update from upstream

CONTRIBUTING.md

@@ -49,7 +49,7 @@ See the [MAINTAINERS.md](MAINTAINERS.md) page.
 ## Setup
 LinuxForHealth is requires Java 1.8 or higher and Gradle 6.x.  
 
-LinuxForHealth is built on:
+LinuxForHealth is currently built on:
 
     Apache Camel for integration, supported by one of the most active development communities.
 

Dockerfile

@@ -6,16 +6,8 @@
 # - JAVA_HOME: The Java installation directory. Set in base image.
 # - JAVA_OPTIONS: Java command line options used to configure the JVM. Set in base image.
 
-# builder image
-FROM docker.io/linuxforhealth/openjdk:1.8 AS builder
-
-RUN mkdir -p /tmp/lfh/{config,libs}
-WORKDIR /tmp/lfh
-ADD build/libs/linux-for-health-connect*dependencies.tar libs/
-COPY build/libs/linux-for-health-connect*.jar .
-
 # target image
-FROM  docker.io/linuxforhealth/openjdk:1.8
+FROM  docker.io/linuxforhealth/openjdk-alpine:1.8
 
 LABEL maintainer="Linux for Health"
 LABEL com.linuxforhealth.component="connect"
@@ -25,7 +17,8 @@ LABEL summary="Linux For Health Connectors for Inbound Data Processing"
 LABEL description="Provides Route Based Processing for Inbound Data Flows"
 
 RUN mkdir -p /opt/lfh/libs
-COPY --from=builder /tmp/lfh /opt/lfh/
+ADD build/libs/linux-for-health-connect*dependencies.tar /opt/lfh/libs
+COPY build/libs/linux-for-health-connect*.jar /opt/lfh
 
 # expose MLLP, HTTP
 EXPOSE 2575 8080

README.md

@@ -1,6 +1,5 @@
 ![LinuxForHealth CI](https://github.com/LinuxForHealth/connect/workflows/Linux%20for%20Health%20CI/badge.svg?branch=master)
 
-# LinuxForHealth Connect
 LinuxForHealth Connectors for Inbound Data Processing
 
 Powered by [Apache Camel](https://camel.apache.org/)

build.gradle

@@ -13,12 +13,23 @@ repositories {
     maven {
         url "https://oss.sonatype.org/content/repositories/snapshots/"
     }
+    jcenter()
+    maven {
+     url "https://dl.bintray.com/ibm-watson-health/ibm-fhir-server-releases"
+     }
 }
 
 application {
     mainClassName = 'com.linuxforhealth.connect.App'
 }
 
+configurations {
+    // excluding xerces transitive dependency which causes conflict with JDK/JRE
+    // https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8016153
+    // https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8015487
+    runtime.exclude group: 'xerces', module: 'xercesImpl'
+}
+
 dependencies {
     // camel libraries
     implementation group: 'org.apache.camel', name: 'camel-core', version: project.camelVersion
@@ -36,10 +47,15 @@ dependencies {
     implementation group: 'org.apache.camel', name: 'camel-nats', version: project.camelVersion
     implementation group: 'org.apache.camel', name: 'camel-rest', version: project.camelVersion
     implementation group: 'org.apache.camel', name: 'camel-support', version: project.camelVersion
+    implementation group: 'org.apache.camel', name: 'camel-jdbc', version: project.camelVersion
     implementation group: 'org.apache.camel', name: 'camel-xpath', version: project.camelVersion
+    implementation group: 'org.apache.camel', name: 'camel-base64', version: project.camelVersion
+    implementation group: 'org.apache.camel', name: 'camel-tika', version: project.camelVersion
+    implementation group: 'org.apache.camel', name: 'camel-bindy', version: project.camelVersion
 
     // Java utils (OS type)
     implementation group: 'org.apache.commons', name: 'commons-lang3', version: project.commonsLang3Version
+    implementation group: 'org.apache.commons', name: 'commons-dbcp2', version: project.commonsDbcp2Version
 
     // data format support
     implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: project.jacksonVersion
@@ -71,12 +87,18 @@ dependencies {
     implementation group: 'ca.uhn.hapi.fhir', name: 'hapi-fhir-client', version: project.hapiFhirVersion
     implementation group: 'ca.uhn.hapi.fhir', name: 'hapi-fhir-structures-dstu3', version: project.hapiFhirVersion
     implementation group: 'ca.uhn.hapi.fhir', name: 'hapi-fhir-converter', version: project.hapiFhirConvertorVersion
+
+    // PostgreSQL
+    implementation group: 'org.postgresql', name: 'postgresql', version: project.postgresVersion
 
     // testing
     testImplementation group: 'org.apache.camel', name: 'camel-test-junit5', version: project.camelVersion
     testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: project.junitVersion
     testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-params', version: project.junitVersion
     testRuntimeOnly group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: project.junitVersion
+
+    // HL7 to FHIR converter
+    implementation group: 'io.github.linuxforhealth' , name:'hl7v2-fhir-converter', version:project.hl7v2FHIRConverterVersion
 }
 
 test {

code_of_conduct.md

@@ -1,5 +1,5 @@
 
-# Contributor Covenant Code of Conduct
+# Code of Conduct
 
 ## Our Pledge
 
@@ -60,6 +60,6 @@ representative at an online or offline event.
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+This Code of Conduct is adapted from the Contributor Covenant homepage,
 version 2.0, available at
 https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.

container-support/certs/.gitignore

@@ -0,0 +1,5 @@
+*.csr
+*.pem
+*.txt*
+*.txt
+*.p12

container-support/certs/README.md

@@ -0,0 +1,16 @@
+# LinuxForHealth certificate and store generation
+
+The LinuxForHealth container-support/certs directory contains the scripts required to generate self-signed certs needed for LinuxForHealth, along with a Java truststore and keystore. Follow the instructions below to re-generate and install the LinuxForHealth certs and stores.
+
+## Generate the certs, truststore and keystore
+
+Run the following commands to generate and install the LinuxForHealth certs, truststore and keystore.
+
+```shell script
+cd container-support/certs
+./clean.sh
+./mk-certs.sh
+cp *.jks ../../src/main/resources
+```
+
+Note: When asked for information for input, just hit return as the defaults have already been provided.

container-support/certs/ca.cnf

@@ -0,0 +1,83 @@
+HOME            = .
+RANDFILE        = $ENV::HOME/.rnd
+
+####################################################################
+[ ca ]
+default_ca    = CA_default      # The default ca section
+
+[ CA_default ]
+
+default_days     = 1000         # How long to certify for
+default_crl_days = 30           # How long before next CRL
+default_md       = sha256       # Use public key default MD
+preserve         = no           # Keep passed DN ordering
+
+x509_extensions = ca_extensions # The extensions to add to the cert
+
+email_in_dn     = no            # Don't concat the email in the DN
+copy_extensions = copy          # Required to copy SANs from CSR to cert
+
+base_dir      = .
+certificate   = $base_dir/rootCA.crt   # The CA certifcate
+private_key   = $base_dir/rootCA.key   # The CA private key
+new_certs_dir = $base_dir              # Location for new certs after signing
+database      = $base_dir/index.txt    # Database index file
+serial        = $base_dir/serial.txt   # The current serial number
+
+unique_subject = no  # Set to 'no' to allow creation of
+                     # several certificates with same subject.
+
+####################################################################
+[ req ]
+default_bits       = 4096
+default_keyfile    = rootCA.key
+distinguished_name = ca_distinguished_name
+x509_extensions    = ca_extensions
+string_mask        = utf8only
+
+####################################################################
+[ ca_distinguished_name ]
+countryName         = US
+countryName_default = US
+
+stateOrProvinceName         = Texas
+stateOrProvinceName_default = Texas
+
+localityName                = Austin
+localityName_default        = Austin
+
+organizationName            = LinuxForHealth
+organizationName_default    = LinuxForHealth
+
+organizationalUnitName         = HealthOS
+organizationalUnitName_default = HealthOS
+
+commonName         = linuxforhealth.org
+commonName_default = linuxforhealth.org
+
+emailAddress         = info@linuxforhealth.org
+emailAddress_default = info@linuxforhealth.org
+
+####################################################################
+[ ca_extensions ]
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always, issuer
+basicConstraints       = critical, CA:true
+keyUsage               = keyCertSign, cRLSign
+
+####################################################################
+[ signing_policy ]
+countryName            = optional
+stateOrProvinceName    = optional
+localityName           = optional
+organizationName       = optional
+organizationalUnitName = optional
+commonName             = supplied
+emailAddress           = optional
+
+####################################################################
+[ signing_req ]
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid,issuer
+basicConstraints       = CA:FALSE
+keyUsage               = digitalSignature, keyEncipherment

container-support/certs/clean.sh

@@ -0,0 +1,11 @@
+#
+# (C) Copyright IBM Corp. 2020
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# make-certs.sh
+# Creates the LinuxForHealth certificates required to enable TLS.
+#
+rm *.jks *.p12 *.crt *.csr *.key *.old *.pem index.txt* serial.txt* > /dev/null 2>&1
+touch index.txt
+echo "01" > serial.txt

container-support/certs/mk-certs.sh

@@ -0,0 +1,67 @@
+#
+# (C) Copyright IBM Corp. 2020
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# make-certs.sh
+# Creates the LinuxForHealth certificates required to enable TLS.
+#
+PASSWORD=change-password
+
+OPENSSL=`which openssl`
+if [ -z "$OPENSSL" ]; then
+    echo "Please install openssl."
+    exit 1
+fi
+
+KEYTOOL=`which keytool`
+if [ -z "$KEYTOOL" ]; then
+    echo "Please ensure keytool from the Java JDK is available."
+    exit 1
+fi
+
+echo "Creating the LinuxForHealth rootCA certificate"
+openssl req -nodes -x509 -newkey rsa:4096 -sha256 -days 3650 -keyout rootCA.key \
+    -out rootCA.crt -passout pass:$PASSWORD -config ./ca.cnf
+
+echo "Creating a signing request for the LinuxForHealth server certificate"
+openssl req -nodes -newkey rsa:2048 -sha256 -out servercert.csr \
+    -keyout server.key -subj "/C=US/ST=Texas/L=Austin/O=LinuxForHealth/CN=linuxforhealth.org" \
+    -config ./server.cnf
+
+echo "Signing the LinuxForHealth server certificate"
+openssl ca -batch -config ca.cnf -policy signing_policy -extensions signing_req -out server.crt \
+    -infiles servercert.csr
+
+echo "Creating a signing request for the LinuxForHealth NATS server certificate"
+openssl req -nodes -newkey rsa:2048 -sha256 -out natsservercert.csr \
+    -keyout nats-server.key -subj "/C=US/ST=Texas/L=Austin/O=LinuxForHealth/CN=linuxforhealth.org" \
+    -config ./nats-server.cnf
+
+echo "Signing the LinuxForHealth NATS server certificate"
+openssl ca -batch -config ca.cnf -policy signing_policy -extensions signing_req -out nats-server.crt \
+    -infiles natsservercert.csr
+
+echo "Creating the java trust store"
+keytool -keystore lfhtruststore.jks -alias CARoot -import -file ./rootCA.crt -noprompt \
+    -storetype pkcs12 -storepass $PASSWORD
+
+echo "Importing the Blue Button sandbox cert into the truststore"
+keytool -keystore lfhtruststore.jks -alias BlueButtonSandbox -import -file ./test.cms.gov.cer \
+    -noprompt -storetype pkcs12 -storepass $PASSWORD
+
+echo "Creating the java key store and importing the LFH server cert"
+openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -CAfile rootCA.crt \
+    -name server -caname CARoot -passout pass:$PASSWORD
+keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -deststoretype pkcs12 \
+    -alias server -destkeystore lfhkeystore.jks -srcstorepass $PASSWORD -deststorepass $PASSWORD
+
+echo "Importing the NATS server cert into the keystore"
+openssl pkcs12 -export -in nats-server.crt -inkey nats-server.key -out nats-server.p12 \
+    -name nats-server -CAfile rootCA.crt -caname CARoot -passout pass:$PASSWORD
+keytool -importkeystore -srckeystore nats-server.p12 -srcstoretype pkcs12 -alias nats-server \
+    -destkeystore lfhkeystore.jks -srcstorepass $PASSWORD -deststorepass $PASSWORD
+
+echo "Importing the CA cert into the keystore"
+keytool -keystore lfhkeystore.jks -alias CARoot -import -file ./rootCA.crt \
+    -noprompt -storepass $PASSWORD

container-support/certs/nats-server.cnf

@@ -0,0 +1,38 @@
+HOME            = .
+RANDFILE        = $ENV::HOME/.rnd
+
+####################################################################
+[ req ]
+default_bits       = 2048
+default_keyfile    = nats-server.key
+distinguished_name = server_distinguished_name
+req_extensions     = server_req_extensions
+string_mask        = utf8only
+prompt             = no
+
+####################################################################
+[ server_distinguished_name ]
+countryName            = US
+stateOrProvinceName    = Texas
+localityName           = Austin
+organizationName       = LinuxForHealth
+organizationalUnitName = HealthOS
+commonName             = linuxforhealth.org
+emailAddress           = info@linuxforhealth.org
+
+####################################################################
+[ server_req_extensions ]
+subjectKeyIdentifier = hash
+basicConstraints     = CA:FALSE
+keyUsage             = digitalSignature, keyEncipherment
+nsComment            = "OpenSSL Generated Certificate"
+extendedKeyUsage     = clientAuth, serverAuth
+subjectAltName       = @alternate_names
+
+####################################################################
+[ alternate_names ]
+IP.1  = 127.0.0.1
+IP.2  = 172.18.0.4
+DNS.1 = localhost
+DNS.2 = nats-server
+DNS.3 = compose_nats-server_1