Merge pull request #32 from Engineering-Research-and-Development/cert…

…_doc_update_part_5

Cert doc update part 5

.env

@@ -26,6 +26,8 @@ IDSCP2=false
 
 EXTRACT_PAYLOAD_FROM_RESPONSE=true
 
+VALIDATE_SELF_DESCRIPTION=false
+
 ### PROVIDER Configuration
 PROVIDER_ECC_SELF_DESCRIPTION_URL=https://ecc-provider
 PROVIDER_DAPS_KEYSTORE_NAME=

SUMMARY.md

@@ -13,11 +13,12 @@
   * [Connector ID](doc/connectorReachability/connectorID.md)
 * [How to Exchange Data](doc/exchange-data.md)
 * [Modifying configuration](doc/modifyingConfiguration/modify-configuration.md)
-  * [Enable hostname validation](doc/modifyingConfiguration/hostnamevalidation.md)
+  * [Hostname validation](doc/modifyingConfiguration/hostnamevalidation.md)
   * [SSL/HTTPS](doc/modifyingConfiguration/ssl.md)
   * [Change message format - Multipart/Mixed, Multipart/Form, Http-headers](doc/modifyingConfiguration/messageformat.md)
   * [WebSocket configuration (WSS)](doc/modifyingConfiguration/wss.md)
   * [IDSCPv2 configuration](doc/modifyingConfiguration/idscp2.md)
+  * [Self Description validation](doc/modifyingConfiguration/selfdescriptionvalidation.md)
 * [Advanced configuration](doc/advancedConfiguration/advanced-configuration.md)
   * [Supported Identity Providers](doc/advancedConfiguration/identityproviders.md)
   * [Extended jwt validation](doc/advancedConfiguration/extendedjwt.md)

be-dataapp_resources/application-docker.properties

@@ -23,6 +23,8 @@ application.firewall.isEnabled=${FIREWALL}
 
 application.dataapp.http.config=${DATA_APP_MULTIPART}
 
+application.validateSelfDescription=${VALIDATE_SELF_DESCRIPTION}
+
 application.ecc.protocol=https
 application.ecc.host=${ECC_HOSTNAME}
 application.ecc.port=${ECC_PORT}

doc/TRUEConnector/component-overview.md

@@ -5,7 +5,7 @@ TRUE Connector is build using Java11, and use following libraries:
 | Component                                                                                                                         						| Version       |
 | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
 | [Execution core container](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/releases/tag/1.14.4)   		| 1.14.4 		|
-| [Basic data app](https://github.com/Engineering-Research-and-Development/true-connector-basic_data_app/releases/tag/0.3.3) 								| 0.3.3 		|
+| [Basic data app](https://github.com/Engineering-Research-and-Development/true-connector-basic_data_app/releases/tag/0.3.4) 								| 0.3.4 		|
 | [Usage control app](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/releases/tag/1.7.5)   						| 1.7.5 		|
 | [Pip](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/tree/1.7.5/Docker_Tecnalia_DataUsage/pip) 				| 1.0.0 		|
 | [Multipart Message Library](https://github.com/Engineering-Research-and-Development/true-connector-multipart_message_library/releases/tag/1.0.17)   		| 1.0.17 		|

doc/TRUEConnector/default-configuration.md

@@ -10,6 +10,7 @@ TRUE Connector comes pre-configured with following:
 * Disabled validate protocol in Forward-To header
 * Disabled CheckSum validation
 * Disabled Firewall
+* Disabled Self Description validation
 
 
 If you wish to change this configuration, please check chapter [Modifying configuration](../modifyingConfiguration/modify-configuration.md)

