This repository contains the source code of the EU Digital COVID Certificate Gateway Client.
The Gateway Client is part of the national backends and periodically downloads the public keys that are distributed through the DGCG. It is the only point of communication of the national backends with the European Gateway, also allowing the Member State to upload its national DSC (Document Signer Certificate) with which the digital certificates are signed.
This is the recommended way for taking part in the development. Please check, whether following prerequisites are installed on your machine:
- Open JDK 11 or a similar JDK 11 compatible VM
- Maven
- MongoDB a MongoDB instance running locally
This project also supports building a Docker image.
First ensure you have a MongoDB instance running locally on mongodb://
, otherwise change the connection url in the test file: ./src/test/resources/
To build the Docker image you first need to build the project from the root:
git clone
cd it-dgc-gateway-client
mvn clean package
Then, copy the file
contained in the path ./src/main/resources
into the ./it-dgc-gateway-client/config
mkdir -p it-dgc-gateway-client/config
cp ./src/main/resources/ ./it-dgc-gateway-client/config
You need also a security
folder which must contain both an sslclient
and a truststore
mkdir -p security/sslclient
mkdir -p security/truststore
By default the docker image uses a local mongodb instance running on mongodb://
, you can always change the connection url by editing the envar in the enviroment section of the docker-compose.yml
Also you need the DGCG (Digital Green Certificate Gateway) server running locally, you can install it from the public repo Digital Green Certificate Gateway.
To properly work the client needs also:
an external signature service (rest API)
. -
the certificate for the connection in mTLS to the Digital Green Certificate Gateway Service (the country of origin must be defined in the "country" field of the certificate subject) and pack it into a Java Key Store.
- SSLDGC_JKS_PATH=/security/sslclient/ssldgc.jks
- the certificate for the connection in mTLS with the external signing service and pack it into a Java Key Store.
- SIGN_EXTERNAL_URL=https://host/v1/sign
- SSLDP_JKS_PATH=/security/sslclient/ssldp.jks
- TrustAnchor to verify the signature of member state certificates and pack it into a Java Key Store.
- TRUST_JKS_PATH=/security/truststore/truststore.jks
Once the requirements above shown are satisfied open a shell with working directory and execute
docker-compose up --build
The project has been implemented in Java 11.
Maven is used for dependency management. Maven is a build manager tool and mostly used in java projects. Maven was built on a central concept of project object model (POM).
The pom.xml
contains all necessary information about the project, as well as configurations of plugins to be used during the build process.
The backend services follow a micro-service architecture, where each critical functionality is deployed as its own component. Components are distributed in dedicated Docker images, Docker being an industry standard platform for the containerization and virtualization of software.
The following dependencies are used to implement the business logic:
- spring data mongo. A libray which provides integration with the MongoDB document database. Key functional areas of Spring Data MongoDB are a POJO centric model for interacting with a MongoDB DBCollection and easily writing a Repository style data access layer. Released as an open-source project under the Apache 2.0 licence.
- Lombok. A Java library tool that generates code for minimizing boilerplate code. The library replaces boilerplate code with easy-to-use annotations.For example, by adding a couple of annotations, you can get rid of code clutters, such as getters and setters methods, constructors, hashcode, equals, and toString methods, and so on. Lombok is an open-source project released under the MIT licence.
- springdoc-openapi. A library that helps automating the generation of API documentation using spring boot projects. springdoc-openapi works by examining an application at runtime to infer API semantics based on spring configurations, class structure and various annotations. Released as an open-source project under the Apache 2.0 licence.
- BouncyCastle. a Java library that complements the default Java Cryptographic Extension (JCE). In this introductory article, we're going to show how to use BouncyCastle to perform cryptographic operations, such as encryption and signature. BouncyCastle is released as an open-source project under an adaptation of the MIT X11 licence.
- AkamaiOPEN-edgegrid-java. A Java library for EdgeGrid Client Authentication. Provides a client independent implement as well as concrete implementations for REST-assured and Google HTTP Client Library for Java integration. AkamaiOPEN-edgegrid-java is released as an open-source project under an adaptation of the Apache 2.0 licence.
- JaCoCo. A Maven plug-in that provides the JaCoCo runtime agent to your tests and allows basic report creation. JaCoCo is released as an open-source project under the EPL 2.0 licence.
- junit4. A simple framework to write repeatable tests. It is an instance of the xUnit architecture for unit testing frameworks. Junit4 is released as an open-source project under Eclipse Public License 1.0.
Contributions are most welcome. Before proceeding, please read the Code of Conduct for guidance on how to approach the community and create a positive environment. Additionally, please read our CONTRIBUTING file, which contains guidance on ensuring a smooth contribution process.
Here is a list of repository contributors. Thank you to everyone involved for improving this project, day by day.
Copyright 2021 (c) Ministero della Salute.
Please check the AUTHORS file for extended reference.
The licence for this repository is a GNU Affero General Public Licence version 3 (SPDX: AGPL-3.0). Please see the LICENSE file for full reference.