Hi Zeddari,
If you have access to Keymanager service swagger, can you please run getCertificate API with inputs applicationId as “PARTNER” and referenceId as “mpartner-default-auth”. Share the API response.
Please do the same thing in IDA internal service swagger, run getCertificate API with inputs applicationId as “IDA” and referenceId as “mpartner-default-auth”. Share the API response.
Thanks
Hi Taheer
For v1/keymanager/getCertificate?applicationId=PARTNER&referenceId=mpartner-default-auth
{
“id”: null,
“version”: null,
“responsetime”: “2023-04-27T20:02:06.984Z”,
“metadata”: null,
“response”: {
“certificate”: “-----BEGIN CERTIFICATE-----\nMIIEpzCCA4+gAwIBAgIIcHiafoWvOj4wDQYJKoZIhvcNAQELBQAwdjELMAkGA1UE\nBhMCSU4xCzAJBgNVBAgMAktBMRIwEAYDVQQHDAlCQU5HQUxPUkUxDTALBgNVBAoM\nBElJVEIxIDAeBgNVBAsMF01PU0lQLVRFQ0gtQ0VOVEVSIChQTVMpMRUwEwYDVQQD\nDAx3d3cubW9zaXAuaW8wHhcNMjMwNDI2MTQyMDA5WhcNMjQwNDI1MTQyMDA5WjBt\nMQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExHjAcBgNVBAoMFW1wYXJ0bmVyLWRl\nZmF1bHQtYXV0aDEaMBgGA1UECwwRSURBLVRFU1QtT1JHLVVOSVQxFTATBgNVBAMM\nDFBBUlRORVItbW92cDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJHJ\nXI13Se/IyAw8x1fC+rGAA8GC3dM3NZC2MDJoiDiLK5vIq8k9ySGyGr6CqRyLhBQO\n+7h9Rrhm/ToCNaNsHyWmHh9lkC0rG7MFtZIl+G0aW/PaE8FTH38KaRxfP2ykwubh\nwKaoM4Vb/JkYYzDJHA2KEiTKpeeKnhJYZvOVSh/A0P95lZS1MyW4kIN71OhN2G1E\nZry9ZE9oIN9MLbai3i33UbCVK4A6H/AhTlUgxnCoeLDmEq4osCs4pYgxJAsvMTIN\nEmA8dGOaWjsyCHbv4dh02imX0AK84HI3f+FQ1/uanEa41pWyETib25ONTCYR7Cp1\nU3io+qQEq6cnYVliu1GnnJ9W9sFTpmN2KhlJh6GNLnQdCeovlpz0sooMMViOqKrI\n5+/T/Y6EH3BuMTZ+X0zKgiInbx5N5+SyUrLlwjko42ovtYcW7wwg7tTvCYIT2BO4\nAYzcQ3Se0nJ9JAa0senN4i4tsMFJANTOb9Clfar2wK25O4v/qFK8DJ8XjlnHKoBL\ndfwlzq6kRa/hhtmOieF8x+5NdfHpG7/ZTceYRVTrHWZqzaBvfPCvAaIf7s2m1KMS\ne5zoWTPz/1XaJ0Vc9b76CgZRYRuEpne8wazhC36+HuyBkP1o1Z6WULfora/aLLg+\nyOwq8u5xMRMqYSdB4K/jRY64c40ajFYVM8qpgft9AgMBAAGjQjBAMA8GA1UdEwEB\n/wQFMAMBAf8wHQYDVR0OBBYEFCHz5MfPZn3k8tD3bbDK7Y2T9+DQMA4GA1UdDwEB\n/wQEAwIChDANBgkqhkiG9w0BAQsFAAOCAQEAH30w8q96ue5jPN7Jrwgvr/RaG1+e\nrIT8PJnzCwGPFxRcyMMCpjtZwXDZhP+H+H+QOaP9yEkW/crwamD877SSg2Rn9X2L\ne5KlYur0HCwEIxy0uCfAxUfe/GDSs35/6iqRZv0FsDkInEujLfDMtHm64zfFd+Lv\nNw+tImZRT6JAWUkOE0vGeDUgP4rsrQES4Es9ytBm6Ws1ltq6MY3IqyiN6qlLgFU1\nq+a/iahGNQCyg5LDipNTwjShM6Ky3wJ9TZvBwIhyLmPkPQ8nGORvDwpRB6U9543t\nWfcZNOfpG448Ld3Q8cKxiyh+mgGDODOBPLP8/O+mtYa+/5EN1s7o1LaH3w==\n-----END CERTIFICATE-----\n”,
