[INJICERT-42] Upgraded sunbird images and add steps in ReadMe for usi…

…ng ES256 algorithm in eSignet (#7) * [INJICERT-42] upgraded sunbird images Signed-off-by: Challarao <[email protected]> * [INJICERT-42] added detailed steps for generating DID in README.md Signed-off-by: Challarao <[email protected]> * [INJICERT-42] added steps for hosting multiple DIDs in a single git repository Signed-off-by: Challarao <[email protected]>
mosip · May 7, 2024 · 3146cc6 · 3146cc6
1 parent 50a3e3d
commit 3146cc6
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 25 deletions.
diff --git a/README.md b/README.md
@@ -22,10 +22,16 @@ Execute installation script
 
     ```bash
     cd inji-certify
+    ```
+2. Change the value of `WEB_DID_BASE_URL` in [.env](docker-compose-sunbird/.env) file to your public domain where did.json will be hosted(You can use your github profile to host DIDs).
+
+3. Execute the installation script:
+
+    ```bash
     ./install.sh
     ```
 
-2. During the execution of the `install.sh` script, user will be prompted to select the service to be installed:
+4. During the execution of the `install.sh` script, user will be prompted to select the service to be installed:
 
     ```
     1. Sunbird RC
@@ -34,29 +40,43 @@ Execute installation script
     Select:
     ```
 
-3. Select "Sunbird RC" as the first step of the installation process.
+5. Select "Sunbird RC" as the first step of the installation process.
 
-4. The installation will encompass the following services:
+6. The installation will encompass the following services:
    * [Credential Schema](https://github.com/Sunbird-RC/sunbird-rc-core/tree/main/services/credential-schema)
    * [Credential Service](https://github.com/Sunbird-RC/sunbird-rc-core/tree/main/services/credentials-service)
    * [Identity Service](https://github.com/Sunbird-RC/sunbird-rc-core/tree/main/services/identity-service)
    * [Registry](https://github.com/Sunbird-RC/sunbird-rc-core)
-5. Post Sunbird installation, proceed to create an issuer and credential schema. Refer to the API schemas available [here](https://github.com/Sunbird-RC/sunbird-rc-core/tree/main/api-documentation).
+7. Post Sunbird installation, proceed to create an issuer and credential schema. Refer to the Postman collections available [here](https://github.com/Sunbird-RC/demo-mosip-rc/blob/main/Demo%20Mosip%20RC.postman_collection.json).
     * Set the hostname of the endpoints correctly as per your docker setup
-    * Now generate a DID, create a credential schema and create an issuance registry
-        * take note of `$.schema[0].author`  and  `$.schema[0].id` from the create credential schema request
-6. Add the jar file of Digital Credential Stack(DCS) plugin implementation in [loader_path](docker-compose-esignet/loader_path). The JAR can be built [from source](https://github.com/mosip/digital-credential-plugins/) or [downloaded directly](https://mvnrepository.com/artifact/io.mosip.esignet.sunbirdrc/sunbird-rc-esignet-integration-impl).
-7. Modify the properties of the Esignet service located in the [esignet-default.properties](docker-compose-esignet/config/esignet-default.properties) file:
+    * For generating a DID use the `Generate a DID` API:
+      * Change the `method` field in request body to `web` and `services` to an empty list
+      * Take note of the `id` field from the API response.
+      *  For local testing:
+        * Inside the github repo mentioned in point 2, create a folder with the name of the unique id from the `id` field.
+          * Example: If the `id` from the response is `did:web:challabeehyv.github.io:DID-Resolve:3313e611-d08a-49c8-b478-7f55eafe62f2` then the folder name should be `3313e611-d08a-49c8-b478-7f55eafe62f2`
+        *  Create a file named did.json in the above folder and add the response from `Generate a DID` API.
+        * Publish the did.json as a webpage.
+        * Similarly multiple DIDs can be hosted in a single git repo with different folder names.
+    * Now create a credential schema and create an issuance registry
+         * take note of `$.schema[0].author`  and  `$.schema[0].id` from the create credential schema request
+8. Add the jar file of Digital Credential Stack(DCS) plugin implementation in [loader_path](docker-compose-esignet/loader_path). The JAR can be built [from source](https://github.com/mosip/digital-credential-plugins/) or [downloaded directly](https://mvnrepository.com/artifact/io.mosip.esignet.sunbirdrc/sunbird-rc-esignet-integration-impl).
+9. Modify the properties of the Esignet service located in the [esignet-default.properties](docker-compose-esignet/config/esignet-default.properties) file:
    - Include Issuer ID and credential schema ID for the following properties: `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId`, `mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential-type}.cred-schema-id`.
    - The `$.schema[0].author` DID goes to the config ending in issuerId and `$.schema[0].id` DID goes to the config ending in `cred-schema-id`.
-8. Once the Esignet properties are configured, proceed to select Esignet from the options provided for eSignet.
-9. Download the postman collection and environment for sunbird use case from [here](https://github.com/mosip/digital-credential-plugins/tree/master/sunbird-rc-esignet-integration-impl/postman-collections).
-10. Create Client from Create OIDC client API, add redirect uri 'http://localhost:3001', add auth-factor 'mosip:idp:acr:knowledge' to the request body.
-11. Change `aud` variable in environment to 'http://localhost:8088/v1/esignet/oauth/v2/token' and set `audUrl` to http://localhost:8088
-12. Perform a Knowledge based authentication(KBA) as specified in the Postman collection.
+10. Once the Esignet properties are configured, proceed to select Esignet from the options provided for eSignet.
+11. Download the postman collection and environment for sunbird use case from [here](https://github.com/mosip/digital-credential-plugins/tree/master/sunbird-rc-esignet-integration-impl/postman-collections).
+12. Create Client from Create OIDC client API, add redirect uri 'http://localhost:3001', add auth-factor 'mosip:idp:acr:knowledge' to the request body.
+13. Change `aud` variable in environment to 'http://localhost:8088/v1/esignet/oauth/v2/token' and set `audUrl` to http://localhost:8088
+14. Perform a Knowledge based authentication(KBA) as specified in the Postman collection.
     * perform the authorize callback request
     * in the /authorization/authenticate request update the challenge to a URL-safe base64 encoded string with the KBA details such as `{"fullName":"Abhishek Gangwar","dob":"1967-10-24"}`, one can use an [online base64 encoding service](https://base64encode.org) for the same.
-    * in the /vci/credential api inside pre-request script section change the aud env variable to  -> "aud" : pm.environment.get('audUrl')
+    * in the /vci/credential api inside pre-request script section:
+      * change the aud env variable to  -> "aud" : pm.environment.get('audUrl')
+      * For generating a credential with smaller VC change the below variables:
+        * `keypair` variable to -> keyPair = pmlib.rs.KEYUTIL.generateKeypair("EC", "P-256");
+        * `alg` to ES256 in place of RS256
+
 
