Dear Team,
We are trying to set up the OpenCRVS integration with MOSIP. We are following the documents and need a bit of clarification on the below things
On MOSIP Mediator end
- For the partner onboarding it is expected to have certificates for MOSIP Open CRVS. I have used CA_CERT_UTILITY to generate the CA, SUBCA and Partner certificates. While uploading the partner certificate, the services are returning error
Error while accessing the API.Please check the logs.
here is the log on the KeyManager service
{"@timestamp":"2024-03-15T09:54:04.132Z","@version":"1","message":"Exception Root Cause: query did not return a unique result: 3; nested exception is javax.persistence.NonUniqueResultException: query did not return a unique result: 3 ","logger_name":"io.mosip.kernel.core.exception.ExceptionUtils","thread_name":"http-nio-8088-exec-5","level":"ERROR","level_value":40000,"appName":"kernel-keymanager-service","traceId":"a5cf0a7f37ea229ba7af235c1e25fffe","spanExportable":"false","req.requestURI":"/v1/keymanager/uploadPartnerCertificate","X-Span-Export":"false","X-B3-ParentSpanId":"a7af235c1e25fffe","req.method":"POST","parentId":"a7af235c1e25fffe","req.userAgent":"Apache-HttpClient/4.5.6 (Java/11.0.16)","spanId":"c854aeadd3a86cd0","X-B3-SpanId":"c854aeadd3a86cd0","X-B3-TraceId":"a5cf0a7f37ea229ba7af235c1e25fffe","req.remoteHost":"127.0.0.6","req.requestURL":"http://keymanager.keymanager/v1/keymanager/uploadPartnerCertificate"}
- Need help to get the mosip_opencrvs_partner_client_id mosip_opencrvs_partner_client_secret mosip_opencrvs_partner_client_sha_secret mosip_opencrvs_uin_token_partner from MOSIP
On OpenCRVS end
- How to get the below information from MOSIP.
2 Likes
Hi @ali_shaik ,
I apologize for the delayed response regarding your inquiry about MOSIP and OpenCRVS integration. We understand this can be frustrating, and weâre committed to ensuring this doesnât happen again.
Our technical expert, @LoganathanSekar7627 , will be reaching out to you shortly to discuss your specific needs and provide any assistance you may require.
@mahammedtaheer can please check the logs for keymanager.
Thank you for your patience and understanding.
Best regards,
Team MOSIP
Hi @sanchi-singh24 , Iâm still awaiting a message from @LoganathanSekar7627.
Hi @ali_shaik ,
Apologies for the delayed response.
Weâve reached out to our technical expert to assist you with your query and facilitate progress.
Thank you for your patience once again.
Regards,
Resham
Hi @ali_shaik , Can you please attach the keymanager logs so that we can get more information when the error is thrown? I doubt the certificate that is used exists already. We will require the logs to get more clarity on the specific issue you are encountering. I will also request @mahammedtaheer to check the logs for more information.
For the token-seeder related configuration, you will need to onboard the partner for the token seeder. We will request our DevOps team to provide more information on that.
1 Like
Hi, thanks for the update. Unfortunately, it is not letting me to upload the log files. Could you please share me your email id, so that we can have clear communication there. Thank you.
However, I have uploaded the log files to WeTransfer, please find the below link to access them
Hi @ali_shaik
Thank you for your patience.
- Error with partner certificate upload :
Reason : The error you are encountering (NonUniqueResultException: query did not return a unique result:
is due to duplicates found in the system, where only one result is expected. This could be attributed to absence of this constraint: keymanager/db_scripts/mosip_keymgr/ddl/keymgr-ca_cert_store.sql at master ¡ mosip/keymanager ¡ GitHub
Resolution : We request you to follow the stated steps:
Check if constraint is available.
a. If available, please provide us with the requested logs for further analysis.
b. If not available,
- Take a backup of the specific database
- Identify and remove duplicates in the thumbprint and partner domain columns
- Ensure only one record is retained for each case of duplication
- Do this for all cases where duplicates are identified
- Restart the Key Manager
- Retry with the APIs
- Generation of MISP license key, API key, and p12 file password:
Regarding generation of MISP license key, API key and p12 file pwd, we request you to please refer to the information provided in the documentation here -Partners | MOSIP Docs 1.2.0. If you still need further assistance, feel free to reach out, and weâll guide you through the specific APIs.
We hope the above information helps.
