Dette dokument dækker følgende komponenter på NSP:
Dokumentregistrerings- og oprettelsesservice
Type: Webservice
Filnavn: sfsk.war
Url: <serverurl>/sfsk
Servicecheckurl: <serverurl>/sfsk/status
Versionurl: <serverurl>/sfsk/health returnerer en json struktur med denne
Grundlæggende konfiguration foregår ved redigering i filen sfsk.properties, der placeres i følgende WildFly modul:
/pack/wildfly8/modules/sds/sfsk/configuration/main/
Moduldefinitionen er at finde i sourcekoden til SFSK under:
/sfsk-war/etc/modules/sds/sfsk/configuration/main/module.xml
I filen skal følgende properties være definerede:
Property | Beskrivelse |
SFSK property | |
sfsk.url.prefix | URL prefix der indsættes i wsdl'er og bruges af dks-servlet. |
sfsk.app.name | Anvendes af dks-servlet |
iti18.service.endpoint | Endpoint på ITI18-backend. |
iti43.service.endpoint | Endpoint på ITI42-backend. |
sfsk.backend.failure.threshold | Tærskel for, hvor mange gang i træk et kald til en backend må fejle, før denne backend betragtes som 'død' af status-siden. |
sfsk.dgws.keystore.resource | Keystore, der indeholder funktionscertifikat. |
sfsk.dgws.keystore.password | Password til sfsk.dgws.keystore.resource. |
sfsk.dgws.keystore.alias | Alias til sfsk.dgws.keystore.resource. |
sfsk.dgws.sts.request.url | Endpoint til STS token service. |
sfsk.dgws.cvr | Cvr som SFSK's DGWS skal benytte sig af. |
sfsk.dgws.org | Organisations navn som SFSK's DGWS skal benytte sig af. |
sfsk.datasource.jndi | Datasource der skal bruges til forbindelsen til databasen . |
sts.endpoint | Endpoint til STS token service. Benyttes af integrationerne. |
SAES property | |
saes.endpoint | Endpoint til SAES service. |
saes.connect.timeout.millis | Maksimale antal millisekunder servicen skal foretage poll inden den timer ud. |
saes.read.timeout.millis | Maksimale antal millisekunder Kafka consumeren venter hvis der kommer flere kald ind end der er Followup objekter i pool'en. |
saes.sts.keystore | Keystore, der indeholder funktionscertifikat. |
saes.sts.keystore.password | Password til sfsk.dgws.keystore.resource. |
saes.sts.keystore.alias | Alias til sfsk.dgws.keystore.resource. |
saes.idcard.subject.name | Organisations navn som SAES's DGWS skal benytte sig af. |
saes.idcard.subject.id | Cvr som SAES's DGWS skal benytte sig af. |
saes.idcard.system.name | Anvendes af dks-servlet. |
BRS property | |
brs.endpoint | Endpoint til BRS service. |
brs.connect.timeout.millis | Maksimale antal millisekunder servicen skal foretage poll inden den timer ud. |
brs.read.timeout.millis | Maksimale antal millisekunder Kafka consumeren venter hvis der kommer flere kald ind end der er Followup objekter i pool'en. |
brs.sts.keystore | Keystore, der indeholder funktionscertifikat. |
brs.sts.keystore.password | Password til sfsk.dgws.keystore.resource. |
brs.sts.keystore.alias | Alias til sfsk.dgws.keystore.resource. |
brs.idcard.subject.name | Organisations navn som SAES's DGWS skal benytte sig af. |
brs.idcard.subject.id | Cvr som SAES's DGWS skal benytte sig af. |
brs.idcard.system.name | Anvendes af dks-servlet. |
treatment.relation.serviceprovider.vendor | Indsættes som ’ServiceProvider/Vendor’ i behandlingsrelationsservicens treatmentRelationRequestBody. |
treatment.relation.serviceprovider.version | Indsættes som ’ServiceProvider/Version’ i behandlingsrelationsservicens treatmentRelationRequestBody. |
treatment.relation.external.reference.id | Indsættes som ’ExternalReferenceId’ i behandlingsrelationsservicens treatmentRelationRequestBody. |
treatment.relation.timelimit.offset | Angiver antallet af dage fra SFSK-kaldtidspunktet, der skal indsættes som tidsstemplet ’TimeLimit’ i behandlingsrelationsservicens treatmentRelationRequestBody. |
treatment.relation.lookup.timeinterval.start.offset | Angiver antallet af dage fra SFSK-kaldtidspunktet, der skal indsættes som tidsstemplet ’RelationLookupTimeInterval/start’ i behandlingsrelationsservicens treatmentRelationRequestBody. Negativt fortegn angiver antal dage før DDS-kaldtidspunktet. |
treatment.relation.lookup.timeinterval.end.offset | Angiver antallet af dage fra SFSK-kaldtidspunktet, der skal indsættes som tidsstemplet ’RelationLookupTimeInterval/end’ i behandlingsrelationsservicens treatmentRelationRequestBody. Negativt fortegn angiver antal dage før DDS-kaldtidspunktet. |
treatment.relation.acceptable.relations | Kommasepareret liste af kategorier, der indsættes som ’AcceptableRelations/Relation’ i behandlingsrelationsservicens treatmentRelationRequestBody, når sundhedspersonens organisation. |
treatment.relation.followup.relations | Kommasepareret liste af kategorier, der indsættes som ’FollowupRelations/Relation’ i behandlingsrelationsservicens treatmentRelationRequestBody, Kommasepareret liste af kategorier. |
Nationale roller property | |
dk.nsp.sfsk.nationale.roller | Nationale roller for medarbejderopslag |
MinLog property | |
minlog.iti18-text | MinLog activity texts |
Log4j konfiguration findes i samme wildfly modul som servicekonfigurationen
Se yderligere opsætning i installationsvejledningen.
Her logges forespørgsler til servicen.
Eksempler:
{ "time": "2021-07-01T07:33:05.616Z", "category": "dk.sds.nsp.audit.log.sfsk", "audit": { "timestamp": "2021-07-01T09:32:59.347+02:00", "components": [ { "component": "SFSK", "contexts": [ { "context": "DocumentRegistry_RegistryStoredQuery", "information": [ { "key": "patient-cpr", "type": "RPI", "value": "2222222222" }, { "key": "værdispring", "type": "RPI", "value": "false" }, { "key": "document_entry.0.homecommunityid", "type": "RPI", "value": "1.2.208.176.8.1.12" }, { "key": "document_entry.0.repositoryid", "type": "RPI", "value": "1.2.208.176.43210.8.10.12" }, { "key": "document_entry.0.documentid", "type": "RPI", "value": "1.2.208.176.43210.8.10.12^3ae0c14f-723f-422c-9f19-711681ccb461" }, { "key": "document_entry.0.typecode", "type": "RPI", "value": "52460-3" }, { "key": "document_entry.1.homecommunityid", "type": "RPI", "value": "1.2.208.176.8.1.12" }, { "key": "document_entry.1.repositoryid", "type": "RPI", "value": "1.2.208.176.43210.8.10.12" }, { "key": "document_entry.1.documentid", "type": "RPI", "value": "1.2.208.176.43210.8.10.12^124661e5-04a1-478b-b2d9-640cf8360044" }, { "key": "document_entry.1.typecode", "type": "RPI", "value": "PDC" } ] } ] } ] }, "access": { "code": 200, "duration": 4961, "httpHeaders": { "Content-Type": "application/soap+xml; charset=UTF-8" }, "httpHost": "localhost", "idCardAttributes": { "medcom:CareProviderID": "33257872", "medcom:CareProviderName": "Sundhedsdatastyrelsen", "medcom:ITSystemName": "SFSK", "sosi:AuthenticationLevel": "3", "sosi:IDCardID": "F5qM/3t3mok2gDB/GAY1Fw==", "sosi:IDCardType": "system", "sosi:IDCardVersion": "1.0.1" }, "method": "POST", "path": "/sfsk/iti18", "query": "", "port": 8060, "protocol": "http", "reqSize": 7413, "resSize": 10996, "soapHeaders": { "Issuer": "TEST2-NSP-STS", "MessageID": "AAABemD8KLJdrkK40FkOylNPU0k=", "NameID": "SubjectDN={SERIALNUMBER=CVR:33257872-FID:28250866 + CN=SFSK (funktionscertifikat), O=Sundhedsdatastyrelsen // CVR:33257872, C=DK},IssuerDN={CN=TRUST2408 Systemtest XXXIV CA, O=TRUST2408, C=DK},CertSerial={1604117906}", "w3Action": "urn:ihe:iti:2007:RegistryStoredQuery", "w3MessageID": "urn:uuid:104cf5c8-b8d4-499e-bfd1-fa4a1deba449", "w3To": "http://localhost:8060/sfsk/iti18" }, "threadId": "default task-1", "time": "2021-07-01T09:32:59.321+02:00", "stats": { "handlerDuration": 1237, "RequestContentDuration": 45, "ResponseContentDuration": 0, "SecurityProtocolRequestDuration": 835, "SecurityProtocolResponseDuration": 0, "bufferAllocated": true, "usedBuffers": 1, "activeBuffersInPool": 1, "idleBuffersInPool": 0 } } } |
