diff --git a/README.md b/README.md index 8d49237..3929fcf 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,15 @@ -**Mission for Launch Coalition 2023** +**IDS Basecamp** -***Let’s build a base camp for data spaces*** +The IDS basecamp is a software distribution of components to build and operate an IDS Data Space. It's a project build from an OSS repository which integrates contributions from differnet projects to allow us to work on a common code basis which: +- makes it easy for data spaces to work on a basis of integrated components which are proven in productive environments +- allows all contributors to participate from the learnings and also investements from other projects +The goal is to enable developers, testbeds and productive systems to be able to work on a common basis and leverage the power of many to constantly improve the code set whilst maintaining the highest level of interoperability. At the same time the efforts of project teams can shift from setup and integration of basic services towards the value of creating use cases. It includes experiences from commercial operators with validated security, scalability and maintainability requirements and is used in productive environments. It does not contain any proprietary elements and the project is available to all parties willing to contribute. It can be extended with additional components and services (like onboarding workflows, integration with ID or certificate providers, testbeds, different type of connectors).  + +The general approach in building a distribution is a community process following the schema: +======= Data Spaces built according to the IDSA specifications are growing in numbers and complexity. The Basecamp initiative is working towards the creation of an integrated and tested set of OSS components which can be used in pilot as well as in productive environments, leveraging the experience and from contributions of projects in all stages of the lifecycle.  The goal is to enable developers, testbeds and productive systems to be able to work on a common basis and leverage the power of many to constantly improve the code set whilst maintaining the highest level of interoperability. At the same time the efforts of project teams can shift from setup and integration of basic services towards the value of creating use cases.   @@ -36,229 +42,27 @@ It is open to be extended with additional components and services (like onboardi Approach  + - intensive research with the community on available software assets   - improvement of the code base towards a production grade technical readiness level  - packaging towards an integrated distribution   -![](pictures/0.png) - -![](pictures/1.svg) - -![](pictures/2.png) - - - -**Changelog** - - -|Version|Date|Description|Editor| -| :- | :- | :- | :- | -|1\.0|2022-09-15|Base Camp Part|Christoph Mertens| -|1\.0|2022-11-18|Description International Standard for Data Sovereignty|Robin Bauer| -|1\.1|2022-11-20|Adding Neuropil Informations|Robin Bauer| -|2\.0|2023-03.15|New Graphics for Dataspaces as Ecosystems|Robin Bauer| - -** -# **Inhalt** - -[1.International standard to ensure data sovereignty, traceability and anchors of trust on the Internet. 5](#_toc120026346) - -[1.1 Basics for understanding the implementation of the IDSA standard: 5](#_toc120026347) - -[1.2. An example: Fake shops: 5](#_toc120026348) - -[2. Rudiments: 6](#_toc120026349) - -[2.1. How to do it without restricting ecosystems? 6](#_toc120026350) - -[2.2. How is the problem of trust in road traffic regulated internationally?? 6](#_toc120026351) - -[2.2.1. With laws, rules and standards! 6](#_toc120026352) - -[2.3.How to solve the trust problem in a data ecosystem? 7](#_toc120026353) - -[3. The IDSA-Standard: 7](#_toc120026354) - -[4. What does an architecture look like that guarantees data sovereignty with free data trading?: 8](#_toc120026355) - -[5. Why is the IDSA standard possible today? 9](#_toc120026356) - -[6. Core technologies used for implementation 10](#_toc120026357) - -[7. Short description Structure: Neuropil for Connectors, DAPS and Broker: 10](#_toc120026358) - -[8. Brief description of Open Source Intel® SGX Technology 12](#_toc120026359) - -[9. Basis for IDSA-based data rooms: 12](#_toc120026360) - -[10. Data rooms as data ecosystems using IDSA Connectors and Essential Services: 13](#_toc120026361) - -[Additional Information: 14](#_toc120026362) - -[W3C Verified Credentials 14](#_toc120026363) - - -** - -# **1**. **International standard to ensure data sovereignty, traceability and anchors of trust on the Internet.** - -**Apart from technical buzzwords and structures, this document should focus on what should be made possible in theory:** - -Data sovereignty, traceability and anchors of trust. - -## **1.1 Basics for understanding the implementation of the IDSA** **Standard:** - -Would you feel safe on public roads at home or abroad without traffic signs and license plates? - -This is exactly what is happening on the Internet. - -Similar to traffic regulations and access conditions for road traffic, we also need a standard on the Internet on which we can build mutual trust. With **data sovereignty** and **traceability**, we can achieve this. By allowing all users to use the Internet under the same conditions and understand what happens to their own data, we create a starting point that everyone can refer to. - -We provide an **anchor of trust** that enables safe and equal cooperation with minimal risk. As with license plates, users remain anonymous to others, but can be identified if necessary. Retailers and buyers benefit from mutual traceability and fake news can also be effectively traced and combated. -**1.2. Fake shops as an example:** - ------------------------------------ -Buyers don't trust retailers and retailers don't trust buyers. Shopping on the Internet offers certain risks for both. For potential buyers it is important: Will I get my goods? Are the goods genuine and undamaged? - -Retailers, on the other hand, have to ask themselves: Will I get my money? Will I be cheated out of the purchase amount afterwards? Both sides have legitimate reasons to be cautious, perhaps even suspicious, of the other. - -These problems are not new, but well-known and just need to be adapted to today's times and technologies. Proposals for solutions must solve the problems and meet today's requirements. -# **2. Rudiments:** - -## **2.1. How to do it without restricting ecosystems?** - -Establishing secure communication between two known parties is technically easy to implement. If you want to use data ecosystems, you need more. You need an overarching, secure standard that takes into account many complex things and is modularly expandable. - -The data ecosystem is not only the communication between data providers and data consumers, but a complete ecosystem that must run securely and according to certain laws, rules and ethical principles. Laws protect those who cannot protect themselves. - -An example of a solution in such a complex ecosystem is road traffic: it is not enough to build roads and cars to get from A to B, but rules and laws must be complied with, so that traffic can run safely. Cars have certain construction requirements and traffic is regulated by laws. - -## **2.2. How is the problem of trust in road transport regulated internationally?** - -### **2.2.1. With laws, rules and standards!** - -- Manufacturers may only sell cars with certification and ECE homologation -- The course and numbering of European routes, including motorways, is determined by ECE. -- Car owners head to the local traffic office with their vehicle registration, insurance and identity card. -- License plate is issued and must be attached to the car in the prescribed place. -- Car owners are entitled to drive with this license plate but must always carry a valid driver's license and a vehicle registration document. -- Of course, there are always participants who do not comply with law, but there are the police, monitoring all traffic and intervening if necessary. -- Only the police are able to check driving rights, license plates and car papers. - - - -## **2.3. How to solve the trust problem in a data ecosystem?** - -**With laws, rules and standards! Described here with the IDSA standard.** - - -**From highway to data highway.** - -- An IDSA connector must comply with certain building codes in order to obtain a valid certificate. -- An IDSA connector requires registration (onboarding) regulated by DAPS, PaRIS and identity providers. Here the verified identity is connected to a certified connector and you get another certificate (ID). This ID can be assigned by all authorized data rooms. -- With a valid certificate (ID), the connector is authorized to participate in the ecosystem, exchange or purchase data. - - -# **3. The IDSA-Standard:** - -- The abbreviation stands for "International Data Spaces Association", which is the author of said standard. Simply put, this is an architectural regulation that guarantees the authenticity of customers and merchants including secure data transmission based on "clean room" connectors through secure and verified identities. -- This way you can always be sure that your counterpart is the person they claim to be. At the same time, data traceability ensures buyer and dealer protection. - -- Core components are the **IDSA Connector** and the so-called "**Essential Services**": - - -- The **Dynamic Attribute Provisioning System** or "**DAPS"** ensures the identity of all participants. This system confirms the authenticity of individuals by verifying the certificates created during the process with the help of other services (ParIS, identity management). -- In order for the connectors to find each other, the **broker** is needed**.** This mediates both partners and ensures a correct assignment. It is also possible to search for specific data via the broker or to offer your own. -- In order to be able to reliably trace the transactions made, there is the **clearing house:** using encrypted, non-forgeable protocols, it records the data transfers between traders and buyers. In addition, terms of use of transmitted data are also stored. -- Last but not least, the **App Store** is a service that allows connector owners to run certified programs in their connector. In the App Store, for example, certified personal assistants can be downloaded, which have been specially created for this purpose. - -# **4. What does an architecture look like that guarantees data sovereignty with free data trading:** - -A decentralized, distributed system for the respective functions and services is also a technical prerequisite for the IDSA services themselves. Similar to the DNS (Domain Name Service), e.g., the DAPS should be able to be operated by anyone, but the function must not be manipulable. This allows companies the greatest possible independence, also in the pricing of the use of the services. Likewise, DNS is essential for the functioning of the Internet, but no one pays directly for this service. - -Further prerequisites for this are the implementation of data **sovereignty, data traceability and anchors of trust**. - -**Data sovereignty:** allows completely self-determined control over the collection, storage, use and processing of one's own data. - -**Data traceability**: as a data provider, you want to make sure that you can determine who can do what with your own data in a data space, and under what conditions. You want to have transparency about what actually happens to shared data. - -**Anchor of trust**: You also want to be able to trust that the person is really who he claims to be. (Figure 1). This requires an anchor of trust and secure **digital identities**. -** - - -Figure 1: schematic representation – implementation of data sovereignty with IDSA components - -**Essential -Services** - -![](pictures/3.jpg) - -*Figure 1.* - -# **5. Why is the IDSA standard possible today?