Update documentation

doc/PLATOON_USAGE_CONTROL.md

@@ -105,5 +105,5 @@ POSTGRES_DB=usagecontrol_consumer
 
 # Usage control examples
 
-For more information and examples of policies compatible with Platoon UC app, please check [README](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/blob/1.7.8/README.md)
+For more information and examples of policies compatible with Platoon UC app, please check [README](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/blob/1.7.9/README.md)
 

doc/TEST_API.md

@@ -75,7 +75,7 @@ curl --location -k 'https://localhost:8090/about/version'
 and expected response:
 
 ```
-1.14.7
+1.14.8
 ```
 
 ## Self Description API

doc/TRUEConnector/component-overview.md

@@ -4,10 +4,10 @@ TRUE Connector is build using Java11, and use following libraries:
 
 | Component                                                                                                                         						| Version       |
 | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
-| [Execution core container](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/releases/tag/1.14.7)   		| 1.14.7 		|
+| [Execution core container](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/releases/tag/1.14.8)   		| 1.14.8 		|
 | [Basic data app](https://github.com/Engineering-Research-and-Development/true-connector-basic_data_app/releases/tag/0.3.8) 								| 0.3.8 		|
-| [Usage control app](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/releases/tag/1.7.8)   						| 1.7.8 		|
-| [Pip](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/tree/1.7.8/Docker_Tecnalia_DataUsage/pip) 				| 1.0.0 		|
+| [Usage control app](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/releases/tag/1.7.9)   						| 1.7.9 		|
+| [Pip](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/tree/1.7.9/Docker_Tecnalia_DataUsage/pip) 				| 1.0.0 		|
 | [Multipart Message Library](https://github.com/Engineering-Research-and-Development/true-connector-multipart_message_library/releases/tag/1.0.17)   		| 1.0.17 		|
 | [Websocket Message Streamer](https://github.com/Engineering-Research-and-Development/true-connector-websocket_message_streamer/releases/tag/1.0.17) 		| 1.0.17 		|
 | [Information model](https://github.com/International-Data-Spaces-Association/InformationModel)                                    						| 4.2.7         |

doc/TRUEConnector/prerequisite.md

@@ -137,9 +137,13 @@ To facilitate this process, the following steps should be diligently followed:
 
 By regularly updating SSH keys every three months, administrators will enhance the security of server access, making sure these keys effectively protect against unauthorized entry.
 
+## Secure DB
+
+It's mandatory to set **AES256-SECRET-KEY** which is valid password for column encryption with AES256 algorithm.
+
 ## Post configuration steps
 
-Once TRUE Connector is successfully configured and is up and running, responsible user for setting up environment and configuring connector should generate new passwords for 2 type of users required for operating with connector. More information how to do this can be found [here](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.7/doc/SECURITY.md#change-default-password). 
+Once TRUE Connector is successfully configured and is up and running, responsible user for setting up environment and configuring connector should generate new passwords for 2 type of users required for operating with connector. More information how to do this can be found [here](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.8/doc/SECURITY.md#change-default-password). 
 
 Make sure to update following properties to address your usecase:
 

