This NPM package contains a set of utilities to read EU Digital COVID Certificates, verify signatures and rules.
npm install dcc-utils
Get a DCC from an image
const { DCC } = require('dcc-utils');
const dcc = await DCC.fromImage('/data/QRCodeDCC.png');
or raw data
const dcc = await DCC.fromRaw('HC1:6BF+70790T9WJWG.FKY*4GO0.O1CV2 O5 N2FBBRW1*70HS8WY04AC*WIFN0AHCD8KD97TK0F90KECTHGWJC0FDC:5AIA%G7X+AQB9746HS80:54IBQF60R6$A80X6S1BTYACG6M+9XG8KIAWNA91AY%67092L4WJCT3EHS8XJC$+DXJCCWENF6OF63W5NW6WF6%JC QE/IAYJC5LEW34U3ET7DXC9 QE-ED8%E.JCBECB1A-:8$96646AL60A60S6Q$D.UDRYA 96NF6L/5QW6307KQEPD09WEQDD+Q6TW6FA7C466KCN9E%961A6DL6FA7D46JPCT3E5JDLA7$Q6E464W5TG6..DX%DZJC6/DTZ9 QE5$CB$DA/D JC1/D3Z8WED1ECW.CCWE.Y92OAGY8MY9L+9MPCG/D5 C5IA5N9$PC5$CUZCY$5Y$527B+A4KZNQG5TKOWWD9FL%I8U$F7O2IBM85CWOC%LEZU4R/BXHDAHN 11$CA5MRI:AONFN7091K9FKIGIY%VWSSSU9%01FO2*FTPQ3C3F');
See get_dcc_from_raw_and_image.js example.
With dcc-utils you can also verify its signature
const verified = await dcc.checkSignatureWithCertificate(myCert);
if (verified) {
console.log(dcc.payload);
}
If you need to use different types of key, use checkSignature method (see verify_signature_raw.js example).
See verify_signature.jsand verify_signature_from_list.js examples. Signature verification uses CoseJS library under the hood, see CoseJS documentation for more details.
To load te cerficates from https://get.dgc.gov.it you can use fetch_certificates.js The exported format is compatible with the method dcc.checkSignatureWithKeysList
With dcc-utils you can evaluate business rules against a DCC
const { DCC, Rule } = require('dcc-utils');
const dcc = await DCC.fromImage('/data/QRCodeDCC.png');
const rule = Rule.fromFile('de_v0001_rule.json', {
validationClock: new Date().toISOString(),
});
rule.evaluateDCC(dcc)
You can also get rules from API
const { DCC, Rule } = require('dcc-utils');
const dcc = await DCC.fromImage('/data/QRCodeDCC.png');
const VR_DE_0001_RULE_URL = "https://dgca-businessrule-service.cfapps.eu10.hana.ondemand.com/rules/de/bc092f8000606c57a8fd80bc7a31ff720a4c4428510d88c774bed2f839c76b66";
const response = await fetch(VR_DE_0001_RULE_URL);
const ruleJSON = await response.json();
const rule = Rule.fromJSON(ruleJSON, {
validationClock: new Date().toISOString(),
});
rule.evaluateDCC(dcc)
See check_rules.js and check_rules_from_api.js examples.
Contributions are most welcome. Before proceeding, please read the Code of Conduct for guidance on how to approach the community and create a positive environment. Additionally, please read our CONTRIBUTING file, which contains guidance on ensuring a smooth contribution process.
Here is a list of contributors. Thank you to everyone involved for improving this project, day by day.
Copyright 2021 (c) Ministero della Salute.
Please check the AUTHORS file for extended reference.
The licence for this repository is a GNU Affero General Public Licence version 3 (SPDX: AGPL-3.0). Please see the LICENSE file for full reference.
FAQs
DCC utils for NodeJS
We found that dcc-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.