[MOSIP-27858]added helm install.sh github action for mockmds

.github/workflows/push-trigger.yml

@@ -154,6 +154,71 @@ jobs:
       GPG_SECRET: ${{ secrets.GPG_SECRET }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
 
+  build-maven-MockMDS-local:
+    needs: build-maven-MockMDS
+    runs-on: ubuntu-latest
+    env:
+      NAMESPACE: ${{ secrets.dev_namespace_docker_hub }}
+      SERVICE_NAME: 'MockMDS'
+      SERVICE_LOCATION: 'MockMDS'
+      BUILD_ARTIFACT: 'mockmds-local'
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+          server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
+          settings-path: ${{ github.workspace }} # location for the settings.xml file
+
+      - name: Setup the settings file for ossrh server
+        run: echo "<settings> <servers>  <server>  <id>ossrh</id>    <username>${{secrets.ossrh_user}}</username> <password>${{secrets.ossrh_secret}}</password> </server> </servers> <profiles> <profile>     <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation>  <properties> <gpg.executable>gpg2</gpg.executable> <gpg.passphrase>${{secrets.gpg_secret}}</gpg.passphrase> </properties> </profile> <profile> <id>allow-snapshots</id>       <activation><activeByDefault>true</activeByDefault></activation> <repositories> <repository>        <id>snapshots-repo</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> <releases><enabled>false</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository>  <repository>         <id>releases-repo</id>  <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>         <releases><enabled>true</enabled></releases>         <snapshots><enabled>false</enabled></snapshots> </repository> </repositories>  </profile> <profile> <id>sonar</id> <properties>  <sonar.sources>.</sonar.sources> <sonar.host.url>https://sonarcloud.io</sonar.host.url>  </properties> <activation> <activeByDefault>false</activeByDefault> </activation> </profile> </profiles> </settings>" > $GITHUB_WORKSPACE/settings.xml
+      - name: Build Mockmds with Maven
+        run: |
+          cd ${{ env.SERVICE_LOCATION}}
+          mvn clean package -s $GITHUB_WORKSPACE/settings.xml
+      - name: Ready the springboot artifacts
+        if: ${{ !contains(github.ref, 'master') || !contains(github.ref, 'main') }}
+        run: |
+          ## FIND JARS & COPY ONLY EXECUTABLE JARs STORED UNDER TARGET DIRECTORY 
+          find ${{ env.SERVICE_LOCATION }} -path '*/target/*' -exec zip ${{ env.BUILD_ARTIFACT }}.zip {} +
+      - name: Upload the springboot jars
+        if: ${{ !contains(github.ref, 'master') || !contains(github.ref, 'main') }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ env.BUILD_ARTIFACT }}
+          path: ${{ env.BUILD_ARTIFACT }}.zip
+      - uses: 8398a7/action-slack@v3
+        with:
+          status: ${{ job.status }}
+          fields: repo,message,author,commit,workflow,job # selectable (default: repo,message)
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required
+        if: failure() # Pick up events even if the job fails or is canceled.
+  build-dockers_mockmds:
+    needs: build-maven-MockMDS-local
+    strategy:
+      matrix:
+        include:
+          - SERVICE_LOCATION: 'MockMDS'
+            SERVICE_NAME: 'mockmds'
+            BUILD_ARTIFACT: 'mockmds-local'
+            ONLY_DOCKER: true
+      fail-fast: false
+    name: ${{ matrix.SERVICE_NAME }}
+    uses: mosip/kattu/.github/workflows/docker-build.yml@master-java21
+    with:
+      SERVICE_LOCATION: ${{ matrix.SERVICE_LOCATION }}
+      SERVICE_NAME: ${{ matrix.SERVICE_NAME }}
+      BUILD_ARTIFACT: ${{ matrix.BUILD_ARTIFACT }}
+      ONLY_DOCKER: ${{ matrix.ONLY_DOCKER }}
+    secrets:
+      DEV_NAMESPACE_DOCKER_HUB: ${{ secrets.DEV_NAMESPACE_DOCKER_HUB }}
+      ACTOR_DOCKER_HUB: ${{ secrets.ACTOR_DOCKER_HUB }}
+      RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
   sonar_analysis_mock_abis:
     needs: build-maven-mock-abis
     if: "${{ github.event_name != 'pull_request' }}"

