Skip to content

Commit

Permalink
ARC-1704: Use Gematik header for RU (#79)
Browse files Browse the repository at this point in the history
  • Loading branch information
@thomasrichner-oviva
thomasrichner-oviva authored May 24, 2024
1 parent 70b9782 commit 0462e86
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 9 deletions.
8 changes: 4 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ sequenceDiagram
export ISSUER_URI=https://mydiga.example.com

# generate keys for the application, keep those safe and secure
./cli.sh keygen
./cli.sh keygen --issuer-uri=$ISSUER_URI

#---- 2. deploy the relying party
docker run --rm \
-v "$(pwd)"/enc_jwks.json:/secrets/enc_jwks.json:ro \
-v "$(pwd)"/sig_jwks.json:/secrets/sig_jwks.json:ro \
-v "$(pwd)"/enc_mydiga_example_com_jwks.json:/secrets/enc_jwks.json:ro \
-v "$(pwd)"/sig_mydiga_example_com_jwks.json:/secrets/sig_jwks.json:ro \
-e "EHEALTHID_RP_APP_NAME=Awesome DiGA" \
-e "EHEALTHID_RP_BASE_URI=$ISSUER_URI" \
-e 'EHEALTHID_RP_FEDERATION_ENC_JWKS_PATH=/secrets/enc_jwks.json' \
Expand Down Expand Up @@ -168,7 +168,7 @@ Gematik documentation.
sequenceDiagram
participant app as Mobile App
participant idp as Your IDP
participant rp as Relyin Party
participant rp as Relying Party
participant secIdp as Sectoral IDP
participant fedmaster as Federation Master
app ->> idp: login
Expand Down
19 changes: 14 additions & 5 deletions .../src/main/java/com/oviva/ehealthid/relyingparty/poc/GematikHeaderDecoratorHttpClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,19 @@

import com.oviva.ehealthid.fedclient.api.HttpClient;
import java.util.ArrayList;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class GematikHeaderDecoratorHttpClient implements HttpClient {

private static final String HOST_GEMATIK_IDP = "gsi.dev.gematik.solutions";
private static final Logger logger =
LoggerFactory.getLogger(GematikHeaderDecoratorHttpClient.class);

// RU: https://gsi-ref.dev.gematik.solutions/.well-known/openid-federation
// TU: https://gsi.dev.gematik.solutions/.well-known/openid-federation
private static final Pattern HOST_GEMATIK_IDP =
Pattern.compile("gsi(-[-a-z0-9]+)?.dev.gematik.solutions");
private final HttpClient delegate;

public GematikHeaderDecoratorHttpClient(HttpClient delegate) {
Expand All @@ -15,11 +24,11 @@ public GematikHeaderDecoratorHttpClient(HttpClient delegate) {
@Override
public Response call(Request req) {

if (req.uri().getHost().equals(HOST_GEMATIK_IDP)) {
if (HOST_GEMATIK_IDP.matcher(req.uri().getHost()).matches()) {
if (Environment.gematikAuthHeader() == null || Environment.gematikAuthHeader().isBlank()) {
throw new RuntimeException(
"missing 'GEMATIK_AUTH_HEADER' environment value against '%s'"
.formatted(HOST_GEMATIK_IDP));
logger.warn(
"missing 'GEMATIK_AUTH_HEADER' environment value against '{}'", req.uri().getHost());
return delegate.call(req);
}

var headers = new ArrayList<>(req.headers());
Expand Down

0 comments on commit 0462e86

Please sign in to comment.