From 8fe4bba627656dd7cf95d9afad2491fd2235be86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Gst=C3=B6hl?= Date: Thu, 10 Feb 2022 12:58:44 +0100 Subject: [PATCH 1/3] enable mode removal for walletActiveModes --- .../verifier/ws/controller/VerificationRulesControllerV2.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java index a27c79e7..e22a4743 100644 --- a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java +++ b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java @@ -60,6 +60,9 @@ public VerificationRulesControllerV2( ArrayNode verifierModes = (ArrayNode) rules.get("modeRules").get("verifierActiveModes"); removeModes(verifierModes, disabledVerificationModes); + ArrayNode walletModes = (ArrayNode) rules.get("modeRules").get("walletActiveModes"); + removeModes(walletModes, disabledVerificationModes); + this.verificationRules = mapper.treeToValue(rules, Map.class); this.valueSetDataService = valueSetDataService; From 8acf752ba12ef38d0bf75690c421f907e93b763e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Gst=C3=B6hl?= Date: Thu, 10 Feb 2022 13:12:59 +0100 Subject: [PATCH 2/3] add wallet mode removal test --- .../ws/controller/VerificationRulesControllerV2Test.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/test/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2Test.java b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/test/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2Test.java index 2c564ce4..98ef07a5 100644 --- a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/test/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2Test.java +++ b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/test/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2Test.java @@ -72,6 +72,7 @@ public void verificationRulesTest() throws Exception { boolean modeExists = false; var iter = expected.get("modeRules").get("activeModes").iterator(); var verifierIter = expected.get("modeRules").get("verifierActiveModes").iterator(); + var walletIter = expected.get("modeRules").get("walletActiveModes").iterator(); while (iter.hasNext()) { JsonNode mode = iter.next(); if (disabledMode.equals(mode.get("id").asText())) { @@ -86,6 +87,13 @@ public void verificationRulesTest() throws Exception { verifierIter.remove(); } } + while (walletIter.hasNext()) { + JsonNode mode = walletIter.next(); + if (disabledMode.equals(mode.get("id").asText())) { + modeExists = true; + walletIter.remove(); + } + } if (!modeExists) { throw new IllegalArgumentException( "JSON doesn't seem to have the mode we're testing for. Edit test case or JSON"); From 85a7992033864aa744e346b8fea2fb3ee08aa8eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Gst=C3=B6hl?= Date: Mon, 14 Feb 2022 17:23:55 +0100 Subject: [PATCH 3/3] refactoring to make sonarcloud happy --- .../generated/swagger/swagger.yaml | 242 ++++++++++++++++++ .../VerificationRulesControllerV2.java | 6 +- 2 files changed, 246 insertions(+), 2 deletions(-) create mode 100644 ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/generated/swagger/swagger.yaml diff --git a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/generated/swagger/swagger.yaml b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/generated/swagger/swagger.yaml new file mode 100644 index 00000000..899ab9ae --- /dev/null +++ b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/generated/swagger/swagger.yaml @@ -0,0 +1,242 @@ +openapi: 3.0.0 +servers: +- url: https://www.cc-d.bit.admin.ch + description: '' +- url: https://www.cc-a.bit.admin.ch + description: '' +- url: https://www.cc.bit.admin.ch + description: '' +info: + version: 2.2.0 + description: CH Covidcertificate Verifier API + title: CH Covidcertificate Verifier API +paths: + trust/v2/keys/: + get: + summary: hello + description: Echo endpoint + responses: + '200': + description: Hello from CH Covidcertificate Verifier WS + headers: { + } + content: + application/json: + schema: + type: string + trust/v2/keys/updates: + get: + summary: getSignerCerts + description: get signer certificates + responses: + '200': + description: next certificate batch after `since` up to `upTo` (optional). + keep requesting until `up-to-date` header is `true` + headers: + X-Next-Since: + description: '`since` to set for next request' + schema: + type: string + up-to-date: + description: set to 'true' when no more certs to fetch + schema: + type: string + content: + application/json: + schema: + $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertsResponse' + parameters: + - name: since + in: query + description: '' + required: false + schema: + type: integer + format: long + - name: upTo + in: query + description: '' + required: true + schema: + type: integer + format: long + - name: certFormat + in: query + description: '' + required: true + schema: + $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertFormat' + trust/v2/keys/list: + get: + summary: getActiveSignerCertKeyIds + description: get all key IDs of active signer certs + responses: + '200': + description: list of Key IDs of all active signer certs + headers: + ETag: + description: etag to set for next request + schema: + type: string + up-to: + description: ' `upTo` to set for next keys/update request' + schema: + type: string + content: + application/json: + schema: + $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.ActiveCertsResponse' + '304': + description: no changes since last request + headers: + ETag: + description: etag to set for next request + schema: + type: string + up-to: + description: ' `upTo` to set for next keys/update request' + schema: + type: string + trust/v2/revocationList: + get: + summary: getRevokedCerts + description: get list of revoked certificates + responses: + '200': + description: next batch of revoked certificates + headers: + X-Next-Since: + description: '`since` to set for next request' + schema: + type: string + up-to-date: + description: set to 'true' when no more certs to fetch + schema: + type: string + content: + application/json: + schema: + $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.RevocationResponse' + parameters: + - name: since + in: query + description: '' + required: false + schema: + type: integer + format: long + trust/v1/verificationRules: + get: + summary: getVerificationRules + description: get list of verification rules + responses: + '200': + description: list of verification rules + headers: + ETag: + description: etag to set for next request + schema: + type: string + content: + application/json: + schema: + $ref: '#/components/schemas/java.util.Map' + '304': + description: no changes since last request + headers: + ETag: + description: etag to set for next request + schema: + type: string +components: + schemas: + ch.admin.bag.covidcertificate.backend.verifier.model.RevocationResponse: + type: object + properties: + revokedCerts: + type: array + items: + type: string + description: list of revoked covidcerts + validDuration: + allOf: + - $ref: '#/components/schemas/java.time.Duration' + - description: describes how long the list response is valid for in ms + - example: '172800000' + ch.admin.bag.covidcertificate.backend.verifier.model.cert.ActiveCertsResponse: + type: object + properties: + activeKeyIds: + type: array + items: + type: string + description: list of active key ids + validDuration: + allOf: + - $ref: '#/components/schemas/java.time.Duration' + - description: describes how long the list response is valid for in ms + - example: '172800000' + upTo: + type: integer + format: long + description: up to which key id can be requested + example: '' + ch.admin.bag.covidcertificate.backend.verifier.model.cert.Algorithm: + type: string + enum: + - ES256 + - RS256 + - UNSUPPORTED + ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertFormat: + type: string + enum: + - IOS + - ANDROID + ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertsResponse: + type: object + properties: + certs: + type: array + items: + $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.ClientCert' + ch.admin.bag.covidcertificate.backend.verifier.model.cert.ClientCert: + type: object + properties: + keyId: + type: string + description: base64 encoded. shasum of x509 + example: '' + use: + type: string + description: 'either ''sig'' (all) or one or more of: ''r'' (recovery), + ''t'' (test), ''v'' (vaccine), ''l'' (light)' + example: sig + alg: + allOf: + - $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.Algorithm' + - description: ES256 or RS256. key type can be derived from algorithm + - example: ES256 + n: + type: string + description: base64 encoded. RSA only (android) + example: '' + e: + type: string + description: base64 encoded. RSA only (android) + example: '' + subjectPublicKeyInfo: + type: string + description: base64 encoded. RSA only (ios) + example: '' + crv: + type: string + description: EC only. only 'P-256' is supported at this time + example: P-256 + x: + type: string + description: base64 encoded. EC only + example: '' + y: + type: string + description: base64 encoded. EC only + example: '' diff --git a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java index e22a4743..ebb4fb99 100644 --- a/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java +++ b/ch-covidcertificate-backend-verifier/ch-covidcertificate-backend-verifier-ws/src/main/java/ch/admin/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java @@ -40,8 +40,10 @@ @Controller @RequestMapping("trust/v2") public class VerificationRulesControllerV2 { + private static final Logger logger = LoggerFactory.getLogger(VerificationRulesControllerV2.class); private static final String VALUE_SETS_KEY = "valueSets"; + public static final String MODE_RULES = "modeRules"; private final Map verificationRules; private final ValueSetDataService valueSetDataService; @@ -54,10 +56,10 @@ public VerificationRulesControllerV2( new ClassPathResource("verificationRulesV2.json").getInputStream(); JsonNode rules = mapper.readTree(verificationRulesFile); - ArrayNode modes = (ArrayNode) rules.get("modeRules").get("activeModes"); + ArrayNode modes = (ArrayNode) rules.get(MODE_RULES).get("activeModes"); removeModes(modes, disabledVerificationModes); - ArrayNode verifierModes = (ArrayNode) rules.get("modeRules").get("verifierActiveModes"); + ArrayNode verifierModes = (ArrayNode) rules.get(MODE_RULES).get("verifierActiveModes"); removeModes(verifierModes, disabledVerificationModes); ArrayNode walletModes = (ArrayNode) rules.get("modeRules").get("walletActiveModes");