The DGCA-Verifier-Service provides a template implementation for a member state backend service for a verifier application.
A general overview of how the different member state backends work together, can be seen in the following picture.
As you can see in the picture, each member state backend provides the services for it's own applications (e.g. verifier, issuer and wallet). The member state synchronises the validation certificates over the DGCGateway.
The verifier service basically caches the public keys that are distributed through the DGCG to the member states backends. The service provides the Trust List of certificates for the verifier apps. The apps can get the list to update their key store via an api. To have an actual trust list the verifier service periodically polls the DGCG for the actual trust list.
In the git repository you will find two implementations of that download functionality:
-
The first one (SignerCertificateDownloadServiceImpl) implements the common access two the Digital Green Certificate Gateway via the DGC-lib. The DGC-lib provides a download connector, which handles the download and check of the certificates from the Digital Green Certificate Gateway.
-
The second one (SignerCertificateDownloadBtpServiceImpl) is a demo implementation to connect to the Digital Green Certificate Gateway on SAP's Business Technology Plattform. This implementation serves as a reference where you already have an endpoint to the gateway provided by your runtime environment and using the connector from the dgc-lib on top would be superfluous. In this case the endpoint is fully configured via the destination API available on BTP and the checks of the downloaded certificates must be done by the service.
In both cases the downloaded keys were stored in a postgres db and revoked keys were removed from it. The keys can than be requested by the verifier apps using the api described in the next section.
The api is described with OpenApi v3. You can access the API documentation in your web browser, when you run the service :
<base-url>/swagger
Which results in the following URL on your local machine: http://localhost:8080/swagger
From the latest release you can see the OpenApi doc online here: OpenAPI Spec
It is also possible to download the OpenApi file in json format from the latest release:
You can than put the file in the openapi viewer of your choice. (editor.swagger.io for example)
Further information can be found at ec.europa.eu/health
Especially at Volume 4: Digital Green Certificate Applications
And the github repository of the DGCG