idp-binding-default.properties

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.

# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
# DO NOT define these in any of the property files.  They must be passed as env variables.  Refer to config-server
# helm chart:
# db.dbuser.password
# keycloak.external.url
# keycloak.internal.host
# keycloak.internal.url
# keycloak.admin.password
# mosip.auth.client.secret   (convention: <realm>.<keycloak client name>.secret)
# mosip.ida.client.secret
# mosip.admin.client.secret
# mosip.reg.client.secret
# mosip.prereg.client.secret
# softhsm.kernel.pin
# softhsm-security-pin
# email.smtp.host
# email.smtp.username
# email.smtp.secret
# mosip.kernel.tokenid.uin.salt
# mosip.kernel.tokenid.partnercode.salt
# mosip.api.internal.url
# mosip.api.public.url
# mosipbox.public.url

## -------------------------------------------- IdP Binding ------------------------------------------------------------
mosip.idp.binding.issuer-id=${mosipbox.public.url}${server.servlet.path}
mosip.idp.binding.public-key-expire-days=10
mosip.idp.binding.salt-length=16

mosip.idp.binding.send-binding-otp=SCOPE_send_binding_otp
mosip.idp.binding.wallet-binding=SCOPE_wallet_binding
mosip.idp.binding.systeminfo.get-certificate=SCOPE_get_certificate

mosip.idp.binding.auth-ignore-urls=${server.servlet.path}/validate-binding/**,${server.servlet.path}/actuator/**,/favicon.ico,\
  /v1/notifier/actuator/prometheus,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/**,\
  ${server.servlet.path}/v3/api-docs/**

spring.security.oauth2.resourceserver.jwt.issuer-uri=${keycloak.external.url}/auth/realms/mosip
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs

mosip.idp.binding.validate-binding-url=${mosipbox.public.url}${server.servlet.path}/validate-binding
mosip.idp.binding.encrypt-binding-id=false

mosip.idp.binding.wrapper.impl=MockKeyBindingWrapperService
mosip.idp.authn.wrapper.validate-binding-url=${mosip.idp.binding.validate-binding-url}
mosip.idp.binding.key-expire-days=10

management.health.redis.enabled=false

##----------------------------------------- Database properties --------------------------------------------------------

mosip.idp.database.hostname=postgres-postgresql.postgres
mosip.idp.database.port=5432
spring.datasource.url=jdbc:postgresql://${mosip.idp.database.hostname}:${mosip.idp.database.port}/mosip_idpbinding?currentSchema=idpbinding
spring.datasource.username=idpbindinguser
spring.datasource.password=${db.dbuser.password}

spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect
spring.jpa.show-sql=false
spring.jpa.hibernate.ddl-auto=none
spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true

#------------------------------------ Key-manager specific properties --------------------------------------------------
#Crypto asymmetric algorithm name
mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
#Crypto symmetric algorithm name
mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding
#Keygenerator asymmetric algorithm name
mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA
#Keygenerator symmetric algorithm name
mosip.kernel.keygenerator.symmetric-algorithm-name=AES
#Asymmetric algorithm key length
mosip.kernel.keygenerator.asymmetric-key-length=2048
#Symmetric algorithm key length
mosip.kernel.keygenerator.symmetric-key-length=256
#Encrypted data and encrypted symmetric key separator
mosip.kernel.data-key-splitter=#KEY_SPLITTER#
#GCM tag length
mosip.kernel.crypto.gcm-tag-length=128
#Hash algo name
mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512
#Symmtric key length used in hash
mosip.kernel.crypto.hash-symmetric-key-length=256
#No of iterations in hash
mosip.kernel.crypto.hash-iteration=100000
#Sign algo name
mosip.kernel.crypto.sign-algorithm-name=RS256
#Certificate Sign algo name
mosip.kernel.certificate.sign.algorithm=SHA256withRSA

#mosip.kernel.keymanager.hsm.config-path=local.p12
#mosip.kernel.keymanager.hsm.keystore-type=PKCS12
#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin}

#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE
mosip.kernel.keymanager.hsm.keystore-type=PKCS11
# For PKCS11 provide Path of config file.
# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name.
# For Offline & JCE property can be left blank, specified value will be ignored.
mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf
# Passkey of keystore for PKCS11, PKCS12
# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties.
mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin}

mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io
mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER
mosip.kernel.keymanager.certificate.default.organization=IITB
mosip.kernel.keymanager.certificate.default.location=BANGALORE
mosip.kernel.keymanager.certificate.default.state=KA
mosip.kernel.keymanager.certificate.default.country=IN

mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io
mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP
mosip.kernel.keymanager.softhsm.certificate.organization=IITB
mosip.kernel.keymanager.softhsm.certificate.country=IN

# Application Id for PMS master key.
mosip.kernel.partner.sign.masterkey.application.id=PMS
mosip.kernel.partner.allowed.domains=DEVICE

mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate
mosip.kernel.keymanager.jwtsign.validate.json=false
mosip.keymanager.dao.enabled=false
crypto.PrependThumbprint.enable=true