Hyperfridge

docker-compose-build.yml

@@ -0,0 +1,143 @@
+version: "3.2"
+
+ # Starts ebics-service with a libeufin as a banking backend
+
+
+services:
+  postgres: 
+    container_name: pg
+    image: postgres:11
+    restart: always
+    environment:
+      - POSTGRES_USER=pgrootuser
+      - POSTGRES_PASSWORD=pgrootpassword
+      - POSTGRES_DB=libeufindb
+      - POSTGRES_NON_ROOT_USER=pguser
+      - POSTGRES_NON_ROOT_PASSWORD=pgpassword
+      # - PGDATA="/var/lib/postgresql/data/pgdata"
+   # ports:
+     # - "5432:5432"  
+
+  libeufin: 
+    container_name: libeufin
+    # image: e36io/libeufin:hyperfridge
+    # local dev:
+    build:
+      context: ../LibEuFin
+
+    depends_on: 
+      - postgres
+    environment:
+      - LIBEUFIN_SANDBOX_URL=http://localhost:5016/
+      - LIBEUFIN_SANDBOX_DB_CONNECTION=jdbc:postgresql://postgres:5432/libeufindb?user=pgrootuser&password=pgrootpassword
+      - LIBEUFIN_NEXUS_DB_CONNECTION=jdbc:postgresql://postgres:5432/libeufindb?user=pgrootuser&password=pgrootpassword
+      - LIBEUFIN_NEXUS_URL=http://localhost:5000/
+      - LIBEUFIN_NEXUS_USERNAME=foo
+      - LIBEUFIN_NEXUS_PASSWORD=superpassword
+      - LIBEUFIN_SANDBOX_ADMIN_PASSWORD=superpassword
+      - LIBEUFIN_SANDBOX_USERNAME=admin
+      - LIBEUFIN_SANDBOX_PASSWORD=superpassword
+
+      - EBICS_BASE_URL=http://localhost:5016/ebicsweb
+      - POSTGRES_USER=pgrootuser
+      - POSTGRES_PASSWORD=pgrootpassword
+      - POSTGRES_HOST=postgres
+      - POSTGRES_DB=libeufindb
+      - DANGEROUSLY_DISABLE_HOST_CHECK=true
+
+      # not used because they are default values
+      # - CLIENT_PR_KEY_OUT=/app/keys/client_private_key.pem
+      # - CLIENT_PUB_KEY_OUT=/app/keys/client_public_key.pem
+      # - BANK_PUB_KEY_OUT=/app/keys/bank_public_key.pem
+
+    command: /app/scripts/init_libeufin_sandbox.sh
+    tty: true
+    stdin_open: true # without this node doesn't start; https://stackoverflow.com/questions/61857267/how-to-make-yarn-start-work-inside-docker-image-with-react-scripts-3-4-and-babel
+    ports:
+      - "5016:5016" # sandbox 
+      - "5001:5000" # nexus
+      - "3000:3000" # ui - login: foo/superpassword
+    expose:
+      - 5016
+      - 3000
+      - 5001
+    volumes:
+      - ./scripts:/app/scripts:rw
+      - ./keys:/app/keys:rw
+      - ./trace:/app/trace:rw
+
+  ebics-service: 
+    # image: e36io/ebics-service:hyperfridge
+    container_name: ebics
+    build: 
+      context: .    
+    depends_on: 
+      - libeufin
+    environment:
+       - spring_profiles_active=sandbox
+       - LIBEUFIN_SANDBOX_URL=http://libeufin:5016 # overwrite localhost in configs
+       - LIBEUFIN_NEXUS_URL=http://libeufin:5000
+       - LIBEUFIN_SANDBOX_ADMIN_PASSWORD=superpassword
+       - LIBEUFIN_SANDBOX_USERNAME=admin
+       - LIBEUFIN_SANDBOX_PASSWORD=superpassword
+       - FRIDGE_OUT_DIR=file:/app/work_out/
+    ports:
+      - "8093:8093"
+    expose:
+      - 8093      
+    volumes:
+      - recipie-dir:/app/work_out/:rw
+
+  hyperfridge: 
+    container_name: fridge
+    # image: e36io/hyperfridge-r0:latest
+    build: 
+      context: ../hyperfridge-r0
+      dockerfile: ${DOCKERFILE:-DockerfileLinux}   # Default to DockerfileLinux, override with DOCKERFILE environment variable if provided
+
+    environment:   
+      # for watchdog.sh which generates a new proof in /app/out/ as soon as new file ebics file is dedected in /app/in/
+      - CLIENT_PR_KEY=/app/keys/client_private_key.pem
+      - CLIENT_PUB_KEY=/app/keys/client_public_key.pem
+      - BANK_PUB_KEY=/app/keys/bank_public_key.pem
+      - WITNESS_PUB_KEY=/data/pub_witness.pem
+      - WITNESS_PR_KEY=/data/witness.pem
+      - IN_DIR=/app/in/
+      - WORK_DIR=/app/work/
+      - OUT_DIR=/app/out/
+      - HOST_CMD=/app/host
+    command: /data/watchdog.sh
+    working_dir: /data
+    volumes:
+      - recipie-dir:/app/out/:rw
+      - ./keys/:/app/keys/:ro
+      - ./trace:/app/in:ro
+      # for DEV
+      # - /home/w/workspace/hyperfridge-r0/data/checkResponse.sh:/data/checkResponse.sh
+      # - /home/w/workspace/hyperfridge-r0/data/watchdog.sh:/data/watchdog.sh
+
+  pgadmin: 
+    profiles:
+      - dev      
+    container_name: dbadmin
+    image: dpage/pgadmin4:7.6
+    environment:
+      PGADMIN_DEFAULT_EMAIL: admin@example.com
+      PGADMIN_DEFAULT_PASSWORD: root
+      MAX_LOGIN_ATTEMPTS: '15'  # Ensure this is a string, not a number
+      POSTGRES_USER: pgrootuser
+      POSTGRES_PASSWORD: pgrootpassword
+      POSTGRES_HOST: postgres
+      POSTGRES_DB: libeufindb
+      DANGEROUSLY_DISABLE_HOST_CHECK: 'true'  # Ensure this is a string, not a boolean
+
+    depends_on: 
+      - postgres
+    volumes:
+      - /home/w/pgadmin:/var/lib/pgadmin:rw
+    user: root
+    ports:
+      - "53603:53603"
+      - "8081:80" #mapped on w.e36.io:35050; admin@example.com root; add server medi medi medi
+volumes:
+  recipie-dir:      

docker-compose.yml

@@ -89,8 +89,6 @@ services:
       - recipie-dir:/app/work_out/:rw
 
   hyperfridge: 
-    # profiles:
-    #   - dev      
     container_name: fridge
     image: e36io/hyperfridge-r0:latest
     # build: 

docs/TEST.md

@@ -1,47 +1,49 @@
 # Tests
 
-## Run unit tests 
+## Clone repo and run unit tests 
 
-![Coverage](../.github/badges/jacoco.svg)
+Run tests for the ebics-java-client on linux or MacOs - it mounts sources into a gradle docker container with java and the maven build tool - so you do not need to install java or gradle on your local machine:
 
-Run tests for the ebics-java-client on linux - it mounts sources into a gradle docker container with java and the maven build tool - so you do not need to install java or gradle on your local machine:
+    git clone git@github.com:element36-io/ebics-java-service.git
 
-    git clone  https://github.com/element36-io/ebics-java-service.git
     cd ebics-java-service
+    # we test on hyperfridge branch
+    git checkout hyperfridge
     docker run -it -v $PWD:/app -w /app  gradle:6-jdk11 gradle clean test
 
 
-On your host machine, test results are stored `./build/reports/tests/test/index.html`, test documents are stored in `./out`. With minimum Java 8 and Maven run tests on your host machine with `gradle test`, again see `./build/reports/tests/test/index.html` for test results.
-
-For test coverage: `./build/reports/jacoco/test/html/index.html`.
-Test for vulnerabilities `gradle dependencyCheckAggregate`- see report in `./build/reports`.
+On your host machine, test results are stored `./build/reports/tests/test/index.html`, test artefacts (ebics files) are stored in `./out`. 
 
 If you are interested in the Ebics Client implementation as well, look [here](https://github.com/element36-io/ebics-java-client/blob/master/README.md).
+The banking backend is simulated with LibEuFin - look [here](https://github.com/element36-io/LibEuFin). 
 
-# Run with docker 
+# Run and test with Docker 
 
-Checkout [hyperfridge](https://github.com/element36-io/hyperfridge-r0) and [banking backend](https://github.com/element36-io/LibEuFin) at same directory as ebics-java-service to build images locally:
+This starts several docker images: ebics-java-service uses APIs of libeufin which uses Postgres. We use 'watchdog.sh' from the hyperfridge image to scan directory for new banking documents which triggers generation of STARK proofs.  
+
+    docker compose pull
+    docker compose up -d
+    # optional
+    docker compose logs -f
 
-    git clone git@github.com:element36-io/LibEuFin.git
-    cd LibEuFin
-    ./bootstrap
-    cd ..
-    git cline git@github.com:element36-io/XXXXXXX.git
+Startup will may take a couple of minutes. You should be able to [open Swagger](http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/) and log into [banking bankend](manual/manual.md) with 'foo' and 'superpassword'.
 
-Build on Linux: 
+We tested on Linux and MacOs, with issues of building the R0 framework on a Macbook PRO M3 in a container. Anyway, starting containers with pre-made images should be fine. In case you want to build all images locally, check [here](docker-build.md). 
 
-    cd ebics-java-service
-    docker compose build
+## Test API and download ZK proof
 
-On Mac: 
+We use 'bash', make sure curl and wget are installed. Versions in comments (from MacOs) are just informative: 
 
-    cd ebics-java-service
-    DOCKERFILE=DockerfileMacOs docker compose build
+
+    wget --version
+    # GNU Wget 1.24.5 built on darwin23.2.0.
+    curl --version
+    # curl 8.4.0 (x86_64-apple-darwin23.0) libcurl/8.4.0 (SecureTransport) 
+    # LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.58.0
 
 
-## Test API and download ZK proof
 
-First create a Payment on the banking backend:  
+First create a Payment on the banking backend. Expect HTTP status 200 but no output. 
 
     curl -X 'POST' \
         'http://localhost:8093/ebics/api-v1/createOrder' \
@@ -73,25 +75,37 @@ Download daily statement which should inluce prior payment and the STARK:
     curl -X 'GET' \
         'http://localhost:8093/ebics/api-v1/bankstatements' \
         -H 'accept: */*' -o result.json
+    ls result.json
 
-Extract the filename of the proof and download it: 
+
+You should see the output of 'ls result.js'. 
+
+Next we extract the filename of the proof and download it: 
 
     PROOF=$(cat result.json | grep \
     -o '"receiptUrl":"[^"]*"' | cut -d'"' -f4)
     wget "http://localhost:8093/ebics/$PROOF" -O receipt.json
 
-Verify the proof with the verifier: 
+You should see something like '‘receipt.json’ saved [10423/10423]' as output. 
+
+Now verify the proof with the verifier: 
 
     # we need the image id and the receipt
-    imageid=$(docker run fridge cat /app/IMAGE_ID.hex)
-    docker cp receipt.json fridge:/app/receipt.json 
-    docker exec -it -e RISC0_DEV_MODE=true fridge verifier \
+    imageid=$(docker compose run hyperfridge cat /app/IMAGE_ID.hex)
+    docker compose cp receipt.json hyperfridge:/app/receipt.json 
+    docker compose exec -it -e RISC0_DEV_MODE=true hyperfridge verifier \
         verify --imageid-hex="$imageid" --proof-json="/app/receipt.json"
 
+The output start with "Ok": 
+
+    Ok(Commitment { hostinfo: "host:main", iban: "CH4308307000289537312", stmts: [] })
+
+Remark: The empty array for 'stmts' is because we started to work on profing individual transactions. 
+This is not part of the grant but we plan to include if it can be done withing reasonable time.   
 
 ## Test API manually with Swagger
 
-Open [Swagger](http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/) in your
+Open [Swagger/OpenAPI](http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/) in your
 browser and test the API and follow instructions [here](manual/manual.md) for a manual test.
 
 

docs/docker-build.md

@@ -0,0 +1,51 @@
+# Build locally with docker
+
+Clone repos which are necessary into the parent directory of ebics-java-service. 
+
+
+    git clone git@github.com:element36-io/LibEuFin.git
+    cd LibEuFin
+    git checkout hyperfridge
+    # needed by the LibEuFin framework to initialize linked repos
+    ./bootstrap
+
+Clone the code which creates STARK proofs: 
+
+    cd ..
+    git clone git@github.com:element36-io/hyperfridge-r0.git
+
+
+Build locally (about 1 hour) - note speciality for Linux vs. MacOs:
+
+    cd ..
+    cd ebics-java-service
+    docker compose -f docker-compose-build.yml build
+
+On MacOs - also make sure that Docker gets enough ressources: 
+
+    DOCKERFILE=DockerfileMaxOs docker compose -f docker-compose-build.yml build
+
+On a Appro Macbook PRO M3, the risc-zero built may be failing, whereas on older Macs it works.  Modify 'docker-compose-build.yml' to swith local build on and off, e.g. for hyperfridge look for:  
+
+    hyperfridge: 
+        container_name: fridge
+        # image: e36io/hyperfridge-r0:latest
+        build: 
+        context: ../hyperfridge-r0
+
+and change to: 
+
+   hyperfridge: 
+        container_name: fridge
+        image: e36io/hyperfridge-r0:latest
+        # build: 
+        # context: ../hyperfridge-r0
+
+
+Start container
+
+    docker compose -f docker-compose-build.yml up -d
+    docker compose -f docker-compose-build.yml logs -f
+
+
+

docs/manual/manual.md

@@ -1,6 +1,8 @@
 # UI Tests
 
-Use Swagger for API call: 
+Use OpenAPI/Swagger to crate a payment and doenload the Proof: [http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-do](http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/)
+
+Login with: foo/superpassword
 
 ## Create a payment
 
@@ -12,7 +14,6 @@ Hit Execute.
 
 ## Generate Dailay Statement 
 
-
 ![Click Endpoint ](4.png)
 ![Try It ](5.png)
 ![Change Amount ](6.png)
@@ -22,6 +23,5 @@ Note the receiptUrl for later download:
 
 ## Download the proof
 
-Add the value of recieptUrl to 'http://localhost:8093/ebics/':
-
-http://localhost:8093/ebics/receipt_XXXXXXXXXXXX.json
+Replace XYZ with the value of recieptUrl to download the proof:  
+http://localhost:8093/ebics/receipt_XYZ.json

