Modified to fit newest version of schemata

Modified verification signature algorithm

Author: jvitrifork

pom.xml

@@ -42,6 +42,13 @@
             <version>1.1.0</version>
         </dependency>
 
+        <dependency>
+            <groupId>com.upokecenter</groupId>
+            <artifactId>cbor</artifactId>
+            <version>4.3.0</version>
+        </dependency>
+
+
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
@@ -54,11 +61,18 @@
             <version>0.0.3</version>
         </dependency>
 
+        <!-- https://mvnrepository.com/artifact/javax.validation/validation-api -->
+        <dependency>
+            <groupId>javax.validation</groupId>
+            <artifactId>validation-api</artifactId>
+            <version>2.0.1.Final</version>
+        </dependency>
+
+
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
             <version>2.12.2</version>
-            <scope>test</scope>
         </dependency>
 
         <dependency>
@@ -88,59 +102,25 @@
 
         <plugins>
 
-            <plugin>
-                <artifactId>maven-antrun-plugin</artifactId>
-                <version>1.8</version>
-                <executions>
-                    <execution>
-                        <phase>initialize</phase>
-                        <configuration>
-                            <target>
-                                <mkdir dir="${basedir}/src/main/resources/schema" />
-                            </target>
-                        </configuration>
-                        <goals>
-                            <goal>run</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
 
-            <plugin>
-                <groupId>com.googlecode.maven-download-plugin</groupId>
-                <artifactId>download-maven-plugin</artifactId>
-                <version>1.6.1</version>
-                <executions>
-                    <execution>
-                        <id>get-schema-yml</id>
-                        <phase>generate-sources</phase>
-                        <goals>
-                            <goal>wget</goal>
-                        </goals>
-
-                    </execution>
-                </executions>
-                <configuration>
-                    <url>
-                        https://raw.githubusercontent.com/ehn-digital-green-development/hcert-schema/main/eu_hcert_v1_schema.yaml
-                    </url>
-                    <outputDirectory>${basedir}/src/main/resources/schema</outputDirectory>
-                </configuration>
-            </plugin>
 
             <plugin>
                 <groupId>org.jsonschema2pojo</groupId>
                 <artifactId>jsonschema2pojo-maven-plugin</artifactId>
                 <version>1.1.0</version>
                 <configuration>
-                    <sourceDirectory>${basedir}/src/main/resources</sourceDirectory>
-                    <targetPackage>ehn.techiop.hcert</targetPackage>
+                    <sourceDirectory>${basedir}/src/main/resources/schema</sourceDirectory>
+                    <includeAdditionalProperties>false</includeAdditionalProperties>
+                    <targetPackage>ehn.techiop.healthCertificate</targetPackage>
                     <sourceType>yamlschema</sourceType>
                     <formatDates>true</formatDates>
                     <generateBuilders>true</generateBuilders>
                     <inclusionLevel>NON_EMPTY</inclusionLevel>
-
+                    <includeJsr303Annotations>true</includeJsr303Annotations>
+                    <includeConstructors>true</includeConstructors>
+                    <useTitleAsClassname>true</useTitleAsClassname>
                 </configuration>
+
                 <executions>
                     <execution>
                         <phase>generate-sources</phase>

src/main/java/ehn/techiop/hcert/CertificateProvider.java

@@ -0,0 +1,9 @@
+package ehn.techiop.hcert;
+
+import COSE.CoseException;
+
+import java.security.PublicKey;
+
+public interface CertificateProvider {
+    PublicKey provideKey(String kid, String issuer) throws CoseException;
+}

src/main/java/ehn/techiop/hcert/GreenCertificateDecoder.java

@@ -2,76 +2,85 @@
 
 import static org.apache.commons.compress.utils.IOUtils.toByteArray;
 
-import COSE.CoseException;
-import COSE.Message;
-import COSE.MessageTag;
-import COSE.OneKey;
-import COSE.Sign1Message;
+import COSE.*;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.upokecenter.cbor.CBORObject;
+
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+
+import ehn.techiop.hcert.model.CertificatePayload;
 import nl.minvws.encoding.Base45;
 import org.apache.commons.compress.compressors.CompressorException;
 import org.apache.commons.compress.compressors.CompressorInputStream;
 import org.apache.commons.compress.compressors.CompressorStreamFactory;
 
 public class GreenCertificateDecoder {
 
-  private final OneKey publicKey;
+    private final CertificateProvider certificateProvider;
+    private final String prefix;
 
