Tutorial on how to setup the environment for configuring mock-MDS?

hamid · May 3, 2023, 8:22am

Hi @mahammedtaheer
I’m trying to upload the partner certificate via this api “http://{baseUrl}/v1/keymanager/uploadPartnerCertificate”

here are the logs of keymanager:

{“@timestamp”:“2023-05-03T09:21:07.603+01:00”,“@version”:“1”,“message”:“pcSessionId - UploadPartnerCertificate - - Uploading Partner Certificate.”,“logger_name”:“io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl”,“thread_name”:“http-nio-8088-exec-6”,“level”:“INFO”,“level_value”:20000,“appName”:“kernel-keymanager-service”,“traceId”:“c0b035be17f2088e”,“spanExportable”:“false”,“req.requestURI”:“/v1/keymanager/uploadPartnerCertificate”,“X-Span-Export”:“false”,“req.method”:“POST”,“req.userAgent”:“insomnia/2023.2.0”,“spanId”:“c0b035be17f2088e”,“X-B3-SpanId”:“c0b035be17f2088e”,“X-B3-TraceId”:“c0b035be17f2088e”,“req.remoteHost”:“0:0:0:0:0:0:0:1”,“req.requestURL”:“http://dev.mosip.local/v1/keymanager/uploadPartnerCertificate”}
{“@timestamp”:“2023-05-03T09:21:07.605+01:00”,“@version”:“1”,“message”:“pcSessionId - UploadPartnerCertificate - - Partner certificate upload for domain: DEVICE”,“logger_name”:“io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl”,“thread_name”:“http-nio-8088-exec-6”,“level”:“INFO”,“level_value”:20000,“appName”:“kernel-keymanager-service”,“traceId”:“c0b035be17f2088e”,“spanExportable”:“false”,“req.requestURI”:“/v1/keymanager/uploadPartnerCertificate”,“X-Span-Export”:“false”,“req.method”:“POST”,“req.userAgent”:“insomnia/2023.2.0”,“spanId”:“c0b035be17f2088e”,“X-B3-SpanId”:“c0b035be17f2088e”,“X-B3-TraceId”:“c0b035be17f2088e”,“req.remoteHost”:“0:0:0:0:0:0:0:1”,“req.requestURL”:“http://dev.mosip.local/v1/keymanager/uploadPartnerCertificate”}
{“@timestamp”:“2023-05-03T09:21:07.614+01:00”,“@version”:“1”,“message”:“pcSessionId - CertTrustPathValidation - - Certificate Trust Path Validation for domain: DEVICE”,“logger_name”:“io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl”,“thread_name”:“http-nio-8088-exec-6”,“level”:“INFO”,“level_value”:20000,“appName”:“kernel-keymanager-service”,“traceId”:“c0b035be17f2088e”,“spanExportable”:“false”,“req.requestURI”:“/v1/keymanager/uploadPartnerCertificate”,“X-Span-Export”:“false”,“req.method”:“POST”,“req.userAgent”:“insomnia/2023.2.0”,“spanId”:“c0b035be17f2088e”,“X-B3-SpanId”:“c0b035be17f2088e”,“X-B3-TraceId”:“c0b035be17f2088e”,“req.remoteHost”:“0:0:0:0:0:0:0:1”,“req.requestURL”:“http://dev.mosip.local/v1/keymanager/uploadPartnerCertificate”}
{“@timestamp”:“2023-05-03T09:21:07.614+01:00”,“@version”:“1”,“message”:“pcSessionId - CertTrustPathValidation - - Total Number of ROOT Trust Found: 0”,“logger_name”:“io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl”,“thread_name”:“http-nio-8088-exec-6”,“level”:“INFO”,“level_value”:20000,“appName”:“kernel-keymanager-service”,“traceId”:“c0b035be17f2088e”,“spanExportable”:“false”,“req.requestURI”:“/v1/keymanager/uploadPartnerCertificate”,“X-Span-Export”:“false”,“req.method”:“POST”,“req.userAgent”:“insomnia/2023.2.0”,“spanId”:“c0b035be17f2088e”,“X-B3-SpanId”:“c0b035be17f2088e”,“X-B3-TraceId”:“c0b035be17f2088e”,“req.remoteHost”:“0:0:0:0:0:0:0:1”,“req.requestURL”:“http://dev.mosip.local/v1/keymanager/uploadPartnerCertificate”}
{“@timestamp”:“2023-05-03T09:21:07.614+01:00”,“@version”:“1”,“message”:“pcSessionId - CertTrustPathValidation - - Total Number of INTERMEDIATE Trust Found: 0”,“logger_name”:“io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl”,“thread_name”:“http-nio-8088-exec-6”,“level”:“INFO”,“level_value”:20000,“appName”:“kernel-keymanager-service”,“traceId”:“c0b035be17f2088e”,“spanExportable”:“false”,“req.requestURI”:“/v1/keymanager/uploadPartnerCertificate”,“X-Span-Export”:“false”,“req.method”:“POST”,“req.userAgent”:“insomnia/2023.2.0”,“spanId”:“c0b035be17f2088e”,“X-B3-SpanId”:“c0b035be17f2088e”,“X-B3-TraceId”:“c0b035be17f2088e”,“req.remoteHost”:“0:0:0:0:0:0:0:1”,“req.requestURL”:“http://dev.mosip.local/v1/keymanager/uploadPartnerCertificate”}
{“@timestamp”:“2023-05-03T09:21:07.615+01:00”,“@version”:“1”,“message”:“pcSessionId - UploadPartnerCertificate - - Partner Certificate not allowed to upload as root CA/Intermediate CAs are not found in trust cert path.”,“logger_name”:“io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl”,“thread_name”:“http-nio-8088-exec-6”,“level”:“ERROR”,“level_value”:40000,“appName”:“kernel-keymanager-service”,“traceId”:“c0b035be17f2088e”,“spanExportable”:“false”,“req.requestURI”:“/v1/keymanager/uploadPartnerCertificate”,“X-Span-Export”:“false”,“req.method”:“POST”,“req.userAgent”:“insomnia/2023.2.0”,“spanId”:“c0b035be17f2088e”,“X-B3-SpanId”:“c0b035be17f2088e”,“X-B3-TraceId”:“c0b035be17f2088e”,“req.remoteHost”:“0:0:0:0:0:0:0:1”,“req.requestURL”:“http://dev.mosip.local/v1/keymanager/uploadPartnerCertificate”}
{“@timestamp”:“2023-05-03T09:21:07.625+01:00”,“@version”:“1”,“message”:“Exception Root Cause: KER-PCM-006 → Root CA/Intermediate CA Certificates not found. “,“logger_name”:“io.mosip.kernel.core.exception.ExceptionUtils”,“thread_name”:“http-nio-8088-exec-6”,“level”:“ERROR”,“level_value”:40000,“appName”:“kernel-keymanager-service”,“traceId”:“c0b035be17f2088e”,“spanExportable”:“false”,“req.requestURI”:”/v1/keymanager/uploadPartnerCertificate”,“X-Span-Export”:“false”,“req.method”:“POST”,“req.userAgent”:“insomnia/2023.2.0”,“spanId”:“c0b035be17f2088e”,“X-B3-SpanId”:“c0b035be17f2088e”,“X-B3-TraceId”:“c0b035be17f2088e”,“req.remoteHost”:“0:0:0:0:0:0:0:1”,“req.requestURL”:“http://dev.mosip.local/v1/keymanager/uploadPartnerCertificate”}

