diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 093401d66..294bf00d5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -65,7 +65,7 @@ jobs: run: apt update -qq && apt install --no-install-recommends -y git lsb-release fakeroot build-essential devscripts debhelper pkg-config cmake libldap2-dev gettext libpcsclite-dev libssl-dev libqt5svg5-dev qttools5-dev-tools qttools5-dev lintian libflatbuffers-dev zlib1g-dev - name: Install dependencies if: matrix.container != '20.04' - run: apt update -qq && apt install --no-install-recommends -y git lsb-release fakeroot build-essential devscripts debhelper pkg-config cmake libldap2-dev gettext libpcsclite-dev libssl-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools libqt6core5compat6-dev lintian libflatbuffers-dev zlib1g-dev + run: apt update -qq && apt install --no-install-recommends -y git lsb-release fakeroot build-essential devscripts debhelper pkg-config cmake libldap2-dev gettext libpcsclite-dev libssl-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools lintian libflatbuffers-dev zlib1g-dev - name: Checkout uses: actions/checkout@v4 with: @@ -109,7 +109,7 @@ jobs: - name: Install Deps run: | dnf install -y --setopt=install_weak_deps=False \ - git gcc-c++ cmake rpm-build gettext openssl-devel openldap-devel pcsc-lite-devel qt6-qtsvg-devel qt6-qttools-devel qt6-qt5compat-devel flatbuffers-devel flatbuffers-compiler zlib-devel + git gcc-c++ cmake rpm-build gettext openssl-devel openldap-devel pcsc-lite-devel qt6-qtsvg-devel qt6-qttools-devel flatbuffers-devel flatbuffers-compiler zlib-devel - name: Install CMake if: matrix.container == 39 run: | @@ -182,7 +182,6 @@ jobs: with: version: 6.6.2 arch: win64_msvc2019_64 - modules: qt5compat - name: Setup dev env uses: ilammy/msvc-dev-cmd@v1 with: @@ -222,7 +221,7 @@ jobs: with: submodules: recursive - name: Install dependencies - run: sudo apt update -qq && sudo apt install --no-install-recommends -y cmake libldap2-dev gettext libpcsclite-dev libminizip-dev libxml-security-c-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools libqt6core5compat6-dev libflatbuffers-dev zlib1g-dev + run: sudo apt update -qq && sudo apt install --no-install-recommends -y cmake libldap2-dev gettext libpcsclite-dev libminizip-dev libxml-security-c-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools libflatbuffers-dev zlib1g-dev - name: Download artifact uses: dawidd6/action-download-artifact@v3 with: @@ -266,7 +265,7 @@ jobs: with: submodules: recursive - name: Install dependencies - run: sudo apt update -qq && sudo apt install --no-install-recommends -y cmake libldap2-dev gettext libpcsclite-dev libminizip-dev libxml-security-c-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools libqt6core5compat6-dev libflatbuffers-dev zlib1g-dev + run: sudo apt update -qq && sudo apt install --no-install-recommends -y cmake libldap2-dev gettext libpcsclite-dev libminizip-dev libxml-security-c-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools libflatbuffers-dev zlib1g-dev - name: Download artifact uses: dawidd6/action-download-artifact@v3 with: diff --git a/README.md b/README.md index 91a170856..bca6137ac 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,9 @@ * Install # Ubuntu - sudo apt install cmake qt6-tools-dev libqt6core5compat6-dev libqt6svg6-dev libpcsclite-dev libssl-dev libdigidocpp-dev libldap2-dev gettext pkg-config libflatbuffers-dev zlib1g-dev + sudo apt install cmake qt6-tools-dev libqt6svg6-dev libpcsclite-dev libssl-dev libdigidocpp-dev libldap2-dev gettext pkg-config libflatbuffers-dev zlib1g-dev # Fedora - sudo dnf install qt6-qtsvg-devel qt6-qttools-devel qt6-qt5compat-devel pcsc-lite-devel openssl-devel libdigidocpp openldap-devel gettext pkg-config flatbuffers-devel flatbuffers-compiler + sudo dnf install qt6-qtsvg-devel qt6-qttools-devel pcsc-lite-devel openssl-devel libdigidocpp openldap-devel gettext pkg-config flatbuffers-devel flatbuffers-compiler * Also runtime dependency opensc-pkcs11 and pcscd is needed diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index a20e7aed7..8986587b6 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -103,8 +103,8 @@ if(NOT BUILD_DATE) endif() if(${QT_VERSION_MAJOR} STREQUAL "6") - find_package(Qt6 COMPONENTS Core5Compat SvgWidgets REQUIRED) - target_link_libraries(${PROJECT_NAME} Qt6::Core5Compat Qt6::SvgWidgets) + find_package(Qt6 COMPONENTS SvgWidgets REQUIRED) + target_link_libraries(${PROJECT_NAME} Qt6::SvgWidgets) endif() set_target_properties(${PROJECT_NAME} PROPERTIES diff --git a/client/CryptoDoc.cpp b/client/CryptoDoc.cpp index 45a35af08..b091c178f 100644 --- a/client/CryptoDoc.cpp +++ b/client/CryptoDoc.cpp @@ -226,14 +226,7 @@ CKey::CKey(const QSslCertificate &c) QString sn = c.subjectInfo("SN"); if(!gn.isEmpty() || !sn.isEmpty()) cn = QStringLiteral("%1 %2 %3").arg(gn, sn, c.personalCode()); - QString o = c.subjectInfo(QSslCertificate::Organization); - static const QRegularExpression rx(QStringLiteral("ESTEID \\((.*)\\)")); - QRegularExpressionMatch match = rx.match(o); - if(match.hasMatch()) - return QStringLiteral("%1 %2").arg(cn, match.captured(1)); - if(o == QLatin1String("ESTEID")) - return QStringLiteral("%1 %2").arg(cn, CryptoDoc::tr("ID-CARD")); int certType = c.type(); if(certType & SslCertificate::EResidentSubType) return QStringLiteral("%1 %2").arg(cn, CryptoDoc::tr("Digi-ID E-RESIDENT")); diff --git a/client/Diagnostics.cpp b/client/Diagnostics.cpp index 6d25ec0fe..34fa74e31 100644 --- a/client/Diagnostics.cpp +++ b/client/Diagnostics.cpp @@ -129,31 +129,7 @@ void Diagnostics::generalInfo(QTextStream &s) s << "
"; return r; }; - if(printAID(QStringLiteral("AID35"), APDU("00A40400 0F D23300000045737445494420763335")) || - printAID(QStringLiteral("UPDATER_AID"), APDU("00A40400 0A D2330000005550443101"))) - { - reader.transfer(APDU("00A4000C")); - reader.transfer(APDU("00A4010C 02 EEEE")); - reader.transfer(APDU("00A4020C 02 5044")); - QByteArray row = APDU("00B20004 00"); - row[2] = 0x07; // read card id - s << "ID - " << reader.transfer(row).data << "
"; - - QString appletVersion; - if(QPCSCReader::Result data = reader.transfer(APDU("00CA0100 00"))) - { - for(int i = 0; i < data.data.size(); ++i) - { - if(i == 0) - appletVersion = QString::number(quint8(data.data[i])); - else - appletVersion += QStringLiteral(".%1").arg(quint8(data.data[i])); - } - } - if(!appletVersion.isEmpty()) - s << tr("Applet version") << ": " << appletVersion << "
"; - } - else if(printAID(QStringLiteral("AID_IDEMIA"), APDU("00A40400 10 A000000077010800070000FE00000100")) || + if(printAID(QStringLiteral("AID_IDEMIA"), APDU("00A40400 10 A000000077010800070000FE00000100")) || printAID(QStringLiteral("AID_OT"), APDU("00A4040C 0D E828BD080FF2504F5420415750")) || printAID(QStringLiteral("AID_QSCD"), APDU("00A4040C 10 51534344204170706C69636174696F6E"))) { diff --git a/client/MainWindow.cpp b/client/MainWindow.cpp index 62b0db295..2f65bffa1 100644 --- a/client/MainWindow.cpp +++ b/client/MainWindow.cpp @@ -28,7 +28,7 @@ #include "PrintSheet.h" #include "QPCSC.h" #include "QSigner.h" -#include "Settings.h" +#include "SslCertificate.h" #include "Styles.h" #include "TokenData.h" #include "effects/ButtonHoverFilter.h" @@ -43,7 +43,6 @@ #include "dialogs/WarningDialog.h" #include "widgets/DropdownButton.h" #include "widgets/CardPopup.h" -#include "widgets/VerifyCert.h" #include "widgets/WarningItem.h" #include "widgets/WarningList.h" diff --git a/client/MainWindow.ui b/client/MainWindow.ui index f2cd24b1e..257863090 100644 --- a/client/MainWindow.ui +++ b/client/MainWindow.ui @@ -527,7 +527,7 @@ background-position: bottom; } - + Qt::Vertical @@ -540,66 +540,63 @@ background-position: bottom; } - + 0 - 128 + 45 - - - - - - 20 - true - - - - border: none; + + + 20 + true + + + + border: none; color: #041E42; - - - 0 - - - Drag file here for signing ... - - - Qt::AlignCenter - - - - - - - - 240 - 45 - - - - - 240 - 45 - - - - - 14 - false - false - - - - PointingHandCursor - - - Load file from disk for signing or verifying - - - QPushButton { + + + 0 + + + Drag file here for signing ... + + + Qt::AlignCenter + + + + + + + + 240 + 45 + + + + + 240 + 45 + + + + + 14 + false + false + + + + PointingHandCursor + + + Load file from disk for signing or verifying + + + QPushButton { padding: 6px 10px; border-radius: 2px; background-color: #006eb5; @@ -616,17 +613,14 @@ QPushButton:hover:!pressed { QPushButton:disabled { background-color: #BEDBED; } - - - Open file for signing or verifying - - - - + + + Open file for signing or verifying + - + Qt::Vertical @@ -664,43 +658,63 @@ background-position: bottom; - + 0 - 128 + 45 - - - - - - 240 - 45 - - - - - 240 - 45 - - - - - 14 - false - false - - - - PointingHandCursor - - - Load file from disk for encryption or decryption - - - QPushButton { + + + 20 + true + + + + border: none; +color: #041E42; + + + 0 + + + Drag file here for encryption ... + + + Qt::AlignCenter + + + + + + + + 240 + 45 + + + + + 240 + 45 + + + + + 14 + false + false + + + + PointingHandCursor + + + Load file from disk for encryption or decryption + + + QPushButton { padding: 6px 10px; border-radius: 2px; background-color: #006eb5; @@ -717,36 +731,10 @@ QPushButton:hover:!pressed { QPushButton:disabled { background-color: #BEDBED; } - - - Open file for encryption or decryption - - - - - - - - 20 - true - - - - border: none; -color: #041E42; - - - 0 - - - Drag file here for encryption ... - - - Qt::AlignCenter - - - - + + + Open file for encryption or decryption + @@ -838,12 +826,6 @@ background-position: bottom; - - - 16777215 - 45 - - 20 @@ -862,6 +844,12 @@ background-position: bottom; Qt::AlignCenter + + true + + + true + @@ -912,7 +900,7 @@ background-position: bottom; QSvgWidget QWidget -
QSvgWidget.h
+
QSvgWidget
