Comments (22)
Hi psavva,
for Vaccination and Test the dates were set in backend.
So maybe it is possible to adjust your Cyprus issuance service regarding that?
Best regards, Gordon
from dgca-issuance-web.
Hi @ggrund-tsi,
The Vaccination and Test Dates are set in the FrontEnd.
Only 2 Http Requests are set to the backend. First to get the DGCI (No Dates)
Second is to supply the Hash (No Dates either here)
All Dates are defined in the FrontEnd when using the DGCA-Issuance-Web.
Please see the code here:
const expiredSeconds = 60 * 60 * 24 * 364;
const encodeCBOR = (certData: any, certMetaData: CertificateMetaData): Buffer => {
const cborMap = new cbor.Map();
const issuedAtSec = Date.now() / 1000 | 0;
// expiration
cborMap.set((4 as number), issuedAtSec + expiredSeconds);
// issued at
cborMap.set((6 as number), issuedAtSec);
// issuer country code
cborMap.set((1 as number), certMetaData.countryCode);
const v1 = new cbor.Map();
v1.set((1 as number), certData)
cborMap.set((-260 as number), v1);
return cbor.encode(cborMap);
}
The Expiration and Issued At Dates are here:
// expiration
cborMap.set((4 as number), issuedAtSec + expiredSeconds);
// issued at
cborMap.set((6 as number), issuedAtSec);
from dgca-issuance-web.
@ggrund-tsi Please also see related: eu-digital-green-certificates/dgca-issuance-service#73
from dgca-issuance-web.
Hi @psavva,
you are right. This fact was not present for me.
regards
from dgca-issuance-web.
@daniel-eder I think this issue is critical and needs some attention how to proceed with some urgency.
Any member state that produces for example a Covid Test Certificate, will result in having a certificate valid for 1 year, when they may need to have it only valid for 3 days.
I can of course fix this for Cyprus, but I think this requires attention, and the dates expected is not what is coded here.
Same applies for the Recovery for the WEb and the Issuance Service. Please see the linked issue .
eu-digital-green-certificates/dgca-issuance-service#73
from dgca-issuance-web.
@SchulzeStTSI can you comment on this?
from dgca-issuance-web.
@psavva please check out this branch before we merge it https://github.com/eu-digital-green-certificates/dgca-issuance-web/tree/fix/cert-expiration
from dgca-issuance-web.
This is definitely in the right direction.
I would not hard code the periods, as each country has the option to configure the validity period.
Tests are still valid for a full year.
This PR will fix the Recovery Cert with the limitation of the duration.
from dgca-issuance-web.
@psavva now issuance service provide 3 days expiration for test certificate
from dgca-issuance-web.
Hi @ggrund-tsi
The expiration for the Test and Vaccination is set on the web when issuing a cert using this interface.
The issuance service does not control the issued and expiration dates at all.
The expiration is now set using your function
const getExpiration = (certData: EUDGC, certMetaData: CertificateMetaData) => { let result = certMetaData.expired;
if (certData && certData.r && certData.r[0]) { result = new Date(certData.r[0].du).getTime() / 1000 | 0; }
return result;}
However, it's only handling the expiration of the recovery. It must handle for all 3 types of certs.
ie: r,t,v collections
from dgca-issuance-web.
@ggrund-tsi @SchulzeStTSI Do you agree with my analysis here?
How shall we proceed?
from dgca-issuance-web.
Hi @psavva,
for me this issue is finished. I don't understand what you mean.
Maybe I miss something?
I try to show my point of view.
recovery case:
only in this case you have the possibility to have influence on expiration in frontend.
The values 'Certificate Valid From - To*' calculate the expiration (now until 'Valid To').
This calculated value is entered in cose header.
vaccination and test case:
for these cases in frontend is no datepicker to choose expiration date. (no need for fulfill JSON Schema)
But for cose header you need an expiration date. This expirations are set in issuance service: line 51 in https://github.com/eu-digital-green-certificates/dgca-issuance-service/blob/main/src/main/resources/application.yml.
You get this expiration value as response from '/dgca-issuance-service/dgci/issue'.
I'm open for any other proposals and will discuss those things with achitecture lead but for the moment I see no real issue.
best regards, Gordon
from dgca-issuance-web.
Hi @ggrund-tsi
I might have a misunderstand here, but I don't believe the endpoint 'dgca-issuance-service/dgci/issue' for Vaccination and Recovery are using the overload which accepts the data as per hcert-schema, but it's using the overloads as such:
-
return api.post('/dgca-issuance-service/dgci/issue', certInit)
where certInit only contains one value of
enum CertType { Vaccination = 'Vaccination', Recovery = 'Recovery', Test = 'Test'} -
Generate the QR code internal to the WEB implementation via
createCertificateQRData(edgcPayload, certMetaData, (hash)
And last, call the signerCall function which only accepts there Id and hash in order to get the TAN.
const signerCall = (id: string, hash: string): Promise<SigResponse> => { return api.put('/dgca-issuance-service/dgci/issue/' + id, { hash: hash }) .then(res => { const sigResponse: SigResponse = res.data; return sigResponse; });}
At no point in the Web Issuance code is it calling the api which creates the QR Code from the DGCA-Issuance-Service.
