diff --git a/CryptoLib/CryptoLib.xcodeproj/project.pbxproj b/CryptoLib/CryptoLib.xcodeproj/project.pbxproj index 59ece97e2..1c40ee374 100644 --- a/CryptoLib/CryptoLib.xcodeproj/project.pbxproj +++ b/CryptoLib/CryptoLib.xcodeproj/project.pbxproj @@ -28,9 +28,9 @@ 39852A5420AB2418004CB100 /* DdocParserDelegate.h in Headers */ = {isa = PBXBuildFile; fileRef = 39852A4A20AB2418004CB100 /* DdocParserDelegate.h */; }; 39E2B4D920AD7A3400CA74A8 /* Addressee.m in Sources */ = {isa = PBXBuildFile; fileRef = 39E2B4CF20AD7A3400CA74A8 /* Addressee.m */; }; 39E2B4DF20AD7A3400CA74A8 /* Addressee.h in Headers */ = {isa = PBXBuildFile; fileRef = 39E2B4D520AD7A3400CA74A8 /* Addressee.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 4E3681D82D40EAAD00D76DAB /* LDAPResponse.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4E3681D62D40EAAD00D76DAB /* LDAPResponse.swift */; }; 4E3681D92D40EAAD00D76DAB /* OpenLdap.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4E3681D72D40EAAD00D76DAB /* OpenLdap.swift */; }; 4E3681DB2D40EAE800D76DAB /* MoppLdapConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4E3681DA2D40EAE800D76DAB /* MoppLdapConfiguration.swift */; }; + 4EAC69122D481D1C00A53079 /* ASN1Decoder in Frameworks */ = {isa = PBXBuildFile; productRef = 4EAC69112D481D1C00A53079 /* ASN1Decoder */; }; DFA40D2F2ADF635F003EF945 /* 3513523f.0 in Resources */ = {isa = PBXBuildFile; fileRef = DFA40D2E2ADF635F003EF945 /* 3513523f.0 */; }; DFC7CA452AE010C9009D85FF /* 9f4c149e.0 in Resources */ = {isa = PBXBuildFile; fileRef = DFC7CA442AE010C9009D85FF /* 9f4c149e.0 */; }; /* End PBXBuildFile section */ @@ -71,7 +71,6 @@ 39E2B4CF20AD7A3400CA74A8 /* Addressee.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Addressee.m; sourceTree = ""; }; 39E2B4D520AD7A3400CA74A8 /* Addressee.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Addressee.h; sourceTree = ""; }; 4E01B4A62AEFDD3B00941723 /* build-cdoc.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = "build-cdoc.sh"; sourceTree = ""; }; - 4E3681D62D40EAAD00D76DAB /* LDAPResponse.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LDAPResponse.swift; sourceTree = ""; }; 4E3681D72D40EAAD00D76DAB /* OpenLdap.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OpenLdap.swift; sourceTree = ""; }; 4E3681DA2D40EAE800D76DAB /* MoppLdapConfiguration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MoppLdapConfiguration.swift; sourceTree = ""; }; DFA40D2E2ADF635F003EF945 /* 3513523f.0 */ = {isa = PBXFileReference; lastKnownFileType = text; path = 3513523f.0; sourceTree = ""; }; @@ -83,6 +82,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 4EAC69122D481D1C00A53079 /* ASN1Decoder in Frameworks */, 393B66E020DB94B4001DC89B /* cdoc.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; @@ -141,7 +141,6 @@ isa = PBXGroup; children = ( 4E3681D72D40EAAD00D76DAB /* OpenLdap.swift */, - 4E3681D62D40EAAD00D76DAB /* LDAPResponse.swift */, 4E3681DA2D40EAE800D76DAB /* MoppLdapConfiguration.swift */, ); name = Ldap; @@ -253,6 +252,9 @@ en, ); mainGroup = 39231FA020AB1C6C00E1E2B4; + packageReferences = ( + 4EAC68FF2D47839500A53079 /* XCRemoteSwiftPackageReference "ASN1Decoder" */, + ); productRefGroup = 39231FAB20AB1C6C00E1E2B4 /* Products */; projectDirPath = ""; projectRoot = ""; @@ -290,7 +292,6 @@ 39E2B4D920AD7A3400CA74A8 /* Addressee.m in Sources */, 39852A5320AB2418004CB100 /* Encrypt.mm in Sources */, 39266A5120CFBDF8002E3F23 /* SmartCardTokenWrapper.mm in Sources */, - 4E3681D82D40EAAD00D76DAB /* LDAPResponse.swift in Sources */, 4E3681D92D40EAAD00D76DAB /* OpenLdap.swift in Sources */, 4E3681DB2D40EAE800D76DAB /* MoppLdapConfiguration.swift in Sources */, ); @@ -542,6 +543,25 @@ defaultConfigurationName = Release; }; /* End XCConfigurationList section */ + +/* Begin XCRemoteSwiftPackageReference section */ + 4EAC68FF2D47839500A53079 /* XCRemoteSwiftPackageReference "ASN1Decoder" */ = { + isa = XCRemoteSwiftPackageReference; + repositoryURL = "https://github.com/filom/ASN1Decoder"; + requirement = { + kind = exactVersion; + version = 1.9.0; + }; + }; +/* End XCRemoteSwiftPackageReference section */ + +/* Begin XCSwiftPackageProductDependency section */ + 4EAC69112D481D1C00A53079 /* ASN1Decoder */ = { + isa = XCSwiftPackageProductDependency; + package = 4EAC68FF2D47839500A53079 /* XCRemoteSwiftPackageReference "ASN1Decoder" */; + productName = ASN1Decoder; + }; +/* End XCSwiftPackageProductDependency section */ }; rootObject = 39231FA120AB1C6C00E1E2B4 /* Project object */; } diff --git a/CryptoLib/CryptoLib/Addressee.h b/CryptoLib/CryptoLib/Addressee.h index a352a22e7..2fd347104 100644 --- a/CryptoLib/CryptoLib/Addressee.h +++ b/CryptoLib/CryptoLib/Addressee.h @@ -28,5 +28,6 @@ @property (nonatomic, strong) NSString *identifier; @property (nonatomic, strong) NSData *cert; @property (nonatomic, strong) NSDate *validTo; +@property (nonatomic, strong) NSArray *policyIdentifiers; @end diff --git a/CryptoLib/CryptoLib/Ldap/LDAPResponse.swift b/CryptoLib/CryptoLib/Ldap/LDAPResponse.swift deleted file mode 100644 index 96e497614..000000000 --- a/CryptoLib/CryptoLib/Ldap/LDAPResponse.swift +++ /dev/null @@ -1,90 +0,0 @@ -// -// LDAPResponse.swift -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -import Foundation -import LDAP - -public class LDAPResponse: NSObject { - @objc public var userCertificate: [Data] = [] - @objc public var cn: String = "" - - typealias BerElement = OpaquePointer - - init(ldap: LDAP, msg: LDAPMessage) { - var ber: BerElement? - var attrPointer = ldap_first_attribute(ldap, msg, &ber) - while let attr = attrPointer { - defer { ldap_memfree(attr) } - let tag = String(cString: attr) - switch tag { - case "cn": cn = (LDAPResponse.values(ldap: ldap, msg: msg, tag: tag) as [String]).first ?? "" - case "userCertificate;binary": userCertificate = LDAPResponse.values(ldap: ldap, msg: msg, tag: tag) - default: break - } - attrPointer = ldap_next_attribute(ldap, msg, ber) - } - if let ber = ber { - ber_free(ber, 0) - } - - if let namePointer = ldap_get_dn(ldap, msg) { - print("Result (\(userCertificate.count)) \(String(cString: namePointer))") - ldap_memfree(namePointer) - } - } - - static func from(ldap: LDAP, msg: LDAPMessage) -> [LDAPResponse] { - var result: [LDAPResponse] = [] - var message = ldap_first_message(ldap, msg) - while let currentMessage = message { - if ldap_msgtype(currentMessage) == LDAP_RES_SEARCH_ENTRY { - let response = LDAPResponse(ldap: ldap, msg: currentMessage) - if !response.userCertificate.isEmpty { - result.append(response) - } - } - message = ldap_next_message(ldap, currentMessage) - } - return result - } - - static func values(ldap: LDAP, msg: LDAPMessage, tag: String) -> [T] { - var result: [T] = [] - guard let bvals = ldap_get_values_len(ldap, msg, tag) else { - return result - } - defer { ldap_value_free_len(bvals) } - - var i = 0 - while let bval = bvals[i] { - let value = bval.pointee.bv_val - let length = bval.pointee.bv_len - if T.self == Data.self { - result.append(Data(bytes: value!, count: Int(length)) as! T) - } else if T.self == String.self, let stringValue = String(validatingUTF8: value!) { - result.append(stringValue as! T) - } - i += 1 - } - return result - } -} diff --git a/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift b/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift index 01206182c..888e98307 100644 --- a/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift +++ b/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift @@ -23,7 +23,7 @@ import Foundation -public class MoppLdapConfiguration: NSObject { +public class MoppLdapConfiguration { var LDAPCERTS: [String] = [] var LDAPPERSONURL: String = "" var LDAPCORPURL: String = "" @@ -32,6 +32,5 @@ public class MoppLdapConfiguration: NSObject { self.LDAPCERTS = ldapCerts self.LDAPPERSONURL = ldapPersonURL self.LDAPCORPURL = ldapCorpURL - super.init() } } diff --git a/CryptoLib/CryptoLib/Ldap/OpenLdap.swift b/CryptoLib/CryptoLib/Ldap/OpenLdap.swift index 9411c42e1..1472d3709 100644 --- a/CryptoLib/CryptoLib/Ldap/OpenLdap.swift +++ b/CryptoLib/CryptoLib/Ldap/OpenLdap.swift @@ -22,33 +22,53 @@ import Foundation import LDAP +import ASN1Decoder -typealias LDAP = OpaquePointer -typealias LDAPMessage = OpaquePointer +public class OpenLdap { + typealias LDAP = OpaquePointer + typealias LDAPMessage = OpaquePointer + typealias BerElement = OpaquePointer -public class OpenLdap: NSObject { - private override init() {} + enum KeyUsage: Int { + case digitalSignature = 0 + case nonRepudiation = 1 + case keyEncipherment = 2 + case dataEncipherment = 3 + case keyAgreement = 4 + case keyCertSign = 5 + case cRLSign = 6 + case encipherOnly = 7 + case decipherOnly = 8 + } - @objc static public func search(identityCode: String, configuration: MoppLdapConfiguration, withCertificate cert: String?) -> [LDAPResponse] { - if configuration.LDAPCERTS.isEmpty { - var result = search(identityCode: identityCode, url: configuration.LDAPPERSONURL, certificatePath: nil) + static public func search(identityCode: String, configuration: MoppLdapConfiguration, + success: @escaping ([Addressee]) -> Void) { + DispatchQueue.global(qos: .default).async { + var filePath: String? = nil + if let libraryPath = FileManager.default.urls(for: .libraryDirectory, in: .userDomainMask).first { + filePath = libraryPath.appendingPathComponent("LDAPCerts/ldapCerts.pem").path + if !FileManager.default.fileExists(atPath: filePath!) { + print("File ldapCerts.pem does not exist at directory path: \(filePath!)") + filePath = nil + } + } - if result.isEmpty { - result = search(identityCode: identityCode, url: configuration.LDAPCORPURL, certificatePath: nil) + var result = [Addressee]() + if isPersonalCode(identityCode) { + print("Searching with personal code from LDAP") + result = search(identityCode: identityCode, url: configuration.LDAPPERSONURL, certificatePath: filePath) + } else { + print("Searching with corporation keyword from LDAP") + result = search(identityCode: identityCode, url: configuration.LDAPCORPURL, certificatePath: filePath) } - return result - } - if isPersonalCode(identityCode) { - print("Searching with personal code from LDAP") - return search(identityCode: identityCode, url: configuration.LDAPPERSONURL, certificatePath: cert) - } else { - print("Searching with corporation keyword from LDAP") - return search(identityCode: identityCode, url: configuration.LDAPCORPURL, certificatePath: cert) + DispatchQueue.main.async { + success(result) + } } } - static private func search(identityCode: String, url: String, certificatePath: String?) -> [LDAPResponse] { + static private func search(identityCode: String, url: String, certificatePath: String?) -> [Addressee] { let secureLdap = url.lowercased().hasPrefix("ldaps") if secureLdap { if let certificatePath = certificatePath, !certificatePath.isEmpty { @@ -66,7 +86,7 @@ public class OpenLdap: NSObject { } var ldap: LDAP? - let ldapReturnCode = ldap_initialize(&ldap, url.cString(using: .utf8)) + let ldapReturnCode = ldap_initialize(&ldap, url) defer { if let ldap = ldap { ldap_unbind_ext_s(ldap, nil, nil) } } @@ -91,18 +111,32 @@ public class OpenLdap: NSObject { } var msg: LDAPMessage? print("Searching from LDAP. Url: \(url) \(filter)") - ldap_search_ext_s(ldap, "c=EE", LDAP_SCOPE_SUBTREE, filter, nil, 0, nil, nil, nil, 0, &msg) + var attr = Array("userCertificate;binary".utf8CString) + _ = attr.withUnsafeMutableBufferPointer { attr in + var attrs = [attr.baseAddress, nil] + return attrs.withUnsafeMutableBufferPointer { attrs in + ldap_search_ext_s(ldap, "c=EE", LDAP_SCOPE_SUBTREE, filter, attrs.baseAddress, 0, nil, nil, nil, 0, &msg) + } + } if let msg = msg { defer { ldap_msgfree(msg) } - return LDAPResponse.from(ldap: ldap!, msg: msg) + var result = [Addressee]() + var message = ldap_first_message(ldap, msg) + while let currentMessage = message { + if ldap_msgtype(currentMessage) == LDAP_RES_SEARCH_ENTRY { + result.append(contentsOf: attributes(ldap: ldap!, msg: currentMessage)) + } + message = ldap_next_message(ldap, currentMessage) + } + return result } return [] } static private func setLdapOption(option: Int32, value: String) -> Bool { - let result = ldap_set_option(nil, option, value.cString(using: .utf8)) + let result = ldap_set_option(nil, option, value) if result != LDAP_SUCCESS { print("ldap_set_option failed: \(String(cString: ldap_err2string(result)))") return false @@ -113,4 +147,91 @@ public class OpenLdap: NSObject { static private func isPersonalCode(_ inputString: String) -> Bool { return inputString.count == 11 && inputString.rangeOfCharacter(from: CharacterSet.decimalDigits.inverted) == nil } + + static private func attributes(ldap: LDAP, msg: LDAPMessage) -> [Addressee] { + var result = [Addressee]() + var ber: BerElement? + var attrPointer = ldap_first_attribute(ldap, msg, &ber) + while let attr = attrPointer { + defer { ldap_memfree(attr) } + result.append(contentsOf: values(ldap: ldap, msg: msg, tag: String(cString: attr))) + attrPointer = ldap_next_attribute(ldap, msg, ber) + } + if let ber = ber { + ber_free(ber, 0) + } + + if let namePointer = ldap_get_dn(ldap, msg) { + print("Result (\(result.count)) \(String(cString: namePointer))") + ldap_memfree(namePointer) + } + return result + } + + static private func values(ldap: LDAP, msg: LDAPMessage, tag: String) -> [Addressee] { + var result = [Addressee]() + guard let bvals = ldap_get_values_len(ldap, msg, tag) else { + return result + } + defer { ldap_value_free_len(bvals) } + + var i = 0 + while let bval = bvals[i] { + let data = Data(bytes: bval.pointee.bv_val, count: Int(bval.pointee.bv_len)) + i += 1 + guard let x509 = try? X509Certificate(der: data) else { + continue + } + var isIdCardType = false + var isDigiIdType = false + var isMobileID = false + var isESeal = false + var policyIdentifiers = [String]() + if let ext = x509.extensionObject(oid: OID.certificatePolicies) as? X509Certificate.CertificatePoliciesExtension { + for policy in ext.policies ?? [] { + policyIdentifiers.append(policy.oid) + switch policy.oid { + case let oid where oid.starts(with: "1.3.6.1.4.1.10015.1.1"), + let oid where oid.starts(with: "1.3.6.1.4.1.51361.1.1.1"): + isIdCardType = true + case let oid where oid.starts(with: "1.3.6.1.4.1.10015.1.2"), + let oid where oid.starts(with: "1.3.6.1.4.1.51361.1.1"), + let oid where oid.starts(with: "1.3.6.1.4.1.51455.1.1"): + isDigiIdType = true + case let oid where oid.starts(with: "1.3.6.1.4.1.10015.1.3"), + let oid where oid.starts(with: "1.3.6.1.4.1.10015.11.1"): + isMobileID = true + case let oid where oid.starts(with: "1.3.6.1.4.1.10015.7.3"), + let oid where oid.starts(with: "1.3.6.1.4.1.10015.7.1"), + let oid where oid.starts(with: "1.3.6.1.4.1.10015.2.1"): + isESeal = true + default: + break + } + } + } + let isUnknown = !isIdCardType && !isDigiIdType && !isMobileID && !isESeal + + if x509.keyUsage[KeyUsage.keyEncipherment.rawValue] || x509.keyUsage[KeyUsage.keyAgreement.rawValue], + !x509.extendedKeyUsage.contains(OID.serverAuth.rawValue), + !isESeal || !x509.extendedKeyUsage.contains(OID.clientAuth.rawValue), + !isMobileID && !isUnknown { + let cn = x509.subject(oid: OID.commonName)?.joined(separator: ",") ?? "" + let split = cn.split(separator: ",").map { String($0) } + let addressee = Addressee() + if split.count == 3 { + addressee.surname = split[0] + addressee.givenName = split[1] + addressee.identifier = split[2] + } else { + addressee.identifier = cn + } + addressee.cert = data + addressee.validTo = x509.notAfter ?? Date() + addressee.policyIdentifiers = policyIdentifiers + result.append(addressee) + } + } + return result + } } diff --git a/MoppApp/MoppApp/AddresseeActions.swift