Merge branch 'main' of github.com:medizininformatik-initiative/mii-ds…

…f-processes

* 'main' of github.com:medizininformatik-initiative/mii-dsf-processes: (25 commits)
  0.1.0-RC1 preparations
  further improvements
  Add warning for windows curl command
  improve logging, fix typos
  adds zip assembly of process data-transfer
  remove not needed logger
  load apache tika via process folder and not plugin folder
  allow manual dispatch
  remove todo, improve logging
  improve documentation generator
  fix typo
  renaming of task
  validate mime-type of binary data
  use value[x].identifier instead of value[x].reference.identifier for project-identifier
  add url validation of binary resource
  add missing CreateBundle bean
  use meaningful aad
  Recommendation to add the project identifier in the start receive Task
  recommendation to use valueIdentifier instead of valueReference
  recommendation to use meaningful AAD
  ...

.github/workflows/maven-publish.yml

@@ -4,6 +4,7 @@
 name: Java CI Publish with Maven
 
 on:
+  workflow_dispatch:
   pull_request:
     types: [closed]
     branches: [develop]

mii-dsf-process-projectathon-data-transfer/pom.xml

@@ -1,14 +1,14 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 
 	<artifactId>mii-process-projectathon-data-transfer</artifactId>
 
 	<parent>
 		<groupId>de.medizininformatik-initiative</groupId>
 		<artifactId>mii-dsf-processes</artifactId>
-		<version>0.1.0-SNAPSHOT</version>
+		<version>0.1.0-RC1</version>
 	</parent>
 
 	<properties>
@@ -26,6 +26,11 @@
 			<artifactId>hapi-fhir-client</artifactId>
 			<scope>provided</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.tika</groupId>
+			<artifactId>tika-core</artifactId>
+			<scope>provided</scope>
+		</dependency>
 
 		<dependency>
 			<groupId>de.medizininformatik-initiative</groupId>
@@ -67,10 +72,15 @@
 					<arguments>
 						<argument>-classpath</argument>
 						<classpath/>
-						<argument>de.medizininformatik_initiative.processes.documentation.generator.DocumentationGenerator</argument>
-						<argument>de.medizininformatik_initiative.processes.projectathon.data_transfer.spring.config</argument>
+						<argument>
+							de.medizininformatik_initiative.processes.documentation.generator.DocumentationGenerator
+						</argument>
+						<argument>
+							de.medizininformatik_initiative.processes.projectathon.data_transfer
+						</argument>
 					</arguments>
 					<includeProjectDependencies>true</includeProjectDependencies>
+					<addResourcesToClasspath>true</addResourcesToClasspath>
 					<classpathScope>compile</classpathScope>
 					<workingDirectory>${project.basedir}</workingDirectory>
 				</configuration>
@@ -92,12 +102,19 @@
 									<artifactId>${project.artifactId}</artifactId>
 									<version>${project.version}</version>
 								</artifactItem>
+								<artifactItem>
+									<groupId>org.apache.tika</groupId>
+									<artifactId>tika-core</artifactId>
+									<version>${apache.tika.version}</version>
+								</artifactItem>
 							</artifactItems>
-							<outputDirectory>../mii-dsf-processes-docker-test-setup/dic/bpe/process</outputDirectory>
+							<outputDirectory>
+								../mii-dsf-processes-docker-test-setup/dic/bpe/process/${project.artifactId}-${project.version}
+							</outputDirectory>
 						</configuration>
 					</execution>
 					<execution>
-						<id>copy-hapi-fhir-client/dic</id>
+						<id>copy-dependencies/dic</id>
 						<phase>package</phase>
 						<goals>
 							<goal>copy</goal>
@@ -126,12 +143,19 @@
 									<artifactId>${project.artifactId}</artifactId>
 									<version>${project.version}</version>
 								</artifactItem>
+								<artifactItem>
+									<groupId>org.apache.tika</groupId>
+									<artifactId>tika-core</artifactId>
+									<version>${apache.tika.version}</version>
+								</artifactItem>
 							</artifactItems>
-							<outputDirectory>../mii-dsf-processes-docker-test-setup/cos/bpe/process</outputDirectory>
+							<outputDirectory>
+								../mii-dsf-processes-docker-test-setup/cos/bpe/process/${project.artifactId}-${project.version}
+							</outputDirectory>
 						</configuration>
 					</execution>
 					<execution>
-						<id>copy-hapi-fhir-client/cos</id>
+						<id>copy-dependencies/cos</id>
 						<phase>package</phase>
 						<goals>
 							<goal>copy</goal>
@@ -147,6 +171,23 @@
 							<outputDirectory>../mii-dsf-processes-docker-test-setup/cos/bpe/plugin</outputDirectory>
 						</configuration>
 					</execution>
+					<execution>
+						<id>copy-dependencies/assembly</id>
+						<phase>package</phase>
+						<goals>
+							<goal>copy</goal>
+						</goals>
+						<configuration>
+							<artifactItems>
+								<artifactItem>
+									<groupId>org.apache.tika</groupId>
+									<artifactId>tika-core</artifactId>
+									<version>${apache.tika.version}</version>
+								</artifactItem>
+							</artifactItems>
+							<outputDirectory>${project.build.directory}/lib</outputDirectory>
+						</configuration>
+					</execution>
 				</executions>
 			</plugin>
 			<plugin>
@@ -155,28 +196,36 @@
 				<configuration>
 					<filesets>
 						<fileset>
-							<directory>../mii-dsf-processes-docker-test-setup/dic/bpe/process</directory>
+							<directory>
+								../mii-dsf-processes-docker-test-setup/dic/bpe/process/${project.artifactId}-${project.version}
+							</directory>
 							<includes>
-								<include>${project.artifactId}-${project.version}.jar</include>
+								<include>**</include>
 							</includes>
 							<followSymlinks>false</followSymlinks>
 						</fileset>
 						<fileset>
-							<directory>../mii-dsf-processes-docker-test-setup/dic/bpe/plugin</directory>
+							<directory>
+								../mii-dsf-processes-docker-test-setup/dic/bpe/plugin
+							</directory>
 							<includes>
 								<include>hapi-fhir-client-${hapi.version}.jar</include>
 							</includes>
 							<followSymlinks>false</followSymlinks>
 						</fileset>
 						<fileset>
-							<directory>../mii-dsf-processes-docker-test-setup/cos/bpe/process</directory>
+							<directory>
+								../mii-dsf-processes-docker-test-setup/cos/bpe/process/${project.artifactId}-${project.version}
+							</directory>
 							<includes>
-								<include>${project.artifactId}-${project.version}.jar</include>
+								<include>**</include>
 							</includes>
 							<followSymlinks>false</followSymlinks>
 						</fileset>
 						<fileset>
-							<directory>../mii-dsf-processes-docker-test-setup/cos/bpe/plugin</directory>
+							<directory>
+								../mii-dsf-processes-docker-test-setup/cos/bpe/plugin
+							</directory>
 							<includes>
 								<include>hapi-fhir-client-${hapi.version}.jar</include>
 							</includes>
@@ -185,6 +234,25 @@
 					</filesets>
 				</configuration>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-assembly-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>zip-assembly</id>
+						<phase>install</phase>
+						<goals>
+							<goal>single</goal>
+						</goals>
+					</execution>
+				</executions>
+				<configuration>
+					<appendAssemblyId>false</appendAssemblyId>
+					<descriptors>
+						<descriptor>src/assembly/zip.xml</descriptor>
+					</descriptors>
+				</configuration>
+			</plugin>
 		</plugins>
 	</build>
 </project>

mii-dsf-process-projectathon-data-transfer/src/main/java/de/medizininformatik_initiative/processes/projectathon/data_transfer/client/KdsClientFactory.java

@@ -90,8 +90,8 @@ public void onContextRefreshedEvent(ContextRefreshedEvent event)
 		try
 		{
 			logger.info(
-					"Testing connection to projectathon FHIR server with {trustStorePath: {}, certificatePath: {}, privateKeyPath: {}, privateKeyPassword: {},"
-							+ " basicAuthUsername {}, basicAuthPassword {}, bearerToken {}, serverBase: {}, proxyUrl {}, proxyUsername, proxyPassword {}}",
+					"Testing connection to KDS FHIR server with {trustStorePath: {}, certificatePath: {}, privateKeyPath: {}, privateKeyPassword: {},"
+							+ " basicAuthUsername {}, basicAuthPassword {}, bearerToken {}, serverBase: {}, proxyUrl {}, proxyUsername {}, proxyPassword {}}",
 					trustStorePath, certificatePath, privateKeyPath, privateKeyPassword != null ? "***" : "null",
 					kdsServerBasicAuthUsername, kdsServerBasicAuthPassword != null ? "***" : "null",
 					kdsServerBearerToken != null ? "***" : "null", kdsServerBase, proxyUrl, proxyUsername,

mii-dsf-process-projectathon-data-transfer/src/main/java/de/medizininformatik_initiative/processes/projectathon/data_transfer/client/fhir/KdsFhirClientImpl.java

@@ -6,15 +6,11 @@
 import org.hl7.fhir.r4.model.Bundle;
 import org.hl7.fhir.r4.model.DocumentReference;
 import org.hl7.fhir.r4.model.IdType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import de.medizininformatik_initiative.processes.projectathon.data_transfer.client.KdsClient;
 
 public class KdsFhirClientImpl implements KdsFhirClient
 {
-	private static final Logger logger = LoggerFactory.getLogger(KdsFhirClientImpl.class);
-
 	private KdsClient kdsClient;
 
 	public KdsFhirClientImpl(KdsClient kdsClient)

mii-dsf-process-projectathon-data-transfer/src/main/java/de/medizininformatik_initiative/processes/projectathon/data_transfer/client/fhir/KdsFhirClientStub.java

@@ -14,15 +14,11 @@
 import org.hl7.fhir.r4.model.DocumentReference;
 import org.hl7.fhir.r4.model.IdType;
 import org.hl7.fhir.r4.model.ResourceType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import de.medizininformatik_initiative.processes.projectathon.data_transfer.client.KdsClient;
 
 public final class KdsFhirClientStub implements KdsFhirClient
 {
-	private static final Logger logger = LoggerFactory.getLogger(KdsFhirClientStub.class);
-
 	private final KdsClient kdsClient;
 
 	public KdsFhirClientStub(KdsClient kdsClient)

mii-dsf-process-projectathon-data-transfer/src/main/java/de/medizininformatik_initiative/processes/projectathon/data_transfer/crypto/KeyProviderImpl.java

@@ -37,7 +37,7 @@
 import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.context.event.EventListener;
 
-import ca.uhn.fhir.context.FhirContext;
+import de.medizininformatik_initiative.processes.projectathon.data_transfer.util.LoggingHelper;
 import de.rwh.utils.crypto.io.PemIo;
 
 public class KeyProviderImpl implements KeyProvider, InitializingBean
@@ -152,17 +152,16 @@ public void onContextRefreshedEvent(ContextRefreshedEvent event)
 				else if (output.getTotal() == 0)
 				{
 					logger.info("Creating new PublicKey Bundle on DSF FHIR server...");
-					Bundle bundleToCreate = getPublicKeyBundle();
+					Bundle bundleToCreate = createPublicKeyBundle();
 					bundleOnServer = clientProvider.getLocalWebserviceClient().createConditionaly(bundleToCreate,
 							"identifier=" + CODESYSTEM_MII_CRYPTOGRAPHY + "|"
 									+ CODESYSTEM_MII_CRYPTOGRAPHY_VALUE_PUBLIC_KEY);
 				}
 				else
 				{
-					logger.warn("Exist > 1 Bundle with identifier={}|{}", CODESYSTEM_MII_CRYPTOGRAPHY,
-							CODESYSTEM_MII_CRYPTOGRAPHY_VALUE_PUBLIC_KEY);
-					throw new RuntimeException("Exist > 1 Bundle with identifier=" + CODESYSTEM_MII_CRYPTOGRAPHY + "|"
-							+ CODESYSTEM_MII_CRYPTOGRAPHY_VALUE_PUBLIC_KEY);
+					throw new RuntimeException(
+							"Exist " + output.getTotal() + " Bundle with identifier=" + CODESYSTEM_MII_CRYPTOGRAPHY
+									+ "|" + CODESYSTEM_MII_CRYPTOGRAPHY_VALUE_PUBLIC_KEY + ", expected only one");
 				}
 
 				logger.info("PublicKey Bundle has id='{}'", bundleOnServer.getId());
@@ -175,7 +174,7 @@ else if (output.getTotal() == 0)
 		}
 	}
 
-	private Bundle getPublicKeyBundle()
+	private Bundle createPublicKeyBundle()
 	{
 		Date date = new Date();
 
@@ -202,8 +201,7 @@ private Bundle getPublicKeyBundle()
 
 		readAccessHelper.addAll(bundle);
 
-		logger.debug("Created Bundle: {}",
-				FhirContext.forR4().newXmlParser().setPrettyPrint(true).encodeResourceToString(bundle));
+		LoggingHelper.logDebugBundle("Created Bundle", bundle);
 
 		return bundle;
 	}

mii-dsf-process-projectathon-data-transfer/src/main/java/de/medizininformatik_initiative/processes/projectathon/data_transfer/crypto/RsaAesGcmUtil.java

@@ -24,19 +24,17 @@ public class RsaAesGcmUtil
 	private static final String RSA_CIPHER = "RSA/ECB/PKCS1Padding";
 	private static final int RSA_KEY_LENGTH = 4096;
 	private static final int ENCRYPTED_AES_KEY_LENGTH = 512;
-	/**
-	 * AAD: some random bytes
-	 */
-	private static final byte[] AAD = "JLCbSbIk5VAvBtKs4ypnDw3AJRfSBWXFHUxl78WBJw".getBytes(StandardCharsets.UTF_8);
 
-	public static byte[] encrypt(PublicKey publicKey, byte[] data)
+	public static byte[] encrypt(PublicKey publicKey, byte[] data, String sendingOrganizationIdentifier,
+			String receivingOrganizationIdentifier)
 			throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException,
 			InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, ShortBufferException
 	{
 		SecretKey aesKey = AesGcmUtil.generateAES256Key();
 
+		byte[] aad = getAad(sendingOrganizationIdentifier, receivingOrganizationIdentifier);
 		byte[] encryptedAesKey = encryptRsa(aesKey, publicKey);
-		byte[] encryptedData = AesGcmUtil.encrypt(data, AAD, aesKey);
+		byte[] encryptedData = AesGcmUtil.encrypt(data, aad, aesKey);
 
 		if (encryptedAesKey.length != ENCRYPTED_AES_KEY_LENGTH)
 			throw new IllegalStateException("Encrypted AES key length = " + ENCRYPTED_AES_KEY_LENGTH + " expected");
@@ -48,7 +46,8 @@ public static byte[] encrypt(PublicKey publicKey, byte[] data)
 		return output;
 	}
 
-	public static byte[] decrypt(PrivateKey privateKey, byte[] encrypted)
+	public static byte[] decrypt(PrivateKey privateKey, byte[] encrypted, String sendingOrganizationIdentifier,
+			String receivingOrganizationIdentifier)
 			throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException, NoSuchPaddingException,
 			NoSuchAlgorithmException, InvalidAlgorithmParameterException
 	{
@@ -57,9 +56,10 @@ public static byte[] decrypt(PrivateKey privateKey, byte[] encrypted)
 		System.arraycopy(encrypted, 0, encryptedAesKey, 0, ENCRYPTED_AES_KEY_LENGTH);
 		System.arraycopy(encrypted, ENCRYPTED_AES_KEY_LENGTH, encryptedData, 0,
 				encrypted.length - ENCRYPTED_AES_KEY_LENGTH);
+		byte[] aad = getAad(sendingOrganizationIdentifier, receivingOrganizationIdentifier);
 
 		SecretKey key = decryptRsa(encryptedAesKey, privateKey);
-		return AesGcmUtil.decrypt(encryptedData, AAD, key);
+		return AesGcmUtil.decrypt(encryptedData, aad, key);
 	}
 
 	public static KeyPair generateRsa4096KeyPair() throws NoSuchAlgorithmException
@@ -89,4 +89,9 @@ private static SecretKey decryptRsa(byte[] encryptedKey, PrivateKey privateKey)
 
 		return new SecretKeySpec(decrypted, "AES");
 	}
+
+	private static byte[] getAad(String sendingOrganizationIdentifier, String receivingOrganizationIdentifier)
+	{
+		return (sendingOrganizationIdentifier + "|" + receivingOrganizationIdentifier).getBytes(StandardCharsets.UTF_8);
+	}
 }

mii-dsf-process-projectathon-data-transfer/src/main/java/de/medizininformatik_initiative/processes/projectathon/data_transfer/message/StartReceiveProcess.java

@@ -38,4 +38,4 @@ protected Stream<ParameterComponent> getAdditionalInputParameters(DelegateExecut
 
 		return Stream.of(parameterComponent);
 	}
-}
+}