search

corona-warn-app / cwa-app-android

Native Android app using the Apple/Google exposure notification API. The CWA development ends on May 31, 2023. You still can warn other users until April 30, 2023. More information:
https://coronawarn.app/en/faq/#ramp_down
Apache License 2.0
2.44k stars 495 forks source link

vaccination certificate gives signature error only with 2.7.0 #3833

Closed MikeMcC399 closed 3 years ago

MikeMcC399 commented 3 years ago

Technical details

Describe the bug

1) A valid 1 of 2 EU Digital COVID Vaccination Certificate added to 2.6.1-RC1 is annotated with the warning "Zertifikat (Signatur) ungültig" after updating CWA to 2.7.0-RC0.

2) A valid 1 of 2 EU Digital COVID Vaccination Certificate fails to be added to 2.7.0-RC0 with the error HC_DSC_NO_MATCH and the text "Signatur ungültig".

This is a regression from 2.6.1-RC1

Steps to reproduce the issue

  1. Install and run CWA 2.6.1-RC1
  2. Tap "Certificates", tap "CONTINUE"
  3. Tap "+ CERTIFICATE"
  4. Scan a German-issued EU DIGITAL COVID VACCINATION CERTIFICATE showing 1/2 in field "Erstimpfung/Wiederimpfung"
  5. Note that the scan is successful.
  6. Tap "CHECK VALIDITY", accept defaults, tap "CHECK"
  7. Validation fails due to rule VR-DE-0001 (1.0.0). The vaccination schedule must be complete.
  8. Install and run CWA 2.7.0-RC0
  9. Tap "Certificates"
  10. Note that certificate now shows warning "Zertifikat (Signatur) ungültig"
  11. Tap on certificate, scroll down to Vaccination certificate, and tap it.
  12. Tap three-dot symbol, tap Remove, confirm REMOVE
  13. Tap "+ CERTIFICATE"
  14. Scan the same German-issued EU DIGITAL COVID VACCINATION CERTIFICATE showing 1/2 in field "Erstimpfung/Wiederimpfung" as used in step 4.
  15. The scan fails with the error code HC_DSC_NO_MATCH and the text "Signatur ungültig"

Expected behavior

1) After updating from 2.6.1 to 2.7.0 a 1 of 2 vaccination certificate should not show a signature warning. 2) It should be possible to add a 1 of 2 vaccination certificate in 2.7.0

Possible Fix

Allow 1 of 2 vaccination certificates to be stored without error in CWA.

Additional Information

The certificate used is accepted without issue by CovPass App which notes "Unvollständig: 1 von 2 Impfungen".

The FAQ article https://www.coronawarn.app/en/faq/#hc_signature_invalid should be made available before 2.7 is released. Currently it does not exist.

thomasaugsten commented 3 years ago

The certificate validity depends on the backend url for the dsc list. It looks like you are not using any list or not the list which includes the productive dsc of Germany.

MikeMcC399 commented 3 years ago

@thomasaugsten

The certificate validity depends on the backend url for the dsc list. It looks like you are not using any list or not the list which includes the productive dsc of Germany.

I am running CWA TEST built with Android Studio deviceForTestersDebug. Via the three-dot symbol > Test Menu I selected the PROD environment

I have two certificates from my own vaccinations available. Right now both certificates fail:

Both certificates were issued from the same vaccination center.

I need to repeat my tests. Either I made a mistake or something changed during my tests.

mlenkeit commented 3 years ago

@MikeMcC399 CWA tries to download the list of Digital Signing Certificates (DSCs) from our Content Delivery Network. However, on PROD, the file is not yet available.

After all, you're using 2.7.0-RC0, so I'm afraid you need to be a bit more patient 😉

MikeMcC399 commented 3 years ago

@mlenkeit Thanks for letting me know!

I ran into the problem when I was trying to check if another issue was fixed. I'm fine to wait of course.

I will close this issue if the DSCs are not available yet, since this is a pre-release issue.