search

eu-federation-gateway-service / efgs-federation-gateway

The goal of this project is to develop the official European solution for the interoperability between national backend servers of decentralised contact tracing applications to combat COVID-19.
Apache License 2.0
59 stars 25 forks source link

Upload: Misleading error message on failed validation #232

Closed EvgeniiSkrebtcov closed 3 years ago

EvgeniiSkrebtcov commented 3 years ago

Describe the bug

According to the code, before EFGS persists uploaded keys, it executes some validation checks. In case such validation fails, HTTP response contains an "Invalid Signature" message. This is misleading as it does not give any hints on the actual root cause.

Expected behavior

HTTP response contains the actual reason for the failed validation.

Steps to reproduce the issue

Upload a batch that will fail EFGS validation (e.g. will contain keys wit rolling start interval number older than 14 days)

Technical details

N/A

Possible Fix

N/A

Additional context

N/A

ascheibal commented 3 years ago

Batches are intended to be processed completely. Extracting some is not possible, due to the signing applied to the whole batch.