diff --git a/CHANGELOG.md b/CHANGELOG.md index dbd7000..e790055 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +### 0.0.3 + +- Fix: + - Country Signer Code + ## 0.0.2 ### Bug Fixes diff --git a/Cargo.lock b/Cargo.lock index ec2d72b..5c80930 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1519,7 +1519,7 @@ dependencies = [ [[package]] name = "lacpass-trusted-list" -version = "0.0.2" +version = "0.0.3" dependencies = [ "anyhow", "async-trait", diff --git a/Cargo.toml b/Cargo.toml index a1adae7..00da811 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lacpass-trusted-list" -version = "0.0.2" +version = "0.0.3" edition = "2021" authors = ["Erick "] diff --git a/docs/tech/configuration.md b/docs/tech/configuration.md index 2b8c859..780def9 100644 --- a/docs/tech/configuration.md +++ b/docs/tech/configuration.md @@ -84,7 +84,7 @@ The following commands will `build and run` a Docker image ready for production #### Build Docker image ``` -docker build -f Dockerfile.prod -t lacpass-trusted-list . +docker build -f Dockerfile.prod -t lacpass-trusted-list:XXXX . ``` #### Run docker image (you need to add .env file as param) diff --git a/src/services/public_key/source_1_worker_service.rs b/src/services/public_key/source_1_worker_service.rs index 08be723..b917b8a 100644 --- a/src/services/public_key/source_1_worker_service.rs +++ b/src/services/public_key/source_1_worker_service.rs @@ -102,15 +102,14 @@ impl ExternalSource1WorkerService { } }) .filter_map(|(jwk, key)| { - match country_code::ALPHA2_TO_ALPHA3.get(&key.country) { - Some(_) => {}, - None => { - let message = format!("Got error when validating country code {}", - key.country.clone()); - debug!("{}", message); - return None; - }, + let alpha3_country_code_option = country_code::ALPHA2_TO_ALPHA3.get(&key.country); + if let None = alpha3_country_code_option { + let message = format!("Got error when validating country code {}", + key.country.clone()); + debug!("{}", message); + return None; } + let alpha3_country_code = alpha3_country_code_option.unwrap().to_string(); // extract pem hash let mut h = Sha3::keccak256(); match jwk.x5c.clone() { @@ -135,7 +134,7 @@ impl ExternalSource1WorkerService { let jwk_bytes = jwk_string.as_bytes(); match X509Utils::get_expiration_from_pem(pem_candidate.to_string()) { - Ok(expiration) => Some((content_hash, jwk_bytes.to_owned(), expiration, key.clone().country, Some(key.url.clone()) )), + Ok(expiration) => Some((content_hash, jwk_bytes.to_owned(), expiration, alpha3_country_code, Some(key.url.clone()) )), Err(e) => { let message = format!( "Error while getting 'Expiration' from pem - for country {:?}; error was: {:?}", @@ -145,8 +144,6 @@ impl ExternalSource1WorkerService { return None; }, } - - // return Some((jwk_bytes.to_owned(), key, content_hash)); } Err(e) => { debug!( diff --git a/src/services/validator/certificate_service.rs b/src/services/validator/certificate_service.rs index 6d88d38..cf15355 100644 --- a/src/services/validator/certificate_service.rs +++ b/src/services/validator/certificate_service.rs @@ -6,7 +6,10 @@ use crate::{ responses::{ error_message::ErrorMessage, generic_response::Responses, success_messages::SuccessMessage, }, - services::{public_key::data_interface::PublicKeyService, x509::x509_utils::X509Utils}, + services::{ + public_directory::country_code::ALPHA3_TO_ALPHA2, + public_key::data_interface::PublicKeyService, x509::x509_utils::X509Utils, + }, }; use base45::decode; use cbor::{Cbor, Decoder}; @@ -138,6 +141,22 @@ pub fn get_child_u8_from_cbor_map(cbor_map: &HashMap, child: &str) } } +pub fn get_signer_country_code(payload: &Vec) -> Option { + let mut d = Decoder::from_bytes(payload.clone()); + d.items().into_iter().find_map(|v| match v { + Ok(c) => match c { + cbor::Cbor::Unicode(el) => match ALPHA3_TO_ALPHA2.get(&el) { + Some(_) => return Some(el), + None => return None, + }, + _ => None, + }, + Err(_) => { + return None; + } + }) +} + pub fn get_string_by_name_from_vec(payload: &Vec, child_name: &str) -> Option { let mut d = Decoder::from_bytes(payload.clone()); let found = d.items().into_iter().find_map(|v| match v { @@ -579,6 +598,9 @@ pub async fn verify_base45( match cose_message.init_decoder(None) { Ok(_) => { + // info!("{:?}", cose_message.header.kid); // TODO: implement + // info!("{:?}", cose_message.header.protected); // data + let payload = cose_message.payload.clone(); let hc1_result = get_hc1_struct(&payload); if let Err(e) = hc1_result { @@ -595,7 +617,8 @@ pub async fn verify_base45( let ddcc_core_data_set = hc1_result.unwrap(); info!("hc1 struct: {:?}", ddcc_core_data_set); - if let None = ddcc_core_data_set.vaccination.country.code.clone() { + let signer_country_code_option = get_signer_country_code(&payload); + if let None = signer_country_code_option { let message = "country code not found"; debug!("TRACE_ID: {}, DESCRIPTION ({})", trace_id, message); return Responses::BadRequest(Json::from(ErrorMessage { @@ -603,11 +626,11 @@ pub async fn verify_base45( trace_id: trace_id.to_string(), })); } - - let country_code = ddcc_core_data_set.vaccination.country.code.clone().unwrap(); + let signer_country_code = signer_country_code_option.unwrap(); let is_valid_result = - is_valid_message(db, &mut cose_message, country_code, trace_id).await; + is_valid_message(db, &mut cose_message, signer_country_code, trace_id) + .await; if let Err(e) = is_valid_result { let message = "message validation failed"; debug!( diff --git a/src/services/x509/x509_utils.rs b/src/services/x509/x509_utils.rs index 1363897..7e12fb7 100644 --- a/src/services/x509/x509_utils.rs +++ b/src/services/x509/x509_utils.rs @@ -209,11 +209,12 @@ impl X509Utils { }, Ok(xy) => { let mut key = keys::CoseKey::new(); - key.kty(keys::P_256); + key.kty(keys::EC2); key.x(xy.get(0).unwrap().to_owned()); key.y(xy.get(1).unwrap().to_owned()); key.alg(*signing_alg); key.key_ops(vec![keys::KEY_OPS_VERIFY]); + key.crv(keys::P_256); return Some(key); }, } @@ -402,7 +403,7 @@ mod tests { let pem_key = pem_keys.get(0).unwrap(); match X509Utils::get_expiration_from_pem(pem_key.to_string()) { Ok(v) => { - println!("Expiration {}", v); + // println!("Expiration {}", v); assert_eq!(v, 1738870964); } Err(_) => {