consumer.auto.commit.interval.ms=500 diff --git a/packet-manager-default.properties b/packet-manager-default.properties new file mode 100644 index 00000000000..7458c536072 --- /dev/null +++ b/packet-manager-default.properties @@ -0,0 +1,46 @@ +# s3.accesskey +# s3.region +# s3.secretkey + +# Class name of the referenceValidator. Commenting or removing this property will disable reference validator. +mosip.kernel.idobjectvalidator.referenceValidator=io.mosip.kernel.idobjectvalidator.impl.IdObjectReferenceValidator +# The additional fields to be searched apart from demograpgics +packetmanager.additional.fields.search.from.metainfo=officerBiometricFileName,supervisorBiometricFileName + +# Roles +mosip.role.commons-packet.putcreatepacket=REGISTRATION_PROCESSOR +mosip.role.commons-packet.postaddtag=REGISTRATION_PROCESSOR +mosip.role.commons-packet.postaddorupdatetag=REGISTRATION_PROCESSOR +mosip.role.commons-packet.postdeletetag=REGISTRATION_PROCESSOR +mosip.role.commons-packet.postinfo=REGISTRATION_PROCESSOR +mosip.role.commons-packet.postgettags=REGISTRATION_PROCESSOR +mosip.role.commons-packet.postvalidatepacket=REGISTRATION_PROCESSOR +mosip.role.commons-packet.postaudits=REGISTRATION_PROCESSOR +mosip.role.commons-packet.postmetainfo=METADATA_READ +mosip.role.commons-packet.postbiometrics=BIOMETRIC_READ +mosip.role.commons-packet.postdocument=DOCUMENT_READ +mosip.role.commons-packet.postsearchfields=DATA_READ +mosip.role.commons-packet.postsearchfield=DATA_READ +auth.server.admin.allowed.audience=mosip-regproc-client + +# Object store +object.store.s3.accesskey=${s3.accesskey} +object.store.s3.secretkey=${s3.secretkey} +## For Minio: object.store.s3.url=http://minio.minio:9000 +## For AWS: object.store.s3.url=s3.${s3.region}.amazonaws.com +object.store.s3.url=http://minio.minio:9000 +object.store.s3.region=${s3.region} +object.store.s3.readlimit=10000000 + +# IAM adapter +mosip.iam.adapter.appid=regproc +mosip.iam.adapter.clientid=mosip-regproc-client +mosip.iam.adapter.clientsecret=${mosip.regproc.client.secret} +mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip + +##------------------------------------------------------Redis cache properties---------------------------------------------------- +## The following properties will be used only when the redis cache provider jar is available in the loader path of packetmanager service. +redis.cache.hostname=10.20.20.90 +redis.cache.port=6379 +# Time to live for 2hrs +spring.cache.redis.time-to-live=7200000 diff --git a/partner-management-default.properties b/partner-management-default.properties new file mode 100644 index 00000000000..9e4f8cb403d --- /dev/null +++ b/partner-management-default.properties @@ -0,0 +1,330 @@ +## Follow properites have their values assigned via 'overrides' environment variables of config server docker. +## DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +## helm chart: +## db.dbuser.password +## mosip.pms.client.secret +## keycloak.internal.url +## keycloak.admin.password +## mosip.api.public.url + +## Database +## Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +## If database is external to production, provide the DNS or ip of the host and port +mosip.pmp.database.hostname=postgres-postgresql.postgres +mosip.pmp.database.port=5432 +mosip.pmp.database.user=pmsuser +mosip.pmp.database.password=${db.dbuser.password} + +## Auth device +mosip.authdevice.database.hostname=postgres +mosip.authdevice.database.port=80 +mosip.authdevice.database.user=authdeviceuser +mosip.authdevice.database.password=${db.dbuser.password} + +## Reg device +mosip.regdevice.database.hostname=postgres +mosip.regdevice.database.port=80 +mosip.regdevice.database.user=regdeviceuser +mosip.regdevice.database.password=${db.dbuser.password} + +## Hibernate +javax.persistence.jdbc.driverClassName=org.postgresql.Driver +javax.persistence.jdbc.driver=org.postgresql.Driver +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.pmp.database.hostname}:${mosip.pmp.database.port}/mosip_pms +javax.persistence.jdbc.user=${mosip.pmp.database.user} +javax.persistence.jdbc.username=${mosip.pmp.database.user} +javax.persistence.jdbc.password=${mosip.pmp.database.password} +javax.persistence.jdbc.schema = pms +javax.persistence.jdbc.uinHashTable=uin_hash_salt +javax.persistence.jdbc.uinEncryptTable=uin_encrypt_salt + +## Hibernate Auth device +mosip.datasource.authdevice.jdbc.driver=org.postgresql.Driver +mosip.datasource.authdevice.jdbc.url = jdbc:postgresql://${mosip.authdevice.database.hostname}:${mosip.authdevice.database.port}/mosip_authdevice +mosip.datasource.authdevice.jdbc.password = ${mosip.authdevice.database.password} +mosip.datasource.authdevice.jdbc.user = ${mosip.authdevice.database.user} +mosip.datasource.authdevice.jdbc.schema = authdevice +mosip.datasource.authdevice.hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect + +## Hibernate Reg device +mosip.datasource.regdevice.jdbc.driver=org.postgresql.Driver +mosip.datasource.regdevice.jdbc.url = jdbc:postgresql://${mosip.regdevice.database.hostname}:${mosip.regdevice.database.port}/mosip_regdevice +mosip.datasource.regdevice.jdbc.password = ${mosip.regdevice.database.password} +mosip.datasource.regdevice.jdbc.user = ${mosip.regdevice.database.user} +mosip.datasource.regdevice.jdbc.schema = regdevice +mosip.datasource.regdevice.hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect + +hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect +hibernate.jdbc.lob.non_contextual_creation=true +hibernate.hbm2ddl.auto=none +hibernate.show_sql=true +hibernate.format_sql=true +hibernate.connection.charSet=utf8 +hibernate.cache.use_second_level_cache=false +hibernate.cache.use_query_cache=false +hibernate.cache.use_structured_entries=false +hibernate.generate_statistics=false +spring.datasource.initialization-mode=never + +## This property is used by kernel-authcodeflowproxy-api to check request is coming from allowed urls not. +auth.allowed.urls=https://${mosip.pmp.host}/ + +## Application ID of PMP. Used to upload other domain certs +application.id=PARTNER +application.name=partner + +## To configure starting value or initial value of mispId. +## ex: if value = 3 ==> mispId starts from 100 +## if value = 4 ==> mispId starts from 1000 +mosip.kernel.mispid.length = 3 +mosip.kernel.idgenerator.misp.license-key-length = 50 +## To configure the partner types for which extractors are required. It should be "," separated. +pmp.bioextractors.required.partner.types = Credential_Partner,Online_Verification_Partner +mosip.pmp.misp.license.expiry.period.indays = 90 +mosip.pmp.partner.policy.expiry.period.indays = 90 +pmp.policy.expiry.period.indays = 180 +pmp.policy.schema.url= https://schemas.mosip.io/v1/auth-policy + +## To configure what are the allowed policy types. +## If we add any new policy type, corresponding schema also needs to be added. +## format for adding schema configuration for new policy type is as below +## pmp.policyTypeName.policy.schema(all are in lowercase)= schema url +pmp.allowed.policy.types=Auth,DataShare,CredentialIssuance,MISP +pmp.auth.policy.schema = ${mosip.kernel.xsdstorage-uri}auth-policy-schema.json +pmp.datashare.policy.schema=${mosip.kernel.xsdstorage-uri}data-share-policy-schema.json +pmp.credentialissuance.policy.schema=${mosip.kernel.xsdstorage-uri}data-share-policy-schema.json +pmp.misp.policy.schema = ${mosip.kernel.xsdstorage-uri}misp-policy-schema.json + +pmp.misp.valid.email.address.regex=^[\\w-\\+]+(\\.[\\w]+)*@[\\w-]+(\\.[\\w]+)*(\\.[a-z]{2,})$ +pmp.partner.valid.email.address.regex=^[\\w-\\+]+(\\.[\\w]+)*@[\\w-]+(\\.[\\w]+)*(\\.[a-z]{2,})$ +pmp.partner.partnerId.max.length=36 +pmp.partner.mobileNumbe.max.length=16 + +## Time difference between request creation and request processing +masterdata.registerdevice.timestamp.validate=+5 + +## Keymanager +mosip.kernel.sign-url=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign +## Kernel services +mosip.kernel.masterdata.audit-url=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits + +# ApplicationId for partner +mosip.pmp.auth.appId =partner +# Kernel auth client ID for partner management services +mosip.pmp.auth.clientId=mosip-pms-client +# Kernel auth secret key for partner management services +mosip.pmp.auth.secretKey= ${mosip.pms.client.secret} +# Key manager service API's to upload certificates +pms.cert.service.token.request.clientId=${mosip.pmp.auth.clientId} +pms.cert.service.token.request.issuerUrl=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +pmp.ca.certificaticate.upload.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/uploadCACertificate +pmp.partner.certificaticate.upload.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/uploadPartnerCertificate +pmp.partner.certificaticate.get.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getPartnerCertificate/{partnerCertId} +pmp-keymanager.upload.other.domain.cert.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/uploadOtherDomainCertificate + +#Auth token generation +mosip.iam.adapter.clientid=${mosip.pmp.auth.clientId} +mosip.iam.adapter.clientsecret=${mosip.pmp.auth.secretKey} +mosip.iam.adapter.appid=${mosip.pmp.auth.appId} + +# Used to get data share url to publish to websub +pmp.certificaticate.datashare.rest.uri=${mosip.datashare.url}/v1/datashare/create +# Used for generating the datashare url +pms.certs.datashare.policyId=mpolicy-default-cert +pms.certs.datashare.subscriberId=mpartner-default-cert + +## Keycloak +# These configurations are used to create user in keycloak and map to a role. +# Pre-Condition: All partner types should be created as roles in keycloak. + +mosip.iam.realm.operations.base-url = ${keycloak.internal.url}/auth/admin/realms/{realmId} +mosip.iam.admin-url =${keycloak.internal.url}/auth/admin/ +mosip.iam.admin-realm-id =admin +mosip.iam.roles-extn-url =realms/mosip/roles +mosip.iam.users-extn-url = realms/mosip/users +mosip.iam.role-user-mapping-url =/{userId}/role-mappings/realm +mosip.iam.open-id-url =${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/ +mosip.iam.master.realm-id=master +mosip.iam.default.realm-id=mosip +mosip.keycloak.admin.client.id=admin-cli +mosip.keycloak.admin.user.id=admin +mosip.keycloak.admin.secret.key=${keycloak.admin.password} + +## Auth adapter +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken +auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken +auth.server.admin.allowed.audience=mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-regproc-client,mosip-admin-client,mosip-reg-client,mosip-pms-client,mosip-resident-client,mosip-idrepo-client,mosip-deployment-client +auth.jwt.secret=authjwtsecret +auth.jwt.base=Mosip-Token + +mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip +mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +# in minutes +mosip.iam.adapter.validate-expiry-check-rate=15 +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=15 +#this should be false if you don't use this restTemplate true if you do +mosip.iam.adapter.self-token-renewal-enable=true +mosip.auth.filter_disable=false + +#To populate required roles which should be allowed in UI.(Roles are nothing but partner types) +mosip.pms.ui.required.roles=AUTH_PARTNER,DEVICE_PROVIDER,CREDENTIAL_PARTNER,FTM_PROVIDER,MISP_PARTNER,POLICYMANAGER,PARTNER_ADMIN + +# To configure misp partner type +mosip.pms.misp.partner.type=MISP_Partner + +# Role for partner admin = +mosip.pms.partneradmin.role=PARTNER_ADMIN + +## Security +mosip.security.csrf-enable:false +mosip.security.secure-cookie:false + +partner.search.maximum.rows=10 + +## Allowed credential types which partner can map against to policy +pmp.allowed.credential.types=auth,qrcode,euin,reprint,vercred,opencrvs + +## Allowed partner types who can map policies to credential types +policy.credential.type.mapping.allowed.partner.types=Credential_Partner,Online_Verification_Partner,Auth_Partner + +## Allowed kyc attributes. Used to display in UI +policy.allowed.kyc.attributes = {"fullName": "Full Name","middleName": "Middle Name","lastName": "Last Name","dateOfBirth": "DateOfBirth","gender": "Gender","phone": "phone"} +## Used to display in UI +policy.auth.allowed.token.types=random,partner,policy + +# IAM +mosip.iam.module.login_flow.name=authorization_code +mosip.iam.module.clientID=mosip-pms-client +mosip.iam.module.clientsecret=${mosip.pms.client.secret} +mosip.iam.module.redirecturi=${mosip.api.internal.url}/v1/partnermanager/login-redirect/ +mosip.iam.module.login_flow.scope=email +mosip.iam.module.login_flow.response_type=code +mosip.iam.authorization_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/auth +mosip.iam.module.admin_realm_id=mosip +mosip.pms.filtervalue.max_columns =100 +mosip.iam.token_endpoint=${keycloak.internal.url}/auth/realms/mosip/protocol/openid-connect/token +mosip.iam.certs_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs + +## Unused properties. TODO: delete them once they are removed from code +pmp.policy.allowed.authtokens.types=random,partner,policy +mosip.kernel.device.search-url=${mosip.kernel.masterdata.url}/v1/masterdata/devices/search +token.request.appid=admin +token.request.password=mosip +token.request.username=110005 +token.request.version=string +token.request.id=v1 +token.request.issuerUrl=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +token.request.clientId=admin +PASSWORDBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/useridPwd +application.env.local=false + +# Notifications +emailResourse.url=${mosip.kernel.notification.url}/v1/notifier/email/send +resource.template.url=${mosip.kernel.masterdata.url}/v1/masterdata/templates/{langcode}/{templatetypecode} +notifications.sent.before.days = 3 +partner.registration.sub-template = partner-reg-sub-template +partner.reg.content-template=partner-reg-content-template +partner.status.sub-template=partner-status-sub-template +partner.status.content-template=partner-status-content-template +partner.apikey.status.sub-template=partner-apikey-status-sub-template +apikey.status.content-template=apikey-status-content-template +pms.notifications-schedule.init-delay = 24 +pms.notifications-schedule.fixed-rate=24 + +partner.register.as.user.in.iam.enable=false + +## Roles +mosip.role.pms.postpoliciesgroupnew=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.putpoliciesgrouppolicygroupid=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.postpolicies=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.postpoliciespolicyidgrouppublish=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.putpoliciespolicyid=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.patchpoliciespolicyidgrouppolicygroupid=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.getpolicies=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.getpoliciespolicyid=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.getpoliciesapikey=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.getpoliciespolicyidpartnerpartnerid=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.getpoliciesgrouppolicygroupid=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.getpoliciesgroupall=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.postpoliciesgroupsearch=PARTNER_ADMIN,AUTH_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.postpoliciessearch=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.getpoliciesconfigkey=PARTNER_ADMIN,POLICYMANAGER +mosip.role.pms.postpoliciesgroupfiltervalues=PARTNER_ADMIN,PARTNER,AUTH_PARTNER,CREDENTIAL_PARTNER,POLICYMANAGER,PARTNER +mosip.role.pms.postpoliciesfiltervalues=PARTNER_ADMIN,PARTNER,AUTH_PARTNER,CREDENTIAL_PARTNER,POLICYMANAGER,PARTNER +mosip.role.pms.getactivegroupgroupname=AUTH_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER,ABIS_PARTNER,MANUAL_ADJUDICATION,POLICYMANAGER +mosip.role.pms.postdevicedetail=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.putdevicedetail=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.patchdevicedetail=PARTNER_ADMIN +mosip.role.pms.postdevicedetailsearch=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.postdevicedetaildevicetypesearch=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.postdevicedetailfiltervalues=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.postdevicedetaildevicetypefiltervalues=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.postdevicedetaildevicesubtypefiltervalues=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.postftpchipdetail=PARTNER_ADMIN,FTM_PROVIDER +mosip.role.pms.putftpchipdetail=PARTNER_ADMIN,FTM_PROVIDER +mosip.role.pms.patchftpchipdetail=PARTNER_ADMIN +mosip.role.pms.postftpchipdetailuploadcertificate=PARTNER_ADMIN,FTM_PROVIDER +mosip.role.pms.getftpchipdetailgetpartnercertificate=PARTNER_ADMIN,FTM_PROVIDER +mosip.role.pms.postftpchipdetailsearch=PARTNER_ADMIN,FTM_PROVIDER +mosip.role.pms.postsecurebiometricinterface=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.putsecurebiometricinterface=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.patchsecurebiometricinterface=PARTNER_ADMIN +mosip.role.pms.postsecurebiometricinterfacesearch=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.putsecurebiometricinterfacedevicedetailsmap=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.putsecurebiometricinterfacedevicedetailsmapremove=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.postsecurebiometricinterfacedevicedetailsmapsearch=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.postsecurebiometricinterfacefiltervalues=PARTNER_ADMIN,DEVICE_PROVIDER,FTM_PROVIDER +mosip.role.pms.postpartnersbioextractors=PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,CREDENTIAL_ISSUANCE,CREATE_SHARE,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.getpartnersbioextractors=PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,CREDENTIAL_ISSUANCE,CREATE_SHARE,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnerscredentialtypepolicies=PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,CREDENTIAL_ISSUANCE,CREATE_SHARE,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.getpartnerscredentialtypepolicies=PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,CREDENTIAL_ISSUANCE,CREATE_SHARE,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnerscontactadd=PARTNER,AUTH_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,ABIS_PARTNER,MANUAL_ADJUDICATION,MISP_PARTNER +mosip.role.pms.putpartners=PARTNER,AUTH_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,ABIS_PARTNER,MANUAL_ADJUDICATION,MISP_PARTNER +mosip.role.pms.putpartnersnew=PARTNER,AUTH_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,ABIS_PARTNER,MANUAL_ADJUDICATION,MISP_PARTNER +mosip.role.pms.getpartnerspartnerid=PARTNER,AUTH_PARTNER,CREDENTIAL_PARTNER,RESIDENT,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,ABIS_PARTNER,SDK_PARTNER,MANUAL_ADJUDICATION,MISP_PARTNER +mosip.role.pms.getpartnersapikeyrequest=PARTNER,AUTH_PARTNER,ABIS_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnerscacertificateupload=PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.postpartnerscertificateupload=PARTNER,PMS_USER,AUTH_PARTNER,ABIS_PARTNER,SDK_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,CREDENTIAL_PARTNER,CREDENTIAL_ISSUANCE,ID_AUTHENTICATION,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.getpartnerscertificate=PARTNER,PMS_USER,AUTH_PARTNER,ABIS_PARTNER,SDK_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,CREDENTIAL_PARTNER,CREDENTIAL_ISSUANCE,CREATE_SHARE,ID_AUTHENTICATION,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnerssearch=PARTNER,PMS_USER,AUTH_PARTNER,ABIS_PARTNER,SDK_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,PARTNER_ADMIN,CREDENTIAL_PARTNER,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnerspartnertypesearch=PARTNER,PMS_USER,AUTH_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,PARTNER_ADMIN,CREDENTIAL_PARTNER,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnersfiltervalues=PARTNER,PMS_USER,AUTH_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnersapikeyrequestfiltervalues=PARTNER,PARTNER_ADMIN,AUTH_PARTNER,CREDENTIAL_PARTNER,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnersapikeyrequestsearch=PARTNER,PMS_USER,AUTH_PARTNER,ABIS_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnersapikeysearch=PARTNER,PMS_USER,AUTH_PARTNER,ABIS_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.putpartnerspolicygroup=PARTNER,PMS_USER,AUTH_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postpartnerspolicymap=AUTH_PARTNER,ABIS_PARTNER,CREDENTIAL_PARTNER,CREDENTIAL_ISSUANCE,ONLINE_VERIFICATION_PARTNER,PARTNER_ADMIN +mosip.role.pms.patchpartnersgenerateapikey=AUTH_PARTNER,ABIS_PARTNER,CREDENTIAL_PARTNER,CREDENTIAL_ISSUANCE,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.putpartnersapikeypolicies=PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.patchpartners=PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.getpartners=PARTNERMANAGER,PARTNER_ADMIN,partnermanager,ID_AUTHENTICATION,REGISTRATION_PROCESSOR,RESIDENT,CREDENTIAL_ISSUANCE,ID_REPOSITORY +mosip.role.pms.getpartnersnew=PARTNERMANAGER,PARTNER_ADMIN,partnermanager,ID_AUTHENTICATION,REGISTRATION_PROCESSOR,RESIDENT,CREDENTIAL_ISSUANCE,ID_REPOSITORY +mosip.role.pms.getpartnersapikey=PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.putpartnerspolicymapping=PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.patchpartnerspolicyapikeystatus=PARTNERMANAGER,PARTNER_ADMIN,AUTH_PARTNER,CREDENTIAL_PARTNER,CREDENTIAL_ISSUANCE,ONLINE_VERIFICATION_PARTNER +mosip.role.pms.postmisplicense=MISP_PARTNER,MISP,PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.putmisplicense=MISP_PARTNER,MISP,PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.getmisplicense=MISP_PARTNER,MISP,PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.getmisplicensekey=PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.postmispfiltervalues=MISP_PARTNER,MISP,PARTNERMANAGER,PARTNER_ADMIN +mosip.role.pms.postmispsearch=MISP_PARTNER,MISP,PARTNERMANAGER,PARTNER_ADMIN + +# query param usd to refer url to redirect after logout +mosip.iam.post-logout-uri-param-key=post_logout_redirect_uri +# end session endpoint in OIDC +mosip.iam.end-session-endpoint-path=/protocol/openid-connect/logout +# Esignet claims mapping file url +mosip.pms.esignet.claims-mapping-file-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/identity-mapping.json +# Esignet amr-acr mapping file url +mosip.pms.esignet.amr-acr-mapping-file-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/amr-acr-mapping.json +## Esignet Service apis for create and update +mosip.pms.esignet.oidc-client-create-url=${mosip.esignet.service.url}/v1/esignet/client-mgmt/oidc-client +mosip.pms.esignet.oidc-client-update-url=${mosip.esignet.service.url}/v1/esignet/client-mgmt/oidc-client + +#Esignet OAuth Client apis for create and update +mosip.pms.esignet.oauth-client-create-url=${mosip.esignet.service.url}/v1/esignet/client-mgmt/oauth-client +mosip.pms.esignet.oauth-client-update-url=${mosip.esignet.service.url}/v1/esignet/client-mgmt/oauth-client + +## IDP Service api to fetch OIDC Client configuration +mosip.pms.esignet.config-url=${mosip.esignet.service.url}/v1/esignet/oidc/.well-known/openid-configuration diff --git a/pms-migration-utility-default.properties b/pms-migration-utility-default.properties new file mode 100644 index 00000000000..5b4c199932f --- /dev/null +++ b/pms-migration-utility-default.properties @@ -0,0 +1,90 @@ +## Follow properites have their values assigned via 'overrides' environment variables of config server docker. +## DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +## helm chart: +## keycloak.external.url +## db.dbuser.password +## mosip.pms.client.secret +## keycloak.internal.url +## keycloak.admin.password +## mosip.api.public.url +##mosip.api.internal.host + +mosip.api.internal.url=https://${mosip.api.internal.host} +mosip.kernel.keymanager.url=http://keymanager.keymanager +mosip.datashare.url=http://datashare.datashare +mosip.kernel.authmanager.url=http://authmanager.kernel + +spring.main.allow-circular-references=true +service.token.request.clientId=mosip-pms-client +service.token.request.issuerUrl=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey + +## allowed values for mosip.pms.utility.run.mode are 'upgrade' for migration and 'cronjob' for running it as cronjob. +mosip.pms.utility.run.mode=upgrade + +mosip.pms.allowed.partner.types=Online_Verification_Partner,Auth_Partner,Device_Provider,MISP_Partner,FTM_Partner + +mosip.pms.appId=partner +mosip.pms.clientId=mosip-pms-client +mosip.pms.secretKey=${mosip.pms.client.secret} + +#Auth token generation +mosip.iam.adapter.clientid=${mosip.pms.clientId} +mosip.iam.adapter.clientsecret=${mosip.pms.secretKey} +mosip.iam.adapter.appid=${mosip.pms.appId} + +pmp.certificate.get.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getCertificate +pmp.partner.certificate.get.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getPartnerCertificate/{partnerCertId} + +## Database +## Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +## If database is external to production, provide the DNS or ip of the host and port +mosip.pmp.database.hostname=postgres-postgresql.postgres +mosip.pmp.database.port=5432 +mosip.pmp.database.user=pmsuser +mosip.pmp.database.password=${db.dbuser.password} + +## Hibernate +javax.persistence.jdbc.driverClassName=org.postgresql.Driver +javax.persistence.jdbc.driver=org.postgresql.Driver +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.pmp.database.hostname}:${mosip.pmp.database.port}/mosip_pms +javax.persistence.jdbc.user=${mosip.pmp.database.user} +javax.persistence.jdbc.username=${mosip.pmp.database.user} +javax.persistence.jdbc.password=${mosip.pmp.database.password} +javax.persistence.jdbc.schema = pms +javax.persistence.jdbc.uinHashTable=uin_hash_salt +javax.persistence.jdbc.uinEncryptTable=uin_encrypt_salt + + +hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect +hibernate.jdbc.lob.non_contextual_creation=true +hibernate.hbm2ddl.auto=none +hibernate.show_sql=false +hibernate.format_sql=false +hibernate.connection.charSet=utf8 +hibernate.cache.use_second_level_cache=false +hibernate.cache.use_query_cache=false +hibernate.cache.use_structured_entries=false +hibernate.generate_statistics=false +spring.datasource.initialization-mode=never + +# websub related properties +mosip.websub.url=http://websub.websub +websub.publish.url=${mosip.websub.url}/hub/ +mosip.auth.filter_disable=false + +# Used for generating the datashare url +pms.certs.datashare.policyId=mpolicy-default-cert +pms.certs.datashare.subscriberId=mpartner-default-cert + +# Used to get data share url to publish to websub +pmp.certificaticate.datashare.rest.uri=${mosip.datashare.url}/v1/datashare/create + +mosip.kernel.auth.appids.realm.map={prereg:'preregistration',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip'} + +## Auth adapter +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken +auth.server.admin.allowed.audience=mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-regproc-client,mosip-admin-client,mosip-reg-client,mosip-pms-client,mosip-resident-client,mosip-idrepo-client,mosip-partner-client,mosip-deployment-client +auth.jwt.secret=authjwtsecret +auth.jwt.base=Mosip-Token diff --git a/pre-registration-default.properties b/pre-registration-default.properties new file mode 100644 index 00000000000..347f92e848a --- /dev/null +++ b/pre-registration-default.properties @@ -0,0 +1,486 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# mosip.prereg.client.secret +# prereg.captcha.site.key +# prereg.captcha.secret.key +# keycloak.internal.host +# keycloak.internal.url +# s3.accesskey +# s3.region +# s3.secretkey + +## Database properties +# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +# If database is external to production, provide the DNS or ip of the host and port +javax.persistence.jdbc.driver=org.postgresql.Driver +mosip.database.ip=postgres-postgresql.postgres +mosip.database.port=5432 +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.database.ip}:${mosip.database.port}/mosip_prereg?useSSL=false +javax.persistence.jdbc.user=prereguser +javax.persistence.jdbc.password=${db.dbuser.password} + +## Hibernate +hibernate.hbm2ddl.auto=none +hibernate.show_sql=false +hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect +hibernate.jdbc.lob.non_contextual_creation=true + +logging.level.com.zaxxer.hikari=INFO + +## Project Version for the API response +version=1.0 + +## Age to be an adult +## Used in UI to identify the applicant type +mosip.adult.age=${mosip.kernel.applicant.type.age.limit} + +## ID Schema +## This version is set in the ID object created in pre-registration +mosip.idschema.version=0.1 + +mosip.prereg.application.url=http://prereg-application.prereg + +## Demographic Service +demographic.service.version=v1 +demographic.service.env=${mosip.prereg.application.url} +demographic.service.contextpath=preregistration/${demographic.service.version} +demographic.resource.url=${demographic.service.env}/${demographic.service.contextpath} +# ID values for application APIs +mosip.preregistration.demographic.create.id=mosip.pre-registration.demographic.create +mosip.preregistration.demographic.update.id=mosip.pre-registration.demographic.update +mosip.preregistration.demographic.update.status.id=mosip.pre-registration.demographic.status.update +mosip.preregistration.demographic.retrieve.basic.id=mosip.pre-registration.demographic.retrieve.basic +mosip.preregistration.demographic.retrieve.details.id=mosip.pre-registration.demographic.retrieve.details +mosip.preregistration.demographic.retrieve.status.id=mosip.pre-registration.demographic.retrieve.status +mosip.preregistration.demographic.retrieve.date.id=mosip.pre-registration.demographic.retrieve.date +mosip.preregistration.demographic.delete.id=mosip.pre-registration.demographic.delete + +mosip.preregistration.demographic.id.create=mosip.pre-registration.demographic.create +mosip.preregistration.demographic.id.update=mosip.pre-registration.demographic.update +mosip.preregistration.demographic.id.retrieve.date=mosip.pre-registration.demographic.retrieve.date +mosip.id.preregistration.demographic.create=mosip.pre-registration.demographic.create +mosip.id.preregistration.demographic.update=mosip.pre-registration.demographic.update +mosip.id.preregistration.demographic.retrieve.date=mosip.pre-registration.demographic.retrieve.date + +## Document Service +document.service.version=v1 +document.service.env=${mosip.prereg.application.url} +document.service.contextpath=preregistration/${document.service.version} +document.resource.url=${document.service.env}/${document.service.contextpath} + +## ID values for document APIs +mosip.preregistration.document.upload.id=mosip.pre-registration.document.upload +mosip.preregistration.document.copy.id=mosip.pre-registration.document.copy +mosip.preregistration.document.fetch.metadata.id=mosip.pre-registration.document.fetch.metadata +mosip.preregistration.document.fetch.content.id=mosip.pre-registration.document.fetch.content +mosip.preregistration.document.delete.id=mosip.pre-registration.document.delete +mosip.preregistration.document.delete.specific.id=mosip.pre-registration.document.delete.specific +mosip.preregistration.document.id.upload=mosip.pre-registration.document.upload +mosip.preregistration.document.update.docrefId.id=mosip.preregistration.docrefId.update + +## Document properties +# Maximum size of file allowed uploaded in document service API (in mb) +max.file.size=2 + +# Allowed formats for documents +preregistration.document.extention=PDF,JPEG,PNG,JPG + +## Virus scanner +## 'true/false' to enable/disable virus scaning during document upload +mosip.preregistration.document.scan=true + +## To store documents +mosip.kernel.objectstore.account-name=prereg + +## Booking Service +booking.service.version=v1 + +mosip.prereg.booking.url=http://prereg-booking.prereg +booking.service.env=${mosip.prereg.booking.url} +booking.service.contextpath=preregistration/${booking.service.version} +booking.resource.url=${booking.service.env}/${booking.service.contextpath} +appointmentResourse.url=${booking.resource.url} +mosip.preregistration.booking.availability.sync.id=mosip.pre-registration.appointment.availability.sync +mosip.preregistration.booking.book.id=mosip.pre-registration.booking.book +mosip.preregistration.booking.fetch.booking.id=mosip.pre-registration.appointment.fetch +mosip.preregistration.booking.cancel.id=mosip.pre-registration.appointment.cancel +mosip.preregistration.booking.delete.id=mosip.preregistration.booking.delete +mosip.preregistration.booking.fetch.availability.id=mosip.pre-registration.appointment.availability +mosip.preregistration.booking.fetchPreidByDate.id=mosip.pre-registration.appointment.ids +mosip.preregistration.booking.availability.increase.id=mosip.preregistration.booking.availability.increase +mosip.preregistration.booking.availability.check.id=mosip.preregistration.booking.availability.check +mosip.preregistration.booking.delete.old.id=mosip.preregistration.booking.delete.old +mosip.preregistration.booking.exception.id=mosip.preregistration.booking.parse.exception +mosip.preregistration.booking.id.book=mosip.pre-registration.booking.book + +# Sync +mosip.preregistration.sync.sign.appid=KERNEL +mosip.preregistration.sync.sign.refid=SIGN + +## Booking +## Sync every n days +preregistration.availability.sync=30 +## Number of days for which booking slots will be available. Should be lesser than or equal to preregistration.availability.sync days. +preregistration.availability.noOfDays=140 +## Gap between the date of booking and the first appointment date to be shown +## Ex: If a user has logged in pre-reg application today then, he can select booking slots after n days +preregistration.booking.offset=2 +## Number of hours from the appointment time before which an appicant can change/re-book the appointment +preregistration.timespan.rebook=0 +## Number of hours before the appointment time before which an applicant can cancel an appointment +preregistration.timespan.cancel=0 + +## Time Zone +# Not used anymore. +# preregistration.country.specific.zoneId=GMT+05:30 + +## Batch job service +batch.service.version=v1 +batch.service.env=http://prereg-batchjob.prereg +batch.service.contextpath=preregistration/${batch.service.version}/batch +batch.resource.url=${batch.service.env}/${batch.service.contextpath} +## Id values of batch job service +mosip.preregistration.batchjob.service.consumed.id=mosip.pre-registration.batchjob.service.consumed +mosip.preregistration.batchjob.service.expired.id=mosip.pre-registration.batchjob.service.expired + +# Batch Job Service used to fetch token from key cloak +mosip.batch.token.authmanager.appId=prereg +mosip.batch.token.authmanager.userName=mosip-prereg-client +mosip.batch.token.authmanager.password=${mosip.prereg.client.secret} +mosip.batch.token.authmanager.url=${kernel.auth.env}/${masterdata.service.version}/${kernel.auth.contextpath}/authenticate/clientidsecretkey +mosip.batch.token.request.id= + +## Determines the Time of the day, batch job should be intiated +preregistration.job.schedule.cron.consumedStatusJob=0 0 0 * * ? +preregistration.job.schedule.cron.slotavailability=0 0 0 * * ? +preregistration.job.schedule.cron.expiredStatusJob=0 0 0 * * ? +preregistration.job.schedule.cron.updateApplicationsBookingJob=0 0 * ? * * +preregistration.job.schedule.cron.purgeExpiredRegCenterSlots=0 0 0 * * ? + +# Map to decide code for days of the week. Used by BatchJob +mosip.kernel.masterdata.day.codes.map={SUNDAY:'101', MONDAY:'102', TUESDAY:'103', WEDNESDAY:'104', THURSDAY:'105', FRIDAY:'106', SATURDAY:'107'} + +## Schema name for batch job table +spring.batch.tablePrefix=PREREG.BATCH_ +## Booking service URL for creating time slots +bookingAvailablity.url=${booking.resource.url}/appointment/availability/sync +##BatchJob-service URL for updating the consumed status +updateConsumedStatus.url=${batch.resource.url}/consumedStatus +#BatchJob-service URL for updating to expiredStatus +expiredStatus.url=${batch.resource.url}/expiredStatus +batch.appointment.cancel=${mosip.prereg.application.url}/preregistration/v1/internal/applications/appointment/{preRegistrationId} + +## Login service +mosip.pre.reg.clientId=mosip.pre.reg.clientId +id-masterdata-template-service-multilang.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/templates/{langcode}/{templatetypecode} + +## Masterdata service +## Base url is only used for masterdata. We give the in-cluster url here +mosip.base.url=${mosip.kernel.masterdata.url} +masterdata.service.version=v1 +masterdata.service.env=${mosip.kernel.masterdata.url} +masterdata.service.contextpath=masterdata +masterdata.resource.url=${masterdata.service.env}/${masterdata.service.version}/${masterdata.service.contextpath} +regCenter.url=${masterdata.resource.url}/registrationcenters +holiday.url=${masterdata.resource.url}/getregistrationcenterholidays/ +holiday.exceptional.url=${masterdata.resource.url}/exceptionalholidays/ +working.day.url=${masterdata.resource.url}/workingdays/ +mosip.kernel.masterdata.validdoc.rest.uri=${masterdata.resource.url}/validdocuments/all?pageSize=50 +##Kernel Service URL for fetching templates +resource.template.url=${masterdata.resource.url}/templates +mosip.pre-registration.notification.id=mosip.pre-registration.notification.notify + +## Notification templates for various scenarios +email.acknowledgement.template=Email-Acknowledgement +email.acknowledgement.subject.template=Acknowledgement-email-subject +sms.acknowledgement.template=SMS-Acknowledgement +cancel.appoinment.template=cancel-appointment +cancel.appointment.email.subject=cancel-appointment-email-subject + +## Notification service +notification.service.version=v1 +notification.service.env=${mosip.prereg.application.url} +notification.service.contextpath=preregistration/${notification.service.version} +#notification.url=${notification.service.env}/${notification.service.version}/${notification.service.contextpath}/notification +notification.url=${notification.service.env}/${notification.service.contextpath}/internal/notification +mosip.pre-registration.notification.id.send=mosip.pre-registration.notification.notify +# TimeZone to get an Email or SMS Templates +# timeZone=Asia/Calcutta + +## Email service +email.service.env=${mosip.kernel.notification.url} +email.service.contextpath=notifier +#Kernel Service URL for Sending Emails +emailResourse.url=${email.service.env}/${masterdata.service.version}/${email.service.contextpath}/email/send + +## SMS service +sms.service.env=${mosip.kernel.notification.url} +sms.service.contextpath=notifier +#Kernel service URL for sending SMS +smsResourse.url=${sms.service.env}/${masterdata.service.version}/${sms.service.contextpath}/sms/send + +## Audit service +audit.service.env=${mosip.kernel.auditmanager.url} +audit.service.contextpath=auditmanager +audit.url=${audit.service.env}/${masterdata.service.version}/${audit.service.contextpath}/audits + +## Crypto service +crypto.service.env=${mosip.kernel.keymanager.url} +crypto.service.contextpath=keymanager +## Kernel Service URL for Encryption and decryption +cryptoResource.url=${crypto.service.env}/${masterdata.service.version}/${crypto.service.contextpath} +preregistration.crypto.applicationId=PRE_REGISTRATION +preregistration.crypto.referenceId=INDIVIDUAL +preregistration.crypto.PrependThumbprint=false + +## KeyCloak +## Both below fields must match with what is there on Keycloak properties +clientId=mosip-prereg-client +secretKey=${mosip.prereg.client.secret} + +## Used for Key Creating KeyCloak session +userIdType=USERID +appId=prereg + +## Auth service +kernel.auth.env=${mosip.kernel.auditmanager.url} +kernel.auth.contextpath=authmanager +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken +auth.server.admin.allowed.audience=mosip-regproc-client,mosip-prereg-client,mosip-admin-client,mosip-reg-client + +## PRID service +kernel.prid.env=${mosip.kernel.pridgenerator.url} +kernel.prid.contextpath=pridgenerator +mosip.io.prid.url=${kernel.prid.env}/${masterdata.service.version}/${kernel.prid.contextpath}/prid + +## Syncdata service +latestidschema.service.contextpath=latestidschema +mosip.preregistration.id-schema=${mosip.kernel.syncdata.url}/v1/syncdata/latestidschema +syncdata.resource.url=${mosip.kernel.syncdata.url}/v1/syncdata + +## OTP +sendOtp.resource.url=${kernel.auth.env}/${masterdata.service.version}/${kernel.auth.contextpath} +otpChannel.mobile=phone +otpChannel.email=email +secret_url.id=string +secret_url.requesttime=2018-12-10T06:12:52.994Z +secret_url.version=string +otp.request.flooding.duration=1 +otp.request.flooding.max-count=3 +datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSSXXX +mail-notification.rest.uri=${mosip.kernel.notification.url}/v1/notifier/email/send +sms-notification.rest.uri=${mosip.kernel.notification.url}/v1/notifier/sms/send +otp-generate.rest.uri=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/generate +pre.reg.login.otp.sms.template=otp-sms-template +pre.reg.login.otp.mail.subject.template=OTP-email-subject-template +pre.reg.login.otp.mail.content.template=OTP-email-content-template +pre.reg.login.otp.validation-attempt-threshold=10 + +## Login service +mosip.preregistration.login.service.version=1.0 +mosip.preregistration.sendotp.id=mosip.pre-registration.login.sendotp +mosip.preregistration.validateotp.id=mosip.pre-registration.login.useridotp +mosip.id.preregistration.sendotp=mosip.pre-registration.login.sendotp +mosip.id.preregistration.validateotp=mosip.pre-registration.login.useridotp +mosip.preregistration.invalidatetoken.id=mosip.pre-registration.login.invalidate +mosip.preregistration.config.id=mosip.pre-registration.login.config +mosip.preregistration.login.id.sendotp=mosip.pre-registration.login.sendotp +mosip.preregistration.login.id.validateotp=mosip.pre-registration.login.useridotp +mosip.preregistration.login.id.invalidatetoken=mosip.pre-registration.login.invalidate +mosip.preregistration.login.id.config=mosip.pre-registration.login.config + +iam.base.url=${keycloak.internal.url} +auth-token-generator.rest.issuerUrl=${iam.base.url}/auth/realms/mosip +validationStatus=success +context=auth-otp +prereg.auth.jwt.secret=Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E= +prereg.auth.jwt.token.expiration=3600 +prereg.auth.jwt.token.roles=INDIVIDUAL + +## ID object validation +mosip.kernel.idobjectvalidator.masterdata.documentcategories.lang.rest.uri=${masterdata.resource.url}/documentcategories/{langcode} +mosip.kernel.idobjectvalidator.masterdata.languages.rest.uri=${masterdata.resource.url}/languages +#mosip.kernel.idobjectvalidator.masterdata.gendertypes.rest.uri=${masterdata.resource.url}/gendertypes +mosip.kernel.idobjectvalidator.masterdata.documentcategories.rest.uri=${masterdata.resource.url}/documentcategories +mosip.kernel.idobjectvalidator.masterdata.documenttypes.rest.uri=${masterdata.resource.url}/documenttypes/{documentcategorycode}/{langcode} +mosip.kernel.idobjectvalidator.masterdata.locations.rest.uri=${masterdata.resource.url}/locations/{langcode} +mosip.kernel.idobjectvalidator.masterdata.locationhierarchy.rest.uri=${masterdata.resource.url}/locations/locationhierarchy/{hierarchyname} +## Class name of the referenceValidator. Commenting or removing this property will disable reference validator. +mosip.kernel.idobjectvalidator.referenceValidator=io.mosip.kernel.idobjectvalidator.impl.IdObjectReferenceValidator + +## Configurations file names +global.config.file=application-${spring.profiles.active}.properties +pre.reg.config.file=pre-registration-${spring.profiles.active}.properties +## Mapping file for Pre-registration & ID Object +preregistration.config.identityjson=identity-mapping.json + +# Verify where it is used +preregistration.response = response +preregistration.identity.name=fullName +preregistration.demographicDetails=demographicDetails +preregistration.identity.email=email +preregistration.identity.phone=phone +preregistration.identity=identity + +## QR code service +mosip.pre-registration.qrcode.generate.id=mosip.pre-registration.qrcode.generate +mosip.pre-registration.qrcode.service.version=1.0 +qrversion=V1 +mosip.pre-registration.qrcode.id.generate=mosip.pre-registration.qrcode.generate +mosip.id.pre-registration.qrcode.generate=mosip.pre-registration.qrcode.generate + +## Data sync with registration client +mosip.id.preregistration.datasync.fetch.ids=mosip.pre-registration.datasync.fetch.ids +## id for storing consumed pre-registration ids API +mosip.id.preregistration.datasync.store=mosip.pre-registration.datasync.store +## id for get preregistration id API +mosip.id.preregistration.datasync.fetch=mosip.pre-registration.datasync.fetch + +## Verify +poa.url=proofOfAddress +poi.url=proofOfIdentity +pod.url=proofOfDateOfBirth +por.url=proofOfRelationship + +## Transliteration service +## Determines request & response id of transliteration-service +mosip.pre-registration.transliteration.transliterate.id=mosip.pre-registration.transliteration.transliterate +mosip.id.pre-registration.transliteration.transliterate=mosip.pre-registration.transliteration.transliterate +mosip.lang.traslate.adapter.impl.basepackage = io.mosip.kernel.transliteration.icu4j + +## List of keys which UI will consume +ui.config.params=preregistration.availability.sync,preregistration.availability.noOfDays,mosip.id.validation.identity.email,mosip.id.validation.identity.postalCode,mosip.id.validation.identity.phone,mosip.id.validation.identity.dateOfBirth,mosip.id.validation.identity.referenceIdentityNumber,mosip.default.dob.month,mosip.default.dob.day,mosip.kernel.otp.expiry-time,mosip.kernel.otp.validation-attempt-threshold,mosip.kernel.otp.default-length,mosip.kernel.sms.number.length,mosip.kernel.pin.length,preregistration.max.file.size,preregistration.recommended.centers.locCode,preregistration.nearby.centers,mosip.login.mode,preregistration.workflow.demographic,preregistration.workflow.documentupload,preregistration.workflow.booking,preregistration.auto.logout,preregistration.timespan.cancel,preregistration.timespan.rebook,preregistration.booking.offset,mosip.right_to_left_orientation,mosip.left_to_right_orientation,mosip.id.validation.identity.age,mosip.id.validation.identity.fullName.[*].value,mosip.id.validation.identity.addressLine1.[*].value,preregistration.documentupload.allowed.file.type,preregistration.documentupload.allowed.file.nameLength,preregistration.documentupload.allowed.file.size,mosip.preregistration.auto.logout.idle,mosip.preregistration.auto.logout.timeout,mosip.preregistration.auto.logout.ping,mosip.country.code,mosip.notificationtype,mosip.kernel.idobjectvalidator.masterdata.locations.locationNotAvailable,mosip.preregistration.captcha.sitekey,mosip.adult.age,mosip.idschema.version,mosip.preregistration.captcha.enable,preregistration.identity.name,preregistration.ui.version,preregistration.contact.email,preregistration.contact.phone + +## This config is used for loading recommended centers based on the value of the config. +## The value depicts the location hierarchy code of the hierarchy based on which the recommended centers is loaded +preregistration.recommended.centers.locCode=5 +## The Registration centers will be searched based on the distance value from the Geo location identified +preregistration.nearby.centers=2000 +## Determines file upload type allowed in UI +preregistration.documentupload.allowed.file.type = application/pdf,image/jpeg,image/png,image/jpg +# Determines the file name length(with extension) allowed in UI +preregistration.documentupload.allowed.file.nameLength = 50 +# Determines maximum size of file allowed uploaded in document service api (in bytes) +preregistration.documentupload.allowed.file.size = 2000000 +# Determines idle condition(in seconds) +mosip.preregistration.auto.logout.idle=180 +# Determines pop up timer(in seconds) +mosip.preregistration.auto.logout.timeout=60 +preregistration.ui.version=1.2.0 + +preregistration.contact.email=contact@dev.mosip.net +preregistration.contact.phone=9999999999 + +mosip.preregistration.anonymous-profile-username=admin + +# Determines to maintain iternal cycle & make sure value is not null (any value greater than zero) +mosip.preregistration.auto.logout.ping=30 + +mosip.id.validation.identity.dateOfBirth=^\d{4}[\-\/\s]?((((0[13578])|(1[02]))[\-\/\s]?(([0-2][0-9])|(3[01])))|(((0[469])|(11))[\-\/\s]?(([0-2][0-9])|(30)))|(02[\-\/\s]?[0-2][0-9]))$ +mosip.id.validation.identity.email=^[\\w-\\+]+(\\.[\\w]+)*@[\\w-]+(\\.[\\w]+)*(\\.[a-zA-Z]{2,})$ +mosip.id.validation.identity.phone=^([6-9]{1})([0-9]{9})$ + +## Captcha service +## Configuration for google re-captcha +mosip.preregistration.captcha.enable=false +mosip.preregistration.captcha.id.validate=mosip.pre-registration.captcha.id.validate +mosip.preregistration.captcha.sitekey=${prereg.captcha.site.key} +mosip.preregistration.captcha.secretkey=${prereg.captcha.secret.key} +mosip.preregistration.captcha.resourse.url=http://prereg-captcha.prereg/preregistration/v1/captcha/validatecaptcha +mosip.preregistration.captcha.recaptcha.verify.url=https://www.google.com/recaptcha/api/siteverify + +## Security +mosip.security.csrf-enable:false +mosip.security.cors-enable:false +# Comma Separated Allowed Origins +mosip.security.origins:localhost:8080,localhost:4200,${mosip.api.internal.url} +mosip.security.secure-cookie:false + +## for prereg booking notification name validation +preregistration.notification.nameFormat=fullName + +## Minio +object.store.s3.use.account.as.bucketname=true + +## Spring cache +spring.cache.type=none + +mosip.preregistration.appointment.getavailablity.url=${mosip.prereg.booking.url}/preregistration/v1/appointment/availability/{registrationCenterId} +mosip.preregistration.appointment.book.url=${mosip.prereg.booking.url}/preregistration/v1/appointment/{preRegistrationId} +mosip.preregistration.appointment.multi.book.url=${mosip.prereg.booking.url}/preregistration/v1/appointment +mosip.preregistration.applications.status.get = mosip.preregistration.applications.status +mosip.preregistration.applications.details.get = mosip.preregistration.applications.detail.info +mosip.preregistration.uispec.latest=mosip.preregistration.uispec.latest +mosip.preregistration.uispec.all=mosip.preregistration.uispec.all + +preregistration.cookie.contextpath=/ + +# To generate token from keycloak. Use by kernel auth adapter. +mosip.iam.adapter.clientid=mosip-prereg-client +mosip.iam.adapter.clientsecret=${mosip.prereg.client.secret} + +# mosip.prereg.client.secret +mosip.iam.adapter.appid=prereg + +# To generate token from keycloak in PreReg Data Sync Service. Used by kernel auth adapter. +mosip.iam.adapter.clientid.pre-registration-datasync-service=mosip-reg-client +mosip.iam.adapter.clientsecret.pre-registration-datasync-service=${mosip.reg.client.secret} +mosip.iam.adapter.appid.pre-registration-datasync-service=registrationclient + +#the custom auth provider component names list +mosip.security.authentication.provider.beans.list.pre-registration-application-service=customJWTAuthProvider +mosip.security.authentication.provider.beans.list.pre-registration-booking-service=customJWTAuthProvider + +# Object store + +object.store.s3.accesskey=${s3.accesskey} +object.store.s3.secretkey=${s3.secretkey} +## For Minio: object.store.s3.url=http://minio.minio:9000 +## For AWS: object.store.s3.url=s3.${s3.region}.amazonaws.com +object.store.s3.url=http://minio.minio:9000 +object.store.s3.region=${s3.region} +object.store.s3.readlimit=10000000 + +# Roles +mosip.role.prereg.postapplications=INDIVIDUAL,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.putapplications=INDIVIDUAL,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.getapplications=REGISTRATION_OFFICER,INDIVIDUAL,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.prereg.putapplicationsstatus=REGISTRATION_OFFICER,INDIVIDUAL,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.prereg.getapplicationsall=REGISTRATION_OFFICER,INDIVIDUAL,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.getapplicationsstatus=REGISTRATION_OFFICER,INDIVIDUAL,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.prereg.deleteapplications=INDIVIDUAL,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.postapplicationsupdatedtime=REGISTRATION_OFFICER,INDIVIDUAL,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,REGISTRATION_PROCESSOR +mosip.role.prereg.getapplicationsconfig=INDIVIDUAL +mosip.role.prereg.getapplicationsinfo=REGISTRATION_OFFICER,INDIVIDUAL,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,PRE_REGISTRATION_ADMIN +mosip.role.prereg.postlogaudit=REGISTRATION_OFFICER,INDIVIDUAL,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.postdocumentspreregistrationid=INDIVIDUAL +mosip.role.prereg.putdocumentspreregistrationid=INDIVIDUAL +mosip.role.prereg.getdocumentsdocumentid=REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,INDIVIDUAL +mosip.role.prereg.getdocumentspreregistrationid=REGISTRATION_OFFICER,INDIVIDUAL +mosip.role.prereg.deletedocumentsdocumentid=INDIVIDUAL +mosip.role.prereg.deletedocumentspreregistrationid=INDIVIDUAL +mosip.role.prereg.putdocumentsdocumentid=INDIVIDUAL,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.postqrcodegenerate=INDIVIDUAL +mosip.role.prereg.getrefreshconfig=PRE_REGISTRATION_ADMIN +mosip.role.prereg.postnotificationnotify=REGISTRATION_OFFICER,INDIVIDUAL,PRE_REGISTRATION_ADMIN +mosip.role.prereg.postnotification=INDIVIDUAL,PRE_REGISTRATION_ADMIN +mosip.role.prereg.posttransliterationtransliterate=REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,INDIVIDUAL +mosip.role.prereg.getuispeclatest=REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,INDIVIDUAL +mosip.role.prereg.getuispecall=REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,INDIVIDUAL +mosip.role.prereg.postpreregsync=REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.getsyncpreregistrationid=REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.getsyncpreregistrationidmachineid=REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.postsyncconsumedpreregids=REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,REGISTRATION_PROCESSOR +mosip.role.prereg.cancelappointmentpreregid=REGISTRATION_OFFICER,INDIVIDUAL,PRE_REGISTRATION_ADMIN +mosip.role.prereg.deleteappointmentpreregid=REGISTRATION_OFFICER,INDIVIDUAL,PRE_REGISTRATION_ADMIN +mosip.role.prereg.getappointmentavailability=INDIVIDUAL +mosip.role.prereg.postappointmentpreregistrationid=INDIVIDUAL +mosip.role.prereg.postappointment=INDIVIDUAL +mosip.role.prereg.getappointmentpreregistrationid=REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN,PRE_REGISTRATION_ADMIN,INDIVIDUAL +mosip.role.prereg.putappointmentpreregistrationid=INDIVIDUAL,PRE_REGISTRATION_ADMIN +mosip.role.prereg.putbatchappointmentpreregistrationid=PRE_REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR +mosip.role.prereg.deleteappointment=INDIVIDUAL,PRE_REGISTRATION_ADMIN +mosip.role.prereg.getappointmentpreregistrationidregistrationcenterid=INDIVIDUAL,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN +mosip.role.prereg.getappointmentregistrationcenterid=INDIVIDUAL,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,REGISTRATION_ADMIN diff --git a/print-default.properties b/print-default.properties new file mode 100644 index 00000000000..f2c1f7fbb0c --- /dev/null +++ b/print-default.properties @@ -0,0 +1,125 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# mosip.regproc.client.secret +# print.websub.hub.secret + +## Websub +mosip.event.hubURL=${mosip.websub.url}/hub/ +mosip.partner.id=mpartner-default-print +mosip.datashare.partner.id=mpartner-default-resident +mosip.datashare.policy.id=mpolicy-default-resident +## This callback is called by Websub to notify print +mosip.event.callBackUrl=http://print-service.print${server.servlet.context-path}/print/callback/notifyPrint + +mosip.event.topic=${mosip.partner.id}/CREDENTIAL_ISSUED +mosip.event.secret=${print.websub.hub.secret} +csrf.disabled=true +mosip.event.delay-millisecs=120000 +print-websub-resubscription-delay-millisecs=21600000 +registration.processor.print.textfile=registration-processor-print-text-file.json + +# Audit service +AUDIT=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.kernel.pdf_owner_password=123456 + +## Auth service +authmanager.base.url=${mosip.kernel.authmanager.url} +KEYBASEDTOKENAPI=${authmanager.base.url}/v1/authmanager/authenticate/clientidsecretkey + +## Master data services +MASTER=${mosip.kernel.masterdata.url}/v1/masterdata +TEMPLATES=${MASTER}/templates + +mosip.print.application.version=1.0 +mosip.print.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' + +## Encrypt services +PDFSIGN=${mosip.kernel.keymanager.url}/v1/keymanager/pdf/sign + + +mosip.print.service.id=mosip.print +mosip.print.service.uincard.password=postalCode|fullName +mosip.print.uin.header.length=75 + +## Rectangle coordinates for pfd signataured data +mosip.print.service.uincard.lowerleftx=73 +mosip.print.service.uincard.lowerlefty=100 +mosip.print.service.uincard.upperrightx=300 +mosip.print.service.uincard.upperrighty=300 +mosip.print.service.uincard.signature.reason="signing" + + +## Kernel Crypto signature +registration.processor.signature.isEnabled=true + +## Country specific +mosip.country.code=MOR +mosip.supported-languages=eng,ara,fra +mosip.template-language=eng +mosip.optional-languages=ara,fra +mosip.mandatory-languages=eng + +## CBEFF util +# Cbeff XSD file name in config server +mosip.kernel.xsdfile=mosip-cbeff.xsd + +mosip.kernel.applicant.type.age.limit=5 + +mosip.kernel.pin.length=6 + +## Token id +## length of the token id +mosip.kernel.tokenid.length=36 + +## log level +logging.level.root=INFO +logging.level.io.mosip=INFO +logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO + +## tomcat access logs +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.directory=/dev +server.tomcat.accesslog.prefix=stdout +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.suffix= +server.tomcat.accesslog.file-date-format= +server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}"} +server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve +registration.processor.unMaskedUin.length=5 + +IDSchema.Version=1.0 +registration.processor.identityjson=identity-mapping.json +registration.processor.demographic.identity=identity +CREATEDATASHARE=${mosip.datashare.url}/v1/datashare/create +DECRYPTPINBASSED=${mosip.kernel.keymanager.url}/v1/keymanager/decryptWithPin +mosip.print.prependThumbprint=true + +# websub authentication +mosip.iam.adapter.clientid=mpartner-default-print +mosip.iam.adapter.clientsecret=${mpartner.default.print.secret} +mosip.iam.adapter.appid=admin +mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip +mosip.authmanager.base-url=${mosip.kernel.authmanager.url}/v1/authmanager +mosip.authmanager.client-token-endpoint=${mosip.authmanager.base-url}/authenticate/clientidsecretkey +# in minutes + +mosip.iam.adapter.validate-expiry-check-rate=1440 + +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=1440 + +#this should be false if you don?t use this restTemplate true if you do + +mosip.iam.adapter.self-token-renewal-enable=true +mosip.auth.filter_disable=false +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter + +# p12 file +mosip.print.crypto.p12.filename=partner.p12 +## password hardcoded in print service. TODO: Make it configurable. +mosip.print.crypto.p12.password=password@123 +mosip.print.crypto.p12.alias=partner + +# verifiable credential +mosip.print.verify.credentials.flag=true diff --git a/sandbox/registration-mz.properties b/registration-default.properties similarity index 61% rename from sandbox/registration-mz.properties rename to registration-default.properties index 80d373e9a6c..78e6990af1a 100644 --- a/sandbox/registration-mz.properties +++ b/registration-default.properties @@ -4,6 +4,9 @@ mosip.registration.num_of_fingerprint_retries=3 #Iris retry attempts. Possible values 1 to 10 mosip.registration.num_of_iris_retries=3 +#Face retry attempts. Possible values 1 to 10 +mosip.registration.num_of_face_retries=3 + #Maximum no. of days without running the Master Sync Job beyond which client is frozen for registration mosip.registration.masterSyncJob.frequency=190 @@ -60,8 +63,8 @@ mosip.registration.geo.capture.frequency=n #Admin Setting to turn Document Scan On or Off. If y, documents scan view is turned on. If n, documents scan view turned off. mosip.registration.document_enable_flag=y -#Supervisor Authentication for Biometric Exceptions. If y, iris is turned on. If n, iris is turned off. -mosip.registration.supervisor_authentication_configuration=Y +#Reviewer Authentication for Biometric Exceptions. If y, iris is turned on. If n, iris is turned off. +mosip.registration.reviewer_authentication_configuration=Y #Maximum length of the Password to be entered mosip.registration.username_pwd_length=50 @@ -106,8 +109,8 @@ mosip.registration.reg_pak_max_cnt_apprv_limit=100 #Maximum no. of days for a packet pending EOD approval beyond which client is frozen for registration mosip.registration.reg_pak_max_time_apprv_limit=50 -#Enable EOD feature. If y, EOD feature will be enabled, else, will be disbaled -mosip.registration.eod_process_config_flag=Y +#Enable supervisor authentication feature. If y, supervisor approval will be enabled, else, will be disbaled +mosip.registration.supervisor_approval_config_flag=Y #No. of days beyond audit creation date to delete audits mosip.registration.audit_log_deletion_configured_days=10 @@ -178,10 +181,8 @@ mosip.registration.registration_pre_reg_packet_location=..//PreRegPacketStore #Mode of Communicating the OTP to User. Possible Values email or mobile mosip.registration.otp_channels=email - - #Time in Seconds for forced log-out of user, if user is idle for the specified duration -mosip.registration.ideal_time = 900 +mosip.registration.idle_time = 900 #Time in Seconds to diplay the warning message pop-up to user, if user is idle for the specified duration mosip.registration.refreshed_login_time = 600 @@ -200,44 +201,15 @@ mosip.registration.thumbs_fingerprint_threshold=40 #Thereshold Quality Value for IRIS capture mosip.registration.iris_threshold=60 +#Threshold Quality Value for Face capture +mosip.registration.face_threshold=90 #Maximum number of days where Registration or UIN Update or Lost UIN will be allowed without updating the Registration Client Software mosip.registration.softwareUpdateCheck_configured_frequency = 300 -#----Consent Message to be displayed in Registration Preview Screen based on Application's Primary Language---- - -#For English as primary language -mosip.registration.consent_eng=I understand that the data collected about me during registration by the said authority includes my -
• Name
• Date of birth
• Gender
• Address
• Contact details
• Documents
I also understand that this information will be stored and processed for the purpose of verifying my identity in order to access various services, or to comply with a legal obligation. I give my consent for the collection of this data for this purpose. - - -#For Arabic as primary language -mosip.registration.consent_ara = أدرك أن البيانات التي تم جمعها عني أثناء التسجيل من قِبل السلطة المذكورة تتضمن بياناتي -
• الاسم
• تاريخ الميلاد
• نوع الجنس
• العنوان
• تفاصيل الاتصال
• الوثائق
كما أفهم أنه سيتم تخزين هذه المعلومات ومعالجتها بغرض التحقق من هويتي من أجل الوصول إلى خدمات مختلفة، أو الامتثال لالتزام قانوني. وأوافق على جمع هذه البيانات لهذا الغرض. - - -#For French as primary language -mosip.registration.consent_fra=Je comprends que les données recueillies à mon sujet lors de la enregistrement par ladite autorité comprennent mon -
• nom
• Date de naissance
• genre
• adresse
• coordonnées
• Documents