1 diff --git a/client/MainWindow_MyEID.cpp b/client/MainWindow_MyEID.cpp index 8c4303cac..db71c21c8 100644 --- a/client/MainWindow_MyEID.cpp +++ b/client/MainWindow_MyEID.cpp @@ -139,7 +139,7 @@ bool MainWindow::validateCardError(QSmartCardData::PinType type, QSmartCardData: void MainWindow::showNotification( const QString &msg, bool isSuccess ) { - FadeInNotification* notification = new FadeInNotification(this, + auto *notification = new FadeInNotification(this, isSuccess ? QStringLiteral("#ffffff") : QStringLiteral("#353739"), isSuccess ? QStringLiteral("#498526") : QStringLiteral("#F8DDA7"), 110); notification->start(msg, 750, 3000, 1200); @@ -182,11 +182,6 @@ void MainWindow::updateCardWarnings(const QSmartCardData &data) ui->myEid->invalidIcon(true); warnings->showWarning(WarningText(WarningType::CertExpiredWarning)); } - else if(data.authCert().publicKey().algorithm() == QSsl::Rsa) - { - ui->myEid->invalidIcon(true); - warnings->showWarning(WarningText(WarningType::CertRevokedWarning)); - } else if(expiresIn <= 105 * DAY) { ui->myEid->warningIcon(true); @@ -198,15 +193,23 @@ void MainWindow::updateMyEID(const TokenData &t) { warnings->clearMyEIDWarnings(); SslCertificate cert(t.cert()); - int type = cert.type(); - ui->infoStack->setHidden(t.isNull() || type == SslCertificate::UnknownType); - ui->accordion->setHidden(t.isNull() || type == SslCertificate::UnknownType); - ui->noReaderInfo->setVisible(t.isNull() || type == SslCertificate::UnknownType); - - if(!t.isNull()) + auto type = cert.type(); + ui->infoStack->setHidden(type == SslCertificate::UnknownType || type == SslCertificate::OldEstEidType); + ui->accordion->setHidden(type == SslCertificate::UnknownType || type == SslCertificate::OldEstEidType); + ui->noReaderInfo->setVisible(type == SslCertificate::UnknownType || type == SslCertificate::OldEstEidType); + + auto setText = [this](const char *text) { + ui->noReaderInfoText->setProperty("currenttext", text); + ui->noReaderInfoText->setText(tr(text)); + }; + if(type == SslCertificate::OldEstEidType) + setText(QT_TR_NOOP( + "The ID-card in the card reader has expired and is no longer supported in the DigiDoc4 Client.
" + "You can apply for a new ID-card from the Estonian Police and Border Guard Board.
" + "Additional information.")); + else if(!t.isNull()) { - ui->noReaderInfoText->setProperty("currenttext", "The card in the card reader is not an Estonian ID-card"); - ui->noReaderInfoText->setText(tr("The card in the card reader is not an Estonian ID-card")); + setText(QT_TR_NOOP("The card in the card reader is not an Estonian ID-card")); if(ui->cardInfo->token().card() != t.card()) ui->accordion->clear(); if(type & SslCertificate::TempelType) diff --git a/client/QSigner.cpp b/client/QSigner.cpp index 68dc49ceb..1b36cac46 100644 --- a/client/QSigner.cpp +++ b/client/QSigner.cpp @@ -224,12 +224,12 @@ QByteArray QSigner::decrypt(std::function &&func) continue; case QCryptoBackend::PinLocked: QCardLock::instance().exclusiveUnlock(); - d->smartcard->reload(); // QSmartCard should also know that PIN1 is blocked. + d->smartcard->reloadCounters(); // QSmartCard should also know that PIN1 is blocked. Q_EMIT error(QCryptoBackend::errorString(status)); return {}; default: QCardLock::instance().exclusiveUnlock(); - d->smartcard->reload(); // QSmartCard should also know that PIN1 is blocked. + d->smartcard->reloadCounters(); // QSmartCard should also know that PIN1 is blocked. Q_EMIT error(tr("Failed to login token") + " " + QCryptoBackend::errorString(status)); return {}; } @@ -237,7 +237,7 @@ QByteArray QSigner::decrypt(std::function &&func) QByteArray result = waitFor(func, d->backend); QCardLock::instance().exclusiveUnlock(); d->backend->logout(); - d->smartcard->reload(); // QSmartCard should also know that PIN1 is blocked. + d->smartcard->reloadCounters(); // QSmartCard should also know that PIN1 is blocked. if(d->backend->lastError() == QCryptoBackend::PinCanceled) return {}; @@ -266,7 +266,7 @@ QSslKey QSigner::key() const case QCryptoBackend::PinLocked: default: QCardLock::instance().exclusiveUnlock(); - d->smartcard->reload(); + d->smartcard->reloadCounters(); // QSmartCard should also know that PIN1 is blocked. return {}; } } while(status != QCryptoBackend::PinOK); @@ -290,7 +290,7 @@ void QSigner::logout() { d->backend->logout(); QCardLock::instance().exclusiveUnlock(); - d->smartcard->reload(); // QSmartCard should also know that PIN1 info is updated + d->smartcard->reloadCounters(); // QSmartCard should also know that PIN1 info is updated } QCryptographicHash::Algorithm QSigner::methodToNID(const std::string &method) @@ -437,18 +437,18 @@ std::vector QSigner::sign(const std::string &method, const std::v case QCryptoBackend::PinOK: break; case QCryptoBackend::PinCanceled: QCardLock::instance().exclusiveUnlock(); - d->smartcard->reload(); // QSmartCard should also know that PIN2 info is updated + d->smartcard->reloadCounters(); // QSmartCard should also know that PIN2 info is updated throwException((tr("Failed to login token") + " " + QCryptoBackend::errorString(status)), Exception::PINCanceled) case QCryptoBackend::PinIncorrect: (new WarningDialog(QCryptoBackend::errorString(status), Application::mainWindow()))->exec(); continue; case QCryptoBackend::PinLocked: QCardLock::instance().exclusiveUnlock(); - d->smartcard->reload(); // QSmartCard should also know that PIN2 info is updated + d->smartcard->reloadCounters(); // QSmartCard should also know that PIN2 info is updated throwException((tr("Failed to login token") + " " + QCryptoBackend::errorString(status)), Exception::PINLocked) default: QCardLock::instance().exclusiveUnlock(); - d->smartcard->reload(); // QSmartCard should also know that PIN2 info is updated + d->smartcard->reloadCounters(); // QSmartCard should also know that PIN2 info is updated throwException((tr("Failed to login token") + " " + QCryptoBackend::errorString(status)), Exception::PINFailed) } } while(status != QCryptoBackend::PinOK); @@ -456,7 +456,7 @@ std::vector QSigner::sign(const std::string &method, const std::v methodToNID(method), QByteArray::fromRawData((const char*)digest.data(), int(digest.size()))); QCardLock::instance().exclusiveUnlock(); d->backend->logout(); - d->smartcard->reload(); // QSmartCard should also know that PIN2 info is updated + d->smartcard->reloadCounters(); // QSmartCard should also know that PIN2 info is updated if(d->backend->lastError() == QCryptoBackend::PinCanceled) throwException(tr("Failed to login token"), Exception::PINCanceled) diff --git a/client/QSmartCard.cpp b/client/QSmartCard.cpp index e4a6116a3..d9a33c4ad 100644 --- a/client/QSmartCard.cpp +++ b/client/QSmartCard.cpp @@ -31,16 +31,15 @@ #include #include #include -#include Q_LOGGING_CATEGORY(CLog, "qdigidoc4.QSmartCard") QSmartCardData::QSmartCardData(): d(new QSmartCardDataPrivate) {} QSmartCardData::QSmartCardData(const QSmartCardData &other) = default; -QSmartCardData::QSmartCardData(QSmartCardData &&other) Q_DECL_NOEXCEPT: d(std::move(other.d)) {} +QSmartCardData::QSmartCardData(QSmartCardData &&other) Q_DECL_NOEXCEPT = default; QSmartCardData::~QSmartCardData() = default; QSmartCardData& QSmartCardData::operator =(const QSmartCardData &other) = default; -QSmartCardData& QSmartCardData::operator =(QSmartCardData &&other) Q_DECL_NOEXCEPT { std::swap(d, other.d); return *this; } +QSmartCardData& QSmartCardData::operator =(QSmartCardData &&other) Q_DECL_NOEXCEPT = default; bool QSmartCardData::operator ==(const QSmartCardData &other) const { return d == other.d || ( @@ -65,7 +64,6 @@ QVariant QSmartCardData::data(PersonalDataType type) const SslCertificate QSmartCardData::authCert() const { return d->authCert; } SslCertificate QSmartCardData::signCert() const { return d->signCert; } quint8 QSmartCardData::retryCount(PinType type) const { return d->retry.value(type); } -ulong QSmartCardData::usageCount(PinType type) const { return d->usage.value(type); } quint8 QSmartCardData::minPinLen(QSmartCardData::PinType type) { @@ -113,181 +111,23 @@ QPCSCReader::Result Card::transfer(QPCSCReader *reader, bool verify, const QByte } - -const QByteArray EstEIDCard::ESTEIDDF = APDU("00A4010C 02 EEEE"); -const QByteArray EstEIDCard::PERSONALDATA = APDU("00A4020C 02 5044"); -const QTextCodec* EstEIDCard::codec = QTextCodec::codecForName("Windows-1252"); - -QPCSCReader::Result EstEIDCard::change(QPCSCReader *reader, QSmartCardData::PinType type, const QString &pin_, const QString &newpin_) const +QHash Card::parseFCI(const QByteArray &data) { - QByteArray cmd = CHANGE; - QByteArray newpin = newpin_.toUtf8(); - QByteArray pin = pin_.toUtf8(); - cmd[3] = char(type == QSmartCardData::PukType ? 0 : type); - cmd[4] = char(pin.size() + newpin.size()); - return transfer(reader, false, cmd + pin + newpin, type, quint8(pin.size()), true); -} - -bool EstEIDCard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const -{ - static const QByteArray AUTHCERT = APDU("00A40200 02 AACE"); - static const QByteArray SIGNCERT = APDU("00A40200 02 DDCE"); - - if(reader->transfer(MASTER_FILE) && - reader->transfer(ESTEIDDF) && - d->data.isEmpty() && reader->transfer(PERSONALDATA)) + QHash result; + for(QByteArray::const_iterator i = data.constBegin(); i != data.constEnd(); ++i) { - QByteArray cmd = READRECORD; - for(char data = QSmartCardData::SurName; data != QSmartCardData::Comment4; ++data) - { - cmd[2] = data; - QPCSCReader::Result result = reader->transfer(cmd); - if(!result) - return false; - QString record = codec->toUnicode(result.data.trimmed()); - if(record == QChar(0)) - record.clear(); - switch(data) - { - case QSmartCardData::BirthDate: - case QSmartCardData::IssueDate: - d->data[QSmartCardData::PersonalDataType(data)] = QDate::fromString(record, QStringLiteral("dd.MM.yyyy")); - break; - case QSmartCardData::Expiry: - d->data[QSmartCardData::PersonalDataType(data)] = QDateTime::fromString(record, QStringLiteral("dd.MM.yyyy")).addDays(1).addSecs(-1); - break; - default: - d->data[QSmartCardData::PersonalDataType(data)] = record; - break; - } - } - } - bool readFailed = false; - auto readCert = [&](const QByteArray &file) { - // Workaround some cards, add Le to end - QPCSCReader::Result data = reader->transfer(file + APDU(reader->protocol() == QPCSCReader::T1 ? "00" : "")); - if(!data) - return QSslCertificate(); - QHash fci = QSmartCard::parseFCI(data.data); - int size = fci.contains(0x85) ? quint8(fci[0x85][0]) << 8 | quint8(fci[0x85][1]) : 0x0600; - QByteArray cert; - QByteArray cmd = READBINARY; - while(cert.size() < size) + quint8 tag(*i), size(*++i); + result[tag] = QByteArray(i + 1, size); + switch(tag) { - cmd[2] = char(cert.size() >> 8); - cmd[3] = char(cert.size()); - data = reader->transfer(cmd); - if(!data) - { - readFailed = true; - return QSslCertificate(); - } - cert += data.data; + case 0x6F: + case 0x62: + case 0x64: + case 0xA1: continue; + default: i += size; break; } - return QSslCertificate(cert, QSsl::Der); - }; - if(d->authCert.isNull()) - d->authCert = readCert(AUTHCERT); - if(d->signCert.isNull()) - d->signCert = readCert(SIGNCERT); - if(readFailed) - return false; - d->data[QSmartCardData::Email] = d->authCert.subjectAlternativeNames().values(QSsl::EmailEntry).value(0); - return updateCounters(reader, d); -} - -QPCSCReader::Result EstEIDCard::replace(QPCSCReader *reader, QSmartCardData::PinType type, const QString &puk_, const QString &pin_) const -{ - QPCSCReader::Result result; - if(!reader->isPinPad()) //Verify PUK. Not for pinpad. - { - result = verify(reader, QSmartCardData::PukType, puk_); - if(!result) - return result; } - - // Replace PIN with PUK - QByteArray pin = pin_.toUtf8(); - QByteArray puk = puk_.toUtf8(); - QByteArray cmd = Card::REPLACE; - cmd[3] = type; - cmd[4] = char(puk.size() + pin.size()); - return transfer(reader, false, cmd + puk + pin, type, 0, true); -} - -QByteArray EstEIDCard::sign(QPCSCReader *reader, const QByteArray &dgst) const -{ - if(!reader->transfer(APDU("0022F301")) || // 00")) || // Compatibilty for some cards // SECENV1 - !reader->transfer(APDU("002241B8 02 8300"))) //Key reference, 8303801100 - return {}; - QByteArray cmd = MUTUAL_AUTH; - cmd[4] = char(dgst.size()); - cmd.insert(5, dgst); - return reader->transfer(cmd).data; -} - -bool EstEIDCard::updateCounters(QPCSCReader *reader, QSmartCardDataPrivate *d) const -{ - static const QByteArray KEYPOINTER = APDU("00A4020C 02 0033"); - static const QByteArray KEYUSAGE = APDU("00A4020C 02 0013"); - static const QByteArray PINRETRY = APDU("00A4020C 02 0016"); - - if(!reader->transfer(MASTER_FILE) || - !reader->transfer(PINRETRY)) - return false; - - QByteArray cmd = READRECORD; - for(int i = QSmartCardData::Pin1Type; i <= QSmartCardData::PukType; ++i) - { - cmd[2] = char(i); - QPCSCReader::Result data = reader->transfer(cmd); - if(!data) - return false; - d->retry[QSmartCardData::PinType(i)] = quint8(data.data[5]); - } - - if(!reader->transfer(ESTEIDDF) || - !reader->transfer(KEYPOINTER)) - return false; - - cmd[2] = 1; - QPCSCReader::Result data = reader->transfer(cmd); - if(!data) - return false; - - /* - * SIGN1 0100 1 - * SIGN2 0200 2 - * AUTH1 1100 3 - * AUTH2 1200 4 - */ - quint8 signkey = data.data.at(0x13) == 0x01 && data.data.at(0x14) == 0x00 ? 1 : 2; - quint8 authkey = data.data.at(0x09) == 0x11 && data.data.at(0x0A) == 0x00 ? 3 : 4; - - if(!reader->transfer(KEYUSAGE)) - return false; - - cmd[2] = char(authkey); - data = reader->transfer(cmd); - if(!data) - return false; - d->usage[QSmartCardData::Pin1Type] = 0xFFFFFF - ((quint8(data.data[12]) << 16) + (quint8(data.data[13]) << 8) + quint8(data.data[14])); - - cmd[2] = char(signkey); - data = reader->transfer(cmd); - if(!data) - return false; - d->usage[QSmartCardData::Pin2Type] = 0xFFFFFF - ((quint8(data.data[12]) << 16) + (quint8(data.data[13]) << 8) + quint8(data.data[14])); - return true; -} - -QPCSCReader::Result EstEIDCard::verify(QPCSCReader *reader, QSmartCardData::PinType type, const QString &pin_) const -{ - QByteArray pin = pin_.toUtf8(); - QByteArray cmd = VERIFY; - cmd[3] = char(type == QSmartCardData::PukType ? 0 : type); - cmd[4] = char(pin.size()); - return transfer(reader, true, cmd + pin, type, 0, true); + return result; } @@ -332,7 +172,7 @@ bool IDEMIACard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const if(d->data.isEmpty() && reader->transfer(APDU("00A4010C025000"))) { QByteArray cmd = APDU("00A4010C025001"); - for(char data = 1; data <= 15; ++data) + for(char data = 1; data <= 8; ++data) { cmd[6] = data; if(!reader->transfer(cmd)) @@ -346,14 +186,12 @@ bool IDEMIACard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const switch(data) { case 1: d->data[QSmartCardData::SurName] = record; break; - case 2: d->data[QSmartCardData::FirstName1] = record; break; - case 3: d->data[QSmartCardData::Sex] = record; break; + case 2: d->data[QSmartCardData::FirstName] = record; break; case 4: d->data[QSmartCardData::Citizen] = record; break; case 5: if(!record.isEmpty()) { QStringList data = record.split(' '); - d->data[QSmartCardData::BirthPlace] = data.value(3); if(data.size() > 3) data.removeLast(); d->data[QSmartCardData::BirthDate] = QDate::fromString(data.join('.'), QStringLiteral("dd.MM.yyyy")); @@ -362,12 +200,6 @@ bool IDEMIACard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const case 6: d->data[QSmartCardData::Id] = record; break; case 7: d->data[QSmartCardData::DocumentId] = record; break; case 8: d->data[QSmartCardData::Expiry] = QDateTime::fromString(record, QStringLiteral("dd MM yyyy")).addDays(1).addSecs(-1); break; - case 9: d->data[QSmartCardData::IssueDate] = record; break; - case 10: d->data[QSmartCardData::ResidencePermit] = record; break; - case 11: d->data[QSmartCardData::Comment1] = record; break; - case 12: d->data[QSmartCardData::Comment2] = record; break; - case 13: d->data[QSmartCardData::Comment3] = record; break; - case 14: d->data[QSmartCardData::Comment4] = record; break; default: break; } } @@ -383,7 +215,7 @@ bool