Skip to content

Commit

Permalink
Recovery Validity Change (eu-digital-green-certificates#40)
Browse files Browse the repository at this point in the history
* Test Cases added and Recoverystatement Validity added.

* Test Cases added and Recoverystatement Validity added.

* Recoverystatement fixed

* Checkup function added

* Updated logic for test

* Added recovery validation logic

Co-authored-by: Oleksandr Sarapulov <[email protected]>
  • Loading branch information
SchulzeStTSI and oleksandrsarapulovgl authored Jun 24, 2021
1 parent 6494cb8 commit 9dc485e
Show file tree
Hide file tree
Showing 6 changed files with 269 additions and 3 deletions.
10 changes: 10 additions & 0 deletions .idea/runConfigurations.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import COSE.HeaderKeys
import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper
import com.upokecenter.cbor.CBORObject
import dgca.verifier.app.decoder.base45.Base45Decoder
import dgca.verifier.app.decoder.cose.CoseService
import dgca.verifier.app.decoder.cwt.CwtHeaderKeys
import dgca.verifier.app.decoder.model.CoseData
import dgca.verifier.app.decoder.model.GreenCertificate
Expand Down Expand Up @@ -87,7 +88,13 @@ class DefaultCertificateDecoder(private val base45Decoder: Base45Decoder) :
val messageObject = CBORObject.DecodeFromBytes(this)
val content = messageObject[2].GetByteString()
val rgbProtected = messageObject[0].GetByteString()
var rgbUnprotected = messageObject[1];
val key = HeaderKeys.KID.AsCBOR()

if(!CBORObject.DecodeFromBytes(rgbProtected).keys.contains(key)) {
val objunprotected = rgbUnprotected.get(key).GetByteString()
return CoseData(content, objunprotected)
}
val objProtected = CBORObject.DecodeFromBytes(rgbProtected).get(key).GetByteString()
return CoseData(content, objProtected)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,10 @@
package dgca.verifier.app.decoder.model

import com.fasterxml.jackson.annotation.JsonProperty
import org.joda.time.DateTime
import java.io.Serializable
import java.time.*
import java.time.format.DateTimeFormatter

data class RecoveryStatement(

Expand All @@ -48,4 +51,36 @@ data class RecoveryStatement(
@JsonProperty("ci")
val certificateIdentifier: String

) : Serializable
) : Serializable {
companion object {
private val UTC_ZONE_ID: ZoneId = ZoneId.ofOffset("", ZoneOffset.UTC).normalized()
}

fun isCertificateNotValidAnymore(): Boolean? =
certificateValidUntil.toZonedDateTimeOrUtcLocal()?.isBefore(ZonedDateTime.now())

fun isCertificateNotValidSoFar(): Boolean? =
certificateValidFrom.toZonedDateTimeOrUtcLocal()?.isAfter(ZonedDateTime.now())

private fun String.toZonedDateTime(): ZonedDateTime? = try {
ZonedDateTime.parse(this)
} catch (error: Throwable) {
null
}

private fun String.toLocalDateTime(): LocalDateTime? = try {
LocalDateTime.parse(this)
} catch (error: Throwable) {
null
}

private fun String.toLocalDate(): LocalDate? = try {
LocalDate.parse(this)
} catch (error: Throwable) {
null
}

private fun String.toZonedDateTimeOrUtcLocal(): ZonedDateTime? =
this.toZonedDateTime()?.withZoneSameInstant(UTC_ZONE_ID) ?: this.toLocalDateTime()
?.atZone(UTC_ZONE_ID) ?: this.toLocalDate()?.atStartOfDay(UTC_ZONE_ID)
}
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,15 @@ data class VerificationResult(
var isIssuedTimeCorrect: Boolean = false,
var isNotExpired: Boolean = false,
var rulesValidationFailed: Boolean = false,
var testVerification: TestVerificationResult? = null
var testVerification: TestVerificationResult? = null,
var recoveryVerification: RecoveryVerificationResult? = null
) {

fun isValid(): Boolean {
val isTestValid = testVerification?.isTestValid() ?: true
val isRecoveryValid = recoveryVerification?.isRecoveryValid() ?: true;
return base45Decoded && zlibDecoded && coseVerified && cborDecoded && isSchemaValid && isTestValid &&
isIssuedTimeCorrect && isNotExpired && !rulesValidationFailed
isIssuedTimeCorrect && isNotExpired && !rulesValidationFailed && isRecoveryValid
}

/**
Expand All @@ -59,6 +61,18 @@ data class VerificationResult(
!testVerification!!.isTestResultNegative
}

fun isRecoveryNotValidAnymore(): Boolean = if (recoveryVerification == null) {
false
} else {
recoveryVerification!!.isNotValidAnymore
}

fun isRecoveryNotValidSoFar(): Boolean = if (recoveryVerification == null) {
false
} else {
recoveryVerification!!.isNotValidSoFar
}

override fun toString(): String {
return "VerificationResult: \n" +
"base45Decoded: $base45Decoded \n" +
Expand All @@ -72,4 +86,8 @@ data class VerificationResult(

data class TestVerificationResult(val isTestResultNegative: Boolean, val isTestDateInThePast: Boolean) {
fun isTestValid(): Boolean = isTestResultNegative && isTestDateInThePast
}

data class RecoveryVerificationResult(val isNotValidSoFar: Boolean, val isNotValidAnymore: Boolean) {
fun isRecoveryValid() = !isNotValidSoFar && !isNotValidAnymore
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
package dgca.verifier.app.decoder

import dgca.verifier.app.decoder.model.RecoveryStatement
import org.junit.Assert
import org.junit.Test

class CertificateCheckTest {
@Test
fun TestTestValidity() {
val test = dgca.verifier.app.decoder.model.Test(
"12",
"",
"",
"",
"2021-02-20T12:34:56Z",
"",
"260415000",
"",
"",
"",
""
)
Assert.assertTrue(test.isDateInThePast())
Assert.assertTrue(test.isResultNegative())
}

@Test
fun testIsCertificateNotValidAnymore() {
var recovery = RecoveryStatement("", "", "", "", "", "2021-03-04", "")
Assert.assertTrue(recovery.isCertificateNotValidAnymore()!!)
recovery = RecoveryStatement("", "", "", "", "", "2030-02-04", "")
Assert.assertTrue(!recovery.isCertificateNotValidAnymore()!!)
recovery = RecoveryStatement("", "", "", "", "", "2021-02-20T12:34:56Z", "")
Assert.assertTrue(recovery.isCertificateNotValidAnymore()!!)
recovery = RecoveryStatement("", "", "", "", "", "2007-12-03T10:15:30+01:00", "")
Assert.assertTrue(recovery.isCertificateNotValidAnymore()!!)
}

@Test
fun testIsCertificateNotValidSoFar() {
var recovery = RecoveryStatement("", "", "", "", "2100-03-04", "", "")
Assert.assertTrue(recovery.isCertificateNotValidSoFar()!!)
recovery = RecoveryStatement("", "", "", "", "2000-02-04", "", "")
Assert.assertTrue(!recovery.isCertificateNotValidSoFar()!!)
recovery = RecoveryStatement("", "", "", "", "2100-02-20T12:34:56Z", "", "")
Assert.assertTrue(recovery.isCertificateNotValidSoFar()!!)
recovery = RecoveryStatement("", "", "", "", "2100-12-03T10:15:30+01:00", "", "")
Assert.assertTrue(recovery.isCertificateNotValidSoFar()!!)
}

@Test
fun testCertificateValidity() {
val recovery = RecoveryStatement("", "", "", "", "", "", "")
Assert.assertNull(recovery.isCertificateNotValidSoFar())
Assert.assertNull(recovery.isCertificateNotValidAnymore())
}
}
139 changes: 139 additions & 0 deletions decoder/src/test/java/dgca/verifier/app/decoder/QrCodeTests.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
package dgca.verifier.app.decoder;

