From 3275a63b9993655a8be7152d0e1ae34b2a820c17 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Mon, 27 Jun 2022 15:35:20 +0200 Subject: [PATCH 1/6] Fix #148: Add auditing tables to PowerAuth server image --- deploy/data/postgresql/powerauth-server.sql | 93 ++++++++++++++------ deploy/data/postgresql/powerauth-webflow.sql | 2 +- 2 files changed, 68 insertions(+), 27 deletions(-) diff --git a/deploy/data/postgresql/powerauth-server.sql b/deploy/data/postgresql/powerauth-server.sql index 5b9d1fe..5550c11 100644 --- a/deploy/data/postgresql/powerauth-server.sql +++ b/deploy/data/postgresql/powerauth-server.sql @@ -266,6 +266,35 @@ CREATE TABLE shedlock ( locked_by VARCHAR(255) NOT NULL ); +-- +-- Create audit log table. +-- +CREATE TABLE audit_log ( + audit_log_id VARCHAR(36) PRIMARY KEY, + application_name VARCHAR(256) NOT NULL, + audit_level VARCHAR(32) NOT NULL, + audit_type VARCHAR(256), + timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + message TEXT NOT NULL, + exception_message TEXT, + stack_trace TEXT, + param TEXT, + calling_class VARCHAR(256) NOT NULL, + thread_name VARCHAR(256) NOT NULL, + version VARCHAR(256), + build_time TIMESTAMP +); + +-- +-- Create audit parameters table. +-- +CREATE TABLE audit_param ( + audit_log_id VARCHAR(36), + timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + param_key VARCHAR(256), + param_value VARCHAR(4000) +); + -- -- Ref Constraints for Table PA_ACTIVATION -- @@ -328,57 +357,69 @@ ALTER TABLE pa_operation ADD CONSTRAINT operation_application_fk FOREIGN KEY (ap --- Indexes for better performance. PostgreSQL does not create indexes on foreign key automatically. --- -CREATE INDEX PA_ACTIVATION_APPLICATION ON PA_ACTIVATION(APPLICATION_ID); +CREATE INDEX pa_activation_application ON pa_activation(application_id); + +CREATE INDEX pa_activation_keypair ON pa_activation(master_keypair_id); -CREATE INDEX PA_ACTIVATION_KEYPAIR ON PA_ACTIVATION(MASTER_KEYPAIR_ID); +CREATE INDEX pa_activation_code ON pa_activation(activation_code); -CREATE INDEX PA_ACTIVATION_CODE ON PA_ACTIVATION(ACTIVATION_CODE); +CREATE INDEX pa_activation_user_id ON pa_activation(user_id); -CREATE INDEX PA_ACTIVATION_USER_ID ON PA_ACTIVATION(USER_ID); +CREATE INDEX pa_activation_history_act ON pa_activation_history(activation_id); -CREATE INDEX PA_ACTIVATION_HISTORY_ACT ON PA_ACTIVATION_HISTORY(ACTIVATION_ID); +CREATE INDEX pa_activation_history_created ON pa_activation_history(timestamp_created); -CREATE INDEX PA_ACTIVATION_HISTORY_CREATED ON PA_ACTIVATION_HISTORY(TIMESTAMP_CREATED); +CREATE INDEX pa_application_version_app ON pa_application_version(application_id); -CREATE INDEX PA_APPLICATION_VERSION_APP ON PA_APPLICATION_VERSION(APPLICATION_ID); +CREATE INDEX pa_master_keypair_application ON pa_master_keypair(application_id); -CREATE INDEX PA_MASTER_KEYPAIR_APPLICATION ON PA_MASTER_KEYPAIR(APPLICATION_ID); +CREATE UNIQUE INDEX pa_app_version_app_key ON pa_application_version(application_key); -CREATE UNIQUE INDEX PA_APP_VERSION_APP_KEY ON PA_APPLICATION_VERSION(APPLICATION_KEY); +CREATE INDEX pa_app_callback_app ON pa_application_callback(application_id); -CREATE INDEX PA_APP_CALLBACK_APP ON PA_APPLICATION_CALLBACK(APPLICATION_ID); +CREATE UNIQUE INDEX pa_integration_token ON pa_integration(client_token); -CREATE UNIQUE INDEX PA_INTEGRATION_TOKEN ON PA_INTEGRATION(CLIENT_TOKEN); +CREATE INDEX pa_signature_audit_activation ON pa_signature_audit(activation_id); -CREATE INDEX PA_SIGNATURE_AUDIT_ACTIVATION ON PA_SIGNATURE_AUDIT(ACTIVATION_ID); +CREATE INDEX pa_signature_audit_created ON pa_signature_audit(timestamp_created); -CREATE INDEX PA_SIGNATURE_AUDIT_CREATED ON PA_SIGNATURE_AUDIT(TIMESTAMP_CREATED); +CREATE INDEX pa_token_activation ON pa_token(activation_id); -CREATE INDEX PA_TOKEN_ACTIVATION ON PA_TOKEN(ACTIVATION_ID); +CREATE INDEX pa_recovery_code_code ON pa_recovery_code(recovery_code); -CREATE INDEX PA_RECOVERY_CODE_CODE ON PA_RECOVERY_CODE(RECOVERY_CODE); +CREATE INDEX pa_recovery_code_app ON pa_recovery_code(application_id); -CREATE INDEX PA_RECOVERY_CODE_APP ON PA_RECOVERY_CODE(APPLICATION_ID); +CREATE INDEX pa_recovery_code_user ON pa_recovery_code(user_id); -CREATE INDEX PA_RECOVERY_CODE_USER ON PA_RECOVERY_CODE(USER_ID); +CREATE INDEX pa_recovery_code_act ON pa_recovery_code(activation_id); -CREATE INDEX PA_RECOVERY_CODE_ACT ON PA_RECOVERY_CODE(ACTIVATION_ID); +CREATE UNIQUE INDEX pa_recovery_code_puk ON pa_recovery_puk(recovery_code_id, puk_index); -CREATE UNIQUE INDEX PA_RECOVERY_CODE_PUK ON PA_RECOVERY_PUK(RECOVERY_CODE_ID, PUK_INDEX); +CREATE INDEX pa_recovery_puk_code ON pa_recovery_puk(recovery_code_id); -CREATE INDEX PA_RECOVERY_PUK_CODE ON PA_RECOVERY_PUK(RECOVERY_CODE_ID); +CREATE UNIQUE INDEX pa_recovery_config_app ON pa_recovery_config(application_id); -CREATE UNIQUE INDEX PA_RECOVERY_CONFIG_APP ON PA_RECOVERY_CONFIG(APPLICATION_ID); +CREATE UNIQUE INDEX pa_application_name ON pa_application(name); -CREATE UNIQUE INDEX PA_APPLICATION_NAME ON PA_APPLICATION(NAME); +CREATE INDEX pa_operation_user ON pa_operation(user_id); -CREATE INDEX PA_OPERATION_USER ON PA_OPERATION(USER_ID); +CREATE INDEX pa_operation_ts_created_idx ON pa_operation(timestamp_created); -CREATE INDEX