Is it possible to implement dp3t in a country not yet allowed by the Google Exposure API in a local environment?

[alexlopez8a]

Hello, for several days I have been trying to run the apps in this repository in a local environment, implementing the connection with the back end to have the complete system in a test environment.

From what I see, it is impossible for us to implement the dp3t back end, since it is necessary for my country's health system to implement it to begin integrating operators that offer the service to citizens. Which honestly and unfortunately I do not think will happen in my country, at least in a short time :(.

We do not want that to stop us, so we are seeing new alternatives to become operators without depending on the government, although this means not having interoperability with other operators for some time.

Now I wonder, is it possible to implement the sdk from dp3t in an own android app, and connect it to a back end fully developed by us?

Or when using the dp3t sdk am I forced to use all the infrastructure? including back end, and Google / Apple exposition api.

On the other hand, maybe I am a little confused and if it is possible to implement the projects included in these repositories in a local environment for testing. If this is possible I would greatly appreciate it if you could instruct me a little.

Regards.

[cpepis]

You can still use the DP3T Demo and Calibration app with prestandard tag.

[alexlopez8a]

Hi @cpepi001 , thanks for your response.

Does the android demo app also have a prestandard tag? If I look for the tag inside that project, github returns error 404.

I just tested the calibration app. It doesn't give me any kind of error. I only have a few doubts.

Could you connect it with any dp3t back end? since I see that the back end repositories do not have a prestandard tag either. Nor do I see any naked eye any URL or request to any server.

Regards

[cpepis]

Oh sorry, for the demo app you can use it as it is.

In demo/calibration find initDP3T function inside the MainApplication file and change DP3T.init(context, "org.dpppt.demo", true, publicKey);

to

DP3T.init(context, new ApplicationInfo("org.dpppt.demo", "http://localhost:8080", "http://localhost:8080"), publicKey);

Yes, I used the backend with PostgreSQL and to test it create a db with name for example dpppt and change in the application.properties file to your username and password.

To check that the backend is working type http://localhost:8080/v1 on your web browser and you should see a Hello from DP3T WS

[alexlopez8a]

Hello, I am currently running a project from the "dp3t-sdk-backend" repository, which uses the postgress database as you mentioned.

Also modify the initDP3T function, with the local IP address of the server:

Note: use nginx to redirect port 80 to port 8080 to connect to the DP3t server (I can access the path message "/ v1" without specifying port 8080). Also try leaving the CertificatePinner.Builder().Add() function with the original parameters, but was unsuccessful.

The application still returns the SYNC_ERROR_NETWORK state, and when I try to sync with the backend, the application enters the following exception, inside the file "RealConnection.java".

Do you know how to fix it? or did you have a similar problem?

Regards

[cpepis]

Backend (application.properties) file

1. datasource.username=yourUserName
2. datasource.password=yourPassword

3. ws.ecdsa.credentials.publicKey=yourPublicKey
4. ws.ecdsa.credentials.privateKey=yourPrivateKey

5. server.port=yourServerPort

1&2: When you installed PostgreSQL

3&4: You can generate them by running GenerateKeyPairEC.java

5: Use it if you don't want to use the default 8080 port

Demo/Calibration (MainApplication.java) file

PublicKey publicKey = SignatureUtil.getPublicKeyFromBase64OrThrow("yourPublicKey");
DP3T.init(this, new ApplicationInfo("org.dpppt.demo", url, url), publicKey);

For url I used IPv4 address + the server port I specified in the backend. http://yourIPv4:yourServerPort

If you running Android 9+ and you are using http for testing, you should change the network-security-config.xml file like this

<network-security-config>
    <!-- use default system config -->
    <base-config cleartextTrafficPermitted="true"/>
</network-security-config>

and similarly network-security-config.xml(debug)

<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
            <!-- Trust user added CAs while debuggable only -->
            <certificates src="user" />
        </trust-anchors>
    </base-config>
</network-security-config>

[alexlopez8a]

Hello, thank you very much again for your answer.

I tried to follow your steps, but I had a problem to run the file "GenerateKeyPairEC.java", when trying it it shows me the following error:

Error: Unable to initialize main class covid.App Caused by: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider

Create a new mvn project, where add in the pom.xml the references to the dependencies of BouncyCastleProvider, and when running mvn install I see how it downloads the package without problems.

Did something similar happen to you?

It is a little frustrating because all the other steps have been understood and performed without problems, I just need to close the certificate topic to comply with the steps you indicate.

I tried to create the ECDSA keys from the outside, but I could not create a key pair with a public key with exactly the same length as the public key that has the default calibration app configured.

Regards.

[cpepis]

Hello,

The way I did it was to move the GenerateKeyPairEC.java file as is shown below and then run it as I was getting errors from terminal. I'm using IntelliJ.

[alexlopez8a]

Thank you! I still have a doubt.

Do you run the package with the following command?

java -cp dpppt-backend-sdk-ws / target / dpppt-backend-sdk-ws - *. jar org.dpppt.backend.sdk.ws.GenerateKeyPairEC

According to my logic (I don't know much about mvn), I should run the package this way, but the system responds with the following error:

java.lang.ClassNotFoundException: org.dppt.backend.sdk.ws.GenerateKeyPairEC

Regards!

[cpepis]

Hello,

What I meant was to run GenerateKeyPairEC file to generate the keys and then run Application.

In any case here is a pair of keys to test it

Private:

LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUdUQWdFQU1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhCSGt3ZHdJQkFRUWdvYmRRdGFianQ2U1UveUhtDQo2TWZwb0dNd3haZnNrODIvUGNTQ1Z3M0dzdk9nQ2dZSUtvWkl6ajBEQVFlaFJBTkNBQVRuV2dWUkRrRXpKYTEyDQpjOGpRKzVpeTNibXJxNjBoRFhudHorZHF5NDBuZVVLODRnUklnSjFlazVCTkFaWHI3VmZ5NWo0MWwvSmxCSVk2DQowYkdvdFkydQ0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K

Public:

LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTUxb0ZVUTVCTXlXdGRuUEkwUHVZc3QyNXE2dXQNCklRMTU3Yy9uYXN1TkozbEN2T0lFU0lDZFhwT1FUUUdWNisxWDh1WStOWmZ5WlFTR090R3hxTFdOcmc9PQ0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=

Make sure to copy public key correctly as = is not selected with double click

[alexlopez8a]

Hi @cpepi001, Thanks again for your response, and sorry for the delay of mine, the project was frozen for several weeks in the organization where I work and until now I am returning to the topic.

I already integrated the keys you shared with me in the file dpppt-backend-sdk-ws / src / main / resources / application.properties. The file looks like this:

datasource.url=jdbc:postgresql://localhost:5432/dpppt
datasource.username=dpppt
datasource.password=dpppt
datasource.driverClassName=org.postgresql.ds.PGSimpleDataSource
datasource.failFast=true
datasource.maximumPoolSize=5
datasource.maxLifetime=1700000
datasource.idleTimeout=600000
datasource.connectionTimeout=30000
ws.exposedlist.cachecontrol=5
ws.app.source=org.dpppt.demo
ws.headers.protected=X-HELLO,X-BATCH-RELEASE-TIME
#ws.headers.debug=true
logging.level.org.springframework.web=DEBUG
logging.level.org.hibernate=ERROR
ws.ecdsa.credentials.privateKey=LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUdUQWdFQU1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhCSGt3ZHdJQkFRUWdvYmRRdGFianQ2U1UveUhtDQo2TWZwb0dNd3haZnNrODIvUGNTQ1Z3M0dzdk9nQ2dZSUtvWkl6ajBEQVFlaFJBTkNBQVRuV2dWUkRrRXpKYTEyDQpjOGpRKzVpeTNibXJxNjBoRFhudHorZHF5NDBuZVVLODRnUklnSjFlazVCTkFaWHI3VmZ5NWo0MWwvSmxCSVk2DQowYkdvdFkydQ0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K
ws.ecdsa.credentials.publicKey=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTUxb0ZVUTVCTXlXdGRuUEkwUHVZc3QyNXE2dXQNCklRMTU3Yy9uYXN1TkozbEN2T0lFU0lDZFhwT1FUUUdWNisxWDh1WStOWmZ5WlFTR090R3hxTFdOcmc9PQ0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=

Also add the public key in the initDP3T function, in addition to the server address on the local network.

public static void initDP3T(Context context) {
        PublicKey publicKey = SignatureUtil.getPublicKeyFromBase64OrThrow(
                "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1Ga3dFd1lIS29aSXpqMENBUVlJS29a"+
                        "SXpqMERBUWNEUWdBRTUxb0ZVUTVCTXlXdGRuUEkwUHVZc3QyNXE2dXQNCklRMTU3Yy9uYXN1Tk"+
                        "ozbEN2T0lFU0lDZFhwT1FUUUdWNisxWDh1WStOWmZ5WlFTR090R3hxTFdOcmc9PQ0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=");
        //DP3T.init(context, "org.dpppt.demo", true, publicKey);
        DP3T.init(context, new ApplicationInfo("org.dpppt.demo", "http://192.168.15.8", "http://192.168.15.8"), publicKey);
        CertificatePinner certificatePinner = new CertificatePinner.Builder()
                .add("demo.dpppt.org", "sha256/YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=")
                .build();
        DP3T.setCertificatePinner(certificatePinner);
    }

Even with all these changes, the application shows synchronization problems with the server. Do you know what could be causing the problem?

[cpepis]

Hello,

Try to add 8080 to url DP3T.init(context, new ApplicationInfo("org.dpppt.demo", "http://192.168.15.8:8080", "http://192.168.15.8:8080"), publicKey); and let me know

[alexlopez8a]

Hello, try changing port 80 to 8080, but I get the same results.

Activate the debugger, I can notice that a validation fails inside the connect () function. Inside the RealConnection.java file

Validation throws an exception with the message: "CLEARTEXT communication to" + host + "not permitted by network security policy"

[cpepis]

Hello @alexlopez8a,

If I assumed that you edit both network-security-config files to enable http then I don't know but searching the net shows the solution stated before (editing the xml)

[alexlopez8a]

You are right, I needed to update the xml files you mentioned again, since I made a clone again.

Currently I can already use the applications without checking synchronization error.

I was also able to start testing with 2 phones, one reported it as infected, and the other deceased as exposed after a few minutes.

Thanks for your help @cpepi001 !