doc/TRUEConnector/start-stop.md

@@ -90,8 +90,8 @@ You can also check using _docker ps_ command to verify that containers are up an
 ```
 CONTAINER ID   IMAGE                                             COMMAND                  CREATED       STATUS                 PORTS                                                                                                                             NAMES
 bc693e1fdb90   rdlabengpa/ids_execution_core_container:1.14.4   "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8087->8086/tcp, :::8087->8086/tcp, 0.0.0.0:8091->8449/tcp, :::8091->8449/tcp, 0.0.0.0:8890->8889/tcp, :::8890->8889/tcp   ecc-consumer
-28dc87213f68   rdlabengpa/ids_be_data_app:0.3.3                "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8184->8183/tcp, :::8184->8183/tcp, 0.0.0.0:9001->9000/tcp, :::9001->9000/tcp                                              be-dataapp-consumer
-9eb157ceb37b   rdlabengpa/ids_be_data_app:0.3.3                "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8183->8183/tcp, :::8183->8183/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp                                              be-dataapp-provider
+28dc87213f68   rdlabengpa/ids_be_data_app:0.3.4                "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8184->8183/tcp, :::8184->8183/tcp, 0.0.0.0:9001->9000/tcp, :::9001->9000/tcp                                              be-dataapp-consumer
+9eb157ceb37b   rdlabengpa/ids_be_data_app:0.3.4                "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8183->8183/tcp, :::8183->8183/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp                                              be-dataapp-provider
 44bc21187460   rdlabengpa/ids_execution_core_container:1.14.4   "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   0.0.0.0:8086->8086/tcp, :::8086->8086/tcp, 0.0.0.0:8889->8889/tcp, :::8889->8889/tcp, 0.0.0.0:8090->8449/tcp, :::8090->8449/tcp   ecc-provider
 b3f4cdb77ed6   rdlabengpa/ids_uc_data_app_platoon:1.7.5       "/bin/sh -c 'java -j…"   3 hours ago   Up 3 hours (healthy)   8080/tcp                                                                                                                          uc-dataapp-consumer
 a36748901ce1   rdlabengpa/ids_uc_data_app_platoon_pip:v1.0.0     "java -jar pip.jar"      3 hours ago   Up 3 hours             0/tcp                                                                                                                             uc-dataapp-pip-provider

doc/cosign.md

@@ -6,7 +6,7 @@ Signed images starts with following versions:
 
 **rdlabengpa/ids\_execution\_core\_container:v1.14.4**\
 
-**rdlabengpa/ids\_be\_data\_app:v0.3.3**\
+**rdlabengpa/ids\_be\_data\_app:v0.3.4**\
 
 **rdlabengpa/ids\_uc\_data\_app\_platoon:v1.7.5**\
 
@@ -40,9 +40,9 @@ The following checks were performed on each of these signatures:
 ```
 
 ```
-cosign verify --key trueconn.pub rdlabengpa/ids_be_data_app:v0.3.3
+cosign verify --key trueconn.pub rdlabengpa/ids_be_data_app:v0.3.4
 
-Verification for index.docker.io/rdlabengpa/ids_be_data_app:v0.3.3 --
+Verification for index.docker.io/rdlabengpa/ids_be_data_app:v0.3.4 --
 The following checks were performed on each of these signatures:
   - The cosign claims were validated
   - The signatures were verified against the specified public key
@@ -54,7 +54,7 @@ The following checks were performed on each of these signatures:
 				"docker-reference": "index.docker.io/rdlabengpa/ids_be_data_app"
 			},
 			"image": {
-				"docker-manifest-digest": "sha256:6dae75837854133f6e895e9bf811a25d963b4dfcfb583bbf975c2b550bfe8d86"
+				"docker-manifest-digest": "sha256:a8329b41ed3c0f2219b056ca9a9cb4c85a5be0b36c3b6d7185e4a017888e3ee1"
 			},
 			"type": "cosign container image signature"
 		},

doc/exchange-data.md

@@ -28,7 +28,7 @@ _NOTE_: even that this curl command is exported from Postman, it is noticed seve
 If this happens, please check body of the request in Postman, and if body is empty, simply copy everything enclosed between\
 _--data-raw '_ and _'_
 
-For more details on request samples, please check following link [Backend DataApp Usage](https://github.com/Engineering-Research-and-Development/market4.0-data\_app\_test\_BE/blob/0.3.3/README.md)
+For more details on request samples, please check following link [Backend DataApp Usage](https://github.com/Engineering-Research-and-Development/true-connector-basic_data_app/blob/0.3.4/README.md)
 
 Be sure to use correct configuration/ports for sender and receiver Data App and Execution Core Container (check .env file).
 

doc/modifyingConfiguration/hostnamevalidation.md

@@ -1,12 +1,6 @@
-### Enable hostname validation <a href="#hostnamevalidation" id="hostnamevalidation"></a>
+### Hostname validation <a href="#hostnamevalidation" id="hostnamevalidation"></a>
 
-To enable hostname validation, set following property to false:
-
-```
-DISABLE_SSL_VALIDATION=false
-```
-
-By changing this property to false and enabling hostname validation, you will have to have valid truststore, with public keys from external systems (towards which you are making https calls) imported into truststore. Set truststore and its password by modifying following properties
+You need to have valid truststore, with public keys from external systems (towards which you are making https calls) imported into truststore. Set truststore and its password by modifying following properties
 
 ```
 TRUSTORE_NAME=truststoreEcc.jks

doc/modifyingConfiguration/selfdescriptionvalidation.md

@@ -0,0 +1,9 @@
+## Enable Self Description Validation <a href="#seldesrptionvalidation" id="seldesrptionvalidation"></a>
+
+To enable self description validation, set following property to true:
+
+```
+VALIDATE_SELF_DESCRIPTION=true
+```
+
+By enabling this property, connector will check does received self description document contains next fields: ***Connector ID, Security Profile, PublicKey***

docker-compose.yml

@@ -101,7 +101,7 @@ services:
       - ./uc-dataapp-pip_resources_provider:/etc
 
   be-dataapp-provider:
-    image: rdlabengpa/ids_be_data_app:v0.3.3
+    image: rdlabengpa/ids_be_data_app:v0.3.4
     deploy:
       resources:
         limits:
@@ -131,6 +131,7 @@ services:
       - TZ=Europe/Rome
       - ISSUER_CONNECTOR_URI=${PROVIDER_ISSUER_CONNECTOR_URI}
       - FIREWALL=${PROVIDER_DATA_APP_FIREWALL}
+      - VALIDATE_SELF_DESCRIPTION=${VALIDATE_SELF_DESCRIPTION}
     volumes:
       - ./be-dataapp_resources:/config
       - be_dataapp_provider_data:/home/nobody/data/
@@ -237,7 +238,7 @@ services:
       - ./uc-dataapp-pip_resources_consumer:/etc
 
   be-dataapp-consumer:
-    image: rdlabengpa/ids_be_data_app:v0.3.3
+    image: rdlabengpa/ids_be_data_app:v0.3.4
     deploy:
       resources:
         limits:
@@ -267,6 +268,7 @@ services:
       - TZ=Europe/Rome
       - ISSUER_CONNECTOR_URI=${CONSUMER_ISSUER_CONNECTOR_URI}
       - FIREWALL=${CONSUMER_DATA_APP_FIREWALL}
+      - VALIDATE_SELF_DESCRIPTION=${VALIDATE_SELF_DESCRIPTION}
     volumes:
       - ./be-dataapp_resources:/config
       - ./ecc_cert:/cert