-  public GreenCertificateDecoder(OneKey publicKey) {
-    this.publicKey = publicKey;
-  }
+    public GreenCertificateDecoder(CertificateProvider certificateProvider) {
+        this(certificateProvider, "HC1");
+    }
 
+    public GreenCertificateDecoder(CertificateProvider certificateProvider, String prefix) {
+        this.certificateProvider = certificateProvider;
+        this.prefix = prefix;
+    }
 
 
-  /**
-   * Decodes base45 encoded string -> Deflate -> COSE -> CBOR -> arbitrary Json String
-   *
-   * @param base45String
-   * @return
-   * @throws CompressorException
-   * @throws IOException
-   * @throws CoseException
-   */
-  public String decode(String base45String) throws CompressorException, IOException, CoseException {
-    if(!base45String.startsWith("HC1"))
-      throw new RuntimeException("Base45 string not valid according to specification");
+    /**
+     * Decodes base45 encoded string -> Deflate -> COSE -> CBOR -> arbitrary Json String
+     *
+     * @param base45String
+     * @return
+     * @throws CompressorException
+     * @throws IOException
+     * @throws CoseException
+     */
+    public String decode(String base45String) throws CompressorException, IOException, CoseException {
+        if (!base45String.startsWith(prefix))
+            throw new RuntimeException("Base45 string not valid according to specification");
 
-    base45String = base45String.substring(3);
-    byte[] decodedBytes = Base45.getDecoder().decode(base45String);
+        base45String = base45String.substring(3);
+        byte[] decodedBytes = Base45.getDecoder().decode(base45String);
 
-    byte[] coseBytes = getCoseBytes(decodedBytes);
+        byte[] coseBytes = decompress(decodedBytes);
 
-    byte[] cborBytes = getCborBytes(coseBytes);
+        return toJsonPayload(coseBytes);
+    }
 
-    return getJsonString(cborBytes);
-  }
+    private String toJsonPayload(byte[] coseBytes) throws CoseException, IOException {
+        Sign1Message msg = (Sign1Message) Message.DecodeFromBytes(coseBytes, MessageTag.Sign1);
 
-  private String getJsonString(byte[] cborBytes) throws IOException {
-    CBORObject cborObject = CBORObject.DecodeFromBytes(cborBytes);
-    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
-    cborObject.WriteJSONTo(byteArrayOutputStream);
+        String kid = msg.getProtectedAttributes().get(HeaderKeys.KID.AsCBOR()).AsString();
 
-    return byteArrayOutputStream.toString("UTF-8");
-  }
+        CBORObject cborObject = CBORObject.DecodeFromBytes(msg.GetContent());
+        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+        cborObject.WriteJSONTo(byteArrayOutputStream);
 
-  private byte[] getCborBytes(byte[] coseBytes) throws CoseException {
-    Sign1Message msg = (Sign1Message) Message.DecodeFromBytes(coseBytes, MessageTag.Sign1);
-    if (!msg.validate(publicKey)) {
-      throw new RuntimeException("Could not verify COSE signature");
-    }
+        String json = byteArrayOutputStream.toString("UTF-8");
 
-    return msg.GetContent();
-  }
+        ObjectMapper objectMapper = new ObjectMapper();
+        CertificatePayload certificatePayload = objectMapper.readValue(json, CertificatePayload.class);
+        String issuer = certificatePayload.getIss();
 
-  private byte[] getCoseBytes(byte[] decodedBytes) throws CompressorException, IOException {
 
-    CompressorInputStream compressedStream = new CompressorStreamFactory()
-        .createCompressorInputStream(CompressorStreamFactory.DEFLATE,
-            new ByteArrayInputStream(decodedBytes));
+        if (!msg.validate(new OneKey(certificateProvider.provideKey(kid, issuer), null))) {
+            throw new RuntimeException("Could not verify COSE signature");
+        }
 
