Skip to content

Latest commit

 

History

History
291 lines (228 loc) · 17.7 KB

FRS-Common-Services.md

File metadata and controls

291 lines (228 loc) · 17.7 KB

Table Of Contents

Common Services

1. OTP Manager [↑]

A. OTP Generation

  1. OTP Manager Component handles OTP Generation and OTP Validation
  2. For OTP Generation, system receives a request to generate an OTP along with a Key in input parameter.
  3. This Key can be a Mobile number, Email ID or a combination of Mobile Number and Email ID.
  4. The component generates an OTP as per the configured length and responds back with the OTP to the source. OTP manager maps an expiry period with the OTP as configured by the Admin.

B. OTP Validation

  1. For OTP Validation, system receives a request to validate an OTP with a Key and OTP in input parameter.

  2. The component validates the OTP against the expiry and then validates the OTP against the Key if the OTP is not expired.

  3. If the OTP is not expired and is valid against the Key, it will respond with message “Valid” else responds with “Invalid”.

  4. A user will have a maximum configured number of tries to get the OTP wrong after which he/she will be blocked for a configured amount of time. During this blocked period, he/she cannot generate or validate another OTP.

Link to design

2. QR Code Generator [↑]

QR code generator takes the content received along with the version number and converts the content into a QR code. The version number is configurable and determines how much data a QR code can store. The more the version number, the more data can be stored in a QR Code.

Link to design

3. Crypto Services [↑]

3.1 Cryptography Services [↑]

Crypto service encrypts or decrypts data across MOSIP with the help of Public/Private Keys.

A. For Encryption

The Crypto Service receives a request from an application with input parameters – Application ID, Reference ID, Timestamp and the Data which needs to be encrypted. The Service then calls the Key Generator API to get a symmetric Key and encrypts the data using that symmetric Key.

The Service then calls the Key Manager Service with the Application ID and Timestamp received in the input parameters and gets the public key.

The Service then encrypts the symmetric key using the Public key and joins the Encrypted data and Encrypted Symmetric Key using a Key splitter and respond to the source with the joined data.

B. For Decryption

The Crypto Service will receive a request from an application with input parameters – Application ID, Reference ID, Timestamp and Data that needs to be decrypted.

The Application ID received will be the one, which was sent for encryption of data in the above flow.

The Crypto Service then splits the received data into Encrypted Content and Encrypted Symmetric Key using the Key Splitter and then calls the Key Manager Service with the Encrypted Symmetric Key, Application ID and Timestamp to decrypt the data using private key.

The Key Manager instead of responding with the private key, decrypts the symmetric itself and send it back to the crypto service. The service then uses this symmetric key to decrypt data and send the decrypted data back to the source.

Link to design

3.2 Key Generator [↑]

A. Generate a Symmetric Key

Upon receiving a request to generate symmetric key pair the system generates a key pair (public and private key) as defined below and responds with the symmetric key

  • The symmetric key generated supports AES algorithm
  • The symmetric key generated is of 256 bit size
  • The symmetric will be returned as a byte array

B. Generate an Asymmetric Key

Upon receiving a request to generate asymmetric key pair the system generates a key pair (public and private key) as defined below and responds with the Asymmetric key

  • The asymmetric key pair is generated using the RSA encryption
  • The asymmetric key pair generated is of 2048 bit size
  • The asymmetric is returned as a byte array

Link to design

3.3 Key Management [↑]

  1. The Key Manager Service works together with the Crypto Service.
  2. It receives a request from Crypto Service from Public Key with the Application ID and Timestamp.
  3. Key Manager Service then sends a valid Public key against the application ID received to Crypto Service.
  4. In case, the public key is expired against that Application ID, it will generate a new Public Key and respond with it.
  5. When there is a request to decrypt data, the private key of the application id or reference id is used. The Key manager will not respond with Private Key but instead takes the encrypted data from the source and decrypts it itself and responds with decrypted content

Link to design

3.4 Crypto Utility [↑]

The crypto utility is supports encryption and decryption. It provides a utility called as key splitter which performs following functions

  1. It combines the encrypted data and encrypted the symmetric key while sending encrypted content to the source
  2. It also splits the encrypted data and encrypted the symmetric key while receiving the content for decryption

3.5 Hash Utility [↑]

  1. Identifies hash util methods
  2. Creates wrapper class for methods defined in apache-commons hash util
  3. Raises an alert in case of listed

3.6 HMAC Utility/Checksum Utility [↑]

A HMAC/checksum function is a way to create a compact representation of an arbitrarily large amount of data

4. Notification [↑]

4.1 OTP Notification Services [↑]

  1. OTP Notification Services is a combined service, which receives a request to generate an OTP and responds directly to the User using SMS or Email Notification.
  2. The service receives a request to generate and send OTP with User ID, OTP Channel (MOBILE and/or EMAIL), Template Variables, and Template Context (SMS and/or Email).
  3. It then calls OTP Generator Service to generate an OTP against a Key (Mobile Number or Email).
  4. It calls the Template Merger Service to merge OTP with the Template (SMS and/or Email).
  5. It calls SMS and/or Email Notification Service to send the notification as per the template.
  6. The choice of sending SMS and/or Email depends on the Notification Type Flag received in Input.
  7. The system responds with the error message if a particular User ID does not have an Email or Mobile number registered against it if the otp channel received is Email or Mobile number respectively

4.2 Email Notification [↑]

  1. This service triggers an Email Notification upon receiving a request to trigger notification with Recipient Email-ID, CC Recipients Email-IDs, Subject, Email Content, and Attachment as input parameter.
  2. The restriction on Attachment and its size is configurable.
  3. The Third-Party Email Vendor is configurable and any country specific vendor can be used.

Link to design

4.3 SMS Notification [↑]

This service triggers an SMS Notification upon receiving a request to trigger notification with Phone Number and Content as input parameter. The third-party SMS Vendor is configurable and any country specific vendor can be used.

Link to design

4.4 PDF Generator [↑]

This utility enables creation of PDF from the content received. It will receive a content in input parameter, convert it into a PDF document, and respond with it to the source.

PDF Generator also supports the feature to generate a Password Protected PDF with an additional input parameter “Password”, which is an optional parameter.

NOTE: If a Password is not received, then PDF Generator will generate the PDF of received content without the password protection.

Link to design

4.5 Template Merger [↑]

This utility merges a Template with Placeholders with the dynamic values to form the content to be sent as Notifications or Acknowledgement. The Utility will receive a template and dynamic values from a source. It will merge the values and template and respond with the processed content.

Link to design

5. Transliteration [↑]

MOSIP system can facilitate transliteration by integrating with a third party service provider. Receive a request for transliteration with the required input parameters (Word, Input Language Code, and Output Language Code)

  1. Validates if all required input parameters have been received as listed below for each specific request
    • User Input Word - Mandatory
    • Input Language Code - Mandatory
    • Output Language Code - Mandatory
  2. Transliterates the Word received from Input Language to Output Language
  3. In case of Exceptions, system triggers relevant error messages.

Link to design

6. MOSIP Utils [↑]

6.1 Mobile Data Validator [↑]

Upon receiving a request to validate a mobile number against configured mobile number policy, the system validates the mobile number against the policy

  1. Validates if all required input parameters have been received as listed below for each specific request
    • Mobile number
  2. Validates if the mobile no. against the following policies
    • Mobile no. should contain no of digits configured by the ADMIN
    • Mobile no. should only be numerical.
  3. In case of Exceptions, system should trigger relevant error messages. Refer “Messages” section
  4. Responds to the source with the result (Valid/Invalid)
  5. Raises an alert in case of exceptions.

6.2 Email Data Validator [↑]

Upon receiving a request to validate an Email ID against the standard Email ID policy, system validates the Email ID against the Standard Email ID format

  1. Validates if all required input parameters have been received as listed below for each specific request

    • Email ID

  2. Validates if the Email ID contains the minimum no. of characters as configured

  3. Validates if the Email ID contains less than 254 max length

  4. Validates if the Email ID only contains following characters

    • Digits 0 to 9
    • Uppercase and lowercase English letters (a–z, A–Z)
    • Characters ! # $ % & ' * + - / = ? ^ _ ` { | }
    • ~ .