b/MoppApp/MoppApp/AddresseeActions.swift index dcb4f12d7..bf27e14cd 100644 --- a/MoppApp/MoppApp/AddresseeActions.swift +++ b/MoppApp/MoppApp/AddresseeActions.swift @@ -38,8 +38,7 @@ extension AddresseeActions { } func determineInfo(addressee: Addressee) -> String { - let policyIdentifiers = MoppLibManager.certificatePolicyIdentifiers(addressee.cert) - let addresseeType = displayAddresseeType(policyIdentifiers as? [String] ?? []) + let addresseeType = displayAddresseeType(addressee.policyIdentifiers) let validTo = "\(L(LocKey.cryptoValidTo)) \(MoppDateFormatter.shared.ddMMYYYY(toString: addressee.validTo))" return "\(addresseeType) (\(validTo))" } diff --git a/MoppApp/MoppApp/AddresseeViewController.swift b/MoppApp/MoppApp/AddresseeViewController.swift index add730800..a74c90bd1 100644 --- a/MoppApp/MoppApp/AddresseeViewController.swift +++ b/MoppApp/MoppApp/AddresseeViewController.swift @@ -22,6 +22,7 @@ */ import Foundation +import CryptoLib protocol AddresseeViewControllerDelegate: AnyObject { func addAddresseeToContainer(selectedAddressees: [Addressee]) @@ -91,31 +92,23 @@ class AddresseeViewController : MoppViewController { submittedQuery = trimmedText selectedIndexes = [] showLoading(show: true) - MoppLibCryptoActions.sharedInstance().searchLdapData( - trimmedText, - success: { (_ ldapResponse: NSMutableArray?) -> Void in - _ = ldapResponse?.sorted {($0 as? Addressee)?.identifier ?? "" < ($1 as? Addressee)?.identifier ?? "" } - - self.foundAddressees = ((ldapResponse?.sorted {($0 as? Addressee)?.identifier ?? "" < ($1 as? Addressee)?.identifier ?? "" } as? [Addressee]? ?? []) ?? []) + + if (!MoppLibManager.sharedInstance().isConnected()) { + self.infoAlert(message: L(.noConnectionMessage)) + self.showLoading(show: false) + return + } + + OpenLdap.search(identityCode: trimmedText, configuration: MoppLDAPConfiguration.getMoppLDAPConfiguration()) { result in + if (result.count > 0) { + self.foundAddressees = result.sorted { $0.identifier < $1.identifier } self.showLoading(show: false) self.tableView.reloadData() - }, - failure: { error in - guard let nsError = error as NSError? else { - self.infoAlert(message: L(.genericErrorMessage)) - self.showLoading(show: false) - return - } - DispatchQueue.main.async { - if nsError.code == Int(MoppLibErrorCode.moppLibErrorNoInternetConnection.rawValue) { - self.infoAlert(message: L(.noConnectionMessage)) - } else { - self.infoAlert(message: "\(L(.cryptoEmptyLdapLabel)) \(MessageUtil.generateDetailedErrorMessage(error: nsError) ?? "")") - } - self.showLoading(show: false) - } - }, configuration: MoppLDAPConfiguration.getMoppLDAPConfiguration() - ) + } else { + self.infoAlert(message: "\(L(.cryptoEmptyLdapLabel))") + self.showLoading(show: false) + } + }; } } diff --git a/MoppApp/MoppApp/Configuration.swift b/MoppApp/MoppApp/Configuration.swift index 85c7dfd24..8d0037531 100644 --- a/MoppApp/MoppApp/Configuration.swift +++ b/MoppApp/MoppApp/Configuration.swift @@ -24,6 +24,7 @@ import Foundation import ASN1Decoder +import CryptoLib internal struct MOPPConfiguration: Codable { var TSLURL: String diff --git a/MoppLib/MoppLib.xcodeproj/project.pbxproj b/MoppLib/MoppLib.xcodeproj/project.pbxproj index 85f8e2708..2902beca6 100644 --- a/MoppLib/MoppLib.xcodeproj/project.pbxproj +++ b/MoppLib/MoppLib.xcodeproj/project.pbxproj @@ -65,8 +65,6 @@ DF1503872AC5CE32007222B2 /* OCMock in Frameworks */ = {isa = PBXBuildFile; productRef = DF1503862AC5CE32007222B2 /* OCMock */; }; DF169D5A2B9000F0000DD46C /* MoppLibDigidocValidateOnline.h in Headers */ = {isa = PBXBuildFile; fileRef = DF169D592B9000F0000DD46C /* MoppLibDigidocValidateOnline.h */; settings = {ATTRIBUTES = (Public, ); }; }; DF169D5C2B90011E000DD46C /* MoppLibDigidocValidateOnline.m in Sources */ = {isa = PBXBuildFile; fileRef = DF169D5B2B90011E000DD46C /* MoppLibDigidocValidateOnline.m */; }; - DF1EE2BD234DD20500E37CA8 /* MoppLibCertificateInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DF1EE2BB234DD20500E37CA8 /* MoppLibCertificateInfo.h */; settings = {ATTRIBUTES = (Public, ); }; }; - DF1EE2BE234DD20500E37CA8 /* MoppLibCertificateInfo.mm in Sources */ = {isa = PBXBuildFile; fileRef = DF1EE2BC234DD20500E37CA8 /* MoppLibCertificateInfo.mm */; }; DFBDF1F827DA44BD00A5CF3C /* MoppLibRoleAddressData.h in Headers */ = {isa = PBXBuildFile; fileRef = DFBDF1F727DA44BD00A5CF3C /* MoppLibRoleAddressData.h */; settings = {ATTRIBUTES = (Public, ); }; }; DFBDF1FA27DA44FD00A5CF3C /* MoppLibRoleAddressData.m in Sources */ = {isa = PBXBuildFile; fileRef = DFBDF1F927DA44FD00A5CF3C /* MoppLibRoleAddressData.m */; }; DFDD76292B507EFF0008EC2C /* MoppLibProxyConfiguration.h in Headers */ = {isa = PBXBuildFile; fileRef = DFDD76282B507EFF0008EC2C /* MoppLibProxyConfiguration.h */; settings = {ATTRIBUTES = (Public, ); }; }; @@ -76,8 +74,6 @@ E4180C161E23FE9300FD7B8C /* MLDateFormatter.h in Headers */ = {isa = PBXBuildFile; fileRef = E4180C141E23FE9300FD7B8C /* MLDateFormatter.h */; }; E4180C171E23FE9300FD7B8C /* MLDateFormatter.m in Sources */ = {isa = PBXBuildFile; fileRef = E4180C151E23FE9300FD7B8C /* MLDateFormatter.m */; }; E4250CEC1E09695100530370 /* MoppLib.h in Headers */ = {isa = PBXBuildFile; fileRef = E4250CEA1E09695100530370 /* MoppLib.h */; settings = {ATTRIBUTES = (Public, ); }; }; - E4250CFC1E096BEA00530370 /* libz.