From f44e9fb04037808e2e424b3e709370c9e52c1743 Mon Sep 17 00:00:00 2001 From: Marko Stojanovic Date: Thu, 12 Oct 2023 16:48:33 +0200 Subject: [PATCH 1/7] Update docker-compose.yml and .env --- .env | 2 ++ docker-compose.yml | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.env b/.env index 3527e91..1f673e1 100644 --- a/.env +++ b/.env @@ -26,6 +26,8 @@ IDSCP2=false EXTRACT_PAYLOAD_FROM_RESPONSE=true +VALIDATE_SELF_DESCRIPTION=false + ### PROVIDER Configuration PROVIDER_ECC_SELF_DESCRIPTION_URL=https://ecc-provider PROVIDER_DAPS_KEYSTORE_NAME= diff --git a/docker-compose.yml b/docker-compose.yml index 8e69a84..28a06fd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -101,7 +101,7 @@ services: - ./uc-dataapp-pip_resources_provider:/etc be-dataapp-provider: - image: rdlabengpa/ids_be_data_app:v0.3.3 + image: rdlabengpa/ids_be_data_app:v0.3.4 deploy: resources: limits: @@ -237,7 +237,7 @@ services: - ./uc-dataapp-pip_resources_consumer:/etc be-dataapp-consumer: - image: rdlabengpa/ids_be_data_app:v0.3.3 + image: rdlabengpa/ids_be_data_app:v0.3.4 deploy: resources: limits: From ae31faa6b9c9479168b33590e998b399ef05536e Mon Sep 17 00:00:00 2001 From: Marko Stojanovic Date: Thu, 12 Oct 2023 16:48:54 +0200 Subject: [PATCH 2/7] Update Data App property file --- be-dataapp_resources/application-docker.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/be-dataapp_resources/application-docker.properties b/be-dataapp_resources/application-docker.properties index 2b43175..98fa8f4 100644 --- a/be-dataapp_resources/application-docker.properties +++ b/be-dataapp_resources/application-docker.properties @@ -23,6 +23,8 @@ application.firewall.isEnabled=${FIREWALL} application.dataapp.http.config=${DATA_APP_MULTIPART} +application.validateSelfDescription=${VALIDATE_SELF_DESCRIPTION} + application.ecc.protocol=https application.ecc.host=${ECC_HOSTNAME} application.ecc.port=${ECC_PORT} From 2d2112d24a54e84c4ba6e27930bc44cf9bbbfeb4 Mon Sep 17 00:00:00 2001 From: Marko Stojanovic Date: Thu, 12 Oct 2023 16:49:18 +0200 Subject: [PATCH 3/7] Update documentation --- SUMMARY.md | 3 ++- doc/TRUEConnector/component-overview.md | 2 +- doc/TRUEConnector/default-configuration.md | 1 + doc/TRUEConnector/start-stop.md | 4 ++-- doc/cosign.md | 6 +++--- doc/exchange-data.md | 2 +- doc/modifyingConfiguration/hostnamevalidation.md | 10 ++-------- .../selfdescriptionvalidation.md | 9 +++++++++ 8 files changed, 21 insertions(+), 16 deletions(-) create mode 100644 doc/modifyingConfiguration/selfdescriptionvalidation.md diff --git a/SUMMARY.md b/SUMMARY.md index e2e0de8..e6417f7 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -13,11 +13,12 @@ * [Connector ID](doc/connectorReachability/connectorID.md) * [How to Exchange Data](doc/exchange-data.md) * [Modifying configuration](doc/modifyingConfiguration/modify-configuration.md) - * [Enable hostname validation](doc/modifyingConfiguration/hostnamevalidation.md) + * [Hostname validation](doc/modifyingConfiguration/hostnamevalidation.md) * [SSL/HTTPS](doc/modifyingConfiguration/ssl.md) * [Change message format - Multipart/Mixed, Multipart/Form, Http-headers](doc/modifyingConfiguration/messageformat.md) * [WebSocket configuration (WSS)](doc/modifyingConfiguration/wss.md) * [IDSCPv2 configuration](doc/modifyingConfiguration/idscp2.md) + * [Self Description validation](doc/modifyingConfiguration/selfdescriptionvalidation.md) * [Advanced configuration](doc/advancedConfiguration/advanced-configuration.md) * [Supported Identity Providers](doc/advancedConfiguration/identityproviders.md) * [Extended jwt validation](doc/advancedConfiguration/extendedjwt.md) diff --git a/doc/TRUEConnector/component-overview.md b/doc/TRUEConnector/component-overview.md index ffd8ef6..cc22b3a 100644 --- a/doc/TRUEConnector/component-overview.md +++ b/doc/TRUEConnector/component-overview.md @@ -5,7 +5,7 @@ TRUE Connector is build using Java11, and use following libraries: | Component | Version | | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | | [Execution core container](https://github.com/Engineering-Research-and-Development/true-connector-execution_core_container/releases/tag/1.14.4) | 1.14.4 | -| [Basic data app](https://github.com/Engineering-Research-and-Development/true-connector-basic_data_app/releases/tag/0.3.3) | 0.3.3 | +| [Basic data app](https://github.com/Engineering-Research-and-Development/true-connector-basic_data_app/releases/tag/0.3.4) | 0.3.4 | | [Usage control app](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/releases/tag/1.7.5) | 1.7.5 | | [Pip](https://github.com/Engineering-Research-and-Development/true-connector-uc_data_app_platoon/tree/1.7.5/Docker_Tecnalia_DataUsage/pip) | 1.0.0 | | [Multipart Message Library](https://github.com/Engineering-Research-and-Development/true-connector-multipart_message_library/releases/tag/1.0.17) | 1.0.17 | diff --git a/doc/TRUEConnector/default-configuration.md b/doc/TRUEConnector/default-configuration.md index ce9d93a..a412481 100644 --- a/doc/TRUEConnector/default-configuration.md +++ b/doc/TRUEConnector/default-configuration.md @@ -10,6 +10,7 @@ TRUE Connector comes pre-configured with following: * Disabled validate protocol in Forward-To header * Disabled CheckSum validation * Disabled Firewall +* Disabled Self Description validation If you wish to change this configuration, please check chapter [Modifying configuration](../modifyingConfiguration/modify-configuration.md) \ No newline at end of file diff --git a/doc/TRUEConnector/start-stop.md b/doc/TRUEConnector/start-stop.md index 9b83ffe..832754b 100644 --- a/doc/TRUEConnector/start-stop.md +++ b/doc/TRUEConnector/start-stop.md @@ -90,8 +90,8 @@ You can also check using _docker ps_ command to verify that containers are up an ``` CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES bc693e1fdb90 rdlabengpa/ids_execution_core_container:1.14.4 "/bin/sh -c 'java -j…" 3 hours ago Up 3 hours (healthy) 0.0.0.0:8087->8086/tcp, :::8087->8086/tcp, 0.0.0.0:8091->8449/tcp, :::8091->8449/tcp, 0.0.0.0:8890->8889/tcp, :::8890->8889/tcp ecc-consumer -28dc87213f68 rdlabengpa/ids_be_data_app:0.3.3 "/bin/sh -c 'java -j…" 3 hours ago Up 3 hours (healthy) 0.0.0.0:8184->8183/tcp, :::8184->8183/tcp, 0.0.0.0:9001->9000/tcp, :::9001->9000/tcp be-dataapp-consumer -9eb157ceb37b rdlabengpa/ids_be_data_app:0.3.3 "/bin/sh -c 'java -j…" 3 hours ago Up 3 hours (healthy) 0.0.0.0:8183->8183/tcp, :::8183->8183/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp be-dataapp-provider +28dc87213f68 rdlabengpa/ids_be_data_app:0.3.4 "/bin/sh -c 'java -j…" 3 hours ago Up 3 hours (healthy) 0.0.0.0:8184->8183/tcp, :::8184->8183/tcp, 0.0.0.0:9001->9000/tcp, :::9001->9000/tcp be-dataapp-consumer +9eb157ceb37b rdlabengpa/ids_be_data_app:0.3.4 "/bin/sh -c 'java -j…" 3 hours ago Up 3 hours (healthy) 0.0.0.0:8183->8183/tcp, :::8183->8183/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp be-dataapp-provider 44bc21187460 rdlabengpa/ids_execution_core_container:1.14.4 "/bin/sh -c 'java -j…" 3 hours ago Up 3 hours (healthy) 0.0.0.0:8086->8086/tcp, :::8086->8086/tcp, 0.0.0.0:8889->8889/tcp, :::8889->8889/tcp, 0.0.0.0:8090->8449/tcp, :::8090->8449/tcp ecc-provider b3f4cdb77ed6 rdlabengpa/ids_uc_data_app_platoon:1.7.5 "/bin/sh -c 'java -j…" 3 hours ago Up 3 hours (healthy) 8080/tcp uc-dataapp-consumer a36748901ce1 rdlabengpa/ids_uc_data_app_platoon_pip:v1.0.0 "java -jar pip.jar" 3 hours ago Up 3 hours 0/tcp uc-dataapp-pip-provider diff --git a/doc/cosign.md b/doc/cosign.md index bc61e20..dd966ba 100644 --- a/doc/cosign.md +++ b/doc/cosign.md @@ -6,7 +6,7 @@ Signed images starts with following versions: **rdlabengpa/ids\_execution\_core\_container:v1.14.4**\ -**rdlabengpa/ids\_be\_data\_app:v0.3.3**\ +**rdlabengpa/ids\_be\_data\_app:v0.3.4**\ **rdlabengpa/ids\_uc\_data\_app\_platoon:v1.7.5**\ @@ -40,9 +40,9 @@ The following checks were performed on each of these signatures: ``` ``` -cosign verify --key trueconn.pub rdlabengpa/ids_be_data_app:v0.3.3 +cosign verify --key trueconn.pub rdlabengpa/ids_be_data_app:v0.3.4 -Verification for index.docker.io/rdlabengpa/ids_be_data_app:v0.3.3 -- +Verification for index.docker.io/rdlabengpa/ids_be_data_app:v0.3.4 -- The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key diff --git a/doc/exchange-data.md b/doc/exchange-data.md index f924c6b..8393d4c 100644 --- a/doc/exchange-data.md +++ b/doc/exchange-data.md @@ -28,7 +28,7 @@ _NOTE_: even that this curl command is exported from Postman, it is noticed seve If this happens, please check body of the request in Postman, and if body is empty, simply copy everything enclosed between\ _--data-raw '_ and _'_ -For more details on request samples, please check following link [Backend DataApp Usage](https://github.com/Engineering-Research-and-Development/market4.0-data\_app\_test\_BE/blob/0.3.3/README.md) +For more details on request samples, please check following link [Backend DataApp Usage](https://github.com/Engineering-Research-and-Development/market4.0-data\_app\_test\_BE/blob/0.3.4/README.md) Be sure to use correct configuration/ports for sender and receiver Data App and Execution Core Container (check .env file). diff --git a/doc/modifyingConfiguration/hostnamevalidation.md b/doc/modifyingConfiguration/hostnamevalidation.md index 93af43d..006e7e8 100644 --- a/doc/modifyingConfiguration/hostnamevalidation.md +++ b/doc/modifyingConfiguration/hostnamevalidation.md @@ -1,12 +1,6 @@ -### Enable hostname validation +### Hostname validation -To enable hostname validation, set following property to false: - -``` -DISABLE_SSL_VALIDATION=false -``` - -By changing this property to false and enabling hostname validation, you will have to have valid truststore, with public keys from external systems (towards which you are making https calls) imported into truststore. Set truststore and its password by modifying following properties +You need to have valid truststore, with public keys from external systems (towards which you are making https calls) imported into truststore. Set truststore and its password by modifying following properties ``` TRUSTORE_NAME=truststoreEcc.jks diff --git a/doc/modifyingConfiguration/selfdescriptionvalidation.md b/doc/modifyingConfiguration/selfdescriptionvalidation.md new file mode 100644 index 0000000..2c0b86e --- /dev/null +++ b/doc/modifyingConfiguration/selfdescriptionvalidation.md @@ -0,0 +1,9 @@ +## Enable Self Description Validation + +To enable self description validation, set property following property to true: + +``` +VALIDATE_SELF_DESCRIPTION=true +``` + +By enabling this property, connector will check does received self description document contains next attributes: ***Connector ID, Security Profile, PublicKey*** \ No newline at end of file From c9b4609e4a8c930875b7f0cc11221ce4ebc4dad9 Mon Sep 17 00:00:00 2001 From: Marko Stojanovic Date: Thu, 12 Oct 2023 16:56:23 +0200 Subject: [PATCH 4/7] Fix typos --- doc/modifyingConfiguration/selfdescriptionvalidation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/modifyingConfiguration/selfdescriptionvalidation.md