Corona-Warn-App Verification Server
Development • Documentation • Support • Contribute • Contributors • Repositories • Licensing
The goal of this project is to develop the official Corona-Warn-App for Germany based on the exposure notification API from Apple and Google. The apps (for both iOS and Android) use Bluetooth technology to exchange anonymous encrypted data with other mobile phones (on which the app is also installed) in the vicinity of an app user's phone. The data is stored locally on each user's device, preventing authorities or other parties from accessing or controlling the data. This repository contains the verification service for the Corona-Warn-App.
About this component
In the world of the Corona Warn App the Verification Server helps validating whether upload requests from the mobile App are valid or not. The parts of the verification component cooperate in the following manner:
- The Verification Server of the Corona Warn App (repository: cwa-verification-server) helps validating whether upload requests from the mobile App are valid or not.
- The Verification Portal of the Corona Warn App (repository: cwa-verification-portal) allows hotline employees to generate teleTANs which are used by users of the mobile App to upload their diagnostic keys.
- The Verification Identity and Access of the Corona Warn App (repository: cwa-verification-iam) ensures that only authorized health personnel get access to the Verification Portal.
- The Test Result Server of the Corona Warn App (repository: cwa-testresult-server) receives the results from laboratories and delivers these results to the app via the verification-server.
You can find an architectural overview of the component in the
solution architecture document.
This component of the Corona-Warn-App whereas named verification process provides indeed two functionalities:
- prove that a pretended positive case is indeed positive
- provide the result of a COVID-19 test
To achieve this, the verification service gets the result of COVID-19 tests from LIS (Labor Information System) which delivers test results to it. The complete process is described in cwa-documentation/Solution Architecture to which you may refer for detailed information about the workflow.
The software stack of the verification server is based on Spring Boot, currently with an in-memory H2 database. As the persistence relies on Liquibase.
This component can be locally build in order to test the functionality of the interfaces and verify the concepts it is built upon.
There are two ways to build:
- Maven build - to run this component as spring application on your local machine
- Docker build - to run it as docker container build from the provided docker build file
Whether you cloned or downloaded the 'zipped' sources you will either find the sources in the chosen checkout-directory or get a zip file with the source code, which you can expand to a folder of your choice.
In either case open a terminal pointing to the directory you put the sources in. The local build process is described afterwards depending on the way you choose.
Maven based build
This is the recommended way for taking part in the
Please check, whether following prerequisites are installed on your machine:
You can then open a terminal pointing to the root directory of the verification server and do the following:
mvn package java -jar target/cwa-verification-server-0.0.1-SNAPSHOT.jar
The verification server will start up and run locally on your machine available on port 8080.
Docker based build
We recommend that you first check to ensure that Docker is installed on your machine.
On the command line do the following:
docker build -f|--file <path to dockerfile> -t <imagename> <path-to-verificationserver-root> docker run -p 127.0.0.1:8080:8080/tcp -it <imagename>
docker build --pull --rm -f "Dockerfile" -t cwa-verificationserver "." docker run -p 127.0.0.1:8080:8080/tcp -it cwa-verificationserver
if you are in the root of the checked out repository.
The docker image will then run on your local machine on port 8080 assuming you configured docker for shared network mode.
Along with the application there comes a swagger2 API documentation, which you can access in your web browser when the verification server applications runs:
Which results in the following URL on your local machine: http://localhost:8080/swagger-ui.html#/verification-controller
This repository contains files which support our CI/CD pipeline and will be removed without further notice
- DockerfileCi - used for the GitHub build chain
- Jenkinsfile - used for Telekom internal SBS (SoftwareBuildService)
The full documentation for the Corona-Warn-App can be found in the cwa-documentation repository. The documentation repository contains technical documents, architecture information, and white papers related to this implementation.
Support and feedback
The following channels are available for discussions, feedback, and support requests:
|Verification server issues|
How to contribute
Contribution and feedback is encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines. By participating in this project, you agree to abide by its Code of Conduct at all times.
The German government has asked SAP AG and Deutsche Telekom AG to develop the Corona-Warn-App for Germany as open source software. Deutsche Telekom is providing the network and mobile technology and will operate and run the backend for the app in a safe, scalable and stable manner. SAP is responsible for the app development, its framework and the underlying platform. Therefore, development teams of SAP and Deutsche Telekom are contributing to this project. At the same time our commitment to open source means that we are enabling -in fact encouraging- all interested parties to contribute and become part of its developer community.
The following public repositories are currently available for the Corona-Warn-App:
|cwa-documentation||Project overview, general documentation, and white papers|
|cwa-server||Backend implementation for the Apple/Google exposure notification API|
|cwa-verification-server||Backend implementation of the verification process|
|cwa-verification-portal||The portal to interact with the verification server|
|cwa-verification-iam||The identy and access management to interact with the verification server|
|cwa-testresult-server||receives the test results from connected laboratories|
Copyright (c) 2020 Deutsche Telekom AG.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the LICENSE for the specific language governing permissions and limitations under the License.