Skip to content
This repository has been archived by the owner on Dec 3, 2021. It is now read-only.

alphagov/di-ipv-alpha-atp-dcs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits

gradle/wrapper

gradle/wrapper

 
 

scripts

scripts

 
 

src

src

 
 

.cfignore

.cfignore

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.gradle

build.gradle

 
 

gradlew

gradlew

 
 

gradlew.bat

gradlew.bat

 
 

manifest.yml

manifest.yml

 
 

settings.gradle

settings.gradle

 
 

Repository files navigation

di-ipv-atp-dcs

The attribute provider for DCS (Document Checking Service).

Running locally

First generate some test keys if not using DCS:

./scripts/generate-key-pair-for-dev.sh

Then build or run the service with gradle by either executing bootRun task or build.

Paths

Path Description
/process Expects a POST request with some JSON data. This will pack and wrap the data and send it off to DCS. Then it will return an outcome of DCS response.
/checks/passport A mock endpoint to emulate DCS whilst we await to set up certificates with DCS.

How it works

Request

The service expects a POST request to /process path, it expects the following data in the request body:

POST /process
{
  passportNumber: string,
  surname: string,
  forenames: [string],
  dateOfBirth: string(format: yyyy-MM-dd'T'HH:mm:ss),
  expiryDate: string(format: yyyy-MM-dd'T'HH:mm:ss)
}

Internal

This will then proceed to wrap the data as defined in DCS. Currently, this service emulates the DCS endpoint due to not having certificates set up with DCS.

The service calls an internal endpoint /checks/passport, which proceeds to unwrap the packet, extract data and then wrap a new data packet in the same fashion as DCS would.

There is a mock package within the source that mocks the DCS side, this will be removed once we set up some keys for DCS.

Keys

The keys and certificates are currently packaged as part of the executable JAR. This will change once we get actual pipelines and PKI set up.

Response

The ATP service will respond with a JWS, where the ATP signs the data with its private key for the IPV.

Sample JWS payload below:

{
  passportValid: boolean,
  errorMessages: [string] | null,
}

Currently, the response is returned as a plain text response with the JWS.

DCS

This service takes a JSON input, and wraps it in a JWS packet consisting of signed, encrypted and signed again data.

+-------------+   1    +-------------+   2    +-----------------+   3    +-----------------+
| JSON Object | +----> | JSON Object | +----> | +-------------+ | +----> | +-------------+ |
+-------------+  JWS   +-------------+  JWE   | | JSON Object | |  JWS   | | JSON Object | |
                       |   Signed    |        | +-------------+ |        | +-------------+ |
                       +-------------+        | |   Signed    | |        | |   Signed    | |
                                              | +-------------+ |        | +-------------+ |
                                              |    Encrypted    |        |    Encrypted    |
                                              +-----------------+        +-----------------+
                                                                         |     Signed      |
                                                                         +-----------------+

Useful Links

About

No description or website provided.

Topics

digital-identity

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

2 stars

Watchers

21 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages