Documentation

Overview

    Package verification provides the ability to verify the diagnosis certificates (JWTs) coming from public health authorities that are responsible for verifying diagnosis pin codes and certifying the TEKs.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    This section is empty.

    Types

    type Config

    type Config struct {
    	CacheDuration time.Duration `env:"VERIFICATION_CACHE_DURATION, default=5m"`
    
    	// StatsAudience is the expected JWT 'aud' value when calling the /v1/stats API.
    	StatsAudience string `env:"STATS_AUDIENCE, default=keyserver"`
    }

      Config represents the available configuration for the public health authority verification piece.

      type VerifiedClaims

      type VerifiedClaims struct {
      	HealthAuthorityID    int64
      	ReportType           string // blank indicates no report type was present.
      	SymptomOnsetInterval uint32 // 0 indicates no symptom onset interval present. This should be checked for "reasonable" value before application.
      }

        VerifiedClaims represents the relevant claims extracted from a verified certificate that may need to be applied.

        type Verifier

        type Verifier struct {
        	// contains filtered or unexported fields
        }

          Verifier can be used to verify public health authority diagnosis verification certificates.

          func New

          func New(db *database.HealthAuthorityDB, config *Config) (*Verifier, error)

            New creates a new verifier, based on this DB handle.

            func (*Verifier) AuthenticateStatsToken

            func (v *Verifier) AuthenticateStatsToken(ctx context.Context, rawToken string) (int64, error)

              AuthenticateStatsToken parse the provided JWT and determines if it is an authorized stats request and returns the authorized health authority ID.

              func (*Verifier) VerifyDiagnosisCertificate

              func (v *Verifier) VerifyDiagnosisCertificate(ctx context.Context, authApp *aamodel.AuthorizedApp, publish *verifyapi.Publish) (*VerifiedClaims, error)

                VerifyDiagnosisCertificate accepts a publish request (from which is extracts the JWT), fully verifies the JWT and signture against what the passed in authorrized app is allowed to use. Returns any transmission risk overrides if they are present.

                Directories

                Path Synopsis
                Package database is a database interface to health authorities.
                Package database is a database interface to health authorities.
                Package model is a model abstraction of health authorities.
                Package model is a model abstraction of health authorities.