doc/TRUEConnector/start-stop.md

@@ -89,13 +89,13 @@ You can also check using _docker ps_ command to verify that containers are up an
 
 ```
 CONTAINER ID   IMAGE                                             COMMAND                  CREATED       STATUS                 PORTS                                                                                                                             NAMES
-bc693e1fdb90   rdlabengpa/ids_execution_core_container:1.14.7   "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8087->8086/tcp, :::8087->8086/tcp, 0.0.0.0:8091->8449/tcp, :::8091->8449/tcp, 0.0.0.0:8890->8889/tcp, :::8890->8889/tcp   ecc-consumer
+bc693e1fdb90   rdlabengpa/ids_execution_core_container:1.14.8   "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8087->8086/tcp, :::8087->8086/tcp, 0.0.0.0:8091->8449/tcp, :::8091->8449/tcp, 0.0.0.0:8890->8889/tcp, :::8890->8889/tcp   ecc-consumer
 28dc87213f68   rdlabengpa/ids_be_data_app:0.3.8                "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8184->8183/tcp, :::8184->8183/tcp, 0.0.0.0:9001->9000/tcp, :::9001->9000/tcp                                              be-dataapp-consumer
 9eb157ceb37b   rdlabengpa/ids_be_data_app:0.3.8                "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8183->8183/tcp, :::8183->8183/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp                                              be-dataapp-provider
-44bc21187460   rdlabengpa/ids_execution_core_container:1.14.7   "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8086->8086/tcp, :::8086->8086/tcp, 0.0.0.0:8889->8889/tcp, :::8889->8889/tcp, 0.0.0.0:8090->8449/tcp, :::8090->8449/tcp   ecc-provider
-b3f4cdb77ed6   rdlabengpa/ids_uc_data_app_platoon:1.7.8       "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   8080/tcp                                                                                                                          uc-dataapp-consumer
+44bc21187460   rdlabengpa/ids_execution_core_container:1.14.8   "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8086->8086/tcp, :::8086->8086/tcp, 0.0.0.0:8889->8889/tcp, :::8889->8889/tcp, 0.0.0.0:8090->8449/tcp, :::8090->8449/tcp   ecc-provider
+b3f4cdb77ed6   rdlabengpa/ids_uc_data_app_platoon:1.7.9       "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   8080/tcp                                                                                                                          uc-dataapp-consumer
 a36748901ce1   rdlabengpa/ids_uc_data_app_platoon_pip:v1.0.0     "java -jar pip.jar"      3 hours ago   Up 3 hours             0/tcp                                                                                                                             uc-dataapp-pip-provider
-d6f77ad9762d   rdlabengpa/ids_uc_data_app_platoon:1.7.8        "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   8080/tcp                                                                                                                          uc-dataapp-provider
+d6f77ad9762d   rdlabengpa/ids_uc_data_app_platoon:1.7.9        "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   8080/tcp                                                                                                                          uc-dataapp-provider
 bb0bb9668931   rdlabengpa/ids_uc_data_app_platoon_pip:v1.0.0     "java -jar pip.jar"      3 hours ago   Up 3 hours             0/tcp                                                                                                                             uc-dataapp-pip-consumer
 
 ```

doc/advancedConfiguration/auditlogs.md

@@ -1,38 +1,31 @@
 ### Audit logs <a href="#auditlogs" id="auditlogs"></a>
 
-Audit logging is turned **off** by default. If you wish to configure it or even turn off please follow this [document](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.7/doc/AUDIT.md) .
+Audit logs must be turned on for a proper and secure deployment of the connector. All 
+All audit events are stored in database (H2 with default configuration, possible to replace with PostgreSQL), this way tampering of the logs is prohibited. Entries in database are done only by the Execution Core Container. Column for storing auditLog entry is encrypted using *AES/GCM/NoPadding* algorithm which requires user to set valid password. It must be done using environment variable with following name: *AES256-SECRET-KEY*. </br>
+When ECC inserts audit entry into Database, AuditLog value will be encrypted using provided algorithm, and when data is requested, it will be decrypted.</br>
 
+If you wish to configure it or even turn off please follow this [document](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.8/doc/AUDIT.md) .
 
-## Accessing audit logs
-
-Access to the audit logs should be allowed only to the person responsible for configuring and setting up TRUE Connector. Logs are stored in docker volumes, and in default configuration those docker volumes are:
 
-ecc_provider
-ecc_consumer
+## Accessing audit logs
 
-Once audit events are turned on, and docker containers are up and running, you can inspect the from the terminal, and access the one for the Execution Core Container by executing command:
+ECC exposes protected endpoint, for API user, to fetch all audit logs, or audit logs for specific date:
 
 ```
-docker exec -it ecc-consumer /bin/sh
+https://localhost:8090/api/audit/
 ```
 
-Once you manage to connect to container, you can navigate to */home/nobody/data/log/ecc* and verify that log and audit files are present. File might be empty, if there are no actions are performed so far, sure to have some interaction with the connector, to verify that file is being updated. 
+or for specific date
 
 ```
-/home/nobody/data/log/ecc $ ls -la
-total 12
-drwxr-xr-x    2 nobody   nogroup       4096 Jul 25 16:01 .
-drwxr-xr-x    1 root     root          4096 Jul 19 09:47 ..
--rw-r--r--    1 nobody   nobody        1579 Jul 27 10:17 true_connector_audit_consumer.log
--rw-r--r--    1 nobody   nobody       55019 Jul 27 10:37 true_connector_consumer.log
-/home/nobody/data/log/ecc $
+https://localhost:8090/api/audit/?date=2024-02-12
 ```
 
-Content of the file is consisted of json entries.
+NOTE: date format must be in YYYY-MM-DD format. Otherwise response will be https 400 - bad request.
 
 ## Trace log file
 
-Trace log file contains logs that can be useful when debugging or investigating what was incorrect and why connector is responding as expected. In cases when connector does not start, or if response is not expected, some rejection message is returned instead any other response, good starting point is to check content of this log file and get information why connector is not responding as expected. 
+Trace log file contains logs that can be useful when debugging or investigating what was incorrect and why connector is not responding as expected. 
 
 User might try to solve the problem, in most cases problem will be configuration related or that invalid values are passed.
 

doc/advancedConfiguration/broker.md

@@ -13,4 +13,4 @@ TRUE Connector can register itself on startup, and also unregister when shutting
 application.selfdescription.registrateOnStartup=true
 ```
 
-Information on how TRUE Connector can interact with Broker, can be found on following [link](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.7/doc/BROKER.md)
+Information on how TRUE Connector can interact with Broker, can be found on following [link](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.8/doc/BROKER.md)

doc/advancedConfiguration/extendedjwt.md

@@ -1,3 +1,3 @@
 ### Extended jwt validation <a href="#extendedjwt" id="extendedjwt"></a>
 
-TRUE Connector can check additional claims from jwToken. For more information please check the [following link](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.7/doc/TRANSPORTCERTSSHA256.md)
+TRUE Connector can check additional claims from jwToken. For more information please check the [following link](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.8/doc/TRANSPORTCERTSSHA256.md)

doc/advancedConfiguration/tc-logs-copying.md

@@ -1,8 +1,8 @@
 ## TC logs copying from docker volumes to read-only folder <a href="#tc-logs-copy" id="tcLogsCopy"></a>
 
-***IMPORTANT:*** Operation described in this document can be only be done by **administrator (root)** user.
+***IMPORTANT:*** Operation described in this document can be only be done by **administrator (root)** user. Those logs are not audit ones, but developer, more details about how to access audit logs can be found [here](./auditlogs.md)
 
-If there is a need to create an additional user with SSH access to view TC logs, this can be achieved using the [tc-logs-copying.sh](./tc-logs-copying.sh) script provided. Once script is downloaded, before running, be sure to check if script is executable.
+If there is a need to create an additional user with SSH access to view developer TC logs, this can be achieved using the [tc-logs-copying.sh](./tc-logs-copying.sh) script provided. Once script is downloaded, before running, be sure to check if script is executable.
 
 Make sure to replace value of `DEST_DIR=` from `/path/to/acutal/folder/tc_logs"` with the actual path where you want to copy TC logs.
 

doc/configuration-list-evaluation.md

@@ -4,6 +4,7 @@ This document contains an iterative table providing details on the certification
 
 | TRUE Connector version  | Release Date   | Submodules version                                                      | Source code | Evaluation evidence| 
 |:-----------------------:|:--------------:|:-----------------------------------------------------------------------:|:----------:|:-------------------|
+| v1.0.7                  | 2023-02-19     | ECC (v1.14.8), DataApp (v0.3.8), UCApp (v1.7.9), PIP (v1.0.0)           |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.7) |Teams meetings, Email conversations |
 | v1.0.6                  | 2023-01-26     | ECC (v1.14.7), DataApp (v0.3.8), UCApp (v1.7.8), PIP (v1.0.0)           |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.6) |TRUE Connector evaluation clarification points TC/v1/v2/v3/v4/v5/v6, Email conversations |
 | v1.0.5                  | 2022-12-13     | ECC (v1.14.6), DataApp (v0.3.7), UCApp (v1.7.8), PIP (v1.0.0)           |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.5) | JIRA issues, Email conversations |
 | v1.0.4                  | 2022-11-17     | ECC (v1.14.6), DataApp (v0.3.7), UCApp (v1.7.8), PIP (v1.0.0)           |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.4) |JIRA issues, Email conversations |

doc/contributingTC.md

@@ -7,9 +7,9 @@ welcome to contribute to this project.
 
 We document changes in the CHANGELOG.md on root level in each project.
 
-* ECC - [CHANGELOG.md](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.7/CHANGELOG.md)
+* ECC - [CHANGELOG.md](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.8/CHANGELOG.md)
 * DataApp - [CHANGELOG.md](https://github.com/Engineering-Research-and-Development/true-connector-basic_data_app/blob/0.3.8/CHANGELOG.md)
-* UCDataApp - [CHANGELOG.md](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/blob/1.7.8/CHANGELOG.md)
+* UCDataApp - [CHANGELOG.md](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/blob/1.7.9/CHANGELOG.md)
 
 ## Issues
 
@@ -22,4 +22,4 @@ should at least include the following information:
 * Steps to reproduce (system specs included)
 * Relevant logs and/or media (optional): e.g. an image
 
-For more details about branches, naming conventions and some suggestions, take a look at following [Developer instructions](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/tree/1.14.7#developer-guide-section)
+For more details about branches, naming conventions and some suggestions, take a look at following [Developer instructions](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/tree/1.14.8#developer-guide-section)

doc/cosign.md

@@ -4,11 +4,11 @@ Docker images that are part of the TRUE Connector are signed using [cosign](http
 
 Signed images starts with following versions:
 
-**rdlabengpa/ids\_execution\_core\_container:v1.14.7**\
+**rdlabengpa/ids\_execution\_core\_container:v1.14.8**\
 
 **rdlabengpa/ids\_be\_data\_app:v0.3.8**\
 
-**rdlabengpa/ids\_uc\_data\_app\_platoon:v1.7.8**\
+**rdlabengpa/ids\_uc\_data\_app\_platoon:v1.7.9**\
 
 **rdlabengpa/ids\_uc\_data\_app\_platoon\_pip:v1.0.0**\
 
@@ -25,10 +25,10 @@ signature not found in transparency log
 ```
 
 ```
-cosign verify --insecure-ignore-tlog --key trueconn.pub rdlabengpa/ids_execution_core_container:v1.14.7
+cosign verify --insecure-ignore-tlog --key trueconn.pub rdlabengpa/ids_execution_core_container:v1.14.8
 
 WARNING: Skipping tlog verification is an insecure practice that lacks of transparency and auditability verification for the signature.
-Verification for index.docker.io/rdlabengpa/ids_execution_core_container:v1.14.7 --
+Verification for index.docker.io/rdlabengpa/ids_execution_core_container:v1.14.8 --
 The following checks were performed on each of these signatures:
   - The cosign claims were validated
   - The signatures were verified against the specified public key
@@ -75,10 +75,10 @@ The following checks were performed on each of these signatures:
 ```
 
 ```
-cosign verify --insecure-ignore-tlog --key trueconn.pub rdlabengpa/ids_uc_data_app_platoon:v1.7.8
+cosign verify --insecure-ignore-tlog --key trueconn.pub rdlabengpa/ids_uc_data_app_platoon:v1.7.9
 
 WARNING: Skipping tlog verification is an insecure practice that lacks of transparency and auditability verification for the signature.
-Verification for index.docker.io/rdlabengpa/ids_uc_data_app_platoon:v1.7.8 --
+Verification for index.docker.io/rdlabengpa/ids_uc_data_app_platoon:v1.7.9 --
 The following checks were performed on each of these signatures:
   - The cosign claims were validated
   - The signatures were verified against the specified public key

doc/rest-api.md

@@ -2,4 +2,4 @@
 
 Detailed description of API endpoints provided by TRUE Connector can be found in [link](rest\_api/REST\_API.md)
 
-Bare in mind that all endpoints of the TRUE Connector will require authorization. Please follow [this link](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.7/doc/SECURITY.md) to get more information about providing correct credentials for desired request/functionality.
+Bare in mind that all endpoints of the TRUE Connector will require authorization. Please follow [this link](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/blob/1.14.8/doc/SECURITY.md) to get more information about providing correct credentials for desired request/functionality.