docs/milestones.md

@@ -10,14 +10,14 @@
 | ----- | ----------- | ------------- | ------ |
 | 0a. | License | Apache 2.0  | [Link to Licence](https://github.com/element36-io/ebics-java-client?tab=LGPL-2.1-1-ov-file) |
 | 0b. | Documentation | We will provide both inline documentation of the code and a basic tutorial that explains how a user can start the backend and send test transactions, which will show how the new functionality works.| [Link to Documentation Root](https://github.com/element36-io/ebics-java-service?tab=readme-ov-file) |
-| 0c. | Testing Guide | Adapt unit tests of core functions and test data to ensure functionality and robustness of the overall system (bridge and proofs). In the guide, we will describe how to run these tests.  | [Testing Guide](TEST.md)|
-| 0d. | Docker | We will provide a Dockerfile(s) that can be used to test all the functionality delivered with this milestone. |[Testing Guide: "Run with Docker"](TEST.md)|
-| 1. | Generate Receipt | Retrieve data form backend and generate receipt (proof) using the proving system.  | [Testing Guide: Run with Docker](TEST.md)|
-| 2. | Provide API | We will provide an application based on Spring-Boot that will contain `getBankstatements():Statement[]` (which includes account balance),  `createOrder (OutgoingPayment)` and `simulatePayment(Payment)`  as a REST interface as [described](#b-bank-account-rest-api). The recipe data is added in the [backend API](http://w.e36.io:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/#/) `/ebics/api-v1/bankstatements`` with two new fields in the top level of the JSON-response: `recipeiUrl` so that clients can use a public verifier to check the proof. | [Testing Guide](TEST.md), go to "Test API manually with Swagger"|
-| 3. | Provide Banking-UI | Show a UI to see the status of banking backend (show accounts, transactions etc). We will use [LibEuFin](https://github.com/element36-io/ebics-java-service/blob/main/docs/SANDBOX.md) - same as in our first grant. | [Testing Guide](TEST.md), got to "Login to simulated banking backend UI"|
+| 0c. | Testing Guide | Adapt unit tests of core functions and test data to ensure functionality and robustness of the overall system (bridge and proofs). In the guide, we will describe how to run these tests.  | See [Testing Guide](TEST.md#clone-repo-and-run-unit-tests).|
+| 0d. | Docker | We will provide a Dockerfile(s) that can be used to test all the functionality delivered with this milestone. |[Testing Guide: "Run with Docker"](TEST.md#run-and-test-with-docker), got to "Run and test with Docker". |
+| 1. | Generate Receipt | Retrieve data form backend and generate receipt (proof) using the proving system.  | [Testing Guide](TEST.md#test-api-and-download-zk-proof), go to Test API and download ZK Proof.|
+| 2. | Provide API | We will provide an application based on Spring-Boot that will contain `getBankstatements():Statement[]` (which includes account balance),  `createOrder (OutgoingPayment)` and `simulatePayment(Payment)`  as a REST interface as [described](#b-bank-account-rest-api). The recipe data is added in the [backend API](http://w.e36.io:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/#/) `/ebics/api-v1/bankstatements`` with two new fields in the top level of the JSON-response: `recipeiUrl` so that clients can use a public verifier to check the proof. | [Testing Guide](TEST.md#test-api-manually-with-swagger), go to "Test API manually with Swagger" and follow instructions of screenshots. |
+| 3. | Provide Banking-UI | Show a UI to see the status of banking backend (show accounts, transactions etc). We will use [LibEuFin](https://github.com/element36-io/ebics-java-service/blob/main/docs/SANDBOX.md) - same as in our first grant. | [Testing Guide](TEST.md#login-to-simulated-banking-backend-ui), go to "Login to simulated banking backend UI" on [localhost:3000](localhost:3000),  foo/superpassword |
 | 4. | Unit Tests | We will adapt unit tests and test data to cover creating and validating proofs.  | [Testing Guide](TEST.md), go to "Run unit tests" on top of the document.|
 | 5. | Repository | Repository will be the existing repo [ebics-java-service](https://github.com/element36-io/ebics-java-service)  | [ebics-java-service](https://github.com/element36-io/ebics-java-service)  |
-| 6. | Backend-Docker | Provide docker-compose images for setting up banking API wrapper, LibEuFin proxy for banking-API. Set up test data in the backend via script and run tests which include the proving system.  | [Testing Guide](TEST.md) - when starting services with docker compose. Test data and scripts [here](../scripts/). |
+| 6. | Backend-Docker | Provide docker-compose images for setting up banking API wrapper, LibEuFin proxy for banking-API. Set up test data in the backend via script and run tests which include the proving system.  | [Testing Guide](TEST.md) - when starting services with docker compose. For data and scripts see [here](../scripts/), especially init_libeufin_sandbox.sh |
 | 7. | Swagger | Provide Swagger docu for the backend. |  [localhost:8093](http://localhost:8093/ebics/swagger-ui/?url=/ebics/v2/api-docs/#/) |
 
 

keys/bank_public_key.pem

@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8lqYMCn4etXrj8bCmRN
-d5k7HO2LFptyMXH9pbW6jGCBZvkOMLAV5JXaRkjygX53PgQ9UMH/4RxIgyFLurxY
-PnqWdV+BXn1hFPtUBGnRLHvXMpq4lcQ4NUq7u6U0QXr8WIMuYV1XB+HCSweJiWhD
-wPMKHjIuqnW0uamoPIPmj6ZYUdyTQXkH0rtCIIYge0dQ0d47w95o+DSYn2ZX6FBx
-4BpcoVHRs7sK+HyURJU6dgtdnuC0p5DD1ageExUuUhSht5QBXVycxmOMmxIGyfRi
-Do7WEIzxReMshVZt2UlVqM6Ok/GYGEePt8k46foHN4YRDHEQz8UyAD5yXa+G+g+l
-LQIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj+RTpXTRk4Ej7koLlBe
+AtMCpvP2+nWcaSuQv74YfZ+iEGvE9532BFmBfuMJsXgXYsOPgeogVyHul/zIEAsK
+CymXO9/52gms/SCdRvbSOHErFpnjixa7lOomViegG3sxFWpVTazVFh85gxk/r38E
+LEtSt9T+GRYlTiBl7U7qR3wOueNB+El9GsmLVHHI9j10Hexcfjd+KU7m6D4ZmJ3b
+cSIW0nNLxMvuNYi4PtJ772B63co9ttJF/jF1U9krIbusPvSHuFcL/OENGearLtAv
+ZJCgDyce6ryPhEs0/+0IfJAWioz3dYqmGVGLkbvyzcehyt5nNUl4rvjgOUpaD35l
+gQIDAQAB
 -----END PUBLIC KEY-----