From 0462e86648d9f784a94576d696c254cbf446e627 Mon Sep 17 00:00:00 2001
From: Thomas Richner <thomas.richner@oviva.com>
Date: Fri, 24 May 2024 16:41:06 +0200
Subject: [PATCH] ARC-1704: Use Gematik header for RU (#79)

---
 README.md                                     |  8 ++++----
 .../poc/GematikHeaderDecoratorHttpClient.java | 19 ++++++++++++++-----
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index cd08b95..c084cc6 100644
--- a/README.md
+++ b/README.md
@@ -46,12 +46,12 @@ sequenceDiagram
 export ISSUER_URI=https://mydiga.example.com
 
 # generate keys for the application, keep those safe and secure
-./cli.sh keygen
+./cli.sh keygen --issuer-uri=$ISSUER_URI
 
 #---- 2. deploy the relying party
 docker run --rm \
-    -v "$(pwd)"/enc_jwks.json:/secrets/enc_jwks.json:ro \
-    -v "$(pwd)"/sig_jwks.json:/secrets/sig_jwks.json:ro \
+    -v "$(pwd)"/enc_mydiga_example_com_jwks.json:/secrets/enc_jwks.json:ro \
+    -v "$(pwd)"/sig_mydiga_example_com_jwks.json:/secrets/sig_jwks.json:ro \
     -e "EHEALTHID_RP_APP_NAME=Awesome DiGA" \
     -e "EHEALTHID_RP_BASE_URI=$ISSUER_URI" \
     -e 'EHEALTHID_RP_FEDERATION_ENC_JWKS_PATH=/secrets/enc_jwks.json' \
@@ -168,7 +168,7 @@ Gematik documentation.
 sequenceDiagram
     participant app as Mobile App
     participant idp as Your IDP
-    participant rp as Relyin Party
+    participant rp as Relying Party
     participant secIdp as Sectoral IDP
     participant fedmaster as Federation Master
     app ->> idp: login
diff --git a/ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/poc/GematikHeaderDecoratorHttpClient.java b/ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/poc/GematikHeaderDecoratorHttpClient.java
index d7ceba6..3236174 100644
--- a/ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/poc/GematikHeaderDecoratorHttpClient.java
+++ b/ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/poc/GematikHeaderDecoratorHttpClient.java
@@ -2,10 +2,19 @@
 
 import com.oviva.ehealthid.fedclient.api.HttpClient;
 import java.util.ArrayList;
+import java.util.regex.Pattern;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class GematikHeaderDecoratorHttpClient implements HttpClient {
 
-  private static final String HOST_GEMATIK_IDP = "gsi.dev.gematik.solutions";
+  private static final Logger logger =
+      LoggerFactory.getLogger(GematikHeaderDecoratorHttpClient.class);
+
+  // RU: https://gsi-ref.dev.gematik.solutions/.well-known/openid-federation
+  // TU: https://gsi.dev.gematik.solutions/.well-known/openid-federation
+  private static final Pattern HOST_GEMATIK_IDP =
+      Pattern.compile("gsi(-[-a-z0-9]+)?.dev.gematik.solutions");
   private final HttpClient delegate;
 
   public GematikHeaderDecoratorHttpClient(HttpClient delegate) {
@@ -15,11 +24,11 @@ public GematikHeaderDecoratorHttpClient(HttpClient delegate) {
   @Override
   public Response call(Request req) {
 
-    if (req.uri().getHost().equals(HOST_GEMATIK_IDP)) {
+    if (HOST_GEMATIK_IDP.matcher(req.uri().getHost()).matches()) {
       if (Environment.gematikAuthHeader() == null || Environment.gematikAuthHeader().isBlank()) {
-        throw new RuntimeException(
-            "missing 'GEMATIK_AUTH_HEADER' environment value against '%s'"
-                .formatted(HOST_GEMATIK_IDP));
+        logger.warn(
+            "missing 'GEMATIK_AUTH_HEADER' environment value against '{}'", req.uri().getHost());
+        return delegate.call(req);
       }
 
       var headers = new ArrayList<>(req.headers());