...
API Security Filter Digest Validation PATH https://github.com/sunwavehealth/SunwaveEMR/blob/51252a9bb7a7d193a9cb929a7c22b04c2ad7fcf5/src/main/java/com/sunwave/emr/server/security/APISecurityFilter.java#L44
Validate GET if any of the validations fail “Invalid Request“ is returned. https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/security/DigestValidator.java#L41
Validate Date and Transaction Id https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/security/DigestValidator.java#L49
Validate Date - The request timestamp must be with in 300000 millisecond (5 minute) time window before now. https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/security/DigestValidator.java#L91
Validate Transaction Id - Transaction Id can not be reused this checks for that in the
sw_api_transactiontable using transaction_id and clinic_id https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/security/DigestValidator.java#L79Code Block language sql select id from sw_api_transaction where transaction_id = ? and clinic_id = ?",
If the transaction id is not found the validation passes and the transaction id is inserted into
sw_api_transactiontable.Code Block language sql insert into sw_api_transaction (transaction_id, created_on,clinic_id) values (?,str_to_date(?,'%Y-%m-%d %H:%i:%s'),?)"
Validate The user exists and has an email address from user_email table. https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/security/DigestValidator.java#L58
Code Block language sql select user_email from sw_user_clinic where sw_user_clinic.clinic_id = ? and sw_user_clinic.user_email = ?
Validate HMAC if the passed in HMAC does not match the calculated HMAC the validation fails.
Get Private Key from
sw_external_applicationtable: https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/security/DigestValidator.java#L72Code Block language sql select client_secret from sw_external_application where client_id = ? and clinic_id = ?
Calculate the HMAC using the seed and private key https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/security/DigestValidator.java#L62 and https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/util/JWT.java#L97
Code Block String parts[] = token.split(":"); String userId = parts[0]; String clientId = parts[1]; String dateTime = parts[2]; String clinicId = parts[3]; String transactionId = parts[4]; String hmac = parts[5]; String hmac = parts[5]; String seed = userId + ":" + clientId + ":" + dateTime + ":" + clinicId + ":" + transactionId;
...