MockMDS/Dockerfile

@@ -0,0 +1,76 @@
+FROM ubuntu:22.04
+
+ARG SOURCE
+ARG COMMIT_HASH
+ARG COMMIT_ID
+ARG BUILD_TIME
+LABEL source=${SOURCE}
+LABEL commit_hash=${COMMIT_HASH}
+LABEL commit_id=${COMMIT_ID}
+LABEL build_time=${BUILD_TIME}
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user=mosip
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user_group=mosip
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user_uid=1001
+
+# can be passed during Docker build as build time environment for github branch to pickup configuration from.
+ARG container_user_gid=1001
+
+# Set working directory
+WORKDIR /home/${container_user}
+
+ENV work_dir=/home/${container_user}
+
+# Copy files to the working directory
+
+COPY entrypoint.sh ${work_dir}/
+COPY ./MockMDS/target/ $work_dir/target/
+COPY *.sh openssl.cnf ${work_dir}/
+# Install packages, download binaries, create user and group in a single RUN command
+RUN apt-get update && \
+    apt-get install -y curl openssl jq zip && \
+    groupadd -g ${container_user_gid} ${container_user_group} && \
+    useradd -u ${container_user_uid} -g ${container_user_group} -s /bin/sh -m ${container_user} && \
+    curl -O https://dl.min.io/client/mc/release/linux-amd64/archive/mc.RELEASE.2022-07-29T19-17-16Z && \
+    chmod +x mc.RELEASE.2022-07-29T19-17-16Z && \
+    mv mc.RELEASE.2022-07-29T19-17-16Z /usr/local/bin/mc && \
+    curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
+    install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl && \
+    rm kubectl && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    chmod +x ${work_dir}/*.sh && \
+    chown -R ${container_user}:${container_user} ${work_dir}
+
+# Debug step: List contents of the working directory
+RUN ls -la $work_dir
+
+# Switch to the container user
+USER ${container_user_uid}:${container_user_gid}
+
+WORKDIR ${work_dir}
+
+# Define environment variables
+ENV CA= \
+    SUBCA= \
+    CLIENT= \
+    COUNTRY= \
+    STATE= \
+    LOCATION= \
+    CERT_LOCATION=/home/mosip/certs \
+    mosip-api-internal-host= \
+    mosip_regproc_client_secret= \
+    mosip_deployment_client_secret= \
+    s3-host= \
+    s3-region= \
+    s3-user-key= \
+    s3-user-secret= \
+    s3-bucket-name=
+
+# Run the entrypoint.sh script
+ENTRYPOINT ["./entrypoint.sh"]

