Issue with well-known OIDC Credential Issuer Endpoint

I’m encountering an issue while testing the OpenID Credential Issuer endpoint. When accessing the URL http://localhost:3000/.well-known/openid-credential-issuer, I get the following response:

{
    "error": "unknown_error",
    "error_description": null
}

Error Details:

Here is the stack trace from the logs:

2024-11-19 15:43:32 {"@timestamp":"2024-11-19T10:13:32.988Z","@version":"1","message":"Unhandled exception encountered in handler advice","logger_name":"io.mosip.esignet.advice.ExceptionHandlerAdvice","thread_name":"http-nio-8088-exec-3","level":"ERROR","level_value":40000,"stack_trace":"java.lang.NullPointerException: null\n\tat io.mosip.esignet.vci.services.VCIssuanceServiceImpl.getCredentialIssuerMetadata(VCIssuanceServiceImpl.java:115)\n\tat io.mosip.esignet.controllers.VCIssuanceController.getMetadata(VCIssuanceController.java:48)\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tat java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.base/java.lang.reflect.Method.invoke(Method.java:566)\n\tat org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)\n\tat org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)\n\tat org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105)\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:878)\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:792)\n\tat org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)\n\tat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)\n\tat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)\n\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)\n\tat org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:626)\n\tat org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:733)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:103)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:103)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)\n\tat org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)\n\tat org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)\n\tat org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)\n\tat org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)\n\tat org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)\n\tat org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.base/java.lang.Thread.run(Thread.java:829)\n"}

It seems the issue originates from the getCredentialIssuerMetadata method in VCIssuanceServiceImpl, leading to a NullPointerException.

Thank you in advance for your assistance!

Hi @Somnath_Bera , thanks for trying out Certify. Can you share the configuration details & Certify version details?

I think you’ve missed configuring the well known value correctly via mosip.certify.key-values key.

ref: inji-config/certify-mock-identity.properties at develop · mosip/inji-config · GitHub

This is a good example of a working usecase.

Hi @Harsh_Vardhan ,

Docker compose:

version: '3.8'

services:
  database:
    image: 'postgres:latest'
    ports:
      - 5456:5432
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
    volumes:
      - ./esignet_init.sql:/docker-entrypoint-initdb.d/esignet_init.sql
      - ./certify_init.sql:/docker-entrypoint-initdb.d/certify_init.sql
      - ./mock_identity_init.sql:/docker-entrypoint-initdb.d/mock_identity_init.sql
    networks:
      - network
  artifactory-server:
    image: 'mosipid/artifactory-server:0.9.1-INJI'
    ports:
      - 8080:8080
    networks:
      - network
  mock-identity-system:
    image: 'mosipid/mock-identity-system:0.9.3'
    user: root
    ports:
      - 8082:8082
    environment:
      - artifactory_url_env=http://artifactory-server:8080/
      - container_user=mosip
      - active_profile_env=default
      - SPRING_CONFIG_NAME=mock-identity-system
      - SPRING_CONFIG_LOCATION=/home/mosip/mock-identity-system-default.properties
    depends_on:
      - database
      - artifactory-server
    volumes:
      - ./config/mock-identity-system-default.properties:/home/mosip/mock-identity-system-default.properties
    networks:
      - network
  cache:
    image: redis:6.2-alpine
    restart: always
    ports:
      - '6379:6379'
    command: redis-server --save 20 1 --loglevel warning --requirepass redis
    volumes:
      - cache:/data
    networks:
      - network
  zookeeper:
    image: wurstmeister/zookeeper
    container_name: zookeeper
    ports:
      - "2181:2181"
    networks:
      - network
  kafka:
    image: wurstmeister/kafka
    container_name: kafka
    ports:
      - "9092:9092"
    environment:
      KAFKA_ADVERTISED_LISTENERS: INSIDE://kafka:9092,OUTSIDE://localhost:9093
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT
      KAFKA_LISTENERS: INSIDE://0.0.0.0:9092,OUTSIDE://0.0.0.0:9093
      KAFKA_INTER_BROKER_LISTENER_NAME: INSIDE
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_CREATE_TOPICS: "esignet-linked:1:1,esignet-consented:1:1"
    networks:
      - network
  esignet:
    image: 'mosipid/esignet:1.4.1'
    user: root
    ports:
      - 8088:8088
    environment:
      - artifactory_url_env=http://artifactory-server:8080/
      - container_user=mosip
      - active_profile_env=default,mock-identity
      - SPRING_CONFIG_NAME=esignet
      - SPRING_CONFIG_LOCATION=/home/mosip/config/
      - esignet_wrapper_url_env=http://artifactory-server:8080/artifactory/libs-release-local/esignet/esignet-wrapper.zip
    depends_on:
      - database
      - artifactory-server
      - kafka
    volumes:
      - ./config/esignet-default.properties:/home/mosip/config/esignet-default.properties
      - ./config/esignet-sunbird-insurance.properties:/home/mosip/config/esignet-sunbird-insurance.properties
      - ./config/esignet-mock-identity.properties:/home/mosip/config/esignet-mock-identity.properties
      - ./data/ESIGNET_PKCS12:/home/mosip/ESIGNET_PKCS12
#      - ./loader_path/esignet/:/home/mosip/additional_jars/
    networks:
      - network
  certify:
    image: mosipid/inji-certify:0.9.1
    user: root
    ports:
      - 8090:8090
    environment:
      - artifactory_url_env=http://artifactory-server:8080
      - container_user=mosip
      - active_profile_env=default,mock-identity
      - SPRING_CONFIG_NAME=certify
      - SPRING_CONFIG_LOCATION=/home/mosip/config/
#      - enable_certify_artifactory=false
#      - download_hsm_client=true
    volumes:
      - ./config/certify-default.properties:/home/mosip/config/certify-default.properties
      - ./config/certify-sunbird-insurance.properties:/home/mosip/config/certify-sunbird-insurance.properties
      - ./config/certify-mock-identity.properties:/home/mosip/config/certify-mock-identity.properties
      - ./data/CERTIFY_PKCS12:/home/mosip/CERTIFY_PKCS12
#      - ./loader_path/certify/:/home/mosip/additional_jars/
    depends_on:
      - esignet
    networks:
      - network
  esignet-ui:
    image: 'mosipid/oidc-ui:1.4.1'
    user: root
    ports:
      - 3001:3000
    depends_on:
      - esignet
      - artifactory-server
    environment:
      - artifactory_url_env=http://artifactory-server:8080/
      - container_user=mosip
      - DEFAULT_WELLKNOWN=%5B%7B%22name%22%3A%22OpenID%20Configuration%22%2C%22value%22%3A%22%2F.well-known%2Fopenid-configuration%22%7D%2C%7B%22name%22%3A%22Jwks%20Json%22%2C%22value%22%3A%22%2F.well-known%2Fjwks.json%22%7D%2C%7B%22name%22%3A%22Authorization%20Server%22%2C%22value%22%3A%22%2F.well-known%2Foauth-authorization-server%22%7D%2C%7B%22name%22%3A%22OpenID%20Credential%20Issuer%22%2C%22value%22%3A%22%2F.well-known%2Fopenid-credential-issuer%22%7D%5D
      - SIGN_IN_WITH_ESIGNET_PLUGIN_URL=http://artifactory-server:8080/artifactory/libs-release-local/mosip-plugins/sign-in-with-esignet.zip
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
    networks:
      - network

networks:
  network:
    name: mosip_network
    external: true

volumes:
  cache:
    driver: local

Certify config:

## ------------------------------------------- Mock ID Integration properties ------------------------------------------------------------
mosip.certify.integration.scan-base-package=io.mosip.certify.mock.integration
mosip.certify.integration.audit-plugin=LoggerAuditService
mosip.certify.integration.vci-plugin=MockVCIssuancePlugin

## ------------------------------------------- Mock ID plugin related properties ------------------------------------------------------------
mosip.certify.mock.vciplugin.verification-method=${mosip.certify.authn.jwk-set-uri}
mosip.certify.mock.authenticator.get-identity-url=http://mock-identity-system:8082/v1/mock-identity-system/identity
mosip.certify.cache.security.algorithm-name=AES/ECB/PKCS5Padding
mosip.certify.cache.secure.individual-id=false
mosip.certify.cache.store.individual-id=true

mosip.certify.key-values={\
    'vd11' : { \
              'credential_issuer': '${mosip.certify.identifier}', 	\
              'credential_endpoint': '${mosip.certify.identifier}${server.servlet.path}/issuance/vd11/credential', \
              'credentials_supported': {\
                      {\
                          'format': 'ldp_vc',\
                          'id': 'MockVerifiableCredential_ldp', \
                          'scope' : 'mock_identity_vc_ldp',\
                          'cryptographic_binding_methods_supported': {'did:jwk'},\
                          'cryptographic_suites_supported': {'RsaSignature2018'},\
                          'proof_types_supported': {'jwt'},\
                          'credential_definition': {\
                              'type': {'VerifiableCredential','MockVerifiableCredential'},\
                              'credentialSubject': {\
                                  'fullName': { 'display': {{'name': 'Full Name', 'locale': 'en' }}},\
                                  'phone': { 'display': {{'name': 'Phone Number', 'locale': 'en' }}},\
                                  'dateOfBirth': { 'display': {{'name': 'DOB', 'locale': 'en' }}},\
                                  'gender': { 'display': {{'name': 'Gender', 'locale': 'en' }}},\
                                  'email': { 'display': {{'name': 'Email Id', 'locale': 'en' }}},\
                                  'region': { 'display': {{'name': 'Region', 'locale': 'en' }}},\
                                  'province': { 'display': {{'name': 'Province', 'locale': 'en' }}},\
                                  'UIN': { 'display': {{'name': 'UIN', 'locale': 'en' }}},\
                                  'VID': { 'display': {{'name': 'VID', 'locale': 'en' }}},\
                                  'postalCode': { 'display': {{'name': 'Postal Code', 'locale': 'en' }}}\
                               }\
                          },\
                          'display': {{'name': 'Mock Verifiable Credential', \
                                  'locale': 'en', \
                                  'logo': {'url': '${mosipbox.public.url}/logo.png','alt_text': 'a square logo of a MOSIP'},\
                                  'background_color': '#12107c',\
                                  'text_color': '#FFFFFF'}}\
                      }\
              }\
    },\
    'vd12' : {\
              'credential_issuer': '${mosip.certify.identifier}',   \
              'authorization_servers': {'${mosip.certify.authorization.url}'}, \
              'credential_endpoint': '${mosip.certify.identifier}${server.servlet.path}/issuance/vd12/credential', \
              'display': {{'name': 'Mock Verifiable Credential', 'locale': 'en'}},\
              'credentials_supported' : { \
                 'MockVerifiableCredential_ldp' : {\
                    'format': 'ldp_vc',\
                    'scope' : 'mock_identity_vc_ldp',\
                    'cryptographic_binding_methods_supported': {'did:jwk'},\
                    'cryptographic_suites_supported': {'RsaSignature2018'},\
                    'proof_types_supported': {'jwt'},\
                    'credential_definition': {\
                      'type': {'VerifiableCredential','MockVerifiableCredential'},\
                      'credentialSubject': {\
                          'fullName': { 'display': {{'name': 'Full Name', 'locale': 'en' }}},\
                          'phone': { 'display': {{'name': 'Phone Number', 'locale': 'en' }}},\
                          'dateOfBirth': { 'display': {{'name': 'DOB', 'locale': 'en' }}},\
                          'gender': { 'display': {{'name': 'Gender', 'locale': 'en' }}},\
                          'email': { 'display': {{'name': 'Email Id', 'locale': 'en' }}},\
                          'region': { 'display': {{'name': 'Region', 'locale': 'en' }}},\
                          'province': { 'display': {{'name': 'Province', 'locale': 'en' }}},\
                          'UIN': { 'display': {{'name': 'UIN', 'locale': 'en' }}},\
                          'VID': { 'display': {{'name': 'VID', 'locale': 'en' }}},\
                          'postalCode': { 'display': {{'name': 'Postal Code', 'locale': 'en' }}}\
                     }},\
                    'display': {{'name': 'Mock Verifiable Credential', \
                                  'locale': 'en', \
                                  'logo': {'url': '${mosipbox.public.url}/logo.png','alt_text': 'a square logo of a MOSIP'},\
                                  'background_color': '#12107c',\
                                  'text_color': '#FFFFFF'}},\
                   'order' : {'fullName','phone','dateOfBirth','gender','email','region','province','UIN', 'VID', 'postalCode'}\
                 }\
              }\
    },\
    'latest' : {\
              'credential_issuer': '${mosip.certify.identifier}',   \
              'authorization_servers': {'${mosip.certify.authorization.url}'}, \
              'credential_endpoint': '${mosip.certify.identifier}${server.servlet.path}/issuance/credential', \
              'display': {{'name': 'Mock Verifiable Credential', 'locale': 'en'}},\
              'credential_configurations_supported' : { \
                 'MockVerifiableCredential_ldp' : {\
                    'format': 'ldp_vc',\
                    'scope' : 'mock_identity_vc_ldp',\
                    'cryptographic_binding_methods_supported': {'did:jwk'},\
                    'credential_signing_alg_values_supported': {'RsaSignature2018'},\
                    'proof_types_supported': {'jwt': {'proof_signing_alg_values_supported': {'RS256', 'PS256', 'ES256'}}},\
                    'credential_definition': {\
                      'type': {'VerifiableCredential','MockVerifiableCredential'},\
                      'credentialSubject': {\
                           'fullName': { 'display': {{'name': 'Full Name', 'locale': 'en' }}},\
                          'phone': { 'display': {{'name': 'Phone Number', 'locale': 'en' }}},\
                          'dateOfBirth': { 'display': {{'name': 'DOB', 'locale': 'en' }}},\
                          'gender': { 'display': {{'name': 'Gender', 'locale': 'en' }}},\
                          'email': { 'display': {{'name': 'Email Id', 'locale': 'en' }}},\
                          'region': { 'display': {{'name': 'Region', 'locale': 'en' }}},\
                          'province': { 'display': {{'name': 'Province', 'locale': 'en' }}},\
                          'UIN': { 'display': {{'name': 'UIN', 'locale': 'en' }}},\
                          'VID': { 'display': {{'name': 'VID', 'locale': 'en' }}},\
                          'postalCode': { 'display': {{'name': 'Postal Code', 'locale': 'en' }}}\
                     }},\
                    'display': {{'name': 'Mock Verifiable Credential', \
                                  'locale': 'en', \
                                  'logo': {'url': '${mosipbox.public.url}/logo.png','alt_text': 'a square logo of a MOSIP'},\
                                  'background_color': '#12107c',\
                                  'background_image': { 'uri': 'https://${mosipbox.public.url}/inji/mosip-logo.png' }, \
                                  'text_color': '#FFFFFF'}},\
                    'order' : {'fullName','phone','dateOfBirth','gender','email','region','province','UIN', 'VID', 'postalCode'}\
                 }\
                }\
    }\
}
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.

## Application Name
spring.application.name=certify
spring.cloud.config.uri=http://localhost:8888

server.port=8090
server.servlet.path=/v1/certify

openapi.info.title=Certify Service
openapi.info.description=Rest Endpoints for operations related to certify
openapi.info.version=1.0
openapi.info.license.name=Mosip
openapi.info.license.url=https://docs.mosip.io/platform/license
mosipbox.public.url=http://localhost:${server.port}
openapi.service.server.url=${mosipbox.public.url}${server.servlet.path}
openapi.service.server.description=Certify Service
springdoc.swagger-ui.disable-swagger-default-url=true
spring.mvc.servlet.path=${server.servlet.path}

spring.messages.basename=messages
spring.messages.encoding=UTF-8

spring.main.allow-bean-definition-overriding=true
spring.mvc.pathmatch.matching-strategy=ANT_PATH_MATCHER



## -------------------------------------- Authentication & Authorization -----------------------------------------------

mosip.certify.security.auth.post-urls={}
mosip.certify.security.auth.put-urls={}
mosip.certify.security.auth.get-urls={}

mosip.certify.security.ignore-csrf-urls=**/actuator/**,/favicon.ico,**/error,\
  **/swagger-ui/**,**/v3/api-docs/**,\
  **/issuance/**

mosip.certify.security.ignore-auth-urls=**/actuator/**,**/error,**/swagger-ui/**,\
  **/v3/api-docs/**, **/issuance/**


## ------------------------------------------ Discovery openid-configuration -------------------------------------------
mosip.certify.discovery.issuer-id=${mosipbox.public.url}${server.servlet.path}
mosip.certify.authorization.url=http://localhost:8088

##--------------change this later---------------------------------
mosip.certify.supported.jwt-proof-alg={'RS256','PS256'}


##----- These are reference to the oauth resource server providing jwk----------------------------------##
mosip.certify.cnonce-expire-seconds=40

mosip.certify.identifier=${mosipbox.public.url}
mosip.certify.authn.filter-urls={ '${server.servlet.path}/issuance/credential', '${server.servlet.path}/issuance/vd11/credential', '${server.servlet.path}/issuance/vd12/credential' }
mosip.certify.authn.issuer-uri=${mosip.certify.authorization.url}/v1/esignet
mosip.certify.authn.jwk-set-uri=http://esignet:8088/v1/esignet/oauth/.well-known/jwks.json
mosip.certify.authn.allowed-audiences={ '${mosipbox.public.url}${server.servlet.path}/issuance/credential', '${mosip.certify.authorization.url}/v1/esignet/vci/credential' }

#------------------------------------ Key-manager specific properties --------------------------------------------------
#Crypto asymmetric algorithm name
mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
#Crypto symmetric algorithm name
mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding
#Keygenerator asymmetric algorithm name
mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA
#Keygenerator symmetric algorithm name
mosip.kernel.keygenerator.symmetric-algorithm-name=AES
#Asymmetric algorithm key length
mosip.kernel.keygenerator.asymmetric-key-length=2048
#Symmetric algorithm key length
mosip.kernel.keygenerator.symmetric-key-length=256
#Encrypted data and encrypted symmetric key separator
mosip.kernel.data-key-splitter=#KEY_SPLITTER#
#GCM tag length
mosip.kernel.crypto.gcm-tag-length=128
#Hash algo name
mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512
#Symmtric key length used in hash
mosip.kernel.crypto.hash-symmetric-key-length=256
#No of iterations in hash
mosip.kernel.crypto.hash-iteration=100000
#Sign algo name
mosip.kernel.crypto.sign-algorithm-name=RS256
#Certificate Sign algo name
mosip.kernel.certificate.sign.algorithm=SHA256withRSA

mosip.kernel.keymanager.hsm.config-path=CERTIFY_PKCS12/local.p12
mosip.kernel.keymanager.hsm.keystore-type=PKCS12
mosip.kernel.keymanager.hsm.keystore-pass=local

#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE
#mosip.kernel.keymanager.hsm.keystore-type=PKCS11
# For PKCS11 provide Path of config file.
# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name.
# For Offline & JCE property can be left blank, specified value will be ignored.
#mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf
# Passkey of keystore for PKCS11, PKCS12
# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties.
#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.certify.mock.security.pin}


mosip.kernel.keymanager.certificate.default.common-name=www.example.com
mosip.kernel.keymanager.certificate.default.organizational-unit=EXAMPLE-CENTER
mosip.kernel.keymanager.certificate.default.organization=IIITB
mosip.kernel.keymanager.certificate.default.location=BANGALORE
mosip.kernel.keymanager.certificate.default.state=KA
mosip.kernel.keymanager.certificate.default.country=IN

mosip.kernel.keymanager.softhsm.certificate.common-name=www.example.com
mosip.kernel.keymanager.softhsm.certificate.organizational-unit=Example Unit
mosip.kernel.keymanager.softhsm.certificate.organization=IIITB
mosip.kernel.keymanager.softhsm.certificate.country=IN

# Application Id for PMS master key.
mosip.kernel.partner.sign.masterkey.application.id=PMS
mosip.kernel.partner.allowed.domains=DEVICE

mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate
mosip.kernel.keymanager.jwtsign.validate.json=false
mosip.keymanager.dao.enabled=false
crypto.PrependThumbprint.enable=true

mosip.kernel.keymgr.hsm.health.check.enabled=true
mosip.kernel.keymgr.hsm.health.key.app-id=CERTIFY_SERVICE
mosip.kernel.keymgr.hsm.healthkey.ref-id=TRANSACTION_CACHE

mosip.kernel.keymgr.hsm.health.check.encrypt=true

mosip.certify.cache.security.secretkey.reference-id=TRANSACTION_CACHE

##----------------------------------------- Database properties --------------------------------------------------------

mosip.certify.database.hostname=database
mosip.certify.database.port=5432
spring.datasource.url=jdbc:postgresql://${mosip.certify.database.hostname}:${mosip.certify.database.port}/inji_certify?currentSchema=certify
spring.datasource.username=postgres
spring.datasource.password=postgres

spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
spring.jpa.show-sql=false
spring.jpa.hibernate.ddl-auto=none
spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true

## ---------------------------------------- Cache configuration --------------------------------------------------------
spring.cache.type=redis
spring.data.redis.host=cache
spring.data.redis.port=6379
spring.data.redis.password=redis

#spring.cache.type=simple
spring.cache.cache-names=${mosip.certify.cache.names}

management.health.redis.enabled=false

mosip.certify.access-token-expire-seconds=86400

mosip.certify.cache.names=userinfo,vcissuance
# Cache size setup is applicable only for 'simple' cache type.
# Cache size configuration will not be considered with 'Redis' cache type
mosip.certify.cache.size={'userinfo': 200, 'vcissuance' : 2000 }


# Cache expire in seconds is applicable for both 'simple' and 'Redis' cache type
mosip.certify.cache.expire-in-seconds={'userinfo': ${mosip.certify.access-token-expire-seconds}, 'vcissuance': ${mosip.certify.access-token-expire-seconds}}