Table of Contents

maxLevel	2
minLevel	2
indent	circle

Description

Debbie is a tool used to validate certificates and signatures. Its REST interface allows an easy way to obtain a JSON response that indicates if a signature is valid and if it complies with a validation policy.

Its services can be configured to respond over an HTTP or HTTPS protocol.

Debbie runs over any JVM 1.8 and can be configured to run as a service on Windows or Linux OS.

Also, a Docker distribution is available.

is available as a docker distribution or as a service (ASS).

If you need to run Debbie as a service on Windows or Linux OS platforms please contact us.

Connectivity

To perform the certificates certificate status validation, and depending on the elements and policies that are configured, Debbie requires access to the services provided by a Certificate Authority.

These services are usually accessible through HTTP, both for the publication of the List of Revoked Certificates (CRL) and for OCSP (Online Certificate Status Protocol) services. It is convenient that you consider this need.

Service & Policy

Debbie responds to the requests in each of the URLs defined in its configuration files. Each defined policy must have its own unique URL, and there these cannot be a defined URL within another.

At least one policy must be defined so that to start the service can be started.

CertiSur, to perform tests of the service, makes available the following URL where the service can be accessed:

https://homo-debbie.certisur.com:4443/<tenant>

following URL where the service can be accessed:

https://homo-debbie.certisur.com/<tenant>

Service configuration

The following section explains the parameters needed to configure a Debbie service deployment.

Tenant Policy Configuration

Every Debbie policy configuration file has two well-defined sections that must be configured in order to validate an End User Certificate for a given tenant.

Usage and Integration

The following section shows the different ways to request signature validations and how to interpret the corresponding responses.

Related Product

Alison SDK js

Alison SDK allows a developer to integrate Alison Desktop in into its pages in an easier way. Go to the Alison SDK AlisonJS documentation.

Alison Desktop

You can obtain the current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.

Distribution

Debbie is released in two different ways:

- A docker container,

- A .zip file to be installed as a service on Windows or Linux

To obtain a ZIP distribution, please contact CertiSur team at support@certisur.com.

CertiSur will share with you the .zip file in case you decide to use this option. But if you prefer the docker alternative, follow the below instructions:

Download ACME image

Step 1- Download the Docker image

In order to download the images, the user must be registered in on the aforesaid platform. Contact CertiSur to request access, and inform the Docker Hub profile to grant access to the docker image.

Login using a Docker Hub account:

Code Block

language	bash
theme	DJango
title	Login Docker Hub

# docker login -u <docker hub account>
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

Info

title	Inform your docker hub account

You have to inform your docker hub account in order to authorize to download of the package. Send an email to support@certisur.com.

Note

title	Security warning

It is possible to save the user’s credentials so as to login log in safely following the steps on this link(https://docs.docker.com/engine/reference/commandline/login/#credentials-store).

Step 2- Pulling an image from Docker

Code Block

language	bash
theme	DJango
title	Downloading image

# docker pull certisursa/debbie:latest

latest: Pulling from certisursa/debbie
a02a4930cb5d: Pull complete
b5ffff9dbcda: Pull complete
...
7e5f58de12ac: Pull complete
Digest: sha256:332ee89371399b7c6235465beb00fbd2071868fecee33fc14d04b87ba99b265d
Status: Downloaded newer image for certisursa/debbie:latest
docker.io/certisursa/debbie:latest

Step 3- Run

debbie

Debbie docker image

To run debbie Debbie container you have to execute the following command line:

Code Block

language	bash
theme	DJango
title	Run Debbie

# docker run -d \
-it \
-p <external_port>:8080 \
-v <debbie_config_folder>:/app/config/ \
-v <debbie_log_folder>:/app/log/ \
-v <debbie_doc_repository_folder>:/app/repository/ \
debbie

It is necessary to overwrite the directory where the configuration of the tenants is located. The volume configuration is explained below.

Volumes

The following volumes must be mounted on the Docker image to overwrite the variables of each defined tenant.

Source (host)	Path (container)	Description
/home/opera/docker/debbie/config	/app/config	configuration files
/home/opera/docker/debbie/log	/app/log	log files
/home/opera/docker/debbie/repository	/app/repository	doc repository

Step 4- Test

debbie

Debbie

Execute the following command to run the default debbie Debbie docker container

Code Block

language	bash
theme	DJango
title	Run Debbie

# docker run -d \
-it \
--name debbie \
-p 8080:8080 \
certisursa/debbie:latest

Open your browser pointing to http://localhost:8080/acme/healthcheck (or the port defined by you) to access the URL where you published your Debbie installation. You'll see the following image.

If you can see this image means that you have Debbie running into your docker container.

Info

title	Debbie default configuration

Debbie's docker image includes an ACME tenant inside. You must overwrite that definition to include your own company or project tenants.