Please let me know if I've missed something here.
Best Regards
Panayiotis Savva
from dgca-issuance-web.
Here is an example for Vaccination:
First Call from dgca-issuance-web to dgca-issuance-service
:method: POST
:path: /dgci/issue
:scheme: https
Status Code: 200
Payload
{"greenCertificateType":"Vaccination"}
Response:
{"id":"389033_Ucgf0B-uf4XZuZSdiohmkyW3mqj-jvovNA2wPkI1mc0","dgci":"URN:UVCI:V1:CY:PFYWAIPL1N598MNO1WQ7C3X83E","kid":"H6KcgU3y0DY=","algId":-7,"countryCode":"CY","expired":1654690103,"additionalProperties":{}}
Second Call:
:method: PUT
:path: /dgci/issue/389033_Ucgf0B-uf4XZuZSdiohmkyW3mqj-jvovNA2wPkI1mc0
:scheme: https
Status Code: 200
Payload:
{"hash":"jWIMtYfHPdu4BBVGvAVo8XQ45RTUWE5ZnNbHClBtIfs="}
Response:
{"tan":"MDJB8AEV","signature":"Wq//IPQU3TD9q6J725WXsMRsz/vrIIkooBHyIrCp5wR+gkU+U7Jo+8BBMnOvg8XYuqdz7aBPham0d9CC8sf7fw==","additionalProperties":{}}
From the whole process, you will notice that we are never sending any information to the issuance service via the PUT to the dgci/issue endpoint, which requires a payout of eudgc type which would be required if you wanted the issuance-service to generate the actual QR Code for Test and Vaccination...
ver*
-- | --
nam*
dob*
v | [...]
t | [...]
r | [...]
The configuration for the expiry periods (as in the issuance-service) must also be replicated to the dgc web, if we are to keep the current implementation of the web (ie: generate QR code internally, without personal data transmission over the wire)
from dgca-issuance-web.
At no point in the Web Issuance code is it calling the api which creates the QR Code from the DGCA-Issuance-Service.
Please let me know if I've missed something here.
Hi @psavva,
for dataprivacy reasons (in germany) almost the complete QR-Code will be created in frontend. --> No personal data leaves frontend until wallet or verifier scan.
Only hash signing will be made by issuance-service.
Because of the need of other/backend implementations issuance-service also provides the creating functionality.
I hope this will clarify the issue and maybe we will hear us later.
best regards, Gordon
from dgca-issuance-web.
Hi @ggrund-tsi
We are on the same page here :)
But now you can see the implementation in the WEB Frontend is missing the expiry date handing for Vaccination and Tests?
const getExpiration = (certData: EUDGC, certMetaData: CertificateMetaData) => {
let result = certMetaData.expired;
if (certData && certData.r && certData.r[0]) {
result = new Date(certData.r[0].du).getTime() / 1000 | 0;
}
return result;
}
The above function must handle for certData.v and certData.t
from dgca-issuance-web.
Hi @psavva ,
in first line of getExpiration method the default-expiration from issance service is set.
let result = certMetaData.expired;
certMetaData is the response from /dgca-issuance-service/dgci/issue
- I mentioned.
getExpiration
Method will override the issuance-service expiration only for recovery case.
regards.
from dgca-issuance-web.
The above function must handle for certData.v and certData.t
it's handled implicite in /dgca-issuance-service/dgci/issue
- you mentioned
return api.post('/dgca-issuance-service/dgci/issue', certInit)
where certInit only contains one value of
enum CertType { Vaccination = 'Vaccination', Recovery = 'Recovery', Test = 'Test'}
from dgca-issuance-web.
Let's discuss in our call in 20 mins with @SchulzeStTSI
from dgca-issuance-web.
please see possible fix:
https://github.com/eu-digital-green-certificates/dgca-issuance-web/tree/fix/expiration-for-vac-and-tst
from dgca-issuance-web.
This branch https://github.com/eu-digital-green-certificates/dgca-issuance-web/tree/fix/expiration-for-vac-and-tst
will be merge to main?
from dgca-issuance-web.
Hi @lexin10,
we've needed to adjust issuance service before.
Now it is able to merge (#93).
regards, Gordon
from dgca-issuance-web.
Related Issues (20)
- Proxy error HOT 7
- errore 500 HOT 1
- errore pdf-generater.component.tsx HOT 7
- Qualcuno รจ riuscito ad emettere un certificato funzionante? HOT 21
- Help HOT 1
- installazione pacchetti HOT 2
- Error 500 HOT 5
- > > Io ho installato sia su linux che su debian. Stessi comandi. HOT 6
- An error occured: Request failed with status code 500
- How to remove?
- costica gica
- Failed to compile HOT 8
- problem solved but... HOT 3
- Loop HOT 6
- Line 0: Parsing error: Cannot read properties of undefined (reading 'map')
- ECONNREFUSED
- Installation HOT 3
- LOOP HOT 1
- Field "birth day" (required field) is not checked HOT 5
- Web no work on safari browser
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dgca-issuance-web.