“certSignRequest”: null,
“issuedAt”: “2023-04-26T14:20:09.000Z”,
“expiryAt”: “2024-04-25T14:20:09.000Z”,
“timestamp”: “2023-04-27T20:02:06.987Z”
},
“errors”: null
}
for /v1/keymanager/getCertificate?applicationId=IDA&referenceId=mpartner-default-auth
{
“id”: null,
“version”: null,
“responsetime”: “2023-04-27T20:03:26.739Z”,
“metadata”: null,
“response”: {
“certificate”: “-----BEGIN CERTIFICATE-----\nMIIDtDCCApygAwIBAgIIY9xvIEfQRlswDQYJKoZIhvcNAQELBQAwdjELMAkGA1UE\nBhMCSU4xCzAJBgNVBAgMAktBMRIwEAYDVQQHDAlCQU5HQUxPUkUxDTALBgNVBAoM\nBElJVEIxGjAYBgNVBAsMEU1PU0lQLVRFQ0gtQ0VOVEVSMRswGQYDVQQDDBJ3d3cu\nbW9zaXAuaW8gKElEQSkwHhcNMjMwNDI3MjAwMzI2WhcNMjUwNDI2MjAwMzI2WjB9\nMQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExEjAQBgNVBAcMCUJBTkdBTE9SRTEN\nMAsGA1UECgwESUlUQjEaMBgGA1UECwwRTU9TSVAtVEVDSC1DRU5URVIxIjAgBgNV\nBAMMGUlEQS1tcGFydG5lci1kZWZhdWx0LWF1dGgwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQCvFtVfLzn7cODQbbFLIKZ1AzwcWzyaJIhp56yXt3ikIKEA\n5ScsL6szfT+fH+uL7UVA0jqPozRqP8etzj3KA5MujEF8mHgrnv7PQDNCOKew852O\n60hsZsARhVkwugdY2vlNcdtcDgbw2t/DrAnQGPARIckKXeXXDYtz5svyfsAzG9Pt\nBHT90QI7ZGbHGaj16NVEfNU4efyIXjf2wZQpfixJExWW6+qDp6H45WOOi2mVhB1J\nl8UWZ5xQw+CsB3MHwyEMvNJIOcgnpjA2y4ehCJO9UDnHVNF+XLrOYsQkSntGZHbm\nEmG323mgSJB8VFEhvxYArGSjT68jxY0Uz3h1bUZpAgMBAAGjPzA9MAwGA1UdEwEB\n/wQCMAAwHQYDVR0OBBYEFJgFpX4havdwAUh6SwfKfQvcU0zkMA4GA1UdDwEB/wQE\nAwIFIDANBgkqhkiG9w0BAQsFAAOCAQEAsnz2fG3dyehu2/dKiuVCPOYMfkdZoUwK\nvX7NesRzRGUAAVGlbdZtJNNrOTMevxNtl1cCOhi+DbahUtfozrKhbGf/M86o6Yz2\npw6gtWjIINTfDaRTIwQOv/g+q38oUgdDl/b5BI7Vzq6CEUhaX7w356pWY1hXA7i6\ndRZF3owzBvamLGTAfTs4VpIj8Jtn5Ix7gc01xnb6F+IOkpyfoZ4sIstX2qEspg5E\nLQI0Z/Z+xLfGpUH9WMd7fekB022JvRnqJ76nZczGnxghij+Uh/9EnWp0wLUdwK8f\neGWItDTw7+07di1RWetpCda+8Py5txeSnV4T2B3K3VQTN6miQkyc+g==\n-----END CERTIFICATE-----\n”,
“certSignRequest”: null,
“issuedAt”: “2023-04-27T20:03:26.000Z”,
“expiryAt”: “2025-04-26T20:03:26.000Z”,
“timestamp”: “2023-04-27T20:03:26.741Z”
},
“errors”: null
}
Hi Zeddari,
Can you please share this decompiled code and the logs after you are setting the above flag to false.
If possible, can you also share the data getting decrypted. You can share the full credentials received pulled from datashare.
Thanks
Hi Zeddari,
I found the issue. The certificate are not correct. In keymanager the certificate is 4096bit key and in IDA the certificate is 2048bit key. That is the reason it’s throwing Data longer than 256 bytes.
Attaching certificate images.
Thanks
Hi
I already found this, but I dont know how to fix it, its the in keymanager where we generated this.
I tried to check where but could not found.
We have this property:
application-default.properties:239:mosip.kernel.keygenerator.asymmetric-key-length=2048
Could you please advise ?
Hi found it
private int RSA_KEY_SIZE = 4096;
in the partnermanager generator
I will update it and regenerate
Hi Zeddari,
No need to generate new key and certificate. We have to onboard IDA as partner using certificates generated in IDA.
How you have on-boarded IDA partner in PMS service? Used any automated script?
Thanks
for IDA partner tables
We do not use an automated script, but we used keygenerator and we updated the config
For the Partner in PMS, we used the psring boot application partnermanager
Hi Zeddari,
How you have uploaded IDA certificate in PMS?
Thanks
No
Could you please send me the step, and i can do it from the PMS portal
Now I have another erro:
KeymanagerServiceException: KER-KMS-025 → Key Not found for the thumbprint prepended in encrypted data
Hi Zeddari,
After uploading the IDA-mpartner-default-auth certificate in PMS, PMS might have returned the mosip signed certificate. You need to upload back the mosip signed certificate in IDA.
Use /uploadCertificate API in IDA Internal Swagger. Provide the same appId and refId.
AppId: IDA
RefId: mpartner-defualt-auth
Thanks
Hi
The first thing that we did, is we used the following repo gist/partnermanagement at 1.2.0 · mosip/gist · GitHub
to generate a paratner with following data:
{
“environmentVersion”: “LTS”,
“partnerModel”: {
“partnerAddress”: “auth Service”,
“partnerContactNumber”: “001010101012”,
“partnerEmailId”: “auth_online_verif@gmail.com”,
“partnerId”: “mpartner-default-auth”,
“partnerOrganizationName”: “mpartner-default-auth”,
“partnerType”: “ONLINE_VERIFICATION”,
“policyGroup”: “mpolicygroup-default-auth”
},
“policyName”: “mpartner-default-auth”
}
and we have gotten 3 p12 files in the app data folder.
In our KMS we have the alias : IDA - mpartner-default-auth in the key alias table.
but in IDA- keyalias table, we do not have this alias, when i tried to do upload using: /idauthentication/v1/internal/uploadCertificate with the following body:
{
“id”: “string”,
“version”: “string”,
“requesttime”: “2023-04-28T16:42:51.583Z”,
“metadata”: {},
“request”: {
“applicationId”: “IDA”,
“referenceId”: “mpartner-default-auth”,
“certificateData”: “”
}
}
I got an error alias not found.
Hi Zeddari,
Have you ran the key generator job for IDA keys? If yes, then Key Generator job should have generate all the required keys for IDA including mpartner-default-auth.
Can you please run getCertificate API again with inputs applicationId as “PARTNER” and referenceId as “mpartner-default-auth”. Share the API response.
Please do the same thing in IDA internal service swagger, run getCertificate API with inputs applicationId as “IDA” and referenceId as “mpartner-default-auth”. Share the API response.
Thanks
Hi
for
http://10.87.105.140:5001/v1/keymanager/getCertificate?applicationId=PARTNER&referenceId=mpartner-default-auth
below the response:
{
“id”: null,
“version”: null,
“responsetime”: “2023-05-02T10:47:30.707Z”,
“metadata”: null,
“response”: {
“certificate”: “-----BEGIN CERTIFICATE-----\nMIIDpzCCAo+gAwIBAgIIw3eSHeSinXgwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UE\nBhMCSU4xCzAJBgNVBAgMAktBMRIwEAYDVQQHDAlCQU5HQUxPUkUxDTALBgNVBAoM\nBElJVEIxIDAeBgNVBAsMF01PU0lQLVRFQ0gtQ0VOVEVSIChQTVMpMRUwEwYDVQQD\nDAx3d3cubW9zaXAuaW8wHhcNMjMwNDI4MDgxMjA2WhcNMjQwNDI3MDgxMjA2WjBt\nMQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExHjAcBgNVBAoMFW1wYXJ0bmVyLWRl\nZmF1bHQtYXV0aDEaMBgGA1UECwwRSURBLVRFU1QtT1JHLVVOSVQxFTATBgNVBAMM\nDFBBUlRORVItbW92cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAISr\nfOcfuv+WCLfSHcmk58tw2bDwwUyfDNoY84VzhsBfT+y2RRy8DqYXasCZIF8wBInG\nyxPrfGhs3DGD4jNw3NZ2d0QnIARTNf3PyaLnu1ouVK7AsUNEn0JifzZoGW/61Iqt\nT+fcLFCv8SRYRQ4v2x8hZYSbeEzqQSR25MceITyNn86tylDCHjQsSWBX71u/nBR4\n5oz12k0jliwfg6HQXYlQsdB9lJ/dDwHQZRycWd0OTQzkLTiIVWlyU9rgc2pN4JAy\nOnN6XYlYb9ekmuPQU5Q9K8mUR8sUir9kMlubgKDrTSrfHXUbyCDNFBI1lSPpJi/v\ngKcKf502n89RzJceVMkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E\nFgQUCXCu3/6Y17nfrZQC17ftyuG4XMgwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3\nDQEBCwUAA4IBAQBAqzM7p724uEDAkxks/v8ZocHcmQHteHlGblclAjYGuu3nZNXl\nJ3l346C1egoHQH6ynO/HahiEEkcMveNw0Bzd8vyQY50TE9IW6sunsoRS8XStjAAw\nLpCscUKyTeXSXWS5DS8YKmPvxHqonAfobQQaobR36Um/soBtGV3TAp7zNSJvtlZV\nvjDHJTrCH1+4GOp6KEk7PzyCo4GK10mnjxuNGi3agBH9TE9YYH7C249aNGw+4+Uv\nS3W/A+kZ1oExV/yEIAiBON7dfpyTiEbYy87h8ZLXUlcn4keTtBo8Da8tQYrtaY9T\nBJdD8BvvdqBGcu1N8w0YNvVEWxFDOllePLTS\n-----END CERTIFICATE-----\n”,
“certSignRequest”: null,
“issuedAt”: “2023-04-28T08:12:06.000Z”,
“expiryAt”: “2024-04-27T08:12:06.000Z”,
“timestamp”: “2023-05-02T10:47:30.715Z”
},
“errors”: null
}
for IDA:
http://10.87.105.144:8098/idauthentication/v1/internal/getCertificate?applicationId=IDA&referenceId=mpartner-default-auth
below the response:
{
“id”: null,
“version”: null,
“responsetime”: “2023-05-02T10:48:12.869Z”,
“metadata”: null,
“response”: {
“certificate”: “-----BEGIN CERTIFICATE-----\nMIIDuzCCAqOgAwIBAgIIcn9E4XVRUsowDQYJKoZIhvcNAQELBQAwdjELMAkGA1UE\nBhMCSU4xCzAJBgNVBAgMAktBMRIwEAYDVQQHDAlCQU5HQUxPUkUxDTALBgNVBAoM\nBElJVEIxIDAeBgNVBAsMF01PU0lQLVRFQ0gtQ0VOVEVSIChJREEpMRUwEwYDVQQD\nDAx3d3cubW9zaXAuaW8wHhcNMjMwNTAyMTA0NjQ4WhcNMjUwNTAxMTA0NjQ4WjCB\ngzELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAktBMRIwEAYDVQQHDAlCQU5HQUxPUkUx\nDTALBgNVBAoMBElJVEIxIDAeBgNVBAsMF01PU0lQLVRFQ0gtQ0VOVEVSIChJREEp\nMSIwIAYDVQQDDBlJREEtbXBhcnRuZXItZGVmYXVsdC1hdXRoMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA235QLOvjw72