b/doc/modifyingConfiguration/selfdescriptionvalidation.md index 2c0b86e..ea679c1 100644 --- a/doc/modifyingConfiguration/selfdescriptionvalidation.md +++ b/doc/modifyingConfiguration/selfdescriptionvalidation.md @@ -1,9 +1,9 @@ ## Enable Self Description Validation -To enable self description validation, set property following property to true: +To enable self description validation, set following property to true: ``` VALIDATE_SELF_DESCRIPTION=true ``` -By enabling this property, connector will check does received self description document contains next attributes: ***Connector ID, Security Profile, PublicKey*** \ No newline at end of file +By enabling this property, connector will check does received self description document contains next fields: ***Connector ID, Security Profile, PublicKey*** \ No newline at end of file From a4a1ef1864225f6d68364545cb2b2c6bc79e93ff Mon Sep 17 00:00:00 2001 From: Marko Stojanovic Date: Fri, 13 Oct 2023 08:48:35 +0200 Subject: [PATCH 5/7] Add VALIDATE_SELF_DESCRIPTION to docker-compose.yml --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 28a06fd..ddca4df 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -131,6 +131,7 @@ services: - TZ=Europe/Rome - ISSUER_CONNECTOR_URI=${PROVIDER_ISSUER_CONNECTOR_URI} - FIREWALL=${PROVIDER_DATA_APP_FIREWALL} + - VALIDATE_SELF_DESCRIPTION=${VALIDATE_SELF_DESCRIPTION} volumes: - ./be-dataapp_resources:/config - be_dataapp_provider_data:/home/nobody/data/ @@ -267,6 +268,7 @@ services: - TZ=Europe/Rome - ISSUER_CONNECTOR_URI=${CONSUMER_ISSUER_CONNECTOR_URI} - FIREWALL=${CONSUMER_DATA_APP_FIREWALL} + - VALIDATE_SELF_DESCRIPTION=${VALIDATE_SELF_DESCRIPTION} volumes: - ./be-dataapp_resources:/config - ./ecc_cert:/cert From e050f8afe84de911dc065b395026f3019e717b08 Mon Sep 17 00:00:00 2001 From: "igor.balog" Date: Fri, 13 Oct 2023 10:24:55 +0200 Subject: [PATCH 6/7] DataApp cosign update --- doc/cosign.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/cosign.md b/doc/cosign.md index dd966ba..b43708d 100644 --- a/doc/cosign.md +++ b/doc/cosign.md @@ -54,7 +54,7 @@ The following checks were performed on each of these signatures: "docker-reference": "index.docker.io/rdlabengpa/ids_be_data_app" }, "image": { - "docker-manifest-digest": "sha256:6dae75837854133f6e895e9bf811a25d963b4dfcfb583bbf975c2b550bfe8d86" + "docker-manifest-digest": "sha256:a8329b41ed3c0f2219b056ca9a9cb4c85a5be0b36c3b6d7185e4a017888e3ee1" }, "type": "cosign container image signature" }, From 72352d5e528b6fc20e260b39a23af4a212313fde Mon Sep 17 00:00:00 2001 From: Marko Stojanovic Date: Fri, 13 Oct 2023 10:30:04 +0200 Subject: [PATCH 7/7] Update exchange-data.md --- doc/exchange-data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/exchange-data.md b/doc/exchange-data.md index 8393d4c..5821ab8 100644 --- a/doc/exchange-data.md +++ b/doc/exchange-data.md @@ -28,7 +28,7 @@ _NOTE_: even that this curl command is exported from Postman, it is noticed seve If this happens, please check body of the request in Postman, and if body is empty, simply copy everything enclosed between\ _--data-raw '_ and _'_ -For more details on request samples, please check following link [Backend DataApp Usage](https://github.com/Engineering-Research-and-Development/market4.0-data\_app\_test\_BE/blob/0.3.4/README.md) +For more details on request samples, please check following link [Backend DataApp Usage](https://github.com/Engineering-Research-and-Development/true-connector-basic_data_app/blob/0.3.4/README.md) Be sure to use correct configuration/ports for sender and receiver Data App and Execution Core Container (check .env file).