-    return toByteArray(compressedStream);
-  }
+        return json;
+    }
+
+    private byte[] decompress(byte[] decodedBytes) throws CompressorException, IOException {
+
+        CompressorInputStream compressedStream = new CompressorStreamFactory()
+                .createCompressorInputStream(CompressorStreamFactory.DEFLATE,
+                        new ByteArrayInputStream(decodedBytes));
+
+        return toByteArray(compressedStream);
+    }
 }

src/main/java/ehn/techiop/hcert/GreenCertificateEncoder.java

@@ -1,32 +1,35 @@
 package ehn.techiop.hcert;
 
 import COSE.Attribute;
-import COSE.AlgorithmID;
 import COSE.CoseException;
 import COSE.HeaderKeys;
 import COSE.KeyKeys;
 import COSE.OneKey;
 import COSE.Sign1Message;
 import com.upokecenter.cbor.CBORObject;
-import java.security.PrivateKey;
-import java.security.interfaces.RSAPrivateCrtKey;
 import org.apache.commons.compress.compressors.CompressorException;
 import org.apache.commons.compress.compressors.CompressorOutputStream;
 import org.apache.commons.compress.compressors.CompressorStreamFactory;
 
 import nl.minvws.encoding.Base45;
+
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.util.UUID;
 
 public class GreenCertificateEncoder {
 
     private final OneKey privateKey;
-    private String kid;
+    private final String kid;
+    private final String prefix;
 
     public GreenCertificateEncoder(OneKey privateKey, String kid) {
+        this(privateKey, kid, "HC1");
+    }
+
+    public GreenCertificateEncoder(OneKey privateKey, String kid, String prefix) {
         this.privateKey = privateKey;
         this.kid = kid;
+        this.prefix = prefix;
     }
 
     /**
@@ -40,21 +43,21 @@ public GreenCertificateEncoder(OneKey privateKey, String kid) {
      */
     public String encode(String json) throws CoseException, CompressorException, IOException {
 
-        byte[] cborBytes = getCborBytes(json);
+        byte[] cborBytes = toCBORbytes(json);
 
         byte[] coseBytes = getCOSEBytes(cborBytes);
 
-        byte[] deflateBytes = getDeflateBytes(coseBytes);
+        byte[] deflateBytes = compress(coseBytes);
 
         return getBase45(deflateBytes);
     }
 
     private String getBase45(byte[] deflateBytes) {
 
-        return "HC1" + Base45.getEncoder().encodeToString(deflateBytes);
+        return prefix + Base45.getEncoder().encodeToString(deflateBytes);
     }
 
-    private byte[] getDeflateBytes(byte[] messageBytes) throws CompressorException, IOException {
+    private byte[] compress(byte[] messageBytes) throws CompressorException, IOException {
         ByteArrayOutputStream deflateOutputStream = new ByteArrayOutputStream();
         try (CompressorOutputStream deflateOut = new CompressorStreamFactory()
                 .createCompressorOutputStream(CompressorStreamFactory.DEFLATE, deflateOutputStream)) {
@@ -75,9 +78,8 @@ private byte[] getCOSEBytes(byte[] cborBytes) throws CoseException {
         return msg.EncodeToBytes();
     }
 
-    private byte[] getCborBytes(String json) {
+    private byte[] toCBORbytes(String json) {
         CBORObject cborObject = CBORObject.FromJSONString(json);
-
         return cborObject.EncodeToBytes();
     }
 }

src/main/java/ehn/techiop/hcert/model/CertificatePayload.java

@@ -14,7 +14,7 @@ public class CertificatePayload {
     private long exp;
 
     @JsonProperty("-260")
-    private Hcert hcert;
+    private HealthCertificate healthCertificate;
 
 
     public String getIss() {
@@ -41,12 +41,12 @@ public void setExp(long exp) {
         this.exp = exp;
     }
 
-    public Hcert getHcert() {
-        return hcert;
+    public HealthCertificate getHcert() {
+        return healthCertificate;
     }
 
-    public void setHcert(Hcert hcert) {
-        this.hcert = hcert;
+    public void setHcert(HealthCertificate healthCertificate) {
+        this.healthCertificate = healthCertificate;
     }
 
 }

src/main/java/ehn/techiop/hcert/model/Hcert.java

@@ -0,0 +1,18 @@
+package ehn.techiop.hcert.model;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import ehn.techiop.hcert.DigitalGreenCertificate;
+
+public class HealthCertificate {
+
+    @JsonProperty("1")
+    private DigitalGreenCertificate digitalGreenCertificate;
+
+    public DigitalGreenCertificate getDigitalGreenCertificate() {
+        return digitalGreenCertificate;
+    }
+
+    public void setDigitalGreenCertificate(DigitalGreenCertificate digitalGreenCertificate) {
+        this.digitalGreenCertificate = digitalGreenCertificate;
+    }
+}