Configuration

Variable Configuration

The variable configuration can be found in the t1c/t1c.conf file of the Trust1Connector's installation folder. This file contains certain properties and values that can be variable between different installations. Some values can be altered by the user or an administrator if so desired.

This is an example of an unactivated t1c.conf:

device {
    status=INACTIVE
}
environment {
    shared=false
}
registration {
    # ACC Key
    # apikey = "ec63f262-d205-4665-b68e-235055d0e8f0"
    # PROD KEY
    apikey = "aa30871a-5435-4480-a866-7dbec7e14eb8"
}
ssl {
    keystore-password = "password"
}
contextConfig {
    cors = [
        "*://localhost:*",
        "*.commfides.com",
        "*.t1t.io",
        "*.t1t.io:*"
    ],
    # If wildcardsAllowed is set to false, only origin headers matching entries in the cors array exactly will be allowed
    wildcardsAllowed = true
}
network {
    proxy {
        # If using a central proxy/gateway on infrastructure level, you can override the DS URL to use the
        # "gateway-or-proxy-url" value instead. The response from that server will still be validated against the
        # configured DS public key.

        # gateway-or-proxy-url = "https://myproxy.example.com"

        # Default "detect" value is false, so you need to override if you want the T1C to detect proxy host and port
        # settings. If the values of "host" and "port" are set, these will always be used and no automatic detection will
        # occur. If the values "username" "password", "protocol" or "nonProxyHosts" are set they will be used in
        # conjunction with the detected or overridden proxy host and port.

        # detect = false
        # host = "proxy.example.com"
        # port = 8080
        # username = "myuser"
        # password = "password"
        # protocol = "http"
        # non-proxy-hosts = [ "t1c.t1t.io" ]
    }
}

This is an example of an activated t1c.conf:

contextConfig {
    cors=[
        "*://localhost:*",
        "*.commfides.com",
        "*.t1t.io",
        "*.t1t.io:*"
    ]
    wildcardsAllowed=true
}
device {
    id="33535e2a1c63351f74d810ad060e261a6a11925ec442649a21068a405fdb4abd"
    status=ACTIVE
}
environment {
    shared=false
}
network {
    proxy {
        gateway-or-proxy-url: "https://acc-ds.t1t.io"
    }
}
registration {}
ssl {
    keystore-password=password
}

Context Config

The context configuration contains the CORS configuration. These values can be altered before startup, but if the Trust1Connector is configured to synchronize with the Distribution Service, they will be overridden at startup.

contextConfig {
    cors = [
        "*://localhost:*",
        "*.commfides.com",
        "*.t1t.io",
        "*.t1t.io:*"
    ],
    # If wildcardsAllowed is set to false, only origin headers matching entries in the cors array exactly will be allowed
    wildcardsAllowed = true
}

Property

Type

Description

cors

Array[String]

The list of allowed origins that are allowed by the Trust1Connector CORS filter

wildcardsAllowed

Boolean

Whether to allow the usage of * as wildcards in the CORS filter's allowed origins. If set to false (or absent) only requests whose origin header matches one of the entries in the allowed origins exactly will be allowed through.

Network Configuration

The network configuration contains the values pertaining to how the Trust1Connector connects to the Distribution Service. This allows administrators of customers in a B2B context to enable the Trust1Connector to be able to connect to the Distribution Service in a wide variety of network topologies

network {
    proxy {
        # If using a central proxy/gateway on infrastructure level, you can override the DS URL to use the
        # "gateway-or-proxy-url" value instead. The response from that server will still be validated against the
        # configured DS public key.

        # gateway-or-proxy-url = "https://myproxy.example.com"

        # Default "detect" value is false, so you need to override if you want the T1C to detect proxy host and port
        # settings. If the values of "host" and "port" are set, these will always be used and no automatic detection will
        # occur. If the values "username" "password", "protocol" or "nonProxyHosts" are set they will be used in
        # conjunction with the detected or overridden proxy host and port.

        # detect = false
        # host = "proxy.example.com"
        # port = 8080
        # username = "myuser"
        # password = "password"
        # protocol = "http"
        # non-proxy-hosts = [ "t1c.t1t.io" ]
    }
}

Property

Type

Description

proxy.gateway-or-proxy-url

String

If the Trust1Connector's configured DS is not reachable from the installed device's network, it is possible to override the configured DS URL with this value so that the traffic can be proxied over a gateway or proxy of your choice. This value is optional

proxy.host

String

If you need to configure a network proxy for outgoing requests, you can specify the host here. This value is optional

proxy.port

Integer

If you have configured a proxy host, you must specify a port

proxy.username

String

If the network proxy requires credentials, you can provide the username here. This value is optional

proxy.password

String

If the network proxy requires credentials, you can provide the password here. This value is optional

proxy.protocol

String

You can determine the protocol used by the proxy. M be either http or https. This value is optional

proxy.non-proxy-hosts

Array[String]

The hostnames for which the network proxy should not be used. This value is optional, but if a network proxy is configured, we strongly recommend adding the T1C hostname in this value

proxy.detect

Boolean

If you are uncertain of whether or not a proxy is required, you can set this value to true, and the Trust1Connector will make a best-effort attempt to detect a proxy host and port based on the OS network settings. This value is optional, and is ignored when both proxy.host and proxy.port values are set. Additionally, the detection is unable to detect settings such as username and password.

Proxy Detection

The network proxy detection feature that is enabled by setting the proxy.detect property to true is using multiple mechanism in an attempt to automatically detect and apply the system proxy settings. These mechanisms are:

  1. Setting the JVM property java.net.useSystemProxies to true

  2. Detecting the proxy settings via the java.net.ProxySelector class: It selects the proxy server to use, if any, when connecting to the network resource referenced by a URL, in this case the DS URL. A subclass of URLConnection class will call the select method for each URL request so that the proxy selector can decide if a direct, or proxied connection should be used. The select method returns an iterator over a collection with the preferred connection approach. If while iterating the proxy selector finds a proxy with a hostname and/or port, a proxy configuration will be created with these values and the proxy.protocol, proxy.username, proxy.password, and proxy.non-proxy-hosts (if they have been defined in the variable configuration.

  3. Finally, if an address and a port are found, they are also set respectively in the http.proxyHost and http.proxyPort JVM properties

Last updated