eu-digital-green-certificates / dgca-verifier-app-android

Repository for the dgca verifier android app.
Apache License 2.0
102 stars 117 forks source link

[Android-Verifier-App] Expired Revocation Leads to Certificates being still Evaluated as Revoked #283

Closed RalicaY closed 2 years ago

RalicaY commented 2 years ago

Describe the bug

The following QR code was revoked on Friday 18 Feb 2022 (revocation entry was uploaded to the gateway). This revocation entry expired on 02/20/22 (Sunday) at 3 p.m. If I check this QR code with the current Android Verifier app today (22.02.22), I still get the result "Revoked", even though the revocation entry expired on 18.02.22.

Expected behaviour

Code should be evaluated as "not revoked", because the revocation entry has expired and was even deleted from the gateway.

Technical details

Galaxy XCover 4, Android 9 Verifier App for Android, Version: 1.2.4-without-signature-verification-tst (34) VAC_A2a

MykhailoNester commented 2 years ago

For UCI hash we have such expiration dates: expires=2022-08-16T16:00Z expires=2023-02-18T15:00Z

For COUNTRYCODEUCI has: expires=2022-08-16T16:00Z expires=2023-02-18T15:00Z

For SIGNATURE hash: expires=2022-02-20T15:00Z. - this one should be deleted.

Fixed in PR: https://github.com/eu-digital-green-certificates/dgca-verifier-app-android/pull/284

On each app launch we will check expiration dates and remove expired.

RalicaY commented 2 years ago

Retest Successful, Checked with Code VAC_A2a, revocation expired on '2022-02-24T15:00:00Z' VAC_A2A