v6.0.0

gematik · May 27, 2024 · d35cbc9 · d35cbc9
1 parent eace8d3
commit d35cbc9
Show file tree

Hide file tree

Showing 79 changed files with 2,657 additions and 156 deletions.
diff --git a/README.md b/README.md
@@ -27,7 +27,10 @@ To execute integration tests you have to set the environment variable where the
 
 In order to run the integration tests (= testsuite) follow the instruction listed under "Test an external sectoral IDP".
 
-The key `gsi-server/src/main/resources/keys/ref-es-sig-privkey.pem` can be published and was therefore added for unit tests.
+The keys
+`gsi-fedmaster/src/main/resources/keys/ref-fedmaster-sig-privkey.pem`
+`gsi-server/src/main/resources/keys/ref-gsi-sig-privkey.pem`
+are added for unit tests only and can be published.
 
 ### Test an external sectoral IDP (e.g. your own server)
 
@@ -53,3 +56,69 @@ The key `gsi-server/src/main/resources/keys/ref-es-sig-privkey.pem` can be publi
 eyJhbGciOiJFUzI1NiIsInR5cCI6ImVudGl0eS1zdGF0ZW1lbnQrand0Iiwia2lkIjoicHVrX2lkcF9zaWcifQ.eyJpc3MiOiJodHRwczovL2dzaS5kZXYuZ2VtYXRpay5zb2x1dGlvbnMiLCJzdWIiOiJodHRwczovL2dzaS5kZXYuZ2VtYXRpay5zb2x1dGlvbnMiLCJpYXQiOjE3MDY3OTA1MjEsImV4cCI6MTcwNzM5NTMyMSwiandrcyI6eyJrZXlzIjpbeyJ1c2UiOiJzaWciLCJraWQiOiJwdWtfaWRwX3NpZyIsImt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiTXE5MzNGVF9WOHhkMVRrZkIwcEgwMmQ2Y3gyYm1VUy1ieEh1QnRBMXlmcyIsInkiOiI1dXdmOHBoVWJXSWk5MkNxZ2dsTTk0ZnQtRkM0TUhIODM2a2hzd282cHBvIiwiYWxnIjoiRVMyNTYifSx7InVzZSI6InNpZyIsImtpZCI6InB1a19mZWRfaWRwX3Rva2VuIiwia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJNcTkzM0ZUX1Y4eGQxVGtmQjBwSDAyZDZjeDJibVVTLWJ4SHVCdEExeWZzIiwieSI6IjV1d2Y4cGhVYldJaTkyQ3FnZ2xNOTRmdC1GQzRNSEg4MzZraHN3bzZwcG8iLCJhbGciOiJFUzI1NiJ9XX0sImF1dGhvcml0eV9oaW50cyI6WyJodHRwczovL2FwcC10ZXN0LmZlZGVyYXRpb25tYXN0ZXIuZGUiXSwibWV0YWRhdGEiOnsib3BlbmlkX3Byb3ZpZGVyIjp7Imlzc3VlciI6Imh0dHBzOi8vZ3NpLmRldi5nZW1hdGlrLnNvbHV0aW9ucyIsInNpZ25lZF9qd2tzX3VyaSI6Imh0dHBzOi8vZ3NpLmRldi5nZW1hdGlrLnNvbHV0aW9ucy9qd3MuanNvbiIsIm9yZ2FuaXphdGlvbl9uYW1lIjoiZ2VtYXRpayBzZWt0b3JhbGVyIElEUCIsImxvZ29fdXJpIjoiaHR0cHM6Ly9nc2kuZGV2LmdlbWF0aWsuc29sdXRpb25zL25vTG9nb1lldCIsImF1dGhvcml6YXRpb25fZW5kcG9pbnQiOiJodHRwczovL2dzaS5kZXYuZ2VtYXRpay5zb2x1dGlvbnMvYXV0aCIsInRva2VuX2VuZHBvaW50IjoiaHR0cHM6Ly9nc2kuZGV2LmdlbWF0aWsuc29sdXRpb25zL3Rva2VuIiwicHVzaGVkX2F1dGhvcml6YXRpb25fcmVxdWVzdF9lbmRwb2ludCI6Imh0dHBzOi8vZ3NpLmRldi5nZW1hdGlrLnNvbHV0aW9ucy9QQVJfQXV0aCIsImNsaWVudF9yZWdpc3RyYXRpb25fdHlwZXNfc3VwcG9ydGVkIjpbImF1dG9tYXRpYyJdLCJzdWJqZWN0X3R5cGVzX3N1cHBvcnRlZCI6WyJwYWlyd2lzZSJdLCJyZXNwb25zZV90eXBlc19zdXBwb3J0ZWQiOlsiY29kZSJdLCJzY29wZXNfc3VwcG9ydGVkIjpbInVybjp0ZWxlbWF0aWs6Z2VzY2hsZWNodCIsIm9wZW5pZCIsInVybjp0ZWxlbWF0aWs6ZGlzcGxheV9uYW1lIiwidXJuOnRlbGVtYXRpazp2ZXJzaWNoZXJ0ZXIiLCJ1cm46dGVsZW1hdGlrOmVtYWlsIiwidXJuOnRlbGVtYXRpazphbHRlciIsInVybjp0ZWxlbWF0aWs6Z2VidXJ0c2RhdHVtIiwidXJuOnRlbGVtYXRpazpnaXZlbl9uYW1lIl0sInJlc3BvbnNlX21vZGVzX3N1cHBvcnRlZCI6WyJxdWVyeSJdLCJncmFudF90eXBlc19zdXBwb3J0ZWQiOlsiYXV0aG9yaXphdGlvbl9jb2RlIl0sInJlcXVpcmVfcHVzaGVkX2F1dGhvcml6YXRpb25fcmVxdWVzdHMiOnRydWUsInRva2VuX2VuZHBvaW50X2F1dGhfbWV0aG9kc19zdXBwb3J0ZWQiOlsic2VsZl9zaWduZWRfdGxzX2NsaWVudF9hdXRoIl0sInJlcXVlc3RfYXV0aGVudGljYXRpb25fbWV0aG9kc19zdXBwb3J0ZWQiOnsiYXIiOlsibm9uZSJdLCJwYXIiOlsic2VsZl9zaWduZWRfdGxzX2NsaWVudF9hdXRoIl19LCJpZF90b2tlbl9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIkVTMjU2Il0sImlkX3Rva2VuX2VuY3J5cHRpb25fYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiRUNESC1FUyJdLCJpZF90b2tlbl9lbmNyeXB0aW9uX2VuY192YWx1ZXNfc3VwcG9ydGVkIjpbIkEyNTZHQ00iXSwidXNlcl90eXBlX3N1cHBvcnRlZCI6WyJJUCJdfSwiZmVkZXJhdGlvbl9lbnRpdHkiOnsibmFtZSI6ImdlbWF0aWsgc2VrdG9yYWxlciBJRFAiLCJjb250YWN0cyI6WyJzdXBwb3J0QGlkcDQ3MTEuZGUiLCJpZG1AZ2VtYXRpay5kZSJdLCJob21lcGFnZV91cmkiOiJodHRwczovL2lkcDQ3MTEuZGUifX19.RLW70R4rsmf_4m98pJIDpEWaKImK3QKv2MBRGiL8ImREJv_8srz-niYe5ObxMAJ4mOw1cy3OYkWaDfyY-eeMnw`
 
