From 03a8c621aaf11c86e91eb217caa78469214e9f91 Mon Sep 17 00:00:00 2001
From: Mohamed <mohamed.metwalli@sap.com>
Date: Wed, 21 Apr 2021 16:33:43 +0200
Subject: [PATCH] Avoid double hashing of the hash (DEV) (#2894)

* Avoid double hashing and some logs

* lint

* Improve logging.

Co-authored-by: Matthias Urhahn <matthias.urhahn@sap.com>
---
 .../coronatest/qrcode/CoronaTestQRCode.kt        |  4 ++--
 .../submission/SubmissionRepository.kt           |  2 +-
 .../qrcode/scan/SubmissionQRCodeScanViewModel.kt | 16 ++++++++++------
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/qrcode/CoronaTestQRCode.kt b/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/qrcode/CoronaTestQRCode.kt
index 0db2d0ed6..651c5721e 100644
--- a/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/qrcode/CoronaTestQRCode.kt
+++ b/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/qrcode/CoronaTestQRCode.kt
@@ -3,7 +3,6 @@ package de.rki.coronawarnapp.coronatest.qrcode
 import android.os.Parcelable
 import de.rki.coronawarnapp.coronatest.TestRegistrationRequest
 import de.rki.coronawarnapp.coronatest.type.CoronaTest
-import de.rki.coronawarnapp.util.HashExtensions.toSHA256
 import kotlinx.parcelize.IgnoredOnParcel
 import kotlinx.parcelize.Parcelize
 import org.joda.time.Instant
@@ -49,7 +48,8 @@ sealed class CoronaTestQRCode : Parcelable, TestRegistrationRequest {
 
         @IgnoredOnParcel
         override val registrationIdentifier: String
-            get() = hash.toSHA256()
+            // We hash in the VerificationServer.retrieveRegistrationToken which was needed anyway for PCR
+            get() = hash
     }
 }
 
diff --git a/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/submission/SubmissionRepository.kt b/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/submission/SubmissionRepository.kt
index 155f7c318..82dfa2763 100644
--- a/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/submission/SubmissionRepository.kt
+++ b/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/submission/SubmissionRepository.kt
@@ -48,7 +48,7 @@ class SubmissionRepository @Inject constructor(
         scope.launch {
             val test = coronaTestRepository.coronaTests.first().singleOrNull { it.type == type }
                 ?: throw IllegalStateException("No test of type $type available")
-
+            Timber.tag(TAG).v("giveConsentToSubmission(type=$type): %s", test)
             coronaTestRepository.updateConsent(identifier = test.identifier, consented = true)
         }
     }
diff --git a/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/ui/submission/qrcode/scan/SubmissionQRCodeScanViewModel.kt b/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/ui/submission/qrcode/scan/SubmissionQRCodeScanViewModel.kt
index 18b06cf6f..eae290615 100644
--- a/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/ui/submission/qrcode/scan/SubmissionQRCodeScanViewModel.kt
+++ b/Corona-Warn-App/src/main/java/de/rki/coronawarnapp/ui/submission/qrcode/scan/SubmissionQRCodeScanViewModel.kt
@@ -39,13 +39,16 @@ class SubmissionQRCodeScanViewModel @AssistedInject constructor(
     val scanStatusValue = SingleLiveEvent<ScanStatus>()
 
     fun validateTestGUID(rawResult: String) = launch {
+        Timber.d("validateTestGUID(rawResult=$rawResult)")
         try {
             val coronaTestQRCode = qrCodeValidator.validate(rawResult)
+            Timber.d("validateTestGUID() coronaTestQRCode=%s", coronaTestQRCode)
             // TODO this needs to be adapted to work for different types
             QRCodeCensor.lastGUID = coronaTestQRCode.registrationIdentifier
             scanStatusValue.postValue(ScanStatus.SUCCESS)
 
             val coronaTest = submissionRepository.testForType(coronaTestQRCode.type).first()
+            Timber.d("validateTestGUID() existingTest=%s", coronaTest)
 
             if (coronaTest != null) {
                 routeToScreen.postValue(
@@ -75,12 +78,14 @@ class SubmissionQRCodeScanViewModel @AssistedInject constructor(
     @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
     internal suspend fun doDeviceRegistration(coronaTestQRCode: CoronaTestQRCode) {
         try {
+            Timber.d("doDeviceRegistration(coronaTestQRCode=%s)", coronaTestQRCode)
             registrationState.postValue(RegistrationState(ApiRequestState.STARTED))
             val coronaTest = submissionRepository.registerTest(coronaTestQRCode)
+            Timber.d("doDeviceRegistration() coronaTest=$coronaTest")
             if (isConsentGiven) {
                 submissionRepository.giveConsentToSubmission(type = coronaTestQRCode.type)
             }
-            checkTestResult(coronaTest.testResult)
+            checkTestResult(coronaTestQRCode, coronaTest)
             registrationState.postValue(
                 RegistrationState(
                     ApiRequestState.SUCCESS,
@@ -108,16 +113,15 @@ class SubmissionQRCodeScanViewModel @AssistedInject constructor(
         }
     }
 
-    private fun checkTestResult(testResult: CoronaTestResult) {
-        if (testResult == CoronaTestResult.PCR_REDEEMED) {
-            throw InvalidQRCodeException()
+    private fun checkTestResult(request: CoronaTestQRCode, test: CoronaTest) {
+        if (test.testResult == CoronaTestResult.PCR_REDEEMED) {
+            throw InvalidQRCodeException("CoronaTestResult already redeemed ${request.registrationIdentifier}")
         }
     }
 
     private fun deregisterTestFromDevice(coronaTest: CoronaTestQRCode) {
         launch {
-            Timber.d("deregisterTestFromDevice()")
-
+            Timber.d("deregisterTestFromDevice(coronaTest=%s)", coronaTest)
             submissionRepository.removeTestFromDevice(type = coronaTest.type)
             routeToScreen.postValue(SubmissionNavigationEvents.NavigateToMainActivity)
         }
-- 
GitLab