  5. Validates if the Email ID contains "@" and domain name within the Email ID.

  6. Responds to the source with the result (Valid/Invalid)

  7. Raises an alert in case of exceptions

Design Link to mobile and email data validator

6.3 Exception Framework [↑]

MOSIP system provides base exception framework.

6.4 Calendar Utility [↑]

  1. Identifies Calendar util methods
  2. Creates wrapper class for methods defined in apache-commons Calendar util
  3. Raises an alert in case of listed exceptions

6.5 Date Utility [↑]

  1. Identifies File util methods
  2. Creates wrapper class for methods defined in apache-commons date and time util
  3. Raises an alert in case of listed exceptions

6.6 File Utility [↑]

  1. Identifies File util methods
  2. Creates wrapper class for methods defined in apache-commons File util
  3. Raises an alert in case of listed exceptions

6.7 Json Utility [↑]

  1. Identifies Json util methods
  2. Creates wrapper class for methods defined in apache-commons Json util
  3. Raises an alert in case of listed exceptions

6.8 Math Utility [↑]

  1. Identifies Math util methods
  2. Creates wrapper class for methods defined in apache-commons Math util
  3. Raises an alert in case of listed exceptions

6.9 String Utility [↑]

  1. Identifies String util methods
  2. Creates wrapper class for methods defined in apache-commons String util
  3. Raises an alert in case of listed exceptions

6.10 UUID Utility [↑]

  1. Upon receiving a request to generate UUID the system generates UUID as per default UUID generation logic
  2. UUID generated should be as per UUID Version 5
  3. UUID generated should be of 36 characters (32 alphanumeric characters and four hyphens e.g. 123e4567-e89b-12d3-a456-426655440000)
  4. Any application in MOSIP can use this UUID utility
  5. Responds with the UUID to the source
  6. Raises an alert in case of listed exceptions

Link to design

6.11 Zip-Unzip Utility [↑]

  1. Identifies Zip-Unzip util methods
  2. Creates wrapper class for methods defined in apache-commons Zip-Unzip util
  3. Raises an alert in case of listed exceptions

Link to design for Utilities

6.12 Log Utility [↑]

  1. Generate logs across the application
  2. Store generated logs in configured location
  3. Raises an alert in case of listed exceptions

Link to design for Utilities

6.13 ID Object Validator Utility [↑]

  1. Validate the Attributes in ID object against the Pre-Defined pattern and Master data values
    • Validate Gender Types against country defined Masterdata
    • Validate Document Categories against country defined Masterdata
    • Validate Document Types country against defined Masterdata
    • Validate Location and Location hierarchy against country defined Masterdata
    • Validate Date of Birth against country configured pattern
    • Validate Phone Number against country configured pattern
    • Validate Email ID against country configured pattern
    • Validate Age against country configured pattern
    • Validate Full Name against country configured pattern
    • Validate Address line 1,2 and 3 against country configured pattern
    • Validate Reference Identity Number against country configured pattern
    • Validate Country Code against country configured pattern
  2. Respond with proper error messages in case of any validation faliure

7 Virus Scanner [↑]

Virus Scanner utility allows for virus scanning across MOSIP at various places. This includes:

  1. Scanning of Document uploaded in Pre-registration
  2. Scanning in Registration Client Software
  3. Scanning of Registration packet in Registration Processor

Currently for Virus Scanner, MOSIP has integrated with Clam Antivirus which allows for 290 concurrent users. A Country may integrate their own Licensed version of antivirus as per their requirement.

List of Configurable Parameters and Processes [↑]

  1. Configurable Parameters

    Link to Configurable Parameters of Kernel

    Link to Kernel Application Properties

  2. Configurable Processes

  • (Work in Progress)

Kernel API [↑]

Refer to Wiki for more details on Kernel API