{"id":18985605,"url":"https://github.com/gematik/ref-gemlibpki","last_synced_at":"2025-04-19T20:34:28.308Z","repository":{"id":44902506,"uuid":"334976413","full_name":"gematik/ref-GemLibPki","owner":"gematik","description":"Products specified by gematik which have to deal with PKI will have to handle certificates, ocsp requests/responses and TSLs (TrustedServiceProvider Status List). This library may help to understand the intention of gematik specification and could be useful for software implementations.","archived":false,"fork":false,"pushed_at":"2025-04-14T11:15:30.000Z","size":1381,"stargazers_count":16,"open_issues_count":2,"forks_count":5,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-14T12:26:12.071Z","etag":null,"topics":["cryptography","gematik","gemspec","idm","java","other","pki","pki-library","reference-implementation"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gematik.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-02-01T14:30:08.000Z","updated_at":"2025-04-14T11:14:40.000Z","dependencies_parsed_at":"2024-11-08T16:34:29.415Z","dependency_job_id":"c1b11c03-9761-41a0-9f5a-ef5a4e86e8a3","html_url":"https://github.com/gematik/ref-GemLibPki","commit_stats":null,"previous_names":[],"tags_count":39,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gematik%2Fref-GemLibPki","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gematik%2Fref-GemLibPki/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gematik%2Fref-GemLibPki/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gematik%2Fref-GemLibPki/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gematik","download_url":"https://codeload.github.com/gematik/ref-GemLibPki/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249250819,"owners_count":21237961,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","gematik","gemspec","idm","java","other","pki","pki-library","reference-implementation"],"created_at":"2024-11-08T16:27:24.130Z","updated_at":"2025-04-16T14:32:26.504Z","avatar_url":"https://github.com/gematik.png","language":"Java","readme":"\u003cimg align=\"right\" width=\"250\" height=\"47\" src=\"doc/images/Gematik_Logo_Flag_With_Background.png\"/\u003e \u003cbr/\u003e\n\n# GemLibPki\n\n--- \n\u003cimg align=\"left\" height=\"150\" src=\"doc/images/logo.svg\" /\u003e\n\nA java library for functionalities in PKI (Public Key Infrastructure) of products specified by\ngematik.\n\nProducts specified by gematik which have to deal with PKI will have to handle certificates and\nTSLs (TrustedServiceProvider Status List). This library may help to understand the intention of the\nspecification as a reference implementation.\nPlease\nsee [liability limitation](https://fachportal.gematik.de/default-titlegrundsaetzliche-nutzungsbedingungen)\nfor further information.\n\n* QES handling is not a part of this library.\n* Specifications are published at [gematik Fachportal](https://fachportal.gematik.de/).\n* [Link to Maven Repository](https://mvnrepository.com/artifact/de.gematik.pki/gemLibPki)\n\n---\n\n### Remark\n\nCryptographic private keys used in this project are solely used in test resources for the purpose of\nunit tests.\nWe are fully aware of the content and meaning of the test data. We never publish productive data\nwillingly.\n\n### Content\n\n##### Certificate checks\n\nFor certificate checks the library offers interfaces:\n\n- [CertificateValidator.java](src%2Fmain%2Fjava%2Fde%2Fgematik%2Fpki%2Fgemlibpki%2Fvalidators%2FCertificateValidator.java)\n- [CertificateProfileValidator.java](src%2Fmain%2Fjava%2Fde%2Fgematik%2Fpki%2Fgemlibpki%2Fvalidators%2FCertificateProfileValidator.java)\n\nas well as a couple of implementations for different checks alongside\n(see [validators](src%2Fmain%2Fjava%2Fde%2Fgematik%2Fpki%2Fgemlibpki%2Fvalidators)). You can build a\nchain of different checks or extend the library for your own requirements.\n\n###### TUC_PKI_018 - Zertifikatsprüfung in der TI\n\nA complete implementation of the TUC_PKI_018 „Zertifikatsprüfung in der TI“ of the gematik\ndocument \"Übergreifende Spezifikation PKI\" (gemSpec_PKI)can be found\nin [TucPki018Verifier](src/main/java/de/gematik/pki/gemlibpki/certificate/TucPki018Verifier.java)\nHere we check against nonQES certificate profiles specified by gematik, not against usages and\ncontexts (a special certificate profile for allowing any profile, i.e., disable profile checks is\navailable as well)\n\nOCSP requests are optional and activated by default. OCSP responses are verified according to\nTUC_PKI_006 \"OCSP-Abfrage\"\n(see [OCSP checks](./README.md#ocsp-checks) section).\n\nFor examples of how to use the TUC_PKI_018 implementation\nsee [TucPki018VerifierTest.java](src%2Ftest%2Fjava%2Fde%2Fgematik%2Fpki%2Fgemlibpki%2Fcertificate%2FTucPki018VerifierTest.java)\n\n##### OCSP checks\n\nOCSP responses can be generated with different properties. By default, a valid OCSP response,\naccording to rf2560, is generated. OCSP responses are validated according to TUC_PKI_006 of\ngemSpec_PKI.