Je comprends également que ces informations seront stockées et traitées dans le but de vérifier mon identité afin d'accéder à divers services, ou de se conformer à une obligation légale. Je donne mon consentement pour la collecte de ces données à cette fin. - - -#Name of the Webcam to be used for capturing photo -#if camera with this name is not found, simply chooses first camera discovered -mosip.registration.webcam_name=logitech - #Enable or Disable the Scanner Device for Document Scanning. mosip.registration.document_scanner_enabled=No - -#----Guidelines Text to be displayed in Registration Acknowledgement Receipt based on Application Primary Language---- - -#For English language -mosip.registration.important_guidelines_eng=COUNTRY TO DEFINE THE TEXT OF GUIDELINES - -#For Arabic language -mosip.registration.important_guidelines_ara=COUNTRY TO DEFINE THE TEXT OF GUIDELINES - -#For French language -mosip.registration.important_guidelines_fra=COUNTRY TO DEFINE THE TEXT OF GUIDELINES - - #Application ID of the Registration Client required for Authentication Web-Service. Should not be modified. mosip.registration.app.id=registrationclient @@ -259,6 +231,11 @@ mosip.registration.mds.deduplication.enable.flag=N #Threshold quality for Fingerprint biometric authentication mosip.fingerprint_authentication.quality_score=30 +#Threshold quality for Iris biometric authentication +mosip.iris_authentication.quality_score=30 + +#Threshold quality for Face biometric authentication +mosip.face_authentication.quality_score=30 #Jobs @@ -285,6 +262,19 @@ mosip.registration.mdm.host=127.0.0.1 mosip.registration.mdm.portRangeFrom=4501 mosip.registration.mdm.portRangeTo=4600 +mosip.biometric.sdk.providers.finger.mockvendor.classname=io.mosip.mock.sdk.impl.SampleSDK +mosip.biometric.sdk.providers.finger.mockvendor.version=0.9 +mosip.biometric.sdk.providers.finger.mockvendor.args= +mosip.biometric.sdk.providers.finger.mockvendor.threshold=60 +mosip.biometric.sdk.providers.iris.mockvendor.classname=io.mosip.mock.sdk.impl.SampleSDK +mosip.biometric.sdk.providers.iris.mockvendor.version=0.9 +mosip.biometric.sdk.providers.iris.mockvendor.args= +mosip.biometric.sdk.providers.iris.mockvendor.threshold=60 +mosip.biometric.sdk.providers.face.mockvendor.classname=io.mosip.mock.sdk.impl.SampleSDK +mosip.biometric.sdk.providers.face.mockvendor.version=0.9 +mosip.biometric.sdk.providers.face.mockvendor.args= +mosip.biometric.sdk.providers.face.mockvendor.threshold=60 + ## SDK configurations #SDK implementation class for finger modality mosip.biometric.sdk.provider.finger.classname=io.mosip.mock.sdk.impl.SampleSDK @@ -319,96 +309,6 @@ mosip.biometric.sdk.provider.face.args= #Quality threshold used by SDK to match modality mosip.biometric.sdk.provider.face.threshold=60 -##------------------------------------- unused properties -#Maximum no. of days without login credentials sync beyond which client is frozen for registration -mosip.registration.Login_Credentials_Sync.frequency=190 - -#Maximum no. of days without checking for software set-up beyond which client is frozen for registration -mosip.registration.Registration_Client_Setup_Sync.frequency=190 - -#Maximum no. of days without checking for software update beyond which client is frozen for registration -mosip.registration.Registration_Client_Config_Sync.frequency=190 - -#Maximum no. of days for User Role Set-up Sync beyond which client is frozen for registration -mosip.registration.User_Role_Setup_Sync.frequency=190 - -#Minimum number of biometrics required to on-board the officer -mosip.registration.user_on_board_threshold_limit=1 - -#Admin Setting to turn Fingerprint Capture On or Off. If y, finger print is turned on. If n, Finger print is truned off. -mosip.registration.fingerprint_enable_flag=Y - -#Admin Setting to turn Iris Capture On or Off. If y, iris is turned on. If n, iris turned off. -mosip.registration.iris_enable_flag=Y - -#Admin Setting to turn Face Capture On or Off. If y, face is turned on. If n, face is truned off. -mosip.registration.face_enable_flag=Y - -#Validate the quality of captured fingerprint. Used by fingerprint capture device. -mosip.registration.quality_score=60 - -#Minimum time (in seconds) to elapse between face photo recaptures -mosip.registration.re_capture_time=10 - -#Days before key expiry that registration should be inhibited -mosip.registration.key_policy_sync_threshold_value=1 - -#Whether to show UI for sync Data report (Currently not available) -mosip.registration.ui_sync_data=y - -#Minimum time (in seconds) to elapse between face photo recaptures -mosip.registration.face_recapture_time=5 - -#Webcam Library Name. Should not be modified -mosip.registration.webcam_library_name=sarxos - -#Send notifications to additional recipients after Registration is completed. If set to y, this feature will be enabled. -#If set to n, this feature will not be enabled -mosip.registration.send_notification_disable_flag=y - -#Current MDS version -current_mdm_spec=0.9.2 - -#Threshold quality for Iris biometric authentication, but this is not used currently -mosip.iris_authentication.quality_score=30 - -mosip.registration.mdm.contextPath= -mosip.registration.mdm.hostProtocol=http - -## ---------------------------------- Properties need to be removed from code and properties -#Fields that can be updated through the UIN Update feature -mosip.registration.uin.update.configured.fields=name,age,gender,address,phone,email,parentOrGuardianDetails,foreigner,biometrics,cnieNumber - -#Max registration packet size (in MB) allowed to be uploaded -mosip.registration.max_reg_packet_size=5 - -#Create CBEFF file with both Duplicate and Unique Tags or with only Unique Tags. If Y, only Unique Tags will be available in CBEFF. -#If N, both Duplicate and Unique Tags will be available -mosip.registration.cbeff_only_unique_tags=Y - -#Registration Packet Local Storage Date's pattern for Folder -mosip.registration.packet_store_date_format=dd-MMM-yyyy - -#Enable or Disable the MDM service. If set to Y, the MDM services will be invoked for capturing the biometrics. -#If set N, the MDM services will not be invoked. -mosip.mdm.enabled=N - -#Regex Pattern for validating the CNIE Number, need to remove from rollback scripts -mosip.id.validation.identity.CNIENumber=^([0-9]{10,30})$ - -#Regex Pattern for validating the CNIE Number -mosip.id.validation.identity.referenceIdentityNumber=^([0-9]{10,30})$ - -#Admin Setting to turn local deduplication check for finger print On or Off. If y, dedupe check is turned on. If n, dedupe check is truned off. -mosip.registration.mds.fingerprint.dedup.enable.flag=N - -#Admin Setting to turn local deduplication check Iris On or Off. If y, dedupe check is turned on. If n, dedupe check is truned off. -mosip.registration.mds.iris.dedup.enable.flag=N - -#Admin Setting to turn local deduplication check Face On or Off. If y, dedupe check is turned on. If n, dedupe check is truned off. -mosip.registration.mds.face.dedup.enable.flag=N - -## ----------------------- kernel properties --- Required to be here ? #----Kernel's ID Object Validator Component. Identity object have to be validated in local---- @@ -424,10 +324,13 @@ mosip.kernel.idobjectvalidator.property-source=LOCAL #----For Transliteration Component---- #Language Code for Arabic Language. Should not be modified -mosip.kernel.transliteration.arabic-language-code=ara +mosip.kernel.transliteration.arabic-language-code=${mosip.kernel.transliteration.arabic-language-code} #Language Code for French Language. Should not be modified -mosip.kernel.transliteration.franch-language-code = fra +mosip.kernel.transliteration.franch-language-code=${mosip.kernel.transliteration.franch-language-code} + +#Language Code for English Language. Should not be modified +mosip.kernel.transliteration.english-language-code=${mosip.kernel.transliteration.english-language-code} #----For CBEFF Component---- @@ -466,4 +369,158 @@ mosip.registration.quality_check_with_sdk=N mosip.registration.replace_sdk_quality_score=N #URL for reset password -mosip.registration.reset_password_url=https://dev.mosip.net/keycloak/auth/realms/mosip/account/ +#mosip.registration.reset_password_url=${mosip.api.internal.url}/keycloak/auth/realms/mosip/account/ +mosip.registration.reset_password_url=${keycloak.external.url}/auth/realms/mosip/account +#Flag to check / bypass device cert validation + +mosip.registration.onboard_yourself_url=https://docs.mosip.io/platform/modules/registration-client/first-user-registration-and-onboarding +mosip.registration.registering_individual_url=https://docs.mosip.io/platform/modules/registration-client/registration-packet +mosip.registration.sync_data_url=https://docs.mosip.io/platform/modules/registration-client/registration-functionality +mosip.registration.mapping_devices_url=https://docs.mosip.io/platform/modules/registration-client/device-integration-specifications +mosip.registration.uploading_data_url=https://docs.mosip.io/platform/modules/registration-client/ui-specification-for-registration-client +mosip.registration.updating_biometrics_url=https://docs.mosip.io/platform/modules/registration-client/guide-to-configure-mosip-for-biometrics + +mosip.registration.mdm.validate.trust=true + +#Batch size for RID Sync Job +mosip.registration.rid_sync_batch_size=5 + +#Batch size for Packet Upload Job +mosip.registration.packet_upload_batch_size=5 + +#used to fill env in the MDM rcapture request +mosip.registration.server_profile=Staging + +#Batch size for Packet Status Search Job +mosip.registration.status_sync_batch_size=5 + +# domain used for MDM trust validation +# For L1 devices this should be FTM +mosip.registration.mdm.trust.domain.rcapture=DEVICE +mosip.registration.mdm.trust.domain.digitalId=DEVICE +mosip.registration.mdm.trust.domain.deviceinfo=DEVICE + +# Below age ranges map should contain proper age group name and age range, any overlap of the age +# range will result in a random behaviour of tagging. In range, upper and lower values are inclusive. +mosip.regproc.packet.classifier.tagging.agegroup.ranges={'INFANT':'0-5','MINOR':'6-17','ADULT':'18-200'} + +# On every Pre-reg application fetch in registration page, clears all the captured data prior to pre-reg application fetch +# set the field id's which should not be cleared after Pre-reg application fetch +# it is comma separated list of field ids +mosip.registration.fields.to.retain.post.prid.fetch=consent,consentText,preferredLang + + +## Connection and read timeouts for MDM requests in millis +mosip.registration.mdm.connection.timeout=10000 +mosip.registration.mdm.RCAPTURE.connection.timeout=40000 +mosip.registration.mdm.MOSIPDINFO.connection.timeout=5000 +mosip.registration.mdm.MOSIPDISC.connection.timeout=5000 + +mosip.registration.HTTP_API_READ_TIMEOUT=60000 +mosip.registration.HTTP_API_WRITE_TIMEOUT=60000 + +## Global properties +mosip.right_to_left_orientation=${mosip.right_to_left_orientation} +mosip.left_to_right_orientation=${mosip.left_to_right_orientation} +mosip.mandatory-languages=${mosip.mandatory-languages} +mosip.optional-languages=${mosip.optional-languages} +mosip.min-languages.count=${mosip.min-languages.count} +mosip.max-languages.count=${mosip.max-languages.count} +mosip.kernel.keygenerator.symmetric-key-length=${mosip.kernel.keygenerator.symmetric-key-length} +mosip.kernel.keygenerator.asymmetric-key-length=${mosip.kernel.keygenerator.asymmetric-key-length} +mosip.kernel.keygenerator.asymmetric-algorithm-name=${mosip.kernel.keygenerator.asymmetric-algorithm-name} +mosip.kernel.keygenerator.symmetric-algorithm-name=${mosip.kernel.keygenerator.symmetric-algorithm-name} +mosip.kernel.crypto.symmetric-algorithm-name=${mosip.kernel.crypto.symmetric-algorithm-name} +mosip.kernel.crypto.asymmetric-algorithm-name=${mosip.kernel.crypto.asymmetric-algorithm-name} +mosip.kernel.crypto.gcm-tag-length=${mosip.kernel.crypto.gcm-tag-length} +mosip.kernel.crypto.hash-symmetric-key-length=${mosip.kernel.crypto.hash-symmetric-key-length} +mosip.kernel.crypto.hash-algorithm-name=${mosip.kernel.crypto.hash-algorithm-name} +mosip.kernel.crypto.sign-algorithm-name=${mosip.kernel.crypto.sign-algorithm-name} +mosip.kernel.crypto.hash-iteration=${mosip.kernel.crypto.hash-iteration} +mosip.kernel.data-key-splitter=${mosip.kernel.data-key-splitter} +mosip.kernel.signature.signature-request-id=${mosip.kernel.signature.signature-request-id} +mosip.kernel.signature.signature-version-id=${mosip.kernel.signature.signature-version-id} +mosip.kernel.prid.restricted-numbers=${mosip.kernel.prid.restricted-numbers} +mosip.kernel.prid.length=${mosip.kernel.prid.length} +mosip.kernel.prid.sequence-limit=${mosip.kernel.prid.sequence-limit} +mosip.kernel.prid.repeating-block-limit=${mosip.kernel.prid.repeating-block-limit} +mosip.kernel.prid.repeating-limit=${mosip.kernel.prid.repeating-limit} +mosip.kernel.prid.not-start-with=${mosip.kernel.prid.not-start-with} +mosip.kernel.uin.length=${mosip.kernel.uin.length} +mosip.kernel.uin.restricted-numbers=${mosip.kernel.uin.restricted-numbers} +mosip.kernel.uin.length.repeating-block-limit=${mosip.kernel.uin.length.repeating-block-limit} +mosip.kernel.uin.length.sequence-limit=${mosip.kernel.uin.length.sequence-limit} +mosip.kernel.uin.length.repeating-limit=${mosip.kernel.uin.length.repeating-limit} +mosip.kernel.uin.length.conjugative-even-digits-limit=${mosip.kernel.uin.length.conjugative-even-digits-limit} +mosip.kernel.uin.length.reverse-digits-limit=${mosip.kernel.uin.length.reverse-digits-limit} +mosip.kernel.uin.length.digits-limit=${mosip.kernel.uin.length.digits-limit} +mosip.kernel.vid.restricted-numbers=${mosip.kernel.vid.restricted-numbers} +mosip.kernel.vid.not-start-with=${mosip.kernel.vid.not-start-with} +mosip.kernel.vid.length.repeating-limit=${mosip.kernel.vid.length.repeating-limit} +mosip.kernel.vid.length.repeating-block-limit=${mosip.kernel.vid.length.repeating-block-limit} +mosip.kernel.vid.length.sequence-limit=${mosip.kernel.vid.length.sequence-limit} +mosip.kernel.vid.length=${mosip.kernel.vid.length} +mosip.kernel.registrationcenterid.length=${mosip.kernel.registrationcenterid.length} +mosip.kernel.machineid.length=${mosip.kernel.machineid.length} +## RID +mosip.kernel.rid.length=${mosip.kernel.rid.length} +mosip.kernel.rid.timestamp-length=${mosip.kernel.rid.timestamp-length} +mosip.kernel.rid.sequence-length=${mosip.kernel.rid.sequence-length} +## Virus scanner +# Here we specify the Kubernetes service name if clamav runs inside cluster +mosip.kernel.virus-scanner.host=${mosip.kernel.virus-scanner.host} +mosip.kernel.virus-scanner.port=${mosip.kernel.virus-scanner.port} +mosip.kernel.otp.expiry-time=${mosip.kernel.otp.expiry-time} +## end of global properties + +# Support Reg.Client upgrade +mosip.registration.verion.upgrade.version-mappings={ "1.1.4":{ "dbVersion":"1.1.4", "releaseOrder":1}, "1.1.5":{ "dbVersion":"1.1.5", "releaseOrder":2}, "1.1.5.5":{ "dbVersion":"1.1.5.5", "releaseOrder":3}, "1.2.0.1-SNAPSHOT":{ "dbVersion":"1.2.0.1", "releaseOrder":4} } + +## backward compatibility fields +mosip.registration.uin.update.configured.fields=test +mosip.primary-language=eng +mosip.secondary-language=ara +mosip.registration.ideal_time=900 +mosip.kernel.applicant.type.age.limit=${mosip.kernel.applicant.type.age.limit} +mosip.registration.max_age=200 + +# Parameters required for Backward Compatibility +# These parameters needed for supporting previous versions of registration clients in case of upgraded env. + +mosip.registration.mdm.hostProtocol=http +mosip.mdm.enabled=TRUE +mosip.registration.ui_sync_data=y +mosip.registration.Login_Credentials_Sync.frequency=190 +mosip.registration.consent_fra="Je comprends que les données recueillies à mon sujet lors de la enregistrement par ladite autorité comprennent mon -
• nom
• Date de naissance
• genre
• adresse
• coordonnées
• Documents
Je comprends également que ces informations seront stockées et traitées dans le but de vérifier mon identité afin d'accéder à divers services, ou de se conformer à une obligation légale. Je donne mon consentement pour la collecte de ces données à cette fin." +mosip.camera.resolution.width=2592 +mosip.registration.eod_process_config_flag=Y +mosip.id.validation.identity.CNIENumber=^([0-9]{10,30})$ +mosip.registration.important_guidelines_eng=COUNTRY TO DEFINE THE TEXT OF GUIDELINES +mosip.registration.mds.iris.dedup.enable.flag=N +mosip.registration.mds.face.dedup.enable.flag=N +mosip.registration.consent_eng=I understand that the data collected about me during registration by the said authority includes my -
• Name
• Date of birth
• Gender
• Address
• Contact details
• Documents
I also understand that this information will be stored and processed for the purpose of verifying my identity in order to access various services, or to comply with a legal obligation. I give my consent for the collection of this data for this purpose. +mosip.registration.cbeff_only_unique_tags=Y +current_mdm_spec=0.9.2 +mosip.registration.re_capture_time=10 +mosip.registration.fingerprint_enable_flag=Y +mosip.registration.mds.fingerprint.dedup.enable.flag=N +mosip.registration.important_guidelines_ara=COUNTRY TO DEFINE THE TEXT OF GUIDELINES +mosip.registration.webcam_name=logitech +mosip.registration.User_Role_Setup_Sync.frequency=190 +mosip.registration.face_recapture_time=5 +mosip.registration.key_policy_sync_threshold_value=1 +mosip.registration.send_notification_disable_flag=y +mosip.registration.mdm.contextPath= +mosip.registration.face_enable_flag=Y +mosip.registration.important_guidelines_fra=COUNTRY TO DEFINE THE TEXT OF GUIDELINES +mosip.id.validation.identity.referenceIdentityNumber=^([0-9]{10,30})$ +mosip.camera.resolution.height=1944 +mosip.registration.consent_ara=" أدرك أن البيانات التي تم جمعها عني أثناء التسجيل من قِبل السلطة المذكورة تتضمن بياناتي -
• الاسم
• تاريخ الميلاد
• نوع الجنس
• العنوان
• تفاصيل الاتصال
• الوثائق
كما أفهم أنه سيتم تخزين هذه المعلومات ومعالجتها بغرض التحقق من هويتي من أجل الوصول إلى خدمات مختلفة، أو الامتثال لالتزام قانوني. وأوافق على جمع هذه البيانات لهذا الغرض. " +mosip.registration.iris_enable_flag=Y +mosip.registration.user_on_board_threshold_limit=1 +mosip.registration.quality_score=60 +mosip.registration.webcam_library_name=sarxos +mosip.registration.DOCUMENT_SCANNER_DEPTH=100 +mosip.registration.document_scanner_dpi=75 +mosip.registration.document_scanner_brightness=10 + diff --git a/registration-processor-abis.json b/registration-processor-abis.json new file mode 100644 index 00000000000..2f0c1476faf --- /dev/null +++ b/registration-processor-abis.json @@ -0,0 +1,16 @@ +{ + "abis": [{ + "name": "ABIS", + "host": "", + "port": "", + "brokerUrl": "tcp://${activemq.host}:${activemq.core.port}", + "inboundQueueName": "mosip-to-abis", + "outboundQueueName": "abis-to-mosip", + "pingInboundQueueName": "", + "pingOutboundQueueName": "", + "userName": "artemis", + "password": "${activemq.password}", + "typeOfQueue": "ACTIVEMQ", + "inboundMessageTTL": 2700 + }] +} diff --git a/registration-processor-camel-routes-activate-default.xml b/registration-processor-camel-routes-activate-default.xml new file mode 100644 index 00000000000..e1bff6ebd07 --- /dev/null +++ b/registration-processor-camel-routes-activate-default.xml @@ -0,0 +1,143 @@ + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + diff --git a/registration-processor-camel-routes-biometric-correction-default.xml b/registration-processor-camel-routes-biometric-correction-default.xml new file mode 100644 index 00000000000..fbb873032e0 --- /dev/null +++ b/registration-processor-camel-routes-biometric-correction-default.xml @@ -0,0 +1,212 @@ + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-officerId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-officerId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT' || @['tags']['AGE_GROUP'] == 'MINOR' || @['tags']['INTRODUCER_AVAILABILITY'] == 'true')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT' || @['tags']['AGE_GROUP'] == 'MINOR' || @['tags']['INTRODUCER_AVAILABILITY'] == 'true')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + diff --git a/registration-processor-camel-routes-deactivate-default.xml b/registration-processor-camel-routes-deactivate-default.xml new file mode 100644 index 00000000000..b77486c607b --- /dev/null +++ b/registration-processor-camel-routes-deactivate-default.xml @@ -0,0 +1,142 @@ + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + diff --git a/registration-processor-camel-routes-lost-default.xml b/registration-processor-camel-routes-lost-default.xml new file mode 100644 index 00000000000..6c0a7b79b61 --- /dev/null +++ b/registration-processor-camel-routes-lost-default.xml @@ -0,0 +1,496 @@ + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-officerId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-officerId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT' || @['tags']['AGE_GROUP'] == 'MINOR' || @['tags']['INTRODUCER_AVAILABILITY'] == 'true')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['BIOMETRIC_CORRECTION_FLOW_STATUS'] in ['FAILED'] || @['tags']['BIOMETRIC_CORRECTION_FLOW_STATUS'] in ['REJECTED'])] + BIOMETRIC_CORRECTION + 1296000 + + + + $.[?(@['tags']['Biometric_Quality-Iris'] in ['level-4','level-5','level-6','level-7','level-8','level-9','level-10','--Biometrics-Not-Available--'] && @['tags']['Biometric_Quality-Finger'] in ['level-4','level-5','level-6','level-7','level-8','level-9','level-10','--Biometrics-Not-Available--'] && @['tags']['Biometric_Quality-Face'] in ['level-4','level-5','level-6','level-7','level-8','level-9','level-10','--Biometrics-Not-Available--'])] + + + + $.[?(@['tags']['Biometric_Quality-Iris'] in ['level-1','level-2','level-3'] || @['tags']['Biometric_Quality-Finger'] in ['level-1','level-2','level-3'] || @['tags']['Biometric_Quality-Face'] in ['level-1','level-2','level-3'])] + BIOMETRIC_CORRECTION + + 1296000 + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'verification-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'abis-handler-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'manual-adjudication-bus-in')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'abis-middle-ware-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'bio-dedupe-bus-in')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + diff --git a/registration-processor-camel-routes-new-default.xml b/registration-processor-camel-routes-new-default.xml new file mode 100644 index 00000000000..ac92bf762e8 --- /dev/null +++ b/registration-processor-camel-routes-new-default.xml @@ -0,0 +1,542 @@ + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-officerId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-officerId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT' || @['tags']['AGE_GROUP'] == 'MINOR' || @['tags']['INTRODUCER_AVAILABILITY'] == 'true')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT' || @['tags']['AGE_GROUP'] == 'MINOR' || @['tags']['INTRODUCER_AVAILABILITY'] == 'true')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['BIOMETRIC_CORRECTION_FLOW_STATUS'] in ['FAILED'] || @['tags']['BIOMETRIC_CORRECTION_FLOW_STATUS'] in ['REJECTED'])] + BIOMETRIC_CORRECTION + 1296000 + + + + $.[?(@['tags']['Biometric_Quality-Iris'] in ['level-4','level-5','level-6','level-7','level-8','level-9','level-10','--Biometrics-Not-Available--'] && @['tags']['Biometric_Quality-Finger'] in ['level-4','level-5','level-6','level-7','level-8','level-9','level-10','--Biometrics-Not-Available--'] && @['tags']['Biometric_Quality-Face'] in ['level-4','level-5','level-6','level-7','level-8','level-9','level-10','--Biometrics-Not-Available--'])] + + + + $.[?(@['tags']['Biometric_Quality-Iris'] in ['level-1','level-2','level-3'] || @['tags']['Biometric_Quality-Finger'] in ['level-1','level-2','level-3'] || @['tags']['Biometric_Quality-Face'] in ['level-1','level-2','level-3'])] + BIOMETRIC_CORRECTION + + 1296000 + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'abis-handler-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'manual-adjudication-bus-in')] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'abis-middle-ware-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'demo-dedupe-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'bio-dedupe-bus-in')] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'verification-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'abis-handler-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'manual-adjudication-bus-in')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + diff --git a/registration-processor-camel-routes-opencrvs_new-default.xml b/registration-processor-camel-routes-opencrvs_new-default.xml new file mode 100644 index 00000000000..7eecb7fdad0 --- /dev/null +++ b/registration-processor-camel-routes-opencrvs_new-default.xml @@ -0,0 +1,249 @@ + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?((@['tags']['AGE_GROUP'] == 'INFANT' || @['tags']['AGE_GROUP'] == 'MINOR') && @['tags']['INTRODUCER_AVAILABILITY'] == 'true')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + + + + + + diff --git a/registration-processor-camel-routes-res-reprint-default.xml b/registration-processor-camel-routes-res-reprint-default.xml new file mode 100644 index 00000000000..3f449f06fed --- /dev/null +++ b/registration-processor-camel-routes-res-reprint-default.xml @@ -0,0 +1,94 @@ + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + diff --git a/registration-processor-camel-routes-res-update-default.xml b/registration-processor-camel-routes-res-update-default.xml new file mode 100644 index 00000000000..660ebc1e0c2 --- /dev/null +++ b/registration-processor-camel-routes-res-update-default.xml @@ -0,0 +1,273 @@ + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'abis-handler-bus-in')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'abis-middle-ware-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'demo-dedupe-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'bio-dedupe-bus-in')] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + diff --git a/registration-processor-camel-routes-update-default.xml b/registration-processor-camel-routes-update-default.xml new file mode 100644 index 00000000000..27d4f6840bd --- /dev/null +++ b/registration-processor-camel-routes-update-default.xml @@ -0,0 +1,561 @@ + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-officerId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-officerId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '' && @['tags']['META_INFO-OPERATIONS_DATA-supervisorId'] != '--TAG_VALUE_NOT_AVAILABLE--')] + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT' || @['tags']['AGE_GROUP'] == 'MINOR' || @['tags']['INTRODUCER_AVAILABILITY'] == 'true')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT' || @['tags']['AGE_GROUP'] == 'MINOR' || @['tags']['INTRODUCER_AVAILABILITY'] == 'true')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['tags']['BIOMETRIC_CORRECTION_FLOW_STATUS'] in ['FAILED'] || @['tags']['BIOMETRIC_CORRECTION_FLOW_STATUS'] in ['REJECTED'])] + BIOMETRIC_CORRECTION + 1296000 + + + + $.[?(@['tags']['Biometric_Quality-Iris'] in ['level-4','level-5','level-6','level-7','level-8','level-9','level-10','--Biometrics-Not-Available--'] && @['tags']['Biometric_Quality-Finger'] in ['level-4','level-5','level-6','level-7','level-8','level-9','level-10','--Biometrics-Not-Available--'] && @['tags']['Biometric_Quality-Face'] in ['level-4','level-5','level-6','level-7','level-8','level-9','level-10','--Biometrics-Not-Available--'])] + + + + $.[?(@['tags']['Biometric_Quality-Iris'] in ['level-1','level-2','level-3'] || @['tags']['Biometric_Quality-Finger'] in ['level-1','level-2','level-3'] || @['tags']['Biometric_Quality-Face'] in ['level-1','level-2','level-3'])] + BIOMETRIC_CORRECTION + + 1296000 + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'abis-handler-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'manual-adjudication-bus-in')] + + + + $.[?(@['tags']['AGE_GROUP'] == 'INFANT')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'abis-middle-ware-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'demo-dedupe-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'bio-dedupe-bus-in')] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + $.[?(@['messageBusAddress']['address'] == 'verification-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'abis-handler-bus-in')] + + + + $.[?(@['messageBusAddress']['address'] == 'manual-adjudication-bus-in')] + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + + + + + + $.[?(@['isValid'] == false && @['internalError'] == true)] + + + + $.[?(@['isValid'] == true && @['internalError'] == true)] + + + + $.[?(@['isValid'] == false && @['internalError'] == false)] + + + + + + + + + diff --git a/registration-processor-credential-partners.json b/registration-processor-credential-partners.json new file mode 100644 index 00000000000..0540d3d3025 --- /dev/null +++ b/registration-processor-credential-partners.json @@ -0,0 +1,30 @@ +{ + "partners": [ + { + "id": "digitalcardPartner", + "partnerId": "mpartner-default-digitalcard", + "credentialType": "PDFCard", + "template": "RPR_UIN_CARD_TEMPLATE", + "appIdBasedCredentialIdSuffix": "-PDF", + "process": null, + "metaInfoFields": null + }, + { + "id": "printPartner", + "partnerId": "mpartner-default-print", + "credentialType": "euin", + "template": "RPR_UIN_CARD_TEMPLATE", + "appIdBasedCredentialIdSuffix": null, + "process": null, + "metaInfoFields": null + }, + { + "id": "opencrvsPartner", + "partnerId": "opencrvs-partner", + "type": "opencrvs", + "template": "RPR_UIN_CARD_TEMPLATE", + "process": ["OPENCRVS_NEW"], + "metaInfoFields": ["opencrvsBRN"] + } + ] +} diff --git a/registration-processor-default.properties b/registration-processor-default.properties new file mode 100644 index 00000000000..0cd79812b66 --- /dev/null +++ b/registration-processor-default.properties @@ -0,0 +1,1003 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.internal.host +# mosip.regproc.client.secret +# keycloak.internal.url +# activemq.host +# activemq.core.port +# s3.accesskey +# s3.region +# s3.secretkey + +registration.processor.zone=default + +mosip.regproc.notification.url=http://regproc-notifier.regproc +packetmanager.base.url=http://packetmanager.packetmanager/commons + +## Health check +management.endpoint.health.show-details=always + +## ABIS +# Maximum abis records to be fetched at a time +registration.processor.abis.maxResults=30 +# Dummy Tag for face in cbeff file +registration.processor.abis.targetFPIR=30 +# supported 'byte' and 'text format +activemq.message.format=text +# Buffer time above the expiry for all queues to allow reprocessing (in seconds) +registration.processor.bio.dedupe.reprocess.buffer.time=900 + +## Database +## Database properties +# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +# If database is external to production, provide the DNS or ip of the host and port +mosip.registration.processor.database.hostname=postgres-postgresql.postgres +mosip.registration.processor.database.port=5432 +javax.persistence.jdbc.driver=org.postgresql.Driver +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.registration.processor.database.hostname}:${mosip.registration.processor.database.port}/mosip_regprc?currentSchema=regprc +javax.persistence.jdbc.user=regprcuser +javax.persistence.jdbc.password=${db.dbuser.password} + +## Hibernate +hibernate.hbm2ddl.auto=none +hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect +hibernate.jdbc.lob.non_contextual_creation=true +hibernate.show_sql=false + +## Packets +## This must match mounted folder specified in the helm chart of packet receiver. +registration.processor.LANDING_ZONE = /mnt/landing +# The known packet sources. Should be set as all fieldCategory present in idschema +# (NOTE : if fieldCategory is set as pvt then the source should be id) +registration.processor.sourcepackets=id,evidence,optional +# The mandatory default source packet. (In default configuration this is thd id packet) +packet.default.source=id +# the default schema field cagegory (ex - private) +schema.default.fieldCategory=pvt,none +packet.info.storage.service=* +mosip.preferred-language.enabled=false + +## Camel bridge +# Url to cluster manager to enable this stage for joining the cluster in secure zone +cluster.manager.file.name=hazelcast_default.xml +# Workel pool size to process multiple requests parallely +worker.pool.size=10 +# Route files corresponding to the secure flow +camel.secure.active.flows.file.names=registration-processor-camel-routes-new-default.xml,registration-processor-camel-routes-update-default.xml,registration-processor-camel-routes-activate-default.xml,registration-processor-camel-routes-res-update-default.xml,registration-processor-camel-routes-deactivate-default.xml,registration-processor-camel-routes-lost-default.xml,registration-processor-camel-routes-res-reprint-default.xml,registration-processor-camel-routes-biometric-correction-default.xml,registration-processor-camel-routes-opencrvs_new-default.xml + +# main processor used in stages +registration.processor.main-processes=NEW,UPDATE,LOST,RES_UPDATE,ACTIVATE,DEACTIVATE,OPENCRVS_NEW +# sub processor used in stages +registration.processor.sub-processes=BIOMETRIC_CORRECTION + +## Token generation +token.request.id=io.mosip.registration.processor +token.request.appid=regproc +token.request.version=1.0 +token.request.clientId=mosip-regproc-client +token.request.secretKey=${mosip.regproc.client.secret} +# Token generation issuer url. NOTE: The url here must match the one mentioned in keycloak auth token, otherwise +# performance of system will be severly affected. +token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip + +## Audit Service +AUDIT=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits + +## Auth Service +authmanager.base.url=${mosip.kernel.authmanager.url} +KEYBASEDTOKENAPI=${authmanager.base.url}/v1/authmanager/authenticate/clientidsecretkey +TOKENVALIDATE=${authmanager.base.url}/v1/authmanager/authorize/admin/validateToken +GETRIDFROMUSERID=${authmanager.base.url}/v1/authmanager/rid +IDAINTERNAL=${mosip.ida.internal.url} +INTERNALAUTH=${IDAINTERNAL}/idauthentication/v1/internal/auth +GETINDIVIDUALIDFROMUSERID=${authmanager.base.url}/v1/authmanager/individualId + +## Master Data Services +MASTER=${mosip.kernel.masterdata.url}/v1/masterdata +MACHINEHISTORY=${MASTER}/machineshistories +CENTERHISTORY=${MASTER}/registrationcentershistory +CENTERUSERMACHINEHISTORY=${MASTER}/getregistrationmachineusermappinghistory +REVERSEDATASYNC=http://prereg-datasync.prereg/preregistration/v1/sync/consumedPreRegIds +CENTERDETAILS=${MASTER}/registrationcenters +MACHINEDETAILS=${MASTER}/machines +DEVICESHISTORIES=${MASTER}/deviceshistories +REGISTRATIONCENTERDEVICEHISTORY=${MASTER}/registrationcenterdevicehistory +REGISTRATIONCENTERTIMESTAMP=${MASTER}/registrationcenters/validate +USERDETAILS=${MASTER}/users +TEMPLATES=${MASTER}/templates +DEVICEVALIDATEHISTORY=${mosip.pms.partnermanager.url}/v1/partnermanager/deviceprovidermanagement/validate +#To get the idschema from masterdata db +IDSCHEMA=${MASTER}/idschema/latest +LANGUAGE=${MASTER}/languages + +## ID Repository Services +IDENTITY=${mosip.idrepo.identity.url} +IDREPOSITORY=${IDENTITY}/idrepository/v1/identity/ +IDREPOGETIDBYUIN=${IDENTITY}/idrepository/v1/identity/idvid +UINGENERATOR=${mosip.kernel.idgenerator.url}/v1/idgenerator/uin +RETRIEVEIDENTITYFROMRID=${IDENTITY}/idrepository/v1/identity/idvid +RETRIEVEIDENTITY=${IDENTITY}/idrepository/v1/identity/idvid +CREATEVID=${mosip.idrepo.vid.url}/idrepository/v1/vid +GETUINBYVID=${mosip.idrepo.vid.url}/idrepository/v1/idvid +CREDENTIALREQUEST=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/requestgenerator +CREDENTIALREQUESTV2=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/v2/requestgenerator +GETVIDSBYUIN=${mosip.idrepo.vid.url}/idrepository/v1/vid/uin +IDREPOHASDRAFT=${IDENTITY}/idrepository/v1/identity/draft +IDREPOGETDRAFT=${IDENTITY}/idrepository/v1/identity/draft +IDREPOCREATEDRAFT=${IDENTITY}/idrepository/v1/identity/draft/create +IDREPOUPDATEDRAFT=${IDENTITY}/idrepository/v1/identity/draft/update +IDREPOPUBLISHDRAFT=${IDENTITY}/idrepository/v1/identity/draft/publish +IDREPOEXTRACTBIOMETRICS=${IDENTITY}/idrepository/v1/identity/draft/extractbiometrics/ + +## Encrypt Services +KEYMANAGER=${mosip.kernel.keymanager.url} +ENCRYPTURL=${KEYMANAGER}/v1/keymanager/encrypt +ENCRYPTIONSERVICE=${KEYMANAGER}/v1/keymanager/publickey + +## Digital Signature Service +DIGITALSIGNATURE=${KEYMANAGER}/v1/keymanager/sign +mosip.registration.processor.digital.signature.id=io.mosip.registration.processor + +# Status for matched records in demo dedupe stage. +# 'REJECTED' will automatically reject packets failed in demo dedupe. It will not be sent for manual verification. +registration.processor.demodedupe.manual.adjudication.status=PENDING + +# Validate hostlisted devices +DEVICEHOTLIST=${mosip.admin.hotlist.url}/v1/hotlist/status +JWTVERIFY=${KEYMANAGER}/v1/keymanager/jwtVerify + +## Crypto +CRYPTOMANAGERDECRYPT=${KEYMANAGER}/v1/keymanager/decrypt +crypto.PrependThumbprint.enable=true + +## SMS and EMAIL notification services +NOTIFIER=${mosip.kernel.notification.url} +SMSNOTIFIER=${NOTIFIER}/v1/notifier/sms/send +EMAILNOTIFIER=${NOTIFIER}/v1/notifier/email/send + +## PMS +PMS=${mosip.pms.policymanager.url}/v1/policymanager/policies +PARTNERGETBIOEXTRACTOR=${mosip.pms.partnermanager.url}/v1/partnermanager/partners + +## Registration status properties +## Max retries allowed by registration client if sanity check of packet fails in packet uploader stage. +registration.processor.max.retry=10 +mosip.registration.processor.registration.status.id=mosip.registration.status +mosip.registration.processor.registration.sync.id=mosip.registration.sync +mosip.registration.processor.registration.transaction.id=mosip.registration.transaction +mosip.registration.processor.sync.version=1.0 +mosip.registration.processor.registration.status.version=1.0 +mosip.registration.processor.transaction.version=1.0 +mosip.registration.processor.lostrid.id=mosip.registration.lostrid +mosip.registration.processor.lostrid.version=1.0 + +mosip.registration.processor.registration.external.status.id=mosip.registration.external.status +mosip.registration.processor.packet.external.status.id=mosip.registration.packet.external.status + +# LatestTransactionTypeCodes Before uploading to Object Store +mosip.registration.processor.packet.status.transactiontypecodes-before-uploading-to-objectstore=PACKET_RECEIVER,SECUREZONE_NOTIFICATION +# LatestTransactionTypeCode uploading to Object Store +mosip.registration.processor.packet.status.transactiontypecodes-uploading-to-objectstore=UPLOAD_PACKET +# LatestTransactionTypeCodes time based resend required +mosip.registration.processor.packet.status.transactiontypecodes-time-based-resend-required=PACKET_RECEIVER + +mosip.registration.processor.registration.status.external-statuses-to-consider-processed=UIN_GENERATED,REREGISTER,REJECTED,REPROCESS_FAILED + +# this property is used in lostrid api to get postal code +mosip.registration.processor.postalcode.req.url=${MASTER}/registrationcenters + +# To enable/disable demo dedup +mosip.registration.processor.demographic.deduplication.enable=true + +## OSI validate +registration.processor.applicant.dob.format=yyyy/MM/dd +mosip.identity.auth.internal.requestid=mosip.identity.auth.internal +#Internal Auth env +mosip.identity.auth.internal.env=Staging +mosip.kernel.device.validate.history.id="" +auth.PrependThumbprint.enable=false + +## Packet receiver +registration.processor.max.file.size=5 +mosip.registration.processor.application.version=1.0 +mosip.registration.processor.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +# Date pattern for registrationDate that should be followed in lostrid request +mosip.registration.processor.lostrid.registrationdate.pattern=yyyy-MM-dd +mosip.registration.processor.timezone=GMT +mosip.registration.processor.packet.id=mosip.registration.packet +mosip.registration.processor.grace.period=10800 +# Supported commmit config: auto, batch, single +mosip.regproc.packet.receiver.eventbus.kafka.commit.type=single +# Maximum records that can be received in one poll from kafka +mosip.regproc.packet.receiver.eventbus.kafka.max.poll.records=100 +# Interval between each poll calls to kafka in milli sec +mosip.regproc.packet.receiver.eventbus.kafka.poll.frequency=100 +# Kafka consumer group id, used by kafka to identify multiple instances of the same consumer +mosip.regproc.packet.receiver.eventbus.kafka.group.id=packet-receiver-stage +# Base sevlet path for the stage +mosip.regproc.packet.receiver.server.servlet.path=/registrationprocessor/v1/packetreceiver +# Port number in which the application will run +mosip.regproc.packet.receiver.server.port=8081 +# Port number to be used by eventbus for communicating with other vertx apps in the cluster +mosip.regproc.packet.receiver.eventbus.port=5711 +# Flag to disable the copying of tags from the packet manger to the message event +mosip.regproc.packet.receiver.message.tag.loading.disable=true + +## UIN generation +registration.processor.id.repo.create=mosip.id.create +registration.processor.id.repo.read=mosip.id.read +registration.processor.id.repo.update=mosip.id.update +registration.processor.id.repo.vidType=Perpetual +registration.processor.id.repo.generate=mosip.vid.create +registration.processor.id.repo.vidVersion=v1 + +## Virus scanner +registration.processor.packet.ext=.zip +registration.processor.application.id=REGISTRATION +registration.processor.rid.machineidsubstring=10 +mosip.regproc.virusscanner.provider=io.mosip.kernel.virusscanner.clamav.impl.VirusScannerImpl + +## Message sender +# Mapping identity json to map with the applicant id json +registration.processor.identityjson=identity-mapping.json +registration.processor.abis.json=registration-processor-abis.json +registration.processor.demographic.identity=identity +registration.processor.notification.emails= + +## Notification service +registration.processor.notification_service_subscriber_secret={cipher}1b1c1a60abf045c34fff60457976178e5c70c949634ad568f5a5510007bfa438 +registration.processor.notification_service_subscriber_callback_url=${mosip.regproc.notification.url}/registrationprocessor/v1/notification/callback/notify +registration.processor.notification_service_pausedforadditonalinfo_subscriber_secret={cipher}1b1c1a60abf045c34fff60457976178e5c70c949634ad568f5a5510007bfa438 +mosip.regproc.workflow.pausedforadditionalinfo.topic=REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT +registration.processor.notification_service_pausedforadditonalinfo_subscriber_callback_url=${mosip.regproc.notification.url}/registrationprocessor/v1/notification/callback/notifyPausedForAdditionalInfo + +# Email template code for PauseForAdditionalInfo +mosip.regproc.notification_service.biometric_correction.email=RPR_PAUSED_FOR_ADD_INFO_EMAIL +# SMS template code for PauseForAdditionalInfo +mosip.regproc.notification_service.biometric_correction.sms=RPR_PAUSED_FOR_ADD_INFO_SMS +# SUBJECT template code for PauseForAdditionalInfo +mosip.regproc.notification_service.biometric_correction.subject=Requesting the additional details for progressing on the application of UIN + +## Email +registration.processor.uin.generated.subject=UIN Generated +registration.processor.duplicate.uin.subject=Registration Failed because you have already Registered +registration.processor.reregister.subject=Re-Register because there was a Technical Issue +registration.processor.uin.activated.subject=Uin is activated successfully +registration.processor.uin.deactivated.subject=Uin is deactivated +registration.processor.updated.subject=UIN Details Updated + +## Queue +registration.processor.queue.username=artemis +registration.processor.queue.password=${activemq.password} +registration.processor.queue.url=tcp://${activemq.host}:${activemq.core.port} +registration.processor.queue.typeOfQueue=ACTIVEMQ +registration.processor.queue.connection.retry.count=100 +registration.processor.queue.trusted.packages=io.mosip.* + +registration.processor.queue.manualverification.request=mosip-to-mv +# queue name where mosip will receive response from external mv system +registration.processor.queue.manualverification.response=mv-to-mosip + +## Packet validator +registration.processor.applicant.type=applicanttype-document-mapping.json + +## Reprocessor stage +# Number of the reprocess records to be fetched at a time +registration.processor.reprocess.fetchsize=100 +registration.processor.reprocess.limit=500 +registration.processor.pause.packets.for.backpressure=true +# The reprocessor scheduler configurations +# The elapse time (in sec) beyond which the rids will be considered for reprocessing +registration.processor.reprocess.elapse.time=900 +# The maximum reprocess count. Beyond this the rid will not be considered for reprocessing. +registration.processor.reprocess.attempt.count=20 +registration.processor.reprocess.type=cron +registration.processor.reprocess.seconds=0 +# TODO: time reduced for testing. Revert for production. +#registration.processor.reprocess.minutes=0,5,10,15,20,25,30,35,40,45,50,55 +# Every 3 min +registration.processor.reprocess.minutes=0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 +registration.processor.reprocess.hours=* +registration.processor.reprocess.days_of_month=* +registration.processor.reprocess.months=* +registration.processor.reprocess.days_of_week=* + +# Verification +mosip.regproc.verification.eventbus.kafka.commit.type=single +mosip.regproc.verification.eventbus.kafka.max.poll.records=100 +mosip.regproc.verification.eventbus.kafka.poll.frequency=100 +mosip.regproc.verification.eventbus.kafka.group.id=verification-stage +mosip.regproc.verification.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} + +registration.processor.verification.queue.username=${registration.processor.queue.username} +registration.processor.verification.queue.password=${registration.processor.queue.password} +registration.processor.verification.queue.url=${registration.processor.queue.url} +registration.processor.verification.queue.typeOfQueue=${registration.processor.queue.typeOfQueue} +registration.processor.verification.queue.response=verification-to-mosip +registration.processor.queue.verification.request=mosip-to-verification +registration.processor.verification.policy.id=mpolicy-default-adjudication +registration.processor.verification.subscriber.id=mpartner-default-adjudication +registration.processor.queue.verification.request.messageTTL=5400 +mosip.regproc.verification.eventbus.port=5730 +mosip.regproc.verification.server.port=8101 +mosip.regproc.verification.server.servlet.path=/registrationprocessor/v1/verification +registration.processor.verification.queue.trusted.packages=io.mosip.* + +# Manual adjudication +mosip.regproc.manual.adjudication.eventbus.kafka.commit.type=single +mosip.regproc.manual.adjudication.eventbus.kafka.max.poll.records=10 +mosip.regproc.manual.adjudication.eventbus.kafka.poll.frequency=100 +mosip.regproc.manual.adjudication.eventbus.kafka.group.id=manual-adjudication-stage +mosip.regproc.manual.adjudication.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.manual.adjudication.server.servlet.path=/registrationprocessor/v1/manualverification +mosip.regproc.manual.adjudication.server.port=8084 +mosip.regproc.manual.adjudication.eventbus.port=5720 +mosip.regproc.manual.adjudication.use.lts.format=true +mosip.registration.processor.manual.adjudication.assignment.id=mosip.manual.adjudication.assignment +mosip.registration.processor.manual.adjudication.decision.id=mosip.manual.adjudication.decision +mosip.registration.processor.manual.adjudication.biometric.id=mosip.manual.adjudication.biometric +mosip.registration.processor.manual.adjudication.demographic.id=mosip.manual.adjudication.demographic +mosip.registration.processor.manual.adjudication.packetinfo.id=mosip.manual.adjudication.packetinfo +registration.processor.queue.manual.adjudication.request=mosip-to-adjudication +registration.processor.manual.adjudication.queue.response=adjudication-to-mosip + +#Manual verification queue message expiry in seconds, if given 0 then message will never expire +registration.processor.queue.manual.adjudication.request.messageTTL=5400 +# Buffer time above the expiry queue to allow reprocessing (in seconds) +registration.processor.manual.adjudication.reprocess.buffer.time=900 +registration.processor.manual.adjudication.policy.id=mpolicy-default-adjudication +registration.processor.manual.adjudication.subscriber.id=mpartner-default-adjudication +# Manual verification queue message expiry in seconds, if given 0 then message will never expire +# Buffer time above the expiry queue to allow reprocessing (in seconds) +registration.processor.manual.adjudication.queue.username=${registration.processor.queue.username} +registration.processor.manual.adjudication.queue.password=${registration.processor.queue.password} +registration.processor.manual.adjudication.queue.url=${registration.processor.queue.url} +registration.processor.manual.adjudication.queue.typeOfQueue=${registration.processor.queue.typeOfQueue} +registration.processor.manual.adjudication.queue.trusted.packages=io.mosip.* + +#WorkflowAction service websub topic name +mosip.regproc.workflow.complete.topic=REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT +mosip.regproc.workflow.action.job.server.port=8026 +mosip.regproc.workflow.action.job.eventbus.port=5754 +mosip.regproc.workflow.action.job.server.servlet.path=/registrationprocessor/v1/workflowmanager +mosip.regproc.workflow.action.job.eventbus.kafka.commit.type=single +mosip.regproc.workflow.action.job.eventbus.kafka.max.poll.records=100 +mosip.regproc.workflow.action.job.eventbus.kafka.poll.frequency=100 +mosip.regproc.workflow.action.job.eventbus.kafka.group.id=workflow-manager-service + +## Workflow manager +mosip.regproc.workflow-manager.action.api-id=mosip.registration.processor.workflow.action +mosip.regproc.workflow-manager.action.version=1.0 +mosip.regproc.workflow-manager.search.api-id=mosip.registration.processor.workflow.search +mosip.regproc.workflow-manager.search.version=v1 +mosip.regproc.workflow-manager.action.resumefrombeginning.stage=PacketUploaderStage +#Number of the WorkflowAction job records to be fetched at a time +mosip.regproc.workflow-manager.action.job.fetchsize=100 +#Maximum number of iterations allowed for pause and request additional info default +mosip.regproc.workflow-manager.internal.action.max-allowed-iteration=5 +#Maximum number of iterations allowed for pause and request additional info for BIOMETRIC_CORRECTION +mosip.regproc.workflow-manager.internal.action.max-allowed-iteration.BIOMETRIC_CORRECTION=5 + +# The WorkflowAction scheduler configurations +# WorkflowAction scheduler type +mosip.regproc.workflow-manager.action.job.type=cron +#schedular seconds configuration +mosip.regproc.workflow-manager.action.job.seconds=* +#schedular minutes configuration +mosip.regproc.workflow-manager.action.job.minutes=0,5,10,15,20,25,30,35,40,45,50,55 +#schedular hours configuration +mosip.regproc.workflow-manager.action.job.hours=* +#schedular days configuration +mosip.regproc.workflow-manager.action.job.days_of_month=* +#schedular months configuration +mosip.regproc.workflow-manager.action.job.months=* +#schedular weeks configuration +mosip.regproc.workflow-manager.action.job.days_of_week=* +# The packets which are satisfied below filter will restart from restart-from-stage +# For example BioDedupeStage:SUCCESS is given in filter and stage is SecurezoneNotificationStage then packet which latest transaction status code is SUCCESS and its in in BioDedupeStage then it will restart processing from SecurezoneNotificationStage. +registration.processor.reprocess.restart-from-stage=SecurezoneNotificationStage +# * means it will consider SUCCESS,REPROCESS,IN_PROGRESS latest transaction status codes, any stage having both * and another status, it will be considered to have all the statuses for that stage +registration.processor.reprocess.restart-trigger-filter=DemoDedupeStage:SUCCESS,BioDedupeStage:*,UinGeneratorStage:REPROCESS + + +mosip.regproc.workflow.manager.eventbus.kafka.commit.type=single +mosip.regproc.workflow.manager.eventbus.kafka.max.poll.records=100 +mosip.regproc.workflow.manager.eventbus.kafka.poll.frequency=100 +mosip.regproc.workflow.manager.eventbus.kafka.group.id=workflow-manager +mosip.regproc.workflow.manager.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} + +#Service Ids +#Audit request id +mosip.registration.processor.audit.id=mosip.applicanttype.getApplicantType +#Cryptomanager decrypt request id +mosip.registration.processor.crypto.decrypt.id=mosip.cryptomanager.decrypt +#SMS notification request id +mosip.registration.processor.sms.id=mosip.sms.send + +#Kernel Crypto signature +registration.processor.signature.isEnabled=true + +## Enable this flag only if infant biometrics are captured, and dedup is desired. +registration.processor.infant.dedupe=N + +# ID Authentication +IDAUTHENCRYPTION=${IDAINTERNAL}/idauthentication/v1/internal/encrypt +IDAUTHPUBLICKEY=${IDAINTERNAL}/idauthentication/v1/internal/publickey +IDAUTHCERTIFICATE=${IDAINTERNAL}/idauthentication/v1/internal/getCertificate +ida-internal-auth-uri=${IDAINTERNAL}/idauthentication/v1/internal/auth +ida-internal-get-certificate-uri=${IDAINTERNAL}/idauthentication/v1/internal/getCertificate + +registration.processor.objectstore.adapter.name=S3Adapter +PACKETMANAGER_SEARCH_FIELD=${packetmanager.base.url}/v1/packetmanager/searchField +PACKETMANAGER_SEARCH_FIELDS=${packetmanager.base.url}/v1/packetmanager/searchFields +PACKETMANAGER_SEARCH_METAINFO=${packetmanager.base.url}/v1/packetmanager/metaInfo +PACKETMANAGER_VALIDATE=${packetmanager.base.url}/v1/packetmanager/validatePacket +PACKETMANAGER_SEARCH_DOCUMENT=${packetmanager.base.url}/v1/packetmanager/document +PACKETMANAGER_SEARCH_BIOMETRICS=${packetmanager.base.url}/v1/packetmanager/biometrics +PACKETMANAGER_SEARCH_AUDITS=${packetmanager.base.url}/v1/packetmanager/audits +PACKETMANAGER_INFO=${packetmanager.base.url}/v1/packetmanager/info +PACKETMANAGER_UPDATE_TAGS=${packetmanager.base.url}/v1/packetmanager/addOrUpdateTag +PACKETMANAGER_DELETE_TAGS=${packetmanager.base.url}/v1/packetmanager/deleteTag +PACKETMANAGER_GET_TAGS=${packetmanager.base.url}/v1/packetmanager/getTags +DATASHARECREATEURL=/v1/datashare/create +DATASHAREGETEURL=${mosip.datashare.url}/v1/datashare/get +# Default abis is mock-abis provided by MOSIP +registration.processor.policy.id=mpolicy-default-abis +registration.processor.subscriber.id=mpartner-default-abis + +## TODO: check if this is needed 'cause are not using pure domain anymore. +mosip.regproc.data.share.internal.domain.name=datashare.datashare +mosip.regproc.data.share.protocol=http + +#iam adapter +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter + +# BioSDK +#mosip.biosdk.default.host=${mosip.regproc.biosdk.url} +mosip.biosdk.default.service.url=${mosip.mock.biosdk.url}/biosdk-service +# The fully qualified Class Name of the BIO SDK API implemented for Finger modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Finger modality +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.format.url.mock-1.1=${mosip.biosdk.default.service.url} +# The default URL will be taken if no format specified in the extraction or the incoming extraction format is not configured. +# If the below default configuration is not configured, the one of the configured url will be used as the default URL. +# If no URL is configured, the default URL will be taken from the environment variable 'mosip_biosdk_service'. +mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url} + +# The fully qualified Class Name of the BIO SDK API implemented for Iris modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Iris modality +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.format.url.mock-1.1=${mosip.biosdk.default.service.url} + +# The fully qualified Class Name of the BIO SDK API implemented for Face modality +# This class will be loaded in runtime, the containing jar should be available in classpath +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 +# The version of the BIO SDK API implemeted for Face modality +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.version=0.9 +mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.format.url.mock-1.1=${mosip.biosdk.default.service.url} + +## Credential requestor +mosip.registration.processor.credentialtype=euin +mosip.registration.processor.encrypt=false +mosip.registration.processor.credential.request.service.id=mosip.credential.request.generator + +mosip.registration.processor.credential.partner-profiles=registration-processor-credential-partners.json +mosip.registration.processor.credential.default.partner-ids=digitalcardPartner,opencrvsPartner +mosip.registration.processor.credential.conditional.partner-id-map={'printPartner':'{"14023"} contains postalCode'} +mosip.registration.processor.credential.conditional.no-match-partner-ids=printPartner + +## Stage common +#After this time intervel, message should be considered as expired (In seconds), +#value as 0 and negative will disable message expiry checks +mosip.regproc.common.stage.message.expiry-time-limit=3600 + +## Kafka Event bus +#Supported eventbus types: vertx, kafka. Defaults to vertx if the config is not given +mosip.regproc.eventbus.type=kafka + +#Kafka event bus config, will be used only when the type is kafka +#Kafka cluster servers comma separated, common for all stages and camel +mosip.regproc.eventbus.kafka.bootstrap.servers=kafka-0.kafka-headless.${kafka.profile}:${kafka.port},kafka-1.kafka-headless.${kafka.profile}:${kafka.port},kafka-2.kafka-headless.${kafka.profile}:${kafka.port} + +# Stage Group Configuratoins +# Default base packages for stage beans to be scanned in a stage group +mosip.regproc.mosip-stage-executor.stage-beans-base-packages.default=io.mosip.registration.processor,io.mosip.registrationprocessor,io.mosip.registartion.processor + +#Event bus address for anonymous profile +mosip.anonymous.profile.eventbus.address=anonymous-profile-bus-in + +#camel-bridge +mosip.regproc.camel.bridge.eventbus.kafka.commit.type=single +mosip.regproc.camel.bridge.eventbus.kafka.max.poll.records=100 +mosip.regproc.camel.bridge.eventbus.kafka.poll.frequency=100 +#Above 3 camel kafka config will have no effect, it is kept because MosipBridgeFactory extends +#MosipVerticleAPIManager +mosip.regproc.camel.bridge.eventbus.kafka.group.id=camel-bridge +mosip.regproc.camelbridge.endpoint-prefix=eventbus:// +mosip.regproc.camelbridge.pause-settings=[{"ruleId" :"PAUSE","matchExpression": "$.tags[?(@['AGE_GROUP'] == 'ADULT'&& @['ID_OBJECT-residenceStatus'] == 'Foreigner')]","pauseFor": 180,"defaultResumeAction": "RESUME_PROCESSING","fromAddress": "eventbus://packet-classifier-new-bus-out","ruleDescription" : "Non resident adult applicant packet"}],[{"ruleId" :"HOTLISTED_OPERATOR","matchExpression": "$.tags[?(@['HOTLISTED'] == 'operator')]","pauseFor": 432000,"defaultResumeAction": "STOP_PROCESSING","fromAddress": ".*","ruleDescription" : "Packet created by hotlisted operator"}] +## Securzone stage (NOTE: not used in V3, but need this for service to start) +mosip.regproc.securezone.notification.eventbus.kafka.commit.type=single +mosip.regproc.securezone.notification.eventbus.kafka.max.poll.records=100 +mosip.regproc.securezone.notification.eventbus.kafka.poll.frequency=100 +mosip.regproc.securezone.notification.eventbus.kafka.group.id=securezone-notification-stage +mosip.regproc.securezone.notification.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.securezone.notification.server.port=8090 +mosip.regproc.securezone.notification.server.servlet.path=/registrationprocessor/v1/securezone +mosip.regproc.securezone.notification.eventbus.port=5712 +mosip.regproc.securezone.notification.message.tag.loading.disable=true + +#packet-uploader-stage +mosip.regproc.packet.uploader.eventbus.kafka.commit.type=single +mosip.regproc.packet.uploader.eventbus.kafka.max.poll.records=5 +mosip.regproc.packet.uploader.eventbus.kafka.poll.frequency=500 +mosip.regproc.packet.uploader.eventbus.kafka.group.id=packet-uploader-stage +mosip.regproc.packet.uploader.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.packet.uploader.server.port=8087 +mosip.regproc.packet.uploader.server.servlet.path=/registrationprocessor/v1/uploader +mosip.regproc.packet.uploader.eventbus.port=5714 +packet.manager.iteration.addition.enabled=true + +packet.uploader.stage=registration-processor-packet-uploader-stage + +#packet-validator-stage +mosip.regproc.packet.validator.eventbus.kafka.commit.type=batch +mosip.regproc.packet.validator.eventbus.kafka.max.poll.records=4 +mosip.regproc.packet.validator.eventbus.kafka.poll.frequency=500 +mosip.regproc.packet.validator.eventbus.kafka.group.id=packet-validator-stage +mosip.regproc.packet.validator.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.packet.validator.server.port=8088 +mosip.regproc.packet.validator.eventbus.port=5715 +mosip.regproc.packet.validator.server.servlet.path=/registrationprocessor/v1/packetvalidator +mosip.regproc.packet.validator.validate-applicant-document=true +mosip.regproc.packet.validator.validate-applicant-document.processes=NEW,UPDATE,LOST,BIOMETRIC_CORRECTION + +## Operator validator +mosip.regproc.operator-validator.eventbus.kafka.commit.type=single +mosip.regproc.operator-validator.eventbus.kafka.max.poll.records=10 +mosip.regproc.operator-validator.eventbus.kafka.poll.frequency=100 +mosip.regproc.operator-validator.eventbus.kafka.group.id=operator-validator-stage +mosip.regproc.operator-validator.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.operator-validator.server.port=8093 +mosip.regproc.operator-validator.eventbus.port=5723 +mosip.regproc.operator-validator.server.servlet.path=/registrationprocessor/v1/operatorvalidator + +# Command validator +mosip.regproc.cmd-validator.eventbus.kafka.commit.type=single +mosip.regproc.cmd-validator.eventbus.kafka.max.poll.records=10 +mosip.regproc.cmd-validator.eventbus.kafka.poll.frequency=100 +mosip.regproc.cmd-validator.eventbus.kafka.group.id=cmd-validator-stage +mosip.regproc.cmd-validator.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.cmd-validator.server.port=8089 +mosip.regproc.cmd-validator.eventbus.port=5716 +mosip.regproc.cmd-validator.server.servlet.path=/registrationprocessor/v1/cmdvalidator +# Processes to enable center validation, for processes not mentioned here center validation will be skipped +mosip.regproc.cmd-validator.center-validation.processes=NEW,UPDATE,LOST,BIOMETRIC_CORRECTION +# Processes to enable machine validation, for processes not mentioned here machine validation will be skipped +mosip.regproc.cmd-validator.machine-validation.processes=NEW,UPDATE,LOST,BIOMETRIC_CORRECTION +# Processes to enable device validation, for processes not mentioned here device validation will be skipped +mosip.regproc.cmd-validator.device-validation.processes=NEW,UPDATE,LOST,BIOMETRIC_CORRECTION +# To enable or disable the Center working hour validation +mosip.regproc.cmd-validator.working-hour-validation-required=true +# To enable/disable trust validation of a digital id signature of a device +mosip.regproc.cmd-validator.device.disable-trust-validation=true +# Maximum duration in minutes permissible between digital id timestamp and packet creation time +mosip.regproc.cmd-validator.device.allowed-digital-id-timestamp-variation=30 +# Timestamp format followed in digital id and biometrics payload +mosip.regproc.cmd-validator.device.digital-id-timestamp-format=yyyy-MM-dd'T'HH:mm:ss'Z' + +## Packet classifier stage +mosip.regproc.packet.classifier.eventbus.kafka.commit.type=single +mosip.regproc.packet.classifier.eventbus.kafka.max.poll.records=10 +mosip.regproc.packet.classifier.eventbus.kafka.poll.frequency=100 +mosip.regproc.packet.classifier.eventbus.kafka.group.id=packet-classifier-stage +mosip.regproc.packet.classifier.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.packet.classifier.server.port=8092 +mosip.regproc.packet.classifier.eventbus.port=5724 +mosip.regproc.packet.classifier.server.servlet.path=/registrationprocessor/v1/packetclassifier + +## Quality classifier stage +mosip.regproc.quality.classifier.eventbus.kafka.commit.type=single +mosip.regproc.quality.classifier.eventbus.kafka.max.poll.records=10 +mosip.regproc.quality.classifier.eventbus.kafka.poll.frequency=100 +mosip.regproc.quality.classifier.eventbus.kafka.group.id=quality-classifier-stage +mosip.regproc.quality.classifier.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.quality.classifier.server.port=9072 +mosip.regproc.quality.classifier.eventbus.port=5727 +mosip.regproc.quality.classifier.server.servlet.path=/registrationprocessor/v1/qualityclassifier +# Below quality ranges map should contain proper quality group name and quality range, any overlap of the quality +# range will result in a random behaviour of tagging. In range, Lower value is inclusive and Upper value is Exclusive. +# Example : When the Biometric score is 39.9. this will be included in level-4 which ranges between 30-40. +# Example : when the Biometric score is 40. this will be included in level-5 which ranges between 40-50. +mosip.regproc.quality.classifier.tagging.quality.ranges={'level-1':'0-10','level-2':'10-20','level-3':'20-30','level-4':'30-40','level-5':'40-50','level-6':'50-60','level-7':'60-70','level-8':'70-80','level-9':'80-90','level-10':'90-101'} + +# Quality Tag Prefix +mosip.regproc.quality.classifier.tagging.quality.prefix=Biometric_Quality- +# The tag value that will be used by default when the packet does not have biometrics +mosip.regproc.quality.classifier.tagging.quality.biometric-not-available-tag-value=--Biometrics-Not-Available-- +# modality arrays that needs to be tagged +mosip.regproc.quality.classifier.tagging.quality.modalities=Iris,Finger,Face + +## Introducer validator stage +mosip.regproc.introducer-validator.eventbus.kafka.commit.type=single +mosip.regproc.introducer-validator.eventbus.kafka.max.poll.records=10 +mosip.regproc.introducer-validator.eventbus.kafka.poll.frequency=100 +mosip.regproc.introducer-validator.eventbus.kafka.group.id=introducer-validator-stage +mosip.regproc.introducer-validator.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.introducer-validator.server.port=8095 +mosip.regproc.introducer-validator.eventbus.port=5728 +mosip.regproc.introducer-validator.server.servlet.path=/registrationprocessor/v1/introducervalidator + +#demo-dedupe-stage +mosip.regproc.demo.dedupe.eventbus.kafka.commit.type=single +mosip.regproc.demo.dedupe.eventbus.kafka.max.poll.records=10 +mosip.regproc.demo.dedupe.eventbus.kafka.poll.frequency=1000 +mosip.regproc.demo.dedupe.eventbus.kafka.group.id=demo-dedupe-stage +mosip.regproc.demo.dedupe.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.demo.dedupe.server.port=8091 +mosip.regproc.demo.dedupe.eventbus.port=5717 +mosip.regproc.demo.dedupe.server.servlet.path=/registrationprocessor/v1/demodedupe +mosip.regproc.demo.dedupe.trim-whitespaces.simpleType-value=false + +#abis-handler-stage +mosip.regproc.abis.handler.eventbus.kafka.commit.type=single +mosip.regproc.abis.handler.eventbus.kafka.max.poll.records=10 +mosip.regproc.abis.handler.eventbus.kafka.poll.frequency=100 +mosip.regproc.abis.handler.eventbus.kafka.group.id=abis-handler-stage +mosip.regproc.abis.handler.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.abis.handler.server.port=9071 +mosip.regproc.abis.handler.eventbus.port=5726 +mosip.regproc.abis.handler.server.servlet.path=/registrationprocessor/v1/abishandler +mosip.regproc.abis.handler.biometric-modalities-segments-mapping-for-age-group={'MINOR' : {'Finger' : {'Left Thumb','Left LittleFinger','Left IndexFinger','Left MiddleFinger','Left RingFinger','Right Thumb','Right LittleFinger','Right IndexFinger','Right MiddleFinger','Right RingFinger'},'Iris' : {'Left', 'Right'}}, 'INFANT' : {'Face': {'Face'}}, 'ADULT': {'Finger': {'Left Thumb','Left LittleFinger','Left IndexFinger','Left MiddleFinger','Left RingFinger','Right Thumb','Right LittleFinger','Right IndexFinger','Right MiddleFinger','Right RingFinger'},'Iris' : {'Left', 'Right'}}, 'DEFAULT' : {'Finger' : {'Left Thumb','Left LittleFinger','Left IndexFinger','Left MiddleFinger','Left RingFinger','Right Thumb','Right LittleFinger','Right IndexFinger','Right MiddleFinger','Right RingFinger'},'Iris' : {'Left', 'Right'}}} +mosip.regproc.abis.handler.biometric-segments-exceptions-mapping={'Left Thumb' : 'leftThumb','Right Thumb' : 'rightThumb','Left MiddleFinger' : 'leftMiddle','Left RingFinger' : 'leftRing','Left LittleFinger' : 'leftLittle','Left IndexFinger' : 'leftIndex','Right MiddleFinger' : 'rightMiddle','Right RingFinger' : 'rightRing','Right LittleFinger' : 'rightLittle','Right IndexFinger' : 'rightIndex','Left' : 'leftEye','Right' : 'rightEye'} + +#bio-dedupe-stage +mosip.regproc.bio.dedupe.eventbus.kafka.commit.type=batch +mosip.regproc.bio.dedupe.eventbus.kafka.max.poll.records=10 +mosip.regproc.bio.dedupe.eventbus.kafka.poll.frequency=100 +mosip.regproc.bio.dedupe.eventbus.kafka.group.id=bio-dedupe-stage +mosip.regproc.bio.dedupe.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.bio.dedupe.server.port=9096 +mosip.regproc.bio.dedupe.eventbus.port=5718 +mosip.regproc.bio.dedupe.server.servlet.path=/registrationprocessor/v1/biodedupe + +# uin-generator-stage +mosip.regproc.uin.generator.eventbus.kafka.commit.type=batch +mosip.regproc.uin.generator.eventbus.kafka.max.poll.records=3 +mosip.regproc.uin.generator.eventbus.kafka.poll.frequency=500 +mosip.regproc.uin.generator.eventbus.kafka.group.id=uin-generator-stage +mosip.regproc.uin.generator.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.uin.generator.server.port=8099 +mosip.regproc.uin.generator.eventbus.port=5719 +mosip.regproc.uin.generator.server.servlet.path=/registrationprocessor/v1/uin-generator +mosip.regproc.uin.generator.trim-whitespaces.simpleType-value=false + +# abis-middle-ware-stage +mosip.regproc.abis.middleware.eventbus.kafka.commit.type=single +mosip.regproc.abis.middleware.eventbus.kafka.max.poll.records=100 +mosip.regproc.abis.middleware.eventbus.kafka.poll.frequency=5000 +mosip.regproc.abis.middleware.eventbus.kafka.group.id=abis-middle-ware-stage +mosip.regproc.abis.middleware.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.abis.middleware.server.port=8091 +mosip.regproc.abis.middleware.eventbus.port=5888 +mosip.regproc.abis.middleware.server.servlet.path=/registrationprocessor/v1/abismiddleware + +# Biometric extraction stage +mosip.regproc.biometric.extraction.eventbus.kafka.commit.type=single +mosip.regproc.biometric.extraction.eventbus.kafka.max.poll.records=100 +mosip.regproc.biometric.extraction.eventbus.kafka.poll.frequency=100 +mosip.regproc.biometric.extraction.eventbus.kafka.group.id=biometric-extraction-stage +biometric.extraction.default.partner.policy.ids=[{'partnerId':'mpartner-default-auth','policyId':'mpolicy-default-auth'},{'partnerId':'mpartner-default-print','policyId':'mpolicy-default-print'},{'partnerId':'mpartner-default-print','policyId':'mpolicy-default-qrcode'},{'partnerId':'mpartner-default-print','policyId':'mpolicy-default-euin'}] +mosip.regproc.biometric.extraction.server.port=9181 +mosip.regproc.biometric.extraction.eventbus.port=5727 +mosip.regproc.biometric.extraction.server.servlet.path=/registrationprocessor/v1/biometricextraction +mosip.regproc.biometric.extraction.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} + +## Finalization stage +mosip.regproc.finalization.eventbus.kafka.commit.type=single +mosip.regproc.finalization.eventbus.kafka.max.poll.records=100 +mosip.regproc.finalization.eventbus.kafka.poll.frequency=100 +mosip.regproc.finalization.eventbus.kafka.group.id=finalization-stage +mosip.regproc.finalization.server.port=9182 +mosip.regproc.finalization.eventbus.port=5728 +mosip.regproc.finalization.server.servlet.path=/registrationprocessor/v1/finalization +mosip.regproc.finalization.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} + +# biometric-authentication-stage +mosip.regproc.biometric.authentication.eventbus.kafka.commit.type=single +mosip.regproc.biometric.authentication.eventbus.kafka.max.poll.records=10 +mosip.regproc.biometric.authentication.eventbus.kafka.poll.frequency=100 +mosip.regproc.biometric.authentication.eventbus.kafka.group.id=biometric-authentication-stage +mosip.regproc.biometric.authentication.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.biometric.authentication.server.port=8020 +mosip.regproc.biometric.authentication.eventbus.port=5777 +mosip.regproc.biometric.authentication.server.servlet.path=/registrationprocessor/v1/bioauth + +# reprocessor-stage +mosip.regproc.reprocessor.eventbus.kafka.commit.type=single +mosip.regproc.reprocessor.eventbus.kafka.max.poll.records=100 +mosip.regproc.reprocessor.eventbus.kafka.poll.frequency=100 +mosip.regproc.reprocessor.eventbus.kafka.group.id=reprocessor-stage +mosip.regproc.reprocessor.server.port=8021 +mosip.regproc.reprocessor.eventbus.port=5750 +mosip.regproc.reprocessor.server.servlet.path=/registrationprocessor/v1/reprocessor + +## Supervisor validator stage +mosip.regproc.supervisor-validator.eventbus.kafka.commit.type=single +mosip.regproc.supervisor-validator.eventbus.kafka.max.poll.records=10 +mosip.regproc.supervisor-validator.eventbus.kafka.poll.frequency=100 +mosip.regproc.supervisor-validator.eventbus.kafka.group.id=supervisor-validator-stage +mosip.regproc.supervisor-validator.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.supervisor-validator.server.port=8094 +mosip.regproc.supervisor-validator.eventbus.port=5725 +mosip.regproc.supervisor-validator.server.servlet.path=/registrationprocessor/v1/supervisorvalidator + +## Message sender stage +mosip.regproc.message.sender.eventbus.kafka.commit.type=single +mosip.regproc.message.sender.eventbus.kafka.max.poll.records=10 +mosip.regproc.message.sender.eventbus.kafka.poll.frequency=100 +mosip.regproc.message.sender.eventbus.kafka.group.id=message-sender-stage +mosip.regproc.message.sender.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.message.sender.server.port=8088 +mosip.regproc.message.sender.eventbus.port=5721 +mosip.regproc.message.sender.server.servlet.path=/registrationprocessor/v1/sender-stage + +#credential-requestor-stage +mosip.regproc.credentialrequestor.eventbus.kafka.commit.type=single +mosip.regproc.credentialrequestor.eventbus.kafka.max.poll.records=100 +mosip.regproc.credentialrequestor.eventbus.kafka.poll.frequency=100 +mosip.regproc.credentialrequestor.eventbus.kafka.group.id=credential-requestor-stage +mosip.regproc.credentialrequestor.