** - - -![](pictures/4.png) - -**2022 truzzt** - -Machines and containers are the basic prerequisite for IDSA-based dataspaces. - - - - -# **6. Core technologies used in the implementation** - -Neuropil - -Intel SGX - -Keycloak - -W3C (verified credentials) - -Kubernetes - -… -# **7. Short description of Neuropil for Connectors, DAPS and Broker:** - -Neuropil is an overlay network (a logical network) that is built on top of an existing physical network (Internet). A separate address space with its own addressing, as well as with the use of its own path selection methods is used (independent of the underlay). Neuropil is used to build an additional logical topology for the distribution of essential services, which are therefore decentralized. In addition, Neuropil results in a resource-saving and effective structure, which enables fast communication on IoT devices. In this logical network, the physical network addresses of nodes are mapped to randomly selected virtual addresses. This virtual address space is large enough that most of it is never used, and address collisions are virtually impossible. The Neuropil protocol is aligned by the architecture according to IDS. - - -**Explanation: -Functionality of the Broker** - -- virtual subject Neuropil (self-description can be sent or not) supports only a limited message size -- DAT Subject: Dynamic Attribute Token (DAPS Token abfragen) - - -![](pictures/5.jpg) - - - - -# **8. Brief description of Open Source Intel® SGX Technology** - -For application and solution developers, new hardware-based controls for cloud and enterprise environments provide excellent opportunities to ensure high data security. Intel® Software Guard Extensions (Intel® SGX)1 2 provide hardware-based encryption of memory contents that isolates specific program code and data in memory. With Intel® SGX, application code can consume its own areas of memory, known as enclaves, that are protected from processes running at a higher privilege level. Only Intel® SGX offers this level of control and protection. (). - -Intel® SGX helps protect against many known and active threats. They form an additional layer of defense by helping to reduce the attack surface of the system. - -The combination of Intel® SGX's enhanced security and verification capabilities, along with Intel's continued collaboration with a broad ecosystem of security companies, helps minimize the potential attack surface and even reduce theoretical risks. - -# **9. The basis for IDSA-based data rooms:** - -A virtual machine/container with IDSA Connector (Data Space) as a Service and Essential Services to ensure data sovereignty, traceability and anchors of trust. -# **10. Data rooms as data ecosystems using IDSA Connectors and Essential Services:** - -![](pictures/7.png) +Governance: IDSA assumes the role of GitHub Maintainer of the repository to ensure contributions by the committers are aligned with the IDSA reference architecture and specifications -![](pictures/8.png) +v 1.0 of the Basecamp is a distribution following IDS RAM 4.0 and the EDC MS 0.8. -# **Additional Information:** +It consists of the following IDS based infrastructure components: +CA, DAPS, ParIS, Metadata Broker, Transaction Log (Clearing House) -## **W3C Verified Credentials** -**In the physical world Identification takes place** through sensory perception (optical, haptic, acoustic, olfactory, gustatory) and related cognitive processes, such as comparison with existing knowledge. Limited or missing senses or knowledge makes it difficult to act in the physical world. A fake ID, the mimicry of an insect or even the pictorial optical illusion, there are hurdles in the clear identification. In addition, an entity often has different identities, roles, states that it occupies and about which it may reveal only parts of itself or is willing to reveal. However, the interaction of the senses and the involvement of external knowledge helps in the progressive interaction with the entity to identify it for what it actually is. +1. How to get started: + - https://github.com/truzzt/truzztport -**In virtual worlds** representation and identification of an entity takes place via zeros and ones. Sensors are merely an uncertain bridge to physical reality. In this sense, on a digital basis, the processes and concepts of digital identities – including ensuring truthfulness, management and governance, as well as their applicability and variability of use – are of fundamental importance. The approaches differ depending on what identities are needed and created for, depending on industry or company and the type of entity, whether it is machines, components, products, people, patents, software or websites. +2. Core Repository + - Broker: https://github.com/truzzt/ids-basecamp-broker + - Clearinghouse: https://github.com/truzzt/ids-basecamp-clearinghouse + - DAPS: https://github.com/truzzt/ids-basecamp-daps +3. Useful Extensions + - Portal: https://github.com/truzzt/ids-basecamp-portal + diff --git a/quick-start-guide/.env b/quick-start-guide/.env new file mode 100644 index 0000000..b61ff45 --- /dev/null +++ b/quick-start-guide/.env @@ -0,0 +1,35 @@ +POSTGRES_USER = postgres +POSTGRES_PASSWORD = password + +API_AUTH_KEY = password + +KEYSTORE_PASSWORD = password +KEYSTORE_CERTIFICATE = 1 +KEYSTORE_PRIVATE_KEY = 1 + +JWT_AUDIENCE = 1 +JWT_ISSUER = 1 +JWT_SIGN_SECRET = 123 +JWT_EXPIRES_AT = 30 + +CH_APP_SERVICE_LOG = 1 + +BROKER_DELAY_SECONDS = 5 +BROKER_PERIOD_SECONDS = 5 +BROKER_NUM_CRAWLERS = 60 + +BROKER_CLIENT_ID = C1:9F:78:EB:E9:CF:49:25:38:39:5D:1E:AA:15:21:0F:87:1B:49:6A:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0 +CH_EDC_CLIENT_ID = E4:3D:A8:54:F3:74:E4:6F:8B:16:7E:F4:89:80:2E:0B:21:D6:05:AF:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0 +CONNECTOR_1_CLIENT_ID = 75:C4:F1:4D:C6:AB:E1:2E:B8:FC:26:36:A8:BB:83:7A:73:C3:BB:D1:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0 +CONNECTOR_2_CLIENT_ID = 1A:79:F6:EB:08:C8:97:01:6C:89:73:24:FE:21:CC:FA:5E:15:67:3E:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0 + +POSTGRES_PORT = 5432 +CONNECTOR_1_MANAGEMENT_PORT = 8182 +CONNECTOR_1_IDS_PORT = 8283 +CONNECTOR_2_MANAGEMENT_PORT = 9192 +CONNECTOR_2_IDS_PORT = 9293 + + +BROKER_SQL_FETCH_SIZE = 99999 +CONNECTOR_1_SQL_FETCH_SIZE = 99999 +CONNECTOR_2_SQL_FETCH_SIZE = 99999 \ No newline at end of file diff --git a/quick-start-guide/README.md b/quick-start-guide/README.md new file mode 100644 index 0000000..fe4b88a --- /dev/null +++ b/quick-start-guide/README.md @@ -0,0 +1,80 @@ +# Quick Start Guide - IDS Basecamp + +### This is a demo and a faster way to up the ids-basecamp ecosystem and understand how it works. + +## Supported Systems + +- Linux (or WSL on windows) +- Mac Os + +## Requirements + +- Git +- Docker + +## How to run + +- Clone the [ids-basecamp](https://github.com/ids-basecamp/ids-basecamp) repository +- Go to quick-start-guide directory + +- To start the environment run the code below: + +> docker compose -p ids-basecamp up -d + +- To shutdown the environment run the code below: + +> docker compose down + +## About the containers + +About the containers + +In this demo environment, the following containers will be launched: + +- Postgres + - Relational database used by Broker, Container 1, Container 2 and Clearing House App containers + +- DAPS + - [IDS DAPS](https://github.com/International-Data-Spaces-Association/IDS-G/blob/main/Components/IdentityProvider/DAPS/README.md) implementation used by Broker, Container 1, Container 2 and Clearing House EDC containers + +- Clearing House App + - [IDS Clearing House](https://github.com/International-Data-Spaces-Association/IDS-G/blob/main/Components/ClearingHouse/README.md) implementation, with a REST API + +- Clearing House EDC + - [Multipart protocol API](https://github.com/International-Data-Spaces-Association/IDS-G/blob/main/Communication/protocols/multipart/README.md#42-clearing-house-interactions) to communicate with Clearing House App REST API, used by Connector 1 and Connector 2 containers + +- Broker + - [IDS Broker](https://github.com/International-Data-Spaces-Association/IDS-G/tree/main/Components/MetaDataBroker) implementation used by Connector 1 and Connector 2 containers + +- Connector 1 and Connector 2 + - [IDS Connector](https://github.com/International-Data-Spaces-Association/IDS-G/blob/main/Components/Connector/README.md) implementations using a EDC Milestone 8 implementation + +## About environments + +The configurations variables can be found in .env file located into quick-start-guide folder + +| Variable | Description | +|------------------------------|:--------------------------------------------------------------------------------------------------------| +| POSTGRES_USER | Database default user | +| POSTGRES_PASSWORD | Database default password | +| API_AUTH_KEY | Connectors REST API access key | +| KEYSTORE_PASSWORD | Keystore password of keystore files (.jks) with the DAPS communication certificates | +| KEYSTORE_CERTIFICATE | Alias of the certificate from keystore file | +| KEYSTORE_PRIVATE_KEY | Alias of private key from keystore file | +| JWT_AUDIENCE | claim aud of JWT token to exchange between Clearing House EDC and Clearing House APP | +| JWT_ISSUER | claim iss of JWT token to exchange between Clearing House EDC and Clearing House APP | +| JWT_SIGN_SECRET | secret of token JWT token to exchange between Clearing House EDC and Clearing House APP | +| JWT_EXPIRES_AT | Expiration time (in seconds) of JWT token to exchange between Clearing House EDC and Clearing House APP | +| CH_APP_SERVICE_LOG | ID of service log module from Clearing House APP | +| BROKER_DELAY_SECONDS | Time to the first execution of the broker crawler | +| BROKER_PERIOD_SECONDS | Time to the next executions of the broker crawler | +| BROKER_NUM_CRAWLERS | Number of concurrents instances to be created from the broker crawler | +| BROKER_CLIENT_ID | DAPS oAuth client ID of Broker container | +| CH_EDC_CLIENT_ID | DAPS oAuth client ID of Clearing House EDC container | +| CONNECTOR_1_CLIENT_ID | DAPS oAuth client ID of Connector 1 container | +| CONNECTOR_2_CLIENT_ID | DAPS oAuth client ID of Connector 2 container | +| POSTGRES_PORT | Database local access port | +| CONNECTOR_1_MANAGEMENT_PORT | Connnector 1 API Managment local access port | +| CONNECTOR_1_IDS_PORT | Connector 1 IDS API local access port | +| CONNECTOR_2_MANAGEMENT_PORT | Connnector 2 API Managment local access port | +| CONNECTOR_2_IDS_PORT | Connector 2 IDS API local access port | \ No newline at end of file diff --git a/quick-start-guide/docker-compose.yml b/quick-start-guide/docker-compose.yml new file mode 100644 index 0000000..699667f --- /dev/null +++ b/quick-start-guide/docker-compose.yml @@ -0,0 +1,287 @@ +version: "3" + +services: + postgresql: + image: postgres:14-alpine + environment: + POSTGRES_USER: $POSTGRES_USER + POSTGRES_PASSWORD: $POSTGRES_PASSWORD + POSTGRES_DB: postgres + healthcheck: + test: [ "CMD-SHELL", "pg_isready -U postgres" ] + interval: 1s + volumes: + - ./resources/postgresql/create-databases.sh:/docker-entrypoint-initdb.d/create-databases.sh + ports: + - "$POSTGRES_PORT:5432" + + daps: + image: ghcr.io/ids-basecamp/daps:v1.0.0-basecamp + environment: + - OMEJDN_OPENID=true + - OMEJDN_ACCEPT_AUDIENCE=idsc:IDS_CONNECTORS_ALL + - OMEJDN_DEFAULT_AUDIENCE=idsc:IDS_CONNECTORS_ALL + - OMEJDN_ADMIN=admin:changethis + volumes: + - ./resources/daps/config/:/opt/config + - ./resources/daps/keys:/opt/keys + + clearing_house_app: + image: ghcr.io/ids-basecamp/clearinghouse/ch-app:1.0.0-beta.5 + depends_on: + postgresql: + condition: service_healthy + environment: + SERVICE_ID_LOG: $CH_APP_SERVICE_LOG + SHARED_SECRET: $JWT_SIGN_SECRET + SIGNING_KEY: /app/keys/private_key.der + CH_APP_DATABASE_URL: "postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@postgresql:5432/clearing_house" + CH_APP_CLEAR_DB: "false" + CH_APP_LOG_LEVEL: "INFO" + volumes: + - ./resources/clearing-house-app/private_key.der:/app/keys/private_key.der + + clearing_house_edc: + image: ghcr.io/ids-basecamp/clearinghouse/ch-edc:1.0.0-beta.5 + depends_on: + clearing_house_app: + condition: service_started + daps: + condition: service_started + environment: + WEB_HTTP_PORT: 9191 + WEB_HTTP_PATH: /api + + EDC_VAULT: /resources/vault.properties + EDC_KEYSTORE: /resources/keystore.jks + EDC_KEYSTORE_PASSWORD: $KEYSTORE_PASSWORD + + EDC_OAUTH_CERTIFICATE_ALIAS: $KEYSTORE_CERTIFICATE + EDC_OAUTH_PRIVATE_KEY_ALIAS: $KEYSTORE_PRIVATE_KEY + EDC_OAUTH_CLIENT_ID: $CH_EDC_CLIENT_ID + EDC_OAUTH_TOKEN_URL: http://daps:4567/token + EDC_OAUTH_PROVIDER_JWKS_URL: http://daps:4567/jwks.json + EDC_OAUTH_PROVIDER_AUDIENCE: IDSC:IDS_CONNECTORS_ALL + + TRUZZT_CLEARINGHOUSE_JWT_AUDIENCE: $JWT_AUDIENCE + TRUZZT_CLEARINGHOUSE_JWT_ISSUER: $JWT_ISSUER + TRUZZT_CLEARINGHOUSE_JWT_SIGN.SECRET: $JWT_SIGN_SECRET + TRUZZT_CLEARINGHOUSE_JWT_EXPIRES_AT: $JWT_EXPIRES_AT + TRUZZT_CLEARINGHOUSE_APP_BASE_URL: http://clearing_house_app:8000 + volumes: + - ./resources/clearing-house-edc:/resources + + broker: + image: ghcr.io/ids-basecamp/broker:v1.0.3-basecamp + depends_on: + postgresql: + condition: service_healthy + daps: + condition: service_started + environment: + WEB_HTTP_PORT: 9191 + WEB_HTTP_PATH: /api + WEB_HTTP_MANAGEMENT_PORT: 9192 + WEB_HTTP_MANAGEMENT_PATH: / + WEB_HTTP_DATA_PORT: 9292 + WEB_HTTP_DATA_PATH: /api/v1/data + WEB_HTTP_IDS_PORT: 9293 + WEB_HTTP_IDS_PATH: /api/v1/ids + IDS_WEBHOOK_ADDRESS: http://broker:9293 + + EDC_API_AUTH_KEY: $API_AUTH_KEY + + EDC_FLYWAY_REPAIR: 