Commit 0e4dbb1a authored by Tobias Assmann's avatar Tobias Assmann
Browse files

update README.md for client, update javadocs of rest endpoints

parent d7b84933
......@@ -52,17 +52,18 @@ docker exec reqesidta_ejbca /usr/local/bin/ejbca-config.sh && \
```
### POSeIDAS Database
To make changes in the database, the docker container first must be stopped.
To make changes in the database, the docker container `reqesidta_poseidas` first must be stopped.
The Database can be edited for example with [DBeaver](https://dbeaver.io/).
If the preconfigured database is used please look up the credentials for openingn in the file `/poseidas/config/application.properties`. If the database is configured by yourself, you have set the credentials via the [configuration-wizard](#use-the-configuration-wizard).
If the preconfigured database is used please look up the credentials for opening in the file `/poseidas/config/application.properties`.
If the database is configured by yourself, you have set the credentials via the [configuration-wizard](#use-the-configuration-wizard).
You need to add the following data into the database:
The following data needs to be present in the database:
* terminal certificate
* private-key
* sector-id (only relevant if the client is using PersoSim)
* certificate-chain
This data must be inserted using the key _REFID_. The value of _REFID_ must match the value in the poseidas config file under the key _CVCRefID_.
Use the following tables for adding the data:
* TERMINALPERMISSION
......@@ -74,3 +75,6 @@ Use the following tables for adding the data:
* every certificate of the certificate-chain
* starting with the root certitifcate use the value '0' for _POSINCHAIN_ and put the certificate in _DATA_
* if intermediate certificates exist, increase the value for _POSINCHAIN_ and put the certificate in _DATA_
This data must be inserted using a key in _REFID_.
The value of _REFID_ must match the value in the poseidas config file under the key _CVCRefID_.
......@@ -51,6 +51,13 @@ public class CertEndpoint {
@Inject private SessionStore sessionStore;
@Inject private SAMConfig config;
/**
* The getCSR function is called by the SSA and expects the session-id has created by SAM before.
* It returns the CSR, which is used with the CA later on.
*
* @param sessionId
* @throws IOException
*/
@GET
@Path("getcsr/{sessionId}")
@Produces("application/json")
......@@ -94,6 +101,13 @@ public class CertEndpoint {
return new CSRData(csr);
}
/**
* The sign function is called by the SSA and expects the sessionId, the identifier of the algorithm used for creating the signature and the hash of the document to be signed.
* It returns the data of the signature.
*
* @param sessionId
* @param data
*/
@POST
@Path("sign/{sessionId}")
@Produces("application/json")
......
......@@ -53,6 +53,10 @@ public class EACEndpoint {
@Inject
private SessionStore sessionStore;
/**
* The initSession function is called by the eID-Server in the useIDRequest procedure.
* This is used to setup a session between the eID-Server and SAM.
*/
@POST
@Path("initSession")
@Produces("text/plain")
......@@ -67,6 +71,9 @@ public class EACEndpoint {
return newSession.getId();
}
/**
* The startEAC function is called from the eID-Server during the initial EAC-Process to receive the truncated hash of the document to be signed for the AuthenticatedAuxiliaryData structure.
*/
@POST
@Path("startEAC/{sid}")
@Produces("application/json")
......@@ -90,6 +97,9 @@ public class EACEndpoint {
}
}
/**
* The processEAC1 function is called by the eID-Server to sign the EAC-Message.
*/
@POST
@Path("processEAC1/{sid}")
@Produces("application/json")
......@@ -108,6 +118,11 @@ public class EACEndpoint {
return signer.sign();
}
/**
* The processEAC2 function is called by the eID-Server.
* The SAM calculates the keys for secure messages.
* This way the derived keys do not leave the SAM.
*/
@POST
@Path("processEAC2/{sid}")
public Response proessEAC2(@PathParam("sid") String sessionId, EAC2Data data) {
......@@ -129,6 +144,10 @@ public class EACEndpoint {
return Response.ok().entity(new EAC2ResponseData(success)).build();
}
/**
* The SAM is responsible for the APDU secure messaging.
* It uses the prior generated keys to encrypt the APDUs.
*/
@POST
@Path("encryptAPDU/{sid}")
public APDU encryptAPDU(@PathParam("sid") String sessionId, APDU apdu) {
......@@ -149,6 +168,12 @@ public class EACEndpoint {
}
}
/**
* The SAM is responsible for the APDU secure messaging.
* It uses the prior generated keys to decrypt the APDUs.
* The decrypted APDUs are analyzed to extract the User-Data.
* The GivenNames, LastNames, DateOfBirth and BirthName are then used for creating the CSR.
*/
@POST
@Path("decryptAPDU/{sid}")
public APDU decryptAPDU(@PathParam("sid") String sessionId, APDU apdu) {
......
......@@ -76,12 +76,10 @@ public class SSAEndpoint {
@Inject private SSAConfig config;
@Inject private SessionStore sessionStore;
// @Inject private CertificateAuthorityClient caClient;
/**
* curl -L -k -X POST -H "Content-Type: application/json" --data '{"sig-alg":"SHA256WITHDSA","doc-hash":"SGVsbG8gV29ybGQK"}' http://docker.reqesidta.de/ssa-server/ssa/init
* @param reqAsJson
* @return
* The startSession function is called by the eID-Client and expects the hash of the document to be signed and the algorithm to be used for creating the signature.
* It triggers the start of the auth flow on the server side and returns the activation address of the eID-Server.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
......@@ -102,9 +100,8 @@ public class SSAEndpoint {
}
/**
* curl -L -k -X POST -H "Content-Type: application/json" --data '{"session":"YOUR_SESSION_ID"}' http://docker.reqesidta.de/ssa-server/ssa/certs
* @param req
* @return
* The getCertificates function is called by the eID-Client and expects the sessionId which has been issued to the eID-Client by the eID-Server before.
* It returns the certificates issued by the CA on behalf of SAM.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
......@@ -154,6 +151,13 @@ public class SSAEndpoint {
return resp;
}
/**
* The sign function is called by the eID-Client and expects the SignerInfo as specified by (IETF RFC2315), which has been created in the SCA based on the recived certificates and the document to be signed.
* It returns the signature value.
*
* @throws CMSException
* @throws IOException
*/
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
......@@ -219,8 +223,10 @@ public class SSAEndpoint {
/**
* Get the user Session.
*
* @param sessionId
* @return
* @return The user Session
* @throws NotFoundException
*/
private Session readSession(String sessionId) throws NotFoundException {
Session session = sessionStore.getSession(sessionId)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment