Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/develop' into issues/136-merge…
Browse files Browse the repository at this point in the history
…-upstream
  • Loading branch information
jnpsk committed Feb 6, 2024
2 parents c76a915 + 3a31f33 commit bfa79b9
Show file tree
Hide file tree
Showing 50 changed files with 468 additions and 203 deletions.
5 changes: 3 additions & 2 deletions docs/Configuration-Properties.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ The Enrollment Server uses the following public configuration properties:
| `spring.datasource.url` | `_empty_` | Database JDBC URL |
| `spring.datasource.username` | `_empty_` | Database JDBC username |
| `spring.datasource.password` | `_empty_` | Database JDBC password |
| `spring.datasource.driver-class-name` | `_empty_` | Datasource JDBC class name |
| `spring.jpa.hibernate.ddl-auto` | `none` | Configuration of automatic database schema creation |
| `spring.jpa.properties.hibernate.connection.characterEncoding` | `_empty_` | Character encoding |
| `spring.jpa.properties.hibernate.connection.useUnicode` | `_empty_` | Character encoding - Unicode support |
Expand Down Expand Up @@ -63,6 +62,8 @@ logging.pattern.console=%clr(%d{${LOG_DATEFORMAT_PATTERN:yyyy-MM-dd HH:mm:ss.SSS


## Monitoring and Observability

| Property | Default | Note |
|-------------------------------------------|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `management.tracing.sampling.probability` | `1.0` | Specifies the proportion of requests that are sampled for tracing. A value of 1.0 means that 100% of requests are sampled, while a value of 0 effectively disables tracing. |
The WAR file includes the `micrometer-registry-prometheus` dependency.
Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics).
7 changes: 4 additions & 3 deletions docs/onboarding/Configuration-Properties.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ The Onboarding Server uses the following public configuration properties:
| `spring.datasource.url` | `jdbc:postgresql://localhost:5432/powerauth` | Database JDBC URL |
| `spring.datasource.username` | `powerauth` | Database JDBC username |
| `spring.datasource.password` | `_empty_` | Database JDBC password |
| `spring.datasource.driver-class-name` | `org.postgresql.Driver` | Datasource JDBC class name |
| `spring.jpa.hibernate.ddl-auto` | `none` | Configuration of automatic database schema creation |
| `spring.jpa.properties.hibernate.connection.characterEncoding` | `utf8` | Character encoding |
| `spring.jpa.properties.hibernate.connection.useUnicode` | `true` | Character encoding - Unicode support |
Expand Down Expand Up @@ -46,7 +45,6 @@ The Onboarding Server uses the following public configuration properties:
| `enrollment-server-onboarding.identity-verification.otp.enabled` | `true` | Whether OTP verification is enabled during identity verification. |
| `enrollment-server-onboarding.identity-verification.max-failed-attempts` | `5` | Maximum failed attempts for identity verification. |
| `enrollment-server-onboarding.identity-verification.max-failed-attempts-document-upload` | `5` | Maximum failed attempts for document upload. |
| `enrollment-server-onboarding.client-evaluation.max-failed-attempts` | `5` | Maximum failed attempts for client evaluation. |

## Digital Onboarding Adapter Configuration

Expand All @@ -69,6 +67,7 @@ The Onboarding Server uses the following public configuration properties:
| Property | Default | Note |
|---|---|---|
| `enrollment-server-onboarding.client-evaluation.max-failed-attempts` | 5 | Number of maximum failed attempts for client evaluation. |
| `enrollment-server-onboarding.client-evaluation.include-extracted-data` | `false` | Include extracted data to the evaluate client request. The format of extracted data is defined by the provider of document verification. |

## Document Verification Provider Configuration

Expand Down Expand Up @@ -170,6 +169,8 @@ logging.pattern.console=%clr(%d{${LOG_DATEFORMAT_PATTERN:yyyy-MM-dd HH:mm:ss.SSS


## Monitoring and Observability

| Property | Default | Note |
|-------------------------------------------|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `management.tracing.sampling.probability` | `1.0` | Specifies the proportion of requests that are sampled for tracing. A value of 1.0 means that 100% of requests are sampled, while a value of 0 effectively disables tracing. |
The WAR file includes the `micrometer-registry-prometheus` dependency.
Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics).
41 changes: 38 additions & 3 deletions docs/onboarding/Configuration-Verification-Providers.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ The document verification process is currently supported for following providers

