About • Development • Documentation • Support • Contribute • Contributors • Licensing
This repository contains the source code of the Digital Green Certificates Verifier Service.
The DGC Verifier Service is part of the national backends and caches the public keys that are distributed through the DGCG. It is accessed by the DGC Verifier Apps (Android, iOS) to update the key store periodically.
Note: The verifier service needs a connection to the gateway in order to run. There is no standalone version available.
- Open JDK 11
- Maven
- Docker
- An installation of the DGCG
- Keys to access the DGCG via the DGCG Connector of the DGC-lib
- Authenticate to Github Packages
-
The public key of the used Gateway. The public key should be stored in the tls_trust_store. If you use one of the provided gateways, you will get the public key as .pem from DIGIT. This .pem needs to be converted into pkcs12 format:
openssl pkcs12 -export -in pub_tls.pem -name trust -out tls_trust_store.p12 -
Your key pair for accessing the Gateway stored in tls_key_store. This needs to be generated by yourself and then whitelisted by operations team (see onboarding manual of the Gateway). To use it in the verifier service this needs to be converted as well into pkcs12 format:
openssl pkcs12 -export -in tls.pem -inkey tls_private.pem -name 1 -out tls_key_store.p12 -
The public key of the TrustAnchor of the Gateway. If you use one of the provided Gateways you will get it as well, at onboarding. The key should be stored in a jks file.
For more information on how to generate certificates for DGC Gateway and how to run your own local one, please have a look in the documentation of the Gateway.
As some of the required libraries (and/or versions are pinned/available only from GitHub Packages) You need to authenticate to GitHub Packages The following steps need to be followed
- Create PAT with scopes:
read:packagesfor downloading packages
- Copy/Augment
~/.m2/settings.xmlwith the contents ofsettings.xmlpresent in this repository- Replace
${app.packages.username}with your github username - Replace
${app.packages.password}with the generated PAT
- Replace
- Run
docker login docker.pkg.github.com/eu-digital-green-certificatesbefore running further docker commands.- Use your GitHub username as username
- Use the generated PAT as password
For further information about the keys and certificates needed, please refer to the documentation of the DGCG and the DGC-lib
Whether you cloned or downloaded the 'zipped' sources you will either find the sources in the chosen checkout-directory or get a zip file with the source code, which you can expand to a folder of your choice.
In either case open a terminal pointing to the directory you put the sources in. The local build process is described afterwards depending on the way you choose.
Building this project is done with maven.
-
Check settings.xml in the root folder of this git repository as example.
Copy the servers to your own~/.m2/settings.xmlin order to connect the GitHub repositories we use in our code. Provide your GitHub username and access token (see GitHub Help) under the variables suggested. -
Run the following command from the project root folder
mvn clean installAll required dependencies will be downloaded, the project build and the artifact stored in your local repository.
- Perform maven build as described above
- Place the keys and certificates named above into the certs folder.
- Adjust the values in the docker-compose.yml file to fit the url for the gateway you use and
your keys and certificates you have to access it.
- DGC_GATEWAY_CONNECTOR_ENDPOINT=https://dgc-gateway.example.com - DGC_GATEWAY_CONNECTOR_TLSTRUSTSTORE_PATH=file:/ec/prod/app/san/dgc/tls_trust_store.p12 - DGC_GATEWAY_CONNECTOR_TLSTRUSTSTORE_PASSWORD=dgcg-p4ssw0rd - DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_ALIAS=1 - DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_PATH=file:/ec/prod/app/san/dgc/tls_key_store.p12 - DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_PASSWORD=dgcg-p4ssw0rd - DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_ALIAS=ta - DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_PATH=file:/ec/prod/app/san/dgc/trust_anchor.jks - DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_PASSWORD=dgcg-p4ssw0rd
Note: Leave the path as is and only change the file names, as the certs folder will be mapped to this folder inside the docker container.
- Run the following command from the project root folder
docker-compose up --buildAfter all containers have started, you will be able to reach the service on your local machine under port 8080.
The following channels are available for discussions, feedback, and support requests:
| Type | Channel |
|---|---|
| Issues | |
| Other requests |  |
Contribution and feedback is encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines. By participating in this project, you agree to abide by its Code of Conduct at all times.
Our commitment to open source means that we are enabling -in fact encouraging- all interested parties to contribute and become part of its developer community.
Copyright (C) 2021 T-Systems International GmbH and all other contributors
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the LICENSE for the specific language governing permissions and limitations under the License.