 Copy this jwt to the clipboard and paste it www.jwt.io to see the content.
+
+### run federation locally
+
+Start a local federation consisting of a Fedmaster and an IDP server. Both are modules inside this maven project.
+You have to configure two things:
+
+1. The Authorization Server must be registerd in the federation. This is done by configuring the Authorization server in the fedmaster's configuration file:
+   gsi-fedmaster/src/main/resources/application.yml (section `relyingPartyConfigs`)
+2. Configure the servers to be started in `federation/startFederationLocal.sh` but
+   ootb the federation should start without any further configuration.
+
+The federation can be build and started then by executing this script:
+
+```shell
+./federation/startFederationLocalJars.sh
+```
+
+##### fedmaster
+
+```shell
+# get entity statement
+curl http://localhost:8083/.well-known/openid-federation
+```
+
+```shell
+# get federation list and idp list
+curl http://localhost:8083/federation_list
+curl http://localhost:8083/.well-known/idp_list
+```
+
+```shell
+# get entity statement about gsi-server 
+curl 'http://127.0.0.1:8083/federation_fetch_endpoint?sub=http://127.0.0.1:8085&iss=http://127.0.0.1:8083'
+# get entity statement about gra-server
+curl 'http://127.0.0.1:8083/federation_fetch_endpoint?sub=http://127.0.0.1:8084&iss=http://127.0.0.1:8083'
+```
+
+##### gra-server
+
+```shell
+# get entity statement
+curl http://localhost:8084/.well-known/openid-federation
+```
+
+##### gsi-server
+
+```shell
+# get entity statement
+curl http://localhost:8085/.well-known/openid-federation
+```
+
+send PAR request to gsi-server
+expected is a HTTP 201 mit Content-Type: application/json with the redirect_uri
+like: `{"request_uri":"urn:http://127.0.0.1:8084:48ac8294c7ef112d","expires_in":90}`
+
+```shell
+curl --location --request POST 'http://127.0.0.1:8085/PAR_Auth?scope=urn%3Atelematik%3Adisplay_name%20urn%3Atelematik%3Aversicherter%20openid&acr_values=gematik-ehealth-loa-high&response_type=code&state=yyystateyyy&redirect_uri=https%3A%2F%2Fredirect.testsuite.gsi&code_challenge_method=S256&nonce=vy7rM801AQw1or22GhrZ&client_id=http%3A%2F%2F127.0.0.1%3A8084&code_challenge=9tI-0CQIkUYaGQOVR1emznlDFjlX0kVY1yd3oiMtGUI' \
+--header 'AcceptAccept: */*' \
+--header 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'
+```
+
+send authorization request to auth endpoint of auth-server
+
+```shell
+curl --location 'http://127.0.0.1:8084/auth?client_id=e42RezeptApp&state=mystate&redirect_uri=anyUri&code_challenge=P62rd1KSUnScGIEs1WrpYj3g_poTqmx8mM4msxehNdk&code_challenge_method=S256&response_type=code&scope=e-rezept&idp_iss=http%3A%2F%2F127.0.0.1%3A8085'
+```
diff --git a/ReleaseNotes.md b/ReleaseNotes.md
@@ -1,3 +1,13 @@
+# Release 6.0.0
+
+- add new maven module gsi-fedmaster
+- remove parent pom from testsuite to avoid dependency conflicts
+- refactor names: distinguish between relying party and identity provider
+- add scripts to start a local federation
+- rename keys
+- add static qr code to GSIA (Android app) latest version download
+- update dependencies
+
 # Release 5.0.3
 
