{"id":22929042,"url":"https://github.com/ansforge/psc-edc-proxy-esante","last_synced_at":"2025-04-01T16:20:19.147Z","repository":{"id":267802966,"uuid":"887817035","full_name":"ansforge/psc-edc-proxy-esante","owner":"ansforge","description":null,"archived":false,"fork":false,"pushed_at":"2025-01-09T18:35:43.000Z","size":565,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-02-07T10:33:27.624Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ansforge.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-13T10:38:05.000Z","updated_at":"2025-01-09T18:35:47.000Z","dependencies_parsed_at":"2024-12-12T15:18:55.760Z","dependency_job_id":"028b7c25-fa41-419b-ba1e-370e90d334dc","html_url":"https://github.com/ansforge/psc-edc-proxy-esante","commit_stats":null,"previous_names":["ansforge/psc-edc-proxy-esante"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansforge%2Fpsc-edc-proxy-esante","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansforge%2Fpsc-edc-proxy-esante/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansforge%2Fpsc-edc-proxy-esante/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansforge%2Fpsc-edc-proxy-esante/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ansforge","download_url":"https://codeload.github.com/ansforge/psc-edc-proxy-esante/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246668905,"owners_count":20814744,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-14T09:29:06.597Z","updated_at":"2025-04-01T16:20:19.130Z","avatar_url":"https://github.com/ansforge.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--\n\n    The MIT License\n    Copyright © 2024-2025 Agence du Numérique en Santé (ANS)\n\n    Permission is hereby granted, free of charge, to any person obtaining a copy\n    of this software and associated documentation files (the \"Software\"), to deal\n    in the Software without restriction, including without limitation the rights\n    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n    copies of the Software, and to permit persons to whom the Software is\n    furnished to do so, subject to the following conditions:\n\n    The above copyright notice and this permission notice shall be included in\n    all copies or substantial portions of the Software.\n\n    THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\n    THE SOFTWARE.\n\n--\u003e\n# Exemple de mis en œuvre d'un Proxy eSanté\n\n## Fonctionalités implémentées\n\n1. Authentification auprès de ProSantéConnect par le flux CIBA en mTLS ou \"Basic Auth\"\n2. Echange du jeton PSC par un jeton d'API à longue durée de vie en mTLS\n   - 4 heures dans le cas de l'API de vérification de la conformité :\n   - le hash du certificat utilisé pour l'échange du jeton est ajouté dans le claim cnf du jeton d'API.\n3. Gestion de la session du proxy par utilisateur/LPS et production d'un cookie de session\n4. Contrôle d'accès sur le endpoint '/send' du cookie de session.\n5. Deconnexion explicite de l'utilisateur avec appel au endpoint /logout de ProSantéConnect\n6. Collecte des traces des actions de connexion, déconnnexion et appels aux endpoint /send\n7. Restitution des traces sur le endpoint /traces au format JSON.\n\n## Ne comprend pas :\n\n1. Expiration de session (Remplacer le composant ReactiveMapSessionRepository (Gestion des sessions en mémoire pour l'exemple)\n   par le composant ReactiveRedisIndexedSessionRepository pour gérer nativement l'expiration de session et émettre les évenements SessionDestroyedEvent\n2. Revocation des jeton d'API à l'expiration de session et à la déconnexion\n3. Rafaichissement des jetons d'API si nécessaire.\n4. Persistance des traces.\n\n# Build\n\n## Que faire si le build échoue avec le message `Some files do not have the expected license header. Run license:format to update them.` ?\n\n1.  Rectifier les en-têtes à l'aide de cette commande :  \n\n\t```bash\n\tmvn validate license:format\n\t```\n\t\n1.  Vérifier puis committer les changements\n\n## Construction de l'image docker\n\nExécuter la commande suivante à la racine du projet:\n\n```bash\ndocker build . -t ans.gouv.fr/psc-edc-proxy-esante\n```\n\n# Exécution\n\n## En ligne de commande\n\nLancer la ligne de commande ci-dessous, où \u003cLEVEL\u003e peut être :\n\n* `OFF`\n* `ERROR`\n* `WARN`\n* `INFO`\n* `DEBUG`\n* `TRACE`\n\n```bash\njava -Dlogging.level.fr.gouv.ans=\u003cLEVEL\u003e -Dspring.config.location=/path/to/cfg/application.yml -jar psc-esante-proxy-example-0.0.1-SNAPSHOT.jar\n```\n\n## En déployant l'image docker\n\nPour déployer le proxy sous forme de container Docker, il faut lui fournir un fichier de configuration monté\nsur le chemin `/usr/app/config/application.yml`.\n\n```bash\ndocker run -v /host/path/to/configuration/application.yml:/usr/app/config/application.yml ans.gouv.fr/psc-edc-proxy-esante\n```\n\n### Débuggage\n\nLes logs de debug du code applicatif peuvent être activés en définissant la variable LOG_LEVEL avec la valeur `DEBUG`\n\n```bash\ndocker run -e LOG_LEVEL=DEBUG -v /host/path/to/configuration/application.yml:/usr/app/config/application.yml ans.gouv.fr/psc-edc-proxy-esante\n```\n\n### Configuration\n\nVoir fichier exemple : src/test/resources/application.yml\n\n\n### Autorités de certification\n\nSi vous souhaitez ajouter des autorités de certification spécifiques à votre environnement à celles qui\nsont automatiquement reconnues, vous pouvez ajouter les paramètres `-v /path/to/AC/directory:/certificates -e USE_SYSTEM_CA_CERTS=1`\n\n```bash\ndocker run -v /path/to/AC/directory:/certificates -e USE_SYSTEM_CA_CERTS=1 -v /host/path/to/configuration/application.yml:/usr/app/config/application.yml ans.gouv.fr/psc-edc-proxy-esante\n```\n\nLe répertoire /path/to/AC/directory doit contenir le ou les certificat(s) \nau format PEM avec l'extension `.crt`.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansforge%2Fpsc-edc-proxy-esante","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fansforge%2Fpsc-edc-proxy-esante","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansforge%2Fpsc-edc-proxy-esante/lists"}