Closed jfernandezsqs closed 2 years ago
Dear @jfernandezsqs it shall be possible, via setting another environment variable in docker-compose and thus overwriting the properties entry here: https://github.com/International-Data-Spaces-Association/metadata-broker-open-core/blob/592303a5aa4092b771d886abd9b13ea2942a32f7/broker-core/src/main/resources/application.properties#L42 And for sure make sure the crt will be placed in the proper directory you are mounting locally (volumes entry).
I faced also some issues regarding DAT-validation of incoming messages, I couldn't figure our the problem's origin yet. Thus, I set daps.validateIncoming=
false` (https://github.com/International-Data-Spaces-Association/metadata-broker-open-core/blob/592303a5aa4092b771d886abd9b13ea2942a32f7/broker-core/src/main/resources/application.properties#L28)
I am not able of following your proposed solution:
I can not obtain the Metadata Broker self-description due to token not authenticated. I need to change and use our file daps.crt that is inside metadata-broker-open-core/docker/broker-core/
@jfernandezsqs Can you please elaborate if the updated daps.crt helped you to get rid of the 'NOT_AUTHENTICATED' error?
I can not verify if the daps.crt is correct becuase the "mvn clean package" command is not working. It is detailed in this issue https://github.com/International-Data-Spaces-Association/metadata-broker-open-core/issues/86 We need mvn clean package in order to set-up our local testbed
Now that mvn clean package
is working, I have tried it again with the following configuration:
daps.url=https://omejdn/token
isstbroker-keystore.jks
to use our certificates (provided by fraunhofer)
I also placed this isstbroker-keystore.jks
at /etc/idscert/localhost/
Next, I executed mvn clean package
and copied the broker-core/target/broker-core-5.0.0-SNAPSHOT.jar
inside docker/broker-core/
I change the daps.crt
to use the one that our local DAPS is using.I executed at docker/composefiles/broker-localhost/
the command docker-compose pull
I used the following docker-compose.yml file
version: '3'
services:
broker-reverseproxy:
image: registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/reverseproxy
container_name: broker-reverseproxy
volumes:
- /etc/idscert/localhost:/etc/cert/
# - c:/etc/idscert/localhost:/etc/cert/
ports:
- "444:443" # IDS-HTTP API
- "81:80"
broker-core:
image: registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/core
container_name: broker-core
volumes:
- /etc/idscert/localhost:/etc/cert/
#- c:/etc/idscert/localhost:/etc/cert/
restart: always
environment:
- SPARQL_ENDPOINT=http://broker-fuseki:3030/connectorData
- ELASTICSEARCH_HOSTNAME=broker-elasticsearch
- SHACL_VALIDATION=true
- DAPS_VALIDATE_INCOMING=true
- IDENTITY_JAVAKEYSTORE=/etc/cert/isstbroker-keystore.jks
- COMPONENT_URI=https://localhost/
- COMPONENT_CATALOGURI=https://localhost/connectors/
- JWKS_TRUSTEDHOSTS=daps.aisec.fraunhofer.de,omejdn
- DAPS_URL=https://omejdn/token
expose:
- "8080"
broker-fuseki:
image: registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/fuseki
container_name: broker-fuseki
volumes:
- broker-fuseki:/fuseki
expose:
- "3030"
volumes: broker-fuseki:
I deleted the image `registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/core` and build it from `docker/broker-core/` using the command `docker build -t registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/core .`
- Finally, I executed `docker-compose up'
When I try from the Dataspace connector to obtain the self-description of the Broker I get:
POST /api/ids/description
Recipient URL --> https://broker-reverseproxy/infrastructure
Response body:
{ "details": { "reason": { "properties": null, "@id": "https://w3id.org/idsa/code/NOT_AUTHENTICATED" }, "payload": "An error occurred while verifying your token", "type": "de.fraunhofer.iais.eis.RejectionMessageImpl" }, "message": "Received unexpected response message." }
These are the Metadata broker logs