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.credentialrequestor.server.port=8097 +mosip.regproc.credentialrequestor.server.servlet.path=/registrationprocessor/v1/credentialrequestor-stage +mosip.regproc.credentialrequestor.eventbus.port=5722 + +#opencrvs-stage +mosip.regproc.opencrvs.eventbus.kafka.commit.type=single +mosip.regproc.opencrvs.eventbus.kafka.max.poll.records=100 +mosip.regproc.opencrvs.eventbus.kafka.poll.frequency=100 +mosip.regproc.opencrvs.eventbus.kafka.group.id=opencrvs-stage +mosip.regproc.opencrvs.message.expiry-time-limit=${mosip.regproc.common.stage.message.expiry-time-limit} +mosip.regproc.opencrvs.server.port=8045 +mosip.regproc.opencrvs.server.servlet.path=/registrationprocessor/v1/opencrvs-stage +mosip.regproc.opencrvs.eventbus.port=5745 +mosip.regproc.opencrvs.credentialtype=opencrvs +mosip.regproc.opencrvs.issuer=opencrvs-partner + +packetmanager.name.source.resident=RESIDENT +packetmanager.name.source.default=REGISTRATION_CLIENT +object.store.s3.use.account.as.bucketname=true + +# Default priority for correction packets. +# To define priority use below stage names. For example, field 'gender' has priority in uin-generator-stage. The key for uin-generator-stage is 'uingenerator'. So the key would be 'packetmanager.provider.uingenerator.gender' +# packetreceiver,packetuploader,packetvalidator,qualitychecker,osivalidator,demodedupe,classification,biodedupe,bioauth,manualverification,uingenerator,messagesender +packetmanager.provider.uingenerator.lastName=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.gender=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.city=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.modeOfClaim=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.cregion=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.postalCode=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.cprovince=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.suffix=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.bloodType=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.referenceIdentityNumber=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.individualBiometrics[Finger]=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.individualBiometrics[Iris]=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.individualBiometrics[Face]=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.province=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.caddressLine4=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.zone=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.caddressLine3=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.caddressLine2=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.caddressLine1=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.addressLine1=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.addressLine2=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.residenceStatus=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.addressLine3=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.addressLine4=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.email=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.czone=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.dateOfBirth=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.cpostalCode=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.ccity=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.firstName=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.IDSchemaVersion=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.phone=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.registrationType=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.middleName=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.UIN=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.region=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.maritalStatus=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.parentOrGuardianUIN=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.parentOrGuardianRID=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.proofOfAddress=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.proofOfDateOfBirth=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.proofOfIdentity=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.proofOfRelationship=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT +packetmanager.provider.uingenerator.proofOfException=source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT + +# packet-classifier-stage +# List of tag generator that should be run on every packet +# Available tag generators MosipIDObjectFields,MosipMetaInfo,MosipAgeGroup,MosipSupervisorApprovalStatus,MosipExceptionBiometrics +mosip.regproc.packet.classifier.tag-generators=MosipIDObjectFields,MosipMetaInfo,MosipAgeGroup,MosipSupervisorApprovalStatus,MosipExceptionBiometrics,MosipIDObjectDataAvailability +# The tag value that will be used by default when the packet does not have value for the tag field +mosip.regproc.packet.classifier.tagging.not-available-tag-value=--TAG_VALUE_NOT_AVAILABLE-- +# These field names should be as in keys of registraion-processor-identity.json file Identity segment +# and should have proper default source configured +mosip.regproc.packet.classifier.tagging.idobjectfields.mapping-field-names=gender,residenceStatus +# The tag name that will be prefixed with every idobjectfield tags +mosip.regproc.packet.classifier.tagging.idobjectfields.tag-name-prefix=ID_OBJECT- +# The tag name that will be prefixed with every metainfo operationsData tags +mosip.regproc.packet.classifier.tagging.metainfo.operationsdata.tag-name-prefix=META_INFO-OPERATIONS_DATA- +# The tag name that will be prefixed with every metainfo metaData tags +mosip.regproc.packet.classifier.tagging.metainfo.metadata.tag-name-prefix=META_INFO-META_DATA- +# The tag name that will be prefixed with every metainfo capturedRegisteredDevices tags +mosip.regproc.packet.classifier.tagging.metainfo.capturedregistereddevices.tag-name-prefix=META_INFO-CAPTURED_REGISTERED_DEVICES- +# The labels on metainfo.operationsData array that needs to be tagged +mosip.regproc.packet.classifier.tagging.metainfo.operationsdata.tag-labels=officerId,supervisorId +# The labels on metainfo.metaData array that needs to be tagged +mosip.regproc.packet.classifier.tagging.metainfo.metadata.tag-labels=centerId +# The serial numbers of devices type on metainfo.capturedRegisteredDevices array that needs to be tagged +mosip.regproc.packet.classifier.tagging.metainfo.capturedregistereddevices.device-types=Face,Finger +# Tag name that will be used while tagging age group +mosip.regproc.packet.classifier.tagging.agegroup.tag-name=AGE_GROUP +# Below age ranges map should contain proper age group name and age range, any overlap of the age +# range will result in a random behaviour of tagging. In range, upper and lower values are inclusive. +mosip.regproc.packet.classifier.tagging.agegroup.ranges={'INFANT':'0-5','MINOR':'6-17','ADULT':'18-200'} +# Tag name that will be used while tagging supervisor approval status +mosip.regproc.packet.classifier.tagging.supervisorapprovalstatus.tag-name=SUPERVISOR_APPROVAL_STATUS +# Tag name that will be used while tagging exception biometrics +mosip.regproc.packet.classifier.tagging.exceptionbiometrics.tag-name=EXCEPTION_BIOMETRICS +# This mapping will contain the short words for each missing biometrics, the values will used for concatenating in the tags +mosip.regproc.packet.classifier.tagging.exceptionbiometrics.bio-value-mapping={'leftLittle':'LL','leftRing':'LR','leftMiddle':'LM','leftIndex':'LI','leftThumb':'LT','rightLittle':'RL','rightRing':'RR','rightMiddle':'RM','rightIndex':'RI','rightThumb':'RT','leftEye':'LE','rightEye':'RE'} +# file Identity segment and should have proper default source configured +mosip.regproc.packet.classifier.tagging.idobject-data-availability.availability-expression-map={'INTRODUCER_AVAILABILITY':'introducerUIN || introducerRID || introducerVID'} + + +## Mock Manual Verification Properties +# Based on value of below parameter the packets are passed or rejected. Required values are [APPROVED or REJECTED] +mock.mv.decision=REJECTED + +# salt generation properties +mosip.regproc.db.url=${javax.persistence.jdbc.url} +mosip.regproc.db.username=${javax.persistence.jdbc.user} +mosip.regproc.db.password=${javax.persistence.jdbc.password} +mosip.regproc.db.driverClassName=${javax.persistence.jdbc.driver} +mosip.kernel.salt-generator.chunk-size=10 +mosip.kernel.salt-generator.start-sequence=0 +mosip.kernel.salt-generator.end-sequence=9999 +mosip.kernel.salt-generator.db.key-alias=mosip.regproc.db +mosip.kernel.salt-generator.schemaName=regprc +mosip.kernel.salt-generator.tableName=crypto_salt + +# List of old reg client versions with others attribute not present but currently supported for registration, this is required to take care of the backward compatibility checks +mosip.regproc.common.before-cbeff-others-attibute.reg-client-versions=1.1.3,1.1.4,1.1.5,1.1.5.5 + +regproc.notification.template.code.lost.uin.email=RPR_LOST_UIN_EMAIL +regproc.notification.template.code.lost.uin.sms=RPR_LOST_UIN_SMS +regproc.notification.template.code.lost.uin.sub=RPR_UIN_GEN_EMAIL_SUB +regproc.notification.template.code.uin.created.email=RPR_UIN_GEN_EMAIL +regproc.notification.template.code.uin.created.sms=RPR_UIN_GEN_SMS +regproc.notification.template.code.uin.created.sub=RPR_UIN_GEN_EMAIL_SUB +regproc.notification.template.code.uin.new.email=RPR_UIN_UPD_EMAIL +regproc.notification.template.code.uin.new.sms=RPR_UIN_UPD_SMS +regproc.notification.template.code.uin.new.sub=RPR_UIN_UPD_EMAIL_SUB +regproc.notification.template.code.uin.activate.email=RPR_UIN_REAC_EMAIL +regproc.notification.template.code.uin.activate.sms=RPR_UIN_REAC_SMS +regproc.notification.template.code.uin.activate.sub=RPR_UIN_REAC_EMAIL_SUB +regproc.notification.template.code.uin.deactivate.email=RPR_UIN_DEAC_EMAIL +regproc.notification.template.code.uin.deactivate.sms=RPR_UIN_DEAC_SMS +regproc.notification.template.code.uin.deactivate.sub=RPR_UIN_DEAC_EMAIL_SUB +regproc.notification.template.code.uin.update.email=RPR_UIN_UPD_EMAIL +regproc.notification.template.code.uin.update.sms=RPR_UIN_UPD_SMS +regproc.notification.template.code.uin.update.sub=RPR_UIN_UPD_EMAIL_SUB +regproc.notification.template.code.duplicate.uin.email=RPR_DUP_UIN_EMAIL +regproc.notification.template.code.duplicate.uin.sms=RPR_DUP_UIN_SMS +regproc.notification.template.code.duplicate.uin.sub=RPR_DUP_UIN_EMAIL_SUB +regproc.notification.template.code.technical.issue.email=RPR_TEC_ISSUE_EMAIL +regproc.notification.template.code.technical.issue.sms=RPR_TEC_ISSUE_SMS +regproc.notification.template.code.technical.issue.sub=RPR_TEC_ISSUE_EMAIL_SUB +regproc.notification.template.code.paused.for.additional.info.email=RPR_PAUSED_FOR_ADD_INFO_EMAIL +regproc.notification.template.code.paused.for.additional.info.sms=RPR_PAUSED_FOR_ADD_INFO_SMS +regproc.notification.template.code.paused.for.additional.info.sub=RPR_PAUSED_FOR_ADD_INFO_EMAIL_SUB + +regproc.packet.validator.notification.template.code.new.reg.email=RPR_RPV_SUC_EMAIL +regproc.packet.validator.notification.template.code.new.reg.sms=RPR_RPV_SUC_SMS +regproc.packet.validator.notification.template.code.new.reg.sub=RPR_RPV_SUC_EMAIL_SUB +regproc.packet.validator.notification.template.code.lost.uin.email=RPR_LPV_SUC_EMAIL +regproc.packet.validator.notification.template.code.lost.uin.sms=RPR_LPV_SUC_SMS +regproc.packet.validator.notification.template.code.lost.uin.sub=RPR_LPV_SUC_EMAIL_SUB +regproc.packet.validator.notification.template.code.reprint.uin.email=RPR_PPV_SUC_EMAIL +regproc.packet.validator.notification.template.code.reprint.uin.sms=RPR_PPV_SUC_SMS +regproc.packet.validator.notification.template.code.reprint.uin.sub=RPR_PPV_SUC_EMAIL_SUB +regproc.packet.validator.notification.template.code.activate.email=RPR_APV_SUC_EMAIL +regproc.packet.validator.notification.template.code.activate.sms=RPR_APV_SUC_SMS +regproc.packet.validator.notification.template.code.activate.sub=RPR_APV_SUC_EMAIL_SUB +regproc.packet.validator.notification.template.code.deactivate.email=RPR_DPV_SUC_EMAIL +regproc.packet.validator.notification.template.code.deactivate.sms=RPR_DPV_SUC_SMS +regproc.packet.validator.notification.template.code.deactivate.sub=RPR_DPV_SUC_EMAIL_SUB +regproc.packet.validator.notification.template.code.uin.update.email=RPR_UPV_SUC_EMAIL +regproc.packet.validator.notification.template.code.uin.update.sms=RPR_UPV_SUC_SMS +regproc.packet.validator.notification.template.code.uin.update.sub=RPR_UPV_SUC_EMAIL_SUB +regproc.packet.validator.notification.template.code.resident.update.email=RPR_RUPV_SUC_EMAIL +regproc.packet.validator.notification.template.code.resident.update.sms=RPR_RUPV_SUC_SMS +regproc.packet.validator.notification.template.code.resident.update.sub=RPR_RUPV_SUC_EMAIL_SUB +regproc.packet.validator.notification.template.code.technical.issue.email=RPR_TEC_ISSUE_EMAIL +regproc.packet.validator.notification.template.code.technical.issue.sms=RPR_TEC_ISSUE_SMS +regproc.packet.validator.notification.template.code.technical.issue.sub=RPR_TEC_ISSUE_EMAIL_SUB +regproc.packet.validator.notification.template.code.supervisor.reject.email=RPR_SUP_REJECT_EMAIL +regproc.packet.validator.notification.template.code.supervisor.reject.sms=RPR_SUP_REJECT_SMS +regproc.packet.validator.notification.template.code.supervisor.reject.sub=RPR_SUP_REJECT_EMAIL_SUBJECT + +## TODO: these are not needed. Check. +#openapi.registrationProcessor.servers[0].url=${mosip.api.internal.url}/registrationprocessor/v1/registrationtransaction +#openapi.registrationProcessor.servers[0].description=Registration Processor URL + +NGINXDMZURL=http://regproc-pktserver.regproc/ + +# modifiable delay in websub subscription +mosip.regproc.websub.resubscription.delay.millisecs=43200000 +mosip.regproc.websub.subscriptions-delay-on-startup.millisecs=300000 + +# The list of comma separated stages that should be successfully completed before packet +# reaches the stage that uploads packets to the packet store +mosip.registration.processor.registration.status.stages-before-reaching-packet-store=PacketReceiverStage,SecurezoneNotificationStage + +# Registration External Status Version +mosip.registration.processor.registration.external.status.version=1.0 +# Packet Status Version +mosip.registration.processor.packet.external.status.version=1.0 + +mosip.iam.adapter.clientid=mosip-regproc-client +mosip.iam.adapter.clientsecret=${mosip.regproc.client.secret} +mosip.iam.adapter.appid=regproc +mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip +mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +# in minutes +mosip.iam.adapter.validate-expiry-check-rate=30 +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=30 +#this should be false if you don’t use this restTemplate true if you do +mosip.iam.adapter.self-token-renewal-enable=true +mosip.auth.filter_disable=false + +## Object store +object.store.s3.accesskey=${s3.accesskey} +object.store.s3.secretkey=${s3.secretkey} +## For Minio: object.store.s3.url=http://minio.minio:9000 +## For AWS: object.store.s3.url=s3.${s3.region}.amazonaws.com +object.store.s3.url=http://minio.minio:9000 +object.store.s3.region=${s3.region} +object.store.s3.readlimit=10000000 + +# Roles +mosip.role.registration.getsearchrid=REGISTRATION_PROCESSOR,REGISTRATION_ADMIN,RESIDENT +mosip.role.registration.getPostauth=REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR +mosip.role.registration.getGetgetcertificate=INDIVIDUAL,REGISTRATION_PROCESSOR,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,PRE_REGISTRATION_ADMIN +mosip.role.registration.getPostpacketexternalstatus=REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT +mosip.role.registration.getPostexternalstatussearch=REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT +mosip.role.registration.getPostsearch=REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT +mosip.role.registration.getPostlostridsearch=REGISTRATION_ADMIN,REGISTRATION_OFFICER,ZONAL_ADMIN,GLOBAL_ADMIN +mosip.role.registration.getPostsync=REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT +mosip.role.registration.getPostsyncv2=REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT +auth.server.admin.allowed.audience=mosip-regproc-client,mosip-admin-client,mosip-resident-client,mosip-reg-client +mosip.regproc.cbeff-validation.mandatory.modalities=Right,Left,Left RingFinger,Left LittleFinger,Right RingFinger,Left Thumb,Left IndexFinger,Right IndexFinger,Right LittleFinger,Right MiddleFinger,Left MiddleFinger,Right Thumb,EXCEPTION_PHOTO +#updated properties name with the prefix (mosip.regproc) +mosip.regproc.landing.zone.account.name=landing-zone +mosip.regproc.landing.zone.type=DMZServer + +mosip.regproc.landing.zone.fixed.delay.millisecs=120000 +mosip.regproc.landing.zone.inital.delay.millisecs=120000 + +registration.processor.lostrid.max.registrationid=5 +mosip.registration.processor.lostrid.max-registration-date-filter-interval=30 +##Ability to update contact information as part of LOST UIN +uingenerator.lost.packet.allowed.update.fields=phone,email,permanentAddress + +##timeout in milliseconds for health check registrer +mosip.regproc.health-check.handler-timeout=2000 diff --git a/sandbox/registration-processor-print-text-file.json b/registration-processor-print-text-file.json similarity index 100% rename from sandbox/registration-processor-print-text-file.json rename to registration-processor-print-text-file.json diff --git a/resident-app-default.properties b/resident-app-default.properties new file mode 100644 index 00000000000..418989d0943 --- /dev/null +++ b/resident-app-default.properties @@ -0,0 +1,177 @@ + +# MOSIP +public.url=https://${mosip.api.internal.host}/residentmobileapp +mosip.resident.base.url=${mosip.resident.url}/resident/v1 + + +RESIDENT_OTP=${mosip.resident.base.url}/req/otp +RESIDENT_CREDENTIAL_REQUEST=${mosip.resident.base.url}/req/credential +RESIDENT_CREDENTIAL_REQUEST_STATUS=${RESIDENT_CREDENTIAL_REQUEST}/status +RESIDENT_VID=${mosip.resident.base.url}/vid +RESIDENT_AUTH_LOCK=${mosip.resident.base.url}/req/auth-lock +RESIDENT_AUTH_UNLOCK=${mosip.resident.base.url}/req/auth-unlock + + +# Resident App +credential.template=template.json +credential.sample=sample_credential.json +credential.data.path=data +safetynet.api.key= +safetynet.api.url=https://www.googleapis.com/androidcheck/v1/attestations/verify?key=${safetynet.api.key} + +registration.processor.print.textfile=registration-processor-print-text-file.json + +# Websub +mosip.event.hubUrl=https://${mosip.api.internal.host}/hub/ +mosip.event.hub.subUrl=${mosip.event.hubUrl} +mosip.event.hub.pubUrl=${mosip.event.hubUrl} + + +# MOSIP partner +mosip.partner.id=mpartner-default-mobile +mosip.event.callBackUrl=${public.url}/credentialshare/callback/notify +mosip.event.topic=${mosip.partner.id}/CREDENTIAL_ISSUED +mosip.event.secret=Kslk30SNF2AChs2 + + +mosip.partner.crypto.p12.filename=keystore.p12 +mosip.partner.crypto.p12.password={cipher}b77f8738b7fb8c48f84d587b045fa50099a569c381d1857eddbcd04afd83cd08 +mosip.partner.crypto.p12.alias=partner +mosip.partner.encryption.key={cipher}b77f8738b7fb8c48f84d587b045fa50099a569c381d1857eddbcd04afd83cd08 +mosip.partner.prependThumbprint=true + + +mosip.datashare.partner.id=mpartner-default-resident +mosip.datashare.policy.id=mpolicy-default-resident + + +csrf.disabled=true +# Delayed websub subscription. Default is 5 seconds in ms. +mosip.event.delay-millisecs=5000 +# Websub re-subscription workaround for losing subscribed topic when MOSIP websub update or restart. Default is 5 minutes in ms. +websub-resubscription-delay-millisecs=300000 + +#-------------TOKEN GENERATION---------------- +#Token generation request id +token.request.id=io.mosip.registration.processor +#Token generation app id +token.request.appid=regproc +#Token generation username +token.request.username=registrationprocessor +#Token generation password +token.request.password={cipher}b77f8738b7fb8c48f84d587b045fa50099a569c381d1857eddbcd04afd83cd08 +#Token generation version +token.request.version=1.0 +#Token generation Client Id +token.request.clientId=mosip-regproc-client +#Token generation secret key +token.request.secretKey={cipher}b77f8738b7fb8c48f84d587b045fa50099a569c381d1857eddbcd04afd83cd08 +#Token generation issuer url +token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip + +#Audit Service +AUDIT=https://${mosip.api.internal.host}/v1/auditmanager/audits +AUDIT_URL=https://${mosip.api.internal.host}/v1/auditmanager/audits +KEYBASEDTOKENAPI=https://${mosip.api.internal.host}/v1/authmanager/authenticate/clientidsecretkey + +#Master Data Services +# MASTER=http://kernel-masterdata-service/v1/masterdata +MASTER=https://${mosip.api.internal.host}/v1/masterdata +TEMPLATES=${MASTER}/templates + +#Packet receiver application version +mosip.print.application.version=1.0 +#Request Date Time format +mosip.print.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' + + +#-------------Printing Service-------------------- +mosip.print.service.id=mosip.print + +#Audit request id +mosip.print.audit.id=mosip.applicanttype.getApplicantType +mosip.country.code=MOR + +#Kernel Crypto signature +registration.processor.signature.isEnabled=true + +# Language Supported By Platform - ISO +mosip.supported-languages=eng,ara,fra + +mosip.template-language=eng +mosip.optional-languages=ara,fra +mosip.mandatory-languages=eng + +# mosip.primary-language=eng +# mosip.secondary-language=ara + +#----------------------- CBEFF Util-------------------------------------------------- +# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. +mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/print/${spring.profiles.active}/${spring.cloud.config.label}/ +# Cbeff XSD file name in config server +mosip.kernel.xsdfile=mosip-cbeff.xsd + +#----------------------------- Applicant Type -------------------------------------------------- +mosip.kernel.applicant.type.age.limit = 5 + +#----------------------------- Static PIN -------------------------------------------------- +mosip.kernel.pin.length=6 + +#-----------------------------TOKEN-ID Properties--------------------------------- +#length of the token id +mosip.kernel.tokenid.length=36 + +# log level +logging.level.root=WARN +logging.level.io.mosip=INFO +# logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO +logging.level.io.mosip.kernel.auth.defaultadapter=INFO +logging.level.org.springframework.http.client=INFO +logging.level.org.springframework.http.client=DEBUG +logging.level.io.mosip.residentapp=INFO +logging.level.reactor.netty.http.client=INFO +# tomcat access logs +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.directory=/dev +server.tomcat.accesslog.prefix=stdout +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.suffix= +server.tomcat.accesslog.file-date-format= +server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}"} +server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve +registration.processor.unMaskedUin.length=5 + +IDSchema.Version=1.0 +registration.processor.identityjson=identity-mapping.json +registration.processor.demographic.identity=identity +CREATEDATASHARE=https://${mosip.api.internal.host}/v1/datashare/create +DECRYPTPINBASSED=https://${mosip.api.internal.host}/v1/keymanager/decryptWithPin + +config.server.file.storage.uri=${spring.cloud.config.uri}/print/${spring.profiles.active}/${spring.cloud.config.label}/ + + +#Auth Adapter rest template authentication configs +mosip.iam.adapter.appid=partner +mosip.iam.adapter.clientid=mpartner-default-mobile +mosip.iam.adapter.clientsecret=${mpartner.default.mobile.secret} +auth.server.admin.issuer.uri=${keycloak.internal.url}/auth/realms/ + +mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip +mosip.authmanager.base-url=https://${mosip.api.internal.host}/v1/authmanager +mosip.authmanager.client-token-endpoint=${mosip.authmanager.base-url}/authenticate/clientidsecretkey +auth.server.admin.validate.url=${mosip.authmanager.base-url}/v1/authmanager/authorize/admin/validateToken + + +# in minutes +mosip.iam.adapter.validate-expiry-check-rate=1440 + +# in minutes +mosip.iam.adapter.renewal-before-expiry-interval=1440 + +#this should be false if you don?t use this restTemplate true if you do + +mosip.iam.adapter.self-token-renewal-enable=true +mosip.auth.filter_disable=false +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter +mosip.kernel.auth.appids.realm.map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip'} + diff --git a/resident-default.properties b/resident-default.properties new file mode 100644 index 00000000000..953d6eb8a8d --- /dev/null +++ b/resident-default.properties @@ -0,0 +1,1145 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# keycloak.internal.url +# resident.captcha.site.key +# resident.captcha.secret.key +# mosip.resident.client.secret +# mosip.regproc.client.secret +# keycloak.internal.url. + +logging.level.root=INFO +logging.level.io.mosip.resident.batch=INFO +# Whether to enable LoggingFilter - this will print the request details such as URL, headers and body for debugging purpose. Default is false. +logging.level.io.mosip.resident.config.LoggingInterceptor=INFO +resident.rest.template.logging.interceptor.filter.enabled=false + +resident.logging.filter.enabled=false +logging.level.io.mosip.resident.filter=INFO + +# Whether to enable logging - this will print the repository method calls for debugging purpose. Default is true. +resident.db.logging.aspect.enabled=false +logging.level.io.mosip.resident.aspect.DatabaseLoggingAspect=INFO + +#URL pattern for logging filter. For example, "/callback/*" .Defaults to "/*". +resident.logging.filter.url.pattern=/* +# Whether to enable WebsubCallbackRequestDecoratorFilter. Default is true. +resident.websub.request.decorator.filter.enabled=true +# Websub topic subscription topics +subscriptions-delay-on-startup_millisecs=120000 +re-subscription-interval-in-seconds=43200 + +#--------------APIs ID and Version -------------- +#------------Request IDs--------------------- +# The request IDs used in Resident REST APIs +mosip.resident.api.id.otp.request=mosip.identity.otp.internal +mosip.resident.api.id.auth=mosip.identity.auth.internal +auth.internal.id=mosip.identity.auth.internal +mosip.registration.processor.print.id=mosip.registration.print +vid.create.id=mosip.vid.create +resident.vid.id=mosip.resident.vid +resident.vid.id.generate=mosip.resident.vid.generate +resident.vid.policy.id=mosip.resident.vid.policy +resident.vid.get.id=mosip.resident.vid.get +auth.type.status.id=mosip.identity.authtype.status.update +resident.authlock.id=mosip.resident.authlock +resident.checkstatus.id=mosip.resident.checkstatus +resident.euin.id=mosip.resident.euin +resident.printuin.id=mosip.resident.printuin +resident.uin.id=mosip.resident.uin +resident.rid.id=mosip.resident.rid +resident.updateuin.id=mosip.resident.updateuin +resident.authunlock.id=mosip.resident.authunlock +resident.authhistory.id=mosip.resident.authhistory +resident.authLockStatusUpdateV2.id=mosip.resident.auth.lock.unlock +resident.service.history.id=mosip.service.history.get +resident.document.upload.id=mosip.resident.document.upload +resident.document.get.id=mosip.resident.document.get +resident.document.list.id=mosip.resident.document.list +resident.service.pin.status.id=mosip.resident.pin.status +resident.service.unpin.status.id=mosip.resident.unpin.status +resident.document.delete.id=mosip.resident.document.delete +resident.contact.details.update.id=mosip.resident.contact.details.update.id +resident.contact.details.send.otp.id=mosip.resident.contact.details.send.otp.id +mosip.resident.service.status.check.id=mosip.registration.external.status +resident.service.unreadnotificationlist.id=mosip.resident.service.history.unread +resident.service.event.id=mosip.resident.event.status +resident.identity.info.id=mosip.resident.identity.info +resident.share.credential.id=mosip.resident.share.credential +vid.revoke.id=mosip.vid.update +resident.revokevid.id=mosip.resident.vidstatus +mosip.resident.revokevid.id=mosip.resident.vid.revoke +mosip.resident.grievance.ticket.request.id=mosip.resident.grievance.ticket.request +resident.channel.verification.status.id=mosip.resident.channel.verification.status +resident.event.ack.download.id=mosip.resident.event.ack.download +resident.download.card.eventid.id =mosip.resident.download.card.eventid +mosip.resident.request.vid.card.id=mosip.resident.request.vid.card +mosip.credential.request.service.id=mosip.credential.request.service.id +mosip.resident.checkstatus.individualid.id=mosip.resident.check-stage-status +mosip.resident.download.personalized.card.id=mosip.resident.download.personalized.card +mosip.resident.transliteration.transliterate.id=mosip.resident.transliteration.transliterate +resident.ui.properties.id=resident.ui.properties +mosip.resident.identity.auth.internal.id=mosip.identity.auth.internal +mosip.resident.user.profile.id=mosip.resident.profile +resident.download.reg.centers.list.id=mosip.resident.download.reg.centers.list +resident.download.nearest.reg.centers.id=mosip.resident.download.nearest.reg.centers +resident.download.supporting.documents.id=mosip.resident.download.supporting.documents +resident.send.card.id=mosip.resident.send.card +resident.pinned.eventid.id=mosip.resident.pinned.eventid +resident.unpinned.eventid.id=mosip.resident.unpinned.eventid +resident.auth.proxy.partners.id=mosip.resident.auth.proxy.partners +resident.events.eventid.id=mosip.resident.events.eventid +resident.notification.id=mosip.resident.notification.get +resident.profile.id=mosip.resident.profile.get +resident.notification.click.id=mosip.resident.notification.click +mosip.credential.store.id=mosip.credential.store +resident.vids.id=mosip.resident.vids.get +mosip.resident.download.uin.card=mosip.resident.download.uin.card +mosip.registration.processor.registration.sync.id=mosip.registration.sync +id.repo.update=mosip.id.update +mosip.resident.get.pending.drafts=mosip.resident.get.pending.drafts +mosip.resident.discard.pending.drafts=mosip.resident.discard.pending.drafts + +#------------Request Versions--------------------- +# The request versions used in Resident REST APIs +mosip.resident.api.version.otp.request=1.0 +mosip.resident.api.version.auth=1.0 +auth.internal.version=1.0 +mosip.registration.processor.application.version=1.0 +mosip.resident.create.vid.version=v1 +resident.vid.version=v1 +resident.vid.version.new=1.0 +resident.revokevid.version=v1 +resident.revokevid.version.new=1.0 +resident.version.new=1.0 +resident.checkstatus.version=v1 +resident.authLockStatusUpdateV2.version=1.0 +resident.service.history.version=1.0 +resident.document.get.version=1.0 +resident.document.list.version=1.0 +resident.service.pin.status.version=v1 +resident.service.unpin.status.version=v1 +resident.document.delete.version=1.0 +mosip.resident.service.status.check.version=1.0 +resident.service.event.version=1.0 +resident.identity.info.version=1.0 +resident.share.credential.version=1.0 +mosip.resident.request.response.version=1.0 +mosip.resident.grievance.ticket.request.version=1.0 +resident.channel.verification.status.version=1.0 +resident.event.ack.download.version=1.0 +resident.download.card.eventid.version=1.0 +mosip.resident.request.vid.card.version=1.0 +mosip.credential.request.service.version=1.0 +mosip.resident.checkstatus.individualid.version=1.0 +resident.ui.properties.version=1.0 +mosip.resident.get.pending.drafts.version=1.0 +mosip.resident.discard.pending.drafts.version=1.0 + +#Database config +mosip.resident.database.hostname=postgres-postgresql.postgres +mosip.resident.database.port=5432 + +javax.persistence.jdbc.driver=org.postgresql.Driver +javax.persistence.jdbc.url=jdbc:postgresql://${mosip.resident.database.hostname}:${mosip.resident.database.port}/mosip_resident +javax.persistence.jdbc.user=residentuser +javax.persistence.jdbc.password=${db.dbuser.password} + +mosip-prereg-host=${mosip.prereg.host} +mosip-prereg-ui-url=https://${mosip-prereg-host}/pre-registration-ui/ + +## Token generation +token.request.id=io.mosip.resident +token.request.version=1.0 +resident.appid=resident +resident.clientId=mosip-resident-client +resident.secretKey=${mosip.resident.client.secret} +# Below is defined in application properties +token.request.issuerUrl=${mosip.keycloak.issuerUrl} + +## Partner related details +mosip.ida.partner.type=Online_Verification_Partner +ida.online-verification-partner-id=mpartner-default-auth +idrepo-dummy-online-verification-partner-id=MOVP +resident.share-credential.partner.type=Auth_Partner +resident.authentication-request.partner.type=Auth_Partner +resident.order-physical-card.partner.type=Print_Partner + +#DB properties to skip automatic table creation in startup +hibernate.show_sql=true +hibernate.hbm2ddl.auto=none +hibernate.temp.use_jdbc_metadata_defaults=false +hibernate.jdbc.lob.non_contextual_creation = true +spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults=false + + +## Auth Services +IDA_INTERNAL=${mosip.ida.internal.url}/idauthentication/v1/internal +INTERNALAUTH=${IDA_INTERNAL}/auth +INTERNALAUTHTRANSACTIONS=${IDA_INTERNAL}/authTransactions +KERNELENCRYPTIONSERVICE=${IDA_INTERNAL}/getCertificate +OTP_GEN_URL=${IDA_INTERNAL}/otp +KERNELAUTHMANAGER=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey + +## Credential Req & service calls +CREDENTIAL_STATUS_URL=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/get/ +CREDENTIAL_REQ_URL=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/requestgenerator +CREDENTIAL_CANCELREQ_URL=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/cancel/ +CREDENTIAL_TYPES_URL=${mosip.idrepo.credential.service.url}/v1/credentialservice/types + +## IdRepo identity Service calls +IDREPO_IDENTITY=${mosip.idrepo.identity.url}/idrepository/v1/identity +IDREPOSITORY=${IDREPO_IDENTITY}/ +IDREPOGETIDBYUIN=${IDREPO_IDENTITY}/idvid +IDREPOGETIDBYRID=${IDREPO_IDENTITY}/idvid +IDREPO_IDENTITY_URL=${IDREPO_IDENTITY}/idvid/{id} +GET_RID_BY_INDIVIDUAL_ID=${IDREPO_IDENTITY}/rid/{individualId} +IDREPO_IDENTITY_UPDATE_COUNT=${IDREPO_IDENTITY}/{individualId}/update-counts +AUTHTYPESTATUSUPDATE=${IDREPO_IDENTITY}/authtypes/status +IDREPO_IDENTITY_GET_DRAFT_UIN=${IDREPO_IDENTITY}/draft/uin/{UIN} +IDREPO_IDENTITY_DISCARD_DRAFT=${IDREPO_IDENTITY}/draft/discard/ + +## IdRepo vid Service calls +IDREPO_VID=${mosip.idrepo.vid.url}/idrepository/v1/vid +CREATEVID=${IDREPO_VID} +GETUINBYVID=${IDREPO_VID} +IDAUTHCREATEVID=${IDREPO_VID} +IDAUTHREVOKEVID=${IDREPO_VID} +RETRIEVE_VIDS=${IDREPO_VID}/uin/ + +## Key manager +KEYMANAGER=${mosip.kernel.keymanager.url}/v1/keymanager +ENCRYPTURL=${KEYMANAGER}/encrypt +DECRYPT_API_URL=${KEYMANAGER}/decrypt +mosip.resident.keymanager.encrypt-uri=${KEYMANAGER}/encrypt +mosip.resident.keymanager.decrypt-uri=${KEYMANAGER}/decrypt +PACKETSIGNPUBLICKEY=${KEYMANAGER}/tpmsigning/publickey +mosip.keymanager.jwt.sign.end.point=${KEYMANAGER}/jwtSign +PDFSIGN=${KEYMANAGER}/pdf/sign + +## Master Data api calls +MASTER=${mosip.kernel.masterdata.url}/v1/masterdata +TEMPLATES=${MASTER}/templates +MACHINEDETAILS=${MASTER}/machines +MACHINESEARCH=${MASTER}/machines/search +MACHINECREATE=${MASTER}/machines +CENTERDETAILS=${MASTER}/registrationcenters +VALID_DOCUMENT_BY_LANGCODE_URL=${MASTER}/validdocuments/{langCode} +LOCATION_HIERARCHY_LEVEL_BY_LANGCODE_URL=${MASTER}/locationHierarchyLevels/{langcode} +LOCATION_HIERARCHY=${MASTER}/locationHierarchyLevels +IMMEDIATE_CHILDREN_BY_LOCATIONCODE_AND_LANGCODE_URL=${MASTER}/locations/immediatechildren/{locationcode}/{langcode} +LOCATION_INFO_BY_LOCCODE_AND_LANGCODE_URL=${MASTER}/locations/info/{locationcode}/{langcode} +IMMEDIATE_CHILDREN_BY_LOCATION_CODE=${MASTER}/locations/immediatechildren +REGISTRATION_CENTER_FOR_LOCATION_CODE_URL=${MASTER}/registrationcenters/{langcode}/{hierarchylevel}/names +REGISTRATION_CENTER_BY_LOCATION_TYPE_AND_SEARCH_TEXT_PAGINATED_URL=${MASTER}/registrationcenters/page/{langcode}/{hierarchylevel}/{name} +COORDINATE_SPECIFIC_REGISTRATION_CENTERS_URL=${MASTER}/getcoordinatespecificregistrationcenters/{langcode}/{longitude}/{latitude}/{proximitydistance} +APPLICANT_VALID_DOCUMENT_URL=${MASTER}/applicanttype/{applicantId}/languages +WORKING_DAYS_BY_REGISTRATION_ID=${MASTER}/workingdays/{registrationCenterID}/{langCode} +LATEST_ID_SCHEMA_URL =${MASTER}/idschema/latest +TEMPLATES_BY_LANGCODE_AND_TEMPLATETYPECODE_URL=${MASTER}/templates/{langcode}/{templatetypecode} +DYNAMIC_FIELD_BASED_ON_LANG_CODE_AND_FIELD_NAME=${MASTER}/dynamicfields/{fieldName}/{langcode} +DYNAMIC_FIELD_BASED_ON_FIELD_NAME=${MASTER}/dynamicfields/{fieldName} +DOCUMENT_TYPE_BY_DOCUMENT_CATEGORY_AND_LANG_CODE=${MASTER}/documenttypes/{documentcategorycode}/{langcode} + +## Notification service +SMSNOTIFIER=${mosip.kernel.notification.url}/v1/notifier/sms/send +EMAILNOTIFIER=${mosip.kernel.notification.url}/v1/notifier/email/send +resident.notification.emails=mosiptestuser@gmail.com +resident.notification.message=Notification has been sent to the provided contact detail(s) + +## Partner manager service URLs +PMS_PARTNER_MANAGER=${mosip.pms.partnermanager.url}/v1/partnermanager +POLICY_REQ_URL=${PMS_PARTNER_MANAGER}/partners/{partnerId}/credentialtype/{credentialType}/policies +PARTNER_API_URL=${PMS_PARTNER_MANAGER}/partners +PARTNER_DETAILS_NEW_URL=${PMS_PARTNER_MANAGER}/partners/v2 +mosip.pms.pmp.partner.rest.uri=${PMS_PARTNER_MANAGER}/partners?partnerType=${mosip.ida.partner.type} + +## Reg-proc service calls +REGPROCPRINT=http://regproc-group7.regproc/registrationprocessor/v1/print/uincard +SYNCSERVICE=${mosip.regproc.status.service.url}/registrationprocessor/v1/registrationstatus/sync +PACKETRECEIVER=${mosip.packet.receiver.url}/registrationprocessor/v1/packetreceiver/registrationpackets +GET_RID_STATUS=${mosip.regproc.transaction.service.url}/registrationprocessor/v1/registrationtransaction/search/{rid} +REGISTRATIONSTATUSSEARCH=${mosip.regproc.status.service.url}/registrationprocessor/v1/registrationstatus/externalstatus/search + +## Resident API calls +mosip.service-context=${server.servlet.context-path} +RESIDENT_SERVICE=${mosip.resident.url}${mosip.service-context} +RESIDENT_REQ_CREDENTIAL_URL=${RESIDENT_SERVICE}/req/credential/status/ +GET_ORDER_STATUS_URL=${RESIDENT_SERVICE}/mock/print-partner/check-order-status +mosip.resident.download-card.url=${mosip.api.public.url}${mosip.service-context}/download-card/event/{eventId} +mosip.resident.grievance.url=${mosip.api.public.url}${mosip.service-context}/mock/external/grievance/redressel?name={name}&emailId={email}&phoneNo={phone}&eventId={eventId} + +## other service calls +MIDSCHEMAURL=${mosip.kernel.syncdata.url}/v1/syncdata/latestidschema +DIGITAL_CARD_STATUS_URL=${mosip.digitalcard.service.url}/v1/digitalcard/ +RIDGENERATION=${mosip.kernel.ridgenerator.url}/v1/ridgenerator/generate/rid +otp-generate.rest.uri=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/generate +mosip.resident.service.mock.pdf.url=https://uidai.gov.in/images/New_eAadhaar1.pdf +mosip.kernel.masterdata.audit-url=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits + +## Config data +resident.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' + +# Comma separated values of allowed auth types +auth.types.allowed=otp-email,otp-phone,demo,bio-FINGER,bio-IRIS,bio-FACE + +# auth-type unlock duration +resident.auth-type.default.unlock.duration.seconds=100 + +# Template type codes for allowed Auth-type list (auth.types.allowed)- +resident.otp-email.template.property.attribute.list=mosip.otp-email.template.property +resident.otp-phone.template.property.attribute.list=mosip.otp-phone.template.property +resident.demo.template.property.attribute.list=mosip.demo.template.property +resident.bio-FINGER.template.property.attribute.list=mosip.bio-finger.template.property +resident.bio-IRIS.template.property.attribute.list=mosip.bio-iris.template.property +resident.bio-FACE.template.property.attribute.list=mosip.bio-face.template.property + +# Template type codes for Auth-type status- +resident.UNLOCKED.template.property.attribute.list=mosip.unlocked.template.property +resident.LOCKED.template.property.attribute.list=mosip.locked.template.property + +#Validation properties +mosip.id.validation.identity.phone=^([6-9]{1})([0-9]{9})$ +mosip.id.validation.identity.email=^[\\w-\\+]+(\\.[\\w]+)*@[\\w-]+(\\.[\\w]+)*(\\.[a-zA-Z]{2,})$ +resident.grievance-redressal.alt-email.chars.limit=128 +resident.grievance-redressal.alt-phone.chars.limit=64 +resident.grievance-redressal.comments.chars.limit=1024 +resident.share-credential.purpose.chars.limit=1024 +mosip.resident.eid.length=16 +mosip.resident.eventid.searchtext.length=${mosip.resident.eid.length} +resident.message.allowed.special.char.regex=^[\\r\\nA-Za-z0-9 .,'-]+$ +resident.purpose.allowed.special.char.regex=^[\\r\\nA-Za-z0-9 .,'-]+$ +resident.id.allowed.special.char.regex=^[0-9]+$ +resident.document.validation.transaction-id.regex=^[0-9]{10}$ +resident.document.validation.document-id.regex=^[A-Za-z0-9-]{20,}$ +resident.validation.is-numeric.regex=^[0-9]+$ +resident.otp.validation.transaction-id.regex=^[0-9]{10}$ +resident.validation.event-id.regex=^[0-9]{${mosip.resident.eid.length}}$ + +## Security +mosip.security.csrf-enable:false +mosip.security.secure-cookie:false + +IDSchema.Version=0.1 + +id.repo.vidType=Perpetual +token.request.appid=resident +token.request.clientId=mosip-resident-client +token.request.secretKey=${mosip.resident.client.secret} +objectstore.adapter.name=PosixAdapter + +#TODO remove reg-client service accunt in production env +auth.server.admin.allowed.audience=mosip-resident-client,mosip-reg-client,${mosip.iam.module.clientID} + +#Mapping Identity json to map with the applicant id json +registration.processor.identityjson=identity-mapping.json + +#machine creation and search configs +resident.update-uin.machine-name-prefix = resident_machine_ +resident.update-uin.machine-spec-id = RESIDENT-1 +resident.update-uin.machine-zone-code = MOR +resident.center.id=10001 +resident.machine.id=10080 + +#Auth Adapter rest template authentication configs +mosip.iam.adapter.appid=resident +mosip.iam.adapter.clientid=mosip-resident-client +mosip.iam.adapter.clientsecret=${mosip.resident.client.secret} + + +## The exclusion list of URL patterns that should not be part of authentication and authorization +mosip.service.end-points=/**/req/otp,/**/proxy/**/*,/**/validate-otp,/**/channel/verification-status,/**/req/credential/**,/**/req/card/*,/**/req/auth-history,/**/rid/check-status,/**/req/auth-lock,/**/req/auth-unlock,/**/req/update-uin,/**/req/print-uin,/**/req/euin,/**/credential/types,/**/req/policy/**,/**/aid/status,/**/individualId/otp,/**/mock/**,/**/callback/**,/**/download-card,/**/download/registration-centers-list/**,/**/download/supporting-documents/**,/**/vid/policy,/**/vid,/vid/**,/**/download/nearestRegistrationcenters/**,/**/authorize/admin/validateToken,/**/logout/user,/**/aid-stage/** + +mosip.service.exclude.auth.allowed.method=POST,GET,PATCH,PUT + +mosip.ida.env=Production +mosip.ida.domain-url=${mosipbox.public.url} + +## Captcha service +## Configuration for google re-captcha +mosip.resident.captcha.enable=false +mosip.resident.captcha.id.validate=mosip.resident.captcha.id.validate +mosip.resident.captcha.sitekey=${resident.captcha.site.key} +mosip.resident.captcha.secretkey=${resident.captcha.secret.key} +mosip.resident.captcha.resourse.url=http://resident-captcha.resident/resident/v1/captcha/validatecaptcha +mosip.resident.captcha.recaptcha.verify.url=https://www.google.com/recaptcha/api/siteverify + + +#Comma separated values of property keys to be exposed to /proxy/config/ui-properties API + +resident.ui.propertyKeys=mosip.mandatory-languages,mosip.optional-languages,mosip.utc-datetime-pattern,mosip.iam.adapter.clientid,resident.datetime.pattern,mosip.resident.api.id.otp.request,mosip.resident.api.id.auth,mosip.resident.api.version.otp.request,mosip.resident.api.version.auth,mosip-prereg-host,mosip-prereg-ui-url,auth.types.allowed,resident.view.history.serviceType.filters,resident.view.history.status.filters,resident.auth-type.default.unlock.duration.seconds,mosip.resident.grievance.url,mosip.api.public.host,mosip.resident.captcha.sitekey,mosip.resident.captcha.secretkey,mosip.webui.auto.logout.idle,mosip.webui.auto.logout.ping,mosip.webui.auto.logout.timeout,mosip.resident.download.registration.centre.file.name.convention,mosip.resident.download.supporting.document.file.name.convention,mosip.resident.download.personalized.card.naming.convention,mosip.resident.ack.manage_my_vid.name.convention,mosip.resident.ack.secure_my_id.name.convention,mosip.resident.ack.personalised_card.name.convention,mosip.resident.ack.update_my_data.name.convention,mosip.resident.ack.share_credential.name.convention,mosip.resident.ack.order_physical_card.name.convention,mosip.resident.ack.name.convention,mosip.resident.uin.card.name.convention,mosip.resident.vid.card.name.convention,mosip.resident.download.service.history.file.name.convention,mosip.resident.download.nearest.registration.centre.file.name.convention,auth.internal.id,auth.internal.version,mosip.registration.processor.print.id,mosip.registration.processor.application.version,vid.create.id,mosip.resident.create.vid.version,resident.vid.version,resident.vid.version.new,resident.revokevid.version,resident.revokevid.version.new,resident.vid.id,resident.vid.id.generate,resident.vid.policy.id,resident.vid.get.id,auth.type.status.id,resident.authlock.id,resident.checkstatus.id,resident.checkstatus.version,resident.euin.id,resident.printuin.id,resident.uin.id,resident.rid.id,resident.updateuin.id,resident.authunlock.id,resident.authhistory.id,resident.authLockStatusUpdateV2.id,resident.authLockStatusUpdateV2.version,resident.service.history.id,resident.service.history.version,resident.document.upload.id,resident.document.get.id,resident.document.get.version,resident.document.list.id,resident.document.list.version,resident.service.pin.status.id,resident.service.pin.status.version,resident.service.unpin.status.id,resident.service.unpin.status.version,resident.document.delete.id,resident.document.delete.version,resident.contact.details.update.id,resident.contact.details.send.otp.id,mosip.resident.service.status.check.id,mosip.resident.service.status.check.version,resident.service.unreadnotificationlist.id,resident.service.event.id,resident.service.event.version,resident.identity.info.id,resident.identity.info.version,resident.share.credential.id,resident.share.credential.version,mosip.resident.request.response.version,vid.revoke.id,resident.revokevid.id,mosip.resident.revokevid.id,mosip.resident.grievance.ticket.request.id,mosip.resident.grievance.ticket.request.version,resident.channel.verification.status.id,resident.channel.verification.status.version,resident.event.ack.download.id,resident.event.ack.download.version,resident.download.card.eventid.id ,resident.download.card.eventid.version,mosip.resident.request.vid.card.id,mosip.resident.request.vid.card.version,mosip.credential.request.service.id,mosip.credential.request.service.version,mosip.resident.checkstatus.individualid.id,mosip.resident.checkstatus.individualid.version,mosip.resident.download.personalized.card.id,mosip.resident.transliteration.transliterate.id,resident.ui.properties.id,resident.ui.properties.version,resident.nearby.centers.distance.meters,resident.ui.notification.update.interval.seconds,mosip.kernel.otp.expiry-time,resident.grievance-redressal.alt-email.chars.limit,resident.grievance-redressal.alt-phone.chars.limit,resident.grievance-redressal.comments.chars.limit,resident.share-credential.purpose.chars.limit,mosip.resident.eventid.searchtext.length,mosip.kernel.uin.length,mosip.kernel.vid.length,mosip.kernel.rid.length,mosip.resident.eid.length,mosip.kernel.otp.default-length,resident.message.allowed.special.char.regex,resident.purpose.allowed.special.char.regex,resident.id.allowed.special.char.regex,resident.version.new,mosip.resident.identity.auth.internal.id,resident.validation.event-id.regex,resident.document.validation.transaction-id.regex,resident.document.validation.document-id.regex,resident.validation.is-numeric.regex,resident.otp.validation.transaction-id.regex,,mosip.resident.captcha.enable,resident.download.reg.centers.list.id,resident.download.nearest.reg.centers.id,resident.download.supporting.documents.id,resident.send.card.id,resident.pinned.eventid.id,resident.unpinned.eventid.id,resident.auth.proxy.partners.id,resident.events.eventid.id,resident.notification.id,resident.profile.id,resident.notification.click.id,mosip.credential.store.id,resident.vids.id,mosip.resident.zoom,mosip.resident.maxZoom,mosip.resident.minZoom + + +auth.allowed.urls=https://${mosip.resident.host}/,https://${mosip.resident.host}/resident-ui/,https://${mosip.resident.host}/resident-ui/** + + +########################################################### +# IdP config +# Note: When enabling MOSIP E-Signet comment Mock Keycloak config, vise versa. +################## MOSIP E-Signet config +mosip.iam.module.clientID=${resident.oidc.clientid} +mosip.iam.module.clientsecret= +mosip.iam.base.url=https://${mosip.esignet.host}/v1/esignet +mosip.iam.authorization_endpoint=https://${mosip.esignet.host}/authorize +mosip.iam.token_endpoint=${mosip.iam.base.url}/oauth/v2/token +mosip.iam.userinfo_endpoint=${mosip.iam.base.url}/oidc/userinfo +mosip.iam.certs_endpoint=${mosip.iam.base.url}/oauth/.well-known/jwks.json +auth.server.admin.issuer.uri=${mosip.iam.base.url} +auth.server.admin.issuer.domain.validate=true +auth.server.admin.oidc.userinfo.url=${mosip.iam.userinfo_endpoint} +mosip.iam.module.token.endpoint.private-key-jwt.auth.enabled=true +mosip.iam.module.token.endpoint.private-key-jwt.expiry.seconds=7200 +mosip.resident.oidc.userinfo.jwt.signed=true +# AuthAdaptor ValdidateTokenHelper: This property will directly apply the certs URL without need for constructing the path from issuer URL. +# This is useful to keep a different certs URL for integrating with MOSIP IdP for offline token validation. +auth.server.admin.oidc.certs.url=${mosip.iam.certs_endpoint} +mosip.iam.logout.offline=true +auth.server.admin.validate.url= +mosip.resident.oidc.userinfo.jwt.verify.enabled=false +################### MOSIP E-Signet config ends + +################### Mock-keycloak IdP config +#mosip.iam.module.clientID=mosip-resident-client +#mosip.iam.module.clientsecret=${mosip.resident.client.secret} +#mosip.iam.authorization_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/auth +#mosip.iam.token_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/token +#mosip.iam.userinfo_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/userinfo +#mosip.iam.certs_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs +#mosip.iam.module.token.endpoint.private-key-jwt.auth.enabled=false +#mosip.resident.oidc.userinfo.jwt.signed=false +################### Mock-keycloak IdP config ends +########################################################### + + +## IAM +mosip.iam.module.redirecturi=${mosip.api.internal.url}/resident/v1/login-redirect/ +#mosip.iam.module.redirecturi=${tempuri}/v1/admin/login-redirect/ +mosip.iam.module.login_flow.name=authorization_code +#mosip.iam.module.login_flow.scope=cls +mosip.iam.module.login_flow.scope=openid profile Manage-Identity-Data Manage-VID Manage-Authentication Manage-Service-Requests Manage-Credentials +mosip.iam.module.login_flow.claims={"userinfo":{"name":{"essential":true},"picture":{"essential":true},"email":{"essential":true},"phone_number":{"essential":true},"individual_id":{"essential":true}}} +mosip.iam.module.login_flow.response_type=code +mosip.iam.module.admin_realm_id=mosip + +## User-info claim attributes in open-id-connect based login with UIN/VID in MOSIP-IDP +mosip.resident.identity.claim.individual-id=individual_id +mosip.resident.identity.claim.ida-token=ida_token + +## Scopes +mosip.scope.resident.getinputattributevalues=Manage-Identity-Data +mosip.scope.resident.patchrevokevid=Manage-VID +mosip.scope.resident.postgeneratevid=Manage-VID +mosip.scope.resident.getvids=Manage-VID +mosip.scope.resident.getAuthTransactions=Manage-Service-Requests +mosip.scope.resident.postAuthTypeUnlock=Manage-Authentication +mosip.scope.resident.postAuthTypeStatus=Manage-Authentication +mosip.scope.resident.getAuthLockStatus=Manage-Authentication +mosip.scope.resident.patchUpdateUin=Manage-Identity-Data +mosip.scope.resident.getServiceAuthHistoryRoles=Manage-Service-Requests +mosip.scope.resident.postSendPhysicalCard=Manage-Credentials +mosip.scope.resident.getUnreadServiceList=Manage-Service-Requests +mosip.scope.resident.getNotificationCount= +mosip.scope.resident.getNotificationClick=Manage-Service-Requests +mosip.scope.resident.getupdatedttimes=Manage-Service-Requests +mosip.scope.resident.postRequestDownloadPersonalizedCard=Manage-Credentials +mosip.scope.resident.postRequestShareCredWithPartner=Manage-Credentials +mosip.scope.resident.postUnPinStatus=Manage-Service-Requests +mosip.scope.resident.postPinStatus=Manage-Service-Requests +mosip.scope.resident.getDownloadCard=Manage-Credentials +mosip.scope.resident.postPersonalizedCard=Manage-Credentials +mosip.scope.resident.getOrderRedirect=Manage-Credentials + + +## Key manager encryption/decryption configuration +APPLICATION_Id=RESIDENT +PARTNER_REFERENCE_Id=mpartner-default-resident +mosip.resident.keymanager.application-name=RESIDENT +mosip.resident.keymanager.reference-id=resident_document +mosip.datashare.application.id=PARTNER +mosip.datashare.reference.id=mparter-default-euin +mosip.resident.oidc.keymanager.reference.id=IDP_USER_INFO +mosip.resident.sign.pdf.application.id=KERNEL +mosip.resident.sign.pdf.reference.id=SIGN + +## Object Store configuration +mosip.resident.object.store.account-name=resident +mosip.resident.object.store.bucket-name=resident +mosip.resident.object.store.adapter-name=s3Adapter +object.store.s3.use.account.as.bucketname=true +object.store.s3.accesskey=${s3.accesskey} +object.store.s3.secretkey=${s3.secretkey} +## For Minio: +object.store.s3.url=http://minio.minio:9000 +## For AWS: +#object.store.s3.url=s3.${s3.region}.amazonaws.com +object.store.s3.region=${s3.region} +object.store.s3.readlimit=10000000 + +# Virus Scanner configuration +mosip.resident.virus-scanner.enabled=true + +# VID Policy url +mosip.resident.vid-policy-url=${config.server.file.storage.uri}mosip-vid-policy.json + +# Resident UI Schema JSON file name +resident-ui-schema-file-name-prefix=resident-ui +# IDA Mapping JSON file URI +resident-ui-schema-file-url=${config.server.file.storage.uri}${resident-ui-schema-file-name-prefix} +# Resident UI Schema JSON file property source +resident-ui-schema-file-source-prefix=url:${resident-ui-schema-file-url} + + +# Identity Mapping JSON file name +identity-mapping-file-name=identity-mapping.json +# IDA Mapping JSON file URI +identity-mapping-file-url=${config.server.file.storage.uri}${identity-mapping-file-name} +# Identity Mapping JSON file property source +identity-mapping-file-source=url:${identity-mapping-file-url} + +# amr-acr JSON file name +amr-acr.json.filename=amr-acr-mapping.json + +# Identity Data format MVEL file name +resident-data-format-mvel-file-name=credentialdata.mvel +resident-data-format-mvel-file-url=${config.server.file.storage.uri}${resident-data-format-mvel-file-name} +resident-data-format-mvel-file-source=url:${resident-data-format-mvel-file-url} + + +# WebSub Topic and callback propertis for auth type status event +resident.websub.authtype-status.secret=${resident.websub.authtype.status.secret} +resident.websub.authtype-status.topic=AUTH_TYPE_STATUS_UPDATE_ACK +resident.websub.callback.authtype-status.relative.url=${server.servlet.context-path}/callback/authTypeCallback +resident.websub.callback.authtype-status.url=${mosip.api.internal.url}${resident.websub.callback.authtype-status.relative.url} + +# Callback properties for AuthTransactionStatus +resident.websub.authTransaction-status.secret=${resident.websub.auth.transaction.status.secret} +resident.websub.authTransaction-status.topic=AUTHENTICATION_TRANSACTION_STATUS +resident.websub.callback.authTransaction-status.relative.url=${server.servlet.context-path}/callback/authTransaction +resident.websub.callback.authTransaction-status.url=${mosip.api.internal.url}${resident.websub.callback.authTransaction-status.relative.url} + +# WebSub Topic and callback propertis for credential status event +resident.websub.credential-status.secret=${resident.websub.credential.status.update.secret} +resident.websub.credential-status.topic=CREDENTIAL_STATUS_UPDATE +resident.websub.callback.credential-status.relative.url=${server.servlet.context-path}/callback/credentialStatusUpdate +resident.websub.callback.credential-status.url=${mosip.api.internal.url}${resident.websub.callback.credential-status.relative.url} + +# WebSub Topic and callback propertis for regproc complete workflow event +resident.websub.regproc.workflow.complete.secret=${resident.websub.regproc.workflow.complete.secret} +mosip.regproc.workflow.complete.topic=REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT +resident.websub.callback.regproc.workflow.complete.relative.url=${server.servlet.context-path}/callback/regprocworkflow +resident.websub.callback.regproc.workflow.complete.url=${mosip.api.internal.url}${resident.websub.callback.regproc.workflow.complete.relative.url} + + +#--------------------------------TokenId generator---------------------------------------------------# +mosip.kernel.tokenid.uin.salt=${mosip.kernel.uin.salt} +mosip.kernel.tokenid.partnercode.salt=${mosip.kernel.partnercode.salt} +#------------------------------------ + + +#Mask functions +resident.email.mask.function=maskEmail +resident.phone.mask.function=maskPhone +resident.data.mask.function=convertToMaskData + +# Batch job configuration for credential status update +mosip.resident.update.service.status.job.enabled=false +mosip.resident.update.service.status.job.initial-delay=60000 +#Interval for checking the credential status for async requests. Note, this is done as a fallback though credential status update is hanlded in resident service via websub notification. +mosip.resident.update.service.status.job.interval.millisecs=600000 + + +# Template type codes for email subject +resident.template.email.subject.request-received.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-request-received-email-subject +resident.template.email.subject.success.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-success-email-subject +resident.template.email.subject.failure.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-failure-email-subject + +resident.template.email.subject.request-received.ORDER_PHYSICAL_CARD=order-a-physical-card-request-received-email-subject +resident.template.email.subject.success.ORDER_PHYSICAL_CARD=order-a-physical-card-success-email-subject +resident.template.email.subject.failure.ORDER_PHYSICAL_CARD=order-a-physical-card-failure-email-subject + +resident.template.email.subject.request-received.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-request-received-email-subject +resident.template.email.subject.success.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-success-email-subject +resident.template.email.subject.failure.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-failure-email-subject + +resident.template.email.subject.request-received.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-request-received-email-subject +resident.template.email.subject.success.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-success-email-subject +resident.template.email.subject.failure.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-failure-email-subject + +resident.template.email.subject.request-received.UPDATE_MY_UIN=update-demo-data-request-received-email-subject +resident.template.email.subject.success.UPDATE_MY_UIN=update-demo-data-success-email-subject +resident.template.email.subject.failure.UPDATE_MY_UIN=update-demo-data-failure-email-subject +resident.template.email.subject.regproc-success.UPDATE_MY_UIN=update-demo-data-regproc-success-email-subject +resident.template.email.subject.regproc-failure.UPDATE_MY_UIN=update-demo-data-regproc-failure-email-subject +resident.template.email.subject.cancelled.UPDATE_MY_UIN=update-demo-data-discarded-email-subject + +resident.template.email.subject.request-received.GENERATE_VID=gen-or-revoke-vid-request-received-email-subject +resident.template.email.subject.success.GENERATE_VID=gen-or-revoke-vid-success-email-subject +resident.template.email.subject.failure.GENERATE_VID=gen-or-revoke-vid-failure-email-subject + +resident.template.email.subject.request-received.REVOKE_VID=gen-or-revoke-vid-request-received-email-subject +resident.template.email.subject.success.REVOKE_VID=gen-or-revoke-vid-success-email-subject +resident.template.email.subject.failure.REVOKE_VID=gen-or-revoke-vid-failure-email-subject + +resident.template.email.subject.request-received.VID_CARD_DOWNLOAD=vid-card-download-request-received-email-subject +resident.template.email.subject.success.VID_CARD_DOWNLOAD=vid-card-download-success-email-subject +resident.template.email.subject.failure.VID_CARD_DOWNLOAD=vid-card-download-failure-email-subject + +resident.template.email.subject.request-received.GET_MY_ID=get-my-uin-card-request-received-email-subject +resident.template.email.subject.success.GET_MY_ID=get-my-uin-card-success-email-subject +resident.template.email.subject.failure.GET_MY_ID=get-my-uin-card-failure-email-subject + +resident.template.email.subject.request-received.VALIDATE_OTP=verify-my-phone-email-request-received-email-subject +resident.template.email.subject.success.VALIDATE_OTP=verify-my-phone-email-success-email-subject +resident.template.email.subject.failure.VALIDATE_OTP=verify-my-phone-email-failure-email-subject + +resident.template.email.subject.success.SEND_OTP=receive-otp-mail-subject + +# Template type codes for email content +resident.template.email.content.request-received.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-request-received-email-content +resident.template.email.content.success.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-success-email-content +resident.template.email.content.failure.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-failure-email-content + +resident.template.email.content.request-received.ORDER_PHYSICAL_CARD=order-a-physical-card-request-received-email-content +resident.template.email.content.success.ORDER_PHYSICAL_CARD=order-a-physical-card-success-email-content +resident.template.email.content.failure.ORDER_PHYSICAL_CARD=order-a-physical-card-failure-email-content + +resident.template.email.content.request-received.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-request-received-email-content +resident.template.email.content.success.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-success-email-content +resident.template.email.content.failure.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-failure-email-content + +resident.template.email.content.request-received.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-request-received-email-content +resident.template.email.content.success.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-success-email-content +resident.template.email.content.failure.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-failure-email-content + +resident.template.email.content.request-received.UPDATE_MY_UIN=update-demo-data-request-received-email-content +resident.template.email.content.success.UPDATE_MY_UIN=update-demo-data-success-email-content +resident.template.email.content.failure.UPDATE_MY_UIN=update-demo-data-failure-email-content +resident.template.email.content.regproc-success.UPDATE_MY_UIN=update-demo-data-regproc-success-email-content +resident.template.email.content.regproc-failure.UPDATE_MY_UIN=update-demo-data-regproc-failure-email-content +resident.template.email.content.cancelled.UPDATE_MY_UIN=update-demo-data-discarded-email-content + +resident.template.email.content.request-received.GENERATE_VID=gen-or-revoke-vid-request-received-email-content +resident.template.email.content.success.GENERATE_VID=gen-or-revoke-vid-success-email-content +resident.template.email.content.failure.GENERATE_VID=gen-or-revoke-vid-failure-email-content + +resident.template.email.content.request-received.REVOKE_VID=gen-or-revoke-vid-request-received-email-content +resident.template.email.content.success.REVOKE_VID=gen-or-revoke-vid-success-email-content +resident.template.email.content.failure.REVOKE_VID=gen-or-revoke-vid-failure-email-content + +resident.template.email.content.request-received.VID_CARD_DOWNLOAD=vid-card-download-request-received-email-content +resident.template.email.content.success.VID_CARD_DOWNLOAD=vid-card-download-success-email-content +resident.template.email.content.failure.VID_CARD_DOWNLOAD=vid-card-download-failure-email-content + +resident.template.email.content.request-received.GET_MY_ID=get-my-uin-card-request-received-email-content +resident.template.email.content.success.GET_MY_ID=get-my-uin-card-success-email-content +resident.template.email.content.failure.GET_MY_ID=get-my-uin-card-failure-email-content + +resident.template.email.content.request-received.VALIDATE_OTP=verify-my-phone-email-request-received-email-content +resident.template.email.content.success.VALIDATE_OTP=verify-my-phone-email-success-email-content +resident.template.email.content.failure.VALIDATE_OTP=verify-my-phone-email-failure-email-content + +resident.template.email.content.success.SEND_OTP=receive-otp-mail-content + +# Template type codes for sms content +resident.template.sms.request-received.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-request-received_SMS +resident.template.sms.success.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-success_SMS +resident.template.sms.failure.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-failure_SMS + +resident.template.sms.request-received.ORDER_PHYSICAL_CARD=order-a-physical-card-request-received_SMS +resident.template.sms.success.ORDER_PHYSICAL_CARD=order-a-physical-card-success_SMS +resident.template.sms.failure.ORDER_PHYSICAL_CARD=order-a-physical-card-failure_SMS + +resident.template.sms.request-received.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-request-received_SMS +resident.template.sms.success.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-success_SMS +resident.template.sms.failure.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-failure_SMS + +resident.template.sms.request-received.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-request-received_SMS +resident.template.sms.success.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-success_SMS +resident.template.sms.failure.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-failure_SMS + +resident.template.sms.request-received.UPDATE_MY_UIN=update-demo-data-request-received_SMS +resident.template.sms.success.UPDATE_MY_UIN=update-demo-data-success_SMS +resident.template.sms.failure.UPDATE_MY_UIN=update-demo-data-failure_SMS +resident.template.sms.regproc-success.UPDATE_MY_UIN=update-demo-data-regproc-success_SMS +resident.template.sms.regproc-failure.UPDATE_MY_UIN=update-demo-data-regproc-failure_SMS +resident.template.sms.cancelled.UPDATE_MY_UIN=update-demo-data-discarded-SMS + +resident.template.sms.request-received.GENERATE_VID=gen-or-revoke-vid-request-received_SMS +resident.template.sms.success.GENERATE_VID=gen-or-revoke-vid-success_SMS +resident.template.sms.failure.GENERATE_VID=gen-or-revoke-vid-failure_SMS + +resident.template.sms.request-received.REVOKE_VID=gen-or-revoke-vid-request-received_SMS +resident.template.sms.success.REVOKE_VID=gen-or-revoke-vid-success_SMS +resident.template.sms.failure.REVOKE_VID=gen-or-revoke-vid-failure_SMS + +resident.template.sms.request-received.VID_CARD_DOWNLOAD=vid-card-download-request-received_SMS +resident.template.sms.success.VID_CARD_DOWNLOAD=vid-card-download-success_SMS +resident.template.sms.failure.VID_CARD_DOWNLOAD=vid-card-download-failure_SMS + +resident.template.sms.request-received.GET_MY_ID=get-my-uin-card-request-received_SMS +resident.template.sms.success.GET_MY_ID=get-my-uin-card-success_SMS +resident.template.sms.failure.GET_MY_ID=get-my-uin-card-failure_SMS + +resident.template.sms.request-received.VALIDATE_OTP=verify-my-phone-email-request-received_SMS +resident.template.sms.success.VALIDATE_OTP=verify-my-phone-email-success_SMS +resident.template.sms.failure.VALIDATE_OTP=verify-my-phone-email-failure_SMS + +resident.template.sms.success.SEND_OTP=receive-otp + +# Template type codes for purpose (success) content +resident.template.purpose.success.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-positive-purpose +resident.template.purpose.success.ORDER_PHYSICAL_CARD=order-a-physical-card-positive purpose +resident.template.purpose.success.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-positive-purpose +resident.template.purpose.success.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-positive-purpose +resident.template.purpose.success.UPDATE_MY_UIN=update-demo-data-positive-purpose +resident.template.purpose.success.GENERATE_VID=gen-or-revoke-vid-positive-purpose +resident.template.purpose.success.REVOKE_VID=gen-or-revoke-vid-positive-purpose +resident.template.purpose.success.GET_MY_ID=get-my-uin-card-positive-purpose +resident.template.purpose.success.VALIDATE_OTP=verify-my-phone-email-positive-purpose +resident.template.purpose.success.VID_CARD_DOWNLOAD=vid-card-download-positive-purpose + +# Template type codes for purpose (in-progress/failure) content +resident.template.purpose.failure.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-negative-purpose +resident.template.purpose.failure.ORDER_PHYSICAL_CARD=order-a-physical-card-negative purpose +resident.template.purpose.failure.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-negative-purpose +resident.template.purpose.failure.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-negative-purpose +resident.template.purpose.failure.UPDATE_MY_UIN=update-demo-data-negative-purpose +resident.template.purpose.failure.GENERATE_VID=gen-or-revoke-vid-negative-purpose +resident.template.purpose.failure.REVOKE_VID=gen-or-revoke-vid-negative-purpose +resident.template.purpose.failure.GET_MY_ID=get-my-uin-card-negative-purpose +resident.template.purpose.failure.VALIDATE_OTP=verify-my-phone-email-negative-purpose +resident.template.purpose.failure.VID_CARD_DOWNLOAD=vid-card-download-negative-purpose + +# Template type codes for purpose (cancelled) content +resident.template.purpose.cancelled.UPDATE_MY_UIN=update-demo-data-cancelled-purpose + +# Template type codes for purpose(Identity updated) content +resident.template.purpose.regproc-success.UPDATE_MY_UIN=update-demo-data-regproc-success-purpose + +# Template type codes for summary (success) content +resident.template.summary.success.DOWNLOAD_PERSONALIZED_CARD=cust-and-down-my-card-success-summary +resident.template.summary.success.ORDER_PHYSICAL_CARD=order-a-physical-card-success-summary +resident.template.summary.success.SHARE_CRED_WITH_PARTNER=share-cred-with-partner-success-summary +resident.template.summary.success.AUTH_TYPE_LOCK_UNLOCK=lock-unlock-auth-success-summary +resident.template.summary.success.UPDATE_MY_UIN=update-demo-data-success-summary +resident.template.summary.success.GENERATE_VID=gen-or-revoke-vid-success-summary +resident.template.summary.success.REVOKE_VID=gen-or-revoke-vid-success-summary +resident.template.summary.success.GET_MY_ID=get-my-uin-card-success-summary +resident.template.summary.success.VALIDATE_OTP=verify-my-phone-email-success-summary +resident.template.summary.success.VID_CARD_DOWNLOAD=vid-card-download-positive-summary + +# Template type code for summary (cancelled) content +resident.template.summary.cancelled.UPDATE_MY_UIN=update-demo-data-cancelled-summary + +# Template type code for summary (regproc-success) content +resident.template.summary.regproc-success.UPDATE_MY_UIN=update-demo-data-regproc-success-summary + +# Template type codes for acknowledgement PDFs +resident.template.ack.share-cred-with-partner=acknowledgement-share-cred-with-partner +resident.template.ack.manage-my-vid=acknowledgement-manage-my-vid +resident.template.ack.order-a-physical-card=acknowledgement-order-a-physical-card +resident.template.ack.download-a-personalized-card=acknowledgement-download-a-personalized-card +resident.template.ack.update-demographic-data=acknowledgement-update-demographic-data +resident.template.ack.verify-email-id-or-phone-number=acknowledgement-verify-email-id-or-phone-number +resident.template.ack.secure-my-id=acknowledgement-secure-my-id +resident.template.ack.authentication.request=acknowledgment-authentication-request +resident.template.ack.get.my.id=acknowledgment-get-my-id +resident.template.ack.vid.card.download=acknowledgment-vid-card-download + +# Template type codes for list of supporting documents, service history, registration centers and vid card +resident.template.support-docs-list=supporting-docs-list +mosip.resident.service.history.template.type.code=service-history-type +resident.template.registration.centers.list=registration-centers-list +mosip.resident.vid.card.template.property=vid-card-type + +# Template required properties +resident.template.date.pattern=dd-MM-yyyy +resident.template.time.pattern=HH:mm:ss +resident.ui.track-service-request-url=https://${mosip.resident.host}/#/uinservices/trackservicerequest?eid= + +# View history filters +resident.view.history.serviceType.filters=ALL,AUTHENTICATION_REQUEST,SERVICE_REQUEST,DATA_UPDATE_REQUEST,ID_MANAGEMENT_REQUEST,DATA_SHARE_REQUEST +resident.view.history.status.filters=ALL,SUCCESS,IN_PROGRESS,FAILED,CANCELED + +# Maximum data to download in a PDF +resident.service-history.download.max.count=100 +resident.registration-centers.download.max.count=100 + +## The Registration centers will be searched based on the distance value in meters from the Geo location identified +resident.nearby.centers.distance.meters=2000 + +# Page size in Bell Icon Notification list and View history +resident.notifications.default.page.size=100 +resident.view-history.default.page.size=10 + +#to get id_token in cookie and validate it +auth.validate.id-token=true +idToken=id_token +auth.token.header=Authorization +mosip.resident.access_token.auth_mode.claim-name=acr +mosip.resident.oidc.id_token.ida_token.claim-name=sub +mosip.resident.oidc.auth_token.expiry.claim-name=exp +mosip.resident.oidc.userinfo.encryption.enabled=false + +mosip.client.assertion.reference.id= +mosip.include.payload=true +mosip.include.certificate=true +mosip.include.cert.hash=false + + +# Rectangle coordinates for PDF signatured data +mosip.resident.service.uincard.lowerleftx=73 +mosip.resident.service.uincard.lowerlefty=100 +mosip.resident.service.uincard.upperrightx=300 +mosip.resident.service.uincard.upperrighty=300 +mosip.resident.service.uincard.signature.reason="Digitally Signed" + +mosip.client.assertion.type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer + +#method name to create password +resident.create.password.method.name=getPassword + +resident.ui.notification.update.interval.seconds=30 +resident.ui.datetime.pattern.default=yyyy-MM-dd HH:mm:ss +resident.filename.datetime.pattern.default=yyyy-MM-dd'T'HH_mm_ss + +#File name for the downloaded PDFs. "eventId" and "timestamp" are configurable. If they are removed from below property then they will be removed from file name also. +mosip.resident.download.registration.centre.file.name.convention=Registration_centers_{timestamp} +mosip.resident.download.supporting.document.file.name.convention=Supporting_documents_{timestamp} +mosip.resident.download.personalized.card.naming.convention=Personalised_card_{eventId}_{timestamp} +mosip.resident.ack.manage_my_vid.name.convention=Ack_{featureName}_{eventId}_{timestamp} +mosip.resident.ack.secure_my_id.name.convention=Ack_{featureName}_{eventId}_{timestamp} +mosip.resident.ack.personalised_card.name.convention=Ack_{featureName}_{eventId}_{timestamp} +mosip.resident.ack.update_my_data.name.convention=Ack_{featureName}_{eventId}_{timestamp} +mosip.resident.ack.share_credential.name.convention=Ack_{featureName}_{eventId}_{timestamp} +mosip.resident.ack.order_physical_card.name.convention=Ack_{featureName}_{eventId}_{timestamp} +mosip.resident.ack.name.convention=Ack_{featureName}_{eventId}_{timestamp} +mosip.resident.uin.card.name.convention=UIN_{eventId}_{timestamp} +mosip.resident.vid.card.name.convention=VID_{eventId}_{timestamp} +mosip.resident.download.service.history.file.name.convention=View_history_{timestamp} +mosip.resident.download.nearest.registration.centre.file.name.convention=Registration_centers_{timestamp} +mosip.resident.download.card.naming.convention=Get_my_UIN_{timestamp} + +# Credential request config for sharing credential to partner +mosip.resident.request.credential.credentialType=vercred +#mosip.resident.request.credential.credentialType=euin + +#Temporarily uncommented below 2 properties for testing release 1201 branch in env. +mosip.resident.request.credential.isEncrypt=true +mosip.resident.request.credential.encryption.key=${mosip.resident.request.credential.encryption.key} + +mosip.digital.card.credential.type=PDFCard +mosip.credential.issuer=mpartner-default-digitalcard + +# Claim names +mosip.resident.name.token.claim-name=name +mosip.resident.photo.token.claim-photo=picture +mosip.resident.individual.id.claim.name=individual_id +mosip.resident.email.token.claim-email=email +mosip.resident.phone.token.claim-phone=phone_number + +# Value based properties +otpChannel.email=email +otpChannel.mobile=phone +mosip.idrepo.vid.reactive-status=ACTIVE +resident.dateofbirth.pattern=yyyy/MM/dd +mosip.resident.photo.attribute.name=photo +mosip.resident.order.card.payment.enabled=true +resident.update.preferred.language.by.name=true +resident.documents.category=individualBiometrics +mosip.resident.schema.attribute-name=attributeName +mosip.resident.applicant.name.property=applicantName +mosip.resident.authentication.mode.property=authenticationMode +resident.attribute.names.without.documents.required=preferredLanguage,email,phone +resident.additional.identity.attribute.to.fetch=UIN,email,phone,dateOfBirth,fullName,photo + + +## OTP flooding +## Configure Time limit for OTP Flooding scenario (in minutes) +otp.request.flooding.duration=1 +otp.request.flooding.max-count=100 + + +# Maximum file size and allowed file types for uploading document +mosip.max.file.upload.size.in.bytes=2306867 +mosip.allowed.extension=pdf,jpeg,png,jpg + + +# Reg-proc packet status codes +resident.success.packet-status-code.list=PROCESSED,SUCCESS,UIN_GENERATED +resident.in-progress.packet-status-code.list=PROCESSING,REREGISTER,RESEND,RECEIVED,UPLOAD_PENDING,AWAITING_INFORMATION,REPROCESS +resident.failure.packet-status-code.list=REJECTED,FAILED,REPROCESS_FAILED + +# Reg-proc packet transaction type codes +resident.REQUEST_RECEIVED.packet-transaction-type-code.list=PACKET_RECEIVER,VIRUS_SCAN,SECUREZONE_NOTIFICATION,UPLOAD_PACKET,VALIDATE_PACKET,PACKET_CLASSIFICATION +resident.VALIDATION_STAGE.packet-transaction-type-code.list=CMD_VALIDATION,OPERATOR_VALIDATION,QUALITY_CLASSIFIER,SUPERVISOR_VALIDATION,INTRODUCER_VALIDATION,BIOMETRIC_AUTHENTICATION,EXTERNAL_INTEGRATION +resident.VERIFICATION_STAGE.packet-transaction-type-code.list=DEMOGRAPHIC_VERIFICATION,MANUAL_ADJUDICATION,VERIFICATION,BIOGRAPHIC_VERIFICATION +resident.UIN_GENERATION_STAGE.packet-transaction-type-code.list=UIN_GENERATOR,BIOMETRIC_EXTRACTION,NOTIFICATION,FINALIZATION,PACKET_REPROCESS +resident.CARD_READY_TO_DOWNLOAD.packet-transaction-type-code.list=PRINT_SERVICE,PRINT_POSTAL_SERVICE,PRINT + +sequence-order=Request received, Validation stage, Verification stage, Uin generation stage, Card ready to download + + +##Synchronous events + +resident.request.success.status.list.AUTHENTICATION_REQUEST=AUTHENTICATION_SUCCESSFUL,Y +resident.request.failed.status.list.AUTHENTICATION_REQUEST=AUTHENTICATION_FAILED,N +resident.request.cancelled.status.list.AUTHENTICATION_REQUEST= + +resident.request.new.status.list.DOWNLOAD_PERSONALIZED_CARD=NEW +resident.batchjob.process.success.status.list.DOWNLOAD_PERSONALIZED_CARD=CARD_DOWNLOADED +resident.request.failed.status.list.DOWNLOAD_PERSONALIZED_CARD=FAILED +resident.request.cancelled.status.list.DOWNLOAD_PERSONALIZED_CARD= + +resident.request.new.status.list.GET_MY_ID=NEW +resident.request.in-progress.status.list.GET_MY_ID=OTP_REQUESTED +resident.request.success.status.list.GET_MY_ID=CARD_DOWNLOADED,OTP_VERIFIED +resident.request.failed.status.list.GET_MY_ID=FAILED +resident.request.cancelled.status.list.GET_MY_ID= + +resident.request.new.status.list.BOOK_AN_APPOINTMENT= +resident.request.success.status.list.BOOK_AN_APPOINTMENT= +resident.request.failed.status.list.BOOK_AN_APPOINTMENT= +resident.request.cancelled.status.list.BOOK_AN_APPOINTMENT= + +resident.request.new.status.list.GENERATE_VID=NEW +resident.request.success.status.list.GENERATE_VID=VID_GENERATED +resident.request.failed.status.list.GENERATE_VID=FAILED +resident.request.cancelled.status.list.GENERATE_VID= + +resident.request.new.status.list.REVOKE_VID=NEW +resident.request.success.status.list.REVOKE_VID=VID_REVOKED +resident.request.failed.status.list.REVOKE_VID=FAILED +resident.request.cancelled.status.list.REVOKE_VID= + +resident.request.new.status.list.SEND_OTP= +resident.request.success.status.list.SEND_OTP= +resident.request.failed.status.list.SEND_OTP= +resident.request.cancelled.status.list.SEND_OTP= + +resident.request.new.status.list.VALIDATE_OTP=OTP_REQUESTED +resident.request.success.status.list.VALIDATE_OTP=OTP_VERIFIED +resident.request.failed.status.list.VALIDATE_OTP=OTP_VERIFICATION_FAILED +resident.request.cancelled.status.list.VALIDATE_OTP= + +resident.request.new.status.list.DEFAULT= +resident.request.success.status.list.DEFAULT= +resident.request.failed.status.list.DEFAULT= +resident.request.cancelled.status.list.DEFAULT= + + +# Asyc Request Types +resident.async.request.types=VID_CARD_DOWNLOAD,ORDER_PHYSICAL_CARD,SHARE_CRED_WITH_PARTNER,UPDATE_MY_UIN + +##Asynchronous events + +resident.request.new.status.list.SHARE_CRED_WITH_PARTNER=NEW +resident.request.in-progress.status.list.SHARE_CRED_WITH_PARTNER=ISSUED +resident.request.success.status.list.SHARE_CRED_WITH_PARTNER=RECEIVED,DATA_SHARED_SUCCESSFULLY,STORED +resident.request.failed.status.list.SHARE_CRED_WITH_PARTNER=FAILED +resident.request.cancelled.status.list.SHARE_CRED_WITH_PARTNER= +resident.request.notification.status.list.SHARE_CRED_WITH_PARTNER=FAILED,RECEIVED,DATA_SHARED_SUCCESSFULLY,STORED + +resident.request.new.status.list.ORDER_PHYSICAL_CARD=NEW +resident.request.in-progress.status.list.ORDER_PHYSICAL_CARD=PAYMENT_CONFIRMED,ISSUED,PRINTING,IN_TRANSIT +resident.request.success.status.list.ORDER_PHYSICAL_CARD=CARD_DELIVERED +resident.request.failed.status.list.ORDER_PHYSICAL_CARD=FAILED,PAYMENT_FAILED +resident.request.cancelled.status.list.ORDER_PHYSICAL_CARD= +resident.request.notification.status.list.ORDER_PHYSICAL_CARD=PAYMENT_CONFIRMED,ISSUED,PRINTING,IN_TRANSIT,CARD_DELIVERED,FAILED,PAYMENT_FAILED,CARD_DELIVERED + +resident.request.new.status.list.UPDATE_MY_UIN=NEW +resident.request.in-progress.status.list.UPDATE_MY_UIN=PROCESSING,PAUSED,RESUMABLE,REPROCESS,PAUSED_FOR_ADDITIONAL_INFO,IDENTITY_UPDATED +resident.request.success.status.list.UPDATE_MY_UIN=PROCESSED,DATA_UPDATED,STORED,CARD_READY_TO_DOWNLOAD,CARD_DOWNLOADED +resident.request.failed.status.list.UPDATE_MY_UIN=FAILED,REJECTED,REPROCESS_FAILED +resident.request.cancelled.status.list.UPDATE_MY_UIN=CANCELED +resident.request.notification.status.list.UPDATE_MY_UIN=PROCESSED,DATA_UPDATED,STORED,CARD_READY_TO_DOWNLOAD,CARD_DOWNLOADED,FAILED,REJECTED,REPROCESS_FAILED,IDENTITY_UPDATED + +resident.request.new.status.list.AUTH_TYPE_LOCK_UNLOCK=NEW +resident.request.in-progress.status.list.AUTH_TYPE_LOCK_UNLOCK= +resident.request.success.status.list.AUTH_TYPE_LOCK_UNLOCK=COMPLETED +resident.request.failed.status.list.AUTH_TYPE_LOCK_UNLOCK=FAILED +resident.request.cancelled.status.list.AUTH_TYPE_LOCK_UNLOCK= +resident.request.notification.status.list.AUTH_TYPE_LOCK_UNLOCK=COMPLETED,FAILED + +resident.request.new.status.list.VID_CARD_DOWNLOAD=NEW +resident.request.in-progress.status.list.VID_CARD_DOWNLOAD=ISSUED +resident.request.success.status.list.VID_CARD_DOWNLOAD=STORED,CARD_READY_TO_DOWNLOAD,CARD_DOWNLOADED +resident.request.failed.status.list.VID_CARD_DOWNLOAD=FAILED +resident.request.cancelled.status.list.VID_CARD_DOWNLOAD= +resident.request.notification.status.list.VID_CARD_DOWNLOAD=STORED,CARD_READY_TO_DOWNLOAD,CARD_DOWNLOADED,FAILED + + +# define property name in below format- +#resident..template.property.attribute.list +resident.PHONE.template.property.attribute.list=mosip.phone.template.property +resident.EMAIL.template.property.attribute.list=mosip.email.template.property +resident.GENERATE_VID.template.property.attribute.list=mosip.generated.template.property +resident.REVOKE_VID.template.property.attribute.list=mosip.revoked.template.property + +# template type codes for event status code +resident.event.status.SUCCESS.template.property=mosip.event.status.success.template +resident.event.status.FAILED.template.property=mosip.event.status.failed.template +resident.event.status.IN_PROGRESS.template.property=mosip.event.status.inprogress.template +resident.event.status.CANCELED.template.property=mosip.event.status.cancelled.template + +# template type codes for event types +# define property name in below format- +# resident.event.type..template.property +resident.event.type.AUTHENTICATION_REQUEST.template.property=mosip.event.type.AUTHENTICATION_REQUEST +resident.event.type.SHARE_CRED_WITH_PARTNER.template.property=mosip.event.type.SHARE_CRED_WITH_PARTNER +resident.event.type.DOWNLOAD_PERSONALIZED_CARD.template.property=mosip.event.type.DOWNLOAD_PERSONALIZED_CARD +resident.event.type.ORDER_PHYSICAL_CARD.template.property=mosip.event.type.ORDER_PHYSICAL_CARD +resident.event.type.GET_MY_ID.template.property=mosip.event.type.GET_MY_ID +resident.event.type.UPDATE_MY_UIN.template.property=mosip.event.type.UPDATE_MY_UIN +resident.event.type.GENERATE_VID.template.property=mosip.event.type.GENERATE_VID +resident.event.type.REVOKE_VID.template.property=mosip.event.type.REVOKE_VID +resident.event.type.AUTH_TYPE_LOCK_UNLOCK.template.property=mosip.event.type.AUTH_TYPE_LOCK_UNLOCK +resident.event.type.VID_CARD_DOWNLOAD.template.property=mosip.event.type.VID_CARD_DOWNLOAD +resident.event.type.SEND_OTP.template.property=mosip.event.type.SEND_OTP +resident.event.type.VALIDATE_OTP.template.property=mosip.event.type.VALIDATE_OTP +resident.event.type.DEFAULT.template.property=mosip.event.type.DEFAULT + +# template type codes for service types +# define property name in below format- +# resident.service-type..template.property +resident.service-type.AUTHENTICATION_REQUEST.template.property=mosip.service.type.AUTHENTICATION_REQUEST +resident.service-type.SERVICE_REQUEST.template.property=mosip.service.type.SERVICE_REQUEST +resident.service-type.DATA_UPDATE_REQUEST.template.property=mosip.service.type.DATA_UPDATE_REQUEST +resident.service-type.ID_MANAGEMENT_REQUEST.template.property=mosip.service.type.ID_MANAGEMENT_REQUEST +resident.service-type.DATA_SHARE_REQUEST.template.property=mosip.service.type.DATA_SHARE_REQUEST +resident.service-type.ASYNC.template.property=mosip.service.type.ASYNC + +resident.ALL.template.property=mosip.template.ALL +resident.UNKNOWN.template.property=mosip.template.UNKNOWN + +# template type codes for id-authentication request types description +# define property name in below format- +# resident.id-auth.request-type...descr +resident.id-auth.request-type.OTP-REQUEST.SUCCESS.descr=mosip.ida.auth-request.OTP-REQUEST.Y.descr +resident.id-auth.request-type.OTP-AUTH.SUCCESS.descr=mosip.ida.auth-request.OTP-AUTH.Y.descr +resident.id-auth.request-type.DEMO-AUTH.SUCCESS.descr=mosip.ida.auth-request.DEMO-AUTH.Y.descr +resident.id-auth.request-type.FINGERPRINT-AUTH.SUCCESS.descr=mosip.ida.auth-request.FINGERPRINT-AUTH.Y.descr +resident.id-auth.request-type.IRIS-AUTH.SUCCESS.descr=mosip.ida.auth-request.IRIS-AUTH.Y.descr +resident.id-auth.request-type.FACE-AUTH.SUCCESS.descr=mosip.ida.auth-request.FACE-AUTH.Y.descr +resident.id-auth.request-type.STATIC-PIN-AUTH.SUCCESS.descr=mosip.ida.auth-request.STATIC-PIN-AUTH.Y.descr +resident.id-auth.request-type.STATIC-PIN-STORAGE.SUCCESS.descr=mosip.ida.auth-request.STATIC-PIN-STORAGE.Y.descr +resident.id-auth.request-type.EKYC-AUTH.SUCCESS.descr=mosip.ida.auth-request.EKYC-AUTH.Y.descr +resident.id-auth.request-type.KYC-AUTH.SUCCESS.descr=mosip.ida.auth-request.KYC-AUTH.Y.descr +resident.id-auth.request-type.KYC-EXCHANGE.SUCCESS.descr=mosip.ida.auth-request.KYC-EXCHANGE.Y.descr +resident.id-auth.request-type.IDENTITY-KEY-BINDING.SUCCESS.descr=mosip.ida.auth-request.IDENTITY-KEY-BINDING.Y.descr +resident.id-auth.request-type.TOKEN-REQUEST.SUCCESS.descr=mosip.ida.auth-request.TOKEN-REQUEST.Y.descr +resident.id-auth.request-type.TOKEN-AUTH.SUCCESS.descr=mosip.ida.auth-request.TOKEN-AUTH.Y.descr +resident.id-auth.request-type.UNKNOWN.SUCCESS.descr=mosip.ida.auth-request.UNKNOWN.Y.descr +resident.id-auth.request-type.OTP-REQUEST.FAILED.descr=mosip.ida.auth-request.OTP-REQUEST.N.descr +resident.id-auth.request-type.OTP-AUTH.FAILED.descr=mosip.ida.auth-request.OTP-AUTH.N.descr +resident.id-auth.request-type.DEMO-AUTH.FAILED.descr=mosip.ida.auth-request.DEMO-AUTH.N.descr +resident.id-auth.request-type.FINGERPRINT-AUTH.FAILED.descr=mosip.ida.auth-request.FINGERPRINT-AUTH.N.descr +resident.id-auth.request-type.IRIS-AUTH.FAILED.descr=mosip.ida.auth-request.IRIS-AUTH.N.descr +resident.id-auth.request-type.FACE-AUTH.FAILED.descr=mosip.ida.auth-request.FACE-AUTH.N.descr +resident.id-auth.request-type.STATIC-PIN-AUTH.FAILED.descr=mosip.ida.auth-request.STATIC-PIN-AUTH.N.descr +resident.id-auth.request-type.STATIC-PIN-STORAGE.FAILED.descr=mosip.ida.auth-request.STATIC-PIN-STORAGE.N.descr +resident.id-auth.request-type.EKYC-AUTH.FAILED.descr=mosip.ida.auth-request.EKYC-AUTH.N.descr +resident.id-auth.request-type.KYC-AUTH.FAILED.descr=mosip.ida.auth-request.KYC-AUTH.N.descr +resident.id-auth.request-type.KYC-EXCHANGE.FAILED.descr=mosip.ida.auth-request.KYC-EXCHANGE.N.descr +resident.id-auth.request-type.IDENTITY-KEY-BINDING.FAILED.descr=mosip.ida.auth-request.IDENTITY-KEY-BINDING.N.descr +resident.id-auth.request-type.TOKEN-REQUEST.FAILED.descr=mosip.ida.auth-request.TOKEN-REQUEST.N.descr +resident.id-auth.request-type.TOKEN-AUTH.FAILED.descr=mosip.ida.auth-request.TOKEN-AUTH.N.descr +resident.id-auth.request-type.UNKNOWN.FAILED.descr=mosip.ida.auth-request.UNKNOWN.N.descr + +# template type codes for authentication modes (authTypeCode) +# define property name in below format- +# resident.auth-type-code..code +resident.auth-type-code.OTP-REQUEST.code=mosip.auth-type-code.OTP-REQUEST +resident.auth-type-code.OTP-AUTH.code=mosip.auth-type-code.OTP-AUTH +resident.auth-type-code.DEMO-AUTH.code=mosip.auth-type-code.DEMO-AUTH +resident.auth-type-code.FINGERPRINT-AUTH.code=mosip.auth-type-code.FINGERPRINT-AUTH +resident.auth-type-code.IRIS-AUTH.code=mosip.auth-type-code.IRIS-AUTH +resident.auth-type-code.FACE-AUTH.code=mosip.auth-type-code.FACE-AUTH +resident.auth-type-code.STATIC-PIN-AUTH.code=mosip.auth-type-code.STATIC-PIN-AUTH +resident.auth-type-code.STATIC-PIN-STORAGE.code=mosip.auth-type-code.STATIC-PIN-STORAGE +resident.auth-type-code.EKYC-AUTH.code=mosip.auth-type-code.EKYC-AUTH +resident.auth-type-code.KYC-AUTH.code=mosip.auth-type-code.KYC-AUTH +resident.auth-type-code.KYC-EXCHANGE.code=mosip.auth-type-code.KYC-EXCHANGE +resident.auth-type-code.IDENTITY-KEY-BINDING.code=mosip.auth-type-code.IDENTITY-KEY-BINDING +resident.auth-type-code.TOKEN-REQUEST.code=mosip.auth-type-code.TOKEN-REQUEST +resident.auth-type-code.TOKEN-AUTH.code=mosip.auth-type-code.TOKEN-AUTH +resident.auth-type-code.PWD.code=mosip.auth-type-code.PWD +resident.auth-type-code.PIN.code=mosip.auth-type-code.PIN +resident.auth-type-code.OTP.code=mosip.auth-type-code.OTP +resident.auth-type-code.Wallet.code=mosip.auth-type-code.Wallet +resident.auth-type-code.L1-bio-device.code=mosip.auth-type-code.L1-bio-device + +# Below property will retrieve VID when requested. Default is false so, UIN will be retrieved. +# Endpoints using below property- /individualId/otp, /aid/status +#resident.flag.use-vid-only=true + +# Class name of the referenceValidator. Commenting or removing this property will disable reference validator. +mosip.kernel.idobjectvalidator.referenceValidator=io.mosip.kernel.idobjectvalidator.impl.IdObjectReferenceValidator + + +spring.servlet.multipart.max-file-size=10MB + + +# for validating request time as per before & after time limit (in seconds) in contact-details/update API. +resident.future.time.limit=60 +resident.past.time.limit=60 + +# The java.time.format.FormatStyle enum to use for date time formatting based on locale. Allowed values with examples are: +# * FULL ('Tuesday, April 12, 1952 AD' or '3:30:42pm PST'), +# * LONG('January 12, 1952'), +# * MEDIUM ('Jan 12, 1952'), +# * SHORT ('12.13.52' or '3:30pm'). +# Default value is MEDIUM. For more details refer to the enum. +resident.date.time.formmatting.style=MEDIUM +resident.date.time.replace.special.chars={" ": "_", "," : "", ":" : "."} + +#cache expiration times are in milliseconds. +resident.cache.expiry.time.millisec.templateCache=86400000 +resident.cache.expiry.time.millisec.partnerCache=86400000 +resident.cache.expiry.time.millisec.getValidDocumentByLangCode=86400000 +resident.cache.expiry.time.millisec.getLocationHierarchyLevelByLangCode=86400000 +resident.cache.expiry.time.millisec.getImmediateChildrenByLocCodeAndLangCode=86400000 +resident.cache.expiry.time.millisec.getLocationDetailsByLocCodeAndLangCode=86400000 +resident.cache.expiry.time.millisec.getCoordinateSpecificRegistrationCenters=86400000 +resident.cache.expiry.time.millisec.getApplicantValidDocument=86400000 +resident.cache.expiry.time.millisec.getRegistrationCentersByHierarchyLevel=86400000 +resident.cache.expiry.time.millisec.getRegistrationCenterByHierarchyLevelAndTextPaginated=86400000 +resident.cache.expiry.time.millisec.getRegistrationCenterWorkingDays=86400000 +resident.cache.expiry.time.millisec.getLatestIdSchema=86400000 +resident.cache.expiry.time.millisec.getGenderCodeByGenderTypeAndLangCode=86400000 +resident.cache.expiry.time.millisec.getDocumentTypesByDocumentCategoryAndLangCode=86400000 +resident.cache.expiry.time.millisec.getDynamicFieldBasedOnLangCodeAndFieldName=86400000 +resident.cache.expiry.time.millisec.getCenterDetails=86400000 +resident.cache.expiry.time.millisec.getImmediateChildrenByLocCode=86400000 +resident.cache.expiry.time.millisec.getLocationHierarchyLevels=86400000 +resident.cache.expiry.time.millisec.getAllDynamicFieldByName=86400000 + + +#added multi languages for testing +mosip.optional-languages=fra,ara,hin,tam,kan,spa + +# Separators +# Usage: resident.attribute.separator.= +resident.attribute.separator.fullAddress=, + +# Limit the number of async threads created in Resident services. This count is divided into 4 thread groups configured in 'io.mosip.resident.config.Config' class +mosip.resident.async-core-pool-size=100 +mosip.resident.async-max-pool-size=100 + +# Logo property +# This property is used in all downloaded PDF files. +mosip.pdf.header.logo.url=https://mosip.io/images/mosipn-logo.png + +# These properties is used in reg-center feature for map zoom in & out. +mosip.resident.zoom=14 +mosip.resident.maxZoom=18 +mosip.resident.minZoom=5 + +# Transliteration work around property since eng to fra directly is not supported in icu4j.This can be added for any other unsupported language also. +# For example resident-transliteration-workaround-for-- = fromLanguageCode-intermediateLanguageCode-toLanguageCode +# For Intermediate language code transliteration should work in both ways. +resident-transliteration-workaround-for-eng-fra=eng-hin,hin-fra +resident-transliteration-workaround-for-eng-spa=eng-hin,hin-spa + +# Reg-processer-credential-partner-policy-url +mosip.resident.reg-processer-credential-partner-policy-url=${config.server.file.storage.uri}registration-processor-credential-partners.json \ No newline at end of file diff --git a/resident-ui-personalized-card-schema.json b/resident-ui-personalized-card-schema.json new file mode 100644 index 00000000000..c72dbb7d91f --- /dev/null +++ b/resident-ui-personalized-card-schema.json @@ -0,0 +1,302 @@ +{ + "identity": [ + { + "attributeName": "fullName", + "maskRequired": false, + "formatRequired": true, + "defaultFormat":"fullName", + "label": { + "eng": "Name", + "ara": "اسم", + "fra":"Nom", + "hin":"नाम", + "tam":"பெயர்", + "kan":"ಹೆಸರು", + "spa":"Nombre" + }, + "formatOptionLabel":{ + "eng": "Name Format", + "ara": "تنسيق الاسم", + "fra":"Format du nom", + "hin":"नाम प्रारूप", + "tam":"பெயர் வடிவம்", + "kan":"ಹೆಸರು ಸ್ವರೂಪ", + "spa":"Formato de nombre" + }, + "formatOption":{ + "eng": [{"label":"Full Name", "value":"fullName","checked":true}], + "ara": [{"label":"الاسم الكامل", "value":"fullName","checked":true}], + "fra": [{"label":"nom et prénom", "value":"fullName","checked":true}], + "hin": [{"label":"पूरा नाम", "value":"fullName","checked":true}], + "tam": [{"label":"முழு பெயர்", "value":"fullName","checked":true}], + "kan": [{"label":"ಪೂರ್ಣ ಹೆಸರು", "value":"fullName","checked":true}], + "spa": [{"label":"Nombre completo", "value":"fullName","checked":true}] + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "dateOfBirth", + "maskRequired": false, + "formatRequired": true, + "defaultFormat":"DD/MMM/YYYY", + "label": { + "eng": "Date of birth", + "ara": "تاريخ الميلاد", + "fra": "date de naissance", + "hin": "जन्म की तारीख", + "tam": "பிறந்த தேதி", + "kan": "ಹುಟ್ತಿದ ದಿನ", + "spa": "fecha de nacimiento" + }, + "formatOptionLabel":{ + "eng": "Date Format", + "ara": "صيغة التاريخ", + "fra":"Format de date", + "hin":"तारिख का प्रारूप", + "tam":"தேதி வடிவம்", + "kan":"ದಿನಾಂಕ ಸ್ವರೂಪ", + "spa":"Formato de fecha" + }, + "formatOption":{ + "eng": [{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}], + "ara": [{"label":"اليوم / الشهر ", "value":"DD/MMM","checked":false}, {"label":"اليوم / الشهر / السنة", "value":"DD/MMM/YYYY","checked":true}], + "fra":[{"label":"JJ/MMM", "value":"DD/MMM","checked":false}, {"label":"JJ/MMM/AAAA", "value":"DD/MMM/YYYY","checked":true}], + "hin":[{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}], + "tam":[{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}], + "kan":[{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}], + "spa":[{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}] + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "UIN", + "maskAttributeName":"masked_UIN", + "maskRequired": true, + "formatRequired": false, + "label": { + "eng": "UIN", + "ara": "UIN", + "fra":"UIN", + "hin":"UIN", + "tam":"UIN", + "kan":"UIN", + "spa":"UIN" + }, + "maskRequiredLabel": { + "eng": "Mask UIN", + "ara": "قناع UIN", + "fra":"Masque UIN", + "hin":"मास्क UIN", + "tam":"UIN-ஐ மறைக்கவும்", + "kan":"ಮಾಸ್ಕ್ UIN", + "spa":"Máscara UIN" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":false, + "checked":false + }, + { + "attributeName": "perpetualVID", + "maskAttributeName":"masked_perpetualVID", + "maskRequired": true, + "formatRequired": false, + "label": { + "eng": "Perpetual VID", + "ara": "دائم VID", + "fra":"VID perpétuel", + "hin":"सतत VID", + "tam":"நிரந்தர VID", + "kan":"ಶಾಶ್ವತ VID", + "spa":"VID perpetuo" + }, + "maskRequiredLabel": { + "eng": "Mask Perpetual VID", + "ara": "قناع VID الدائم", + "fra":"Masque perpétuel VID", + "hin":"मास्क सदा VID", + "tam":"நிரந்தர VID-ஐ மறைக்கவும்", + "kan":"ಮಾಸ್ಕ್ ಶಾಶ್ವತ VID", + "spa":"Máscara Perpetuo VID" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":false, + "checked":false + }, + { + "attributeName": "phone", + "maskAttributeName":"masked_phone", + "maskRequired": true, + "formatRequired": false, + "label": { + "eng": "Phone Number", + "ara": "رقم التليفون", + "fra":"Numéro de téléphone", + "hin":"फ़ोन नंबर", + "tam":"தொலைபேசி எண்", + "kan":"ದೂರವಾಣಿ ಸಂಖ್ಯೆ", + "spa":"Número de teléfono" + }, + "maskRequiredLabel": { + "eng": "Mask Phone Number", + "ara": "رقم هاتف القناع", + "fra":"Masquer le numéro de téléphone", + "hin":"मास्क फ़ोन नंबर", + "tam":"தொலைபேசி எண்ணை மறைக்கவும்", + "kan":"ಮಾಸ್ಕ್ ಫೋನ್ ಸಂಖ್ಯೆ", + "spa":"Máscara Número de teléfono" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "email", + "maskAttributeName":"masked_email", + "maskRequired": true, + "formatRequired": false, + "label": { + "eng": "Email ID", + "ara": "عنوان الايميل", + "fra":"Identifiant de messagerie", + "hin":"ईमेल ID", + "tam":"மின்னஞ்சல் ID", + "kan":"ಇಮೇಲ್ ID", + "spa":"Identificación de correo" + }, + "maskRequiredLabel": { + "eng": "Mask Email ID", + "ara": "قناع البريد الإلكتروني ID", + "fra":"Masquer ID de messagerie", + "hin":"मास्क ईमेल", + "tam":"மின்னஞ்சல் ID-ஐ மறைக்கவும்", + "kan":"ಮಾಸ್ಕ್ ಇಮೇಲ್ ID", + "spa":"Enmascarar ID de correo electrónico" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "fullAddress", + "maskRequired": false, + "formatRequired": true, + "defaultFormat":"addressLine1,addressLine2,addressLine3,region,province,city,zone,postalCode", + "label": { + "eng": "Address", + "ara": "عنوان", + "fra":"Adresse", + "hin":"पता", + "tam":"முகவரி", + "kan":"ವಿಳಾಸ", + "spa":"DIRECCIÓN" + }, + "formatOptionLabel":{ + "eng": "Address Format", + "ara": "تنسيق العنوان", + "fra":"Format d'adresse", + "hin":"पता प्रारूप", + "tam":"முகவரி வடிவம்", + "kan":"ವಿಳಾಸ ಸ್ವರೂಪ", + "spa":"Formato de dirección" + }, + "formatOption":{ + "eng": [{"label":"Address line1", "value":"addressLine1","checked":true}, + {"label":"Address line2", "value":"addressLine2","checked":true}, + {"label":"Address line3", "value":"addressLine3","checked":true}, + {"label":"Region", "value":"region","checked":true}, + {"label":"Province", "value":"province","checked":true}, + {"label":"City", "value":"city","checked":true}, + {"label":"Zone", "value":"zone","checked":true}, + {"label":"Postal code", "value":"postalCode","checked":true}, + {"label":"Full Address", "value":"fullAddress","checked":true}], + "ara": [{"label":"العنوان سطر 1", "value":"addressLine1","checked":true},{"label":"سطر العنوان 2", "value":"addressLine2","checked":true},{"label":"سطر العنوان 3", "value":"addressLine3","checked":true}, {"label":"منطقة", "value":"region","checked":true}, {"label":"مقاطعة", "value":"province","checked":true}, {"label":"مدينة", "value":"city","checked":true}, {"label":"منطقة", "value":"zone","checked":true},{"label":"رمز بريدي", "value":"postalCode","checked":true}, {"label":"العنوان الكامل", "value":"fullAddress","checked":true}], + "fra":[{"label":"Adresse 1", "value":"addressLine1","checked":true}, + {"label":"Adresse Ligne 2", "value":"addressLine2","checked":true}, + {"label":"Ligne d'adresse3", "value":"addressLine3","checked":true}, + {"label":"Région", "value":"region","checked":true}, + {"label":"Province", "value":"province","checked":true}, + {"label":"Ville", "value":"city","checked":true}, + {"label":"Zone", "value":"zone","checked":true}, + {"label":"Code Postal", "value":"postalCode","checked":true}, + {"label":"Adresse complète", "value":"fullAddress","checked":true}], + "hin":[{"label":"पता पंक्ति 1", "value":"addressLine1","checked":true}, + {"label":"पता पंक्ति नं। 2", "value":"addressLine2","checked":true}, + {"label":"पता पंक्ति3", "value":"addressLine3","checked":true}, + {"label":"क्षेत्र", "value":"region","checked":true}, + {"label":"प्रांत", "value":"province","checked":true}, + {"label":"शहर", "value":"city","checked":true}, + {"label":"क्षेत्र", "value":"zone","checked":true}, + {"label":"डाक कोड", "value":"postalCode","checked":true}, + {"label":"पूरा पता", "value":"fullAddress","checked":true}], + "tam":[{"label":"முகவரி வரி 1", "value":"addressLine1","checked":true}, + {"label":"முகவரி வரி 2", "value":"addressLine2","checked":true}, + {"label":"முகவரி வரி 3", "value":"addressLine3","checked":true}, + {"label":"பிராந்தியம்", "value":"region","checked":true}, + {"label":"மாகாணம்", "value":"province","checked":true}, + {"label":"நகரம்", "value":"city","checked":true}, + {"label":"மண்டலம்", "value":"zone","checked":true}, + {"label":"அஞ்சல் குறியீடு", "value":"postalCode","checked":true}, + {"label":"முழு முகவரி", "value":"fullAddress","checked":true}], + "kan":[{"label":"ವಿಳಾಸ ಸಾಲು 1", "value":"addressLine1","checked":true}, + {"label":"ವಿಳಾಸ ಸಾಲು 2", "value":"addressLine2","checked":true}, + {"label":"ವಿಳಾಸ ಸಾಲು 3", "value":"addressLine3","checked":true}, + {"label":"ಪ್ರದೇಶ", "value":"region","checked":true}, + {"label":"ಪ್ರಾಂತ್ಯ", "value":"province","checked":true}, + {"label":"ನಗರ", "value":"city","checked":true}, + {"label":"ವಲಯ", "value":"zone","checked":true}, + {"label":"ಅಂಚೆ ಕೋಡ್", "value":"postalCode","checked":true}, + {"label":"ಪೂರ್ತಿ ವಿಳಾಸ", "value":"fullAddress","checked":true}], + "spa":[{"label":"Dirección Línea 1", "value":"addressLine1","checked":true}, + {"label":"Línea de dirección2", "value":"addressLine2","checked":true}, + {"label":"Línea de dirección3", "value":"addressLine3","checked":true}, + {"label":"Región", "value":"region","checked":true}, + {"label":"Provincia", "value":"province","checked":true}, + {"label":"Ciudad", "value":"city","checked":true}, + {"label":"Zona", "value":"zone","checked":true}, + {"label":"Código Postal", "value":"postalCode","checked":true}, + {"label":"Dirección completa", "value":"fullAddress","checked":true}] + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "gender", + "maskRequired": false, + "formatRequired": false, + "label": { + "eng": "Gender", + "ara": "جنس", + "fra":"Genre", + "hin":"लिंग", + "tam":"பாலினம்", + "kan":"ಲಿಂಗ", + "spa":"Género" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "photo", + "maskRequired": false, + "formatRequired": false, + "label": { + "eng": "Image", + "ara": "صورة", + "fra":"Image", + "hin":"छवि", + "tam":"படம்", + "kan":"ಚಿತ್ರ", + "spa":"Imagen" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + } + ] +} \ No newline at end of file diff --git a/resident-ui-share-credential-schema.json b/resident-ui-share-credential-schema.json new file mode 100644 index 00000000000..268d47ee673 --- /dev/null +++ b/resident-ui-share-credential-schema.json @@ -0,0 +1,302 @@ +{ + "identity": [ + { + "attributeName": "name", + "maskRequired": false, + "formatRequired": true, + "defaultFormat":"fullName", + "label": { + "eng": "Name", + "ara": "اسم", + "fra":"Nom", + "hin":"नाम", + "tam":"பெயர்", + "kan":"ಹೆಸರು", + "spa":"Nombre" + }, + "formatOptionLabel":{ + "eng": "Name Format", + "ara": "تنسيق الاسم", + "fra":"Format du nom", + "hin":"नाम प्रारूप", + "tam":"பெயர் வடிவம்", + "kan":"ಹೆಸರು ಸ್ವರೂಪ", + "spa":"Formato de nombre" + }, + "formatOption":{ + "eng": [{"label":"Full Name", "value":"fullName","checked":true}], + "ara": [{"label":"الاسم الكامل", "value":"fullName","checked":true}], + "fra": [{"label":"nom et prénom", "value":"fullName","checked":true}], + "hin": [{"label":"पूरा नाम", "value":"fullName","checked":true}], + "tam": [{"label":"முழு பெயர்", "value":"fullName","checked":true}], + "kan": [{"label":"ಪೂರ್ಣ ಹೆಸರು", "value":"fullName","checked":true}], + "spa": [{"label":"Nombre completo", "value":"fullName","checked":true}] + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "dateOfBirth", + "maskRequired": false, + "formatRequired": true, + "defaultFormat":"DD/MMM/YYYY", + "label": { + "eng": "Date of birth", + "ara": "تاريخ الميلاد", + "fra": "date de naissance", + "hin": "जन्म की तारीख", + "tam": "பிறந்த தேதி", + "kan": "ಹುಟ್ತಿದ ದಿನ", + "spa": "fecha de nacimiento" + }, + "formatOptionLabel":{ + "eng": "Date Format", + "ara": "صيغة التاريخ", + "fra":"Format de date", + "hin":"तारिख का प्रारूप", + "tam":"தேதி வடிவம்", + "kan":"ದಿನಾಂಕ ಸ್ವರೂಪ", + "spa":"Formato de fecha" + }, + "formatOption":{ + "eng": [{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}], + "ara": [{"label":"اليوم / الشهر ", "value":"DD/MMM","checked":false}, {"label":"اليوم / الشهر / السنة", "value":"DD/MMM/YYYY","checked":true}], + "fra":[{"label":"JJ/MMM", "value":"DD/MMM","checked":false}, {"label":"JJ/MMM/AAAA", "value":"DD/MMM/YYYY","checked":true}], + "hin":[{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}], + "tam":[{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}], + "kan":[{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}], + "spa":[{"label":"DD/MMM", "value":"DD/MMM","checked":false}, {"label":"DD/MMM/YYYY", "value":"DD/MMM/YYYY","checked":true}] + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "UIN", + "maskAttributeName":"masked_UIN", + "maskRequired": true, + "formatRequired": false, + "label": { + "eng": "UIN", + "ara": "UIN", + "fra":"UIN", + "hin":"UIN", + "tam":"UIN", + "kan":"UIN", + "spa":"UIN" + }, + "maskRequiredLabel": { + "eng": "Mask UIN", + "ara": "قناع UIN", + "fra":"Masque UIN", + "hin":"मास्क UIN", + "tam":"UIN-ஐ மறைக்கவும்", + "kan":"ಮಾಸ್ಕ್ UIN", + "spa":"Máscara UIN" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":false, + "checked":false + }, + { + "attributeName": "perpetualVID", + "maskAttributeName":"masked_perpetualVID", + "maskRequired": true, + "formatRequired": false, + "label": { + "eng": "Perpetual VID", + "ara": "دائم VID", + "fra":"VID perpétuel", + "hin":"सतत VID", + "tam":"நிரந்தர VID", + "kan":"ಶಾಶ್ವತ VID", + "spa":"VID perpetuo" + }, + "maskRequiredLabel": { + "eng": "Mask Perpetual VID", + "ara": "قناع VID الدائم", + "fra":"Masque perpétuel VID", + "hin":"मास्क सदा VID", + "tam":"நிரந்தர VID-ஐ மறைக்கவும்", + "kan":"ಮಾಸ್ಕ್ ಶಾಶ್ವತ VID", + "spa":"Máscara Perpetuo VID" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":false, + "checked":false + }, + { + "attributeName": "phone", + "maskAttributeName":"masked_phone", + "maskRequired": true, + "formatRequired": false, + "label": { + "eng": "Phone Number", + "ara": "رقم التليفون", + "fra":"Numéro de téléphone", + "hin":"फ़ोन नंबर", + "tam":"தொலைபேசி எண்", + "kan":"ದೂರವಾಣಿ ಸಂಖ್ಯೆ", + "spa":"Número de teléfono" + }, + "maskRequiredLabel": { + "eng": "Mask Phone Number", + "ara": "رقم هاتف القناع", + "fra":"Masquer le numéro de téléphone", + "hin":"मास्क फ़ोन नंबर", + "tam":"தொலைபேசி எண்ணை மறைக்கவும்", + "kan":"ಮಾಸ್ಕ್ ಫೋನ್ ಸಂಖ್ಯೆ", + "spa":"Máscara Número de teléfono" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "email", + "maskAttributeName":"masked_email", + "maskRequired": true, + "formatRequired": false, + "label": { + "eng": "Email ID", + "ara": "عنوان الايميل", + "fra":"Identifiant de messagerie", + "hin":"ईमेल ID", + "tam":"மின்னஞ்சல் ID", + "kan":"ಇಮೇಲ್ ID", + "spa":"Identificación de correo" + }, + "maskRequiredLabel": { + "eng": "Mask Email ID", + "ara": "قناع البريد الإلكتروني ID", + "fra":"Masquer ID de messagerie", + "hin":"मास्क ईमेल", + "tam":"மின்னஞ்சல் ID-ஐ மறைக்கவும்", + "kan":"ಮಾಸ್ಕ್ ಇಮೇಲ್ ID", + "spa":"Enmascarar ID de correo electrónico" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "fullAddress", + "maskRequired": false, + "formatRequired": true, + "defaultFormat":"addressLine1,addressLine2,addressLine3,region,province,city,zone,postalCode", + "label": { + "eng": "Address", + "ara": "عنوان", + "fra":"Adresse", + "hin":"पता", + "tam":"முகவரி", + "kan":"ವಿಳಾಸ", + "spa":"DIRECCIÓN" + }, + "formatOptionLabel":{ + "eng": "Address Format", + "ara": "تنسيق العنوان", + "fra":"Format d'adresse", + "hin":"पता प्रारूप", + "tam":"முகவரி வடிவம்", + "kan":"ವಿಳಾಸ ಸ್ವರೂಪ", + "spa":"Formato de dirección" + }, + "formatOption":{ + "eng": [{"label":"Address line1", "value":"addressLine1","checked":true}, + {"label":"Address line2", "value":"addressLine2","checked":true}, + {"label":"Address line3", "value":"addressLine3","checked":true}, + {"label":"Region", "value":"region","checked":true}, + {"label":"Province", "value":"province","checked":true}, + {"label":"City", "value":"city","checked":true}, + {"label":"Zone", "value":"zone","checked":true}, + {"label":"Postal code", "value":"postalCode","checked":true}, + {"label":"Full Address", "value":"fullAddress","checked":true}], + "ara": [{"label":"العنوان سطر 1", "value":"addressLine1","checked":true},{"label":"سطر العنوان 2", "value":"addressLine2","checked":true},{"label":"سطر العنوان 3", "value":"addressLine3","checked":true}, {"label":"منطقة", "value":"region","checked":true}, {"label":"مقاطعة", "value":"province","checked":true}, {"label":"مدينة", "value":"city","checked":true}, {"label":"منطقة", "value":"zone","checked":true},{"label":"رمز بريدي", "value":"postalCode","checked":true}, {"label":"العنوان الكامل", "value":"fullAddress","checked":true}], + "fra":[{"label":"Adresse 1", "value":"addressLine1","checked":true}, + {"label":"Adresse Ligne 2", "value":"addressLine2","checked":true}, + {"label":"Ligne d'adresse3", "value":"addressLine3","checked":true}, + {"label":"Région", "value":"region","checked":true}, + {"label":"Province", "value":"province","checked":true}, + {"label":"Ville", "value":"city","checked":true}, + {"label":"Zone", "value":"zone","checked":true}, + {"label":"Code Postal", "value":"postalCode","checked":true}, + {"label":"Adresse complète", "value":"fullAddress","checked":true}], + "hin":[{"label":"पता पंक्ति 1", "value":"addressLine1","checked":true}, + {"label":"पता पंक्ति नं। 2", "value":"addressLine2","checked":true}, + {"label":"पता पंक्ति3", "value":"addressLine3","checked":true}, + {"label":"क्षेत्र", "value":"region","checked":true}, + {"label":"प्रांत", "value":"province","checked":true}, + {"label":"शहर", "value":"city","checked":true}, + {"label":"क्षेत्र", "value":"zone","checked":true}, + {"label":"डाक कोड", "value":"postalCode","checked":true}, + {"label":"पूरा पता", "value":"fullAddress","checked":true}], + "tam":[{"label":"முகவரி வரி 1", "value":"addressLine1","checked":true}, + {"label":"முகவரி வரி 2", "value":"addressLine2","checked":true}, + {"label":"முகவரி வரி 3", "value":"addressLine3","checked":true}, + {"label":"பிராந்தியம்", "value":"region","checked":true}, + {"label":"மாகாணம்", "value":"province","checked":true}, + {"label":"நகரம்", "value":"city","checked":true}, + {"label":"மண்டலம்", "value":"zone","checked":true}, + {"label":"அஞ்சல் குறியீடு", "value":"postalCode","checked":true}, + {"label":"முழு முகவரி", "value":"fullAddress","checked":true}], + "kan":[{"label":"ವಿಳಾಸ ಸಾಲು 1", "value":"addressLine1","checked":true}, + {"label":"ವಿಳಾಸ ಸಾಲು 2", "value":"addressLine2","checked":true}, + {"label":"ವಿಳಾಸ ಸಾಲು 3", "value":"addressLine3","checked":true}, + {"label":"ಪ್ರದೇಶ", "value":"region","checked":true}, + {"label":"ಪ್ರಾಂತ್ಯ", "value":"province","checked":true}, + {"label":"ನಗರ", "value":"city","checked":true}, + {"label":"ವಲಯ", "value":"zone","checked":true}, + {"label":"ಅಂಚೆ ಕೋಡ್", "value":"postalCode","checked":true}, + {"label":"ಪೂರ್ತಿ ವಿಳಾಸ", "value":"fullAddress","checked":true}], + "spa":[{"label":"Dirección Línea 1", "value":"addressLine1","checked":true}, + {"label":"Línea de dirección2", "value":"addressLine2","checked":true}, + {"label":"Línea de dirección3", "value":"addressLine3","checked":true}, + {"label":"Región", "value":"region","checked":true}, + {"label":"Provincia", "value":"province","checked":true}, + {"label":"Ciudad", "value":"city","checked":true}, + {"label":"Zona", "value":"zone","checked":true}, + {"label":"Código Postal", "value":"postalCode","checked":true}, + {"label":"Dirección completa", "value":"fullAddress","checked":true}] + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "gender", + "maskRequired": false, + "formatRequired": false, + "label": { + "eng": "Gender", + "ara": "جنس", + "fra":"Genre", + "hin":"लिंग", + "tam":"பாலினம்", + "kan":"ಲಿಂಗ", + "spa":"Género" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + }, + { + "attributeName": "photo", + "maskRequired": false, + "formatRequired": false, + "label": { + "eng": "Image", + "ara": "صورة", + "fra":"Image", + "hin":"छवि", + "tam":"படம்", + "kan":"ಚಿತ್ರ", + "spa":"Imagen" + }, + "displaykeyinsharewithpartner":true, + "displaykeyinpersonalisedcard":true, + "checked":false + } + ] +} \ No newline at end of file diff --git a/resident-ui-update-demographics-schema.json b/resident-ui-update-demographics-schema.json new file mode 100644 index 00000000000..9550dbced10 --- /dev/null +++ b/resident-ui-update-demographics-schema.json @@ -0,0 +1,978 @@ +{ + "identity": [ + { + "attributeName": "fullName", + "label": { + "eng": "Name", + "ara": "اسم", + "fra": "Nom", + "hin": "नाम", + "tam": "பெயர்", + "kan": "ಹೆಸರು", + "spa": "Nombre" + }, + "placeHolder": { + "eng": "Enter new name", + "ara": "أدخل الاسم الجديد", + "fra": "Entrez un nouveau nom", + "hin": "नया नाम दर्ज करें", + "tam": "புதிய பெயரை உள்ளிடவும்", + "kan": "ಹೊಸ ಹೆಸರನ್ನು ನಮೂದಿಸಿ", + "spa": "Introduce un nuevo nombre" + }, + "description": "", + "labelName": { + "eng": [ + "Current Name", + "New Name" + ], + "ara": [ + "الاسم الحالي", + "اسم جديد" + ], + "fra": [ + "Nom actuel", + "Nouveau nom" + ], + "hin": [ + "वर्तमान नाम", + "नया नाम" + ], + "tam": [ + "தற்போதைய பெயர்", + "புதிய பெயர்" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ಹೆಸರು", + "ಹೊಸ ಹೆಸರು" + ], + "spa": [ + "Nombre actual", + "Nuevo nombre" + ] + }, + "controlType": "textbox", + "tabgroup": "identity", + "dataType": "notString" + }, + { + "attributeName": "dateOfBirth", + "label": { + "eng": "DOB", + "ara": "DOB", + "fra": "DOB", + "hin": "DOB", + "tam": "DOB", + "kan": "DOB", + "spa": "DOB" + }, + "placeHolder": { + "eng": "DOB", + "ara": "DOB", + "fra": "DOB", + "hin": "DOB", + "tam": "DOB", + "kan": "DOB", + "spa": "DOB" + }, + "description": "", + "labelName": { + "eng": [ + "Current Date of birth", + "New Date of birth" + ], + "ara": [ + "تاريخ الميلاد الحالي", + "تاريخ الميلاد الجديد" + ], + "fra": [ + "Date de naissance actuelle", + "Nouvelle date de naissance" + ], + "hin": [ + "वर्तमान जन्मतिथि", + "नई जन्मतिथि" + ], + "tam": [ + "தற்போதைய பிறந்த தேதி", + "புதிய பிறந்த தேதி" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ಜನ್ಮ ದಿನಾಂಕ", + "ಹೊಸ ಜನ್ಮ ದಿನಾಂಕ" + ], + "spa": [ + "Fecha de nacimiento actual", + "nuevo nacimiento" + ] + }, + "controlType": "calendar", + "tabgroup": "identity", + "dataType": "string" + }, + { + "attributeName": "gender", + "label": { + "eng": "Gender", + "ara": "جنس", + "fra": "Genre", + "hin": "लिंग", + "tam": "பாலினம்", + "kan": "ಲಿಂಗ", + "spa": "Género" + }, + "placeHolder": { + "eng": "Enter gender", + "ara": "أدخل الجنس", + "fra": "Entrez le sexe", + "hin": "लिंग दर्ज करें", + "tam": "பாலினத்தை உள்ளிடவும்", + "kan": "ಲಿಂಗವನ್ನು ನಮೂದಿಸಿ", + "spa": "Introduce el género" + }, + "description": "", + "labelName": { + "eng": [ + "Current Gender", + "New Gender" + ], + "ara": [ + "الجنس الحالي", + "جنس جديد" + ], + "fra": [ + "Sexe actuel", + "Nouveau genre" + ], + "hin": [ + "वर्तमान लिंग", + "नया लिंग" + ], + "tam": [ + "தற்போதைய பாலினம்", + "புதிய பாலினம்" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ಲಿಂಗ", + "ಹೊಸ ಲಿಂಗ" + ], + "spa": [ + "Género actual", + "Nuevo género" + ] + }, + "controlType": "dropdown", + "tabgroup": "identity", + "dataType": "notString" + }, + { + "attributeName": "proofOfIdentity", + "label": { + "eng": "Proof Of Identity", + "ara": "إثبات الهوية", + "fra": "Preuve d'identité", + "hin": "सबूत की पहचान", + "tam": "அடையாள சான்று", + "kan": "ಗುರುತಿನ ಆಧಾರ", + "spa": "Prueba de identidad" + }, + "placeHolder": { + "eng": "Proof Of Identity", + "ara": "إثبات الهوية", + "fra": "Preuve d'identité", + "hin": "सबूत की पहचान", + "tam": "அடையாள சான்று", + "kan": "ಗುರುತಿನ ಆಧಾರ", + "spa": "Prueba de identidad" + }, + "description": "", + "labelName": { + "eng": [ + "Identity Proof", + "Document Type", + "Document Reference ID", + "Proof Of Document", + "Allowed File types: pdf, jpeg, png, jpg", + "Allowed File size: 2 MB" + ], + "ara": [ + "إثبات الهوية", + "نوع الوثيقة", + "معرّف مرجع المستند", + "إثبات المستند", + "أنواع الملفات المسموح بها: pdf، jpeg، png، jpg", + "حجم الملف المسموح به: MB 2" + ], + "fra": [ + "Preuve d'identité", + "Type de document", + "Identifiant de référence du document", + "Preuve de document", + "Types de fichiers autorisés : pdf, jpeg, png, jpg", + "Taille de fichier autorisée : 2 MB" + ], + "hin": [ + "पहचान प्रमाण पत्र", + "दस्तावेज़ का प्रकार", + "दस्तावेज़ संदर्भ ID", + "दस्तावेज़ का प्रमाण", + "अनुमत फ़ाइल प्रकार: pdf, jpeg, png, jpg", + "अनुमत फ़ाइल आकार: 2 MB" + ], + "tam": [ + "அடையாளச் சான்று", + "ஆவண வகை", + "ஆவண குறிப்பு ID", + "ஆவண ஆதாரம்", + "அனுமதிக்கப்பட்ட கோப்பு வகைகள்: pdf, jpeg, png, jpg", + "அனுமதிக்கப்பட்ட கோப்பு அளவு: 2 MB" + ], + "kan": [ + "ಗುರುತಿನ ಪುರಾವೆ", + "ಡಾಕ್ಯುಮೆಂಟ್ ಪ್ರಕಾರ", + "ಡಾಕ್ಯುಮೆಂಟ್ ರೆಫರೆನ್ಸ್ ID", + "ಡಾಕ್ಯುಮೆಂಟ್ ಪುರಾವೆ", + "ಅನುಮತಿಸಲಾದ ಫೈಲ್ ಪ್ರಕಾರಗಳು: pdf, jpeg, png, jpg", + "ಅನುಮತಿಸಲಾದ ಫೈಲ್ ಗಾತ್ರ: 2 MB" + ], + "spa": [ + "Prueba de identidad", + "Tipo de Documento", + "ID de referencia del documento", + "Prueba de Documento", + "Tipos de archivos permitidos: pdf, jpeg, png, jpg", + "Tamaño de archivo permitido: 2 MB" + ] + }, + "controlType": "fileupload", + "tabgroup": "identity", + "dataType": "notString" + }, + { + "attributeName": "addressLine1", + "label": { + "eng": "Address line1", + "ara": "العنوان سطر 1", + "fra": "Adresse 1", + "hin": "पता पंक्ति 1", + "tam": "முகவரி வரி 1", + "kan": "ವಿಳಾಸ ಸಾಲು 1", + "spa": "Dirección Línea 1" + }, + "placeHolder": { + "eng": "Enter Address line1", + "ara": "أدخل سطر العنوان1", + "fra": "Entrez l'adresse ligne1", + "hin": "पता पंक्ति 1 दर्ज करें", + "tam": "முகவரி வரி 1 ஐ உள்ளிடவும்", + "kan": "ವಿಳಾಸ ಸಾಲು 1 ಅನ್ನು ನಮೂದಿಸಿ", + "spa": "Introducir dirección línea 1" + }, + "description": "", + "labelName": { + "eng": [ + "Current Address Line1", + "New Address Line1" + ], + "ara": [ + "سطر العنوان الحالي 1", + "سطر العنوان الجديد 1" + ], + "fra": [ + "Ligne d'adresse actuelle1", + "Nouvelle ligne d'adresse1" + ], + "hin": [ + "वर्तमान पता पंक्ति1", + "नया पता पंक्ति1" + ], + "tam": [ + "தற்போதைய முகவரி வரி 1", + "புதிய முகவரி வரி 1" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ವಿಳಾಸ ಸಾಲು 1", + "ಹೊಸ ವಿಳಾಸ ಸಾಲು 1" + ], + "spa": [ + "Línea 1 de dirección actual", + "Nueva línea de dirección 1" + ] + }, + "controlType": "textbox", + "tabgroup": "address", + "dataType": "notString" + }, + { + "attributeName": "addressLine2", + "label": { + "eng": "Address line2", + "ara": "سطر العنوان 2", + "fra": "Adresse 2", + "hin": "पता पंक्ति 2", + "tam": "முகவரி வரி 2", + "kan": "ವಿಳಾಸ ಸಾಲು 2", + "spa": "Dirección Línea 2" + }, + "placeHolder": { + "eng": "Enter Address line2", + "ara": "أدخل سطر العنوان2", + "fra": "Entrez l'adresse ligne2", + "hin": "पता पंक्ति 2 दर्ज करें", + "tam": "முகவரி வரி 2 ஐ உள்ளிடவும்", + "kan": "ವಿಳಾಸ ಸಾಲು 2 ಅನ್ನು ನಮೂದಿಸಿ", + "spa": "Introducir dirección línea 2" + }, + "description": "", + "labelName": { + "eng": [ + "Current Address Line2", + "New Address Line2" + ], + "ara": [ + "سطر العنوان الحالي2", + "سطر العنوان الجديد2" + ], + "fra": [ + "Ligne d'adresse actuelle2", + "Nouvelle ligne d'adresse2" + ], + "hin": [ + "वर्तमान पता पंक्ति2", + "नया पता पंक्ति2" + ], + "tam": [ + "தற்போதைய முகவரி வரி 2", + "புதிய முகவரி வரி 2" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ವಿಳಾಸ ಸಾಲು 2", + "ಹೊಸ ವಿಳಾಸ ಸಾಲು 2" + ], + "spa": [ + "Línea 2 de dirección actual", + "Nueva línea de dirección 2" + ] + }, + "controlType": "textbox", + "tabgroup": "address", + "dataType": "notString" + }, + { + "attributeName": "addressLine3", + "label": { + "eng": "Address line3", + "ara": "سطر العنوان3", + "fra": "Adresse 3", + "hin": "पता पंक्ति 3", + "tam": "முகவரி வரி 3", + "kan": "ವಿಳಾಸ ಸಾಲು 3", + "spa": "Dirección Línea 3" + }, + "placeHolder": { + "eng": "Enter Address line3", + "ara": "أدخل سطر العنوان3", + "fra": "Entrez l'adresse ligne3", + "hin": "पता पंक्ति 3 दर्ज करें", + "tam": "முகவரி வரி 3 ஐ உள்ளிடவும்", + "kan": "ವಿಳಾಸ ಸಾಲು 3 ಅನ್ನು ನಮೂದಿಸಿ", + "spa": "Introducir dirección línea 3" + }, + "description": "", + "labelName": { + "eng": [ + "Current Address Line3", + "New Address Line3" + ], + "ara": [ + "سطر العنوان الحالي3", + "سطر العنوان الجديد3" + ], + "fra": [ + "Ligne d'adresse actuelle3", + "Nouvelle ligne d'adresse3" + ], + "hin": [ + "वर्तमान पता पंक्ति3", + "नया पता पंक्ति3" + ], + "tam": [ + "தற்போதைய முகவரி வரி 3", + "புதிய முகவரி வரி 3" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ವಿಳಾಸ ಸಾಲು 3", + "ಹೊಸ ವಿಳಾಸ ಸಾಲು 3" + ], + "spa": [ + "Línea 3 de dirección actual", + "Nueva línea de dirección 3" + ] + }, + "controlType": "textbox", + "tabgroup": "address", + "dataType": "notString" + }, + { + "attributeName": "region", + "label": { + "eng": "Region", + "ara": "منطقة", + "fra": "Région", + "hin": "क्षेत्र", + "tam": "பிராந்தியம்", + "kan": "ಪ್ರದೇಶ", + "spa": "Región" + }, + "placeHolder": { + "eng": "Select Region", + "ara": "اختر المنطقة", + "fra": "Choisissez une région", + "hin": "प्रदेश का चयन करें", + "tam": "பகுதியை உள்ளிடவும்", + "kan": "ಪ್ರದೇಶವನ್ನು ಆಯ್ಕೆಮಾಡಿ", + "spa": "Seleccione la región" + }, + "name": "Region", + "description": "", + "labelName": { + "eng": [ + "Current Region", + "New Region" + ], + "ara": [ + "المنطقة الحالية", + "منطقة جديدة" + ], + "fra": [ + "Région actuelle", + "Nouvelle région" + ], + "hin": [ + "वर्तमान प्रदेश", + "नया प्रदेश" + ], + "tam": [ + "தற்போதைய பிராந்தியம்", + "புதிய பிராந்தியம்" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ಪ್ರದೇಶ", + "ಹೊಸ ಪ್ರದೇಶ" + ], + "spa": [ + "Región Actual", + "Nueva Región" + ] + }, + "controlType": "dropdown", + "tabgroup": "address", + "locationHierarchyLevel": 1, + "dataType": "notString" + }, + { + "attributeName": "province", + "label": { + "eng": "Province", + "ara": "مقاطعة", + "fra": "Province", + "hin": "प्रांत", + "tam": "மாகாணம்", + "kan": "ಪ್ರಾಂತ್ಯ", + "spa": "Provincia" + }, + "placeHolder": { + "eng": "Select Province", + "ara": "اختر المقاطعة", + "fra": "Sélectionnez une province", + "hin": "प्रांत चुनें", + "tam": "ஒரு மாகாணத்தைத் தேர்ந்தெடுக்கவும்", + "kan": "ಒಂದು ಪ್ರಾಂತ್ಯವನ್ನು ಆಯ್ಕೆಮಾಡಿ", + "spa": "Seleccione una provincia" + }, + "name": "Province", + "description": "", + "labelName": { + "eng": [ + "Current Province", + "New Province" + ], + "ara": [ + "المقاطعة الحالية", + "مقاطعة جديدة" + ], + "fra": [ + "Province actuelle", + "Nouvelle Province" + ], + "hin": [ + "वर्तमान प्रांत", + "नया प्रांत" + ], + "tam": [ + "தற்போதைய மாகாணம்", + "புதிய மாகாணம்" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ಪ್ರಾಂತ್ಯ", + "ಹೊಸ ಪ್ರಾಂತ್ಯ" + ], + "spa": [ + "Provincia Actual", + "Nueva Provincia" + ] + }, + "controlType": "dropdown", + "tabgroup": "address", + "locationHierarchyLevel": 2, + "dataType": "notString" + }, + { + "attributeName": "city", + "label": { + "eng": "City", + "ara": "مدينة", + "fra": "Ville", + "hin": "शहर", + "tam": "நகரம்", + "kan": "ನಗರ", + "spa": "Ciudad" + }, + "placeHolder": { + "eng": "Select City", + "ara": "اختر مدينة", + "fra": "Sélectionnez une ville", + "hin": "शहर चुनें", + "tam": "நகரத்தைத் தேர்ந்தெடுக்கவும்", + "kan": "ನಗರವನ್ನು ಆಯ್ಕೆಮಾಡಿ", + "spa": "Ciudad selecta" + }, + "name": "City", + "description": "", + "labelName": { + "eng": [ + "Current City", + "New City" + ], + "ara": [ + "المدينة الحالية", + "مدينة جديدة" + ], + "fra": [ + "Ville actuelle", + "Nouvelle ville" + ], + "hin": [ + "वर्तमान शहर", + "नया शहर" + ], + "tam": [ + "தற்போதைய நகரம்", + "புதிய நகரம்" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ನಗರ", + "ಹೊಸ ನಗರ" + ], + "spa": [ + "Ciudad Actual", + "Ciudad Nueva" + ] + }, + "controlType": "dropdown", + "tabgroup": "address", + "locationHierarchyLevel": 3, + "dataType": "notString" + }, + { + "attributeName": "zone", + "label": { + "eng": "Zone", + "ara": "منطقة", + "fra": "Zone", + "hin": "क्षेत्र", + "tam": "மண்டலம்", + "kan": "ವಲಯ", + "spa": "Zona" + }, + "placeHolder": { + "eng": "Select Zone", + "ara": "حدد المنطقة", + "fra": "Sélectionnez une zone", + "hin": "जोन चुनें", + "tam": "மண்டலத்தைத் தேர்ந்தெடுக்கவும்", + "kan": "ವಲಯವನ್ನು ನಮೂದಿಸಿ", + "spa": "Seleccione una zona" + }, + "name": "Zone", + "description": "", + "labelName": { + "eng": [ + "Current Zone", + "New Zone" + ], + "ara": [ + "المنطقة الحالية", + "منطقة جديدة" + ], + "fra": [ + "Zone actuelle", + "Nouvelle zone" + ], + "hin": [ + "वर्तमान क्षेत्र", + "नया क्षेत्र" + ], + "tam": [ + "தற்போதைய மண்டலம்", + "புதிய மண்டலம்" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ವಲಯ", + "ಹೊಸ ವಲಯ" + ], + "spa": [ + "Zona Actual", + "Nueva Zona" + ] + }, + "controlType": "dropdown", + "tabgroup": "address", + "locationHierarchyLevel": 4, + "dataType": "string" + }, + { + "attributeName": "postalCode", + "label": { + "eng": "Postal Code", + "ara": "رمز بريدي", + "fra": "Code Postal", + "hin": "डाक कोड", + "tam": "குறியீடு", + "kan": "ಕೋಡ್", + "spa": "Código Postal" + }, + "placeHolder": { + "eng": "Select Postal Code", + "ara": "حدد الرمز البريدي", + "fra": "Sélectionnez le code postal", + "hin": "पोस्टल कोड चुनें", + "tam": "அஞ்சல் குறியீட்டைத் தேர்ந்தெடுக்கவும்", + "kan": "ಪೋಸ್ಟಲ್ ಕೋಡ್ ಆಯ್ಕೆಮಾಡಿ", + "spa": "Seleccione Código Postal" + }, + "name": "Postal Code", + "description": "", + "labelName": { + "eng": [ + "Current Postal Code", + "New Postal Code" + ], + "ara": [ + "الرمز البريدي الحالي", + "رمز بريدي جديد" + ], + "fra": [ + "Code postal actuel", + "Nouveau code postal" + ], + "hin": [ + "वर्तमान पोस्टल कोड", + "नया पोस्टल कोड" + ], + "tam": [ + "தற்போதைய அஞ்சல் குறியீடு", + "புதிய அஞ்சல் குறியீடு" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ಪೋಸ್ಟಲ್ ಕೋಡ್", + "ಹೊಸ ಪೋಸ್ಟಲ್ ಕೋಡ್" + ], + "spa": [ + "Código Postal Actual", + "Nuevo código postal" + ] + }, + "controlType": "dropdown", + "tabgroup": "address", + "locationHierarchyLevel": 5, + "dataType": "notString" + }, + { + "attributeName": "proofOfAddress", + "label": { + "eng": "Proof Of Address", + "ara": "إثبات العنوان", + "fra": "Un justificatif de domicile", + "hin": "पते का प्रमाण", + "tam": "முகவரி சான்று", + "kan": "ವಿಳಾಸದ ಪುರಾವೆ", + "spa": "Comprobante de domicilio" + }, + "placeHolder": { + "eng": "Proof Of Address", + "ara": "إثبات العنوان", + "fra": "Un justificatif de domicile", + "hin": "पते का प्रमाण", + "tam": "முகவரி சான்று", + "kan": "ವಿಳಾಸದ ಪುರಾವೆ", + "spa": "Comprobante de domicilio" + }, + "description": "", + "labelName": { + "eng": [ + "Address Proof", + "Document Type", + "Document Reference ID", + "Proof Of Document", + "Allowed File types: pdf, jpeg, png, jpg", + "Allowed File size: 2 MB" + ], + "ara": [ + "إثبات العنوان", + "نوع المستند", + "معرف مرجع المستند", + "إثبات المستند", + "أنواع الملفات المسموح بها: pdf، jpeg، png، jpg", + "حجم الملف المسموح به: MB 2" + ], + "fra": [ + "Épreuve d'adresse", + "Type de document", + "ID de référence du document", + "Preuve de document", + "Types de fichiers autorisés : pdf, jpeg, png, jpg", + "Taille de fichier autorisée : 2 MB" + ], + "hin": [ + "पता प्रमाण पत्र", + "दस्तावेज़ प्रकार", + "दस्तावेज़ संदर्भ ID", + "दस्तावेज़ का प्रमाण", + "अनुमत फ़ाइल प्रकार: pdf, jpeg, png, jpg", + "अनुमत फ़ाइल आकार: 2 MB" + ], + "tam": [ + "முகவரிச் சான்று", + "ஆவண வகை", + "ஆவணக் குறிப்பு ID", + "ஆவண ஆதாரம்", + "அனுமதிக்கப்பட்ட கோப்பு வகைகள்: pdf, jpeg, png, jpg", + "அனுமதிக்கப்பட்ட கோப்பு அளவு: 2 MB" + ], + "kan": [ + "ವಿಳಾಸ ಪುರಾವೆ", + "ಡಾಕ್ಯುಮೆಂಟ್ ಪ್ರಕಾರ", + "ಡಾಕ್ಯುಮೆಂಟ್ ರೆಫರೆನ್ಸ್ ID", + "ಡಾಕ್ಯುಮೆಂಟ್ ಪುರಾವೆ", + "ಅನುಮತಿಸಲಾದ ಫೈಲ್ ಪ್ರಕಾರಗಳು: pdf, jpeg, png, jpg", + "ಅನುಮತಿಸಲಾದ ಫೈಲ್ ಗಾತ್ರ: 2 MB" + ], + "spa": [ + "Prueba de dirección", + "Tipo de documento", + "ID de referencia del documento", + "Prueba de Documento", + "Tipos de archivos permitidos: pdf, jpeg, png, jpg", + "Tamaño de archivo permitido: 2 MB" + ] + }, + "controlType": "fileupload", + "tabgroup": "address", + "dataType": "notString" + }, + { + "attributeName": "email", + "label": { + "eng": "Email ID", + "ara": "عنوان الايميل", + "fra": "Identifiant de messagerie", + "hin": "ईमेल ID", + "tam": "மின்னஞ்சல் முகவரி", + "kan": "ಇಮೇಲ್ ID", + "spa": "Identificación de correo" + }, + "placeHolder": { + "eng": "Enter email ID", + "ara": "أدخل معرف البريد الإلكتروني", + "fra": "Entrez l'identifiant de messagerie", + "hin": "ईमेल ID दर्ज करें", + "tam": "மின்னஞ்சல் ID-ஐ உள்ளிடவும்", + "kan": "ಇಮೇಲ್ ID ನಮೂದಿಸಿ", + "spa": "Ingrese su ID de correo electrónico" + }, + "description": "", + "labelName": { + "eng": [ + "Current email ID", + "New email ID", + "Confirm New email ID", + "Send OTP" + ], + "ara": [ + "معرف البريد الإلكتروني الحالي", + "معرف البريد الإلكتروني الجديد", + "تأكيد معرف البريد الإلكتروني الجديد", + "إرسال OTP" + ], + "fra": [ + "Identifiant de messagerie actuel", + "Nouvel identifiant de messagerie", + "Confirmer le nouvel identifiant de messagerie", + "Envoyer OTP" + ], + "hin": [ + "वर्तमान ईमेल ID", + "नई ईमेल ID", + "नई ईमेल ID की पुष्टि करें", + "OTP भेजें" + ], + "tam": [ + "தற்போதைய மின்னஞ்சல் ID", + "புதிய மின்னஞ்சல் ID", + "புதிய மின்னஞ்சல் ID-ஐ உறுதிப்படுத்தவும்", + "OTP ஐ அனுப்பு" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ಇಮೇಲ್ ID", + "ಹೊಸ ಇಮೇಲ್ ID", + "ಹೊಸ ಇಮೇಲ್ ID ದೃಢೀಕರಿಸಿ", + "OTP ಕಳುಹಿಸಿ" + ], + "spa": [ + "ID de correo electrónico actual", + "Nueva identificación de correo electrónico", + "Confirmar nuevo ID de correo electrónico", + "Enviar OTP" + ] + }, + "controlType": "textbox", + "tabgroup": "contact", + "dataType": "string" + }, + { + "attributeName": "phone", + "label": { + "eng": "Phone Number", + "ara": "رقم التليفون", + "fra": "Numéro de téléphone", + "hin": "फ़ोन नंबर", + "tam": "தொலைபேசி எண்", + "kan": "ದೂರವಾಣಿ ಸಂಖ್ಯೆ", + "spa": "Número de teléfono" + }, + "placeHolder": { + "eng": "Enter Phone Number", + "ara": "أدخل رقم الهاتف", + "fra": "Entrez le numéro de téléphone", + "hin": "फोन नंबर दर्ज", + "tam": "தொலைபேசி எண்ணை உள்ளிடவும்", + "kan": "ಫೋನ್ ಸಂಖ್ಯೆಯನ್ನು ನಮೂದಿಸಿ", + "spa": "Ingresa número telefónico" + }, + "description": "", + "labelName": { + "eng": [ + "Current Phone Number", + "New Phone Number", + "Confirm New Phone Number", + "Send OTP" + ], + "ara": [ + "رقم الهاتف الحالي", + "رقم الهاتف الجديد", + "تأكيد رقم الهاتف الجديد", + "إرسال OTP" + ], + "fra": [ + "Numéro de téléphone actuel", + "Nouveau numéro de téléphone", + "Confirmer le nouveau numéro de téléphone", + "Envoyer OTP" + ], + "hin": [ + "वर्तमान फ़ोन नंबर", + "नया फ़ोन नंबर", + "नए फ़ोन नंबर की पुष्टि करें", + "OTP भेजें" + ], + "tam": [ + "தற்போதைய தொலைபேசி எண்", + "புதிய தொலைபேசி எண்", + "புதிய தொலைபேசி எண்ணை உறுதிப்படுத்தவும்", + "OTP ஐ அனுப்பு" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ಫೋನ್ ಸಂಖ್ಯೆ", + "ಹೊಸ ಫೋನ್ ಸಂಖ್ಯೆ", + "ಹೊಸ ಫೋನ್ ಸಂಖ್ಯೆಯನ್ನು ದೃಢೀಕರಿಸಿ", + "OTP ಕಳುಹಿಸಿ" + ], + "spa": [ + "Número de teléfono actual", + "Nuevo número de teléfono", + "Confirmar nuevo número de teléfono", + "Enviar OTP" + ] + }, + "controlType": "textbox", + "tabgroup": "contact", + "dataType": "string" + }, + { + "attributeName": "preferredLang", + "label": { + "eng": "Preferred Language", + "ara": "اللغة المفضلة", + "fra": "langue préférée", + "hin": "पसंदीदा भाषा", + "tam": "விருப்ப மொழி", + "kan": "ಆದ್ಯತೆಯ ಭಾಷೆ", + "spa": "Idioma preferido" + }, + "placeHolder": { + "eng": "Select Preferred Language", + "ara": "اختر اللغة المفضلة", + "fra": "Sélectionner la langue préférée", + "hin": "पसंदीदा भाषा चुनें", + "tam": "விருப்ப மொழியைத் தேர்ந்தெடுக்கவும்.", + "kan": "ಆಯ್ಕೆಯಾದ ಭಾಷೆಯನ್ನು ಆಯ್ಕೆಮಾಡಿ.", + "spa": "Seleccionar Idioma Preferido" + }, + "description": "", + "labelName": { + "eng": [ + "Current Notification Language", + "New Notification Language" + ], + "ara": [ + "لغة الإخطار الحالية", + "لغة الإعلام الجديدة" + ], + "fra": [ + "Langue de notification actuelle", + "Nouvelle langue de notification" + ], + "hin": [ + "वर्तमान अधिसूचना भाषा", + "नई अधिसूचना भाषा" + ], + "tam": [ + "தற்போதைய அறிவிப்பு மொழி", + "புதிய அறிவிப்பு மொழி" + ], + "kan": [ + "ಪ್ರಸ್ತುತ ಅಧಿಸೂಚನೆ ಭಾಷೆ", + "ಹೊಸ ಅಧಿಸೂಚನೆ ಭಾಷೆ" + ], + "spa": [ + "Idioma de notificación actual", + "Nuevo idioma de notificación" + ] + }, + "controlType": "dropdown", + "tabgroup": "notificationLanguage", + "dataType": "string" + } + ] +} \ No newline at end of file diff --git a/sandbox/README.md b/sandbox/README.md deleted file mode 100644 index 500c037d5ab..00000000000 --- a/sandbox/README.md +++ /dev/null @@ -1,12 +0,0 @@ -Since are working with 2 kubernetes clusters - mz and dmz, for registration process we have to replicate the property files with a suffix -dmz. - -Suffix: -* MZ (secure cluster): -mz -* DMZ : -dmz - - -* Properties for secure zone hazelcast have been duplicated as -dmz. Earlier hazelcast dmz assumed docker containers, not kubernetes. -* File name needs to have `_dmz` and `_mz`, e.g. `hazelcast_dmz-dmz.xml` as these suffixes are being searched in the code (hardcoded). - -Similarly registration-processor-mz.properties has been replicated to registration-processor-dmz.properties. Some of the links in the latter point to MZ cluster, hence the links are different. - diff --git a/sandbox/admin-mz.properties b/sandbox/admin-mz.properties deleted file mode 100644 index eb1f9ee9600..00000000000 --- a/sandbox/admin-mz.properties +++ /dev/null @@ -1,219 +0,0 @@ -mosip.admin.version-id=v1.0 -mosip.admin.request-id=ADMIN.REQUEST -mosip.kernel.database.hostname=postgres -mosip.kernel.database.port=80 - -#----------------------------------------------ACCOUNTMANAGEMENT------------------------------------------------# - -authmanager.base.url=http://kernel-auth-service/v1/authmanager -mosip.admin.accountmgmt.auth-manager-base-uri=${authmanager.base.url} -mosip.admin.accountmgmt.user-name-url=/username/ -mosip.admin.accountmgmt.user-detail-url=/userdetail/ -mosip.admin.accountmgmt.unblock-url=/unblock/ -mosip.admin.accountmgmt.change-passoword-url=/changepassword/ -mosip.admin.accountmgmt.reset-password-url=/resetpassword/ -mosip.admin.app-id=admin - -#---------------------------------------------------------------------------------------------------------------# - -mosip.kernel.signature.cryptomanager-encrypt-url=http://kernel-keymanager-service/v1/keymanager/private/encrypt -auth.server.validate.url=${authmanager.base.url}/authorize/admin/validateToken -auth.server.refreshToken.url=${authmanager.base.url}/authorize/admin/refreshToken -auth.role.prefix=ROLE_ -auth.header.name=Authorization - -#------------------------------------DB PROPERTIES-------------------------------------------------------------# - -javax.persistence.jdbc.driver=org.postgresql.Driver -javax.persistence.jdbc.url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master -javax.persistence.jdbc.user=masteruser -javax.persistence.jdbc.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect -hibernate.jdbc.lob.non_contextual_creation=true -hibernate.hbm2ddl.auto=none -hibernate.show_sql=false -hibernate.format_sql=false -hibernate.connection.charSet=utf8 -hibernate.cache.use_second_level_cache=false -hibernate.cache.use_query_cache=false -hibernate.cache.use_structured_entries=false -hibernate.generate_statistics=false - -#---------------------------UserRegistration--------------------------------- - -auth.server.user-register-url=${authmanager.base.url}/user -mosip.kernel.emailnotifier-url=http://kernel-notification-service/v1/notifier/email/send -auth.server.sendotp-url=${authmanager.base.url}/authenticate/sendotp -auth.server.user-add-password-url=${authmanager.base.url}/user/addpassword -mosip.admin-appid=admin -mosip.admin-otp-context=auth-otp -mosip.admin-userid-otp-type=USERID - -#---------------------------Security Policy--------------------------------- - -mosip.admin.security.policy.auth-types=bio,nonbio -mosip.admin.security.policy.bio=finger,iris,face -mosip.admin.security.policy.nonbio=otp,password -mosip.admin.security.policy.policy-types=type1,type2,type3 -mosip.admin.security.policy.type1=password -mosip.admin.security.policy.type2=password,otp -mosip.admin.security.policy.type3=otp -mosip.admin.security.policy.role-policy-mapping={ZONAL_ADMIN:'type2',ZONAL_APPROVER:'type1',CENTRAL_ADMIN:'type1',CENTRAL_APPROVER:'type1',REGISTRATION_OFFICER:'type1',REGISTRATION_SUPERVISOR:'type1',REGISTRATION_OPERATOR:'type1'} -mosip.admin.security.policy.userrole-auth-url=${authmanager.base.url}/role/{appId}/{username} - -#---------------------------Masterdata Cards--------------------------------- - -mosip.admin.masterdata.lang-code=eng,ara,fra - -#masterdata machine -mosip.admin.masterdata.card.machines-eng=Machines -mosip.admin.masterdata.card.machines-ara=\u0622\u0644\u0627\u062A -mosip.admin.masterdata.card.machines-fra=Machines - -#masterdata machine specs -mosip.admin.masterdata.card.machine-specs-eng=Machine Specifications -mosip.admin.masterdata.card.machine-specs-fra=Spécifications de la machine -mosip.admin.masterdata.card.machine-specs-ara=\u0645\u0648\u0627\u0635\u0641\u0627\u062A \u0627\u0644\u062C\u0647\u0627\u0632 - -#masterdata machine types -mosip.admin.masterdata.card.machine-types-eng=Machine Types -mosip.admin.masterdata.card.machine-types-fra=Types de machines -mosip.admin.masterdata.card.machine-types-ara=\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0645\u0627\u0643\u064A\u0646\u0627\u062A - -#masterdata devices -mosip.admin.masterdata.card.devices-eng=Devices -mosip.admin.masterdata.card.devices-ara=\u0627\u0644\u0623\u062C\u0647\u0632\u0629 -mosip.admin.masterdata.card.devices-fra=Dispositifs - -#masterdata device specs -mosip.admin.masterdata.card.device-specs-eng=Device Specification -mosip.admin.masterdata.card.device-specs-fra=Spécification de l'appareil -mosip.admin.masterdata.card.device-specs-ara=\u0645\u0648\u0627\u0635\u0641\u0627\u062A \u0627\u0644\u062C\u0647\u0627\u0632 - -#masterdata device types -mosip.admin.masterdata.card.device-types-eng=Device Types -mosip.admin.masterdata.card.device-types-fra=Types de périphériques -mosip.admin.masterdata.card.device-types-ara=\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0623\u062C\u0647\u0632\u0629 - -#masterdata registration center -mosip.admin.masterdata.card.centers-eng=Registration Center -mosip.admin.masterdata.card.centers-fra=Centre d'inscription -mosip.admin.masterdata.card.centers-ara=\u0645\u0631\u0643\u0632 \u0627\u0644\u062A\u0633\u062C\u064A\u0644 - -#masterdata regcenter type -mosip.admin.masterdata.card.center-type-eng=Registration Center Type -mosip.admin.masterdata.card.center-type-fra=Type de centre d'inscription -mosip.admin.masterdata.card.center-type-ara=\u0646\u0648\u0639 \u0645\u0631\u0643\u0632 \u0627\u0644\u062A\u0633\u062C\u064A\u0644 - -#masterdata blacklisted words -mosip.admin.masterdata.card.blacklisted-eng=Blacklisted Words -mosip.admin.masterdata.card.blacklisted-fra=Mots sur la liste noire -mosip.admin.masterdata.card.blacklisted-ara=\u0643\u0644\u0645\u0627\u062A \u0641\u064A \u0627\u0644\u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0633\u0648\u062F\u0627\u0621 - -#masterdata title -mosip.admin.masterdata.card.titles-eng=Title -mosip.admin.masterdata.card.titles-fra=Titre -mosip.admin.masterdata.card.titles-ara=\u0639\u0646\u0648\u0627\u0646 - -#masterdata gender -mosip.admin.masterdata.card.genders-eng=Gender -mosip.admin.masterdata.card.genders-fra=le sexe -mosip.admin.masterdata.card.genders-ara=\u062C\u0646\u0633 - -#masterdata individual types -mosip.admin.masterdata.card.individuals-eng=Individual -mosip.admin.masterdata.card.individuals-fra=Individuel -mosip.admin.masterdata.card.individuals-ara=\u0641\u0631\u062F - -#masterdata document types -mosip.admin.masterdata.card.document-types-eng=Document Types -mosip.admin.masterdata.card.document-types-fra=Types de documents -mosip.admin.masterdata.card.document-types-ara=\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0645\u0633\u062A\u0646\u062F\u0627\u062A - -#masterdata document category -mosip.admin.masterdata.card.document-category-eng=Document Category -mosip.admin.masterdata.card.document-category-fra=Catégorie de document -mosip.admin.masterdata.card.document-category-ara=\u0641\u0626\u0629 \u0627\u0644\u0648\u062B\u064A\u0642\u0629 - -#masteradata holidays -mosip.admin.masterdata.card.holidays-eng=Holidays -mosip.admin.masterdata.card.holidays-fra=Vacances -mosip.admin.masterdata.card.holidays-ara=\u0627\u0644\u0639\u0637\u0644 - -#masterdata locations -mosip.admin.masterdata.card.locations-eng=Locations -mosip.admin.masterdata.card.locations-fra=Emplacements -mosip.admin.masterdata.card.locations-ara=\u0645\u0648\u0627\u0642\u0639 - -#masterdata template -mosip.admin.masterdata.card.templates-eng=Templates -mosip.admin.masterdata.card.templates-fra=Modèles -mosip.admin.masterdata.card.templates-ara=\u0642\u0648\u0627\u0644\u0628 - -#masterdata valid document -mosip.admin.masterdata.card.valid-document-eng=Valid Documents -mosip.admin.masterdata.card.valid-document-fra=Documents valides -mosip.admin.masterdata.card.valid-document-ara=\u0648\u062B\u0627\u0626\u0642 \u0635\u0627\u0644\u062D\u0629 - -#-----------------UINActive/Deactive--------------------------------- - -mosip.admin.uinmgmt.uin-detail-search=http://idrepo-identity-service/v1/identity/uin/{uin} -mosip.kernel.packet-status-update-url=http://regproc-registration-transaction-service/registrationprocessor/v1/registrationtransaction/search -mosip.kernel.packet-reciever-api-url=http://dmz.ingress:30080/registrationprocessor/v1/packetreceiver/registrationpackets - -mosip.kernel.zone-validation-url=http://kernel-masterdata-service/v1/masterdata/zones/authorize -mosip.kernel.registrationcenterid.length=5 -mosip.kernel.audit.manager.api=http://kernel-auditmanager-service/v1/auditmanager/audits -mosip.kernel.masterdata.audit-url=http://kernel-auditmanager-service/v1/auditmanager/audits - ------------ - -# The base-url below should be an external URL to connect to keycloak -# keycloak.external.url is Ansible defined -mosip.open-id.base-url=${keycloak.external.url} -mosip.admin-services.audit.manager.api=http://kernel-auditmanager-service/v1/auditmanager/audits -mosip.admin-services.open-id.realmid=mosip -mosip.admin-services.open-id.login_flow.name=authorization_code -mosip.admin-services.open-id.clientid=mosip-admin-services-client -mosip.admin-services.open-id.clientsecret={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db - -# mosipbox.public.url is Ansible defined -mosip.admin-services.redirecturi=${mosipbox.public.url}/v1/admin/login-redirect/ -mosip.admin-services.open-id.login_flow.scope=cls -mosip.admin-services.open-id.login_flow.response_type=code -mosip.admin-services.open-id.authorization_endpoint=${mosip.open-id.base-url}/auth/realms/{realmId}/protocol/openid-connect/auth -mosip.admin-services.open-id.token_endpoint=${mosip.open-id.base-url}/auth/realms/{realmId}/protocol/openid-connect/token -mosip.admin-services.cookie.security=true - -#---------------------------------------Security Properties----------------------------- - -#CSRF switch -mosip.security.csrf-enable=false - -#CORS switch -mosip.security.cors-enable=false - -#comma separated allowed origins -mosip.security.origins=localhost:8080 - -#secure cookie switch -mosip.security.secure-cookie=false - -# IAM -mosip.iam.module.login_flow.name=authorization_code -mosip.iam.module.clientID=mosip-admin-client -mosip.iam.module.clientsecret={cipher}29ab73abaca4b954df11ce802dbf92258da2456117ba901b96ff5d51185c3aa1 -mosip.iam.module.redirecturi=${mosipbox.public.url}/v1/admin/login-redirect/ -mosip.iam.module.login_flow.scope=cls -mosip.iam.module.login_flow.response_type=code -mosip.iam.authorization_endpoint=${mosipbox.public.url}/keycloak/auth/realms/mosip/protocol/openid-connect/auth -mosip.iam.module.admin_realm_id=mosip -mosip.iam.token_endpoint=${mosipbox.public.url}/keycloak/auth/realms/mosip/protocol/openid-connect/token - -regproc.token.request.appid=regproc -regproc.token.request.clientId=mosip-regproc-client -regproc.token.request.secretKey={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db -regproc.token.request.id=io.mosip.registration.processor -regproc.token.request.version=1.0 -KEYBASEDTOKENAPI=${authmanager.base.url}/authenticate/clientidsecretkey diff --git a/sandbox/applicanttype-document-mapping.json b/sandbox/applicanttype-document-mapping.json deleted file mode 100644 index f196f3d277e..00000000000 --- a/sandbox/applicanttype-document-mapping.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "applicantCategory": [{ - "applicantType": "adult", - "documentCategory": [{ - "key": "proofOfAddress", - "values": [ - "DOC001", "DOC013", "DOC014", "DOC015", "DOC005", "DOC005", "DOC006", "DOC016", "DOC017", "DOC018", "DOC008" - ] - }, - { - "key": "proofOfIdentity", - "values": [ - "DOC001", "DOC002", "DOC003", "DOC004", "DOC005", "DOC006", "DOC007", "DOC008", "DOC009", "DOC010", "DOC011", "DOC012" - ] - } - ] - }, - { - "applicantType": "child", - "documentCategory": [{ - "key": "proofOfRelation", - "values": [ - "DOC024", "DOC025", "DOC026", "DOC001", "DOC027", "DOC028" - ] - }, - { - "key": "proofOfIdentity", - "values": [ - "DOC001", "DOC006", "DOC009" - ] - }, - { - "key": "proofOfAddress", - "values": [ - "DOC001", "DOC013", "DOC014", "DOC006" - ] - } - ] - } - ] -} diff --git a/sandbox/applicanttype.mvel b/sandbox/applicanttype.mvel deleted file mode 100644 index e6eaabc9097..00000000000 --- a/sandbox/applicanttype.mvel +++ /dev/null @@ -1,121 +0,0 @@ -def getApplicantType(map,a) { - import java.time.LocalDate; - import java.time.LocalDateTime; - import java.time.format.DateTimeFormatter; - import java.time.Period; - - - String itc = null; - String dob = null; - String genderType = null; - boolean isBioExPresent = false; - String FOREIGNER = "FR"; - String NON_FOREIGNER = "NFR"; - String MALE = "MLE"; - String FEMALE = "FLE"; - String CHILD = "CHL"; - String ADULT = "ADL"; - String ATTR_INDIVIDUAL_TYPE = "individualTypeCode"; - String ATTR_DATE_OF_BIRTH = "dateofbirth"; - String ATTR_GENDER_TYPE = "genderCode"; - String ATTR_BIOMETRIC_EXCEPTION_TYPE = "biometricAvailable"; - String UTC_DATETIME_PATTERN = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"; - - itc= (String) map[ATTR_INDIVIDUAL_TYPE]; - - dob= (String) map[ATTR_DATE_OF_BIRTH]; - - if(dob == empty || dob == null ){ - return "KER-MSD-147"; - } - - int age = -1; - LocalDate currentDate = LocalDate.now(); - - LocalDate birthDate = LocalDateTime.parse(dob, DateTimeFormatter.ofPattern(UTC_DATETIME_PATTERN)).toLocalDate(); - - if (birthDate != null && currentDate != null && !birthDate.isAfter(currentDate)) { - age = Period.between(birthDate, currentDate).getYears(); - } - else{ - return age; - } - - - genderType=(String) map[ATTR_GENDER_TYPE]; - isBioExPresent =(Boolean)map[ATTR_BIOMETRIC_EXCEPTION_TYPE]; - - if (((itc == empty || itc == null) && (dob == -1 ) && (genderType == empty || genderType == null ) && (isBioExPresent == empty || isBioExPresent == null))) - return "KER-MSD-147"; - if(age >= agelimit) - ageCode=ADULT; - else if( age >= 0 && age < agelimit) - ageCode=CHILD; - - if (itc == FOREIGNER && genderType == MALE && ageCode == CHILD && !isBioExPresent ) { - - return "001"; - } else if (itc == FOREIGNER && genderType == MALE && ageCode == ADULT && !isBioExPresent ) { - - return "002"; - - } else if (itc == NON_FOREIGNER && genderType == MALE && ageCode == CHILD && !isBioExPresent ) { - - return "003"; - - } else if (itc == NON_FOREIGNER && genderType == MALE && ageCode == ADULT && !isBioExPresent ) { - - return "004"; - - } else if (itc == FOREIGNER && genderType == FEMALE && ageCode == CHILD && !isBioExPresent ) { - - return "005"; - - } else if (itc == FOREIGNER && genderType == FEMALE && ageCode == ADULT && !isBioExPresent ) { - - return "006"; - - } else if (itc == NON_FOREIGNER && genderType == FEMALE && ageCode == CHILD && !isBioExPresent ) { - - return "007"; - - } else if (itc == NON_FOREIGNER && genderType == FEMALE && ageCode == ADULT && !isBioExPresent ) { - - return "008"; - - } else if (itc == FOREIGNER && genderType == MALE && ageCode == CHILD && isBioExPresent ) { - - return "009"; - - } else if (itc == FOREIGNER && genderType == MALE && ageCode == ADULT && isBioExPresent ) { - - return "010"; - - } else if (itc == NON_FOREIGNER && genderType == MALE && ageCode == CHILD && isBioExPresent ) { - - return "011"; - - } else if (itc == NON_FOREIGNER && genderType == MALE && ageCode == ADULT && isBioExPresent ) { - - return "012"; - - } else if (itc == FOREIGNER && genderType == FEMALE && ageCode == CHILD && isBioExPresent ) { - - return "013"; - - } else if (itc == FOREIGNER && genderType == FEMALE && ageCode == ADULT && isBioExPresent ) { - - return "014"; - - } else if (itc == NON_FOREIGNER && genderType == FEMALE && ageCode == CHILD && isBioExPresent ) { - - return "015"; - - } else if (itc == NON_FOREIGNER && genderType == FEMALE && ageCode == ADULT && isBioExPresent ) { - - return "016"; - - } - return null; - -}; \ No newline at end of file diff --git a/sandbox/application-dmz.properties b/sandbox/application-dmz.properties deleted file mode 100644 index e02b234633a..00000000000 --- a/sandbox/application-dmz.properties +++ /dev/null @@ -1,360 +0,0 @@ -#---------------------------------------Common properties----------------------- -aplication.configuration.level.version=1.1.4 -mz.ingress.base.url: http://mz.ingress:30080 - -#Kernel-idobjectalidator -# Plug in property source as either 'LOCAL' or 'CONFIG_SERVER' or 'APPLICATION_CONTEXT' through this key -mosip.kernel.idobjectvalidator.property-source=APPLICATION_CONTEXT -mosip.kernel.idobjectvalidator.schema-name=mosip-identity-json-schema.json -mosip.kernel.idobjectvalidator.file-storage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ -mosip.kernel.idobjectvalidator.masterdata.locations.locationNotAvailable=NA - -mosip.masterdata.base.url = ${mz.ingress.base.url} -mosip.kernel.idobjectvalidator.masterdata.languages.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/languages -mosip.kernel.idobjectvalidator.masterdata.gendertypes.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/gendertypes -mosip.kernel.idobjectvalidator.masterdata.documentcategories.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/documentcategories -mosip.kernel.idobjectvalidator.masterdata.documenttypes.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/documenttypes/{documentcategorycode}/{langcode} -mosip.kernel.idobjectvalidator.masterdata.locations.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/locations/{langcode} -mosip.kernel.idobjectvalidator.masterdata.locationhierarchy.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/locations/locationhierarchy/{hierarchyname} -mosip.kernel.idobjectvalidator.masterdata.individualtypes.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/individualtypes - -mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.new-registration=fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber -mosip.kernel.idobjectvalidator.mandatory-attributes.pre-registration.new-registration=fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-client.new-registration=fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.new-registration=fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber -mosip.kernel.idobjectvalidator.mandatory-attributes.pre-registration.child-registration=fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-client.child-registration=fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.child-registration=fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics - -mosip.country.code=MOR - -# Language Supported By Platform - ISO -mosip.supported-languages=eng,ara,fra - -mosip.primary-language=eng -mosip.secondary-language=ara - -# Application IDs -mosip.prereg.app-id=PRE_REGISTRATION -mosip.reg.app-id=REGISTRATION -mosip.regproc.app-id=REGISTRATION_PROCESSOR -mosip.ida.app-id=IDA -mosip.ida.ref-id=INTERNAL -mosip.idrepo.app-id=ID_REPO - -# UTC ISO Date Time Pattern -mosip.utc-datetime-pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' -mosip.sign.header=response-signature -mosip.signed.response.header=response-signature - -#----------------------- CBEFF Util-------------------------------------------------- -# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. -mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ -# Cbeff XSD file name in config server -mosip.kernel.xsdfile=mosip-cbeff.xsd - -#----------------------------- Applicant Type -------------------------------------------------- -mosip.kernel.applicant.type.age.limit = 5 - -#----------------------------- Static PIN -------------------------------------------------- -mosip.kernel.pin.length=6 - -#-----------------------------TspId ----------------------------------------------- -#length of the Tsp id -mosip.kernel.tspid.length=4 - -#-----------------------------partnerId ----------------------------------------------- -#length of the partner id -mosip.kernel.partnerid.length=4 - -#-----------------------------TOKEN-ID Properties--------------------------------- -#length of the token id -mosip.kernel.tokenid.length=36 - -#-----------------------------Registration Center Id ----------------------------------------------- -#length of the registration center id -mosip.kernel.registrationcenterid.length=5 - -#-----------------------------Machine Id ----------------------------------------------- -#length of the machine id -mosip.kernel.machineid.length=5 - -#-----------------------------RID Properties--------------------------------------- -# length of the rid -mosip.kernel.rid.length=29 -# length of the timestamp -mosip.kernel.rid.timestamp-length=14 -# rid sequence max digits -mosip.kernel.rid.sequence-length=5 - -# Upper bound of number of digits in sequence allowed in id. For example if -# limit is 3, then 12 is allowed but 123 is not allowed in id (in both -# ascending and descending order) -mosip.kernel.tokenid.sequence-limit=3 - -#-----------------------------PRID Properties------------------------------------ -#prid-length -mosip.kernel.prid.length=14 - -# Upper bound of number of digits in sequence allowed in id. For example if -# limit is 3, then 12 is allowed but 123 is not allowed in id (in both -# ascending and descending order) -#to disable validation assign zero or negative value -mosip.kernel.prid.sequence-limit=3 - -# Number of digits in repeating block allowed in id. For example if limit is 2, -# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) -#to disable validation assign zero or negative value -mosip.kernel.prid.repeating-block-limit=3 - - -# Lower bound of number of digits allowed in between two repeating digits in -# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) to disable validation assign zero or negative value -mosip.kernel.prid.repeating-limit=2 - -# list of number that id should not be start with to disable null -mosip.kernel.prid.not-start-with=0,1 - -#restricted numbers for prid -mosip.kernel.prid.restricted-numbers=786,666 - - -#-----------------------------VID Properties-------------------------------------- -# length of the vid -mosip.kernel.vid.length=16 - -# Upper bound of number of digits in sequence allowed in id. For example if -# limit is 3, then 12 is allowed but 123 is not allowed in id (in both -# ascending and descending order) -# to disable sequence limit validation assign 0 or negative value -mosip.kernel.vid.length.sequence-limit=3 - -# Number of digits in repeating block allowed in id. For example if limit is 2, -# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) -# to disable repeating block validation assign 0 or negative value -mosip.kernel.vid.length.repeating-block-limit=2 - - -# Lower bound of number of digits allowed in between two repeating digits in -# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) -# to disable repeating limit validation, assign 0 or negative value -mosip.kernel.vid.length.repeating-limit=2 - -# list of number that id should not be start with -# to disable null -mosip.kernel.vid.not-start-with=0,1 - -#restricted numbers for vid -mosip.kernel.vid.restricted-numbers=786,666 - -#-----------------------------UIN Properties-------------------------------------- -#length of the uin -mosip.kernel.uin.length=10 -#minimum threshold of unused uin -mosip.kernel.uin.min-unused-threshold=200000 -#number of uins to generate -mosip.kernel.uin.uins-to-generate=500000 -#restricted numbers for uin -mosip.kernel.uin.restricted-numbers=786,666 - -# Upper bound of number of digits in sequence allowed in id. For example if -# limit is 3, then 12 is allowed but 123 is not allowed in id (in both -# ascending and descending order) -# to disable sequence limit validation assign 0 or negative value -mosip.kernel.uin.length.sequence-limit=3 - -# Number of digits in repeating block allowed in id. For example if limit is 2, -# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) -#to disable validation assign zero or negative value -mosip.kernel.uin.length.repeating-block-limit=2 - -# Lower bound of number of digits allowed in between two repeating digits in -# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) -# to disable repeating limit validation, assign 0 or negative value -mosip.kernel.uin.length.repeating-limit=2 - -#reverse group digit limit for uin filter -mosip.kernel.uin.length.reverse-digits-limit=5 - -#group digit limit for uin filter -mosip.kernel.uin.length.digits-limit=5 - -#should not start with -mosip.kernel.uin.not-start-with=0,1 - -#adjacent even digit limit for uin filter -mosip.kernel.uin.length.conjugative-even-digits-limit=3 - - - -#------------------------Auth-Adapter----------------------------------------------- -auth.server.validate.url=${mz.ingress.base.url}/v1/authmanager/authorize/admin/validateToken -#----------------------- Crypto -------------------------------------------------- -#Crypto asymmetric algorithm name -mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING -#Crypto symmetric algorithm name -mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding -#Keygenerator asymmetric algorithm name -mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA -#Keygenerator symmetric algorithm name -mosip.kernel.keygenerator.symmetric-algorithm-name=AES -#Asymmetric algorithm key length -mosip.kernel.keygenerator.asymmetric-key-length=2048 -#Symmetric algorithm key length -mosip.kernel.keygenerator.symmetric-key-length=256 -#Keygenerator symmetric algorithm name -mosip.kernel.keygenerator.symmetric-algorithm-name=AES -# keygenerator asymmetric algorithm name -mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA -#Encrypted data and encrypted symmetric key separator -mosip.kernel.data-key-splitter=#KEY_SPLITTER# -#GCM tag length -mosip.kernel.crypto.gcm-tag-length=128 -#Hash algo name -mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 -#Symmtric key length used in hash -mosip.kernel.crypto.hash-symmetric-key-length=256 -#No of iterations in hash -mosip.kernel.crypto.hash-iteration=100000 -#Sign algo name -mosip.kernel.crypto.sign-algorithm-name=RS256 - -mosip.keymanager.base.url=http://kernel-keymanager-service -mosip.kernel.keymanager-service-publickey-url=${mosip.keymanager.base.url}/v1/keymanager/publickey/{applicationId} -mosip.kernel.keymanager-service-decrypt-url=${mosip.keymanager.base.url}/v1/keymanager/decrypt -mosip.kernel.keymanager-service-auth-decrypt-url=${mosip.keymanager.base.url}/v1/keymanager/auth/decrypt -mosip.kernel.keymanager-service-sign-url=${mosip.keymanager.base.url}/v1/keymanager/sign -mosip.sign.applicationid=KERNEL -mosip.sign.refid=SIGN -mosip.kernel.cryptomanager.request_id=CRYPTOMANAGER.REQUEST -mosip.kernel.cryptomanager.request_version=v1.0 -mosip.kernel.signature.signature-request-id=SIGNATURE.REQUEST -mosip.kernel.signature.signature-version-id=v1.0 - - - -#----------------------------------ID Repo------------------------------------------ -mosip.idrepo.identity.uin-status.registered=ACTIVATED -mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED - -#---------------------------------------otp manager service------------------------------- -#the default length for otp(in number) -mosip.kernel.otp.default-length=6 -#the default crypto function -#It can be: HmacSHA512, HmacSHA256, HmacSHA1. -mosip.kernel.otp.mac-algorithm=HmacSHA512 -#the OTP expires after the given time(in seconds). -mosip.kernel.otp.expiry-time=180 -#the key is freezed for the given time(in seconds). -mosip.kernel.otp.key-freeze-time=1800 -#the number of validation attempts allowed(in number). -#mosip.kernel.otp.validation-attempt-threshold =3 means , the validation and generation will be blocked from 4th time. -mosip.kernel.otp.validation-attempt-threshold=10 -#minimum length of key(in number). -mosip.kernel.otp.min-key-length=3 -#maximum length of key(in number). -mosip.kernel.otp.max-key-length=64 - - -#--------------------------------------Licensekeymanager Service-------------------------------------- -#the license key length. -mosip.kernel.licensekey.length=16 -#List of permissions -# NOTE: ',' in the below list is used as splitter in the implementation. -# Use of ',' in the values for below key should be avoided. -# Use of spaces before and after ',' also should be avoided. -mosip.kernel.licensekey.permissions=OTP Trigger,OTP Authentication,Demo Authentication - Identity Data Match,Demo Authentication - Address Data Match,Demo Authentication - Full Address Data Match,Demo Authentication - Secondary Language Match,Biometric Authentication - FMR Data Match,Biometric Authentication - IIR Data Match,Biometric Authentication - FID Data Match,Static Pin Authentication,eKYC - limited,eKYC - Full,eKYC - No - - - -#-----------------------------Virus Scanner-------------------------------------- -mosip.kernel.virus-scanner.host=clamav -mosip.kernel.virus-scanner.port=80 - -#------------------------Transliteration----------------------------------------------- -mosip.kernel.transliteration.arabic-language-code=ara -mosip.kernel.transliteration.franch-language-code=fra - - - -#-------Registration processor Notification types------------ -mosip.registration.processor.notification.types=SMS|EMAIL - - -mosip.default.dob.month=01 -mosip.default.dob.day=01 -mosip.login.mode= email,mobile - - -#---Language orientation----- -mosip.right_to_left_orientation=ara -mosip.left_to_right_orientation=eng,fra - - -#**************** Notification Type ************* -#mosip.notificationtype=SMS|EMAIL -mosip.notificationtype=EMAIL -mosip.kernel.sms.proxy-sms=false -#******** Notification lanugage types - either PRIMARY or BOTH ******** -mosip.notification.language-type=BOTH - - -#-------------------System--------------- -logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=INFO - -#-------------------Admin--------------- -mosip.min-digit-longitude-latitude=4 -mosip.kernel.filtervalue.max_columns=20 - -auth.server.admin.validate.url=${mz.ingress.base.url}/v1/authmanager/authorize/admin/validateToken - -#------------------PDF Genration----------------------------------------- -mosip.kernel.pdf_owner_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -#------------------Quality Check----------------------------------------- -#Quality threshold for applicant iris -mosip.iris_threshold=0 -#Quality threshold for applicant leftslap fingerprint -mosip.leftslap_fingerprint_threshold=0 -#Quality threshold for applicant rightslap fingerprint -mosip.rightslap_fingerprint_threshold=0 -#Quality threshold for applicant thumbs fingerprint -mosip.thumbs_fingerprint_threshold=0 -#Quality threshold for applicant face -mosip.facequalitythreshold=0 -#Bio SDK Integration -mosip.fingerprint.provider=io.mosip.kernel.bioapi.impl.BioApiImpl -mosip.face.provider=io.mosip.kernel.bioapi.impl.BioApiImpl -mosip.iris.provider=io.mosip.kernel.bioapi.impl.BioApiImpl - -#-------UIN Alias------------------- -mosip.uin.alias= - -#---------------------------------kernel Salt Generator---------------------------------------------------# -mosip.kernel.salt-generator.chunk-size=10 -mosip.kernel.salt-generator.start-sequence=0 -mosip.kernel.salt-generator.end-sequence=999 -#----------------------------------------------------------------------------------------------------------# -server.max-http-header-size=10000000 - -mosip.kernel.auth.adapter.ssl-bypass=true - -# device registration/deregistration config -mosip.stage.environment=Developer - -# log level -logging.level.root=WARN -logging.level.io.mosip=INFO -logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO - -#iam adapter -mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter - -# tomcat access logs -server.tomcat.accesslog.enabled=true -server.tomcat.accesslog.directory=/dev -server.tomcat.accesslog.prefix=stdout -server.tomcat.accesslog.buffered=false -server.tomcat.accesslog.suffix= -server.tomcat.accesslog.file-date-format= -server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}"} -server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve diff --git a/sandbox/application-mz.properties b/sandbox/application-mz.properties deleted file mode 100644 index 8c3de84757a..00000000000 --- a/sandbox/application-mz.properties +++ /dev/null @@ -1,483 +0,0 @@ - -#---------------------------------------Common properties----------------------- -aplication.configuration.level.version=1.1.4 - -#---------------------------------------IdObjetReferenceValidator Properties-----------------------# -# Value used in IdObjectReferenceValidator when location is not available -mosip.kernel.idobjectvalidator.masterdata.locations.locationNotAvailable=NA - -# Masterdata apis used to retreive data for IdObjectReferenceValidator -mosip.masterdata.base.url = http://kernel-masterdata-service - -# Commenting/removing below property will disable all masterdata validations as supported languages are required for all other validations -mosip.kernel.idobjectvalidator.masterdata.languages.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/languages - -# commenting/removing below property will disable Gender masterdata validation -mosip.kernel.idobjectvalidator.masterdata.gendertypes.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/gendertypes - -# commenting/removing below properties will disable Document Type masterdata validation -mosip.kernel.idobjectvalidator.masterdata.documentcategories.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/documentcategories -mosip.kernel.idobjectvalidator.masterdata.documenttypes.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/documenttypes/{documentcategorycode}/{langcode} - -# commenting/removing below properties will disable location and location hierarchy masterdata validations -mosip.kernel.idobjectvalidator.masterdata.locations.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/locations/{langcode} -mosip.kernel.idobjectvalidator.masterdata.locationhierarchy.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/locations/locationhierarchy/{hierarchyname} - -# commenting/removing below properties will disable individualtype/resident status masterdata validations -mosip.kernel.idobjectvalidator.masterdata.individualtypes.rest.uri=${mosip.masterdata.base.url}/v1/masterdata/individualtypes - -# List of Location Hierarchy mappings for which the provided fields are from identity schema -# and its values are validated against mapped location hierarchy masterdata. -# Needs to be updated when Identity Schema has been updated. -mosip.kernel.idobjectvalidator.locationhierarchy.mapping.0=country -mosip.kernel.idobjectvalidator.locationhierarchy.mapping.1=region -mosip.kernel.idobjectvalidator.locationhierarchy.mapping.2=province -mosip.kernel.idobjectvalidator.locationhierarchy.mapping.3=city -mosip.kernel.idobjectvalidator.locationhierarchy.mapping.4=zone -mosip.kernel.idobjectvalidator.locationhierarchy.mapping.5=postalCode - -# Date format expected in identity json. commenting/removing below property will disable dob format validation in identity json. -mosip.kernel.idobjectvalidator.date-format=uuuu/MM/dd - -# --------- Properties that needs to be updated when Identity Schema has been updated ---------------# -# Mandatory attributes used by IdObjectSchemaValidator. These values needs to be updated when Identity schema is updated. -mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone -mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.update-uin=IDSchemaVersion,UIN -mosip.kernel.idobjectvalidator.mandatory-attributes.pre-registration.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber -mosip.kernel.idobjectvalidator.mandatory-attributes.pre-registration.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-client.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-client.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.other=IDSchemaVersion,UIN -mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.lost=IDSchemaVersion - -# Bio attribute allowed to be stored in IDRepo as per Identity Schema -mosip.idrepo.identity.allowedBioAttributes=individualBiometrics - -# List of all bio attriutes defined in Identity Schema -mosip.idrepo.identity.bioAttributes=individualBiometrics,parentOrGuardianBiometrics -#----------------------------------------------------------------------------------------------------# - -mosip.country.code=MOR - -# Language Supported By Platform - ISO -mosip.supported-languages=eng,ara,fra - -mosip.primary-language=eng -mosip.secondary-language=ara - -# Application IDs -mosip.prereg.app-id=PRE_REGISTRATION -mosip.reg.app-id=REGISTRATION -mosip.regproc.app-id=REGISTRATION_PROCESSOR -mosip.ida.app-id=IDA -mosip.ida.ref-id=INTERNAL -mosip.idrepo.app-id=ID_REPO - -# UTC ISO Date Time Pattern -mosip.utc-datetime-pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' -mosip.sign.header=response-signature -mosip.signed.response.header=response-signature - -#----------------------- CBEFF Util-------------------------------------------------- -# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. -mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ -# Cbeff XSD file name in config server -mosip.kernel.xsdfile=mosip-cbeff.xsd - -#----------------------------- Applicant Type -------------------------------------------------- -mosip.kernel.applicant.type.age.limit = 5 -mosip.kernel.applicantType.mvel.file=applicanttype.mvel -mosip.kernel.config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ -#----------------------------- Static PIN -------------------------------------------------- -mosip.kernel.pin.length=6 - -#-----------------------------TspId ----------------------------------------------- -#length of the Tsp id -mosip.kernel.tspid.length=4 - -#-----------------------------partnerId ----------------------------------------------- -#length of the partner id -mosip.kernel.partnerid.length=4 - -#-----------------------------TOKEN-ID Properties--------------------------------- -#length of the token id -mosip.kernel.tokenid.length=36 - -#-----------------------------Registration Center Id ----------------------------------------------- -#length of the registration center id -mosip.kernel.registrationcenterid.length=5 - -#-----------------------------Machine Id ----------------------------------------------- -#length of the machine id -mosip.kernel.machineid.length=5 - -#-----------------------------RID Properties--------------------------------------- -# length of the rid -mosip.kernel.rid.length=29 -# length of the timestamp -mosip.kernel.rid.timestamp-length=14 -# rid sequence max digits -mosip.kernel.rid.sequence-length=5 - -# Upper bound of number of digits in sequence allowed in id. For example if -# limit is 3, then 12 is allowed but 123 is not allowed in id (in both -# ascending and descending order) -mosip.kernel.tokenid.sequence-limit=3 - -#-----------------------------PRID Properties------------------------------------ -#prid-length -mosip.kernel.prid.length=14 - -# Upper bound of number of digits in sequence allowed in id. For example if -# limit is 3, then 12 is allowed but 123 is not allowed in id (in both -# ascending and descending order) -#to disable validation assign zero or negative value -mosip.kernel.prid.sequence-limit=3 - -# Number of digits in repeating block allowed in id. For example if limit is 2, -# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) -#to disable validation assign zero or negative value -mosip.kernel.prid.repeating-block-limit=3 - - -# Lower bound of number of digits allowed in between two repeating digits in -# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) to disable validation assign zero or negative value -mosip.kernel.prid.repeating-limit=2 - -# list of number that id should not be start with to disable null -mosip.kernel.prid.not-start-with=0,1 - -#restricted numbers for prid -mosip.kernel.prid.restricted-numbers=786,666 - - -#-----------------------------VID Properties-------------------------------------- -# length of the vid -mosip.kernel.vid.length=16 - -# Upper bound of number of digits in sequence allowed in id. For example if -# limit is 3, then 12 is allowed but 123 is not allowed in id (in both -# ascending and descending order) -# to disable sequence limit validation assign 0 or negative value -mosip.kernel.vid.length.sequence-limit=3 - -# Number of digits in repeating block allowed in id. For example if limit is 2, -# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) -# to disable repeating block validation assign 0 or negative value -mosip.kernel.vid.length.repeating-block-limit=2 - - -# Lower bound of number of digits allowed in between two repeating digits in -# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) -# to disable repeating limit validation, assign 0 or negative value -mosip.kernel.vid.length.repeating-limit=2 - -# list of number that id should not be start with -# to disable null -mosip.kernel.vid.not-start-with=0,1 - -#restricted numbers for vid -mosip.kernel.vid.restricted-numbers=786,666 - -#-----------------------------UIN Properties-------------------------------------- -#length of the uin -mosip.kernel.uin.length=10 -#minimum threshold of unused uin -mosip.kernel.uin.min-unused-threshold=200000 -#number of uins to generate -mosip.kernel.uin.uins-to-generate=500000 -#restricted numbers for uin -mosip.kernel.uin.restricted-numbers=786,666 - -# Upper bound of number of digits in sequence allowed in id. For example if -# limit is 3, then 12 is allowed but 123 is not allowed in id (in both -# ascending and descending order) -# to disable sequence limit validation assign 0 or negative value -mosip.kernel.uin.length.sequence-limit=3 - -# Number of digits in repeating block allowed in id. For example if limit is 2, -# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) -#to disable validation assign zero or negative value -mosip.kernel.uin.length.repeating-block-limit=2 - -# Lower bound of number of digits allowed in between two repeating digits in -# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) -# to disable repeating limit validation, assign 0 or negative value -mosip.kernel.uin.length.repeating-limit=2 - -#reverse group digit limit for uin filter -mosip.kernel.uin.length.reverse-digits-limit=5 - -#group digit limit for uin filter -mosip.kernel.uin.length.digits-limit=5 - -#should not start with -mosip.kernel.uin.not-start-with=0,1 - -#adjacent even digit limit for uin filter -mosip.kernel.uin.length.conjugative-even-digits-limit=3 - - - -#------------------------Auth-Adapter----------------------------------------------- -auth.server.validate.url=http://kernel-auth-service/v1/authmanager/authorize/admin/validateToken -mosip.keycloak.issuerUrl=${mosipbox.public.url}/auth/realms/mosip -auth-token-generator.rest.issuerUrl=${mosip.keycloak.issuerUrl} - -#----------------------- Crypto -------------------------------------------------- -#Crypto asymmetric algorithm name -mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING -#Crypto symmetric algorithm name -mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding -#Keygenerator asymmetric algorithm name -mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA -#Keygenerator symmetric algorithm name -mosip.kernel.keygenerator.symmetric-algorithm-name=AES -#Asymmetric algorithm key length -mosip.kernel.keygenerator.asymmetric-key-length=2048 -#Symmetric algorithm key length -mosip.kernel.keygenerator.symmetric-key-length=256 -#Keygenerator symmetric algorithm name -mosip.kernel.keygenerator.symmetric-algorithm-name=AES -# keygenerator asymmetric algorithm name -mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA -#Encrypted data and encrypted symmetric key separator -mosip.kernel.data-key-splitter=#KEY_SPLITTER# -#GCM tag length -mosip.kernel.crypto.gcm-tag-length=128 -#Hash algo name -mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 -#Symmtric key length used in hash -mosip.kernel.crypto.hash-symmetric-key-length=256 -#No of iterations in hash -mosip.kernel.crypto.hash-iteration=100000 -#Sign algo name -mosip.kernel.crypto.sign-algorithm-name=RS256 - -mosip.keymanager.base.url=http://kernel-keymanager-service -mosip.kernel.keymanager-service-publickey-url=${mosip.keymanager.base.url}/v1/keymanager/publickey/{applicationId} -mosip.kernel.keymanager-service-decrypt-url=${mosip.keymanager.base.url}/v1/keymanager/decrypt -mosip.kernel.keymanager-service-auth-decrypt-url=${mosip.keymanager.base.url}/v1/keymanager/auth/decrypt -mosip.kernel.keymanager-service-sign-url=${mosip.keymanager.base.url}/v1/keymanager/sign -mosip.kernel.keymanager.cert.url=${mosip.keymanager.base.url}/v1/keymanager/getCertificate -mosip.sign.applicationid=KERNEL -mosip.sign.refid=SIGN -mosip.kernel.cryptomanager.request_id=CRYPTOMANAGER.REQUEST -mosip.kernel.cryptomanager.request_version=v1.0 -mosip.kernel.signature.signature-request-id=SIGNATURE.REQUEST -mosip.kernel.signature.signature-version-id=v1.0 - - - -#----------------------------------ID Repo------------------------------------------ -mosip.idrepo.identity.uin-status.registered=ACTIVATED -mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED - -#---------------------------------------otp manager service------------------------------- -#the default length for otp(in number) -mosip.kernel.otp.default-length=6 -#the default crypto function -#It can be: HmacSHA512, HmacSHA256, HmacSHA1. -mosip.kernel.otp.mac-algorithm=HmacSHA512 -#the OTP expires after the given time(in seconds). -mosip.kernel.otp.expiry-time=180 -#the key is freezed for the given time(in seconds). -mosip.kernel.otp.key-freeze-time=1800 -#the number of validation attempts allowed(in number). -#mosip.kernel.otp.validation-attempt-threshold =3 means , the validation and generation will be blocked from 4th time. -mosip.kernel.otp.validation-attempt-threshold=10 -#minimum length of key(in number). -mosip.kernel.otp.min-key-length=3 -#maximum length of key(in number). -mosip.kernel.otp.max-key-length=64 - - -#--------------------------------------Licensekeymanager Service-------------------------------------- -#the license key length. -mosip.kernel.licensekey.length=16 -#List of permissions -# NOTE: ',' in the below list is used as splitter in the implementation. -# Use of ',' in the values for below key should be avoided. -# Use of spaces before and after ',' also should be avoided. -mosip.kernel.licensekey.permissions=OTP Trigger,OTP Authentication,Demo Authentication - Identity Data Match,Demo Authentication - Address Data Match,Demo Authentication - Full Address Data Match,Demo Authentication - Secondary Language Match,Biometric Authentication - FMR Data Match,Biometric Authentication - IIR Data Match,Biometric Authentication - FID Data Match,Static Pin Authentication,eKYC - limited,eKYC - Full,eKYC - No - - - -#-----------------------------Virus Scanner-------------------------------------- -# Here we specify the Kubernetes service name, as clamav runs in the same cluster -mosip.kernel.virus-scanner.host=clamav -mosip.kernel.virus-scanner.port=80 - -#-------------------------------FS Adapter- HDFS ------------------------------- -mosip.kernel.fsadapter.hdfs.name-node-url=hdfs://hadoop-hdfs-nn:9000 -mosip.kernel.fsadapter.hdfs.authentication-enabled=false -# If HDFS is security is configured with Kerberos, Key Distribution Center domain -mosip.kernel.fsadapter.hdfs.kdc-domain=HDFSKERBEROS1.SOUTHINDIA.CLOUDAPP.AZURE.COM -# HDFS log level. Change this to debug to see hdfs logs -logging.level.org.apache.hadoop=warn -mosip.kernel.fsadapter.hdfs.keytab-file=classpath:mosip.keytab - - - -#------------------------Transliteration----------------------------------------------- -mosip.kernel.transliteration.arabic-language-code=ara -mosip.kernel.transliteration.franch-language-code=fra - - - -#-------Registration processor Notification types------------ -mosip.registration.processor.notification.types=EMAIL - - -mosip.default.dob.month=01 -mosip.default.dob.day=01 -mosip.login.mode= email,mobile - - -#---Language orientation----- -mosip.right_to_left_orientation=ara -mosip.left_to_right_orientation=eng,fra - - -#**************** Notification Type ************* -mosip.notificationtype=SMS|EMAIL -mosip.kernel.sms.proxy-sms=true -mosip.kernel.auth.proxy-otp=true -mosip.kernel.auth.proxy-email=true -#******** Notification lanugage types - either PRIMARY or BOTH ******** -mosip.notification.language-type=BOTH - - -#-------------------System--------------- -logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=INFO - -#-------------------Admin--------------- -mosip.min-digit-longitude-latitude=4 -mosip.kernel.filtervalue.max_columns=20 - -auth.server.admin.validate.url=http://kernel-auth-service/v1/authmanager/authorize/admin/validateToken - -#------------------PDF Genration----------------------------------------- -mosip.kernel.pdf_owner_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -#------------------Quality Check----------------------------------------- -#Quality threshold for applicant iris -mosip.iris_threshold=0 -#Quality threshold for applicant leftslap fingerprint -mosip.leftslap_fingerprint_threshold=0 -#Quality threshold for applicant rightslap fingerprint -mosip.rightslap_fingerprint_threshold=0 -#Quality threshold for applicant thumbs fingerprint -mosip.thumbs_fingerprint_threshold=0 -#Quality threshold for applicant face -mosip.facequalitythreshold=0 -#Bio SDK Integration -mosip.fingerprint.provider=io.mosip.kernel.bioapi.impl.BioApiImpl -mosip.face.provider=io.mosip.kernel.bioapi.impl.BioApiImpl -mosip.iris.provider=io.mosip.kernel.bioapi.impl.BioApiImpl - -#-------UIN Alias------------------- -mosip.uin.alias= - -#---------------------------------kernel Salt Generator---------------------------------------------------# -mosip.kernel.salt-generator.chunk-size=10 -mosip.kernel.salt-generator.start-sequence=0 -mosip.kernel.salt-generator.end-sequence=999 -#----------------------------------------------------------------------------------------------------------# -server.max-http-header-size=10000000 - -mosip.kernel.auth.adapter.ssl-bypass=true -mosip.kernel.auth.appid-realm-map={prereg:'preregistration',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip'} - -#---------------------------------prometheus : Metrics related configurations---------------------------------------------------# -management.endpoint.metrics.enabled=true -management.endpoints.web.exposure.include=* -management.endpoint.prometheus.enabled=true -management.metrics.export.prometheus.enabled=true - -mosip.kernel.syncdata-service-idschema-url=${mosip.masterdata.base.url}/v1/masterdata/idschema/latest -mosip.kernel.syncdata-service-dynamicfield-url=${mosip.masterdata.base.url}/v1/masterdata/dynamicfields -mosip.kernel.keymanager-service-validate-url=${mosip.keymanager.base.url}/v1/keymanager/validate - -# ------------ GPS settings --------- - -mosip.registration.gps_device_enable_flag=n - - -# ------------- Packet manager ---------------------- -# if source is not passed, packetmanager supports below default strategy - -# 1. 'exception' : it will throw exception. -# 2. 'defaultPriority' : use default priority packetmanager.default.priority. -packetmanager.default.read.strategy=defaultPriority -packetmanager.default.priority=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT - -mosip.commons.packetnames=id,evidence,optional -# reader -provider.packetreader.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|CORRECTION,classname:io.mosip.commons.packet.impl.PacketReaderImpl -provider.packetreader.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketReaderImpl -# writer -provider.packetwriter.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|CORRECTION,classname:io.mosip.commons.packet.impl.PacketWriterImpl -provider.packetwriter.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketWriterImpl -objectstore.adapter.name=S3Adapter -# can be OnlinePacketCryptoServiceImpl OR OfflinePacketCryptoServiceImpl -objectstore.crypto.name=OnlinePacketCryptoServiceImpl -default.provider.version=v1.0 -# posix adapter config -object.store.base.location=/home/mosip -hazelcast.config=classpath:hazelcast.xml -#-------------S3adapter------------------- -# s3 adapter config -object.store.s3.accesskey=admin -object.store.s3.secretkey={cipher}e419b23e688cc23991001afddbda206d42f7df5090c65f3566be7651c90128c1 -object.store.s3.url=http://minio:9000 -object.store.s3.region= -object.store.s3.readlimit=10000000 - -# swift adapter config -object.store.swift.username=test -object.store.swift.password=test -object.store.swift.url=http://localhost:8080 - -packet.manager.account.name=PACKET_MANAGER_ACCOUNT -CRYPTOMANAGER_DECRYPT=${mosip.keymanager.base.url}/v1/keymanager/decrypt -CRYPTOMANAGER_ENCRYPT=${mosip.keymanager.base.url}/v1/keymanager/encrypt -IDSCHEMAURL=${mosip.masterdata.base.url}/v1/masterdata/idschema/latest -KEYMANAGER_SIGN=${mosip.keymanager.base.url}/v1/keymanager/sign -AUDIT_URL=http://kernel-auditmanager-service/v1/auditmanager/audits -packet.default.source=id -schema.default.fieldCategory=pvt,none - -# device registration/deregistration config -mosip.stage.environment=Developer - -# log level -logging.level.root=WARN -logging.level.io.mosip=INFO -logging.level.io.vertx=DEBUG -logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO - -#iam adapter -mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter - -# tomcat access logs -server.tomcat.accesslog.enabled=true -server.tomcat.accesslog.directory=/dev -server.tomcat.accesslog.prefix=stdout -server.tomcat.accesslog.buffered=false -server.tomcat.accesslog.suffix= -server.tomcat.accesslog.file-date-format= -server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}","req.userAgent":"%{User-Agent}i","req.xForwardedFor":"%{X-Forwarded-For}i","req.referer":"%{Referer}i","req.method":%m,"req.remoteHost":%a} -server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve - -#---------------- Web Sub properties ------------------------- -# The base URL of dmz ingress used to point to websub service -dmz.ingress.base.url=http://dmz.ingress:30080 -# Websub base url -websub.base.url=${dmz.ingress.base.url} -# Websub URL for Topic Subscriptions -websub.hub.url=${websub.base.url}/websub/hub -# Websub URL for Publishing/registering topics -websub.publish.url=${websub.base.url}/websub/publish -#---------------- Web Sub property ---------------------------- -packetmanager.name.source={cnie:'CNIE',default:'REGISTRATION_CLIENT',resident:'RESIDENT'} diff --git a/sandbox/auth-policy-schema.json b/sandbox/auth-policy-schema.json deleted file mode 100644 index 8b4f2951219..00000000000 --- a/sandbox/auth-policy-schema.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "allowedKycAttributes":{ - "type":"array", - "additionalItems": false, - "items": - { - "type":"object", - "properties":{ - "attributeName":{ - "type":"string" - } - }, - "required":[ - "attributeName" - ], - "additionalProperties": false - } - - }, - "allowedAuthTypes":{ - "type":"array", - "additionalItems": false, - "items": - { - "type":"object", - "properties":{ - "authType":{ - "type":"string" - }, - "authSubType":{ - "type":"string" - }, - "mandatory":{ - "type":"boolean" - } - }, - "required":[ - "authType", - "mandatory" - ], - "additionalProperties": false - } - - }, - "authTokenType":{ - "type":"string", - "enum":["random","partner","policy"] - } - }, - "required":[ - "authTokenType", - "allowedAuthTypes", - "allowedKycAttributes" - ], - "additionalProperties": false -} \ No newline at end of file diff --git a/sandbox/credentialdata.mvel b/sandbox/credentialdata.mvel deleted file mode 100644 index 06fc121edf7..00000000000 --- a/sandbox/credentialdata.mvel +++ /dev/null @@ -1,21 +0,0 @@ -def convertDateFormat(value, inputformat, outputformat) { - import io.mosip.kernel.core.util.DateUtils; - import java.util.Date; - Date date=DateUtils.parseToDate(value, inputformat); - String formattedDate= DateUtils.formatDate(date, outputformat); - return formattedDate; -}; -def convertToMaskData(value) { - -StringBuilder sbMaskString = new StringBuilder(""); - - for (int i = 0; i < 2; i++) { - sbMaskString.append("*"); - } - return sbMaskString.toString() + value.substring(0 + 2); -}; -def formatName(firstName,middleName,lastName) { - -return firstName+" "+middleName+" "+lastName; -}; - diff --git a/sandbox/data-share-mz.properties b/sandbox/data-share-mz.properties deleted file mode 100644 index daebeac17bc..00000000000 --- a/sandbox/data-share-mz.properties +++ /dev/null @@ -1,29 +0,0 @@ -#--------------ID and Version -------------- -mosip.data.share.service.id=mosip.data.share -mosip.data.share.service.version=1.0 -#--------------URI-------------------------- -CRYPTOMANAGER_ENCRYPT=http://kernel-keymanager-service/v1/keymanager/encrypt -KEYMANAGER_JWTSIGN=http://kernel-keymanager-service/v1/keymanager/jwtSign -PARTNER_POLICY=http://pms-policy-management-service/partnermanagement/v1/policies/policies/partnerId/{partnerId}/policyId/{policyId} -KEYBASEDTOKENAPI=http://kernel-auth-service/v1/authmanager/authenticate/clientidsecretkey - -#---------config-data----------------------- -data.share.application.id=PARTNER -mosip.data.share.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' -!-- if value is true then please set servlet path to / --! -mosip.data.share.urlshortner=false -data.share.token.request.appid=datsha -data.share.token.request.clientId=mosip-datsha-client -data.share.token.request.secretKey={cipher}b5fb76d3a57ce10fc27aee1685ce906836970d52c4cf13a01282bfe99565bedf -data.share.token.request.password= -data.share.token.request.username= -data.share.token.request.version=1.0 -data.share.token.request.id=io.mosip.datashare -data.share.token.request.issuerUrl=${mosipbox.public.url}/keycloak/auth/realms/mosip -spring.servlet.multipart.max-file-size=4MB -mosip.data.share.protocol=http -mosip.data.share.includeCertificateHash=false -mosip.data.share.includeCertificate=false -mosip.data.share.includePayload=false -mosip.data.share.digest.algorithm=SHA256 -mosip.data.share.prependThumbprint=true diff --git a/sandbox/data-share-policy-schema.json b/sandbox/data-share-policy-schema.json deleted file mode 100644 index 0250effde67..00000000000 --- a/sandbox/data-share-policy-schema.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-04/schema#", - "type": "object", - "properties": { - "dataSharePolicies": { - "type": "object", - "properties": { - "typeOfShare": { - "type": "string", - "enum":["Data Share","direct"] - }, - "validForInMinutes": { - "type": "string" - }, - "transactionsAllowed": { - "type": "string" - }, - "encryptionType": { - "type": "string", - "enum":["Partner Based","none"] - }, - "shareDomain": { - "type": "string" - }, - "source": { - "type": "string" - } - }, - "required": [ - "typeOfShare", - "validForInMinutes", - "transactionsAllowed", - "encryptionType", - "shareDomain", - "source" - ] - }, - "shareableAttributes": { - "type": "array", - "additionalItems": false, - "items": { - "type": "object", - "properties": { - "attributeName": { - "type": "string" - }, - "group": { - "type": "string" - }, - "source": { - "type": "array", - "items": { - "type": "object", - "properties": { - "attribute": { - "type": "string" - }, - "filter": { - "type": "array", - "items": [{ - "type": "object", - "properties": { - "type": { - "type": "string" - } - } - }, - { - "type": "object", - "properties": { - "type": { - "type": "string" - }, - "subType": { - "type": "array", - "items": [{ - "type": "string" - }, - { - "type": "string" - } - ] - } - } - }, - { - "type": "object", - "properties": { - "language": { - "type": "string" - } - } - } - ] - } - }, - "required": [ - "attribute" - ] - } - }, - "encrypted": { - "type": "boolean" - }, - "format": { - "type": "string" - } - }, - "required": [ - "attributeName", - "source", - "encrypted" - ], - "additionalProperties": false - } - } - }, - "required": [ - "dataSharePolicies", - "shareableAttributes" - ], - "additionalProperties": false -} diff --git a/sandbox/hazelcast_dmz-dmz.xml b/sandbox/hazelcast_dmz-dmz.xml deleted file mode 100644 index 160d06581f8..00000000000 --- a/sandbox/hazelcast_dmz-dmz.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - true - slf4j - - - k8s - - - - - - - - - - service-hazelcast-server.default.svc.cluster.local - - - - - - diff --git a/sandbox/id-authentication-mapping.json b/sandbox/id-authentication-mapping.json deleted file mode 100644 index 9d6bd5e00dd..00000000000 --- a/sandbox/id-authentication-mapping.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "ida-mapping": { - "name": [ - "fullName" - ], - "dob": [ - "dateOfBirth" - ], - "age": [ - "dateOfBirth" - ], - "gender": [ - "gender" - ], - "phoneNumber": [ - "phone" - ], - "emailId": [ - "email" - ], - "addressLine1": [ - "addressLine1" - ], - "addressLine2": [ - "addressLine2" - ], - "addressLine3": [ - "addressLine3" - ], - "location1": [ - "city" - ], - "location2": [ - "region" - ], - "location3": [ - "province" - ], - "postalCode": [ - "postalCode" - ], - "fullAddress": [ - "addressLine1", - "addressLine2", - "addressLine3", - "city", - "region", - "province", - "postalCode" - ], - "iris": [ - "CBEFF" - ], - "fingerprint": [ - "CBEFF" - ], - "face": [ - "CBEFF" - ] - } -} diff --git a/sandbox/id-authentication-mz.properties b/sandbox/id-authentication-mz.properties deleted file mode 100644 index 0d831d84288..00000000000 --- a/sandbox/id-authentication-mz.properties +++ /dev/null @@ -1,568 +0,0 @@ -##################### Dynamic Properties - this may change for different deployemnts ############################## -# Database hostname -mosip.ida.database.hostname=postgres -# Database port -mosip.ida.database.port=80 -# Database user -mosip.ida.database.user=idauser -# Database password -mosip.ida.database.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -# Kernel auth client ID for IDA -mosip.ida.auth.clientId=mosip-ida-client -# Kernel auth secret key for IDA -mosip.ida.auth.secretKey={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db -# Kernel auth application ID for IDA -mosip.ida.auth.appId=ida - - -######################## Spring and Hibernate Configurations #################### -# ***************** Postgres Properties *********************** -javax.persistence.jdbc.driverClassName=org.postgresql.Driver -javax.persistence.jdbc.driver=org.postgresql.Driver -javax.persistence.jdbc.url=jdbc:postgresql://${mosip.ida.database.hostname}:${mosip.ida.database.port}/mosip_ida -javax.persistence.jdbc.user=${mosip.ida.database.user} -javax.persistence.jdbc.username=${mosip.ida.database.user} -javax.persistence.jdbc.password=${mosip.ida.database.password} -javax.persistence.jdbc.schema=ida -javax.persistence.jdbc.uinHashTable=uin_hash_salt -javax.persistence.jdbc.uinEncryptTable=uin_encrypt_salt - -# *********** Hibernate Properties ************* -hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect -hibernate.jdbc.lob.non_contextual_creation=true -hibernate.hbm2ddl.auto=none -hibernate.show_sql=true -hibernate.format_sql=true -hibernate.connection.charSet=utf8 -hibernate.cache.use_second_level_cache=false -hibernate.cache.use_query_cache=false -hibernate.cache.use_structured_entries=false -hibernate.generate_statistics=false -spring.datasource.initialization-mode=never -hibernate.temp.use_jdbc_metadata_defaults=false -spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true - -log4j.logger.org.hibernate=warn -hibernate.show_sql=false - -######################### ID-Authentication Application Configurations ############## -# The Online Verification partner ID associated to the IDA instance. -# This is used to subscribe to the credential issuance event notification sent by credential service. -# for the particular Online Verification partner. -# This credential issueance notification is handled inside Internal Authentication module. -# The credentials issued to the partner will be as per the data-share policy associated to the partner. -# TO DO: Change the property key to online-verification-partner-id -ida-auth-partner-id=mpartner-default-auth - -# Application ID of IDA -application.id=IDA -# Application name of IDA -application.name=ID-Authentication - -# Reference ID used for crypto manager in authentication (for request body) -partner.reference.id=PARTNER -# Reference ID used for crypto manager in internal authentication (for request body) -internal.reference.id=INTERNAL -# Reference ID used for crypto manager in authentication for biometrics -# TO DO: Value to be Changed to IDA-BIO -partner.biometric.reference.id=IDA-FIR -# Reference ID used for crypto manager in internal authentication for biometrics -internal.biometric.reference.id=INTERNAL - -# Reference ID for Identity Cache data encryption -identity-cache.reference.id=IDENTITY_CACHE -# Application id for signing key -mosip.sign.applicationid=${application.id} -# Reference id for signing key -mosip.sign.refid=SIGN - -# Kernel Symmetric Key decryption bytes count for AAD -ida.aad.lastbytes.num=16 -# Kernel Symmetric Key decryption bytes count for Salt -ida.salt.lastbytes.num=12 - -# Request timeout used across all REST API calls in IDA -mosip.ida.request.timeout.secs=10 -# Common JSON media type used across all REST API calls in IDA -mosip.ida.request.mediaType=application/json - -#*** ID-Authentication Mapping json configurations *** -# IDA Mapping JSON file name -ida.mapping.json.filename=id-authentication-mapping.json -# IDA Mapping JSON file URI -mosip.ida.mapping.json-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/${ida.mapping.json.filename} -# IDA Mapping JSON file property source -ida.mapping.property.source=url:${mosip.ida.mapping.json-uri} - -#--------------------------Bio SDK Integration - Bio extractor Service ----------------------------------------# -mosip.biosdk.default.host=http://13.233.66.241 -mosip.biosdk.default.service.url=${mosip.biosdk.default.host}/biosdk-service - -# The fully qualified Class Name of the BIO SDK API implemented for Finger modality -# This class will be loaded in runtime, the containing jar should be available in classpath -mosip.biometric.sdk.provider.finger.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 -# The version of the BIO SDK API implemeted for Finger modality -mosip.biometric.sdk.provider.finger.version=0.9 -# The default URL will be taken if no format specified in the extraction or the incoming extraction format is not configured. -# If the below default configuration is not configured, the one of the configured url will be used as the default URL. -# If no URL is configured, the default URL will be taken from the environment variable 'mosip_biosdk_service'. -mosip.biometric.sdk.provider.finger.format.url.default=${mosip.biosdk.default.service.url} - -# The fully qualified Class Name of the BIO SDK API implemented for Iris modality -# This class will be loaded in runtime, the containing jar should be available in classpath -mosip.biometric.sdk.provider.iris.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 -# The version of the BIO SDK API implemeted for Iris modality -mosip.biometric.sdk.provider.iris.version=0.9 -mosip.biometric.sdk.provider.iris.format.url.default=${mosip.biosdk.default.service.url} - -# The fully qualified Class Name of the BIO SDK API implemented for Face modality -# This class will be loaded in runtime, the containing jar should be available in classpath -mosip.biometric.sdk.provider.face.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 -# The version of the BIO SDK API implemeted for Face modality -mosip.biometric.sdk.provider.face.version=0.9 -mosip.biometric.sdk.provider.face.format.url.default=${mosip.biosdk.default.service.url} - -#------ - - -# *********** REST-services ***************** -# Kernel-Audit -audit.rest.uri=http://kernel-auditmanager-service/v1/auditmanager/audits -audit.rest.httpMethod=POST -audit.rest.headers.mediaType=${mosip.ida.request.mediaType} -#In seconds -audit.rest.timeout=${mosip.ida.request.timeout.secs} - -# Kernel OTP Validator -otp-validate.rest.uri=http://kernel-otpmanager-service/v1/otpmanager/otp/validate -otp-validate.rest.httpMethod=GET -otp-validate.rest.headers.mediaType=${mosip.ida.request.mediaType} -otp-validate.rest.timeout=${mosip.ida.request.timeout.secs} - -# Kernel OTP Generator -otp-generate.rest.uri=http://kernel-otpmanager-service/v1/otpmanager/otp/generate -otp-generate.rest.httpMethod=POST -otp-generate.rest.headers.mediaType=${mosip.ida.request.mediaType} -otp-generate.rest.timeout=${mosip.ida.request.timeout.secs} - -# Mail Notification -mail-notification.rest.uri=http://kernel-notification-service/v1/notifier/email/send -mail-notification.rest.httpMethod=POST -mail-notification.rest.headers.mediaType=multipart/form-data -mail-notification.rest.timeout=${mosip.ida.request.timeout.secs} - -# SMS Notification -sms-notification.rest.uri=http://kernel-notification-service/v1/notifier/sms/send -sms-notification.rest.httpMethod=POST -sms-notification.rest.headers.mediaType=${mosip.ida.request.mediaType} -sms-notification.rest.timeout=${mosip.ida.request.timeout.secs} - -#Get RID for USERID - Used in Internal Auth based on User ID -userid-rid.rest.uri=http://kernel-auth-service/v1/authmanager/rid/{appId}/{uid} -userid-rid.rest.httpMethod=GET -userid-rid.rest.headers.mediaType=${mosip.ida.request.mediaType} -userid-rid.rest.timeout=${mosip.ida.request.timeout.secs} - -#Get Identity Data for RID (with type specified as query param) - Used in Internal Auth based on User ID -rid-uin.rest.uri=http://idrepo-identity-service/idrepository/v1/identity/idvid/{rid}?type={type} -rid-uin.rest.httpMethod=GET -rid-uin.rest.headers.mediaType=${mosip.ida.request.mediaType} -rid-uin.rest.timeout=${mosip.ida.request.timeout.secs} - -#Get Identity Data for RID (without type specified) - Used in Internal Auth based on User ID -rid-uin-auth.rest.uri=http://idrepo-identity-service/idrepository/v1/identity/idvid/{rid} -rid-uin-auth.rest.httpMethod=GET -rid-uin-auth.rest.headers.mediaType=${mosip.ida.request.mediaType} -rid-uin-auth.rest.timeout=${mosip.ida.request.timeout.secs} - -#Auth token generation and validation URLs -auth-token-generator.rest.uri=http://kernel-auth-service/v1/authmanager/authenticate/clientidsecretkey -auth-token-validator.rest.uri=http://kernel-auth-service/v1/authmanager/authorize/validateToken -auth-token-generator.rest.clientId=${mosip.ida.auth.clientId} -auth-token-generator.rest.secretKey=${mosip.ida.auth.secretKey} -auth-token-generator.rest.appId=${mosip.ida.auth.appId} - -# Partner service API to validate MISP Lisence Key - Partner ID - Partner API Key combination -id-pmp-service.rest.uri=http://pms-partner-management-service/partnermanagement/v1/pmpartners/pmpartners/validatePartnerMisp/partnerId/{partner_id}/partnerApiKey/{partner_api_key}/mispLicenseKey/{misp_license_key}?needPartnerCert={need_partner_cert} -id-pmp-service.rest.httpMethod=GET -id-pmp-service.rest.headers.mediaType=${mosip.ida.request.mediaType} -id-pmp-service.rest.timeout=${mosip.ida.request.timeout.secs} - -# Data Share API configurations - used to download data from data share URL provided in credential issueance event -data-share-get.rest.uri=dummy_url_to_be_replaced_in_runtime -data-share-get.rest.httpMethod=GET -data-share-get.rest.headers.mediaType=application/octet-stream -data-share-get.rest.timeout=10 -data-share-get-decrypt-ref-id=${ida-auth-partner-id} - -# Title Service rest api-GET -id-masterdata-title-service.rest.uri=http://kernel-masterdata-service/v1/masterdata/title -id-masterdata-title-service.rest.httpMethod=GET -id-masterdata-title-service.rest.headers.mediaType=${mosip.ida.request.mediaType} -id-masterdata-title-service.rest.timeout=${mosip.ida.request.timeout.secs} - -#Master Data - Template Single Language -id-masterdata-template-service.rest.uri=http://kernel-masterdata-service/v1/masterdata/templates/{langcode}/{templatetypecode} -id-masterdata-template-service.rest.httpMethod=GET -id-masterdata-template-service.rest.headers.mediaType=${mosip.ida.request.mediaType} -id-masterdata-template-service.rest.timeout=${mosip.ida.request.timeout.secs} - -#Master Data - Template Multi language -id-masterdata-template-service-multilang.rest.uri=http://kernel-masterdata-service/v1/masterdata/templates/templatetypecodes/{code} -id-masterdata-template-service-multilang.rest.httpMethod=GET -id-masterdata-template-service-multilang.rest.headers.mediaType=${mosip.ida.request.mediaType} -id-masterdata-template-service-multilang.rest.timeout=${mosip.ida.request.timeout.secs} - - -#-----Websub configurations------ -# Secret for auth type status update callback -ida-websub-authtype-callback-secret={cipher}8cee1868024e9c525f44b977b31b8b70a9ba510f85dc9d4bab1491c9b2b96da9 -# Secret for credtial issueance callback -ida-websub-credential-issue-callback-secret={cipher}8cee1868024e9c525f44b977b31b8b70a9ba510f85dc9d4bab1491c9b2b96da9 -# Secret for credtial issueance callback -ida-websub-partner-service-callback-secret={cipher}8cee1868024e9c525f44b977b31b8b70a9ba510f85dc9d4bab1491c9b2b96da9 -# Secret for partner CA certification upload callback -ida-websub-ca-certificate-callback-secret={cipher}8cee1868024e9c525f44b977b31b8b70a9ba510f85dc9d4bab1491c9b2b96da9 -# Secret for partner CA certification upload callback -ida-websub-hotlist-callback-secret={cipher}8cee1868024e9c525f44b977b31b8b70a9ba510f85dc9d4bab1491c9b2b96da9 - -# Callback url for auth type status update event notification -ida-websub-auth-type-callback-url=${mosipbox.public.url}/idauthentication/v1/internal/callback/authTypeCallback/{partnerId} -# Callback url for credential issueance event notification, including id remove/deactivate/activate events -ida-websub-credential-issue-callback-url=${mosipbox.public.url}/idauthentication/v1/internal/callback/idchange/{eventType}/{partnerId} -# Callback url for MISP/Partner change notification events -ida-websub-partner-service-callback-url=${mosipbox.public.url}${server.servlet.context-path}/callback/partnermanagement/{eventType} -# Callback url for partner CA certification upload event -ida-websub-ca-cert-callback-url=${mosipbox.public.url}${server.servlet.context-path}/callback/partnermanagement/ca_certificate -# Callback url for hotlist event -ida-websub-hotlist-callback-url=${mosipbox.public.url}${server.servlet.context-path}/callback/hotlist - -#Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub. -subscriptions-delay-on-startup=120000 - -# The time interval in seconds to schedule subscription of topics which is done as a -# work-around for the bug: MOSIP-9496. By default the -# this property value is set to 0 that disables this workaround. -# To enable the resubscrition scheduling, this property should be assigned with a positive -# number like 1 * 60 * 60 = 3600 for one hour -ida-websub-resubscription-delay-secs=7200 - -#------ Web sub Event Topis used in IDA --- -# Topic for Auth Type Status Update Event -ida-topic-auth-type-status-updated=${ida-auth-partner-id}/AUTH_TYPE_STATUS_UPDATE -# Topic for Credential Issueance Event (for UIN/VID create/update events) -ida-topic-credential-issued=${ida-auth-partner-id}/CREDENTIAL_ISSUED -# Topic for ID Remove Event (UIN blocked / VID revoked events) -ida-topic-remove-id=${ida-auth-partner-id}/REMOVE_ID -# Topic for ID Deactivate Event (UIN/VID deactivate events) -ida-topic-deactivate-id=${ida-auth-partner-id}/DEACTIVATE_ID -# Topic for ID Activate Event (UIN/VID activate events) -ida-topic-activate-id=${ida-auth-partner-id}/ACTIVATE_ID - -# Topic for MISP update event -ida-topic-pmp-misp-updated=MISP_UPDATED -# Topic for Partner update event -ida-topic-pmp-partner-updated=PARTNER_UPDATED -# Topic for Partner API Key update event -ida-topic-pmp-partner-api-key-updated=APIKEY_UPDATED -# Topic for Policy update event -ida-topic-pmp-policy-updated=POLICY_UPDATED -# Topic for Partner CA Certificate Upload event -ida-topic-pmp-ca-certificate-uploaded=CA_CERTIFICATE_UPLOADED - -# Topic for Hotlisting event -ida-topic-hotlist=MOSIP_HOTLIST -#----------------------- - -#**************IDA cache properties************** -# IDA cache Time to live in days - To clear cache scheduled based on the days provided. -# value <= 0 means cache clearing based on schedule is disabled. -ida-cache-ttl-in-days=1 - -# To disable cache, set value to NONE, otherwise SIMPLE to enable cache. -# Value is based on CacheType enum provided by Spring Boot -spring.cache.type=SIMPLE -#================================================ - -########################## Functional configurations ################################ - -#The modulo value to be calculated for a UIN/VID used to get salt value to be used in UIN/VID hashing -ida.uin.salt.modulo=1000 - -#**************** IDA DEMO NORMALIZATION ************* - -# This is used to define the seperator for normalizing regex(pattern) and the replacement word. Default is set to '='. -ida.norm.sep== - -####### Demo Name/Address Normalization Regular Expressions and their replacement configurations -#Format: -# ida.demo..normalization.regex.[]=${ida.norm.sep} -# If replacement string is not specified that regular expression will be replaced with empty string -# Note: The sequence should not break in the middle, otherwise all normalization properties will not be read for the particular type. - -#**************** IDA DEMO NORMALIZATION address(for 'eng' language)************* -ida.demo.address.normalization.regex.eng[0]=[CcSsDdWwHh]/[Oo] -ida.demo.address.normalization.regex.eng[1]=(M|m|D|d)(rs?)(.) -ida.demo.address.normalization.regex.eng[2]=(N|n)(O|o)(\\.)? - -ida.demo.address.normalization.regex.eng[3]=[aA][pP][aA][rR][tT][mM][eE][nN][tT]${ida.norm.sep}apt -ida.demo.address.normalization.regex.eng[4]=[sS][tT][rR][eE][eE][tT]${ida.norm.sep}st -ida.demo.address.normalization.regex.eng[5]=[rR][oO][aA][dD]${ida.norm.sep}rd -ida.demo.address.normalization.regex.eng[6]=[mM][aA][iI][nN]${ida.norm.sep}mn -ida.demo.address.normalization.regex.eng[7]=[cC][rR][oO][sS][sS]${ida.norm.sep}crs -ida.demo.address.normalization.regex.eng[8]=[oO][pP][pP][oO][sS][iI][tT][eE]${ida.norm.sep}opp -ida.demo.address.normalization.regex.eng[9]=[mM][aA][rR][kK][eE][tT]${ida.norm.sep}mkt - -ida.demo.address.normalization.regex.eng[10]=1[sS][tT]${ida.norm.sep}1 -ida.demo.address.normalization.regex.eng[11]=1[tT][hH]${ida.norm.sep}1 -ida.demo.address.normalization.regex.eng[12]=2[nN][dD]${ida.norm.sep}2 -ida.demo.address.normalization.regex.eng[13]=2[tT][hH]${ida.norm.sep}2 -ida.demo.address.normalization.regex.eng[14]=3[rR][dD]${ida.norm.sep}3 -ida.demo.address.normalization.regex.eng[15]=3[tT][hH]${ida.norm.sep}3 -ida.demo.address.normalization.regex.eng[16]=4[tT][hH]${ida.norm.sep}4 -ida.demo.address.normalization.regex.eng[17]=5[tT][hH]${ida.norm.sep}5 -ida.demo.address.normalization.regex.eng[18]=6[tT][hH]${ida.norm.sep}6 -ida.demo.address.normalization.regex.eng[19]=7[tT][hH]${ida.norm.sep}7 -ida.demo.address.normalization.regex.eng[20]=8[tT][hH]${ida.norm.sep}8 -ida.demo.address.normalization.regex.eng[21]=9[tT][hH]${ida.norm.sep}9 -ida.demo.address.normalization.regex.eng[22]=0[tT][hH]${ida.norm.sep}0 - -#**************** IDA DEMO NORMALISATION common************* -# Note: the common normalization attributes will be replaced at the end. -# Special characters are removed : . , - * ( ) [ ] ` ' / \ # " -ida.demo.common.normalization.regex.any[0]=[\\.|,|\\-|\\*|\\(|\\)|\\[|\\]|`|\\'|/|\\|#|\"] -# Trailing space is removed from property. As a workaround first replacing with " ." then removing the "." -ida.demo.common.normalization.regex.any[1]=\\s+${ida.norm.sep} . -ida.demo.common.normalization.regex.any[2]=\\.