https://github.com/gematik/app-asforepa

PoC Authorization Server for ePA
https://github.com/gematik/app-asforepa

epa poc

Last synced: 4 months ago
JSON representation

PoC Authorization Server for ePA

Host: GitHub
URL: https://github.com/gematik/app-asforepa
Owner: gematik
License: apache-2.0
Created: 2024-04-18T04:16:53.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2024-11-26T14:46:54.000Z (over 1 year ago)
Last Synced: 2025-04-19T21:27:17.169Z (about 1 year ago)
Topics: epa, poc
Language: Java
Homepage:
Size: 84 KB
Stars: 3
Watchers: 7
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

README

# ASFOREPA

Table of Contents

About The Project
- Release Notes

Getting Started
- Prerequisites
- Installation

Usage

## About The Project

Authorization Server for ePA

### Release Notes

See [ReleaseNotes.md](./ReleaseNotes.md) for all information regarding the (newest) releases.

## Getting Started

### Prerequisites

- Java JDK 17+
- Maven

### Installation

To quickly check your build environment without running any tests (just build asforepa server and
testsuite) do in
project root:

`mvn clean package -Dskip.unittests`

### build project and run unit tests (skip integration tests == skip testsuite execution)

`mvn clean test -Dskip.inttests`

### build project and run integration tests

`mvn clean verify`

The keys `asforepa/src/test/resources/833621999741600-2_c.hci.aut-apo-ecc.p12`, `asforepa/src/test/resources/833621999741600-2_c.hci.aut-apo-rsa.p12` can be published and
were therefore added for unit tests.

## Usage

| Method | Endpoint | Request | Response | Validation |
|--------|-------------------------------|----------------------------------------------------------------------------------------------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| GET | getNonce | header: x-useragent | body: nonce | - |
| GET | send_authorization_request_sc | header: x-useragent | header: location | - |
| POST | send_authcode_sc | header: x-useragent body:
AuthCodeRequest
(conatins authCode, clientAttest) | body: vau-np | *authCode:*
+ not null
+ all header claims correct
- no validation of the claim value

*clientAttest:*
+ not null
+ iat and exp + checks algorithm value |

**getNonce**
> - PS requests a valid nonce
> - PS has to sign the nonce, which will be sent as clientattest in send_authcode_sc

**send_authorization_request_sc**
> - AS builds redirect-URI with different parameters and sets it as Location Header to direct to
central IDP
> > - redirect_uri - client-Uri
> > - client_id
> > - state
> > - nonce
> > - code_challenge
> > - code_challenge_method
> > - scope
> > - response_type

**send_authcode_sc**
> - PS sends authCode (received by IDP) and clientAttest
> - AS validates both values for not being null
> - AS validates if authCode has correct claims, but doesn't check the claim value
> - AS checks if algorithm in client attest header is "ES256" or "PS256"

## OpenAPI Specification

You can receive the OpenAPI Specification under the following paths

| Format | Path |
|---------|----------------------------------------|
| JSON | http://127.0.0.1:8086/v3/api-docs |
| YAML | http://127.0.0.1:8086/v3/api-docs.yaml |
| SWAGGER | http://127.0.0.1:8086/swagger-ui.html |

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/gematik/app-asforepa

Awesome Lists containing this project

README