[coepi-backend-aws][v4]: Do report signature validation on the server side before persisting the data #9
Assignees
Comments
ramnanib2
changed the title
|
This library can probably be shared with the android app. Make sure to check if it's already been developed or under development. |
|
Completed with 4fb51b6 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the v4 API endpoint receives the report data as a POST request, stores the report data buffer as is and serves it in a GET request. It does not perform any report validation and signature verification as per the TCN protocol. There is a Kotlin library that can be used to achieve that. Report validation and signature verification need to be added here -> https://github.com/Co-Epi/coepi-backend-aws/blob/master/src/main/kotlin/org/coepi/api/v4/TCNCloudAPIHandler.kt#L141-L142
This requires knowledge of the TCN protocol:
https://github.com/TCNCoalition/TCN/blob/main/README.md
There is already a Kotlin library that can be re-used:
https://github.com/TCNCoalition/tcn-client-android/tree/develop/tcn-client-android/src/main/java/org/tcncoalition/tcnclient/crypto
The text was updated successfully, but these errors were encountered: