Need help setting up OpenCRVS mosip integration

Dear Team,

We are trying to set up the OpenCRVS integration with MOSIP. We are following the documents and need a bit of clarification on the below things

On MOSIP Mediator end

  • For the partner onboarding it is expected to have certificates for MOSIP Open CRVS. I have used CA_CERT_UTILITY to generate the CA, SUBCA and Partner certificates. While uploading the partner certificate, the services are returning error
Error while accessing the API.Please check the logs.

here is the log on the KeyManager service

{"@timestamp":"2024-03-15T09:54:04.132Z","@version":"1","message":"Exception Root Cause: query did not return a unique result: 3; nested exception is javax.persistence.NonUniqueResultException: query did not return a unique result: 3 ","logger_name":"io.mosip.kernel.core.exception.ExceptionUtils","thread_name":"http-nio-8088-exec-5","level":"ERROR","level_value":40000,"appName":"kernel-keymanager-service","traceId":"a5cf0a7f37ea229ba7af235c1e25fffe","spanExportable":"false","req.requestURI":"/v1/keymanager/uploadPartnerCertificate","X-Span-Export":"false","X-B3-ParentSpanId":"a7af235c1e25fffe","req.method":"POST","parentId":"a7af235c1e25fffe","req.userAgent":"Apache-HttpClient/4.5.6 (Java/11.0.16)","spanId":"c854aeadd3a86cd0","X-B3-SpanId":"c854aeadd3a86cd0","X-B3-TraceId":"a5cf0a7f37ea229ba7af235c1e25fffe","req.remoteHost":"127.0.0.6","req.requestURL":"http://keymanager.keymanager/v1/keymanager/uploadPartnerCertificate"}
  • Need help to get the mosip_opencrvs_partner_client_id mosip_opencrvs_partner_client_secret mosip_opencrvs_partner_client_sha_secret mosip_opencrvs_uin_token_partner from MOSIP

On OpenCRVS end

  • How to get the below information from MOSIP.

2 Likes

Hi @ali_shaik ,

I apologize for the delayed response regarding your inquiry about MOSIP and OpenCRVS integration. We understand this can be frustrating, and we’re committed to ensuring this doesn’t happen again.

Our technical expert, @LoganathanSekar7627 , will be reaching out to you shortly to discuss your specific needs and provide any assistance you may require.

@mahammedtaheer can please check the logs for keymanager.

Thank you for your patience and understanding.

Best regards,
Team MOSIP

Hi @sanchi-singh24 , I’m still awaiting a message from @LoganathanSekar7627.

Hi @ali_shaik ,

Apologies for the delayed response.

We’ve reached out to our technical expert to assist you with your query and facilitate progress.

Thank you for your patience once again.

Regards,
Resham

Hi @ali_shaik , Can you please attach the keymanager logs so that we can get more information when the error is thrown? I doubt the certificate that is used exists already. We will require the logs to get more clarity on the specific issue you are encountering. I will also request @mahammedtaheer to check the logs for more information.

For the token-seeder related configuration, you will need to onboard the partner for the token seeder. We will request our DevOps team to provide more information on that.

1 Like

Hi, thanks for the update. Unfortunately, it is not letting me to upload the log files. Could you please share me your email id, so that we can have clear communication there. Thank you.

However, I have uploaded the log files to WeTransfer, please find the below link to access them

Hi @ali_shaik

Thank you for your patience.

  1. Error with partner certificate upload :
    Reason : The error you are encountering (NonUniqueResultException: query did not return a unique result:
    is due to duplicates found in the system, where only one result is expected. This could be attributed to absence of this constraint: keymanager/db_scripts/mosip_keymgr/ddl/keymgr-ca_cert_store.sql at master · mosip/keymanager · GitHub
    Resolution : We request you to follow the stated steps:
    Check if constraint is available.
    a. If available, please provide us with the requested logs for further analysis.
    b. If not available,
  • Take a backup of the specific database
  • Identify and remove duplicates in the thumbprint and partner domain columns
  • Ensure only one record is retained for each case of duplication
  • Do this for all cases where duplicates are identified
  • Restart the Key Manager
  • Retry with the APIs
  1. Generation of MISP license key, API key, and p12 file password:
    Regarding generation of MISP license key, API key and p12 file pwd, we request you to please refer to the information provided in the documentation here -Partners | MOSIP Docs 1.2.0. If you still need further assistance, feel free to reach out, and we’ll guide you through the specific APIs.

We hope the above information helps.

Best regards,
Mahesh

2 Likes

Thanks for the update. I have managed to upload the certificates earlier. We are facing the issue with private key

{“@timestamp”:“2024-05-02T09:54:27.868Z”,“@version”:“1”,“message”:“Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name ‘restUtil’: Unsatisfied dependency expressed through field ‘opencrvsCryptoUtil’; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘opencrvsCryptoUtil’: Invocation of init method failed; nested exception is io.mosip.kernel.core.exception.BaseUncheckedException: OPN-CRVS-021 → Unable to initialize private key ; \nnested exception is java.security.NoSuchAlgorithmException: RS256 Signature not available”,“logger_name”:“org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext”,“thread_name”:“main”,“level”:“WARN”,“level_value”:30000,“appName”:“application,opencrvs”}
2024-05-02T09:54:27.869841634Z {“@timestamp”:“2024-05-02T09:54:27.869Z”,“@version”:“1”,“message”:“Closing JPA EntityManagerFactory for persistence unit ‘default’”,“logger_name”:“org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“application,opencrvs”}

And I have uploaded the private key and public key while deploying the application

1 Like

Hi @ali_shaik

@Mahesh-Binayak Will check the logs shared here let us look into this !

Best Regards,
Tem MOSIP

Hi @sanchi-singh24 , @Mahesh-Binayak any update on this?

Hello Mosip Team, any help will be highly appreciated on this.

Hi @Rajat_Sharma

Can you please confirm what the property value configured for below property in opencrvs-default.properties

mosip.kernel.crypto.sign-algorithm-name

if the value has configured as “RS256”, please correct the value as “SHA512withRSA”

if the issue did not got resolved after changing the value, please share full logs of application where you are getting this exception along with keymanager service logs.

Thanks,
Mahammed Taheer

Dear @Rajat_Sharma ,

I am here to check back on your query, Did you explore the solution input proposed by our expert colleague @mahammedtaheer and if you were able to proceed further.

Best Regards
Team MOSIP

Hi @keshavs , we have created our branch in mosip-config repository from tag v1.2.0.1-B3 which has no such setting available in opencrvs-default.properties file. Should we have to add a new setting to the file and try out or is there any other way you can suggest? Thank you

Hi @Rajat_Sharma

Yes, please add the property and then try. If still facing issues, please share full logs of application and full logs of keymanager service.

Thanks,
Mahammed Taheer

hi @mahammedtaheer , I have the settings in the Config repo and restarted the config server, keymanager and opencrvs-mediator pods. Still the pod is getting restarted. Please find the logs in the given link below and do the needful. Thank you

Hi @ali_shaik

Now as per the logs, there is different exception that is base64 decoding failed and also looks the opencrvs-mediator pod is not coming up. Have you done any changes in publicKeyFile (property “opencrvs.mosip.pubkey.pat”) ?

No Request or Exception in Keymanager logs.

Please check any changes done for the public key file. If yes, please correct the file content and restart the mediator pod and then try.

Thanks,
Mahammed Taheer

Hi @mahammedtaheer , I don’t think I have made any changes to the file as well as I don’t see any such setting in configuration. However, to avoid confusion, I would like to do a fresh deployment of OpenCRVS mediator by following this mosip-opencrvs/deployment at develop · mosip/mosip-opencrvs · GitHub

I have a few questions before I start, I need a bit of clarification on the below steps

How to generate these private and public keys, also, the the details in the first point.

Thank you