From 553c9836aa412406760ca2510e9672ef230b4b42 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Wed, 22 Jan 2025 11:23:16 +0200 Subject: [PATCH 1/2] Port LDAP code to swift and fix memory leaks Signed-off-by: Raul Metsma --- CryptoLib/CryptoLib.xcodeproj/project.pbxproj | 120 +++++----------- CryptoLib/CryptoLib/{Ldap => }/Addressee.h | 0 CryptoLib/CryptoLib/{Ldap => }/Addressee.m | 0 .../CryptoLib/{Ldap => }/CryptoDataFile.h | 0 .../CryptoLib/{Ldap => }/CryptoDataFile.m | 0 CryptoLib/CryptoLib/CryptoLib.h | 2 - CryptoLib/CryptoLib/Info.plist | 24 ---- CryptoLib/CryptoLib/LDAPResponse.h | 13 -- CryptoLib/CryptoLib/LDAPResponse.m | 51 ------- CryptoLib/CryptoLib/Ldap/Attribute.h | 33 ----- CryptoLib/CryptoLib/Ldap/Attribute.m | 61 -------- CryptoLib/CryptoLib/Ldap/AttributeSet.h | 33 ----- CryptoLib/CryptoLib/Ldap/AttributeSet.m | 48 ------- CryptoLib/CryptoLib/Ldap/LDAPResponse.swift | 90 ++++++++++++ .../CryptoLib/Ldap/MoppLdapConfiguration.h | 34 ----- ...guration.m => MoppLdapConfiguration.swift} | 24 ++-- CryptoLib/CryptoLib/Ldap/OpenLdap.h | 32 ----- CryptoLib/CryptoLib/Ldap/OpenLdap.m | 135 ------------------ CryptoLib/CryptoLib/Ldap/OpenLdap.swift | 116 +++++++++++++++ CryptoLib/CryptoLib/Ldap/ResultSet.h | 33 ----- CryptoLib/CryptoLib/Ldap/ResultSet.m | 61 -------- .../include/module.modulemap | 8 ++ .../include/module.modulemap | 8 ++ MoppApp/MoppApp/Configuration.swift | 2 +- .../PublicInterface/MoppLibCryptoActions.h | 7 +- .../PublicInterface/MoppLibCryptoActions.m | 22 ++- 26 files changed, 282 insertions(+), 675 deletions(-) rename CryptoLib/CryptoLib/{Ldap => }/Addressee.h (100%) rename CryptoLib/CryptoLib/{Ldap => }/Addressee.m (100%) rename CryptoLib/CryptoLib/{Ldap => }/CryptoDataFile.h (100%) rename CryptoLib/CryptoLib/{Ldap => }/CryptoDataFile.m (100%) delete mode 100644 CryptoLib/CryptoLib/Info.plist delete mode 100644 CryptoLib/CryptoLib/LDAPResponse.h delete mode 100644 CryptoLib/CryptoLib/LDAPResponse.m delete mode 100644 CryptoLib/CryptoLib/Ldap/Attribute.h delete mode 100644 CryptoLib/CryptoLib/Ldap/Attribute.m delete mode 100644 CryptoLib/CryptoLib/Ldap/AttributeSet.h delete mode 100644 CryptoLib/CryptoLib/Ldap/AttributeSet.m create mode 100644 CryptoLib/CryptoLib/Ldap/LDAPResponse.swift delete mode 100755 CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.h rename CryptoLib/CryptoLib/Ldap/{MoppLdapConfiguration.m => MoppLdapConfiguration.swift} (65%) mode change 100755 => 100644 delete mode 100644 CryptoLib/CryptoLib/Ldap/OpenLdap.h delete mode 100644 CryptoLib/CryptoLib/Ldap/OpenLdap.m create mode 100644 CryptoLib/CryptoLib/Ldap/OpenLdap.swift delete mode 100644 CryptoLib/CryptoLib/Ldap/ResultSet.h delete mode 100644 CryptoLib/CryptoLib/Ldap/ResultSet.m create mode 100644 CryptoLib/CryptoLib/openldap/OpenLDAP.iphoneos/include/module.modulemap create mode 100644 CryptoLib/CryptoLib/openldap/OpenLDAP.iphonesimulator/include/module.modulemap diff --git a/CryptoLib/CryptoLib.xcodeproj/project.pbxproj b/CryptoLib/CryptoLib.xcodeproj/project.pbxproj index cd08c35be..9616773ff 100644 --- a/CryptoLib/CryptoLib.xcodeproj/project.pbxproj +++ b/CryptoLib/CryptoLib.xcodeproj/project.pbxproj @@ -7,7 +7,6 @@ objects = { /* Begin PBXBuildFile section */ - 390C015F20AC3DC800827230 /* libldap.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 390C015E20AC3DC700827230 /* libldap.a */; }; 39231FAF20AB1C6C00E1E2B4 /* CryptoLib.h in Headers */ = {isa = PBXBuildFile; fileRef = 39231FAD20AB1C6C00E1E2B4 /* CryptoLib.h */; settings = {ATTRIBUTES = (Public, ); }; }; 39266A5120CFBDF8002E3F23 /* SmartCardTokenWrapper.mm in Sources */ = {isa = PBXBuildFile; fileRef = 39266A5020CFBDF8002E3F23 /* SmartCardTokenWrapper.mm */; }; 39266A5A20CFD956002E3F23 /* AbstractSmartToken.h in Headers */ = {isa = PBXBuildFile; fileRef = 39266A5920CFD93E002E3F23 /* AbstractSmartToken.h */; settings = {ATTRIBUTES = (Public, ); }; }; @@ -27,23 +26,11 @@ 39852A5220AB2418004CB100 /* Decrypt.mm in Sources */ = {isa = PBXBuildFile; fileRef = 39852A4820AB2418004CB100 /* Decrypt.mm */; }; 39852A5320AB2418004CB100 /* Encrypt.mm in Sources */ = {isa = PBXBuildFile; fileRef = 39852A4920AB2418004CB100 /* Encrypt.mm */; }; 39852A5420AB2418004CB100 /* DdocParserDelegate.h in Headers */ = {isa = PBXBuildFile; fileRef = 39852A4A20AB2418004CB100 /* DdocParserDelegate.h */; }; - 39E2B4D620AD7A3400CA74A8 /* ResultSet.h in Headers */ = {isa = PBXBuildFile; fileRef = 39E2B4CC20AD7A3400CA74A8 /* ResultSet.h */; }; - 39E2B4D720AD7A3400CA74A8 /* AttributeSet.h in Headers */ = {isa = PBXBuildFile; fileRef = 39E2B4CD20AD7A3400CA74A8 /* AttributeSet.h */; }; - 39E2B4D820AD7A3400CA74A8 /* Attribute.m in Sources */ = {isa = PBXBuildFile; fileRef = 39E2B4CE20AD7A3400CA74A8 /* Attribute.m */; }; 39E2B4D920AD7A3400CA74A8 /* Addressee.m in Sources */ = {isa = PBXBuildFile; fileRef = 39E2B4CF20AD7A3400CA74A8 /* Addressee.m */; }; - 39E2B4DA20AD7A3400CA74A8 /* OpenLdap.m in Sources */ = {isa = PBXBuildFile; fileRef = 39E2B4D020AD7A3400CA74A8 /* OpenLdap.m */; }; - 39E2B4DB20AD7A3400CA74A8 /* AttributeSet.m in Sources */ = {isa = PBXBuildFile; fileRef = 39E2B4D120AD7A3400CA74A8 /* AttributeSet.m */; }; - 39E2B4DC20AD7A3400CA74A8 /* ResultSet.m in Sources */ = {isa = PBXBuildFile; fileRef = 39E2B4D220AD7A3400CA74A8 /* ResultSet.m */; }; - 39E2B4DD20AD7A3400CA74A8 /* Attribute.h in Headers */ = {isa = PBXBuildFile; fileRef = 39E2B4D320AD7A3400CA74A8 /* Attribute.h */; }; - 39E2B4DE20AD7A3400CA74A8 /* OpenLdap.h in Headers */ = {isa = PBXBuildFile; fileRef = 39E2B4D420AD7A3400CA74A8 /* OpenLdap.h */; settings = {ATTRIBUTES = (Public, ); }; }; 39E2B4DF20AD7A3400CA74A8 /* Addressee.h in Headers */ = {isa = PBXBuildFile; fileRef = 39E2B4D520AD7A3400CA74A8 /* Addressee.h */; settings = {ATTRIBUTES = (Public, ); }; }; - C5B7958221BEA74800DC2C59 /* libssl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = C5B7957721BABCA800DC2C59 /* libssl.a */; }; - C5B7958321BEA76300DC2C59 /* libcrypto.a in Frameworks */ = {isa = PBXBuildFile; fileRef = C5B7957621BABCA800DC2C59 /* libcrypto.a */; }; - C5B7958421BEA78200DC2C59 /* liblber.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 390C016020AC3DE000827230 /* liblber.a */; }; - DF1A91B52BAB5A79000D89B2 /* LDAPResponse.m in Sources */ = {isa = PBXBuildFile; fileRef = DF1A91B42BAB5A79000D89B2 /* LDAPResponse.m */; }; - DF1A91B72BAB5AA9000D89B2 /* LDAPResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = DF1A91B62BAB5AA9000D89B2 /* LDAPResponse.h */; settings = {ATTRIBUTES = (Public, ); }; }; - DF8FEAC9233239690020DED4 /* MoppLdapConfiguration.h in Headers */ = {isa = PBXBuildFile; fileRef = DF8FEAC7233239690020DED4 /* MoppLdapConfiguration.h */; settings = {ATTRIBUTES = (Public, ); }; }; - DF8FEACA233239690020DED4 /* MoppLdapConfiguration.m in Sources */ = {isa = PBXBuildFile; fileRef = DF8FEAC8233239690020DED4 /* MoppLdapConfiguration.m */; }; + 4E3681D82D40EAAD00D76DAB /* LDAPResponse.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4E3681D62D40EAAD00D76DAB /* LDAPResponse.swift */; }; + 4E3681D92D40EAAD00D76DAB /* OpenLdap.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4E3681D72D40EAAD00D76DAB /* OpenLdap.swift */; }; + 4E3681DB2D40EAE800D76DAB /* MoppLdapConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4E3681DA2D40EAE800D76DAB /* MoppLdapConfiguration.swift */; }; DFA40D2F2ADF635F003EF945 /* 3513523f.0 in Resources */ = {isa = PBXBuildFile; fileRef = DFA40D2E2ADF635F003EF945 /* 3513523f.0 */; }; DFC7CA452AE010C9009D85FF /* 9f4c149e.0 in Resources */ = {isa = PBXBuildFile; fileRef = DFC7CA442AE010C9009D85FF /* 9f4c149e.0 */; }; /* End PBXBuildFile section */ @@ -59,11 +46,8 @@ /* End PBXContainerItemProxy section */ /* Begin PBXFileReference section */ - 390C015E20AC3DC700827230 /* libldap.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libldap.a; path = "$(LDAP_PATH)/libraries/libldap.a"; sourceTree = ""; }; - 390C016020AC3DE000827230 /* liblber.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = liblber.a; path = "$(LDAP_PATH)/libraries/liblber.a"; sourceTree = ""; }; 39231FAA20AB1C6C00E1E2B4 /* CryptoLib.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = CryptoLib.framework; sourceTree = BUILT_PRODUCTS_DIR; }; 39231FAD20AB1C6C00E1E2B4 /* CryptoLib.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CryptoLib.h; sourceTree = ""; }; - 39231FAE20AB1C6C00E1E2B4 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 39266A5020CFBDF8002E3F23 /* SmartCardTokenWrapper.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = SmartCardTokenWrapper.mm; sourceTree = ""; }; 39266A5920CFD93E002E3F23 /* AbstractSmartToken.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AbstractSmartToken.h; sourceTree = ""; }; 39266A5B20CFDC41002E3F23 /* CdocParser.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CdocParser.h; sourceTree = ""; }; @@ -83,23 +67,12 @@ 39852A4820AB2418004CB100 /* Decrypt.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = Decrypt.mm; sourceTree = ""; }; 39852A4920AB2418004CB100 /* Encrypt.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = Encrypt.mm; sourceTree = ""; }; 39852A4A20AB2418004CB100 /* DdocParserDelegate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DdocParserDelegate.h; sourceTree = ""; }; - 39E2B4CC20AD7A3400CA74A8 /* ResultSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ResultSet.h; sourceTree = ""; }; - 39E2B4CD20AD7A3400CA74A8 /* AttributeSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AttributeSet.h; sourceTree = ""; }; - 39E2B4CE20AD7A3400CA74A8 /* Attribute.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Attribute.m; sourceTree = ""; }; 39E2B4CF20AD7A3400CA74A8 /* Addressee.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Addressee.m; sourceTree = ""; }; - 39E2B4D020AD7A3400CA74A8 /* OpenLdap.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OpenLdap.m; sourceTree = ""; }; - 39E2B4D120AD7A3400CA74A8 /* AttributeSet.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = AttributeSet.m; sourceTree = ""; }; - 39E2B4D220AD7A3400CA74A8 /* ResultSet.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = ResultSet.m; sourceTree = ""; }; - 39E2B4D320AD7A3400CA74A8 /* Attribute.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Attribute.h; sourceTree = ""; }; - 39E2B4D420AD7A3400CA74A8 /* OpenLdap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenLdap.h; sourceTree = ""; }; 39E2B4D520AD7A3400CA74A8 /* Addressee.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Addressee.h; sourceTree = ""; }; 4E01B4A62AEFDD3B00941723 /* build-cdoc.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = "build-cdoc.sh"; sourceTree = ""; }; - C5B7957621BABCA800DC2C59 /* libcrypto.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libcrypto.a; path = "$(LDAP_PATH)/libraries/libcrypto.a"; sourceTree = ""; }; - C5B7957721BABCA800DC2C59 /* libssl.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libssl.a; path = "$(LDAP_PATH)/libraries/libssl.a"; sourceTree = ""; }; - DF1A91B42BAB5A79000D89B2 /* LDAPResponse.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = LDAPResponse.m; sourceTree = ""; }; - DF1A91B62BAB5AA9000D89B2 /* LDAPResponse.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = LDAPResponse.h; sourceTree = ""; }; - DF8FEAC7233239690020DED4 /* MoppLdapConfiguration.