Merge remote-tracking branch 'origin/release/1.3.1' into main

datasharingframework · Oct 31, 2023 · 6a7d4c5 · 6a7d4c5
2 parents 74eb4d7 + d334556
commit 6a7d4c5
Show file tree

Hide file tree

Showing 48 changed files with 747 additions and 579 deletions.
diff --git a/CITATION.cff b/CITATION.cff
@@ -24,8 +24,8 @@ preferred-citation:
   doi: 10.3233/SHTI210060
   type: proceedings
 title: "Data Sharing Framework (DSF)"
-version: 1.3.0
-date-released: 2023-10-11
+version: 1.3.1
+date-released: 2023-10-31
 url: https://dsf.dev
 repository-code: https://github.com/datasharingframework/dsf
 repository-artifact: https://github.com/datasharingframework/dsf/releases

diff --git a/dsf-bpe/dsf-bpe-process-api-v1/pom.xml b/dsf-bpe/dsf-bpe-process-api-v1/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-bpe-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>

diff --git a/dsf-bpe/dsf-bpe-server-jetty/pom.xml b/dsf-bpe/dsf-bpe-server-jetty/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-bpe-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>

diff --git a/dsf-bpe/dsf-bpe-server/pom.xml b/dsf-bpe/dsf-bpe-server/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-bpe-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>
@@ -85,12 +85,6 @@
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-web</artifactId>
-			<exclusions>
-				<exclusion>
-					<artifactId>commons-logging</artifactId>
-					<groupId>commons-logging</groupId>
-				</exclusion>
-			</exclusions>
 		</dependency>
 
 		<dependency>

diff --git a/dsf-bpe/pom.xml b/dsf-bpe/pom.xml
@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<modules>

diff --git a/dsf-common/dsf-common-auth/pom.xml b/dsf-common/dsf-common-auth/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-common-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>

diff --git a/dsf-common/dsf-common-config/pom.xml b/dsf-common/dsf-common-config/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-common-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>

diff --git a/dsf-common/dsf-common-documentation/pom.xml b/dsf-common/dsf-common-documentation/pom.xml
@@ -6,6 +6,6 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-common-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 </project>
diff --git a/dsf-common/dsf-common-jetty/pom.xml b/dsf-common/dsf-common-jetty/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-common-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>

diff --git a/dsf-common/dsf-common-status/pom.xml b/dsf-common/dsf-common-status/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-common-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>

diff --git a/dsf-common/pom.xml b/dsf-common/pom.xml
@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<modules>

diff --git a/dsf-docker-test-setup-3dic-ttp/docker-compose.yml b/dsf-docker-test-setup-3dic-ttp/docker-compose.yml
@@ -107,6 +107,7 @@ services:
       --spi-truststore-file-hostname-verification-policy=STRICT
 
   dic1-fhir:
+    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
@@ -175,6 +176,7 @@ services:
       - keycloak
 
   dic2-fhir:
+    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
@@ -243,6 +245,7 @@ services:
       - keycloak
 
   dic3-fhir:
+    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
@@ -311,6 +314,7 @@ services:
       - keycloak
 
   ttp-fhir:
+    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
@@ -386,6 +390,7 @@ services:
       - keycloak
 
   dic1-bpe:
+    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -452,6 +457,7 @@ services:
       - keycloak
 
   dic2-bpe:
+    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -518,6 +524,7 @@ services:
       - keycloak
 
   dic3-bpe:
+    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -585,6 +592,7 @@ services:
       - keycloak
 
   ttp-bpe:
+    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:

diff --git a/dsf-docker-test-setup-3dic-ttp/proxy/nginx.conf b/dsf-docker-test-setup-3dic-ttp/proxy/nginx.conf
@@ -30,8 +30,9 @@ http {
 
     ssl_certificate /run/secrets/proxy_certificate_and_int_cas.pem;
     ssl_certificate_key /run/secrets/proxy_certificate_private_key.pem;
-    ssl_protocols TLSv1.3;
-    ssl_prefer_server_ciphers off;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
+    ssl_prefer_server_ciphers on;
     add_header Strict-Transport-Security "max-age=63072000" always;
 
     ssl_client_certificate /run/secrets/proxy_trusted_client_cas.pem;	

diff --git a/dsf-docker-test-setup/bpe/docker-compose.yml b/dsf-docker-test-setup/bpe/docker-compose.yml
@@ -1,6 +1,7 @@
 version: '3.8'
 services:
   app:
+    build: ../../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:

diff --git a/dsf-docker-test-setup/fhir/docker-compose.yml b/dsf-docker-test-setup/fhir/docker-compose.yml
@@ -1,6 +1,7 @@
 version: '3.8'
 services:
   proxy:
+    build: ../../dsf-docker/fhir_proxy
     image: datasharingframework/fhir_proxy
     restart: "no"
     ports:
@@ -28,6 +29,7 @@ services:
       - app
 
   app:
+    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:

diff --git a/dsf-docker/fhir_proxy/conf/extra/host-ssl.conf b/dsf-docker/fhir_proxy/conf/extra/host-ssl.conf
@@ -36,19 +36,22 @@ RequestHeader set X-ClientCert ""
 Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
 
 <Location "${SERVER_CONTEXT_PATH}">
-	RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s
+	RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s "expr=-n %{SSL_CLIENT_CERT}"
+	RequestHeader set X-Forwarded-Proto %{REQUEST_SCHEME}s
 
 	ProxyPass http://${APP_SERVER_IP}:8080/fhir/ timeout=${PROXY_PASS_TIMEOUT_HTTP} connectiontimeout=${PROXY_PASS_CONNECTION_TIMEOUT_HTTP}
 	ProxyPassReverse http://${APP_SERVER_IP}:8080/fhir/
 </Location>
 <Location "${SERVER_CONTEXT_PATH}/">
-	RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s
+	RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s "expr=-n %{SSL_CLIENT_CERT}"
+	RequestHeader set X-Forwarded-Proto %{REQUEST_SCHEME}s
 
 	ProxyPass http://${APP_SERVER_IP}:8080/fhir/ timeout=${PROXY_PASS_TIMEOUT_HTTP} connectiontimeout=${PROXY_PASS_CONNECTION_TIMEOUT_HTTP}
 	ProxyPassReverse http://${APP_SERVER_IP}:8080/fhir/
 </Location>
 <Location "${SERVER_CONTEXT_PATH}/ws">
-	RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s
+	RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s "expr=-n %{SSL_CLIENT_CERT}"
+	RequestHeader set X-Forwarded-Proto %{REQUEST_SCHEME}s
 
 	ProxyWebsocketFallbackToProxyHttp off
 	ProxyPass ws://${APP_SERVER_IP}:8080/fhir/ws timeout=${PROXY_PASS_TIMEOUT_WS} connectiontimeout=${PROXY_PASS_CONNECTION_TIMEOUT_WS}

diff --git a/dsf-docker/fhir_proxy/conf/extra/httpd-ssl.conf b/dsf-docker/fhir_proxy/conf/extra/httpd-ssl.conf
@@ -65,9 +65,9 @@ Listen 443
 #SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
 #SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
 SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
-SSLCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:AES128-SHA:DES-CBC3-SHA
+SSLCipherSuite SSL ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
 SSLProxyCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
-SSLProxyCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:AES128-SHA:DES-CBC3-SHA
+SSLProxyCipherSuite SSL ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
 
 #   User agents such as web browsers are not configured for the user's
 #   own preference of either security or performance, therefore this
@@ -82,8 +82,8 @@ SSLHonorCipherOrder on
 #   protocol or later should remain in use.
 #SSLProtocol all -SSLv3 -TLSv1
 #SSLProxyProtocol all -SSLv3 -TLSv1
-SSLProtocol -all +TLSv1.3 +TLSv1.2
-SSLProxyProtocol -all +TLSv1.3 +TLSv1.2	
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1	
 
 #   Pass Phrase Dialog:
 #   Configure the pass phrase gathering process.

diff --git a/dsf-fhir/dsf-fhir-auth/pom.xml b/dsf-fhir/dsf-fhir-auth/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-fhir-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>

diff --git a/dsf-fhir/dsf-fhir-rest-adapter/pom.xml b/dsf-fhir/dsf-fhir-rest-adapter/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-fhir-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>

diff --git a/dsf-fhir/dsf-fhir-server-jetty/pom.xml b/dsf-fhir/dsf-fhir-server-jetty/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-fhir-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>

diff --git a/dsf-fhir/dsf-fhir-server/pom.xml b/dsf-fhir/dsf-fhir-server/pom.xml
@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>dev.dsf</groupId>
 		<artifactId>dsf-fhir-pom</artifactId>
-		<version>1.3.0</version>
+		<version>1.3.1</version>
 	</parent>
 
 	<dependencies>
@@ -79,12 +79,6 @@
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-web</artifactId>
-			<exclusions>
-				<exclusion>
-					<artifactId>commons-logging</artifactId>
-					<groupId>commons-logging</groupId>
-				</exclusion>
-			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
@@ -129,6 +123,12 @@
 		<dependency>
 			<groupId>ca.uhn.hapi.fhir</groupId>
 			<artifactId>hapi-fhir-validation</artifactId>
+			<exclusions>
+				<exclusion>
+					<artifactId>commons-logging</artifactId>
+					<groupId>commons-logging</groupId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>ca.uhn.hapi.fhir</groupId>