but now I have this error:

hamid · May 3, 2023, 9:59am

Hi @mahammedtaheer
Thank you for your responses.
The probleme is solved. After debugging I found that the table ca_cert_store was empty even I have already uploaded the necessary certificates, but I think the database was reinitialized after running the keygenerator job.

mahammedtaheer · May 3, 2023, 10:14am

Hi @hamid

Thanks for confirming that the issue is got resolved.

KeyGenerator job will not do any re-initialization of DB. KeyGenerator job will just generate the required number of keys as per the configuration if not generated previously.

I think after you uploaded the CA/SubCA certificates, keymanager service allowed the partner certificate upload.

Thanks

hamid · May 3, 2023, 10:49am

Hi @mahammedtaheer
I have another issue, I’m following this tutorial:

I have errors in the last two commands:

mahammedtaheer · May 3, 2023, 3:15pm

Hi @hamid

Is the mosip-signed.crt file available in the same folder?

For the second command, the above command has not created the output file so error has thrown.

hamid · May 4, 2023, 8:28am

Hi @mahammedtaheer
Yes the mosip-signed.crt file is available in the same folder

rcsampang · May 5, 2023, 7:34am

Hello @hamid I encountered the same error before. In my case it was caused by the file mosip-signed.crt in a wrong format. I made some errors in copying and pasting it. But once I made sure mosip-signed.crt is formatted correctly, Device.p12 was created and no more errors when I run the script.

