Closed dokaha closed 2 years ago
nodh
commented
2 years ago Nearly all services have a constructor parameter, where you can either set an instance of a Clock, e.g. to a fixed point in time, or specify the validity that is acceptable.
You are aware that the trust list from dgc.a-sit.at does not contain trust anchors for productive HCERT data, right?
dokaha
commented
2 years ago Thanks for your reply and mentioning that dgc.a-sit.at is not for productive use. For the moment i managed the expiration with a custom Clock instance. I tried changing to dgc-trust.qr.gv.at but got problems verificating greenpasses from other countries. i'm not sure if the problem is, that this trustlist only contains public keys from austria, or if i got other problems. If i need to get the lists from other countries and merge them together in my own trustlist, it would be no problem for me, but i don't know how to merge them. Are there some hints how to join trust lists from different countries and get the needed fileformat?
asitplus-pteufl
commented
2 years ago here ist the public information regarding the austrian trust lists: https://github.com/Federal-Ministry-of-Health-AT/green-pass-overview the list on dgc-trust.qr.gv.at contains all prod keys of europe.
dokaha
commented
2 years ago thank you for the link. i think now all my problems with validation of greenpass certificates are gone. most of them were that i mixed up test- and produktive data.
nodh
commented
2 years ago Great to hear that :-)
hello,
i need to do verification of greenpass in offline environment. devices will be offline for longer period of time (maybe months). my problem is, that i'll get
ehn.techiop.hcert.kotlin.chain.VerificationException: Expiration<clock.now()when the trustlist wasn't updated for 2 (?) days.I'm using the trustlist from a-sit.at
Is there a way to make the verification process accept older data?
thanks!