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MoppLdapConfiguration.h; sourceTree = ""; }; - DF8FEAC8233239690020DED4 /* MoppLdapConfiguration.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MoppLdapConfiguration.m; sourceTree = ""; }; + 4E3681D62D40EAAD00D76DAB /* LDAPResponse.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LDAPResponse.swift; sourceTree = ""; }; + 4E3681D72D40EAAD00D76DAB /* OpenLdap.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OpenLdap.swift; sourceTree = ""; }; + 4E3681DA2D40EAE800D76DAB /* MoppLdapConfiguration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MoppLdapConfiguration.swift; sourceTree = ""; }; DFA40D2E2ADF635F003EF945 /* 3513523f.0 */ = {isa = PBXFileReference; lastKnownFileType = text; path = 3513523f.0; sourceTree = ""; }; DFC7CA442AE010C9009D85FF /* 9f4c149e.0 */ = {isa = PBXFileReference; lastKnownFileType = text; path = 9f4c149e.0; sourceTree = ""; }; /* End PBXFileReference section */ @@ -109,10 +82,6 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( - C5B7958421BEA78200DC2C59 /* liblber.a in Frameworks */, - C5B7958321BEA76300DC2C59 /* libcrypto.a in Frameworks */, - C5B7958221BEA74800DC2C59 /* libssl.a in Frameworks */, - 390C015F20AC3DC800827230 /* libldap.a in Frameworks */, 393B66E020DB94B4001DC89B /* cdoc.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; @@ -152,15 +121,16 @@ 39266A5020CFBDF8002E3F23 /* SmartCardTokenWrapper.mm */, 39266A5B20CFDC41002E3F23 /* CdocParser.h */, 39266A5C20CFDC59002E3F23 /* CdocParser.m */, - 39231FAE20AB1C6C00E1E2B4 /* Info.plist */, 39231FAD20AB1C6C00E1E2B4 /* CryptoLib.h */, 39266A5920CFD93E002E3F23 /* AbstractSmartToken.h */, 393B66BB20D8F361001DC89B /* AbstractSmartToken.mm */, + 39E2B4D520AD7A3400CA74A8 /* Addressee.h */, + 39E2B4CF20AD7A3400CA74A8 /* Addressee.m */, + 3960E50320C02DA400D4D2FC /* CryptoDataFile.h */, + 3960E50420C02E5900D4D2FC /* CryptoDataFile.m */, 39266A5E20CFDCB9002E3F23 /* CdocInfo.m */, 39266A6020CFDCDF002E3F23 /* CdocInfo.h */, 4E01B4A62AEFDD3B00941723 /* build-cdoc.sh */, - DF1A91B42BAB5A79000D89B2 /* LDAPResponse.m */, - DF1A91B62BAB5AA9000D89B2 /* LDAPResponse.h */, ); path = CryptoLib; sourceTree = ""; @@ -168,20 +138,9 @@ 39E2B4CB20AD7A3400CA74A8 /* Ldap */ = { isa = PBXGroup; children = ( - 39E2B4CC20AD7A3400CA74A8 /* ResultSet.h */, - 39E2B4D220AD7A3400CA74A8 /* ResultSet.m */, - 39E2B4CD20AD7A3400CA74A8 /* AttributeSet.h */, - 39E2B4D120AD7A3400CA74A8 /* AttributeSet.m */, - 39E2B4D320AD7A3400CA74A8 /* Attribute.h */, - 39E2B4CE20AD7A3400CA74A8 /* Attribute.m */, - 39E2B4D520AD7A3400CA74A8 /* Addressee.h */, - 39E2B4CF20AD7A3400CA74A8 /* Addressee.m */, - 39E2B4D420AD7A3400CA74A8 /* OpenLdap.h */, - 39E2B4D020AD7A3400CA74A8 /* OpenLdap.m */, - 3960E50320C02DA400D4D2FC /* CryptoDataFile.h */, - 3960E50420C02E5900D4D2FC /* CryptoDataFile.m */, - DF8FEAC7233239690020DED4 /* MoppLdapConfiguration.h */, - DF8FEAC8233239690020DED4 /* MoppLdapConfiguration.m */, + 4E3681D72D40EAAD00D76DAB /* OpenLdap.swift */, + 4E3681D62D40EAAD00D76DAB /* LDAPResponse.swift */, + 4E3681DA2D40EAE800D76DAB /* MoppLdapConfiguration.swift */, ); name = Ldap; path = CryptoLib/Ldap; @@ -202,10 +161,6 @@ isa = PBXGroup; children = ( 393B66DF20DB94B4001DC89B /* cdoc.framework */, - C5B7957621BABCA800DC2C59 /* libcrypto.a */, - C5B7957721BABCA800DC2C59 /* libssl.a */, - 390C016020AC3DE000827230 /* liblber.a */, - 390C015E20AC3DC700827230 /* libldap.a */, ); name = Frameworks; sourceTree = ""; @@ -221,18 +176,12 @@ 39852A4C20AB2418004CB100 /* Encrypt.h in Headers */, 39852A5420AB2418004CB100 /* DdocParserDelegate.h in Headers */, 39852A5120AB2418004CB100 /* SmartCardTokenWrapper.h in Headers */, - DF8FEAC9233239690020DED4 /* MoppLdapConfiguration.h in Headers */, 39E2B4DF20AD7A3400CA74A8 /* Addressee.h in Headers */, - 39E2B4DE20AD7A3400CA74A8 /* OpenLdap.h in Headers */, 3960E50620C044EE00D4D2FC /* CryptoDataFile.h in Headers */, 39266A6520CFE643002E3F23 /* CdocInfo.h in Headers */, 39266A5A20CFD956002E3F23 /* AbstractSmartToken.h in Headers */, - DF1A91B72BAB5AA9000D89B2 /* LDAPResponse.h in Headers */, 39266A6420CFE63D002E3F23 /* CdocParser.h in Headers */, 39231FAF20AB1C6C00E1E2B4 /* CryptoLib.h in Headers */, - 39E2B4D720AD7A3400CA74A8 /* AttributeSet.h in Headers */, - 39E2B4DD20AD7A3400CA74A8 /* Attribute.h in Headers */, - 39E2B4D620AD7A3400CA74A8 /* ResultSet.h in Headers */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -286,6 +235,7 @@ TargetAttributes = { 39231FA920AB1C6C00E1E2B4 = { CreatedOnToolsVersion = 9.3.1; + LastSwiftMigration = 1620; ProvisioningStyle = Manual; }; 4E01B4A02AEFDC4500941723 = { @@ -329,21 +279,18 @@ buildActionMask = 2147483647; files = ( 39266A5F20CFDCB9002E3F23 /* CdocInfo.m in Sources */, - 39E2B4DA20AD7A3400CA74A8 /* OpenLdap.m in Sources */, 39266A6320CFE3D4002E3F23 /* CdocParserDelegate.m in Sources */, 39266A5D20CFDC59002E3F23 /* CdocParser.m in Sources */, 393B66BC20D8F361001DC89B /* AbstractSmartToken.mm in Sources */, 3960E50520C02E5900D4D2FC /* CryptoDataFile.m in Sources */, - 39E2B4DB20AD7A3400CA74A8 /* AttributeSet.m in Sources */, - DF8FEACA233239690020DED4 /* MoppLdapConfiguration.m in Sources */, 39852A5020AB2418004CB100 /* DdocParserDelegate.m in Sources */, - DF1A91B52BAB5A79000D89B2 /* LDAPResponse.m in Sources */, 39852A5220AB2418004CB100 /* Decrypt.mm in Sources */, 39E2B4D920AD7A3400CA74A8 /* Addressee.m in Sources */, - 39E2B4DC20AD7A3400CA74A8 /* ResultSet.m in Sources */, - 39E2B4D820AD7A3400CA74A8 /* Attribute.m in Sources */, 39852A5320AB2418004CB100 /* Encrypt.mm in Sources */, 39266A5120CFBDF8002E3F23 /* SmartCardTokenWrapper.mm in Sources */, + 4E3681D82D40EAAD00D76DAB /* LDAPResponse.swift in Sources */, + 4E3681D92D40EAAD00D76DAB /* OpenLdap.swift in Sources */, + 4E3681DB2D40EAE800D76DAB /* MoppLdapConfiguration.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -364,7 +311,7 @@ ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; @@ -395,9 +342,10 @@ COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 1; DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_MODULE_VERIFIER = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_C_LANGUAGE_STANDARD = gnu17; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; @@ -421,7 +369,7 @@ ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; @@ -451,9 +399,10 @@ CODE_SIGN_IDENTITY = "iPhone Developer"; COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 1; + ENABLE_MODULE_VERIFIER = NO; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_C_LANGUAGE_STANDARD = gnu17; GCC_NO_COMMON_BLOCKS = YES; GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; @@ -472,6 +421,7 @@ 39231FB320AB1C6C00E1E2B4 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { + CLANG_ENABLE_MODULES = YES; CODE_SIGN_IDENTITY = ""; CODE_SIGN_STYLE = Manual; DEFINES_MODULE = YES; @@ -481,10 +431,8 @@ DYLIB_INSTALL_NAME_BASE = "@rpath"; ENABLE_BITCODE = NO; FRAMEWORK_SEARCH_PATHS = "$(TARGET_BUILD_DIR)"; - HEADER_SEARCH_PATHS = ( - "${inherited}", - "$(LDAP_PATH)/include", - ); + GENERATE_INFOPLIST_FILE = YES; + HEADER_SEARCH_PATHS = "$(LDAP_PATH)/include"; INFOPLIST_FILE = CryptoLib/Info.plist; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks"; IPHONEOS_DEPLOYMENT_TARGET = 15.0; @@ -496,12 +444,15 @@ "@loader_path/Frameworks", ); LIBRARY_SEARCH_PATHS = "$(LDAP_PATH)/libraries"; - OTHER_LDFLAGS = ""; + MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = ee.ria.digidoc.CryptoLib; PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; PROVISIONING_PROFILE_SPECIFIER = ""; SKIP_INSTALL = YES; SUPPORTS_MACCATALYST = NO; + SWIFT_INCLUDE_PATHS = "$(LDAP_PATH)/include"; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + SWIFT_VERSION = 5.0; TARGETED_DEVICE_FAMILY = "1,2"; }; name = Debug; @@ -509,6 +460,7 @@ 39231FB420AB1C6C00E1E2B4 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { + CLANG_ENABLE_MODULES = YES; CODE_SIGN_IDENTITY = ""; CODE_SIGN_STYLE = Manual; DEFINES_MODULE = YES; @@ -518,10 +470,8 @@ DYLIB_INSTALL_NAME_BASE = "@rpath"; ENABLE_BITCODE = NO; FRAMEWORK_SEARCH_PATHS = "$(TARGET_BUILD_DIR)"; - HEADER_SEARCH_PATHS = ( - "${inherited}", - "$(LDAP_PATH)/include", - ); + GENERATE_INFOPLIST_FILE = YES; + HEADER_SEARCH_PATHS = "$(LDAP_PATH)/include"; INFOPLIST_FILE = CryptoLib/Info.plist; INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks"; IPHONEOS_DEPLOYMENT_TARGET = 15.0; @@ -533,12 +483,14 @@ "@loader_path/Frameworks", ); LIBRARY_SEARCH_PATHS = "$(LDAP_PATH)/libraries"; - OTHER_LDFLAGS = ""; + MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = ee.ria.digidoc.CryptoLib; PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; PROVISIONING_PROFILE_SPECIFIER = ""; SKIP_INSTALL = YES; SUPPORTS_MACCATALYST = NO; + SWIFT_INCLUDE_PATHS = "$(LDAP_PATH)/include"; + SWIFT_VERSION = 5.0; TARGETED_DEVICE_FAMILY = "1,2"; }; name = Release; diff --git a/CryptoLib/CryptoLib/Ldap/Addressee.h b/CryptoLib/CryptoLib/Addressee.h similarity index 100% rename from CryptoLib/CryptoLib/Ldap/Addressee.h rename to CryptoLib/CryptoLib/Addressee.h diff --git a/CryptoLib/CryptoLib/Ldap/Addressee.m b/CryptoLib/CryptoLib/Addressee.m similarity index 100% rename from CryptoLib/CryptoLib/Ldap/Addressee.m rename to CryptoLib/CryptoLib/Addressee.m diff --git a/CryptoLib/CryptoLib/Ldap/CryptoDataFile.h b/CryptoLib/CryptoLib/CryptoDataFile.h similarity index 100% rename from CryptoLib/CryptoLib/Ldap/CryptoDataFile.h rename to CryptoLib/CryptoLib/CryptoDataFile.h diff --git a/CryptoLib/CryptoLib/Ldap/CryptoDataFile.m b/CryptoLib/CryptoLib/CryptoDataFile.m similarity index 100% rename from CryptoLib/CryptoLib/Ldap/CryptoDataFile.m rename to CryptoLib/CryptoLib/CryptoDataFile.m diff --git a/CryptoLib/CryptoLib/CryptoLib.h b/CryptoLib/CryptoLib/CryptoLib.h index 56cd26437..d660f64a5 100644 --- a/CryptoLib/CryptoLib/CryptoLib.h +++ b/CryptoLib/CryptoLib/CryptoLib.h @@ -36,5 +36,3 @@ FOUNDATION_EXPORT const unsigned char CryptoLibVersionString[]; #import #import #import -#import -#import diff --git a/CryptoLib/CryptoLib/Info.plist b/CryptoLib/CryptoLib/Info.plist deleted file mode 100644 index 1007fd9dd..000000000 --- a/CryptoLib/CryptoLib/Info.plist +++ /dev/null @@ -1,24 +0,0 @@ - - - - - CFBundleDevelopmentRegion - $(DEVELOPMENT_LANGUAGE) - CFBundleExecutable - $(EXECUTABLE_NAME) - CFBundleIdentifier - $(PRODUCT_BUNDLE_IDENTIFIER) - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - $(PRODUCT_NAME) - CFBundlePackageType - FMWK - CFBundleShortVersionString - 1.0 - CFBundleVersion - $(CURRENT_PROJECT_VERSION) - NSPrincipalClass - - - diff --git a/CryptoLib/CryptoLib/LDAPResponse.h b/CryptoLib/CryptoLib/LDAPResponse.h deleted file mode 100644 index f442bfcdc..000000000 --- a/CryptoLib/CryptoLib/LDAPResponse.h +++ /dev/null @@ -1,13 +0,0 @@ -#import - -@interface LDAPResponse : NSObject - -@property (nonatomic, copy) NSString *serialNumber; -@property (nonatomic, copy) NSArray *userCertificate; -@property (nonatomic, copy) NSArray *objectClass; -@property (nonatomic, copy) NSString *cn; - -- (instancetype)initWithDictionary:(NSDictionary *)dictionary; -+ (NSArray *)responsesWithDictionary:(NSDictionary *)dictionary; - -@end diff --git a/CryptoLib/CryptoLib/LDAPResponse.m b/CryptoLib/CryptoLib/LDAPResponse.m deleted