verification

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 4, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package verification provides the ability to verify the diagnosis certificates (JWTs) coming from public health authorities that are responsible for verifying diagnosis pin codes and certifying the TEKs.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrNoPublicKeys indicates no public keys were found when verifying the certificate.
	ErrNoPublicKeys = errors.New("no active public keys for health authority")
	ErrNotValidYet  = errors.New("not valid yet (NBF or IAT) in the future")
)

Functions

This section is empty.

Types

type Config

type Config struct {
	CacheDuration time.Duration `env:"VERIFICATION_CACHE_DURATION, default=5m"`

	// StatsAudience is the expected JWT 'aud' value when calling the /v1/stats API.
	StatsAudience string `env:"STATS_AUDIENCE, default=keyserver"`
}

Config represents the available configuration for the public health authority verification piece.

type VerifiedClaims

type VerifiedClaims struct {
	HealthAuthorityID    int64
	ReportType           string // blank indicates no report type was present.
	SymptomOnsetInterval uint32 // 0 indicates no symptom onset interval present. This should be checked for "reasonable" value before application.
}

VerifiedClaims represents the relevant claims extracted from a verified certificate that may need to be applied.

type Verifier

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier can be used to verify public health authority diagnosis verification certificates.

func New

func New(db *database.HealthAuthorityDB, config *Config) (*Verifier, error)

New creates a new verifier, based on this DB handle.

func (*Verifier) AuthenticateStatsToken added in v0.19.0

func (v *Verifier) AuthenticateStatsToken(ctx context.Context, rawToken string) (int64, error)

AuthenticateStatsToken parse the provided JWT and determines if it is an authorized stats request and returns the authorized health authority ID.

func (*Verifier) VerifyDiagnosisCertificate

func (v *Verifier) VerifyDiagnosisCertificate(ctx context.Context, authApp *aamodel.AuthorizedApp, publish *verifyapi.Publish) (*VerifiedClaims, error)

VerifyDiagnosisCertificate accepts a publish request (from which is extracts the JWT), fully verifies the JWT and signture against what the passed in authorrized app is allowed to use. Returns any transmission risk overrides if they are present.

Directories

Path Synopsis
Package database is a database interface to health authorities.
Package database is a database interface to health authorities.
Package model is a model abstraction of health authorities.
Package model is a model abstraction of health authorities.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL