feat(dim): wallet creation config #453

* add configuration for encryption used in dim-wallet creation * removed redundant configuration for onboardingServiceProvider encryption.
eclipse-tractusx · Mar 11, 2024 · e0af50f · e0af50f
2 parents b4c27b4 + cba88ca
commit e0af50f
Show file tree

Hide file tree

Showing 9 changed files with 169 additions and 75 deletions.
diff --git a/charts/portal/templates/cronjob-backend-processes.yaml b/charts/portal/templates/cronjob-backend-processes.yaml
@@ -194,6 +194,44 @@ spec:
               value: "{{ .Values.sdfactoryAddress }}{{ .Values.backend.processesworker.sdfactory.selfdescriptionPath }}"
             - name: "APPLICATIONCHECKLIST__SDFACTORY__USERNAME"
               value: "{{ .Values.backend.placeholder }}"
+            - name: "APPLICATIONCHECKLIST__DIM__USERNAME"
+              value: "{{ .Values.backend.placeholder }}"
+            - name: "APPLICATIONCHECKLIST__DIM__PASSWORD"
+              value: "{{ .Values.backend.placeholder }}"
+            - name: "APPLICATIONCHECKLIST__DIM__CLIENTID"
+              value: "{{ .Values.backend.processesworker.dim.clientId }}"
+            - name: "APPLICATIONCHECKLIST__DIM__GRANTTYPE"
+              value: "{{ .Values.backend.processesworker.dim.grantType }}"
+            - name: "APPLICATIONCHECKLIST__DIM__CLIENTSECRET"
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.backend.interfaces.secret }}"
+                  key: "dim-client-secret"
+            - name: "APPLICATIONCHECKLIST__DIM__SCOPE"
+              value: "{{ .Values.backend.processesworker.dim.scope }}"
+            - name: "APPLICATIONCHECKLIST__DIM__TOKENADDRESS"
+              value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}"
+            - name: "APPLICATIONCHECKLIST__DIM__BASEADDRESS"
+              value: "{{ .Values.backend.processesworker.dim.baseAddress }}"
+            - name: "APPLICATIONCHECKLIST__DIM__UNIVERSALRESOLVERADDRESS"
+              value: "{{ .Values.backend.processesworker.dim.universalResolverAddress }}"
+            - name: "APPLICATIONCHECKLIST__DIM__DIDDOCUMENTBASELOCATION"
+              value: "{{ .Values.backend.processesworker.dim.didDocumentBaseLocation }}"
+            - name: "APPLICATIONCHECKLIST__DIM__MAXVALIDATIONTIMEINDAYS"
+              value: "{{ .Values.backend.processesworker.dim.maxValidationTimeInDays }}"
+            - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGINDEX"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}"
+            - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__INDEX"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}"
+            - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__ENCRYPTIONKEY"
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.backend.interfaces.secret }}"
+                  key: "dim-encryption-key0"
+            - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__CIPHERMODE"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}"
+            - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__PADDINGMODE"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}"
             - name: "KEYCLOAK__CENTRAL__AUTHREALM"
               value: "{{ .Values.backend.keycloak.central.authRealm }}"
             - name: "KEYCLOAK__CENTRAL__CLIENTID"
@@ -342,7 +380,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: "{{ .Values.backend.interfaces.secret }}"
-                  key: "process-onboardingserviceprovider-encryption-key0"
+                  key: "onboardingserviceprovider-encryption-key0"
             - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__INDEX"
               value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.index}}"
             - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__CIPHERMODE"

diff --git a/charts/portal/templates/deployment-backend-administration.yaml b/charts/portal/templates/deployment-backend-administration.yaml
@@ -185,6 +185,44 @@ spec:
           value: "{{ .Values.sdfactoryAddress }}{{ .Values.backend.processesworker.sdfactory.selfdescriptionPath }}"
         - name: "APPLICATIONCHECKLIST__SDFACTORY__USERNAME"
           value: "{{ .Values.backend.placeholder }}"
+        - name: "APPLICATIONCHECKLIST__DIM__USERNAME"
+          value: "{{ .Values.backend.placeholder }}"
+        - name: "APPLICATIONCHECKLIST__DIM__PASSWORD"
+          value: "{{ .Values.backend.placeholder }}"
+        - name: "APPLICATIONCHECKLIST__DIM__CLIENTID"
+          value: "{{ .Values.backend.processesworker.dim.clientId }}"
+        - name: "APPLICATIONCHECKLIST__DIM__GRANTTYPE"
+          value: "{{ .Values.backend.processesworker.dim.grantType }}"
+        - name: "APPLICATIONCHECKLIST__DIM__CLIENTSECRET"
+          valueFrom:
+            secretKeyRef:
+              name: "{{ .Values.backend.interfaces.secret }}"
+              key: "dim-client-secret"
+        - name: "APPLICATIONCHECKLIST__DIM__SCOPE"
+          value: "{{ .Values.backend.processesworker.dim.scope }}"
+        - name: "APPLICATIONCHECKLIST__DIM__TOKENADDRESS"
+          value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}"
+        - name: "APPLICATIONCHECKLIST__DIM__BASEADDRESS"
+          value: "{{ .Values.backend.processesworker.dim.baseAddress }}"
+        - name: "APPLICATIONCHECKLIST__DIM__UNIVERSALRESOLVERADDRESS"
+          value: "{{ .Values.backend.processesworker.dim.universalResolverAddress }}"
+        - name: "APPLICATIONCHECKLIST__DIM__DIDDOCUMENTBASELOCATION"
+          value: "{{ .Values.backend.processesworker.dim.didDocumentBaseLocation }}"
+        - name: "APPLICATIONCHECKLIST__DIM__MAXVALIDATIONTIMEINDAYS"
+          value: "{{ .Values.backend.processesworker.dim.maxValidationTimeInDays }}"
+        - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGINDEX"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}"
+        - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__INDEX"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}"
+        - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__ENCRYPTIONKEY"
+          valueFrom:
+            secretKeyRef:
+              name: "{{ .Values.backend.interfaces.secret }}"
+              key: "dim-encryption-key0"
+        - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__CIPHERMODE"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}"
+        - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__PADDINGMODE"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}"
         - name: "COMPANYDATA__USECASEPARTICIPATIONMEDIATYPES__0"
           value: "{{ .Values.backend.administration.companyData.useCaseParticipationMediaTypes.type0 }}"
         - name: "COMPANYDATA__SSICERTIFICATEMEDIATYPES__0"
@@ -326,24 +364,24 @@ spec:
         - name: "NETWORK2NETWORK__BASEPORTALADDRESS"
           value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}"
         - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIG__INDEX"
-          value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigIndex }}"
+          value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigIndex }}"
         - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__INDEX"
-          value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.index}}"
+          value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.index}}"
         - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__CIPHERMODE"
-          value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.cipherMode}}"
+          value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.cipherMode}}"
         - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__PADDINGMODE"
-          value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.paddingMode}}"
+          value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.paddingMode}}"
         - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY"
           valueFrom:
             secretKeyRef:
               name: "{{ .Values.backend.interfaces.secret }}"
               key: "onboardingserviceprovider-encryption-key0"
         - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__INDEX"
-          value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.index}}"
+          value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.index}}"
         - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__CIPHERMODE"
-          value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.cipherMode}}"
+          value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.cipherMode}}"
         - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__PADDINGMODE"
-          value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.paddingMode}}"
+          value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.paddingMode}}"
         - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__ENCRYPTIONKEY"
           valueFrom:
             secretKeyRef:

diff --git a/charts/portal/templates/secret-backend-interfaces.yaml b/charts/portal/templates/secret-backend-interfaces.yaml
@@ -37,10 +37,10 @@ data:
   custodian-client-secret: {{ coalesce ( .Values.backend.processesworker.custodian.clientSecret | b64enc ) ( index $secret.data "custodian-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
   sdfactory-client-secret: {{ coalesce ( .Values.backend.processesworker.sdfactory.clientSecret | b64enc ) ( index $secret.data "sdfactory-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
   offerprovider-client-secret: {{ coalesce ( .Values.backend.processesworker.offerprovider.clientSecret | b64enc ) ( index $secret.data "offerprovider-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
-  onboardingserviceprovider-encryption-key0: {{ coalesce ( .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }}
-  onboardingserviceprovider-encryption-key1: {{ coalesce ( .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }}
-  process-onboardingserviceprovider-encryption-key0: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "process-onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }}
-  process-onboardingserviceprovider-encryption-key1: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | b64enc ) ( index $secret.data "process-onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }}
+  dim-client-secret: {{ coalesce ( .Values.backend.processesworker.dim.clientSecret | b64enc ) ( index $secret.data "dim-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
+  dim-encryption-key0: {{ coalesce ( .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "dim-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
+  onboardingserviceprovider-encryption-key0: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
+  onboardingserviceprovider-encryption-key1: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key1" ) | default ( randAlphaNum 32 ) | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
@@ -49,8 +49,8 @@ stringData:
   custodian-client-secret: {{ .Values.backend.processesworker.custodian.clientSecret | default ( randAlphaNum 32 ) | quote }}
   sdfactory-client-secret: {{ .Values.backend.processesworker.sdfactory.clientSecret | default ( randAlphaNum 32 ) | quote }}
   offerprovider-client-secret: {{ .Values.backend.processesworker.offerprovider.clientSecret | default ( randAlphaNum 32 ) | quote }}
-  onboardingserviceprovider-encryption-key0: {{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
-  onboardingserviceprovider-encryption-key1: {{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | default ( randAlphaNum 32 ) | quote }}
-  process-onboardingserviceprovider-encryption-key0: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
-  process-onboardingserviceprovider-encryption-key1: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | default ( randAlphaNum 32 ) | quote }}
+  dim-client-secret: {{ .Values.backend.processesworker.dim.clientSecret | default ( randAlphaNum 32 ) | quote }}
+  dim-encryption-key0: {{ .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
+  onboardingserviceprovider-encryption-key0: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
+  onboardingserviceprovider-encryption-key1: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | default ( randAlphaNum 32 ) | quote }}
 {{ end }}
diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml
@@ -397,23 +397,6 @@ backend:
     swaggerEnabled: false
     frameDocumentTypeIds:
       type0: "CX_FRAME_CONTRACT"
-    onboardingServiceProvider:
-      encryptionConfigIndex: 1
-      encryptionConfigs:
-        index0:
-          index: 0
-          cipherMode: "ECB"
-          paddingMode: "PKCS7"
-          # -- EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key0'.
-          # Expected format is 256 bit (64 digits) hex. When upgrading from v1.8.0 please read document portal-upgrade-details.md
-          encryptionKey: ""
-        index1:
-          index: 1
-          cipherMode: "CBC"
-          paddingMode: "PKCS7"
-          # -- EncryptionKey for onboardingserviceprovider encryptionKey. Secret-key 'onboardingserviceprovider-encryption-key1'.
-          # Expected format is 256 bit (64 digits) hex. When upgrading from v1.8.0 please read document portal-upgrade-details.md
-          encryptionKey: ""
   provisioning:
     centralRealm: "CX-Central"
     centralRealmId: "CX-Central"
@@ -841,21 +824,41 @@ backend:
           index: 0
           cipherMode: "ECB"
           paddingMode: "PKCS7"
-          # -- EncryptionKey for onboardingserviceprovider. Secret-key 'process-onboardingserviceprovider-encryption-key0'.
+          # -- EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key0'.
           # Expected format is 256 bit (64 digits) hex. When upgrading from v1.8.0 please read document portal-upgrade-details.md
           encryptionKey: ""
         index1:
           index: 1
           cipherMode: "CBC"
           paddingMode: "PKCS7"
-          # -- EncryptionKey for onboardingserviceprovider. Secret-key 'process-onboardingserviceprovider-encryption-key1'.
+          # -- EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key1'.
           # Expected format is 256 bit (64 digits) hex. When upgrading from v1.8.0 please read document portal-upgrade-details.md
           encryptionKey: ""
     networkRegistration:
       loginDocumentPath: "/documentation/?path=docs%2F09.+Others%28s%29%2F01.+Login.md"
       externalRegistrationPath: "/?overlay=consent_osp"
       # -- The logic to decline an application is not yet implemented in the backend - this will currently lead to a 404 page when clicking on the link in the mail
       closeApplicationPath: "/decline"
+    dim:
+      # -- Provide dim client-id from CX IAM centralidp.
+      clientId: ""
+      # -- Client-secret for dim client-id. Secret-key 'dim-client-secret'.
+      clientSecret: ""
+      grantType: "client_credentials"
+      scope: "openid"
+      baseAddress: ""
+      universalResolverAddress: ""
+      didDocumentBaseLocation: ""
+      maxValidationTimeInDays: 7
+      encryptionConfigIndex: 0
+      encryptionConfigs:
+        index0:
+          index: 0
+          cipherMode: "CBC"
+          paddingMode: "PKCS7"
+          # -- EncryptionKey for dim wallet creation. Secret-key 'process-dimwalletcreation-encryption-key0'.
+          # Expected format is 256 bit (64 digits) hex.
+          encryptionKey: ""
   clients:
     portal: "Cl2-CX-Portal"
     registration: "Cl1-CX-Registration"

diff --git a/consortia/environments/values-beta.yaml b/consortia/environments/values-beta.yaml
@@ -151,12 +151,6 @@ backend:
           value: "portaldb"
         - name: "HEALTHCHECKS__0__TAGS__2"
           value: "provisioningdb"
-    onboardingServiceProvider:
-      encryptionConfigs:
-        index0:
-          encryptionKey: "<path:portal/data/beta/administration#onboardingserviceprovider-encryption-key0>"
-        index1:
-          encryptionKey: "<path:portal/data/beta/administration#onboardingserviceprovider-encryption-key1>"
     swaggerEnabled: true
 
   provisioning:
@@ -241,9 +235,18 @@ backend:
     onboardingServiceProvider:
       encryptionConfigs:
         index0:
-          encryptionKey: "<path:portal/data/beta/processes-worker#process-onboardingserviceprovider-encryption-key0>"
+          encryptionKey: "<path:portal/data/beta/processes-worker#onboardingserviceprovider-encryption-key0>"
         index1:
-          encryptionKey: "<path:portal/data/beta/processes-worker#process-onboardingserviceprovider-encryption-key1>"
+          encryptionKey: "<path:portal/data/beta/processes-worker#onboardingserviceprovider-encryption-key1>"
+    dim:
+      clientId: "<path:portal/data/processes-worker#dim-client-id>"
+      clientSecret: "<path:portal/data/beta/processes-worker#dim-client-secret>"
+      baseAddress: ""
+      universalResolverAddress: ""
+      didDocumentBaseLocation: ""
+      encryptionConfigs:
+        index0:
+          encryptionKey: "<path:portal/data/beta/processes-worker#dimwalletcreation-encryption-key0>"
 
 postgresql:
   auth:

diff --git a/consortia/environments/values-dev.yaml b/consortia/environments/values-dev.yaml
@@ -151,12 +151,6 @@ backend:
           value: "portaldb"
         - name: "HEALTHCHECKS__0__TAGS__2"
           value: "provisioningdb"
-    onboardingServiceProvider:
-      encryptionConfigs:
-        index0:
-          encryptionKey: "<path:portal/data/dev/administration#onboardingserviceprovider-encryption-key0>"
-        index1:
-          encryptionKey: "<path:portal/data/dev/administration#onboardingserviceprovider-encryption-key1>"
     swaggerEnabled: true
 
   provisioning:
@@ -241,9 +235,18 @@ backend:
     onboardingServiceProvider:
       encryptionConfigs:
         index0:
-          encryptionKey: "<path:portal/data/dev/processes-worker#process-onboardingserviceprovider-encryption-key0>"
+          encryptionKey: "<path:portal/data/dev/processes-worker#onboardingserviceprovider-encryption-key0>"
         index1:
-          encryptionKey: "<path:portal/data/dev/processes-worker#process-onboardingserviceprovider-encryption-key1>"
+          encryptionKey: "<path:portal/data/dev/processes-worker#onboardingserviceprovider-encryption-key1>"
+    dim:
+      clientId: "<path:portal/data/processes-worker#dim-client-id>"
+      clientSecret: "<path:portal/data/dev/processes-worker#dim-client-secret>"
+      baseAddress: "dummy"
+      universalResolverAddress: "dummy"
+      didDocumentBaseLocation: "dummy"
+      encryptionConfigs:
+        index0:
+          encryptionKey: "<path:portal/data/dev/processes-worker#dimwalletcreation-encryption-key0>"
 
 postgresql:
   auth: