search

lucapisano / GreenPassValidator

This project provides a library to validate Green Pass QR codes issued by EU governments
MIT License
24 stars 11 forks source link

No signer certificates could be found #3

Closed gcerretani closed 2 years ago

gcerretani commented 2 years ago

Attualmente la demo non funziona. Anche compilando il Dockerfile in locale ottengo lo stesso errore. Sto provando con un qr code di test preso da https://github.com/eu-digital-green-certificates/dgc-testdata/tree/main/IT, per esempio:

HC1:6BFOXN%TS3DH0YOJ58S S-W5HDC M0II5XHC9B5G2+$N IOP-IA%NFQGRJPC%OQHIZC4.OI1RM8ZA.A5:S9MKN4NN3F85QNCY0O%0VZ001HOC9JU0D0HT0HB2PL/IB09B9LW4T8+DCMH0LDK2%K:XFE70LP$V25$0Q:J:4MO1P0%0L0HD+9E/HY+4J6TH48S%4K.GJ2PT3QY:GQ3TE2I+-CPHN6D7LLK2HG%89UV-0LZ 2ZJJ524-LH/CJTK96L6SR9MU9DHGZ%P WUQRENS431T1XCNCF+47AY0-IFO0500TGPN8F5G.41Q2E4T8ALW.INSV$ 07UV5SR+BNQHNML7 /KD3TU 4VCAT3ZGLQMI/XI%ZJNSBBXK2:UG%UJMI:TU+MMPZ5$/PMX19UE:-PSR3/$NU44CBE6DQ3D7B0FBOFX0DV2DGMB$YPF62I$60/F$Z2I6IFX21XNI-LM%3/DF/U6Z9FEOJVRLVW6K$UG+BKK57:1+D10%4K83F+1VWD1NE

In locale ottengo questo messaggio, nel log:

DGCValidator.Services.CWT.CertificateUnknownException: No signer certificates could be found
   at DGCValidator.Services.CWT.DGCVerifier.VerifyAsync(Byte[] signedDGC, SignedDGC vacProof) in C:\src\GreenPass\Services\CWT\DGCVerifier.cs:line 94
   at GreenPass.ValidationService.VerifySignedData(Byte[] signedData, SignedDGC vacProof, CertificateManager certificateManager) in C:\src\GreenPass\Services\ValidationService.cs:line 185
   at GreenPass.ValidationService.Validate(String codeData) in C:\src\GreenPass\Services\ValidationService.cs:line 53
fail: Microsoft.AspNetCore.Server.Kestrel[13]
      Connection id "0HMC3B416DBN9", Request id "0HMC3B416DBN9:00000002": An unhandled exception was thrown by the application.
      DGCValidator.Services.CWT.CertificateUnknownException: No signer certificates could be found
         at GreenPass.ValidationService.Validate(String codeData) in C:\src\GreenPass\Services\ValidationService.cs:line 65
         at GreenPass.API.Controllers.ValidationController.Validate(String input) in C:\src\GreenPass.API\Controllers\ValidationController.cs:line 34
         at lambda_method5(Closure , Object )
         at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Objec
t[] arguments)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Obje
ct state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
      --- End of stack trace from previous location ---
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|19_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean
isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
         at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
         at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
         at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
         at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
lucapisano commented 2 years ago

Hi,Thank you for reporting.The issue seems to be related to the test QR codes you have tried.Probably those test QR codes are not signed by official Trust Authority.I've tried today the service with official QRCode issued from Ministero della Salute and it works well.Please try with a "production" qr code signed from an official authorityKind regardsLucaCertified Multi Cloud ArchitectIl 29 set 2021 17:08, Giovanni Cerretani @.***> ha scritto: Attualmente la demo non funziona. Anche compilando il Dockerfile in locale ottengo lo stesso errore. Sto provando con un qr code di test preso da https://github.com/eu-digital-green-certificates/dgc-testdata/tree/main/IT, per esempio:

HC1:6BFOXN%TS3DH0YOJ58S S-W5HDC M0II5XHC9B5G2+$N IOP-IA%NFQGRJPC%OQHIZC4.OI1RM8ZA.A5:S9MKN4NN3F85QNCY0O%0VZ001HOC9JU0D0HT0HB2PL/IB09B9LW4T8+DCMH0LDK2%K:XFE70LP$V25$0Q:J:4MO1P0%0L0HD+9E/HY+4J6TH48S%4K.GJ2PT3QY:GQ3TE2I+-CPHN6D7LLK2HG%89UV-0LZ 2ZJJ524-LH/CJTK96L6SR9MU9DHGZ%P WUQRENS431T1XCNCF+47AY0-IFO0500TGPN8F5G.41Q2E4T8ALW.INSV$ 07UV5SR+BNQHNML7 /KD3TU 4VCAT3ZGLQMI/XI%ZJNSBBXK2:UG%UJMI:TU+MMPZ5$/PMX19UE:-PSR3/$NU44CBE6DQ3D7B0FBOFX0DV2DGMB$YPF62I$60/F$Z2I6IFX21XNI-LM%3/DF/U6Z9FEOJVRLVW6K$UG+BKK57:1+D10%4K83F+1VWD1NE

In locale ottengo questo messaggio, nel log: DGCValidator.Services.CWT.CertificateUnknownException: No signer certificates could be found at DGCValidator.Services.CWT.DGCVerifier.VerifyAsync(Byte[] signedDGC, SignedDGC vacProof) in C:\src\GreenPass\Services\CWT\DGCVerifier.cs:line 94 at GreenPass.ValidationService.VerifySignedData(Byte[] signedData, SignedDGC vacProof, CertificateManager certificateManager) in C:\src\GreenPass\Services\ValidationService.cs:line 185 at GreenPass.ValidationService.Validate(String codeData) in C:\src\GreenPass\Services\ValidationService.cs:line 53 fail: Microsoft.AspNetCore.Server.Kestrel[13] Connection id "0HMC3B416DBN9", Request id "0HMC3B416DBN9:00000002": An unhandled exception was thrown by the application. DGCValidator.Services.CWT.CertificateUnknownException: No signer certificates could be found at GreenPass.ValidationService.Validate(String codeData) in C:\src\GreenPass\Services\ValidationService.cs:line 65 at GreenPass.API.Controllers.ValidationController.Validate(String input) in C:\src\GreenPass.API\Controllers\ValidationController.cs:line 34 at lambda_method5(Closure , Object ) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Objec t[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.gAwaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Obje ct state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.gAwaited|19_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

—You are receiving this because you are subscribed to this thread.Reply to this email directly, view it on GitHub, or unsubscribe.Triage notifications on the go with GitHub Mobile for iOS or Android.

lucapisano commented 2 years ago

Closed due to inactivity

Mrizzi-96 commented 2 years ago

Ciao @gcerretani, Di recente ho avuto il tuo stesso problema, e ho quindi scritto una Console App in C# che carica i certificati dei test di validazione ufficiale e genera una cached Trustlist compatibile con questo progetto. Trovi la repo qui. Tieni presente che i certificati di test vanno validati con il tempo specificato nella proprietà TESTCTX.VALIDATIONCLOCK. Buon lavoro, Marco.

mirgen72 commented 2 years ago

Hi all, I had same issue in a WebForm platform but i solved it by adding "ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;" just before every "new RestRequest" call. Hope this helps. Bye.