import org.junit.Assert;
import org.junit.Test;
import android.util.Base64;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import dgca.verifier.app.decoder.base45.Base45Decoder;
import dgca.verifier.app.decoder.base45.Base45Service;
import dgca.verifier.app.decoder.base45.DefaultBase45Service;
import dgca.verifier.app.decoder.cbor.CborService;
import dgca.verifier.app.decoder.cbor.DefaultCborService;
import dgca.verifier.app.decoder.compression.CompressorService;
import dgca.verifier.app.decoder.compression.DefaultCompressorService;
import dgca.verifier.app.decoder.cose.CoseService;
import dgca.verifier.app.decoder.cose.CryptoService;
import dgca.verifier.app.decoder.cose.DefaultCoseService;
import dgca.verifier.app.decoder.cose.VerificationCryptoService;
import dgca.verifier.app.decoder.model.CoseData;
import dgca.verifier.app.decoder.model.GreenCertificate;
import dgca.verifier.app.decoder.model.VerificationResult;
import dgca.verifier.app.decoder.prefixvalidation.DefaultPrefixValidationService;
import dgca.verifier.app.decoder.prefixvalidation.PrefixValidationService;
import dgca.verifier.app.decoder.schema.DefaultSchemaValidator;
import dgca.verifier.app.decoder.schema.SchemaValidator;

public class QrCodeTests {

X509Certificate toCertificate(String pubKey) throws java.security.cert.CertificateException
{
byte[] in = java.util.Base64.getDecoder().decode(pubKey);
InputStream inputStream = new ByteArrayInputStream(in);
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
}

boolean Verify(String prefix,String PublicKey)
{
VerificationResult result = new VerificationResult();
Base45Service b45Service = new DefaultBase45Service();
PrefixValidationService prefService = new DefaultPrefixValidationService();
CompressorService compressorService = new DefaultCompressorService();
SchemaValidator validator = new DefaultSchemaValidator();
CoseService coseservice = new DefaultCoseService();
CborService cborservice = new DefaultCborService();

String base45=prefService.decode(prefix,result);
byte[] compressed = b45Service.decode(base45,result);
byte[] cose = compressorService.decode(compressed,result);
CoseData cbor = coseservice.decode(cose,result);

GreenCertificate greenCertificate= cborservice.decode(cbor.getCbor(),result);

boolean schemaresult = validator.validate(cbor.getCbor(),result);

CryptoService cryptoService = new VerificationCryptoService();
X509Certificate cert = null;
try {
cert = toCertificate(PublicKey);
}
catch (Exception ex)
{
return false;
}

cryptoService.validate(cose,cert,result);

return result.isValid();
}


@Test
public void testPLCode()
{
String hCert
Base45Decoder base45Decoder= new dgca.verifier.app.decoder.base45.Base45Decoder();
DefaultCertificateDecoder decoder = new DefaultCertificateDecoder(base45Decoder);
CertificateDecodingResult result = decoder.decodeCertificate(hCert);
Assert.assertTrue(result instanceof CertificateDecodingResult.Success);

String pubkey= "MIICnDCCAkKgAwIBAgIIJr8oA/3jYAQwCgYIKoZIzj0EAwIwUDEkMCIGA1UEAwwbUG9sYW5kIERHQyBSb290Q1NDQSAxIEFDQyBTMRswGQYDVQQKDBJNaW5pc3RyeSBvZiBIZWFsdGgxCzAJBgNVBAYTAlBMMB4XDTIxMDUyNDExMTgxNloXDTIzMDUyNDExMTgxNlowcjEtMCsGA1UEAwwkUG9sYW5kIFZhY2NpbmF0aW9uIERHQyBTZXJ2aWNlIDMgQUNDMRcwFQYDVQQLDA5lSGVhbHRoIENlbnRlcjEbMBkGA1UECgwSTWluaXN0cnkgb2YgSGVhbHRoMQswCQYDVQQGEwJQTDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBb5V0Rbo5Qc1yAVxRyXaLt/QjmI4WG3qsXf81WoH6L2Uf4oj5iGnAuem1TSotax+FUgvn+GbcUg7BTrL+ePAQSjgeMwgeAwHwYDVR0jBBgwFoAUqc15HwkAJgfQl/0DpjHxRVJ9E28wFgYDVR0lBA8wDQYLKwYBBAGON49lAQIwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2FjYy1wMS5lemRyb3dpZS5nb3YucGwvY2NwMS9jcmwvREdDUm9vdENTQ0ExQUNDUy5jcmwwHQYDVR0OBBYEFAenLsHAhybxn8MjzWYLq+xrD8iYMCsGA1UdEAQkMCKADzIwMjEwNTI0MTExODE2WoEPMjAyMjA1MjQxMTE4MTZaMAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNIADBFAiEAw17oXs3K8q+VorcGq014/zCZAnxqRIQ6fCkHGCENJWQCIB3hvpk+NdLphX7aokerbhsF6xuJ7hT6DnD67SFgLI/9";

Assert.assertTrue(Verify(hCert,pubkey));
}

@Test
public void testBgCode()
{
String hCert
Base45Decoder base45Decoder= new dgca.verifier.app.decoder.base45.Base45Decoder();
DefaultCertificateDecoder decoder = new DefaultCertificateDecoder(base45Decoder);
CertificateDecodingResult result = decoder.decodeCertificate(hCert);
Assert.assertTrue(result instanceof CertificateDecodingResult.Success);

String pubkey= "MIICpDCCAkugAwIBAgIUCQqeQIDhCUErUgTaGLQWtpazE0wwCgYIKoZIzj0EAwIwbDELMAkGA1UEBhMCQkcxGzAZBgNVBAoMEk1pbmlzdHJ5IG9mIEhlYWx0aDEiMCAGA1UECwwZSGVhbHRoIEluZm9ybWF0aW9uIFN5c3RlbTEcMBoGA1UEAwwTQnVsZ2FyaWEgREdDIENTQ0EgMTAeFw0yMTA1MTExMzM1NDFaFw0yMzA1MTExMzM1NDFaMHIxCzAJBgNVBAYTAkJHMQ4wDAYDVQQHDAVTb2ZpYTEbMBkGA1UECgwSTWluaXN0cnkgb2YgSGVhbHRoMSIwIAYDVQQLDBlIZWFsdGggSW5mb3JtYXRpb24gU3lzdGVtMRIwEAYDVQQDDAlER0MgRFNDIDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATKS3U1ssyUkLU8/l+N4WLHBJtJv7EfhhHSCS4sIDmxC1IEvSDNeWGBNRAd0y4c2qvk3mggEWTvXl4EemFOI4LCo4HEMIHBMAwGA1UdEwEB/wQCMAAwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL2NybC5oaXMuYmcvY3NjYTEuY3JsMB8GA1UdIwQYMBaAFCquB6sY+uzcJ1Q7ebdy5EPK5zMLMB0GA1UdDgQWBBSZ1xpVCsU4Ccmz1cn4cK+Af0o3gTAOBgNVHQ8BAf8EBAMCB4AwMwYDVR0lBCwwKgYMKwYBBAEAjjePZQEBBgwrBgEEAQCON49lAQIGDCsGAQQBAI43j2UBAzAKBggqhkjOPQQDAgNHADBEAiAZG+XA04EByYpauBQIaGiv6Jy7Y/N7FTmYscaQ4NeKJwIga1u+9Pq8+63QeU6gsCkf+jIKppr58EQMA6UF1I11VDE=";
Assert.assertTrue(Verify(hCert,pubkey));
}

@Test
public void testDECode()
{
String hCert
Base45Decoder base45Decoder= new dgca.verifier.app.decoder.base45.Base45Decoder();
DefaultCertificateDecoder decoder = new DefaultCertificateDecoder(base45Decoder);
CertificateDecodingResult result = decoder.decodeCertificate(hCert);
Assert.assertTrue(result instanceof CertificateDecodingResult.Success);
}

@Test
public void testNOCode(){

String hCert= "HC1:NCF780+80T9WTWGSLKC 4J9965QTH121L3LCFBB*A3*70M+9FN03DCZSJWY0JAC4+UD97TK0F90KECTHGWJC0FDVQ4AIA%G7X+AQB9746VG7W0AV+AWM96X6FCAJY8-F6846W%6V%60ZAKB7UPCBJCR1AFVC*70LVC6JD846Y96A464W5.A6+EDL8F9-98LE* CMEDM-DXC9 QE-ED8%EDZCX3E$34Z$EXVD-NC%69AECAWE.JCBECB1A-:8$966469L6OF6VX6Q$D.UDRYA 96NF6L/5SW6Y57KQEPD09WEQDD+Q6TW6FA7C466KCN9E%961A6DL6FA7D46JPCT3E5JDMA7346D463W5Z57..DX%DZJC7/DCWO3/DTVDD5D9-K3VCI3DU2DGECUGDK MLPCG/D2SDUWGR095Y8DWO0IAMPCG/DU2DRB8SE9VXI$PC5$CUZCZ$5Y$527B0DR-NGD9R696*KOX$N3E5G-ER 5ZOHMLQW4O-1M1I0OHE1SVLZNT361*ED+E7ICER5-HMV*47OO$5J+%Q8KU7+G275H7TDX9R+GZWG";
Base45Decoder base45Decoder= new dgca.verifier.app.decoder.base45.Base45Decoder();
DefaultCertificateDecoder decoder = new DefaultCertificateDecoder(base45Decoder);
CertificateDecodingResult result = decoder.decodeCertificate(hCert);
Assert.assertTrue(result instanceof CertificateDecodingResult.Success);

