Skip to content

Commit

Permalink
Merge pull request #16 from lacchain/country-signer-key
Browse files Browse the repository at this point in the history
fix: country signer key, closes #14
  • Loading branch information
eum602 authored Nov 1, 2023
2 parents 4f524f6 + e60d71a commit e8df06f
Show file tree
Hide file tree
Showing 7 changed files with 47 additions and 21 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# Changelog

### 0.0.3

- Fix:
- Country Signer Code

## 0.0.2

### Bug Fixes
Expand Down
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "lacpass-trusted-list"
version = "0.0.2"
version = "0.0.3"
edition = "2021"
authors = ["Erick <[email protected]>"]

Expand Down
2 changes: 1 addition & 1 deletion docs/tech/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ The following commands will `build and run` a Docker image ready for production
#### Build Docker image

```
docker build -f Dockerfile.prod -t lacpass-trusted-list .
docker build -f Dockerfile.prod -t lacpass-trusted-list:XXXX .
```

#### Run docker image (you need to add .env file as param)
Expand Down
19 changes: 8 additions & 11 deletions src/services/public_key/source_1_worker_service.rs
Original file line number Diff line number Diff line change
Expand Up @@ -102,15 +102,14 @@ impl ExternalSource1WorkerService {
}
})
.filter_map(|(jwk, key)| {
match country_code::ALPHA2_TO_ALPHA3.get(&key.country) {
Some(_) => {},
None => {
let message = format!("Got error when validating country code {}",
key.country.clone());
debug!("{}", message);
return None;
},
let alpha3_country_code_option = country_code::ALPHA2_TO_ALPHA3.get(&key.country);
if let None = alpha3_country_code_option {
let message = format!("Got error when validating country code {}",
key.country.clone());
debug!("{}", message);
return None;
}
let alpha3_country_code = alpha3_country_code_option.unwrap().to_string();
// extract pem hash
let mut h = Sha3::keccak256();
match jwk.x5c.clone() {
Expand All @@ -135,7 +134,7 @@ impl ExternalSource1WorkerService {
let jwk_bytes = jwk_string.as_bytes();

match X509Utils::get_expiration_from_pem(pem_candidate.to_string()) {
Ok(expiration) => Some((content_hash, jwk_bytes.to_owned(), expiration, key.clone().country, Some(key.url.clone()) )),
Ok(expiration) => Some((content_hash, jwk_bytes.to_owned(), expiration, alpha3_country_code, Some(key.url.clone()) )),
Err(e) => {
let message = format!(
"Error while getting 'Expiration' from pem - for country {:?}; error was: {:?}",
Expand All @@ -145,8 +144,6 @@ impl ExternalSource1WorkerService {
return None;
},
}

// return Some((jwk_bytes.to_owned(), key, content_hash));
}
Err(e) => {
debug!(
Expand Down
33 changes: 28 additions & 5 deletions src/services/validator/certificate_service.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@ use crate::{
responses::{
error_message::ErrorMessage, generic_response::Responses, success_messages::SuccessMessage,
},
services::{public_key::data_interface::PublicKeyService, x509::x509_utils::X509Utils},
services::{
public_directory::country_code::ALPHA3_TO_ALPHA2,
public_key::data_interface::PublicKeyService, x509::x509_utils::X509Utils,
},
};
use base45::decode;
use cbor::{Cbor, Decoder};
Expand Down Expand Up @@ -138,6 +141,22 @@ pub fn get_child_u8_from_cbor_map(cbor_map: &HashMap<String, Cbor>, child: &str)
}
}

pub fn get_signer_country_code(payload: &Vec<u8>) -> Option<String> {
let mut d = Decoder::from_bytes(payload.clone());
d.items().into_iter().find_map(|v| match v {
Ok(c) => match c {
cbor::Cbor::Unicode(el) => match ALPHA3_TO_ALPHA2.get(&el) {
Some(_) => return Some(el),
None => return None,
},
_ => None,
},
Err(_) => {
return None;
}
})
}

pub fn get_string_by_name_from_vec(payload: &Vec<u8>, child_name: &str) -> Option<String> {
let mut d = Decoder::from_bytes(payload.clone());
let found = d.items().into_iter().find_map(|v| match v {
Expand Down Expand Up @@ -579,6 +598,9 @@ pub async fn verify_base45(

match cose_message.init_decoder(None) {
Ok(_) => {
// info!("{:?}", cose_message.header.kid); // TODO: implement
// info!("{:?}", cose_message.header.protected); // data

let payload = cose_message.payload.clone();
let hc1_result = get_hc1_struct(&payload);
if let Err(e) = hc1_result {
Expand All @@ -595,19 +617,20 @@ pub async fn verify_base45(
let ddcc_core_data_set = hc1_result.unwrap();
info!("hc1 struct: {:?}", ddcc_core_data_set);

if let None = ddcc_core_data_set.vaccination.country.code.clone() {
let signer_country_code_option = get_signer_country_code(&payload);
if let None = signer_country_code_option {
let message = "country code not found";
debug!("TRACE_ID: {}, DESCRIPTION ({})", trace_id, message);
return Responses::BadRequest(Json::from(ErrorMessage {
message,
trace_id: trace_id.to_string(),
}));
}

let country_code = ddcc_core_data_set.vaccination.country.code.clone().unwrap();
let signer_country_code = signer_country_code_option.unwrap();

let is_valid_result =
is_valid_message(db, &mut cose_message, country_code, trace_id).await;
is_valid_message(db, &mut cose_message, signer_country_code, trace_id)
.await;
if let Err(e) = is_valid_result {
let message = "message validation failed";
debug!(
Expand Down
5 changes: 3 additions & 2 deletions src/services/x509/x509_utils.rs
Original file line number Diff line number Diff line change
Expand Up @@ -209,11 +209,12 @@ impl X509Utils {
},
Ok(xy) => {
let mut key = keys::CoseKey::new();
key.kty(keys::P_256);
key.kty(keys::EC2);
key.x(xy.get(0).unwrap().to_owned());
key.y(xy.get(1).unwrap().to_owned());
key.alg(*signing_alg);
key.key_ops(vec![keys::KEY_OPS_VERIFY]);
key.crv(keys::P_256);
return Some(key);
},
}
Expand Down Expand Up @@ -402,7 +403,7 @@ mod tests {
let pem_key = pem_keys.get(0).unwrap();
match X509Utils::get_expiration_from_pem(pem_key.to_string()) {
Ok(v) => {
println!("Expiration {}", v);
// println!("Expiration {}", v);
assert_eq!(v, 1738870964);
}
Err(_) => {
Expand Down

0 comments on commit e8df06f

Please sign in to comment.