Code Monkey home page Code Monkey logo

it-dgc-gateway-client's Introduction

EU Digital COVID Certificate Gateway Client


Table of contents

Context

This repository contains the source code of the EU Digital COVID Certificate Gateway Client.

The Gateway Client is part of the national backends and periodically downloads the public keys that are distributed through the DGCG. It is the only point of communication of the national backends with the European Gateway, also allowing the Member State to upload its national DSC (Document Signer Certificate) with which the digital certificates are signed.

Installation

Prerequisites

Maven based build

This is the recommended way for taking part in the development. Please check, whether following prerequisites are installed on your machine:

Build Docker Image

This project also supports building a Docker image. First ensure you have a MongoDB instance running locally on mongodb://127.0.0.1:27017, otherwise change the connection url in the test file: ./src/test/resources/application.properties.

To build the Docker image you first need to build the project from the root:

git clone [email protected]:ministero-salute/it-dgc-gateway-client.git
cd it-dgc-gateway-client
mvn clean package

Then, copy the file application.properties contained in the path ./src/main/resources into the ./it-dgc-gateway-client/config folder:

mkdir -p it-dgc-gateway-client/config
cp ./src/main/resources/application.properties ./it-dgc-gateway-client/config

You need also a security folder which must contain both an sslclient and a truststore directory:

mkdir -p security/sslclient
mkdir -p security/truststore

By default the docker image uses a local mongodb instance running on mongodb://127.0.0.1:27017, you can always change the connection url by editing the envar in the enviroment section of the docker-compose.yml:

environment:
    MONGO_DB_URI=mongodb://user:password@mongodb:27017/DGC-dev

Also you need the DGCG (Digital Green Certificate Gateway) server running locally, you can install it from the public repo Digital Green Certificate Gateway.

To properly work the client needs also:

  • an external signature service (rest API) SIGN_EXTERNAL_URL=https://host/v1/sign.

  • the certificate for the connection in mTLS to the Digital Green Certificate Gateway Service (the country of origin must be defined in the "country" field of the certificate subject) and pack it into a Java Key Store.

environment:
      - DGC_BASE_URL=https://example.dgc.eu
      - SSLDGC_JKS_PATH=/security/sslclient/ssldgc.jks
      - SSLDGC_JKS_PASSWORD=password
      - SSLDGC_CERT_PASSWORD=password
  • the certificate for the connection in mTLS with the external signing service and pack it into a Java Key Store.
environment:
      - SIGN_EXTERNAL_URL=https://host/v1/sign
      - SSLDP_JKS_PATH=/security/sslclient/ssldp.jks
      - SSLDP_JKS_PASSWORD=password
      - SSLDP_CERT_PASSWORD=password
  • TrustAnchor to verify the signature of member state certificates and pack it into a Java Key Store.
environment:
      - TRUST_JKS_PATH=/security/truststore/truststore.jks
      - TRUST_JKS_PASSWORD=password
      - TRUST_DGC_ANCHOR_ALIAS=anchor_alias

Once the requirements above shown are satisfied open a shell with working directory and execute

docker-compose up --build

Dependencies

The project has been implemented in Java 11.

Maven is used for dependency management. Maven is a build manager tool and mostly used in java projects. Maven was built on a central concept of project object model (POM).

The pom.xml contains all necessary information about the project, as well as configurations of plugins to be used during the build process.

The backend services follow a micro-service architecture, where each critical functionality is deployed as its own component. Components are distributed in dedicated Docker images, Docker being an industry standard platform for the containerization and virtualization of software.

The following dependencies are used to implement the business logic:

  • spring data mongo. A libray which provides integration with the MongoDB document database. Key functional areas of Spring Data MongoDB are a POJO centric model for interacting with a MongoDB DBCollection and easily writing a Repository style data access layer. Released as an open-source project under the Apache 2.0 licence.
  • Lombok. A Java library tool that generates code for minimizing boilerplate code. The library replaces boilerplate code with easy-to-use annotations.For example, by adding a couple of annotations, you can get rid of code clutters, such as getters and setters methods, constructors, hashcode, equals, and toString methods, and so on. Lombok is an open-source project released under the MIT licence.
  • springdoc-openapi. A library that helps automating the generation of API documentation using spring boot projects. springdoc-openapi works by examining an application at runtime to infer API semantics based on spring configurations, class structure and various annotations. Released as an open-source project under the Apache 2.0 licence.
  • BouncyCastle. a Java library that complements the default Java Cryptographic Extension (JCE). In this introductory article, we're going to show how to use BouncyCastle to perform cryptographic operations, such as encryption and signature. BouncyCastle is released as an open-source project under an adaptation of the MIT X11 licence.
  • AkamaiOPEN-edgegrid-java. A Java library for EdgeGrid Client Authentication. Provides a client independent implement as well as concrete implementations for REST-assured and Google HTTP Client Library for Java integration. AkamaiOPEN-edgegrid-java is released as an open-source project under an adaptation of the Apache 2.0 licence.
  • JaCoCo. A Maven plug-in that provides the JaCoCo runtime agent to your tests and allows basic report creation. JaCoCo is released as an open-source project under the EPL 2.0 licence.
  • junit4. A simple framework to write repeatable tests. It is an instance of the xUnit architecture for unit testing frameworks. Junit4 is released as an open-source project under Eclipse Public License 1.0.

Contributing

Contributions are most welcome. Before proceeding, please read the Code of Conduct for guidance on how to approach the community and create a positive environment. Additionally, please read our CONTRIBUTING file, which contains guidance on ensuring a smooth contribution process.

Contributors

Here is a list of repository contributors. Thank you to everyone involved for improving this project, day by day.

Licence

Authors and Copyright

Copyright 2021 (c) Ministero della Salute.

Please check the AUTHORS file for extended reference.

Third-party component licences

Licence details

The licence for this repository is a GNU Affero General Public Licence version 3 (SPDX: AGPL-3.0). Please see the LICENSE file for full reference.

it-dgc-gateway-client's People

Contributors

alfo1995 avatar astagi avatar gdipietro74 avatar gnfrisicaro avatar grausof avatar it-eucert-team avatar libremente avatar mnelli19 avatar sebbalex avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

steelball sebaker88

it-dgc-gateway-client's Issues

Process to get authorized to access National backEnd

Hi, we want to build a totem to verify the validity of Green Pass in Italy. I have read lot of technical documentation, but I can't find any reference to the process to get authorized to access the service. Someone can give us some hints?

Thank you.

[BUG] Resource not closed in CertificateSignatureVerifier

Describe the bug

CertificateSignatureVerifier dont close an handle to jksTrustPath

To Reproduce

call initAnchoPublicKey

Expected behaviour

The introduce of try resource

Additional context

I have already fixed the problem with a pull request

[GENERAL] Revoked DCC list

Hi,
I have a question about the available API. In the DPCM of 17/06/2021, article 8 comma 5 it is stated that the Italian "Green Pass" can be revoked if the person get infected and in this case the EU DCC is revoked as well.

The Attachment B of the DPCM mentioned above describe at page 4 how the EU DCC are revoked:

  • The EU DCC UID is put into a "Revoked list" ("lista di revoca")
  • This list is shared by the Italian DGC Gateway with the central EU DCC Gateway
  • Verifier apps, in our case Verifica C19, should check if a EU DCC is on the revoked list and, in that case, mark it as not valid.

I am wondering if this has been implemented or it is about to be implemented because looking at the National DGC Gateway API I've found only three of them: get the KIDs, get the DSC, get the Business Rules.
I have also checked the code of Verifica C19 and, currently, I have found nothing related to a revoked list so it seems that Verifica C19 is ignoring this as well.

If I have just missed it, could you please provide me the API used to get the revoked list?

Thanks

[BUG] Null pointer in AkamaiFastPurge.java

Describe the bug

There is a null reference inside invalidateUrls() when status is not assigned

To Reproduce

To reproduce the error is necessary to have a problem with akamai post. After this this line produce a null pointer

return status.toString();

Expected behaviour

Check null pointer

Additional context

I have already fixed the problem and I can submit a FIX

[GENERAL] Code formatting

Hi

I have seen that the source code of the project has a different code formatting.
In general, this is not a problem but, let me show you this source code

src\main\java\it\interop\dgc\gateway\akamai\AkamaiFastPurge.java

Inside this source code, some lines are ended with 0x0a

0000000000: 2F 2A 0A 20 2A 20 20 43 │ 6F 70 79 72 69 67 68 74 /*◙ * Copyright
0000000010: 20 28 43 29 20 32 30 32 │ 31 20 4D 69 6E 69 73 74 (C) 2021 Minist

and some others with 0x0d 0x0a

0000000390: 69 6D 70 6F 72 74 20 6A │ 61 76 61 2E 6E 65 74 2E import java.net.
00000003A0: 55 52 49 3B 0D 0A 69 6D │ 70 6F 72 74 20 6A 61 76 URI;♪◙import jav

Some ide reformats the code using the same line terminator. This kind of end of line mismatch may generate a diff that includes, not only the lines modified, but also all the lines that are committed with a different end of line.

I think maybe a good practice to reformat all the source code of the project to reduce the diff mismatch that may be generated by different IDE or editors.

all the best
matteo baccan

[GENERAL] How to get certificates to decode codes yourself

Hello,
I know this is probably not the right place to ask but I can't find this anywhere.
I am required to read QR codes and validate that the code is valid and the person is "ok".

As I understand I need some certificates to validate the data is correct, but I can't find how or from where get these certificates.

Any help would be appreciated.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.