MockMDS/application.properties

@@ -28,8 +28,8 @@ mosip.mock.sbi.file.face.deviceinfo.json=/Biometric Devices/Face/DeviceInfo.json
 mosip.mock.sbi.file.face.devicediscovery.json=/Biometric Devices/Face/DeviceDiscovery.json
 mosip.mock.sbi.file.face.streamimage=/Biometric Devices/Face/Stream Image/0.jpeg
 mosip.mock.sbi.file.face.keys.keystorefilename=/Biometric Devices/Face/Keys/mosipface.p12
-mosip.mock.sbi.file.face.keys.keyalias=mosipface
-mosip.mock.sbi.file.face.keys.keystorepwd=mosipface
+mosip.mock.sbi.file.face.keys.keyalias=Device
+mosip.mock.sbi.file.face.keys.keystorepwd=$keystore_pwd
 mosip.mock.sbi.file.face.keys.keystorefilename.ftm=/Biometric Devices/Face/Keys/mosipfaceftm.p12
 mosip.mock.sbi.file.face.keys.keyalias.ftm=mosipfaceftm
 mosip.mock.sbi.file.face.keys.keystorepwd.ftm=mosipfaceftm
@@ -41,8 +41,8 @@ mosip.mock.sbi.file.finger.slap.streamimage.left=/Biometric Devices/Finger/Slap/
 mosip.mock.sbi.file.finger.slap.streamimage.right=/Biometric Devices/Finger/Slap/Stream Image/2.jpeg
 mosip.mock.sbi.file.finger.slap.streamimage.thumb=/Biometric Devices/Finger/Slap/Stream Image/3.jpeg
 mosip.mock.sbi.file.finger.slap.keys.keystorefilename=/Biometric Devices/Finger/Slap/Keys/mosipfingerslap.p12
-mosip.mock.sbi.file.finger.slap.keys.keyalias=mosipfingerslap
-mosip.mock.sbi.file.finger.slap.keys.keystorepwd=mosipfingerslap
+mosip.mock.sbi.file.finger.slap.keys.keyalias=Device
+mosip.mock.sbi.file.finger.slap.keys.keystorepwd=$keystore_pwd
 mosip.mock.sbi.file.finger.slap.keys.keystorefilename.ftm=/Biometric Devices/Finger/Slap/Keys/mosipfingerslapftm.p12
 mosip.mock.sbi.file.finger.slap.keys.keyalias.ftm=mosipfingerslapftm
 mosip.mock.sbi.file.finger.slap.keys.keystorepwd.ftm=mosipfingerslapftm
@@ -51,8 +51,8 @@ mosip.mock.sbi.file.finger.single.digitalid.json=/Biometric Devices/Finger/Singl
 mosip.mock.sbi.file.finger.single.deviceinfo.json=/Biometric Devices/Finger/Single/DeviceInfo.json
 mosip.mock.sbi.file.finger.single.devicediscovery.json=/Biometric Devices/Finger/Single/DeviceDiscovery.json
 mosip.mock.sbi.file.finger.single.keys.keystorefilename=/Biometric Devices/Finger/Single/Keys/mosipfingersingle.p12
-mosip.mock.sbi.file.finger.single.keys.keyalias=mosipfingersingle
-mosip.mock.sbi.file.finger.single.keys.keystorepwd=mosipfingersingle
+mosip.mock.sbi.file.finger.single.keys.keyalias=Device
+mosip.mock.sbi.file.finger.single.keys.keystorepwd=$keystore_pwd
 mosip.mock.sbi.file.finger.single.keys.keystorefilename.ftm=/Biometric Devices/Finger/Single/Keys/mosipfingersingleftm.p12
 mosip.mock.sbi.file.finger.single.keys.keyalias.ftm=mosipfingersingleftm
 mosip.mock.sbi.file.finger.single.keys.keystorepwd.ftm=mosipfingersingleftm
@@ -64,8 +64,8 @@ mosip.mock.sbi.file.iris.double.streamimage.left=/Biometric Devices/Iris/Double/
 mosip.mock.sbi.file.iris.double.streamimage.right=/Biometric Devices/Iris/Double/Stream Image/2.jpeg
 mosip.mock.sbi.file.iris.double.streamimage.both=/Biometric Devices/Iris/Double/Stream Image/3.jpeg
 mosip.mock.sbi.file.iris.double.keys.keystorefilename=/Biometric Devices/Iris/Double/Keys/mosipirisdouble.p12
-mosip.mock.sbi.file.iris.double.keys.keyalias=mosipirisdouble
-mosip.mock.sbi.file.iris.double.keys.keystorepwd=mosipirisdouble
+mosip.mock.sbi.file.iris.double.keys.keyalias=Device
+mosip.mock.sbi.file.iris.double.keys.keystorepwd=$keystore_pwd
 mosip.mock.sbi.file.iris.double.keys.keystorefilename.ftm=/Biometric Devices/Iris/Double/Keys/mosipirisdoubleftm.p12
 mosip.mock.sbi.file.iris.double.keys.keyalias.ftm=mosipirisdoubleftm
 mosip.mock.sbi.file.iris.double.keys.keystorepwd.ftm=mosipirisdoubleftm
@@ -74,8 +74,8 @@ mosip.mock.sbi.file.iris.single.digitalid.json=/Biometric Devices/Iris/Single/Di
 mosip.mock.sbi.file.iris.single.deviceinfo.json=/Biometric Devices/Iris/Single/DeviceInfo.json
 mosip.mock.sbi.file.iris.single.devicediscovery.json=/Biometric Devices/Iris/Single/DeviceDiscovery.json
 mosip.mock.sbi.file.iris.single.keys.keystorefilename=/Biometric Devices/Iris/Single/Keys/mosipirissingle.p12
-mosip.mock.sbi.file.iris.single.keys.keyalias=mosipirissingle
-mosip.mock.sbi.file.iris.single.keys.keystorepwd=mosipirissingle
+mosip.mock.sbi.file.iris.single.keys.keyalias=Device
+mosip.mock.sbi.file.iris.single.keys.keystorepwd=$keystore_pwd
 mosip.mock.sbi.file.iris.single.keys.keystorefilename.ftm=/Biometric Devices/Iris/Single/Keys/mosipirissingleftm.p12
 mosip.mock.sbi.file.iris.single.keys.keyalias.ftm=mosipirissingleftm
 mosip.mock.sbi.file.iris.single.keys.keystorepwd.ftm=mosipirissingleftm
@@ -85,12 +85,12 @@ mosip.mock.sbi.file.folder.default=/Profile/Default
 
 mosip.kernel.crypto.sign-algorithm-name=RS256
 
-mosip.auth.server.url=https://extint1.mosip.net/v1/authmanager/authenticate/clientidsecretkey
+mosip.auth.server.url=https://$API_INTERNAL_HOST/v1/authmanager/authenticate/clientidsecretkey
 mosip.auth.appid=regproc
 mosip.auth.clientid=mosip-regproc-client
-mosip.auth.secretkey=abc123
+mosip.auth.secretkey=$mosip_regproc_client_secret
 
-mosip.ida.server.url=https://extint1.mosip.net/idauthentication/v1/internal/getCertificate?applicationId=IDA&referenceId=IDA-FIR
+mosip.ida.server.url=https://$API_INTERNAL_HOST/idauthentication/v1/internal/getCertificate?applicationId=IDA&referenceId=IDA-FIR
 
 mds_ERROR_0_msg_en=Success
 
@@ -159,5 +159,4 @@ mds_ERROR_806_msg_en=Device connected purpose should be for Auth only for Auth C
 mds_ERROR_809_msg_en=Auth Capture request can not be done for Registration Devices
 mds_ERROR_810_msg_en=Auth Capture unknown error
 
-mds_ERROR_999_msg_en=Unknown Error
-
+mds_ERROR_999_msg_en=Unknown Error

MockMDS/certgen.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+set -e
+
+## The script starts from here
+echo -e "\nUSAGE: bash create-certs.sh"
+echo "This script will create new rootCA, IntermediateCA & Partner certificates"
+
+# Check if any environment variable is empty
+: "${CA:?Need to set CA}"
+: "${SUBCA:?Need to set SUBCA}"
+: "${CLIENT:?Need to set CLIENT}"
+: "${COUNTRY:?Need to set COUNTRY}"
+: "${STATE:?Need to set STATE}"
+: "${LOCATION:?Need to set LOCATION}"
+: "${CERT_LOCATION:?Need to set CERT_LOCATION}"
+
+# Print key-value
+echo -e "\n========== Listing properties from environment variables =========="
+echo "CA             = $CA"
+echo "SUBCA          = $SUBCA"
+echo "CLIENT         = $CLIENT"
+echo "COUNTRY        = $COUNTRY"
+echo "STATE          = $STATE"
+echo "LOCATION       = $LOCATION"
+echo "CERT_LOCATION  = $CERT_LOCATION"
+
+# Create certs directory
+mkdir -p "$CERT_LOCATION"
+
+# Certificate authority
+echo -e "\n========== Creating CA certificate =========="
+
+### Generating CA certs
+openssl genrsa -out "$CERT_LOCATION/RootCA.key" 4096
+openssl req -new -x509 -days 1826 -extensions v3_ca -key "$CERT_LOCATION/RootCA.key" -out "$CERT_LOCATION/RootCA.crt" -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$CA/OU=$CA/CN=$CA/"
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_LOCATION/RootCA.key" -out "$CERT_LOCATION/RootCA.key.pkcs8"
+
+# Intermediate CA
+echo -e "\n========== Creating SUBCA certificate =========="
+
+### Generating SUBCA certs
+openssl genrsa -out "$CERT_LOCATION/IntermediateCA.key" 4096
+openssl req -new -key "$CERT_LOCATION/IntermediateCA.key" -out "$CERT_LOCATION/IntermediateCA.csr" -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$SUBCA/OU=$SUBCA/CN=$SUBCA/"
+openssl x509 -req -days 1000 -extfile ./openssl.cnf -extensions v3_intermediate_ca -in "$CERT_LOCATION/IntermediateCA.csr" -CA "$CERT_LOCATION/RootCA.crt" -CAkey "$CERT_LOCATION/RootCA.key" -out "$CERT_LOCATION/IntermediateCA.crt" -set_serial 01
+openssl verify -CAfile "$CERT_LOCATION/RootCA.crt" "$CERT_LOCATION/IntermediateCA.crt"
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_LOCATION/IntermediateCA.key" -out "$CERT_LOCATION/IntermediateCA.key.pkcs8"
+
+# Client certificate from IntermediateCA
+echo -e "\n========== Creating CLIENT certificate =========="
+
+### Generating CLIENT certs
+openssl genrsa -out "$CERT_LOCATION/Client.key" 4096
+openssl req -new -key "$CERT_LOCATION/Client.key" -out "$CERT_LOCATION/Client.csr" -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=$CLIENT/OU=$CLIENT/CN=$CLIENT/"
+openssl x509 -req -extensions usr_cert -extfile ./openssl.cnf -days 1000 -in "$CERT_LOCATION/Client.csr" -CA "$CERT_LOCATION/IntermediateCA.crt" -CAkey "$CERT_LOCATION/IntermediateCA.key" -set_serial 04 -out "$CERT_LOCATION/Client.crt"
+openssl verify -CAfile "$CERT_LOCATION/RootCA.crt" -untrusted "$CERT_LOCATION/IntermediateCA.crt" "$CERT_LOCATION/Client.crt"
+openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_LOCATION/Client.key" -out "$CERT_LOCATION/Client.key.pkcs8"

MockMDS/createp12.sh

@@ -0,0 +1,32 @@
+# Now generating different p12 certificates for device
+echo -e "\n========== Creating Device keys and export to keystore =========="
+
+# KEYSTORE_PWD=${KEYSTORE_PWD}
+# export KEYSTORE_PWD
+# echo "$KEYSTORE_PWD" > key.pwd
+keystore_pwd=mosip123
+
+openssl genrsa -out "$CERT_LOCATION/Device.key" 4096
+openssl req -new -key "$CERT_LOCATION/Device.key" -out "$CERT_LOCATION/Device.csr" -subj "/C=$COUNTRY/ST=$STATE/L=$LOCATION/O=Device/OU=Device/CN=Device/"
+openssl x509 -req -extensions usr_cert -extfile ./openssl.cnf -days 180 -in "$CERT_LOCATION/Device.csr" -CA "$CERT_LOCATION/mosip-signed-client.crt" -CAkey "$CERT_LOCATION/Client.key" -set_serial 05 -out "$CERT_LOCATION/signed-Device.crt"
+openssl pkcs12 -export -in "$CERT_LOCATION/signed-Device.crt" -inkey "$CERT_LOCATION/Device.key" -out "$CERT_LOCATION/Device.p12" -name "Device" -password pass:$keystore_pwd
+echo "Device certificate created and exported to Device.p12"
+
+echo -e "\n========== Replacing old .p12 files with new Device.p12 =========="
+
+# Define the target file paths
+declare -a TARGET_FILES=(
+    "$work_dir/target/Biometric Devices/Finger/Single/Keys/mosipfingersingle.p12"
+    "$work_dir/target/Biometric Devices/Finger/Slap/Keys/mosipfingerslap.p12"
+    "$work_dir/target/Biometric Devices/Iris/Double/Keys/mosipirisdouble.p12"
+    "$work_dir/target/Biometric Devices/Iris/Single/Keys/mosipirissingle.p12"
+    "$work_dir/target/Biometric Devices/Face/Keys/mosipface.p12"
+)
+
+# Loop through each target file and copy the new Device.p12
+for TARGET_FILE in "${TARGET_FILES[@]}"; do
+    echo "Replacing $TARGET_FILE with Device.p12"
+    cp "$CERT_LOCATION/Device.p12" "$TARGET_FILE"
+done
+
+echo -e "Replacement complete."

MockMDS/entrypoint.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/bash
+
+set -e
+
+# Execute certgen.sh to generate certificates
+echo -e "\nExecuting certgen.sh..."
+bash certgen.sh
+
+# Execute uploadcert.sh to authenticate and upload certificates
+echo -e "\nExecuting uploadcert.sh..."
+bash upload-certs.sh
+
+# Execute createp12.sh to create PKCS#12 files
+echo -e "\nExecuting createp12.sh..."
+bash createp12.sh
+
+# Execute updating-app-properties.sh
+echo -e "\nExecuting updating-app-properties.sh..."
+bash updating-app-properties.sh
+
+# Execute createp12.sh to create PKCS#12 files
+echo -e "\nExecuting upload-zip-to-s3.sh ..."
+bash upload-zip-to-s3.sh
+
+echo -e "\nAll scripts executed successfully."

MockMDS/openssl.cnf

@@ -0,0 +1,29 @@
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ usr_cert ]
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+
+[ server_cert ]
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth