Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Release Name: CTK 1.3.0
Upgrade From: CTK 1.2.0
Support: Stable Release
Release Date: 5th January, 2024
Note:
On January 25th, 2024, the mosip-compliance-toolkit
tag has been updated from v1.3.0 to v1.3.1 in order to resolve a bug in the BiometricsQualityCheckValidator
during the conversion of bioScore
into bioScoreRange
.
Furthermore, on February 12th, 2024, an update was made to the mosip-compliance-toolkit
tag from v1.3.1 to v1.3.2. This update aims to address the issue of missing table names in the ddl.sql
located within the db_scripts
folder.
The 1.3.0 version of CTK includes the following new features:
Enhanced Report Generation and submission capabilities for CTK (Report for Review).
Added Admin login functionality to enable viewing Partner Reports, conducting Test Runs, and approving or rejecting submitted Reports.
Incorporated Quality Assessment testcases using BQAT quality check on biometrics captured by SBI devices.
Additional Hash Validation testcases for SBI to ensure data integrity.
Included support for Kibana Dashboards in CTK.
To know more about the Hash generation logic, read Hash Generation.
mosip-compliance-toolkit
mosip-compliance-toolkit-ui
bio-utils
Imagedecoder
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Post installation, follow the setup steps available here.
Release Name: CTK 1.4.0
Support: Stable Release
Release Date: 15th April, 2024
The 1.4.0 version of CTK includes the following new features:
New Features in CTK 1.4.0 release
Quality Assessment Report is now available for Quality Assessment Collections. This report is eligible for review, similar to the Compliance Collection report.
Added a new CTK Landing page
Added Terms & Conditions consent popup for partners during login. If a partner does not provide consent, they will be automatically logged out.
SBI Testcases Enhancements
Added a negative SBI testcase SBI1196 where Discover request attributes are in UPPER CASE
Added testcases(SBI1197, SBI1198 and SBI1199) where bioSubTypes is optional in RCapture request
Enhanced all SBI schemas by adding "Additional Properties" as "false" in all nested objects as well. This will disallow any extra attributes at nested levels.
Community reported issue in the CTK UI GitHub repository is fixed - Android SBI CTK Check Device Status failed: SBI1028, SBI1029
In the trust validation process, we’ve now incorporated an additional check for the Organization Name. This check involves verifying both the logged-in user’s organization and the Subject Organization specified in the certificate. By doing so, we enhance the security and reliability of our validation procedures.
Responses from SBI RCapture will now be encrypted and stored in the CTK database.
In response to a community-reported issue, CTK now sends the ‘previousHash’ as the SHA256 hash of an empty UTF-8 string, rather than simply an empty string.
The attributes, "requestedScore" and "qualityScore" currently support floating point numbers in CTK schemas and testcases.
ABIS Testcases Enhancements
Added new ABIS DataShare related testcases ABIS3030, ABIS3031. ABIS3031 is inactive in this release since it needs some changes in kernel-auth-adapter.
Enhanced all ABIS schemas by adding "Additional Properties" as "false" in all nested objects as well. This will disallow any extra attributes at nested levels.
SDK Testcases Enhancements
Enhanced all SDK schemas by adding "Additional Properties" as "false" in all nested objects as well. This will disallow any extra attributes at nested levels.
Technical Enhancements
Added a Batch Job for Archival of oldest X test runs per collection to an archive table. This X is configurable.
API documentation
Create separate repository for CTK test cases.
CTK 1.4.0 test with latest released code of Mock MDS, Mock SDK and Mock ABIS
Capture BQAT version and other details in Quality Assessment Report
Fixed bugs identified in Security Testing of CTK
mosip-compliance-toolkit
mosip-compliance-toolkit-ui
compliance-toolkit-batch-job
compliance-toolkit-testcases
mosip-config
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Post installation, follow the setup steps available here.
The scope of testing revolved around verifying the compliance of the product as per the specifications published by MOSIP using the below devices:
Registration devices for Iris, Face and Fingerprint
Authentication devices for Iris, Face and Fingerprint
The Android Compliance tool kit App v1.1.0 was tested with the below specifications:
Secure Biometric Interface (SBI)
The Windows Compliance Tool kit was tested with the below specifications:
Secure Biometric Interface (SBI)
SDK
Quality Check
Match
Extraction
Conversion
The Secure Biometric Interface (SBI) is used to interface with the biometric devices. The Compliance Tool kit was tested to ensure that the interface built by the device provider is following the specs and security rules defined in the SBI spec. The device hardware security features are not tested as part of Compliance Tool kit.
The Android CTK app v1.1.0
with MOSIP Android Mock SBI
has been tested for compliance with the specifications across 55 test cases.
Test cases specific to the quality and user interactions have been tested with MOSIP Android mock SBI.
The Android CTK app v1.1.0
with MOSIP Android Mock SBI
has been tested for compliance with the specifications across 64 test cases.
Test cases specific to quality and user interactions have been tested with MOSIP Android mock SBI and real registration face SBI.
The Android CTK app v1.1.0
with real Android registration face SBI
has been tested for compliance with the specification only for registration face device.
The Windows CTK v1.1.0 with MOSIP Windows Mock SBI
has been tested for compliance with the specifications across 55 authentication spec test cases.
The Windows CTK v1.1.0 with MOSIP windows Mock SBI
has been tested for compliance with the specifications across 76 registration spec test cases.
Out of scope: Real devices testing in windows CTK.
The SDK implementation has been tested to support quality check, match, extraction, and conversion of biometrics. Test cases have been tested with MOSIP mock SDK.
Out of scope: Segmentation testing and Real SDK testing
mosipqa/compliance-toolkit-service: 1.1.0
mosipqa/compliance-toolkit-ui: 1.1.0
mosipqa/postgres-init: 1.2.0.1
mosipid/postgres-init :1.2.0.1-B2
mosipid/config-server: 1.1.2
mosipid/kernel-auditmanager-service: 1.2.0.1-B1
mosipid/kernel-auth-service:1.2.0.1-B2
mosipqa/authentication-service: 1.2.0.1
mosipid/kernel-keymanager-service: 1.2.0.1-B2
mosipid/keycloak-init: 1.2.0.1-B2
mosipqa/partner-management-service: 1.2.0.1
mosipqa/partner-onboarder: develop
mosipid/kernel-notification-service: 1.2.0.1-B1
mosipid/keycloak-init: 1.2.0.1-B2
mosipid/mosip-keycloak: 16.1.1-debian-10-r85
mosipqa/keycloak-init: develop
Compliance Tool Kit (CTK) is an online portal that can be used by MOSIP partners to test the compliance of their product developed as per specifications (specs) published/adopted by MOSIP.
Currently, CTK supports testing of compliance with the below specifications:
SBI: Secure Biometric Interface (SBI) is used to interface with biometric devices. Device partners are required to build a software layer that provides a unified communication protocol for all biometric capture use cases. The specifications that should be followed are defined as Secure Biometrics Interface (SBI) specs. The compliance tool kit ensures that the interface built by the device provider follows the specs, and a certain level of security and integrity is defined in the SBI spec. The device hardware security features are not tested as part of this toolkit.
CTK also supports the testing with Android SBI specifications.
SDK: Biometric Service Providers (BSPs) provide SDK implementation which supports quality check, match, extraction, and conversion of biometrics. MOSIP defines an iBioAPI as the specification for this SDK implementation. Biometric SDK providers are also required to integrate this HTTP service into their solution. This allows running the SDK as an independent HTTP service. The compliance tool kit would make sure that these interfaces are as per the MOSIP-defined specifications for smooth interaction.
ABIS: To provide a unique identity for a resident, MOSIP has to ensure that the uniqueness of the resident's biometrics is maintained. To achieve this, MOSIP interfaces with an Automated Biometric Identification System (ABIS) to perform the de-duplication of a resident's biometric data. ABIS is used for 1:N deduplication. MOSIP interacts with ABIS only via message queues. The JSON format is used for all control messages in the queue. ABIS must comply with the interface defined in ABIS API Specifications.
To support compliance with the specifications, CTK has predefined test cases for each of the above specs.
Each test case is run on a given method of the specs. Each test case defines the attributes required to create the request to be sent to the method.
Each test case also defines the response expected from the method. In this response, various validators are run. Each validator will perform a predefined check on the response. If all validations are successful, the test case is passed otherwise it is a failed test case.
Partners can use CTK to run these test cases to check if their implementation adheres to the MOSIP’s specs or not.
The diagram below illustrates the architecture of Compliance Tool Kit.
When a new project is created, two new collections will be automatically added to the project.
The first collection is the Compliance Collection, which is applicable for all project types. The second collection is the Quality Assessment Collection, specifically for SBI projects.
Partners can run the Compliance Collection and they can generate Draft Report
for the same.
After self-review, the partners can submit the Draft Report for review by the CTK Admin.
CTK Admin can review the partner's test run, project details and all other details before Approving or Rejecting the Report.
Final report can be downloaded by both, the partner and CTK Admin.
Summarizing as below:
Partner > Add Project > Compliance Collection > Run Collection (Test Run) > View Test Run > Download Draft Report > Submit for Review
CTK Admin > View Draft Report / View Test Run > Approve / Reject Report
The Quality Assessment Collection reporting procedure is very similar to the Compliance Collection process.
Using this collection, partner can collect biometric scores for various groups of individuals (age wise, gender wise, occupation wise etc.).
BQAT SDK provides biometric score.
This biometric score serves as the basis for evaluating the quality of the SBI partner..
Summarizing as below:
Partner > Add Project > Quality Assessment Collection > Run Collection (Test Run) > View Test Run > Download Quality Assessment Draft Report > Submit for Review
CTK Admin > View Quality Assessment Draft Report / View Test Run > Approve / Reject Report
To set up the Compliance Tool Kit, refer to How to set up CTK.
To use the CTK portal, refer to the Compliance Tool Kit User Guide.
To access the build and read through the deployment instructions, refer to the below-mentioned READMEs:
For details related to the Compliance Tool Kit configurations, refer Compliance Tool Kit configuration document.
To be able to add new test cases to CTK, refer to How to add more test cases.
To access the source code for Compliance Tool Kit, refer,
The scope of testing revolved around verifying the compliance of the product as per the specifications published by MOSIP using the below devices:
The Windows Compliance tool kit was tested with the below specifications:
ABIS (Automated Biometric Identification System) Specifications was tested with Fingerprint, Iris and Face modalities as per specifications.
Secure Biometric Interface (SBI)
Registration devices for Iris, Face and Fingerprint
Authentication devices for Iris, Face and Fingerprint
Biometric SDK
Quality Check
Match
Extraction
Conversion
The Android Compliance tool kit app v1.2.0 was tested with the below specifications:
Secure Biometric Interface (SBI)
Registration devices for Iris, Face and Fingerprint
Authentication devices for Iris, Face and Fingerprint
MOSIP interfaces with an Automated Biometric Identification System (ABIS) to perform de-duplication of a resident's biometric data. A country may use multiple ABISs for the same biometric data and evaluate the best ABIS based on de-duplication quality. ABIS is used for 1:N de-duplication. For 1:1 authentication, Biometric SDK is used. MOSIP does not recommend using an ABIS for 1:1 authentication.
Test cases have been tested with MOSIP mock ABIS for compliance with the MOSIP specifications across 29 test cases.
Out of scope: Real ABIS testing in CTK 1.2.0
The Secure Biometric Interface (SBI) is used to interface with the biometric devices. The Compliance tool kit was tested to ensure that the interface built by the device provider is following the specifications and security rules defined in the SBI spec. The device hardware security features are not tested as a part of Compliance tool kit.
The Android CTK app v1.2.0
with MOSIP Android Mock SBI
has been tested for compliance with the specifications across 55 test cases. Test cases specific to quality and user interactions have been tested with MOSIP Android mock SBI
.
The Android CTK app v1.2.0
with MOSIP Android Mock SBI
has been tested for compliance with the specifications across 64 test cases. Test cases specific to quality and user interactions have been tested with MOSIP Android mock SBI and real registration face SBI.
The Windows CTK 1.2.0 with MOSIP windows Mock SBI
has been tested for compliance with the specifications across 55 authentication spec test cases.
The Windows CTK 1.2.0 with MOSIP windows Mock SBI
has been tested for compliance with the specifications across 76 registration spec test cases.
Out of scope: Real devices testing on Windows and android CTK.
The SDK implementation has been tested to support quality check, match, extraction, and conversion of biometrics. Test cases have been tested with MOSIP mock SDK.
Out of scope: Segmentation testing and Real SDK testing.
After login to CTK Android app, the previous browser tab is not killed. Workaround: Once the popup appears, the user can manually close the tabs.
Newly registered user not landing on the CTK android home page (an intermittent issue observed on Samsung A03 mobile device).
In CTK Android app, UI elements are overlapping with each other (issue observed on Samsung A03 and Oneplus nord AC2001 mobiles because of screen size).
Add project/ collection takes empty spaces as name (validation is missing).
In Android CTK -Encryption Key
button is not appearing for Auth projects (Workaround: Partners can download the Encryption Key
from the web application.
With Android mock MDS, SBI1067
and SBI1068
testcases for Auth Iris ISO validation failing (issue with Android mock MDS).
mosipqa/compliance-toolkit-service:1.2.0
mosipqa/compliance-toolkit-ui:1.2.0
mosipqa/postgres-init:1.2.0.1
mosipid/postgres-init:1.2.0.1-B2
mosipid/config-server:1.1.2
mosipid/kernel-auditmanager-service:1.2.0.1-B1
mosipid/kernel-auth-service:1.2.0.1-B2
mosipqa/authentication-service:1.2.0.1
mosipid/kernel-keymanager-service:1.2.0.1-B2
mosipid/keycloak-init:1.2.0.1-B2
mosipqa/partner-management-service:1.2.0.1
mosipqa/partner-onboarder:develop
mosipid/kernel-notification-service:1.2.0.1-B1
mosipid/mosip-keycloak:16.1.1-debian-10-r85
Release Name: CTK 1.0.0 (Beta)
Upgrade From:
Release Date: 3rd February 2023
The 1.0.0 version of MOSIP’s Compliance Tool Kit is the first patch release on top of the release on top of 0.0.9 version. This release covers similar features as the 0.0.9 version but has additional test scenarios for the SBI, like
Key Rotation Validations
Quality Check Validation of the biometrics captured in SBI
ISO Validation of the ISO data captured from the SBI
The subsequent releases will have more aggressive test scenarios and integration components (like ABIS, Manual Adjudication & Manual Verification systems).
The basic features such as,
Create a Project
Create a Collection
Run a Collection
View Details of a Test Run
Add Biometric Data
are available as part of the releases.
The current version can be used by the device and biometric SDK vendors to test their SBIs and SDKs.
As a part of the SBI test suite, we support the verification schema and signature verification of,
Interfaces
Device discovery
Device info
Capture
RCapture
Certification Level
L0
L1
Biometric Modalities
Fingerprints
Iris
Face
As a part of the SDK test suite in the current version, we support the verification of schema and interface level verification for,
Interfaces
Initialization
Quality Check
Matcher
Extractor
Converter
Biometric Modalities
Fingerprint
Iris
Face
The detailed list of the test cases for SBI and SDK in the 1.0.0 version of the Compliance Tool Kit is available here:
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Post installation please follow the setup steps available .
Scenarios
Mock ABIS
Total
28
Passed
27
Pending
0
Failed
0
NA
1
Test Rate (%)
100%
Pass Rate (%)
100%
Scenarios
Finger
Iris
Face
Total
19
21
15
Passed
19
19
15
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
90%
100%
Scenarios
Finger
Iris
Face
Total
29
18
17
Passed
29
18
17
Pending
0
0
0
Failed
0
0
0
NA
1
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
Finger
Iris
Face
Total
19
21
15
Passed
19
21
15
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
Finger
Iris
Face
Total
35
21
20
Passed
35
21
20
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
With Mock SDK
Total
65
Passed
65
Pending
0
Failed
1
Test Rate (%)
100%
Pass Rate (%)
100%
Scenarios
Finger
Iris
Face
Total
19
21
15
Passed
19
21
15
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
Finger
Iris
Face
Total
29
18
17
Passed
29
18
17
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
Finger
Iris
Face
Total
29
18
17
Passed
0
0
3
Pending
0
0
0
Failed
0
0
14
Test Rate (%)
0%
0%
100%
Pass Rate (%)
0%
0%
18%
Scenarios
Finger
Iris
Face
Total
19
21
15
Passed
19
21
15
Pending
0
0
0
Failed
0
0
14
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
Finger
Iris
Face
Total
35
21
20
Passed
35
21
20
Pending
0
0
0
Failed
0
0
14
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
With Mock SDK
Total
76
Passed
65
Pending
0
Failed
0
N/A
11
Test Rate (%)
86%
Pass Rate (%)
86%
Issue
Description
MOSIP-26898
After login to CTK android app, the previous browser tab is not killed.
MOSIP-26762
Newly registered user not landing into CTK android home page (intermittent issue)
MOSIP-27044
In CTK Android app, UI elements are overlapping with each other.
MOSIP-27257
While initial launch, Android mock SBI is not landing into home page.
MOSIP-27304
In Android CTK -'Encryption Key' button is not appearing for Auth projects (Workaround: Partners can download 'Encryption Key' from web application)
MOSIP-27391
CTK - UI and Buttons not aligned properly
MOSIP-27440
CTK UI Reliability bugs reported in SonarCloud
Release Name: CTK 1.2.0
Upgrade From: CTK 1.1.0
Support: Stable Release
Release Date: 14th July, 2023
The 1.2.0 version of CTK includes the following new features:
CTK now supports ABIS testing
CTK now supports BQAT quality check on biomterics captured by SBI devices.
CTK now supports additional ISO validations for SBI after decoding the image.
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Post installation, follow the setup steps available here.
Release Name: CTK 1.1.0
Upgrade From: CTK 1.0.0
Support: Stable Release
Release Date: 19th May, 2023
The 1.1.0 version of CTK includes the two new features:
Multiple Language support in CTK
Android SBI testing
Multiple Language support in CTK
CTK will now support the application in multiple languages.
While logging in, the partner can select a language from the dropdown.
Therafter, the application will be displayed in the selected language.
By default, CTK will support three languages- English, French and Arabic.
Android SBI testing
CTK will now support Android SBI testing using the Android CTK App.
The basic features such as,
Create a Project
Create a Collection
Run a Collection
View Details of a Test Run
Add Biometric Data
are available as part of the releases.
The current version can be used by the device and biometric SDK vendors to test their SBIs and SDKs.
As a part of the SBI test suite, we support the verification schema and signature verification of,
Interfaces
Device discovery
Device info
Capture
RCapture
Certification Level
L0
L1
Biometric Modalities
Fingerprints
Iris
Face
As a part of the SDK test suite in the current version, we support the verification of schema and interface level verification for,
Interfaces
Initialization
Quality Check
Matcher
Extractor
Converter
Biometric Modalities
Fingerprint
Iris
Face
The detailed list of the test cases for SBI and SDK in the 1.1.0 version of the Compliance Tool Kit are available here:
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Post installation, follow the setup steps available here.
This section comprises instructional documents that can provide valuable insights into CTK for a diverse audience. It can be regarded as a knowledge hub that contains all the necessary additional information for effectively utilizing CTK.
Compliance Tool Kit (CTK) is an online portal that can be used by MOSIP partners to test the compliance of their product developed as per the specifications (specs) published by MOSIP. CTK currently supports compliance verification of SBI, SDK and ABIS specifications.
To verify the compliance of the partner software with MOSIP specifications, MOSIP has created predefined test cases for the type of specification.
Each test case in CTK runs on a given method of the specs. For example, there will be a test case for the device
method of SBI specs.
Each test case in CTK defines the attributes required to create the request to be sent to the partner application.
Each test case also defines the response expected from the partner application.
Each test case also defines the validators to be run in the response received.
Each validator also performs a predefined check on the response.
If all validations are successful, the test case is considered as passed, otherwise, the test case fails.
Partners can use CTK to run these test cases to verify if their implementation adheres to the MOSIP’s specs or not.
These test cases are defined in JSON format and saved in the CTK database.
This test case is for verifying the check device discovery endpoint of an SBI. This test case is available for both Registration
and Auth
SBI projects and all device type
and sub type
combinations.
This test case is for verifying the quality of face biometrics (if it is above the acceptable threshold). This test case will be available for Face modality
only and for the Quality Check project
.
This test case is for verifying the insert endpoint of an ABIS. This test case is available for all ABIS projects.
As can be seen from the above samples, few attributes are common across the test cases for SBI, SDK and ABIS while few are optional. Below is the list of each attribute and its use.
testCaseType
Required
Type of test case
SBI / SDK / ABIS
testName
Required
Name of test case
testId
Required
Unique ID for test case
SBI10XX, SDK20XX
specVersion
Required
Spec version being tested
0.9.5/1.0.0 for SBI, 0.9.0 for SDK
testDescription
Required
Test description. It can also include the steps to execute the test case.
isNegativeTestcase
Required
Indicates if the validator is for a positive or a negative scenario.
E.g.: for a bad face quality test, we expect a low score which is a negative scenario, so the validator should mark the test case as passed on receiving low score
inactive
Optional
Indicates that the test case is not active.
E.g.: The testcase SDK2026 is marked as inactive. So the user is unable to obtain this testcase.
inactiveForAndroid
Optional
Indicates that the test case is not active in CTK Android App.
E.g.: The testcase SBI1070 is marked as inactiveForAndroid. So the user is unable to obtain this testcase on android app.
methodName
Required
The name of the method to be invoked for the test case. It accepts an array. For SBI, this array will have only one value. For SDK, in case of a combination test case you can give 2 method names. E.g.: ["extract-template", "check-quality"]
device(SBI), info(SBI), capture(SBI), rcapture(SBI), stream(SBI), insert(ABIS), identify(ABIS), delete(ABIS), init(SDK), check-quality(SDK), match(SDK), extract-template(SDK), convert-format(SDK), segment(SDK)
requestSchema
Required
Name of the JSON schema file which will be used to validate the HTTP request. This HTTP request will be used to invoke the HTTP method defined in the spec. It accepts an array. For SBI, this array will have only one value. For SDK, in case of a combination test case you can give 2 request schema names. E.g: ["ExtractTemplateRequestSchema", "MatchRequestSchema"]
The request schema JSON files are saved in the MINIO in the following folder structure. E.g.: compliance-toolkit/schemas/sbi/0.9.5/ DiscoverRequestSchema.json
responseSchema
Required
Name of the JSON schema file which will be used to validate the HTTP response. This is the HTTP response that we will receive after invoking the HTTP method. It accepts an array. For SBI, this array will have only one value For SDK, in case of a combination test case you can give 2 request schema names. E.g.: ["ExtractTemplateResponseSchema", "MatchResponseSchema"]
The response schema JSON files are saved in the MINIO in the following folder structure. E.g.: compliance-toolkit/schemas/sbi/0.9.5/ DiscoverResponseSchema.json
validatorDefs
Required
Names of Validators that are to be invoked to run various validations on the response. It accepts an array of arrays. Each array is a list of validators to be applied to the response of the corresponding method in the test case. In the case of SBI, it is an array with a single array. In the case of SDK, for a combination test case it can be an array with a list of arrays.
Validators are available in the folder: compliance-toolkit\src\main\java\io\mosip\compliance\toolkit\validators
validatorDefs.name
Required
Name of the Java class which implements the BaseValidator.java interface
.
Must implement method
ValidationResultDto validateResponse(ValidationInputDto responseDto)
validatorDefs.description
Required
Description of the validations performed. These are shown in UI along with the test case description.
otherAttributes
Optional
Extra attributes about a test case
otherAttributes.purpose
SBI
Valid only for SBI test case. It accepts an array. The project purpose is used to filter the test cases with matching purposes.
Registration, Auth
otherAttributes.biometricTypes
SBI
Valid only for SBI test case.
The project device type is used to filter the test cases with matching biometricTypes
.
It accepts an array.
Finger, Iris, Face
otherAttributes.deviceSubTypes
SBI
Valid only for SBI test case.
The project device type is used to filter the test cases with matching deviceSubTypes
.
It accepts an array.
Slap, Single, Touchless, Single, Double, Full face
otherAttributes.segments
SBI
Valid only for SBI test case. It accepts an array. This array is used to populate “bioSubType” attribute in the request sent to the SBI method. Before the values are sent they are mapped to corresponding values. E.g.: RightIndex will be mapped to Right IndexFinger.
LeftIndex, LeftMiddle, LeftRing, LeftLittle, LeftThumb, RightIndex, RightMiddle, RightRing, RightLittle, RightThumb, UNKNOWN, Left, Right
otherAttributes.exceptions
SBI
Valid only for SBI test case.
It accepts an array.
This array is used to populate the exception
attribute in the request sent to the SBI method.
Before the values are sent they are mapped to corresponding values. E.g.: RightIndex will be mapped to Right IndexFinger.
LeftIndex, LeftMiddle, LeftRing, LeftLittle, LeftThumb, RightIndex, RightMiddle, RightRing, RightLittle, RightThumb, UNKNOWN, Left, Right
otherAttributes.requestedScore
SBI
Valid only for SBI test case.
It accepts a string or null.
This value is used to populate requestedScore
attribute in the request sent to the SBI method.
otherAttributes.bioCount
SBI
Valid only for SBI test case.
It accepts a string or null.
This value is used to populate the bioCount
attribute in the request sent to the SBI method.
otherAttributes.deviceSubId
SBI
Valid only for SBI test case.
It accepts a string or null. This value is used to populate the deviceSubId
attribute in the request sent to the SBI method.
otherAttributes.timeout
SBI
Valid only for SBI test case. It accepts a string or null. This value is used to populate the “timeout” attribute in the request sent to the SBI method.
otherAttributes.resumeBtn
SBI
Valid only for SBI test case. It accepts a string or null. This value is used to display a Resume button in UI before the SBI method is invoked. This pauses the test run and makes it possible for the user to make some changes in the SBI before the test case is executed. Helps in Device Status test cases.
otherAttributes.resumeAgainBtn
SBI
Valid only for SBI test case. It accepts a string or null. This value is used to display a Resume Again button in UI after the SBI method is invoked. This pauses the test run and makes it possible for the user to make some changes in the SBI after the test case is executed. Helps in Device Status test cases.
otherAttributes.hashValidationTestCase
SBI
Valid only for SBI test case. This value is used to determine if the test case is hash-validation testcase or not. The application will perform hash validations for different captures if the testcase is a hash validation testcase.
otherAttributes.transactionId
SBI
Valid only for SBI test case. It accepts a string. This value is used to populate the transactionId
attribute in the request sent to the SBI method. For these testcases, SBI will give an error response.
otherAttributes.invalidRequestAttribute
SBI
It accepts a string. This value is used to populate the invalid attribute in the request sent to the SBI method.
otherAttributes.qualityAssessmentTestCase
SBI
Valid only for SBI test case. This value is used to determine if the test case is quality assessment testcase or not. It's used for creating quality assessment collection.
otherAttributes.ageGroup
SBI
Valid only for SBI test case. It accepts a string. This is used to define the different age groups, and it will also be available only for quality assessment test cases.
otherAttributes.gender
SBI
Valid only for SBI test case. It accepts a string. This is used to define the different gender, and it will also be available only for quality assessment test cases.
otherAttributes.occupation
SBI
Valid only for SBI test case. It accepts a string. This is used to define the different occupations, and it will also be available only for quality assessment test cases.
otherAttributes.race
SBI
Valid only for SBI test case. It accepts a string. This is used to define the different races, and it will also be available only for quality assessment test cases.
otherAttributes.testCaseRepeatCount
SBI
Valid only for SBI test case. It accepts a string. This value is used to repeat the testcase based on the count.
otherAttributes.modalities
SDK
This is applicable only for SDK testcases. It accepts an array.
finger, face, iris
otherAttributes.sdkPurpose
SDK
Valid only for SDK test case. It accepts an array. The project purpose is used to filter the test cases with matching sdkPurpose.
Check Quality, Matcher, Extract Template, Convert Format, Segment
otherAttributes.convertSourceFormat
SDK
Valid only for SDK test case.
It accepts a string.
For convert-format
test cases this value is used as the input source format.
ISO19794_4_2011, ISO19794_5_2011, ISO19794_6_2011
otherAttributes.convertTargetFormat
SDK
Valid only for SDK test case.
It accepts a string.
For convert-format
test cases this value is used as the output source format.
IMAGE/JPEG, IMAGE/PNG, ISO19794_4_2011/JPEG, ISO19794_5_2011/JPEG, ISO19794_4_2011/PNG, ISO19794_5_2011/PNG, ISO19794_6_2011/PNG
otherAttributes.bulkInsert
ABIS
Valid only for ABIS test case. This value is used to check the bulk insert condition. If we add more than one person's record, then it will be true.
otherAttributes.insertCount
ABIS
Valid only for ABIS test case. It accepts a string. This value is used to determine how many times the insert should happen.
otherAttributes.insertReferenceId
ABIS
Valid only for ABIS test case. It accepts a string. This value is used to determine if the given reference ID already exists or not.
otherAttributes.identifyReferenceId
ABIS
Valid only for ABIS test case. It accepts a string. It is used to identify the duplicant count of a given reference ID.
otherAttributes.identifyGalleryIds
ABIS
Valid only for ABIS test case. It accepts a string. It is used to find the duplicant for the reference ID against the given gallery ID.
otherAttributes.expectedDuplicateCount
ABIS
Valid only for ABIS test case. It accepts a string. It is used to define the expected duplicant count.
otherAttributes.expectedFailureReason
ABIS
Valid only for ABIS test case. It accepts a string. It is used to define the expected failure reason.
Any new test case is to be uploaded to the database. Editing the testcases is not possible, the only actions you can take are to activate or deactivate them using the same steps.
1. Open postman and create a POST request.
2. URL endpoint https://{base_URL}/v1/toolkit/saveTestCases
3. Copy the Authorization
token in the request header by logging into the Compliance Toolkit in your env with a user having a CTK_ADMIN
role. Open the developer tools and copy the Authorization token from the headers section under the Networks
tab. Add the Authorization token in postman, copy the token and place it in the headers section of the request (Cookie=Authorization:eyAjksa...
)
4. Copy the test cases array JSON and prepare a request as shown below.
5. Request body for saveTestCases request
6. Change the requesttime
to the current day and send the request.
In the location below, you can find all the existing test cases: https://github.com/mosip/compliance-toolkit-testcases/tree/release-1.4.0
compliance_test_definitions_sbi.json
: has all existing SBI test cases
compliance_test_definitions_sdk.json
: has all existing SDK test cases
compliance_test_definitions_abis.json
: has all existing ABIS test cases
mosip.toolkit.sbi.ports
Default range of SBI (Secure Biometric Interface) ports scanned to connect to the devices.
4501,4502,4503,4504,4505,4506,4507,4508,4509,4510
mosip.toolkit.sbi.timeout
This specifies the default timeout value for all SBI testcases which do not include 'timeout' in 'otherAttributes'.
10000
mosip.toolkit.sbi.keyrotation.iterations
This specifies the number of times the device key has to be rotated for execution of SBI test cases: SBI1022, SBI1023, SBI1024, SBI1025, SBI1060, SBI1061.
2
mosip.toolkit.sbi.timestamp-interval
Specifies the time interval in minutes, In which the SBI device should send back the response and verified through testing with the following SBI test cases: SBI1083, SBI1084, SBI1085, SBI1086, SBI1087, SBI1088, SBI1089, SBI1090.
3
mosip.toolkit.languages.rtl
This specifies the languages that use a script direction that reads from right to left (RTL).
ara
mosip.toolkit.rcapture.encryption.enabled
Enables encryption of 'bioValue' field of the SBI rcapture response before saving data into the database for RCapture SBI testcases.
true
mosip.toolkit.sdk.finger.qualitycheck.threshold.value
Specifies the minimum quality acceptance threshold value. Used for quality checking when processing finger biometric data using SDK.
60
mosip.toolkit.sdk.face.qualitycheck.threshold.value
Specifies the minimum quality acceptance threshold value. Used for quality checking when processing face biometric data using SDK.
30
mosip.toolkit.sdk.iris.qualitycheck.threshold.value
Specifies the minimum quality acceptance threshold value. Used for quality checking when processing iris biometric data using SDK.
30
mosip.toolkit.sbi.quality.assessment.failsafe
Enabling this feature ensures that all Quality Assessment test cases pass, even if the biometric score falls below the predefined threshold.
true
mosip.toolkit.document.scan
Enables or disables the virus scanner for file upload in the compliance toolkit.
false
mosip.toolkit.compliance.collection.name
Defines the name assigned to the 'Compliance Collection' for a new project. Applicable across all project types (SBI, SDK, ABIS).
Compliance Collection - All TestCases
mosip.toolkit.quality.assessment.collection.name
Defines the name assigned to the 'Quality Assessment Collection' for a new project. Applicable exclusively to the SBI project type.
Quality Assessment Collection - All TestCases
mosip.toolkit.compliance.collection.ignore.testcases
Specifies the test cases to be excluded during the creation of the 'Compliance Collection'. These ignored test cases will not be included in the compliance collection.
mosip.toolkit.quality.assessment.collection.ignore.testcase
Specifies the test cases to be excluded during the creation of the 'Quality Assessment Collection'. These ignored test cases will not be included in the quality assessment collection.
mosip.toolkit.documentupload.allowed.file.type
Specifies the supported file formats for uploading biometric test data files in the compliance toolkit.
application/zip
mosip.toolkit.documentupload.allowed.file.nameLength
Specifies the maximum length allowed for file names during document uploads.
50
mosip.toolkit.documentupload.allowed.file.size
Sets the maximum allowed size in bytes, for files uploaded within compliance toolkit.
20000000
mosip.toolkit.report.expiryperiod.in.months
Specifies the expiry period in months, for reports generated within compliance toolkit.
6
mosip.toolkit.sbi.qualitycheck.finger.sdk.urls
Specifies the SDK URLs used for quality check of finger biometric data in the compliance toolkit.
[{"name": "BQAT SDK","url": "https://api-internal.net/bqatsdk-service","healthUrl": "https://api-internal.net/bqatsdk-service/actuator/health", "includeInResults":false}]
mosip.toolkit.sbi.qualitycheck.face.sdk.urls
Specifies the SDK URLs used for quality check of face biometric data in the compliance toolkit.
[{"name": "BQAT SDK","url": "https://api-internal.net/bqatsdk-service","healthUrl": "https://api-internal.net/bqatsdk-service/actuator/health", "includeInResults":false}]
mosip.toolkit.sbi.qualitycheck.iris.sdk.urls
Specifies the SDK URLs used for quality check of iris biometric data in the compliance toolkit.
[{"name": "BQAT SDK","url": "https://api-internal.net/bqatsdk-service","healthUrl": "https://api-internal.net/bqatsdk-service/actuator/health", "includeInResults":false}]
mosip.toolkit.quality.assessment.age.groups
Specifies the age groups used in Quality Assessment (QA) reports and is categorized by age ranges.
child(5-12), adult(12-40), mature(40-59), senior(60+)
mosip.toolkit.quality.assessment.occupations
Defines occupations categories used in Quality Assessment (QA) reports to assess variations in biometric quality due to occupational factors for Finger modality.
labourer, non-labourer
mosip.toolkit.quality.assessment.races
Specifies racial demographic categories used in Quality Assessment (QA) reports for Face modality.
asian, african, european
mosip.toolkit.batchjob.enable.testrun.archival
Activates the test run archival process when set to 'true' and reverses the archiving, restoring previously archived test runs, when set to 'false'.
true
mosip.toolkit.batchjob.testrun.archive.offset
Specifies the number of recent test runs to keep, after which the older test runs will be moved to the archives and saved in the Compliance Toolkit.
10
mosip.toolkit.batchjob.archival.revert.collectionids
Specifies the collection IDs of a project for which the test run archival should be reverted for a specific partner.
mosip.toolkit.batchjob.schedule.cron.testRunArchivalJob
Sets the automated schedule (CRON job) for archiving old test runs. By default, this runs daily at midnight (UTC).
0 0 0 * * ?
SBI captures biometrics by receiving raw data from biometric devices, processing and converting it into standardized templates, and securely storing them for identification and verification purposes.
In CTK, validations are performed on these biometrics to check if they follow the defined ISO standards.
ISO – International Organization for Standardization refers to an international standard development organization that develops standards to ensure the safety, quality and effectiveness of products and services.
In CTK, ISO validations are performed in three modalities- Finger, Face and Iris.
There are two types of ISO validations.
General Header
Representation Header
There are many validations for each type. The tables below contain a list of these validations.
ISOStandardsValidator
is a validator that has been developed for CTK. All the validations mentioned above have been done in this validator.
A total of 8 test cases (SBI1062 to SBI1069) have been added to CTK for ISO validation.
The figure below represents the testcase result of ISO validation.
The list of validations performed for each of the modalities is given below.
Refer ISO 19794-4:2011 Specifications.
1.
Format Identifier
General Header
FIR
– Finger Image Record
4 bytes
464952Hex (F
I
R
00Hex)
yes
2.
Version number
General Header
020
in ASCII
4 bytes
30323000Hex (0
2
0
00Hex)
yes
3.
Length of record
General Header
Includes all finger/palm representations, quality blocks and certification blocks1
4 bytes
57 to (232-1)
yes
4.
Number of Finger/Palm representations
General Header
[ (14 finger positions) + (11 multiple finger positions) + (17 palm codes) ]* 16 = 672 possible representations
2 bytes
1 to 672
yes
5.
Certification flag
General Header
Indicates the presence of any device certification blocks within the representation headers
1 byte
0, 1
yes
6.
No of Distinct finger/Palm Position
General Header
Number of fingers or palms represented
1 byte
>=1
yes
7.
Representation Length
Representation Header
The representation-length field denotes the length in bytes of the representation including the representation header field.
4 bytes
yes
8.
Capture date and time
Representation Header
The capture date and time field shall indicate when the capture of this representation started in Coordinated Universal Time (UTC). The capture date and time field shall consist of 9 bytes. Its value shall be encoded in the form given in ISO/IEC 19794-1.
9 bytes
yes
9.
No of Quality block
Representation Header
1 byte
10.
Quality block
Representation Header
5x
Quality Score 1 byte Quality algorithm vendorIdentifier 2 bytes Quality algorithm Identifier 2 bytes
no
11.
No of Certification Blocks
Representation Header
1 byte
yes
12.
Finger/Palm Position
Representation Header
Unknown 0 Right thumb 1 Right index finger 2 Right middle finger 3 Right ring finger 4 Right little finger 5 Left thumb 6 Left index finger 7 Left middle finger 8 Left ring finger 9 Left little finger 10
1 byte
yes
13.
Representation No
Representation Header
1 byte
yes
14.
Image Data Length
Representation Header
Number of bytes for the compressed/uncompressed image data
4 bytes
0 to (232-58)
yes
15.
Image Data
Representation Header
yes
yes
Refer ISO 19794-6:2011 Specifications.
1.
Format Identifier
General Header
Indicates Face representation data
4 bytes
46414300HEX (F
A
C
0HEX)
yes
2.
Version number
General Header
030
in ASCII
4 bytes
30333000HEX (0
3
0
00HEX)
yes
3.
Length of record
General Header
Includes Face Record Header and Facial Record Data. The minimum of 68 bytes includes the smallest JPEG image
4 bytes
68 ≤ Length of Record ≤ 232 - 1
yes
4.
Number of iris representations
General Header
The total number of iris representations in this record. This shall be recorded in two bytes. A minimum of one representation is required.
2 bytes
1 ... 65,535
yes
5.
Certification flag
General Header
No certification schemes are available for this part of ISO/IEC 19794
1 byte
00HEX
yes
6.
Temperol Sematics
General Header
One representation is present
2 bytes
0000HEX
yes
7.
Representation Length
Representation Header
The representation-length field denotes the length in bytes of the representation including the representation header field.
4 bytes
yes
8.
Capture date and time
Representation Header
The capture date and time field shall indicate when the capture of this representation started in Coordinated Universal Time (UTC). The capture date and time field shall consist of 9 bytes. Its value shall be encoded in the form given in ISO/IEC 19794-1.
9 bytes
yes
9.
No of Quality block
Representation Header
1 byte
10.
Quality block
Representation Header
5x
Quality Score 1 byte Quality algorithm vendor Identifier 2 bytes Quality algorithm Identifier 2 bytes
no
11.
Face Image Type
Image Information
01HEX Full Frontal
1 byte
no
12.
Image Data Type
Image Information
01HEX JPEG 2000 (lossy)[AUTH] 02HEX JPEG 2000 (lossless) [REG]
1 byte
yes
yes
13.
Width
Image Information
2 bytes
yes
yes
14.
Height
Image Information
2 bytes
yes
yes
15.
Image Colour Space
Image Information
1 byte
yes
yes
16.
Image Data Length
Image Information
4 bytes
1 to 4 294 967 226
yes
17.
Image Data
Image Information
yes
yes
Refer ISO 19794-6:2011 Specifications.
1.
Format Identifier
General Header
The format identifier shall be recorded in four bytes. The format identifier shall consist of three characters IIR
, standing for iris image record, followed by a zero byte as a NULL string terminator.
4 bytes
49495200Hex (I
I
R
00Hex)
yes
2.
Version number
General Header
This number indicates the second version of this part of ISO/IEC 19794 used for constructing the iris image data record and shall be placed in four bytes. This version number shall consist of three ASCII numerals followed by a zero byte as a NULL string terminator
4 bytes
30323000Hex (0
2
0
00Hex)
yes
3.
Length of record
General Header
The length (in bytes) of the entire iris image data record shall be recorded in four bytes. This count shall be the total length of the data block including the iris general header and one or more representation records.
4 bytes
69 to (232-1)
yes
4.
Number of iris representations
General Header
The total number of iris representations in this record. This shall be recorded in two bytes. A minimum of one representation is required.
2 bytes
1 ... 65,535
yes
5.
Certification flag
General Header
No certification schemes are available for this part of ISO/IEC 19794
1 byte
00Hex
yes
6.
Representation Length
Representation Header
The representation-length field denotes the length in bytes of the representation including the representation header field.
4 bytes
yes
7.
Capture date and time
Representation Header
The capture date and time field shall indicate when the capture of this representation started in Coordinated Universal Time (UTC). The capture date and time field shall consist of 9 bytes. Its value shall be encoded in the form given in ISO/IEC 19794-1.
9 bytes
yes
8.
Quality block
Representation Header
A quality record shall consist of a length field followed by zero or more quality blocks. The length field shall consist of one byte. It shall represent the number of quality blocks as an unsigned integer. Each quality block shall consist of – a quality score, – a quality algorithm vendor identifier, and – a quality algorithm identifier. A quality score should express the predicted comparison performance of a representation. A quality score shall be encoded in one byte as an unsigned integer. Allowed values are – 0 to 100 with higher values indicating better quality, – IMAGE_QUAL_FAILED = 255 (FFHex), indicating that an attempt to calculate a quality score failed. The quality algorithm vendor identifier shall identify the provider of the quality algorithm. The quality algorithm vendor identifier shall be encoded in two bytes carrying a CBEFF biometric organization identifier (registered by IBIA or other approved registration authority). A value of all zeros shall indicate that the quality algorithm vendor is unreported. The quality algorithm identifier shall identify the vendor’s quality algorithm that created the quality score. It shall be assigned by the provider of the quality algorithm or an approved registration authority. The quality algorithm identifier shall be encoded in two bytes. A value of all zeros shall indicate that the quality algorithm is unreported.
1 to n bytes
yes
9.
Representation number
RepresentationHeader
Representation sequence number
2 Bytes
yes
10.
Eye label
Representation Header
These refer to the subject's own eyes.
1 byte
yes
11.
Image type
Representation Header
An uncropped rectilinear iris image. A rectilinear iris image in VGA (640x480) format. A cropped, centred, iris image with (0,6R 0,2R) margins. A cropped and region-of-interest masked, centred, iris image with (0,6R 0,2R) margins
1 byte
IMAGE_TYPE_UNCROPPED = 1 (01Hex) IMAGE_TYPE_VGA = 2 (02Hex) IMAGE_TYPE_CROPPED = 3 (03Hex) MAGE_TYPE_CROPPED_AND_MASKED = 7 (07Hex)
yes
12.
Image format
Representation Header
Format of image data
1 byte
IMAGEFORMAT_MONO_RAW = 2 (02Hex) IMAGEFORMAT_MONO_JPEG2000 = 10 (0AHex) IMAGEFORMAT_MONO_PNG = 14 (0EHex)
yes
yes
13.
Image width
Representation Header
Width in pixels
2 bytes
> 0
yes
yes
14.
Image height
Representation Header
Height in pixels
2 bytes
> 0
yes
yes
15.
Bit depth
Representation Header
Bit depth in bits per pixel. (Images having > 8 bpp shall be encoded using PNG or JPEG2000.)
1 byte
At least 8
yes
yes
16.
Image Data Length
Representation Header
Size of the image data (Representation body), in bytes
4 bytes
1 to 4 294 967 226
yes
17.
Image Data
Representation Header
yes
yes
This documents provides details about the APIs used by Compliance Tool Kit (CTK). Below mentioned is the link to comprehensive list of APIs as required for CTK service.
The scope of testing revolved around verifying the compliance of the product as per the specifications published by MOSIP using the below devices:
Registration devices for iris, face and fingerprint
Authentication devices for iris, face and fingerprint
The compliance tool kit was tested with the below biometric specifications:
SBI
SDK
Quality Check
1:N Match
Extraction
Conversion
The Secure Biometric Interface (SBI) is used to interface with biometric devices. The compliance tool kit was tested to ensure that the interface built by the device provider is following the specs and security rules defined in the SBI spec.
The MOSIP’s Mock SBI has been tested for compliance with the specifications across 37 test cases. Test cases specific to quality and user interactions have been tested with real devices rather than mock.
Scenarios
Finger
Iris
Face
Total
14
13
10
Passed
14
13
10
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The MOSIP’s Mock SBI has been tested for compliance with the specifications across 49 test cases. Test cases specific to quality and user interactions have been tested with real devices rather than mock.
Scenarios
Finger
Iris
Face
Total
22
14
13
Passed
22
14
13
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The MOSIP’s real devices has been tested for compliance with the specification only for fingerprint devices.
Scenarios
Finger
Iris
Face
Total
14
13
10
Passed
9
0
0
Pending
0
13
10
Failed
5
0
0
Test Rate (%)
100%
0%
0%
Pass Rate (%)
64%
0%
0%
The MOSIP’s real SBI has been tested for compliance with the specifications for iris, face and fingerprint devices.
Scenarios
Finger
Iris
Face
Total
22
14
13
Passed
22
14
13
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The SDK implementation has been tested to support quality check, 1:N match, extraction, and conversion of biometrics.
Out of scope: Segmentation testing
Scenarios.
With Mock SDK
With Real SDK
Total
76
76
Passed
36
27
Pending
9
0
Failed
31
11
Not Applicable
0
28
Test Rate (%)
88%
50%
Pass Rate (%)
47%
36%
The scope of testing revolved around verifying the compliance of the product as per the specifications published by MOSIP using the below devices: Registration devices for iris, face and fingerprint Authentication devices for the iris, face and fingerprint The compliance tool kit was tested with the below biometric specifications:
SBI a. Registration b. Authentication
SDK a. Quality Check b. 1: N Match c. Extraction d. Conversion
The Secure Biometric Interface (SBI) is used to interface with biometric devices. The compliance tool kit was tested to ensure that the interface built by the device provider follows the specs and security rules defined in the SBI spec.
The MOSIP’s Mock SBI has been tested for compliance with the specifications across 48 test cases. Test cases specific to quality and user interactions have been tested with real devices rather than mock.
Scenarios
Finger
Iris
Face
Total
17
18
13
Passed
17
18
13
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The MOSIP’s Mock SBI has been tested for compliance with the specifications across 65 test cases. Test cases specific to quality and user interactions have been tested with real devices rather than mock.
Scenarios
Finger
Iris
Face
Total
30
18
17
Passed
30
18
17
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The MOSIP’s real devices have been tested for compliance with the specification only for fingerprint and iris devices.
Scenarios
Finger
Iris
Face
Total
17
18
13
Passed
14
1
0
Pending
0
0
13
Failed
3
17
0
Test Rate (%)
100%
100%
0%
Pass Rate (%)
82%
6%
0%
The MOSIP’s real SBI has been tested for compliance with the specifications for iris, face and fingerprint devices.
Scenarios
Finger
Iris
Face
Total
30
18
17
Passed
30
18
17
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The SDK implementation has been tested to support quality checks, 1:N matches, extraction, and conversion of biometrics.
Out of scope: Segmentation testing
Scenarios.
With Mock SDK
With Real SDK 1
With Real SDK 2
Total
76
76
76
Passed
66
27
51
Pending
0
0
0
Failed
1
11
16
Not Applicable
9
28
9
Test Rate (%)
88%
50%
88%
Pass Rate (%)
87%
36%
67%
The scope of testing revolved around verifying the compliance of the product as per the specifications published by MOSIP using the below devices:
The Windows Compliance tool kit was tested with the below specifications:
ABIS (Automated Biometric Identification System) Specifications were tested with Fingerprint, Iris and Face modalities as per MOSIP ABIS API specifications.
Secure Biometric Interface (SBI) with Compliance testcases collection and Quality Assessment testcases collection on below modalities
Registration devices for Iris, Face and Fingerprint
Authentication devices for Iris, Face and Fingerprint
Biometric SDK
Quality Check
Match
Extraction
Conversion
The Android Compliance tool kit app v1.3.0 was tested with the below specifications:
Secure Biometric Interface (SBI) with Compliance testcases collection and Quality Assessment testcases collection on below modalities
Registration devices for Iris, Face and Fingerprint
Authentication devices for Iris, Face and Fingerprint
MOSIP interfaces with an Automated Biometric Identification System (ABIS) to perform de-duplication of a resident's biometric data. A country may use multiple ABISs for the same biometric data and evaluate the best ABIS based on de-duplication quality. ABIS is used for 1:N de-duplication. For 1:1 authentication, Biometric SDK is used. MOSIP does not recommend using an ABIS for 1:1 authentication.
Test cases have been tested with MOSIP mock ABIS for compliance with the MOSIP specifications across 29 test cases.
Scenarios
Mock ABIS
Total
28
Passed
27
Pending
0
Failed
0
NA
1
Test Rate (%)
100%
Pass Rate (%)
100%
Out of scope: Real ABIS testing in CTK 1.3.0
The Secure Biometric Interface (SBI) is used to interface with the biometric devices. The Compliance tool kit was tested to ensure that the interface built by the device provider is following the specifications and security rules defined in the SBI spec. The device hardware security features are not tested as a part of Compliance tool kit.
The Android CTK app v1.3.0
with MOSIP Android Mock SBI
has been tested for compliance with the specifications across 55 test cases. Test cases specific to quality and user interactions have been tested with MOSIP Android mock SBI
.
Scenarios
Finger
Iris
Face
Total
36
26
40
Passed
36
26
40
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
90%
100%
The Android CTK app v1.3.0
with MOSIP Android Mock SBI
has been tested for compliance with the specifications across 64 test cases. Test cases specific to quality and user interactions have been tested with MOSIP Android mock SBI and real registration face SBI.
Scenarios
Finger
Iris
Face
Total
47
24
43
Passed
47
24
43
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The Windows CTK 1.3.0 with MOSIP windows Mock SBI
has been tested for compliance with the specifications across 55 authentication spec test cases.
Scenarios
Finger
Iris
Face
Total
34
26
40
Passed
34
26
40
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The Windows CTK 1.3.0 with MOSIP windows Mock SBI
has been tested for compliance with the specifications across 76 registration spec test cases.
Scenarios
Finger
Iris
Face
Total
53
27
46
Passed
53
27
46
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Out of scope: Real devices testing on Windows and android CTK v1.3.0.
The SDK implementation has been tested to support quality check, match, extraction, and conversion of biometrics. Test cases have been tested with MOSIP mock SDK.
Scenarios
With Mock SDK
Total
65
Passed
65
Pending
0
Failed
0
Test Rate (%)
100%
Pass Rate (%)
100%
Out of scope: Segmentation testing and Real SDK testing.
CTK-Keycloak login field names in Arabic are not appearing in RTL.
Forgot Password option is not working in CTK login page.
Error message should be user friendly in CTK sign-in page.
Column name is showing as 'View report'
Getting 500 error for endpoint /v1/authmanager/authorize/invalidateToken
in development environment.
mosipqa/compliance-toolkit-service:1.3.0
mosipqa/compliance-toolkit-ui:1.3.0
mosipqa/postgres-init:1.2.0.1
mosipqa/postgres-init:1.2.0.1
mosipqa/postgres-init:develop
mosipid/config-server:1.1.2
mosipid/kernel-auditmanager-service:1.2.0.1-B1
mosipid/kernel-auth-service:1.2.0.1-B2
mosipqa/authentication-service:1.2.0.1
mosipid/kernel-keymanager-service:1.2.0.1-B2
mosipid/keycloak-init:1.2.0.1-B2
mosipid/partner-management-service:1.2.0.1-B3
mosipqa/partner-onboarder:develop
mosipid/kernel-notification-service:1.2.0.1-B1
mosipqa/keycloak-init:1.2.0.1
mosipqa/minio-client-util:latest
CTK should be deployed along with the required dockers as mentioned below.
compliance-toolkit-service: 1.4.0
compliance-toolkit-ui: 1.4.0
compliance-toolkit-batch-job: 1.4.0
To successfully deploy Compliance Toolkit, below mentioned services are mandatorily required.
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
The Setup guide serves as a checklist for the following three categories.
Configuration checks
Steps to load testdata, schemas, testcases and terms and conditions templates
Steps to generate Android APK
Make sure that the kernel-default.properties
file includes the mosip-toolkit-client
and mosip-toolkit-android-client
values in the auth.server.admin.allowed.audience
setting. If these values are not set by default, configure them and then restart the kernel-auth-service
and compliance-toolkit-service
.
Ensure that in compliance-toolkit-default.properties
, CORS is enabled to allow access to mosip-toolkit-android-client
:
If this was not set by default, then set it and restart compliance-toolkit-service
.
Check if the roles given to mosip-pms-client
match with any of the roles for the following config property: mosip.role.keymanager.postverifycertificatetrust=XXX
This config property is available here.
For Example:
mosip.role.keymanager.postverifycertificatetrust=ZONAL_ADMIN
, GLOBAL_ADMIN
, PMS_ADMIN
, PMS_USER
Ensure that the mosip-pms-client
possesses any of the roles mentioned above.
Check that mosip-pms-client
has the role REGISTRATION_PROCESSOR
, PARTNER_ADMIN
, PMS_ADMIN
in Key Cloak. If this was not set by default, then set it and restart keymanager
and compliance-toolkit-service
.
It is also needed to generate an encryption key for CTK.
Insert the following row to create a new app ID.
INSERT INTO keymgr.key_policy_def(app_id, key_validity_duration, is_active,pre_expire_days, access_allowed, cr_by, cr_dtimes, upd_by, upd_dtimes, is_deleted, del_dtimes) VALUES ('COMPLIANCE_TOOLKIT', 1095, true, 60, 'NA', 'mosipadmin', '2022-11-28 09:00:40.822625', null, null, false, null);
Using the auth manager swagger URL, obtain the client token.
Swagger URL:
Endpoint:
Request:
Now using the key manager swagger URL, generate module level certificate.
Swagger URL:
Endpoint:
Request:
Directly download the certificate through key manager swagger URL and getCertificate
endpoint, with App Id as COMPLIANCE_TOOLKIT
and Ref Id as COMP-FIR
.
This certificate serves as the encryption key specifically for SBI devices.
For Mock MDS, when running in Auth mode: update the below values in the application.properties
file.
For real MDS/SBI, the vendors can download the new encryption key from the UI and test with the updated SBI which uses this encryption key. It can be downloaded for Auth SBI projects from UI.
Ensure that reporting
module is deployed from the develop
branch. This is required for the Kibana Dashboard.
Ensure that the kernel-auth-adapter-1.2.0.1
has been successfully deployed in the compliance-toolkit-service
, and verify that the identical authentication adapter was utilized to configure the mock ABIS.
Check datashare configurations for ABIS3030 and ABIS3031 testcases.
Ensure that in data-share-default.properties
and compliance-toolkit-default.properties
, the value of mosip-abis-client
is set in auth.server.admin.allowed.audience
. If this was not set by default, then set it and restart data-share-service
and compliance-toolkit-service
.
For handle CTK datashare token flow, add the below values in data-share-default.properties
.
1. Browse mosip-compliance-toolkit
2. Project structure will be displayed as mentioned below.
3. The resources folder has schemas and test data that need to be added to MinIO.
1. Log in to MinIO from the browser.
2. Create a compliance-toolkit
bucket.
3. Create a new folder named testdata
in the above bucket.Upload MOSIP_DEFAULT_XXX.zip files from resources to it.
4. Create a new folder named schemas
in the above bucket. Upload all SBI, SDK and ABIS schemas along with subfolders in it.
5. Upload testcase_schema.json
from resources folder to schemas
folder.
6. Please restart the compliance pods after adding new files in minio to refresh the cache.
Alternately, swagger endpoint can also be used to upload data in Minio. In this case there is no need to restart CTK services.
1. The swagger url is:
https://{api-internal-env-url}/v1/toolkit/swagger-ui/index.html?configUrl=/v1/toolkit/v3/api-docs/swagger-config
2. Using keycloak/ register option in CTK UI, create a new user for compliance toolkit.
3. Make sure to add the email ID. Also, give the role CTK_ADMIN
.
4. Login to compliance toolkit in your environment from browser with the above Keycloak user.
5. Go to ResourceManagementController
in swagger and upload the schema alongwith testdata files.
6. Then, select any one of type mentioned above and also mention the version (SBI/SDK/ABIS Version).
7. Select the type of required file which you want to upload from resources
folder in project.
8. After execution you can see the response.
9. Check inside the Minio, in dev environment, whether the files have been uploaded into it.
1. Open swagger and go to saveTestCases
endpoint in test-cases-controller
.
2. Currently, CTK has a separate repository called compliance-toolkit-testcases
, which includes the testcases for the SBI, SDK and ABIS.
3. Open compliance-toolkit-testcases repo.
4. compliance_test_definitions_sbi.json
file have all the test cases in it.
5. Copy test cases array from this file and prepare a request as shown below.
6. Request body for saveTestCases
request.
7. Then, execute it.
8. The same should be done for compliance_test_definitions_sdk.json
and compliance_test_definitions_abis.json
.
Open swagger and go to uploadTemplate
endpoint in resource-management-controller
.
Provide the required parameters:
Specify the language for the template using ISO 639 standard language codes.
Enter the version of the template. (the template version should be in format as v1,v2,v3 and so on)
Enter the template name as terms_and_conditions_template.
The template file extension should be.vm
(Velocity Template Language).
Then , execute it
Once all the steps mentioned above are completed, you can trigger the Android APK build for your environment. https://github.com/mosip/mosip-compliance-toolkit-ui/actions/workflows/android.yml
You may need GitHub repository write access.
Add values for the URL’s according to your deployment env.
Release Name: CTK 1.4.1
Support: Patch Release
Release Date: 25th Nov, 2024
Modified the collection ID generation logic to ensure unique collection IDs are created for every new project.
Refined the error-handling mechanism in the Dashboard, to address issues with projects encountering errors while fetching the status of their most recent test run.
These fixes have undergone extensive testing to ensure system responsiveness, validate their effectiveness, and maintain data consistency.
Enhanced collection ID generation logic with a unique identifier mechanism.
This hotfix is compatible with the dependencies listed below; no additional updates are required.
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Post installation, follow the setup steps available here.
Repositories
Tags Released
mosip-compliance-toolkit
mosip-compliance-toolkit-ui
CTK should be deployed with the required dockers.
compliance-toolkit-service: 0.0.9-B1
compliance-toolkit-ui: 0.0.9-B1
Dependent Service (dockers)
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Note:
Ensure that in the kernel-default.properties
, the value of mosip-toolkit-client
is set in auth.server.admin.allowed.audience
. If this was not set by default, then set it and restart kernel-auth-service
and compliance-toolkit-service
.
Check if the roles given to mosip-pms-client
should match with any of the roles for following config property.
This config property is available in: https://github.com/mosip/mosip-config/blob/${ENV_NAME}/kernel-default.properties
For Example:
mosip.role.keymanager.postverifycertificatetrust=ZONAL_ADMIN
, GLOBAL_ADMIN
, PMS_ADMIN
, PMS_USER
Then mosip-pms-client
should have any of the above roles.
1. Browse to mosip-compliance-toolkit.
2. The resources folder would contain schemas, test data and test cases that need to be added to MinIO and DB.
1. Log in to MinIO from the browser.
2. Create a compliance-toolkit
bucket.
3. Create a new folder named testdata
in the above bucket and upload all test data zip files from the resources folder to this folder.
4. Create a new folder named schemas
in the above bucket and upload all sbi and sdk schemas, testcase schema from the resources folder to this folder.
Note: There is no need to upload compliance_test_definitions_sbi.json
and compliance_test_definitions_sdk.json
.
5. Restart the pods after adding new files in MinIO.
1. Using Keycloak, create a new user for the compliance toolkit.
2. Make sure to add the email ID. Also, give the user GLOBAL_ADMIN
.
3. Log in to the compliance toolkit in your environment with above the Keycloak user.
4. Open the developer tools and copy the Authorization
token from the headers section under the Networks
tab.
5. Add the Authorization
token in postman, copy the token and place it in the headers section of the request (Cookie=Authentication:eyAjksa...) and send the request.
1. Open postman and create a POST request.
2. URL endpoint https://{base_URL}/v1/toolkit/saveTestCases
3. Copy the Authorization token in the request header as mentioned in the Using Postman
section.
4. Open the resources folder in the project.
5. compliance_test_definitions_sbi.json
file has all the test cases in it.
6. Copy the test cases array from this file and prepare a request as shown below.
7. Request body for saveTestCases
request
8. Change the requesttime
to the current day and send the request.
9. The same should be done for compliance_test_definitions_sdk.json
.
CTK should be deployed with the required dockers.
compliance-toolkit-service: 1.3.0
compliance-toolkit-ui: 1.3.0
To deploy Compliance Toolkit, we require the below mandatory services:
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
The Setup guide is a checklist for the three categories below:
Configuration checks
Steps to load testdata, schemas and testcases
Steps to generate Android APK
Ensure that in the kernel-default.properties
, the value of mosip-toolkit-client
and mosip-toolkit-android-client
is set in auth.server.admin.allowed.audience
. If this was not set by default, then set it and restart kernel-auth-service
and compliance-toolkit-service
.
Ensure that in compliance-toolkit-default.properties
, CORS is enabled to allow access to mosip-toolkit-android-client
:
If this was not set by default, then set it and restart compliance-toolkit-service
.
Check if the roles given to mosip-pms-client
match with any of the roles for the following config property: mosip.role.keymanager.postverifycertificatetrust=XXX
This config property is available here.
For Example:
mosip.role.keymanager.postverifycertificatetrust=ZONAL_ADMIN
, GLOBAL_ADMIN
, PMS_ADMIN
, PMS_USER
Then mosip-pms-client
should have any of the above roles.
Check that mosip-pms-client
has the role REGISTRATION_PROCESSOR
, PARTNER_ADMIN
, PMS_ADMIN
in Key Cloak. If this was not set by default, then set it and restart keymanager
and compliance-toolkit-service
.
It is also needed to generate an encryption key for CTK.
Create a new app id by directly inserting the below row.
INSERT INTO keymgr.key_policy_def(app_id, key_validity_duration, is_active,pre_expire_days, access_allowed, cr_by, cr_dtimes, upd_by, upd_dtimes, is_deleted, del_dtimes) VALUES ('COMPLIANCE_TOOLKIT', 1095, true, 60, 'NA', 'mosipadmin', '2022-11-28 09:00:40.822625', null, null, false, null);
Using the auth manager swagger URL, obtain the client token.
Swagger URL:
Endpoint:
Request:
Now using the key manager swagger URL, generate module level certificate.
Swagger URL:
Endpoint:
Request:
Directly download the certificate via key manager swagger URL and getCertificate
endpoint, with App Id as COMPLIANCE_TOOLKIT
and Ref Id as COMP-FIR
.
This certificate is to be used by SBI devices as the encryption key.
For Mock MDS, when running in Auth mode: update the below values in the application.properties
file.
For real MDS/SBI, the vendors can download the new encryption key from the UI and test with the updated SBI which uses this encryption key.It can be downloaded for Auth SBI projects from UI.
Ensure that reporting
module is deployed from the develop
branch. This is required for the Kibana Dashboard.
1. Browse mosip-compliance-toolkit
2. Project structure will be as shown below.
3. The resources folder has schemas, test data and testcases that need to be added to MinIO and DB.
1. Log in to MinIO from the browser.
2. Create a compliance-toolkit
bucket.
3. Create a new folder named testdata
in the above bucket.Upload MOSIP_DEFAULT_XXX.zip files from resources to it.
4. Create a new folder named schemas
in the above bucket. Upload all SBI, SDK and ABIS schemas along with subfolders in it.
5. Upload testcase_schema.json
from resources folder to schemas
folder.
6. There is no need to upload compliance_test_definitions_sbi.json
,compliance_test_definitions_sdk.json
and compliance_test_definitions_abis.json
7. Please restart the compliance pods after adding new files in minio to refresh the cache.
Alternately, swagger endpoint can also be used to upload data in Minio. In this case there is no need to restart CTK services.
1. The swagger url is:
https://{api-internal-env-url}/v1/toolkit/swagger-ui/index.html?configUrl=/v1/toolkit/v3/api-docs/swagger-config
2. Using keycloak/ register option in CTK UI, create a new user for compliance toolkit.
3. Make sure to add the email ID. Also, give the role CTK_ADMIN
.
4. Login to compliance toolkit in your environment from browser with the above Keycloak user.
5. Go to ResourceManagementController
in swagger and upload the schema alongwith testdata files.
6. Then, select any one of type mentioned above and also mention the version (SBI/SDK/ABIS Version).
7. Select the type of required file which you want to upload from resources
folder in project.
8. After execution you can see the response.
9. Check inside the Minio, in dev environment, whether the files have been uploaded into it.
1. Open swagger and go to saveTestCases
in test-cases-controller
.
2. Open resources
folder in project.
3. compliance_test_definitions_sbi.json
file have all the test cases in it.
4. Copy test cases array from this file and prepare a request as shown below.
5. Request body for saveTestCases
request.
6. Then, execute it.
7. The same should be done for compliance_test_definitions_sdk.json
and compliance_test_definitions_abis.json
.
Once all the steps mentioned above are completed, you can trigger the Android APK build for your environment. https://github.com/mosip/mosip-compliance-toolkit-ui/actions/workflows/android.yml
You may need GitHub repository write access.
Add values for the URL’s according to your deployment env.
CTK should be deployed with the required dockers.
compliance-toolkit-service: 1.1.0
compliance-toolkit-ui: 1.1.0
To deploy Compliance Toolkit, we require only below mandatory services:
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
The Setup guide is a checklist for the three categories below:
Configuration Checks
Steps to load testdata, schemas and testcases
Steps to generate Android APK
Ensure that in the kernel-default.properties
, the value of mosip-toolkit-client
and mosip-toolkit-android-client
is set in auth.server.admin.allowed.audience
. If this was not set by default, then set it and restart kernel-auth-service
and compliance-toolkit-service
.
Ensure that in compliance-toolkit-default.properties
, CORS is enabled to allow access to mosip-toolkit-android-client
:
If this was not set by default, then set it and restart compliance-toolkit-service
.
Check if the roles given to mosip-pms-client
match with any of the roles for the following config property: mosip.role.keymanager.postverifycertificatetrust=XXX
This config property is available here.
For Example:
mosip.role.keymanager.postverifycertificatetrust=ZONAL_ADMIN
, GLOBAL_ADMIN
, PMS_ADMIN
, PMS_USER
Then mosip-pms-client
should have any of the above roles.
Check that mosip-pms-client
has the role REGISTRATION_PROCESSOR
, PARTNER_ADMIN
, PMS_ADMIN
in Key Cloak. If this was not set by default, then set it and restart keymanager
and compliance-toolkit-service
.
From the CTK v 1.0.0 version onwards, we need to generate an encryption key for CTK.
Create a new app id by directly inserting the below row.
INSERT INTO keymgr.key_policy_def(app_id, key_validity_duration, is_active,pre_expire_days, access_allowed, cr_by, cr_dtimes, upd_by, upd_dtimes, is_deleted, del_dtimes) VALUES ('COMPLIANCE_TOOLKIT', 1095, true, 60, 'NA', 'mosipadmin', '2022-11-28 09:00:40.822625', null, null, false, null);
Using the auth manager swagger URL, get the client token.
Swagger URL:
Endpoint:
Request:
Now using the key manager swagger URL, generate module level certificate.
Swagger URL:
Endpoint:
Request:
Directly download the certificate via key manager swagger URL and getCertificate
endpoint, with App Id as COMPLIANCE_TOOLKIT
and Ref Id as COMP-FIR
.
This certificate is to be used by SBI devices as the encryption key.
For Mock MDS, when running in Auth mode: update the below values in the application.properties
file.
For real MDS/SBI, the vendors can download the new encryption key from the UI and test with the updated SBI which uses this encryption key.It can be downloaded for Auth SBI projects from UI.
1. Browse mosip-compliance-toolkit
2. Project structure will be as shown below.
3. The resources folder has schemas, test data and testcases that need to be added to MinIO and DB.
1. Log in to MinIO from the browser.
2. Create a compliance-toolkit
bucket.
3. Create a new folder named testdata
in the above bucket.Upload MOSIP_DEFAULT_XXX.zip files from resources to it.
4. Create a new folder named schemas
in the above bucket. Upload all SBI and SDK schemas along with subfolders in it.
5. Upload testcase_schema.json
from resources folder to `schemas folder.
6. There is no need to upload compliance_test_definitions_sbi.json
& compliance_test_definitions_sdk.json
7. Please restart the compliance pods after adding new files in minio to refresh the cache.
Alernately swagger endpoint can also be used to upload data in Minio. In this case there is no need to restart CTK services.
1. The swagger url is:
https://{api-internal-env-url}/v1/toolkit/swagger-ui/index.html?configUrl=/v1/toolkit/v3/api-docs/swagger-config
2. Using keycloak/ register option in CTK UI create a new user for compliance toolkit.
3. Make sure to add the email ID. Also, give the role GLOBAL_ADMIN
.
4. Login to compliance toolkit in your environment from browser with above the Keycloak user.
5. Go to ResourceManagementController
in swagger, there you need to upload schema and testdata files.
6. Then you have to choose any one of the types which is mentioned above and also mention the version (SBI/SDK Version).
7. Select the type of required file which you want to upload from resources folder in project.
8. After execution you can see the response.
9. Check inside the MinIo in dev environment whether the files have been uploaded into it.
1. Open swagger and go to saveTestCases
in test-cases-controller
.
2. Open resources folder in project.
3. compliance_test_definitions_sbi.json
file have all the test cases in it.
4. Copy test cases array from this file and prepare a request as shown below.
5. Request body for saveTestCases
request.
6. Then execute it.
7. Same should be done for compliance_test_definitions_sdk.json
.
Once all the steps mentioned above are completed, you can trigger the Android APK build for your env https://github.com/mosip/mosip-compliance-toolkit-ui/actions/workflows/android.yml
You may need GitHub repository write access.
Add values for the URL’s according to your deployment env.
SchemaValidator
Validates the response for mandatory attributes and correct values.
SignatureValidator
Validates the response signature.
ResponseMisMatchValidator
Validates the response to check if bioCount, exceptions, segments and transactionId match the ones set in request.
KeyRotationValidator
Validator to validate the device key rotation.
TimeoutValidator
Validates if response is received within the given timeout period or not.
To test Timeout testcases with Mock SBI:
Call POST API: http://127.0.0.1:4501/admin/delay
With request body,
{
"type": "Biometric Device",
"delay": "10000",
"method": [
"RCAPTURE"]
}
To test Force Capture testcases with Mock SBI:
Call POST API: http://127.0.0.1:4501/admin/delay
With request body,
{
"type": "Biometric Device",
"delay": "9500",
"method": [
"RCAPTURE"]
}
Please try to increase the delay gradually to execute the testcase successfully.
ISOStandardsValidator
Validates the bioValue
in response of rcapture
is as per ISO standards ISO19794-4:2011.
ISO standard validation with proper ISO file by using mock MDS: • Under an SBI project, create a collection by selecting ISO standard testcases. • Run the mock MDS/SBI with standard ISO files. Perform a Scan and select the appropriate device. • Run the ISO collection and verify the result status. ISO standard validation should be success. ISO standard validation with Non-ISO files by using mock MDS: • Under an SBI project, create a collection by selecting ISO standard testcases. • Run the mock MDS/SBI with Non-ISO standard files (In Default folder replace standard ISO file with Non-ISO file). Perform a Scan and select the appropriate device. • Run the ISO collection and verify the result status. ISO standard validation should be fail.
BiometricsQualityCheckValidator
Checks the quality of biometrics using all configured SDK services.
Biometrics quality check validation with good quality biometric:
• In compliance-toolkit-default.properties, configure Bio SDK service and health check URLs under mosip.toolkit.sbi.qualitycheck.finger.sdk.urls
property. Restart CTK pods/services.
Example:
mosip.toolkit.sbi.qualitycheck.finger.sdk.urls=[{"name": "Mock SDK qa-1201-b2 Env","url": "https://api-internal.qa-1201-b2.mosip.net/biosdk-service","healthUrl": "https://api-internal.qa-1201-b2.mosip.net/biosdk-service/actuator/health", "includeInResults":true}]
• Add Biometric quality testcase in CTK for all modalities (FP, Iris and Face for both Reg and Auth).
• Run Mock MDS and increase biometric quality score to get more than threshold value.
• In CTK scan the biometric devices and run the Biometric quality check testcases.
• After testcase execution is done, please check testcase result status. Biometric quality check validator should pass.
Biometrics quality check validation with poor qualitybiometric:
• Change the biometric quality score to less than the threshold value and run the Biometric quality check testcases.
• After testcase execution is done, please check testcase result status. Biometric quality check validator should fail because quality score is less than threshold.
