CDOC2 Key Shares Server

CDOC2 Key Shares Server for CDOC2.

Implements cdoc2-key-shares-openapi OpenAPI spec from cdoc2-openapi for Key Shares upload/download. Used by cdoc2-java-ref-impl and DigiDoc4-Client for CDOC2 encryption/decryption Smart-ID/Mobile-ID scenarios.

Structure

• shares-server - Implements /key-shares API-s.
• server-db - shared DB code. Liquibase based DB creation
• server-openapi - server stub generation from OpenAPI specifications

Preconditions for building

• Java 17
• Maven 3.8.x
• Docker available and running (required for running tests, use -Dmaven.test.skip=true to skip)

Maven dependencies

Depends on:

• https://github.com/open-eid/cdoc2-openapi OpenAPI specifications for server stub generation
• https://github.com/open-eid/cdoc2-java-ref-impl (for unit tests only, use -Dmaven.test.skip=true to skip)

Configure github package repo access https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry#authenticating-with-a-personal-access-token

Example <profile> section of settings.xml for using cdoc2 dependencies:

  <profile>
      <id>github</id>
      <repositories>
        <repository>
          <id>central</id>
          <url>https://repo1.maven.org/maven2</url>
        </repository>
        <repository>
          <id>github</id>
          <url>https://maven.pkg.github.com/open-eid/cdoc2-java-ref-impl</url>
        </repository>
      </repositories>
  </profile>

Note: When pulling, the package index is based on the organization level, not the repository level. https://stackoverflow.com/questions/63041402/github-packages-single-maven-repository-for-github-organization

So defining single Maven package repo from open-eid is enough for pulling cdoc2-* dependencies.

Building & Running

mvn clean install

To build Docker images:

./build-images.sh

[INFO] Successfully built image 'ghcr.io/open-eid/cdoc2-shares-server:0.4.1-SNAPSHOT'
[INFO] Successfully created image tag 'ghcr.io/open-eid/cdoc2-shares-server:latest'

GitHub workflow build

Maven build is executed for GH event pull_request an and push to 'master'.

GH build workflow configures Maven repository automatically. For fork based pull_requests Maven repo value will be set to github.event.pull_request.base.repo.full_name (open-eid/*). It can be overwritten by defining repository variable MAVEN_REPO

Running

See getting-started.md and admin-guide.md

Running pre-built Docker/OCI images

Pre-built images can be found https://github.com/orgs/open-eid/packages?ecosystem=container

Quickstart:

docker compose up -d
curl -k https://localhost:18443/actuator/info
echo "Run 'docker compose down' to shut down 'cdoc2-shares-server'"

curl -i -k -X POST https://localhost:8443/key-shares \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"share":"dGVzdHRlc3R0ZXN0dGVzdHRlc3R0ZXN0dGVzdHRlc3QK","recipient":"etsi/PNOEE-30303039914"}'

HTTP/1.1 201 
Location: /key-shares/ee368ad654142dda1d9d8e00744df2c8

For more info see admin-guide.md and other existing configurations:

• cdoc2-java-ref-impl/test/config/shares-server/docker-compose.yml
• cdoc2-gatling-tests/cdoc2-shares-server/setup-load-testing

For end-to-end tests see cdoc2-java-ref-impl/test/bats/README.md

GitHub release

Create release. Tag name is used as built image version, so it should start with shares-server version from shares-server/pom.xml. It will trigger maven-release.yml workflow that will deploy Maven packages to GitHub Maven package repository and build & publish Docker/OCI images. Docker images are published to https://github.com/orgs/open-eid/packages?ecosystem=container