PA_OPERATION_TS_CREATED_IDX ON PA_OPERATION(TIMESTAMP_CREATED); +CREATE INDEX pa_operation_ts_expires_idx ON pa_operation(timestamp_expires); -CREATE INDEX PA_OPERATION_TS_EXPIRES_IDX ON PA_OPERATION(TIMESTAMP_EXPIRES); +CREATE INDEX pa_operation_template_name_idx ON pa_operation_template(template_name); -CREATE INDEX PA_OPERATION_TEMPLATE_NAME_IDX ON PA_OPERATION_TEMPLATE(TEMPLATE_NAME); +-- +-- Audit log indexes. +-- +CREATE INDEX audit_log_timestamp ON audit_log (timestamp_created); +CREATE INDEX audit_log_application ON audit_log (application_name); +CREATE INDEX audit_log_level ON audit_log (audit_level); +CREATE INDEX audit_log_type ON audit_log (audit_type); +CREATE INDEX audit_param_log ON audit_param (audit_log_id); +CREATE INDEX audit_param_timestamp ON audit_param (timestamp_created); +CREATE INDEX audit_param_key ON audit_param (param_key); +CREATE INDEX audit_param_value ON audit_param (param_value); GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO powerauth; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO powerauth; diff --git a/deploy/data/postgresql/powerauth-webflow.sql b/deploy/data/postgresql/powerauth-webflow.sql index 6179b57..4d9f9c2 100644 --- a/deploy/data/postgresql/powerauth-webflow.sql +++ b/deploy/data/postgresql/powerauth-webflow.sql @@ -615,7 +615,7 @@ CREATE TABLE audit_param ( CREATE INDEX wf_operation_hash ON wf_operation_session (operation_hash); CREATE INDEX wf_websocket_session ON wf_operation_session (websocket_session_id); CREATE INDEX ns_operation_pending ON ns_operation (user_id, result); -CREATE UNIQUE INDEX ns_operation_afs_unique on ns_operation_afs (operation_id, request_afs_action, request_step_index); +CREATE UNIQUE INDEX ns_operation_afs_unique ON ns_operation_afs (operation_id, request_afs_action, request_step_index); CREATE INDEX wf_certificate_operation ON wf_certificate_verification (operation_id); CREATE UNIQUE INDEX ns_application_name ON ns_application (name); CREATE UNIQUE INDEX ns_credential_policy_name ON ns_credential_policy (name); From 07d8da1b380e919f7443e84072799881a7bc62fd Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Mon, 27 Jun 2022 16:33:49 +0200 Subject: [PATCH 2/6] Remove obsolete constraint --- deploy/data/postgresql/powerauth-server.sql | 6 ------ 1 file changed, 6 deletions(-) diff --git a/deploy/data/postgresql/powerauth-server.sql b/deploy/data/postgresql/powerauth-server.sql index 5550c11..cd8337e 100644 --- a/deploy/data/postgresql/powerauth-server.sql +++ b/deploy/data/postgresql/powerauth-server.sql @@ -347,12 +347,6 @@ ALTER TABLE pa_recovery_puk ADD CONSTRAINT recovery_puk_code_fk FOREIGN KEY (rec -- ALTER TABLE pa_recovery_config ADD CONSTRAINT recovery_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); --- --- Ref Constraints for Table PA_OPERATION --- -ALTER TABLE pa_operation ADD CONSTRAINT operation_application_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); - - --- --- Indexes for better performance. PostgreSQL does not create indexes on foreign key automatically. --- From 1042f3f20776a0b79b61e4c1a6e31aa634287fcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Mon, 11 Jul 2022 23:14:11 +0200 Subject: [PATCH 3/6] Fix #150: Add new properties for Active Directory settings (#151) * Fix #150: Add new properties for Active Directory settings * Add default env variables * Reflect changes in Docker Compose files --- .env | 4 ++++ deploy/conf/powerauth-admin.xml | 10 +++++++++- docker-compose-arm64v8.yml | 4 ++++ docker-compose-pa-all-arm64v8.yml | 4 ++++ docker-compose-pa-all.yml | 4 ++++ docker-compose.yml | 4 ++++ 6 files changed, 29 insertions(+), 1 deletion(-) diff --git a/.env b/.env index e660483..cf417cb 100644 --- a/.env +++ b/.env @@ -69,6 +69,10 @@ POWERAUTH_ADMIN_LDAP_ROOT=dc=powerauth,dc=com POWERAUTH_ADMIN_LDAP_LDIF=file:/usr/local/tomcat/conf/ldap/ldap-local.ldif POWERAUTH_ADMIN_LDAP_MANAGER_DN= POWERAUTH_ADMIN_LDAP_MANAGER_PASSWORD= +POWERAUTH_ADMIN_AD_DOMAIN= +POWERAUTH_ADMIN_AD_URL= +POWERAUTH_ADMIN_AD_ROOT= +POWERAUTH_ADMIN_AD_USER_SEARCH_FILTER= POWERAUTH_ADMIN_APPLICATION_NAME=powerauth-admin POWERAUTH_ADMIN_APPLICATION_DISPLAY_NAME=PowerAuth Admin POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT= diff --git a/deploy/conf/powerauth-admin.xml b/deploy/conf/powerauth-admin.xml index 2b473d1..0488936 100644 --- a/deploy/conf/powerauth-admin.xml +++ b/deploy/conf/powerauth-admin.xml @@ -9,8 +9,10 @@ - + + + @@ -24,6 +26,12 @@ + + + + + + diff --git a/docker-compose-arm64v8.yml b/docker-compose-arm64v8.yml index 6d08dee..14ad9d1 100644 --- a/docker-compose-arm64v8.yml +++ b/docker-compose-arm64v8.yml @@ -94,6 +94,10 @@ services: - POWERAUTH_ADMIN_LDAP_LDIF=${POWERAUTH_ADMIN_LDAP_LDIF} - POWERAUTH_ADMIN_LDAP_MANAGER_DN=${POWERAUTH_ADMIN_LDAP_MANAGER_DN} - POWERAUTH_ADMIN_LDAP_MANAGER_PASSWORD=${POWERAUTH_ADMIN_LDAP_MANAGER_PASSWORD} + - POWERAUTH_ADMIN_AD_DOMAIN=${POWERAUTH_ADMIN_AD_DOMAIN} + - POWERAUTH_ADMIN_AD_URL=${POWERAUTH_ADMIN_AD_URL} + - POWERAUTH_ADMIN_AD_ROOT=${POWERAUTH_ADMIN_AD_ROOT} + - POWERAUTH_ADMIN_AD_USER_SEARCH_FILTER=${POWERAUTH_ADMIN_AD_USER_SEARCH_FILTER} - POWERAUTH_ADMIN_APPLICATION_NAME=${POWERAUTH_ADMIN_APPLICATION_NAME} - POWERAUTH_ADMIN_APPLICATION_DISPLAY_NAME=${POWERAUTH_ADMIN_APPLICATION_DISPLAY_NAME} - POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT=${POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT} diff --git a/docker-compose-pa-all-arm64v8.yml b/docker-compose-pa-all-arm64v8.yml index e883c1f..19de57b 100644 --- a/docker-compose-pa-all-arm64v8.yml +++ b/docker-compose-pa-all-arm64v8.yml @@ -110,6 +110,10 @@ services: - POWERAUTH_ADMIN_LDAP_LDIF=${POWERAUTH_ADMIN_LDAP_LDIF} - POWERAUTH_ADMIN_LDAP_MANAGER_DN=${POWERAUTH_ADMIN_LDAP_MANAGER_DN} - POWERAUTH_ADMIN_LDAP_MANAGER_PASSWORD=${POWERAUTH_ADMIN_LDAP_MANAGER_PASSWORD} + - POWERAUTH_ADMIN_AD_DOMAIN=${POWERAUTH_ADMIN_AD_DOMAIN} + - POWERAUTH_ADMIN_AD_URL=${POWERAUTH_ADMIN_AD_URL} + - POWERAUTH_ADMIN_AD_ROOT=${POWERAUTH_ADMIN_AD_ROOT} + - POWERAUTH_ADMIN_AD_USER_SEARCH_FILTER=${POWERAUTH_ADMIN_AD_USER_SEARCH_FILTER} - POWERAUTH_ADMIN_APPLICATION_NAME=${POWERAUTH_ADMIN_APPLICATION_NAME} - POWERAUTH_ADMIN_APPLICATION_DISPLAY_NAME=${POWERAUTH_ADMIN_APPLICATION_DISPLAY_NAME} - POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT=${POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT} diff --git a/docker-compose-pa-all.yml b/docker-compose-pa-all.yml index a5b4257..bf0a6c9 100644 --- a/docker-compose-pa-all.yml +++ b/docker-compose-pa-all.yml @@ -110,6 +110,10 @@ services: - POWERAUTH_ADMIN_LDAP_LDIF=${POWERAUTH_ADMIN_LDAP_LDIF} - POWERAUTH_ADMIN_LDAP_MANAGER_DN=${POWERAUTH_ADMIN_LDAP_MANAGER_DN} - POWERAUTH_ADMIN_LDAP_MANAGER_PASSWORD=${POWERAUTH_ADMIN_LDAP_MANAGER_PASSWORD} + - POWERAUTH_ADMIN_AD_DOMAIN=${POWERAUTH_ADMIN_AD_DOMAIN} + - POWERAUTH_ADMIN_AD_URL=${POWERAUTH_ADMIN_AD_URL} + - POWERAUTH_ADMIN_AD_ROOT=${POWERAUTH_ADMIN_AD_ROOT} + - POWERAUTH_ADMIN_AD_USER_SEARCH_FILTER=${POWERAUTH_ADMIN_AD_USER_SEARCH_FILTER} - POWERAUTH_ADMIN_APPLICATION_NAME=${POWERAUTH_ADMIN_APPLICATION_NAME} - POWERAUTH_ADMIN_APPLICATION_DISPLAY_NAME=${POWERAUTH_ADMIN_APPLICATION_DISPLAY_NAME} - POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT=${POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT} diff --git a/docker-compose.yml b/docker-compose.yml index c1afc17..f01af9e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -94,6 +94,10 @@ services: - POWERAUTH_ADMIN_LDAP_LDIF=${POWERAUTH_ADMIN_LDAP_LDIF} - POWERAUTH_ADMIN_LDAP_MANAGER_DN=${POWERAUTH_ADMIN_LDAP_MANAGER_DN} - POWERAUTH_ADMIN_LDAP_MANAGER_PASSWORD=${POWERAUTH_ADMIN_LDAP_MANAGER_PASSWORD} + - POWERAUTH_ADMIN_AD_DOMAIN=${POWERAUTH_ADMIN_AD_DOMAIN} + - POWERAUTH_ADMIN_AD_URL=${POWERAUTH_ADMIN_AD_URL} + - POWERAUTH_ADMIN_AD_ROOT=${POWERAUTH_ADMIN_AD_ROOT} + - POWERAUTH_ADMIN_AD_USER_SEARCH_FILTER=${POWERAUTH_ADMIN_AD_USER_SEARCH_FILTER} - POWERAUTH_ADMIN_APPLICATION_NAME=${POWERAUTH_ADMIN_APPLICATION_NAME} - POWERAUTH_ADMIN_APPLICATION_DISPLAY_NAME=${POWERAUTH_ADMIN_APPLICATION_DISPLAY_NAME} - POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT=${POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT} From 6baf1f84cd90e30e2bafc20da48375fa11f64c0d Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Mon, 6 Feb 2023 12:24:10 +0100 Subject: [PATCH 4/6] Fix #153: Update resources, DDL, and configuration for 2022.12 release --- .../docker-powerauth-data-adapter/Dockerfile | 4 +-- arm64v8/docker-powerauth-nextstep/Dockerfile | 4 +-- .../docker-powerauth-push-server/Dockerfile | 4 +-- arm64v8/docker-powerauth-server/Dockerfile | 4 +-- .../docker-powerauth-tpp-engine/Dockerfile | 4 +-- arm64v8/docker-powerauth-webflow/Dockerfile | 4 +-- build-arm64v8.sh | 2 +- build.sh | 2 +- .../data/ext-resources/messages_cs.properties | 13 ++++++- .../data/ext-resources/messages_en.properties | 13 ++++++- .../data/postgresql/powerauth-push-server.sql | 27 ++++++++++++-- deploy/data/postgresql/powerauth-server.sql | 36 +++++++++++-------- deploy/data/postgresql/powerauth-webflow.sql | 33 ++++++++--------- 13 files changed, 100 insertions(+), 50 deletions(-) diff --git a/arm64v8/docker-powerauth-data-adapter/Dockerfile b/arm64v8/docker-powerauth-data-adapter/Dockerfile index de1b4ea..ba4534b 100644 --- a/arm64v8/docker-powerauth-data-adapter/Dockerfile +++ b/arm64v8/docker-powerauth-data-adapter/Dockerfile @@ -1,8 +1,8 @@ -FROM arm64v8/tomcat:9-jre11@sha256:cdf6a9ca2a039f9cfbf0c6546f77c0d6b3664dbdc49a4284a2dd6e84bed2defd +FROM arm64v8/tomcat:9-jre11@sha256:0464902846f45cf1bbcfc52adc2be69cd53d3954569e3c709c346614f19ecad0 LABEL maintainer="roman.strobl@wultra.com" # Prepare environment variables -ENV JAVA_HOME /usr/local/openjdk-11 +ENV JAVA_HOME /opt/java/openjdk ENV TOMCAT_HOME /usr/local/tomcat # Clear root context diff --git a/arm64v8/docker-powerauth-nextstep/Dockerfile b/arm64v8/docker-powerauth-nextstep/Dockerfile index 86ea007..7e6ffca 100644 --- a/arm64v8/docker-powerauth-nextstep/Dockerfile +++ b/arm64v8/docker-powerauth-nextstep/Dockerfile @@ -1,8 +1,8 @@ -FROM arm64v8/tomcat:9-jre11@sha256:cdf6a9ca2a039f9cfbf0c6546f77c0d6b3664dbdc49a4284a2dd6e84bed2defd +FROM arm64v8/tomcat:9-jre11@sha256:0464902846f45cf1bbcfc52adc2be69cd53d3954569e3c709c346614f19ecad0 LABEL maintainer="roman.strobl@wultra.com" # Prepare environment variables -ENV JAVA_HOME /usr/local/openjdk-11 +ENV JAVA_HOME /opt/java/openjdk ENV TOMCAT_HOME /usr/local/tomcat # Clear root context diff --git a/arm64v8/docker-powerauth-push-server/Dockerfile b/arm64v8/docker-powerauth-push-server/Dockerfile index 217b65a..be52bf5 100644 --- a/arm64v8/docker-powerauth-push-server/Dockerfile +++ b/arm64v8/docker-powerauth-push-server/Dockerfile @@ -1,8 +1,8 @@ -FROM arm64v8/tomcat:9-jre11@sha256:cdf6a9ca2a039f9cfbf0c6546f77c0d6b3664dbdc49a4284a2dd6e84bed2defd +FROM arm64v8/tomcat:9-jre11@sha256:0464902846f45cf1bbcfc52adc2be69cd53d3954569e3c709c346614f19ecad0 LABEL maintainer="roman.strobl@wultra.com" # Prepare environment variables -ENV JAVA_HOME /usr/local/openjdk-11 +ENV JAVA_HOME /opt/java/openjdk ENV TOMCAT_HOME /usr/local/tomcat # Clear root context diff --git a/arm64v8/docker-powerauth-server/Dockerfile b/arm64v8/docker-powerauth-server/Dockerfile index cbd7878..e44d57c 100644 --- a/arm64v8/docker-powerauth-server/Dockerfile +++ b/arm64v8/docker-powerauth-server/Dockerfile @@ -1,8 +1,8 @@ -FROM arm64v8/tomcat:9-jre11@sha256:cdf6a9ca2a039f9cfbf0c6546f77c0d6b3664dbdc49a4284a2dd6e84bed2defd +FROM arm64v8/tomcat:9-jre11@sha256:0464902846f45cf1bbcfc52adc2be69cd53d3954569e3c709c346614f19ecad0 LABEL maintainer="roman.strobl@wultra.com" # Prepare environment variables -ENV JAVA_HOME /usr/local/openjdk-11 +ENV JAVA_HOME /opt/java/openjdk ENV TOMCAT_HOME /usr/local/tomcat # Clear root context diff --git a/arm64v8/docker-powerauth-tpp-engine/Dockerfile b/arm64v8/docker-powerauth-tpp-engine/Dockerfile index 53de06f..17ac202 100644 --- a/arm64v8/docker-powerauth-tpp-engine/Dockerfile +++ b/arm64v8/docker-powerauth-tpp-engine/Dockerfile @@ -1,8 +1,8 @@ -FROM arm64v8/tomcat:9-jre11@sha256:cdf6a9ca2a039f9cfbf0c6546f77c0d6b3664dbdc49a4284a2dd6e84bed2defd +FROM arm64v8/tomcat:9-jre11@sha256:0464902846f45cf1bbcfc52adc2be69cd53d3954569e3c709c346614f19ecad0 LABEL maintainer="roman.strobl@wultra.com" # Prepare environment variables -ENV JAVA_HOME /usr/local/openjdk-11 +ENV JAVA_HOME /opt/java/openjdk ENV TOMCAT_HOME /usr/local/tomcat # Clear root context diff --git a/arm64v8/docker-powerauth-webflow/Dockerfile b/arm64v8/docker-powerauth-webflow/Dockerfile index 49fa489..80479dc 100644 --- a/arm64v8/docker-powerauth-webflow/Dockerfile +++ b/arm64v8/docker-powerauth-webflow/Dockerfile @@ -1,8 +1,8 @@ -FROM arm64v8/tomcat:9-jre11@sha256:cdf6a9ca2a039f9cfbf0c6546f77c0d6b3664dbdc49a4284a2dd6e84bed2defd +FROM arm64v8/tomcat:9-jre11@sha256:0464902846f45cf1bbcfc52adc2be69cd53d3954569e3c709c346614f19ecad0 LABEL maintainer="roman.strobl@wultra.com" # Prepare environment variables -ENV JAVA_HOME /usr/local/openjdk-11 +ENV JAVA_HOME /opt/java/openjdk ENV TOMCAT_HOME /usr/local/tomcat ENV WEBFLOW_RESOURCES /opt/ext-resources diff --git a/build-arm64v8.sh b/build-arm64v8.sh index 197495a..ea6f6f3 100644 --- a/build-arm64v8.sh +++ b/build-arm64v8.sh @@ -9,7 +9,7 @@ fi # Prepare Build Number if [ -z ${TAG+x} ]; then - export PRODUCT_VERSION="2022.05" + export PRODUCT_VERSION="2022.12" if [ -z ${BUILD+x} ]; then export BUILD=$(date +%s) fi diff --git a/build.sh b/build.sh index 10c20bb..1c9246e 100644 --- a/build.sh +++ b/build.sh @@ -9,7 +9,7 @@ fi # Prepare Build Number if [ -z ${TAG+x} ]; then - export PRODUCT_VERSION="2022.05" + export PRODUCT_VERSION="2022.12" if [ -z ${BUILD+x} ]; then export BUILD=$(date +%s) fi diff --git a/deploy/data/ext-resources/messages_cs.properties b/deploy/data/ext-resources/messages_cs.properties index 2f1e890..4d0e30a 100644 --- a/deploy/data/ext-resources/messages_cs.properties +++ b/deploy/data/ext-resources/messages_cs.properties @@ -158,4 +158,15 @@ browser.close.warning=Opravdu si přejete zrušit tuto operaci? clientCertificate.login=Přihlásit se certifikátem clientCertificate.use=Vybrat certifikát clientCertificate.failed=Ověření klientského certifikátu selhalo. -clientCertificate.approval=Pro ověření bude použit klientský certifikát. \ No newline at end of file + +qualifiedCertificate.approve=Potvrdit certifikátem +qualifiedCertificate.choose=Vybrat certifikát +qualifiedCertificate.sign=Podepsat + +signer.error.init.notSupported=Potvrzení certifikátem není podporované. +signer.error.init.extension.failed=Podpisový plug-in není nainstalovaný v prohlížeči. +signer.error.init.host.failed=Selhala inicializace podpisové komponenty. +signer.error.certificate.notFound=Nebyl nalezen žádný certifikát pro podpis. +signer.error.unknown=Selhala příprava podpisu. +signer.result.success=Data operace byla úspěšně podepsána. +signer.result.failed=Selhal výpočet podpisu dat operace. diff --git a/deploy/data/ext-resources/messages_en.properties b/deploy/data/ext-resources/messages_en.properties index 0c4e5da..6822e5f 100644 --- a/deploy/data/ext-resources/messages_en.properties +++ b/deploy/data/ext-resources/messages_en.properties @@ -159,4 +159,15 @@ browser.close.warning=Are you sure you want to cancel current operation? clientCertificate.login=Login with Certificate clientCertificate.use=Choose Certificate clientCertificate.failed=Client certificate verification failed. -clientCertificate.approval=Client certificate will be used for authorization. \ No newline at end of file + +qualifiedCertificate.approve=Approve with Certificate +qualifiedCertificate.choose=Choose Certificate +qualifiedCertificate.sign=Sign + +signer.error.init.notSupported=Approval with certificate is not supported. +signer.error.init.extension.failed=Browser extension for signing is not installed. +signer.error.init.host.failed=Signer component initialization failed. +signer.error.certificate.notFound=No certificate was found for signing. +signer.error.unknown=Signature preparation failed. +signer.result.success=Operation data was signed successfully. +signer.result.failed=Data signature calculation failed. diff --git a/deploy/data/postgresql/powerauth-push-server.sql b/deploy/data/postgresql/powerauth-push-server.sql index 0937235..e62d386 100644 --- a/deploy/data/postgresql/powerauth-push-server.sql +++ b/deploy/data/postgresql/powerauth-push-server.sql @@ -15,6 +15,7 @@ CREATE SEQUENCE push_device_registration_seq; CREATE SEQUENCE push_message_seq; CREATE SEQUENCE push_campaign_seq; CREATE SEQUENCE push_campaign_user_seq; +CREATE SEQUENCE push_inbox_seq; --- --- DB Tables @@ -23,7 +24,7 @@ CREATE SEQUENCE push_campaign_user_seq; -- Create table for application credentials used for APNS and FCM CREATE TABLE push_app_credentials ( id INTEGER NOT NULL CONSTRAINT push_app_credentials_pkey PRIMARY KEY, - app_id INTEGER NOT NULL, + app_id VARCHAR(255) NOT NULL, ios_key_id VARCHAR(255), ios_private_key BYTEA, ios_team_id VARCHAR(255), @@ -81,6 +82,25 @@ CREATE TABLE push_campaign_user ( timestamp_created TIMESTAMP(6) NOT NULL ); +-- Create table for message inbox +CREATE TABLE push_inbox ( + id INTEGER NOT NULL CONSTRAINT push_inbox_pk PRIMARY KEY, + inbox_id VARCHAR(37), + user_id VARCHAR(255) NOT NULL, + subject TEXT NOT NULL, + body TEXT NOT NULL, + read BOOLEAN DEFAULT false NOT NULL, + timestamp_created TIMESTAMP NOT NULL, + timestamp_read TIMESTAMP +); + +-- Create table for assignment of inbox messages to apps +CREATE TABLE push_inbox_app ( + app_credentials_id INTEGER NOT NULL, + inbox_id INTEGER NOT NULL, + CONSTRAINT push_inbox_app_pk PRIMARY KEY (inbox_id, app_credentials_id) +); + -- -- DB Indexes (recommended for better performance) -- @@ -103,5 +123,6 @@ CREATE INDEX push_campaign_user_campaign ON push_campaign_user (campaign_id, use CREATE INDEX push_campaign_user_detail ON push_campaign_user (user_id); -GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO powerauth; -GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO powerauth; +CREATE INDEX push_inbox_id ON push_inbox (inbox_id); +CREATE INDEX push_inbox_user ON push_inbox (user_id); +CREATE INDEX push_inbox_user_read ON push_inbox (user_id, read); diff --git a/deploy/data/postgresql/powerauth-server.sql b/deploy/data/postgresql/powerauth-server.sql index cd8337e..349a5ac 100644 --- a/deploy/data/postgresql/powerauth-server.sql +++ b/deploy/data/postgresql/powerauth-server.sql @@ -231,7 +231,8 @@ CREATE TABLE pa_operation ( max_failure_count BIGINT NOT NULL, timestamp_created TIMESTAMP NOT NULL, timestamp_expires TIMESTAMP NOT NULL, - timestamp_finalized TIMESTAMP + timestamp_finalized TIMESTAMP, + risk_flags VARCHAR(255) ); -- @@ -244,7 +245,8 @@ CREATE TABLE pa_operation_template ( data_template VARCHAR(255) NOT NULL, signature_type VARCHAR(255) NOT NULL, max_failure_count BIGINT NOT NULL, - expiration BIGINT NOT NULL + expiration BIGINT NOT NULL, + risk_flags VARCHAR(255) ); -- @@ -259,7 +261,7 @@ CREATE TABLE pa_operation_application ( -- -- DDL for Table SHEDLOCK -- -CREATE TABLE shedlock ( +CREATE TABLE IF NOT EXISTS shedlock ( name VARCHAR(64) NOT NULL PRIMARY KEY, lock_until TIMESTAMP NOT NULL, locked_at TIMESTAMP NOT NULL, @@ -269,7 +271,7 @@ CREATE TABLE shedlock ( -- -- Create audit log table. -- -CREATE TABLE audit_log ( +CREATE TABLE IF NOT EXISTS audit_log ( audit_log_id VARCHAR(36) PRIMARY KEY, application_name VARCHAR(256) NOT NULL, audit_level VARCHAR(32) NOT NULL, @@ -288,7 +290,7 @@ CREATE TABLE audit_log ( -- -- Create audit parameters table. -- -CREATE TABLE audit_param ( +CREATE TABLE IF NOT EXISTS audit_param ( audit_log_id VARCHAR(36), timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, param_key VARCHAR(256), @@ -347,8 +349,9 @@ ALTER TABLE pa_recovery_puk ADD CONSTRAINT recovery_puk_code_fk FOREIGN KEY (rec -- ALTER TABLE pa_recovery_config ADD CONSTRAINT recovery_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); + --- ---- Indexes for better performance. PostgreSQL does not create indexes on foreign key automatically. +--- Indexes for better performance. PostgreSQL does not CREATE INDEXes ON foreign key automatically. --- CREATE INDEX pa_activation_application ON pa_activation(application_id); @@ -359,6 +362,8 @@ CREATE INDEX pa_activation_code ON pa_activation(activation_code); CREATE INDEX pa_activation_user_id ON pa_activation(user_id); +CREATE INDEX pa_activation_expiration on pa_activation (activation_status, timestamp_activation_expire); + CREATE INDEX pa_activation_history_act ON pa_activation_history(activation_id); CREATE INDEX pa_activation_history_created ON pa_activation_history(timestamp_created); @@ -401,19 +406,20 @@ CREATE INDEX pa_operation_ts_created_idx ON pa_operation(timestamp_created); CREATE INDEX pa_operation_ts_expires_idx ON pa_operation(timestamp_expires); +CREATE INDEX pa_operation_status_exp ON pa_operation(timestamp_expires, status); + CREATE INDEX pa_operation_template_name_idx ON pa_operation_template(template_name); -- --- Audit log indexes. +-- Auditing indexes. -- -CREATE INDEX audit_log_timestamp ON audit_log (timestamp_created); -CREATE INDEX audit_log_application ON audit_log (application_name); -CREATE INDEX audit_log_level ON audit_log (audit_level); -CREATE INDEX audit_log_type ON audit_log (audit_type); -CREATE INDEX audit_param_log ON audit_param (audit_log_id); -CREATE INDEX audit_param_timestamp ON audit_param (timestamp_created); -CREATE INDEX audit_param_key ON audit_param (param_key); -CREATE INDEX audit_param_value ON audit_param (param_value); +CREATE INDEX IF NOT EXISTS audit_log_timestamp ON audit_log (timestamp_created); +CREATE INDEX IF NOT EXISTS audit_log_application ON audit_log (application_name); +CREATE INDEX IF NOT EXISTS audit_log_level ON audit_log (audit_level); +CREATE INDEX IF NOT EXISTS audit_log_type ON audit_log (audit_type); +CREATE INDEX IF NOT EXISTS audit_param_log ON audit_param (audit_log_id); +CREATE INDEX IF NOT EXISTS audit_param_timestamp ON audit_param (timestamp_created); +CREATE INDEX IF NOT EXISTS audit_param_key ON audit_param (param_key); GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO powerauth; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO powerauth; diff --git a/deploy/data/postgresql/powerauth-webflow.sql b/deploy/data/postgresql/powerauth-webflow.sql index 4d9f9c2..5c981b8 100644 --- a/deploy/data/postgresql/powerauth-webflow.sql +++ b/deploy/data/postgresql/powerauth-webflow.sql @@ -573,7 +573,8 @@ CREATE TABLE tpp_detail ( tpp_website TEXT NULL, -- TPP website, if available. tpp_phone VARCHAR(256) NULL, -- TPP phone number, if available. tpp_email VARCHAR(256) NULL, -- TPP e-mail, if available. - tpp_logo TEXT NULL -- TPP logo, if available. + tpp_logo TEXT NULL, -- TPP logo, if available. + tpp_blocked BOOLEAN DEFAULT FALSE NOT NULL -- Indication if this TPP provider is blocked or not. ); CREATE TABLE tpp_app_detail ( @@ -588,7 +589,7 @@ CREATE TABLE tpp_app_detail ( ); -- Table audit_log stores auditing information -CREATE TABLE audit_log ( +CREATE TABLE IF NOT EXISTS audit_log ( audit_log_id VARCHAR(36) PRIMARY KEY, application_name VARCHAR(256) NOT NULL, audit_level VARCHAR(32) NOT NULL, @@ -605,7 +606,7 @@ CREATE TABLE audit_log ( ); -- Table audit_param stores auditing parameters -CREATE TABLE audit_param ( +CREATE TABLE IF NOT EXISTS audit_param ( audit_log_id VARCHAR(36), timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, param_key VARCHAR(256), @@ -615,7 +616,7 @@ CREATE TABLE audit_param ( CREATE INDEX wf_operation_hash ON wf_operation_session (operation_hash); CREATE INDEX wf_websocket_session ON wf_operation_session (websocket_session_id); CREATE INDEX ns_operation_pending ON ns_operation (user_id, result); -CREATE UNIQUE INDEX ns_operation_afs_unique ON ns_operation_afs (operation_id, request_afs_action, request_step_index); +CREATE UNIQUE INDEX ns_operation_afs_unique on ns_operation_afs (operation_id, request_afs_action, request_step_index); CREATE INDEX wf_certificate_operation ON wf_certificate_verification (operation_id); CREATE UNIQUE INDEX ns_application_name ON ns_application (name); CREATE UNIQUE INDEX ns_credential_policy_name ON ns_credential_policy (name); @@ -647,14 +648,14 @@ CREATE INDEX ns_authentication_timestamp_created ON ns_authentication (timestamp CREATE UNIQUE INDEX ns_hashing_config_name ON ns_hashing_config (name); CREATE UNIQUE INDEX ns_user_alias_unique ON ns_user_alias (user_id, name); CREATE UNIQUE INDEX ns_user_role_unique ON ns_user_role (user_id, role_id); -CREATE INDEX audit_log_timestamp ON audit_log (timestamp_created); -CREATE INDEX audit_log_application ON audit_log (application_name); -CREATE INDEX audit_log_level ON audit_log (audit_level); -CREATE INDEX audit_log_type ON audit_log (audit_type); -CREATE INDEX audit_param_log ON audit_param (audit_log_id); -CREATE INDEX audit_param_timestamp ON audit_param (timestamp_created); -CREATE INDEX audit_param_key ON audit_param (param_key); -CREATE INDEX audit_param_value ON audit_param (param_value); +CREATE INDEX IF NOT EXISTS audit_log_timestamp ON audit_log (timestamp_created); +CREATE INDEX IF NOT EXISTS audit_log_application ON audit_log (application_name); +CREATE INDEX IF NOT EXISTS audit_log_level ON audit_log (audit_level); +CREATE INDEX IF NOT EXISTS audit_log_type ON audit_log (audit_type); +CREATE INDEX IF NOT EXISTS audit_param_log ON audit_param (audit_log_id); +CREATE INDEX IF NOT EXISTS audit_param_timestamp ON audit_param (timestamp_created); +CREATE INDEX IF NOT EXISTS audit_param_key ON audit_param (param_key); +CREATE INDEX IF NOT EXISTS audit_param_value ON audit_param (param_value); GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO powerauth; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO powerauth; @@ -687,10 +688,10 @@ INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_pr VALUES ('OTP_CODE', 10, FALSE, NULL, NULL, TRUE, 3, TRUE, FALSE, 'method.otpCode'); -- operation configuration -INSERT INTO ns_operation_config (operation_name, template_version, template_id, mobile_token_enabled, mobile_token_mode) VALUES ('login', 'A', 2, TRUE, '{"type":"2FA","variants":["possession_knowledge","possession_biometry"]}'); -INSERT INTO ns_operation_config (operation_name, template_version, template_id, mobile_token_enabled, mobile_token_mode) VALUES ('login_sca', 'A', 2, TRUE, '{"type":"2FA","variants":["possession_knowledge","possession_biometry"]}'); -INSERT INTO ns_operation_config (operation_name, template_version, template_id, mobile_token_enabled, mobile_token_mode) VALUES ('authorize_payment', 'A', 1, TRUE, '{"type":"2FA","variants":["possession_knowledge","possession_biometry"]}'); -INSERT INTO ns_operation_config (operation_name, template_version, template_id, mobile_token_enabled, mobile_token_mode) VALUES ('authorize_payment_sca', 'A', 1, TRUE, '{"type":"2FA","variants":["possession_knowledge","possession_biometry"]}'); +INSERT INTO ns_operation_config (operation_name, template_version, template_id, mobile_token_enabled, mobile_token_mode) VALUES ('login', 'A', 2, FALSE, '{"type":"2FA","variants":["possession_knowledge","possession_biometry"]}'); +INSERT INTO ns_operation_config (operation_name, template_version, template_id, mobile_token_enabled, mobile_token_mode) VALUES ('login_sca', 'A', 2, FALSE, '{"type":"2FA","variants":["possession_knowledge","possession_biometry"]}'); +INSERT INTO ns_operation_config (operation_name, template_version, template_id, mobile_token_enabled, mobile_token_mode) VALUES ('authorize_payment', 'A', 1, FALSE, '{"type":"2FA","variants":["possession_knowledge","possession_biometry"]}'); +INSERT INTO ns_operation_config (operation_name, template_version, template_id, mobile_token_enabled, mobile_token_mode) VALUES ('authorize_payment_sca', 'A', 1, FALSE, '{"type":"2FA","variants":["possession_knowledge","possession_biometry"]}'); -- organization configuration INSERT INTO ns_organization (organization_id, display_name_key, is_default, order_number, default_credential_name, default_otp_name) VALUES ('RETAIL', 'organization.retail', TRUE, 1, 'RETAIL_CREDENTIAL', 'RETAIL_OTP'); From 9c228821f765a08c64ea38d421fe6e79b0be45ac Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Mon, 6 Feb 2023 12:32:51 +0100 Subject: [PATCH 5/6] Upgrade PostgreSQL --- docker-powerauth-push-postgresql/Dockerfile | 2 +- docker-powerauth-server-postgresql/Dockerfile | 2 +- docker-powerauth-webflow-postgresql/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-powerauth-push-postgresql/Dockerfile b/docker-powerauth-push-postgresql/Dockerfile index 46fe0a9..12bf887 100644 --- a/docker-powerauth-push-postgresql/Dockerfile +++ b/docker-powerauth-push-postgresql/Dockerfile @@ -1,4 +1,4 @@ -FROM postgres:14.2 +FROM postgres:15.1 LABEL maintainer="roman.strobl@wultra.com" ADD deploy/data/postgresql/powerauth-push-server.sql /docker-entrypoint-initdb.d/ diff --git a/docker-powerauth-server-postgresql/Dockerfile b/docker-powerauth-server-postgresql/Dockerfile index 8ce01c3..bc178e9 100644 --- a/docker-powerauth-server-postgresql/Dockerfile +++ b/docker-powerauth-server-postgresql/Dockerfile @@ -1,4 +1,4 @@ -FROM postgres:14.2 +FROM postgres:15.1 LABEL maintainer="roman.strobl@wultra.com" ADD deploy/data/postgresql/powerauth-server.sql /docker-entrypoint-initdb.d/ diff --git a/docker-powerauth-webflow-postgresql/Dockerfile b/docker-powerauth-webflow-postgresql/Dockerfile index 268ca1e..5a4872e 100644 --- a/docker-powerauth-webflow-postgresql/Dockerfile +++ b/docker-powerauth-webflow-postgresql/Dockerfile @@ -1,4 +1,4 @@ -FROM postgres:14.2 +FROM postgres:15.1 LABEL maintainer="roman.strobl@wultra.com" ADD deploy/data/postgresql/powerauth-webflow.sql /docker-entrypoint-initdb.d/ From ab175a7a4dba7388ac62a8dd01d2fd51d33dbe03 Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Mon, 6 Feb 2023 12:41:17 +0100 Subject: [PATCH 6/6] Switch to ojdbc8 --- arm64v8/docker-powerauth-data-adapter/Dockerfile | 2 +- arm64v8/docker-powerauth-nextstep/Dockerfile | 2 +- arm64v8/docker-powerauth-push-server/Dockerfile | 2 +- arm64v8/docker-powerauth-server/Dockerfile | 2 +- arm64v8/docker-powerauth-tpp-engine/Dockerfile | 2 +- arm64v8/docker-powerauth-webflow/Dockerfile | 2 +- deploy/lib/readme.txt | 2 +- docker-powerauth-data-adapter/Dockerfile | 2 +- docker-powerauth-nextstep/Dockerfile | 2 +- docker-powerauth-push-server/Dockerfile | 2 +- docker-powerauth-server/Dockerfile | 2 +- docker-powerauth-tpp-engine/Dockerfile | 2 +- docker-powerauth-webflow/Dockerfile | 2 +- docs/Building-Docker-Images.md | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/arm64v8/docker-powerauth-data-adapter/Dockerfile b/arm64v8/docker-powerauth-data-adapter/Dockerfile index ba4534b..e349da0 100644 --- a/arm64v8/docker-powerauth-data-adapter/Dockerfile +++ b/arm64v8/docker-powerauth-data-adapter/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD ../deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD ../deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD ../deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/arm64v8/docker-powerauth-nextstep/Dockerfile b/arm64v8/docker-powerauth-nextstep/Dockerfile index 7e6ffca..157c4e2 100644 --- a/arm64v8/docker-powerauth-nextstep/Dockerfile +++ b/arm64v8/docker-powerauth-nextstep/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD ../deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD ../deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD ../deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/arm64v8/docker-powerauth-push-server/Dockerfile b/arm64v8/docker-powerauth-push-server/Dockerfile index be52bf5..8e434f7 100644 --- a/arm64v8/docker-powerauth-push-server/Dockerfile +++ b/arm64v8/docker-powerauth-push-server/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD ../deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD ../deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD ../deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/arm64v8/docker-powerauth-server/Dockerfile b/arm64v8/docker-powerauth-server/Dockerfile index e44d57c..e2a2df0 100644 --- a/arm64v8/docker-powerauth-server/Dockerfile +++ b/arm64v8/docker-powerauth-server/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD ../deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD ../deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD ../deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/arm64v8/docker-powerauth-tpp-engine/Dockerfile b/arm64v8/docker-powerauth-tpp-engine/Dockerfile index 17ac202..50bbed7 100644 --- a/arm64v8/docker-powerauth-tpp-engine/Dockerfile +++ b/arm64v8/docker-powerauth-tpp-engine/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD ../deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD ../deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD ../deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/arm64v8/docker-powerauth-webflow/Dockerfile b/arm64v8/docker-powerauth-webflow/Dockerfile index 80479dc..9703a8b 100644 --- a/arm64v8/docker-powerauth-webflow/Dockerfile +++ b/arm64v8/docker-powerauth-webflow/Dockerfile @@ -10,7 +10,7 @@ ENV WEBFLOW_RESOURCES /opt/ext-resources RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD ../deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD ../deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD ../deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Add valve for proxy with SSL termination diff --git a/deploy/lib/readme.txt b/deploy/lib/readme.txt index 0ef4327..d61c770 100644 --- a/deploy/lib/readme.txt +++ b/deploy/lib/readme.txt @@ -1,6 +1,6 @@ Add following libraries here: -- ojdbc6.jar [1] +- ojdbc8.jar [1] - postgresql.jar [2] [1] http://www.oracle.com/technetwork/database/features/jdbc/jdbc-drivers-12c-download-1958347.html diff --git a/docker-powerauth-data-adapter/Dockerfile b/docker-powerauth-data-adapter/Dockerfile index 3a9182d..a3d6613 100644 --- a/docker-powerauth-data-adapter/Dockerfile +++ b/docker-powerauth-data-adapter/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/docker-powerauth-nextstep/Dockerfile b/docker-powerauth-nextstep/Dockerfile index 164be15..0b92e0b 100644 --- a/docker-powerauth-nextstep/Dockerfile +++ b/docker-powerauth-nextstep/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/docker-powerauth-push-server/Dockerfile b/docker-powerauth-push-server/Dockerfile index b8de5ed..5239090 100644 --- a/docker-powerauth-push-server/Dockerfile +++ b/docker-powerauth-push-server/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/docker-powerauth-server/Dockerfile b/docker-powerauth-server/Dockerfile index 6a3e0a6..6731431 100644 --- a/docker-powerauth-server/Dockerfile +++ b/docker-powerauth-server/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/docker-powerauth-tpp-engine/Dockerfile b/docker-powerauth-tpp-engine/Dockerfile index 3b02eb9..8127353 100644 --- a/docker-powerauth-tpp-engine/Dockerfile +++ b/docker-powerauth-tpp-engine/Dockerfile @@ -9,7 +9,7 @@ ENV TOMCAT_HOME /usr/local/tomcat RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Deploy and run applications diff --git a/docker-powerauth-webflow/Dockerfile b/docker-powerauth-webflow/Dockerfile index 5ea1af0..a01b595 100644 --- a/docker-powerauth-webflow/Dockerfile +++ b/docker-powerauth-webflow/Dockerfile @@ -10,7 +10,7 @@ ENV WEBFLOW_RESOURCES /opt/ext-resources RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc8.jar $TOMCAT_HOME/lib/ ADD deploy/lib/postgresql.jar $TOMCAT_HOME/lib/ # Add valve for proxy with SSL termination diff --git a/docs/Building-Docker-Images.md b/docs/Building-Docker-Images.md index cfa4930..7372d49 100644 --- a/docs/Building-Docker-Images.md +++ b/docs/Building-Docker-Images.md @@ -27,7 +27,7 @@ Then, add following files in the cloned repository: - WAR files with required PowerAuth applications, see `deploy/images/readme.txt` for details. - JAR files with JDBC drivers required for JPA connectivity, see `deploy/lib/readme.txt` for details. -_Note: While you need to provide Oracle JDBC driver, we do not provide Docker images with Oracle database. Driver file (`ojdbc6.jar`) is mainly required in a real production database, in case applications are configured so that they point to a production Oracle DB._ +_Note: While you need to provide Oracle JDBC driver, we do not provide Docker images with Oracle database. Driver file (`ojdbc8.jar`) is mainly required in a real production database, in case applications are configured so that they point to a production Oracle DB._ ### 3. Configure