file mode 100644 index 211f7b207..000000000 --- a/CryptoLib/CryptoLib/LDAPResponse.m +++ /dev/null @@ -1,51 +0,0 @@ -#import - -@interface LDAPResponse : NSObject - -@property (nonatomic, copy) NSString *serialNumber; -@property (nonatomic, copy) NSArray *userCertificate; -@property (nonatomic, copy) NSArray *objectClass; -@property (nonatomic, copy) NSString *cn; - -- (instancetype)initWithDictionary:(NSDictionary *)dictionary; - -@end - -@implementation LDAPResponse - -- (instancetype)initWithDictionary:(NSDictionary *)dictionary { - self = [super init]; - if (self) { - if (dictionary) { - _serialNumber = dictionary[@"serialNumber"]; - id userCertificateValue = dictionary[@"userCertificate;binary"]; - if (userCertificateValue && - [userCertificateValue isKindOfClass:[NSArray class]]) { - _userCertificate = userCertificateValue; - } else if (userCertificateValue) { - _userCertificate = @[userCertificateValue]; - } else { - _userCertificate = @[]; - } - _objectClass = dictionary[@"objectClass"]; - _cn = dictionary[@"cn"]; - } else { - _serialNumber = @""; - _userCertificate = @[]; - _objectClass = @[]; - _cn = @""; - } - } - return self; -} - -+ (NSArray *)responsesWithDictionary:(NSDictionary *)dictionary { - NSMutableArray *responses = [NSMutableArray array]; - for (id obj in [dictionary allValues]) { - LDAPResponse *response = [[LDAPResponse alloc] initWithDictionary:obj]; - [responses addObject:response]; - } - return [responses copy]; -} - -@end diff --git a/CryptoLib/CryptoLib/Ldap/Attribute.h b/CryptoLib/CryptoLib/Ldap/Attribute.h deleted file mode 100644 index c47ba55a3..000000000 --- a/CryptoLib/CryptoLib/Ldap/Attribute.h +++ /dev/null @@ -1,33 +0,0 @@ -// -// Attribute.h -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#import -#import "Addressee.h" -#import "ldap.h" - -@interface Attribute : NSObject -@property (nonatomic, strong) NSMutableArray *values; -@property (nonatomic, strong) NSString *name; -- (id)initWithParser:(LDAP*)ldap ldapMessage:(LDAPMessage*)ldapMessage tag:(char*)tag; -@end - - diff --git a/CryptoLib/CryptoLib/Ldap/Attribute.m b/CryptoLib/CryptoLib/Ldap/Attribute.m deleted file mode 100644 index 8ff64d829..000000000 --- a/CryptoLib/CryptoLib/Ldap/Attribute.m +++ /dev/null @@ -1,61 +0,0 @@ -// -// Attribute.m -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#import -#import "Attribute.h" -#import "ldap.h" - -@implementation Attribute - -- (id)initWithParser:(LDAP*)ldap ldapMessage:(LDAPMessage*)entry tag:(char *)tag{ - if (!_values) { - _values = [NSMutableArray new]; - } - - BerValue ** bvals = ldap_get_values_len(ldap, entry, tag); - if (bvals != nil){ - for (int i = 0; bvals[i] != NULL; i++) { - _name = [NSString stringWithUTF8String:tag]; - char *value = bvals[i]->bv_val; - if ([_name isEqualToString:(@"userCertificate;binary")]){ - - ber_len_t len = bvals[i]->bv_len; - NSData *certificateNSData = [[NSData alloc] initWithBytes:value length:len]; - - const UInt8 *bytes = certificateNSData.bytes; - CFDataRef cfData = CFDataCreateWithBytesNoCopy(nil, bytes, (int)len, kCFAllocatorNull); - SecCertificateRef certificateWithData = SecCertificateCreateWithData(kCFAllocatorDefault, cfData); - - [_values addObject:(__bridge id)certificateWithData]; - } else { - [_values addObject:[NSString stringWithUTF8String:(value)]]; - } - - } - - } - if (bvals != nil) { - ldap_value_free_len(bvals); - } -return self; -} -@end diff --git a/CryptoLib/CryptoLib/Ldap/AttributeSet.h b/CryptoLib/CryptoLib/Ldap/AttributeSet.h deleted file mode 100644 index 366c2939c..000000000 --- a/CryptoLib/CryptoLib/Ldap/AttributeSet.h +++ /dev/null @@ -1,33 +0,0 @@ -// -// AttributeSet.h -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#import -#import "Addressee.h" -#import "ldap.h" - -@interface AttributeSet : NSObject -@property (nonatomic, strong) NSString *name; -@property (nonatomic, strong) NSMutableArray *values; -- (id)initWithParser:(LDAP*)ldap ldapMessage:(LDAPMessage*)ldapMessage; -@end - - diff --git a/CryptoLib/CryptoLib/Ldap/AttributeSet.m b/CryptoLib/CryptoLib/Ldap/AttributeSet.m deleted file mode 100644 index 1d570a155..000000000 --- a/CryptoLib/CryptoLib/Ldap/AttributeSet.m +++ /dev/null @@ -1,48 +0,0 @@ -// -// AttributeSet.m -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#import -#import "Attribute.h" -#import "AttributeSet.h" -#import "ldap.h" - -@implementation AttributeSet - -- (id)initWithParser:(LDAP*)ldap ldapMessage:(LDAPMessage*)entry{ - if (!_values) { - _values = [NSMutableArray new]; - } - char * name= ldap_get_dn(ldap, entry); - _name = [NSString stringWithUTF8String:name]; - BerElement * ber; - char *firstAttribute = ldap_first_attribute(ldap, entry, &ber); - while (firstAttribute){ - Attribute *attribute = [[Attribute alloc] initWithParser:ldap ldapMessage:entry tag:firstAttribute]; - if (attribute!=NULL){ - [_values addObject:attribute]; - } - firstAttribute = ldap_next_attribute(ldap, entry, ber); - } - ber_free(ber, 0); - return self; -} -@end diff --git a/CryptoLib/CryptoLib/Ldap/LDAPResponse.swift b/CryptoLib/CryptoLib/Ldap/LDAPResponse.swift new file mode 100644 index 000000000..96e497614 --- /dev/null +++ b/CryptoLib/CryptoLib/Ldap/LDAPResponse.swift @@ -0,0 +1,90 @@ +// +// LDAPResponse.swift +// CryptoLib +/* + * Copyright 2017 - 2024 Riigi Infosüsteemi Amet + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +import Foundation +import LDAP + +public class LDAPResponse: NSObject { + @objc public var userCertificate: [Data] = [] + @objc public var cn: String = "" + + typealias BerElement = OpaquePointer + + init(ldap: LDAP, msg: LDAPMessage) { + var ber: BerElement? + var attrPointer = ldap_first_attribute(ldap, msg, &ber) + while let attr = attrPointer { + defer { ldap_memfree(attr) } + let tag = String(cString: attr) + switch tag { + case "cn": cn = (LDAPResponse.values(ldap: ldap, msg: msg, tag: tag) as [String]).first ?? "" + case "userCertificate;binary": userCertificate = LDAPResponse.values(ldap: ldap, msg: msg, tag: tag) + default: break + } + attrPointer = ldap_next_attribute(ldap, msg, ber) + } + if let ber = ber { + ber_free(ber, 0) + } + + if let namePointer = ldap_get_dn(ldap, msg) { + print("Result (\(userCertificate.count)) \(String(cString: namePointer))") + ldap_memfree(namePointer) + } + } + + static func from(ldap: LDAP, msg: LDAPMessage) -> [LDAPResponse] { + var result: [LDAPResponse] = [] + var message = ldap_first_message(ldap, msg) + while let currentMessage = message { + if ldap_msgtype(currentMessage) == LDAP_RES_SEARCH_ENTRY { + let response = LDAPResponse(ldap: ldap, msg: currentMessage) + if !response.userCertificate.isEmpty { + result.append(response) + } + } + message = ldap_next_message(ldap, currentMessage) + } + return result + } + + static func values(ldap: LDAP, msg: LDAPMessage, tag: String) -> [T] { + var result: [T] = [] + guard let bvals = ldap_get_values_len(ldap, msg, tag) else { + return result + } + defer { ldap_value_free_len(bvals) } + + var i = 0 + while let bval = bvals[i] { + let value = bval.pointee.bv_val + let length = bval.pointee.bv_len + if T.self == Data.self { + result.append(Data(bytes: value!, count: Int(length)) as! T) + } else if T.self == String.self, let stringValue = String(validatingUTF8: value!) { + result.append(stringValue as! T) + } + i += 1 + } + return result + } +} diff --git a/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.h b/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.h deleted file mode 100755 index 84e53ae21..000000000 --- a/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.h +++ /dev/null @@ -1,34 +0,0 @@ -// -// MoppLdapConfiguration.h -// CryptoLib -// -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#import - -@interface MoppLdapConfiguration : NSObject - -@property (nonatomic, strong) NSArray* LDAPCERTS; -@property (nonatomic, strong) NSString *LDAPPERSONURL; -@property (nonatomic, strong) NSString *LDAPCORPURL; - -- (id) initWithLdapConfiguration:(NSArray*)LDAPCERTS LDAPPERSONURL:(NSString *)LDAPPERSONURL LDAPCORPURL:(NSString *)LDAPCORPURL; - -@end diff --git a/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.m b/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift old mode 100755 new mode 100644 similarity index 65% rename from CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.m rename to CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift index f532ac7b2..01206182c --- a/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.m +++ b/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift @@ -1,5 +1,5 @@ // -// MoppLdapConfiguration.m +// MoppLdapConfiguration.swift // CryptoLib // /* @@ -21,19 +21,17 @@ * */ -#import "MoppLdapConfiguration.h" +import Foundation -@implementation MoppLdapConfiguration +public class MoppLdapConfiguration: NSObject { + var LDAPCERTS: [String] = [] + var LDAPPERSONURL: String = "" + var LDAPCORPURL: String = "" -- (id)initWithLdapConfiguration:(NSArray*)LDAPCERTS LDAPPERSONURL:(NSString *)LDAPPERSONURL LDAPCORPURL:(NSString *)LDAPCORPURL { - self = [super init]; - if (self) { - self.LDAPCERTS = LDAPCERTS; - self.LDAPPERSONURL = LDAPPERSONURL; - self.LDAPCORPURL = LDAPCORPURL; + public init(ldapCerts: [String], ldapPersonURL: String, ldapCorpURL: String) { + self.LDAPCERTS = ldapCerts + self.LDAPPERSONURL = ldapPersonURL + self.LDAPCORPURL = ldapCorpURL + super.init() } - - return self; } - -@end diff --git a/CryptoLib/CryptoLib/Ldap/OpenLdap.h b/CryptoLib/CryptoLib/Ldap/OpenLdap.h deleted file mode 100644 index 2fc053e4d..000000000 --- a/CryptoLib/CryptoLib/Ldap/OpenLdap.h +++ /dev/null @@ -1,32 +0,0 @@ -// -// OpenLdap.h -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#import -#import "Addressee.h" -#import "MoppLdapConfiguration.h" -#import "LDAPResponse.h" - -@interface OpenLdap : NSObject -- (NSArray *)search:(NSString*)identityCode configuration:(MoppLdapConfiguration *)moppLdapConfiguration withCertificate:(NSString *)cert; -@end - - diff --git a/CryptoLib/CryptoLib/Ldap/OpenLdap.m b/CryptoLib/CryptoLib/Ldap/OpenLdap.m deleted file mode 100644 index 76be3325c..000000000 --- a/CryptoLib/CryptoLib/Ldap/OpenLdap.m +++ /dev/null @@ -1,135 +0,0 @@ -// -// OpenLdap.m -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#import "OpenLdap.h" -#import "ldap.h" -#import "ResultSet.h" -#import "LDAPResponse.h" - -@implementation OpenLdap - -- (NSArray *)search:(NSString *)identityCode configuration:(MoppLdapConfiguration *)moppLdapConfiguration withCertificate:(NSString *)cert { - if (moppLdapConfiguration.LDAPCERTS == nil || [moppLdapConfiguration.LDAPCERTS count] == 0) { - NSArray *result = [self searchWith:identityCode andUrl:moppLdapConfiguration.LDAPPERSONURL certificatePath:nil]; - - if ([result count] == 0) { - result = [self searchWith:identityCode andUrl:moppLdapConfiguration.LDAPCORPURL certificatePath:nil]; - } - return result; - } - - if (isPersonalCode(identityCode)) { - NSLog(@"Searching with personal code from LDAP"); - return [self searchWith:identityCode andUrl:moppLdapConfiguration.LDAPPERSONURL certificatePath:cert]; - } else { - NSLog(@"Searching with corporation keyword from LDAP"); - return [self searchWith:identityCode andUrl:moppLdapConfiguration.LDAPCORPURL certificatePath:cert]; - } -} - - -- (NSArray *)searchWith:(NSString*)identityCode andUrl:(NSString*)url certificatePath:(NSString*)certificatePath { - - LDAP *ldap; - LDAPMessage *msg; - const char *base = "c=EE"; - - BOOL secureLdap = [[url lowercaseString] hasPrefix:@"ldaps"]; - - NSCharacterSet* notDigits = [[NSCharacterSet decimalDigitCharacterSet] invertedSet]; - NSString *filter; - - NSString *pnoeePrefix = secureLdap ? @"PNOEE-" : @""; - NSString *wildcard = secureLdap ? @"" : @"*"; - - if ([identityCode rangeOfCharacterFromSet:notDigits].location == NSNotFound && [identityCode length] == 11) { - filter = [NSString stringWithFormat:@"(serialNumber=%@%@%@)", pnoeePrefix, identityCode, wildcard]; - } else if ([identityCode rangeOfCharacterFromSet:notDigits].location == NSNotFound) { - filter = [NSString stringWithFormat:@"(serialNumber=%@)", identityCode]; - } else { - filter = [NSString stringWithFormat:@"(cn=*%@*)", identityCode]; - } - - NSString *bundlePath = [[NSBundle bundleForClass:[self class]] resourcePath]; - -// int debugLevel = -1; -// ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &debugLevel); - - int ldapReturnCode; - if (secureLdap) { - if (certificatePath == nil || [certificatePath length] == 0) { - ldapReturnCode = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, (void *)[bundlePath cStringUsingEncoding:NSUTF8StringEncoding]); - - if (ldapReturnCode != LDAP_SUCCESS) { - fprintf(stderr, "ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR): %s\n", ldap_err2string(ldapReturnCode)); - return [[NSArray alloc] init]; - }; - } else { - ldapReturnCode = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, (void *)[certificatePath cStringUsingEncoding:NSUTF8StringEncoding]); - - if (ldapReturnCode != LDAP_SUCCESS) { - fprintf(stderr, "ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE): %s\n", ldap_err2string(ldapReturnCode)); - return [[NSArray alloc] init]; - }; - } - } - - const char *formattedFilter = [filter UTF8String]; - ldapReturnCode = ldap_initialize(&ldap, [url cStringUsingEncoding:NSUTF8StringEncoding]); - NSDictionary *ldapResponse; - if (secureLdap) { - int ldap_version = LDAP_VERSION3; - ldapReturnCode = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version); - if (ldapReturnCode != LDAP_SUCCESS) { - fprintf(stderr, "ldap_set_option(PROTOCOL_VERSION): %s\n", ldap_err2string(ldapReturnCode)); - ldap_unbind_ext_s(ldap, NULL, NULL); - }; - } - - if (ldapReturnCode == LDAP_SUCCESS) { - NSLog(@"Searching from LDAP. Url: %@", url); - ldap_search_ext_s(ldap, base, LDAP_SCOPE_SUBTREE, formattedFilter, nil, 0, 0, 0, 0, 0, &msg); - - int ldapConnectionReset = 0; - ldap_set_option(NULL, LDAP_OPT_X_TLS_NEWCTX, &ldapConnectionReset); - if (ldapConnectionReset != LDAP_SUCCESS) { - fprintf(stderr, "ldap_set_option(LDAP_OPT_X_TLS_NEWCTX): %s\n", ldap_err2string(ldapConnectionReset)); - return [[NSArray alloc] init]; - }; - - if (msg != NULL) { - ResultSet *resultSet = [[ResultSet alloc] initWithParser:ldap chain:msg]; - ldapResponse = [resultSet getResult]; - ldap_msgfree(msg); - ldap_unbind_ext_s(ldap, NULL, NULL); - } - } - - return [LDAPResponse responsesWithDictionary:ldapResponse]; -} - -BOOL isPersonalCode(NSString *inputString) { - NSCharacterSet *numericCharacterSet = [NSCharacterSet decimalDigitCharacterSet]; - return ([inputString length] == 11 && [inputString rangeOfCharacterFromSet:[numericCharacterSet invertedSet]].location == NSNotFound); -} - -@end diff --git a/CryptoLib/CryptoLib/Ldap/OpenLdap.swift b/CryptoLib/CryptoLib/Ldap/OpenLdap.swift new file mode 100644 index 000000000..9411c42e1 --- /dev/null +++ b/CryptoLib/CryptoLib/Ldap/OpenLdap.swift @@ -0,0 +1,116 @@ +// +// OpenLdap.swift +// CryptoLib +/* + * Copyright 2017 - 2024 Riigi Infosüsteemi Amet + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +import Foundation +import LDAP + +typealias LDAP = OpaquePointer +typealias LDAPMessage = OpaquePointer + +public class OpenLdap: NSObject { + private override init() {} + + @objc static public func search(identityCode: String, configuration: MoppLdapConfiguration, withCertificate cert: String?) -> [LDAPResponse] { + if configuration.LDAPCERTS.isEmpty { + var result = search(identityCode: identityCode, url: configuration.LDAPPERSONURL, certificatePath: nil) + + if result.isEmpty { + result = search(identityCode: identityCode, url: configuration.LDAPCORPURL, certificatePath: nil) + } + return result + } + + if isPersonalCode(identityCode) { + print("Searching with personal code from LDAP") + return search(identityCode: identityCode, url: configuration.LDAPPERSONURL, certificatePath: cert) + } else { + print("Searching with corporation keyword from LDAP") + return search(identityCode: identityCode, url: configuration.LDAPCORPURL, certificatePath: cert) + } + } + + static private func search(identityCode: String, url: String, certificatePath: String?) -> [LDAPResponse] { + let secureLdap = url.lowercased().hasPrefix("ldaps") + if secureLdap { + if let certificatePath = certificatePath, !certificatePath.isEmpty { + guard setLdapOption(option: LDAP_OPT_X_TLS_CACERTFILE, value: certificatePath) else { return [] } + } else { + guard let bundlePath = Bundle(for: OpenLdap.self).resourcePath else { return [] } + guard setLdapOption(option: LDAP_OPT_X_TLS_CACERTDIR, value: bundlePath) else { return [] } + } + var ldapConnectionReset = 0 + let result = ldap_set_option(nil, LDAP_OPT_X_TLS_NEWCTX, &ldapConnectionReset) + guard result == LDAP_SUCCESS else { + print("ldap_set_option(LDAP_OPT_X_TLS_NEWCTX) failed: \(String(cString: ldap_err2string(result)))") + return [] + } + } + + var ldap: LDAP? + let ldapReturnCode = ldap_initialize(&ldap, url.cString(using: .utf8)) + defer { + if let ldap = ldap { ldap_unbind_ext_s(ldap, nil, nil) } + } + guard ldapReturnCode == LDAP_SUCCESS else { + print("Failed to initialize LDAP: \(String(cString: ldap_err2string(ldapReturnCode)))") + return [] + } + + var ldapVersion = LDAP_VERSION3 + let result = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapVersion) + guard result == LDAP_SUCCESS else { + print("ldap_set_option(PROTOCOL_VERSION) failed: \(String(cString: ldap_err2string(result)))") + return [] + } + + let filter = if isPersonalCode(identityCode) { + "(serialNumber=\(secureLdap ? "PNOEE-" : "")\(identityCode))" + } else if identityCode.rangeOfCharacter(from: CharacterSet.decimalDigits.inverted) == nil { + "(serialNumber=\(identityCode))" + } else { + "(cn=*\(identityCode)*)" + } + var msg: LDAPMessage? + print("Searching from LDAP. Url: \(url) \(filter)") + ldap_search_ext_s(ldap, "c=EE", LDAP_SCOPE_SUBTREE, filter, nil, 0, nil, nil, nil, 0, &msg) + + if let msg = msg { + defer { ldap_msgfree(msg) } + return LDAPResponse.from(ldap: ldap!, msg: msg) + } + + return [] + } + + static private func setLdapOption(option: Int32, value: String) -> Bool { + let result = ldap_set_option(nil, option, value.cString(using: .utf8)) + if result != LDAP_SUCCESS { + print("ldap_set_option failed: \(String(cString: ldap_err2string(result)))") + return false + } + return true + } + + static private func isPersonalCode(_ inputString: String) -> Bool { + return inputString.count == 11 && inputString.rangeOfCharacter(from: CharacterSet.decimalDigits.inverted) == nil + } +} diff --git a/CryptoLib/CryptoLib/Ldap/ResultSet.h b/CryptoLib/CryptoLib/Ldap/ResultSet.h deleted file mode 100644 index 7d24f2174..000000000 --- a/CryptoLib/CryptoLib/Ldap/ResultSet.h +++ /dev/null @@ -1,33 +0,0 @@ -// -// ResultSet.h -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#import -#import "Addressee.h" -#import "ldap.h" - -@interface ResultSet : NSObject -@property (nonatomic, strong) NSMutableArray *values; -- (id)initWithParser:(LDAP*)ldap chain:(LDAPMessage*)chain; -- (NSDictionary *) getResult; -@end - - diff --git a/CryptoLib/CryptoLib/Ldap/ResultSet.m b/CryptoLib/CryptoLib/Ldap/ResultSet.m deleted file mode 100644 index e1f106b15..000000000 --- a/CryptoLib/CryptoLib/Ldap/ResultSet.m +++ /dev/null @@ -1,61 +0,0 @@ -// -// ResultSet.m -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#import -#import "Attribute.h" -#import "AttributeSet.h" -#import "ResultSet.h" -#import "ldap.h" - -@implementation ResultSet - -- (id)initWithParser:(LDAP*)ldap chain:(LDAPMessage*)chain{ - if (!_values) { - _values = [NSMutableArray new]; - } - LDAPMessage *message = ldap_first_message(ldap, chain); - while (message) { - if (LDAP_RES_SEARCH_ENTRY==ldap_msgtype(message)){ - AttributeSet *attributeSet = [[AttributeSet alloc] initWithParser:ldap ldapMessage:message]; - [_values addObject:attributeSet]; - } - message = ldap_next_message(ldap, message); - } - return self; -} - -- (NSDictionary *) getResult{ - NSDictionary *resultDic = [NSMutableDictionary dictionary]; - for (AttributeSet *aset in _values) { - NSDictionary *attributeDic = [NSMutableDictionary dictionary]; - for (Attribute *attribute in aset.values){ - if (attribute.values.count>1){ - [attributeDic setValue:attribute.values forKey:attribute.name]; - } else { - [attributeDic setValue:attribute.values[0] forKey:attribute.name]; - } - } - [resultDic setValue:attributeDic forKey:aset.name]; - } - return resultDic; -} -@end diff --git a/CryptoLib/CryptoLib/openldap/OpenLDAP.iphoneos/include/module.modulemap b/CryptoLib/CryptoLib/openldap/OpenLDAP.iphoneos/include/module.modulemap new file mode 100644 index 000000000..195494aad --- /dev/null +++ b/CryptoLib/CryptoLib/openldap/OpenLDAP.iphoneos/include/module.modulemap @@ -0,0 +1,8 @@ +module LDAP [system] { + private header "ldap.h" + link "crypto" + link "ssl" + link "lber" + link "ldap" + export * +} diff --git a/CryptoLib/CryptoLib/openldap/OpenLDAP.iphonesimulator/include/module.modulemap b/CryptoLib/CryptoLib/openldap/OpenLDAP.iphonesimulator/include/module.modulemap new file mode 100644 index 000000000..195494aad --- /dev/null +++ b/CryptoLib/CryptoLib/openldap/OpenLDAP.iphonesimulator/include/module.modulemap @@ -0,0 +1,8 @@ +module LDAP [system] { + private header "ldap.h" + link "crypto" + link "ssl" + link "lber" + link "ldap" + export * +} diff --git a/MoppApp/MoppApp/Configuration.swift b/MoppApp/MoppApp/Configuration.swift index 2a527b096..85c7dfd24 100644 --- a/MoppApp/MoppApp/Configuration.swift +++ b/MoppApp/MoppApp/Configuration.swift @@ -141,6 +141,6 @@ public class MoppLDAPConfiguration { static var ldapCorpUrl: String? static func getMoppLDAPConfiguration() -> MoppLdapConfiguration { - return MoppLdapConfiguration(ldapConfiguration: ldapCerts, ldappersonurl: ldapPersonUrl, ldapcorpurl: ldapCorpUrl) + return MoppLdapConfiguration(ldapCerts: ldapCerts ?? [], ldapPersonURL: ldapPersonUrl ?? "", ldapCorpURL: ldapCorpUrl ?? "") } } diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h index e5941380f..004663432 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h @@ -21,11 +21,12 @@ * */ -//#import "LdapResponse.h" -#import "CryptoLib/OpenLdap.h" #import "MoppLibConstants.h" + +@class MoppLdapConfiguration; + @interface MoppLibCryptoActions : NSObject - + + (MoppLibCryptoActions *)sharedInstance; /** diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m index a022d408f..7c4928842 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m +++ b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m @@ -25,10 +25,10 @@ #import "MoppLibError.h" #import "CryptoLib/Addressee.h" #import "CryptoLib/CryptoDataFile.h" -#import "CryptoLib/OpenLdap.h" #import "CryptoLib/Encrypt.h" #import "CryptoLib/Decrypt.h" #import "CryptoLib/CdocParser.h" +#import #import "MoppLibCertificate.h" #import "CryptoLib/CdocInfo.h" #import "SmartToken.h" @@ -141,29 +141,23 @@ - (void)searchLdapData:(NSString *)identifier success:(LdapBlock)success failure NSString *ldapCertsPath = [self getCertFolderPath:certsPath fileName:@"ldapCerts.pem"]; dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{ - NSArray *response = [[NSMutableArray alloc] init]; NSMutableArray *filteredResponse = [[NSMutableArray alloc] init]; NSError *error; - OpenLdap *ldap = [[OpenLdap alloc] init]; @try { - response = [ldap search:identifier configuration:moppLdapConfiguration withCertificate:ldapCertsPath]; - + NSArray *response = [OpenLdap searchWithIdentityCode:identifier configuration:moppLdapConfiguration withCertificate:ldapCertsPath]; + if (response.count == 0) { failure([MoppLibError ldapResponseNotFoundError]); return; } - + for (LDAPResponse* key in response) { - for (NSString *cert in key.userCertificate) { - - Addressee *addressee = [[Addressee alloc] init]; - - SecCertificateRef certificate = (__bridge SecCertificateRef)(cert); - NSData* certData = (__bridge NSData *)SecCertificateCopyData(certificate); + for (NSData *certData in key.userCertificate) { + Addressee *addressee = [[Addressee alloc] init]; MoppLibCertificateInfo *certInfo = [MoppLibCertificateInfo alloc]; - NSArray *certPolicies = [certInfo certificatePolicies:(certData)]; - NSArray *certKeyUsages = [certInfo keyUsages:(certData)]; + NSArray *certPolicies = [certInfo certificatePolicies:certData]; + NSArray *certKeyUsages = [certInfo keyUsages:certData]; if (key.cn != NULL) { NSArray *cn = [key.cn componentsSeparatedByString:@","]; From 9cd118ea8476053cb3edcf61d8d68d3cbcb99657 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Mon, 27 Jan 2025 21:49:50 +0200 Subject: [PATCH 2/2] Move all LDAP related code to CryptoLib Signed-off-by: Raul Metsma --- CryptoLib/CryptoLib.xcodeproj/project.pbxproj | 28 +++- CryptoLib/CryptoLib/Addressee.h | 1 + CryptoLib/CryptoLib/Ldap/LDAPResponse.swift | 90 ----------- .../Ldap/MoppLdapConfiguration.swift | 3 +- CryptoLib/CryptoLib/Ldap/OpenLdap.swift | 149 +++++++++++++++--- MoppApp/MoppApp/AddresseeActions.swift | 3 +- MoppApp/MoppApp/AddresseeViewController.swift | 40 ++--- MoppApp/MoppApp/Configuration.swift | 1 + MoppLib/MoppLib.xcodeproj/project.pbxproj | 25 +-- MoppLib/MoppLib/MoppLibDigidocManager.h | 1 - MoppLib/MoppLib/MoppLibDigidocManager.mm | 21 --- MoppLib/MoppLib/PublicInterface/MoppLib.h | 1 - .../PublicInterface/MoppLibCertificateInfo.h | 37 ----- .../PublicInterface/MoppLibCertificateInfo.mm | 134 ---------------- .../PublicInterface/MoppLibConstants.h | 1 - .../PublicInterface/MoppLibCryptoActions.h | 11 -- .../PublicInterface/MoppLibCryptoActions.m | 97 ------------ .../MoppLib/PublicInterface/MoppLibManager.h | 2 +- .../MoppLib/PublicInterface/MoppLibManager.m | 10 +- 19 files changed, 187 insertions(+), 468 deletions(-) delete mode 100644 CryptoLib/CryptoLib/Ldap/LDAPResponse.swift delete mode 100644 MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.h delete mode 100644 MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.mm diff --git a/CryptoLib/CryptoLib.xcodeproj/project.pbxproj b/CryptoLib/CryptoLib.xcodeproj/project.pbxproj index 9616773ff..71fbf2c1f 100644 --- a/CryptoLib/CryptoLib.xcodeproj/project.pbxproj +++ b/CryptoLib/CryptoLib.xcodeproj/project.pbxproj @@ -28,9 +28,9 @@ 39852A5420AB2418004CB100 /* DdocParserDelegate.h in Headers */ = {isa = PBXBuildFile; fileRef = 39852A4A20AB2418004CB100 /* DdocParserDelegate.h */; }; 39E2B4D920AD7A3400CA74A8 /* Addressee.m in Sources */ = {isa = PBXBuildFile; fileRef = 39E2B4CF20AD7A3400CA74A8 /* Addressee.m */; }; 39E2B4DF20AD7A3400CA74A8 /* Addressee.h in Headers */ = {isa = PBXBuildFile; fileRef = 39E2B4D520AD7A3400CA74A8 /* Addressee.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 4E3681D82D40EAAD00D76DAB /* LDAPResponse.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4E3681D62D40EAAD00D76DAB /* LDAPResponse.swift */; }; 4E3681D92D40EAAD00D76DAB /* OpenLdap.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4E3681D72D40EAAD00D76DAB /* OpenLdap.swift */; }; 4E3681DB2D40EAE800D76DAB /* MoppLdapConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4E3681DA2D40EAE800D76DAB /* MoppLdapConfiguration.swift */; }; + 4EAC69122D481D1C00A53079 /* ASN1Decoder in Frameworks */ = {isa = PBXBuildFile; productRef = 4EAC69112D481D1C00A53079 /* ASN1Decoder */; }; DFA40D2F2ADF635F003EF945 /* 3513523f.0 in Resources */ = {isa = PBXBuildFile; fileRef = DFA40D2E2ADF635F003EF945 /* 3513523f.0 */; }; DFC7CA452AE010C9009D85FF /* 9f4c149e.0 in Resources */ = {isa = PBXBuildFile; fileRef = DFC7CA442AE010C9009D85FF /* 9f4c149e.0 */; }; /* End PBXBuildFile section */ @@ -70,7 +70,6 @@ 39E2B4CF20AD7A3400CA74A8 /* Addressee.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Addressee.m; sourceTree = ""; }; 39E2B4D520AD7A3400CA74A8 /* Addressee.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Addressee.h; sourceTree = ""; }; 4E01B4A62AEFDD3B00941723 /* build-cdoc.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = "build-cdoc.sh"; sourceTree = ""; }; - 4E3681D62D40EAAD00D76DAB /* LDAPResponse.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LDAPResponse.swift; sourceTree = ""; }; 4E3681D72D40EAAD00D76DAB /* OpenLdap.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OpenLdap.swift; sourceTree = ""; }; 4E3681DA2D40EAE800D76DAB /* MoppLdapConfiguration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MoppLdapConfiguration.swift; sourceTree = ""; }; DFA40D2E2ADF635F003EF945 /* 3513523f.0 */ = {isa = PBXFileReference; lastKnownFileType = text; path = 3513523f.0; sourceTree = ""; }; @@ -82,6 +81,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 4EAC69122D481D1C00A53079 /* ASN1Decoder in Frameworks */, 393B66E020DB94B4001DC89B /* cdoc.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; @@ -139,7 +139,6 @@ isa = PBXGroup; children = ( 4E3681D72D40EAAD00D76DAB /* OpenLdap.swift */, - 4E3681D62D40EAAD00D76DAB /* LDAPResponse.swift */, 4E3681DA2D40EAE800D76DAB /* MoppLdapConfiguration.swift */, ); name = Ldap; @@ -251,6 +250,9 @@ en, ); mainGroup = 39231FA020AB1C6C00E1E2B4; + packageReferences = ( + 4EAC68FF2D47839500A53079 /* XCRemoteSwiftPackageReference "ASN1Decoder" */, + ); productRefGroup = 39231FAB20AB1C6C00E1E2B4 /* Products */; projectDirPath = ""; projectRoot = ""; @@ -288,7 +290,6 @@ 39E2B4D920AD7A3400CA74A8 /* Addressee.m in Sources */, 39852A5320AB2418004CB100 /* Encrypt.mm in Sources */, 39266A5120CFBDF8002E3F23 /* SmartCardTokenWrapper.mm in Sources */, - 4E3681D82D40EAAD00D76DAB /* LDAPResponse.swift in Sources */, 4E3681D92D40EAAD00D76DAB /* OpenLdap.swift in Sources */, 4E3681DB2D40EAE800D76DAB /* MoppLdapConfiguration.swift in Sources */, ); @@ -540,6 +541,25 @@ defaultConfigurationName = Release; }; /* End XCConfigurationList section */ + +/* Begin XCRemoteSwiftPackageReference section */ + 4EAC68FF2D47839500A53079 /* XCRemoteSwiftPackageReference "ASN1Decoder" */ = { + isa = XCRemoteSwiftPackageReference; + repositoryURL = "https://github.com/filom/ASN1Decoder"; + requirement = { + kind = exactVersion; + version = 1.9.0; + }; + }; +/* End XCRemoteSwiftPackageReference section */ + +/* Begin XCSwiftPackageProductDependency section */ + 4EAC69112D481D1C00A53079 /* ASN1Decoder */ = { + isa = XCSwiftPackageProductDependency; + package = 4EAC68FF2D47839500A53079 /* XCRemoteSwiftPackageReference "ASN1Decoder" */; + productName = ASN1Decoder; + }; +/* End XCSwiftPackageProductDependency section */ }; rootObject = 39231FA120AB1C6C00E1E2B4 /* Project object */; } diff --git a/CryptoLib/CryptoLib/Addressee.h b/CryptoLib/CryptoLib/Addressee.h index a352a22e7..2fd347104 100644 --- a/CryptoLib/CryptoLib/Addressee.h +++ b/CryptoLib/CryptoLib/Addressee.h @@ -28,5 +28,6 @@ @property (nonatomic, strong) NSString *identifier; @property (nonatomic, strong) NSData *cert; @property (nonatomic, strong) NSDate *validTo; +@property (nonatomic, strong) NSArray *policyIdentifiers; @end diff --git a/CryptoLib/CryptoLib/Ldap/LDAPResponse.swift b/CryptoLib/CryptoLib/Ldap/LDAPResponse.swift deleted file mode 100644 index 96e497614..000000000 --- a/CryptoLib/CryptoLib/Ldap/LDAPResponse.swift +++ /dev/null @@ -1,90 +0,0 @@ -// -// LDAPResponse.swift -// CryptoLib -/* - * Copyright 2017 - 2024 Riigi Infosüsteemi Amet - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -import Foundation -import LDAP - -public class LDAPResponse: NSObject { - @objc public var userCertificate: [Data] = [] - @objc public var cn: String = "" - - typealias BerElement = OpaquePointer - - init(ldap: LDAP, msg: LDAPMessage) { - var ber: BerElement? - var attrPointer = ldap_first_attribute(ldap, msg, &ber) - while let attr = attrPointer { - defer { ldap_memfree(attr) } - let tag = String(cString: attr) - switch tag { - case "cn": cn = (LDAPResponse.values(ldap: ldap, msg: msg, tag: tag) as [String]).first ?? "" - case "userCertificate;binary": userCertificate = LDAPResponse.values(ldap: ldap, msg: msg, tag: tag) - default: break - } - attrPointer = ldap_next_attribute(ldap, msg, ber) - } - if let ber = ber { - ber_free(ber, 0) - } - - if let namePointer = ldap_get_dn(ldap, msg) { - print("Result (\(userCertificate.count)) \(String(cString: namePointer))") - ldap_memfree(namePointer) - } - } - - static func from(ldap: LDAP, msg: LDAPMessage) -> [LDAPResponse] { - var result: [LDAPResponse] = [] - var message = ldap_first_message(ldap, msg) - while let currentMessage = message { - if ldap_msgtype(currentMessage) == LDAP_RES_SEARCH_ENTRY { - let response = LDAPResponse(ldap: ldap, msg: currentMessage) - if !response.userCertificate.isEmpty { - result.append(response) - } - } - message = ldap_next_message(ldap, currentMessage) - } - return result - } - - static func values(ldap: LDAP, msg: LDAPMessage, tag: String) -> [T] { - var result: [T] = [] - guard let bvals = ldap_get_values_len(ldap, msg, tag) else { - return result - } - defer { ldap_value_free_len(bvals) } - - var i = 0 - while let bval = bvals[i] { - let value = bval.pointee.bv_val - let length = bval.pointee.bv_len - if T.self == Data.self { - result.append(Data(bytes: value!, count: Int(length)) as! T) - } else if T.self == String.self, let stringValue = String(validatingUTF8: value!) { - result.append(stringValue as! T) - } - i += 1 - } - return result - } -} diff --git a/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift b/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift index 01206182c..888e98307 100644 --- a/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift +++ b/CryptoLib/CryptoLib/Ldap/MoppLdapConfiguration.swift @@ -23,7 +23,7 @@ import Foundation -public class MoppLdapConfiguration: NSObject { +public class MoppLdapConfiguration { var LDAPCERTS: [String] = [] var LDAPPERSONURL: String = "" var LDAPCORPURL: String = "" @@ -32,6 +32,5 @@ public class MoppLdapConfiguration: NSObject { self.LDAPCERTS = ldapCerts self.LDAPPERSONURL = ldapPersonURL self.LDAPCORPURL = ldapCorpURL - super.init() } } diff --git a/CryptoLib/CryptoLib/Ldap/OpenLdap.swift b/CryptoLib/CryptoLib/Ldap/OpenLdap.swift index 9411c42e1..cb657cffa 100644 --- a/CryptoLib/CryptoLib/Ldap/OpenLdap.swift +++ b/CryptoLib/CryptoLib/Ldap/OpenLdap.swift @@ -22,33 +22,45 @@ import Foundation import LDAP +import ASN1Decoder -typealias LDAP = OpaquePointer -typealias LDAPMessage = OpaquePointer +public class OpenLdap { + typealias LDAP = OpaquePointer + typealias LDAPMessage = OpaquePointer + typealias BerElement = OpaquePointer -public class OpenLdap: NSObject { - private override init() {} - - @objc static public func search(identityCode: String, configuration: MoppLdapConfiguration, withCertificate cert: String?) -> [LDAPResponse] { - if configuration.LDAPCERTS.isEmpty { - var result = search(identityCode: identityCode, url: configuration.LDAPPERSONURL, certificatePath: nil) + enum KeyUsage: Int { + case digitalSignature = 0 + case nonRepudiation = 1 + case keyEncipherment = 2 + case dataEncipherment = 3 + case keyAgreement = 4 + case keyCertSign = 5 + case cRLSign = 6 + case encipherOnly = 7 + case decipherOnly = 8 + } - if result.isEmpty { - result = search(identityCode: identityCode, url: configuration.LDAPCORPURL, certificatePath: nil) + static public func search(identityCode: String, configuration: MoppLdapConfiguration) async -> [Addressee] { + var filePath: String? = nil + if let libraryPath = FileManager.default.urls(for: .libraryDirectory, in: .userDomainMask).first { + filePath = libraryPath.appendingPathComponent("LDAPCerts/ldapCerts.pem").path + if !FileManager.default.fileExists(atPath: filePath!) { + print("File ldapCerts.pem does not exist at directory path: \(filePath!)") + filePath = nil } - return result } if isPersonalCode(identityCode) { print("Searching with personal code from LDAP") - return search(identityCode: identityCode, url: configuration.LDAPPERSONURL, certificatePath: cert) + return search(identityCode: identityCode, url: configuration.LDAPPERSONURL, certificatePath: filePath) } else { print("Searching with corporation keyword from LDAP") - return search(identityCode: identityCode, url: configuration.LDAPCORPURL, certificatePath: cert) + return search(identityCode: identityCode, url: configuration.LDAPCORPURL, certificatePath: filePath) } } - static private func search(identityCode: String, url: String, certificatePath: String?) -> [LDAPResponse] { + static private func search(identityCode: String, url: String, certificatePath: String?) -> [Addressee] { let secureLdap = url.lowercased().hasPrefix("ldaps") if secureLdap { if let certificatePath = certificatePath, !certificatePath.isEmpty { @@ -66,7 +78,7 @@ public class OpenLdap: NSObject { } var ldap: LDAP? - let ldapReturnCode = ldap_initialize(&ldap, url.cString(using: .utf8)) + let ldapReturnCode = ldap_initialize(&ldap, url) defer { if let ldap = ldap { ldap_unbind_ext_s(ldap, nil, nil) } } @@ -91,18 +103,32 @@ public class OpenLdap: NSObject { } var msg: LDAPMessage? print("Searching from LDAP. Url: \(url) \(filter)") - ldap_search_ext_s(ldap, "c=EE", LDAP_SCOPE_SUBTREE, filter, nil, 0, nil, nil, nil, 0, &msg) + var attr = Array("userCertificate;binary".utf8CString) + _ = attr.withUnsafeMutableBufferPointer { attr in + var attrs = [attr.baseAddress, nil] + return attrs.withUnsafeMutableBufferPointer { attrs in + ldap_search_ext_s(ldap, "c=EE", LDAP_SCOPE_SUBTREE, filter, attrs.baseAddress, 0, nil, nil, nil, 0, &msg) + } + } if let msg = msg { defer { ldap_msgfree(msg) } - return LDAPResponse.from(ldap: ldap!, msg: msg) + var result = [Addressee]() + var message = ldap_first_message(ldap, msg) + while let currentMessage = message { + if ldap_msgtype(currentMessage) == LDAP_RES_SEARCH_ENTRY { + result.append(contentsOf: attributes(ldap: ldap!, msg: currentMessage)) + } + message = ldap_next_message(ldap, currentMessage) + } + return result } return [] } static private func setLdapOption(option: Int32, value: String) -> Bool { - let result = ldap_set_option(nil, option, value.cString(using: .utf8)) + let result = ldap_set_option(nil, option, value) if result != LDAP_SUCCESS { print("ldap_set_option failed: \(String(cString: ldap_err2string(result)))") return false @@ -113,4 +139,91 @@ public class OpenLdap: NSObject { static private func isPersonalCode(_ inputString: String) -> Bool { return inputString.count == 11 && inputString.rangeOfCharacter(from: CharacterSet.decimalDigits.inverted) == nil } + + static private func attributes(ldap: LDAP, msg: LDAPMessage) -> [Addressee] { + var result = [Addressee]() + var ber: BerElement? + var attrPointer = ldap_first_attribute(ldap, msg, &ber) + while let attr = attrPointer { + defer { ldap_memfree(attr) } + result.append(contentsOf: values(ldap: ldap, msg: msg, tag: String(cString: attr))) + attrPointer = ldap_next_attribute(ldap, msg, ber) + } + if let ber = ber { + ber_free(ber, 0) + } + + if let namePointer = ldap_get_dn(ldap, msg) { + print("Result (\(result.count)) \(String(cString: namePointer))") + ldap_memfree(namePointer) + } + return result + } + + static private func values(ldap: LDAP, msg: LDAPMessage, tag: String) -> [Addressee] { + var result = [Addressee]() + guard let bvals = ldap_get_values_len(ldap, msg, tag) else { + return result + } + defer { ldap_value_free_len(bvals) } + + var i = 0 + while let bval = bvals[i] { + let data = Data(bytes: bval.pointee.bv_val, count: Int(bval.pointee.bv_len)) + i += 1 + guard let x509 = try? X509Certificate(der: data) else { + continue + } + var isIdCardType = false + var isDigiIdType = false + var isMobileID = false + var isESeal = false + var policyIdentifiers = [String]() + if let ext = x509.extensionObject(oid: OID.certificatePolicies) as? X509Certificate.CertificatePoliciesExtension { + for policy in ext.policies ?? [] { + policyIdentifiers.append(policy.oid) + switch policy.oid { + case let oid where oid.starts(with: "1.3.6.1.4.1.10015.1.1"), + let oid where oid.starts(with: "1.3.6.1.4.1.51361.1.1.1"): + isIdCardType = true + case let oid where oid.starts(with: "1.3.6.1.4.1.10015.1.2"), + let oid where oid.starts(with: "1.3.6.1.4.1.51361.1.1"), + let oid where oid.starts(with: "1.3.6.1.4.1.51455.1.1"): + isDigiIdType = true + case let oid where oid.starts(with: "1.3.6.1.4.1.10015.1.3"), + let oid where oid.starts(with: "1.3.6.1.4.1.10015.11.1"): + isMobileID = true + case let oid where oid.starts(with: "1.3.6.1.4.1.10015.7.3"), + let oid where oid.starts(with: "1.3.6.1.4.1.10015.7.1"), + let oid where oid.starts(with: "1.3.6.1.4.1.10015.2.1"): + isESeal = true + default: + break + } + } + } + let isUnknown = !isIdCardType && !isDigiIdType && !isMobileID && !isESeal + + if x509.keyUsage[KeyUsage.keyEncipherment.rawValue] || x509.keyUsage[KeyUsage.keyAgreement.rawValue], + !x509.extendedKeyUsage.contains(OID.serverAuth.rawValue), + !isESeal || !x509.extendedKeyUsage.contains(OID.clientAuth.rawValue), + !isMobileID && !isUnknown { + let cn = x509.subject(oid: OID.commonName)?.joined(separator: ",") ?? "" + let split = cn.split(separator: ",").map { String($0) } + let addressee = Addressee() + if split.count == 3 { + addressee.surname = split[0] + addressee.givenName = split[1] + addressee.identifier = split[2] + } else { + addressee.identifier = cn + } + addressee.cert = data + addressee.validTo = x509.notAfter ?? Date() + addressee.policyIdentifiers = policyIdentifiers + result.append(addressee) + } + } + return result + } } diff --git a/MoppApp/MoppApp/AddresseeActions.swift b/MoppApp/MoppApp/AddresseeActions.swift index dcb4f12d7..bf27e14cd 100644 --- a/MoppApp/MoppApp/AddresseeActions.swift +++ b/MoppApp/MoppApp/AddresseeActions.swift @@ -38,8 +38,7 @@ extension AddresseeActions { } func determineInfo(addressee: Addressee) -> String { - let policyIdentifiers = MoppLibManager.certificatePolicyIdentifiers(addressee.cert) - let addresseeType = displayAddresseeType(policyIdentifiers as? [String] ?? []) + let addresseeType = displayAddresseeType(addressee.policyIdentifiers) let validTo = "\(L(LocKey.cryptoValidTo)) \(MoppDateFormatter.shared.ddMMYYYY(toString: addressee.validTo))" return "\(addresseeType) (\(validTo))" } diff --git a/MoppApp/MoppApp/AddresseeViewController.swift b/MoppApp/MoppApp/AddresseeViewController.swift index add730800..7354fdf61 100644 --- a/MoppApp/MoppApp/AddresseeViewController.swift +++ b/MoppApp/MoppApp/AddresseeViewController.swift @@ -22,6 +22,7 @@ */ import Foundation +import CryptoLib protocol AddresseeViewControllerDelegate: AnyObject { func addAddresseeToContainer(selectedAddressees: [Addressee]) @@ -91,31 +92,24 @@ class AddresseeViewController : MoppViewController { submittedQuery = trimmedText selectedIndexes = [] showLoading(show: true) - MoppLibCryptoActions.sharedInstance().searchLdapData( - trimmedText, - success: { (_ ldapResponse: NSMutableArray?) -> Void in - _ = ldapResponse?.sorted {($0 as? Addressee)?.identifier ?? "" < ($1 as? Addressee)?.identifier ?? "" } - - self.foundAddressees = ((ldapResponse?.sorted {($0 as? Addressee)?.identifier ?? "" < ($1 as? Addressee)?.identifier ?? "" } as? [Addressee]? ?? []) ?? []) + + if (!MoppLibManager.sharedInstance().isConnected()) { + self.infoAlert(message: L(.noConnectionMessage)) + self.showLoading(show: false) + return + } + + Task { + let result = await OpenLdap.search(identityCode: trimmedText, configuration: MoppLDAPConfiguration.getMoppLDAPConfiguration()) + if (result.count > 0) { + self.foundAddressees = result.sorted { $0.identifier < $1.identifier } self.showLoading(show: false) self.tableView.reloadData() - }, - failure: { error in - guard let nsError = error as NSError? else { - self.infoAlert(message: L(.genericErrorMessage)) - self.showLoading(show: false) - return - } - DispatchQueue.main.async { - if nsError.code == Int(MoppLibErrorCode.moppLibErrorNoInternetConnection.rawValue) { - self.infoAlert(message: L(.noConnectionMessage)) - } else { - self.infoAlert(message: "\(L(.cryptoEmptyLdapLabel)) \(MessageUtil.generateDetailedErrorMessage(error: nsError) ?? "")") - } - self.showLoading(show: false) - } - }, configuration: MoppLDAPConfiguration.getMoppLDAPConfiguration() - ) + } else { + self.infoAlert(message: "\(L(.cryptoEmptyLdapLabel))") + self.showLoading(show: false) + } + } } } diff --git a/MoppApp/MoppApp/Configuration.swift b/MoppApp/MoppApp/Configuration.swift index 85c7dfd24..8d0037531 100644 --- a/MoppApp/MoppApp/Configuration.swift +++ b/MoppApp/MoppApp/Configuration.swift @@ -24,6 +24,7 @@ import Foundation import ASN1Decoder +import CryptoLib internal struct MOPPConfiguration: Codable { var TSLURL: String diff --git a/MoppLib/MoppLib.xcodeproj/project.pbxproj b/MoppLib/MoppLib.xcodeproj/project.pbxproj index 85f8e2708..2902beca6 100644 --- a/MoppLib/MoppLib.xcodeproj/project.pbxproj +++ b/MoppLib/MoppLib.xcodeproj/project.pbxproj @@ -65,8 +65,6 @@ DF1503872AC5CE32007222B2 /* OCMock in Frameworks */ = {isa = PBXBuildFile; productRef = DF1503862AC5CE32007222B2 /* OCMock */; }; DF169D5A2B9000F0000DD46C /* MoppLibDigidocValidateOnline.h in Headers */ = {isa = PBXBuildFile; fileRef = DF169D592B9000F0000DD46C /* MoppLibDigidocValidateOnline.h */; settings = {ATTRIBUTES = (Public, ); }; }; DF169D5C2B90011E000DD46C /* MoppLibDigidocValidateOnline.m in Sources */ = {isa = PBXBuildFile; fileRef = DF169D5B2B90011E000DD46C /* MoppLibDigidocValidateOnline.m */; }; - DF1EE2BD234DD20500E37CA8 /* MoppLibCertificateInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DF1EE2BB234DD20500E37CA8 /* MoppLibCertificateInfo.h */; settings = {ATTRIBUTES = (Public, ); }; }; - DF1EE2BE234DD20500E37CA8 /* MoppLibCertificateInfo.mm in Sources */ = {isa = PBXBuildFile; fileRef = DF1EE2BC234DD20500E37CA8 /* MoppLibCertificateInfo.mm */; }; DFBDF1F827DA44BD00A5CF3C /* MoppLibRoleAddressData.h in Headers */ = {isa = PBXBuildFile; fileRef = DFBDF1F727DA44BD00A5CF3C /* MoppLibRoleAddressData.h */; settings = {ATTRIBUTES = (Public, ); }; }; DFBDF1FA27DA44FD00A5CF3C /* MoppLibRoleAddressData.m in Sources */ = {isa = PBXBuildFile; fileRef = DFBDF1F927DA44FD00A5CF3C /* MoppLibRoleAddressData.m */; }; DFDD76292B507EFF0008EC2C /* MoppLibProxyConfiguration.h in Headers */ = {isa = PBXBuildFile; fileRef = DFDD76282B507EFF0008EC2C /* MoppLibProxyConfiguration.h */; settings = {ATTRIBUTES = (Public, ); }; }; @@ -76,8 +74,6 @@ E4180C161E23FE9300FD7B8C /* MLDateFormatter.h in Headers */ = {isa = PBXBuildFile; fileRef = E4180C141E23FE9300FD7B8C /* MLDateFormatter.h */; }; E4180C171E23FE9300FD7B8C /* MLDateFormatter.m in Sources */ = {isa = PBXBuildFile; fileRef = E4180C151E23FE9300FD7B8C /* MLDateFormatter.m */; }; E4250CEC1E09695100530370 /* MoppLib.h in Headers */ = {isa = PBXBuildFile; fileRef = E4250CEA1E09695100530370 /* MoppLib.h */; settings = {ATTRIBUTES = (Public, ); }; }; - E4250CFC1E096BEA00530370 /* libz.