verification

package

v1.17.0 Latest Latest Go to latest Published: Feb 27, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/exposure-notifications-server

Links

Open Source Insights

Documentation ¶

Overview ¶

Package verification provides the ability to verify the diagnosis certificates (JWTs) coming from public health authorities that are responsible for verifying diagnosis pin codes and certifying the TEKs.

Index ¶

Variables
type Config
type VerifiedClaims
type Verifier
- func New(db *database.HealthAuthorityDB, config *Config) (*Verifier, error)
- func (v *Verifier) AuthenticateStatsToken(ctx context.Context, rawToken string) (int64, error)
- func (v *Verifier) VerifyDiagnosisCertificate(ctx context.Context, authApp *aamodel.AuthorizedApp, ...) (*VerifiedClaims, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNoPublicKeys indicates no public keys were found when verifying the certificate.
	ErrNoPublicKeys = errors.New("no active public keys for health authority")
	ErrNotValidYet  = errors.New("not valid yet (NBF or IAT) in the future")
)

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	CacheDuration time.Duration `env:"VERIFICATION_CACHE_DURATION, default=5m"`

	// StatsAudience is the expected JWT 'aud' value when calling the /v1/stats API.
	StatsAudience string `env:"STATS_AUDIENCE, default=keyserver"`
}

Config represents the available configuration for the public health authority verification piece.

type VerifiedClaims ¶

type VerifiedClaims struct {
	HealthAuthorityID    int64
	ReportType           string // blank indicates no report type was present.
	SymptomOnsetInterval uint32 // 0 indicates no symptom onset interval present. This should be checked for "reasonable" value before application.
}

VerifiedClaims represents the relevant claims extracted from a verified certificate that may need to be applied.

type Verifier ¶

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier can be used to verify public health authority diagnosis verification certificates.

func New ¶

func New(db *database.HealthAuthorityDB, config *Config) (*Verifier, error)

New creates a new verifier, based on this DB handle.

func (*Verifier) AuthenticateStatsToken ¶ added in v0.19.0

func (v *Verifier) AuthenticateStatsToken(ctx context.Context, rawToken string) (int64, error)

AuthenticateStatsToken parse the provided JWT and determines if it is an authorized stats request and returns the authorized health authority ID.

func (*Verifier) VerifyDiagnosisCertificate ¶

func (v *Verifier) VerifyDiagnosisCertificate(ctx context.Context, authApp *aamodel.AuthorizedApp, publish *verifyapi.Publish) (*VerifiedClaims, error)

VerifyDiagnosisCertificate accepts a publish request (from which is extracts the JWT), fully verifies the JWT and signture against what the passed in authorrized app is allowed to use. Returns any transmission risk overrides if they are present.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
database Package database is a database interface to health authorities.	Package database is a database interface to health authorities.
model Package model is a model abstraction of health authorities.	Package model is a model abstraction of health authorities.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL