coronaqr

package module
v0.0.0-...-0f9aa37 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2022 License: Apache-2.0 Imports: 14 Imported by: 4

README

Go Corona QR Code Decoder

Go Reference

This repository contains a decoder and verifier for EU Digital COVID Certificate (EUDCC) QR code data, written in Go.

If you got vaccinated and want to know what is stored in the QR code, this package (and example program) can answer that question!

Example usage:

go install github.com/stapelberg/coronaqr/cmd/coronadecode@latest

apt install curl zbar-tools
curl -sL https://github.com/eu-digital-green-certificates/dgc-testdata/raw/main/CH/png/1.png | \
	zbarimg --quiet --raw - | \
	coronadecode

(With older Go versions before 1.16, use go get -u github.com/stapelberg/coronaqr/cmd/coronadecode instead.)

Verification

For cryptographic signature 🔐 verification to work, you need to obtain a trust list from somewhere, i.e. a list of certificates that you deem suitable for verification.

The trustlistmirror package implements loading the trust lists of the German, Austrian or French governments, which each include all the certificates that are accepted EU-wide.

This is how you would select which trust list to use:

curl -sL https://github.com/eu-digital-green-certificates/dgc-testdata/raw/main/CH/png/1.png | \
        zbarimg --quiet --raw - | \
        coronadecode -verify -trustlist=trustlistmirror/at

Compliance

This implementation passes the positive and negative interoperability tests ✅ of multiple countries provided in the https://github.com/eu-digital-green-certificates/dgc-testdata/ repository.

Documentation

Overview

Package coronaqr provides a decoder for EU Digital COVID Certificate (EUDCC) QR code data.

See https://github.com/eu-digital-green-certificates for the specs, testdata, etc.

Index

Constants

This section is empty.

Variables

View Source 
var DefaultDecoder = &Decoder{}

DefaultDecoder is a ready-to-use Decoder.

Functions

This section is empty.

Types

type CertificateProvider 

type CertificateProvider interface {
	// GetCertificate returns the public key of the certificate for the
	// specified country and key identifier, or an error if the certificate was
	// not found.
	//
	// Country is a ISO 3166 alpha-2 code, e.g. CH.
	//
	// kid are the first 8 bytes of the SHA256 digest of the certificate in DER
	// encoding.
	GetCertificate(country string, kid []byte) (*x509.Certificate, error)
}

CertificateProvider is typically implemented using a JSON Web Key Set, or by pinning a specific government certificate.

type CovidCert 

type CovidCert struct {
	Version         string           `cbor:"ver" json:"ver"`
	PersonalName    Name             `cbor:"nam" json:"nam"`
	DateOfBirth     string           `cbor:"dob" json:"dob"`
	VaccineRecords  []VaccineRecord  `cbor:"v" json:"v"`
	TestRecords     []TestRecord     `cbor:"t" json:"t"`
	RecoveryRecords []RecoveryRecord `cbor:"r" json:"r"`
}

type Decoded 

type Decoded struct {
	Cert       CovidCert
	Issuer     string
	IssuedAt   time.Time
	Expiration time.Time

	// SignedBy is the x509 certificate whose signature of the COVID Certificate
	// has been successfully verified, if Verify() was used and the trustlist
	// makes available certificates (as opposed to just public keys).
	SignedBy *x509.Certificate
	Kid      []byte
}

Decoded is a EU Digital COVID Certificate (EUDCC) that has been decoded and possibly verified.

type Decoder 

type Decoder struct {
	Expired func(time.Time) bool
}

Decoder is a EU Digital COVID Certificate (EUDCC) decoder.

func (*Decoder) Decode 

func (d *Decoder) Decode(qrdata string) (*Unverified, error)

Decode decodes the specified EU Digital COVID Certificate (EUDCC) QR code data.

type Name 

type Name struct {
	FamilyName    string `cbor:"fn" json:"fn"`
	FamilyNameStd string `cbor:"fnt" json:"fnt"`
	GivenName     string `cbor:"gn" json:"gn"`
	GivenNameStd  string `cbor:"gnt" json:"gnt"`
}

type PublicKeyProvider 

type PublicKeyProvider interface {
	// GetPublicKey returns the public key of the certificate for the specified
	// key identifier (or country), or an error if the public key was not found.
	//
	// Country is a ISO 3166 alpha-2 code, e.g. CH.
	//
	// kid are the first 8 bytes of the SHA256 digest of the certificate in DER
	// encoding.
	GetPublicKey(country string, kid []byte) (crypto.PublicKey, error)
}

PublicKeyProvider is typically implemented using a JSON Web Key Set, or by pinning a specific government certificate.

type RecoveryRecord 

type RecoveryRecord struct {
	Target string `cbor:"tg" json:"tg"`

	// Country of Test
	Country string `cbor:"co" json:"co"`

	Issuer string `cbor:"is" json:"is"`

	// FirstPositiveTest is the date (e.g. 2021-05-07) of the first positive NAA
	// test result.
	FirstPositiveTest string `cbor:"fr" json:"fr"`
	ValidFrom         string `cbor:"df" json:"df"`
	ValidUntil        string `cbor:"du" json:"du"`

	CertificateID string `cbor:"ci" json:"ci"`
}

type TestRecord 

type TestRecord struct {
	Target   string `cbor:"tg" json:"tg"`
	TestType string `cbor:"tt" json:"tt"`

	// Name is the NAA Test Name
	Name string `cbor:"nm" json:"nm"`

	// Manufacturer is the RAT Test name and manufacturer.
	Manufacturer   string `cbor:"ma" json:"ma"`
	SampleDatetime string `cbor:"sc" json:"sc"`
	TestResult     string `cbor:"tr" json:"tr"`
	TestingCentre  string `cbor:"tc" json:"tc"`
	// Country of Test
	Country       string `cbor:"co" json:"co"`
	Issuer        string `cbor:"is" json:"is"`
	CertificateID string `cbor:"ci" json:"ci"`
}

type Unverified 

type Unverified struct {
	// contains filtered or unexported fields
}

Unverified is a EU Digital COVID Certificate (EUDCC) that was decoded, but not yet verified.

func Decode 

func Decode(qrdata string) (*Unverified, error)

Decode decodes the specified EU Digital COVID Certificate (EUDCC) QR code data.

func (*Unverified) SkipVerification 

func (u *Unverified) SkipVerification() *Decoded

SkipVerification skips all cryptographic signature verification and returns the unverified certificate data.

func (*Unverified) Verify 

func (u *Unverified) Verify(certprov PublicKeyProvider) (*Decoded, error)

Verify checks the cryptographic signature and returns the decoded EU Digital COVID Certificate (EUDCC) and additionally an error if verification fails.

certprov can optionally implement the CertificateProvider interface.

type VaccineRecord 

type VaccineRecord struct {
	Target        string  `cbor:"tg" json:"tg"`
	Vaccine       string  `cbor:"vp" json:"vp"`
	Product       string  `cbor:"mp" json:"mp"`
	Manufacturer  string  `cbor:"ma" json:"ma"`
	Doses         float64 `cbor:"dn" json:"dn"` // int per the spec, but float64 e.g. in IE
	DoseSeries    float64 `cbor:"sd" json:"sd"` // int per the spec, but float64 e.g. in IE
	Date          string  `cbor:"dt" json:"dt"`
	Country       string  `cbor:"co" json:"co"`
	Issuer        string  `cbor:"is" json:"is"`
	CertificateID string  `cbor:"ci" json:"ci"`
}

see https://github.com/ehn-dcc-development/ehn-dcc-schema/blob/release/1.3.0/DCC.Types.schema.json

Source Files

View all Source files

Directories

Path Synopsis
cmd
coronadecode
trustlist
trustlistmirror
Package trustlistmirror queries https://github.com/section42/hcert-trustlist-mirror for trustlists of various EU member states.
 Package trustlistmirror queries https://github.com/section42/hcert-trustlist-mirror for trustlists of various EU member states.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.