${ida.norm.sep} - - -# ********* ADMIN Configurations ************ -# Configure N time period threshold for accepting auth/OTP/KYC request for a country -authrequest.received-time-allowed.minutes=30 -# Configuration for +/- time period adjustment in minutes for the request time validation, so that -# The requests originating from a system that is not in time-sync will be accepted for the time period -authrequest.received-time-adjustment.minutes=5 - -# Language Code -ida.errormessages.default-lang=en - - -# *********** Otp Flooding ************ -# Configure Time limit for OTP Flooding scenario (in minutes) -otp.request.flooding.duration=3 -# Configure no of requests for OTP Flooding scenario -otp.request.flooding.max-count=3 - -#------------- Notification message template names Configuration ---------------- -## Mail Message template names -# Authenticaiton notification email template -ida.auth.mail.content.template=auth-email-content -ida.auth.mail.subject.template=auth-email-subject - -# OTP notification email template -ida.otp.mail.content.template=ida-auth-otp-email-content-template -ida.otp.mail.subject.template=ida-auth-otp-email-subject-template - -## SMS template names -# Authenticaiton notification SMS template -ida.auth.sms.template=auth-sms -# OTP notification SMS template -ida.otp.sms.template=ida-auth-otp-sms-template -#--------------------------------------------------------------------------------- - -# UIN/VID/USERID Masking to be done on SMS/EMAIL notification -#Configure the no of digits to be masked while masking UIN/VID/USERID. -#For example if UIN is 1234567890 and mask count is 6, masked UIN will be: XXXXXX7890 -notification.uin.masking.charcount=8 - -#*************** Notification Date/time Format ********** -notification.date.format=dd-MM-yyyy -notification.time.format=HH:mm:ss - - -#********* Allowed authentication types for Authentciation/E-KYC/Internal Authentication requests ********* -# Accepted values otp-request, otp, demo, bio-Finger, bio-Iris, bio-Face - -#Configure authentications permissable for a country -auth.types.allowed=demo,otp,bio-Finger,bio-Iris,bio-Face - -#Configure authentications permissable for e-KYC for a country -ekyc.auth.types.allowed=demo,otp,bio-Finger,bio-Iris,bio-Face - -#Configure authentication types permissable for internal authentication -internal.auth.types.allowed=otp,bio-Finger,bio-Iris,bio-Face - -#---------------- Allowed IdTypes for hotlisting ------------------- -mosip.ida.internal.hotlist.idtypes.allowed=UIN,VID,PARTNER - - -#---------------- IDA services request time date pattern ------------------- -#Example allowed date time formats: "2020-10-23T12:21:38.660Z" , 2019-03-28T10:01:57.086+05:30 -datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSSXXX - -#------------Request IDs--------------------- -# The request IDs used in IDA REST APIs -ida.api.id.auth=mosip.identity.auth -ida.api.id.kyc=mosip.identity.kyc -ida.api.id.otp=mosip.identity.otp -ida.api.id.staticpin=mosip.identity.staticpin -ida.api.id.vid=mosip.identity.vid -ida.api.id.internal=mosip.identity.auth.internal -ida.api.id.auth.transactions=mosip.identity.authtransactions.read -ida.api.id.otp.internal=mosip.identity.otp.internal - - -#------------Request Versions--------------------- -# The request versions used in IDA REST APIs -ida.api.version.auth=1.0 -ida.api.version.kyc=1.0 -ida.api.version.otp=1.0 -ida.api.version.staticpin=1.0 -ida.api.version.vid=1.0 -ida.api.version.internal=1.0 -ida.api.version.auth.transactions=1.0 -ida.api.version.otp.internal=1.0 - -#------ Authentication Response Token Configuration --------------- -#Preference to turn on/off of authentication response token for a Country -#A partner specific policy will govern how the response token is generated, whether it should be Random/Partner or Policy specific -# TO DO: Remane static.token.enable to auth.token.enable -static.token.enable=true - -#-------Configure Allowed ID Types (allowed values : UIN/VID/USERID) ------------- -#The ID types to be supported for Authentication/KYC/OTP Requests -request.idtypes.allowed=VID,UIN - -#The ID types to be supported for Internal Authentication/OTP Requests -request.idtypes.allowed.internalauth=UIN,USERID,VID - -#------ Encrypted Credential Attributes list ----------- -#The list of attributes in identity that are Zero Knowledge encrpted in IDA while storing the credential in DB. -#This list is used to identify the attributes to decrypt when fetching the records from DB -ida-zero-knowledge-encrypted-credential-attributes=individualBiometrics,fullName,dateOfBirth,phone,email - - -#### Cryptograpic/Signature verificate related configurations -mosip.ida.auth.trust-validation-required=true - -mosip.ida.kyc.trust-validation-required=true - -mosip.ida.otp.trust-validation-required=true - -mosip.ida.internal.thumbprint-validation-required=false -mosip.ida.internal.trust-validation-required=false - - -#-------Kernel Retry Configurations---------------- -# The retry limit excluding the first attempt before attempting for retries. Default is set to 5. -kernel.retry.attempts.limit=5 -# The initial interval to be used for exponential backoff in milli seconds. If the exponential backoff is disabled by setting 'kernel.retry.exponential.backoff.multiplier' value as 1, this initial interval will be used as the fixed backoff interval for every retries. Default value is 200 millisecs -kernel.retry.exponential.backoff.initial.interval.millisecs=100 -# The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount) -kernel.retry.exponential.backoff.multiplier=1.5 -kernel.retry.exponential.backoff.max.interval.millisecs=1000 -# Whether to traverse to the root cause exception from the exception thrown and use the same root cause to decide whether to retry or not. Default is true. -kernel.retry.traverse.root.cause.enabled=false -#Comma separated List of fully qualified Exceptions which are retryable (inclusion list). Their subclasses will also be considered in the evaluation. -kernel.retry.retryable.exceptions=io.mosip.authentication.core.exception.IdAuthRetryException,io.mosip.authentication.core.exception.IdAuthenticationBaseException -#Comma separated List of fully qualified Exceptions which are not-retryable (exclusion list). Their subclasses will also be considered in the evaluation. -kernel.retry.nonretryable.exceptions= - -#-------Credential Store batch and retry configurations--- -# To disable automatic job launch in startup, setting to false. -spring.batch.job.enabled=false - -# The chunk size of items to be processed in spring batch. This value also assigned to the thread count, and hence all the items are processed in parellel asynchronusly. -ida.batch.credential.store.chunk.size=5 -ida.batch.credential.store.job.delay=1000 - -# The retry limit excluding the first attempt before attempting for retries -ida.credential.store.retry.max.limit=10 -ida.credential.store.retry.backoff.interval.millisecs=5000 -# The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount) -ida.credential.store.retry.backoff.exponential.multiplier=1.5 -ida.credential.store.retry.backoff.exponential.max.interval.millisecs=120000 - - -############## Configurations needed for dependent libraries ##### -#-----------------------------------Softhsm -------------------------------------- -mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io -mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf -mosip.kernel.keymanager.hsm.keystore-type=PKCS11 -mosip.kernel.keymanager.hsm.keystore-pass=1234 - -#--------- Titles/Templates master data stored as configuration ---------- -# These are static IDA-Specific Master Data (base-64 encoded) - for fra and ara languages. -# For any other language please update the respective properties. -# Titles template used in Name Normalizatoin in Demographic authentication -maste.data.titles=ewogICJpZCI6IG51bGwsCiAgInZlcnNpb24iOiBudWxsLAogICJyZXNwb25zZXRpbWUiOiAiMjAyMC0wNC0wM1QxMToxMTowNy4zODhaIiwKICAibWV0YWRhdGEiOiBudWxsLAogICJyZXNwb25zZSI6IHsKICAgICJ0aXRsZUxpc3QiOiBbCiAgICAgIHsKICAgICAgICAiY29kZSI6ICJNSVIiLAogICAgICAgICJ0aXRsZU5hbWUiOiAiTXIiLAogICAgICAgICJ0aXRsZURlc2NyaXB0aW9uIjogIk1hbGUgVGl0bGUiLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUsCiAgICAgICAgImxhbmdDb2RlIjogImVuZyIKICAgICAgfSwKICAgICAgewogICAgICAgICJjb2RlIjogIk1SUyIsCiAgICAgICAgInRpdGxlTmFtZSI6ICJNcnMiLAogICAgICAgICJ0aXRsZURlc2NyaXB0aW9uIjogIkZlbWFsZSBUaXRsZSIsCiAgICAgICAgImlzQWN0aXZlIjogdHJ1ZSwKICAgICAgICAibGFuZ0NvZGUiOiAiZW5nIgogICAgICB9LAogICAgICB7CiAgICAgICAgImNvZGUiOiAiTUlTIiwKICAgICAgICAidGl0bGVOYW1lIjogIk1pc3MiLAogICAgICAgICJ0aXRsZURlc2NyaXB0aW9uIjogIlVubWFycmllZCBGZW1hbGUgVGl0bGUiLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUsCiAgICAgICAgImxhbmdDb2RlIjogImVuZyIKICAgICAgfSwKICAgICAgewogICAgICAgICJjb2RlIjogIk1JUiIsCiAgICAgICAgInRpdGxlTmFtZSI6ICLYo9iz2KrYp9iwIiwKICAgICAgICAidGl0bGVEZXNjcmlwdGlvbiI6ICLYp9mE2LnZhtmI2KfZhiDYp9mE2LDZg9mI2LEiLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUsCiAgICAgICAgImxhbmdDb2RlIjogImFyYSIKICAgICAgfSwKICAgICAgewogICAgICAgICJjb2RlIjogIk1SUyIsCiAgICAgICAgInRpdGxlTmFtZSI6ICLYs9iqIiwKICAgICAgICAidGl0bGVEZXNjcmlwdGlvbiI6ICLYudmG2YjYp9mGINij2YbYq9mJIiwKICAgICAgICAiaXNBY3RpdmUiOiB0cnVlLAogICAgICAgICJsYW5nQ29kZSI6ICJhcmEiCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiY29kZSI6ICJNSVMiLAogICAgICAgICJ0aXRsZU5hbWUiOiAi2KLZhtiz2KkiLAogICAgICAgICJ0aXRsZURlc2NyaXB0aW9uIjogItin2YTYudmG2YjYp9mGINin2YTYpdmG2KfYqyDYutmK2LEg2KfZhNmF2KrYstmI2KzYp9iqIiwKICAgICAgICAiaXNBY3RpdmUiOiB0cnVlLAogICAgICAgICJsYW5nQ29kZSI6ICJhcmEiCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiY29kZSI6ICJNSVIiLAogICAgICAgICJ0aXRsZU5hbWUiOiAiTW9uc2lldXIiLAogICAgICAgICJ0aXRsZURlc2NyaXB0aW9uIjogIlRpdHJlIG1hc2N1bGluIiwKICAgICAgICAiaXNBY3RpdmUiOiB0cnVlLAogICAgICAgICJsYW5nQ29kZSI6ICJmcmEiCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiY29kZSI6ICJNUlMiLAogICAgICAgICJ0aXRsZU5hbWUiOiAiTWFkYW1lIiwKICAgICAgICAidGl0bGVEZXNjcmlwdGlvbiI6ICJUaXRyZSBmw6ltaW5pbiIsCiAgICAgICAgImlzQWN0aXZlIjogdHJ1ZSwKICAgICAgICAibGFuZ0NvZGUiOiAiZnJhIgogICAgICB9LAogICAgICB7CiAgICAgICAgImNvZGUiOiAiTUlTIiwKICAgICAgICAidGl0bGVOYW1lIjogIk1hZGVtb2lzZWxsZSIsCiAgICAgICAgInRpdGxlRGVzY3JpcHRpb24iOiAiVGl0cmUgZGUgZmVtbWUgY8OpbGliYXRhaXJlIiwKICAgICAgICAiaXNBY3RpdmUiOiB0cnVlLAogICAgICAgICJsYW5nQ29kZSI6ICJmcmEiCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiY29kZSI6ICJNQVIiLAogICAgICAgICJ0aXRsZU5hbWUiOiAiTXN0ZXIiLAogICAgICAgICJ0aXRsZURlc2NyaXB0aW9uIjogIk1hbGUgQ2hpbGQgVGl0bGUiLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUsCiAgICAgICAgImxhbmdDb2RlIjogImVuZyIKICAgICAgfSwKICAgICAgewogICAgICAgICJjb2RlIjogIlRFU1QiLAogICAgICAgICJ0aXRsZU5hbWUiOiAiTWFzdGVyIFRFU1QiLAogICAgICAgICJ0aXRsZURlc2NyaXB0aW9uIjogIk1hbGUgVEVTVCBUaXRsZSBVcGRhdGUiLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUsCiAgICAgICAgImxhbmdDb2RlIjogImVuZyIKICAgICAgfSwKICAgICAgewogICAgICAgICJjb2RlIjogIlRFU1QgT25lIiwKICAgICAgICAidGl0bGVOYW1lIjogIk1hc3RlciBURVNUIE9uZSBVcGRhdGUiLAogICAgICAgICJ0aXRsZURlc2NyaXB0aW9uIjogIk1hbGUgVEVTVCBPbmUgVGl0bGUgVXBkYXRlIiwKICAgICAgICAiaXNBY3RpdmUiOiB0cnVlLAogICAgICAgICJsYW5nQ29kZSI6ICJlbmciCiAgICAgIH0KICAgIF0KICB9LAogICJlcnJvcnMiOiBudWxsCn0 -# SMS and Email templates for OTP notification and Authentication notification -master.data.ida-templates=ewogICJpZCI6IG51bGwsCiAgInZlcnNpb24iOiBudWxsLAogICJyZXNwb25zZXRpbWUiOiAiMjAyMC0wNC0wM1QxMToxMzowNy45NDhaIiwKICAibWV0YWRhdGEiOiBudWxsLAogICJyZXNwb25zZSI6IHsKICAgICJ0ZW1wbGF0ZXMiOiBbCiAgICAgIHsKICAgICAgICAiaWQiOiAiMTE1MSIsCiAgICAgICAgIm5hbWUiOiAiVGVtcGxhdGUgZm9yIEVtYWlsIENvbnRlbnQiLAogICAgICAgICJkZXNjcmlwdGlvbiI6ICJUZW1wbGF0ZSBmb3IgRW1haWwgQ29udGVudCIsCiAgICAgICAgImZpbGVGb3JtYXRDb2RlIjogInR4dCIsCiAgICAgICAgIm1vZGVsIjogIm1vZGVsIiwKICAgICAgICAiZmlsZVRleHQiOiAiRGVhciAkbmFtZVxuT1RQIGZvciAkaWR2aWRUeXBlICAkaWR2aWQgaXMgJG90cCBhbmQgaXMgdmFsaWQgZm9yICR2YWxpZFRpbWUgbWludXRlcy4gKEdlbmVyYXRlZCBvbiAkZGF0ZSBhdCAkdGltZSBIcnMpIiwKICAgICAgICAibW9kdWxlSWQiOiAiMTAwMDQiLAogICAgICAgICJtb2R1bGVOYW1lIjogIklEIEF1dGhlbnRpY2F0aW9uIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJpZGEtYXV0aC1vdHAtZW1haWwtY29udGVudC10ZW1wbGF0ZSIsCiAgICAgICAgImxhbmdDb2RlIjogImVuZyIsCiAgICAgICAgImlzQWN0aXZlIjogdHJ1ZQogICAgICB9LAogICAgICB7CiAgICAgICAgImlkIjogIjExNTEiLAogICAgICAgICJuYW1lIjogItmC2KfZhNioINmE2YXYrdiq2YjZiSDYp9mE2KjYsdmK2K8g2KfZhNil2YTZg9iq2LHZiNmG2YoiLAogICAgICAgICJkZXNjcmlwdGlvbiI6ICLZgtin2YTYqCDZhNmF2K3YqtmI2Ykg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKIiwKICAgICAgICAiZmlsZUZvcm1hdENvZGUiOiAidHh0IiwKICAgICAgICAibW9kZWwiOiAibW9kZWwiLAogICAgICAgICJmaWxlVGV4dCI6ICLYudiy2YrYstmKICRuYW1lIFxuIG5PVFAg2YTZgCAkaWR2aWRUeXBlICRpZHZpZCDZh9mIICRvdHAg2YjZh9mIINi12KfZhNitINmE2YXYr9ipICR2YWxpZFRpbWUg2K_ZgtmK2YLYqS4gKNiq2YUg2KXZhti02KfYpNmHINmB2YogJGRhdGUg2YHZiiAkdGltZSBIcnMpIiwKICAgICAgICAibW9kdWxlSWQiOiAiMTAwMDQiLAogICAgICAgICJtb2R1bGVOYW1lIjogItmF2LXYp9iv2YLYqSDYp9mE2YfZiNmK2KkiLAogICAgICAgICJ0ZW1wbGF0ZVR5cGVDb2RlIjogImlkYS1hdXRoLW90cC1lbWFpbC1jb250ZW50LXRlbXBsYXRlIiwKICAgICAgICAibGFuZ0NvZGUiOiAiYXJhIiwKICAgICAgICAiaXNBY3RpdmUiOiB0cnVlCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiaWQiOiAiMTE1MSIsCiAgICAgICAgIm5hbWUiOiAiTW9kw6hsZSBkZSBjb250ZW51IGRlIGNvdXJyaWVyIMOpbGVjdHJvbmlxdWUiLAogICAgICAgICJkZXNjcmlwdGlvbiI6ICJNb2TDqGxlIGRlIGNvbnRlbnUgZGUgY291cnJpZXIgw6lsZWN0cm9uaXF1ZSIsCiAgICAgICAgImZpbGVGb3JtYXRDb2RlIjogInR4dCIsCiAgICAgICAgIm1vZGVsIjogbnVsbCwKICAgICAgICAiZmlsZVRleHQiOiAiQ2hlciAkbmFtZSxcbk9UUCBwb3VyICRpZHZpZFR5cGUgJGlkdmlkIGVzdCAkb3RwIGV0IGVzdCB2YWxpZGUgcG91ciAkdmFsaWRUaW1lIG1pbnV0ZXMuIChHw6luw6lyw6kgbGUgJGRhdGUgw6AgJHRpbWUgSHJzKSIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICJBdXRoZW50aWZpY2F0aW9uIElEIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJpZGEtYXV0aC1vdHAtZW1haWwtY29udGVudC10ZW1wbGF0ZSIsCiAgICAgICAgImxhbmdDb2RlIjogImZyYSIsCiAgICAgICAgImlzQWN0aXZlIjogdHJ1ZQogICAgICB9LAogICAgICB7CiAgICAgICAgImlkIjogIjExNTIiLAogICAgICAgICJuYW1lIjogIlRlbXBsYXRlIGZvciBFbWFpbCBTdWJqZWN0IiwKICAgICAgICAiZGVzY3JpcHRpb24iOiAiVGVtcGxhdGUgZm9yIEVtYWlsIFN1YmplY3QiLAogICAgICAgICJmaWxlRm9ybWF0Q29kZSI6ICJ0eHQiLAogICAgICAgICJtb2RlbCI6ICJtb2RlbCIsCiAgICAgICAgImZpbGVUZXh0IjogIiRpZHZpZFR5cGUgJGlkdmlkOiBPVFAgUmVxdWVzdCIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICJJRCBBdXRoZW50aWNhdGlvbiIsCiAgICAgICAgInRlbXBsYXRlVHlwZUNvZGUiOiAiaWRhLWF1dGgtb3RwLWVtYWlsLXN1YmplY3QtdGVtcGxhdGUiLAogICAgICAgICJsYW5nQ29kZSI6ICJlbmciLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUKICAgICAgfSwKICAgICAgewogICAgICAgICJpZCI6ICIxMTUyIiwKICAgICAgICAibmFtZSI6ICLZgtin2YTYqCDZhNmF2YjYttmI2Lkg2KfZhNio2LHZitivINin2YTYpdmE2YPYqtix2YjZhtmKIiwKICAgICAgICAiZGVzY3JpcHRpb24iOiAi2YLYp9mE2Kgg2YTZhdmI2LbZiNi5INin2YTYqNix2YrYryDYp9mE2KXZhNmD2KrYsdmI2YbZiiIsCiAgICAgICAgImZpbGVGb3JtYXRDb2RlIjogInR4dCIsCiAgICAgICAgIm1vZGVsIjogIm1vZGVsIiwKICAgICAgICAiZmlsZVRleHQiOiAiJGlkdmlkVHlwZSAkaWR2aWQ6INi32YTYqCBPVFAiLAogICAgICAgICJtb2R1bGVJZCI6ICIxMDAwNCIsCiAgICAgICAgIm1vZHVsZU5hbWUiOiAi2YXYtdin2K_ZgtipINin2YTZh9mI2YrYqSIsCiAgICAgICAgInRlbXBsYXRlVHlwZUNvZGUiOiAiaWRhLWF1dGgtb3RwLWVtYWlsLXN1YmplY3QtdGVtcGxhdGUiLAogICAgICAgICJsYW5nQ29kZSI6ICJhcmEiLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUKICAgICAgfSwKICAgICAgewogICAgICAgICJpZCI6ICIxMTUyIiwKICAgICAgICAibmFtZSI6ICJNb2TDqGxlIHBvdXIgc3VqZXQgZGVtYWlsIiwKICAgICAgICAiZGVzY3JpcHRpb24iOiAiTW9kw6hsZSBwb3VyIHN1amV0IGRlbWFpbCIsCiAgICAgICAgImZpbGVGb3JtYXRDb2RlIjogInR4dCIsCiAgICAgICAgIm1vZGVsIjogIm1vZGVsIiwKICAgICAgICAiZmlsZVRleHQiOiAiJGlkdmlkVHlwZSAkaWR2aWQ6IFJlcXXDqnRlIE9UUCIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICJBdXRoZW50aWZpY2F0aW9uIElEIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJpZGEtYXV0aC1vdHAtZW1haWwtc3ViamVjdC10ZW1wbGF0ZSIsCiAgICAgICAgImxhbmdDb2RlIjogImZyYSIsCiAgICAgICAgImlzQWN0aXZlIjogdHJ1ZQogICAgICB9LAogICAgICB7CiAgICAgICAgImlkIjogIjExNTMiLAogICAgICAgICJuYW1lIjogIlRlbXBsYXRlIGZvciBPVFAgaW4gU01TICIsCiAgICAgICAgImRlc2NyaXB0aW9uIjogIlRlbXBsYXRlIGZvciBPVFAgaW4gU01TICIsCiAgICAgICAgImZpbGVGb3JtYXRDb2RlIjogInR4dCIsCiAgICAgICAgIm1vZGVsIjogIm1vZGVsIiwKICAgICAgICAiZmlsZVRleHQiOiAiT1RQIGZvciAkaWR2aWRUeXBlICAkaWR2aWQgaXMgJG90cCBhbmQgaXMgdmFsaWQgZm9yICR2YWxpZFRpbWUgbWludXRlcy4gKEdlbmVyYXRlZCBvbiAkZGF0ZSBhdCAkdGltZSBIcnMpIiwKICAgICAgICAibW9kdWxlSWQiOiAiMTAwMDQiLAogICAgICAgICJtb2R1bGVOYW1lIjogIklEIEF1dGhlbnRpY2F0aW9uIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJpZGEtYXV0aC1vdHAtc21zLXRlbXBsYXRlIiwKICAgICAgICAibGFuZ0NvZGUiOiAiZW5nIiwKICAgICAgICAiaXNBY3RpdmUiOiB0cnVlCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiaWQiOiAiMTE1MyIsCiAgICAgICAgIm5hbWUiOiAi2YLYp9mE2Kgg2YPZhNmF2Kkg2KfZhNmF2LHZiNixINmE2YXYsdipINmI2KfYrdiv2Kkg2YHZiiDYp9mE2LHYs9in2YTYqSIsCiAgICAgICAgImRlc2NyaXB0aW9uIjogItmC2KfZhNioINmD2YTZhdipINin2YTZhdix2YjYsSDZhNmF2LHYqSDZiNin2K3Yr9ipINmB2Yog2KfZhNix2LPYp9mE2KkiLAogICAgICAgICJmaWxlRm9ybWF0Q29kZSI6ICJ0eHQiLAogICAgICAgICJtb2RlbCI6ICJtb2RlbCIsCiAgICAgICAgImZpbGVUZXh0IjogIk9UUCDZhNmAICRpZHZpZFR5cGUgJGlkdmlkINmH2YggJG90cCDZiNmH2Ygg2LXYp9mE2K0g2YTZhdiv2KkgJHZhbGlkVGltZSDYr9mC2YrZgtipLiAo2KfZhNiq2Yog2KrZhSDYpdmG2LTYp9ik2YfYpyDYudmE2YkgJGRhdGUg2YHZiiAkdGltZSDYs9in2LnYp9iqKSIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICLZhdi12KfYr9mC2Kkg2KfZhNmH2YjZitipIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJpZGEtYXV0aC1vdHAtc21zLXRlbXBsYXRlIiwKICAgICAgICAibGFuZ0NvZGUiOiAiYXJhIiwKICAgICAgICAiaXNBY3RpdmUiOiB0cnVlCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiaWQiOiAiMTE1MyIsCiAgICAgICAgIm5hbWUiOiAiTW9kw6hsZSBwb3VyIE9UUCBkYW5zIFNNUyIsCiAgICAgICAgImRlc2NyaXB0aW9uIjogIk1vZMOobGUgcG91ciBPVFAgZGFucyBTTVMiLAogICAgICAgICJmaWxlRm9ybWF0Q29kZSI6ICJ0eHQiLAogICAgICAgICJtb2RlbCI6ICJtb2RlbCIsCiAgICAgICAgImZpbGVUZXh0IjogIk9UUCBwb3VyICRpZHZpZFR5cGUgJGlkdmlkIGVzdCAkb3RwIGV0IGVzdCB2YWxpZGUgcG91ciAkdmFsaWRUaW1lIG1pbnV0ZXMuIChHw6luw6lyw6kgbGUgJGRhdGUgw6AgJHRpbWUgSHJzKSIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICJBdXRoZW50aWZpY2F0aW9uIElEIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJpZGEtYXV0aC1vdHAtc21zLXRlbXBsYXRlIiwKICAgICAgICAibGFuZ0NvZGUiOiAiZnJhIiwKICAgICAgICAiaXNBY3RpdmUiOiB0cnVlCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiaWQiOiAiMTEwMSIsCiAgICAgICAgIm5hbWUiOiAiVGVtcGxhdGUgZm9yIGF1dGhvcml6YXRpb24gY29udGVudCIsCiAgICAgICAgImRlc2NyaXB0aW9uIjogIlRlbXBsYXRlIGZvciBhdXRob3JpemF0aW9uIGNvbnRlbnQiLAogICAgICAgICJmaWxlRm9ybWF0Q29kZSI6ICJ0eHQiLAogICAgICAgICJtb2RlbCI6IG51bGwsCiAgICAgICAgImZpbGVUZXh0IjogIkRlYXIgJG5hbWVcbllvdXIgQXV0aGVudGljYXRpb24gb2YgJGlkdmlkVHlwZSAkaWR2aWQgdXNpbmcgJGF1dGhUeXBlIG9uICRkYXRlIGF0ICR0aW1lIEhycyAkc3RhdHVzIGF0IGEgZGV2aWNlIGRlcGxveWVkIGJ5IE1PU0lQIFNlcnZpY2VzIiwKICAgICAgICAibW9kdWxlSWQiOiAiMTAwMDQiLAogICAgICAgICJtb2R1bGVOYW1lIjogIklEIEF1dGhlbnRpY2F0aW9uIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJhdXRoLWVtYWlsLWNvbnRlbnQiLAogICAgICAgICJsYW5nQ29kZSI6ICJlbmciLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUKICAgICAgfSwKICAgICAgewogICAgICAgICJpZCI6ICIxMTAxIiwKICAgICAgICAibmFtZSI6ICLZgtin2YTYqCDZhNmF2K3YqtmI2Ykg2KfZhNiq2K7ZiNmK2YQiLAogICAgICAgICJkZXNjcmlwdGlvbiI6ICLZgtin2YTYqCDZhNmF2K3YqtmI2Ykg2KfZhNiq2K7ZiNmK2YQiLAogICAgICAgICJmaWxlRm9ybWF0Q29kZSI6ICJ0eHQiLAogICAgICAgICJtb2RlbCI6IG51bGwsCiAgICAgICAgImZpbGVUZXh0IjogIti52LLZitiy2YogJG5hbWUg2IxcbtmF2LXYp9m_2YLYqSAkaWR2aWRUeXBlICRpZHZpZCDYqNin2LPYqtiu2K_Yp9mFICRhdXRoVHlwZSDYudmE2YkgJGRhdGUg2YHZiiAkdGltZSBIcnMgJHN0YXR1cyDYudmE2Ykg2KzZh9in2LIg2KrZhSDZhti02LHZhyDYqNmI2KfYs9i32KkgXCLYrtm_2YXYp9iqIE1PU0lQXCIuIiwKICAgICAgICAibW9kdWxlSWQiOiAiMTAwMDQiLAogICAgICAgICJtb2R1bGVOYW1lIjogItmF2LXYp9iv2YLYqSDYp9mE2YfZiNmK2KkiLAogICAgICAgICJ0ZW1wbGF0ZVR5cGVDb2RlIjogImF1dGgtZW1haWwtY29udGVudCIsCiAgICAgICAgImxhbmdDb2RlIjogImFyYSIsCiAgICAgICAgImlzQWN0aXZlIjogdHJ1ZQogICAgICB9LAogICAgICB7CiAgICAgICAgImlkIjogIjExMDEiLAogICAgICAgICJuYW1lIjogIk1vZMOobGUgZGUgY29udGVudSBkYXV0b3Jpc2F0aW9uIiwKICAgICAgICAiZGVzY3JpcHRpb24iOiAiTW9kw6hsZSBkZSBjb250ZW51IGRhdXRvcmlzYXRpb24iLAogICAgICAgICJmaWxlRm9ybWF0Q29kZSI6ICJ0eHQiLAogICAgICAgICJtb2RlbCI6IG51bGwsCiAgICAgICAgImZpbGVUZXh0IjogIkNoZXIgJG5hbWUsXG5Wb3RyZSBhdXRoZW50aWZpY2F0aW9uICRpZHZpZFR5cGUgJGlkdmlkIHV0aWxpc2FudCAkYXV0aFR5cGUgbGUgJGRhdGUgw6AgJHRpbWUgSHJzICRzdGF0dXMgc3VyIHVuIHDDqXJpcGjDqXJpcXVlIGTDqXBsb3nDqSBwYXIgXCJNT1NJUCBTZXJ2aWNlc1wiIiwKICAgICAgICAibW9kdWxlSWQiOiAiMTAwMDQiLAogICAgICAgICJtb2R1bGVOYW1lIjogIkF1dGhlbnRpZmljYXRpb24gSUQiLAogICAgICAgICJ0ZW1wbGF0ZVR5cGVDb2RlIjogImF1dGgtZW1haWwtY29udGVudCIsCiAgICAgICAgImxhbmdDb2RlIjogImZyYSIsCiAgICAgICAgImlzQWN0aXZlIjogdHJ1ZQogICAgICB9LAogICAgICB7CiAgICAgICAgImlkIjogIjExMDIiLAogICAgICAgICJuYW1lIjogIlRlbXBsYXRlIGZvciBhdXRob3JpemF0aW9uIHN1YmplY3QiLAogICAgICAgICJkZXNjcmlwdGlvbiI6ICJUZW1wbGF0ZSBmb3IgYXV0aG9yaXphdGlvbiBzdWJqZWN0IiwKICAgICAgICAiZmlsZUZvcm1hdENvZGUiOiAidHh0IiwKICAgICAgICAibW9kZWwiOiBudWxsLAogICAgICAgICJmaWxlVGV4dCI6ICIkaWR2aWRUeXBlICRpZHZpZCBBdXRoZW50aWNhdGlvbiAkc3RhdHVzIiwKICAgICAgICAibW9kdWxlSWQiOiAiMTAwMDQiLAogICAgICAgICJtb2R1bGVOYW1lIjogIklEIEF1dGhlbnRpY2F0aW9uIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJhdXRoLWVtYWlsLXN1YmplY3QiLAogICAgICAgICJsYW5nQ29kZSI6ICJlbmciLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUKICAgICAgfSwKICAgICAgewogICAgICAgICJpZCI6ICIxMTAyIiwKICAgICAgICAibmFtZSI6ICLZgtin2YTYqCDZhNmF2YjYttmI2Lkg2KfZhNiq2K7ZiNmK2YQiLAogICAgICAgICJkZXNjcmlwdGlvbiI6ICLZgtin2YTYqCDZhNmF2YjYttmI2Lkg2KfZhNiq2K7ZiNmK2YQiLAogICAgICAgICJmaWxlRm9ybWF0Q29kZSI6ICJ0eHQiLAogICAgICAgICJtb2RlbCI6IG51bGwsCiAgICAgICAgImZpbGVUZXh0IjogIiRpZHZpZFR5cGUgJGlkdmlkOiDZhdi12KfYr9mC2KkgJHN0YXR1cyIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICLZhdi12KfYr9mC2Kkg2KfZhNmH2YjZitipIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJhdXRoLWVtYWlsLXN1YmplY3QiLAogICAgICAgICJsYW5nQ29kZSI6ICJhcmEiLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUKICAgICAgfSwKICAgICAgewogICAgICAgICJpZCI6ICIxMTAyIiwKICAgICAgICAibmFtZSI6ICJNb2TDqGxlIHBvdXIgc3VqZXQgZGF1dG9yaXNhdGlvbiIsCiAgICAgICAgImRlc2NyaXB0aW9uIjogIk1vZMOobGUgcG91ciBzdWpldCBkYXV0b3Jpc2F0aW9uIiwKICAgICAgICAiZmlsZUZvcm1hdENvZGUiOiAidHh0IiwKICAgICAgICAibW9kZWwiOiBudWxsLAogICAgICAgICJmaWxlVGV4dCI6ICIkaWR2aWRUeXBlICRpZHZpZDogJHN0YXR1cyBkYXV0aGVudGlmaWNhdGlvbiIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICJBdXRoZW50aWZpY2F0aW9uIElEIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJhdXRoLWVtYWlsLXN1YmplY3QiLAogICAgICAgICJsYW5nQ29kZSI6ICJmcmEiLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUKICAgICAgfSwKICAgICAgewogICAgICAgICJpZCI6ICIxMTAzIiwKICAgICAgICAibmFtZSI6ICJUZW1wbGF0ZSBmb3IgYXV0aG9yaXphdGlvbiBTTVMiLAogICAgICAgICJkZXNjcmlwdGlvbiI6ICJUZW1wbGF0ZSBmb3IgYXV0aG9yaXphdGlvbiBTTVMiLAogICAgICAgICJmaWxlRm9ybWF0Q29kZSI6ICJ0eHQiLAogICAgICAgICJtb2RlbCI6IG51bGwsCiAgICAgICAgImZpbGVUZXh0IjogIllvdXIgQXV0aGVudGljYXRpb24gb2YgJGlkdmlkVHlwZSAkaWR2aWQgdXNpbmcgJGF1dGhUeXBlIG9uICRkYXRlIGF0ICR0aW1lIEhycyAkc3RhdHVzIGF0IGEgZGV2aWNlIGRlcGxveWVkIGJ5IE1PU0lQIFNlcnZpY2VzLiIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICJJRCBBdXRoZW50aWNhdGlvbiIsCiAgICAgICAgInRlbXBsYXRlVHlwZUNvZGUiOiAiYXV0aC1zbXMiLAogICAgICAgICJsYW5nQ29kZSI6ICJlbmciLAogICAgICAgICJpc0FjdGl2ZSI6IHRydWUKICAgICAgfSwKICAgICAgewogICAgICAgICJpZCI6ICIxMTAzIiwKICAgICAgICAibmFtZSI6ICLZgtin2YTYqCDZhNix2LPYp9mE2Kkg2KfZhNiq2YHZiNmK2LYiLAogICAgICAgICJkZXNjcmlwdGlvbiI6ICLZgtin2YTYqCDZhNix2LPYp9mE2Kkg2KfZhNiq2YHZiNmK2LYiLAogICAgICAgICJmaWxlRm9ybWF0Q29kZSI6ICJ0eHQiLAogICAgICAgICJtb2RlbCI6IG51bGwsCiAgICAgICAgImZpbGVUZXh0IjogItmF2LXYp9m_2YLYqtmDINi52YTZiSAkaWR2aWRUeXBlICRpZHZpZCDYqNin2LPYqtiu2K_Yp9mFICRhdXRoVHlwZSDZgdmKICRkYXRlINmB2YogJHRpbWUgSHJzICRzdGF0dXMg2LnZhNmJINis2YfYp9iyINiq2YUg2YbYtNix2Ycg2KjZiNin2LPYt9ipIFwi2K7Yr9mF2KfYqiBNT1NJUFwiLiIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICLZhdi12KfYr9mC2Kkg2KfZhNmH2YjZitipIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJhdXRoLXNtcyIsCiAgICAgICAgImxhbmdDb2RlIjogImFyYSIsCiAgICAgICAgImlzQWN0aXZlIjogdHJ1ZQogICAgICB9LAogICAgICB7CiAgICAgICAgImlkIjogIjExMDMiLAogICAgICAgICJuYW1lIjogIk1vZMOobGUgZGUgU01TIGRhdXRvcmlzYXRpb24iLAogICAgICAgICJkZXNjcmlwdGlvbiI6ICJNb2TDqGxlIGRlIFNNUyBkYXV0b3Jpc2F0aW9uIiwKICAgICAgICAiZmlsZUZvcm1hdENvZGUiOiAidHh0IiwKICAgICAgICAibW9kZWwiOiBudWxsLAogICAgICAgICJmaWxlVGV4dCI6ICJWb3RyZSBhdXRoZW50aWZpY2F0aW9uICRpZHZpZFR5cGUgJGlkdmlkIHV0aWxpc2FudCAkYXV0aFR5cGUgbGUgJGRhdGUgw6AgJHRpbWUgSHJzICRzdGF0dXMgc3VyIHVuIHDDqXJpcGjDqXJpcXVlIGTDqXBsb3nDqSBwYXIgXCJNT1NJUCBTZXJ2aWNlc1wiLiIsCiAgICAgICAgIm1vZHVsZUlkIjogIjEwMDA0IiwKICAgICAgICAibW9kdWxlTmFtZSI6ICJBdXRoZW50aWZpY2F0aW9uIElEIiwKICAgICAgICAidGVtcGxhdGVUeXBlQ29kZSI6ICJhdXRoLXNtcyIsCiAgICAgICAgImxhbmdDb2RlIjogImZyYSIsCiAgICAgICAgImlzQWN0aXZlIjogdHJ1ZQogICAgICB9CiAgICBdCiAgfSwKICAiZXJyb3JzIjogbnVsbAp9 - - -#----------Security Properties - used in Internal Authentication Services by default Kernel Auth Adapter------------------ -# CSRF switch -mosip.security.csrf-enable=false - -# CORS switch -mosip.security.cors-enable=false - -# Comma separated allowed origins -mosip.security.origins=localhost:8080 - -# Secure cookie switch -mosip.security.secure-cookie=false - -#------------- Key-manager properties ------------------------- -# ROOT key identifier -mosip.root.key.applicationid=ROOT - -# Certificate signing algorithm -mosip.kernel.certificate.sign.algorithm=SHA256withRSA - -# Default certificate params -mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER -mosip.kernel.keymanager.certificate.default.organization=IITB -mosip.kernel.keymanager.certificate.default.location=BANGALORE -mosip.kernel.keymanager.certificate.default.state=KA -mosip.kernel.keymanager.certificate.default.country=IN - -# Zero Knowledge Master & Public Key identifier. -mosip.kernel.zkcrypto.masterkey.application.id=${application.id} -mosip.kernel.zkcrypto.masterkey.reference.id=${identity-cache.reference.id} -mosip.kernel.zkcrypto.publickey.application.id=${application.id} -mosip.kernel.zkcrypto.publickey.reference.id=CRED_SERVICE -mosip.kernel.zkcrypto.wrap.algorithm-name=AES/ECB/NoPadding -mosip.kernel.zkcrypto.derive.encrypt.algorithm-name=AES/ECB/PKCS5Padding - -# Application Id for PMS master key. -mosip.kernel.partner.sign.masterkey.application.id=PMS - - -#---------------------------------kernel Salt Generator---------------------------------------------------# -mosip.kernel.salt-generator.db.key-alias=javax.persistence.jdbc -mosip.kernel.salt-generator.schemaName=${javax.persistence.jdbc.schema} -#----------------------------------------------------------------------------------------------------------# - -#--------------------------------TokenId generator---------------------------------------------------# -mosip.kernel.tokenid.uin.salt=zHuDEAbmbxiUbUShgy6pwUhKh9DE0EZn9kQDKPPKbWscGajMwf -mosip.kernel.tokenid.partnercode.salt=yS8w5Wb6vhIKdf1msi4LYTJks7mqkbmITk2O63Iq8h0bkRlD0d -#----------------------------------------------------------------------------------------------------# - -# Partner Management Service allowed partner domains -mosip.kernel.partner.allowed.domains=AUTH,DEVICE,FTM - -######################### IDA Key Generator configurations ############################# -keymanager.persistence.jdbc.driver=org.postgresql.Driver -keymanager_database_url=jdbc:postgresql://${mosip.ida.database.hostname}:${mosip.ida.database.port}/mosip_ida -keymanager_database_username=${mosip.ida.database.user} -keymanager_database_password={cipher}0cb863a5b2ae03d3879cf34723cc2549d5e86679f197b57a307b1a0ac62bfc42 -mosip.kernel.keymanager.autogen.appids.list=ROOT,${application.id},${mosip.sign.applicationid}:${mosip.sign.refid},${application.id}:${mosip.kernel.zkcrypto.masterkey.reference.id} -mosip.kernel.keymanager.autogen.basekeys.list=${application.id}:${internal.reference.id},${application.id}:${partner.reference.id},${application.id}:${partner.biometric.reference.id},${application.id}:${mosip.kernel.zkcrypto.publickey.reference.id},${application.id}:${ida-auth-partner-id} -zkcrypto.random.key.generate.count=0 - -keymanager.persistence.jdbc.schema=ida -######################################################################################### - - - diff --git a/sandbox/id-repository-mz.properties b/sandbox/id-repository-mz.properties deleted file mode 100644 index da98f405902..00000000000 --- a/sandbox/id-repository-mz.properties +++ /dev/null @@ -1,351 +0,0 @@ -management.endpoint.restart.enabled=true - -#----------------------------------ID Repo dynamic properties----------------------------------------------# - -# IDRepo database url -mosip.idrepo.db.url=postgres - -# IDRepo database port -mosip.idrepo.db.port=80 - -#IDRepo identity service database name -mosip.idrepo.db.identity.db-name=mosip_idrepo - -#IDRepo identity service database username -mosip.idrepo.db.identity.username=idrepouser - -#IDRepo database password (encrypted) -mosip.idrepo.db.identity.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#IDRepo VID service database name -mosip.idrepo.db.vid.db-name=mosip_idmap - -#IDRepo VID service database username -mosip.idrepo.db.vid.username=idmapuser - -#IDRepo VID service database password (encrypted) -mosip.idrepo.db.vid.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#IDRepo ObjectStore account name -mosip.idrepo.objectstore.account-name=idrepo - -#IDRepo ObjectStore bucket name under which all idrepo objects are stored -mosip.idrepo.objectstore.bucket-name=idrepo - -#IDRepo ObjectStore adapter name -mosip.idrepo.objectstore.adapter-name=s3Adapter - -#----------------------------------ID Repo Service---------------------------------------------------------# - -# Application name using for auditing -mosip.idrepo.application.name=ID-Repository - -# Application version validation in ID-Repo requests -mosip.idrepo.application.version.pattern=^v\\d+(\\.\\d+)?$ - -# Modulo value used to evaluate expression (UIN % modulo) used to get the salt from salt table -mosip.idrepo.modulo-value=1000 - -# Configuration for +/- time period adjustment in minutes for the request time validation, so that -#the requests originating from a system that is not in time-sync will be accepted for the time period -mosip.idrepo.datetime.future-time-adjustment=2 - -#---------------------------Kernel Retry Configurations----------------------------------------------------# -# The retry limit excluding the first attempt before attempting for retries. Default is set to 5. -kernel.retry.attempts.limit=5 -# The initial interval to be used for exponential backoff in milli seconds. If the exponential backoff is disabled by setting 'kernel.retry.exponential.backoff.multiplier' value as 1, this initial interval will be used as the fixed backoff interval for every retries. Default value is 200 millisecs -kernel.retry.exponential.backoff.initial.interval.millisecs=100 -# The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount) -kernel.retry.exponential.backoff.multiplier=1.5 -kernel.retry.exponential.backoff.max.interval.millisecs=1000 -# Whether to traverse to the root cause exception from the exception thrown and use the same root cause to decide whether to retry or not. Default is true. -kernel.retry.traverse.root.cause.enabled=false -#Comma separated List of fully qualified Exceptions which are retryable (inclusion list). Their subclasses will also be considered in the evaluation. -kernel.retry.retryable.exceptions=io.mosip.idrepository.core.exception.IdRepoRetryException -#Comma separated List of fully qualified Exceptions which are not-retryable (exclusion list). Their subclasses will also be considered in the evaluation. -kernel.retry.nonretryable.exceptions= - -#----------------------------------ID Repo Identity Service------------------------------------------------# - -# Application version expected in the request -mosip.idrepo.identity.application.version=v1 - -# Application ids expected in the requests -mosip.idrepo.identity.id.create=mosip.id.create -mosip.idrepo.identity.id.read=mosip.id.read -mosip.idrepo.identity.id.update=mosip.id.update - -#database mappings for identity service -mosip.idrepo.identity.db.url=jdbc:postgresql://${mosip.idrepo.db.url}:${mosip.idrepo.db.port}/${mosip.idrepo.db.identity.db-name} -mosip.idrepo.identity.db.username=${mosip.idrepo.db.identity.username} -mosip.idrepo.identity.db.password=${mosip.idrepo.db.identity.password} -mosip.idrepo.identity.db.driverClassName=org.postgresql.Driver - -# Path of UIN expected in the input idrepo request. This path is based on Identity schema. -mosip.idrepo.identity.json.path=identity.UIN - -# UIN status value which is stored in database for newly inserted UIN/active UINs. -mosip.idrepo.identity.uin-status.registered=ACTIVATED - -# List of allowed UIN status in ID-Repo -mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED - -# Types allowed in retreiveIdentity requests -mosip.idrepo.identity.allowedTypes=bio,demo,all - -#-----------------------ID Repo Identity Service - idobjectvalidator---------------------------------------# - -# Class name of the referenceValidator. Commenting or removing this property will disable reference validator. -mosip.kernel.idobjectvalidator.referenceValidator=io.mosip.kernel.idobjectvalidator.impl.IdObjectReferenceValidator - -#----------------------------------ID Repo VID Service-----------------------------------------------------# -# Application version expected in the request -mosip.idrepo.vid.application.version=v1 - -# Application ids expected in the requests -mosip.idrepo.vid.id.create=mosip.vid.create -mosip.idrepo.vid.id.read=mosip.vid.read -mosip.idrepo.vid.id.update=mosip.vid.update -mosip.idrepo.vid.id.regenerate=mosip.vid.regenerate -mosip.idrepo.vid.id.reactivate=mosip.vid.reactivate -mosip.idrepo.vid.id.deactivate=mosip.vid.deactivate - -# Database mapping for VID service -mosip.idrepo.vid.db.url=jdbc:postgresql://${mosip.idrepo.db.url}:${mosip.idrepo.db.port}/${mosip.idrepo.db.vid.db-name} -mosip.idrepo.vid.db.username=${mosip.idrepo.db.vid.username} -mosip.idrepo.vid.db.password=${mosip.idrepo.db.vid.password} -mosip.idrepo.vid.db.driverClassName=org.postgresql.Driver - -# VID status value which is stored in database for newly inserted VID/active VIDs. -mosip.idrepo.vid.active-status=ACTIVE - -# VID status for which unlimited txn is not allowed -mosip.idrepo.vid.unlimited-txn-status=USED - -# VID status which are allowed for VID regeneration -mosip.idrepo.vid.regenerate.allowed-status=ACTIVE,REVOKED,EXPIRED,USED - -# List of allowed VID status in ID-Repo -mosip.idrepo.vid.allowedstatus=ACTIVE,REVOKED,EXPIRED,USED,INVALIDATED,DEACTIVATED - -# VID status value which is stored in database for deactivated VIDs. Used in deactivate-all-vids api. -mosip.idrepo.vid.deactive-status=DEACTIVATED - -# VID status value which is stored in database for reactivated VIDs. Used in reactivate-all-vids api. -mosip.idrepo.vid.reactive-status=ACTIVE - -# Config server url -mosip.idrepo.mosip-config-url=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ - -# VID policy schema against which VID policy is validated -mosip.idrepo.vid.policy-schema-url=${mosip.idrepo.mosip-config-url}mosip-vid-policy-schema.json - -# VID policy based on which VID is created -mosip.idrepo.vid.policy-file-url=${mosip.idrepo.mosip-config-url}mosip-vid-policy.json - -#----------------------------------REST-services ----------------------------------------------------------# -mosip.idrepo.audit.rest.uri=http://kernel-auditmanager-service/v1/auditmanager/audits -mosip.idrepo.audit.rest.httpMethod=POST -mosip.idrepo.audit.rest.headers.mediaType=application/json - -mosip.idrepo.encryptor.rest.uri=http://kernel-keymanager-service/v1/keymanager/encrypt -mosip.idrepo.encryptor.rest.httpMethod=POST -mosip.idrepo.encryptor.rest.headers.mediaType=application/json -mosip.idrepo.encryptor.rest.timeout=100 - -mosip.idrepo.decryptor.rest.uri=http://kernel-keymanager-service/v1/keymanager/decrypt -mosip.idrepo.decryptor.rest.httpMethod=POST -mosip.idrepo.decryptor.rest.headers.mediaType=application/json -mosip.idrepo.decryptor.rest.timeout=100 - -mosip.idrepo.vid-service.rest.uri=http://idrepo-vid-service/idrepository/v1/vid/uin/{uin} -mosip.idrepo.vid-service.rest.httpMethod=GET -mosip.idrepo.vid-service.rest.headers.mediaType=application/json -mosip.idrepo.vid-service.rest.timeout=100 - -mosip.idrepo.retrieve-uin-by-vid.rest.uri=http://idrepo-vid-service/idrepository/v1/vid/{vid} -mosip.idrepo.retrieve-uin-by-vid.rest.httpMethod=GET -mosip.idrepo.retrieve-uin-by-vid.rest.headers.mediaType=application/json -mosip.idrepo.retrieve-uin-by-vid.rest.timeout=100 - -mosip.idrepo.bio-extractor-service.rest.uri=http://idrepo-bioextractor-service/v1/bioextractor/{extractionFormat}/extracttemplates -mosip.idrepo.bio-extractor-service.rest.httpMethod=POST -mosip.idrepo.bio-extractor-service.rest.headers.mediaType=application/json -mosip.idrepo.bio-extractor-service.rest.timeout=100 - -mosip.idrepo.syncdata-service.rest.uri=http://kernel-masterdata-service/v1/masterdata/idschema/latest -mosip.idrepo.syncdata-service.rest.httpMethod=GET -mosip.idrepo.syncdata-service.rest.headers.mediaType=application/json -mosip.idrepo.syncdata-service.rest.timeout=100 - -mosip.idrepo.pmp.partner.rest.uri=http://pms-partner-management-service/partnermanagement/v1/pmpartners/pmpartners?partnerType=Online_Verification_Partner -mosip.idrepo.pmp.partner.rest.httpMethod=GET -mosip.idrepo.pmp.partner.rest.headers.mediaType=application/json -mosip.idrepo.pmp.partner.rest.timeout=10 - -mosip.idrepo.credential.request.rest.uri=http://idrepo-credential-request-generator/v1/credentialrequest/requestgenerator -mosip.idrepo.credential.request.rest.httpMethod=POST -mosip.idrepo.credential.request.rest.headers.mediaType=application/json -mosip.idrepo.credential.request.rest.timeout=10 - -mosip.idrepo.retrieve-by-uin.rest.uri=http://idrepo-identity-service/idrepository/v1/identity/idvid/{uin} -mosip.idrepo.retrieve-by-uin.rest.httpMethod=GET -mosip.idrepo.retrieve-by-uin.rest.headers.mediaType=application/json -mosip.idrepo.retrieve-by-uin.rest.timeout=100 - -mosip.idrepo.vid-generator.rest.uri=http://kernel-idgenerator-service/v1/idgenerator/vid -mosip.idrepo.vid-generator.rest.httpMethod=GET -mosip.idrepo.vid-generator.rest.headers.mediaType=application/json -mosip.idrepo.vid-generator.rest.timeout=100 - -#--------------------------Credential-Request-Generator properties-----------------------------------# - -#database mappings Credential-Request-Generator -mosip.credential.service.database.hostname=postgres -mosip.credential.service.database.port=80 -mosip.credential.service.jdbc.url=jdbc:postgresql://${mosip.credential.service.database.hostname}:${mosip.credential.service.database.port}/mosip_credential?currentSchema=credential -mosip.credential.service.jdbc.user=credentialuser -mosip.credential.service.jdbc.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -mosip.credential.service.jdbc.driver=org.postgresql.Driver -hibernate.hbm2ddl.auto=update -hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect -hibernate.jdbc.lob.non_contextual_creation=true -hibernate.show_sql=false - -#Token generator properties Credential request generator -credential.request.token.request.appid=crereq -credential.request.token.request.clientId=mosip-crereq-client -credential.request.token.request.secretKey={cipher}b5fb76d3a57ce10fc27aee1685ce906836970d52c4cf13a01282bfe99565bedf -credential.request.token.request.version=1.0 -credential.request.token.request.id=io.mosip.credentialrequestgenerator -credential.request.token.request.issuerUrl=${mosipbox.public.url}/keycloak/auth/realms/mosip -mosip.credential.request.service.id=mosip.credential.request.generator -mosip.credential.request.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' -mosip.credential.request.service.version=1.0 - -#---------------Batch job properties----------------------------------# -#batch job time intervel in miliseconds -mosip.credential.request.job.timedelay=1 -#Reprocessing job timeintervel in miliseconds -mosip.credential.request.reprocess.job.timedelay=1200000 -# This property can be set to auth,print or keep it empty so batch will pick up all records# -credential.request.type=auth -credential.request.retry.max.count=10 -credential.request.reprocess.statuscodes=FAILED,RETRY -credential.batch.core.pool.size=10 -credential.batch.max.pool.size=10 -credential.batch.queue.capacity=10 -credential.batch.page.size=10 -credential.batch.chunk.size=10 -credential.request.process.locktimeout=60000 -credential.request.reprocess.locktimeout=60000 - -#----------------------------------REST-services ----------------------------------------------------------# -CRDENTIALSERVICE=http://idrepo-credential-service/v1/credentialservice/issue -KEYBASEDTOKENAPI=http://kernel-auth-service/v1/authmanager/authenticate/clientidsecretkey -CALLBACKURL=${mosipbox.public.url}/v1/credentialrequest/callback/notifyStatus -#-----Websub configurations------ -#Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub. -subscription-delay-secs=120000 -# The time interval in seconds to schedule subscription of topics which is done as a -# work-around , By default the -# this property value is set to 0 that disables this workaround. -# To enable the resubscrition scheduling, this property should be assigned with a positive -# number like 1 * 60 * 60 = 3600 for one hour -resubscription-delay-secs=7200 -WEBSUBSECRET=test - -#--------------------------Credential-Request-Generator properties ends-----------------------------------# - -#--------------------------Credential-Service properties--------------------------------------------------# - -#Token generator properties Credential Service -credential.service.token.request.appid=creser -credential.service.token.request.clientId=mosip-creser-client -credential.service.token.request.secretKey={cipher}b5fb76d3a57ce10fc27aee1685ce906836970d52c4cf13a01282bfe99565bedf -credential.service.token.request.id=io.mosip.credentialstore - -#Credential formatter properties Credential Service -mosip.credential.vc.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss'Z' -mosip.credential.service.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' -mosip.credential.service.service.id=mosip.credential.store -mosip.credential.service.service.version=1.0 -credential.service.credentialtype.file=CredentialType.json -credential.service.mvel.file=credentialdata.mvel -credential.service.dob.format=yyyy/MM/dd -mosip.credential.service.credential.schema=MOSIPVerifiableCredential -mosip.credential.service.type.name=mosip -mosip.credential.service.type.namespace=mosip -credentialType.formatter.AUTH=IdAuthProvider -credentialType.formatter.QRCODE=QrCodeProvider -credentialType.formatter.MOSIP=CredentialProvider -credentialType.formatter.EUIN=QrCodeProvider -credentialType.formatter.REPRINT=QrCodeProvider -mosip.credential.service.format.id=http://mosip.io/credentials/ -mosip.credential.service.format.issuer=https://mosip.io/issuers/ -mosip.credential.service.application.id=PARTNER -mosip.credential.service.includeCertificateHash=true -mosip.credential.service.includeCertificate=true -mosip.credential.service.includePayload=false -mosip.credential.service.share.prependThumbprint=true -mosip.credential.service.retry.maxAttempts=3 -mosip.credential.service.retry.maxDelay=100 -#----------------------------------REST-services ----------------------------------------------------------# -IDREPOGETIDBYID=http://idrepo-identity-service/idrepository/v1/identity/idvid -mosip.data.share.protocol=http -CREATEDATASHARE=/v1/datashare/create -KEYBASEDTOKENAPI=http://kernel-auth-service/v1/authmanager/authenticate/clientidsecretkey -KEYMANAGER_JWTSIGN=http://kernel-keymanager-service/v1/keymanager/jwtSign -KEYMANAGER_ENCRYPT_PIN=http://kernel-keymanager-service/v1/keymanager/encryptWithPin -KEYMANAGER_ENCRYPT_ZK=http://kernel-keymanager-service/v1/keymanager/zkEncrypt -PARTNER_POLICY=http://pms-partner-service/partnermanagement/v1/partners/partners/partnerId/{partnerId}/credentialType/{credentialType} -PARTNER_EXTRACTION_POLICY=http://pms-partner-service/partnermanagement/v1/partners/partners/partnerId/{partnerId}/policyId/{policyId} -credential.service.token.request.issuerUrl=${mosipbox.public.url}/keycloak/auth/realms/mosip - - - -#--------------------------Credential-Service properties ends--------------------------------------------------# - -#--------------------------Bio SDK Integration - Bio extractor Service ----------------------------------------# -mosip.biosdk.default.host=http://13.233.66.241 -mosip.biosdk.default.service.url=${mosip.biosdk.default.host}/biosdk-service - -# The fully qualified Class Name of the BIO SDK API implemented for Finger modality -# This class will be loaded in runtime, the containing jar should be available in classpath -mosip.biometric.sdk.provider.finger.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 -# The version of the BIO SDK API implemeted for Finger modality -mosip.biometric.sdk.provider.finger.version=0.9 -mosip.biometric.sdk.provider.finger.format.url.mock-1.1=${mosip.biosdk.default.service.url} -# The default URL will be taken if no format specified in the extraction or the incoming extraction format is not configured. -# If the below default configuration is not configured, the one of the configured url will be used as the default URL. -# If no URL is configured, the default URL will be taken from the environment variable 'mosip_biosdk_service'. -mosip.biometric.sdk.provider.finger.format.url.default=${mosip.biosdk.default.service.url} - -# The fully qualified Class Name of the BIO SDK API implemented for Iris modality -# This class will be loaded in runtime, the containing jar should be available in classpath -mosip.biometric.sdk.provider.iris.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 -# The version of the BIO SDK API implemeted for Iris modality -mosip.biometric.sdk.provider.iris.version=0.9 -mosip.biometric.sdk.provider.iris.format.url.mock-1.1=${mosip.biosdk.default.service.url} - -# The fully qualified Class Name of the BIO SDK API implemented for Face modality -# This class will be loaded in runtime, the containing jar should be available in classpath -mosip.biometric.sdk.provider.face.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 -# The version of the BIO SDK API implemeted for Face modality -mosip.biometric.sdk.provider.face.version=0.9 -mosip.biometric.sdk.provider.face.format.url.mock-1.1=${mosip.biosdk.default.service.url} - -#------ - - -# Credential issuance Event properties -id-repo-ida-event-type-namespace=mosip -id-repo-ida-event-type-name=ida -id-repo-ida-credential-type=auth -id-repo-ida-credential-recepiant=IDA - ------------ -# Kernel token ID generator properties -mosip.kernel.tokenid.uin.salt=zHuDEAbmbxiUbUShgy6pwUhKh9DE0EZn9kQDKPPKbWscGajMwf -mosip.kernel.tokenid.partnercode.salt=yS8w5Wb6vhIKdf1msi4LYTJks7mqkbmITk2O63Iq8h0bkRlD0d - diff --git a/sandbox/idobject-document-category-mapping.json b/sandbox/idobject-document-category-mapping.json deleted file mode 100644 index 7fe51d2796c..00000000000 --- a/sandbox/idobject-document-category-mapping.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "identity": { - "fullName": { - "documentCategory": "proofOfIdentity" - }, - "parentOrGuardianRID": { - "documentCategory" : "proofOfRelationship" - }, - "parentOrGuardianUIN": { - "documentCategory" : "proofOfRelationship" - }, - "age": { - "documentCategory" : "proofOfIdentity" - }, - "addressLine1": { - "documentCategory" : "proofOfAddress" - }, - "addressLine2": { - "documentCategory" : "proofOfAddress" - }, - "addressLine3": { - "documentCategory" : "proofOfAddress" - }, - "region": { - "documentCategory" : "proofOfAddress" - }, - "province": { - "documentCategory" : "proofOfAddress" - }, - "postalCode": { - "documentCategory" : "proofOfAddress" - }, - "localAdministrativeAuthority": { - "documentCategory" : "proofOfAddress" - }, - "city": { - "documentCategory" : "proofOfAddress" - } - } -} diff --git a/sandbox/kernel-mz.properties b/sandbox/kernel-mz.properties deleted file mode 100644 index 7cdd8c6dda1..00000000000 --- a/sandbox/kernel-mz.properties +++ /dev/null @@ -1,439 +0,0 @@ -#---------------------------------------kernel common properties----------------------- -# Inside Kubernetes services are exposed on port 80 (most of them) -# For external connection to postgres, nodePort must be used. -mosip.kernel.database.hostname=postgres -mosip.kernel.database.port=80 - -#---------------------------------------Sync Data service------------------------------- -mosip.kernel.syncdata.auth-manager-base-uri=http://kernel-auth-service/v1/authmanager -mosip.kernel.syncdata.auth-manager-roles=/roles -mosip.kernel.syncdata.auth-user-details=/userdetails -mosip.kernel.syncdata.syncdata-request-id=SYNCDATA.REQUEST -mosip.kernel.syncdata.syncdata-version-id=v1.0 -# Name of the file that is present in the config server which has registration specific config. -mosip.kernel.syncdata.registration-center-config-file=registration-${spring.profiles.active}.properties -# Name of the file that is present in the config server which has global config. -mosip.kernel.syncdata.global-config-file=application-${spring.profiles.active}.properties -mosip.kernel.syncdata.syncjob-base-url=http://kernel-syncjob-service:8099/v1/syncjob/syncjobdef -mosip.kernel.syncdata-service-idschema-url=http://kernel-masterdata-service/v1/masterdata/idschema/latest - - -#------------------------------------sms notification service------------------------------- -mosip.kernel.sms.enabled=false -mosip.kernel.sms.country.code=91 -mosip.kernel.sms.number.length=10 - -#mosip.kernel.sms.gateway : "infobip" or "msg91" -mosip.kernel.sms.gateway=gateway - -#--msg91 gateway-- -mosip.kernel.sms.api=smsapi -mosip.kernel.sms.authkey=authkey -mosip.kernel.sms.route=route -mosip.kernel.sms.sender=sender -mosip.kernel.sms.unicode=unicode - -# -- Email notification ------- -mosip.kernel.notification.email.from=mosipuser@gmail.com -spring.mail.host=smtphost -spring.mail.username=username -spring.mail.password=password -spring.mail.port=587 -spring.mail.properties.mail.transport.protocol=smtp -spring.mail.properties.mail.smtp.starttls.required=true -spring.mail.properties.mail.smtp.starttls.enable=true -spring.mail.properties.mail.smtp.auth=true -spring.mail.debug=false -spring.servlet.multipart.enabled=true -spring.servlet.multipart.max-file-size=5MB - -#--------------------------------------Keymanager Service-------------------------------------- -#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE -mosip.kernel.keymanager.hsm.keystore-type=PKCS11 - -# For PKCS11 provide Path of config file. -# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. -# For Offline & JCE property can be left blank, specified value will be ignored. -mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf - -# Passkey of keystore for PKCS11, PKCS12 -# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. -mosip.kernel.keymanager.hsm.keystore-pass={cipher}2d6aa328be521b2be6f33f476f7df2ea39c7ae1a3e2146ec169c5fac3225da3f - -#--------------------Audit Manager------------------------------------------------ -mosip.kernel.auditmanager-service-logs-location=logs/audit.log - -#--------------------Auth service -------------------------------------------------- -auth.jwt.secret=authjwtsecret -auth.jwt.base=Mosip-Token -auth.jwt.expiry=6000000 -auth.token.header=Authorization -auth.refreshtoken.header=RefreshToken -auth.jwt.refresh.expiry=86400000 -auth.primary.language=eng - -otp.manager.api.generate=http://kernel-otpmanager-service/v1/otpmanager/otp/generate -otp.manager.api.verify=http://kernel-otpmanager-service/v1/otpmanager/otp/validate -otp.sender.api.email.send=http://kernel-notification-service/v1/notifier/email/send -otp.sender.api.sms.send=http://kernel-notification-service/v1/notifier/sms/send -masterdata.api.template=http://kernel-masterdata-service/v1/masterdata/templates/ -masterdata.api.template.otp=/otp-sms-template -idrepo.api.getuindetails=http://idrepo-identity-service/idrepository/v1/identity/uin/{uin} - -mosip.kernel.auth.app.id=auth -mosip.kernel.auth.client.id=mosip-auth-client -mosip.kernel.auth.secret.key={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db - -mosip.kernel.ida.app.id=ida -mosip.kernel.ida.client.id=mosip-ida-client -mosip.kernel.ida.secret.key={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db - -#------------------------Token id generation service salts--------------------------- -mosip.kernel.tokenid.uin.salt=zHuDEAbmbxiUbUShgy6pwUhKh9DE0EZn9kQDKPPKbWscGajMwf -mosip.kernel.tokenid.partnercode.salt=yS8w5Wb6vhIKdf1msi4LYTJks7mqkbmITk2O63Iq8h0bkRlD0d - -#------------------------VID Generator Service--------------------------------------- -#minimum threshold of unused vid -mosip.kernel.vid.min-unused-threshold=100000 -#number of vids to generate -mosip.kernel.vid.vids-to-generate=200000 -#time to release after expiry(in days) -mosip.kernel.vid.time-to-release-after-expiry=5 -#for genaration on init vids timeout -mosip.kernel.vid.pool-population-timeout=10000000 - -kernel.vid.revoke-scheduler-type=cron -#schedular seconds configuration -kernel.vid.revoke-scheduler-seconds=0 -#schedular minutes configuration -kernel.vid.revoke-scheduler-minutes=0 -#schedular hours configuration -kernel.vid.revoke-scheduler-hours=23 -#schedular days configuration -kernel.vid.revoke-scheduler-days_of_month=* -#schedular months configuration -kernel.vid.revoke-scheduler-months=* -#schedular weeks configuration -kernel.vid.revoke-scheduler-days_of_week=* - -kernel.vid.isolator-scheduler-type=cron -#schedular seconds configuration -kernel.vid.isolator-scheduler-seconds=0 -#schedular minutes configuration -kernel.vid.isolator-scheduler-minutes=0 -#schedular hours configuration -kernel.vid.isolator-scheduler-hours=* -#schedular days configuration -kernel.vid.isolator-scheduler-days_of_month=* -#schedular months configuration -kernel.vid.isolator-scheduler-months=* -#schedular weeks configuration -kernel.vid.isolator-scheduler-days_of_week=* - -#------------------------PRID Properties-------------------------------------------- - -#minimum threshold of unused prid -mosip.kernel.prid.min-unused-threshold=1000 -#number of prids to generate -mosip.kernel.prid.prids-to-generate=2000 -#for genaration on init prids timeout -mosip.kernel.prid.pool-population-timeout=10000000 - -mosip.kernel.prid.sequence-limit=3 -kernel.prid.revoke-scheduler-type=cron - -# Schedular config -kernel.prid.revoke-scheduler-seconds=0 -kernel.prid.revoke-scheduler-minutes=0 -kernel.prid.revoke-scheduler-hours=23 -kernel.prid.revoke-scheduler-days_of_month=* -kernel.prid.revoke-scheduler-months=* -kernel.prid.revoke-scheduler-days_of_week=* - -#------------------------DataBase Properties----------------------------------------- -javax.persistence.jdbc.driver=org.postgresql.Driver -hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect -hibernate.jdbc.lob.non_contextual_creation=true -hibernate.hbm2ddl.auto=none -hibernate.show_sql=false -hibernate.format_sql=false -hibernate.connection.charSet=utf8 -hibernate.cache.use_second_level_cache=false -hibernate.cache.use_query_cache=false -hibernate.cache.use_structured_entries=false -hibernate.generate_statistics=false - -#hibernate.ejb.interceptor=io.mosip.kernel.dataaccess.hibernate.config.EncryptionInterceptor -logging.level.org.hibernate.SQL=ERROR -logging.level.org.hibernate.type=ERROR - -#Kernel admin service -admin_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel -admin_database_username=kerneluser -admin_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -syncjob_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master -syncjob_database_username=masteruser -syncjob_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#Database mappings audit -audit_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_audit -audit_database_username=audituser -audit_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - - -#Database mappings masterdata -masterdata_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master -#masterdata_database_username=sysadmin -#masterdata_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -masterdata_database_username=masteruser -masterdata_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - - -#Database mappings uin -uin.swagger.base-url=https://qa.mosip.io -uin_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel -uin_database_username=kerneluser -uin_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext - -#Database mappings id -id_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel -id_database_username=kerneluser -id_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#Database mappings vid -vid_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel -vid_database_username=kerneluser -vid_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#Database mappings prid -prid_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel -prid_database_username=kerneluser -prid_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#Database mappings keymanager -keymanager.persistence.jdbc.driver=org.postgresql.Driver -keymanager_database_url = jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_keymgr -keymanager_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -keymanager_database_username= keymgruser - -#Database mappings otp manager -otpmanager_database_username = kerneluser -otpmanager_database_url = jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel -otpmanager_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#Database mappings syncdata -syncdata_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master -syncdata_database_username=masteruser -syncdata_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#Database mappings licensekeymanager -licensekeymanager.persistence.jdbc.driver=org.postgresql.Driver -licensekeymanager_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master -licensekeymanager_database_username=masteruser -licensekeymanager_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#Database mappings rid generator -ridgenerator_database_username =regprcuser -ridgenerator_database_url =jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_regprc -ridgenerator_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - - -#Database mappings authmanager -iam.datasource.url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_iam -iam.datasource.username=iamuser -iam.datasource.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -iam.datasource.driverClassName=org.postgresql.Driver -spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true - -db_1_DS.datastore.ipaddress=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_iam -db_1_DS.datastore.username=iamuser -db_1_DS.datastore.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -db_1_DS.datastore.driverClassName=org.postgresql.Driver -db_1_DS.datastore.schema=GOVT_OFFICERS - -db_2_DS.datastore.ipaddress=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_iam -db_2_DS.datastore.username=iamuser -db_2_DS.datastore.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -db_2_DS.datastore.driverClassName=org.postgresql.Driver -db_2_DS.datastore.schema=GOVT_OFFICERS - -#-------------------------------------------------------------------------------------------------# - -#------------------------KeyCloak Config changes---------------------------# - -mosip.iam.base-url=http://keycloak -mosip.iam.admin-realm-id=admin -mosip.iam.default.realm-id=mosip -mosip.iam.open-id-url =${mosip.iam.base-url}/auth/realms/{realmId}/protocol/openid-connect/ -mosip.iam.realm.operations.base-url=${mosip.iam.base-url}/auth/admin/realms/{realmId} -mosip.iam.admin-url=${mosip.iam.base-url}/auth/admin/ -mosip.iam.roles-extn-url=realms/mosip/roles -mosip.iam.users-extn-url=realms/mosip/users -mosip.iam.role-user-mapping-url=/{userId}/role-mappings/realm -keycloak.realm=registration-client -keycloak.resource=account -keycloak.auth-server-url=http://keycloak/auth -keycloak.ssl-required=none -keycloak.public-client=true -keycloak.use-resource-role-mappings=true -keycloak.verify-token-audience=true - -mosip.authmanager.base-url=http://kernel-auth-service/v1/authmanager - -mosip.iam.authorization_endpoint=${mosip.iam.base-url}/auth/realms/{realmId}/protocol/openid-connect/auth -mosip.iam.token_endpoint=${mosip.iam.base-url}/auth/realms/{realmId}/protocol/openid-connect/token -mosip.admin.login_flow.name=authorization_code -mosip.admin.login_flow.response_type=code -mosip.admin.login_flow.scope=cls -mosip.admin.clientid=mosip-admin-client -mosip.admin.clientsecret={cipher}46b4a98aac7347e6a2d4f723e281cfd1e7b859100cc17494fc7ed9fb357a6cd9 -mosip.admin.redirecturi=${mosip.authmanager.base-url}/login-redirect/ -mosip.admin_realm_id=mosip - -mosip.iam.master.realm-id=master - -mosip.iam.pre-reg_user_password=mosip - -db_3_DS.keycloak.ipaddress= jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/keycloak -db_3_DS.keycloak.port=80 -db_3_DS.keycloak.username=postgres -db_3_DS.keycloak.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -db_3_DS.keycloak.driverClassName=org.postgresql.Driver - -mosip.keycloak.admin.client.id=admin-cli -mosip.keycloak.admin.user.id=admin -mosip.keycloak.admin.secret.key={cipher}e16f132dc80ad5043acb6c2173c95be217ee5f5246a589ca58d5f75fa0a9d63d - - -mosip.iam.impl.basepackage=io.mosip.kernel.auth.defaultimpl -mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter - -#---latest changes--# -master.search.maximum.rows=50 -mosip.level=2 -mosip.kernel.masterdata.audit-url= http://kernel-auditmanager-service/v1/auditmanager/audits -mosip.keycloak.max-no-of-users=20000 - -#---Register device changes--# -mosip.kernel.sign-url=http://kernel-keymanager-service/v1/keymanager/sign -masterdata.registerdevice.timestamp.validate=+10 - -mosip.kernel.prereg.realm-id=preregistration -mosip.kernel.prereg.client.id=mosip-prereg-client -mosip.kernel.prereg.secret.key={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db - -# UIN Schedular config -kernel.uin.transfer-scheduler-type=cron -kernel.uin.transfer-scheduler-seconds=0 -kernel.uin.transfer-scheduler-minutes=48 -kernel.uin.transfer-scheduler-hours=17 -kernel.uin.transfer-scheduler-days_of_month=* -kernel.uin.transfer-scheduler-months=* -kernel.uin.transfer-scheduler-days_of_week=* - -# UIN Auth adapter config -auth.server.admin.validate.url=http://kernel-auth-service/v1/authmanager/authorize/admin/validateToken - -# Proxy otp -mosip.kernel.auth.proxy-otp-value=111111 -mosip.security.provider.name=SunPKCS11-pkcs11-proxy - -#---------------------------------------Security Properties----------------------------- -#CSRF switch -mosip.security.csrf-enable=false - -#CORS switch -mosip.security.cors-enable=false - -#comma separated allowed origins -mosip.security.origins=localhost:8080 - -#secure cookie switch -mosip.security.secure-cookie=false - -# ROOT key identifier -mosip.root.key.applicationid=ROOT - -# Certificate signing algorithm -mosip.kernel.certificate.sign.algorithm=SHA256withRSA - -# Default certificate params -mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io -mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER -mosip.kernel.keymanager.certificate.default.organization=IITB -mosip.kernel.keymanager.certificate.default.location=BANGALORE -mosip.kernel.keymanager.certificate.default.state=KA -mosip.kernel.keymanager.certificate.default.country=IN - -# Zero Knowledge Master & Public Key identifier. -mosip.kernel.zkcrypto.masterkey.application.id=KERNEL -mosip.kernel.zkcrypto.masterkey.reference.id=IDENTITY_CACHE -mosip.kernel.zkcrypto.publickey.application.id=IDA -mosip.kernel.zkcrypto.publickey.reference.id=PUBLIC_KEY -mosip.kernel.zkcrypto.wrap.algorithm-name=AES/ECB/NoPadding -mosip.kernel.zkcrypto.derive.encrypt.algorithm-name=AES/ECB/PKCS5Padding - -# Application Id for PMS master key. -mosip.kernel.partner.sign.masterkey.application.id=PMS - -datastores=ldap_1_DS,db_1_DS,db_2_DS - -# Partner Management Service allowed partner domains -mosip.kernel.partner.allowed.domains=AUTH,DEVICE,FTM - -# List of keys to auto generate. -mosip.kernel.keymanager.autogen.appids.list=ROOT,KERNEL:SIGN,PRE_REGISTRATION,REGISTRATION,REGISTRATION_PROCESSOR,ID_REPO,KERNEL:IDENTITY_CACHE,RESIDENT,PMS - -# random keys required for ZK encrypt. -zkcrypto.random.key.generate.count=10000 - -datastores=db_1_DS,db_2_DS - -mosip.kernel.keymanager.autogen.basekeys.list=RESIDENT:mpartner-default-resident - -# Keymanager service keystore cache properties -mosip.kernel.keymanager.keystore.keyreference.enable.cache=true - -# API to get machine based on machine id -mosip.kernel.syncdata-service-machine-url=http://kernel-masterdata-service/v1/masterdata/machines/%s/eng - -# Flag added to choose client crypto implementation in syncdata service -# Needs to be updated to true in prod deployments -mosip.syncdata.tpm.required=false - -mosip.kernel.registrationclient.app.id=registrationclient -mosip.kernel.registrationclient.client.id=mosip-reg-client -mosip.kernel.registrationclient.secret.key={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db - -# API to fetch auth token and refresh token used by syncdata-service -mosip.kernel.authtoken.NEW.internal.url=http://kernel-auth-service/v1/authmanager/authenticate/internal/useridPwd -mosip.kernel.authtoken.OTP.internal.url=http://kernel-auth-service/v1/authmanager/authenticate/internal/userotp -mosip.kernel.authtoken.REFRESH.internal.url=http://kernel-auth-service/v1/authmanager/authorize/internal/refreshToken/registrationclient -mosip.kernel.auth.sendotp.url=http://kernel-auth-service/v1/authmanager/authenticate/sendotp - -# Sample Additional configuration required for real HSM configured though JCE. -# Add the required JCE properties with prefix. - "mosip.kernel.keymanager.hsm.jce" for the property key -# mosip.kernel.keymanager.hsm.jce.className=io.mosip.keymanager.hsm.impl.AnyHSMKeyStoreImpl -# mosip.kernel.keymanager.hsm.jce.keyStoreType=HSMKeyStoreType -# mosip.kernel.keymanager.hsm.jce.keyStoreFile=AnyRequiredKeyStoreFile -# mosip.kernel.keymanager.hsm.jce.localKeyStorePwd=HSMPartitionPassword - -## syncdata-service websub configuration (cacert sync) -syncdata.websub.topic.ca-cert=CA_CERTIFICATE_UPLOADED -# Secret for partner CA certificate CRUD callback -syncdata.websub.callback.secret.ca-cert=secret -# Callback url for partner CA certificate CRUD event -syncdata.websub.callback.url.path.ca-cert=/callback/partner/ca_certificate -syncdata.websub.callback.url.ca-cert=http://kernel-syncdata-service/v1/syncdata/callback/partner/ca_certificate -# Number of retires on subscription failure -syncdata.websub.resubscription.retry.count=3 -# The time interval in seconds to schedule subscription of topics which is done as a -# work-around for the bug: MOSIP-9496. By default the -# this property value is set to 0 that disables this workaround. -# To enable the resubscrition scheduling, this property should be assigned with a positive -# number like 1 * 60 * 60 = 3600 for one hour -syncdata.websub.resubscription.delay.secs=7200 -# Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub. -subscriptions-delay-on-startup=120000 diff --git a/sandbox/mock-abis-mz.properties b/sandbox/mock-abis-mz.properties deleted file mode 100644 index 4aba1514f87..00000000000 --- a/sandbox/mock-abis-mz.properties +++ /dev/null @@ -1,8 +0,0 @@ -#spring.cloud.config.uri=https://dev.mosip.net/config -spring.cloud.config.name=mock-abis -#spring.profiles.active=mz -#spring.cloud.config.label=1.1.2 -spring.application.name=mock-abis-service -management.endpoint.health.show-details=always -management.endpoits.web.exposure.include=info,health,refresh -server.port=8081 diff --git a/sandbox/mosip-cbeff-env.xsd b/sandbox/mosip-cbeff-env.xsd deleted file mode 100644 index 4f53d61be96..00000000000 --- a/sandbox/mosip-cbeff-env.xsd +++ /dev/null @@ -1,174 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/sandbox/mosip-vid-policy-schema.json b/sandbox/mosip-vid-policy-schema.json deleted file mode 100644 index be704a33b37..00000000000 --- a/sandbox/mosip-vid-policy-schema.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "$id": "http://mosip.io/vid_policy_object/1.0/vid_policy_object.json", - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "VID Policy schema", - "description": "MOSIP VID Policy schema", - "type": "object", - "additionalProperties": false, - "properties": { - "vidPolicies": { - "title": "vidPolicies", - "description": "This schema holds all the VID policies configured for a country", - "type": "array", - "additionalItems": false, - "uniqueItems": true, - "items": { - "type": "object", - "required": [ - "vidType", - "vidPolicy" - ], - "additionalProperties": false, - "properties": { - "vidType": { - "type": "string", - "pattern": "^(Perpetual|Temporary)$" - }, - "vidPolicy": { - "$ref": "#/definitions/vidPolicyType" - } - } - } - } - }, - "definitions": { - "vidPolicyType": { - "type": "object", - "properties": { - "validForInMinutes": { - "type": ["integer", "null"] - }, - "transactionsAllowed": { - "type": ["integer", "null"], - "minimum": 1, - "maximum": 1 - }, - "instancesAllowed": { - "type": "integer", - "minimum": 1 - }, - "autoRestoreAllowed": { - "type": "boolean" - }, - "restoreOnAction": { - "type": "string", - "pattern": "^(REVOKE|REGENERATE)$" - } - }, - "additionalProperties": false - } - } -} \ No newline at end of file diff --git a/sandbox/mosip-vid-policy.json b/sandbox/mosip-vid-policy.json deleted file mode 100644 index 52f84074dc6..00000000000 --- a/sandbox/mosip-vid-policy.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "vidPolicies": [ - { - "vidType": "Perpetual", - "vidPolicy": { - "validForInMinutes": null, - "transactionsAllowed": null, - "instancesAllowed": 1, - "autoRestoreAllowed": true, - "restoreOnAction": "REVOKED" - } - }, - { - "vidType": "Temporary", - "vidPolicy": { - "validForInMinutes": 30, - "transactionsAllowed": 1, - "instancesAllowed": 5, - "autoRestoreAllowed": false, - "restoreOnAction": "REGENERATE" - } - } - ] -} diff --git a/sandbox/partner-management-mz.properties b/sandbox/partner-management-mz.properties deleted file mode 100644 index 18bf3e2399e..00000000000 --- a/sandbox/partner-management-mz.properties +++ /dev/null @@ -1,211 +0,0 @@ -##################### Dynamic Properties ######################################## -# For PMS Database -mosip.pmp.database.hostname=postgres -mosip.pmp.database.port=80 -mosip.pmp.database.user=pmsuser -mosip.pmp.database.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#### For Authenticate Device ######## -mosip.authdevice.database.hostname=postgres -mosip.authdevice.database.port=80 -mosip.authdevice.database.user=authdeviceuser -mosip.authdevice.database.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -######### For Registration Device ########### -mosip.regdevice.database.hostname=postgres -mosip.regdevice.database.port=80 -mosip.regdevice.database.user=regdeviceuser -mosip.regdevice.database.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - - -######################## Spring and Hibernate Configurations #################### -# ***************** PMS DB Postgres Properties *********************** -javax.persistence.jdbc.driverClassName=org.postgresql.Driver -javax.persistence.jdbc.driver=org.postgresql.Driver -javax.persistence.jdbc.url=jdbc:postgresql://${mosip.pmp.database.hostname}:${mosip.pmp.database.port}/mosip_pms -javax.persistence.jdbc.user=${mosip.pmp.database.user} -javax.persistence.jdbc.username=${mosip.pmp.database.user} -javax.persistence.jdbc.password=${mosip.pmp.database.password} -javax.persistence.jdbc.schema = pms -javax.persistence.jdbc.uinHashTable=uin_hash_salt -javax.persistence.jdbc.uinEncryptTable=uin_encrypt_salt - -## For Authenticate Device -mosip.datasource.authdevice.jdbc.driver=org.postgresql.Driver -mosip.datasource.authdevice.jdbc.url = jdbc:postgresql://${mosip.authdevice.database.hostname}:${mosip.authdevice.database.port}/mosip_authdevice -mosip.datasource.authdevice.jdbc.password = ${mosip.authdevice.database.password} -mosip.datasource.authdevice.jdbc.user = ${mosip.authdevice.database.user} -mosip.datasource.authdevice.jdbc.schema = authdevice -mosip.datasource.authdevice.hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect - -## For Registration Device -mosip.datasource.regdevice.jdbc.driver=org.postgresql.Driver -mosip.datasource.regdevice.jdbc.url = jdbc:postgresql://${mosip.regdevice.database.hostname}:${mosip.regdevice.database.port}/mosip_regdevice -mosip.datasource.regdevice.jdbc.password = ${mosip.regdevice.database.password} -mosip.datasource.regdevice.jdbc.user = ${mosip.regdevice.database.user} -mosip.datasource.regdevice.jdbc.schema = regdevice -mosip.datasource.regdevice.hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect - -# *********** Hibernate Properties ************* -hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect -hibernate.jdbc.lob.non_contextual_creation=true -hibernate.hbm2ddl.auto=none -hibernate.show_sql=true -hibernate.format_sql=true -hibernate.connection.charSet=utf8 -hibernate.cache.use_second_level_cache=false -hibernate.cache.use_query_cache=false -hibernate.cache.use_structured_entries=false -hibernate.generate_statistics=false -spring.datasource.initialization-mode=never - -######################### Partner Management Application Configurations ############## -# Application ID of PMP -# Used to upload other domain certs -application.id=PARTNER - -# Application name of PMP -application.name=partner - -# To configure starting value or initial value of mispId. -# ex: if value = 3 ==> mispId starts from 100 -# if value = 4 ==> mispId starts from 1000 -mosip.kernel.mispid.length = 3 - -# To configure length of misp license key -mosip.kernel.idgenerator.misp.license-key-length = 50 - -# To configure the partner types for which extractors are required. It should be "," separated. -pmp.bioextractors.required.partner.types = Credential_Partner,Online_Verification_Partner - -# To configure misp license validity duration -mosip.pmp.misp.license.expiry.period.indays = 90 - -# To configure partner api key validity duration -mosip.pmp.partner.policy.expiry.period.indays = 90 - -# To configure policy validity duration/period -pmp.policy.expiry.period.indays = 180 - -# policy schema url where policy schemas published -pmp.policy.schema.url= https://schemas.mosip.io/v1/auth-policy - -# To configure what are the allowed policy types. -# If we add any new policy type, corresponding schema also needs to be added. -# format for adding schema configuration for new policy type is as below -# pmp.policyTypeName.policy.schema(all are in lowercase)= schema url -pmp.allowed.policy.types=Auth,DataShare,CredentialIssuance - -# auth policy schema url -pmp.auth.policy.schema = ${mosip.kernel.xsdstorage-uri}auth-policy-schema.json - -# datashare policy schema url -pmp.datashare.policy.schema=${mosip.kernel.xsdstorage-uri}data-share-policy-schema.json - -# credentialissuance policy schema url -pmp.credentialissuance.policy.schema=${mosip.kernel.xsdstorage-uri}data-share-policy-schema.json - -# To configure email format of misp -pmp.misp.valid.email.address.regex=^[\\w-\\+]+(\\.