eu-digital-green-certificates / dgc-certlogic-android Goto Github PK
View Code? Open in Web Editor NEWThis repository contains the source code of the EU Digital COVID Certificate Certlogic for Android.
License: Apache License 2.0
This repository contains the source code of the EU Digital COVID Certificate Certlogic for Android.
License: Apache License 2.0
Verifiers that would like to integrate the CertLogic RuleEngine as a library currently need to reference the source code directly, or compile it locally and reference their own build.
By publishing the compiled artefact to a public repository (e.g. as a Github Action pushing the jar to Maven Central), consumers can include the latest version without manual effort.
By using a public maven repo, it's easy for downstream dependencies to keep up to date with new feature and bugfixes without manual intervention.
There is currently no check for the value of the Engine
attribute of a rule:
If a rule has the attribute Engine
with a value other than CERTLOGIC
, the rule is not evaluated but reported as open
.
see code
n/a
add if
statement
related to eu-digital-green-certificates/dgc-certlogic-ios#26
The current implementation contains dependencies to room, retrofit and other dependencies which can result in conflicts in other apps by using this module. To reduce this dependencies the used componentens should be abstracted by interfaces, and the implementation of the interfaces should be passed to the verifier/wallet app. This should reduce the used dependencies by the module. After this refactoring, the module can be released as seperate package.
A date/date-time value like 2021-02-04T00:00:00
without a time zone designator, when used in a DCC and checked by a corresponding rule, leads to open
on Android instead of pass or fail. This is the case for many DCCs from Bulgaria.
The date-time format is correctly parsed because it is a valid ISO 8601 date-time representation, see https://en.wikipedia.org/wiki/ISO_8601#Times
Create a vaccination certificate with dt
set to 2021-02-04T00:00:00
and check against the German rule set.
n/a
n/a
Currently the External Parameters contain filterparameters like countryCode , Region, Certtype etc. Please seperate the Filterparameters in a seperate class "Filterparameter" which are added to the validate method. The external parameters should contain just fields which are passed to the JSON for logic execution.
Rule BNR-DE-4161 is validated as OPEN when we validate a Vaccination certificate
Exception: java.lang.RuntimeException: date argument of "plusTime" must be a string
All Rules are validated as OPEN when we validate a Recovery certificate
Exception: java.lang.RuntimeException: date argument of "plusTime" must be a string
Rule should be validated as FAIL
Vaccination certificate
dataJsonNode:
{"external":{"validationClock":"2022-01-15T10:51:03.857+01:00","valueSets":{},"countryCode":"de","exp":"2022-07-30T15:01:59Z","iat":"2021-07-30T15:01:59Z","issuerCountryCode":"de","kid":"","region":""},"payload":{"issuer":"DE","validFrom":1627657319,"validUntil":1659193319,"nam":{"gn":"AstraZeneca","fn":"Vaccine","gnt":"ASTRAZENECA","fnt":"VACCINE"},"dob":"1921-08-21","v":[{"tg":"840539006","vp":"1119305005","mp":"EU/1/21/1529","ma":"ORG-100001417","dn":2,"sd":2,"dt":"2021-08-02","co":"DE","is":"Robert Koch-Institut","ci":"URN:UVCI:01DE/IBMT102/3CU9LYH1VHUMMDF86T7X3S#L"}],"t":[],"r":[],"ver":"1.3.0","dateTimeSeparator":"T","empty":0,"yearCount":4,"yearMonthCount":7,"yearMonthDayCount":10}}
Recovery certificate
dataJsonNode:
{"external":{"validationClock":"2022-01-15T10:48:01.219+01:00","valueSets":{},"countryCode":"de","exp":"2022-07-30T15:02:01Z","iat":"2021-07-30T15:02:01Z","issuerCountryCode":"de","kid":"","region":""},"payload":{"issuer":"DE","validFrom":1627657321,"validUntil":1659193321,"nam":{"gn":"Recovery","fn":"RichyThree","gnt":"RECOVERY","fnt":"RICHYTHREE"},"dob":"1921-08-21","v":[],"t":[],"r":[{"tg":"840539006","fr":"2021-08-02","df":"2021-08-30","du":"2022-02-01","co":"DE","is":"Robert Koch-Institut","ci":"URN:UVCI:01DE/IBMT102/51VONE4URYN03AO7ID2N91#S"}],"ver":"1.3.0","dateTimeSeparator":"T","empty":0,"yearCount":4,"yearMonthCount":7,"yearMonthDayCount":10}}
BoosterNotification rules:
bnr.txt
The current implementation is comparing the ver
attribute of the DCC/hcert with the Version
attribute of the rule:
That's like comparing cars and apples.
Compare ver
against SchemaVersion
look at the code
n/a
Compare ver
against SchemaVersion
n/a
Logic
field is not according to specification, doesn't validate, and doesn't execute (at least not in CertLogic's JS and Kotlin implementations). Check out this link.Is that intentional? People are seeing this, thinking that it's valid. Is rule.json
(and rule_with_region.json
) used when running tests?
During the Recovery certificate validation we received an OPEN result for the following rules of Switzerland.
The results are OPEN because the CertLogic throws an exception.
RR-CH-0001
com.fasterxml.jackson.databind.node.TextNode cannot be cast to com.fasterxml.jackson.databind.node.BooleanNode
RR-CH-0002
date argument of "plusTime" must be a string
RR-CH-0003
date argument of "plusTime" must be a string
Recovery rules for Switzerland should be validated as PASSED or FAIL.
During development of an Android App (min SDK 23), everything works fine and all necessary dependencies are found.
However only when creating a release build of the application (even with proguard disabled) the application crashes with the following stacktrace:
java.util.ServiceConfigurationError: com.fasterxml.jackson.databind.Module: Provider com.fasterxml.jackson.datatype.jsr310.JavaTimeModule could not be instantiated at java.util.ServiceLoader.fail(ServiceLoader.java:233) at java.util.ServiceLoader.access$100(ServiceLoader.java:183) at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:392) at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:416) at java.util.ServiceLoader$1.next(ServiceLoader.java:494) at com.fasterxml.jackson.databind.ObjectMapper.findModules(ObjectMapper.java:1081) at com.fasterxml.jackson.databind.ObjectMapper.findModules(ObjectMapper.java:1065) at com.fasterxml.jackson.databind.ObjectMapper.findAndRegisterModules(ObjectMapper.java:1115) ..... Suppressed: java.util.ServiceConfigurationError: com.fasterxml.jackson.databind.Module: Provider com.fasterxml.jackson.datatype.jsr310.JavaTimeModule could not be instantiated ... 24 more Caused by: java.lang.NoClassDefFoundError: <clinit> failed for class com.fasterxml.jackson.datatype.jsr310.deser.InstantDeserializer; see exception in other thread at com.fasterxml.jackson.datatype.jsr310.JavaTimeModule.<init>(JavaTimeModule.java:119) at java.lang.Class.newInstance(Native Method) at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:388) ... 21 more Suppressed: java.util.ServiceConfigurationError: com.fasterxml.jackson.databind.Module: Provider com.fasterxml.jackson.datatype.jsr310.JavaTimeModule could not be instantiated ... 24 more Caused by: java.lang.NoClassDefFoundError: <clinit> failed for class com.fasterxml.jackson.datatype.jsr310.deser.InstantDeserializer; see exception in other thread at com.fasterxml.jackson.datatype.jsr310.JavaTimeModule.<init>(JavaTimeModule.java:119) at java.lang.Class.newInstance(Native Method) at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:388) ... 21 more Caused by: java.lang.NoSuchFieldError: No field ISO_ZONED_DATE_TIME of type Lj$/time/format/DateTimeFormatter; in class Lj$/time/format/DateTimeFormatter; or its superclasses (declaration of 'j$.time.format.DateTimeFormatter' appears in /data/app/-3AsahYi2BhLBw_E80LXboQ==/base.apk!classes2.dex) at com.fasterxml.jackson.datatype.jsr310.deser.InstantDeserializer.<clinit>(InstantDeserializer.java:80) at com.fasterxml.jackson.datatype.jsr310.JavaTimeModule.<init>(JavaTimeModule.java:119) at java.lang.Class.newInstance(Native Method) 2021-07-27 19:41:07.096 27839-27839/? E/AndroidRuntime: at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:388) ... 21 more
The project has core library desugaring configured and enabled.
Do you know of anybody who uses this library and has similar issues and found a way to resolve or investigate them?
I found several reports, stack overflow entries and mentions of issues with com.fasterxml.jackson.datatype:jackson-datatype-jsr310 on Android but unfortunately all without information about how to resolve them.
To differentiate different app versions within the rule, an additional parameter should be added to external parameters. This would be a nice feature if any kind of rule execution logic has a "bug" or any other problem in a special app version. The rule can then differentiate between different apps inside the rule.