\n\nOCSP validation can be disabled via builder parameter `withOcspCheck` of\n[TucPki018Verifier](src/main/java/de/gematik/pki/gemlibpki/certificate/TucPki018Verifier.java).\n\n##### TSL handling\n\nThe library contains checks defined in TUC_PKI_001 „Periodische Aktualisierung TI-Vertrauensraum“\nspecified in gematik document \"Übergreifende Spezifikation PKI\" (gemSpec_PKI)\n\nWe provide several methods to get information, for parsing, modifying, signing and validation of a\nTSL. (see: [TSL package](src/main/java/de/gematik/pki/gemlibpki/tsl))\n\nAttention: the trust anchor change mechanism is not completely implemented in this library,\nbecause it has to be part of the TSL downloading component. An example of an implementation\ncan be found in the system under test simulator of the gematik PKI test\nsuite: [TslProcurer](https://github.com/gematik/app-PkiTestsuite/blob/1.1.3/pkits-sut-server-sim/src/main/java/de/gematik/pki/pkits/sut/server/sim/tsl/TslProcurer.java)\n\n###### Steps to perform TSL checks\n\n- instantiate a [TslReader](src/main/java/de/gematik/pki/gemlibpki/tsl/TslReader.java) to read a TSL\n- use the result of the TslReader to instantiate\n  a [TslInformationProvider](src/main/java/de/gematik/pki/gemlibpki/tsl/TslInformationProvider.java)\n  and call its public methods\n- get TspServices from TslInformationProvider\n- instantiate\n  a [TucPki001Verifier](src/main/java/de/gematik/pki/gemlibpki/tsl/TucPki001Verifier.java) (via\n  builder) and call its public method `performTucPki001Checks()`\n- the offline mode for TUC_PKI_001 (used solely for a Konnektor) is not implemented\n\n##### Error codes\n\n- error codes specified by gematik in gemSpec_PKI\n\n### Build\n\nThe lib is developed and tested\nwith [Eclipse Adoptium Temurin JDK 17](https://github.com/adoptium/temurin17-binaries) and [Apache\nMaven 3.9.3](https://maven.apache.org/index.html)\n\nBuild with:\n\n```bash\nmvn clean install\n```\n\nBuilds are reproducible, to check call\n\n```bash\nmvn clean verify artifact:compare\n```\n\nin any compatible unix environment.\n\n## License\n\nCopyright 2025 gematik GmbH\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use this file except in\ncompliance with the License.\n\nSee the [LICENSE](./LICENSE) for the specific language governing permissions and limitations under\nthe License.\n\n## Additional Notes and Disclaimer from gematik GmbH\n\n1. Copyright notice: Each published work result is accompanied by an explicit statement of the\n   license conditions for use. These are regularly typical conditions in connection with open source\n   or free software. Programs described/provided/linked here are free software, unless otherwise\n   stated.\n2. Permission notice: Permission is hereby granted, free of charge, to any person obtaining a copy\n   of this software and associated documentation files (the \"Software\"), to deal in the Software\n   without restriction, including without limitation the rights to use, copy, modify, merge,\n   publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to\n   whom the Software is furnished to do so, subject to the following conditions::\n1. The copyright notice (Item 1) and the permission notice (Item 2) shall be included in all copies\n   or substantial portions of the Software.\n2. The software is provided \"as is\" without warranty of any kind, either express or implied,\n   including, but not limited to, the warranties of fitness for a particular purpose,\n   merchantability, and/or non-infringement. The authors or copyright holders shall not be liable in\n   any manner whatsoever for any damages or other claims arising from, out of or in connection with\n   the software or the use or other dealings with the software, whether in an action of contract,\n   tort, or otherwise.\n3. The software is the result of research and development activities, therefore not necessarily\n   quality assured and without the character of a liable product. For this reason, gematik does not\n   provide any support or other user assistance (unless otherwise stated in individual cases and\n   without justification of a legal obligation). Furthermore, there is no claim to further\n   development and adaptation of the results to a more current state of the art.\n3. Gematik may remove published results temporarily or permanently from the place of publication at\n   any time without prior notice or justification.\n4. Please note: Parts of this code may have been generated using AI-supported technology.’ Please\n   take this into account, especially when troubleshooting, for security analyses and possible\n   adjustments.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgematik%2Fref-gemlibpki","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgematik%2Fref-gemlibpki","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgematik%2Fref-gemlibpki/lists"}