taktik / freehealth-connector Goto Github PK
View Code? Open in Web Editor NEWAn Open Source implementation of the connectors needed to connect to belgian eHealth services
License: GNU Affero General Public License v3.0
An Open Source implementation of the connectors needed to connect to belgian eHealth services
License: GNU Affero General Public License v3.0
/src/main/kotlin/org/taktik/freehealth/middleware/service/impl/Chapter4ServiceImpl.kt
Dans la requête requestAgreement
, le paramètre incomplete
ne semble pas utilisé. Cela pose problème si l'on veut faire des demandes incomplètes avec le chapitre IV.
I have some troubles with EhboxService and the function loadMessages.
I don’t understand why this method returns a List of Messages
and not a List of DocumentMessage
?
During some tests on eHealthBox my eHealthMessage have DocumentMessage properties.
override fun loadMessages(
keystoreId: UUID,
tokenId: UUID,
passPhrase: String,
boxId: String,
limit: Int?,
alternateKeystores: List<AltKeystore>?
): List<Message>
listOpenPrescriptions does not work
Serait-il possible de gérer le parsing de l'erreur suivante ?
<ns5:acknowledge>
<ns5:iscomplete>false</ns5:iscomplete>
<ns5:error>
<cd S="CD-ERROR" SV="1.0">138</cd>
<description L="nl">Dit is geen nieuwe aanvraag</description>
</ns5:error>
</ns5:acknowledge>
Hello,
When i use gradlew bootRun i get some errors, could you please advise ?
Currently, some of the endpoints accept a passPhrase
as a query param in a GET request, such as:
https://fhcacc.icure.cloud/sts/token/token-id?ts=123&passPhrase=myPassword123
This causes the password myPassword123
to show up as clear text in the URL. Because URL's can be stored in many places (browser history, server logs, network device logs, ...) this may leak the password to external parties.
See https://security.stackexchange.com/questions/142695/is-a-plain-password-in-the-url-a-potential-security-threat for a more in-depth discussion on the impact of using sensitive information in query params.
Although in the context of Oauth, the Oauth 2.0 Authorization Protocol document on Bearer Tokens also explains the risk:
Don't pass bearer tokens in page URLs: Bearer tokens SHOULD NOT be passed in page URLs (for example as query string parameters). Instead, bearer tokens SHOULD be passed in HTTP message headers or message bodies for which confidentiality measures are taken. Browsers, web servers, and other software may not adequately secure URLs in the browser history, web server logs, and other
data structures. If bearer tokens are passed in page URLs, attackers might be able to steal them from the history data, logs, or other unsecured locations.
In the context of Taktik, the bearer token is a password, but the risk is identical.
Given the delicate nature of the health data, putting sensitive data in the query params of a GET request should thus really be avoided.
As a possible solution, an HTTP POST request could be made instead of a GET request.
Are there any plans to support POST requests for all endpoints that require sensitive data? Not having the ability to use a POST request, forces clients to use a GET request, potentially leaking sensitive data.
Thanks in advance!
Pour le moment, les calls vers les hubs revoient du XML pur, forçant la désérialisation par le frontend.
Depuis hier (avec la sortie du KMEHR 1.26), les balises lnk
ne revoient plus le contenu en base64. Celui-ci est remplacé par une balise URL
qui est sensé contenir un lien HTTP ou une référence KMEHR. Or, pour le moment, ce champ contient du texte pouvant ressembler à du base64. Après décryptage, le texte semble cryptique...
<lnk TYPE="multimedia" MEDIATYPE="application/pdf" URL="A5onK-BAPBBayxTQ61fZPoL5ub-C6FKGIzjbrdDf-mMBzbf5-R9y01x1RW8U_djW1RKUtlKjUi7OrPuVlyI9YA==">UABpAOgAYwBlACAAagBvAGkAbgB0AGUAIABuALAAIAAxAA==</lnk>
A5onK-BAPBBayxTQ61fZPoL5ub-C6FKGIzjbrdDf-mMBzbf5-R9y01x1RW8U_djW1RKUtlKjUi7OrPuVlyI9YA== --- base64 ---> �'(����4:Onl.(b3
�6�r\uEo�v5D-ԋ>eȏX
@aduchate une idée?
Hello,
It looks like the freehealth-connector is still using the old SecurityTokenService, which still uses SHA-1, and will stop working after the summer. Are there plans to update to 4.3.0 in the short term?
Snippet from the eHealth Business Connector 4.3.0 release notes:
default STS to WS-Trust interface, in order to use by default the new version of SecurityTokenService,
which includes the latest hashing (SHA-256) and signing algorithms (RSA-SHA-256 / ECDSA-SHA-256).
This change should be reflected in terms of sts endpoint config:
endpoint.sts=$uddi{uddi:ehealth-fgov-be:business:iamsecuritytokenservice:v1}
Alternatively, is there any documentation on how to add new (de)compiled modules? I don't mind looking into it myself.
Thanks a lot!
Hello, when I try to perform a requestAgreement
call (/chap4/new/
), I got an error saying that the AgreementResponse did not contain a securedContent
:
Caused by: org.taktik.connector.business.chapterIV.exception.ChapterIVBusinessConnectorException: response is not valid : the AgreementResponse did not contain a securedContent
at org.taktik.connector.business.chapterIV.builders.impl.ResponseBuilderImpl.getSecuredContent(ResponseBuilderImpl.kt:194)
at org.taktik.connector.business.chapterIV.builders.impl.ResponseBuilderImpl.unsealSecuredContent(ResponseBuilderImpl.kt:170)
at org.taktik.connector.business.chapterIV.builders.impl.ResponseBuilderImpl.validateTimestampAndretrieveChapterIVKmehrResponseWithTimeStampInfo(ResponseBuilderImpl.kt:95)
at org.taktik.connector.business.chapterIV.builders.impl.ResponseBuilderImpl.validateTimestampAndretrieveChapterIVKmehrResponseWithTimeStampInfo(ResponseBuilderImpl.kt:59)
at org.taktik.freehealth.middleware.service.impl.Chapter4ServiceImpl.requestAgreement(Chapter4ServiceImpl.kt:410)
at org.taktik.freehealth.middleware.web.controllers.Chapter4Controller.requestAgreement(Chapter4Controller.kt:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
Mr. Wathelet from the CIN performed the same call than me and it appears that a call with an EncryptedContent
works instead of a SecuredContent
The call performed by the freehealth-connector :
I tried to modify the freehealth-connector to test it with a EncryptedContent
but my modifications provoke other errors that I can not debug..
Could you please investigate this ?
Thank you !
I try to send some eHealthMessage with this method
src\main\kotlin\org\taktik\freehealth\middleware\web\controllers\EhboxController.kt
@PostMapping("")
fun sendMessage(
@RequestHeader(name = "X-FHC-keystoreId") keystoreId: UUID,
@RequestHeader(name = "X-FHC-tokenId") tokenId: UUID,
@RequestHeader(name = "X-FHC-passPhrase") passPhrase: String,
@RequestBody message: DocumentMessage,
@RequestParam publicationReceipt: Boolean?,
@RequestParam receptionReceipt: Boolean?,
@RequestParam readReceipt: Boolean?
): Boolean = ehboxService.sendMessage(
keystoreId,
tokenId,
passPhrase,
message,
publicationReceipt ?: false,
receptionReceipt ?: false,
readReceipt ?: false
)
keystoreId
, tokenId
and passPhrase
are set and receive after eHealtLogin, but message
can't be mapped.
An example of my message in JSON
{
"id": null,
"publicationId": null,
"sender": {
"identifierType": {
"type": "INSS"
},
"id": "62110906574",
"quality": "DOCTOR",
"applicationId": null,
"lastName": null,
"firstName": null,
"organizationName": null,
"personInOrganisation": null
},
"mandatee": null,
"destinations": [
{
"identifierType": {
"type": "INSS"
},
"id": "62110906574",
"quality": "DOCTOR",
"applicationId": null,
"lastName": null,
"firstName": null,
"organizationName": null,
"personInOrganisation": null
}
],
"publicationDateTime": 20181001,
"expirationDateTime": 20190101,
"size": "59417",
"customMetas": {},
"document": {
"title": "C’est un teste",
"content": "",
"textContent": null,
"filename": null,
"mimeType": null,
"signing": null
},
"freeText": null,
"freeInformationTableTitle": null,
"freeInformationTableRows": {},
"patientInss": null,
"annex": [],
"copyMailTo": [],
"documentTitle": null,
"annexList": [],
"useReceivedReceipt": false,
"useReadReceipt": false,
"hasAnnex": false,
"hasFreeInformations": false,
"important": true,
"encrypted": false,
"usePublicationReceipt": false
}
This message is made with a received message.
What wrong on it ?
And this is the error :
Failed to read HTTP message: org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Can not construct instance of org.taktik.freehealth.middleware.dto.common.Addressee: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?); nested exception is com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.taktik.freehealth.middleware.dto.common.Addressee: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?)
at [Source: java.io.PushbackInputStream@4eae78b3; line: 1, column: 43] (through reference chain: org.taktik.freehealth.middleware.dto.ehbox.DocumentMessage["sender"])
cc: @jfi-nsi
While implementing the AddressbookControllerApi, I've noticed that while I get result when I use getHcpBy[...] and getOrgBy[..] methods, when I use the searchOrg[...] and searchHcp[...] I always get an empty list.
I've tried using the name in all uppercase, all lowercase or first letter in uppercase to no avail.
Instead of a string[]
, we should support an array of object with the following properties:
{
code: '373590',
toothNumber: '26',
relatedService: '374371'
}
The resulting XML would be:
<ns2:item>
<ns3:id S="ID-KMEHR" SV="1.0">4</ns3:id>
<ns3:cd S="CD-ITEM" SV="1.0">claim</ns3:cd>
<ns3:content>
<ns3:cd S="CD-NIHDI" SV="1.0">373590</ns3:cd>
</ns3:content>
<ns3:content>
<ns3:cd S="CD-ISO-3950" SV="1.0">26</ns3:cd>
</ns3:content>
<ns3:content>
<ns3:cd S="CD-NIHDI-RELATEDSERVICE" SV="1.0">374371</ns3:cd>
</ns3:content>
</ns2:item>
Hi,
I'm running the connector inside gcr.io/cloud-builders/javac Docker using launch command
./gradlew -Dmycarenet.license.password=<pwd>\
-Dmycarenet.license.username=<user> \
-Dmycarenet.package.name=<package_name> \
bootRun
uploadKeystore and requestToken work fine, but registerToken returns a 500 Internal Server Error
An example of my flow in Python:
import requests
files = {'file': open('<file>','rb')}
# upload keystore
r = requests.post("http://localhost:8090/sts/keystore", files=files)
print(r.status_code)
print(r.json())
uuid = r.json()["uuid"]
# request token
headers = {
"X-FHC-passPhrase": "<pwd>",
"X-FHC-keystoreId": uuid
}
r = requests.get("http://localhost:8090/sts/token?ssin=<ssin>", headers=headers)
print(r.status_code)
print(r.json())
# register token
token_id = r.json()["tokenId"]
headers = {
"X-FHC-tokenId": token_id,
}
print(r.json()["token"])
r = requests.post("http://localhost:8090/sts/token", data=r.json()["token"], headers=headers)
print(r.status_code)
which returns
{"timestamp":1668716158017,"status":500,"error":"Internal Server Error","message":"unknown reason","path":"/sts/token"}'
Is there something wrong with how I construct the request to registerToken?
