Merge pull request #33 from WorldHealthOrganization/openapi

added in openapi documentation into pagecontent.  sourced from https:…

input/fsh/models/hcert.fsh

@@ -27,6 +27,6 @@ Description:    "Logical Model for the HCERT"
 //* 2 0..* $RACSEL_DDVC "RACSEL Vaccination Certficate Data Set claim" "RACSEL Vaccination Certificate (PROPOSED)" 
 * 3 0..* $DDCCVS "Vaccination Core Data Set claim" "DDCC Vaccination claim (PROPOSED)"
 * 4 0..* $DDCCTR "Test Result Core Data Set claim" "DDCC Test Result claim (PROPOSED)"
-* 5 0..* $SmartHealthLink "SMART Health Link claim" "SMART Health Link (PROPOSED)"
+* 5 0..* $SmartHealthLink "SMART Health Link claim" "SMART Health Link"
 //* 6 0..* $IPS "IPS" "IPS Bundle (EXAMPLE)"
 

input/pagecontent/concepts.md

@@ -111,7 +111,7 @@ A Trust Network is a means to authenticate the encryption public keys used by pa
 
 
 ### Trust Network Gateway (TNG)
-The Trust Network Gateway (TNG) is the open-source software and its IT operational infrastructure, utilizing open standards, for a Public Key Infrastructure and metadata management services which is used to operationalize one or more Trust Domains.
+The Trust Network Gateway (TNG) is the open-source software and its IT operational infrastructure, utilizing open standards, for a Public Key Infrastructure and metadata management services which is used to operationalize one or more Trust Domains.  The Trust Network Gateway can be interacted with using the [API](openapi) once a mTLS connection has been established.
 
 #### Trust Network Gateway - Trust Anchor  (TNG<sub>TA</sub>) 
 The Trust Anchor public key certificate of the TNG. The corresponding private key is used to sign the list of all SCA certificates offline.

input/pagecontent/concepts_certificate_governance.md

@@ -51,7 +51,7 @@ Uploaded data packages are provided by the TNG “as is”, meaning that the TNG
 In addition to this -  Trust Network Participant back-end systems and the TNG will use mutual TLS authentication to establish a secure connection (see Section "Authentication and connection establishment"). So this is in _addition_ to the signatures in the data exchanged.
 
 #### Authentication and connection establishment
-The TNG uses Transport Layer Security (TLS) with mutual authentication to establish an authenticated encrypted channel between the Trust Network Participant's back-end and the Trust Network Gateway environment. Therefore, the TNG holds a TLS server certificate, abbreviated TNG<sub>TLS</sub> - and the Trust Network Participant's back-ends hold a TLS client certificate – abbreviated TNP<sub>TLS</sub>. Certificate templates are provided in Section "Certificate Templates".
+The TNG uses Transport Layer Security (TLS) with mutual authentication to establish an authenticated encrypted channel between the Trust Network Participant's back-end and the Trust Network Gateway environment and utitlize its [API](openapi). Therefore, the TNG holds a TLS server certificate, abbreviated TNG<sub>TLS</sub> - and the Trust Network Participant's back-ends hold a TLS client certificate – abbreviated TNP<sub>TLS</sub>. Certificate templates are provided in Section "Certificate Templates".
 
 Every Trust Network Participant's back-end can provide their own TLS certificate. This certificate will be whitelisted explicitly and thus may be issued by a publicly trusted certificate authority (e.g. a certificate authority that follows the baseline requirements of the CA Browser forum), by a jurisdictional certificate authority or it can be self-signed. Every Trust Network Participant is responsible for their jurisdictional data and the protection of the private key used to establish the connection to the TNG. Clearly, the “bring your own certificate” approach requires a well-defined registration and identification process as well as revocation and renewal procedures that are described in Section "Registration of Trust Network Participant Back-ends".
 

input/pagecontent/concepts_onboarding_checklist.md

@@ -60,7 +60,7 @@ For a successfull connection to the gateway using full onboarding, there are sev
 
  2) Prepare public keys in PEM format in a private Github repository dedicated to acceptance environment keys. Follow the  procedure described in this Github repository: https://github.com/WorldHealthOrganization/tng-participant-template (for support contact the [email protected] functional mailbox). After technical onboarding you will be notified.
 
- 3) After onboarding in the Acceptance Environment, check the connectivity with the following command:<br>
+ 3) After onboarding in the Acceptance Environment, check the connectivity with the Trust Network Gateway using its [API](openapi).  This can be acheived with following command:<br>
   ``` curl -v https://tng-uat.who.int/trustList --cert TLS.pem --key TLS_key.pem``` <br>
     You should see a output like: <br>
 

input/pagecontent/concepts_onboarding_initialprocess_full.md

@@ -18,7 +18,9 @@ Once we have received your submission and successfully onboarded the material, w
 ### 2. Perform Acceptance Testing
 
 After we contacted the participant about successful onboarding, a connectivity test should be the first action of the process. When connectivity is successfully established the participant should execute their acceptance tests. These acceptance tests must be performed on dedicated test environment called User Acceptance Testing (UAT) which already connects other trust network participants, that applied for onboarding.
-
+
+The [Trust Network Gateway API](openapi) can be used for interaction keeping the full functionality of the EU DCC Gateway. In addition, various HL7 FHIR services are being added.
+
 The participant needs to [communicate the results] of their tests to us, a quality check about the communicated results will be carried out, so that we can check for any issues or approve their readiness for production rollout.
 
 ### 3. Go Live on Production Environment

input/pagecontent/concepts_onboarding_process_full.md

@@ -51,7 +51,7 @@ In the following description the required steps are divided into three sections:
 
 **[8]** The TNP receives the confirmation and necessary technical information to connect to the TNG and register the certificates.
 
-For a successful connection to the gateway there are the following steps [9] – [11] to prepare:
+For a successful connection to the Trust Network Gateway there are the following steps [9] – [11] to prepare:
 
 **[9]** Create certificates per environment. Details can be found here: https://smart.who.int/trust/concepts_CertificatePreperation.html
 
@@ -218,7 +218,7 @@ b) Delete at least one DSC again (revocation of a DSC)
 
 c) Optional: Upload it again (if it is required for further testing)
 
-d) Download the trust list from the TNG gateway
+d) Download the trust list from the TNG gateway [(API)](openapi)
 
 e) Provide sample VDHC s to be verified by the service provider
 

input/pagecontent/openapi/.gitignore

@@ -0,0 +1,44 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**
+!**/src/test/**
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+.jpb
+
+### NetBeans ###
+/nbproject/
+/nbbuild/
+/.nb-gradle/
+build/
+
+### VS Code ###
+.vscode/
+
+### Others ###
+~$*.docx
+*.b64
+/testdata/
+*.log
+
+/keystore
+
+/tools/*
+!/tools/*.bat
+!/tools/*.sh
+
+certs/*

input/pagecontent/openapi/index.html

@@ -0,0 +1,57 @@
+<!-- HTML for static distribution bundle build -->
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>Swagger UI</title>
+  <link rel="stylesheet" type="text/css" href="./swagger-ui.css"/>
+  <link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32"/>
+  <link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16"/>
+  <style>
+    html {
+      box-sizing: border-box;
+      overflow: -moz-scrollbars-vertical;
+      overflow-y: scroll;
+    }
+
+    *,
+    *:before,
+    *:after {
+      box-sizing: inherit;
+    }
+
+    body {
+      margin: 0;
+      background: #fafafa;
+    }
+
+    .scheme-container {
+      display: none;
+    }
+  </style>
+</head>
+
+<body>
+<div id="swagger-ui"></div>
+
+<script src="./swagger-ui-bundle.js" charset="UTF-8"></script>
+<script src="./swagger-ui-standalone-preset.js" charset="UTF-8"></script>
+<script>
+  window.onload = function () {
+    // Begin Swagger UI call region
+    const ui = SwaggerUIBundle({
+      url: "openapi.json",
+      dom_id: '#swagger-ui',
+      deepLinking: true,
+      presets: [
+        SwaggerUIBundle.presets.apis
+      ],
+      supportedSubmitMethods: []
+    });
+    // End Swagger UI call region
+
+    window.ui = ui;
+  };
+</script>
+</body>
+</html>

input/pagecontent/openapi/oauth2-redirect.html

@@ -0,0 +1,78 @@
+<!doctype html>
+<html lang="en-US">
+<head>
+    <title>Swagger UI: OAuth2 Redirect</title>
+</head>
+<body>
+<script>
+    'use strict';
+
+    function run() {
+        var oauth2 = window.opener.swaggerUIRedirectOauth2;
+        var sentState = oauth2.state;
+        var redirectUrl = oauth2.redirectUrl;
+        var isValid, qp, arr;
+
+        if (/code|token|error/.test(window.location.hash)) {
+            qp = window.location.hash.substring(1);
+        } else {
+            qp = location.search.substring(1);
+        }
+
+        arr = qp.split("&");
+        arr.forEach(function (v, i, _arr) {
+            _arr[i] = '"' + v.replace('=', '":"') + '"';
+        });
+        qp = qp ? JSON.parse('{' + arr.join() + '}',
+            function (key, value) {
+                return key === "" ? value : decodeURIComponent(value);
+            }
+        ) : {};
+
+        isValid = qp.state === sentState;
+
+        if ((
+            oauth2.auth.schema.get("flow") === "accessCode" ||
+            oauth2.auth.schema.get("flow") === "authorizationCode" ||
+            oauth2.auth.schema.get("flow") === "authorization_code"
+        ) && !oauth2.auth.code) {
+            if (!isValid) {
+                oauth2.errCb({
+                    authId: oauth2.auth.name,
+                    source: "auth",
+                    level: "warning",
+                    message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
+                });
+            }
+
+            if (qp.code) {
+                delete oauth2.state;
+                oauth2.auth.code = qp.code;
+                oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
+            } else {
+                let oauthErrorMsg;
+                if (qp.error) {
+                    oauthErrorMsg = "[" + qp.error + "]: " +
+                        (qp.error_description ? qp.error_description + ". " : "no accessCode received from the server. ") +
+                        (qp.error_uri ? "More info: " + qp.error_uri : "");
+                }
+
+                oauth2.errCb({
+                    authId: oauth2.auth.name,
+                    source: "auth",
+                    level: "error",
+                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server"
+                });
+            }
+        } else {
+            oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
+        }
+        window.close();
+    }
+
+    window.addEventListener('DOMContentLoaded', function () {
+        run();
+    });
+</script>
+</body>
+</html>