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = E4250CFB1E096BEA00530370 /* libz.tbd */; }; - E4250CFE1E096BEF00530370 /* libxml2.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = E4250CFD1E096BEF00530370 /* libxml2.tbd */; }; E4250D001E096CAA00530370 /* test.bdoc in Resources */ = {isa = PBXBuildFile; fileRef = E4250CFF1E096CAA00530370 /* test.bdoc */; }; E42B08B51E1F0B3B00EA24A3 /* MoppLibContainer.h in Headers */ = {isa = PBXBuildFile; fileRef = E42B08B31E1F0B3B00EA24A3 /* MoppLibContainer.h */; settings = {ATTRIBUTES = (Public, ); }; }; E42B08B61E1F0B3B00EA24A3 /* MoppLibContainer.m in Sources */ = {isa = PBXBuildFile; fileRef = E42B08B41E1F0B3B00EA24A3 /* MoppLibContainer.m */; }; @@ -169,8 +165,6 @@ C5F462A7209727E8001B7D59 /* CoreBluetooth.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreBluetooth.framework; path = System/Library/Frameworks/CoreBluetooth.framework; sourceTree = SDKROOT; }; DF169D592B9000F0000DD46C /* MoppLibDigidocValidateOnline.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MoppLibDigidocValidateOnline.h; sourceTree = ""; }; DF169D5B2B90011E000DD46C /* MoppLibDigidocValidateOnline.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MoppLibDigidocValidateOnline.m; sourceTree = ""; }; - DF1EE2BB234DD20500E37CA8 /* MoppLibCertificateInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MoppLibCertificateInfo.h; sourceTree = ""; }; - DF1EE2BC234DD20500E37CA8 /* MoppLibCertificateInfo.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MoppLibCertificateInfo.mm; sourceTree = ""; }; DFBDF1F727DA44BD00A5CF3C /* MoppLibRoleAddressData.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MoppLibRoleAddressData.h; sourceTree = ""; }; DFBDF1F927DA44FD00A5CF3C /* MoppLibRoleAddressData.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MoppLibRoleAddressData.m; sourceTree = ""; }; DFDD76282B507EFF0008EC2C /* MoppLibProxyConfiguration.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MoppLibProxyConfiguration.h; sourceTree = ""; }; @@ -182,8 +176,6 @@ E4250CE71E09695100530370 /* MoppLib.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = MoppLib.framework; sourceTree = BUILT_PRODUCTS_DIR; }; E4250CEA1E09695100530370 /* MoppLib.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MoppLib.h; sourceTree = ""; }; E4250CEB1E09695100530370 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; - E4250CFB1E096BEA00530370 /* libz.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libz.tbd; path = usr/lib/libz.tbd; sourceTree = SDKROOT; }; - E4250CFD1E096BEF00530370 /* libxml2.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libxml2.tbd; path = usr/lib/libxml2.tbd; sourceTree = SDKROOT; }; E4250CFF1E096CAA00530370 /* test.bdoc */ = {isa = PBXFileReference; lastKnownFileType = file; path = test.bdoc; sourceTree = ""; }; E42B08B31E1F0B3B00EA24A3 /* MoppLibContainer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MoppLibContainer.h; sourceTree = ""; }; E42B08B41E1F0B3B00EA24A3 /* MoppLibContainer.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MoppLibContainer.m; sourceTree = ""; }; @@ -218,8 +210,6 @@ C5F462A8209727E8001B7D59 /* CoreBluetooth.framework in Frameworks */, 4E63A77B2AEA7C5A00CEE392 /* digidocpp.framework in Frameworks */, C54EA73020499DFC0039AC78 /* ExternalAccessory.framework in Frameworks */, - E4250CFE1E096BEF00530370 /* libxml2.tbd in Frameworks */, - E4250CFC1E096BEA00530370 /* libz.tbd in Frameworks */, C5AAAF8220C9621D0087D6DA /* libiRockey301_ccid.a in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; @@ -281,8 +271,6 @@ AE0A84491E43853800CC1465 /* MoppLibMobileCreateSignatureResponse.m */, DFF3C3A723322E0C0079458A /* MOPPLibConfiguration.h */, DFF3C3A823322E0C0079458A /* MOPPLibConfiguration.m */, - DF1EE2BB234DD20500E37CA8 /* MoppLibCertificateInfo.h */, - DF1EE2BC234DD20500E37CA8 /* MoppLibCertificateInfo.mm */, DFBDF1F727DA44BD00A5CF3C /* MoppLibRoleAddressData.h */, DFBDF1F927DA44FD00A5CF3C /* MoppLibRoleAddressData.m */, ); @@ -340,8 +328,6 @@ C5F462A7209727E8001B7D59 /* CoreBluetooth.framework */, C54EA72F20499DFC0039AC78 /* ExternalAccessory.framework */, C5AAAF8120C9621D0087D6DA /* libiRockey301_ccid.a */, - E4250CFD1E096BEF00530370 /* libxml2.tbd */, - E4250CFB1E096BEA00530370 /* libz.tbd */, ); name = Frameworks; sourceTree = ""; @@ -468,7 +454,6 @@ AE0A844A1E43853800CC1465 /* MoppLibMobileCreateSignatureResponse.h in Headers */, 54DC0E011E0D48C900C62B3D /* MoppLibError.h in Headers */, E4180C161E23FE9300FD7B8C /* MLDateFormatter.h in Headers */, - DF1EE2BD234DD20500E37CA8 /* MoppLibCertificateInfo.h in Headers */, E42B08C51E1F11B900EA24A3 /* MoppLibDataFile.h in Headers */, C54EA736204D90D50039AC78 /* MoppLibCardReaderManager.h in Headers */, 399C01E620BC17A10056D7AC /* MoppLibCryptoActions.h in Headers */, @@ -640,7 +625,6 @@ C54EA732204D5E860039AC78 /* CardReaderiR301.m in Sources */, 545111731E13BBA800296B80 /* MoppLibPersonalData.m in Sources */, E4180C171E23FE9300FD7B8C /* MLDateFormatter.m in Sources */, - DF1EE2BE234DD20500E37CA8 /* MoppLibCertificateInfo.mm in Sources */, DFF3C3AA23322E0D0079458A /* MOPPLibConfiguration.m in Sources */, 54DC0E021E0D48C900C62B3D /* MoppLibError.m in Sources */, E42B08C61E1F11B900EA24A3 /* MoppLibDataFile.m in Sources */, @@ -733,7 +717,7 @@ CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES; CLANG_ANALYZER_NONNULL = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; @@ -766,7 +750,7 @@ DEFINES_MODULE = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_C_LANGUAGE_STANDARD = gnu17; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; @@ -800,7 +784,7 @@ CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES; CLANG_ANALYZER_NONNULL = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; @@ -829,11 +813,10 @@ "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 1; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; DEFINES_MODULE = YES; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_C_LANGUAGE_STANDARD = gnu17; GCC_NO_COMMON_BLOCKS = YES; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = PrefixHeader.pch; diff --git a/MoppLib/MoppLib/MoppLibDigidocManager.h b/MoppLib/MoppLib/MoppLibDigidocManager.h index 1ab1115ff..8e674d608 100644 --- a/MoppLib/MoppLib/MoppLibDigidocManager.h +++ b/MoppLib/MoppLib/MoppLibDigidocManager.h @@ -58,6 +58,5 @@ typedef enum { - (NSString *)moppAppVersion; - (NSString *)iOSVersion; - (NSString *)userAgent; -+ (NSArray *)certificatePolicyIdentifiers:(NSData *)certData; + (NSString *)sanitize:(NSString *)text; @end diff --git a/MoppLib/MoppLib/MoppLibDigidocManager.mm b/MoppLib/MoppLib/MoppLibDigidocManager.mm index 784066d4a..ab032a78f 100644 --- a/MoppLib/MoppLib/MoppLibDigidocManager.mm +++ b/MoppLib/MoppLib/MoppLibDigidocManager.mm @@ -334,27 +334,6 @@ - (void)setupWithSuccess:(VoidBlock)success andFailure:(FailureBlock)failure usi return digidoc::X509Cert(reinterpret_cast(data.bytes), data.length); } -+ (NSArray *)certificatePolicyIdentifiers:(NSData *)certData { - digidoc::X509Cert x509Cert; - try { - x509Cert = [self getCertFromData:certData]; - } catch(const digidoc::Exception &e) { - parseException(e); - printLog(@"Unable to create a X509 certificate object for Certificate Policy Identifiers. Code: %u, message: %s", e.code(), e.msg().c_str()); - return @[]; - } catch(...) { - printLog(@"Creating a X509 certificate object raised exception\n"); - return @[]; - } - - auto policies = x509Cert.certificatePolicies(); - NSMutableArray *result = [NSMutableArray new]; - for (auto p : policies) { - [result addObject:[NSString stringWithUTF8String:p.c_str()]]; - } - return result; -} - + (NSData *)getDataToSign { std::vector dataTosign = signature->dataToSign(); return [NSData dataWithBytes:dataTosign.data() length:dataTosign.size()]; diff --git a/MoppLib/MoppLib/PublicInterface/MoppLib.h b/MoppLib/MoppLib/PublicInterface/MoppLib.h index 496e9eb48..b0a6e315f 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLib.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLib.h @@ -43,5 +43,4 @@ FOUNDATION_EXPORT const unsigned char MoppLibVersionString[]; #import #import #import -#import #import diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.h b/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.h deleted file mode 100644 index dbfdf4f0c..000000000 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.h +++ /dev/null @@ -1,37 +0,0 @@ -// -// MoppLibCertificateInfo.h -// MoppLib -/* -* Copyright 2017 - 2024 Riigi Infosüsteemi Amet -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public -* License as published by the Free Software Foundation; either -* version 2.1 of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this library; if not, write to the Free Software -* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -* -*/ - -#import - -@interface MoppLibCertificateInfo : NSObject -- (NSArray *) certificatePolicies:(NSData *)certData; -- (NSArray *) keyUsages:(NSData *)certData; -- (BOOL) hasKeyEnciphermentUsage:(NSArray *)keyUsages; -- (BOOL) hasKeyAgreementUsage:(NSArray *)keyUsages; -- (BOOL) isServerAuthKeyPurpose:(NSData *)certData; -- (BOOL) isTlsClientAuthKeyPurpose:(NSData *)certData; -- (BOOL) isESealType:(NSArray *)certPolicies; -- (BOOL) isMobileIdType:(NSArray *)certPolicies; -- (BOOL) isIdCardType:(NSArray *)certPolicies; -- (BOOL) isDigiIdType:(NSArray *)certPolicies; -- (BOOL) isUnknownType:(NSArray *)certPolicies; -@end diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.mm b/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.mm deleted file mode 100644 index 80b736338..000000000 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.mm +++ /dev/null @@ -1,134 +0,0 @@ -// -// MoppLibCertificateInfo.mm -// MoppLib -/* -* Copyright 2017 - 2024 Riigi Infosüsteemi Amet -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public -* License as published by the Free Software Foundation; either -* version 2.1 of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this library; if not, write to the Free Software -* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -* -*/ - -#include - -#import "MoppLibCertificateInfo.h" -#import -#import - - -@implementation MoppLibCertificateInfo -- (NSArray *)certificatePolicies:(NSData *)certificateData { - const unsigned char *bytes = (const unsigned char *)[certificateData bytes]; - digidoc::X509Cert x509(bytes, certificateData.length); - std::vector x509Policies = x509.certificatePolicies(); - NSMutableArray *policies = [[NSMutableArray alloc] init]; - - for (auto& policy : x509Policies) { - [policies addObject:[NSString stringWithCString:policy.c_str() encoding:[NSString defaultCStringEncoding]]]; - } - - return policies; -} - -- (NSArray *)keyUsages:(NSData *)certificateData { - const unsigned char *bytes = (const unsigned char *)[certificateData bytes]; - digidoc::X509Cert x509(bytes, certificateData.length); - - NSMutableArray *keyUsagesList = [[NSMutableArray alloc] init]; - - for (auto c : x509.keyUsage()) { - [keyUsagesList addObject:[NSNumber numberWithInt:static_cast(c)]]; - } - - return keyUsagesList; -} - -- (BOOL) hasKeyEnciphermentUsage:(NSArray *)keyUsages { - return [keyUsages containsObject:@2]; -} - -- (BOOL) hasKeyAgreementUsage:(NSArray *)keyUsages { - return [keyUsages containsObject:@4]; -} - -- (BOOL) isServerAuthKeyPurpose:(NSData *)certificateData { - const unsigned char *bytes = (const unsigned char *)[certificateData bytes]; - digidoc::X509Cert x509(bytes, certificateData.length); - - if (!x509.subjectName("SN").empty()) { - return (X509_get_extended_key_usage(x509.handle()) & XKU_SSL_SERVER) == XKU_SSL_SERVER; - } else { - return ((X509_get_extended_key_usage(x509.handle()) != UINT32_MAX) & XKU_SSL_SERVER) == XKU_SSL_SERVER; - } -} - -- (BOOL) isTlsClientAuthKeyPurpose:(NSData *)certificateData { - const unsigned char *bytes = (const unsigned char *)[certificateData bytes]; - digidoc::X509Cert x509(bytes, certificateData.length); - - X509_check_purpose(x509.handle(), -1, -1); - return X509_get_extended_key_usage(x509.handle()) != UINT32_MAX; -} - -- (BOOL) isESealType:(NSArray *)certificatePolicies { - for (NSString* policy in certificatePolicies) { - if ([policy hasPrefix: @"1.3.6.1.4.1.10015.7.3"] || [policy hasPrefix: @"1.3.6.1.4.1.10015.7.1"] || [policy hasPrefix: @"1.3.6.1.4.1.10015.2.1"]) { - return true; - } - return false; - } - - return false; -} -- (BOOL) isMobileIdType:(NSArray *)certificatePolicies { - for (NSString* policy in certificatePolicies) { - if ([policy hasPrefix: @"1.3.6.1.4.1.10015.1.3"] || [policy hasPrefix: @"1.3.6.1.4.1.10015.11.1"]) { - return true; - } - return false; - } - - return false; -} - -- (BOOL) isIdCardType:(NSArray *)certificatePolicies { - for (NSString* policy in certificatePolicies) { - if ([policy hasPrefix: @"1.3.6.1.4.1.10015.1.1"] || [policy hasPrefix: @"1.3.6.1.4.1.51361.1.1.1"]) { - return true; - } - return false; - } - - return false; -} - -- (BOOL) isDigiIdType:(NSArray *)certificatePolicies { - for (NSString* policy in certificatePolicies) { - if ([policy hasPrefix: @"1.3.6.1.4.1.10015.1.2"] || [policy hasPrefix: @"1.3.6.1.4.1.51361.1.1"] || [policy hasPrefix: @"1.3.6.1.4.1.51455.1.1"]) { - return true; - } - return false; - } - - return false; -} - -- (BOOL) isUnknownType:(NSArray *)certificatePolicies { - MoppLibCertificateInfo *certInfo = [MoppLibCertificateInfo alloc]; - return ![certInfo isIdCardType:certificatePolicies] && - ![certInfo isDigiIdType:certificatePolicies] && - ![certInfo isMobileIdType:certificatePolicies] && - ![certInfo isESealType:certificatePolicies]; -} -@end diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibConstants.h b/MoppLib/MoppLib/PublicInterface/MoppLibConstants.h index e97d97ef2..d07f4e470 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibConstants.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLibConstants.h @@ -95,7 +95,6 @@ typedef void (^CertDataBlock)(MoppLibCerificatetData *certData); typedef void (^PersonalDataBlock)(MoppLibPersonalData *personalData); typedef void (^SignatureStatusBlock) (MoppLibContainer *container, NSError *error, NSString *status); typedef void (^ContainerBlock)(MoppLibContainer *container); -typedef void (^LdapBlock)(NSMutableArray *ldapResponse); typedef void (^CdocContainerBlock)(CdocInfo *cdocInfo); typedef void (^DecryptedDataBlock)(NSMutableDictionary *decryptedData); typedef void (^MobileCreateSignatureResponseBlock)(MoppLibMobileCreateSignatureResponse *createSignatureResponse); diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h index 004663432..daa0fd9a9 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h @@ -23,20 +23,9 @@ #import "MoppLibConstants.h" -@class MoppLdapConfiguration; - @interface MoppLibCryptoActions : NSObject + (MoppLibCryptoActions *)sharedInstance; - - /** - * Search data from LDAP. - * - * @param identifier LDAP search request identifier. - * @param success Block to be called on successful completion of action. Includes ldap respone data as LdapResponse. - * @param failure Block to be called when action fails. Includes error. - */ -- (void)searchLdapData:(NSString *)identifier success:(LdapBlock)success failure:(FailureBlock)failure configuration:(MoppLdapConfiguration *)moppLdapConfiguration; /** * Encrypt data and create CDOC container. diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m index 7c4928842..928ede951 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m +++ b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m @@ -35,9 +35,7 @@ #include #import "NSData+Additions.h" #include "MoppLibDigidocMAnager.h" -#import "MoppLibCertificateInfo.h" #import "MoppLibManager.h" -#import "Reachability.h" @implementation MoppLibCryptoActions @@ -128,99 +126,4 @@ - (void)encryptData:(NSString *)fullPath withDataFiles:(NSArray*)dataFiles withA }); } -- (void)searchLdapData:(NSString *)identifier success:(LdapBlock)success failure:(FailureBlock)failure configuration:(MoppLdapConfiguration *) moppLdapConfiguration { - - Reachability *reachability = [Reachability reachabilityForInternetConnection]; - NetworkStatus networkStatus = [reachability currentReachabilityStatus]; - if (networkStatus == NotReachable) { - failure([MoppLibError noInternetConnectionError]); - return; - } - - NSString *certsPath = [self getLibraryCertsFolderPath]; - NSString *ldapCertsPath = [self getCertFolderPath:certsPath fileName:@"ldapCerts.pem"]; - - dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{ - NSMutableArray *filteredResponse = [[NSMutableArray alloc] init]; - NSError *error; - @try { - NSArray *response = [OpenLdap searchWithIdentityCode:identifier configuration:moppLdapConfiguration withCertificate:ldapCertsPath]; - - if (response.count == 0) { - failure([MoppLibError ldapResponseNotFoundError]); - return; - } - - for (LDAPResponse* key in response) { - for (NSData *certData in key.userCertificate) { - - Addressee *addressee = [[Addressee alloc] init]; - MoppLibCertificateInfo *certInfo = [MoppLibCertificateInfo alloc]; - NSArray *certPolicies = [certInfo certificatePolicies:certData]; - NSArray *certKeyUsages = [certInfo keyUsages:certData]; - - if (key.cn != NULL) { - NSArray *cn = [key.cn componentsSeparatedByString:@","]; - if (cn.count > 1) { - addressee.surname = cn[0]; - addressee.givenName = cn[1]; - addressee.identifier = cn[2]; - } else { - addressee.identifier = cn[0]; - } - } - - if (([certInfo hasKeyEnciphermentUsage:(certKeyUsages)] || [certInfo hasKeyAgreementUsage:(certKeyUsages)]) && - ![certInfo isServerAuthKeyPurpose:(certData)] && - (![certInfo isESealType:(certPolicies)] || ![certInfo isTlsClientAuthKeyPurpose:(certData)]) && - ![certInfo isMobileIdType:(certPolicies)] && ![certInfo isUnknownType:(certPolicies)]) { - - addressee.cert = certData; - - MoppLibCerificatetData *certificateData = [MoppLibCerificatetData new]; - [MoppLibCertificate certData:certificateData updateWithDerEncoding:certData]; - addressee.validTo = certificateData.expiryDate; - if (addressee.validTo != nil) { - [filteredResponse addObject:addressee]; - } - } - } - } - - if (filteredResponse.count == 0) { - failure([MoppLibError ldapResponseNotFoundError]); - return; - } - } - @catch (...) { - error = [MoppLibError generalError]; - } - dispatch_async(dispatch_get_main_queue(), ^{ - error == nil ? success(filteredResponse) : failure(error); - }); - }); -} - -- (NSString*) getLibraryCertsFolderPath { - NSArray *libraryPaths = NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, NSUserDomainMask, YES); - if ([libraryPaths count] > 0) { - NSString *libraryPath = libraryPaths[0]; - NSString *certsPath = [libraryPath stringByAppendingPathComponent:@"LDAPCerts"]; - return certsPath; - } - return nil; -} - -- (NSString*) getCertFolderPath:(NSString *)directoryPath fileName:(NSString *)fileName { - NSFileManager *fileManager = [NSFileManager defaultManager]; - NSString *filePath = [directoryPath stringByAppendingPathComponent:fileName]; - if ([fileManager fileExistsAtPath:filePath]) { - return filePath; - } else { - NSLog(@"File %@ does not exist at directory path: %@", fileName, filePath); - } - - return @""; -} - @end diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibManager.h b/MoppLib/MoppLib/PublicInterface/MoppLibManager.h index 7df167b71..5fc83cb27 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibManager.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLibManager.h @@ -46,10 +46,10 @@ - (NSString *)moppLibVersion; - (NSString *)libdigidocppVersion; +- (BOOL)isConnected; - (NSString *)appVersion; - (NSString *)iOSVersion; - (NSString *)userAgent; -+ (NSArray *)certificatePolicyIdentifiers:(NSData *)certData; + (NSString *)sanitize:(NSString *)text; @end diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibManager.m b/MoppLib/MoppLib/PublicInterface/MoppLibManager.m index bad8a31b7..73ed33ee7 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibManager.m +++ b/MoppLib/MoppLib/PublicInterface/MoppLibManager.m @@ -23,6 +23,7 @@ #import "MoppLibManager.h" #import "MoppLibDigidocManager.h" +#import "Reachability/Reachability.h" @implementation MoppLibManager @@ -61,6 +62,11 @@ - (NSString *)libdigidocppVersion { return [[MoppLibDigidocManager sharedInstance] digidocVersion]; } +- (BOOL)isConnected { + Reachability *reachability = [Reachability reachabilityForInternetConnection]; + return [reachability currentReachabilityStatus] != NotReachable; +} + - (NSString *)appVersion { return [[MoppLibDigidocManager sharedInstance] moppAppVersion]; } @@ -73,10 +79,6 @@ - (NSString *)userAgent { return [[MoppLibDigidocManager sharedInstance] userAgent]; } -+ (NSArray *)certificatePolicyIdentifiers:(NSData *)certData { - return [MoppLibDigidocManager certificatePolicyIdentifiers:certData]; -} - + (NSString *)sanitize:(NSString *)text { return [MoppLibDigidocManager sanitize:text]; }