Missing/malformed info in the JSON response (this info is needed to provide cause of fault to user):
faultMessage
must be content of MessageFault.Message
: does not contain actual message Detail.DetailCode
, Detail.Location
, Detail.Message
Example:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns3:GetInsurabilityResponse xmlns:ns2="urn:be:fgov:ehealth:genericinsurability:core:v1" xmlns:ns3="urn:be:fgov:ehealth:genericinsurability:protocol:v1">
<Status>
<Code>200</Code>
<Message>Success</Message>
</Status>
<ns3:CommonOutput>
<ns2:InputReference>20180921112814</ns2:InputReference>
<ns2:NIPReference>PRIG0042119150</ns2:NIPReference>
<ns2:OutputReference>00000042119150</ns2:OutputReference>
</ns3:CommonOutput>
<ns3:RecordCommonOutput>
<ns2:InputReference>20180921112814</ns2:InputReference>
</ns3:RecordCommonOutput>
<ns3:Response MessageName="M801000ERR" Version="02" Duplicate="false" TestFlag="false" SenderReference="20180921112814" ReceiverReference="99942119150" Synchronous="true">
<ns2:CareReceiverId>
<ns2:Inss>86052640376</ns2:Inss>
</ns2:CareReceiverId>
<ns2:MessageFault>
<ns2:FaultCode>INPUT_ERROR</ns2:FaultCode>
<ns2:FaultSource>MYCARENET</ns2:FaultSource>
<ns2:Message xml:lang="en">The content of the received document is invalid</ns2:Message>
<ns2:Details>
<ns2:Detail>
<ns2:DetailCode>40</ns2:DetailCode>
<ns2:Location>../../../../InsurabilityRequestDetail/Period/PeriodStart/text()</ns2:Location>
<ns2:Message xml:lang="en">No information available for this period in the past</ns2:Message>
</ns2:Detail>
</ns2:Details>
</ns2:MessageFault>
<ns2:InsurabilityRequestDetail>
<ns2:InsurabilityRequestType>information</ns2:InsurabilityRequestType>
<ns2:Period>
<ns2:PeriodStart>2010-09-21</ns2:PeriodStart>
<ns2:PeriodEnd>2010-09-21</ns2:PeriodEnd>
</ns2:Period>
<ns2:InsurabilityContactType>ambulatory_care</ns2:InsurabilityContactType>
<ns2:InsurabilityReference>20180921112814</ns2:InsurabilityReference>
</ns2:InsurabilityRequestDetail>
</ns3:Response>
</ns3:GetInsurabilityResponse>
Response in JSON:
{
"inss": null,
"firstName": null,
"lastName": null,
"dateOfBirth": null,
"deceased": null,
"sex": null,
"hospitalizedInfo": null,
"medicalHouseInfo": null,
"insurabilities": [],
"faultMessage": "be.fgov.ehealth.genericinsurability.core.v1.DetailType@2b26b78b",
"faultSource": "MYCARENET",
"faultCode": "INPUT_ERROR",
"generalSituation": null,
"paymentByIo": false,
"specialSocialCategory": false,
"transfers": []
}
Salut Antoine,
tu peux me dire où tu as trouvé une source actuelle contemporaine de ce fichier? src/main/resources/cdInncluster.json
Selon mes connaissances, ce n'est plus recommandé d'utiliser ceci, et je ne trouve plus aucune source authentique qui donne ces valeurs.
Merci pour l'info!
Bonjour Monsieur Duchateau ( @aduchate ),
Actuellement, fhcprd et fhcacc ne nous permettent pas d'envoyer un message correctement. Malheureusement, il est impossible pour nous de déterminer si le problème vient de notre message qui est possiblement mal-formaté, ou si le serveur nous empêche d'envoyer un message à cause de notre origine (localhost) ou pour quelconque autre raison.
Nous avons l'impression que le serveur nous permet d'envoyer environ un message par jour sans pièce jointe et que le reste du temps nous recevons un mail "no-reply" pour dire qu'il y a eu une erreur lors de l'envoi.
Nous aimerions également connaitre la meilleure façon d'envoyer un message avec une pièce jointe via l'API. Nous nous sommes basés sur les messages reçus, et nous en avons donc conclu de mettre les pièces jointes dans l'attribut annex
du message (voir JSON ci-dessous). Serait-il possible pour vous de voir dans ce JSON quelconque erreur de notre part ?
{
"id": null,
"publicationId": null,
"publicationDateTime": 20181029,
"expirationDateTime": 20191001,
"customMetas": {},
"document": {
"title": "titre message",
"content": "bWVzc2FnZSBjb250ZW50",
"textContent": "message content",
"filename": "mail.txt",
"mimeType": "plain/text",
"signing": null
},
"freeText": null,
"freeInformationTableTitle": null,
"freeInformationTableRows": {},
"patientInss": null,
"annex": [
{
"title": "1100114897225_a1_LOL0323b53.lab",
"content": "...fileContent",
"textContent": null,
"filename": "1100114897225_a1_LOL0323b53.lab",
"mimeType": "application/x",
"signing": null
}
],
"copyMailTo": [],
"documentTitle": null,
"annexList": [],
"useReceivedReceipt": false,
"useReadReceipt": false,
"hasAnnex": true,
"hasFreeInformations": false,
"important": true,
"encrypted": false,
"usePublicationReceipt": false,
"destinations": [
{
"identifierType": {
"type": "NIHII"
},
"id": "19234011",
"quality": "DOCTOR",
"applicationId": null,
"lastName": "Dujardin",
"firstName": "Fréderic",
"organizationName": null,
"personInOrganisation": null
}
],
"sender": {
"identifierType": {
"type": "NIHII"
},
"id": "19234011",
"quality": "DOCTOR",
"applicationId": null,
"lastName": "Dujardin",
"firstName": "Frederic",
"organizationName": null,
"personInOrganisation": null
}
}
Voici également la request sans pièce jointe :
{
"id": null,
"publicationId": null,
"publicationDateTime": 20181029,
"expirationDateTime": 20191001,
"customMetas": {},
"document": {
"title": "titre message",
"content": "bWVzc2FnZSBjb250ZW50",
"textContent": "message content",
"filename": "mail.txt",
"mimeType": "plain/text",
"signing": null
},
"freeText": null,
"freeInformationTableTitle": null,
"freeInformationTableRows": {},
"patientInss": null,
"annex": [],
"copyMailTo": [],
"documentTitle": null,
"annexList": [],
"useReceivedReceipt": false,
"useReadReceipt": false,
"hasAnnex": false,
"hasFreeInformations": false,
"important": true,
"encrypted": false,
"usePublicationReceipt": false,
"destinations": [],
"sender": {
"identifierType": {
"type": "NIHII"
},
"id": "19234011",
"quality": "DOCTOR",
"applicationId": null,
"lastName": "Dujardin",
"firstName": "Frederic",
"organizationName": null,
"personInOrganisation": null
}
}
Je vous remercie grandement d'avance,
Cordialement,
Adrien
When calling the getGeneralInsurability as a medical house, using a MH token, the GetInsurabilityRequest is incorrect: The careprovider must be 'medicalhouse' instead of 'doctor'
CareProvider generated by FHC:
<CareProvider>
<Nihii>
<Quality>doctor</Quality>
<Value>84450178101</Value>
</Nihii>
<PhysicalPerson>
<Name>botermarkt</Name>
<Nihii>
<Quality>doctor</Quality>
<Value>84450178101</Value>
</Nihii>
<Ssin>84450178101</Ssin>
</PhysicalPerson>
</CareProvider>
CareProvider generated by Pricare (no values need to be provided for physicalperson):
<CareProvider>
<Nihii>
<Quality>medicalhouse</Quality>
<Value>84450178101</Value>
</Nihii>
<PhysicalPerson>
<Name></Name>
<Ssin></Ssin>
<Cbe />
</PhysicalPerson>
</CareProvider>
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.