/kim-attachment-service

Primary LanguageJavaOtherNOASSERTION

KIM-KAS

Docker

Build with Spring-Boot

Commands

To run the application locally (HTTP only) by its own, run:

$ mvn spring-boot:run

To build the Kas-Dockerimage, run:

$ mvn spring-boot:build-image

To build the image with a proxy, set your proxy in pom.xml under plugins → spring-boot-maven-plugin.

Need

  • Docker installed

  • Maven 3.5+ or higher

How to use parameters

Parameters can be set by using the -e <PARAMETER_NAME>=<VALUE>

Example:

$ docker run --name kas -p 81:8080 -d gematik.kim.kas.maxMailSize=30776 -e kim-kas

Parameters

List of parameters:.

All Parameters start with gematik.kim.kas.

PARAMATER_NAME

Description

Default

maxMailSize

Maximal allowed size of an e-mail. If size is greater than 4G the nginx parameter client_max_body_size must be increased as well.

524288000

storagePath

Path to volume where attachments got stored

./target/storage

logDir

Path to logfile

./target/logs

data_base_location

Path to database storage

./target/db/demo

http-port

Port used by the application

8080

swagger-ui-base-addr

Base URLs used by the swagger ui, separated by a comma

https://localhost:8443,http://localhost:8080

use-first-swagger-base-ui-addr-for-add-attachment

If set to true, the addAttachment method will use the first entry of swagger-ui-base-addr in its answer, otherwise the requesting address or X-Forward header us used

false

cleantime

Scheduled time for cronjob. The fields read from left to right are interpreted as follows:

  • Second

  • Minute

  • Hour

  • Day of Month

  • Month

  • Day of week

Full documentation here.

0 0 3 * * * (daily at 3 am)

keepIdTime

Time UUI is unique in milliseconds

31536000000 (1 year)

endpoints

All these parameters can be used separately. To use more than one, provide them comma separated. The resource can be entered by <host><port>/attachments/v2.2/actuator/<resource_name>

Please do not use this options in productive environment!

  • httptrace → Showing the http requests and corresponding answers (Just in memory and limited by the capacity)

  • logfile → Shows the regular logfile

  • env → Shows all environment variables

  • scheduledtasks → Shows all configured tasks, and their configuration

  • mappings → Shows all accessible endpoints

  • health → Shows status of the server

NONE

http_log_capacity

Amount of saved http requests and responses in memory and displayed by httptrace - endpoint

500

version

Version of the KAS. This have an effect of the url!

v2.2

kim-am-url

The location of the accountmanager for the basic auth authorization

http://localhost:8082

use-auth-initial

Switch if basicAuth should be used. This can be switched of via the /switchAuth api for developing reasons

true

cURL examples

To upload a file data.file use the POST method:

$ curl -k -X POST https://localhost:8443/attachments/v2.2/attachment -H "Content-Type: application/octet-stream" --data-binary @data.file
{"Shared-Link":"https://localhost:8443/attachments/v2.2/attachment/469bf002-701f-4362-a9bc-6585c1871250"}

The result of this call can be used to download into the file download.file:

$ curl -k -X GET https://localhost:8443/attachments/v2.2/attachmenthttps://localhost:8443/attachments/v2.2/attachment/469bf002-701f-4362-a9bc-6585c1871250 -o download.file

TLS - Hints

KAS delivers a HTTPS connection with TLS 1.2 and an RSA and brainpool ECC key that are compliment to Gematik specs.

To use modern OpenSSL with the TLS-ECC brainpool, you have explicit use brainpool curve, e.g.:

$ openssl s_client -connect localhost:8443 \
   -curves brainpoolP256r1 \
   -CAfile GEM.RCA3-TEST-ONLY.pem \
   -cert mailuser-ecc.pem \
   -key mailuser-ecc.prv.pem

Without a parameter RSA is used, e.g.,

$ openssl s_client -connect localhost:8443 \
   -CAfile GEM.RCA2-TEST-ONLY.pem \
   -cert mailuser-rsa1.pem \
   -key mailuser-rsa1.prv.pem