Table of Contents
This Service runs as a standalone CLI application and retrieves and validates the X509 Certificates of Users stored in the DEMIS Keycloak instance. The Validation runs against the D-Trust Public LDAP Registry, using the OCSP Protocol and the Certificate Revocation List.
The Certificates are stored in a Redis Server, running in the DEMIS Infrastructure.
See ReleaseNotes.md for all information regarding the (newest) releases.
The Project requires Java 21 and Maven 3.8+.
The Project can be built with the following command:
mvn clean installThe Docker Image associated to the service can be built with the extra profile docker:
mvn clean install -PdockerThe application can be executed from a JAR file or a Docker Image:
# As JAR Application
java -jar target/certificate-update-service.jar
# As Docker Image
docker run --rm -it -p 8080:8080 certificate-update-service:latestIt can also be deployed on Kubernetes by using the Helm Chart defined in the folder deployment/helm/certificate-update-service:
helm install certificate-update-service ./deployment/helm/certificate-update-service
Important: It requires a Keycloak and a Redis Account, defined as environment variables, in order to let it fetch the Users' list and update the certificates in Redis.
For the Live-Test Environment, and for all the Environments where there is a need to load a set of existing Certificates from the File System, the Feature Flag feature.flag.import.from.disk should be set to true. As source folder, the path specified with the property cert.root.folder.path will be used and the certificates will be uploaded to the Redis Server.
If you want to see the security policy, please check our SECURITY.md.
If you want to contribute, please check our CONTRIBUTING.md.
Copyright 2023-2025 gematik GmbH
EUROPEAN UNION PUBLIC LICENCE v. 1.2
EUPL © the European Union 2007, 2016
See the LICENSE for the specific language governing permissions and limitations under the License
- Copyright notice: Each published work result is accompanied by an explicit statement of the license conditions for use. These are regularly typical conditions in connection with open source or free software. Programs described/provided/linked here are free software, unless otherwise stated.
- Permission notice: Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
- The copyright notice (Item 1) and the permission notice (Item 2) shall be included in all copies or substantial portions of the Software.
- The software is provided "as is" without warranty of any kind, either express or implied, including, but not limited to, the warranties of fitness for a particular purpose, merchantability, and/or non-infringement. The authors or copyright holders shall not be liable in any manner whatsoever for any damages or other claims arising from, out of or in connection with the software or the use or other dealings with the software, whether in an action of contract, tort, or otherwise.
- We take open source license compliance very seriously. We are always striving to achieve compliance at all times and to improve our processes. If you find any issues or have any suggestions or comments, or if you see any other ways in which we can improve, please reach out to: [email protected]
- Please note: Parts of this code may have been generated using AI-supported technology. Please take this into account, especially when troubleshooting, for security analyses and possible adjustments.
E-Mail to DEMIS Entwicklung