Best regards,
Mahesh
2 Likes
Thanks for the update. I have managed to upload the certificates earlier. We are facing the issue with private key
{â@timestampâ:â2024-05-02T09:54:27.868Zâ,â@versionâ:â1â,âmessageâ:âException encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name ârestUtilâ: Unsatisfied dependency expressed through field âopencrvsCryptoUtilâ; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name âopencrvsCryptoUtilâ: Invocation of init method failed; nested exception is io.mosip.kernel.core.exception.BaseUncheckedException: OPN-CRVS-021 â Unable to initialize private key ; \nnested exception is java.security.NoSuchAlgorithmException: RS256 Signature not availableâ,âlogger_nameâ:âorg.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContextâ,âthread_nameâ:âmainâ,âlevelâ:âWARNâ,âlevel_valueâ:30000,âappNameâ:âapplication,opencrvsâ}
2024-05-02T09:54:27.869841634Z {â@timestampâ:â2024-05-02T09:54:27.869Zâ,â@versionâ:â1â,âmessageâ:âClosing JPA EntityManagerFactory for persistence unit âdefaultââ,âlogger_nameâ:âorg.springframework.orm.jpa.LocalContainerEntityManagerFactoryBeanâ,âthread_nameâ:âmainâ,âlevelâ:âINFOâ,âlevel_valueâ:20000,âappNameâ:âapplication,opencrvsâ}
And I have uploaded the private key and public key while deploying the application
1 Like
Hi @ali_shaik
@Mahesh-Binayak Will check the logs shared here let us look into this !
Best Regards,
Tem MOSIP
Hello Mosip Team, any help will be highly appreciated on this.
Hi @Rajat_Sharma
Can you please confirm what the property value configured for below property in opencrvs-default.properties
mosip.kernel.crypto.sign-algorithm-name
if the value has configured as âRS256â, please correct the value as âSHA512withRSAâ
if the issue did not got resolved after changing the value, please share full logs of application where you are getting this exception along with keymanager service logs.
Thanks,
Mahammed Taheer
Dear @Rajat_Sharma ,
I am here to check back on your query, Did you explore the solution input proposed by our expert colleague @mahammedtaheer and if you were able to proceed further.
Best Regards
Team MOSIP
Hi @keshavs , we have created our branch in mosip-config repository from tag v1.2.0.1-B3 which has no such setting available in opencrvs-default.properties file. Should we have to add a new setting to the file and try out or is there any other way you can suggest? Thank you
Hi @Rajat_Sharma
Yes, please add the property and then try. If still facing issues, please share full logs of application and full logs of keymanager service.
Thanks,
Mahammed Taheer
hi @mahammedtaheer , I have the settings in the Config repo and restarted the config server, keymanager and opencrvs-mediator pods. Still the pod is getting restarted. Please find the logs in the given link below and do the needful. Thank you
Hi @ali_shaik
Now as per the logs, there is different exception that is base64 decoding failed and also looks the opencrvs-mediator pod is not coming up. Have you done any changes in publicKeyFile (property âopencrvs.mosip.pubkey.patâ) ?
No Request or Exception in Keymanager logs.
Please check any changes done for the public key file. If yes, please correct the file content and restart the mediator pod and then try.
Thanks,
Mahammed Taheer
Hi @mahammedtaheer , I donât think I have made any changes to the file as well as I donât see any such setting in configuration. However, to avoid confusion, I would like to do a fresh deployment of OpenCRVS mediator by following this mosip-opencrvs/deployment at develop ¡ mosip/mosip-opencrvs ¡ GitHub
I have a few questions before I start, I need a bit of clarification on the below steps
How to generate these private and public keys, also, the the details in the first point.
Thank you
Hi @ali_shaik
I see the issue was raised by you long back and you didnât receive any response from our side, apologies for the delay please let us know the current status where you stand so that we can re-initiate this thread from our side.
Best regards,
Team MOSIP
Hi @sanchi-singh24 , thanks for the response. We are in touch with the team on slack to resolve the issues. We are still awaiting a few answers from them.
We still have these two open questions,
- What could be the value of
mosip_opencrvs_uin_token_partner that can be given to OPEN_CRVS Client?
- Do we need to create any ingress for the OPENCRVS mediator? Need help to get these values
https://<opencrvs-hostname-for-mosip-mediator>/<mosip-mediator-webhooks-uri>
