Corrected according to dgc-java

Author: jvitrifork

pom.xml

@@ -26,6 +26,12 @@
         <maven.compiler.source>1.8</maven.compiler.source>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
+    <repositories>
+        <repository>
+            <id>staging</id>
+            <url>https://s01.oss.sonatype.org/content/groups/staging</url>
+        </repository>
+    </repositories>
     <distributionManagement>
         <repository>
             <id>github</id>
@@ -75,6 +81,14 @@
             <version>2.12.2</version>
         </dependency>
 
+        <!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jsr310 -->
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+            <version>2.12.2</version>
+        </dependency>
+
+
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
@@ -90,6 +104,12 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>se.digg.dgc</groupId>
+            <artifactId>dgc-create-validate</artifactId>
+            <version>0.9.0</version>
+            <scope>test</scope>
+        </dependency>
 
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
@@ -115,7 +135,7 @@
                     <sourceType>yamlschema</sourceType>
                     <formatDates>true</formatDates>
                     <generateBuilders>true</generateBuilders>
-                    <inclusionLevel>NON_EMPTY</inclusionLevel>
+                    <!--<inclusionLevel>NON_EMPTY</inclusionLevel>-->
                     <includeJsr303Annotations>true</includeJsr303Annotations>
                     <includeConstructors>true</includeConstructors>
                     <useTitleAsClassname>true</useTitleAsClassname>

src/main/java/ehn/techiop/hcert/CertificateProvider.java

@@ -5,5 +5,5 @@
 import java.security.PublicKey;
 
 public interface CertificateProvider {
-    PublicKey provideKey(String kid, String issuer) throws CoseException;
+    PublicKey provideKey(byte[] kid, String issuer) throws CoseException;
 }

src/main/java/ehn/techiop/hcert/GreenCertificateDecoder.java

@@ -4,6 +4,8 @@
 
 import COSE.*;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import com.upokecenter.cbor.CBORObject;
 
 import java.io.ByteArrayInputStream;
@@ -55,7 +57,7 @@ public String decode(String base45String) throws CompressorException, IOExceptio
     private String toJsonPayload(byte[] coseBytes) throws CoseException, IOException {
         Sign1Message msg = (Sign1Message) Message.DecodeFromBytes(coseBytes, MessageTag.Sign1);
 
-        String kid = msg.getProtectedAttributes().get(HeaderKeys.KID.AsCBOR()).AsString();
+        byte[] kid = msg.getProtectedAttributes().get(HeaderKeys.KID.AsCBOR()).GetByteString();
 
         CBORObject cborObject = CBORObject.DecodeFromBytes(msg.GetContent());
         ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
@@ -64,6 +66,8 @@ private String toJsonPayload(byte[] coseBytes) throws CoseException, IOException
         String json = byteArrayOutputStream.toString("UTF-8");
 
         ObjectMapper objectMapper = new ObjectMapper();
+        objectMapper.registerModule(new JavaTimeModule());
+        objectMapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);
         CertificatePayload certificatePayload = objectMapper.readValue(json, CertificatePayload.class);
         String issuer = certificatePayload.getIss();
 

src/main/java/ehn/techiop/hcert/GreenCertificateEncoder.java

@@ -19,14 +19,14 @@
 public class GreenCertificateEncoder {
 
     private final OneKey privateKey;
-    private final String kid;
+    private final byte[] kid;
     private final String prefix;
 
-    public GreenCertificateEncoder(OneKey privateKey, String kid) {
+    public GreenCertificateEncoder(OneKey privateKey, byte[] kid) {
         this(privateKey, kid, "HC1");
     }
 
-    public GreenCertificateEncoder(OneKey privateKey, String kid, String prefix) {
+    public GreenCertificateEncoder(OneKey privateKey, byte[] kid, String prefix) {
         this.privateKey = privateKey;
         this.kid = kid;
         this.prefix = prefix;

src/test/java/ehn/techiop/hcert/CertificateTest.java

@@ -4,22 +4,30 @@
 import COSE.CoseException;
 import COSE.OneKey;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import ehn.techiop.hcert.model.CertificatePayload;
 import ehn.techiop.hcert.model.HealthCertificate;
 import org.apache.commons.compress.compressors.CompressorException;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.x509.X509V1CertificateGenerator;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+import se.digg.dgc.payload.v1.DGCSchemaException;
+import se.digg.dgc.service.impl.DefaultDGCEncoder;
+import se.digg.dgc.signatures.impl.DefaultDGCSigner;
 
+import javax.security.auth.x500.X500Principal;
 import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Security;
+import java.math.BigInteger;
+import java.nio.charset.StandardCharsets;
+import java.security.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.time.LocalDateTime;
 import java.time.ZoneOffset;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.UUID;
+import java.util.*;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
@@ -79,7 +87,7 @@ static void beforeAll() throws Exception {
     @Test
     void roundtrip() throws CompressorException, CoseException, IOException {
 
-        String encoded = new GreenCertificateEncoder(cborPrivateKey, UUID.randomUUID().toString()).encode(json);
+        String encoded = new GreenCertificateEncoder(cborPrivateKey, UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)).encode(json);
         String result = new GreenCertificateDecoder((kid, issuer) -> cborPublicKey.AsPublicKey()).decode(encoded);
 
         ObjectMapper mapper = new ObjectMapper();
@@ -92,7 +100,7 @@ void wrongPublicKey() throws CompressorException, CoseException, IOException {
 
         OneKey anotherPublicKey = OneKey.generateKey(AlgorithmID.ECDSA_256).PublicKey();
 
-        String encoded = new GreenCertificateEncoder(cborPrivateKey, UUID.randomUUID().toString()).encode(json);
+        String encoded = new GreenCertificateEncoder(cborPrivateKey, UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)).encode(json);
 
         Exception exception = assertThrows(RuntimeException.class,
                 () -> new GreenCertificateDecoder((kid, issuer) -> anotherPublicKey.AsPublicKey()).decode(encoded));
@@ -107,7 +115,7 @@ void rsaKeys() throws CompressorException, CoseException, IOException, NoSuchAlg
 
         OneKey keys = OneKey.generateKey(AlgorithmID.RSA_PSS_256);
 
-        String encoded = new GreenCertificateEncoder(keys, UUID.randomUUID().toString()).encode(json);
+        String encoded = new GreenCertificateEncoder(keys, UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)).encode(json);
         String result = new GreenCertificateDecoder((kid, issuer) -> keys.AsPublicKey()).decode(encoded);
         ObjectMapper mapper = new ObjectMapper();
         assertEquals(mapper.readTree(json), mapper.readTree(result));
@@ -170,7 +178,7 @@ void rsaKeys() throws CompressorException, CoseException, IOException, NoSuchAlg
             .build();
 
     CertificatePayload test_0405870109 = new CertificateDSL()
-            .withSubject("Judy", "Jensen")
+            .withSubject("Øjvind", "Ørn")
             .withExpiredVaccine()
             .withExpiredTestResult()
             .withRecovery()
@@ -181,11 +189,58 @@ void testSetDKExample() throws IOException, CompressorException, CoseException {
 
         String input = new ObjectMapper().writeValueAsString(test_0405870101);
 
-        String encoded = new GreenCertificateEncoder(cborPrivateKey, UUID.randomUUID().toString()).encode(input);
+        String encoded = new GreenCertificateEncoder(cborPrivateKey, UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)).encode(input);
         String result = new GreenCertificateDecoder((kid, issuer) -> cborPublicKey.AsPublicKey()).decode(encoded);
 
         ObjectMapper mapper = new ObjectMapper();
         assertEquals(mapper.readTree(input), mapper.readTree(result));
     }
 
+    @Test
+    void testAgainstDGCJava() throws CertificateException, IOException, NoSuchAlgorithmException, DGCSchemaException, SignatureException, CompressorException, CoseException, NoSuchProviderException, InvalidKeyException {
+
+        Security.insertProviderAt(new BouncyCastleProvider(), 1);
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
+        keyPairGenerator.initialize(2048, new SecureRandom());
+
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+        Certificate certificate = generateCertificate(keyPair);
+
+
+        se.digg.dgc.payload.v1.DigitalGreenCertificate testData = DefaultDGCExample.getTestDGC();
+        DefaultDGCEncoder encoder = new DefaultDGCEncoder(new DefaultDGCSigner(keyPair.getPrivate(), (X509Certificate) certificate));
+        String bytes = encoder.encode(testData, LocalDateTime.now().toInstant(ZoneOffset.UTC));
+        String result = new GreenCertificateDecoder((kid, issuer) -> certificate.getPublicKey()).decode(bytes);
+
+
+        ObjectMapper mapper = new ObjectMapper();
+        mapper.registerModule(new JavaTimeModule());
+
+        mapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);
+
+
+        DigitalGreenCertificate dgcResult = mapper.readValue(result, CertificatePayload.class).getHcert().getDigitalGreenCertificate();
+        assertEquals( mapper.valueToTree(testData), mapper.valueToTree(dgcResult));
+    }
+
+
+
+    public static Certificate generateCertificate(KeyPair keyPair) throws CertificateException, NoSuchAlgorithmException, SignatureException, NoSuchProviderException, InvalidKeyException {
+        // yesterday
+        Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
+        // in 2 years
+        Date validityEndDate = new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000);
+
+        X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
+        X500Principal dnName = new X500Principal("CN=John Doe, C=DK");
+        certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
+        certGen.setSubjectDN(dnName);
+        certGen.setIssuerDN(dnName); // use the same
+        certGen.setNotBefore(validityBeginDate);
+        certGen.setNotAfter(validityEndDate);
+        certGen.setPublicKey(keyPair.getPublic());
+        certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
+        return certGen.generate(keyPair.getPrivate(), "BC");
+
+    }
 }

src/test/java/ehn/techiop/hcert/DefaultDGCExample.java

@@ -0,0 +1,46 @@
+package ehn.techiop.hcert;
+
+import se.digg.dgc.payload.v1.DigitalGreenCertificate;
+import se.digg.dgc.payload.v1.Id;
+import se.digg.dgc.payload.v1.Sub;
+import se.digg.dgc.payload.v1.Vac;
+
+import java.time.LocalDate;
+import java.util.Arrays;
+
+public class DefaultDGCExample {
+
+    public static se.digg.dgc.payload.v1.DigitalGreenCertificate getTestDGC() {
+        se.digg.dgc.payload.v1.DigitalGreenCertificate dgc = new DigitalGreenCertificate();
+
+        se.digg.dgc.payload.v1.Sub sub = new Sub();
+        sub
+                .withGn("Martin")
+                .withFn("Lindström")
+                .withDob(LocalDate.parse("1969-11-29"))
+                .withGen("male");
+
+        se.digg.dgc.payload.v1.Id pnr = new se.digg.dgc.payload.v1.Id();
+        pnr.withI("NN").withT("196911292932");
+        se.digg.dgc.payload.v1.Id passport = new Id();
+        passport.withI("PPN").withT("56987413");
+        sub.withId(Arrays.asList(pnr, passport));
+
+        dgc.setSub(sub);
+
+        se.digg.dgc.payload.v1.Vac vac = new Vac();
+        vac
+                .withDis("Covid-19")
+                .withVap("vap-value")
+                .withMep("mep-value")
+                .withAut("aut-value")
+                .withSeq(Integer.valueOf(1))
+                .withTot(Integer.valueOf(2))
+                .withDat(LocalDate.parse("2021-04-02"))
+                .withCou("SE");
+
+        dgc.setVac(Arrays.asList(vac));
+
+        return dgc;
+    }
+}