COVID-19 Credential Verifier app for Android using the WHO's Digital Documentation of COVID-19 Certificates. The app scans a QR code for a credential/pass, cryptographically verifies it and displays the results on the phone. No information is transmitted anywhere. Our goal is to make a Verifier App with the widest possible verification capabilities.
- Decodes QR Codes
- Cryptographically Verifies the information following the specifications of
- W3C VC
- Smart Health Cards
- EU DCC, WHO DCC and LAC PASS DCC
- ICAO Visible Digital Seals
- Verifies the issuer's trust using a DID-Based Trust List from the DDCC repo
- Transform the QR Payload using the DDCC FHIR Structure Maps
- Calculates the assessment of the health information using CQL Libraries from subscribed IGs
- Displays the medical information, the credential information, the issuer information and the assessment results in the screen.
Make sure to have the following pre-requisites installed:
- Java 11
- Android Studio Artic Fox+
- Android 7.0+ Phone or Emulation setup
Fork and clone this repository and import into Android Studio
git clone https://github.com/WorldHealthOrganization/ddcc-validator.git
Use one of the Android Studio builds to install and run the app in your device or a simulator.
Build the app:
./gradlew assembleDebug
./gradlew test
./gradlew connectedAndroidTest
./gradlew installDebug
Follow server setup here:
- Download Keycloak
- Start Keycloak
- Create an admin user
- Login to the admin console
- Create a realm
- Create a user (which we will connect from the app)
- Create a client with:
- Client Id: verifier-app
- Client Protocol: openid-connect
- Redirect URIs: org.who.ddccverifier:/redirect
Start keycloak with the local network's IP a phone can reach:
bin/standalone.sh -b <YOUR LOCAL IP>
Android will connect with your local IP. Just make sure the phone is in the same WIFI as the dev's computer
┌──────────────────────────────────────────────────┐ ┌────────────────┐ ┌────────────┐
│ MainActivity │ │ TrustRegistry │ │ IgRegistry │
└──────────────────────────────────────────────────┘ └─────────────╥──┘ └─────╥──────┘
┌──────────────┐ ┌──────────────┐ ┌────────────────┐ ║ ║
│ HomeFragment ├→┤ ScanFragment ├→┤ ResultFragment │←─DDCC UI Card──────╫─────────┐ ║
└──────────────┘ └─────┬──▲─────┘ └────────┬───────┘ ║ │ ║
Image│ │QRContent │QRContent ║ │ ║
┌─────▼──┴─────┐ ┌────▼───────┐ ║ │ ║
│ QRFinder │ │ QRDecoder │ IssuerData ║ │ ║
└──────────────┘ └────┬───────┘ PublicKeys ║ │ ║
│QRContent ║ │ ║
┌─────────────────┬────────────┴─────┬───────────────────┐ ║ │ ║
╔══════════╪═════════════════╪══════════════════╪═══════════════════╪══╩══════╗ │ ║
║ ┌────────▼───────┐ ┌──────▼──────┐ ┌───────▼───────┐ ┌───────▼───────┐ ║ │ ║
║ │ HCertVerifier │ │ ShcVerifier │ │ DivocVerifier │ │ IcaoVerifier │ ║ │ ║
║ └────┬───────────┘ └──────┬──────┘ └───────┬───────┘ └───────┬───────┘ ║ │ ║
╚══════╪═════════════════════╪══════════════════╪═══════════════════╪═════════╝ │ ║
│HCERT CBOR │JWT JSON │JSONLD W3C VC │iJSON │ ║
┌────▼───────────┐ ┌──────▼──────┐ ┌──────▼──────┐ ┌──────▼──────┐ │ ║
│ CBORParser │ │ JSON Parser │ │ JSON Parser │ │ JSON Parser │ │ ║
└──┬──────────┬──┘ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │ ║
│WhoModel │DccModel │ShcModel │DivocModel │IcaoModel │ ║
╔═════╪══════════╪════════════╪══════════════════╪═══════════════════╪═════════╗ │ ║ StructureMaps
║ ┌───▼───────┐┌─▼─────────┐┌─▼─────────┐ ┌─────▼───────┐ ┌─────────▼───────┐ ║ │ ║
║ │ WHOMapper ││ DCCMapper ││ JWTMapper │ │ DivocMapper │ │ IJsonMapper │ ║══│══╝
║ └───┬───────┘└──┬────────┘└─┬─────────┘ └─────┬───────┘ └─────────┬───────┘ ║ │ ║
╚═════╪═══════════╪═══════════╪══════════════════╪═══════════════════╪═════════╝ │ ║
└───────────┴───────────┴────────────┬─────┴───────────────────┘ │ ║
│FHIR Bundle │ ║
┌─────────▼───────────┐ │ ║
│ Android Fhir Engine │ │ ║
│ (Save to Database) │ │ ║
└─────────┬───────────┘ │ ║
│Patient ID │ ║
┌─────────────────────┬───┴────────────────────┐ │ ║
╔═════════════╪═════════════════════╪════════════════════════╪══════════════╗ │ ║
║ ┌─────────▼──────────┐┌─────────▼──────────┐ ┌─────────▼──────────┐ ║ │ ║
║ │ Compile IG #1 ││ Compile IG #2 │...│ Compile IG #n │ ║ │ ║ CQL Libraries
║ │ (Assessment Rules) ││ (Assessment Rules) │ │ (Assessment Rules) │ ║══│══╝
║ └─────────┬──────────┘└─────────┬──────────┘ └─────────┬──────────┘ ║ │
╚═════════════╪═════════════════════╪════════════════════════╪══════════════╝ │
└─────────────────────┴───┬────────────────────┘ │
│Patient ID, Rule ID │
┌─────────▼──────────────┐ │
│ Android Fhir Workflow │ │
│ (Evaluate DDCC Status) │ │
└─────────┬──────────────┘ │
│DDCC Composite, DDCC Status │
┌──────▼─────────┐ │
│ DDCCFormatter ├→─ DDCC UI Card ────────────┘
└────────────────┘
- Generate a new signing key
keytool -genkey -v -keystore <my-release-key.keystore> -alias <alias_name> -keyalg RSA -keysize 2048 -validity 10000
- Create 4 Secret Key variables on your GitHub repository and fill in with the signing key information
KEY_ALIAS
<-<alias_name>
KEY_PASSWORD
<-<your password>
KEY_STORE_PASSWORD
<-<your key store password>
SIGNING_KEY
<- the data from<my-release-key.keystore>
- Change the
versionCode
andversionName
onapp/build.gradle
- Commit and push.
- Tag the commit with
v{x.x.x}
- Let the Create Release GitHub Action build a new
aab
file. - Add your CHANGE LOG to the description of the new release
- Download the
aab
file and upload it to the` PlayStore.
Issues and pull requests are very welcome.
Copyright 2021 PathCheck Inc
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.