Skip to content
This repository has been archived by the owner on Sep 15, 2023. It is now read-only.

enable mode removal for walletActiveModes #144

Merged
merged 3 commits into from
Mar 2, 2022
Merged

enable mode removal for walletActiveModes #144

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8fe4bba
enable mode removal for walletActiveModes
gstoehld Feb 10, 2022
8acf752
add wallet mode removal test
gstoehld Feb 10, 2022
85a7992
refactoring to make sonarcloud happy
gstoehld Feb 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
242 changes: 242 additions & 0 deletions ...e-backend-verifier/ch-covidcertificate-backend-verifier-ws/generated/swagger/swagger.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,242 @@
openapi: 3.0.0
servers:
- url: https://www.cc-d.bit.admin.ch
description: ''
- url: https://www.cc-a.bit.admin.ch
description: ''
- url: https://www.cc.bit.admin.ch
description: ''
info:
version: 2.2.0
description: CH Covidcertificate Verifier API
title: CH Covidcertificate Verifier API
paths:
trust/v2/keys/:
get:
summary: hello
description: Echo endpoint
responses:
'200':
description: Hello from CH Covidcertificate Verifier WS
headers: {
}
content:
application/json:
schema:
type: string
trust/v2/keys/updates:
get:
summary: getSignerCerts
description: get signer certificates
responses:
'200':
description: next certificate batch after `since` up to `upTo` (optional).
keep requesting until `up-to-date` header is `true`
headers:
X-Next-Since:
description: '`since` to set for next request'
schema:
type: string
up-to-date:
description: set to 'true' when no more certs to fetch
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertsResponse'
parameters:
- name: since
in: query
description: ''
required: false
schema:
type: integer
format: long
- name: upTo
in: query
description: ''
required: true
schema:
type: integer
format: long
- name: certFormat
in: query
description: ''
required: true
schema:
$ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertFormat'
trust/v2/keys/list:
get:
summary: getActiveSignerCertKeyIds
description: get all key IDs of active signer certs
responses:
'200':
description: list of Key IDs of all active signer certs
headers:
ETag:
description: etag to set for next request
schema:
type: string
up-to:
description: ' `upTo` to set for next keys/update request'
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.ActiveCertsResponse'
'304':
description: no changes since last request
headers:
ETag:
description: etag to set for next request
schema:
type: string
up-to:
description: ' `upTo` to set for next keys/update request'
schema:
type: string
trust/v2/revocationList:
get:
summary: getRevokedCerts
description: get list of revoked certificates
responses:
'200':
description: next batch of revoked certificates
headers:
X-Next-Since:
description: '`since` to set for next request'
schema:
type: string
up-to-date:
description: set to 'true' when no more certs to fetch
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.RevocationResponse'
parameters:
- name: since
in: query
description: ''
required: false
schema:
type: integer
format: long
trust/v1/verificationRules:
get:
summary: getVerificationRules
description: get list of verification rules
responses:
'200':
description: list of verification rules
headers:
ETag:
description: etag to set for next request
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/java.util.Map'
'304':
description: no changes since last request
headers:
ETag:
description: etag to set for next request
schema:
type: string
components:
schemas:
ch.admin.bag.covidcertificate.backend.verifier.model.RevocationResponse:
type: object
properties:
revokedCerts:
type: array
items:
type: string
description: list of revoked covidcerts
validDuration:
allOf:
- $ref: '#/components/schemas/java.time.Duration'
- description: describes how long the list response is valid for in ms
- example: '172800000'
ch.admin.bag.covidcertificate.backend.verifier.model.cert.ActiveCertsResponse:
type: object
properties:
activeKeyIds:
type: array
items:
type: string
description: list of active key ids
validDuration:
allOf:
- $ref: '#/components/schemas/java.time.Duration'
- description: describes how long the list response is valid for in ms
- example: '172800000'
upTo:
type: integer
format: long
description: up to which key id can be requested
example: ''
ch.admin.bag.covidcertificate.backend.verifier.model.cert.Algorithm:
type: string
enum:
- ES256
- RS256
- UNSUPPORTED
ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertFormat:
type: string
enum:
- IOS
- ANDROID
ch.admin.bag.covidcertificate.backend.verifier.model.cert.CertsResponse:
type: object
properties:
certs:
type: array
items:
$ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.ClientCert'
ch.admin.bag.covidcertificate.backend.verifier.model.cert.ClientCert:
type: object
properties:
keyId:
type: string
description: base64 encoded. shasum of x509
example: ''
use:
type: string
description: 'either ''sig'' (all) or one or more of: ''r'' (recovery),
''t'' (test), ''v'' (vaccine), ''l'' (light)'
example: sig
alg:
allOf:
- $ref: '#/components/schemas/ch.admin.bag.covidcertificate.backend.verifier.model.cert.Algorithm'
- description: ES256 or RS256. key type can be derived from algorithm
- example: ES256
n:
type: string
description: base64 encoded. RSA only (android)
example: ''
e:
type: string
description: base64 encoded. RSA only (android)
example: ''
subjectPublicKeyInfo:
type: string
description: base64 encoded. RSA only (ios)
example: ''
crv:
type: string
description: EC only. only 'P-256' is supported at this time
example: P-256
x:
type: string
description: base64 encoded. EC only
example: ''
y:
type: string
description: base64 encoded. EC only
example: ''
9 changes: 7 additions & 2 deletions ...in/bag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,10 @@
@Controller
@RequestMapping("trust/v2")
public class VerificationRulesControllerV2 {

private static final Logger logger = LoggerFactory.getLogger(VerificationRulesControllerV2.class);
private static final String VALUE_SETS_KEY = "valueSets";
public static final String MODE_RULES = "modeRules";

private final Map verificationRules;
private final ValueSetDataService valueSetDataService;
Expand All @@ -54,12 +56,15 @@ public VerificationRulesControllerV2(
new ClassPathResource("verificationRulesV2.json").getInputStream();
JsonNode rules = mapper.readTree(verificationRulesFile);

ArrayNode modes = (ArrayNode) rules.get("modeRules").get("activeModes");
ArrayNode modes = (ArrayNode) rules.get(MODE_RULES).get("activeModes");
removeModes(modes, disabledVerificationModes);

ArrayNode verifierModes = (ArrayNode) rules.get("modeRules").get("verifierActiveModes");
ArrayNode verifierModes = (ArrayNode) rules.get(MODE_RULES).get("verifierActiveModes");
removeModes(verifierModes, disabledVerificationModes);

ArrayNode walletModes = (ArrayNode) rules.get("modeRules").get("walletActiveModes");
removeModes(walletModes, disabledVerificationModes);

this.verificationRules = mapper.treeToValue(rules, Map.class);

this.valueSetDataService = valueSetDataService;
Expand Down
8 changes: 8 additions & 0 deletions ...ag/covidcertificate/backend/verifier/ws/controller/VerificationRulesControllerV2Test.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ public void verificationRulesTest() throws Exception {
boolean modeExists = false;
var iter = expected.get("modeRules").get("activeModes").iterator();
var verifierIter = expected.get("modeRules").get("verifierActiveModes").iterator();
var walletIter = expected.get("modeRules").get("walletActiveModes").iterator();
while (iter.hasNext()) {
JsonNode mode = iter.next();
if (disabledMode.equals(mode.get("id").asText())) {
Expand All @@ -86,6 +87,13 @@ public void verificationRulesTest() throws Exception {
verifierIter.remove();
}
}
while (walletIter.hasNext()) {
JsonNode mode = walletIter.next();
if (disabledMode.equals(mode.get("id").asText())) {
modeExists = true;
walletIter.remove();
}
}
if (!modeExists) {
throw new IllegalArgumentException(
"JSON doesn't seem to have the mode we're testing for. Edit test case or JSON");
Expand Down