 ## Properties for custom use case
 

diff --git a/docker-compose-esignet/config/esignet-default.properties b/docker-compose-esignet/config/esignet-default.properties
@@ -134,25 +134,25 @@ mosip.esignet.authenticator.sunbird-rc.kba.entity-id-field=osid
 
 mosip.esignet.vciplugin.sunbird-rc.issue-credential-url=http://nginx:80/credential/credentials/issue
 mosip.esignet.vciplugin.sunbird-rc.supported-credential-types=HealthInsuranceCredential,LifeInsuranceCredential,InsuranceCredential
-mosip.esignet.vciplugin.sunbird-rc.credential-type.HealthInsuranceCredential.static-value-map.issuerId=did:upai:9d67541a-9af1-4510-a004-23c6d955c3ee
+mosip.esignet.vciplugin.sunbird-rc.credential-type.HealthInsuranceCredential.static-value-map.issuerId=did:web:challabeehyv.github.io:DID-Resolve:3313e611-d08a-49c8-b478-7f55eafe62f2
 mosip.esignet.vciplugin.sunbird-rc.credential-type.HealthInsuranceCredential.template-url=https://raw.githubusercontent.com/challabeehyv/mimoto-config/main/InsuranceConfig.json
 mosip.esignet.vciplugin.sunbird-rc.credential-type.HealthInsuranceCredential.registry-get-url=http://nginx:80/registry/api/v1/Insurance/
-mosip.esignet.vciplugin.sunbird-rc.credential-type.HealthInsuranceCredential.cred-schema-id=did:schema:188126c2-5657-48d4-a347-4e832d5567dd
+mosip.esignet.vciplugin.sunbird-rc.credential-type.HealthInsuranceCredential.cred-schema-id=did:schema:dc000a57-e889-4347-b6c1-710d1ec8b31a
 mosip.esignet.vciplugin.sunbird-rc.credential-type.HealthInsuranceCredential.cred-schema-version=1.0.0
 mosip.esignet.vciplugin.sunbird-rc.credential-type.HealthInsuranceCredential.registry-search-url=http://nginx:80/registry/api/v1/Insurance/search
 
-mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.static-value-map.issuerId=did:upai:9d67541a-9af1-4510-a004-23c6d955c3ee
+mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.static-value-map.issuerId=did:web:challabeehyv.github.io:DID-Resolve:3313e611-d08a-49c8-b478-7f55eafe62f2
 mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.template-url=https://raw.githubusercontent.com/challabeehyv/mimoto-config/main/InsuranceConfig.json
 mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.registry-get-url=http://nginx:80/registry/api/v1/Insurance/
-mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.cred-schema-id=did:schema:188126c2-5657-48d4-a347-4e832d5567dd
+mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.cred-schema-id=did:schema:dc000a57-e889-4347-b6c1-710d1ec8b31a
 mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.cred-schema-version=1.0.0
 mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.registry-search-url=http://nginx:80/registry/api/v1/Insurance/search
 
 
-mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.static-value-map.issuerId=did:upai:9d67541a-9af1-4510-a004-23c6d955c3ee
+mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.static-value-map.issuerId=did:web:challabeehyv.github.io:DID-Resolve:3313e611-d08a-49c8-b478-7f55eafe62f2
 mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.template-url=https://raw.githubusercontent.com/challabeehyv/mimoto-config/main/InsuranceConfig.json
 mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.registry-get-url=http://nginx:80/registry/api/v1/Insurance/
-mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.cred-schema-id=did:schema:188126c2-5657-48d4-a347-4e832d5567dd
+mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.cred-schema-id=did:schema:dc000a57-e889-4347-b6c1-710d1ec8b31a
 mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.cred-schema-version=1.0.0
 mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.registry-search-url=http://nginx:80/registry/api/v1/Insurance/search
 
@@ -423,7 +423,7 @@ mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}${server
 
 ##change this to your value
 mosip.esignet.cnonce-expire-seconds=1000
-mosip.esignet.vci.supported.jwt-proof-alg={'RS256','PS256'}
+mosip.esignet.vci.supported.jwt-proof-alg={'RS256','PS256','ES256'}
 
 mosip.esignet.vci.key-values={\
  'v11' : {\

diff --git a/docker-compose-sunbird/.env b/docker-compose-sunbird/.env
@@ -10,9 +10,10 @@ VAULT_BASE_URL=http://vault:8200/v1
 VAULT_ROOT_PATH=http://vault:8200/v1/kv
 VAULT_TIMEOUT=5000
 VAULT_PROXY=false
-SIGNING_ALGORITHM=Ed25519
+SIGNING_ALGORITHM=Ed25519Signature2020
 JWKS_URI=
 ENABLE_AUTH=false
+WEB_DID_BASE_URL=https://challabeehyv.github.io/DID-Resolve
 
 # schema service
 IDENTITY_BASE_URL=http://identity:3332

diff --git a/docker-compose-sunbird/docker-compose.yml b/docker-compose-sunbird/docker-compose.yml
@@ -28,7 +28,7 @@ services:
     networks:
       - network
   identity:
-    image: ghcr.io/sunbird-rc/sunbird-rc-identity-service:v2.0.0-beta2
+    image: ghcr.io/sunbird-rc/sunbird-rc-identity-service:v2.0.0-rc3
     ports:
       - "3332:3332"
     depends_on:
@@ -47,6 +47,7 @@ services:
       - SIGNING_ALGORITHM=${SIGNING_ALGORITHM}
       - JWKS_URI=${JWKS_URI}
       - ENABLE_AUTH=${ENABLE_AUTH}
+      - WEB_DID_BASE_URL=${WEB_DID_BASE_URL}
     healthcheck:
       test:
         [ "CMD-SHELL", "curl -f http://localhost:3332/health || exit 1" ]
@@ -56,7 +57,7 @@ services:
     networks:
       - network
   schema:
-    image: ghcr.io/sunbird-rc/sunbird-rc-credential-schema:v2.0.0-beta1
+    image: ghcr.io/sunbird-rc/sunbird-rc-credential-schema:v2.0.0-rc3
     ports:
       - "3333:3333"
     depends_on:
@@ -78,7 +79,7 @@ services:
     networks:
       - network
   credential:
-    image: ghcr.io/sunbird-rc/sunbird-rc-credentials-service:v2.0.0-beta2
+    image: ghcr.io/sunbird-rc/sunbird-rc-credentials-service:v2.0.0-rc3
     ports:
       - "3000:3000"
     depends_on:
@@ -95,6 +96,7 @@ services:
       - CREDENTIAL_SERVICE_BASE_URL=${CREDENTIAL_SERVICE_BASE_URL}
       - JWKS_URI=${JWKS_URI}
       - ENABLE_AUTH=${ENABLE_AUTH}
+      - QR_TYPE=W3C_VC
     healthcheck:
       test:
         [ "CMD-SHELL", "curl -f http://localhost:3000/health || exit 1" ]