Skip to content
This repository has been archived by the owner on Sep 15, 2023. It is now read-only.

Latest commit

 

History

History
57 lines (37 loc) · 3.55 KB

File metadata and controls

57 lines (37 loc) · 3.55 KB

CovidCertificate-App-Verifier-Service

License: MPL 2.0

This project is released by the the Federal Office of Information Technology, Systems and Telecommunication FOITT on behalf of the Federal Office of Public Health FOPH. The app design, UX and implementation was done by Ubique.

Services

This service provides an API, which is consumed by the CovidCertificate-SDKs used by the COVID Certificate Apps of Switzerland. It publishes all the necessary data that is needed to verify a Digital Covid Certificate (DCC) in the client apps (offline). It also regularly syncs the DSCs with the EU-Gateway (dgc-gateway). The service itself does neither receive nor verify a DCC.

Webservice

Serves various data used for verifying the validaty of Digital Covid Certificates. Currently this includes:

  • Public keys of Document Signer Certificates (DSCs)
  • List of revoked UVCIs of Digital Covid Certificate (DCCs)
  • National rules
  • Value sets with test and vaccine mappings

National Rules

The service serves a set of certificate validation rules for Switzerland. The validation logic is written in the human-readable AifC which is compiled to CertLogic.

DGC Sync

The ch-covidcertificate-backend-verifier-sync module implements DGCSync, which updates the local database to match the list provided by the DGC gateway.

Every 30 minutes, an mTLS connection is set up and a GET request is sent to the gateway's /trustList endpoint, which responds with a list of CSCA and DSC certificates. Next, the certificates are validated: Expired certificates and DSCs without matching CSCA certificates are filtered out. Finally, the database is updated to match the filtered list exactly.

Usage

It is recommended to use the SDK (for iOS or Android) to verify the validity of Digital Covid Certificates. The SDK then interacts with this service. This service expects a bearer token to be passed in as Authorization header.

Authorization: Bearer <app-token>

Contribution Guide

This project is truly open-source and we welcome any feedback on the code regarding both the implementation and security aspects.

Bugs or potential problems should be reported using Github issues. We welcome all pull requests that improve the quality of the source code. Please note that the app will be available with approved translations in English, German, French, Italian.

Repositories

License

This project is licensed under the terms of the MPL 2 license. See the LICENSE file for details.