### ZenID

#### Configuration - API key
#### API key

The authorization of all API calls is secured by an API key value. It has to be sent as the `Authorization: api_key VALUE` header value.
Check the bottom of the `Manual/Configuration` page for more details.
Expand All @@ -21,7 +21,7 @@ The API key value can be configured/get from the `Access` page configuration:
- Condition: `ApiKeyEqualsValue`
- Value: the value here is the value of the API key

#### Configuration - Validators
#### Validators

It is recommended to create a custom validation profile. The sensitivity of selected validators can be tuned-up or disabled completely at the `Sensitivity` page.
The profile can be then set as the default or specified in the configuration properties.
Expand All @@ -32,14 +32,49 @@ When calling `document-verification/init-sdk` following implementation fields ar
- Init token - send a token value `sdk-init-token` in the request body `attributes` map field
- SDK response - receive the value under `zenid-sdk-init-response` from the response `attributes` map field

### Innovatrics

Innovatrics documentation for developers can be found at [this link](https://developers.innovatrics.com/digital-onboarding/technical/remote/dot-dis/latest/documentation/).

#### OCR Threshold

During a document validation Innovatrics provides a list of fields extracted from the document, that have OCR
confidence lower than configurable threshold. If the list is not empty, there is a high probability that some
information is read incorrectly. For that reason, this document will be rejected. The OCR confidence threshold is `0.92`
by default, and can be tuned using `innovatrics.dot.dis.customer.document.inspection.ocr-text-field-threshold`.

#### Text Consistency

For each document Innovatrics tries to read visual zone, machine-readable zone and barcode. These isolated parts are
cross-checked during a document validation by Innovatrics. If there are inconsistency between visual zone and
machine-readable zone, or between visual-zone and barcode, the document will be rejected. However, some editions of
identification documents are inconsistent by design. To prevent false rejection of those document modify the
configuration.
Following example excludes `issuingAuthority` field of Czech identity card 2005 edition from text consistency check:

```yml
innovatrics:
dot:
dis:
customer:
document:
inspection:
text-consistency-check:
CZE_identity-card_2005-01-01:
exclusions:
- issuingAuthority
```
The format of the document name is `{country}_{type}_{edition}` according to the response of `/metadata` request.

## Presence Check

The document verification process is currently supported for following providers:
- [iProov](https://www.iproov.com/) - use value `iproov` in configuration
- [Innovatrics](https://www.innovatrics.com/) - use value `innovatrics` in configuration
- Mock - useful for simple testing and local runs - use value `mock` in configuration

#### Configuration
### iProov

There are a few needed configuration changes to bring a successful integration. All the following configuration tuning
has to be requested from the iProov's [support team](https://iproov.freshdesk.com/support/login) on a per-service basis:
Expand Down
7 changes: 6 additions & 1 deletion enrollment-server-api-model/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
<parent>
<groupId>com.wultra.security</groupId>
<artifactId>enrollment-server-parent</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
</parent>

<dependencies>
Expand All @@ -43,6 +43,11 @@
<groupId>io.swagger.core.v3</groupId>
<artifactId>swagger-annotations-jakarta</artifactId>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
</dependency>
</dependencies>

<profiles>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,41 @@

package com.wultra.app.enrollmentserver.api.model.enrollment.request;

import com.fasterxml.jackson.annotation.JsonProperty;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import lombok.Data;
import lombok.ToString;

/**
* Class representing a device registration request. The supported platform
* values are 'ios' and 'android'. The push token is the value received from
* APNS or FCM services without any modification.
* Class representing a device registration request.
*
* @author Petr Dvorak, [email protected]
*/
@Data
public class PushRegisterRequest {

private String platform;
/**
* The platform.
*/
@NotNull
private Platform platform;

/**
* The push token is the value received from APNS or FCM services without any modification.
*/
@NotBlank
@ToString.Exclude
@Schema(description = "The push token is the value received from APNS or FCM services without any modification.")
private String token;

public enum Platform {
@JsonProperty("ios")
IOS,

@JsonProperty("android")
ANDROID
}

}
2 changes: 1 addition & 1 deletion enrollment-server-onboarding-adapter-mock/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<parent>
<groupId>com.wultra.security</groupId>
<artifactId>enrollment-server-parent</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
</parent>

