Probably Wrong expirationTime?

[dominikstrasser]

Hey. I tried to validate some examples from https://github.com/eu-digital-green-certificates/dgc-testdata/tree/main/AT#ra-test.

Problem/Question The fourth example should be invalid since its supposed to be expired. Is the test data wrong or something in the implementation?

  "isValid": true,
  "error": null,
  "metaInformation": {
    "expirationTime": "2021-11-02",
    "issuedAt": "2021-05-06",
    "issuer": "AT",
    "certificateValidFrom": "2021-05-05",
    "certificateValidUntil": "2023-05-05",
    "certificateValidContent": ["TEST", "VACCINATION", "RECOVERY"],
    "certificateSubjectCountry": "AT",
    "content": ["TEST"],
    "error": null
  },
  "greenCertificate": {
    "ver": "1.0.0",
    "nam": {
      "fn": "Musterfrau-Gößinger",
      "fnt": "MUSTERFRAU<GOESSINGER",
      "gn": "Gabriele",
      "gnt": "GABRIELE"
    },
    "dob": "1998-02-26",
    "v": null,
    "r": null,
    "t": [
      {
        "tg": "840539006",
        "tt": "LP217198-3",
        "nm": null,
        "ma": "1232",
        "sc": "2021-02-20T12:34:56Z",
        "dr": null,
        "tr": "260415000",
        "tc": "Testing center Vienna 1",
        "co": "AT",
        "is": "Ministry of Health, Austria",
        "ci": "URN:UVCI:01:AT:71EE2559DE38C6BF7304FB65A1A451EC#3"
      }
    ]
  }
}```

[asitplus-pteufl]

no, technically this certificate is not expired (2021-11-02), the validation lib here only verifies the structure, technical correctness and authenticity. it does not validate any business rules (e.g. tests valid for 48 hours). this must be done as a next step with the libs published in the EHN/EU repositories. does this perspective help to solve the problem?

[asitplus-pteufl]

@dominikstrasser since your GITHUB profile indicates "Austria" I am referring you to the info page by the ministry of health, that links all the reps, the architecture and the availability of the Austrian lists (trust list, business rules EU, business rules AT, value sets). hope that provides further context and the required information https://github.com/Federal-Ministry-of-Health-AT/green-pass-overview

[dominikstrasser]

@asitplus-pteufl Thanks for the fast response.

So the description just does not match the QR-Code data? Or should i assume the certificate is valid two days in relation to the certificateValidFrom": "2021-05-05 value?

[asitplus-pteufl]

ah sorry, now I got the confusion... text might be wrong/misleading here, since the technical validity is much longer than the text states. didn't check the code myself, but using your output the following can be derived: technical validity of the document and issued at (VALID right now): "expirationTime": "2021-11-02", "issuedAt": "2021-05-06",

hard technical validity defined by the signature certificate which was used to sign the code: "certificateValidFrom": "2021-05-05", "certificateValidUntil": "2023-05-05",

Now, what is missing in the validation lib here is the "business rules" validation. you need to check out the links which are given in my link above. the business rules validations are not trivial, you have different rules over europe and there are many things to consider (which vaccines are allowed, when is the vaccine valid after the 1st/2nd shot, different national rules/profiles, e.g. in Austria entry tests vs. night clubs etc.) All the rules are available in the sources which are explained in the link that I posted before

[dominikstrasser]

Ok thanks. i think there was confusion on both sides ;)

As far as i see there is no validation engine for javascript/typescript yet - right? Is there one planned - or probably a port from the kotlin version?

[asitplus-pteufl]

hmm, there should be: https://github.com/ehn-dcc-development/dgc-business-rules

[dominikstrasser]

I will check that one. Thanks for the help :) I guess i will have more questions over time but this issue can then be closed for now ;)