Class: NZCovidPass

Inherits:

Object

• Object
• NZCovidPass

Defined in:

lib/nz_covid_pass.rb

Constant Summary

Error =

Class.new(StandardError)

ParseError =

Class.new(Error)

NetworkError =

Class.new(Error)

NotYetValidError =

Class.new(Error)

ExpiredError =

Class.new(Error)

VERSION_IDENTIFIER =

"1"

TRUSTED_ISSUER_IDENTIFIERS =

[
  "did:web:nzcp.identity.health.nz",
]

TEST_TRUSTED_ISSUER_IDENTIFIERS =

[
  "did:web:nzcp.covid19.health.nz",
]

Instance Method Summary

• #dob ⇒ Object
• #family_name ⇒ Object
• #given_name ⇒ Object
• #initialize(code, allow_test_issuers: false, time: Time.now, cache: nil) ⇒ NZCovidPass constructor

  A new instance of NZCovidPass.

• #jti ⇒ Object
• #verify! ⇒ Object
• #version ⇒ Object

Constructor Details

#initialize(code, allow_test_issuers: false, time: Time.now, cache: nil) ⇒ NZCovidPass

Returns a new instance of NZCovidPass.

# File 'lib/nz_covid_pass.rb', line 28

def initialize(code, allow_test_issuers: false, time: Time.now, cache: nil)
  @code = code
  @allow_test_issuers = allow_test_issuers
  @time = time
  @cache = cache

  verify!
end

Instance Method Details

#dob ⇒ Object

# File 'lib/nz_covid_pass.rb', line 64

def dob
  credential_subject["dob"] && Date.parse(credential_subject["dob"])
end

#family_name ⇒ Object

# File 'lib/nz_covid_pass.rb', line 60

def family_name
  credential_subject["familyName"]
end

#given_name ⇒ Object

# File 'lib/nz_covid_pass.rb', line 56

def given_name
  credential_subject["givenName"]
end

#jti ⇒ Object

# File 'lib/nz_covid_pass.rb', line 68

def jti
  cti = cwt.cti
  if cti.length == 16
    match = cti.unpack("H32").first.match(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/)
    "urn:uuid:#{match.captures.join("-")}"
  end
end

#verify! ⇒ Object

Raises:

• (ParseError)

# File 'lib/nz_covid_pass.rb', line 37

def verify!
  raise ParseError, "invalid URL format" unless url_components
  raise ParseError, "scheme must be NZCP" unless url_components[:scheme] == "NZCP"
  raise ParseError, "version must be #{VERSION_IDENTIFIER}" unless url_components[:version] == VERSION_IDENTIFIER
  raise ParseError, "ALG must be ES256 (-7)" unless alg == -7
  raise ParseError, "invalid issuer" unless trusted_issuer_identifiers.include?(cwt.iss)
  raise ParseError, "no vc claim" unless vc
  raise ParseError, "invalid vc @context" unless vc["@context"].first == "https://www.w3.org/2018/credentials/v1"
  raise ParseError, "invalid vc type" unless vc["type"] == ["VerifiableCredential", "PublicCovidPass"]
  raise NotYetValidError, "not yet valid" if cwt.nbf > @time.to_i
  raise ExpiredError, "expired" if cwt.exp < @time.to_i
  raise ParseError, "invalid jti" unless jti
  raise ParseError, "credentialSubject missing" unless credential_subject
  raise ParseError, "givenName missing" unless given_name
  raise ParseError, "dob missing" unless dob

  sign1.verify(retrieve_public_key)
end

#version ⇒ Object

# File 'lib/nz_covid_pass.rb', line 76

def version
  vc["version"]
end