<artifactId>enrollment-server-onboarding-adapter-mock</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion enrollment-server-onboarding-api-model/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>com.wultra.security</groupId>
<artifactId>enrollment-server-parent</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
</parent>

<artifactId>enrollment-server-onboarding-api-model</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion enrollment-server-onboarding-api/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
<parent>
<groupId>com.wultra.security</groupId>
<artifactId>enrollment-server-parent</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
</parent>

<groupId>com.wultra.security</groupId>
Expand Down
2 changes: 1 addition & 1 deletion enrollment-server-onboarding-common/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<parent>
<groupId>com.wultra.security</groupId>
<artifactId>enrollment-server-parent</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
</parent>

<artifactId>enrollment-server-onboarding-common</artifactId>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
spring.datasource.url=jdbc:h2:mem:testdb;DB_CLOSE_ON_EXIT=FALSE
spring.datasource.username=sa
spring.datasource.password=password
spring.datasource.driver-class-name=org.h2.Driver
spring.jpa.hibernate.ddl-auto=create
15 changes: 14 additions & 1 deletion enrollment-server-onboarding-domain-model/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,27 @@
<parent>
<groupId>com.wultra.security</groupId>
<artifactId>enrollment-server-parent</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
</parent>

<dependencies>
<dependency>
<groupId>io.getlime.security</groupId>
<artifactId>powerauth-java-crypto</artifactId>
</dependency>

<!-- Bouncy Castle -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
</dependency>

<!-- Test Dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<profiles>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@
*/
package com.wultra.app.enrollmentserver.model.integration;

import com.google.common.io.BaseEncoding;
import io.getlime.security.powerauth.crypto.lib.util.Hash;
import lombok.AccessLevel;
import lombok.Data;
import lombok.Setter;
import lombok.ToString;
import org.bouncycastle.util.encoders.Base32;

import java.nio.charset.StandardCharsets;
import java.util.Date;

/**
Expand Down Expand Up @@ -73,9 +74,8 @@ public String getUserIdSecured() {
throw new IllegalStateException("Missing userId value");
}
if (userIdSecured == null) {
userIdSecured = BaseEncoding.base32()
.omitPadding()
.encode(Hash.sha256(userId));
userIdSecured = new String(Base32.encode(Hash.sha256(userId)), StandardCharsets.UTF_8)
.replace("=", "");
if (userIdSecured.length() > USER_ID_MAX_LENGTH) {
userIdSecured = userIdSecured.substring(0, USER_ID_MAX_LENGTH);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
/*
* PowerAuth Enrollment Server
* Copyright (C) 2024 Wultra s.r.o.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package com.wultra.app.enrollmentserver.model.integration;

import org.junit.jupiter.api.Test;

import static org.junit.jupiter.api.Assertions.assertEquals;

/**
* Test for {@link OwnerId}.
*
* @author Lubos Racansky, [email protected]
*/
class OwnerIdTest {

@Test
void testUserIdSecured() {
final OwnerId tested = new OwnerId();
tested.setUserId("Joe");

final String result = tested.getUserIdSecured();

assertEquals("NXMLPV6TYXCGRGZT4UNZ6EF4NKN6RH7I7IVBE7EMNQB42BOWRLHA", result);
}
}
2 changes: 1 addition & 1 deletion enrollment-server-onboarding-provider-innovatrics/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
<parent>
<groupId>com.wultra.security</groupId>
<artifactId>enrollment-server-parent</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
</parent>

<groupId>com.wultra.security</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -222,14 +222,6 @@ public CreateSelfieResponse createSelfie(final String customerId, final String l
}
}

// TODO remove - temporal test call
// @PostConstruct
// public void testCall() throws RestClientException {
// logger.info("Trying a test call");
// final ResponseEntity<String> response = restClient.get("/api/v1/metadata", STRING_TYPE_REFERENCE);
// logger.info("Result of test call: {}", response.getBody());
// }

/**
* Create a new customer resource.
* @param ownerId owner identification.
Expand Down
Loading

0 comments on commit bfa79b9

Please sign in to comment.