[\\w]+)*@[\\w-]+(\\.[\\w]+)*(\\.[a-z]{2,})$ - -# To configure email format of partner -pmp.partner.valid.email.address.regex=^[\\w-\\+]+(\\.[\\w]+)*@[\\w-]+(\\.[\\w]+)*(\\.[a-z]{2,})$ - -# To configure length of partnerId -pmp.partner.partnerId.max.length=36 - -# Time difference between request creation and request processing -masterdata.registerdevice.timestamp.validate=+5 - -# Kernel audit Service -mosip.kernel.masterdata.audit-url=http://kernel-auditmanager-service/v1/auditmanager/audits - -# Kernel sign service -mosip.kernel.sign-url=http://kernel-keymanager-service/v1/keymanager/jwtSign - -# ApplicationId for partner -mosip.pmp.auth.appId =partner - -# Kernel auth client ID for partner management services -mosip.pmp.auth.clientId=mosip-partner-client - -# Kernel auth secret key for partner management services -mosip.pmp.auth.secretKey= {cipher}4e22fb7201d82324263ff4fb91035e9d0462dffd76184184d554db962cab0840 - -# Key manager service API's to upload certificates -pms.cert.service.token.request.clientId=${mosip.pmp.auth.clientId} -pms.cert.service.token.request.issuerUrl=http://kernel-auth-service/v1/authmanager/authenticate/clientidsecretkey -pmp.ca.certificaticate.upload.rest.uri=http://kernel-keymanager-service/v1/keymanager/uploadCACertificate -pmp.partner.certificaticate.upload.rest.uri=http://kernel-keymanager-service/v1/keymanager/uploadPartnerCertificate -pmp.partner.certificaticate.get.rest.uri=http://kernel-keymanager-service/v1/keymanager/getPartnerCertificate/{partnerCertId} -pmp-keymanager.upload.other.domain.cert.rest.uri=http://kernel-keymanager-service/v1/keymanager/uploadOtherDomainCertificate - -###################KeyCloak configuration ################################### -# These configurations are used to create user in keycloak and map to a role. -# Pre-Condition: All partner types should be created as roles in keycloak. -mosip.iam.base-url=http://keycloak -mosip.iam.realm.operations.base-url = ${mosip.iam.base-url}/auth/admin/realms/{realmId} -mosip.iam.admin-url =${mosip.iam.base-url}/auth/admin/ -mosip.iam.admin-realm-id =admin -mosip.iam.roles-extn-url =realms/mosip/roles -mosip.iam.users-extn-url = realms/mosip/users -mosip.iam.role-user-mapping-url =/{userId}/role-mappings/realm -mosip.iam.open-id-url =${mosip.iam.base-url}/auth/realms/{realmId}/protocol/openid-connect/ -mosip.iam.master.realm-id=master -mosip.iam.default.realm-id=mosip -mosip.keycloak.admin.client.id=admin-cli -mosip.keycloak.admin.user.id=admin -mosip.keycloak.admin.secret.key={cipher}e16f132dc80ad5043acb6c2173c95be217ee5f5246a589ca58d5f75fa0a9d63d - -#------------------------Auth-Adapter----------------------------------------------- -auth.server.validate.url=http://kernel-auth-service/v1/authmanager/authorize/admin/validateToken -auth.server.admin.validate.url=http://kernel-auth-service/v1/authmanager/authorize/admin/validateToken -auth.jwt.secret=authjwtsecret -auth.jwt.base=Mosip-Token - -##############Security properties ######################## -#CSRF switch -mosip.security.csrf-enable:false -#secure cookie switch -mosip.security.secure-cookie:false - -#Max rows to be returned after filter -partner.search.maximum.rows=10 - -#Allowed credential types which partner can map against to policy -pmp.allowed.credential.types=auth,qrcode,euin,reprint - -#Allowed partner types who can map policies to credential types -policy.credential.type.mapping.allowed.partner.types=Credential_Partner,Online_Verification_Partner - -#Allowed kyc attributes -#Used to display in UI -policy.allowed.kyc.attributes = {"fullName": "Full Name","middleName": "Middle Name","lastName": "Last Name","dateOfBirth": "DateOfBirth","gender": "Gender","phone": "phone"} -#Used to display in UI -policy.auth.allowed.token.types=random,partner,policy - -# IAM -# mosipbox.public.url is Ansible defined -mosip.iam.module.login_flow.name=authorization_code -mosip.iam.module.clientID=mosip-pms-client -mosip.iam.module.clientsecret={cipher}4e22fb7201d82324263ff4fb91035e9d0462dffd76184184d554db962cab0840 -mosip.iam.module.redirecturi=${mosipbox.public.url}/v1/partnermanager/login-redirect/ -mosip.iam.module.login_flow.scope=cls -mosip.iam.module.login_flow.response_type=code -mosip.iam.authorization_endpoint=${mosipbox.public.url}/keycloak/auth/realms/mosip/protocol/openid-connect/auth -mosip.iam.module.admin_realm_id=mosip -mosip.kernel.filtervalue.max_columns =100 -mosip.iam.token_endpoint=${mosipbox.public.url}/keycloak/auth/realms/mosip/protocol/openid-connect/token - -###############Not used properties################### -pmp.policy.allowed.authtokens.types=random,partner,policy -mosip.kernel.device.search-url=http://kernel-masterdata-service/v1/masterdata/devices/search -token.request.appid=admin -token.request.password=mosip -token.request.username=110005 -token.request.version=string -token.request.id=v1 -token.request.issuerUrl=http://kernel-auth-service/v1/authmanager/authenticate/clientidsecretkey -token.request.clientId=admin -PASSWORDBASEDTOKENAPI=http://kernel-auth-service/v1/authmanager/authenticate/useridPwd -application.env.local=false diff --git a/sandbox/pre-registration-demographic.json b/sandbox/pre-registration-demographic.json deleted file mode 100644 index 6580384ab56..00000000000 --- a/sandbox/pre-registration-demographic.json +++ /dev/null @@ -1,368 +0,0 @@ -{ - "identity":[ - { - "id":"fullName", - "description":"Enter Full Name", - "labelName":{ - "eng":"Full Name", - "ara":"الاسم الكامل", - "fra":"Nom complet" - }, - "controlType":"textbox", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - { - "type":"regex", - "validator":"^(?=.{0,50}$).*", - "arguments":[ - - ] - } - ], - "required":true - }, - { - "id":"dateOfBirth", - "description":"Enter DOB", - "labelName":{ - "eng":"Date Of Birth", - "ara":"تاريخ الولادة", - "fra":"Date de naissance" - }, - "controlType":"date", - "inputRequired":true, - "fieldType":"default", - "type":"string", - "validators":[ - ], - "required":true - }, - { - "id":"gender", - "description":"Enter Gender", - "labelName":{ - "eng":"Gender", - "ara":"جنس", - "fra":"Le genre" - }, - "controlType":"dropdown", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - - ], - "required":true - }, - { - "id":"residenceStatus", - "description":"Residence status", - "labelName":{ - "eng":"Residence Status", - "ara":"حالة الإقامة", - "fra":"Statut de résidence" - }, - "controlType":"dropdown", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - - ], - "required":true - }, - { - "id":"addressLine1", - "description":"addressLine1", - "labelName":{ - "eng":"Address Line1", - "ara":"العنوان السطر 1", - "fra":"Adresse 1" - }, - "controlType":"textbox", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - { - "type":"regex", - "validator":"^(?=.{0,50}$).*", - "arguments":[ - - ] - } - ], - "required":true - }, - { - "id":"addressLine2", - "description":"addressLine2", - "labelName":{ - "eng":"Address Line2", - "ara":"العنوان السطر 2", - "fra":"Adresse 2" - }, - "controlType":"textbox", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - { - "type":"regex", - "validator":"^(?=.{0,50}$).*", - "arguments":[ - - ] - } - ], - "required":false - }, - { - "id":"addressLine3", - "description":"addressLine3", - "labelName":{ - "eng":"Address Line3", - "ara":"العنوان السطر 3", - "fra":"Adresse 3" - }, - "controlType":"textbox", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - { - "type":"regex", - "validator":"^(?=.{0,50}$).*", - "arguments":[ - - ] - } - ], - "required":false - }, - { - "id":"region", - "description":"region", - "labelName":{ - "eng":"Region", - "ara":"منطقة", - "fra":"Région" - }, - "controlType":"dropdown", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - { - "type":"regex", - "validator":"^(?=.{0,50}$).*", - "arguments":[ - - ] - } - ], - "required":true - }, - { - "id":"province", - "description":"province", - "labelName":{ - "eng":"Province", - "ara":"المحافظة", - "fra":"Province" - }, - "controlType":"dropdown", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - { - "type":"regex", - "validator":"^(?=.{0,50}$).*", - "arguments":[ - - ] - } - ], - "required":true - }, - { - "id":"city", - "description":"city", - "labelName":{ - "eng":"City", - "ara":"مدينة", - "fra":"Ville" - }, - "controlType":"dropdown", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - { - "type":"regex", - "validator":"^(?=.{0,50}$).*", - "arguments":[ - - ] - } - ], - "required":true - }, - { - "id":"zone", - "description":"zone", - "labelName":{ - "eng":"Zone", - "ara":"منطقة", - "fra":"Zone" - }, - "controlType":"dropdown", - "inputRequired":true, - "fieldType":"default", - "type":"simpleType", - "validators":[ - - ], - "required":true - }, - { - "id":"postalCode", - "description":"postalCode", - "labelName":{ - "eng":"Postal Code", - "ara":"الكود البريدى", - "fra":"code postal" - }, - "controlType":"dropdown", - "inputRequired":true, - "fieldType":"default", - "type":"string", - "validators":[ - { - "type":"regex", - "validator":"^[(?i)A-Z0-9]{5}$|^NA$", - "arguments":[ - - ] - } - ], - "required":true - }, - { - "id":"phone", - "description":"phone", - "labelName":{ - "eng":"Phone", - "ara":"هاتف", - "fra":"Téléphone" - }, - "controlType":"textbox", - "inputRequired":true, - "fieldType":"default", - "type":"string", - "validators":[ - { - "type":"regex", - "validator":"^([6-9]{1})([0-9]{9})$", - "arguments":[ - - ] - } - ], - "required":true - }, - { - "id":"email", - "description":"email", - "labelName":{ - "eng":"Email", - "ara":"البريد الإلكتروني", - "fra":"Email" - }, - "controlType":"textbox", - "inputRequired":true, - "fieldType":"default", - "type":"string", - "validators":[ - { - "type":"regex", - "validator":"^[\\w-\\+]+(\\.[\\w]+)*@[\\w-]+(\\.[\\w]+)*(\\.[a-zA-Z]{2,})$", - "arguments":[ - - ] - } - ], - "required":true - }, - { - "id":"proofOfAddress", - "description":"proofOfAddress", - "labelName":[{"value":"Address Proof","language":"eng"}], - "controlType":"fileupload", - "inputRequired":true, - "validators":[ - - ], - "required":false - }, - { - "id":"proofOfIdentity", - "description":"proofOfIdentity", - "labelName": [{"value":"Identity Proof","language":"eng"}], - "controlType":"fileupload", - "inputRequired":true, - "validators":[ - - ], - "required":true - }, - { - "id":"proofOfRelationship", - "description":"proofOfRelationship", - "labelName":[{"value":"Relationship Proof","language":"eng"}], - "controlType":"fileupload", - "inputRequired":true, - "validators":[ - - ], - "required":true - }, - { - "id":"proofOfDateOfBirth", - "description":"proofOfDateOfBirth", - "labelName":[{"value":"DOB Proof","language":"eng"}], - "controlType":"fileupload", - "inputRequired":true, - "validators":[ - - ], - "required":true - }, - { - "id":"proofOfException", - "description":"proofOfException", - "labelName": [{"value":"Exception Proof","language":"eng"}], - "controlType":"fileupload", - "inputRequired":true, - "validators":[ - - ], - "required":true - }, - { - "id":"proofOfException-1", - "description":"proofOfException", - "labelName":[{"value":"Exception Proof 2","language":"eng"}], - "controlType":"fileupload", - "inputRequired":true, - "validators":[ - - ], - "required":true - } - ], - "locationHierarchy": ["region", "province","city","zone","postalCode"] -} diff --git a/sandbox/pre-registration-identity-mapping.json b/sandbox/pre-registration-identity-mapping.json deleted file mode 100644 index 5b5336a54e8..00000000000 --- a/sandbox/pre-registration-identity-mapping.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "identity": { - "name": { - "value": "fullName", - "isMandatory" : true - }, - "proofOfAddress": { - "value" : "proofOfAddress" - }, - "postalCode": { - "value" : "postalCode" - } - } -} \ No newline at end of file diff --git a/sandbox/pre-registration-mz.properties b/sandbox/pre-registration-mz.properties deleted file mode 100644 index 6263a2d6a76..00000000000 --- a/sandbox/pre-registration-mz.properties +++ /dev/null @@ -1,510 +0,0 @@ -# ------------ Database Connection Properties ------------------ -javax.persistence.jdbc.driver=org.postgresql.Driver -mosip.database.ip=postgres -mosip.database.port=80 -javax.persistence.jdbc.url=jdbc:postgresql://${mosip.database.ip}:${mosip.database.port}/mosip_prereg?useSSL=false -javax.persistence.jdbc.user=prereguser -javax.persistence.jdbc.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -# ------------ Hibernate Properties for Database --------------- -hibernate.hbm2ddl.auto=none -hibernate.show_sql=false -hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect -hibernate.jdbc.lob.non_contextual_creation=true - -# ------------ Hickari Logs for Database ----------------------- -logging.level.com.zaxxer.hikari=DEBUG - - -# ------------ Project Version for the API response ------------ -version=1.0 - -# Not in use, to be removed after verification ----------------- -application.id=pre-registration -preregistration.preid.regex=[0-9]+ - - -# ------------ Age to be an adult ------------------------------ -# Used in UI to identify the applicant type -mosip.adult.age=5 - - -# ------------ ID Schema Version ------------------------------- -# This version is set in the ID object created in pre-registration -mosip.idschema.version=0.1 - - -# ------------ Demographic Service ----------------------------- -demographic.service.version=v1 -demographic.service.env=http://prereg-application-service -demographic.service.contextpath=preregistration/${demographic.service.version} -demographic.resource.url=${demographic.service.env}/${demographic.service.contextpath} -# ID values for application APIs -mosip.preregistration.demographic.create.id=mosip.pre-registration.demographic.create -mosip.preregistration.demographic.update.id=mosip.pre-registration.demographic.update -mosip.preregistration.demographic.update.status.id=mosip.pre-registration.demographic.status.update -mosip.preregistration.demographic.retrieve.basic.id=mosip.pre-registration.demographic.retrieve.basic -mosip.preregistration.demographic.retrieve.details.id=mosip.pre-registration.demographic.retrieve.details -mosip.preregistration.demographic.retrieve.status.id=mosip.pre-registration.demographic.retrieve.status -mosip.preregistration.demographic.retrieve.date.id=mosip.pre-registration.demographic.retrieve.date -mosip.preregistration.demographic.delete.id=mosip.pre-registration.demographic.delete - -mosip.preregistration.demographic.id.create=mosip.pre-registration.demographic.create -mosip.preregistration.demographic.id.update=mosip.pre-registration.demographic.update -mosip.preregistration.demographic.id.retrieve.date=mosip.pre-registration.demographic.retrieve.date -mosip.id.preregistration.demographic.create=mosip.pre-registration.demographic.create -mosip.id.preregistration.demographic.update=mosip.pre-registration.demographic.update -mosip.id.preregistration.demographic.retrieve.date=mosip.pre-registration.demographic.retrieve.date - - -# Not in use, to be removed after verification ----------------- -mosip.pregistration.pagesize=20 - - - -# ------------ Document Service -------------------------------- -document.service.version=v1 -document.service.env=http://prereg-application-service -document.service.contextpath=preregistration/${document.service.version} -document.resource.url=${document.service.env}/${document.service.contextpath} -# ID values for document APIs -mosip.preregistration.document.upload.id=mosip.pre-registration.document.upload -mosip.preregistration.document.copy.id=mosip.pre-registration.document.copy -mosip.preregistration.document.fetch.metadata.id=mosip.pre-registration.document.fetch.metadata -mosip.preregistration.document.fetch.content.id=mosip.pre-registration.document.fetch.content -mosip.preregistration.document.delete.id=mosip.pre-registration.document.delete -mosip.preregistration.document.delete.specific.id=mosip.pre-registration.document.delete.specific - -mosip.preregistration.document.id.upload=mosip.pre-registration.document.upload -mosip.preregistration.document.update.docrefId.id=mosip.preregistration.docrefId.update - -# ------------ Document Properties ----------------------------- -# Maximum size of file allowed uploaded in document service API (in mb) -max.file.size=2 - -# Not in use, to be removed after verification ----------------- -spring.servlet.multipart.max-file-size=-1 -spring.servlet.multipart.max-request-size=-1 - -# Allowed Formats of Documents -preregistration.document.extention=PDF,JPEG,PNG,JPG - -# Virus Scanner Property -# 'true' to enable virus scaning during document upload -# 'false' to disable virus scanning during document upload -mosip.preregistration.document.scan=true - -# Object Store Account Name to store documents -mosip.kernel.objectstore.account-name=prereg - - - -# ------------ Booking Service ------------------------------- -booking.service.version=v1 -booking.service.env=http://prereg-booking-service -booking.service.contextpath=preregistration/${booking.service.version} -booking.resource.url=${booking.service.env}/${booking.service.contextpath} -appointmentResourse.url=${booking.resource.url} - -mosip.preregistration.booking.availability.sync.id=mosip.pre-registration.appointment.availability.sync -mosip.preregistration.booking.book.id=mosip.pre-registration.booking.book -mosip.preregistration.booking.fetch.booking.id=mosip.pre-registration.appointment.fetch -mosip.preregistration.booking.cancel.id=mosip.pre-registration.appointment.cancel -mosip.preregistration.booking.delete.id=mosip.preregistration.booking.delete -mosip.preregistration.booking.fetch.availability.id=mosip.pre-registration.appointment.availability -mosip.preregistration.booking.fetchPreidByDate.id=mosip.pre-registration.appointment.ids -mosip.preregistration.booking.availability.increase.id=mosip.preregistration.booking.availability.increase -mosip.preregistration.booking.availability.check.id=mosip.preregistration.booking.availability.check -mosip.preregistration.booking.delete.old.id=mosip.preregistration.booking.delete.old -mosip.preregistration.booking.exception.id=mosip.preregistration.booking.parse.exception - -mosip.preregistration.booking.id.book=mosip.pre-registration.booking.book - -# ------------ Booking Properties -------------------------------- - -# Sync happens in every n days -preregistration.availability.sync=37 - -# Number of days for which booking slots will be available -preregistration.availability.noOfDays=140 - -# Gap between the date of booking and the first appointment date to be shown -# Ex: If a user has logged in pre-reg application today then, he can select booking slots after n days -preregistration.booking.offset=2 - -# Number of hours from the appointment time before which an appicant can change/re-book the appointment -preregistration.timespan.rebook=24 - -# Number of hours before the appointment time before which an applicant can cancel an appointment -preregistration.timespan.cancel=24 - -# Time Zone -# Used for converting the time zones to UTC -preregistration.country.specific.zoneId=GMT+05:30 - - - -# ------------ Batch Job Service ----------------------------- -batch.service.version=v1 -batch.service.env=http://prereg-batchjob-service -batch.service.contextpath=preregistration/${batch.service.version}/batch -batch.resource.url=${batch.service.env}/${batch.service.contextpath} -# Id values of batch job service -mosip.preregistration.batchjob.service.consumed.id=mosip.pre-registration.batchjob.service.consumed -mosip.preregistration.batchjob.service.expired.id=mosip.pre-registration.batchjob.service.expired - - -# Batch Job Service used to fetch token from key cloak -mosip.batch.token.authmanager.appId=prereg -mosip.batch.token.authmanager.userName=mosip-prereg-client -mosip.batch.token.authmanager.password={cipher}f4ba53f63109c6559d882fda0b7e9f16620cbe15604ea83c940af995520905d7 -mosip.batch.token.authmanager.url=${kernel.auth.env}/${masterdata.service.version}/${kernel.auth.contextpath}/authenticate/clientidsecretkey -mosip.batch.token.request.id= - -# Determines the Time of the day, batch job should be intiated -preregistration.job.schedule.cron.consumedStatusJob=0 0 0 * * ? -preregistration.job.schedule.cron.slotavailability=0 0 0 * * ? -preregistration.job.schedule.cron.expiredStatusJob=0 0 0 * * ? - -#Schema name for batch job table -spring.batch.tablePrefix=PREREG.BATCH_ - -#Booking service URL for creating time slots -bookingAvailablity.url=${booking.resource.url}/appointment/availability/sync - -#BatchJob-service URL for updating the consumed status -updateConsumedStatus.url=${batch.resource.url}/consumedStatus - -#BatchJob-service URL for updating to expiredStatus -expiredStatus.url=${batch.resource.url}/expiredStatus - -batch.appointment.cancel=${batch.service.env}/preregistration/v1 -#-------------Login Service----------------------------------- - - -secret_url.id=string -secret_url.requesttime=2018-12-10T06:12:52.994Z -secret_url.version=string - - -otp.request.flooding.duration=1 -otp.request.flooding.max-count=3 - -datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSSXXX - -mail-notification.rest.uri=http://kernel-notification-service/v1/notifier/email/send -sms-notification.rest.uri=http://kernel-notification-service/v1/notifier/sms/send - -otp-generate.rest.uri=http://kernel-otpmanager-service/v1/otpmanager/otp/generate - -pre.reg.login.otp.sms.template=pre-reg-login-otp-sms-template -pre.reg.login.otp.mail.subject.template=pre-reg-login-email-subject-template -pre.reg.login.otp.mail.content.template=pre-reg-login-email-content-template - -mosip.pre.reg.clientId=mosip.pre.reg.clientId - -mosip.primary-language=eng -id-masterdata-template-service-multilang.rest.uri=http://kernel-masterdata-service/v1/masterdata/templates/templatetypecodes/{code} - - -# ------------ Master Data Service --------------------------- -masterdata.service.version=v1 -masterdata.service.env=http://kernel-masterdata-service -masterdata.service.contextpath=masterdata -masterdata.resource.url=${masterdata.service.env}/${masterdata.service.version}/${masterdata.service.contextpath} -regCenter.url=${masterdata.resource.url}/registrationcenters -holiday.url=${masterdata.resource.url}/getregistrationcenterholidays/ -holiday.exceptional.url=${masterdata.resource.url}/exceptionalholidays -working.day.url=${masterdata.resource.url}/workingdays -mosip.kernel.masterdata.validdoc.rest.uri=${masterdata.resource.url}/validdocuments/{langcode} -#Kernel Service URL for fetching templates -resource.template.url=${masterdata.resource.url}/templates -mosip.pre-registration.notification.id=mosip.pre-registration.notification.notify - -# Notification Templates for various scenarios -# Email Template -email.acknowledgement.template=Email-Acknowledgement -# Email Template Subject -email.acknowledgement.subject.template=Acknowledgement-email-subject -# SMS Template -sms.acknowledgement.template=SMS-Acknowledgement -# Cancel Appointment Template -cancel.appoinment.template=cancel-appointment - - - -# ------------ Notification Service -------------------------- -notification.service.version=v1 -notification.service.env=http://prereg-application-service -notification.service.contextpath=preregistration/${notification.service.version} -notification.url=${notification.service.env}/${notification.service.version}/${notification.service.contextpath}/notification -mosip.pre-registration.notification.id.send=mosip.pre-registration.notification.notify -# TimeZone to get an Email or SMS Templates -timeZone=Asia/Calcutta - -# ------------ Email Service --------------------------------- -email.service.env=http://kernel-notification-service -email.service.contextpath=notifier -#Kernel Service URL for Sending Emails -emailResourse.url=${email.service.env}/${masterdata.service.version}/${email.service.contextpath}/email/send - -# ------------ SMS Service ----------------------------------- -sms.service.env=http://kernel-notification-service -sms.service.contextpath=notifier -#Kernel Service URL for Sending SMS -smsResourse.url=${sms.service.env}/${masterdata.service.version}/${sms.service.contextpath}/sms/send - - - -# ------------ Audit Service --------------------------------- -audit.service.env=http://kernel-auditmanager-service -audit.service.contextpath=auditmanager -#Kernel Service URL for Audit logging -audit.url=${audit.service.env}/${masterdata.service.version}/${audit.service.contextpath}/audits - - - -# ------------ Crypto Service -------------------------------- -crypto.service.env=http://kernel-keymanager-service -crypto.service.contextpath=keymanager -#Kernel Service URL for Encryption and decryption -cryptoResource.url=${crypto.service.env}/${masterdata.service.version}/${crypto.service.contextpath} - - - -# ------------ KeyCloak Properties ----------------------------- -# Both below fields must match with what is there on Keycloak Properties -clientId=mosip-prereg-client -secretKey={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db - -# Used for Key Creating KeyCloak Session -userIdType=USERID -appId=prereg - - -# ------------ Auth Service ---------------------------------- -kernel.auth.env=http://kernel-auth-service -kernel.auth.contextpath=authmanager -auth.server.validate.url=http://kernel-auth-service/v1/authmanager/authorize/admin/validateToken - - - -# ------------ PRID Service ---------------------------------- -kernel.prid.env=http://kernel-pridgenerator-service -kernel.prid.contextpath=pridgenerator -mosip.io.prid.url=${kernel.prid.env}/${masterdata.service.version}/${kernel.prid.contextpath}/prid - - - -# ------------ Sync Data Service ----------------------------- -# To fetch the latest ID Schema for the ID object validator -kernel.syncdata.env=http://kernel-syncdata-service -kernel.syncdata.version=v1/syncdata -latestidschema.service.contextpath=latestidschema -mosip.preregistration.id-schema=${kernel.syncdata.env}/${kernel.syncdata.version}/${latestidschema.service.contextpath} -# API to Fetch the Latest ID Schema -mosip.preregistration.id-schema=http://kernel-syncdata-service/v1/syncdata/latestidschema - - - -# ------------ OTP Properties -------------------------------- -sendOtp.resource.url=${kernel.auth.env}/${masterdata.service.version}/${kernel.auth.contextpath} - -# Channel for Sending OTP on Phone -otpChannel.mobile=phone - -# Channel for Sending OTP on EMAIL -otpChannel.email=email - -secret_url.id=string -secret_url.requesttime=2018-12-10T06:12:52.994Z -secret_url.version=string - - -otp.request.flooding.duration=1 -otp.request.flooding.max-count=3 - -datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSSXXX - -mail-notification.rest.uri=${mosip.base.url}/v1/notifier/email/send -sms-notification.rest.uri=${mosip.base.url}/v1/notifier/sms/send - -otp-generate.rest.uri=${mosip.base.url}/v1/otpmanager/otp/generate - -pre.reg.login.otp.sms.template=pre-reg-login-otp-sms-template - -pre.reg.login.otp.mail.subject.template=OTP-email-subject-template -pre.reg.login.otp.mail.content.template=OTP-email-content-template - -mosip.pre.reg.clientId=mosip.pre.reg.clientId - -mosip.primary-language=eng - -id-masterdata-template-service-multilang.rest.uri=${mosip.base.url}/v1/masterdata/templates/{langcode}/{templatetypecode} - - -# ----------- Login Service ----------------------------------- -mosip.preregistration.login.service.version=1.0 -mosip.preregistration.sendotp.id=mosip.pre-registration.login.sendotp -mosip.preregistration.validateotp.id=mosip.pre-registration.login.useridotp -mosip.id.preregistration.sendotp=mosip.pre-registration.login.sendotp -mosip.id.preregistration.validateotp=mosip.pre-registration.login.useridotp -mosip.preregistration.invalidatetoken.id=mosip.pre-registration.login.invalidate -mosip.preregistration.config.id=mosip.pre-registration.login.config - -mosip.preregistration.login.id.sendotp=mosip.pre-registration.login.sendotp -mosip.preregistration.login.id.validateotp=mosip.pre-registration.login.useridotp -mosip.preregistration.login.id.invalidatetoken=mosip.pre-registration.login.invalidate -mosip.preregistration.login.id.config=mosip.pre-registration.login.config - - -# ----------------------------------------------------------------------------------- -mosip.base.url=${mosipbox.public.url} -auth-token-generator.rest.issuerUrl=${mosip.base.url}/keycloak/auth/realms/preregistration -validationStatus=success -context=auth-otp -prereg.auth.jwt.secret=Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E= -prereg.auth.jwt.token.expiration=3600 -prereg.auth.jwt.token.roles=INDIVIDUAL - -# ------------ ID Object Validation Properties ----------------- -mosip.kernel.idobjectvalidator.masterdata.documentcategories.lang.rest.uri=${masterdata.resource.url}/documentcategories/{langcode} -mosip.kernel.idobjectvalidator.masterdata.languages.rest.uri=${masterdata.resource.url}/languages -mosip.kernel.idobjectvalidator.masterdata.gendertypes.rest.uri=${masterdata.resource.url}/gendertypes -mosip.kernel.idobjectvalidator.masterdata.documentcategories.rest.uri=${masterdata.resource.url}/documentcategories -mosip.kernel.idobjectvalidator.masterdata.documenttypes.rest.uri=${masterdata.resource.url}/documenttypes/{documentcategorycode}/{langcode} -mosip.kernel.idobjectvalidator.masterdata.locations.rest.uri=${masterdata.resource.url}/locations/{langcode} -mosip.kernel.idobjectvalidator.masterdata.locationhierarchy.rest.uri=${masterdata.resource.url}/locations/locationhierarchy/{hierarchyname} -mosip.kernel.idobjectvalidator.masterdata.documentcategories.lang.rest.uri=${masterdata.resource.url}/documentcategories/{langcode} - -# Class name of the referenceValidator. Commenting or removing this property will disable reference validator. -mosip.kernel.idobjectvalidator.referenceValidator=io.mosip.kernel.idobjectvalidator.impl.IdObjectReferenceValidator - - - -# -------------- Configurations File Names --------------------- -# Global/Application Configuration File Name -global.config.file=application-${spring.profiles.active}.properties - -# Pre-reg Configuration File Name -pre.reg.config.file=pre-registration-${spring.profiles.active}.properties - -# Mapping file for Pre-registration & ID Object -preregistartion.config.identityjson=pre-registration-identity-mapping.json - -# UI Scheme JSON -preregistration.demographic.idschema-json-filename=pre-registration-demographic.json - -# Verify where it is used -preregistartion.response = response -preregistartion.identity.name=fullName -preregistartion.demographicDetails=demographicDetails -preregistartion.identity.email=email -preregistartion.identity.phone=phone -preregistartion.identity=identity - - - -# -------- QR Code Service ------------ -mosip.pre-registration.qrcode.generate.id=mosip.pre-registration.qrcode.generate -mosip.pre-registration.qrcode.service.version=1.0 -qrversion=V1 -mosip.pre-registration.qrcode.id.generate=mosip.pre-registration.qrcode.generate -mosip.id.pre-registration.qrcode.generate: mosip.pre-registration.qrcode.generate - - - -#--------Data Sync with Registration Client---------- -#id for retrieve all pre-registration ids API -mosip.id.preregistration.datasync.fetch.ids=mosip.pre-registration.datasync.fetch.ids -#id for storing cosumed pre-registration ids API -mosip.id.preregistration.datasync.store=mosip.pre-registration.datasync.store -#id for get preregistration id API -mosip.id.preregistration.datasync.fetch=mosip.pre-registration.datasync.fetch - - - -# Verify -------------------------------------------- -#config parameter to define proof of address -poa.url=proofOfAddress -#config parameter to define proof of identity -poi.url=proofOfIdentity -#config parameter to define proof of birth -pod.url=proofOfDateOfBirth -#config parameter to define proof of relationship -por.url=proofOfRelationship - - - -#------------Transliteration Service--------------- -# Determines request & response id of transliteration-service -mosip.pre-registration.transliteration.transliterate.id=mosip.pre-registration.transliteration.transliterate -mosip.id.pre-registration.transliteration.transliterate=mosip.pre-registration.transliteration.transliterate - - - -#------------UI params----------------------------- -# List of keys which UI will consume -ui.config.params=preregistration.availability.sync,preregistration.availability.noOfDays,mosip.supported-languages,mosip.primary-language,mosip.secondary-language,mosip.id.validation.identity.email,mosip.id.validation.identity.postalCode,mosip.id.validation.identity.phone,mosip.id.validation.identity.dateOfBirth,mosip.id.validation.identity.referenceIdentityNumber,mosip.default.dob.month,mosip.default.dob.day,mosip.kernel.otp.expiry-time,mosip.kernel.otp.validation-attempt-threshold,mosip.kernel.otp.default-length,mosip.kernel.sms.number.length,mosip.kernel.pin.length,preregistration.max.file.size,preregistration.recommended.centers.locCode,preregistration.nearby.centers,mosip.login.mode,preregistration.workflow.demographic,preregistration.workflow.documentupload,preregistration.workflow.booking,preregistration.auto.logout,preregistration.timespan.cancel,preregistration.timespan.rebook,preregistration.booking.offset,mosip.right_to_left_orientation,mosip.left_to_right_orientation,mosip.id.validation.identity.age,mosip.id.validation.identity.fullName.[*].value,mosip.id.validation.identity.addressLine1.[*].value,preregistration.documentupload.allowed.file.type,preregistration.documentupload.allowed.file.nameLength,preregistration.documentupload.allowed.file.size,mosip.preregistration.auto.logout.idle,mosip.preregistration.auto.logout.timeout,mosip.preregistration.auto.logout.ping,mosip.country.code,mosip.notificationtype,mosip.kernel.idobjectvalidator.masterdata.locations.locationNotAvailable,google.recaptcha.site.key,mosip.adult.age,mosip.idschema.version,enable-captcha,preregistartion.identity.name,preregistration.ui.version -# This config is used for loading recommended centers based on the value of the config. -# The value depicts the location hierarchy code of the hierarchy based on which the recommended centers is loaded -preregistration.recommended.centers.locCode=5 - -# The Registration centers will be searched based on the distance value from the Geo location identified -preregistration.nearby.centers=2000 - -# Determines file upload type allowed in UI -preregistration.documentupload.allowed.file.type = application/pdf,image/jpeg,image/png,image/jpg - -# Determines the file name length(with extension) allowed in UI -preregistration.documentupload.allowed.file.nameLength = 50 - -# Determines maximum size of file allowed uploaded in document service api (in bytes) -preregistration.documentupload.allowed.file.size = 2000000 - -# Determines idle condition(in seconds) -mosip.preregistration.auto.logout.idle=180 - -# Determines pop up timer(in seconds) -mosip.preregistration.auto.logout.timeout=60 - -preregistration.ui.version=1.1.5 - -# Determines to maintain iternal cycle & make sure value is not null (any value greater than zero) -mosip.preregistration.auto.logout.ping=30 - -# Not in use, to be removed after verification ----------------- -# UI Modularity config files (Not used yet) -# Determines which stages of Pre-Registration can be switched off and switched on -preregistration.workflow.demographic=true/false -preregistration.workflow.documentupload=true/false -preregistration.workflow.booking=true/false - -mosip.id.validation.identity.dateOfBirth=^\d{4}[\-\/\s]?((((0[13578])|(1[02]))[\-\/\s]?(([0-2][0-9])|(3[01])))|(((0[469])|(11))[\-\/\s]?(([0-2][0-9])|(30)))|(02[\-\/\s]?[0-2][0-9]))$ - -#------------------ Captcha Service -------------- -# Configuration for google re-captcha -google.recaptcha.site.key=sitekey -google.recaptcha.verify.url=https://www.google.com/recaptcha/api/siteverify -google.recaptcha.secret.key=secret -mosip.preregistration.captcha.id.validate = mosip.pre-registration.captcha.id.validate -# Enable or Disable Captch - true to enable & false to disable -enable-captcha=false - - - -#---------- Security Properties ------------------------- -# CSRF Switch -mosip.security.csrf-enable:false - -# CORS Switch -mosip.security.cors-enable:false - -# Comma Separated Allowed Origins -mosip.security.origins:localhost:8080,localhost:4200 - -# Secure Cookie Switch -mosip.security.secure-cookie:false - -# for prereg booking notification name validation -preregistration.notification.nameFormat=fullName diff --git a/sandbox/print-mz.properties b/sandbox/print-mz.properties deleted file mode 100644 index ef16214ffab..00000000000 --- a/sandbox/print-mz.properties +++ /dev/null @@ -1,118 +0,0 @@ -dmz.ingress.base.url=http://dmz.ingress:30080 -# Websub base url -websub.base.url=${dmz.ingress.base.url} -mosip.event.hubURL=${websub.base.url}/websub -mosip.partner.id=mpartner-default-print -mosip.datashare.partner.id=mpartner-default-resident -mosip.datashare.policy.id=mpolicy-default-resident -mosip.event.callBackUrl=${mosipbox.public.url}/v1/print/print/callback/notifyPrint -mosip.event.topic=${mosip.partner.id}/CREDENTIAL_ISSUED -mosip.event.secret={cipher}29ef73e366406ea1e7ac1d43e8d96002c3bd814a8b8cde9a961d897f2dadede5 -csrf.disabled=true -mosip.event.delay=120000 -print-websub-resubscription-delay-secs=7200 -registration.processor.print.textfile=registration-processor-print-text-file.json - -#-------------TOKEN GENERATION---------------- -#Token generation request id -token.request.id=io.mosip.registration.processor -#Token generation app id -token.request.appid=regproc -#Token generation username -token.request.username=registrationprocessor -#Token generation password -token.request.password={cipher}AQABt4aBjlC2OxQNy04L3OtJm8KaTDwSJhV3lEpUh6xBM2xGVnY3M1DIeKGFAeBNfi6jH5qgj1KCUmFONLwSmfcrPx9m6MYXXQMYwyAeq13Msy1fcG1AtZQASKeLbuMCaRwinwdt7C/WYzvVVv47NojD+VmHHVTY3qBXJ4dwZ0/BqmUBPXyYrJPKTcdouxT76bgm5+fXXNcT7lciXgD1aCnWKziL5nDa6Y9dhc+ZPyM0d+I0JfS+emsByt7tWgcZukQkOEx8JWfcCR4eVpERYVa/ps/EAuQRXmxIvnr54GSCc/KKpwnYnjLtKIx/75I6pezBdKU/BBJG1syjQp9VQC9adSI5fdsn3ijkxJjC9TSIFJKDlTHqNCnJaxQXcSBWL4Y= -#Token generation version -token.request.version=1.0 -#Token generation Client Id -token.request.clientId=mosip-regproc-client -#Token generation secret key -token.request.secretKey={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db -#Token generation issuer url -token.request.issuerUrl=${mosipbox.public.url}/keycloak/auth/realms/mosip - -#Audit Service -AUDIT=http://kernel-auditmanager-service/v1/auditmanager/audits -mosip.kernel.pdf_owner_password=123456 -#Auth Service -authmanager.base.url=http://kernel-auth-service -KEYBASEDTOKENAPI=${authmanager.base.url}/v1/authmanager/authenticate/clientidsecretkey - -#Master Data Services -MASTER=http://kernel-masterdata-service/v1/masterdata -TEMPLATES=${MASTER}/templates -mosip.print.audit.id=mosip.applicanttype.getApplicantType - -#Packet receiver application version -mosip.print.application.version=1.0 -#Request Date Time format -mosip.print.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' - -#Encrypt Services -PDFSIGN=http://kernel-keymanager-service/v1/keymanager/pdf/sign - - -#-------------Printing Service-------------------- -mosip.print.service.id=mosip.print -#UIN card password -mosip.print.service.uincard.password=postalCode|fullName -mosip.print.uin.header.length=75 - -#Rectangle coordinates for pfd signataured data -mosip.print.service.uincard.lowerleftx=73 -mosip.print.service.uincard.lowerlefty=100 -mosip.print.service.uincard.upperrightx=300 -mosip.print.service.uincard.upperrighty=300 -mosip.print.service.uincard.signature.reason="signing" - -#Audit request id -mosip.print.audit.id=mosip.applicanttype.getApplicantType - -#Kernel Crypto signature -registration.processor.signature.isEnabled=true -mosip.country.code=MOR - -# Language Supported By Platform - ISO -mosip.supported-languages=eng,ara,fra - -mosip.primary-language=eng -mosip.secondary-language=ara - -#----------------------- CBEFF Util-------------------------------------------------- -# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. -mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ -# Cbeff XSD file name in config server -mosip.kernel.xsdfile=mosip-cbeff.xsd - -#----------------------------- Applicant Type -------------------------------------------------- -mosip.kernel.applicant.type.age.limit = 5 - -#----------------------------- Static PIN -------------------------------------------------- -mosip.kernel.pin.length=6 - -#-----------------------------TOKEN-ID Properties--------------------------------- -#length of the token id -mosip.kernel.tokenid.length=36 - -# log level -logging.level.root=WARN -logging.level.io.mosip=INFO -logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO -# tomcat access logs -server.tomcat.accesslog.enabled=true -server.tomcat.accesslog.directory=/dev -server.tomcat.accesslog.prefix=stdout -server.tomcat.accesslog.buffered=false -server.tomcat.accesslog.suffix= -server.tomcat.accesslog.file-date-format= -server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}"} -server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve -registration.processor.unMaskedUin.length=5 - -#mosip.print.uin.header.length=10 -config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ -IDSchema.Version=1.0 -registration.processor.identityjson=registration-processor-identity.json -registration.processor.demographic.identity=identity -CREATEDATASHARE=http://datashare-service/v1/datashare/create -DECRYPTPINBASSED=http://kernel-keymanager-service/v1/keymanager/decryptWithPin diff --git a/sandbox/registration-processor-abis.json b/sandbox/registration-processor-abis.json deleted file mode 100644 index ef3fea4bb15..00000000000 --- a/sandbox/registration-processor-abis.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "abis": [{ - "name": "ABIS1", - "host": "", - "port": "", - "brokerUrl": "tcp://mz.ingress:30616", - "inboundQueueName": "mosip-to-abis1", - "outboundQueueName": "abis1-to-mosip", - "pingInboundQueueName": "", - "pingOutboundQueueName": "", - "userName": "admin", - "password": "admin", - "typeOfQueue": "ACTIVEMQ", - "inboundMessageTTL": 2700 - }] -} diff --git a/sandbox/registration-processor-camel-routes-activate-dmz.xml b/sandbox/registration-processor-camel-routes-activate-dmz.xml deleted file mode 100644 index d332fa91532..00000000000 --- a/sandbox/registration-processor-camel-routes-activate-dmz.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - POST - - - application/json - - - ${header.Cookie} - - - ${bodyAs(String)} - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-activate-mz.xml b/sandbox/registration-processor-camel-routes-activate-mz.xml deleted file mode 100644 index aaae157a867..00000000000 --- a/sandbox/registration-processor-camel-routes-activate-mz.xml +++ /dev/null @@ -1,60 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-deactivate-dmz.xml b/sandbox/registration-processor-camel-routes-deactivate-dmz.xml deleted file mode 100644 index c61c7ba2a18..00000000000 --- a/sandbox/registration-processor-camel-routes-deactivate-dmz.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - POST - - - application/json - - - ${header.Cookie} - - - ${bodyAs(String)} - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-deactivate-mz.xml b/sandbox/registration-processor-camel-routes-deactivate-mz.xml deleted file mode 100644 index 01aaba5c1f6..00000000000 --- a/sandbox/registration-processor-camel-routes-deactivate-mz.xml +++ /dev/null @@ -1,59 +0,0 @@ - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-lost-dmz.xml b/sandbox/registration-processor-camel-routes-lost-dmz.xml deleted file mode 100644 index ab3cb6e2166..00000000000 --- a/sandbox/registration-processor-camel-routes-lost-dmz.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - POST - - - application/json - - - ${header.Cookie} - - - ${bodyAs(String)} - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-lost-mz.xml b/sandbox/registration-processor-camel-routes-lost-mz.xml deleted file mode 100644 index 5e98ac12e38..00000000000 --- a/sandbox/registration-processor-camel-routes-lost-mz.xml +++ /dev/null @@ -1,217 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"address":"abis-handler-bus-in"' - - - - ${bodyAs(String)} contains '"address":"manual-verification-bus-in"' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"address":"abis-middle-ware-bus-in"' - - - - ${bodyAs(String)} contains '"address":"bio-dedupe-bus-in"' - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-new-dmz.xml b/sandbox/registration-processor-camel-routes-new-dmz.xml deleted file mode 100644 index af8f1a77c11..00000000000 --- a/sandbox/registration-processor-camel-routes-new-dmz.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - POST - - - application/json - - - ${header.Cookie} - - - ${bodyAs(String)} - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-new-mz.xml b/sandbox/registration-processor-camel-routes-new-mz.xml deleted file mode 100644 index c753d3aba88..00000000000 --- a/sandbox/registration-processor-camel-routes-new-mz.xml +++ /dev/null @@ -1,272 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"address":"abis-handler-bus-in"' - - - - ${bodyAs(String)} contains '"address":"manual-verification-bus-in"' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"address":"abis-middle-ware-bus-in"' - - - - ${bodyAs(String)} contains '"address":"demo-dedupe-bus-in"' - - - - ${bodyAs(String)} contains '"address":"bio-dedupe-bus-in"' - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"address":"abis-handler-bus-in"' - - - - ${bodyAs(String)} contains '"address":"manual-verification-bus-in"' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-res-reprint-dmz.xml b/sandbox/registration-processor-camel-routes-res-reprint-dmz.xml deleted file mode 100644 index e77e14c41c2..00000000000 --- a/sandbox/registration-processor-camel-routes-res-reprint-dmz.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - POST - - - application/json - - - ${header.Cookie} - - - ${bodyAs(String)} - - ` - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-res-reprint-mz.xml b/sandbox/registration-processor-camel-routes-res-reprint-mz.xml deleted file mode 100644 index 7628a247ff2..00000000000 --- a/sandbox/registration-processor-camel-routes-res-reprint-mz.xml +++ /dev/null @@ -1,40 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-res-update-dmz.xml b/sandbox/registration-processor-camel-routes-res-update-dmz.xml deleted file mode 100644 index 61d1c5da36b..00000000000 --- a/sandbox/registration-processor-camel-routes-res-update-dmz.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - POST - - - application/json - - - ${header.Cookie} - - - ${bodyAs(String)} - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-res-update-mz.xml b/sandbox/registration-processor-camel-routes-res-update-mz.xml deleted file mode 100644 index c754531e86e..00000000000 --- a/sandbox/registration-processor-camel-routes-res-update-mz.xml +++ /dev/null @@ -1,145 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"address":"abis-handler-bus-in"' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"address":"abis-middle-ware-bus-in"' - - - - ${bodyAs(String)} contains '"address":"demo-dedupe-bus-in"' - - - - ${bodyAs(String)} contains '"address":"bio-dedupe-bus-in"' - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-update-dmz.xml b/sandbox/registration-processor-camel-routes-update-dmz.xml deleted file mode 100644 index 0142b6ee601..00000000000 --- a/sandbox/registration-processor-camel-routes-update-dmz.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - POST - - - application/json - - - ${header.Cookie} - - - ${bodyAs(String)} - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - diff --git a/sandbox/registration-processor-camel-routes-update-mz.xml b/sandbox/registration-processor-camel-routes-update-mz.xml deleted file mode 100644 index 2c21a1039ee..00000000000 --- a/sandbox/registration-processor-camel-routes-update-mz.xml +++ /dev/null @@ -1,271 +0,0 @@ - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"address":"abis-handler-bus-in"' - - - - ${bodyAs(String)} contains '"address":"manual-verification-bus-in"' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"address":"abis-middle-ware-bus-in"' - - - - ${bodyAs(String)} contains '"address":"demo-dedupe-bus-in"' - - - - ${bodyAs(String)} contains '"address":"bio-dedupe-bus-in"' - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"address":"abis-handler-bus-in"' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - ${bodyAs(String)} contains '"isValid":false' and ${bodyAs(String)} contains '"internalError":false' - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - - ${bodyAs(String)} contains '"isValid":true' - - - - - ${bodyAs(String)} contains '"internalError":true' - - - - - - - - - - - - - diff --git a/sandbox/registration-processor-dmz.properties b/sandbox/registration-processor-dmz.properties deleted file mode 100644 index 2f2240dacaf..00000000000 --- a/sandbox/registration-processor-dmz.properties +++ /dev/null @@ -1,140 +0,0 @@ -# DB -mosip.registration.processor.database.hostname=mz.ingress -mosip.registration.processor.database.port=30090 - -# To connect to services on other cluster -mz.ingress.url=http://mz.ingress:30080 - -registration.processor.zone=dmz - -#-----------Health checker-------------- -management.endpoint.health.show-details=always -management.endpoints.web.exposure.include=info,health,refresh - -# ---------DB connection--------------- -javax.persistence.jdbc.driver=org.postgresql.Driver -javax.persistence.jdbc.url=jdbc:postgresql://${mosip.registration.processor.database.hostname}:${mosip.registration.processor.database.port}/mosip_regprc?currentSchema=regprc -javax.persistence.jdbc.user=regprcuser -javax.persistence.jdbc.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#Hibernate properties -hibernate.hbm2ddl.auto=none -hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect -hibernate.jdbc.lob.non_contextual_creation=true -hibernate.show_sql=false - -#-----packet-manager---------- - -registration.processor.LANDING_ZONE = /mnt/regproc/landing - -#-----packet-utility---------- -# The known packet sources. Should be set as all fieldCategory present in idschema -# (NOTE : if fieldCategory is set as pvt then the source should be id) -registration.processor.sourcepackets=id,evidence,optional -# The mandatory default source packet.(In default configuration this is thd id packet) -packet.default.source=id -# the default schema field cagegory (ex - private) -schema.default.fieldCategory=pvt -# The IDSchemaVersion used to create packets in reg-proc -IDSchema.Version=1.0 - -#---------registration-processor-camel-bridge------------ - -#workel pool size to process multiple requests parallely -worker.pool.size=10 - -#Route files corresponding to the dmz flow -camel.dmz.active.flows.file.names=registration-processor-camel-routes-new-dmz.xml,registration-processor-camel-routes-update-dmz.xml,registration-processor-camel-routes-activate-dmz.xml,registration-processor-camel-routes-res-update-dmz.xml,registration-processor-camel-routes-deactivate-dmz.xml,registration-processor-camel-routes-lost-dmz.xml,registration-processor-camel-routes-res-reprint-dmz.xml - -#-------------TOKEN GENERATION---------------- -token.request.id=io.mosip.registration.processor -token.request.appid=regproc -token.request.version=1.0 -token.request.clientId=mosip-regproc-client -token.request.secretKey={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db -token.request.issuerUrl=${mosipbox.public.url}/keycloak/auth/realms/mosip - -#--------Registration processor rest client API's-------------- -CRYPTOMANAGERDECRYPT=${mz.ingress.url}/v1/keymanager/decrypt - -#Audit Service -AUDIT=${mz.ingress.url}/v1/auditmanager/audits - -#Auth Services -KEYBASEDTOKENAPI=${mz.ingress.url}/v1/authmanager/authenticate/clientidsecretkey -TOKENVALIDATE=${mz.ingress.url}/v1/authmanager/authorize/admin/validateToken -DIGITALSIGNATURE=${mz.ingress.url}/v1/keymanager/sign -mosip.registration.processor.digital.signature.id=io.mosip.registration.processor - -ida-internal-auth-uri=${mz.ingress.url}/idauthentication/v1/internal/auth -ida-internal-get-certificate-uri=${mz.ingress.url}/idauthentication/v1/internal/getCertificate - -#---------Registration Status--------- - -registration.processor.max.retry=3 -mosip.registration.processor.registration.status.id=mosip.registration.status -mosip.registration.processor.registration.sync.id=mosip.registration.sync -mosip.registration.processor.sync.version=1.0 -mosip.registration.processor.registration.status.version=1.0 - -#---------Packet Receiver Stage------------ -#Maximum file size to be upload from packet receiver -registration.processor.max.file.size=5 -mosip.registration.processor.application.version=1.0 -mosip.registration.processor.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' -mosip.registration.processor.timezone=GMT -mosip.registration.processor.packet.id=mosip.registration.packet -mosip.registration.processor.grace.period=10800 - -#---------Virus Scanner Stage--------- -registration.processor.packet.ext=.zip -mosip.kernel.virus-scanner.host=clamav -mosip.kernel.virus-scanner.port=80 -registration.processor.application.id=REGISTRATION -registration.processor.rid.machineidsubstring=10 - -#--------------Reprocessor stage---------------- - -# The reprocessor scheduler configurations -# The elapse time beyond which the rids will be considered for reprocessing -registration.processor.reprocess.elapse.time=300 - -#Service Ids -mosip.registration.processor.audit.id=mosip.applicanttype.getApplicantType -mosip.registration.processor.crypto.decrypt.id=mosip.cryptomanager.decrypt - -#Kernel Crypto signature -registration.processor.signature.isEnabled=true - -#--------Registration Processor Rest Client API's----------- -CRYPTOMANAGERDECRYPT=${mz.ingress.url}/v1/keymanager/decrypt -ENCRYPTURL=${mz.ingress.url}/v1/keymanager/encrypt - -#iam adapter -mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter - -#----------------------------------Event Bus------------------------------------------ -#Supported eventbus types: vertx, kafka. Defaults to vertx if the config is not given -mosip.regproc.eventbus.type=kafka - -#Kafka event bus config, will be used only when the type is kafka -#Kafka cluster servers comma separated, common for all stages and camel -mosip.regproc.eventbus.kafka.bootstrap.servers=kafka-0.kafka-headless.default.svc.cluster.local:9092,kafka-1.kafka-headless.default.svc.cluster.local:9092,kafka-2.kafka-headless.default.svc.cluster.local:9092 - -#packet-receiver-stage -#Supported commmit config: auto, batch, single -mosip.regproc.packet.receiver.eventbus.kafka.commit.type=single -#Maximum records that can be received in one poll to kafka -mosip.regproc.packet.receiver.eventbus.kafka.max.poll.records=100 -#Interval between each poll calls to kafka in milli sec -mosip.regproc.packet.receiver.eventbus.kafka.poll.frequency=100 -#kafka consumer group id, one unique id is required for for every stage -mosip.regproc.packet.receiver.eventbus.kafka.group.id=packet-receiver-stage - -#camel-bridge -mosip.regproc.camel.bridge.eventbus.kafka.commit.type=single -mosip.regproc.camel.bridge.eventbus.kafka.max.poll.records=100 -mosip.regproc.camel.bridge.eventbus.kafka.poll.frequency=100 -#Above 3 camel kafka config will have no effect, it is kept because MosipBridgeFactory extends -#MosipVerticleAPIManager -mosip.regproc.camel.bridge.eventbus.kafka.group.id=camel-brdige-dmz diff --git a/sandbox/registration-processor-identity.json b/sandbox/registration-processor-identity.json deleted file mode 100644 index aa024e5a1d9..00000000000 --- a/sandbox/registration-processor-identity.json +++ /dev/null @@ -1,213 +0,0 @@ -{ - "identity":{ - "IDSchemaVersion":{ - "value":"IDSchemaVersion", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "name":{ - "value":"fullName", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ], - "isMandatory":true - }, - "gender":{ - "value":"gender", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ], - "isMandatory":true - }, - "dob":{ - "value":"dateOfBirth", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ], - "isMandatory":true - }, - "age":{ - "value":"age", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "parentOrGuardianRID":{ - "value":"parentOrGuardianRID", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "parentOrGuardianUIN":{ - "value":"parentOrGuardianUIN", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "parentOrGuardianName":{ - "value":"parentOrGuardianName", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "address":{ - "value":"addressLine1,addressLine2,addressLine3,region,province,postalCode", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "city":{ - "value":"city", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "phone":{ - "value":"phone", - "provider":[ - "source:RESIDENT,process:RES_CORRECTION", - "source:REGISTRATION_CLIENT,process:CORRECTION|NEW|UPDATE", - "source:RESIDENT,process:RES_UPDATE" - ] - }, - "phone_user_provided":{ - "value":"phone", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE", - "source:RESIDENT,process:RES_UPDATE", - "source:REGISTRATION_CLIENT,process:LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_REPRINT" - ] - }, - "phone_validation_source":{ - "value":"phone", - "provider":[ - "source:CNIE,process:CORRECTION2|CORRECTION1|VALIDATION" - ] - }, - "email":{ - "value":"email", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "localAdministrativeAuthority":{ - "value":"localAdministrativeAuthority", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "uin":{ - "value":"UIN", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "individualBiometrics":{ - "value":"individualBiometrics", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "parentOrGuardianBiometrics":{ - "value":"parentOrGuardianBiometrics", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "individualAuthBiometrics":{ - "value":"individualAuthBiometrics", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "officerBiometricFileName":{ - "value":"officerBiometricFileName", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST" - ] - }, - "supervisorBiometricFileName":{ - "value":"supervisorBiometricFileName", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST" - ] - }, - "residenceStatus":{ - "value":"residenceStatus", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - } - - }, - "metaInfo":{ - "value":"metaInfo", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "audits":{ - "value":"audits", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "documents":{ - "poa":{ - "value":"proofOfAddress", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "poi":{ - "value":"proofOfIdentity", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "por":{ - "value":"proofOfRelationship", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "pob":{ - "value":"proofOfDateOfBirth", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - }, - "poe":{ - "value":"proofOfException", - "provider":[ - "source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST", - "source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT" - ] - } - } -} diff --git a/sandbox/registration-processor-mz.properties b/sandbox/registration-processor-mz.properties deleted file mode 100644 index a55f9bda230..00000000000 --- a/sandbox/registration-processor-mz.properties +++ /dev/null @@ -1,652 +0,0 @@ -dmz.ingress.base.url=http://dmz.ingress:30080 - -# Database Host name -mosip.registration.processor.database.hostname=postgres - -# Database Port -mosip.registration.processor.database.port=80 - -registration.processor.zone=mz - -#-----------Health checker-------------- -management.endpoint.health.show-details=always -management.endpoints.web.exposure.include=info,health,refresh - -#------packet-bio-dedupe-service-------- -#Maximum abis records to be fetched at a time -registration.processor.abis.maxResults=30 -#Dummy Tag for face in cbeff file -registration.processor.abis.targetFPIR=30 -# supported 'byte' and 'text format -activemq.message.format=text -# Buffer time above the expiry for all queues to allow reprocessing (in seconds) -registration.processor.bio.dedupe.reprocess.buffer.time=900 - -# ---------DB connection--------------- -#Driver name -javax.persistence.jdbc.driver=org.postgresql.Driver - -# Database connection URL -javax.persistence.jdbc.url=jdbc:postgresql://${mosip.registration.processor.database.hostname}:${mosip.registration.processor.database.port}/mosip_regprc?currentSchema=regprc - -javax.persistence.jdbc.user=regprcuser -# TODO: user cipher below -javax.persistence.jdbc.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - -#Hibernate properties -hibernate.hbm2ddl.auto=none -hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect -hibernate.jdbc.lob.non_contextual_creation=true -hibernate.show_sql=false - -#-----packet-manager---------- -registration.processor.LANDING_ZONE = /mnt/regproc/landing - -#Location to store the file which is consumed from the print and postal queue -registration.processor.PRINT_POSTAL_SERVICE=/home/ftp1/PRINIT_POSTAL_SERVICE - -#-----packet-utility---------- -# The known packet sources. Should be set as all fieldCategory present in idschema -# (NOTE : if fieldCategory is set as pvt then the source should be id) -registration.processor.sourcepackets=id,evidence,optional -# The mandatory default source packet.(In default configuration this is thd id packet) -packet.default.source=id -# the default schema field cagegory (ex - private) -schema.default.fieldCategory=pvt,none -# The IDSchemaVersion used to create packets in reg-proc -IDSchema.Version=0.1 - -#---------registration-processor-camel-bridge------------ - -#Url to cluster manager to enable this stage for joining the cluster in secure zone -cluster.manager.file.name=hazelcast_mz.xml - -#workel pool size to process multiple requests parallely -worker.pool.size=10 - -#Route files corresponding to the secure flow -camel.secure.active.flows.file.names=registration-processor-camel-routes-new-mz.xml,registration-processor-camel-routes-update-mz.xml,registration-processor-camel-routes-activate-mz.xml,registration-processor-camel-routes-res-update-mz.xml,registration-processor-camel-routes-deactivate-mz.xml,registration-processor-camel-routes-lost-mz.xml,registration-processor-camel-routes-res-reprint-mz.xml - -#-------------TOKEN GENERATION---------------- -#Token generation request id -token.request.id=io.mosip.registration.processor -#Token generation app id -token.request.appid=regproc -#Token generation username -token.request.username=registrationprocessor -#Token generation password -token.request.password={cipher}AQABt4aBjlC2OxQNy04L3OtJm8KaTDwSJhV3lEpUh6xBM2xGVnY3M1DIeKGFAeBNfi6jH5qgj1KCUmFONLwSmfcrPx9m6MYXXQMYwyAeq13Msy1fcG1AtZQASKeLbuMCaRwinwdt7C/WYzvVVv47NojD+VmHHVTY3qBXJ4dwZ0/BqmUBPXyYrJPKTcdouxT76bgm5+fXXNcT7lciXgD1aCnWKziL5nDa6Y9dhc+ZPyM0d+I0JfS+emsByt7tWgcZukQkOEx8JWfcCR4eVpERYVa/ps/EAuQRXmxIvnr54GSCc/KKpwnYnjLtKIx/75I6pezBdKU/BBJG1syjQp9VQC9adSI5fdsn3ijkxJjC9TSIFJKDlTHqNCnJaxQXcSBWL4Y= -#Token generation version -token.request.version=1.0 -#Token generation Client Id -token.request.clientId=mosip-regproc-client -#Token generation secret key -token.request.secretKey={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db -#Token generation issuer url -# Token generation issuer url. NOTE: The url here must match the one mentioned in keycloak auth token, otherwise -# performance of system will be severly affected. - -token.request.issuerUrl=${mosipbox.public.url}/keycloak/auth/realms/mosip - -#--------Registration processor rest client API's-------------- - - -#Audit Service -AUDIT=http://kernel-auditmanager-service/v1/auditmanager/audits - -#Auth Service -authmanager.base.url=http://kernel-auth-service -PASSWORDBASEDTOKENAPI=${authmanager.base.url}/v1/authmanager/authenticate/useridPwd -KEYBASEDTOKENAPI=${authmanager.base.url}/v1/authmanager/authenticate/clientidsecretkey -TOKENVALIDATE=${authmanager.base.url}/v1/authmanager/authorize/admin/validateToken -GETRIDFROMUSERID=${authmanager.base.url}/v1/authmanager/rid -INTERNALAUTH=http://ida-internal-service/idauthentication/v1/internal/auth - -#Master Data Services -MASTER=http://kernel-masterdata-service/v1/masterdata -MACHINEHISTORY=${MASTER}/machineshistories -CENTERHISTORY=${MASTER}/registrationcentershistory -CENTERUSERMACHINEHISTORY=${MASTER}/getregistrationmachineusermappinghistory -REVERSEDATASYNC=http://prereg-datasync-service/preregistration/v1/sync/consumedPreRegIds -CENTERDETAILS=${MASTER}/registrationcenters -MACHINEDETAILS=${MASTER}/machines -DEVICESHISTORIES=${MASTER}/deviceshistories -REGISTRATIONCENTERDEVICEHISTORY=${MASTER}/registrationcenterdevicehistory -REGISTRATIONCENTERTIMESTAMP=${MASTER}/registrationcenters/validate -GENDER=${MASTER}/gendertypes/validate -REGION=${MASTER}/locations/validate -CITY=${MASTER}/locations/validate -POSTALCODE=${MASTER}/locations/validate -PROVINCE=${MASTER}/locations/validate -USERDETAILS=${MASTER}/users -TEMPLATES=${MASTER}/templates -DEVICEVALIDATEHISTORY=http://pms-partner-service/partnermanagement/v1/partners/deviceprovidermanagement/validate -#To get the idschema from masterdata db -IDSCHEMA=${MASTER}/idschema/latest - -#ID Repository Services -IDREPOSITORY=http://idrepo-identity-service/idrepository/v1/identity/ -IDREPOGETIDBYUIN=http://idrepo-identity-service/idrepository/v1/identity/idvid -UINGENERATOR=http://kernel-idgenerator-service/v1/idgenerator/uin -RETRIEVEIDENTITYFROMRID=http://idrepo-identity-service/idrepository/v1/identity/idvid -RETRIEVEIDENTITY=http://idrepo-identity-service/idrepository/v1/identity/idvid -CREATEVID=http://idrepo-vid-service/idrepository/v1/vid -GETUINBYVID=http://idrepo-vid-service/idrepository/v1/idvid -CREDENTIALREQUEST=http://idrepo-credential-request-generator/v1/credentialrequest/requestgenerator -GETVIDSBYUIN=http://idrepo-vid-service/idrepository/v1/vid/uin - -#Encrypt Services -ENCRYPTURL=http://kernel-keymanager-service/v1/keymanager/encrypt -ENCRYPTIONSERVICE=http://kernel-keymanager-service/v1/keymanager/publickey -PDFSIGN=http://kernel-keymanager-service/v1/keymanager/pdf/sign - -#Digital Signature Service -DIGITALSIGNATURE=http://kernel-keymanager-service/v1/keymanager/sign - -#Digital Signature Id -mosip.registration.processor.digital.signature.id=io.mosip.registration.processor - -# Url from where packets need to be picked up DMZ (landing zone) -NGINXDMZURL=${dmz.ingress.base.url}/registrationprocessor/v1/dmzpacketserver - -#--------Registration Processor Rest Client API's----------- -CRYPTOMANAGERDECRYPT=http://kernel-keymanager-service/v1/keymanager/decrypt - -#External Service -EISERVICE=http://regproc-external-integration-service/registrationprocessor/v1/eis/registration-processor/external-integration-service/v1.0 - -#RID Generation Service -RIDGENERATION=http://kernel-ridgenerator-service/v1/ridgenerator/generate/rid - -#Registration Processor Status Services -# We specify Ingress location for dmz which is any worker node and a ingress port -SYNCSERVICE=${dmz.ingress.base.url}/registrationprocessor/v1/registrationstatus/sync -PACKETRECEIVER=${dmz.ingress.base.url}/registrationprocessor/v1/packetreceiver/registrationpackets - -#SMS and EMAIL notification services -SMSNOTIFIER=http://kernel-notification-service/v1/notifier/sms/send -EMAILNOTIFIER=http://kernel-notification-service/v1/notifier/email/send - -PMS=http://pms-policy-management-service/partnermanagement/v1/policies/policies/partnerId - -#---------Registration Status--------- - -#Maximum retry count for packet -registration.processor.max.retry=10 -#Registration Status Id -mosip.registration.processor.registration.status.id=mosip.registration.status -#Registration Sync Id -mosip.registration.processor.registration.sync.id=mosip.registration.sync -#Registration Transaction Id -mosip.registration.processor.registration.transaction.id=mosip.registration.transaction -#Registration Sync Version -mosip.registration.processor.sync.version=1.0 -#Registration Status Version -mosip.registration.processor.registration.status.version=1.0 -#Registration Transaction Version -mosip.registration.processor.transaction.version=1.0 - -#--------Demo Dedupe Stage--------- -application.id=REGISTRATION -#Status for matched records in demo dedupe stage -registration.processor.demodedupe.manualverification.status=REJECTED -#configuration parameter to disable or enable Demographic Deduplication -mosip.registration.processor.demographic.deduplication.enable=true - -#-----------Manual Verification Stage------------ -#Manual verification assignment request Id -mosip.registration.processor.manual.verification.assignment.id=mosip.manual.verification.assignment -#Manual verification decision request Id -mosip.registration.processor.manual.verification.decision.id=mosip.manual.verification.decision -#Manual verification biometric request Id -mosip.registration.processor.manual.verification.biometric.id=mosip.manual.verification.biometric -#Manual verification demographic request Id -mosip.registration.processor.manual.verification.demographic.id=mosip.manual.verification.demographic -#Manual verification packetinfo request Id -mosip.registration.processor.manual.verification.packetinfo.id=mosip.manual.verification.packetinfo - -#Manual verification queue message expiry in seconds, if given 0 then message will never expire -registration.processor.queue.manualverification.request.messageTTL=5400 -# Buffer time above the expiry queue to allow reprocessing (in seconds) -registration.processor.manual.verification.reprocess.buffer.time=900 - -registration.processor.manual.adjudication.policy.id=mpolicy-default-adjudication -registration.processor.manual.adjudication.subscriber.id=mpartner-default-adjudication -registration.processor.manual.adjudication.json=registration-processor-abis.json -#packet.info.storage.service=registration-processor-packet-info-storage-service -packet.info.storage.service=* -config.server.file.storage.uri=${spring.cloud.config.uri}/${packet.info.storage.service}/${spring.profiles.active}/${spring.cloud.config.label}/ - - -#--------OSI Validation Stage---------- -#To enable or disable the Center working hour validation -mosip.workinghour.validation.required=true -#Applicant date of birth format -registration.processor.applicant.dob.format=yyyy/MM/dd -#Internal Auth request id -mosip.identity.auth.internal.requestid=mosip.identity.auth.internal -registration.processor.validate.introducer=true -mosip.kernel.device.validate.history.id="" -#UMC configuarble -mosip.registartion.processor.validateUMC=true -crypto.PrependThumbprint.enable=true -auth.PrependThumbprint.enable=false - -#---------Packet Receiver Stage------------ -#Maximum file size to be upload from packet receiver -registration.processor.max.file.size=5 -#Packet receiver application version -mosip.registration.processor.application.version=1.0 -#Request Date Time format -mosip.registration.processor.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' -#Request Date Timezone -mosip.registration.processor.timezone=GMT -#Packet Receiver request Id -mosip.registration.processor.packet.id=mosip.registration.packet -#Request time grace period -mosip.registration.processor.grace.period=10800 - -#-----------Retry Stage----------- -registration.processor.wait.period=1 - -#----------Uin Generator Stage------------ -#Idrepo create request Id -registration.processor.id.repo.create=mosip.id.create -#Idrepo read request Id -registration.processor.id.repo.read=mosip.id.read -#Idrepo update request Id -registration.processor.id.repo.update=mosip.id.update -#Idrepo vidType request Id -registration.processor.id.repo.vidType=Perpetual -#Idrepo generate request Id -registration.processor.id.repo.generate=mosip.vid.create -#Idrepo vid version -registration.processor.id.repo.vidVersion=v1 - -#---------Virus Scanner Stage--------- -#Virus scanner packet extension -registration.processor.packet.ext=.zip -#Virus scanner server host -mosip.kernel.virus-scanner.host=clamav -#Virus scanner port -mosip.kernel.virus-scanner.port=80 -#Virus scanner application request id -registration.processor.application.id=REGISTRATION -registration.processor.rid.machineidsubstring=10 - -#---------Message Sender Stage---------------------- -#Mapping Identity json to map with the applicant id json -registration.processor.identityjson=registration-processor-identity.json -#create text print text file -registration.processor.print.textfile=registration-processor-print-text-file.json -#Abis queue configuration json -registration.processor.abis.json=registration-processor-abis.json -#Demographic identity label -registration.processor.demographic.identity=identity -registration.processor.notification.emails= - -#Email subjects for success & failure scenario -#Uin generated subject -registration.processor.uin.generated.subject=UIN Generated -#Duplicate Uin subject -registration.processor.duplicate.uin.subject=Registration Failed because you have already Registered -#Applicant re-register subject -registration.processor.reregister.subject=Re-Register because there was a Technical Issue -#Uin activated subject -registration.processor.uin.activated.subject=Uin is activated successfully -#Uin deactivated subject -registration.processor.uin.deactivated.subject=Uin is deactivated -#Uin details updated subject -registration.processor.updated.subject=UIN Details Updated - -#------------Queue----------------------- -#Queue username -registration.processor.queue.username=admin -#Queue Password -registration.processor.queue.password={cipher}3c7b6d545f11105e9a9a7e1d4dfd7829662d73c713576a877536ac783921c9f0 -#Queue Url -registration.processor.queue.url=tcp://activemq:80 -#Type of the Queue -registration.processor.queue.typeOfQueue=ACTIVEMQ -#Print Service address -registration.processor.queue.address = print-service -#Post Service address -registration.processor.queue.printpostaladdress = postal-service - -# Enable proxy postal service response for test environments where actual postal service wont be available -# IMPORTANT : This should always be set as false in actual production environment -registration.processor.enable.proxy.postalservice=true - -#------------Packet Validator Stage----------- -#Attributes to be validated in master data validation -registration.processor.masterdata.validation.attributes = gender,region,province,city -registration.processor.validateSchema=true -registration.processor.validateFile=true -registration.processor.validateChecksum=true -registration.processor.validateApplicantDocument=true -registration.processor.validateMasterData=false -registration-processor.validatemandotary=true - -registration.processor.document.category=idobject-document-category-mapping.json -registration.processor.applicant.type=applicanttype-document-mapping.json - -#------------Packet Generator----------------- -#Audit request id for packet generator -registration.processor.audit.applicationId=PACGEN -#Audit request application name for packet generator -registration.processor.audit.applicationName=PACKET_GENERATOR -#Packet generator request id -mosip.registration.processor.registration.packetgenerator.id=mosip.registration.packetgenerator -#Uin Card RePrint request id -mosip.registration.processor.uincard.reprint.id = mosip.uincard.reprint -#Packet generator request version -mosip.registration.processor.packetgenerator.version=1.0 -#resident update service id -mosip.registration.processor.resident.service.id=mosip.registration.update -#resident lost service id -mosip.registration.processor.lost.id=mosip.registration.lost - - -#-------------Printing Service-------------------- -mosip.registration.processor.print.service.id=mosip.registration.print -#unmasked uin length -registration.processor.unMaskedUin.length=4 -#UIN card password -mosip.registration.processor.print.service.uincard.password=postalCode|fullName -#header length to be removed from iso image to get actual image -mosip.print.uin.header.length=73 -#Rectangle coordinates for pfd signataured data -mosip.registration.processor.print.service.uincard.lowerleftx=73 -mosip.registration.processor.print.service.uincard.lowerlefty=100 -mosip.registration.processor.print.service.uincard.upperrightx=300 -mosip.registration.processor.print.service.uincard.upperrighty=300 -mosip.registration.processor.print.service.uincard.signature.reason="signing" - -#--------------Reprocessor stage---------------- - -#Number of the reprocess records to be fetched at a time -registration.processor.reprocess.fetchsize=100 - -# The reprocessor scheduler configurations -# The elapse time (in sec) beyond which the rids will be considered for reprocessing -registration.processor.reprocess.elapse.time=7200 -# The maximum reprocess count. Beyond this the rid will not be considered for reprocessing. -registration.processor.reprocess.attempt.count=300 -# Reprocess type -registration.processor.reprocess.type=cron -#schedular seconds configuration -registration.processor.reprocess.seconds=0 -#schedular minutes configuration -registration.processor.reprocess.minutes=0 -#schedular hours configuration -# Under assumption of about 2 hrs of downtime for regproc on daily basis, the reprocessor -# frequency is made to 3 hours once -registration.processor.reprocess.hours=0,3,6,9,12,15,18,21 -#schedular days configuration -registration.processor.reprocess.days_of_month=* -#schedular months configuration -registration.processor.reprocess.months=* -#schedular weeks configuration -registration.processor.reprocess.days_of_week=* - - -#Service Ids -#Audit request id -mosip.registration.processor.audit.id=mosip.applicanttype.getApplicantType -#Cryptomanager decrypt request id -mosip.registration.processor.crypto.decrypt.id=mosip.cryptomanager.decrypt -#SMS notification request id -mosip.registration.processor.sms.id=mosip.sms.send -#Email notification request id -mosip.registration.processor.email.id=mosip.email.send - -#Kernel Crypto signature -registration.processor.signature.isEnabled=true - -#BioDedupe stage -registration.processor.infant.dedupe=N - -# ID Authentication -IDAUTHENCRYPTION=http://ida-internal-service/idauthentication/v1/internal/encrypt -IDAUTHPUBLICKEY=http://ida-internal-service/idauthentication/v1/internal/publickey -IDAUTHCERTIFICATE=http://ida-internal-service/idauthentication/v1/internal/getCertificate -ida-internal-auth-uri=http://ida-internal-service/idauthentication/v1/internal/auth -ida-internal-get-certificate-uri=http://ida-internal-service/idauthentication/v1/internal/getCertificate - - -registration.processor.objectstore.adapter.name=S3Adapter -packetmanager.base.url=http://packetmanager-service/commons -PACKETMANAGER_SEARCH_FIELD=${packetmanager.base.url}/v1/packetmanager/searchField -PACKETMANAGER_SEARCH_FIELDS=${packetmanager.base.url}/v1/packetmanager/searchFields -PACKETMANAGER_SEARCH_METAINFO=${packetmanager.base.url}/v1/packetmanager/metaInfo -PACKETMANAGER_VALIDATE=${packetmanager.base.url}/v1/packetmanager/validatePacket -PACKETMANAGER_SEARCH_DOCUMENT=${packetmanager.base.url}/v1/packetmanager/document -PACKETMANAGER_SEARCH_BIOMETRICS=${packetmanager.base.url}/v1/packetmanager/biometrics -PACKETMANAGER_SEARCH_AUDITS=${packetmanager.base.url}/v1/packetmanager/audits -PACKETMANAGER_INFO=${packetmanager.base.url}/v1/packetmanager/info -PACKETMANAGER_UPDATE_TAGS=${packetmanager.base.url}/v1/packetmanager/addOrUpdateTag -DATASHARECREATEURL=http://datashare-service/v1/datashare/create -DATASHAREGETEURL=http://datashare-service/v1/datashare/get -registration.processor.policy.id=mpolicy-default-abis -registration.processor.subscriber.id=mpartner-default-abis - - -#iam adapter -mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter - -# BioSDK -mosip.biometric.sdk.provider.finger.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 -mosip.biometric.sdk.provider.iris.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 -mosip.biometric.sdk.provider.face.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 - -#--------------Print stage---------------- -mosip.registration.processor.credentialtype=euin -mosip.registration.processor.encrypt=false -mosip.registration.processor.issuer=mpartner-default-print -mosip.registration.processor.credential.request.service.id=mosip.credential.request.generator - -#----------------------------------Event Bus------------------------------------------ -#Supported eventbus types: vertx, kafka. Defaults to vertx if the config is not given -mosip.regproc.eventbus.type=kafka - -#Kafka event bus config, will be used only when the type is kafka -#Kafka cluster servers comma separated, common for all stages and camel -mosip.regproc.eventbus.kafka.bootstrap.servers=kafka-0.kafka-headless.default.svc.cluster.local:9092,kafka-1.kafka-headless.default.svc.cluster.local:9092,kafka-2.kafka-headless.default.svc.cluster.local:9092 - -#securezone-notification-stage -#Supported commmit config: auto, batch, single -mosip.regproc.securezone.notification.eventbus.kafka.commit.type=single -#Maximum records that can be received in one poll to kafka -mosip.regproc.securezone.notification.eventbus.kafka.max.poll.records=100 -#Interval between each poll calls to kafka in milli sec -mosip.regproc.securezone.notification.eventbus.kafka.poll.frequency=100 -#kafka consumer group id, one unique id is required for for every stage -mosip.regproc.securezone.notification.eventbus.kafka.group.id=securezone-notification-stage - -#camel-bridge -mosip.regproc.camel.bridge.eventbus.kafka.commit.type=single -mosip.regproc.camel.bridge.eventbus.kafka.max.poll.records=100 -mosip.regproc.camel.bridge.eventbus.kafka.poll.frequency=100 -#Above 3 camel kafka config will have no effect, it is kept because MosipBridgeFactory extends -#MosipVerticleAPIManager -mosip.regproc.camel.bridge.eventbus.kafka.group.id=camel-brdige-mz - -#packet-uploader-stage -mosip.regproc.packet.uploader.eventbus.kafka.commit.type=single -mosip.regproc.packet.uploader.eventbus.kafka.max.poll.records=100 -mosip.regproc.packet.uploader.eventbus.kafka.poll.frequency=100 -mosip.regproc.packet.uploader.eventbus.kafka.group.id=packet-uploader-stage - -#packet-validator-stage -mosip.regproc.packet.validator.eventbus.kafka.commit.type=single -mosip.regproc.packet.validator.eventbus.kafka.max.poll.records=100 -mosip.regproc.packet.validator.eventbus.kafka.poll.frequency=100 -mosip.regproc.packet.validator.eventbus.kafka.group.id=packet-validator-stage - -#packet-classifier-stage -mosip.regproc.packet.classifier.eventbus.kafka.commit.type=single -mosip.regproc.packet.classifier.eventbus.kafka.max.poll.records=100 -mosip.regproc.packet.classifier.eventbus.kafka.poll.frequency=100 -mosip.regproc.packet.classifier.eventbus.kafka.group.id=packet-classifier-stage - -#quality-checker-stage -mosip.regproc.quality.checker.eventbus.kafka.commit.type=single -mosip.regproc.quality.checker.eventbus.kafka.max.poll.records=100 -mosip.regproc.quality.checker.eventbus.kafka.poll.frequency=100 -mosip.regproc.quality.checker.eventbus.kafka.group.id=quality-checker-stage - -#osi-validator-stage -mosip.regproc.osi.validator.eventbus.kafka.commit.type=single -mosip.regproc.osi.validator.eventbus.kafka.max.poll.records=100 -mosip.regproc.osi.validator.eventbus.kafka.poll.frequency=100 -mosip.regproc.osi.validator.eventbus.kafka.group.id=osi-validator-stage - -#external-stage -mosip.regproc.external.eventbus.kafka.commit.type=single -mosip.regproc.external.eventbus.kafka.max.poll.records=100 -mosip.regproc.external.eventbus.kafka.poll.frequency=100 -mosip.regproc.external.eventbus.kafka.group.id=external-stage - -#demo-dedupe-stage -mosip.regproc.demo.dedupe.eventbus.kafka.commit.type=single -mosip.regproc.demo.dedupe.eventbus.kafka.max.poll.records=100 -mosip.regproc.demo.dedupe.eventbus.kafka.poll.frequency=100 -mosip.regproc.demo.dedupe.eventbus.kafka.group.id=demo-dedupe-stage - -#abis-handler-stage -mosip.regproc.abis.handler.eventbus.kafka.commit.type=single -mosip.regproc.abis.handler.eventbus.kafka.max.poll.records=100 -mosip.regproc.abis.handler.eventbus.kafka.poll.frequency=100 -mosip.regproc.abis.handler.eventbus.kafka.group.id=abis-handler-stage - -#bio-dedupe-stage -mosip.regproc.bio.dedupe.eventbus.kafka.commit.type=single -mosip.regproc.bio.dedupe.eventbus.kafka.max.poll.records=100 -mosip.regproc.bio.dedupe.eventbus.kafka.poll.frequency=100 -mosip.regproc.bio.dedupe.eventbus.kafka.group.id=bio-dedupe-stage - -#manual-verification-stage -mosip.regproc.manual.verification.eventbus.kafka.commit.type=single -mosip.regproc.manual.verification.eventbus.kafka.max.poll.records=100 -mosip.regproc.manual.verification.eventbus.kafka.poll.frequency=100 -mosip.regproc.manual.verification.eventbus.kafka.group.id=manual-verification-stage - -#uin-generator-stage -mosip.regproc.uin.generator.eventbus.kafka.commit.type=single -mosip.regproc.uin.generator.eventbus.kafka.max.poll.records=100 -mosip.regproc.uin.generator.eventbus.kafka.poll.frequency=100 -mosip.regproc.uin.generator.eventbus.kafka.group.id=uin-generator-stage - -#abis-middle-ware-stage -mosip.regproc.abis.middleware.eventbus.kafka.commit.type=single -mosip.regproc.abis.middleware.eventbus.kafka.max.poll.records=100 -mosip.regproc.abis.middleware.eventbus.kafka.poll.frequency=100 -mosip.regproc.abis.middleware.eventbus.kafka.group.id=abis-middle-ware-stage - -#biometric-authentication-stage -mosip.regproc.biometric.authentication.eventbus.kafka.commit.type=single -mosip.regproc.biometric.authentication.eventbus.kafka.max.poll.records=100 -mosip.regproc.biometric.authentication.eventbus.kafka.poll.frequency=100 -mosip.regproc.biometric.authentication.eventbus.kafka.group.id=biometric-authentication-stage - -#reprocessor-stage -mosip.regproc.reprocessor.eventbus.kafka.commit.type=single -mosip.regproc.reprocessor.eventbus.kafka.max.poll.records=100 -mosip.regproc.reprocessor.eventbus.kafka.poll.frequency=100 -mosip.regproc.reprocessor.eventbus.kafka.group.id=reprocessor-stage - -#message-sender-stage -mosip.regproc.message.sender.eventbus.kafka.commit.type=single -mosip.regproc.message.sender.eventbus.kafka.max.poll.records=100 -mosip.regproc.message.sender.eventbus.kafka.poll.frequency=100 -mosip.regproc.message.sender.eventbus.kafka.group.id=message-sender-stage - -#printing-stage -mosip.regproc.printing.eventbus.kafka.commit.type=single -mosip.regproc.printing.eventbus.kafka.max.poll.records=100 -mosip.regproc.printing.eventbus.kafka.poll.frequency=100 -mosip.regproc.printing.eventbus.kafka.group.id=printing-stage - - -packetmanager.name.source.resident=RESIDENT -packetmanager.name.source.cnie=CNIE -packetmanager.name.source.default=REGISTRATION_CLIENT - -# default priority for correction packets -# To define priority use below stage names. For example, field 'gender' has priority in uin-generator-stage. The key for uin-generator-stage is 'uingenerator'. So the key would be 'packetmanager.provider.uingenerator.gender' -# packetreceiver,packetuploader,packetvalidator,qualitychecker,osivalidator,demodedupe,classification,biodedupe,bioauth,manualverification,uingenerator,messagesender -packetmanager.provider.uingenerator.lastName=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.gender=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.city=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.modeOfClaim=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.cregion=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.postalCode=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.cprovince=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.suffix=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.bloodType=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.referenceIdentityNumber=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.individualBiometrics[Finger]=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.individualBiometrics[Iris]=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.individualBiometrics[Face]=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.province=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.caddressLine4=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.zone=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.caddressLine3=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.caddressLine2=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.caddressLine1=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.addressLine1=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.addressLine2=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.residenceStatus=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.addressLine3=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.addressLine4=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.email=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.czone=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.dateOfBirth=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.cpostalCode=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.ccity=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.firstName=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.IDSchemaVersion=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.phone=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.registrationType=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.middleName=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.UIN=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.region=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.maritalStatus=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.parentOrGuardianUIN=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.parentOrGuardianRID=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.proofOfAddress=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.proofOfDateOfBirth=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.proofOfIdentity=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.proofOfRelationship=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT -packetmanager.provider.uingenerator.proofOfException=source:CNIE\/process:CORRECTION,source:REGISTRATION_CLIENT\/process:NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT - -# packet-classifier-stage -# List of tag generator that should be run on every packet -# Available tag generators MosipIDObjectFields,MosipMetaInfo,MosipAgeGroup,MosipSupervisorApprovalStatus -mosip.regproc.packet.classifier.tag-generators=MosipIDObjectFields,MosipMetaInfo,MosipAgeGroup,MosipSupervisorApprovalStatus -# These field names should be as in keys of registraion-processor-identity.json file Identity segment -# and should have proper default source configured -mosip.regproc.packet.classifier.tagging.idobjectfields.mapping-field-names=gender,city,residenceStatus -# The tag name that will be prefixed with every idobjectfield tags -mosip.regproc.packet.classifier.tagging.idobjectfields.tag-name-prefix=ID_OBJECT- -# The tag name that will be prefixed with every metainfo operationsData tags -mosip.regproc.packet.classifier.tagging.metainfo.operationsdata.tag-name-prefix=META_INFO-OPERATIONS_DATA- -# The tag name that will be prefixed with every metainfo metaData tags -mosip.regproc.packet.classifier.tagging.metainfo.metadata.tag-name-prefix=META_INFO-META_DATA- -# The tag name that will be prefixed with every metainfo capturedRegisteredDevices tags -mosip.regproc.packet.classifier.tagging.metainfo.capturedregistereddevices.tag-name-prefix=META_INFO-CAPTURED_REGISTERED_DEVICES- -# The labels on metainfo.operationsData array that needs to be tagged -mosip.regproc.packet.classifier.tagging.metainfo.operationsdata.tag-labels=officerId,supervisorId -# The labels on metainfo.metaData array that needs to be tagged -mosip.regproc.packet.classifier.tagging.metainfo.metadata.tag-labels=centerId,machineId -# The serial numbers of devices type on metainfo.capturedRegisteredDevices array that needs to be tagged -mosip.regproc.packet.classifier.tagging.metainfo.capturedregistereddevices.device-types=Face,Fingerprint -# Tag name that will be used while tagging age group -mosip.regproc.packet.classifier.tagging.agegroup.tag-name=AGE_GROUP -# Below age ranges map should contain proper age group name and age range, any overlap of the age -# range will result in a random behaviour of tagging. In range, upper and lower values are inclusive. -mosip.regproc.packet.classifier.tagging.agegroup.ranges={'CHILD':'0-17','ADULT':'18-59','SENIOR_CITIZEN':'60-200'} -# Tag name that will be used while tagging supervisor approval status -mosip.regproc.packet.classifier.tagging.supervisorapprovalstatus.tag-name=SUPERVISOR_APPROVAL_STATUS -# Tag name that will be used while tagging exception biometrics -mosip.regproc.packet.classifier.tagging.exceptionbiometrics.tag-name=EXCEPTION_BIOMETRICS diff --git a/sandbox/resident-mz.properties b/sandbox/resident-mz.properties deleted file mode 100644 index e09a0a0a8b2..00000000000 --- a/sandbox/resident-mz.properties +++ /dev/null @@ -1,110 +0,0 @@ -#--------------ID and Version -------------- -auth.internal.id=mosip.identity.auth.internal -auth.internal.version=1.0 -mosip.registration.processor.print.id=mosip.registration.print -mosip.registration.processor.application.version=1.0 -vid.create.id=mosip.vid.create -resident.vid.version=v1 -resident.vid.id=mosip.resident.vid -auth.type.status.id=mosip.identity.authtype.status.update -resident.authlock.id=mosip.resident.authlock -resident.checkstatus.id=mosip.resident.checkstatus -resident.euin.id=mosip.resident.euin -resident.printuin.id=mosip.resident.printuin -resident.uin.id=mosip.resident.uin -resident.rid.id=mosip.resident.rid -resident.updateuin.id=mosip.resident.updateuin -resident.authunlock.id=mosip.resident.authunlock -resident.authhistory.id=mosip.resident.authhistory -mosip.resident.service.status.check.id=mosip.registration.status -mosip.resident.service.status.check.version=1.0 -vid.revoke.id=mosip.vid.deactivate -resident.revokevid.id=mosip.resident.vidstatus -PARTNER_REFERENCE_Id=mpartner-default-resident -APPLICATION_Id=RESIDENT -DECRYPT_API_URL=http://kernel-keymanager-service/v1/keymanager/decrypt - -#-------------TOKEN GENERATION---------------- -#Token generation request id -token.request.id=io.mosip.resident -#Token generation app id -resident.appid=resident -#Token generation version -token.request.version=1.0 -# Kernel auth client ID for IDA -resident.clientId=mosip-resident-client -# Kernel auth secret key for IDA -resident.secretKey={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db -#Token genration issue url -token.request.issuerUrl=${mosip.keycloak.issuerUrl} - -#--------------URI-------------------------- -#Auth Services -KERNELAUTHMANAGER=http://kernel-auth-service/v1/authmanager/authenticate/clientidsecretkey -REGPROCPRINT=http://regproc-print-service/registrationprocessor/v1/print/uincard -INTERNALAUTH=http://ida-internal-service/idauthentication/v1/internal/auth -INTERNALAUTHTRANSACTIONS=http://ida-internal-service/idauthentication/v1/internal/authTransactions -KERNELENCRYPTIONSERVICE=http://ida-internal-service/idauthentication/v1/internal/getCertificate -IDAUTHCREATEVID=http://idrepo-vid-service/idrepository/v1/vid -IDAUTHREVOKEVID=http://idrepo-vid-service/idrepository/v1/vid/deactivate -#Notification service -IDREPOGETIDBYUIN=http://idrepo-identity-service/idrepository/v1/identity/idvid -IDREPOGETIDBYRID=http://idrepo-identity-service/idrepository/v1/identity/idvid -GETUINBYVID=http://idrepo-vid-service/idrepository/v1/vid -resident.notification.emails=mosiptestuser@gmail.com -resident.notification.message=Notification has been sent to the provided contact detail(s) -#templates -MASTER=http://kernel-masterdata-service/v1/masterdata -TEMPLATES=${MASTER}/templates -MACHINEDETAILS=${MASTER}/machines -CENTERDETAILS=${MASTER}/registrationcenters -RIDGENERATION=http://kernel-ridgenerator-service/v1/ridgenerator/generate/rid -CREATEVID=http://idrepo-vid-service/idrepository/v1/vid -IDREPOSITORY=http://idrepo-identity-service/idrepository/v1/identity/ -ENCRYPTURL=http://kernel-keymanager-service/v1/keymanager/encrypt -MIDSCHEMAURL=http://kernel-syncdata-service/v1/syncdata/latestidschema -# DMZ service call -dmz.ingress.base.url=http://dmz.ingress:30080 -SYNCSERVICE=${dmz.ingress.base.url}/registrationprocessor/v1/registrationstatus/sync -PACKETRECEIVER=${dmz.ingress.base.url}/registrationprocessor/v1/packetreceiver/registrationpackets -SMSNOTIFIER=http://kernel-notification-service/v1/notifier/sms/send -EMAILNOTIFIER=http://kernel-notification-service/v1/notifier/email/send -AUTHTYPESTATUSUPDATE=http://idrepo-identity-service/idrepository/v1/identity/authtypes/status -#Regitstration processor reprint service -#Registration status service -REGISTRATIONSTATUSSEARCH=${dmz.ingress.base.url}/registrationprocessor/v1/registrationstatus/search -resident.center.id=10001 -resident.machine.id=10001 -#Credential Req service -POLICY_REQ_URL=http://pms-partner-service/partnermanagement/v1/partners/partners -OTP_GEN_URL=http://ida-internal-service/idauthentication/v1/internal/otp -CREDENTIAL_STATUS_URL=http://idrepo-credential-request-generator/v1/credentialrequest/get/ -CREDENTIAL_REQ_URL=http://idrepo-credential-request-generator/v1/credentialrequest/requestgenerator -CREDENTIAL_CANCELREQ_URL=http://idrepo-credential-request-generator/v1/credentialrequest/cancel/ -CREDENTIAL_TYPES_URL=http://idrepo-credential-service/v1/credentialservice/types -PARTNER_API_URL=http://pms-partner-service/partnermanagement/v1/partners/partners/ -mosip.kernel.masterdata.audit-url=http://kernel-auditmanager-service/v1/auditmanager/audits - -#----------------------config data--------------------- -resident.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' -auth.types.allowed=demo,bio-Finger,bio-Iris,bio-FACE - -resident.identityjson=registration-processor-identity.json -mosip.id.validation.identity.phone=^([6-9]{1})([0-9]{9})$ -mosip.id.validation.identity.email=^[\\w-\\+]+(\\.[\\w]+)*@[\\w-]+(\\.[\\w]+)*(\\.[a-zA-Z]{2,})$ - --------Security properties----------------- -#CSRF switch -mosip.security.csrf-enable:false - -#secure cookie switch -mosip.security.secure-cookie:false - -IDSchema.Version=0.1 -id.repo.update=mosip.id.update -mosip.registration.processor.registration.sync.id=mosip.registration.sync -id.repo.vidType=Perpetual -token.request.appid=regproc -token.request.clientId=mosip-regproc-client -token.request.secretKey={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db -objectstore.adapter.name=PosixAdapter diff --git a/signup-default.properties b/signup-default.properties new file mode 100644 index 00000000000..5704bedae04 --- /dev/null +++ b/signup-default.properties @@ -0,0 +1,162 @@ +#---------------------------------------------------------------------------------------------------------------------------- +# challenge.timeout, resend-delay are count as seconds +mosip.signup.id-schema.version=0.2 +mosip.signup.identifier.regex=^\\+855[1-9]\\d{7,8}$ +mosip.signup.identifier.prefix=+855 +mosip.signup.supported-languages={'khm','eng'} +mosip.signup.default-language=khm +mosip.signup.password.pattern=^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[\\x5F\\W])(?=.{8,20})[a-zA-Z0-9\\x5F\\W]{8,20}$ +mosip.signup.password.max-length=20 +mosip.signup.generate-challenge.blocked.timeout=300 +mosip.signup.challenge.timeout=60 +mosip.signup.audit.description.max-length=2048 +mosip.signup.password.min-length=8 +mosip.signup.fullname.pattern=^[\\u1780-\\u17FF\\u19E0-\\u19FF\\u1A00-\\u1A9F\\u0020]{1,30}$ + +## Time given to generate and verify the challenge in seconds. +## Default resend delay is 60 seconds, with 3 attempts, so 60*3=180 seconds. +## Adding 60 seconds for the default generate challenge 180+60=240 +## Adding 10 seconds buffer to default 240 seconds = 250 seconds. +## so 250 seconds is the Generate and verify cookie max age. +mosip.signup.unauthenticated.txn.timeout=250 +mosip.signup.challenge.resend-attempt=3 +mosip.signup.challenge.verification-attempt=3 +mosip.signup.challenge.resend-delay=${mosip.signup.challenge.timeout} + +## Time given to complete registration and get back the status of the registration in seconds. +## Considering 5 minutes(300 seconds) to complete registration form and submit. +## Default status request limit is 10 with 20 seconds request delay, 10*20=200 seconds +## so 300+200=500 seconds is the authentication cookie max age. +mosip.signup.verified.txn.timeout=300 +mosip.signup.status-check.txn.timeout=200 +mosip.signup.status.request.delay=20 +mosip.signup.status.request.limit=10 +mosip.signup.task.core.pool.size=2 +mosip.signup.task.max.pool.size=4 + +## ------------------------------------- challenge configuration ------------------------------------------------------- + +mosip.signup.supported.generate-challenge-type=OTP +mosip.signup.supported.challenge-format-types={'alpha-numeric', 'base64url-encoded-json'} +mosip.signup.supported.challenge-types={'OTP', 'KBA'} +mosip.signup.supported.challenge.otp.length=6 + +## ------------------------------------- Cache configuration ----------------------------------------------------------- +mosip.signup.cache.symmetric-algorithm-name=AES/CFB/PKCS5Padding +spring.cache.type=simple + +#spring.cache.type=redis +#spring.cache.cache-names=${mosip.esignet.cache.names} +#spring.redis.host=localhost +#spring.redis.port=6379 +management.health.redis.enabled=false + +mosip.esignet.cache.names=challenge_generated,challenge_verified,status_check,blocked_identifier,keystore,key_alias +mosip.esignet.cache.size={'challenge_generated': 200, \ + 'challenge_verified': 200,\ + 'status_check': 200,\ + 'blocked_identifier':2000,\ + 'keystore' : 10, \ + 'key_alias' : 1 } + +## Note: keystore TTL should be more than the key_alias cache TTL. +## So that key rotation happens before the actual key is removed from the keystore cache. +mosip.esignet.cache.expire-in-seconds={'challenge_generated': ${mosip.signup.unauthenticated.txn.timeout},\ + 'challenge_verified': ${mosip.signup.verified.txn.timeout},\ + 'status_check': ${mosip.signup.status-check.txn.timeout}, \ + 'blocked_identifier': ${mosip.signup.generate-challenge.blocked.timeout},\ + 'keystore' : 600, \ + 'key_alias' : 300 } + +## ------------------------------------- Auth adapter ------------------------------------------------------------------ + +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +auth-token-generator.rest.issuerUrl=${keycloak.internal.url}/auth/realms/mosip +mosip.keycloak.issuerUrl=${keycloak.internal.url}/auth/realms/mosip +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter +mosip.kernel.auth.adapter.ssl-bypass=true +mosip.kernel.auth.appid-realm-map={admin:'mosip',crereq:'mosip',creser:'mosip',idrepo:'mosip', signup:'mosip'} +mosip.kernel.auth.appids.realm.map={admin:'mosip',crereq:'mosip',creser:'mosip',idrepo:'mosip','regproc':'mosip', signup:'mosip'} + +mosip.iam.adapter.clientid=mosip-signup-client +mosip.iam.adapter.clientsecret=${mosip.signup.client.secret} +mosip.iam.adapter.appid=signup +mosip.iam.adapter.issuerURL=${keycloak.external.url}/auth/realms/mosip +mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +mosip.iam.adapter.validate-expiry-check-rate=15 +mosip.iam.adapter.renewal-before-expiry-interval=15 +mosip.iam.adapter.self-token-renewal-enable=true + +mosip.service-context=${server.servlet.context-path} +mosip.service.end-points=/**/* +mosip.service.exclude.auth.allowed.method=GET,POST + +mosip.security.csrf-enable=true +mosip.security.cors-enable=true + +## -------------------------- External endpoints ----------------------------------------------------------------------- + +mosip.signup.generate-challenge.endpoint=http://otpmanager.kernel/v1/otpmanager/otp/generate +mosip.signup.get-identity.endpoint=http://identity.idrepo/idrepository/v1/identity/idvid/%s@phone?type=demo&idType=HANDLE +mosip.signup.identity.endpoint=http://identity.idrepo/idrepository/v1/identity/ +mosip.signup.generate-hash.endpoint=http://keymanager.keymanager/v1/keymanager/generateArgon2Hash +mosip.signup.get-uin.endpoint=http://idgenerator.kernel/v1/idgenerator/uin +mosip.signup.send-notification.endpoint=http://notifier.kernel/v1/notifier/sms/send +mosip.signup.get-registration-status.endpoint=http://credentialrequest.idrepo/v1/credentialrequest/get/{applicationId} +mosip.signup.audit-endpoint=http://auditmanager.kernel/v1/auditmanager/audits +mosip.signup.add-identity.request.id=mosip.id.create +mosip.signup.update-identity.request.id=mosip.id.update +mosip.signup.identity.request.version=v1 + +## --------------------------------- captcha validator------------------------------------------------------------------ +mosip.signup.send-challenge.captcha-required=true +mosip.signup.integration.captcha-validator=GoogleRecaptchaValidatorService +mosip.signup.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify +mosip.signup.captcha-validator.site-key=${signup.captcha.site.key} +mosip.signup.captcha-validator.secret=${signup.captcha.secret.key} + +## ----------------------------- UI-Config ----------------------------------------------------------------------------- + +# Only after current challenge timeout we should enable resend in the UI. +# In this case timeout and resend-delay should be same always. +mosip.signup.ui.config.key-values={\ +'identifier.pattern': '${mosip.signup.identifier.regex}', \ +'identifier.prefix': '${mosip.signup.identifier.prefix}', \ +'captcha.site.key': '${mosip.signup.captcha-validator.site-key}', \ +'otp.length': ${mosip.signup.supported.challenge.otp.length}, \ +'password.pattern': '${mosip.signup.password.pattern}', \ +'password.length.max': ${mosip.signup.password.max-length}, \ +'password.length.min': ${mosip.signup.password.min-length}, \ +'challenge.timeout': ${mosip.signup.challenge.resend-delay}, \ +'resend.attempts': ${mosip.signup.challenge.resend-attempt}, \ +'resend.delay': ${mosip.signup.challenge.resend-delay}, \ +'fullname.pattern': '${mosip.signup.fullname.pattern}', \ +'status.request.delay': ${mosip.signup.status.request.delay}, \ +'status.request.limit': ${mosip.signup.status.request.limit}, \ +'popup.timeout': 10, \ +'signin.redirect-url': 'https://${mosip.esignet.host}/authorize', \ +'identifier.allowed.characters': '^[0-9]+', \ +'identifier.length.min': 8, \ +'identifier.length.max': 9, \ +'fullname.allowed.characters': '^[\\u1780-\\u17FF\\u19E0-\\u19FF\\u1A00-\\u1A9F\\u0020]', \ +'fullname.length.min': 1, \ +'fullname.length.max': 30, \ +'otp.blocked' : ${mosip.signup.generate-challenge.blocked.timeout}, \ +'send-challenge.captcha.required': ${mosip.signup.send-challenge.captcha-required} +} + +## ----------------------------- Notification templates ----------------------------------------------------------------------------- + +# Default charset encoding ISO-8859-1 does not support khmer language characters, so templates in khm language are base64 encoded. +mosip.signup.sms-notification-template.encoded-langcodes={'khm'} +mosip.signup.sms-notification-template.send-otp.khm=4Z6U4Z+S4Z6a4Z6+IHtjaGFsbGVuZ2V9IOGeiuGevuGemOGfkuGelOGeuOGeleGfkuGekeGfgOGehOGeleGfkuGekeGetuGej+Gfi+GeguGejuGek+GeuCBLaElEIOGemuGelOGen+Gfi+GeouGfkuGek+GegOGflA== +mosip.signup.sms-notification-template.send-otp.eng=Use {challenge} to verify your KhID account. +mosip.signup.sms-notification-template.registration.khm=4Z6i4Z+S4Z6T4Z6A4Z6U4Z624Z6T4Z6F4Z674Z+H4Z6I4Z+S4Z6Y4Z+E4Z+H4Z6C4Z6O4Z6T4Z64IEtoSUQg4Z6K4Z+E4Z6Z4Z6H4Z+E4Z6C4Z6H4Z+Q4Z6Z4Z+U +mosip.signup.sms-notification-template.registration.eng=You successfully registered to KhID account. +mosip.signup.sms-notification-template.forgot-password.khm=4Z6i4Z+S4Z6T4Z6A4Z6U4Z624Z6T4Z6V4Z+S4Z6b4Z624Z6f4Z+L4Z6U4Z+S4Z6K4Z684Z6a4Z6W4Z624Z6A4Z+S4Z6Z4Z6f4Z6Y4Z+S4Z6E4Z624Z6P4Z+LIEtoSUQg4Z6K4Z+E4Z6Z4Z6H4Z+E4Z6C4Z6H4Z+Q4Z6Z4Z+U +mosip.signup.sms-notification-template.forgot-password.eng=You successfully changed KhID password. + +#------------------------------------------ Others --------------------------------------------------------------------- +#logging.level.io.mosip.signup=DEBUG +#logging.level.org.springframework.web.client.RestTemplate=INFO diff --git a/sandbox/syncdata-mz.properties b/syncdata-default.properties similarity index 52% rename from sandbox/syncdata-mz.properties rename to syncdata-default.properties index 6ec4c545e73..1d569abfd22 100644 --- a/sandbox/syncdata-mz.properties +++ b/syncdata-default.properties @@ -1,11 +1,20 @@ -#---------------------------------------kernel common properties----------------------- -# Inside Kubernetes services are exposed on port 80 (most of them) -# For external connection to postgres, nodePort must be used. -mosip.kernel.database.hostname=postgres -mosip.kernel.database.port=80 - -#---------------------------------------Sync Data service------------------------------- -mosip.kernel.syncdata.auth-manager-base-uri=http://kernel-auth-service/v1/authmanager +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.internal.host +# keycloak.internal.url +# keycloak.admin.password +# mosip.auth.client.secret (convention: .) +# mosip.ida.client.secret +# mosip.admin.client.secret +# mosip.reg.client.secret +# mosip.prereg.client.secret +# mosip.syncdata.client.secret +# softhsm.kernel.security.pin + +## Sync data +mosip.kernel.syncdata.auth-manager-base-uri=${mosip.kernel.authmanager.url}/v1/authmanager mosip.kernel.syncdata.auth-manager-roles=/roles mosip.kernel.syncdata.auth-user-details=/userdetails mosip.kernel.syncdata.syncdata-request-id=SYNCDATA.REQUEST @@ -14,26 +23,23 @@ mosip.kernel.syncdata.syncdata-version-id=v1.0 mosip.kernel.syncdata.registration-center-config-file=registration-${spring.profiles.active}.properties # Name of the file that is present in the config server which has global config. mosip.kernel.syncdata.global-config-file=application-${spring.profiles.active}.properties -mosip.kernel.syncdata.syncjob-base-url=http://kernel-syncjob-service:8099/v1/syncjob/syncjobdef -mosip.kernel.syncdata-service-idschema-url=http://kernel-masterdata-service/v1/masterdata/idschema/latest +mosip.kernel.syncdata.syncjob-base-url=${mosip.kernel.syncdata.syncjob.url}/v1/syncjob/syncjobdef +mosip.kernel.syncdata-service-idschema-url=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest - -#------------------------------------sms notification service------------------------------- +## SMS notification mosip.kernel.sms.enabled=false mosip.kernel.sms.country.code=91 mosip.kernel.sms.number.length=10 - #mosip.kernel.sms.gateway : "infobip" or "msg91" mosip.kernel.sms.gateway=gateway - -#--msg91 gateway-- +## --msg91 gateway-- mosip.kernel.sms.api=smsapi mosip.kernel.sms.authkey=authkey mosip.kernel.sms.route=route mosip.kernel.sms.sender=sender mosip.kernel.sms.unicode=unicode -# -- Email notification ------- +## Email notification mosip.kernel.notification.email.from=mosipuser@gmail.com spring.mail.host=smtphost spring.mail.username=username @@ -47,23 +53,21 @@ spring.mail.debug=false spring.servlet.multipart.enabled=true spring.servlet.multipart.max-file-size=5MB -#--------------------------------------Keymanager Service-------------------------------------- +## Keymanager service #Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE -mosip.kernel.keymanager.hsm.keystore-type=Offline - +mosip.kernel.keymanager.hsm.keystore-type=OFFLINE # For PKCS11 provide Path of config file. # For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. # For Offline & JCE property can be left blank, specified value will be ignored. mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf - # Passkey of keystore for PKCS11, PKCS12 # For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. -mosip.kernel.keymanager.hsm.keystore-pass={cipher}2d6aa328be521b2be6f33f476f7df2ea39c7ae1a3e2146ec169c5fac3225da3f +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.kernel.security.pin} -#--------------------Audit Manager------------------------------------------------ +## Auditmanager mosip.kernel.auditmanager-service-logs-location=logs/audit.log -#--------------------Auth service -------------------------------------------------- +## Auth service auth.jwt.secret=authjwtsecret auth.jwt.base=Mosip-Token auth.jwt.expiry=6000000 @@ -72,77 +76,52 @@ auth.refreshtoken.header=RefreshToken auth.jwt.refresh.expiry=86400000 auth.primary.language=eng -otp.manager.api.generate=http://kernel-otpmanager-service/v1/otpmanager/otp/generate -otp.manager.api.verify=http://kernel-otpmanager-service/v1/otpmanager/otp/validate -otp.sender.api.email.send=http://kernel-notification-service/v1/notifier/email/send -otp.sender.api.sms.send=http://kernel-notification-service/v1/notifier/sms/send -masterdata.api.template=http://kernel-masterdata-service/v1/masterdata/templates/ +otp.manager.api.generate=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/generate +otp.manager.api.verify=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/validate +otp.sender.api.email.send=${mosip.kernel.notification.url}/v1/notifier/email/send +otp.sender.api.sms.send={mosip.kernel.notification.url}/v1/notifier/sms/send +masterdata.api.template=${mosip.kernel.masterdata.url}/v1/masterdata/templates/ masterdata.api.template.otp=/otp-sms-template -idrepo.api.getuindetails=http://idrepo-identity-service/idrepository/v1/identity/uin/{uin} +idrepo.api.getuindetails=${mosip.idrepo.identity.url}/v1/identity/uin/{uin} mosip.kernel.auth.app.id=auth mosip.kernel.auth.client.id=mosip-auth-client -mosip.kernel.auth.secret.key={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db +mosip.kernel.auth.secret.key=${mosip.auth.client.secret} mosip.kernel.ida.app.id=ida mosip.kernel.ida.client.id=mosip-ida-client -mosip.kernel.ida.secret.key={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db +mosip.kernel.ida.secret.key=${mosip.ida.client.secret} -#------------------------Token id generation service salts--------------------------- -mosip.kernel.tokenid.uin.salt=zHuDEAbmbxiUbUShgy6pwUhKh9DE0EZn9kQDKPPKbWscGajMwf -mosip.kernel.tokenid.partnercode.salt=yS8w5Wb6vhIKdf1msi4LYTJks7mqkbmITk2O63Iq8h0bkRlD0d +## Token id salts +mosip.kernel.tokenid.uin.salt=${mosip.kernel.uin.salt} +mosip.kernel.tokenid.partnercode.salt=${mosip.kernel.partnercode.salt} -#------------------------VID Generator Service--------------------------------------- -#minimum threshold of unused vid +## VID generator service mosip.kernel.vid.min-unused-threshold=100000 -#number of vids to generate mosip.kernel.vid.vids-to-generate=200000 -#time to release after expiry(in days) mosip.kernel.vid.time-to-release-after-expiry=5 -#for genaration on init vids timeout mosip.kernel.vid.pool-population-timeout=10000000 - kernel.vid.revoke-scheduler-type=cron -#schedular seconds configuration kernel.vid.revoke-scheduler-seconds=0 -#schedular minutes configuration kernel.vid.revoke-scheduler-minutes=0 -#schedular hours configuration kernel.vid.revoke-scheduler-hours=23 -#schedular days configuration kernel.vid.revoke-scheduler-days_of_month=* -#schedular months configuration kernel.vid.revoke-scheduler-months=* -#schedular weeks configuration kernel.vid.revoke-scheduler-days_of_week=* - kernel.vid.isolator-scheduler-type=cron -#schedular seconds configuration kernel.vid.isolator-scheduler-seconds=0 -#schedular minutes configuration kernel.vid.isolator-scheduler-minutes=0 -#schedular hours configuration kernel.vid.isolator-scheduler-hours=* -#schedular days configuration kernel.vid.isolator-scheduler-days_of_month=* -#schedular months configuration kernel.vid.isolator-scheduler-months=* -#schedular weeks configuration kernel.vid.isolator-scheduler-days_of_week=* -#------------------------PRID Properties-------------------------------------------- - -#minimum threshold of unused prid +## PRID properties mosip.kernel.prid.min-unused-threshold=1000 -#number of prids to generate mosip.kernel.prid.prids-to-generate=2000 -#for genaration on init prids timeout mosip.kernel.prid.pool-population-timeout=10000000 - mosip.kernel.prid.sequence-limit=3 kernel.prid.revoke-scheduler-type=cron - -# Schedular config kernel.prid.revoke-scheduler-seconds=0 kernel.prid.revoke-scheduler-minutes=0 kernel.prid.revoke-scheduler-hours=23 @@ -150,7 +129,12 @@ kernel.prid.revoke-scheduler-days_of_month=* kernel.prid.revoke-scheduler-months=* kernel.prid.revoke-scheduler-days_of_week=* -#------------------------DataBase Properties----------------------------------------- +## Database properties +# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace +# If database is external to production, provide the DNS or ip of the host and port +mosip.kernel.database.hostname=postgres-postgresql.postgres +mosip.kernel.database.port=5432 + javax.persistence.jdbc.driver=org.postgresql.Driver hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect hibernate.jdbc.lob.non_contextual_creation=true @@ -163,127 +147,96 @@ hibernate.cache.use_query_cache=false hibernate.cache.use_structured_entries=false hibernate.generate_statistics=false -#hibernate.ejb.interceptor=io.mosip.kernel.dataaccess.hibernate.config.EncryptionInterceptor logging.level.org.hibernate.SQL=ERROR logging.level.org.hibernate.type=ERROR -#Kernel admin service admin_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel admin_database_username=kerneluser -admin_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +admin_database_password=${db.dbuser.password} syncjob_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master syncjob_database_username=masteruser -syncjob_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +syncjob_database_password=${db.dbuser.password} -#Database mappings audit audit_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_audit audit_database_username=audituser -audit_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +audit_database_password=${db.dbuser.password} - -#Database mappings masterdata masterdata_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master -#masterdata_database_username=sysadmin -#masterdata_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 masterdata_database_username=masteruser -masterdata_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - +masterdata_database_password=${db.dbuser.password} -#Database mappings uin uin.swagger.base-url=https://qa.mosip.io uin_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel uin_database_username=kerneluser -uin_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +uin_database_password=${db.dbuser.password} hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext -#Database mappings id id_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel id_database_username=kerneluser -id_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +id_database_password=${db.dbuser.password} -#Database mappings vid vid_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel vid_database_username=kerneluser -vid_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +vid_database_password=${db.dbuser.password} -#Database mappings prid prid_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel prid_database_username=kerneluser -prid_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +prid_database_password=${db.dbuser.password} -#Database mappings keymanager keymanager.persistence.jdbc.driver=org.postgresql.Driver keymanager_database_url = jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_keymgr -keymanager_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +keymanager_database_password=${db.dbuser.password} keymanager_database_username= keymgruser -#Database mappings otp manager otpmanager_database_username = kerneluser otpmanager_database_url = jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel -otpmanager_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +otpmanager_database_password=${db.dbuser.password} -#Database mappings syncdata syncdata_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master syncdata_database_username=masteruser -syncdata_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +syncdata_database_password=${db.dbuser.password} -#Database mappings licensekeymanager licensekeymanager.persistence.jdbc.driver=org.postgresql.Driver licensekeymanager_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master licensekeymanager_database_username=masteruser -licensekeymanager_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +licensekeymanager_database_password=${db.dbuser.password} -#Database mappings rid generator ridgenerator_database_username =regprcuser ridgenerator_database_url =jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_regprc -ridgenerator_database_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 - - -#Database mappings authmanager -iam.datasource.url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_iam -iam.datasource.username=iamuser -iam.datasource.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -iam.datasource.driverClassName=org.postgresql.Driver -spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +ridgenerator_database_password=${db.dbuser.password} -db_1_DS.datastore.ipaddress=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_iam -db_1_DS.datastore.username=iamuser -db_1_DS.datastore.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -db_1_DS.datastore.driverClassName=org.postgresql.Driver -db_1_DS.datastore.schema=GOVT_OFFICERS - -db_2_DS.datastore.ipaddress=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_iam -db_2_DS.datastore.username=iamuser -db_2_DS.datastore.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 -db_2_DS.datastore.driverClassName=org.postgresql.Driver -db_2_DS.datastore.schema=GOVT_OFFICERS - -#-------------------------------------------------------------------------------------------------# - -#------------------------KeyCloak Config changes---------------------------# - -mosip.iam.base-url=http://keycloak +## Keycloak properties +mosip.iam.base-url=${keycloak.internal.url} mosip.iam.admin-realm-id=admin mosip.iam.default.realm-id=mosip -mosip.iam.open-id-url =${mosip.iam.base-url}/auth/realms/{realmId}/protocol/openid-connect/ -mosip.iam.realm.operations.base-url=${mosip.iam.base-url}/auth/admin/realms/{realmId} -mosip.iam.admin-url=${mosip.iam.base-url}/auth/admin/ +mosip.iam.open-id-url =${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/ +mosip.iam.realm.operations.base-url=${keycloak.internal.url}/admin/realms/{realmId} +mosip.iam.admin-url=${keycloak.internal.url}/admin/ mosip.iam.roles-extn-url=realms/mosip/roles mosip.iam.users-extn-url=realms/mosip/users mosip.iam.role-user-mapping-url=/{userId}/role-mappings/realm +mosip.iam.role-based-user-url=realms/{realm}/roles/{role-name}/users +#Self token resttemplate related to configuration +mosip.iam.adapter.clientid=mosip-syncdata-client +mosip.iam.adapter.clientsecret=${mosip.syncdata.client.secret} +mosip.iam.adapter.appid=registrationclient +mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip +mosip.authmanager.client-token-endpoint=${mosip.authmanager.base-url}/authenticate/clientidsecretkey +mosip.iam.adapter.validate-expiry-check-rate=15 +mosip.iam.adapter.renewal-before-expiry-interval=15 +mosip.iam.adapter.self-token-renewal-enable=true + keycloak.realm=registration-client keycloak.resource=account -keycloak.auth-server-url=http://keycloak/auth +keycloak.auth-server-url=${keycloak.internal.url}/auth keycloak.ssl-required=none keycloak.public-client=true keycloak.use-resource-role-mappings=true keycloak.verify-token-audience=true -mosip.authmanager.base-url=http://kernel-auth-service/v1/authmanager - -mosip.iam.authorization_endpoint=${mosip.iam.base-url}/auth/realms/{realmId}/protocol/openid-connect/auth -mosip.iam.token_endpoint=${mosip.iam.base-url}/auth/realms/{realmId}/protocol/openid-connect/token +mosip.iam.authorization_endpoint=${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/auth +mosip.iam.token_endpoint=${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/token mosip.admin.login_flow.name=authorization_code mosip.admin.login_flow.response_type=code mosip.admin.login_flow.scope=cls @@ -291,40 +244,42 @@ mosip.admin.clientid=mosip-admin-client mosip.admin.clientsecret={cipher}46b4a98aac7347e6a2d4f723e281cfd1e7b859100cc17494fc7ed9fb357a6cd9 mosip.admin.redirecturi=${mosip.authmanager.base-url}/login-redirect/ mosip.admin_realm_id=mosip - mosip.iam.master.realm-id=master - mosip.iam.pre-reg_user_password=mosip -db_3_DS.keycloak.ipaddress= jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/keycloak -db_3_DS.keycloak.port=80 -db_3_DS.keycloak.username=postgres -db_3_DS.keycloak.password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 +## TODO: Below config is not needed anymore. Need to remove init of db_3_DS in authmanager code. For now, we just +## point to a valid db. +#db_3_DS.keycloak.ipaddress= jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/keycloak +db_3_DS.keycloak.ipaddress= jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel +db_3_DS.keycloak.port=${mosip.kernel.database.port} +db_3_DS.keycloak.username=kerneluser +db_3_DS.keycloak.password=${db.dbuser.password} db_3_DS.keycloak.driverClassName=org.postgresql.Driver mosip.keycloak.admin.client.id=admin-cli mosip.keycloak.admin.user.id=admin -mosip.keycloak.admin.secret.key={cipher}e16f132dc80ad5043acb6c2173c95be217ee5f5246a589ca58d5f75fa0a9d63d - +mosip.keycloak.admin.secret.key=${keycloak.admin.password} mosip.iam.impl.basepackage=io.mosip.kernel.auth.defaultimpl mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter -#---latest changes--# +mosip.authmanager.base-url=${mosip.kernel.authmanager.url}/v1/authmanager + master.search.maximum.rows=50 mosip.level=2 -mosip.kernel.masterdata.audit-url= http://kernel-auditmanager-service/v1/auditmanager/audits +mosip.kernel.masterdata.audit-url= ${mosip.kernel.auditmanager.url}/v1/auditmanager/audits mosip.keycloak.max-no-of-users=20000 -#---Register device changes--# -mosip.kernel.sign-url=http://kernel-keymanager-service/v1/keymanager/sign +## Register device +mosip.kernel.keymanager-service-sign-url=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign masterdata.registerdevice.timestamp.validate=+10 -mosip.kernel.prereg.realm-id=preregistration +## Prereg +mosip.kernel.prereg.realm-id=mosip mosip.kernel.prereg.client.id=mosip-prereg-client -mosip.kernel.prereg.secret.key={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db +mosip.kernel.prereg.secret.key=${mosip.prereg.client.secret} -# UIN Schedular config +## UIN scheduler kernel.uin.transfer-scheduler-type=cron kernel.uin.transfer-scheduler-seconds=0 kernel.uin.transfer-scheduler-minutes=48 @@ -333,33 +288,38 @@ kernel.uin.transfer-scheduler-days_of_month=* kernel.uin.transfer-scheduler-months=* kernel.uin.transfer-scheduler-days_of_week=* -# UIN Auth adapter config -auth.server.admin.validate.url=http://kernel-auth-service/v1/authmanager/authorize/admin/validateToken +## UIN Auth adapter config +auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken +auth.server.admin.allowed.audience=mosip-regproc-client,mosip-prereg-client,mosip-admin-client,mosip-reg-client,mosip-resident-client -# Proxy otp +## Proxy otp mosip.kernel.auth.proxy-otp-value=111111 mosip.security.provider.name=SunPKCS11-pkcs11-proxy -#---------------------------------------Security Properties----------------------------- -#CSRF switch -mosip.security.csrf-enable=false +## identity schema backward compatability ######## +mosip.ui.spec.default.domain=registration-client -#CORS switch -mosip.security.cors-enable=false +#### Required for admin UI ############## +## this pattern like --> display column : configKey. +## We can provide multiple values with ";" separated +mosip.admin.ui.configs=version:${aplication.configuration.level.version};locationHierarchyLevel:${mosip.recommended.centers.locCode};mandatoryLanguages:${mosip.mandatory-languages};optionalLanguages:${mosip.optional-languages};supportedLanguages: ${mosip.mandatory-languages},${mosip.optional-languages};leftToRightOrientation:${mosip.left_to_right_orientation};rightToLeftOrientation:${mosip.right_to_left_orientation};countryCode:${mosip.country.code} -#comma separated allowed origins +## Used to get IAM user details. +mosip.kernel.masterdata.auth-manager-base-uri=${mosip.kernel.authmanager.url}/v1/authmanager +mosip.kernel.masterdata.auth-user-details=/userdetails +## Security properties +mosip.security.csrf-enable=false +mosip.security.cors-enable=false mosip.security.origins=localhost:8080 - -#secure cookie switch mosip.security.secure-cookie=false -# ROOT key identifier +## ROOT key identifier mosip.root.key.applicationid=ROOT -# Certificate signing algorithm +## Certificate signing algorithm mosip.kernel.certificate.sign.algorithm=SHA256withRSA -# Default certificate params +## Default certificate params mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER mosip.kernel.keymanager.certificate.default.organization=IITB @@ -367,7 +327,7 @@ mosip.kernel.keymanager.certificate.default.location=BANGALORE mosip.kernel.keymanager.certificate.default.state=KA mosip.kernel.keymanager.certificate.default.country=IN -# Zero Knowledge Master & Public Key identifier. +## Zero Knowledge Master & Public Key identifier. mosip.kernel.zkcrypto.masterkey.application.id=KERNEL mosip.kernel.zkcrypto.masterkey.reference.id=IDENTITY_CACHE mosip.kernel.zkcrypto.publickey.application.id=IDA @@ -375,29 +335,27 @@ mosip.kernel.zkcrypto.publickey.reference.id=PUBLIC_KEY mosip.kernel.zkcrypto.wrap.algorithm-name=AES/ECB/NoPadding mosip.kernel.zkcrypto.derive.encrypt.algorithm-name=AES/ECB/PKCS5Padding -# Application Id for PMS master key. +## Application Id for PMS master key. mosip.kernel.partner.sign.masterkey.application.id=PMS datastores=ldap_1_DS,db_1_DS,db_2_DS -# Partner Management Service allowed partner domains +## Partner Management Service allowed partner domains mosip.kernel.partner.allowed.domains=AUTH,DEVICE,FTM -# List of keys to auto generate. +## List of keys to auto generate. mosip.kernel.keymanager.autogen.appids.list=ROOT,KERNEL:SIGN,PRE_REGISTRATION,REGISTRATION,REGISTRATION_PROCESSOR,ID_REPO,KERNEL:IDENTITY_CACHE,RESIDENT,PMS -# random keys required for ZK encrypt. +## Random keys required for ZK encrypt. zkcrypto.random.key.generate.count=10000 -datastores=db_1_DS,db_2_DS - mosip.kernel.keymanager.autogen.basekeys.list=RESIDENT:mpartner-default-resident # Keymanager service keystore cache properties mosip.kernel.keymanager.keystore.keyreference.enable.cache=true # API to get machine based on machine id -mosip.kernel.syncdata-service-machine-url=http://kernel-masterdata-service/v1/masterdata/machines/%s/eng +mosip.kernel.syncdata-service-machine-url=${mosip.kernel.masterdata.url}/v1/masterdata/machines/%s # Flag added to choose client crypto implementation in syncdata service # Needs to be updated to true in prod deployments @@ -405,13 +363,14 @@ mosip.syncdata.tpm.required=false mosip.kernel.registrationclient.app.id=registrationclient mosip.kernel.registrationclient.client.id=mosip-reg-client -mosip.kernel.registrationclient.secret.key={cipher}215f555ae8266e12fed8144620b34fa3f2be2f805a3d28f9e0cfca3e777d18db +# env variable +mosip.kernel.registrationclient.secret.key=${mosip.reg.client.secret} # API to fetch auth token and refresh token used by syncdata-service -mosip.kernel.authtoken.NEW.internal.url=http://kernel-auth-service/v1/authmanager/authenticate/internal/useridPwd -mosip.kernel.authtoken.OTP.internal.url=http://kernel-auth-service/v1/authmanager/authenticate/internal/userotp -mosip.kernel.authtoken.REFRESH.internal.url=http://kernel-auth-service/v1/authmanager/authorize/internal/refreshToken/registrationclient -mosip.kernel.auth.sendotp.url=http://kernel-auth-service/v1/authmanager/authenticate/sendotp +mosip.kernel.authtoken.NEW.internal.url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/internal/useridPwd +mosip.kernel.authtoken.OTP.internal.url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/internal/userotp +mosip.kernel.authtoken.REFRESH.internal.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/internal/refreshToken/registrationclient +mosip.kernel.auth.sendotp.url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/sendotp # Sample Additional configuration required for real HSM configured though JCE. # Add the required JCE properties with prefix. - "mosip.kernel.keymanager.hsm.jce" for the property key @@ -426,7 +385,7 @@ syncdata.websub.topic.ca-cert=CA_CERTIFICATE_UPLOADED syncdata.websub.callback.secret.ca-cert=secret # Callback url for partner CA certificate CRUD event syncdata.websub.callback.url.path.ca-cert=/websub/callback/cacert -syncdata.websub.callback.url.ca-cert=http://kernel-syncdata-service/v1/syncdata/websub/callback/cacert +syncdata.websub.callback.url.ca-cert=${mosip.kernel.syncdata.url}/${server.servlet.context-path}/websub/callback/cacert # Number of retires on subscription failure syncdata.websub.resubscription.retry.count=3 # The time interval in seconds to schedule subscription of topics which is done as a @@ -434,6 +393,48 @@ syncdata.websub.resubscription.retry.count=3 # this property value is set to 0 that disables this workaround. # To enable the resubscrition scheduling, this property should be assigned with a positive # number like 1 * 60 * 60 = 3600 for one hour -syncdata.websub.resubscription.delay.secs=7200 -# Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub. +syncdata.websub.resubscription.delay.millis=43200000 subscriptions-delay-on-startup=120000 + +#Property to fetch location hierarchies during client settings sync +mosip.kernel.masterdata.locationhierarchylevels.uri=${mosip.kernel.masterdata.url}/v1/masterdata/locationHierarchyLevels +# Flag to identify the support of no thumbprint in 1.1.3 version. +# Added this for backward compatability. default is false, means support is not required. +# Make it to true if support is required. +mosip.kernel.keymanager.113nothumbprint.support=false + +mosip.sync.entity.url.APPLICANTTYPE.MVEL=${mosip.api.internal.url}/v1/syncdata/scripts/applicanttype.mvel +mosip.sync.entity.auth-required.APPLICANTTYPE.MVEL=true +mosip.sync.entity.auth-token.APPLICANTTYPE.MVEL=Authorization:OAUTH +mosip.sync.entity.encrypted.APPLICANTTYPE.MVEL=false +mosip.sync.entity.headers.APPLICANTTYPE.MVEL=Content-Type:text/plain;charset=UTF-8 +mosip.sync.entity.only-on-fullsync.APPLICANTTYPE.MVEL=false + +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +syncdata.cache.evict.delta-sync.cron=0 0/15 * * * * +syncdata.cache.snapshot.cron=0 0 23 * * * + +mosip.kernel.keymanager-service-publickey-url=${mosip.kernel.keymanager.url}/v1/keymanager/getCertificate?applicationId={applicationId} + +mosip.kernel.keymanager.unique.identifier.autoupdate=false + +# This property needs to be set to true if 1.1.4 version of regclient is running. +# If set to true, in clientsettings sync, the values for tables Gender and IndividualType will be fetched from their individual tables. +# If false, they will be fetched from dynamic_field table, which is not supported by 1.1.4 version of regclient. +mosip.syncdata.regclient.support114=false + +## Roles +mosip.role.admin.syncdata.getclientsettings=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default +mosip.role.admin.syncdata.getpublickeyapplicationid=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default +mosip.role.admin.syncdata.gettpmpublickeyverify=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default +mosip.role.admin.syncdata.getlatestidschema=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,INDIVIDUAL,RESIDENT,ID_AUTHENTICATION +mosip.role.admin.syncdata.getgetcertificate=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default +mosip.role.admin.syncdata.gettpmpublickeymachineid=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default,REGISTRATION_PROCESSOR +mosip.role.admin.syncdata.getconfigskeyIndex=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default +mosip.role.admin.syncdata.getuserdetails=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default +mosip.role.admin.syncdata.getgetcacertificates=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default +mosip.role.admin.syncdata.getv2clientsettings=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default +mosip.role.admin.syncdata.getclientsettingsentityIdentifier=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,default +mosip.role.admin.syncdata.getscriptsscriptName=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,default + diff --git a/vccontext-ida.jsonld b/vccontext-ida.jsonld new file mode 100644 index 00000000000..f9169381912 --- /dev/null +++ b/vccontext-ida.jsonld @@ -0,0 +1,9 @@ +{ + "context" : [ + "https://www.w3.org/2018/credentials/v1", + "https://${mosip.api.public.host}/.well-known/mosip-ida-context.json", + { + "sec": "https://w3id.org/security#" + } +] +} diff --git a/vccontext.jsonld b/vccontext.jsonld new file mode 100644 index 00000000000..f9ceeb9f6bd --- /dev/null +++ b/vccontext.jsonld @@ -0,0 +1,9 @@ +{ + "context" : [ + "https://www.w3.org/2018/credentials/v1", + "https://${mosip.api.public.host}/.well-known/mosip-context.json", + { + "sec": "https://w3id.org/security#" + } +] +} diff --git a/websub-consolidator.toml b/websub-consolidator.toml new file mode 100644 index 00000000000..1076b3907f5 --- /dev/null +++ b/websub-consolidator.toml @@ -0,0 +1,33 @@ +[consolidatorService.config] +# IP and Port of the Kafka bootstrap node +KAFKA_BOOTSTRAP_NODE = "kafka.${kafka.profile}:${kafka.port}" + +# Kafka topic which will get notified for websub topic registration/deregistration +# All the hubs must be pointed to the same Kafka topic to notify websub topic registration/deregistration +REGISTERED_WEBSUB_TOPICS_TOPIC = "registered-websub-topics" + +# Kafka topic which stores consolidated websub topics for the hub +CONSOLIDATED_WEBSUB_TOPICS_TOPIC = "consolidated-websub-topics" + +# Kafka topic which will get notified for websub subscription/unsubscription +# All the hubs must be pointed to the same Kafka topic to notify websub subscription/unsubscription +WEBSUB_SUBSCRIBERS_TOPIC = "registered-websub-subscribers" + +# Kafka topic which is stores consolidated websub subscribers for this server +CONSOLIDATED_WEBSUB_SUBSCRIBERS_TOPIC = "consolidated-websub-subscribers" + +# The interval in which Kafka consumers wait for new messages +POLLING_INTERVAL = 10.0 + +# The period in which Kafka close method waits to complete +GRACEFUL_CLOSE_PERIOD = 5.0 + + +# The disk space threshold for healthcheck +DISK_SPACE_THRESHOLD = 10485760 + +# The port that is used to start the consolidator +CONSOLIDATOR_PORT = 9192 + +# consolidator health endpoint +CONSOLIDATOR_HEALTH_ENDPOINT = "/consolidator/actuator/health" diff --git a/websub-service.toml b/websub-service.toml new file mode 100644 index 00000000000..177d6cfb6e0 --- /dev/null +++ b/websub-service.toml @@ -0,0 +1,103 @@ +[kafkaHub.config] +# Flag to check whether to enable/disable security +SECURITY_ON = true + +# Server ID is is used to uniquely identify each server +# Each server must have a unique ID +SERVER_ID = "server-1" + +# IP and Port of the Kafka bootstrap node +KAFKA_BOOTSTRAP_NODE = "kafka.${kafka.profile}:${kafka.port}" + +# Kafka topic which will get notified for websub topic registration/deregistration +# All the hubs must be pointed to the same Kafka topic to notify websub topic registration/deregistration +REGISTERED_WEBSUB_TOPICS_TOPIC = "registered-websub-topics" + +# Kafka topic which stores consolidated websub topics for the hub +CONSOLIDATED_WEBSUB_TOPICS_TOPIC = "consolidated-websub-topics" + +# Kafka topic which will get notified for websub subscription/unsubscription +# All the hubs must be pointed to the same Kafka topic to notify websub subscription/unsubscription +WEBSUB_SUBSCRIBERS_TOPIC = "registered-websub-subscribers" + +# Kafka topic which is stores consolidated websub subscribers for this server +CONSOLIDATED_WEBSUB_SUBSCRIBERS_TOPIC = "consolidated-websub-subscribers" + +# The interval in which Kafka consumers wait for new messages +POLLING_INTERVAL = 10.0 + +# The period in which Kafka close method waits to complete +GRACEFUL_CLOSE_PERIOD = 5.0 + +# The port that is used to start the hub +HUB_PORT = 9191 + +# The period between retry requests +MESSAGE_DELIVERY_RETRY_INTERVAL = 3.0 + +# The maximum retry count +MESSAGE_DELIVERY_COUNT = 3 + +# The message delivery timeout +MESSAGE_DELIVERY_TIMEOUT = 30.0 + +# The base URL of IDP +MOSIP_AUTH_BASE_URL = "${mosip.kernel.authmanager.url}/v1/authmanager" + + +# The token validation URL of IDP +MOSIP_AUTH_VALIDATE_TOKEN_URL = "/authorize/admin/validateToken" + +# The token validation URL of IDP +DISK_SPACE_THRESHOLD = 10485760 + +# The token validation URL of IDP +PARTNER_USER_ID_PREFIX = "service-account-" + + +#CURRENT_WORKING_DIR = "user.dir" + +# The period between retry requests +INTENT_VERIFICATION_RETRY_INTERVAL = 3.0 + +# The maximum retry count +INTENT_VERIFICATION_COUNT = 3 + +# The period between retry requests +INTENT_VERIFICATION_BACKOFF_FACTOR = 2.0 + +# The maximum retry count +INTENT_VERIFICATION_MAX_INTERVAL = 20.0 + +# The maximum retry count +KAFKA_CONSUMER_MAX_POLL_RECORDS = 3 + +# The maximum retry count +KAFKA_CONSUMER_FETCH_MAX_BYTES = 3145728 + +# The maximum retry count +KAFKA_CONSUMER_MAX_PARTITION_FETCH_BYTES = 524288 + +# Kafka topic which is stores consolidated websub subscribers for this server +META_TOPICS = "registered-websub-topics,consolidated-websub-topics,registered-websub-subscribers,consolidated-websub-subscribers" + +# consolidator base url +CONSOLIDATOR_BASE_URL = "${mosip.consolidator.url}" + +# consolidator health endpoint +CONSOLIDATOR_HEALTH_ENDPOINT = "/consolidator/actuator/health" + +#Encryption key that will be used to encrypt / decrypt the hub secret +HUB_SECRET_ENCRYPTION_KEY = "${hub.secret.encryption.key}" + +# Below config will allow base64-encoded-bytes / alpha-numeric. +# Recommended to use base64-encoded-bytes since alpha-numeric is considered less secure. This is just given to ensure the backward compatiblity +HUB_SECRET_ENCRYPTION_KEY_FORMAT = "alpha-numeric" + +[ballerina.http.accessLogConfig] +# Enable printing access logs in console +console = true # Default is false + +[ballerina.http.traceLogAdvancedConfig] +# Enable printing trace logs in console +console = false # Default is false