{ "time": "2021-07-01T07:33:11.443Z", "category": "dk.sds.nsp.audit.log.sfsk", "audit": { "timestamp": "2021-07-01T09:33:10.007+02:00", "components": [ { "component": "SFSK", "contexts": [ { "context": "DocumentRepository_RetrieveDocumentSet", "information": [ { "key": "værdispring", "type": "RPI", "value": "false" }, { "key": "document_entry.0.homecommunityid", "type": "RPI", "value": "" }, { "key": "document_entry.0.repositoryid", "type": "RPI", "value": "1.1.1" }, { "key": "document_entry.0.documentid", "type": "RPI", "value": "1.2.208.176.43210.8.10.12^91a2307e-f948-4c71-aa69-d72c5e41dac9" } ] } ] } ] }, "access": { "code": 200, "duration": 1017, "httpHeaders": { "Content-Type": "multipart/related; type=\"application/xop+xml\"; boundary=\"uuid:ce184aa9-46e0-4dd5-b4d4-3906cc232ed3\"; start=\"<root.message@cxf.apache.org>\"; start-info=\"application/soap+xml\"" }, "httpHost": "localhost", "idCardAttributes": { "medcom:CareProviderID": "33257872", "medcom:CareProviderName": "Sundhedsdatastyrelsen", "medcom:ITSystemName": "SFSK", "sosi:AuthenticationLevel": "3", "sosi:IDCardID": "F5qM/3t3mok2gDB/GAY1Fw==", "sosi:IDCardType": "system", "sosi:IDCardVersion": "1.0.1" }, "method": "POST", "path": "/sfsk/iti43", "query": "", "port": 8060, "protocol": "http", "reqSize": 7191, "resSize": 7940, "soapHeaders": { "Issuer": "TEST2-NSP-STS", "MessageID": "AAABemD8XsT8P8AKfoFPvVNPU0k=", "NameID": "SubjectDN={SERIALNUMBER=CVR:33257872-FID:28250866 + CN=SFSK (funktionscertifikat), O=Sundhedsdatastyrelsen // CVR:33257872, C=DK},IssuerDN={CN=TRUST2408 Systemtest XXXIV CA, O=TRUST2408, C=DK},CertSerial={1604117906}", "w3Action": "urn:ihe:iti:2007:RetrieveDocumentSet", "w3MessageID": "urn:uuid:ad9bc9e1-dced-4ae9-8065-a6d56631cdff", "w3To": "http://localhost:8060/sfsk/iti43" }, "threadId": "default task-1", "time": "2021-07-01T09:33:10.007+02:00", "stats": { "handlerDuration": 390, "RequestContentDuration": 161, "ResponseContentDuration": 0, "SecurityProtocolRequestDuration": 184, "SecurityProtocolResponseDuration": 0, "bufferAllocated": false, "usedBuffers": 1, "activeBuffersInPool": 1, "idleBuffersInPool": 1 } } } |
De enkelte anvendere skal whitelistes til at bruge SFSK. Der findes en tabel whitelist til dette formål. Det er anvenders certifikat, der whitelistes.
Følgende eksempel er output fra openssl visning af et PEM encodet certifikat:
$ openssl x509 -in example.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 1495058165 (0x591cc6f5) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DK, O=TRUST2408, CN=TRUST2408 Systemtest XXII CA Validity Not Before: Aug 29 06:25:19 2018 GMT Not After : Aug 29 06:24:05 2021 GMT Subject: C=DK, O=Statens Serum Institut // CVR:46837428/serialNumber=CVR:46837428-UID:27910135, CN=Statens Serum Institut - Test VOCES Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:97:4a:f0:06:41:7a:8f:b5:bd:50:49:bf:68:24: b6:3b:94:54:06:88:9b:78:8b:31:cf:59:19:ea:46: 9a:89:45:74:15:c4:98:2f:2f:4f:8f:dc:db:44:b6: ce:f9:25:ff:d9:00:50:ef:0a:18:d7:c5:53:8f:ff: 66:ff:32:20:ae:f0:ad:c1:36:48:69:66:62:d0:c6: 45:35:7e:94:6d:c4:b3:ae:95:b6:1d:3d:7c:0d:17: 70:44:8d:05:8e:6d:d4:d0:5b:24:03:19:78:ec:f9: de:2e:6a:77:64:39:59:5c:e2:c4:e0:74:4f:26:23: 45:06:f4:f8:50:9c:49:5b:de:af:60:29:38:df:fc: 2e:dc:27:c6:19:fc:54:ec:55:b6:77:b6:73:73:19: 86:d9:8f:1f:2f:36:e5:9b:de:ca:c7:d1:5d:a7:06: 8e:fb:cc:4c:cf:3b:d9:6b:79:c9:eb:80:6f:97:df: c5:69:cd:28:ef:42:7c:84:1d:6a:af:82:38:46:2b: 7f:5c:21:71:1f:13:52:f0:a5:97:91:a2:75:98:4c: 91:90:0c:88:9b:76:d8:f9:4e:65:c2:54:04:7b:87: a0:ae:c5:dc:12:3e:67:34:ac:59:f0:91:7b:fb:38: 76:d5:64:4c:50:96:2d:70:37:0f:41:cb:99:1d:c4: 06:43 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment, Key Agreement Authority Information Access: OCSP - URI:http://ocsp.systemtest22.trust2408.com/responder CA Issuers - URI:http://v.aia.systemtest22.trust2408.com/systemtest22-ca.cer X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.31313.2.4.6.3.4 CPS: http://www.trust2408.com/repository User Notice: Organization: DanID Number: 1 Explicit Text: DanID test certifikater fra denne CA udstedes under OID 1.3.6.1.4.1.31313.2.4.6.3.4. DanID test certificates from this CA are issued under OID 1.3.6.1.4.1.31313.2.4.6.3.4. X509v3 Subject Alternative Name: email:testcertifikat@ssi.dk X509v3 CRL Distribution Points: Full Name: URI:http://crl.systemtest22.trust2408.com/systemtest221.crl Full Name: DirName: C = DK, O = TRUST2408, CN = TRUST2408 Systemtest XXII CA, CN = CRL76 X509v3 Authority Key Identifier: keyid:AB:A8:01:44:19:B0:B3:43:99:DA:FA:7C:CC:D2:00:18:03:E7:3C:BF X509v3 Subject Key Identifier: 7F:C5:FF:5C:F1:AC:64:D4:08:1C:BB:65:78:01:D4:78:B6:57:71:0C X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha256WithRSAEncryption 80:c1:84:cd:ea:4f:27:51:33:d5:61:6a:66:b5:5e:54:74:02: d6:f8:a7:86:75:45:1a:e4:5a:3b:28:d5:3d:24:7b:cf:91:ef: ce:2e:8d:f4:cf:61:1b:2b:ff:c9:54:12:92:a7:53:58:0d:45: ba:6d:ec:23:b9:0c:1f:ab:90:d8:de:a6:35:f3:ed:46:63:a3: 06:a0:8b:53:3a:90:d3:d7:fd:4e:70:2e:fc:68:a4:65:d0:62: 0c:bd:21:e3:83:32:7b:2d:cf:82:95:53:c6:1e:24:45:62:b1: a7:a4:aa:2c:39:60:c3:94:61:b5:ae:5d:30:e3:08:5b:33:89: c2:44:59:f5:82:e0:62:73:62:9c:a9:c6:49:6a:a0:d7:a8:af: ee:a2:45:fd:20:58:cf:85:5b:5a:b9:9f:49:78:4d:bb:e4:36: 0c:dc:a3:b0:52:e5:b9:5b:a6:46:0e:70:19:90:c1:96:c5:16: d9:d1:52:63:df:a8:95:a4:0c:77:ca:e0:bc:c3:31:f4:1c:95: 42:0b:c5:17:e4:b5:d3:d7:ef:f7:5b:b0:ef:57:ac:04:ac:f0: 6c:4a:69:16:d2:ca:35:4a:8e:bb:df:9d:8b:41:80:59:0d:8d: cb:e6:88:ce:11:b8:dd:6c:76:99:ac:0b:ed:a9:cb:c3:94:05: 1d:9c:84:22 -----BEGIN CERTIFICATE----- MIIGRTCCBS2gAwIBAgIEWRzG9TANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJE SzESMBAGA1UECgwJVFJVU1QyNDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVt dGVzdCBYWElJIENBMB4XDTE4MDgyOTA2MjUxOVoXDTIxMDgyOTA2MjQwNVowgY4x CzAJBgNVBAYTAkRLMS8wLQYDVQQKDCZTdGF0ZW5zIFNlcnVtIEluc3RpdHV0IC8v IENWUjo0NjgzNzQyODFOMCAGA1UEBRMZQ1ZSOjQ2ODM3NDI4LVVJRDoyNzkxMDEz NTAqBgNVBAMMI1N0YXRlbnMgU2VydW0gSW5zdGl0dXQgLSBUZXN0IFZPQ0VTMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0rwBkF6j7W9UEm/aCS2O5RU BoibeIsxz1kZ6kaaiUV0FcSYLy9Pj9zbRLbO+SX/2QBQ7woY18VTj/9m/zIgrvCt wTZIaWZi0MZFNX6UbcSzrpW2HT18DRdwRI0Fjm3U0FskAxl47PneLmp3ZDlZXOLE 4HRPJiNFBvT4UJxJW96vYCk43/wu3CfGGfxU7FW2d7ZzcxmG2Y8fLzblm97Kx9Fd pwaO+8xMzzvZa3nJ64Bvl9/Fac0o70J8hB1qr4I4Rit/XCFxHxNS8KWXkaJ1mEyR kAyIm3bY+U5lwlQEe4egrsXcEj5nNKxZ8JF7+zh21WRMUJYtcDcPQcuZHcQGQwID AQABo4IC7jCCAuowDgYDVR0PAQH/BAQDAgO4MIGXBggrBgEFBQcBAQSBijCBhzA8 BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5j b20vcmVzcG9uZGVyMEcGCCsGAQUFBzAChjtodHRwOi8vdi5haWEuc3lzdGVtdGVz dDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVzdDIyLWNhLmNlcjCCASAGA1UdIASC ARcwggETMIIBDwYNKwYBBAGB9FECBAYDBDCB/TAvBggrBgEFBQcCARYjaHR0cDov L3d3dy50cnVzdDI0MDguY29tL3JlcG9zaXRvcnkwgckGCCsGAQUFBwICMIG8MAwW BURhbklEMAMCAQEagatEYW5JRCB0ZXN0IGNlcnRpZmlrYXRlciBmcmEgZGVubmUg Q0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjMu NC4gRGFuSUQgdGVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1 ZWQgdW5kZXIgT0lEIDEuMy42LjEuNC4xLjMxMzEzLjIuNC42LjMuNC4wIAYDVR0R BBkwF4EVdGVzdGNlcnRpZmlrYXRAc3NpLmRrMIGsBgNVHR8EgaQwgaEwPaA7oDmG N2h0dHA6Ly9jcmwuc3lzdGVtdGVzdDIyLnRydXN0MjQwOC5jb20vc3lzdGVtdGVz dDIyMS5jcmwwYKBeoFykWjBYMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1Qy NDA4MSUwIwYDVQQDDBxUUlVTVDI0MDggU3lzdGVtdGVzdCBYWElJIENBMQ4wDAYD VQQDDAVDUkw3NjAfBgNVHSMEGDAWgBSrqAFEGbCzQ5na+nzM0gAYA+c8vzAdBgNV HQ4EFgQUf8X/XPGsZNQIHLtleAHUeLZXcQwwCQYDVR0TBAIwADANBgkqhkiG9w0B AQsFAAOCAQEAgMGEzepPJ1Ez1WFqZrVeVHQC1vinhnVFGuRaOyjVPSR7z5Hvzi6N 9M9hGyv/yVQSkqdTWA1Fum3sI7kMH6uQ2N6mNfPtRmOjBqCLUzqQ09f9TnAu/Gik ZdBiDL0h44Myey3PgpVTxh4kRWKxp6SqLDlgw5Rhta5dMOMIWzOJwkRZ9YLgYnNi nKnGSWqg16iv7qJF/SBYz4VbWrmfSXhNu+Q2DNyjsFLluVumRg5wGZDBlsUW2dFS Y9+olaQMd8rgvMMx9ByVQgvFF+S109fv91uw71esBKzwbEppFtLKNUqOu9+di0GA WQ2Ny+aIzhG43Wx2mawL7anLw5QFHZyEIg== -----END CERTIFICATE----- |
Det er oplysningen subject serialnumber der skal anvendes i til at indsætte i whitelisting tabellen.
Certifikatet whitelistes ved følgende SQL:
INSERT INTO whitelist (subjectserialnumber, note) VALUES ('CVR:46837428-UID:27910135', 'Oprettet fra supportsag ASCP00155779'); |
SFSK udstiller en overvågningsside, som findes i listen af komponenter i afsnit 2.
DROS-overvågningssiden returnerer enten:
Det overvåges for hver backend, om kaldene til backenden går galt. Det kan konfigureres, hvor mange kald i træk der må gå galt, før en backend betragtes som 'død'.
200 OK
---------------------------------------
STATUS
ITI18 backend alive: true
ITI43 backend alive: true
Det fremgår for hver backend, om kaldene til den går godt eller ej.
500 Internal Server Error
---------------------------------------
STATUS
ITI18 backend alive: true
ITI54 backend alive: false
Hvis kaldene til backend ikke kan udføres, så returneres statuskode 500.