refactoring to make sonarcloud happy

admin-ch · Feb 22, 2022 · 85a7992 · 85a7992
1 parent 8acf752
commit 85a7992
Show file tree

Hide file tree

Showing 2 changed files with 246 additions and 2 deletions.
diff --git a/...e-backend-verifier/ch-covidcertificate-backend-verifier-ws/generated/swagger/swagger.yaml b/...e-backend-verifier/ch-covidcertificate-backend-verifier-ws/generated/swagger/swagger.yaml
@@ -0,0 +1,242 @@
+openapi: 3.0.0
+servers:
+- url: https://www.cc-d.bit.admin.ch
+  description: ''
+- url: https://www.cc-a.bit.admin.ch
+  description: ''
+- url: https://www.cc.bit.admin.ch
+  description: ''
+info:
+  version: 2.2.0
+  description: CH Covidcertificate Verifier API
+  title: CH Covidcertificate Verifier API
+paths:
+  trust/v2/keys/:
+    get:
+      summary: hello
+      description: Echo endpoint
+      responses:
+        '200':
+          description: Hello from CH Covidcertificate Verifier WS
+          headers: {
+            }
+          content:
+            application/json:
+              schema:
+                type: string
+  trust/v2/keys/updates:
+    get:
+      summary: getSignerCerts
+      description: get signer certificates
+      responses:
+        '200':
+          description: next certificate batch after `since` up to `upTo` (optional).
+            keep requesting until `up-to-date` header is `true`
+          headers:
+            X-Next-Since:
+              description: '`since` to set for next request'
+              schema:
+                type: string
+            up-to-date:
+              description: set to 'true' when no more certs to fetch
+              schema:
+                type: string
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertsResponse'
+      parameters:
+      - name: since
+        in: query
+        description: ''
+        required: false
+        schema:
+          type: integer
+          format: long
+      - name: upTo
+        in: query
+        description: ''
+        required: true
+        schema:
+          type: integer
+          format: long
+      - name: certFormat
+        in: query
+        description: ''
+        required: true
+        schema:
+          $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertFormat'
+  trust/v2/keys/list:
+    get:
+      summary: getActiveSignerCertKeyIds
+      description: get all key IDs of active signer certs
+      responses:
+        '200':
+          description: list of Key IDs of all active signer certs
+          headers:
+            ETag:
+              description: etag to set for next request
+              schema:
+                type: string
+            up-to:
+              description: ' `upTo` to set for next keys/update request'
+              schema:
+                type: string
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.ActiveCertsResponse'
+        '304':
+          description: no changes since last request
+          headers:
+            ETag:
+              description: etag to set for next request
+              schema:
+                type: string
+            up-to:
+              description: ' `upTo` to set for next keys/update request'
+              schema:
+                type: string
+  trust/v2/revocationList:
+    get:
+      summary: getRevokedCerts
+      description: get list of revoked certificates
+      responses:
+        '200':
+          description: next batch of revoked certificates
+          headers:
+            X-Next-Since:
+              description: '`since` to set for next request'
+              schema:
+                type: string
+            up-to-date:
+              description: set to 'true' when no more certs to fetch
+              schema:
+                type: string
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.RevocationResponse'
+      parameters:
+      - name: since
+        in: query
+        description: ''
+        required: false
+        schema:
+          type: integer
+          format: long
+  trust/v1/verificationRules:
+    get:
+      summary: getVerificationRules
+      description: get list of verification rules
+      responses:
+        '200':
+          description: list of verification rules
+          headers:
+            ETag:
+              description: etag to set for next request
+              schema:
+                type: string
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/java.util.Map'
+        '304':
+          description: no changes since last request
+          headers:
+            ETag:
+              description: etag to set for next request
+              schema:
+                type: string
+components:
+  schemas:
+    ch.admin.bag.covidcertificate.backend.verifier.model.RevocationResponse:
+      type: object
+      properties:
+        revokedCerts:
+          type: array
+          items:
+            type: string
+          description: list of revoked covidcerts
+        validDuration:
+          allOf:
+          - $ref: '#/components/schemas/java.time.Duration'
+          - description: describes how long the list response is valid for in ms
+          - example: '172800000'
+    ch.admin.bag.covidcertificate.backend.verifier.model.cert.ActiveCertsResponse:
+      type: object
+      properties:
+        activeKeyIds:
+          type: array
+          items:
+            type: string
+          description: list of active key ids
+        validDuration:
+          allOf:
+          - $ref: '#/components/schemas/java.time.Duration'
+          - description: describes how long the list response is valid for in ms
+          - example: '172800000'
+        upTo:
+          type: integer
+          format: long
+          description: up to which key id can be requested
+          example: ''
+    ch.admin.bag.covidcertificate.backend.verifier.model.cert.Algorithm:
+      type: string
+      enum:
+      - ES256
+      - RS256
+      - UNSUPPORTED
+    ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertFormat:
+      type: string
+      enum:
+      - IOS
+      - ANDROID
+    ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertsResponse:
+      type: object
+      properties:
+        certs:
+          type: array
+          items:
+            $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.ClientCert'
+    ch.admin.bag.covidcertificate.backend.verifier.model.cert.ClientCert:
+      type: object
+      properties:
+        keyId:
+          type: string
+          description: base64 encoded. shasum of x509
+          example: ''
+        use:
+          type: string
+          description: 'either ''sig'' (all) or one or more of: ''r'' (recovery),
+            ''t'' (test), ''v'' (vaccine), ''l'' (light)'
+          example: sig
+        alg:
+          allOf:
+          - $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.Algorithm'
+          - description: ES256 or RS256. key type can be derived from algorithm
+          - example: ES256
+        n:
+          type: string
+          description: base64 encoded. RSA only (android)
+          example: ''
+        e:
+          type: string
+          description: base64 encoded. RSA only (android)
+          example: ''
+        subjectPublicKeyInfo:
+          type: string
+          description: base64 encoded. RSA only (ios)
+          example: ''
+        crv:
+          type: string
+          description: EC only. only 'P-256' is supported at this time
+          example: P-256
+        x:
+          type: string
+          description: base64 encoded. EC only
+          example: ''
+        y:
+          type: string
+          description: base64 encoded. EC only
+          example: ''
diff --git a/...in/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java b/...in/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java
@@ -40,8 +40,10 @@
 @Controller
 @RequestMapping("trust/v2")
 public class VerificationRulesControllerV2 {
+
     private static final Logger logger = LoggerFactory.getLogger(VerificationRulesControllerV2.class);
     private static final String VALUE_SETS_KEY = "valueSets";
+    public static final String MODE_RULES = "modeRules";
 
     private final Map verificationRules;
     private final ValueSetDataService valueSetDataService;
@@ -54,10 +56,10 @@ public VerificationRulesControllerV2(
                 new ClassPathResource("verificationRulesV2.json").getInputStream();
         JsonNode rules = mapper.readTree(verificationRulesFile);
 
-        ArrayNode modes = (ArrayNode) rules.get("modeRules").get("activeModes");
+        ArrayNode modes = (ArrayNode) rules.get(MODE_RULES).get("activeModes");
         removeModes(modes, disabledVerificationModes);
 
-        ArrayNode verifierModes = (ArrayNode) rules.get("modeRules").get("verifierActiveModes");
+        ArrayNode verifierModes = (ArrayNode) rules.get(MODE_RULES).get("verifierActiveModes");
         removeModes(verifierModes, disabledVerificationModes);
 
         ArrayNode walletModes = (ArrayNode) rules.get("modeRules").get("walletActiveModes");