Hyperfridge

.github/workflows/dockerhub.yml

@@ -1,6 +1,6 @@
 on:
   push:
-    branches: [ main ]
+    branches: [ main, hyperfridge ]
 jobs:
   push_to_dockerhub:
     name: build image and push to dockerhub

.gitignore

@@ -38,3 +38,25 @@ node_modules
 .DS_Store
 /bin/
 src/main/resources/simulated-account-statements.zip-10
+x.log
+scripts/backupfile
+scripts/backupfile.sik
+scripts/hist.txt
+scratch
+trace
+work_out
+keys/bank_public_key.pem
+keys/bank_public_key.pem-enc
+keys/client_private_key.pem
+keys/client_public_key.pem
+keys/bank_public_key.pem
+keys/bank_public_key.pem-enc
+keys/client_private_key.pem
+keys/client_public_key.pem
+keys/bank_public_key.pem
+keys/bank_public_key.pem-enc
+keys/client_private_key.pem
+keys/client_public_key.pem
+docs/TEST-old.md
+receipt.json
+result.json

Dockerfile

@@ -8,7 +8,7 @@
 # sudo docker run -it --entrypoint sh ebics
 # sudo docker run -v $HOME/ebics:/root/ebics ebics -cp "ebics-cli.jar:lib/*" org.kopi.ebics.client.EbicsClient --sta -o /root/ebics/out sta.txt 
 
-FROM gradle:6-jdk11-hotspot as build
+FROM gradle:6-jdk11 AS build
 
 # build ebics-client jar and server jars;  
 RUN ls -la; mkdir /app;
@@ -21,8 +21,9 @@ COPY ./src /app/src
 ENV GENERATE_GIT_PROPERTIES="false"
 WORKDIR /app
 RUN gradle clean build bootJar -DGENERATE_GIT_PROPERTIES=$GENERATE_GIT_PROPERTIES
+
 #create runtime for jars
-FROM openjdk:18-jdk-alpine as runtime
+FROM openjdk:18-jdk as runtime
 RUN mkdir /app
 RUN mkdir /app/lib
 WORKDIR /app

build.gradle

@@ -7,11 +7,12 @@ buildscript {
 plugins {
     id 'org.springframework.boot' 
     id 'java'
-	id "com.gorylenko.gradle-git-properties"  version "2.3.1"	
 	id "org.owasp.dependencycheck" 
 	id "jacoco"
     id 'checkstyle'
+    id "com.gorylenko.gradle-git-properties" version "2.4.1"
 }
+
 //apply from: "dependencyCheck.gradle"
 apply plugin: 'io.spring.dependency-management'
 
@@ -26,13 +27,13 @@ repositories {
 
 ext {
     set('springCloudVersion', springCloudVersion)
+    set('lombokVersion', lombokVersion)
 }
 
 springBoot { buildInfo() }
 build.doFirst { bootBuildInfo }
 compileJava.doFirst { generateGitProperties }
 
-
 // Disable generate Git Properties via environment - e.g. if we are in a Docker build
 ext.generateGitProps=System.getProperty('GENERATE_GIT_PROPERTIES')
 ext.generateGitProps=ext.generateGitProps==null?"true":ext.generateGitProps
@@ -75,8 +76,8 @@ dependencies {
     implementation 'org.apache.commons:commons-lang3:3.6'
     implementation 'org.apache.commons:commons-exec:1.3'
     implementation 'commons-io:commons-io:2.6'
-    implementation 'org.projectlombok:lombok:1.18.10'
-    annotationProcessor 'org.projectlombok:lombok:1.18.10'
+    implementation 'org.projectlombok:lombok:'+lombokVersion
+    annotationProcessor 'org.projectlombok:lombok:'+lombokVersion
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
 }
 

docker-compose.yml

@@ -5,6 +5,7 @@ version: "3.2"
 
 services:
   postgres: 
+    container_name: pg
     image: postgres:11
     restart: always
     environment:
@@ -16,13 +17,14 @@ services:
       # - PGDATA="/var/lib/postgresql/data/pgdata"
    # ports:
      # - "5432:5432"  
-  #volumes:
-      #- ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh
-      # GCP: - /mnt/stateful_partition/APP/postgres/db:/var/lib/postgresql/data/pgdata
-      # local dir: - ${DATADIR:?}/postgres:/var/lib/postgresql/data
 