TimeCheckValidator
Validates if response is received within the given timestamp interval or not.
HashValidator
Validates the 'hash value' received in the response matches 'previous hash' in request.
SchemaValidator
Validates if response has all mandatory attributes and they have allowed values.
QualityCheckValidator
Checks the quality score of the modality.
QualityCheckInvalidDataValidator
Validates the status code for invalid data.
QualityCheckNoDataValidator
Validates the status code for no data.
MatchValidator
Validates if biomterics match for the modality.
MatchInvalidDataValidator
Validates the status code for invalid data.
MatchNoDataValidator
Validates the status code for no data.
MatchMultipleGalleryValidator
Validates if biomterics match for the modality.
ExtractTemplateValidator
Validates if input BDB data present in the Probe for the modality is valid.
ExtractTemplateInvalidDataValidator
Validates if input BDB data present in the Probe for the modality is valid.
ExtractTemplateNoInputDataValidator
Validates if no input BDB data present in the Probe.
ConvertDataValidator
Validates the input BDB data present in the Probe.
ConvertInvalidDataValidator
Validates if input BDB data present in the Probe for the modality is valid.
ConvertNoInputDataValidator
Validates if no input BDB data present in the Probe.
SchemaValidator
Validates if response has all mandatory attributes and they have allowed values.
ExpectedFailureReasonValidator
Validates the failure reason to match the expected value
IdentifyDuplicateFoundValidator
Validates the count of duplicates found by ABIS for the given referenceId
ExpectedDuplicateCountValidator
Validates the duplicates found to match the expected value.
ABISTokenValidator
Validates that ABIS is not generating a new token for every insert request, unless token has expired.
A partner can test both their JAR
based or docker service
based biometric SDKs with MOSIP's Compliance Tool kit. In this document, we have provided the steps that can be followed by the partner to enable the testing of both these solutions.
Partners having SDK JARs can test their biometric SDK JARs using Compliance Tool kit, by wrapping their SDKs in MOSIP’s BioSDK Services which provides REST endpoints to interact with the SDK jar.
Checkout MOSIP’s Bio SDK Services from https://github.com/mosip/biosdk-services.git
. Make sure to checkout the code from develop branch.
Build the code with command mvn clean install -Dgpg.skip
.
After the build is successful, place your SDK jar in the biosdk-services\biosdk-services\lib
folder.
Create a bat file to run biosdk-services
.
Here, the LOCAL_PATH
is the installation directory path for the Bio SDK Service and SDK_JAR_NAME
is the SDK JAR name.
Once the Bio SDK Service is running, check if the JAR is working using the Swagger available at URL: http://localhost:9099/biosdk-service/swagger-ui.html
In Compliance Tool kit, for the SDK project, configure the BASE_URL
as: http://localhost:9099/biosdk-service
.
Partners having SDK docker service can test their SDKs using Compliance Tool kit by running their docker service to provide REST API’s to access SDK methods.
Once the docker is deployed and accessible, the partner needs to add the correct URL in the SDK project to access the docker service directly.
Note:The partner may face the CORS issue. To get around this, they can allow the Compliance Tool kit URL in their controllers using @CrossOrigin("<URL>")
annotation.
Otherwise, a proxy service can be used, which would redirect all the calls to the docker.
Generation and Verification of Hash for SBI and SDK:
In order to maintain the integrity of the SBI/SDK software solution, a cryptographic hash function has been implemented. This function has been thoroughly tested by CTK and found to be compliant with the MOSIP specification.
It is a requirement for partners to calculate the HASH of the software solution using the SHA256 hash function, regardless of the technology environment in which the devices will be utilized.
Furthermore, the calculated HASH of the solution should remain unchanged, allowing countries or relying parties to recalculate the HASH and validate the software's integrity prior to deployment.
In the event that the software undergoes any changes, the partner must calculate a new HASH and retest the solution using CTK in order to maintain their compliance status.
The Blake2b or SHA256 algorithms can be utilized to calculate the hash value of an APK file.
Blake2b produces digests with a byte size ranging from 1 to 64 and is specifically designed for 64-bit systems.
SHA256 is an unkeyed cryptographic hashing method that generates a 256-bit hash outcome from an input of variable length.
The hash value of an APK file can be determined using Windows PowerShell, which defaults to employing the SHA256 algorithm.
The hash value will be altered in the event of any modifications made to the APK file. Conversely, the hash value will remain constant if no changes are made.
A partner can test their biometric ABIS’s with MOSIP’s Compliance Toolkit. In this document, we have provided the steps that can be followed by the partner to enable the ABIS testing.
The diagram below illustrates the CTK deployment architecture.
Below is a quick demonstration followed by steps to set up ABIS for testing.
Checkout MOSIP’s Mock Services from https://github.com/mosip/mosip-mock-services
. Make sure to checkout the code from develop branch.
Go to REPO_ROOT/mock-abis
.
For setting ABIS queue configuration, follow the steps below:
Step 1: Create registration-processor-abis.json
in the resources folder with the below details.
Step 2: Update the following details in application-local.properties
.
Step 3: Update the following details in config.properties
.
Step 4: Build the code with the command mvn clean install -Dmaven.test.skip=true -Dgpg.skip=true
.
If you are testing with newer queues, then you need to first create them manually in active mq
console.
After build is successful, place your ABIS jar in the \mock-abis
folder
create a bat file to run mock ABIS
.
Here LOCAL_PATH
is the installation folder path for the mosip-mock-service.
Once the mock ABIS service is running, check if the JAR is working using the Swagger available at URL: http://localhost:8081/v1/mock-abis-service/swagger-ui.html
In CTK ,for the ABIS project configure the below details:
Kibana houses ten CTK Dashboards, which aid in presenting data in a comprehensible and significant manner.
These dashboards facilitate continuous monitoring of data and system metrics. Users are able to establish visualizations that automatically update as new data is received.
Kibana needs environmental access.
Within the dashboard, search and filtering functionalities can be utilized.
It should be noted that the data stored in Kibana may not be completely secure. To mitigate risks, we have taken precautions such as excluding sensitive data columns and allowing only necessary information for dashboard visualization.
Let us see list of CTK dashboards.
CTK - Onboarded Partners
This dashboard shows the pie chart regarding the partners onboarded in CTK, based on the type of project, list of partner id along with count of projects created and SBI projects by purpose.
CTK - Active Partners, Testcase Trends
This dashboard describes most active partners in CTK, most successful top 20 testcases and most failed top 20 testcases.
CTK – Testcases
It displays all the CTK testcase details.
CTK - Top 5 Partners Successful Test Runs
It shows CTK - top 5 partners with successful test runs across all collections (including compliance collections).
CTK - Top 5 Partners Successful Test Runs for Compliance Collections
The dashboard describes top 5 partners with successful test runs for only compliance collections.
CTK - Biometrics Quality Report of BQAT SDK
It shows Biometrics Quality Report for scores given by BQAT SDK.
Here, to add more panels like above, click the Edit button. This will enable you to edit the dashboard. Then, click the Create Visualization button to create a new panel.
Select Index Pattern and set horizontal and vertical axis.
CTK - Biometrics Quality Report of SBI
The dashboard shows Biometrics Quality Report for scores given by SBI.
CTK - Biometrics Quality Report Scores Comparison
It compares the scores between different SDK and SBI.
CTK – Compliance Test Run Reports
The number of reports submitted for review and their status are displayed on this dashboard.
CTK- View Partner’s Test Run
Here we can view a partner's test run status based on partner id and test run ID.
The documentation is licensed under a Creative Commons Attribution 4.0 International License.
All MOSIP's core repositories are licensed under the terms of Mozilla Public License 2.0.
All trademarks are the property of their respective holders. Other products and company names mentioned herein may be trademarks and/or service marks of their respective owners.
To verify Key Rotation testcases, we have to generate 3 set of device certificates device.p12
.
• To generate device.p12 certificate, please follow the instructions given in
• In Compliance Tool kit, create a collection only with Key Rotation test case and Run Mock MDS.
• In CTK select respective device by performing Scan Device
operation and run key rotation
testcase.
• Stop the Mock MDS and rotate/change second Device.p12 in Keys folder.
• Relaunch mock MDS and select Continue
on CTK. Now CKT saved second device key information.
• When CTK asks to rotate the device key, then Stop the Mock MDS and rotate/change third Device.p12 in Keys folder.
• Relaunch mock MDS and select Continue
on CTK. Now CKT saved third device key information.
Note: Rotate the device key in the MDS/SBI as many times as setup in project configuration
CTK will provide a result of the overall key rotation testcase once the testcase has been run.
Name: CTK 1.4.1
Date: 25th Nov, 2024
Name: CTK 1.4.0
Date: 15th April, 2024
Name: CTK 1.3.0
Date: 5th January, 2024
Name: CTK 1.2.0
Date: 14th July, 2023
Name: CTK 1.0.0
Date: 19th February, 2023
Name: CTK 1.0.0
Date: 3rd February, 2023
Name: CTK 0.0.9
Date: 1st December, 2022
CTK Android App can be used to test the Android SBI specifications.
After downloading the APK in Android device, the registered partner can launch the app which will redirect them to the login screen in browser.
On successful login, a dashboard is displayed with the details of the existing SBI Projects. The partner can create new projects as well.
To test the SBI implementation, partner can create collection of testcases and run them following the same steps as in the CTK web application.
To know more, watch the video below!
Release Name: CTK 0.0.9 (Beta)
Upgrade From: NA (First Release)
Release Date: 1st December, 2022
The 0.0.9 version of MOSIP’s Compliance Tool Kit is the first beta release which covers the essential features to test an SBI and Biometric SDK which follows MOSIP’s biometric specifications. The subsequent releases will have more aggressive test scenarios and integration components (like ABIS, Manual Adjudication & Manual Verification systems).
The basic features such as,
Create a Project
Create a Collection
Run a Collection
View Details of a Test Run
Add Biometric Data
are available as part of the releases.
The current version can be used by the device and biometric SDK vendors to test their SBIs and SDKs.
As a part of the SBI test suite, we support the verification schema and signature verification of,
Interfaces
Device discovery
Device info
Capture
RCapture
Certification Level
L0
L1
Biometric Modalities
Fingerprints
Iris
Face
As a part of the SDK test suite in the current version, we support the verification of schema and interface level verification for,
Interfaces
Initialization
Quality Check
Matcher
Extractor
Converter
Biometric Modalities
Fingerprint
Iris
Face
The detailed list of the test cases for SBI and SDK in the 0.9.0 version of the Compliance Tool Kit is available here:
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Post installation please follow the setup steps available here.
The scope of testing revolved around verifying the compliance of the product as per the specifications published by MOSIP using the below devices:
The Windows Compliance tool kit was tested with the below specifications:
ABIS (Automated Biometric Identification System) Specifications were tested with Fingerprint, Iris and Face modalities as per MOSIP ABIS API specifications.
Secure Biometric Interface (SBI) with Compliance testcases collection and Quality Assessment testcases collection on below modalities
Registration devices for Iris, Face and Fingerprint
Authentication devices for Iris, Face and Fingerprint
Biometric SDK
Quality Check
Match
Extraction
Conversion
The Android Compliance tool kit app v1.4.0 was tested with the below specifications:
Secure Biometric Interface (SBI) with Compliance testcases collection and Quality Assessment testcases collection on below modalities
Registration devices for Iris, Face and Fingerprint
Authentication devices for Iris, Face and Fingerprint
MOSIP interfaces with an Automated Biometric Identification System (ABIS) to perform de-duplication of a resident's biometric data. A country may use multiple ABISs for the same biometric data and evaluate the best ABIS based on de-duplication quality. ABIS is used for 1:N de-duplication. For 1:1 authentication, Biometric SDK is used. MOSIP does not recommend using an ABIS for 1:1 authentication.
Test cases have been tested with MOSIP mock ABIS for compliance with the MOSIP specifications across 29 test cases.
Scenarios
Mock ABIS
Total
28
Passed
27
Pending
0
Failed
0
NA
1
Test Rate (%)
100%
Pass Rate (%)
100%
Out of scope: Real ABIS testing in CTK 1.4.0
The Secure Biometric Interface (SBI) is used to interface with biometric devices. The compliance tool kit was tested to ensure that the interface built by the device provider is following the specs and security rules defined in the SBI spec. The device hardware security features are not tested as part of compliance tool kit.
The ‘Android CTK app v1.4.0’ with ‘MOSIP Android Mock SBI’ has been tested for compliance with the specifications. Test cases specific to quality and user interactions have been tested with MOSIP Android mock SBI.
Scenarios
Finger
Iris
Face
Total
35
27
41
Passed
35
27
41
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
90%
100%
The Android CTK app v1.4.0
with MOSIP Android Mock SBI
has been tested for compliance with the specifications. Test cases specific to quality and user interactions have been tested with MOSIP Android mock SBI and real registration face SBI.
Scenarios
Finger
Iris
Face
Total
49
26
45
Passed
49
26
45
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The Windows CTK 1.4.0 with MOSIP windows Mock SBI
has been tested for compliance with the specifications.
Scenarios
Finger
Iris
Face
Total
35
27
41
Passed
35
27
41
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
The Windows CTK 1.4.0 with MOSIP windows Mock SBI
has been tested for compliance with the specifications.
Scenarios
Finger
Iris
Face
Total
55
29
48
Passed
55
29
48
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Out of scope: Real devices testing on Windows and android CTK v1.4.0.
The SDK implementation has been tested to support quality check, match, extraction, and conversion of biometrics. Test cases have been tested with MOSIP mock SDK.
Scenarios
With Mock SDK
Total
65
Passed
65
Pending
0
Failed
0
Test Rate (%)
100%
Pass Rate (%)
100%
Out of scope: Segmentation testing and Real SDK testing.
mosipqa/compliance-toolkit-batch-job:1.4.0
mosipqa/compliance-toolkit-service:1.4.0
mosipqa/compliance-toolkit-ui:1.4.0
mosipqa/postgres-init:develop
mosipid/config-server:1.1.2
mosipid/kernel-auditmanager-service:1.2.0.1-B1
mosipid/kernel-auth-service:1.2.0.1-B2
mosipqa/authentication-internal-service:release-1.2.0.1
mosipqa/authentication-otp-service:release-1.2.0.1
mosipqa/authentication-service:release-1.2.0.1
mosipid/kernel-keymanager-service:1.2.0.1-B2
mosipqa/keycloak-init:develop
mosipid/partner-management-service:1.2.0.1-B3
mosipqa/partner-onboarder:develop
mosipid/kernel-notification-service:1.2.0.1-B1
Currently, ABIS partners can successfully create SBI and SDK projects in CTK 1.4.0, although role-based constraints to restrict this functionality is planned for future release
This guide will help the partners in using the Compliance Took Kit portal.
Below are simple steps to use this portal:
The partners using the compliance tool kit should be registered partners in the system.
Login into CTK with the same credentials.
Partner can also select their preferred language while logging-in.
Create a project of type SBI / SDK / ABIS.
Create a collection by selecting the test cases that you want to test.
Provide the necessary details to connect to your device / SDK / ABIS service.
