Registration Processor(Regproc) is a backend processing engine to enable the ID Lifecycle management. It has several stages and services, registration packet flows through various stages depending on the type of flow.
The documentation here will guide you through the prerequisites required for the developer's setup.
Below are a list of tools required in Registration Processor:
JDK 11
Any IDE (like Eclipse, IntelliJ IDEA)
Apache Maven (zip folder)
pgAdmin
Git
Notepad++ (optional)
lombok.jar (file)
settings.xml (document)
Follow the steps below to set up Registration Processor on your local system:
1. Download lombok.jar and settings.xml from here.
2. Unzip Apache Maven and move the unzipped folder in C:\Program Files and settings.xml to conf folder C:\Program Files\apache-maven-3.8.4\conf.
3. Install Eclipse, open the lombok.jar file and wait for some time until it completes the scan for Eclipse IDE and then click Install/Update.
4. Check the Eclipse installation folder C:\Users\userName\eclipse\jee-2021-12\eclipse to see if the lombok.jar is added. By doing this, you don't have to add the dependency of lombok in your pom.xml file separately as it is auto-configured by Eclipse.
5. Configure the JDK (Standard VM) with your Eclipse by traversing through Preferences → Java → Installed JREs.
For the code setup, clone the registration repository from and follow the guidelines mentioned in the Code Contributions.
Open the project folder where pom.xml is present.
Open command prompt from the same folder.
Run the command mvn clean install -Dgpg.skip=true -DskipTests=true to build the project and wait for the build to complete successfully.
After building of a project, open Eclipse and select Import Projects → Maven → Existing Maven Projects → Next → Browse to project directory → Finish.
After successful importing of project, update the project by right-click on Project → Maven → Update Project.
1. For the environment setup, you need an external JAR that is available here with different versions. (E.g.: You can download kernel-auth-adapter.jar and add to project Libraries → Classpath → Add External JARs → Select Downloaded JAR → Add → Apply and Close).
2. Clone mosip-config repository.
3. Create an empty folder inside the mosip-config with sandbox-local name and then copy and paste all the config files inside sandbox-local folder except .gitignore, README and LICENSE.
4. As Registration Processor is using two properties files, registration-processor-default and application-default, you will have to configure them according to your environment. The same files are available here for reference.
5. To run the server, two files are required- kernel-config-server.jar and config-server-start.bat.
6. Put both the files in the same folder and change the location attribute to sandbox-local folder in config-server-start.bat file and also check the version of kernel-config-server.jar towards the end of the command.
Example:
java -jar -Dspring.profiles.active=native -Dspring.cloud.config.server.native.search-locations=file:C:\Users\myDell\mosipProject\mosip-config\sandbox-local -Dspring.cloud.config.server.accept-empty=true -Dspring.cloud.config.server.git.force-pull=false -Dspring.cloud.config.server.git.cloneOnStart=false -Dspring.cloud.config.server.git.refreshRate=0 kernel-config-server-1.2.0-20201016.134941-57.jar.
7. Run the server by opening the config-server-start.bat file.
The server should now be up and running.
8. Before running any application of Registration Processor, replace the below properties in bootstrap.properties:
spring.cloud.config.uri=http://localhost:51000/config
spring.cloud.config.label=master
spring.profiles.active=default
spring.profiles.active can be dmz or mz(default)
9. An alternative approach to start the application is to place the dependency of application to be executed in the pom of MOSIP stage executor update maven and place above mentioned properties in the bootstrap.properties and then start MOSIP stage executor.
When biometric duplicates are found in ABIS, the MOSIP system sends a request for manual adjudication to the Manual Adjudication System via a queue.
The system integrator can build the Manual Adjudication System, which would be listening to the MOSIP-to-ManualAdjudication queue for any manual adjudication requests and sends a response back in the ManualAdjudication-to-MOSIP system after verifying the data.
The data sent to the Manual Adjudication System is driven by a policy defined in MOSIP and the specification is similar to ABIS identify request.
The manual adjudication stage in registration processor performs the following functions:
Sends the applicant's demographic and biometric information (via queue + Datashare) to Manual Adjudication System (MAS).
Receives decision from MAS and accordingly forwards the packets.
If rejected, notifies the applicant.
requestId: request_id that is associated with each request present in reg_manual_verification table.
referenceId: reg_id that is associated with each request present in reg_manual_verification table.
referenceURL: Datashare url of biometrics, demographics(identity), audits, metainfo, documents of reg_id
gallery: contains the matched ref_id and referenceURL of matched ref_id.
returnValue: 1-Success, 2-Failure
candidateList: It contains matched candidate referenceIds, count and analytics.
Datashare contains biometrics, identity documents, metainfo, audits related to particular rid and the datashare URL contains encrypted form of this data.
Note: Datashare encryption using partner key and decryption in MAS is using private key of that partner.