With the current implementation, rules evaluate to either pass
or fail
but not to open
:
open
based on the EngineVersion
(see also eu-digital-green-certificates/dgc-certlogic-ios#6)open
is the validation fails for technical reason (see also eu-digital-green-certificates/dgc-certlogic-ios#5)look at the code
n/a
see expected behavior
n/a
Test ConverterTest.testConverter()
fails locally:
junit.framework.AssertionFailedError: expected:<2021-06-30T14:54:51.748565Z> but was:<2021-06-30T14:54:51.748Z>
Expected :2021-06-30T14:54:51.748565Z
Actual :2021-06-30T14:54:51.748Z
Code was a checkout of the current main branch: bc467af
Run via Android Studio 4.2.3.
To prevent future headache when referencing remoteDataSource/CountriesRemoteDataSource, you may want to correct the typo in the code:
Currently, the RuleLocal
class/table doesn't contain a hash
field. This means that users of this library have to manually also track the hash of each rule in a separate DB/table (which can cause inconsistency, etc.). It also means that efficiently syncing the backend with the database is more involved. The current DefaultRulesRepository
doesn't even do a hash comparison.
With a hash
field every RuleLocal
could also store the corresponding hash to allow easy comparison and minimal updates.
Our implementation with hash comparison looks like this in case you want to reuse some of the code: https://github.com/Digitaler-Impfnachweis/covpass-android/blob/main/covpass-sdk/src/main/java/de/rki/covpass/sdk/rules/DefaultCovPassRulesRepository.kt
However that's based on an additional database for storing the hashes. We could do away with that extra complexity by simply having that extra field and if you reuse our sync algorithm we could also get rid of that extra code and this lib would be nicely usable out of the box (apart from all the dependencies issue as mentioned in #32 and the missing Maven Central or GitHub Packages publication mentioned in #12).
To support the region in the future, please add to the external parameters a region parameter which is used in the filter critierias for the rules. For the beginning the region parameter can be null, because the app has currently not region selection.
Private fields of the External Parameter class don't seem to be represented in the JSON-serialized representation of the object and thus not passed to the rule engine to be accessed by the rules.
This particularly includes valueSets
, which should definitely be passed to the rules, and other fields.
External parameters such as valueSets
can be access by the rules.
Run this rule for example:
{
"and": [
{
"if": [
{
"var": "external.valueSets.covid-19-lab-result.0"
},
true,
false
]
},
{
"reduce": [
{
"var": "external.valueSets.covid-19-lab-result"
},
{
"and": [
{
"in": [
{
"var": "current"
},
[
"260415000",
"260373001"
]
]
},
{
"var": "accumulator"
}
]
},
true
]
}
]
}
n/a
Roll back parts of 75883ec
Regression introduced with 75883ec
There is currently no check for the value of the EngineVersion
attribute of a rule:
If a rule has the attribute Engine
with value CERTLOGIC
and EngineVersion
has a value other than 1.0.0
, the rule is not evaluated but reported as open
.
see code
n/a
add if
statement
related to eu-digital-green-certificates/dgc-certlogic-ios#27
The CertificationType General is missing in the CertificationType
This will cause issues when matching General CertificationType
Android module included cert logic jar is outdated and should be updated from 0.9.0 -> 0.11.0
Support latest certlogic rules schema
Update the included lib to 0.11.0
The parameter issuerCountryCode
is missing in ExternalParameter:
The parameter issuerCountryCode
can be set.
see code
n/a
add the parameter
the specification describes this parameter as part of the external parameters
After downloading a business rule/valueset, the hash of the received content must be checked against the hash of the trustlist, to ensure that the file which was downloaded is the correct one. This can be resolved over integrating an interceptor to the http client. If the hash is not correct, the rule should not be updated (if exists) or should be ignored during the download(please show a hint anywhere that there is an problem)
When a rule fails with a (technical) exception, the exception is populated to the caller:
Any exceptions that might be thrown should be caught and mapped to open
.
see code
n/a
try-catch statement + map to open
n/a
The minSdk
version is currently set to 26
which makes it incompatible with the Corona-Warn-App (CWA).
CWA needs to support Android 6, so we'll need SDK 23
.
Support Android 6
n/a
https://developer.android.com/about/versions/marshmallow/android-6.0
Adjust minSdk
n/a
Currently the country of vaccination or recovery is used as issuer country. This should only be used if the field "iss" is not available in the header. Please use the field from the CWT structure as country of issuer at first.
If the SchemaVersion
field of a rule is greater or equal then the ver
field of a DCC (e.g. SchemaVersion=1.3.0
and ver=1.0.0
), the rule results in fail
:
The result should result in open
, just like it is implemented on iOS:
Apply a rule with SchemaVersion
set to 1.3.0
(e.g. Netherlands) against a DCC with ver
set to 1.0.0
(e.g. most German DCCs)
n/a
map to open
instead of fail
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.