'false' + EDC_DATASOURCE_DEFAULT_URL: jdbc:postgresql://postgresql:5432/broker + EDC_DATASOURCE_DEFAULT_USER: $POSTGRES_USER + EDC_DATASOURCE_DEFAULT_PASSWORD: $POSTGRES_PASSWORD + EDC_SQL_FETCH_SIZE: $BROKER_SQL_FETCH_SIZE + + EDC_VAULT: /resources/vault.properties + EDC_KEYSTORE: /resources/keystore.jks + EDC_KEYSTORE_PASSWORD: $KEYSTORE_PASSWORD + + EDC_OAUTH_CERTIFICATE_ALIAS: $KEYSTORE_CERTIFICATE + EDC_OAUTH_PRIVATE_KEY_ALIAS: $KEYSTORE_PRIVATE_KEY + EDC_OAUTH_CLIENT_ID: $BROKER_CLIENT_ID + EDC_OAUTH_TOKEN_URL: http://daps:4567/token + EDC_OAUTH_PROVIDER_JWKS_URL: http://daps:4567/jwks.json + EDC_OAUTH_PROVIDER_AUDIENCE: idsc:IDS_CONNECTORS_ALL + + EDC_CATALOG_CACHE_EXECUTION_DELAY_SECONDS: $BROKER_DELAY_SECONDS + EDC_CATALOG_CACHE_EXECUTION_PERIOD_SECONDS: $BROKER_PERIOD_SECONDS + EDC_CATALOG_CACHE_PARTITION_NUM_CRAWLERS: $BROKER_NUM_CRAWLERS + volumes: + - ./resources/broker:/resources + + connector_1: + image: ghcr.io/ids-basecamp/connector:v1.0.4-basecamp + depends_on: + postgresql: + condition: service_healthy + daps: + condition: service_started + broker: + condition: service_started + clearing_house_edc: + condition: service_started + environment: + WEB_HTTP_PORT: 9191 + WEB_HTTP_PATH: /api + WEB_HTTP_MANAGEMENT_PORT: 9192 + WEB_HTTP_MANAGEMENT_PATH: /api/v1/management + WEB_HTTP_DATA_PORT: 9292 + WEB_HTTP_DATA_PATH: /api/v1/data + WEB_HTTP_IDS_PORT: 9293 + WEB_HTTP_IDS_PATH: /api/v1/ids + IDS_WEBHOOK_ADDRESS: http://connector_1:9293 + + EDC_API_AUTH_KEY: $API_AUTH_KEY + + EDC_HOSTNAME: connector_1:9293 + EDC_IDS_ID: urn:connector:ids-basecamp-demo-connector-1 + EDC_IDS_CURATOR: http://ids-basecamp.local + EDC_IDS_MAINTAINER: http://ids-basecamp.local + EDC_CONNECTOR_NAME: ids-basecamp-demo-connector-1 + + EDC_KEYSTORE: /resources/keystore.jks + EDC_KEYSTORE_PASSWORD: $KEYSTORE_PASSWORD + EDC_VAULT: /resources/vault.properties + + EDC_OAUTH_CERTIFICATE_ALIAS: $KEYSTORE_CERTIFICATE + EDC_OAUTH_PRIVATE_KEY_ALIAS: $KEYSTORE_PRIVATE_KEY + EDC_OAUTH_CLIENT_ID: $CONNECTOR_1_CLIENT_ID + EDC_OAUTH_TOKEN_URL: http://daps:4567/token + EDC_OAUTH_PROVIDER_JWKS_URL: http://daps:4567/jwks.json + EDC_OAUTH_PROVIDER_AUDIENCE: idsc:IDS_CONNECTORS_ALL + + EDC_DATASOURCE_DEFAULT_NAME: default + EDC_DATASOURCE_DEFAULT_URL: jdbc:postgresql://postgresql:5432/connector_1 + EDC_DATASOURCE_DEFAULT_USER: $POSTGRES_USER + EDC_DATASOURCE_DEFAULT_PASSWORD: $POSTGRES_PASSWORD + EDC_SQL_FETCH_SIZE: $CONNECTOR_1_SQL_FETCH_SIZE + + EDC_DATASOURCE_DATAPLANEINSTANCE_NAME: dataplaneinstance + EDC_DATASOURCE_DATAPLANEINSTANCE_URL: jdbc:postgresql://postgresql:5432/connector_1 + EDC_DATASOURCE_DATAPLANEINSTANCE_USER: $POSTGRES_USER + EDC_DATASOURCE_DATAPLANEINSTANCE_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_ASSET_NAME: asset + EDC_DATASOURCE_ASSET_URL: jdbc:postgresql://postgresql:5432/connector_1 + EDC_DATASOURCE_ASSET_USER: $POSTGRES_USER + EDC_DATASOURCE_ASSET_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_CONTRACTDEFINITION_NAME: contractdefinition + EDC_DATASOURCE_CONTRACTDEFINITION_URL: jdbc:postgresql://postgresql:5432/connector_1 + EDC_DATASOURCE_CONTRACTDEFINITION_USER: $POSTGRES_USER + EDC_DATASOURCE_CONTRACTDEFINITION_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_CONTRACTNEGOTIATION_NAME: contractnegotiation + EDC_DATASOURCE_CONTRACTNEGOTIATION_URL: jdbc:postgresql://postgresql:5432/connector_1 + EDC_DATASOURCE_CONTRACTNEGOTIATION_USER: $POSTGRES_USER + EDC_DATASOURCE_CONTRACTNEGOTIATION_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_POLICY_NAME: policy + EDC_DATASOURCE_POLICY_URL: jdbc:postgresql://postgresql:5432/connector_1 + EDC_DATASOURCE_POLICY_USER: $POSTGRES_USER + EDC_DATASOURCE_POLICY_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_TRANSFERPROCESS_NAME: transferprocess + EDC_DATASOURCE_TRANSFERPROCESS_URL: jdbc:postgresql://postgresql:5432/connector_1 + EDC_DATASOURCE_TRANSFERPROCESS_USER: $POSTGRES_USER + EDC_DATASOURCE_TRANSFERPROCESS_PASSWORD: $POSTGRES_PASSWORD + + EDC_CLEARINGHOUSE_LOG_URL: http://clearing_house_edc:9191 + BROKER_CLIENT_EXTENSION_ENABLED: "true" + EDC_BROKER_BASE_URL: http://broker:9192 + volumes: + - ./resources/connector-1:/resources + ports: + - "$CONNECTOR_1_MANAGEMENT_PORT:9192" + - "$CONNECTOR_1_IDS_PORT:9293" + + connector_2: + image: ghcr.io/ids-basecamp/connector:v1.0.4-basecamp + depends_on: + postgresql: + condition: service_healthy + daps: + condition: service_started + broker: + condition: service_started + clearing_house_edc: + condition: service_started + environment: + WEB_HTTP_PORT: 9191 + WEB_HTTP_PATH: /api + WEB_HTTP_MANAGEMENT_PORT: 9192 + WEB_HTTP_MANAGEMENT_PATH: /api/v1/management + WEB_HTTP_DATA_PORT: 9292 + WEB_HTTP_DATA_PATH: /api/v1/data + WEB_HTTP_IDS_PORT: 9293 + WEB_HTTP_IDS_PATH: /api/v1/ids + IDS_WEBHOOK_ADDRESS: http://connector_2:9293 + + EDC_API_AUTH_KEY: $API_AUTH_KEY + + EDC_HOSTNAME: connector_2:9293 + EDC_IDS_ID: urn:connector:ids-basecamp-demo-connector-2 + EDC_IDS_CURATOR: http://ids-basecamp.local + EDC_IDS_MAINTAINER: http://ids-basecamp.local + EDC_CONNECTOR_NAME: ids-basecamp-demo-connector-2 + + EDC_KEYSTORE: /resources/keystore.jks + EDC_KEYSTORE_PASSWORD: $KEYSTORE_PASSWORD + EDC_VAULT: /resources/vault.properties + + EDC_OAUTH_CERTIFICATE_ALIAS: $KEYSTORE_CERTIFICATE + EDC_OAUTH_PRIVATE_KEY_ALIAS: $KEYSTORE_PRIVATE_KEY + EDC_OAUTH_CLIENT_ID: $CONNECTOR_2_CLIENT_ID + EDC_OAUTH_TOKEN_URL: http://daps:4567/token + EDC_OAUTH_PROVIDER_JWKS_URL: http://daps:4567/jwks.json + EDC_OAUTH_PROVIDER_AUDIENCE: idsc:IDS_CONNECTORS_ALL + + EDC_DATASOURCE_DEFAULT_NAME: default + EDC_DATASOURCE_DEFAULT_URL: jdbc:postgresql://postgresql:5432/connector_2 + EDC_DATASOURCE_DEFAULT_USER: $POSTGRES_USER + EDC_DATASOURCE_DEFAULT_PASSWORD: $POSTGRES_PASSWORD + EDC_SQL_FETCH_SIZE: $CONNECTOR_2_SQL_FETCH_SIZE + + EDC_DATASOURCE_DATAPLANEINSTANCE_NAME: dataplaneinstance + EDC_DATASOURCE_DATAPLANEINSTANCE_URL: jdbc:postgresql://postgresql:5432/connector_2 + EDC_DATASOURCE_DATAPLANEINSTANCE_USER: $POSTGRES_USER + EDC_DATASOURCE_DATAPLANEINSTANCE_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_ASSET_NAME: asset + EDC_DATASOURCE_ASSET_URL: jdbc:postgresql://postgresql:5432/connector_2 + EDC_DATASOURCE_ASSET_USER: $POSTGRES_USER + EDC_DATASOURCE_ASSET_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_CONTRACTDEFINITION_NAME: contractdefinition + EDC_DATASOURCE_CONTRACTDEFINITION_URL: jdbc:postgresql://postgresql:5432/connector_2 + EDC_DATASOURCE_CONTRACTDEFINITION_USER: $POSTGRES_USER + EDC_DATASOURCE_CONTRACTDEFINITION_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_CONTRACTNEGOTIATION_NAME: contractnegotiation + EDC_DATASOURCE_CONTRACTNEGOTIATION_URL: jdbc:postgresql://postgresql:5432/connector_2 + EDC_DATASOURCE_CONTRACTNEGOTIATION_USER: $POSTGRES_USER + EDC_DATASOURCE_CONTRACTNEGOTIATION_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_POLICY_NAME: policy + EDC_DATASOURCE_POLICY_URL: jdbc:postgresql://postgresql:5432/connector_2 + EDC_DATASOURCE_POLICY_USER: $POSTGRES_USER + EDC_DATASOURCE_POLICY_PASSWORD: $POSTGRES_PASSWORD + + EDC_DATASOURCE_TRANSFERPROCESS_NAME: transferprocess + EDC_DATASOURCE_TRANSFERPROCESS_URL: jdbc:postgresql://postgresql:5432/connector_2 + EDC_DATASOURCE_TRANSFERPROCESS_USER: $POSTGRES_USER + EDC_DATASOURCE_TRANSFERPROCESS_PASSWORD: $POSTGRES_PASSWORD + + EDC_CLEARINGHOUSE_LOG_URL: http://clearing_house_edc:9191 + BROKER_CLIENT_EXTENSION_ENABLED: "true" + EDC_BROKER_BASE_URL: http://broker:9192 + volumes: + - ./resources/connector-2:/resources + ports: + - "$CONNECTOR_2_MANAGEMENT_PORT:9192" + - "$CONNECTOR_2_IDS_PORT:9293" diff --git a/quick-start-guide/resources/broker/keystore.jks b/quick-start-guide/resources/broker/keystore.jks new file mode 100644 index 0000000..793a215 Binary files /dev/null and b/quick-start-guide/resources/broker/keystore.jks differ diff --git a/quick-start-guide/resources/broker/vault.properties b/quick-start-guide/resources/broker/vault.properties new file mode 100644 index 0000000..e69de29 diff --git a/quick-start-guide/resources/clearing-house-app/private_key.der b/quick-start-guide/resources/clearing-house-app/private_key.der new file mode 100644 index 0000000..f7f0a02 Binary files /dev/null and b/quick-start-guide/resources/clearing-house-app/private_key.der differ diff --git a/quick-start-guide/resources/clearing-house-edc/keystore.jks b/quick-start-guide/resources/clearing-house-edc/keystore.jks new file mode 100644 index 0000000..4a69180 Binary files /dev/null and b/quick-start-guide/resources/clearing-house-edc/keystore.jks differ diff --git a/quick-start-guide/resources/clearing-house-edc/vault.properties b/quick-start-guide/resources/clearing-house-edc/vault.properties new file mode 100644 index 0000000..e69de29 diff --git a/quick-start-guide/resources/connector-1/keystore.jks b/quick-start-guide/resources/connector-1/keystore.jks new file mode 100644 index 0000000..d5ff20c Binary files /dev/null and b/quick-start-guide/resources/connector-1/keystore.jks differ diff --git a/quick-start-guide/resources/connector-1/vault.properties b/quick-start-guide/resources/connector-1/vault.properties new file mode 100644 index 0000000..e69de29 diff --git a/quick-start-guide/resources/connector-2/keystore.jks b/quick-start-guide/resources/connector-2/keystore.jks new file mode 100644 index 0000000..4176ac4 Binary files /dev/null and b/quick-start-guide/resources/connector-2/keystore.jks differ diff --git a/quick-start-guide/resources/connector-2/vault.properties b/quick-start-guide/resources/connector-2/vault.properties new file mode 100644 index 0000000..e69de29 diff --git a/quick-start-guide/resources/daps/config/clients.yml b/quick-start-guide/resources/daps/config/clients.yml new file mode 100644 index 0000000..7ba0f57 --- /dev/null +++ b/quick-start-guide/resources/daps/config/clients.yml @@ -0,0 +1,72 @@ +- client_id: 75:C4:F1:4D:C6:AB:E1:2E:B8:FC:26:36:A8:BB:83:7A:73:C3:BB:D1:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0 + client_name: connector-1.demo.ids-basecamp.local + grant_types: client_credentials + token_endpoint_auth_method: private_key_jwt + scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL + attributes: + - key: idsc + value: IDS_CONNECTOR_ATTRIBUTES_ALL + - key: securityProfile + value: idsc:BASE_SECURITY_PROFILE + - key: referringConnector + value: http://connector-1.demo.ids-basecamp.local + - key: "@type" + value: ids:DatPayload + - key: "@context" + value: https://w3id.org/idsa/contexts/context.jsonld + - key: transportCertsSha256 + value: 282a26e12336a4e0c012ce31e82b9689022647b7f1dbe4d6c7fec739d502b7ec +- client_id: 1A:79:F6:EB:08:C8:97:01:6C:89:73:24:FE:21:CC:FA:5E:15:67:3E:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0 + client_name: connector-2.demo.ids-basecamp.local + grant_types: client_credentials + token_endpoint_auth_method: private_key_jwt + scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL + attributes: + - key: idsc + value: IDS_CONNECTOR_ATTRIBUTES_ALL + - key: securityProfile + value: idsc:BASE_SECURITY_PROFILE + - key: referringConnector + value: http://connector-2.demo.ids-basecamp.local + - key: "@type" + value: ids:DatPayload + - key: "@context" + value: https://w3id.org/idsa/contexts/context.jsonld + - key: transportCertsSha256 + value: aa94057cfdc1fe41f2fc6ca6a0d3d46d025e9c63bf14c8e1a4a7b6456865e163 +- client_id: C1:9F:78:EB:E9:CF:49:25:38:39:5D:1E:AA:15:21:0F:87:1B:49:6A:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0 + client_name: broker.demo.ids-basecamp.local + grant_types: client_credentials + token_endpoint_auth_method: private_key_jwt + scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL + attributes: + - key: idsc + value: IDS_CONNECTOR_ATTRIBUTES_ALL + - key: securityProfile + value: idsc:BASE_SECURITY_PROFILE + - key: referringConnector + value: http://broker.demo.ids-basecamp.local + - key: "@type" + value: ids:DatPayload + - key: "@context" + value: https://w3id.org/idsa/contexts/context.jsonld + - key: transportCertsSha256 + value: 2b5993428cf40bb7b518d46a8bbcb624b43f8403b26c8c5ad9bffd465a7d741d +- client_id: E4:3D:A8:54:F3:74:E4:6F:8B:16:7E:F4:89:80:2E:0B:21:D6:05:AF:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0 + client_name: clearing-house-edc.demo.ids-basecamp.local + grant_types: client_credentials + token_endpoint_auth_method: private_key_jwt + scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL + attributes: + - key: idsc + value: IDS_CONNECTOR_ATTRIBUTES_ALL + - key: securityProfile + value: idsc:BASE_SECURITY_PROFILE + - key: referringConnector + value: http://clearing-house-edc.demo.ids-basecamp.local + - key: "@type" + value: ids:DatPayload + - key: "@context" + value: https://w3id.org/idsa/contexts/context.jsonld + - key: transportCertsSha256 + value: cf8f288e53dd641d8619ea13df31c1626355e360497eb99cf8cc98f2050b08dd