GET https://datashare-service/v1/datashare/get/mpolicy-default-adjudication/mpartner-default-adjudication/mpartner-default-adjudicationmpolicy-default-adjudication202011110619201EpLEjvD
The structure of the encrypted data downloaded from referenceURL in MOSIP 1.2.0 or later versions. The data downloaded would be URL-safe base64 encoded. Hence, after decoding the data will be in the below format. It will be divided into two parts after splitting using #KEY_SPLITTER#.
Block 1:
Block 1, i.e. the encrypted key data is again split into three parts, • The 1st part is VER_BYTES (version bytes). The Current version constant is set as VER_R2 and this is present in the first 6 bytes of Block 1.
• The 2nd part is the Certificate Thumbprint i.e. the key identifier which is present in the next 32 bytes after VER_BYTES.
• The 3rd part is the Encrypted Random AES Key, encrypted with the RSA OAEP - SHA256-MFG1. This constitutes the remaining 256 bytes of Block 1.
Block 2:
Block 2, i.e. the encrypted actual data is again split into two parts,
• The 1st part is the random 32 bytes which will be used as AAD in AES encryption (first 32 bytes). From this 32 bytes AAD data, the first 12 bytes is IV/Nonce.
• The 2nd part is the encrypted data which is encrypted using AES GCM PKCS5Padding.
The structure of the encrypted data downloaded from referenceURL in MOSIP 1.1.5.5 or prior versions.
The data downloaded would be base64 encoded. Hence, after decoding the data will be in the below format. It will be divided into two parts after splitting using #KEY_SPLITTER#.
Block 1:
Block 1, i.e. the encrypted key data is again split into two parts,
The first part is the Certificate Thumbprint i.e. the key identifier which is the first 32 bytes in Block 1.
The second part is the Encrypted Random AES Key which is encrypted with RSA OAEP - SHA256-MFG1. This constitutes the remaining 256 bytes of Block 1.
Block 2:
Block 2, i.e. the encrypted actual data is again split into two parts,
The 1st part is the Encrypted data, encrypted using AES GCM PKCS5Padding.
The 2nd part is IV/Nonce i.e. the last 32 bytes appended after encrypted data.
partner Id: mpartner-default-adjudication policy Id: mpolicy-default-adjudication
In registration-processor-default.properties, the possible Error codes are as follows:
This stage is applicable only if required biometrics are not present in the packet as per country configuration.
Sends applicant's demographic documents (via Queue + Datashare) to external Verification System (VS).
Receives decision from VS and accordingly forwards the packets.
If rejected, notifies the applicant.
requestId: verification_request_id that is associated with each request present in reg_verification table.
referenceId: reg_id that is associated with each request present in reg_verification table.
referenceURL: Datashare URL of biometrics, demographics(identity) ,audits, metainfo, documents of reg_id .
Response parameters
returnValue: 1-success, 2-failure
Datashare contains biometrics, identity, documents, metainfo, audits related to particular rid and datashare URL contains encrypted form of this data.
Note: Datashare encryption using partner key and decryption in MAS is using private key of that partner.
GET https://datashare-service/v1/datashare/get/mpolicy-default-adjudication/mpartner-default-adjudication/mpartner-default-adjudicationmpolicy-default-adjudication202011110619201EpLEjvD
The structure of the encrypted data downloaded from referenceURL in MOSIP 1.2.0 or later versions. The data downloaded would be URL-safe base64 encoded. Hence, after decoding the data will be in the below format. It will be divided into two parts after splitting using #KEY_SPLITTER#.
Block 1:
Block 1, i.e. the encrypted key data is again split into three parts, • The 1st part is VER_BYTES (version bytes). The Current version constant is set as VER_R2 and this is present in the first 6 bytes of Block 1.
• The 2nd part is the Certificate Thumbprint i.e. the key identifier which is present in the next 32 bytes after VER_BYTES.
• The 3rd part is the Encrypted Random AES Key, encrypted with the RSA OAEP - SHA256-MFG1. This constitutes the remaining 256 bytes of Block 1.
Block 2:
Block 2, i.e. the encrypted actual data is again split into two parts,
• The 1st part is the random 32 bytes which will be used as AAD in AES encryption (first 32 bytes). From this 32 bytes AAD data, the first 12 bytes is IV/Nonce.
• The 2nd part is the encrypted data which is encrypted using AES GCM PKCS5Padding.
The structure of the encrypted data downloaded from referenceURL in MOSIP 1.1.5.5 or prior versions.
The data downloaded would be base64 encoded. Hence, after decoding the data will be in the below format. It will be divided into two parts after splitting using #KEY_SPLITTER#.
Block 1:
Block 1, i.e. the encrypted key data is again split into two parts,
The first part is the Certificate Thumbprint i.e. the key identifier which is the first 32 bytes in Block 1.
The second part is the Encrypted Random AES Key which is encrypted with RSA OAEP - SHA256-MFG1. This constitutes the remaining 256 bytes of Block 1.
Block 2:
Block 2, i.e. the encrypted actual data is again split into two parts,
The 1st part is the Encrypted data, encrypted using AES GCM PKCS5Padding.
The 2nd part is IV/Nonce i.e. the last 32 bytes appended after encrypted data.
Possible Error codes and Messages from Datashare URL
partner Id: mpartner-default-adjudication policy Id: mpolicy-default-adjudication
Registration Processor (Regproc) is a backend processing engine to enable the ID Lifecycle management. The diagram below shows the Registration Processor along with the other modules that contribute in issuing a Unique Identification Number(UIN) for an individual. Internally, Regproc follows the SEDA architecture where data flows via multiple stages till the UIN is issued.
The relationship of Regproc with other services is explained here. NOTE: The numbers do not signify sequence of operations or control flow
Registration packets are uploaded by Registration Client to Packet Receiver.
After packet validation is done Regproc notifies pre-registration application using datasync service.
Quality of biometrics is checked using an external biometric SDK. This is done in Regproc's Quality Classifier stage.
The above data is shared by providing a URL that partners use to fetch data. This URL is obtained from Datashare service.
Regproc's ABIS Middleware stage communicates with ABIS via Activemq. The ABIS performs deduplication and sends back result to the Queue.
Regproc stores and updates applicant demographic and biometric information in ID Repository. Also Activates or deactivates applicant UIN.
Regproc calls IDA Internal Authentication Service to authenticate Applicant(for update flow), introducer, operator and supervisor(when bio auth mode is used to create packet).
After the UIN is processed the Printing Stage calls Credential Service to create credential for print. This credential will be pushed to websub and the Printing systems will consume same.
The Notification Service is used to send email/sms notification to the applicant after the request processing is completed in server.
Regproc connects to external "Manual Adjudication System" via queue. Regproc sends applicant information required for adjudication in queue and external adjudication system consumes it. The data is shared from mosip to external adjudication system based on policy.
Regproc calls Key Manager for decrypting packet and for encrypting information.
Regproc uses Masterdata Service to validate center, machine, user etc.
Regproc connects to Virus Scanner for scanning packets in Packet Receiver Stage and Packet Uploader Stage
Each Stage in regproc calls Packet Manager to read information from packet.
The Registration Processor contains several stages and services.
The registration packet flows through the various stages depending on the type of flow. See Registration Flows and Stage Sequence.
Note: The Print Stage has been renamed as the Credential Requestor Stage. For further information, please click here.
Refer to repo.
Refer to Configuration Guide.
To know more about the developer setup, read Registration Processor Developers Guide.
Refer API Documentation.
| Encrypted Key Data | KEY_SPLITTER | Encrypted Actual Data |
|---|---|---|
| Encrypted Key Data | KEY_SPLITTER | Encrypted Actual Data |
|---|---|---|
| Error Code | Error Message |
|---|---|
| Error Code | Error Message |
|---|---|
| Encrypted Key Data | KEY_SPLITTER | Encrypted Actual Data |
|---|---|---|
| Encrypted Key Data | KEY_SPLITTER | Encrypted Actual Data |
|---|---|---|
| Error Code | Error Message |
|---|---|
| Error Code | Error Message |
|---|---|
Block 1
#KEY_SPLITTER#
Block 2
Block 1
#KEY_SPLITTER#
Block 2
DAT-SER-003
File does not exist or File is empty
DAT-SER-006
Data share not found
DAT-SER-006
Data share usage expired
KER-ATH-401
Authentication failed
KER-ATH-403
Forbidden
RPR-MVS-000
manual verification failed
RPR-MVS-001
Registration Id should not empty or null
RPR-MVS-002
No matched reference id found for given RID
RPR-MVS-025
Manual adjudication failed
RPR-MVS-022
Registration Id should not empty or null
RPR-MVS-022
TablenotAccessibleException in Manual verification
RPR-MVS-021
Manual verification rejected
RPR-MVS-025
Manual verification resend to queue
RPR-SYS-012
IO EXCEPTION
Block 1
#KEY_SPLITTER#
Block 2
Block 1
#KEY_SPLITTER#
Block 2
DAT-SER-003
File does not exists or File is empty
DAT-SER-006
Data share not found
DAT-SER-006
Data share usage expired
KER-ATH-401
Authentication Failed
KER-ATH-403
Forbidden
RPR-MVS-004
No Assigned Record Found
RPR-MVS-025
Multiple rids found for a reference id
RPR-MVS-022
TablenotAccessibleException in Manual verification
RPR-VER-002
Verification failed
RPR-VER-004
Resend for verification
RPR-MVS-016
Reg Id should not be null or empty
RPR-MVS-021
Manual verification rejected