Execute the Test Run by running the collection.
For executing each test case, follow the instructions on the screen.
Once the entire collection is run, the results of the number of test cases passed or failed will be displayed.
You can see all the Test Run details as well. For example, the request sent to SBI, the response received from SBI, validations performed on the response and the result.
Test runs previously executed will be available in the Test Run history.
More collections can be created as per the test cases required.
On the CTK landing page, partners can view the introduction of the CTK portal and watch a video about CTK. Additionally, they can login or register by clicking the respective buttons. The landing page also provides links to other resources such as the GitHub repository, documentation, and partner details.
Additionally, it showcases several robust features of CTK, including its pre-defined test cases, validation mechanisms, and comprehensive reporting.
The landing page offers details about the SBI, Android SBI, SDK, and ABIS specifications. Furthermore, partners have the option to download the compliance toolkit APK by choosing the download button.
Partners utilizing the compliance toolkit must be registered in the system. Once registered, partners can log in to the compliance toolkit using the same credentials they used for registration in the Partner Management Portal.
The partner needs to enter the registered username or e-mail and password to log in.
The partner can select the language of their preference from the dropdown in the top-right corner of the screen. Thereafter, the application is displayed in the selected language. By default, CTK supports the following languages:
English
French
Arabic
Note: After registering, partners need to login the partner management portal to retrieve partner details.
After logging in, partners will encounter a Terms & Conditions popup window. Partner must accept these terms; otherwise, they will be logged out.
Also, upon logging in, partners will be prompted with a popup if there have been any changes to the Terms & Conditions since their last consent.
After accepting the Terms & Conditions, partners gain access to the Project Dashboard
by default. Additionally, they have the option to explore the Biometric Data Dashboard
and My Reports Dashboard
.
Project
: A project is a module that the partner wants to test. For example, if a device partner has developed a new version of their SBI for the fingerprint slap device, then, they can create a project in the compliance tool kit to verify this version of SBI.
Biometric Data
: As a part of the CTK, there is an option for the partner to upload their test data which can be used to verify the partner’s software. Currently, in MOSIP, we can upload test data for an SDK and ABIS.
My Reports
: Partners of CTK will be able to view the reports that they have submitted for review as well as the status of those reports.
Below are the possible activities as part of the Project Dashboard.
View all the projects on the dashboard
Create a new project
View a specific project
Archive a project
Move to the biometric data dashboard
Let us go through each of them in detail.
Once the partner logs into the compliance tool kit, they can view all the existing projects in the dashboard.
The project dashboard will display the following attributes of a project:
Name of the project
Project Type
Total number of collections in the project
Creation date and time of the project
Last time a collection in the project was run
Status of the last run on the project
The filter option in the dashboard will filter based on the name of the project, project type and the creation date and time.
On the Projects Dashboard, select the +Add Project
button.
The page will redirect the partner to the ‘Add a new Project’ page as shown below.
Enter a unique Project Name and select the Project Type. Currently, MOSIP supports three types of projects: SBI, SDK and ABIS
Based on the project type selected, the partner needs to enter the mandatory configurations before saving the project.
When the project type selected is SBI, the partner needs to provide/select the below configurations:
Spec Version: MOSIP SBI specification for which the SBI is built
Purpose: The purpose of the device
Device Type: The type of device
Device SubType: The Subtype of the device
SBI Hash: Encoded hash of SBI installation file
Website URL: Partner website URL
Device Images: The image of the device
Registration
Iris
Double
Registration
Iris
Single
Registration
Face
Full Face
Authentication
Finger
Single
Authentication
Finger
Touchless
Authentication
Iris
Single
Authentication
Iris
Double
Authentication
Face
Full Face
When the project type selected is SDK, the partner needs to provide the below configurations:
Base URL: URL where the SDK is deployed
Spec Version: MOSIP SDK specification for which the SDK is built
Purpose: Purpose of the SDK
SDK Hash: Encoded hash of SDK installation file
Website URL: Partner website URL
Test Data: Input data needed for the run
When the project type selected is ABIS, the partner needs to provide the below configurations:
Active MQ URL: URL where the ABIS is deployed
Modality: Combinations of different modality
Username: Username of Active MQ URL
Password: Password of Active MQ URL
Request Queue Name: Outbound Queue Name
Response Queue Name: Inbound Queue Name
Spec Version: MOSIP ABIS specification for which the ABIS is built
ABIS Hash: Encoded hash of ABIS installation file
Website URL: Partner website URL
Test Data: Input data needed for the run
Note: ABIS partner can only create ABIS project.
After entering data, partners can click Save Project
. Popup ask's partner to confirm the hash value and website URL before proceeding. Click on the Save
again to confirm if values are correct.
Once the project is saved, a successful message is displayed and a popup appears on the screen which when closed redirects the partner to the project dashboard (home).
Possible values for the Purpose attribute in SDK are:
Matcher
Check Quality
Extract Template
Convert Format
Once the project is created by the partner, they can download the encryption key.
Partner can download encryption key for Auth devices.
Details of a specific project can be viewed
By clicking on the name of the project, or,
By clicking on the option View
in the options section of the project row.
Once you click on the above-mentioned link, you will be redirected to the project details page of the specific project.
Click on the Biometric Data
button on the projects dashboard screen.
The partner will now navigate to the Biometric Test Data screen where they can add multiple biometric test data files.
Possible activities as a part of the Biometric Data Dashboard are:
View all the biometric data collected on the dashboard
Upload new biometric data
Download biometric data
Delete biometric data
Move to the project dashboard
To view the biometric test data collection, click on Biometric Data
on the Dashboard.
The biometric data dashboard should display the below attributes of a biometric data
Name of the biometric data
Type of data
Purpose of the data
The file name of the data
Creation date and time of the biometric data
Filter in the dashboard should be able to perform filter based on the name of the biometric data, type, purpose and creation date and time.
On the Biometric Test Data
page, click +Add Biometric data
, it redirects the partner to the Upload Biometrics Test Data
screen.
Provide a unique name for the biometric data
Based on the type selected, the partner needs to enter the respective mandatory details before saving the biometric data.
When the project type SDK is selected, the partner needs to provide the below details:
Purpose: The purpose of the test (SDK test type)
Test Data: The test data is to be uploaded as a ZIP
When the project type ABIS is selected, the partner needs to provide the below details:
Test Data: The test data is to be uploaded as a ZIP
Note: ABIS partner can only upload an ABIS biometric test data.
The Test Data section has two options Browse
and Download Sample File
.
The Browse
button will be the file explorer in the system for the partner to select the test data ZIP to be uploaded.
The Download Sample File
button will download a blank ZIP file with instructions in the README of the test case so that the partner can prepare and add biometric test data.
Once the test data is uploaded to the server it can be downloaded by the partner,
Clicking on the name of the biometric data in the biometric data, or,
Clicking on the Download Zip
in the options menu of the biometric data.
In this dashboard, users have the capability to view reports that have been submitted for review and they can download the submitted reports and check the current status of submiited report, providing a streamlined and efficient way to manage their submissions.
The My Reports Dashboard will display the following attributes of a report:
Project Type
Name of the project
Comments added by user while submitting report
Date when report was submitted
Date when report was approved/rejected
Comments of reviewer
Download or view the report document
Current status of the report
The filter option in the dashboard will filter based on the name of the project, project type and the creation date and time.
Users have the option to click on the Project Name
, allowing them to navigate directly to the view project dashboard for the respective project.
Users can simply click on the Download
button to retrieve the report submitted for the respective project.
A collection is a group of test cases selected by the partner for a particular project configuration. Inside a project, they can create multiple collections based on their choice of test cases selected. As part of the collection, they can perform the below activities:
Create a collection
View a collection
Run a collection
View the run history of a collection
Generate Draft Report for Compliance Collection
Archive a collection
To create a collection for a project:
Navigate to the project details page by clicking on the project name or View option in the options list.
By default, application will create a Compliance Collection
for the project, and it includes all the test cases that are based on project details.
Quality Assessment Collection
will only be added by default for SBI projects, and it includes only quality assessment testcases.
Click on the Add Collection
button and you will be redirected to the Add Collection screen.
Enter a unique name for the collection.
Select the test cases to be added to the collection
The test cases will be displayed in a tabular format with ID, Name, Description and Validator details.
Beside every test case, there will be a check box which needs to be selected by the partner.
After selecting the test cases, the partner can click on the Save Collection button to save the collection.
Once a collection is successfully created, there is a success popup shown and the partner is redirected to the Project details page.
Once a collection is created it is displayed on the Collection Dashboard which is available on the Project details page.
Few points to note:
A collection cannot be saved if no test cases are selected.
A collection name cannot be empty, the partner needs to provide a unique collection name before saving the collection.
Every collection row in the dashboard has the option to view the name of the collection, the number of test cases selected as a part of the collection, the creation date, the View Report, the Last Test Run and the Run history of the collection.
Once the partner creates a collection, they can view the collection details by clicking on the collection name.
Before running a collection in SBI, the partner needs to connect to a device without which they cannot proceed with testing.
The partner should click on the Scan Device
button in the Collection Dashboard as shown below.
This triggers a scan of all the configured ports in the system where the SBI is connected.
If any device connected with an SBI is found, the application asks the partner to select an available port and the device for running the test.
If any device is not found, an error popup is displayed to the partner with an option to Scan Again
.
Once the device is selected, the partner can click on the Save
button.
After the device is selected and saved in memory, the Run
button for the collections is enabled.
If a device is already scanned and selected before running the collection, the partner can choose to re-scan and select another device for running the test case.
If a device is selected, the partner can click on the Run
button to run the test case.
If the partner selects a Fingerprint Slap device but the collection is for a Double Iris device, then the test case is not executed. The partner will be shown an error message and asked to re-select the correct device. The combination validated here is for Purpose, Device Type and Sub Type as displayed below.
If the correct device is selected and the partner initiates the test run, the test case execution should start.
During the test run,
A progress bar will be shown with the percentage of tests execution completed
A timer to show the time elapsed during the execution
Option to close or cancel the test run
Option to initiate capture for a test case or resume run after completing the operation.
The test run also shows,
The total test cases getting executed for that run
The current test case name
Instructions (if any) for the partner to follow
Once the test execution is completed, the partner can see,
A high-level result with the number of test cases executed- with the number of test cases failed and the number of test cases passed in the run.
The partner can also see the time elapsed
They can also view the detailed test run report
Before running the SDK collection, the partner can change the Test Data
, the Base URL
and the SDK Hash
in the project settings
Click the Run
button of the specific collection.
The application now checks if the URL shared by the partner is accessible or not. If not accessible, the application shows an error message to the partner.
Once the run initiates with the proper URL, the execution should complete on its own and during the run, the partner can see:
A progress bar with the percentage of test execution completed.
A timer to show the time elapsed during the execution.
Option to close or cancel the test run.
Once the test execution is completed, the partner can see:
A high-level result with the number of test cases executed- with the number of test cases failed and the number of test cases passed in the run.
They can also see the time elapsed.
They also have the option to view the detailed Test Run
report.
Note: For a test run, the partner can select their data or MOSIP’s default data. But let us assume that the partner chooses their data, but in the ZIP file, they have missed adding data for a particular test case, then the system should take MOSIP’s data for the test case' execution.
Before running the ABIS collection, the partner can change the Username
, Password
, Queue names
, Test Data
, ABIS Hash
and the Actice MQ URL
in the project settings
Click the Run
button of the specific collection.
Once the run initiates with the proper URL, the execution should complete on its own and during the run, the partner can see:
A progress bar with the percentage of test execution completed.
A timer to show the time elapsed during the execution.
Option to close or cancel the test run.
Once the test execution is completed, the partner can see:
A high-level result with the number of test cases executed- with the number of test cases failed and the number of test cases passed in the run.
They can also see the time elapsed.
They also have the option to view the detailed Test Run
report.
Note: For a test run, the partner can select their data or MOSIP’s default data. But let us assume that the partner chooses their data, but in the ZIP file, they have missed adding data for a particular test case, then the system should take MOSIP’s data for the test case' execution.
The partner after completing a successful test run can view the detailed run by,
Clicking on the View Test Run
button once the test execution is completed.
Clicking on the View Last Test Run
option in the options section of the collection as shown below.
Once the partner selects the View Last Test Run
option, the application will redirect the partner to display the test run details as shown.
Clicking on the Test Run History
option in the options section of the collection and then click on the Details
button of the test run that they want to view
Once the partner clicks on Details
, it redirects the partner to the test details as shown above.
On the Test Run History page, the partner can view:
Run date
Overall run status
Total test cases in the collection
Test cases passed
Test cases failed
The partner will be able to view the details of any test run they wish.
On the Test Run details page, the partner can view,
List of the test cases in the collection
Test case ID
Test case Name
Status of the test case (Pass or Failed)
Execution status of the test case (Complete or Incomplete)
Option to view details of the test case
The details of the test case contain,
The request that was sent
The response that was received
The detailed status of validators that ran in the test case
The partner can only generate a Draft Report after running Compliance Collection
.
By default, Compliance Collection
will be added when the project was created.
Click the Run
button of the Compliance Collection.
Once the test execution is completed, the partner can see,
A high-level result with the number of test cases executed- with the number of test cases failed and the number of test cases passed in the run.
They also have the option to view the detailed Test Run
report.
Partner can create a Draft Report by clicking the Generate Draft Report
button.
Once the report is downloaded, the partner can view:
The downloaded draft report, which uses the project name as its filename.
A popup will appear to submit the report for review.
Partners need to check the downloaded Draft Report, which contains their details, project specifics, test cases, and the complete test run results. These results include the number of test cases executed, passed, and failed.
After reviewing the downloaded report, the partner can submit it for review by checking the checkbox in the popup window. They can then proceed by clicking the Send For Review
button to finalize the submission.
Once submitted the report, the Compliance Collection
cannot be rerun for the project. The partner can download the submitted report by clicking on the download icon.
The partner can only generate a QA Draft Report after running Quality Assessment Collection
.
By default, Quality Assessment Collection
will be added when the SBI project was created.
Click the Run
button of the Quality Assessment Collection.
After completing the test execution, the partner will be able to view the below mentioned results
A high-level result with the number of test cases executed- with the number of test cases failed and the number of test cases passed in the run.
They also have the option to view the detailed Test Run
report.
Partner can create a Quality Assessment Draft Report by clicking the Generate Draft Report
button.
Once the report is downloaded, the partner can view:
The downloaded QA draft report, which uses the project name as its filename.
A popup will appear to submit the report for review.
After downloading the report, partners can review the QA Draft Report. This report includes their details, project specifics, test cases, and a comprehensive summary of the test run results, including the number of test cases executed, passed, and failed.
This report also includes the biometric scores classification for each SDK and SBI.
After reviewing the downloaded report, the partner can submit it for review by checking the checkbox in the popup window. Following that, they can click the Send For Review
button to finalize the submission.
Once the report has been submitted, the ability to re-execute the Quality Assessment Collection
for the project is no longer available. Partners can retrieve the submitted report by clicking on the download icon.
When users with the special CTK Admin role access the application, they are granted access to the Partner Reports Dashboard. This dashboard serves as a centralized hub, offering a comprehensive overview of partner reports.
Below are the possible activities as a part of Partner Reports Tab of the Admin Dashboard.
Explore a comprehensive list of all reports that have been submitted.
Efficiently sort and examine reports based on their current status.
Download and view report submitted.
Access a preview of the project's test run associated with the submitted report.
Take decisive action on submitted reports by either approving or rejecting them.
Upon logging into the compliance toolkit and navigating to the Partner Reports Dashboard, the admin will be presented with a default view showcasing reports submitted for review.
The Partner Reports Dashboard will display the following attributes of a report:
Name of the partner
Organization name to which partner belongs to.
Type of project
Name of the project
Partner's comments about the report
Date when report was submitted
Current status of the report
Download or view the report document.
Access associated test runs and results.
Approve the report.
Reject the report.
The dropdown option in the tab allows you to filter reports based on their current status. There are three available options
Review (Default)
: Displays reports that are currently under review.
Approved
: Shows reports that have been approved.
Rejected
: Displays reports that have been rejected.
The filter option in the dashboard will filter based on the name of the project, project type and the creation date and time.
When you click on the download icon, the report will be downloaded. Admins can then view the downloaded report and make decisions based on the information it contains.
Admin can click on the View Test Run
link to access detailed information about the test run associated with the report.
After reviewing the downloaded report and verifying its content, the admin can choose to either approve or reject the report. Optionally, comments can be added to provide additional context or feedback during the decision-making process.
Approve Report
: After reviewing the downloaded report, if it meets the criteria and is deemed satisfactory, the admin can proceed to click on the Approve
button.
After selecting the Approve
button, a confirmation popup will be displayed to verify the approval action. Admins should review the information provided and, if satisfied, proceed by selecting the checkbox within the popup to finalize the approval.
After selecting the checkbox, the admin will be presented with an option to add optional comments, if needed, after that the admin can proceed by clicking the Approve
button to officially approve the report.
Reject Report
: After reviewing the downloaded report, if it does not meet the criteria, the admin can initiate the rejection process by clicking on the Reject
button.
After clicking the Reject
button, a popup will appear to confirm the rejection action. After reviewing the information, and once satisfied with the decision, the admin can proceed by checking the checkbox within the popup to finalize the rejection.
After selecting the checkbox, the admin will be presented with a comment box to add mandatory comments, specifying the reason for rejection. After providing the required comments, the admin can proceed by clicking the Reject
button to officially reject the report.
Compliance Toolkit has a batch job process that archives X number of test runs for each collection.
Consider this scenario: If there are 15 test runs, with an offset of 10, the most recent 10 will be retained, while the remaining 5 will be moved to an archival table. In the test-run-history, only the last 10 test run records are visible to partners.
CTK should be deployed with the required dockers.
compliance-toolkit-service: 1.0.0
compliance-toolkit-ui: 1.0.0
Dependent Service (dockers)
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Note:
Ensure that in the kernel-default.properties
, the value of mosip-toolkit-client
is set in auth.server.admin.allowed.audience
.If this was not set by default, then set it and restart kernel-auth-service
and compliance-toolkit-service
.
Check if the roles given to mosip-pms-client
should match with any of the roles for following config property.
This config property is available in: https://github.com/mosip/mosip-config/blob/${ENV_NAME}/kernel-default.properties
For Example:
mosip.role.keymanager.postverifycertificatetrust=ZONAL_ADMIN
, GLOBAL_ADMIN
, PMS_ADMIN
, PMS_USER
Then mosip-pms-client
should have any of the above roles.
Check that mosip-pms-client
has the role REGISTRATION_PROCESSOR
, PARTNER_ADMIN
, PMS_ADMIN
in Key Cloak.If this was not set by default, then set it and restart key manager
and compliance-toolkit-service
.
From the 1.0.0 version onwards, we need to generate an encryption key for CTK.
Create a new app id by directly inserting the below row.
Get the client token using auth manager swagger by calling endpoint.
https://api-internal.dev.mosip.net/v1/authmanager/authenticate/clientidsecretkey
Use generateMasterKey
endpoint to generate module-level certificate.
Directly download the certificate via key manager swagger getCertificate
with App Id as COMPLIANCE_TOOLKIT
and Ref Id as COMP-FIR
.
This certificate is to be used by SBI devices as the encryption key.
For Mock MDS, when running in Auth mode, update the below values in the application.properties file.
For REAL MDS/SBI.
You must communicate to the vendors to download the new encryption key from UI and give us an updated SBI which uses this encryption key.
It can be downloaded for Auth SBI projects from UI.
2. The resources folder would contain schemas, test data and test cases that need to be added to MinIO and DB.
1. Log in to MinIO from the browser.
2. Create a compliance-toolkit
bucket.
3. Create a new folder named testdata
in the above bucket and upload all test data zip files from the resources folder to this folder.
4. Create a new folder named schemas
in the above bucket and upload all sbi and sdk schemas, test case schema from the resources folder to this folder.
Note: There is no need to upload compliance_test_definitions_sbi.json
and compliance_test_definitions_sdk.json
.
5. Restart the pods after adding new files in MinIO.
1. Using Keycloak, create a new user for the compliance toolkit.
2. Make sure to add the email ID. Also, give the user GLOBAL_ADMIN
.
3. Log in to the compliance toolkit in your environment with above the Keycloak user.
5. Go to uploadResourceFile
the endpoint in ResourceManagementController
.
6. Select any one of the types which are mentioned in swagger and version (SBI or SDK).
7. Upload the schema and test data files from the resources folder in the project.
8. You can see the uploaded schema and test data files in the MinIO dev environment.
2. Open the resources folder in the project.
3. compliance_test_definitions_sbi.json
file has all the test cases in it.
4. Copy the test cases array from this file and prepare a request as shown below.
5. Request body for saveTestCases
request.
9. The same should be done for compliance_test_definitions_sdk.json
.
CTK should be deployed with the required dockers.
compliance-toolkit-service: 1.2.0
compliance-toolkit-ui: 1.2.0
To deploy Compliance Toolkit, we require the below mandatory services:
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1-B2
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
The Setup guide is a checklist for the three categories below:
Configuration Checks
Steps to load testdata, schemas and testcases
Steps to generate Android APK
Ensure that in the kernel-default.properties
, the value of mosip-toolkit-client
and mosip-toolkit-android-client
is set in auth.server.admin.allowed.audience
. If this was not set by default, then set it and restart kernel-auth-service
and compliance-toolkit-service
.
Ensure that in compliance-toolkit-default.properties
, CORS is enabled to allow access to mosip-toolkit-android-client
:
If this was not set by default, then set it and restart compliance-toolkit-service
.
Check if the roles given to mosip-pms-client
match with any of the roles for the following config property: mosip.role.keymanager.postverifycertificatetrust=XXX
For Example:
mosip.role.keymanager.postverifycertificatetrust=ZONAL_ADMIN
, GLOBAL_ADMIN
, PMS_ADMIN
, PMS_USER
Then mosip-pms-client
should have any of the above roles.
Check that mosip-pms-client
has the role REGISTRATION_PROCESSOR
, PARTNER_ADMIN
, PMS_ADMIN
in Key Cloak. If this was not set by default, then set it and restart keymanager
and compliance-toolkit-service
.
From the CTK v 1.0.0 version onwards, we need to generate an encryption key for CTK.
Create a new app id by directly inserting the below row.
INSERT INTO keymgr.key_policy_def(app_id, key_validity_duration, is_active,pre_expire_days, access_allowed, cr_by, cr_dtimes, upd_by, upd_dtimes, is_deleted, del_dtimes) VALUES ('COMPLIANCE_TOOLKIT', 1095, true, 60, 'NA', 'mosipadmin', '2022-11-28 09:00:40.822625', null, null, false, null);
Using the auth manager swagger URL, get the client token.
Swagger URL:
Endpoint:
Request:
Now using the key manager swagger URL, generate module level certificate.
Swagger URL:
Endpoint:
Request:
Directly download the certificate via key manager swagger URL and getCertificate
endpoint, with App Id as COMPLIANCE_TOOLKIT
and Ref Id as COMP-FIR
.
This certificate is to be used by SBI devices as the encryption key.
For Mock MDS, when running in Auth mode: update the below values in the application.properties
file.
For real MDS/SBI, the vendors can download the new encryption key from the UI and test with the updated SBI which uses this encryption key.It can be downloaded for Auth SBI projects from UI.
2. Project structure will be as shown below.
3. The resources folder has schemas, test data and testcases that need to be added to MinIO and DB.
1. Log in to MinIO from the browser.
2. Create a compliance-toolkit
bucket.
3. Create a new folder named testdata
in the above bucket.Upload MOSIP_DEFAULT_XXX.zip files from resources to it.
4. Create a new folder named schemas
in the above bucket. Upload all SBI, SDK and ABIS schemas along with subfolders in it.
5. Upload testcase_schema.json
from resources folder to `schemas folder.
6. There is no need to upload compliance_test_definitions_sbi.json
,compliance_test_definitions_sdk.json
and compliance_test_definitions_abis.json
7. Please restart the compliance pods after adding new files in minio to refresh the cache.
Alernately swagger endpoint can also be used to upload data in Minio. In this case there is no need to restart CTK services.
1. The swagger url is:
https://{api-internal-env-url}/v1/toolkit/swagger-ui/index.html?configUrl=/v1/toolkit/v3/api-docs/swagger-config
2. Using keycloak/ register option in CTK UI, create a new user for compliance toolkit.
3. Make sure to add the email ID. Also, give the role GLOBAL_ADMIN
.
4. Login to compliance toolkit in your environment from browser with the above Keycloak user.
5. Go to ResourceManagementController
in swagger and upload the schema alongwith testdata files.
6. Then, select any one of type mentioned above and also mention the version (SBI/SDK/ABIS Version).
7. Select the type of required file which you want to upload from resources
folder in project.
8. After execution you can see the response.
9. Check inside the MinIo in dev environment whether the files have been uploaded into it.
2. Open resources
folder in project.
3. compliance_test_definitions_sbi.json
file have all the test cases in it.
4. Copy test cases array from this file and prepare a request as shown below.
5. Request body for saveTestCases
request.
6. Then, execute it.
7. The same should be done for compliance_test_definitions_sdk.json
and compliance_test_definitions_abis.json
.
Once all the steps mentioned above are completed, you can trigger the Android APK build for your environment. https://github.com/mosip/mosip-compliance-toolkit-ui/actions/workflows/android.yml
You may need GitHub repository write access.
Add values for the URL’s according to your deployment env.
Ensure that all the deployment steps are followed as mentioned in the README.md files of the below repositories:
Below are details of some additional steps that you may need to follow so as to make CTK publicly available post the regular deployment.
Update the DNS records for the below mentioned domains to point to the public IP of nginx server associated with the corresponding cluster.
onboarder.sandbox.mosip.net ----> public IP of nginx server for Mosip cluster
sandbox.mosip.net ----> public IP of nginx server for Mosip cluster
pmp.sandbox.mosip.net ----> public IP of nginx server for Mosip cluster
iam.sandbox.mosip.net ----> public IP of nginx server for Observation cluster
Add the below mentioned domains in server_name
section of pubic nginx server.
sandbox.mosip.net
api.sandbox.mosip.net
compliance.sandbox.mosip.net
pmp.sandbox.mosip.net
Note: Replace “sandbox” appropriately.
Update the below mentioned istio ingress gateway to point to public IstioOperator:
Change spec.selector.istio: ingressgateway-internal to spec.selector.istio: ingressgateway as shown in the image below.
pmp-gateaway
compliance-toolkit-ui-gateway
keycloak
landing-page
Update below mentioned Istio virtualservice to add public gateway in spec.gateways:
3. Update Istio gateway in compliance toolkit EnvoyFilter compliance-toolkit-set-cookie-header to public gateway.
Update compliance-toolkit-ui.json to point
to api.sandbox.mosip.net
instead of api-internal.sandbox.mosip.net
.
Update pmp config.json
to point to api.sandbox.mosip.net
instead of api-internal.sandbox.mosip.net
.
Add mosip.api.external.url=https://${mosip.api.public.host}
property in compliance-toolkit-default.properties
file.
Update mosip.iam.module.redirecturi=${mosip.api.external.url}/v1/toolkit/login-redirect/
property in compliance-toolkit-default.properties
file.
Update mosip.iam.module.redirecturi=${mosip.api.external.url}/v1/partnermanager/login-redirect/
property in partner-management-default.properties
file.
Partners can select their preferred language while logging into CTK. By default, CTK supports three languages namely- English, French and Arabic.
To add support for an additional language, below are the steps to be followed:
Step 1: Add an additional language to the CTK login page.
Step 2: Add a new resource bundle (i18n JSON) file for the new language.
Step 3: Translate each page label.
Step 4: Translate validator description.
Step 5: Translate every testcase in the resource bundle.
Step 6: Translate all the service-generated validator messages.
Step 7: Translate all the service errors.
Step 8: Build and deploy the code.
Let us understand the steps mentioned above with more details.
The user can add a new language support to CTK via Keycloak.
to do so, create a locale for a new language in localization.
Add a new locale in the supported locales field.
For example: New locale es
for Spanish language.
It will be added to the CTK login page once the changes have been saved.
The i18n folder is available under assets folder in UI codebase.
Create a new JSON file in the folder.
For example: In Spanish language, the file name should be es.json
.
Copy the eng.json
data and paste it in es.json
.
When translating into a new language, we should solely translate only the right-side values using a translation service (such as Google Translate).
For example: Take the first page (Project Dashboard)
In each page, the labels are on the left and values are on the right.
The figure below highlights the page labels along with their values.
Also translate the labels on all pages.
All Validator descriptions have been added to the resource bundle. The names of validators are their labels, and their descriptions are their values.
Here is an example of validator description added in resource bundle.
Translate only the right-side values.
If a new validator is added, a resource bundle must be added as well.
Translate the values of testName, testDescription, and androidDescription. The code will use the testcase data in accordance with the testId.
If you add any new testcases in the future, you must include them in the resource bundle.
Here is an example of testcase added in resource bundle.
All the service-generated validator messages have been added based on the below cases.
For example:
case 1:
There are no arguments in this case.
Example of validator message in a resource bundle:
The validationResultDto
now contains an additional attribute called setDescriptionKey
. This will help to take validator messages from resource bundle.
Example code for setDescriptionKey:
case 3:
This case contains more than one argument in the validator message.
Example of validator message in a resource bundle:
{} – This will represents the arguments value.
Example code for setDescriptionKey:
Here ARGUMENTS_DELIMITER is ::
and ARGUMENTS_SEPARATOR is ;
Example of service errors added in a resource bundle given below.
Error codes are on the left and error messages are on the right.
You need to build code after completing the steps listed above.
After building, you can deploy the code.
1. Browse to .
4. Open the .
1. Open and go to saveTestCases
in test-cases-controller
.
This config property is available .
1. Browse
1. Open and go to saveTestCases
in test-cases-controller
.