Hope it helps.

hamid · May 5, 2023, 8:34am

Hi @rcsampang
Thank you for your response.
Could you please show how to convert it to the correct format ?

rcsampang · May 5, 2023, 8:49am

You can follow Step 5 of https://mosip.atlassian.net/wiki/spaces/MSD/pages/1022394369/Building+a+Mock+Registration+MDS+for+your+1.2.0.x+MOSIP+Setup
Step 5: Add the MOSIP signed certificate to the CA Cert Utility folder
Copy the text shown when you can click on “View Certificate”
Open a new notepad++ file and place the data
Find all blank spaces and replace with \n with search mode as “Regular Expression” to make it a “crt” file
Name the file “mosip-signed.crt” and save it in the same directory as CA Cert Utility

If that doesn’t apply to your case, open the file using any text editor and make sure it looks the same with the image above.

hamid · May 5, 2023, 9:09am

@rcsampang
Here is the response tha I got after uploading the certificate:

I’ve already tried what you’ve said, and I’ve tried to add the header and footer but It doesn’t work.
After checking the logs I found a parsing error:

hamid · May 5, 2023, 9:21am

@rcsampang
The problem is in the line 311 ( pemReader.readPemObject() is returning null ):

Here is the value of certdata:

The method “convertToCertificate(String certData)” is called multiple times until certData became in the format on the picture and after pemReader.readPemObject() returns null

rcsampang · May 5, 2023, 10:26am

Were you able to get the same format as it was shown in the picture?

Maybe, it is really different from the way I did it. I used the PMP UI module to view the certificate, logged in with a user with Partner_Admin Role. Clicked on the partner name and clicked View Certificate.

A pop up window opens showing the certificate.

I selected and copied the portion starting from the first dash -----BEGIN CERTIFICATE up to the last dash END CERTIFICATE-----

Then I pasted it on a blank text file and formatted it manually, making sure it begins with the line -----BEGIN CERTIFICATE----- the rest started on the second line and made sure no extra spaces and the end of a line is the same length with all the other lines, except for the line before the last line, and the last line should be -----END CERTIFICATE-----

Then saved it as mosip-signed.crt and made sure the file extension is .crt.

mahammedtaheer · May 5, 2023, 12:11pm

@hamid

The uploadPartnerCertificate response from keymanager service is p7b format base64 encoded data. The data contains certificate chain. You need to do base64 decode to get the p7b format bytes. Save the bytes into a file with p7b as file extension. In windows machine you can view the certificate chain with the windows default viewer.

Otherwise follow the steps shared by @rcsampang if PMS is configure and running.

Thanks.

hamid · May 5, 2023, 1:23pm

Hi @rcsampang
I had issues with PMP UI so I have used the APIs to generate the certificates.

hamid · May 5, 2023, 1:29pm

Hello @mahammedtaheer
After decoding and putting the result in a .p7b file It shows this message “this file is not suitable for the following use: PKCS #7” when I try to open the file.

mahammedtaheer · May 5, 2023, 2:39pm

Hi @hamid

Use below sample code to decode and write to p7b file.

String p7bData = “<REPLACE-HERE-P7B-BASE64-DATA-FROM-KEYMANAGER”;
byte p7bBytes = Base64.decodeBase64(p7bData);
BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(“<OUTPUT_DIR>/certif.p7b”));
out.write(p7bBytes, 0, p7bBytes.length);
out.flush();
out.close();

This code will create the p7b file.

Thanks

hamid · May 8, 2023, 8:24am

thank you @mahammedtaheer for your response.

I have run the MockMDS but I still have in registration client this message “Device is not available”

Topic		Replies	Views
MOCK MDS Setup and Integration with the deployment Platform	1	527	December 8, 2022
The downoladed reg-client canno't find Mock MDS regclient	2	428	December 7, 2022
RegClient (Error in mock biometric authentication) regclient	8	421	April 19, 2023
Tutorial how to setUp Iris Scanner (IriShield-USB-BK2121U) with reg-client regclient	4	353	August 30, 2023
Devices in regclient Developer regclient	38	806	December 22, 2023

Tutorial on how to setup the environment for configuring mock-MDS?

Related topics