Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 41 Next »

Description

Debbie is a tool used to validate certificates and signatures. Its REST interface allows an easy way to obtain a JSON response that indicates if a signature is valid and if it complies with a validation policy.

Its services can be configured to respond over an HTTP or HTTPS protocol.

Debbie runs over any JVM 1.8 and can be configured to run as a service on Windows or Linux OS. 

Also, a Docker distribution is available. 


Connectivity

To perform the certificates status validation, and depending on the elements and policies that are configured, Debbie requires access to the services provided by a Certificate Authority.

These services are usually accessible through HTTP, both for the publication of the List of Revoked Certificates (CRL) and for OCSP (Online Certificate Status Protocol) services. It is convenient that you consider this need.


Service & Policy

Debbie responds to the requests in each of the URLs defined in its configuration files. Each defined policy must have its own unique URL, and there cannot be a defined URL within another.

At least one policy must be defined so that the service can be started.


CertiSur, to perform tests of the service, makes available the following URL where the service can be accessed:

https://homo-debbie.certisur.com:4443/<tenant>

Related Product

Alison SDK js

Alison SDK allows a developer to integrate Alison Desktop in its pages in an easier way. Go to the Alison SDK documentation.

Alison Desktop

You can obtain the current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.


Distribution


Debbie is released in two different ways:

- A docker container,

- A .zip file to be installed as a service on Windows or Linux

To obtain a ZIP distribution, please contact CertiSur team at support@certisur.com.


CertiSur will share with you the .zip file in case you decide to use this option. But if you prefer the docker alternative, follow the below instructions:

Download Docker image

In order to download the images, the user must be registered in the aforesaid platform. Contact CertiSur to request access, and inform the Docker Hub profile to grant access to the docker image.

Step 1- Login using a Docker Hub account


Login Docker Hub
# docker login -u <docker hub account>
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

Inform your docker hub account

You have to inform your docker hub account in order to authorize to download the package. Send an email to support@certisur.com.


Security warning

It is possible to save the user’s credentials so as to login safely following the steps on this link(https://docs.docker.com/engine/reference/commandline/login/#credentials-store).

Step 2- Pulling an image from Docker


Downloading image
# docker pull certisursa/debbie:latest

latest: Pulling from certisursa/debbie
a02a4930cb5d: Pull complete
b5ffff9dbcda: Pull complete
...
7e5f58de12ac: Pull complete
Digest: sha256:332ee89371399b7c6235465beb00fbd2071868fecee33fc14d04b87ba99b265d
Status: Downloaded newer image for certisursa/debbie:latest
docker.io/certisursa/debbie:latest


Step 3- Run debbie docker image


Run Debbie
# docker run -d \
-it \
-p <external_port>:8080 \
-v <debbie_config_folder>:/app/config/ \
-v <debbie_log_folder>:/app/log/ \
-v <debbie_doc_repository_folder>:/app/repository/ \
debbie

Debbie default configuration

Debbie docker image includes an ACME tenant inside. You must overwrite that definition to include your own company or project tenants.


Step 4- Configure the docker image

It is necessary to overwrite the directory where the configuration of the tenants is located. The volume configuration explained below.

Volumes

The following volumes must be mounted on the Docker image to overwrite variables of each defined tenant.

Source (host)Path (container)Description
/home/opera/docker/debbie/config/app/configconfiguration files
/home/opera/docker/debbie/log/app/loglog files
/home/opera/docker/debbie/repository/app/repositorydoc repository




Configuration


To complete the configuration of Debbie, you must complete two main sessions:



Logging


Logger names are assembled from the name of the URL where the service is published. Every "." found in the **"url"** field is replaced by "\_".


A special logger is defined for the system itself, it is called "debbieLog". Each tenant has 2 potentials loggers: <tenant>Log and <tenant>Audit. The latter only generates validation outputs, both successful and failed.

case sensitive

All log configuration field values are case sensitive.


Each tenant can define its own logger file. Modify the following template to create your own log file. Replace <tenant> by your tenant name.


Tenant Logger Template
# ---------------------------------------------------------
# <tenant>
# ---------------------------------------------------------
# Logger del servicio <tenant> (Auditoria)
log4j.logger.<tenant>Audit=INFO, <tenant>Appender
log4j.additivity.<tenant>Audit=false

# <tenant> Appender
log4j.appender.<tenant>Appender=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.<tenant>Appender.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.<tenant>Appender.rollingPolicy.maxIndex=0
log4j.appender.<tenant>Appender.rollingPolicy.maxIndex=12
log4j.appender.<tenant>Appender.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.<tenant>Appender.triggeringPolicy.MaxFileSize=10240000
log4j.appender.<tenant>Appender.rollingPolicy.FileNamePattern=${app.log.dir}/<tenant>-audit-%i.log.gz
log4j.appender.<tenant>Appender.rollingPolicy.ActiveFileName=${app.log.dir}/<tenant>-audit.log
log4j.appender.<tenant>Appender.layout=org.apache.log4j.PatternLayout
log4j.appender.<tenant>Appender.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

# ---------------------------------------------------------
# Logger del servicio <tenant> (Sistema)
log4j.logger.<tenant>Log=INFO, <tenant>Appender1
log4j.additivity.<tenant>Audit=false
# <tenant> Appender
log4j.appender.<tenant>Appender1=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.<tenant>Appender1.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.<tenant>Appender1.rollingPolicy.minIndex=0
log4j.appender.<tenant>Appender1.rollingPolicy.maxIndex=12
log4j.appender.<tenant>Appender1.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.<tenant>Appender1.triggeringPolicy.MaxFileSize=10240000
log4j.appender.<tenant>Appender1.rollingPolicy.FileNamePattern=${app.log.dir}/<tenant>-system-%i.log.gz
log4j.appender.<tenant>Appender1.rollingPolicy.ActiveFileName=${app.log.dir}/<tenant>-system.log
log4j.appender.<tenant>Appender1.layout=org.apache.log4j.PatternLayout
log4j.appender.<tenant>Appender1.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n


Following is the content of the debbielog.properties configuration file included in with the validation service distribution.


debbie-log.properties example
# Logger default
log4j.rootLogger=INFO

# ---------------------------------------------------------
# System Logger
log4j.logger.debbieLog=INFO, debbieAppender
log4j.additivity.debbieLog=false
# Debbie Appender
log4j.appender.debbieAppender=org.apache.log4j.FileAppender
log4j.appender.debbieAppender.file=${app.log.dir}/debbie-system.log
log4j.appender.debbieAppender.file.MaxFileSize=10MB
log4j.appender.debbieAppender.file.MaxBackupIndex=10
log4j.appender.debbieAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.debbieAppender.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

# ---------------------------------------------------------
# ACME
# ---------------------------------------------------------
# ACME service Logger (Audit)
log4j.logger.acmeAudit=INFO, acmeAppender
log4j.additivity.acmeAudit=false

# ACME Appender
log4j.appender.acmeAppender=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.acmeAppender.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.acmeAppender.rollingPolicy.maxIndex=0
log4j.appender.acmeAppender.rollingPolicy.maxIndex=12
log4j.appender.acmeAppender.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.acmeAppender.triggeringPolicy.MaxFileSize=10240000
log4j.appender.acmeAppender.rollingPolicy.FileNamePattern=${app.log.dir}/acme-audit-%i.log.gz
log4j.appender.acmeAppender.rollingPolicy.ActiveFileName=${app.log.dir}/acme-audit.log
log4j.appender.acmeAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.acmeAppender.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

# ---------------------------------------------------------
# ACME service Logger (System)
log4j.logger.acmeLog=INFO, acmeAppender1
log4j.additivity.acmeAudit=false

# ACME Appender
log4j.appender.acmeAppender1=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.acmeAppender1.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.acmeAppender1.rollingPolicy.minIndex=0
log4j.appender.acmeAppender1.rollingPolicy.maxIndex=12
log4j.appender.acmeAppender1.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.acmeAppender1.triggeringPolicy.MaxFileSize=10240000
log4j.appender.acmeAppender1.rollingPolicy.FileNamePattern=${app.log.dir}/acme-system-%i.log.gz
log4j.appender.acmeAppender1.rollingPolicy.ActiveFileName=${app.log.dir}/acme-system.log
log4j.appender.acmeAppender1.layout=org.apache.log4j.PatternLayout
log4j.appender.acmeAppender1.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n


License


Depending on the kind of distribution used, you must request an extended license and install it. 

Before you request the new license, check that the following configuration is correct.

Configutation file
# IP where debbie listen
server.ip=<IP>

# Server port
server.port=8002  


Run the following command:

Request License Windows
c:> genlicense-win.bat


Request License Windows
# genlicense-linux.sh


Send the request code generated to support@certisur.com with the following additional information:

  • Company Name
  • Contact name
  • eMail 
  • Server Name (used to identify the request. It won't affect the license if you change this value in the future).
  • Environment (Develop/QA/Production)
  • Distribution (.zip file/docker)


You'll receive an email with the license, and included it into the configuration file like:

License
server.license=20190601014449:GeIdlvYetkRld5CjlcDfzK9/KjuonNKIanpJ9xLShXRf434343rfFfsdfv444x+Fa3Xmezu3Acg3dTqcYKZtUqMWWCygtzleivcH9iHsbGbT3TkiMQvZWruhroVg46j9IlHTmPPx234luNTv943b3ZP2kEaU00mwAkyKnr9UHl44c=


Restart Debbie and check into the log file that the new license is working.



  • No labels