search

ministero-salute / it-dgc-verificaC19-android

VerificaC19 is the official Italian customization of the EU Digital COVID Certificate Verifier App for the Android Operating System
https://www.dgc.gov.it
Apache License 2.0
101 stars 54 forks source link

Does anyone notice the abnormity of the API v1/dgc/signercertificate/update and v1/dgc/signercertificate/status? #199

Closed yzhang666 closed 3 years ago

yzhang666 commented 3 years ago

I am currently working with the Italian APIs v1/dgc/signercertificate/update and v1/dgc/signercertificate/status. Recently, I found that the data in the two APIs are unable to align. Here is the example:

For the kid "zrMytIH40Rk=", the order of kid in the API v1/dgc/signercertificate/status is 233 image

However, when you call the API v1/dgc/signercertificate/update by using the order 233,234 or 232 as the x-resume-token, none of the returned response header data is correct: Test1: image

Test2: image

It seems that the Italian APIs put the necessary verify information in two separate URLs, but now the two URLs cannot be aligned.

P.S. I found another interesting point, if you set the x-resume-token between 85-165, you will get the same returned data with token ID 166: Test1: image

Test 2: image

I want to ask, who should I report to about the API issue?

rawmain commented 3 years ago

Hello @yzhang666

Recently, I found that the data in the two APIs are unable to align. Here is the example [...]

There is no API issue or abnormity...

Instead, you should better read the code - check VerifierRepositoryImpl.kt in the SDK repository - and understand what functions/calls are doing.

            if (response.isSuccessful && response.code() == HttpURLConnection.HTTP_OK) {
                val headers = response.headers()
                val responseKid = headers[HEADER_KID]
                val newResumeToken = headers[HEADER_RESUME_TOKEN]
                val responseStr =
                    response.body()?.stringSuspending(dispatcherProvider) ?: return@execute false

                if (validCertList.contains(responseKid)) {
                    Log.i(VerifierRepositoryImpl::class.java.simpleName, "Cert KID verified")
                    val key = Key(kid = responseKid!!, key = keyStoreCryptor.encrypt(responseStr)!!)
                    db.keyDao().insert(key)

                    preferences.resumeToken = resumeToken

                    newResumeToken?.let {
                        val newToken = it.toLong()
                        fetchCertificate(newToken)

FetchCertificate (without the final s) checks & retrieves indeed the KID updates, so it's returning right the next values, also the right KID country batches.

yzhang666 commented 3 years ago

Hello @yzhang666

Recently, I found that the data in the two APIs are unable to align. Here is the example [...]

There is no API issue or abnormity...

Instead, you should better read the code - check VerifierRepositoryImpl.kt in the SDK repository - and understand what functions/calls are doing.

            if (response.isSuccessful && response.code() == HttpURLConnection.HTTP_OK) {
                val headers = response.headers()
                val responseKid = headers[HEADER_KID]
                val newResumeToken = headers[HEADER_RESUME_TOKEN]
                val responseStr =
                    response.body()?.stringSuspending(dispatcherProvider) ?: return@execute false

                if (validCertList.contains(responseKid)) {
                    Log.i(VerifierRepositoryImpl::class.java.simpleName, "Cert KID verified")
                    val key = Key(kid = responseKid!!, key = keyStoreCryptor.encrypt(responseStr)!!)
                    db.keyDao().insert(key)

                    preferences.resumeToken = resumeToken

                    newResumeToken?.let {
                        val newToken = it.toLong()
                        fetchCertificate(newToken)

FetchCertificate (without the final s) checks & retrieves indeed the KID updates, so it's returning right the next values, also the right KID country batches.

Hi, many thanks for your help.

yzhang666 commented 3 years ago

Hello @yzhang666

Recently, I found that the data in the two APIs are unable to align. Here is the example [...]

There is no API issue or abnormity...

Instead, you should better read the code - check VerifierRepositoryImpl.kt in the SDK repository - and understand what functions/calls are doing.

            if (response.isSuccessful && response.code() == HttpURLConnection.HTTP_OK) {
                val headers = response.headers()
                val responseKid = headers[HEADER_KID]
                val newResumeToken = headers[HEADER_RESUME_TOKEN]
                val responseStr =
                    response.body()?.stringSuspending(dispatcherProvider) ?: return@execute false

                if (validCertList.contains(responseKid)) {
                    Log.i(VerifierRepositoryImpl::class.java.simpleName, "Cert KID verified")
                    val key = Key(kid = responseKid!!, key = keyStoreCryptor.encrypt(responseStr)!!)
                    db.keyDao().insert(key)

                    preferences.resumeToken = resumeToken

                    newResumeToken?.let {
                        val newToken = it.toLong()
                        fetchCertificate(newToken)

FetchCertificate (without the final s) checks & retrieves indeed the KID updates, so it's returning right the next values, also the right KID country batches.

And may I ask, how to solve the duplicate results issue? Because if I just fetch the response headers, I still get a lot of duplicate results.

rawmain commented 3 years ago

Hello @yzhang666

many thanks for your help.

You're welcome.

And may I ask, how to solve the duplicate results issue? Because if I just fetch the response headers, I still get a lot of duplicate results.

Just read&use the officially provided code for SDK = VerifierRepositoryImpl.kt includes the related checks/actions too in order to right arrange KID DB with the signer updates.