diff --git a/quick-start-guide/resources/daps/config/omejdn-plugins.yml b/quick-start-guide/resources/daps/config/omejdn-plugins.yml new file mode 100644 index 0000000..a4f3288 --- /dev/null +++ b/quick-start-guide/resources/daps/config/omejdn-plugins.yml @@ -0,0 +1,3 @@ +plugins: + token_user_attributes: + skip_id_token: true diff --git a/quick-start-guide/resources/daps/config/omejdn.yml b/quick-start-guide/resources/daps/config/omejdn.yml new file mode 100644 index 0000000..0dcf732 --- /dev/null +++ b/quick-start-guide/resources/daps/config/omejdn.yml @@ -0,0 +1,29 @@ +--- +plugins: + user_db: + yaml: + location: config/users.yml + claim_mapper: + attribute: + skip_access_token: false + skip_id_token: true + api: + admin_v1: + user_selfservice_v1: + allow_deletion: false + allow_password_change: true + editable_attributes: [] +user_backend_default: yaml +environment: debug +issuer: http://daps.demo.ids-basecamp.local:4567 +front_url: http://daps.demo.ids-basecamp.local:4567 +bind_to: 0.0.0.0:4567 +openid: true +default_audience: idsc:IDS_CONNECTORS_ALL +accept_audience: idsc:IDS_CONNECTORS_ALL +access_token: + expiration: 3600 + algorithm: RS256 +id_token: + expiration: 3600 + algorithm: RS256 diff --git a/quick-start-guide/resources/daps/config/scope_description.yml b/quick-start-guide/resources/daps/config/scope_description.yml new file mode 100644 index 0000000..012107b --- /dev/null +++ b/quick-start-guide/resources/daps/config/scope_description.yml @@ -0,0 +1,9 @@ +--- +omejdn:read: Read access to the Omejdn server API +omejdn:write: Write access to the Omejdn server API +omejdn:admin: Access to the Omejdn server admin API +profile: 'Standard profile claims (e.g.: Name, picture, website, gender, birthdate, + location)' +email: Email-Address +address: Address +phone: Phone-number diff --git a/quick-start-guide/resources/daps/config/scope_mapping.yml b/quick-start-guide/resources/daps/config/scope_mapping.yml new file mode 100644 index 0000000..b77ed7c --- /dev/null +++ b/quick-start-guide/resources/daps/config/scope_mapping.yml @@ -0,0 +1,7 @@ +--- +idsc:IDS_CONNECTOR_ATTRIBUTES_ALL: +- securityProfile +- referringConnector +- "@type" +- "@context" +- transportCertsSha256 diff --git a/quick-start-guide/resources/daps/config/users.yml b/quick-start-guide/resources/daps/config/users.yml new file mode 100644 index 0000000..eaca02d --- /dev/null +++ b/quick-start-guide/resources/daps/config/users.yml @@ -0,0 +1,7 @@ +--- +- username: admin + attributes: + - key: omejdn + value: admin + password: "$2a$12$c/xiTliVEAgQ.uK8NkpEa.rdO5W2Qm2i3LKGiNEbn9xhS/wwlu4Ey" + backend: yaml diff --git a/quick-start-guide/resources/daps/config/webfinger.yml b/quick-start-guide/resources/daps/config/webfinger.yml new file mode 100644 index 0000000..2fbf0ff --- /dev/null +++ b/quick-start-guide/resources/daps/config/webfinger.yml @@ -0,0 +1 @@ +--- {} diff --git a/quick-start-guide/resources/daps/keys/clients/1A:79:F6:EB:08:C8:97:01:6C:89:73:24:FE:21:CC:FA:5E:15:67:3E:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert b/quick-start-guide/resources/daps/keys/clients/1A:79:F6:EB:08:C8:97:01:6C:89:73:24:FE:21:CC:FA:5E:15:67:3E:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert new file mode 100644 index 0000000..45f10bb --- /dev/null +++ b/quick-start-guide/resources/daps/keys/clients/1A:79:F6:EB:08:C8:97:01:6C:89:73:24:FE:21:CC:FA:5E:15:67:3E:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAs6gAwIBAgIBBTAKBggqhkjOPQQDAjBUMQswCQYDVQQGEwJERTEVMBMG +A1UECgwMaWRzLWJhc2VjYW1wMQwwCgYDVQQLDANkZXYxIDAeBgNVBAMMF2RlbW8u +aWRzLWJhc2VjYW1wLmxvY2FsMB4XDTI0MDIyMjE4MzYxM1oXDTI3MDIyMTE4MzYx +M1owYDELMAkGA1UEBhMCREUxFTATBgNVBAoMDGlkcy1iYXNlY2FtcDEMMAoGA1UE +CwwDZGV2MSwwKgYDVQQDDCNjb25uZWN0b3ItMi5kZW1vLmlkcy1iYXNlY2FtcC5s +b2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKWYMN+zNiptDco7 +yCFETJ0ewiii8Cf89BpkL+6KhxrbOExUn2euqfS5f8ZLTad17kLDWeLRXQsSTEHT +9iXeRVlknGggaNzWPHuU8r8GVOFlWODmxUY3O3WtVgwKxJVNrNihlB6c9nmql61k +nQTJI5jj7c8lPQ187KbFr7tnwQK+10l/7MpxRPoIsPMvvXOoS33zLchJAA2+GURf +24XD+yyVrc/zrbanIEciMMg5zgWxuLtQFpCyj2XAYJ2zfpBQP849Gf218LC1QJ/F +ij8B8YxgZ7m5npQnj8nidecaVquL1I+m5ZmsmsZSMDCZ8GKG/3rqT5RM3PIQaGUU +YDHB4J0CAwEAAaOBuTCBtjAMBgNVHRMBAf8EAjAAMCAGA1UdJQEB/wQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCA6gwIAYDVR0OAQH/BBYEFBp5 +9usIyJcBbIlzJP4hzPpeFWc+MCIGA1UdIwEB/wQYMBaAFO3kNF+RS1CMMp0l3Hak +E1Mh/u3AMC4GA1UdEQQnMCWCI2Nvbm5lY3Rvci0yLmRlbW8uaWRzLWJhc2VjYW1w +LmxvY2FsMAoGCCqGSM49BAMCA2cAMGQCMEtQcYvJeEFY5Ffkjb56UBt9vRrg9S0v +jSyEAb/M0/7wPdn2yHqcnv9B8/QDiHM3igIwVla8T1135TclvP2nL+8KrdshKsYi +hkOPDSs4xYOccGX78a7R+cyI7EqdP+cYrT++ +-----END CERTIFICATE----- diff --git a/quick-start-guide/resources/daps/keys/clients/75:C4:F1:4D:C6:AB:E1:2E:B8:FC:26:36:A8:BB:83:7A:73:C3:BB:D1:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert b/quick-start-guide/resources/daps/keys/clients/75:C4:F1:4D:C6:AB:E1:2E:B8:FC:26:36:A8:BB:83:7A:73:C3:BB:D1:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert new file mode 100644 index 0000000..54b763a --- /dev/null +++ b/quick-start-guide/resources/daps/keys/clients/75:C4:F1:4D:C6:AB:E1:2E:B8:FC:26:36:A8:BB:83:7A:73:C3:BB:D1:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAs6gAwIBAgIBBDAKBggqhkjOPQQDAjBUMQswCQYDVQQGEwJERTEVMBMG +A1UECgwMaWRzLWJhc2VjYW1wMQwwCgYDVQQLDANkZXYxIDAeBgNVBAMMF2RlbW8u +aWRzLWJhc2VjYW1wLmxvY2FsMB4XDTI0MDIyMjE4MTU1N1oXDTI3MDIyMTE4MTU1 +N1owYDELMAkGA1UEBhMCREUxFTATBgNVBAoMDGlkcy1iYXNlY2FtcDEMMAoGA1UE +CwwDZGV2MSwwKgYDVQQDDCNjb25uZWN0b3ItMS5kZW1vLmlkcy1iYXNlY2FtcC5s +b2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9SizkKXFx8d4CX +tHk7x6J99f818lWUODn77oVgp9+NUeudPEt0jekARnOv7LTZ6qlDjA9WQ6kVGvCm +K4a+P5iUW5BTo6275Gqxcqp2zVRmJxxSfc/2NBG+LBGipqjutT3su+oK0nBeWoCR +BP0rtgbO0gFRVlcB62NG6EIOqoLpiAgs/rh2nTao0CyTNuNMfnnEUxT4G9R4YTJg +7RMI7xg1JKvSw7JUkoGu+2Ae8ASH2tnu1oLi/+Tltyhevv9DeNcfRVYbzNNH8KJ0 +Svjrs4n04WKN2EHk9DhrNSnnfRPmn8IVl4tZAIiRxYxd9X8QreW7J18dwbGFHImf +Asoo5QkCAwEAAaOBuTCBtjAMBgNVHRMBAf8EAjAAMCAGA1UdJQEB/wQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCA6gwIAYDVR0OAQH/BBYEFHXE +8U3Gq+EuuPwmNqi7g3pzw7vRMCIGA1UdIwEB/wQYMBaAFO3kNF+RS1CMMp0l3Hak +E1Mh/u3AMC4GA1UdEQQnMCWCI2Nvbm5lY3Rvci0xLmRlbW8uaWRzLWJhc2VjYW1w +LmxvY2FsMAoGCCqGSM49BAMCA2gAMGUCMFeL7FRwr2+yoXRs/DYaj9BniRmemTvi +tGLpBIsUC5Ndr+FWt4JAjb0nvxmYHByyogIxANUFrf1DHWTiYNNbByoilPhM31mO +hS8ZKQm5xSu4S4gqY9XASfmkCMI9zxINeslmbQ== +-----END CERTIFICATE----- diff --git a/quick-start-guide/resources/daps/keys/clients/C1:9F:78:EB:E9:CF:49:25:38:39:5D:1E:AA:15:21:0F:87:1B:49:6A:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert b/quick-start-guide/resources/daps/keys/clients/C1:9F:78:EB:E9:CF:49:25:38:39:5D:1E:AA:15:21:0F:87:1B:49:6A:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert new file mode 100644 index 0000000..31bacbc --- /dev/null +++ b/quick-start-guide/resources/daps/keys/clients/C1:9F:78:EB:E9:CF:49:25:38:39:5D:1E:AA:15:21:0F:87:1B:49:6A:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPjCCAsSgAwIBAgIBBjAKBggqhkjOPQQDAjBUMQswCQYDVQQGEwJERTEVMBMG +A1UECgwMaWRzLWJhc2VjYW1wMQwwCgYDVQQLDANkZXYxIDAeBgNVBAMMF2RlbW8u +aWRzLWJhc2VjYW1wLmxvY2FsMB4XDTI0MDIyMjE4MzYxM1oXDTI3MDIyMTE4MzYx +M1owWzELMAkGA1UEBhMCREUxFTATBgNVBAoMDGlkcy1iYXNlY2FtcDEMMAoGA1UE +CwwDZGV2MScwJQYDVQQDDB5icm9rZXIuZGVtby5pZHMtYmFzZWNhbXAubG9jYWww +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDt5r9Q81iTBCw4+U6eMAJB +UVEgAP9m9ADePPgiTzIaS81sr8GbhDU0QoB11bQ5muTcdKNSLvbRO9YOoTpwa2+U +GThCAl2Ut1Of+Ap9RRzF1Fu2MRjCK0Av6J0IuotcgbFmfQU2X0zuhwzStWK1xibg +yplnFhR7WFlWrL56ukrifbs/ySF0OJeLrfzCA7YPI55xEamtoMuTRME1vg7tZFhI +F5hFLYHBszPs3IvWxmBeomL5pZ/TIVEeAjkF94vs/AYqMqhvEBy87VgruZqAP6Zg +er/jY4v3tZTcLLPIc1ZtO/SXU+bAuQvhsfHPWBdkufw8rnVpKBJOYrQuLTW9jAhz +AgMBAAGjgbQwgbEwDAYDVR0TAQH/BAIwADAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOoMCAGA1UdDgEB/wQWBBTBn3jr6c9J +JTg5XR6qFSEPhxtJajAiBgNVHSMBAf8EGDAWgBTt5DRfkUtQjDKdJdx2pBNTIf7t +wDApBgNVHREEIjAggh5icm9rZXIuZGVtby5pZHMtYmFzZWNhbXAubG9jYWwwCgYI +KoZIzj0EAwIDaAAwZQIxAPZp/mlQhKzjNk2CUNDeb/M5IQmMPhjy1pz0NLufoher +PDZBNYbCw19yF4EXrAcTlwIwCD9f2ii6ztwBnzWm/awqgz3BA4QAhyo+lLQ2qcN4 +/zI40o7+3aS4bTAc4lVs3s+3 +-----END CERTIFICATE----- diff --git a/quick-start-guide/resources/daps/keys/clients/E4:3D:A8:54:F3:74:E4:6F:8B:16:7E:F4:89:80:2E:0B:21:D6:05:AF:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert b/quick-start-guide/resources/daps/keys/clients/E4:3D:A8:54:F3:74:E4:6F:8B:16:7E:F4:89:80:2E:0B:21:D6:05:AF:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert new file mode 100644 index 0000000..6b37f0f --- /dev/null +++ b/quick-start-guide/resources/daps/keys/clients/E4:3D:A8:54:F3:74:E4:6F:8B:16:7E:F4:89:80:2E:0B:21:D6:05:AF:ED:E4:34:5F:91:4B:50:8C:32:9D:25:DC:76:A4:13:53:21:FE:ED:C0.cert @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVzCCAtygAwIBAgIBCTAKBggqhkjOPQQDAjBUMQswCQYDVQQGEwJERTEVMBMG +A1UECgwMaWRzLWJhc2VjYW1wMQwwCgYDVQQLDANkZXYxIDAeBgNVBAMMF2RlbW8u +aWRzLWJhc2VjYW1wLmxvY2FsMB4XDTI0MDIyMzE5MjYyNloXDTI3MDIyMjE5MjYy +NlowZzELMAkGA1UEBhMCREUxFTATBgNVBAoMDGlkcy1iYXNlY2FtcDEMMAoGA1UE +CwwDZGV2MTMwMQYDVQQDDCpjbGVhcmluZy1ob3VzZS1lZGMuZGVtby5pZHMtYmFz +ZWNhbXAubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1EFNH +yTyFC8e7Y3VSZM9gGEiJkWhh5RgLCyp6ZR8h/2Pzab48X/emqgEdZ5FuQD/tQ7vD +BkAc+GL3GDsqtMW8KGJ8EpVmyktKm3oBFNaREZPrVaSdi1SRor6MibwZgAKzPBvU +yyv/yxCY03PEl/ROa4ecBhYN/D03YqB7lEsXtIdndu+iXVs5Bor4JteM4ICldeyK +MMwLqFOOmeTMtwP6SdJ4bTJf6aDqBHrjbHSyjy1qC+gI8oFc3pzmutT0NYtc0QsS +yZsvoGFkYP2zG4UlK79qbx8wKbDub0AKn2B2z2SBT60t+jBZW+zw6PRoRDzG3+vq +dkZTRxqCS7HSMwb9AgMBAAGjgcAwgb0wDAYDVR0TAQH/BAIwADAgBgNVHSUBAf8E +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOoMCAGA1UdDgEB +/wQWBBTkPahU83Tkb4sWfvSJgC4LIdYFrzAiBgNVHSMBAf8EGDAWgBTt5DRfkUtQ +jDKdJdx2pBNTIf7twDA1BgNVHREELjAsgipjbGVhcmluZy1ob3VzZS1lZGMuZGVt +by5pZHMtYmFzZWNhbXAubG9jYWwwCgYIKoZIzj0EAwIDaQAwZgIxAL8FuFrb4r4s +q9kmtfk039sm6xQlZk9AvdRZg2M7j8HkVSC220o0+GrjapRINrlt8AIxAJ/nS9aJ +Lci56jE7zEY4olA9gHqXiiAGy7vXSsPVLZKY3zuOPe8tsaeOYBf0SEaVuA== +-----END CERTIFICATE----- diff --git a/quick-start-guide/resources/daps/keys/omejdn/omejdn.key b/quick-start-guide/resources/daps/keys/omejdn/omejdn.key new file mode 100644 index 0000000..2fb7742 --- /dev/null +++ b/quick-start-guide/resources/daps/keys/omejdn/omejdn.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCRzPXiN1bt3M6c ++F7qVw5ErUZ4uYvnH4vjGxnybYTh6SXke88xCdGdKoaLz0TvrRVk3L0RuuqebFo+ +5HAbvqP2QYbzDeCNw7axGMOTHoAB2yXCdwfz5SIf8R1NgDw/FksYsvvJghzHu1NQ +4YJ6q/H9nl8c5QQ1HbH4qDEaSRjXvAJ3qUbpyV2XFRZ82iANcAkmyxfVYrpQV+rW +ze5HMGEocLq764L8q6/BYWOCd33aGIuhl/HqzWlfWEIcuooUevxGPiZxvWUwgUY1 +bW0Bb/sJXFPbyP/SmcRnyPF8fvjSweSaQ5bM13De/z2cIeKNyGP9x6US3tmvJ4+0 +Z36s0gk3AgMBAAECggEAIMbP2/wO2chS1mzrgYjylzPQ7ODhd6La4sI78gj234Z3 +U0cWC/MmIUvnFVUSLUNe1N7ezjaT+etn2k2mekZAO+L9QHS1L4l475Uemls38bLf +aTkzG3w+UKn2qW6TnKcZWMMb4XAToj8VetBHceZnr1lEDo3ZhUtYsAq3hy45nH27 +uv9+px6bX4MhAmwzY0F/qsP0SGxF3N/vB1PTS4A90pZJYTcIMDiqTbmWr1h36OYn +kjbXsONt0NG6UPg3D5FSxV2p3S9JHQiXsQLe76AzGr777YbAY34QQYiKTMqIkIqZ +zJY+Fx7zdJIa6tVcr4T1BZR9985Wy5wuUDnyElxXIQKBgQDE6P1Z+1K1bZR6fRUE +RO5zOoxnxG9sOShnsYLW9o1w7bMPutUhEniYyiDfT/jRqeRVqt+5D8EWZMcFFmQs +k+HsEeBXqdxaM0o5NjkXpdN5owZRzHTznH64QQ20i+yz2r0v45dfhcgnaDUU1ytS +K9oLeah7tL8Ryb/UZyIzFGWg8QKBgQC9jaR6L/djBWde034LTYnboW46QCsp7brn +ZoIBc0rNShT7ldGILBvvkVgJTFj6zuFNSxKdDNQDiBXHo1ZY6zo8n3bcIM5/Ypds +MHSbpwDWxM65eLyH46Gp0+dbxruiqJ/v0sTX4JNaA6WXfXTKk6Hqube2hlgabswd +J/o1ZqbMpwKBgQC8iIxTRGRbnBDm+q5NySY6I9vdWuKIT23VYsvwwF6KuryQmgWI +xeO7/wRcbHjDXpRmRdYxndj1dQZtY5QEbo+I9VDE/rkhkCxH/RfLAZYqx6G8XjO4 +MKXQC1FxBexcBFrR6Gq+JhyPRqJUUvSCl8QM6q4by+KJyI6ocxr2p1frMQKBgGXu +RyZVqOicvUum2z7kwV9T3dyBKTTw2/MXko2JHA5s6f+oPvbFEXiwZfEKF0c3/Lv9 +xNKjVVdY1K14TjSeucBj2Bzjn2es8tSA8hPJqI/VYX0nSeqhJAwZIW6e3cPIfckP +RD76SwK6t09RbX6KCSYaHIqQj8wXDLgZCVmyC7w9AoGBALOAABq+h3Bg1CNVOFez +iIDs3fWcwDuBeZuXDtvjuE8TXL9NHqsXakkWPGv5c8uE7ZZ2MKkXi2YhRj4rEmHD +4A7B1IYTXGvFzlpQU1wDnQQpSx4yLnsLK9p2gzAl/FiBcjEvrtG05oiHcTSgWBDr +gEjbjSwyPI25lZx/v9V14AFv +-----END PRIVATE KEY----- diff --git a/quick-start-guide/resources/postgresql/create-databases.sh b/quick-start-guide/resources/postgresql/create-databases.sh new file mode 100644 index 0000000..714e276 --- /dev/null +++ b/quick-start-guide/resources/postgresql/create-databases.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE DATABASE connector_1; + GRANT ALL PRIVILEGES ON DATABASE connector_1 TO $POSTGRES_USER; +EOSQL + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE DATABASE connector_2; + GRANT ALL PRIVILEGES ON DATABASE connector_2 TO $POSTGRES_USER; +EOSQL + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE DATABASE broker; + GRANT ALL PRIVILEGES ON DATABASE broker TO $POSTGRES_USER; +EOSQL + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE DATABASE clearing_house; + GRANT ALL PRIVILEGES ON DATABASE clearing_house TO $POSTGRES_USER; +EOSQL