Add Custom Tenant

After you have Debbie running on your own container, you can add a custom tenant following the next steps:

Step 5- Download a custom example (looney) and customize

Download the files from the following link looney-validation-demo.tgz.

Code Block

language	bash
theme	DJango
title	Sample Configuration Directories
collapse	true

├── debbie
│   ├── config
│   │   ├── certstore
│   │   │   ├── CertiSur.root.ClassB.G1.pilot.509.cer
│   │   │   └── CertiSur.shared.ClassB.G1.pilot.509.cer
│   │   ├── debbie.json
│   │   ├── debbielog.properties
│   │   └── policies
│   │       └── looney.policy.json
│   ├── logs
│   └── repository
└── docker-compose.yml

Configure your docker-compose file to mount the following volumes.

External directory	Container directory
`./debbie/config`	`/app/config`
`./debbie/repository`	`/app/repository`
`./debbie/logs`	`/app/log`

Note: ./debbie/config external directory is the directory included in the example tenant config file (looney-validation-demo.tgz) that you downloaded and stored on your local computer.

Step 6- Configure docker-compose.yml and restart the container

Use the previous variables and volume mappings to define the new configuration, in this example as a docker_compose.yml file.

Code Block

language	groovy
theme	DJango
title	docker-compose.yml

version: '3'

services:

  debbie:
    image: certisursa/debbie:latest
    volumes:
      - "./debbie/config:/app/config"
      - "./debbie/repository:/app/repository"
      - "./debbie/logs:/app/log"
    ports:
      - 8081:8080

Launch the container from a shell

Code Block

language	bash
theme	DJango

> docker-compose --verbose -f docker-compose.yml up -d

Open your browser pointing to http://localhost:8081/looney/healthcheck (or the port defined by you) to access the URL where you published your Debbie installation. You'll see the following image.

If you can see this image means that you have Debbie running into your docker container.

Configuration

To complete the configuration of Debbie, you must complete two main sessions:

Server Configuration: defines communication and connectivity.
Tenants Configuration: each tenant defines its own policy of validation. You have to configure at least one tenant.

Logging

Logger names are assembled from the name of the URL where the service is published. Every "." found in the **"url"** field is replaced by "\_".

A special logger is defined for the system itself, it is called "debbieLog". Each tenant has 2 potentials loggers: <tenant>Log and <tenant>Audit. The latter only generates validation outputs, both successful and failed.

Note

title	case sensitive

All log configuration field values are case-sensitive.

Each tenant can define its own logger file. Modify the following template to create your own log file. Replace <tenant> by your tenant's name.

Code Block

language	text
title	Tenant Logger Template

# ---------------------------------------------------------
# <tenant>
# ---------------------------------------------------------
# Logger del servicio <tenant> (Auditoria)
log4j.logger.<tenant>Audit=INFO, <tenant>Appender
log4j.additivity.<tenant>Audit=false

# <tenant> Appender
log4j.appender.<tenant>Appender=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.<tenant>Appender.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.<tenant>Appender.rollingPolicy.maxIndex=0
log4j.appender.<tenant>Appender.rollingPolicy.maxIndex=12
log4j.appender.<tenant>Appender.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.<tenant>Appender.triggeringPolicy.MaxFileSize=10240000
log4j.appender.<tenant>Appender.rollingPolicy.FileNamePattern=${app.log.dir}/<tenant>-audit-%i.log.gz
log4j.appender.<tenant>Appender.rollingPolicy.ActiveFileName=${app.log.dir}/<tenant>-audit.log
log4j.appender.<tenant>Appender.layout=org.apache.log4j.PatternLayout
log4j.appender.<tenant>Appender.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

# ---------------------------------------------------------
# Logger del servicio <tenant> (Sistema)
log4j.logger.<tenant>Log=INFO, <tenant>Appender1
log4j.additivity.<tenant>Audit=false
# <tenant> Appender
log4j.appender.<tenant>Appender1=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.<tenant>Appender1.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.<tenant>Appender1.rollingPolicy.minIndex=0
log4j.appender.<tenant>Appender1.rollingPolicy.maxIndex=12
log4j.appender.<tenant>Appender1.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.<tenant>Appender1.triggeringPolicy.MaxFileSize=10240000
log4j.appender.<tenant>Appender1.rollingPolicy.FileNamePattern=${app.log.dir}/<tenant>-system-%i.log.gz
log4j.appender.<tenant>Appender1.rollingPolicy.ActiveFileName=${app.log.dir}/<tenant>-system.log
log4j.appender.<tenant>Appender1.layout=org.apache.log4j.PatternLayout
log4j.appender.<tenant>Appender1.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

Following is the content of the debbielog.properties configuration file included in with the validation service distribution.

Code Block

language	text
title	debbie-log.properties example

# Logger default
log4j.rootLogger=INFO

# ---------------------------------------------------------
# System Logger
log4j.logger.debbieLog=INFO, debbieAppender
log4j.additivity.debbieLog=false
# Debbie Appender
log4j.appender.debbieAppender=org.apache.log4j.FileAppender
log4j.appender.debbieAppender.file=${app.log.dir}/debbie-system.log
log4j.appender.debbieAppender.file.MaxFileSize=10MB
log4j.appender.debbieAppender.file.MaxBackupIndex=10
log4j.appender.debbieAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.debbieAppender.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

# ---------------------------------------------------------
# ACME
# ---------------------------------------------------------
# ACME service Logger (Audit)
log4j.logger.acmeAudit=INFO, acmeAppender
log4j.additivity.acmeAudit=false

# ACME Appender
log4j.appender.acmeAppender=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.acmeAppender.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.acmeAppender.rollingPolicy.maxIndex=0
log4j.appender.acmeAppender.rollingPolicy.maxIndex=12
log4j.appender.acmeAppender.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.acmeAppender.triggeringPolicy.MaxFileSize=10240000
log4j.appender.acmeAppender.rollingPolicy.FileNamePattern=${app.log.dir}/acme-audit-%i.log.gz
log4j.appender.acmeAppender.rollingPolicy.ActiveFileName=${app.log.dir}/acme-audit.log
log4j.appender.acmeAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.acmeAppender.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

# ---------------------------------------------------------
# ACME service Logger (System)
log4j.logger.acmeLog=INFO, acmeAppender1
log4j.additivity.acmeAudit=false

# ACME Appender
log4j.appender.acmeAppender1=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.acmeAppender1.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.acmeAppender1.rollingPolicy.minIndex=0
log4j.appender.acmeAppender1.rollingPolicy.maxIndex=12
log4j.appender.acmeAppender1.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.acmeAppender1.triggeringPolicy.MaxFileSize=10240000
log4j.appender.acmeAppender1.rollingPolicy.FileNamePattern=${app.log.dir}/acme-system-%i.log.gz
log4j.appender.acmeAppender1.rollingPolicy.ActiveFileName=${app.log.dir}/acme-system.log
log4j.appender.acmeAppender1.layout=org.apache.log4j.PatternLayout
log4j.appender.acmeAppender1.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

License

Depending on the kind of distribution used, you must request an extended license and install it.

For .zip file distributions you will have to generate a license request code. Follow these steps to generate that code.

Code Block

language	text
title	Configutation file

# IP where debbie listen
server.ip=<IP>

# Server port
server.port=8002

Run the following command:

Code Block

language	bash
theme	DJango
title	Request License Windows

c:> genlicense-win.bat

Code Block

language	bash
theme	DJango
title	Request License Windows

# genlicense-linux.sh

Send an email to support@certisur.com with the following additional information:

Company Name
Contact name
eMail
Server Name (used to identify the request. It won't affect the license if you change this value in the future).
Environment (Develop/QA/Production)
Distribution (.zip file/docker)
License request code (if you generate one in the previous step)

You'll receive an email with the license, and included include it into the configuration file like:

Code Block

language	text
title	License

server.license=20190601014449:GeIdlvYetkRld5CjlcDfzK9/KjuonNKIanpJ9xLShXRf434343rfFfsdfv444x+Fa3Xmezu3Acg3dTqcYKZtUqMWWCygtzleivcH9iHsbGbT3TkiMQvZWruhroVg46j9IlHTmPPx234luNTv943b3ZP2kEaU00mwAkyKnr9UHl44c=

Restart Debbie and check into the log file that the new license is working.

Version	Old Version 45	New Version Current
Changes made by	Julio D'Angelo	Armando Carratala
Saved on	Jun 16, 2020	Nov 30, 2022

Versions Compared

Key

Description

Connectivity

Service & Policy

Service configuration

Tenant Policy Configuration

Usage and Integration

Related Product

Alison SDK js

Alison Desktop

Distribution

Download ACME image

Step 1- Download the Docker image

Step 2- Pulling an image from Docker

Step 3- Run

Debbie docker image

Volumes

Step 4- Test

Debbie

Add Custom Tenant

Step 5- Download a custom example (looney) and customize

Step 6- Configure docker-compose.yml and restart the container

Configuration

Logging

License

Content Comparison

Versions Compared

Key

Description

Connectivity

Service & Policy

Service configuration

Tenant Policy Configuration

Usage and Integration

Related Product

Alison SDK js

Alison Desktop

Distribution

Download ACME image

Step 1- Download the Docker image

Step 2- Pulling an image from Docker

Step 3- Run

Debbie docker image

Volumes

Step 4- Test

Debbie

Add Custom Tenant

Step 5- Download a custom example (looney) and customize

Step 6- Configure docker-compose.yml and restart the container

Configuration

Logging

License