 - refactor key handling, use PrivateKey instead of p12 container when certificate is not required

diff --git a/federation/startFederationLocalJars.sh b/federation/startFederationLocalJars.sh
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+# Define an associative array
+declare -A jar_enum
+
+# Define your JARs (java applications to be started) here or comment out the ones you don't need
+jar_enum["gsi-fedmaster"]="./gsi-fedmaster/target/gsi-fedmaster-6.0.0.jar"
+jar_enum["gsi-server"]="./gsi-server/target/gsi-server-6.0.0.jar"
+#jar_enum["auth-server"]="../gras/gra-server/target/gra-server-4.0.2.jar"
+
+# should not be edited below this line
+
+# Flags to check if any required JAR file is missing
+missing_gsi=false
+missing_other=false
+
+# check if any JAR file is missing
+detect_missing_jars() {
+  for key in "${!jar_enum[@]}"; do
+      if [ ! -f ${jar_enum[$key]} ]; then
+          echo "Required file ${jar_enum[$key]} not found."
+          if [ "$key" == "gsi-fedmaster" ] || [ "$key" == "gsi-server" ]; then
+              missing_gsi=true
+          else
+              missing_other=true
+          fi
+      fi
+  done
+}
+
+process_missing_jars() {
+  if [ "$missing_gsi" = true ]; then
+      echo "Some required GSI JAR files are missing. Start build..."
+      mvn clean package -Dskip.unittests -DskipIntTests -Dskip.dockerbuild=true
+      echo "Execute script again to verify all required JAR files exist."
+  elif [ "$missing_other" = true ]; then
+      echo "Exiting with status 1."
+      exit 1
+  else
+      echo "All required JAR files exist."
+  fi
+}
+
+check_gitrepo_root_dir(){
+  # Check if the ".git" directory exists in the current directory
+  if [ ! -d ".git" ]; then
+      echo "Error: This script requires to run from the repository root directory."
+      exit 1
+  fi
+}
+
+start_servers(){
+if [[ -n "${jar_enum["gsi-fedmaster"]}" ]]; then
+  start sh -c "echo -ne '\033]0;Fedmaster\007'; java -jar \"${jar_enum["gsi-fedmaster"]}\" --server.port=8083 | tee gsi-fedmaster.log"
+  echo "Fedmaster started successfully."
+fi
+
+if [[ -n "${jar_enum["gsi-server"]}" ]]; then
+  start sh -c "echo -ne '\033]0;GSI\007'; java -jar \"${jar_enum["gsi-server"]}\" --server.port=8085 --spring.profiles.active=github | tee gsi-server.log"
+  echo "gsi-server started successfully."
+fi
+
+if [[ -n "${jar_enum["auth-server"]}" ]]; then
+  start sh -c "echo -ne '\033]0;Auth-Server\007'; java -jar \"${jar_enum["auth-server"]}\" --server.port=8084 --spring.profiles.active=github | tee auth-server.log"
+  echo "auth-server started successfully."
+fi
+}
+
+check_gitrepo_root_dir
+detect_missing_jars
+process_missing_jars
+export FEDMASTER_SERVER_URL="http://127.0.0.1:8083"
+start_servers
diff --git a/gsi-coverage-report/pom.xml b/gsi-coverage-report/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>gemSekIdp-global</artifactId>
-    <version>5.0.3</version>
+    <version>6.0.0</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
@@ -23,6 +23,10 @@
       <groupId>${project.groupId}</groupId>
       <artifactId>gsi-server</artifactId>
     </dependency>
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>gsi-fedmaster</artifactId>
+    </dependency>
     <dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>gsi-testsuite</artifactId>

diff --git a/gsi-fedmaster/pom.xml b/gsi-fedmaster/pom.xml
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>de.gematik.idp</groupId>
+    <artifactId>gemSekIdp-global</artifactId>
+    <version>6.0.0</version>
+    <relativePath>../pom.xml</relativePath>
+  </parent>
+
+  <artifactId>gsi-fedmaster</artifactId>
+  <version>6.0.0</version>
+  <packaging>jar</packaging>
+
+  <name>gsi-fedmaster</name>
+  <description>fedmaster of gematik sektoraler IDP server</description>
+
+  <properties>
+    <commit_hash>undefined</commit_hash>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.projectlombok</groupId>
+      <artifactId>lombok</artifactId>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-configuration-processor</artifactId>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-actuator</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-jersey</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-validation</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>de.gematik.idp</groupId>
+      <artifactId>idp-commons</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-webmvc</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.konghq</groupId>
+      <artifactId>unirest-java</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>jakarta.validation</groupId>
+      <artifactId>jakarta.validation-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>jakarta.annotation</groupId>
+      <artifactId>jakarta.annotation-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-slf4j2-impl</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-core</artifactId>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <!-- Phase clean -->
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-clean-plugin</artifactId>
+        <version>${version.maven-clean-plugin}</version>
+        <configuration>
+          <filesets>
+            <!-- delete logfiles -->
+            <fileset>
+              <directory>logs</directory>
+              <includes>
+                <include>**/*</include>
+              </includes>
+              <followSymlinks>false</followSymlinks>
+            </fileset>
+          </filesets>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+        <configuration>
+          <jvmArguments>${argLine}</jvmArguments>
+          <jvmArguments>-Dfile.encoding=UTF-8</jvmArguments>
+        </configuration>
+        <executions>
+          <execution>
+            <id>repackage</id>
+            <goals>
+              <goal>repackage</goal>
+            </goals>
+            <configuration>
+              <includeSystemScope>true</includeSystemScope>
+              <skip>false</skip>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <artifactId>maven-resources-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>copy-docker-resources</id>
+            <goals>
+              <goal>copy-resources</goal>
+            </goals>
+            <phase>package</phase>
+            <configuration>
+              <!--suppress UnresolvedMavenProperty, MavenModelInspection -->
+              <skip>${skip.dockerbuild}</skip>
+              <encoding>UTF-8</encoding>
+              <outputDirectory>${basedir}/target/tmpdocker</outputDirectory>
+              <resources>
+                <resource>
+                  <directory>${basedir}/src/main/docker</directory>
+                  <includes>
+                    <include>**/*</include>
+                  </includes>
+                </resource>
+                <resource>
+                  <directory>${basedir}/target</directory>
+                  <includes>
+                    <include>gsi-fedmaster*.jar</include>
+                  </includes>
+                </resource>
+              </resources>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>io.fabric8</groupId>
+        <artifactId>docker-maven-plugin</artifactId>
+        <version>${version.docker-maven-plugin}</version>
+        <configuration>
+          <!--suppress UnresolvedMavenProperty, MavenModelInspection -->
+          <skip>${skip.dockerbuild}</skip>
+          <images>
+            <image>
+              <build>
+                <dockerFile>${basedir}/target/tmpdocker/Dockerfile</dockerFile>
+                <args>
+                  <VERSION>${project.version}</VERSION>
+                  <COMMIT_HASH>${commit_hash}</COMMIT_HASH>
+                </args>
+              </build>
+              <name>${docker.image.name.gsifedmaster}:${project.version}</name>
+            </image>
+          </images>
+          <verbose>true</verbose>
+        </configuration>
+        <executions>
+          <execution>
+            <id>default</id>
+            <goals>
+              <goal>build</goal>
+            </goals>
+            <phase>package</phase>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>