String pubkey= "MIICKTCCAc+gAwIBAgITewAAAB77yzK1mZYu7QAAAAAAHjAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJOTzEbMBkGA1UEChMSTm9yc2sgaGVsc2VuZXR0IFNGMRMwEQYDVQQDEwpDU0NBIE5PIHYxMB4XDTIxMDYwNzA1NTY0MloXDTIzMDYwNzA2MDY0MlowUjELMAkGA1UEBhMCTk8xLTArBgNVBAoTJE5vcndlZ2lhbiBJbnN0aXR1dGUgb2YgUHVibGljIEhlYWx0aDEUMBIGA1UEAxMLRFNDIEhOIEVVIDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR0UprGbSmy5WsMAyb0GXbzemkLRvmUNswy1lBGavDjHW7CTYPd+7yG/OGaXetTnboH0jDJeL1vVQvOr12T4+teo4GWMIGTMA4GA1UdDwEB/wQEAwIHgDAzBgNVHSUELDAqBgwrBgEEAQCON49lAQEGDCsGAQQBAI43j2UBAgYMKwYBBAEAjjePZQEDMB0GA1UdDgQWBBT1z+dhLhI7/AUOAdFiK4oqzEAlrzAfBgNVHSMEGDAWgBRBY3L2ecPBcffxgRI2UhCjJQp0JzAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIDnEDlot8V1hen18ra7Xjv2bGL1mdz7453ItRdx4ubllAiEAkZZKE14rprcfPW6lKcS+SwQr7IWCrMYb/nZdhecUAHM=";

Assert.assertTrue(Verify(hCert,pubkey));
}

@Test
public void testNormalCode()
{
String hCert
Base45Decoder base45Decoder= new dgca.verifier.app.decoder.base45.Base45Decoder();
DefaultCertificateDecoder decoder = new DefaultCertificateDecoder(base45Decoder);
CertificateDecodingResult result = decoder.decodeCertificate(hCert);
Assert.assertTrue(result instanceof CertificateDecodingResult.Success);

String pubkey= "MIIBzDCCAXGgAwIBAgIUDN8nWnn8gBmlWgL3stwhoinVD5MwCgYIKoZIzj0EAwIwIDELMAkGA1UEBhMCR1IxETAPBgNVBAMMCGdybmV0LmdyMB4XDTIxMDUxMjExMjY1OFoXDTIzMDUxMjExMjY1OFowIDELMAkGA1UEBhMCR1IxETAPBgNVBAMMCGdybmV0LmdyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBcc6ApRZrh9/qCuMnxIRpUujI19bKkG+agj/6rPOiX8VyzfWvhptzV0149AFRWdSoF/NVuQyFcrBoNBqL9zCAqOBiDCBhTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFN6ZiC57J/yRqTJ/Tg2eRspLCHDhMB8GA1UdIwQYMBaAFNU5HfWNY37TbdZjvsvO+1y1LPJYMDMGA1UdJQQsMCoGDCsGAQQBAI43j2UBAQYMKwYBBAEAjjePZQECBgwrBgEEAQCON49lAQMwCgYIKoZIzj0EAwIDSQAwRgIhAN6rDdE4mtTt2ZuffpZ242/B0lmyvdd+Wy6VuX+J/b01AiEAvME52Y4zqkQDuj2kbfCfs+h3uwYFOepoBP14X+Rd/VM=";

Assert.assertTrue(Verify(hCert,pubkey));
}
}

0 comments on commit 9dc485e

Please sign in to comment.