TEE processing context for the ePrescription (eRezept, erp) service.
TEE = trusted execution environment or german VAU = vertrauenswürdige Ausführungsumgebung.
See here
See here for details related to building the project and updating the necessary test resources including TSL_valid.xml and BNA_valid.xml.
Communication with the outside world
- incoming HTTP requests
- PostgreSQL
- HSM
- registration service
- remote attestation service
A guide outlines the implementation.
The test key/certificate pair in resources/test/02_development.config.json.in (erp/server/certificate)
was generated on RHEL 8 using OpenSSL 1.1.1k.
They are meant to be used exclusively for testing purposes on a server running locally.
openssl req -newkey rsa:2048 -nodes -keyout key.pem \
-x509 -days 3650 -out cert.pem \
-subj "/C=DE/ST=HH/L=Hamburg/O=IBM/OU=Gesundheitsplattform" \
"/CN=ePA Backend Mock -- FdV-Modul Unit Testing" \
-addext "subjectAltName = IP:127.0.0.1"cd docker/build
docker build -t de.icr.io/erp_dev/erp-pc-ubuntu-build:2.3.1 .
docker push de.icr.io/erp_dev/erp-pc-ubuntu-build:2.3.1
This tool uses the private key located in the source tree at resources/test/jwt/idp_id to sign a json-claim file
provided at the command line and prints it to stdout.
Usage: jwt <claimfile>
<claimfile> file containing claim to sign
This tool uses the key from vau/private-key in 02_development.config.json or environment variable ERP_VAU_PRIVATE_KEY
to create an encrypted request.
Usage: vau_encrypt <infile> <outfile>
<infile> name of file with plain text request
<outfile> target file for encrypted request
in directory resources/test/EndpointHandlerTest
cat kbv_bundle.xml| openssl smime -sign -signer ../ssl/ec.crt -inkey ../ssl/ec.priv.pem -outform der -nodetach |base64 -w0 >kbv_bundle.xml.p7s