From 5ecc980a5532b9ee864248d8b0c656384901cde2 Mon Sep 17 00:00:00 2001 From: Keshav Mishra Date: Thu, 12 May 2022 16:04:22 +0530 Subject: [PATCH 1/9] [MOSIP-20020] Update release_changes.yml --- .github/workflows/release_changes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release_changes.yml b/.github/workflows/release_changes.yml index cc9c2956..e75a616c 100644 --- a/.github/workflows/release_changes.yml +++ b/.github/workflows/release_changes.yml @@ -48,7 +48,7 @@ jobs: uses: peter-evans/create-pull-request@v3 with: token: ${{ secrets.ACTION_PAT }} - commit-message: Updated Pom versions for release changes + commit-message: Release Bot Pre-release changes title: Release changes body: Automated PR for ${{ github.event.inputs.releaseTags }} release. branch: release-branch From 5a10d87a1047530cf60e7368f927151017feda36 Mon Sep 17 00:00:00 2001 From: syed-salman-technoforte Date: Thu, 19 May 2022 16:39:19 +0530 Subject: [PATCH 2/9] [ MOSIP-20021 ] updated release_changes.yml to update README.md badges --- .github/workflows/release_changes.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/release_changes.yml b/.github/workflows/release_changes.yml index e75a616c..5d8e1a32 100644 --- a/.github/workflows/release_changes.yml +++ b/.github/workflows/release_changes.yml @@ -27,6 +27,11 @@ jobs: echo "BRANCH_NAME=$(echo ${{ github.ref }} | sed -e 's,.*/\(.*\),\1,')" >> $GITHUB_ENV echo "GPG_TTY=$(tty)" >> $GITHUB_ENV + - name: update Branch name in badges + run: | + sed -i 's/branch=.*)]/branch=${{ env.BRANCH_NAME }}\)]/g' README.md + sed -i 's/branch=.*\&/branch=${{ env.BRANCH_NAME }}\&/g' README.md + - name: Mannualy changing the pom versions run: find . -type f -name "*pom.xml" -print0 | xargs -0 sed -i "s/${{ github.event.inputs.snapshotTags }}/${{ github.event.inputs.releaseTags }}/g" From 902cd0421bd742dc40efdef3002220725abfd17d Mon Sep 17 00:00:00 2001 From: Keshav Mishra Date: Mon, 18 Jul 2022 10:49:33 +0530 Subject: [PATCH 3/9] [MOSIP-20028] added action for tagging --- .github/workflows/tag.yaml | 43 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/tag.yaml diff --git a/.github/workflows/tag.yaml b/.github/workflows/tag.yaml new file mode 100644 index 00000000..e9bba0e6 --- /dev/null +++ b/.github/workflows/tag.yaml @@ -0,0 +1,43 @@ +name: Tagging of repos + +env: + tag: v1.2.3 + +on: + workflow_dispatch: + inputs: + tag: + description: 'Tag to be published' + required: true + default: 'v1.2.3' + type: string + body: + description: 'Release body message' + required: true + default: 'Changes in this Release' + type: string + pre-release: + description: 'Pre-release? True/False' + required: true + default: False + type: string + +jobs: + build: + name: Create Release + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: ${{ github.event.inputs.tag }} + release_name: ${{ github.event.inputs.tag }} + body: | + ${{ github.event.inputs.body }} + draft: false + prerelease: ${{fromJSON(github.event.inputs.pre-release)}} From 5af3e86bae9f408e138419a8607148a704b620fd Mon Sep 17 00:00:00 2001 From: dhanendra06 Date: Wed, 17 Aug 2022 11:07:54 +0530 Subject: [PATCH 4/9] MOSIP-23596 --- src/main/java/io/mosip/print/service/impl/PrintServiceImpl.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/io/mosip/print/service/impl/PrintServiceImpl.java b/src/main/java/io/mosip/print/service/impl/PrintServiceImpl.java index d8ea0a49..39f70582 100644 --- a/src/main/java/io/mosip/print/service/impl/PrintServiceImpl.java +++ b/src/main/java/io/mosip/print/service/impl/PrintServiceImpl.java @@ -211,6 +211,7 @@ public boolean generateCard(EventModel eventModel) { } String ecryptionPin = eventModel.getEvent().getData().get("protectionKey").toString(); String decodedCredential = cryptoCoreUtil.decrypt(credential); + printLogger.debug("vc is printed security valuation.... : {}",decodedCredential); if (verifyCredentialsFlag){ printLogger.info("Configured received credentials to be verified. Flag {}", verifyCredentialsFlag); boolean verified = credentialsVerifier.verifyCredentials(decodedCredential); From 238d9fb256d3df39e31ff40fbedf066924e10dfd Mon Sep 17 00:00:00 2001 From: dhanendra06 Date: Wed, 17 Aug 2022 13:33:33 +0530 Subject: [PATCH 5/9] MOSIP-23472 --- pom.xml | 6 +- .../print/service/impl/PrintServiceImpl.java | 37 ++--- .../mosip/print/util/CredentialsVerifier.java | 147 ------------------ 3 files changed, 22 insertions(+), 168 deletions(-) delete mode 100644 src/main/java/io/mosip/print/util/CredentialsVerifier.java diff --git a/pom.xml b/pom.xml index 46c58152..b32694a4 100644 --- a/pom.xml +++ b/pom.xml @@ -230,9 +230,9 @@ 2.12.0 - info.weboftrust - ld-signatures-java - 0.8.0 + io.mosip.vercred + vcverifier + 1.0-SNAPSHOT diff --git a/src/main/java/io/mosip/print/service/impl/PrintServiceImpl.java b/src/main/java/io/mosip/print/service/impl/PrintServiceImpl.java index d8ea0a49..d69a1744 100644 --- a/src/main/java/io/mosip/print/service/impl/PrintServiceImpl.java +++ b/src/main/java/io/mosip/print/service/impl/PrintServiceImpl.java @@ -31,6 +31,12 @@ import com.google.gson.Gson; import com.google.gson.GsonBuilder; +import io.mosip.print.exception.*; +import io.mosip.vercred.CredentialsVerifier; +import io.mosip.vercred.exception.ProofDocumentNotFoundException; +import io.mosip.vercred.exception.ProofTypeNotFoundException; +import io.mosip.vercred.exception.PubicKeyNotFoundException; +import io.mosip.vercred.exception.UnknownException; import org.apache.commons.codec.binary.Base64; import org.joda.time.DateTime; import org.json.simple.JSONArray; @@ -56,20 +62,6 @@ import io.mosip.print.dto.CryptoWithPinResponseDto; import io.mosip.print.dto.DataShare; import io.mosip.print.dto.JsonValue; -import io.mosip.print.exception.ApiNotAccessibleException; -import io.mosip.print.exception.ApisResourceAccessException; -import io.mosip.print.exception.CryptoManagerException; -import io.mosip.print.exception.DataShareException; -import io.mosip.print.exception.ExceptionUtils; -import io.mosip.print.exception.IdRepoAppException; -import io.mosip.print.exception.IdentityNotFoundException; -import io.mosip.print.exception.PDFGeneratorException; -import io.mosip.print.exception.PDFSignatureException; -import io.mosip.print.exception.ParsingException; -import io.mosip.print.exception.PlatformErrorMessages; -import io.mosip.print.exception.QrcodeGenerationException; -import io.mosip.print.exception.TemplateProcessingFailureException; -import io.mosip.print.exception.UINNotFoundInDatabase; import io.mosip.print.logger.LogDescription; import io.mosip.print.logger.PrintLogger; import io.mosip.print.model.CredentialStatusEvent; @@ -81,7 +73,6 @@ import io.mosip.print.spi.QrCodeGenerator; import io.mosip.print.util.AuditLogRequestBuilder; import io.mosip.print.util.CbeffToBiometricUtil; -import io.mosip.print.util.CredentialsVerifier; import io.mosip.print.util.CryptoCoreUtil; import io.mosip.print.util.CryptoUtil; import io.mosip.print.util.DataShareUtil; @@ -201,6 +192,7 @@ public class PrintServiceImpl implements PrintService{ public boolean generateCard(EventModel eventModel) { String credential = null; boolean isPrinted = false; + boolean verified=false; try { if (eventModel.getEvent().getDataShareUri() == null || eventModel.getEvent().getDataShareUri().isEmpty()) { credential = eventModel.getEvent().getData().get("credential").toString(); @@ -213,10 +205,19 @@ public boolean generateCard(EventModel eventModel) { String decodedCredential = cryptoCoreUtil.decrypt(credential); if (verifyCredentialsFlag){ printLogger.info("Configured received credentials to be verified. Flag {}", verifyCredentialsFlag); - boolean verified = credentialsVerifier.verifyCredentials(decodedCredential); - if (!verified) { + try { + verified=credentialsVerifier.verifyPrintCredentials(decodedCredential); + if (!verified) { + printLogger.error("Received Credentials failed in verifiable credential verify method. So, the credentials will not be printed." + + " Id: {}, Transaction Id: {}", eventModel.getEvent().getId(), eventModel.getEvent().getTransactionId()); + return false; + } + }catch (ProofDocumentNotFoundException | ProofTypeNotFoundException e){ + printLogger.error("Proof document is not available in the received credentials." + + " Id: {}, Transaction Id: {}", eventModel.getEvent().getId(), eventModel.getEvent().getTransactionId()); + }catch (UnknownException | PubicKeyNotFoundException e){ printLogger.error("Received Credentials failed in verifiable credential verify method. So, the credentials will not be printed." + - " Id: {}, Transaction Id: {}", eventModel.getEvent().getId(), eventModel.getEvent().getTransactionId()); + " Id: {}, Transaction Id: {}", eventModel.getEvent().getId(), eventModel.getEvent().getTransactionId()); return false; } } diff --git a/src/main/java/io/mosip/print/util/CredentialsVerifier.java b/src/main/java/io/mosip/print/util/CredentialsVerifier.java deleted file mode 100644 index 706f78f9..00000000 --- a/src/main/java/io/mosip/print/util/CredentialsVerifier.java +++ /dev/null @@ -1,147 +0,0 @@ -package io.mosip.print.util; - -import java.io.IOException; -import java.io.StringReader; -import java.net.URI; -import java.security.GeneralSecurityException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.MGF1ParameterSpec; -import java.security.spec.PSSParameterSpec; -import java.security.spec.X509EncodedKeySpec; -import java.text.ParseException; -import java.util.Objects; - -import com.fasterxml.jackson.databind.node.ObjectNode; -import com.nimbusds.jose.JWSObject; - -import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemReader; -import org.slf4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpMethod; -import org.springframework.stereotype.Component; -import org.springframework.web.client.RestTemplate; - -import foundation.identity.jsonld.ConfigurableDocumentLoader; -import foundation.identity.jsonld.JsonLDException; -import foundation.identity.jsonld.JsonLDObject; -import info.weboftrust.ldsignatures.LdProof; -import info.weboftrust.ldsignatures.canonicalizer.URDNA2015Canonicalizer; -import info.weboftrust.ldsignatures.util.JWSUtil; -import io.mosip.print.constant.CredentialVerifierConstants; -import io.mosip.print.logger.PrintLogger; - -@Component -public class CredentialsVerifier { - - Logger CredVerifierLogger = PrintLogger.getLogger(CredentialsVerifier.class); - - @Autowired - private RestTemplate restTemplate; - - public boolean verifyCredentials(String credentials){ - CredVerifierLogger.info("Received Credentials Verification - Start."); - ConfigurableDocumentLoader confDocumentLoader = new ConfigurableDocumentLoader(); - confDocumentLoader.setEnableHttps(true); - confDocumentLoader.setEnableHttp(true); - confDocumentLoader.setEnableFile(false); - - JsonLDObject vcJsonLdObject = JsonLDObject.fromJson(credentials); - vcJsonLdObject.setDocumentLoader(confDocumentLoader); - - LdProof ldProofWithJWS = LdProof.getFromJsonLDObject(vcJsonLdObject); - if (Objects.isNull(ldProofWithJWS)) { - CredVerifierLogger.error("Proof document is not available in the received credentials."); - return false; - } - - String ldProofTerm = ldProofWithJWS.getType(); - if (!CredentialVerifierConstants.SIGNATURE_SUITE_TERM.equals(ldProofTerm)) { - CredVerifierLogger.error("Proof Type available in received credentials is not matching " + - " with supported proof terms. Recevied Type: {}", ldProofTerm); - return false; - } - - try { - - URDNA2015Canonicalizer canonicalizer = new URDNA2015Canonicalizer(); - byte[] canonicalHashBytes = canonicalizer.canonicalize(ldProofWithJWS, vcJsonLdObject); - CredVerifierLogger.info("Completed Canonicalization for the received credentials."); - String signJWS = ldProofWithJWS.getJws(); - JWSObject jwsObject = JWSObject.parse(signJWS); - byte[] vcSignBytes = jwsObject.getSignature().decode(); - URI publicKeyJsonUri = ldProofWithJWS.getVerificationMethod(); - PublicKey publicKeyObj = getPublicKeyFromVerificationMethod(publicKeyJsonUri); - if (Objects.isNull(publicKeyObj)) { - CredVerifierLogger.error("Public key object is null, returning false."); - return false; - } - CredVerifierLogger.info("Completed downloading public key from the issuer domain and constructed public key object."); - byte[] actualData = JWSUtil.getJwsSigningInput(jwsObject.getHeader(), canonicalHashBytes); - String jwsHeader = jwsObject.getHeader().getAlgorithm().getName(); - CredVerifierLogger.info("Performing signature verification after downloading the public key."); - return verifyCredentialSignature(jwsHeader, publicKeyObj, actualData, vcSignBytes); - } catch (IOException | GeneralSecurityException | JsonLDException | ParseException e) { - CredVerifierLogger.error("Error in doing verifiable credential verification process.", e); - } - return false; - } - - - private PublicKey getPublicKeyFromVerificationMethod(URI publicKeyJsonUri){ - - try { - ObjectNode response = restTemplate.exchange(publicKeyJsonUri, HttpMethod.GET, null, ObjectNode.class).getBody(); - String publicKeyPem = response.get(CredentialVerifierConstants.PUBLIC_KEY_PEM).asText(); - CredVerifierLogger.info("public key download completed."); - StringReader strReader = new StringReader(publicKeyPem); - PemReader pemReader = new PemReader(strReader); - PemObject pemObject = pemReader.readPemObject(); - byte[] pubKeyBytes = pemObject.getContent(); - X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(pubKeyBytes); - KeyFactory keyFactory = KeyFactory.getInstance("RSA"); - return keyFactory.generatePublic(pubKeySpec); - } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) { - CredVerifierLogger.error("Error Generating public key object.", e); - } - return null; - } - - private boolean verifyCredentialSignature(String algorithm, PublicKey publicKey, byte[] actualData, byte[] signature) { - - if (algorithm.equals(CredentialVerifierConstants.JWS_RS256_SIGN_ALGO_CONST)) { - try { - CredVerifierLogger.info("Validating signature using RS256 algorithm."); - Signature rsSignature = Signature.getInstance(CredentialVerifierConstants.RS256_ALGORITHM); - rsSignature.initVerify(publicKey); - rsSignature.update(actualData); - return rsSignature.verify(signature); - } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { - CredVerifierLogger.error("Error in Verifying credentials(RS256).", e); - } - } - try { - CredVerifierLogger.info("Validating signature using PS256 algorithm."); - Signature psSignature = Signature.getInstance(CredentialVerifierConstants.PS256_ALGORITHM); - - PSSParameterSpec pssParamSpec = new PSSParameterSpec(CredentialVerifierConstants.PSS_PARAM_SHA_256, CredentialVerifierConstants.PSS_PARAM_MGF1, - MGF1ParameterSpec.SHA256, CredentialVerifierConstants.PSS_PARAM_SALT_LEN, CredentialVerifierConstants.PSS_PARAM_TF); - psSignature.setParameter(pssParamSpec); - - psSignature.initVerify(publicKey); - psSignature.update(actualData); - return psSignature.verify(signature); - } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException | InvalidAlgorithmParameterException e) { - CredVerifierLogger.error("Error in Verifying credentials(PS256).", e); - } - return false; - } - -} From 1a80dc7f8e6a74665a2b7e9427b825742c805973 Mon Sep 17 00:00:00 2001 From: dhanendra06 Date: Wed, 17 Aug 2022 15:21:56 +0530 Subject: [PATCH 6/9] MOSIP-23472 --- src/main/java/io/mosip/print/PrintPDFApplication.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/main/java/io/mosip/print/PrintPDFApplication.java b/src/main/java/io/mosip/print/PrintPDFApplication.java index 31f72703..0465f1c9 100644 --- a/src/main/java/io/mosip/print/PrintPDFApplication.java +++ b/src/main/java/io/mosip/print/PrintPDFApplication.java @@ -1,5 +1,6 @@ package io.mosip.print; +import io.mosip.vercred.CredentialsVerifier; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.cache.CacheAutoConfiguration; @@ -29,6 +30,11 @@ public CbeffUtil getCbeffUtil() { return new CbeffImpl(); } + @Bean + public CredentialsVerifier credentialsVerifier() { + return new CredentialsVerifier(); + } + @Bean public ThreadPoolTaskScheduler taskScheduler() { ThreadPoolTaskScheduler threadPoolTaskScheduler = new ThreadPoolTaskScheduler(); From 8ea766137098200f69f4a7bbd32260d2e0caaec3 Mon Sep 17 00:00:00 2001 From: pramod444 Date: Thu, 29 Sep 2022 10:52:40 +0000 Subject: [PATCH 7/9] Release Bot Pre-release changes --- .github/workflows/push_trigger.yml | 2 +- README.md | 4 ++-- pom.xml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml index 29f5d376..f0d1bf47 100644 --- a/.github/workflows/push_trigger.yml +++ b/.github/workflows/push_trigger.yml @@ -110,7 +110,7 @@ jobs: - name: Publish the maven package run: | - mvn deploy -DaltDeploymentRepository=ossrh::default::${{ secrets.OSSRH_SNAPSHOT_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml + mvn deploy -DaltDeploymentRepository=ossrh::default::${{ secrets.RELEASE_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml env: GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} GPG_TTY: $(tty) diff --git a/README.md b/README.md index 836d8bde..e24f59fd 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -[![Maven Package upon a push](https://github.com/mosip/print/actions/workflows/push_trigger.yml/badge.svg?branch=release-1.2.0)](https://github.com/mosip/print/actions/workflows/push_trigger.yml) -[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?branch=release-1.2.0&project=mosip_admin-services&id=mosip_admin-services&metric=alert_status)](https://sonarcloud.io/dashboard?branch=release-1.2.0&id=mosip_admin-services) +[![Maven Package upon a push](https://github.com/mosip/print/actions/workflows/push_trigger.yml/badge.svg?branch=release-1.2.0.1)](https://github.com/mosip/print/actions/workflows/push_trigger.yml) +[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?branch=release-1.2.0.1&id=mosip_admin-services) # Print Service ## Overview diff --git a/pom.xml b/pom.xml index b32694a4..4d5a84a2 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ io.mosip.print print - 1.2.0.1-SNAPSHOT + 1.2.0.1-B1 print @@ -39,7 +39,7 @@ **/dto/**,**/config/**,**/api/** 1.4.2 2.8.4 - 1.2.0.1-SNAPSHOT + 1.2.0.1-B1 7.1.0 2.0.0 5.5.13 From a6403299908b902661ca80b504e0ebab12c47622 Mon Sep 17 00:00:00 2001 From: Keshav Mishra Date: Fri, 30 Sep 2022 09:09:03 +0530 Subject: [PATCH 8/9] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e24f59fd..c0e31682 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [![Maven Package upon a push](https://github.com/mosip/print/actions/workflows/push_trigger.yml/badge.svg?branch=release-1.2.0.1)](https://github.com/mosip/print/actions/workflows/push_trigger.yml) -[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?branch=release-1.2.0.1&id=mosip_admin-services) +[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?branch=release-1.2.0.1&project=mosip_admin-services&id=mosip_admin-services&metric=alert_status)](https://sonarcloud.io/dashboard?branch=release-1.2.0.1&id=mosip_admin-services) # Print Service ## Overview From 004d060e7a5270c8c85883f55557b3d84430be91 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Apr 2023 17:58:13 +0000 Subject: [PATCH 9/9] Bump json from 20190722 to 20230227 Bumps [json](https://github.com/douglascrockford/JSON-java) from 20190722 to 20230227. - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](https://github.com/douglascrockford/JSON-java/commits) --- updated-dependencies: - dependency-name: org.json:json dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4d5a84a2..c85f8dc5 100644 --- a/pom.xml +++ b/pom.xml @@ -103,7 +103,7 @@ org.json json - 20190722 + 20230227 org.slf4j