q2gDNM+jpVGSjNYdTl3inuTRi\nSwNEg9mw+EZhvWVVvnfXz3wSMFJQz7dLSb40Dm08Mr0UzVwCTKD2cnTJhDg2Z5j/\n2svzceRstfkmNOg8xHfyF5qAVaK99gR8cHnc4naFLL/1xQ8qKsRv1T4D9uc6jjVT\nfqjYQWBTaGnwyF33FUWLNQXsLkFvnOVURbt0dQbgnQ6iXqVNc7aWJYCrfV6kbHZX\nu26zJkhe4sRi88JQHr6n4c3wSncMqUbvpRs0iKFu8UG2QP0VXHYij8d5zBSxse6t\nT6cISeRA0Ff2kz15PpBmMg5/ZG0jRQIhDiCl3oTNMLGRxjMVHQIDAQABoz8wPTAM\nBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQFE5x+sxtYjmrv54lF96FbUDQNTjAOBgNV\nHQ8BAf8EBAMCBSAwDQYJKoZIhvcNAQELBQADggEBACEHKgdo7VXDTGxey6Zwqkb3\nhw+3/YgFME0eiqsIs9dH7LiCwIr6uY/CdvX0FYrCEhwAOqodeFFd98PD4JD0O+87\ns0ZrVuXU03kMFEbMJ2NFty/qBLE+nWpuyI+C5cjozagHWAB4L+IfO3l6fEj1/y7Z\nfeRNPSsgK2r6h3ZfFO1PZRj7M5vLF6jBtaBCaEgzRCeCT/eFKfBosKjeH/x2V+1a\n9C90JtnoAxXrDzDk1ZvhZCqC/pYwl0W71rMH0rShueDq/Srparv8Yjhf+Fwebnks\n4y65cK6dlw+a7fzxzZKm7C3980OXrBkhwjafMkYXg6cXiABkNAfpLm9IUHKVzf0=\n-----END CERTIFICATE-----\n”,
“certSignRequest”: null,
“issuedAt”: “2023-05-02T10:46:48.000Z”,
“expiryAt”: “2025-05-01T10:46:48.000Z”,
“timestamp”: “2023-05-02T10:48:12.870Z”
},
“errors”:
}
Hi @Abderrazzak_Zeddari,
Still the certificate are not matching.
Please perform the below steps using both keymanager and ida swaggers.
- Fetch IDA ROOT certificate from IDA internal swagger:
https://<DOMAIN_NAME>/idauthentication/v1/internal/getCertificate?applicationId=ROOT
- Take the certificate returned from above API response and upload certificate as CA certificate in keymanager service.
https://<DOMAIN_NAME>/v1/keymanager/uploadCACertificate
- Do the same for IDA component master key certificate.
https://<DOMAIN_NAME>/idauthentication/v1/internal/getCertificate?applicationId=IDA
- Upload the above API response certificate as CA certificate in keymanager service.
https://<DOMAIN_NAME>/v1/keymanager/uploadCACertificate
- Get IDA mpartner-default-auth certificate from IDA internal service.
https://<DOMAIN_NAME>/idauthentication/v1/internal/getCertificate?applicationId=IDA&referenceId=mpartner-default-auth
- Upload the above API response certificate as partner certificate in keymanager service.
https://<DOMAIN_NAME>/v1/keymanager/uploadPartnerCertificate
The response of the API will return MOSIP signed partner certificate.
- Take the MOSIP signed partner certificate and upload in IDA Internal for mpartner-default-auth reference id.
https://<DOMAIN_NAME>/idauthentication/v1/internal/uploadCertificate
Input app_id as IDA and ref_id as mpartner-default-auth.
Try sharing credentials to IDA after performing above step.
Thanks.
Hi @Abderrazzak_Zeddari
Can you let us know the status of the issue you were facing post receiving guidance from our team member @mahammedtaheer were you able to follow it and proceed with your work?
Best Regards,
Team MOSIP