eu-digital-green-certificates / dgca-businessrule-service Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
dgca-businessrule-service's People
Contributors
Stargazers
Watchers
Forkers
vsually corona-warn-app ixtlan-team psavva prathanbomb chotrawee bcanozgur sceik xholagx jamiejackherer burkuscat jmalej m0nk3yz bbogyo bos198828 courobin christianjara notfrannco isabella232dgca-businessrule-service's Issues
DGCA Business Service Fails to start when DGC Gateway Connector Enabled Flag is set to False
When Setting the DGC Gateway Connector to False (dgc.connector.enabled=false), the DGCA Business Service Fails to start with the exception that the GatewayDataDownloadService bean is not available...
Release 1.1.5 fails to start
We've been running release 1.1.4 of businessrule service in prod since 17/12/2021.
After trying to upgrade to release 1.1.5 yesterday, our deployment fails to start with the following exception:
2022-06-17 10:10:27.133 INFO 7 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.PostgreSQLDialect
2022-06-17 10:10:28.413 ERROR 7 --- [ main] j.LocalContainerEntityManagerFactoryBean : Failed to initialize JPA EntityManagerFactory: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.tool.schema.spi.SchemaManagementException: Schema-validation: wrong column type encountered in column [raw_data] in table [business_rules]; found [text (Types#VARCHAR)], but expecting [oid (Types#CLOB)]
2022-06-17 10:10:28.414 WARN 7 --- [ main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.tool.schema.spi.SchemaManagementException: Schema-validation: wrong column type encountered in column [raw_data] in table [business_rules]; found [text (Types#VARCHAR)], but expecting [oid (Types#CLOB)]
2022-06-17 10:10:28.414 INFO 7 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown initiated...
2022-06-17 10:10:28.425 INFO 7 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown completed.
2022-06-17 10:10:28.428 INFO 7 --- [ main] o.apache.catalina.core.StandardService : Stopping service [Tomcat]
2022-06-17 10:10:28.451 INFO 7 --- [ main] ConditionEvaluationReportLoggingListener :
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2022-06-17 10:10:28.478 ERROR 7 --- [ main] o.s.boot.SpringApplication : Application run failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.tool.schema.spi.SchemaManagementException: Schema-validation: wrong column type encountered in column [raw_data] in table [business_rules]; found [text (Types#VARCHAR)], but expecting [oid (Types#CLOB)]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1804)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:620)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1154)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:908)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:145)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:730)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:412)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:302)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1301)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1290)
at eu.europa.ec.dgc.businessrule.DgcBusinessRuleServiceApplication.main(DgcBusinessRuleServiceApplication.java:45)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88)
Caused by: javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.tool.schema.spi.SchemaManagementException: Schema-validation: wrong column type encountered in column [raw_data] in table [business_rules]; found [text (Types#VARCHAR)], but expecting [oid (Types#CLOB)]
at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.buildNativeEntityManagerFactory(AbstractEntityManagerFactoryBean.java:421)
at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.afterPropertiesSet(AbstractEntityManagerFactoryBean.java:396)
at org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean.afterPropertiesSet(LocalContainerEntityManagerFactoryBean.java:341)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1863)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1800)
... 24 common frames omitted
Caused by: org.hibernate.tool.schema.spi.SchemaManagementException: Schema-validation: wrong column type encountered in column [raw_data] in table [business_rules]; found [text (Types#VARCHAR)], but expecting [oid (Types#CLOB)]
at org.hibernate.tool.schema.internal.AbstractSchemaValidator.validateColumnType(AbstractSchemaValidator.java:167)
at org.hibernate.tool.schema.internal.AbstractSchemaValidator.validateTable(AbstractSchemaValidator.java:151)
at org.hibernate.tool.schema.internal.GroupedSchemaValidatorImpl.validateTables(GroupedSchemaValidatorImpl.java:42)
at org.hibernate.tool.schema.internal.AbstractSchemaValidator.performValidation(AbstractSchemaValidator.java:97)
at org.hibernate.tool.schema.internal.AbstractSchemaValidator.doValidation(AbstractSchemaValidator.java:76)
at org.hibernate.tool.schema.spi.SchemaManagementToolCoordinator.performDatabaseAction(SchemaManagementToolCoordinator.java:200)
at org.hibernate.tool.schema.spi.SchemaManagementToolCoordinator.process(SchemaManagementToolCoordinator.java:81)
at org.hibernate.internal.SessionFactoryImpl.<init>(SessionFactoryImpl.java:335)
at org.hibernate.boot.internal.SessionFactoryBuilderImpl.build(SessionFactoryBuilderImpl.java:471)
at org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl.build(EntityManagerFactoryBuilderImpl.java:1498)
at org.springframework.orm.jpa.vendor.SpringHibernateJpaPersistenceProvider.createContainerEntityManagerFactory(SpringHibernateJpaPersistenceProvider.java:58)
at org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean.createNativeEntityManagerFactory(LocalContainerEntityManagerFactoryBean.java:365)
at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.buildNativeEntityManagerFactory(AbstractEntityManagerFactoryBean.java:409)
... 28 common frames omitted
We are running the service in a Kubernetes environment, using the docker images from this repository
Reverting to 1.1.4 show now issue and the deployment correctly starts up.
Can someone reproduce this issue?
Implement local storage for country list
Setup a spring boot Service
Setup a spring boot service and integrate the modified dcc-lib.
Provide the routes for:
GET /rules/{country}
GET /rules which should return an signed list like:
Header X-SIGNATURE .....(ECDSA)
[
{
"co":"DE",
"hash":"h33hdh2323..." (SHA256)
},
...
]
GET /rules/{hash} --> JSON
GET /valuesets
Header X-SIGNATURE .....(ECDSA)
[
{
"id":"disease-agent-targeted",
"hash":"h33hdh2323..." (SHA256)
},
...
]
GET /valuesets/{hash} (not signed)
The service needs an small service which is able to sign the bundled lists before return it by the get methods.
To provide a full list of onboarded countries, add a /countrylist route.
Add signature for responses
The responses of the following routes should include a header with a ECDSA signature.
/rules
/countrylist
/valuesets
Please add to the service an ECDSA signature for the trust lists and a public key route to get the public key E.g. /publickey
The service should contain an signing interface that it's possible to replace it with other signing services. For instance hashicorp or an HSM.
The header should be X-Signature which contains the ECDSA Signature in BASE64 Encoding.
EC Curve is P256 (with SHA256 or "SHA256WITHECDSA" in Bouncycastle).
Implement download of business rules from the gateway
Activate Caching
The request for a special hash should be answered from the cache. Please evaluate if spring boot standard caching can solve that ( https://spring.io/guides/gs/caching/)
Inconsistency between API call responses
The following problem was reported on the internal demo deployment of the Greek infrastructure.
Describe the bug
API call 1: GET /valuesets --> returns a list of (id, hash)
API call 2: GET /valuesets/{hash} --> returns info about a valueset.
The hash for the "covid-19-lab-test-manufacturer-and-name" valueset is returned in API call 1, but when we query for its has wth API call 2, we get this response:
{
"code": "0x001",
"problem": "Possible reasons: The provided hash value is not correct",
"sendValue": "<sniped>",
"details": ""
}
Expected behaviour
Every other hash in the list returned by API call 1, also produces a good response from API call 2,
Technical details
We have deployed the provided container image and deployed on k8s.
Can you guide us to fix the problem? Is it a bug or a misconfiguration?
Fail to upload rules
How Upload rules?
I'm using this script https://github.com/eu-digital-green-certificates/dgca-businessrule-service/tree/main/scripts, but on the server I get the following logs:
o.s.web.servlet.PageNotFound : Request method 'POST' not supported
so, how upload our rules?
Trust-List vs Trust Anchor vs TLS Trust List
I am having trouble understanding what the usage of application-jks-signing.yml and if/why I should configure it.
In the EU DCC solution, we have the TLS Trust List, and the DGC Gateway which acts as the Trust Anchor.
Why do we have the addition of the Trust-List in the above mentioned file?
The specific feature: #22
mentions issue #10 which again describe a technical requirement, and not really a business requirement, and why it should be included... "The responses of the following routes should include a header with a ECDSA signature"
Should the signature included not be that of the Trust-List, which is all ready defined in application.yml
trust-anchor:
alias: ta
password: dgcg-p4ssw0rd
path: classpath:trust_anchor.jks
Please help me understand this better as for us to configure it correctly for Cyprus.
Please note that the dockerfile has also not been updated to reflect the change introduced:
\https://github.com/eu-digital-green-certificates/dgca-businessrule-service/blob/main/docker-compose.yml
endpoint return 404 error
Describe the bug
The endpoint https://dgca-businessrule-service-eu-acc.cfapps.eu10.hana.ondemand.com/rules is returning 404 error.
The endpoint are declared in file dgca-verifier-app-android/app/src/acc/assets/verifier-context.jsonc
The APP is not working because it hasn't the certificates.
Expected behaviour
Return the json response with all the country rules
Steps to reproduce the issue
Open the browser
Navigate to https://dgca-businessrule-service-eu-acc.cfapps.eu10.hana.ondemand.com/rules
Technical details
Any
Possible Fix
Fix the endpoint
`calcuateHash` strips two leading zeros resulting in incorrect hash value
Please, see the #53 in dgc-lib as the exact same bug is present in here and also here.
Implement download of country list
Create local storage for business rules
Store the downloaded rules inside the service
Implement download of Valuesets from the gateway
Create Api Doc
TLS1.2 for Maven
As of 18th June, TLS1.1 was been deprecated.
https://central.sonatype.org/faq/tls-info/
Can I suggest we do the following:
Create a folder .mvn
Create a file .\mvn\jvm.config
with the content: "-Dhttps.protocols=TLSv1.2"
I can issue a PR to all the JAVA repos if you agree. This will help with controlling the TLS versions used in the repos.
Best Regards
Panayiotis Savva
checkTrustAnchorSignature unimplemented and unused
The checkTrustAnchorSignature method in GatewayDataDownloadBtpServiceImpl is unimplemented but returns true. Furthermore the method is unused.
It is possible that this functionality does not need to verify the trust anchor signatures to work securely or that it is done elsewhere but this is still a big code smell and should be handled. (Returning true from a signature verification method that is not implemented is just dangerous!)
Add caching for request endpoints
Create / Update Service Documentation
Remove Sample Data
When the download functionality is working remove the provided sample data (mock data)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.