   libeufin: 
-    image: e36io/libeufin:mergeLibeufin
+    container_name: libeufin
+    image: e36io/libeufin:hyperfridge
+    # local dev:
+    # build:
+    #   context: ../LibEuFin
+
     depends_on: 
       - postgres
     environment:
@@ -42,14 +44,15 @@ services:
       - POSTGRES_HOST=postgres
       - POSTGRES_DB=libeufindb
       - DANGEROUSLY_DISABLE_HOST_CHECK=true
+
+      # not used because they are default values
+      # - CLIENT_PR_KEY_OUT=/app/keys/client_private_key.pem
+      # - CLIENT_PUB_KEY_OUT=/app/keys/client_public_key.pem
+      # - BANK_PUB_KEY_OUT=/app/keys/bank_public_key.pem
 
     command: /app/scripts/init_libeufin_sandbox.sh
     tty: true
     stdin_open: true # without this node doesn't start; https://stackoverflow.com/questions/61857267/how-to-make-yarn-start-work-inside-docker-image-with-react-scripts-3-4-and-babel
-    expose:
-      - 5016
-      - 3000
-      - 5000
     ports:
       - "5016:5016" # sandbox 
       - "5001:5000" # nexus
@@ -59,12 +62,15 @@ services:
       - 3000
       - 5001
     volumes:
-      - ./scripts:/app/scripts
+      - ./scripts:/app/scripts:rw
+      - ./keys:/app/keys:rw
+      - ./trace:/app/trace:rw
 
   ebics-service: 
-    #image: e36io/ebics-service:updateLibeufin
-    build: 
-      context: .    
+    image: e36io/ebics-service:hyperfridge
+    # container_name: ebics
+    # build: 
+    #   context: .    
     depends_on: 
       - libeufin
     environment:
@@ -73,8 +79,67 @@ services:
        - LIBEUFIN_NEXUS_URL=http://libeufin:5000
        - LIBEUFIN_SANDBOX_ADMIN_PASSWORD=superpassword
        - LIBEUFIN_SANDBOX_USERNAME=admin
-       - LIBEUFIN_SANDBOX_PASSWORD=superpassword       
+       - LIBEUFIN_SANDBOX_PASSWORD=superpassword
+       - FRIDGE_OUT_DIR=file:/app/work_out/
     ports:
       - "8093:8093"
     expose:
       - 8093      
+    volumes:
+      - recipie-dir:/app/work_out/:rw
+
+  hyperfridge: 
+    # profiles:
+    #   - dev      
+    container_name: fridge
+    image: e36io/hyperfridge-r0:latest
+    # build: 
+    #   context: /home/w/workspace/hyperfridge-r0
+    #   dockerfile: ${DOCKERFILE:-DockerfileLinux}   # Default to DockerfileLinux, override with DOCKERFILE environment variable if provided
+
+    environment:   
+      # for watchdog.sh which generates a new proof in /app/out/ as soon as new file ebics file is dedected in /app/in/
+      - CLIENT_PR_KEY=/app/keys/client_private_key.pem
+      - CLIENT_PUB_KEY=/app/keys/client_public_key.pem
+      - BANK_PUB_KEY=/app/keys/bank_public_key.pem
+      - WITNESS_PUB_KEY=/data/pub_witness.pem
+      - WITNESS_PR_KEY=/data/witness.pem
+      - IN_DIR=/app/in/
+      - WORK_DIR=/app/work/
+      - OUT_DIR=/app/out/
+      - HOST_CMD=/app/host
+    command: /data/watchdog.sh
+    working_dir: /data
+    volumes:
+      - recipie-dir:/app/out/:rw
+      - ./keys/:/app/keys/:ro
+      - ./trace:/app/in:ro
+      # for DEV
+      # - /home/w/workspace/hyperfridge-r0/data/checkResponse.sh:/data/checkResponse.sh
+      # - /home/w/workspace/hyperfridge-r0/data/watchdog.sh:/data/watchdog.sh
+
+  pgadmin: 
+    profiles:
+      - dev      
+    container_name: dbadmin
+    image: dpage/pgadmin4:7.6
+    environment:
+      PGADMIN_DEFAULT_EMAIL: admin@example.com
+      PGADMIN_DEFAULT_PASSWORD: root
+      MAX_LOGIN_ATTEMPTS: '15'  # Ensure this is a string, not a number
+      POSTGRES_USER: pgrootuser
+      POSTGRES_PASSWORD: pgrootpassword
+      POSTGRES_HOST: postgres
+      POSTGRES_DB: libeufindb
+      DANGEROUSLY_DISABLE_HOST_CHECK: 'true'  # Ensure this is a string, not a boolean
+
+    depends_on: 
+      - postgres
+    volumes:
+      - /home/w/pgadmin:/var/lib/pgadmin:rw
+    user: root
+    ports:
+      - "53603:53603"
+      - "8081:80" #mapped on w.e36.io:35050; admin@example.com root; add server medi medi medi
+volumes:
+  recipie-dir:      

docs/HOWTO.md

@@ -41,8 +41,14 @@ The successful setup is shown by:
 	2021-05-22 07:53:48,251  INFO - Configuration initialization
 	2021-05-22 07:53:48,254  INFO - Loading user 4444444
 	2021-05-22 07:53:48,355  INFO - The user 4444444 was loaded successfully
-
-
+
+### Set up docker based development environment and test 
+
+- Use docker compose rm/build/run
+- On Swagger: http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/#/ebics-controller/createPaymentOrderUsingPOST
+  - Create order just change the amount: http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/#/ebics-controller/createPaymentOrderUsingPOST
+  - Do fetch-transactions by calling this endpoint - you should see the above amount in there: http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/#/ebics-controller/getPaymentsUsingGET
+
 ## FAQ
 
 ### Setup with your bank

docs/TEST.md

@@ -1,63 +1,105 @@
 # Tests
 
-## Run unit tests
+## Run unit tests 
 
 ![Coverage](../.github/badges/jacoco.svg)
 
-Run tests for the ebics-java-client on linux - it mounts sources into a docker container with java and the maven build tool - so you do not need to install java or gradle on your local machine:
+Run tests for the ebics-java-client on linux - it mounts sources into a gradle docker container with java and the maven build tool - so you do not need to install java or gradle on your local machine:
 
     git clone  https://github.com/element36-io/ebics-java-service.git
-    cd ebics-java-service; mkdir ./app;
-    docker run -it -v $PWD:/app -w /app  gradle:6-jdk8-hotspot gradle test
+    cd ebics-java-service
+    docker run -it -v $PWD:/app -w /app  gradle:6-jdk11 gradle clean test
+
 
 On your host machine, test results are stored `./build/reports/tests/test/index.html`, test documents are stored in `./out`. With minimum Java 8 and Maven run tests on your host machine with `gradle test`, again see `./build/reports/tests/test/index.html` for test results.
 
 For test coverage: `./build/reports/jacoco/test/html/index.html`.
 Test for vulnerabilities `gradle dependencyCheckAggregate`- see report in `./build/reports`.
 
-See [here](https://github.com/element36-io/ebics-java-client/blob/master/README.md) how to run tests on ebics-java-client.
+If you are interested in the Ebics Client implementation as well, look [here](https://github.com/element36-io/ebics-java-client/blob/master/README.md).
 
-## Test API manually
+# Run with docker 
 
-    docker run -p 8093:8093 e36io/ebics-service
+Checkout [hyperfridge](https://github.com/element36-io/hyperfridge-r0) and [banking backend](https://github.com/element36-io/LibEuFin) at same directory as ebics-java-service to build images locally:
 
-or with existing Ebics configuration
+    git clone git@github.com:element36-io/LibEuFin.git
+    cd LibEuFin
+    ./bootstrap
+    cd ..
+    git cline git@github.com:element36-io/XXXXXXX.git
 
-    docker run -p 8093:8093 -v $HOME/ebics:/root/ebics  e36io/ebics-service
+Build on Linux: 
 
-or with existing Ebics configuration and in production mode
+    cd ebics-java-service
+    docker compose build
 
-    docker run -p 8093:8093 -v $HOME/ebics:/root/ebics --env spring.profiles.active=prod e36io/ebics-service
+On Mac: 
 
-Open [Swagger](http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/) in your
-browser and test the API. Ony if you set the image to production mode, it will
-try co connect with your bank. In dev mode it will log its commands and generated
-documents. You may check and download the payment document (ebics document) under `./app`
-which can be tested manually against your bank. To set up and connect to your banks
-Ebics API you need to [switch to productive spring boot
-profile](https://www.baeldung.com/spring-profiles) by using `export spring_profiles_active=prod`.
+    cd ebics-java-service
+    DOCKERFILE=DockerfileMacOs docker compose build
+
+
+## Test API and download ZK proof
+
+First create a Payment on the banking backend:  
+
+    curl -X 'POST' \
+        'http://localhost:8093/ebics/api-v1/createOrder' \
+        -H 'accept: */*' \
+        -H 'Content-Type: application/json' \
+        -d '{
+            "amount": "123",
+            "clearingSystemMemberId": "HYPLCH22XXX",
+            "currency": "EUR",
+            "msgId": "emtpy",
+            "nationalPayment": true,
+            "ourReference": "empty",
+            "pmtInfId": "empty",
+            "purpose": "0x9A0cab4250613cb8437F06ecdEc64F4644Df4D87",
+            "receipientBankName": "Hypi Lenzburg AG",
+            "receipientCity": "Baar",
+            "receipientCountry": "CH",
+            "receipientIban": "CH1230116000289537313",
+            "receipientName": "element36 AG",
+            "receipientStreet": "Bahnmatt",
+            "receipientStreetNr": "25",
+            "receipientZip": "6340",
+            "sourceBic": "HYPLCH22XXX",
+            "sourceIban": "CH2108307000289537320"
+        }'
 
-### Test  `/ebics/api-v1/simulate'
+Download daily statement which should inluce prior payment and the STARK: 
 
-Create a test transaction - send funds form your bank account to somebody else.
-The result shows the Ebics file generated by the request.
-You may test this file with your bank prior to activating Ebics: Many
-banks offer buld-upload function which read Camt.053 format via web-interface.
+    curl -X 'GET' \
+        'http://localhost:8093/ebics/api-v1/bankstatements' \
+        -H 'accept: */*' -o result.json
 
-Same behaviour in dev and prod environment.
+Extract the filename of the proof and download it: 
 
-### Test  `/ebics/api-v1/bankstatements'
+    PROOF=$(cat result.json | grep \
+    -o '"receiptUrl":"[^"]*"' | cut -d'"' -f4)
+    wget "http://localhost:8093/ebics/$PROOF" -O receipt.json
 
-Retrieves bank statement and translates Camt.053 format to Json.
+Verify the proof with the verifier: 
+
+    # we need the image id and the receipt
+    imageid=$(docker run fridge cat /app/IMAGE_ID.hex)
+    docker cp receipt.json fridge:/app/receipt.json 
+    docker exec -it -e RISC0_DEV_MODE=true fridge verifier \
+        verify --imageid-hex="$imageid" --proof-json="/app/receipt.json"
+
+
+## Test API manually with Swagger
+
+Open [Swagger](http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/) in your
+browser and test the API and follow instructions [here](manual/manual.md) for a manual test.
 
-In dev mode you see the command which is issued to query the daily statement.
 
-### Test  `/ebics/api-v1/unpeg'
+## Login to simulated banking backend UI
 
-Create a tarnsaction with your pegging account configured in `ebics.pegging.account`.
-:warning: In prod mode it sends real money - in dev mode it shows the command and the Ebics document in the result.
+Open [LibFinEu](http://localhost:3000) in your
+browser with 'foo' and 'superpassword'. 
 
-### Test  `/ebics/api-v1/createOrder'
+Go to [Activity](http://localhost:3000/activity) and select 'CH2108307000289537320' to see the transations you created before. 
 
-At your bank you can have more than one bank account. The Ebics interface allows you to access all of them at once:
-Daily statements will cover transactions of all accounts - and you can create new transactions from any bank account from the Ebics interface.
+Note that this is an external component which also can be used to connect to any bank supporting EBICS. It shows that the protocoll is used in a standard way.