Creating broker-core ... done Creating broker-reverseproxy ... done Creating broker-fuseki ... done Attaching to broker-core, broker-reverseproxy, broker-fuseki broker-core | Starting Spring boot app broker-core | ARGS=-Djava.security.egd=file:/dev/./urandom -Dsparql.url=http://broker-fuseki:3030/connectorData -Delasticsearch.hostname=broker-elasticsearch -Ddaps.validateIncoming=true -Dinfomodel.validateWithShacl=true -Dcomponent.uri=https://localhost/ -Dssl.javakeystore=/etc/cert/isstbroker-keystore.jks -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005 broker-core | Listening for transport dt_socket at address: 5005 broker-reverseproxy | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration broker-reverseproxy | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ broker-reverseproxy | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh broker-reverseproxy | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf broker-reverseproxy | 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf broker-reverseproxy | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh broker-reverseproxy | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh broker-reverseproxy | /docker-entrypoint.sh: Configuration complete; ready for start up broker-core | SLF4J: No SLF4J providers were found. broker-core | SLF4J: Defaulting to no-operation (NOP) logger implementation broker-core | SLF4J: See http://www.slf4j.org/codes.html#noProviders for further details. broker-fuseki | [2022-02-18 16:12:19] Server INFO Apache Jena Fuseki 3.14.0 broker-fuseki | [2022-02-18 16:12:19] Config INFO FUSEKI_HOME=/jena-fuseki broker-fuseki | [2022-02-18 16:12:19] Config INFO FUSEKIBASE=/fuseki broker-fuseki | [2022-02-18 16:12:19] Config INFO Shiro file: file:///fuseki/shiro.ini broker-core | broker-core | . ____ broker-core | /\ / __' () _ \ \ \ \ broker-core | ( ( )__ | ' | '| | ' \/ _` | \ \ \ \ broker-core | \/ _)| |)| | | | | || (| | ) ) ) ) broker-core | ' |__| .|| ||| |\, | / / / / broker-core | =========|_|==============|__/=//// broker-core | :: Spring Boot :: (v2.1.16.RELEASE) broker-core | broker-fuseki | [2022-02-18 16:12:20] Config INFO Configuration file: /fuseki/config.ttl broker-fuseki | [2022-02-18 16:12:20] Config INFO Load configuration: file:///fuseki/configuration/connectorData.ttl broker-fuseki | [2022-02-18 16:12:20] Config INFO Register: /connectorData broker-fuseki | [2022-02-18 16:12:20] Server INFO Started 2022/02/18 16:12:20 UTC on port 3030 broker-core | Feb 18, 2022 4:12:23 PM org.apache.catalina.core.StandardService startInternal broker-core | INFO: Starting service [Tomcat] broker-core | Feb 18, 2022 4:12:23 PM org.apache.catalina.core.StandardEngine startInternal broker-core | INFO: Starting Servlet engine: [Apache Tomcat/9.0.37] broker-core | Feb 18, 2022 4:12:23 PM org.apache.catalina.core.ApplicationContext log broker-core | INFO: Initializing Spring embedded WebApplicationContext broker-fuseki | [2022-02-18 16:12:26] Fuseki INFO [1] GET http://broker-fuseki:3030/connectorData/sparql?query=ASK+WHERE+%7B+GRAPH+%3Chttps%3A%2F%2Fbroker.ids.isst.fraunhofer.de%2Fadmin%3E+%7B%3Fs+%3Fp+%3Fo+.%7D+%7D broker-fuseki | [2022-02-18 16:12:26] Fuseki INFO [1] Query = ASK WHERE { GRAPH https://broker.ids.isst.fraunhofer.de/admin {?s ?p ?o .} } broker-fuseki | [2022-02-18 16:12:26] Fuseki INFO [1] 200 OK (70 ms) broker-core | Feb 18, 2022 4:12:33 PM org.apache.catalina.core.ApplicationContext log broker-core | INFO: Initializing Spring DispatcherServlet 'dispatcherServlet' broker-reverseproxy | 172.21.0.1 - - [18/Feb/2022:16:12:34 +0000] "GET / HTTP/1.1" 200 2802 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0" broker-reverseproxy | 172.21.0.3 - - [18/Feb/2022:16:12:48 +0000] "POST /infrastructure HTTP/1.1" 200 2662 "-" "okhttp/4.9.3"
daps.crt was not set-up correctly. Fixed.
I have deployed an omejdnDAPS, a DSC version 7.0.1 and the latest version of the metadata broker in my local environment. The issue is that the broker is not authenticating our local DAPS. With a previous release of the metadata broker, in order to set-up it we used the command "mvn clean package" to create a broker-core-4.2.8-SNAPSHOT.jar with the correct files configured (broker-core/src/main/resources/isstbroker-keystore.jks and application.properties with daps.url specified).
Currently, the "mvn clean package" is not working with the latest version of the metadata broker. I used this in order to create our "registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/core" image.
Now, with the docker-compose.yml file which is at (https://github.com/International-Data-Spaces-Association/metadata-broker-open-core/tree/master/docker/composefiles/broker-localhost) I can configure properly the DAPS_URL and the IDENTITY_JAVAKEYSTORE
When I try to obtain the description of the metadatabroker from the Dataspace Connector it gives the following error:
Is it possible to introduce/configure in the docker-compose.yml our own daps.crt? This file is located at (https://github.com/International-Data-Spaces-Association/metadata-broker-open-core/tree/master/docker/broker-core) and I assume that this is the problem why the broker is not authenticating our local DAPS. Waiting for your response, thanks in advance.