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = E4250CFB1E096BEA00530370 /* libz.tbd */; }; - E4250CFE1E096BEF00530370 /* libxml2.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = E4250CFD1E096BEF00530370 /* libxml2.tbd */; }; E4250D001E096CAA00530370 /* test.bdoc in Resources */ = {isa = PBXBuildFile; fileRef = E4250CFF1E096CAA00530370 /* test.bdoc */; }; E42B08B51E1F0B3B00EA24A3 /* MoppLibContainer.h in Headers */ = {isa = PBXBuildFile; fileRef = E42B08B31E1F0B3B00EA24A3 /* MoppLibContainer.h */; settings = {ATTRIBUTES = (Public, ); }; }; E42B08B61E1F0B3B00EA24A3 /* MoppLibContainer.m in Sources */ = {isa = PBXBuildFile; fileRef = E42B08B41E1F0B3B00EA24A3 /* MoppLibContainer.m */; }; @@ -169,8 +165,6 @@ C5F462A7209727E8001B7D59 /* CoreBluetooth.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreBluetooth.framework; path = System/Library/Frameworks/CoreBluetooth.framework; sourceTree = SDKROOT; }; DF169D592B9000F0000DD46C /* MoppLibDigidocValidateOnline.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MoppLibDigidocValidateOnline.h; sourceTree = ""; }; DF169D5B2B90011E000DD46C /* MoppLibDigidocValidateOnline.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MoppLibDigidocValidateOnline.m; sourceTree = ""; }; - DF1EE2BB234DD20500E37CA8 /* MoppLibCertificateInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MoppLibCertificateInfo.h; sourceTree = ""; }; - DF1EE2BC234DD20500E37CA8 /* MoppLibCertificateInfo.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MoppLibCertificateInfo.mm; sourceTree = ""; }; DFBDF1F727DA44BD00A5CF3C /* MoppLibRoleAddressData.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MoppLibRoleAddressData.h; sourceTree = ""; }; DFBDF1F927DA44FD00A5CF3C /* MoppLibRoleAddressData.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MoppLibRoleAddressData.m; sourceTree = ""; }; DFDD76282B507EFF0008EC2C /* MoppLibProxyConfiguration.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MoppLibProxyConfiguration.h; sourceTree = ""; }; @@ -182,8 +176,6 @@ E4250CE71E09695100530370 /* MoppLib.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = MoppLib.framework; sourceTree = BUILT_PRODUCTS_DIR; }; E4250CEA1E09695100530370 /* MoppLib.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MoppLib.h; sourceTree = ""; }; E4250CEB1E09695100530370 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; - E4250CFB1E096BEA00530370 /* libz.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libz.tbd; path = usr/lib/libz.tbd; sourceTree = SDKROOT; }; - E4250CFD1E096BEF00530370 /* libxml2.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libxml2.tbd; path = usr/lib/libxml2.tbd; sourceTree = SDKROOT; }; E4250CFF1E096CAA00530370 /* test.bdoc */ = {isa = PBXFileReference; lastKnownFileType = file; path = test.bdoc; sourceTree = ""; }; E42B08B31E1F0B3B00EA24A3 /* MoppLibContainer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MoppLibContainer.h; sourceTree = ""; }; E42B08B41E1F0B3B00EA24A3 /* MoppLibContainer.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MoppLibContainer.m; sourceTree = ""; }; @@ -218,8 +210,6 @@ C5F462A8209727E8001B7D59 /* CoreBluetooth.framework in Frameworks */, 4E63A77B2AEA7C5A00CEE392 /* digidocpp.framework in Frameworks */, C54EA73020499DFC0039AC78 /* ExternalAccessory.framework in Frameworks */, - E4250CFE1E096BEF00530370 /* libxml2.tbd in Frameworks */, - E4250CFC1E096BEA00530370 /* libz.tbd in Frameworks */, C5AAAF8220C9621D0087D6DA /* libiRockey301_ccid.a in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; @@ -281,8 +271,6 @@ AE0A84491E43853800CC1465 /* MoppLibMobileCreateSignatureResponse.m */, DFF3C3A723322E0C0079458A /* MOPPLibConfiguration.h */, DFF3C3A823322E0C0079458A /* MOPPLibConfiguration.m */, - DF1EE2BB234DD20500E37CA8 /* MoppLibCertificateInfo.h */, - DF1EE2BC234DD20500E37CA8 /* MoppLibCertificateInfo.mm */, DFBDF1F727DA44BD00A5CF3C /* MoppLibRoleAddressData.h */, DFBDF1F927DA44FD00A5CF3C /* MoppLibRoleAddressData.m */, ); @@ -340,8 +328,6 @@ C5F462A7209727E8001B7D59 /* CoreBluetooth.framework */, C54EA72F20499DFC0039AC78 /* ExternalAccessory.framework */, C5AAAF8120C9621D0087D6DA /* libiRockey301_ccid.a */, - E4250CFD1E096BEF00530370 /* libxml2.tbd */, - E4250CFB1E096BEA00530370 /* libz.tbd */, ); name = Frameworks; sourceTree = ""; @@ -468,7 +454,6 @@ AE0A844A1E43853800CC1465 /* MoppLibMobileCreateSignatureResponse.h in Headers */, 54DC0E011E0D48C900C62B3D /* MoppLibError.h in Headers */, E4180C161E23FE9300FD7B8C /* MLDateFormatter.h in Headers */, - DF1EE2BD234DD20500E37CA8 /* MoppLibCertificateInfo.h in Headers */, E42B08C51E1F11B900EA24A3 /* MoppLibDataFile.h in Headers */, C54EA736204D90D50039AC78 /* MoppLibCardReaderManager.h in Headers */, 399C01E620BC17A10056D7AC /* MoppLibCryptoActions.h in Headers */, @@ -640,7 +625,6 @@ C54EA732204D5E860039AC78 /* CardReaderiR301.m in Sources */, 545111731E13BBA800296B80 /* MoppLibPersonalData.m in Sources */, E4180C171E23FE9300FD7B8C /* MLDateFormatter.m in Sources */, - DF1EE2BE234DD20500E37CA8 /* MoppLibCertificateInfo.mm in Sources */, DFF3C3AA23322E0D0079458A /* MOPPLibConfiguration.m in Sources */, 54DC0E021E0D48C900C62B3D /* MoppLibError.m in Sources */, E42B08C61E1F11B900EA24A3 /* MoppLibDataFile.m in Sources */, @@ -733,7 +717,7 @@ CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES; CLANG_ANALYZER_NONNULL = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; @@ -766,7 +750,7 @@ DEFINES_MODULE = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_C_LANGUAGE_STANDARD = gnu17; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; @@ -800,7 +784,7 @@ CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES; CLANG_ANALYZER_NONNULL = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; @@ -829,11 +813,10 @@ "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; COPY_PHASE_STRIP = NO; CURRENT_PROJECT_VERSION = 1; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; DEFINES_MODULE = YES; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_C_LANGUAGE_STANDARD = gnu17; GCC_NO_COMMON_BLOCKS = YES; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = PrefixHeader.pch; diff --git a/MoppLib/MoppLib/MoppLibDigidocManager.h b/MoppLib/MoppLib/MoppLibDigidocManager.h index 93fd6982e..d88bacd4a 100644 --- a/MoppLib/MoppLib/MoppLibDigidocManager.h +++ b/MoppLib/MoppLib/MoppLibDigidocManager.h @@ -59,6 +59,5 @@ typedef enum { - (NSString *)iOSVersion; - (NSString *)userAgent; - (NSString *)userAgent:(BOOL)shouldIncludeDevices; -+ (NSArray *)certificatePolicyIdentifiers:(NSData *)certData; + (NSString *)sanitize:(NSString *)text; @end diff --git a/MoppLib/MoppLib/MoppLibDigidocManager.mm b/MoppLib/MoppLib/MoppLibDigidocManager.mm index 4d26d2016..2d60cb22b 100644 --- a/MoppLib/MoppLib/MoppLibDigidocManager.mm +++ b/MoppLib/MoppLib/MoppLibDigidocManager.mm @@ -334,27 +334,6 @@ - (void)setupWithSuccess:(VoidBlock)success andFailure:(FailureBlock)failure usi return digidoc::X509Cert(reinterpret_cast(data.bytes), data.length); } -+ (NSArray *)certificatePolicyIdentifiers:(NSData *)certData { - digidoc::X509Cert x509Cert; - try { - x509Cert = [self getCertFromData:certData]; - } catch(const digidoc::Exception &e) { - parseException(e); - printLog(@"Unable to create a X509 certificate object for Certificate Policy Identifiers. Code: %u, message: %s", e.code(), e.msg().c_str()); - return @[]; - } catch(...) { - printLog(@"Creating a X509 certificate object raised exception\n"); - return @[]; - } - - auto policies = x509Cert.certificatePolicies(); - NSMutableArray *result = [NSMutableArray new]; - for (auto p : policies) { - [result addObject:[NSString stringWithUTF8String:p.c_str()]]; - } - return result; -} - + (NSData *)getDataToSign { std::vector dataTosign = signature->dataToSign(); return [NSData dataWithBytes:dataTosign.data() length:dataTosign.size()]; diff --git a/MoppLib/MoppLib/PublicInterface/MoppLib.h b/MoppLib/MoppLib/PublicInterface/MoppLib.h index 496e9eb48..b0a6e315f 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLib.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLib.h @@ -43,5 +43,4 @@ FOUNDATION_EXPORT const unsigned char MoppLibVersionString[]; #import #import #import -#import #import diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.h b/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.h deleted file mode 100644 index dbfdf4f0c..000000000 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.h +++ /dev/null @@ -1,37 +0,0 @@ -// -// MoppLibCertificateInfo.h -// MoppLib -/* -* Copyright 2017 - 2024 Riigi Infosüsteemi Amet -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public -* License as published by the Free Software Foundation; either -* version 2.1 of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this library; if not, write to the Free Software -* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -* -*/ - -#import - -@interface MoppLibCertificateInfo : NSObject -- (NSArray *) certificatePolicies:(NSData *)certData; -- (NSArray *) keyUsages:(NSData *)certData; -- (BOOL) hasKeyEnciphermentUsage:(NSArray *)keyUsages; -- (BOOL) hasKeyAgreementUsage:(NSArray *)keyUsages; -- (BOOL) isServerAuthKeyPurpose:(NSData *)certData; -- (BOOL) isTlsClientAuthKeyPurpose:(NSData *)certData; -- (BOOL) isESealType:(NSArray *)certPolicies; -- (BOOL) isMobileIdType:(NSArray *)certPolicies; -- (BOOL) isIdCardType:(NSArray *)certPolicies; -- (BOOL) isDigiIdType:(NSArray *)certPolicies; -- (BOOL) isUnknownType:(NSArray *)certPolicies; -@end diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.mm b/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.mm deleted file mode 100644 index 80b736338..000000000 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCertificateInfo.mm +++ /dev/null @@ -1,134 +0,0 @@ -// -// MoppLibCertificateInfo.mm -// MoppLib -/* -* Copyright 2017 - 2024 Riigi Infosüsteemi Amet -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public -* License as published by the Free Software Foundation; either -* version 2.1 of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this library; if not, write to the Free Software -* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -* -*/ - -#include - -#import "MoppLibCertificateInfo.h" -#import -#import - - -@implementation MoppLibCertificateInfo -- (NSArray *)certificatePolicies:(NSData *)certificateData { - const unsigned char *bytes = (const unsigned char *)[certificateData bytes]; - digidoc::X509Cert x509(bytes, certificateData.length); - std::vector x509Policies = x509.certificatePolicies(); - NSMutableArray *policies = [[NSMutableArray alloc] init]; - - for (auto& policy : x509Policies) { - [policies addObject:[NSString stringWithCString:policy.c_str() encoding:[NSString defaultCStringEncoding]]]; - } - - return policies; -} - -- (NSArray *)keyUsages:(NSData *)certificateData { - const unsigned char *bytes = (const unsigned char *)[certificateData bytes]; - digidoc::X509Cert x509(bytes, certificateData.length); - - NSMutableArray *keyUsagesList = [[NSMutableArray alloc] init]; - - for (auto c : x509.keyUsage()) { - [keyUsagesList addObject:[NSNumber numberWithInt:static_cast(c)]]; - } - - return keyUsagesList; -} - -- (BOOL) hasKeyEnciphermentUsage:(NSArray *)keyUsages { - return [keyUsages containsObject:@2]; -} - -- (BOOL) hasKeyAgreementUsage:(NSArray *)keyUsages { - return [keyUsages containsObject:@4]; -} - -- (BOOL) isServerAuthKeyPurpose:(NSData *)certificateData { - const unsigned char *bytes = (const unsigned char *)[certificateData bytes]; - digidoc::X509Cert x509(bytes, certificateData.length); - - if (!x509.subjectName("SN").empty()) { - return (X509_get_extended_key_usage(x509.handle()) & XKU_SSL_SERVER) == XKU_SSL_SERVER; - } else { - return ((X509_get_extended_key_usage(x509.handle()) != UINT32_MAX) & XKU_SSL_SERVER) == XKU_SSL_SERVER; - } -} - -- (BOOL) isTlsClientAuthKeyPurpose:(NSData *)certificateData { - const unsigned char *bytes = (const unsigned char *)[certificateData bytes]; - digidoc::X509Cert x509(bytes, certificateData.length); - - X509_check_purpose(x509.handle(), -1, -1); - return X509_get_extended_key_usage(x509.handle()) != UINT32_MAX; -} - -- (BOOL) isESealType:(NSArray *)certificatePolicies { - for (NSString* policy in certificatePolicies) { - if ([policy hasPrefix: @"1.3.6.1.4.1.10015.7.3"] || [policy hasPrefix: @"1.3.6.1.4.1.10015.7.1"] || [policy hasPrefix: @"1.3.6.1.4.1.10015.2.1"]) { - return true; - } - return false; - } - - return false; -} -- (BOOL) isMobileIdType:(NSArray *)certificatePolicies { - for (NSString* policy in certificatePolicies) { - if ([policy hasPrefix: @"1.3.6.1.4.1.10015.1.3"] || [policy hasPrefix: @"1.3.6.1.4.1.10015.11.1"]) { - return true; - } - return false; - } - - return false; -} - -- (BOOL) isIdCardType:(NSArray *)certificatePolicies { - for (NSString* policy in certificatePolicies) { - if ([policy hasPrefix: @"1.3.6.1.4.1.10015.1.1"] || [policy hasPrefix: @"1.3.6.1.4.1.51361.1.1.1"]) { - return true; - } - return false; - } - - return false; -} - -- (BOOL) isDigiIdType:(NSArray *)certificatePolicies { - for (NSString* policy in certificatePolicies) { - if ([policy hasPrefix: @"1.3.6.1.4.1.10015.1.2"] || [policy hasPrefix: @"1.3.6.1.4.1.51361.1.1"] || [policy hasPrefix: @"1.3.6.1.4.1.51455.1.1"]) { - return true; - } - return false; - } - - return false; -} - -- (BOOL) isUnknownType:(NSArray *)certificatePolicies { - MoppLibCertificateInfo *certInfo = [MoppLibCertificateInfo alloc]; - return ![certInfo isIdCardType:certificatePolicies] && - ![certInfo isDigiIdType:certificatePolicies] && - ![certInfo isMobileIdType:certificatePolicies] && - ![certInfo isESealType:certificatePolicies]; -} -@end diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibConstants.h b/MoppLib/MoppLib/PublicInterface/MoppLibConstants.h index e97d97ef2..d07f4e470 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibConstants.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLibConstants.h @@ -95,7 +95,6 @@ typedef void (^CertDataBlock)(MoppLibCerificatetData *certData); typedef void (^PersonalDataBlock)(MoppLibPersonalData *personalData); typedef void (^SignatureStatusBlock) (MoppLibContainer *container, NSError *error, NSString *status); typedef void (^ContainerBlock)(MoppLibContainer *container); -typedef void (^LdapBlock)(NSMutableArray *ldapResponse); typedef void (^CdocContainerBlock)(CdocInfo *cdocInfo); typedef void (^DecryptedDataBlock)(NSMutableDictionary *decryptedData); typedef void (^MobileCreateSignatureResponseBlock)(MoppLibMobileCreateSignatureResponse *createSignatureResponse); diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h index 004663432..daa0fd9a9 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.h @@ -23,20 +23,9 @@ #import "MoppLibConstants.h" -@class MoppLdapConfiguration; - @interface MoppLibCryptoActions : NSObject + (MoppLibCryptoActions *)sharedInstance; - - /** - * Search data from LDAP. - * - * @param identifier LDAP search request identifier. - * @param success Block to be called on successful completion of action. Includes ldap respone data as LdapResponse. - * @param failure Block to be called when action fails. Includes error. - */ -- (void)searchLdapData:(NSString *)identifier success:(LdapBlock)success failure:(FailureBlock)failure configuration:(MoppLdapConfiguration *)moppLdapConfiguration; /** * Encrypt data and create CDOC container. diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m index 7c4928842..928ede951 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m +++ b/MoppLib/MoppLib/PublicInterface/MoppLibCryptoActions.m @@ -35,9 +35,7 @@ #include #import "NSData+Additions.h" #include "MoppLibDigidocMAnager.h" -#import "MoppLibCertificateInfo.h" #import "MoppLibManager.h" -#import "Reachability.h" @implementation MoppLibCryptoActions @@ -128,99 +126,4 @@ - (void)encryptData:(NSString *)fullPath withDataFiles:(NSArray*)dataFiles withA }); } -- (void)searchLdapData:(NSString *)identifier success:(LdapBlock)success failure:(FailureBlock)failure configuration:(MoppLdapConfiguration *) moppLdapConfiguration { - - Reachability *reachability = [Reachability reachabilityForInternetConnection]; - NetworkStatus networkStatus = [reachability currentReachabilityStatus]; - if (networkStatus == NotReachable) { - failure([MoppLibError noInternetConnectionError]); - return; - } - - NSString *certsPath = [self getLibraryCertsFolderPath]; - NSString *ldapCertsPath = [self getCertFolderPath:certsPath fileName:@"ldapCerts.pem"]; - - dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{ - NSMutableArray *filteredResponse = [[NSMutableArray alloc] init]; - NSError *error; - @try { - NSArray *response = [OpenLdap searchWithIdentityCode:identifier configuration:moppLdapConfiguration withCertificate:ldapCertsPath]; - - if (response.count == 0) { - failure([MoppLibError ldapResponseNotFoundError]); - return; - } - - for (LDAPResponse* key in response) { - for (NSData *certData in key.userCertificate) { - - Addressee *addressee = [[Addressee alloc] init]; - MoppLibCertificateInfo *certInfo = [MoppLibCertificateInfo alloc]; - NSArray *certPolicies = [certInfo certificatePolicies:certData]; - NSArray *certKeyUsages = [certInfo keyUsages:certData]; - - if (key.cn != NULL) { - NSArray *cn = [key.cn componentsSeparatedByString:@","]; - if (cn.count > 1) { - addressee.surname = cn[0]; - addressee.givenName = cn[1]; - addressee.identifier = cn[2]; - } else { - addressee.identifier = cn[0]; - } - } - - if (([certInfo hasKeyEnciphermentUsage:(certKeyUsages)] || [certInfo hasKeyAgreementUsage:(certKeyUsages)]) && - ![certInfo isServerAuthKeyPurpose:(certData)] && - (![certInfo isESealType:(certPolicies)] || ![certInfo isTlsClientAuthKeyPurpose:(certData)]) && - ![certInfo isMobileIdType:(certPolicies)] && ![certInfo isUnknownType:(certPolicies)]) { - - addressee.cert = certData; - - MoppLibCerificatetData *certificateData = [MoppLibCerificatetData new]; - [MoppLibCertificate certData:certificateData updateWithDerEncoding:certData]; - addressee.validTo = certificateData.expiryDate; - if (addressee.validTo != nil) { - [filteredResponse addObject:addressee]; - } - } - } - } - - if (filteredResponse.count == 0) { - failure([MoppLibError ldapResponseNotFoundError]); - return; - } - } - @catch (...) { - error = [MoppLibError generalError]; - } - dispatch_async(dispatch_get_main_queue(), ^{ - error == nil ? success(filteredResponse) : failure(error); - }); - }); -} - -- (NSString*) getLibraryCertsFolderPath { - NSArray *libraryPaths = NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, NSUserDomainMask, YES); - if ([libraryPaths count] > 0) { - NSString *libraryPath = libraryPaths[0]; - NSString *certsPath = [libraryPath stringByAppendingPathComponent:@"LDAPCerts"]; - return certsPath; - } - return nil; -} - -- (NSString*) getCertFolderPath:(NSString *)directoryPath fileName:(NSString *)fileName { - NSFileManager *fileManager = [NSFileManager defaultManager]; - NSString *filePath = [directoryPath stringByAppendingPathComponent:fileName]; - if ([fileManager fileExistsAtPath:filePath]) { - return filePath; - } else { - NSLog(@"File %@ does not exist at directory path: %@", fileName, filePath); - } - - return @""; -} - @end diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibManager.h b/MoppLib/MoppLib/PublicInterface/MoppLibManager.h index d1c3b12df..4fcb2fd5f 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibManager.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLibManager.h @@ -46,11 +46,11 @@ - (NSString *)moppLibVersion; - (NSString *)libdigidocppVersion; +- (BOOL)isConnected; - (NSString *)appVersion; - (NSString *)iOSVersion; - (NSString *)userAgent; - (NSString *)userAgent:(BOOL)shouldIncludeDevices; -+ (NSArray *)certificatePolicyIdentifiers:(NSData *)certData; + (NSString *)sanitize:(NSString *)text; @end diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibManager.m b/MoppLib/MoppLib/PublicInterface/MoppLibManager.m index e597b1cdf..389290ddd 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibManager.m +++ b/MoppLib/MoppLib/PublicInterface/MoppLibManager.m @@ -23,6 +23,7 @@ #import "MoppLibManager.h" #import "MoppLibDigidocManager.h" +#import "Reachability/Reachability.h" @implementation MoppLibManager @@ -61,6 +62,11 @@ - (NSString *)libdigidocppVersion { return [[MoppLibDigidocManager sharedInstance] digidocVersion]; } +- (BOOL)isConnected { + Reachability *reachability = [Reachability reachabilityForInternetConnection]; + return [reachability currentReachabilityStatus] != NotReachable; +} + - (NSString *)appVersion { return [[MoppLibDigidocManager sharedInstance] moppAppVersion]; } @@ -77,10 +83,6 @@ - (NSString *)userAgent { return [[MoppLibDigidocManager sharedInstance] userAgent:false]; } -+ (NSArray *)certificatePolicyIdentifiers:(NSData *)certData { - return [MoppLibDigidocManager certificatePolicyIdentifiers:certData]; -} - + (NSString *)sanitize:(NSString *)text { return [MoppLibDigidocManager sanitize:text]; }