docs: add configuration docu

README.md

@@ -64,7 +64,8 @@ After all containers have started you will be able to reach the application on y
 
 ## Documentation  
 
-- [ ] TODO: Link to documentation
+* [configuration manual](docs/configuration.md)
+* [developing configuration](docs/dev_config.md)
 
 ## Support and feedback
 

docs/configuration.md

@@ -0,0 +1,101 @@
+# Configuration Manual of Issuance Service
+
+# Introduction
+Issuance Service is developed as self-contained spring boot application.
+The issuance application consist of 2 part
+ * dgca-issuance-service - this spring boot application. Backend application that serves services as REST Endpoints.
+ * [dgca-issuance-web](https://github.com/eu-digital-green-certificates/dgca-issuance-web) - Web frontend programmed using React framework
+The documentation here concern only dgca-issuance-service
+The configuration of issuance service is done using [spring boot configuration capabilities](https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-external-config).
+
+# Default Configuration
+The default configuration (default profile) is defined by file src/main/resources/application.yml
+It is part of application deployment and is used as default.
+This default configuration is set to enable easy start of application out-of-the-box without additional dependencies but
+it is not usable for productive environment and miss some functionality.
+* usage of in-memory h2 database - all data are lost by restart
+* use public test keystore for signing - see certs/test.jks
+* no connection to dgc-gateway - no publish key endpoint is not usable
+
+# Configuring Signing Keys for EDGC (European Green Certificate)
+The issuance service needs private-public key to sign the EDGC.
+The keys are stored in jks-keystore file and protected by password.
+The private key is protected by additional password.
+There are cert/test.jks file that are provided for testing purposes only.
+You need to create own private key and keep it secret.
+The issuance service may use only one private key to sign the message.
+
+Following properties defines it (compare src/main/resources/application.yml)
+
+```
+issuance:
+   keyStoreFile: certs/test.jks
+   keyStorePassword: dgca
+   certAlias: edgc_dev_ec
+   privateKeyPassword: dgca
+```
+
+You may use the [Keystore Explorer](https://keystore-explorer.org/) to create jks keystore file and certificates.
+Following key types are supported
+* EC P-256 (for primary edgc algorihm)
+* RSA 2048 bit (for secondary egdc algorithm)
+
+For detailed informations see: https://ec.europa.eu/health/ehealth/covid-19_en
+
+# Configuring EDGC Parameters
+Following parameter configure the creation and handling of EDGC
+
+```
+issuance:
+   dgciPrefix: dgci:V1:DE
+   countryCode: DE
+   tanExpirationHours: 2
+   expiration:
+      vaccination: 365
+      recoverty: 365
+      test: 60
+```
+
+The dgciPrefix, countryCode and expiration are used to set up the EDGC fields.
+The tanExpirationHours is used to expire first TAN for wallet claim process. 
+
+# Configuring Database
+The application needs a database to store dgci data and claim.
+The default database is in-memory H2 database and is usable for development only.
+In the spring profile "cloud" see src/main/resources/application-cloud.yml there are example postgres database configured.
+Consult [spring boot manuals](https://docs.spring.io/spring-boot/docs/current/reference/html/howto.html#howto-data-access) 
+
+# Configuring Connection to EDGC Gateway
+The connection to EDGC is optional.
+The application uses DGC Gateway connector from dgc-lib to configure and use the dgc-gateway. 
+If enabled you may use PUT /dgci/certPublish to public the public signing key to EDGC Gateway.
+
+For detailed information see:
+[dgc-lib repositoy](https://github.com/eu-digital-green-certificates/dgc-lib)
+
+There are no public free dgc-getway service therefore you will not find any connection parameters here
+
+# Access Control for REST Endpoints
+
+Overview of REST Connections and participating systems
+![Issuance Service Overview](issuance-service-overview.svg)
+
+
+Access point for issue creation (must be protected)
+* /dgci/issue
+* /dgci/issue/*
+
+Access point to trigger public key publishing to EDGC Gateway (must be protected)
+* /dgci/certPublish
+
+Public Access point for wallet app
+* /dgci/wallet/*
+* /context
+* GET /dgci/{dgciHash}
+
+Developing/Test Endpoints
+* /cert/*
+
+
+
+

docs/dev_config.md

@@ -0,0 +1,40 @@
+# Configuring for Developing
+
+# Build
+The application use maven as build system.
+Some maven dependencies are github maven registry packages. The access to them need to be configured
+using github access token.
+See file settings.xml and consult the [gitub maven registry](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry)
+
+This 2 maven repository are used as dependencies (see also pom.xml)
+* https://github.com/eu-digital-green-certificates/dgc-lib
+* https://github.com/ehn-digital-green-development/hcert-kotlin
+
+# Running frontend and backend in dev mode
+
+Start dgca-issuance-service in your favorite java IDE.
+
+    Main class: eu.europa.ec.dgc.issuance.DgcIssuanceApplication
+
+Pass following program argument to adapt endpoint prefix for need of dgca-issuance-web
+
+    --server.servlet.context-path=/dgca-issuance-service
+
+The server starts on port 8080. See log output.
+
+Start [dgca-issuance-web](https://github.com/eu-digital-green-certificates/dgca-issuance-web)
+by using 
+
+    yarn start
+
+The frontend starts in developing mode and is available on http://localhost:3000.
+See frontend node developing server forward calls to backend (see package.json proxy entry)
+
+You can use the service by REST client as Postman or use frontend directly.
+You may also use swagger-ui
+
+* [The swagger ui (localhost)](http://localhost:8080/dgca-issuance-service/swagger)
+* [Open API endpoint (localhost)](http://localhost:8080/dgca-issuance-service/api/docs)
+
+
+