IDEMIACard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const QPCSCReader::Result data = reader->transfer(file2); if(!data) return QSslCertificate(); - QHash fci = QSmartCard::parseFCI(data.data); + QHash fci = parseFCI(data.data); int size = fci.contains(0x80) ? quint8(fci[0x80][0]) << 8 | quint8(fci[0x80][1]) : 0x0600; QByteArray cert; QByteArray cmd = READBINARY; @@ -408,7 +240,6 @@ bool IDEMIACard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const if(readFailed) return false; - d->data[QSmartCardData::Email] = d->authCert.subjectAlternativeNames().values(QSsl::EmailEntry).value(0); return updateCounters(reader, d); } @@ -419,13 +250,21 @@ QByteArray IDEMIACard::pinTemplate(const QString &pin) return result; } -QPCSCReader::Result IDEMIACard::replace(QPCSCReader *reader, QSmartCardData::PinType type, const QString &puk, const QString &pin_) const +QPCSCReader::Result IDEMIACard::replace(QPCSCReader *reader, QSmartCardData::PinType type, const QString &puk_, const QString &pin_) const { - QPCSCReader::Result result = verify(reader, QSmartCardData::PukType, puk); + auto result = reader->transfer(AID); if(!result) return result; - QByteArray cmd = Card::REPLACE; + QByteArray puk = pinTemplate(puk_); + QByteArray cmd = VERIFY; + cmd[3] = 2; + cmd[4] = char(puk.size()); + result = transfer(reader, true, cmd + puk, type, 0, true); + if(!result) + return result; + + cmd = Card::REPLACE; cmd[2] = 2; if(type == QSmartCardData::Pin2Type) { @@ -452,8 +291,6 @@ QByteArray IDEMIACard::sign(QPCSCReader *reader, const QByteArray &dgst) const bool IDEMIACard::updateCounters(QPCSCReader *reader, QSmartCardDataPrivate *d) const { - d->usage[QSmartCardData::Pin1Type] = 0; - d->usage[QSmartCardData::Pin2Type] = 0; reader->transfer(AID); if(auto data = reader->transfer(APDU("00CB3FFF 0A 4D087006BF810102A08000"))) d->retry[QSmartCardData::Pin1Type] = quint8(data.data[13]); @@ -465,28 +302,6 @@ bool IDEMIACard::updateCounters(QPCSCReader *reader, QSmartCardDataPrivate *d) c return true; } -QPCSCReader::Result IDEMIACard::verify(QPCSCReader *reader, QSmartCardData::PinType type, const QString &pin_) const -{ - QByteArray pin = pinTemplate(pin_); - QByteArray cmd = VERIFY; - switch (type) { - case QSmartCardData::Pin1Type: - reader->transfer(AID); - cmd[3] = 1; - break; - case QSmartCardData::PukType: - reader->transfer(AID); - cmd[3] = 2; - break; - case QSmartCardData::Pin2Type: - reader->transfer(AID_QSCD); - cmd[3] = char(0x85); - break; - } - cmd[4] = char(pin.size()); - return transfer(reader, true, cmd + pin, type, 0, true); -} - QSharedPointer QSmartCard::Private::connect(const QString &reader) @@ -528,10 +343,7 @@ QSmartCard::QSmartCard(QObject *parent) { } -QSmartCard::~QSmartCard() -{ - delete d; -} +QSmartCard::~QSmartCard() = default; QSmartCard::ErrorType QSmartCard::change(QSmartCardData::PinType type, QWidget* parent, const QString &newpin, const QString &pin, const QString &title, const QString &bodyText) { @@ -559,25 +371,6 @@ QSmartCard::ErrorType QSmartCard::change(QSmartCardData::PinType type, QWidget* QSmartCardData QSmartCard::data() const { return d->t; } -QHash QSmartCard::parseFCI(const QByteArray &data) -{ - QHash result; - for(QByteArray::const_iterator i = data.constBegin(); i != data.constEnd(); ++i) - { - quint8 tag(*i), size(*++i); - result[tag] = QByteArray(i + 1, size); - switch(tag) - { - case 0x6F: - case 0x62: - case 0x64: - case 0xA1: continue; - default: i += size; break; - } - } - return result; -} - QSmartCard::ErrorType QSmartCard::pinChange(QSmartCardData::PinType type, QWidget* parent) { QScopedPointer p; @@ -628,23 +421,16 @@ QSmartCard::ErrorType QSmartCard::pinUnblock(QSmartCardData::PinType type, bool return unblock(type, parent, newPin, puk, title, textBody); } -void QSmartCard::reload() +void QSmartCard::reloadCounters() { - QCardLocker locker; - QSharedDataPointer t = d->t.d; - t->data.clear(); - t->authCert = QSslCertificate(); - t->signCert = QSslCertificate(); - d->t.d = std::move(t); - Q_EMIT dataChanged(d->t); - QTimer::singleShot(0, this, [this] { reloadCard(d->token); }); + QMetaObject::invokeMethod(this, [this] { reloadCard(d->token, true); }); } -void QSmartCard::reloadCard(const TokenData &token) +void QSmartCard::reloadCard(const TokenData &token, bool reloadCounters) { qCDebug(CLog) << "Polling"; d->token = token; - if(!d->t.isNull() && !d->t.card().isEmpty() && d->t.card() == token.card()) + if(!reloadCounters && !d->t.isNull() && !d->t.card().isEmpty() && d->t.card() == token.card()) return; // check if selected card is same as signer @@ -657,12 +443,12 @@ void QSmartCard::reloadCard(const TokenData &token) QSharedDataPointer t = d->t.d; t->card = token.card(); t->data.clear(); - t->authCert = QSslCertificate(); - t->signCert = QSslCertificate(); + t->authCert.clear(); + t->signCert.clear(); d->t.d = std::move(t); } - if(!d->t.isNull() || token.reader().isEmpty()) + if(!reloadCounters && (!d->t.isNull() || token.reader().isEmpty())) return; QString reader = token.reader(); @@ -678,16 +464,18 @@ void QSmartCard::reloadCard(const TokenData &token) if(!selectedReader->connect() || !selectedReader->beginTransaction()) return; + if(!IDEMIACard::isSupported(selectedReader->atr())) { + qDebug() << "Unsupported card"; + return; + } + qCDebug(CLog) << "Read card" << token.card() << "info"; QSharedDataPointer t; t = d->t.d; t->reader = selectedReader->name(); t->pinpad = selectedReader->isPinPad(); - delete d->card; - if(IDEMIACard::isSupported(selectedReader->atr())) - d->card = new IDEMIACard(); - else - d->card = new EstEIDCard(); + d->card.reset(); + d->card = std::make_unique(); if(d->card->loadPerso(selectedReader.data(), t)) { d->t.d = std::move(t); diff --git a/client/QSmartCard.h b/client/QSmartCard.h index ed2626f9b..d1d14575a 100644 --- a/client/QSmartCard.h +++ b/client/QSmartCard.h @@ -22,6 +22,8 @@ #include #include +#include + class SslCertificate; class QSmartCardDataPrivate; class QSslKey; @@ -32,23 +34,13 @@ class QSmartCardData public: enum PersonalDataType { - SurName = 1, - FirstName1, - FirstName2, - Sex, + SurName, + FirstName, Citizen, BirthDate, Id, DocumentId, Expiry, - BirthPlace, - IssueDate, - ResidencePermit, - Comment1, - Comment2, - Comment3, - Comment4, - Email }; enum PinType { @@ -77,7 +69,6 @@ class QSmartCardData SslCertificate authCert() const; SslCertificate signCert() const; quint8 retryCount( PinType type ) const; - ulong usageCount( PinType type ) const; static quint8 minPinLen(QSmartCardData::PinType type); static QString typeString( PinType type ); @@ -89,7 +80,7 @@ class QSmartCardData friend class QSmartCardPrivate; }; -class QSmartCard: public QObject +class QSmartCard final: public QObject { Q_OBJECT public: @@ -106,26 +97,24 @@ class QSmartCard: public QObject }; explicit QSmartCard(QObject *parent = nullptr); - ~QSmartCard(); + ~QSmartCard() final; ErrorType change( QSmartCardData::PinType type, QWidget* parent, const QString &newpin, const QString &pin, const QString &title, const QString &bodyText ); QSmartCardData data() const; TokenData tokenData() const; - void reloadCard(const TokenData &token); + void reloadCard(const TokenData &token, bool reloadCounters = false); + void reloadCounters(); ErrorType unblock( QSmartCardData::PinType type, QWidget* parent, const QString &pin, const QString &puk, const QString &title, const QString &bodyText ); ErrorType pinUnblock( QSmartCardData::PinType type, bool isForgotPin = false, QWidget* parent = nullptr ); ErrorType pinChange( QSmartCardData::PinType type, QWidget* parent = nullptr ); - static QHash parseFCI(const QByteArray &data); - signals: void dataChanged(const QSmartCardData &data); private: - void reload(); + Q_DISABLE_COPY(QSmartCard) class Private; - Private *d; - friend class QSigner; + std::unique_ptr d; }; diff --git a/client/QSmartCard_p.h b/client/QSmartCard_p.h index cc4416658..84c5c0905 100644 --- a/client/QSmartCard_p.h +++ b/client/QSmartCard_p.h @@ -30,8 +30,6 @@ #define APDU QByteArray::fromHex -class QTextCodec; - class Card { public: @@ -43,7 +41,8 @@ class Card static QPCSCReader::Result transfer(QPCSCReader *reader, bool verify, const QByteArray &apdu, QSmartCardData::PinType type, quint8 newPINOffset, bool requestCurrentPIN); virtual bool updateCounters(QPCSCReader *reader, QSmartCardDataPrivate *d) const = 0; - virtual QPCSCReader::Result verify(QPCSCReader *reader, QSmartCardData::PinType type, const QString &pin) const = 0; + + static QHash parseFCI(const QByteArray &data); static const QByteArray MASTER_FILE; static const QByteArray MUTUAL_AUTH; @@ -54,23 +53,6 @@ class Card static const QByteArray VERIFY; }; -class EstEIDCard: public Card -{ -public: - QPCSCReader::Result change(QPCSCReader *reader, QSmartCardData::PinType type, const QString &pin, const QString &newpin) const final; - bool loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const final; - QPCSCReader::Result replace(QPCSCReader *reader, QSmartCardData::PinType type, const QString &puk, const QString &pin) const final; - QByteArray sign(QPCSCReader *reader, const QByteArray &dgst) const final; - bool updateCounters(QPCSCReader *reader, QSmartCardDataPrivate *d) const final; - QPCSCReader::Result verify(QPCSCReader *reader, QSmartCardData::PinType type, const QString &pin) const final; - - static QString cardNR(QPCSCReader *reader); - - static const QTextCodec *codec; - static const QByteArray ESTEIDDF; - static const QByteArray PERSONALDATA; -}; - class IDEMIACard: public Card { public: @@ -79,7 +61,6 @@ class IDEMIACard: public Card QPCSCReader::Result replace(QPCSCReader *reader, QSmartCardData::PinType type, const QString &puk, const QString &pin) const final; QByteArray sign(QPCSCReader *reader, const QByteArray &dgst) const final; bool updateCounters(QPCSCReader *reader, QSmartCardDataPrivate *d) const final; - QPCSCReader::Result verify(QPCSCReader *reader, QSmartCardData::PinType type, const QString &pin) const final; static QString cardNR(QPCSCReader *reader); static bool isSupported(const QByteArray &atr); @@ -95,7 +76,7 @@ class QSmartCard::Private QSmartCard::ErrorType handlePinResult(QPCSCReader *reader, const QPCSCReader::Result &response, bool forceUpdate); QSharedPointer reader; - Card *card = nullptr; + std::unique_ptr card; TokenData token; QSmartCardData t; }; @@ -107,6 +88,5 @@ class QSmartCardDataPrivate: public QSharedData QHash data; SslCertificate authCert, signCert; QHash retry; - QHash usage; bool pinpad = false; }; diff --git a/client/SslCertificate.cpp b/client/SslCertificate.cpp index f97d69918..fc89619ee 100644 --- a/client/SslCertificate.cpp +++ b/client/SslCertificate.cpp @@ -37,14 +37,19 @@ #include -#define toQByteArray(x) QByteArray((const char*)(x)->data, (x)->length) +template +auto toQByteArray(T &x) +{ + return QByteArray((const char*)x->data, x->length); +} + template static QByteArray i2dDer(Func func, Arg arg) { if(!arg) return {}; QByteArray der(func(arg, nullptr), 0); - unsigned char *p = (unsigned char*)der.data(); + auto *p = (unsigned char*)der.data(); if(der.isEmpty() || func(arg, &p) != der.size()) return {}; return der; @@ -265,7 +270,7 @@ QByteArray SslCertificate::toHex( const QByteArray &in, QChar separator ) QString SslCertificate::toString( const QString &format ) const { - QRegularExpression r(QStringLiteral("[a-zA-Z]+")); + static const QRegularExpression r(QStringLiteral("[a-zA-Z]+")); QString ret = format; QRegularExpressionMatch match; for(int pos = 0; (match = r.match(ret, pos)).hasMatch(); ) { @@ -282,11 +287,10 @@ SslCertificate::CertType SslCertificate::type() const for(const QString &p: policies()) { if(p.startsWith(QLatin1String("1.3.6.1.4.1.10015.1.1")) || - p.startsWith(QLatin1String("1.3.6.1.4.1.10015.3.1"))) - return EstEidType; - if(p.startsWith(QLatin1String("1.3.6.1.4.1.10015.1.2")) || + p.startsWith(QLatin1String("1.3.6.1.4.1.10015.3.1")) || + p.startsWith(QLatin1String("1.3.6.1.4.1.10015.1.2")) || p.startsWith(QLatin1String("1.3.6.1.4.1.10015.3.2"))) - return subjectInfo(QSslCertificate::Organization).contains(QStringLiteral("E-RESIDENT")) ? EResidentType : DigiIDType; + return OldEstEidType; if(p.startsWith(QLatin1String("1.3.6.1.4.1.10015.1.3")) || p.startsWith(QLatin1String("1.3.6.1.4.1.10015.11.1")) || p.startsWith(QLatin1String("1.3.6.1.4.1.10015.3.3")) || @@ -311,8 +315,7 @@ SslCertificate::CertType SslCertificate::type() const } // Check qcStatements extension according to ETSI EN 319 412-5 - QByteArray der = toDer(); - if (!der.isNull()) + if(QByteArray der = toDer(); !der.isNull()) { try { digidoc::X509Cert x509Cert((const unsigned char*)der.constData(), diff --git a/client/SslCertificate.h b/client/SslCertificate.h index 6bbe82038..54dbcca75 100644 --- a/client/SslCertificate.h +++ b/client/SslCertificate.h @@ -63,6 +63,7 @@ class SslCertificate: public QSslCertificate DigiIDType = 1 << 0, EstEidType = 1 << 1, MobileIDType = 1 << 2, + OldEstEidType = 1 << 3, TempelType = 1 << 4, EResidentSubType = 1 << 6, EResidentType = DigiIDType|EResidentSubType, diff --git a/client/common_enums.h b/client/common_enums.h index 8ca88841b..fdc828dbc 100644 --- a/client/common_enums.h +++ b/client/common_enums.h @@ -78,7 +78,6 @@ enum WarningType { CertExpiredWarning, CertExpiryWarning, - CertRevokedWarning, UnblockPin1Warning, UnblockPin2Warning, diff --git a/client/dialogs/SettingsDialog.cpp b/client/dialogs/SettingsDialog.cpp index 6a0547ce0..97d417eee 100644 --- a/client/dialogs/SettingsDialog.cpp +++ b/client/dialogs/SettingsDialog.cpp @@ -237,15 +237,14 @@ SettingsDialog::SettingsDialog(int page, QWidget *parent) }); #ifdef Q_OS_WIN connect(ui->btnNavFromHistory, &QPushButton::clicked, this, [this] { - // remove certificates (having %ESTEID% text) from browsing history of Internet Explorer and/or Google Chrome, and do it for all users. + // remove certificates from browsing history of Internet Explorer and/or Google Chrome, and do it for all users. QList cache = qApp->signer()->cache(); CertStore s; for(const QSslCertificate &c: s.list()) { if(std::any_of(cache.cbegin(), cache.cend(), [&](const TokenData &token) { return token.cert() == c; })) continue; - if(c.subjectInfo(QSslCertificate::Organization).join(QString()).contains(QStringLiteral("ESTEID"), Qt::CaseInsensitive) || - c.issuerInfo(QSslCertificate::CommonName).join(QString()).contains(QStringLiteral("KLASS3-SK"), Qt::CaseInsensitive) || + if(c.issuerInfo(QSslCertificate::CommonName).join(QString()).contains(QStringLiteral("KLASS3-SK"), Qt::CaseInsensitive) || c.issuerInfo(QSslCertificate::Organization).contains(QStringLiteral("SK ID Solutions AS"), Qt::CaseInsensitive)) s.remove( c ); } diff --git a/client/images/intro_eid-manage_en.png b/client/images/intro_eid-manage_en.png index 54464ab69..c80b9572e 100644 Binary files a/client/images/intro_eid-manage_en.png and b/client/images/intro_eid-manage_en.png differ diff --git a/client/images/intro_eid-manage_et.png b/client/images/intro_eid-manage_et.png index 61a8327ce..5affb633f 100644 Binary files a/client/images/intro_eid-manage_et.png and b/client/images/intro_eid-manage_et.png differ diff --git a/client/images/intro_eid-manage_ru.png b/client/images/intro_eid-manage_ru.png index b7693f685..b3512a655 100644 Binary files a/client/images/intro_eid-manage_ru.png and b/client/images/intro_eid-manage_ru.png differ diff --git a/client/translations/en.ts b/client/translations/en.ts index 1c6a14509..7142f15ea 100644 --- a/client/translations/en.ts +++ b/client/translations/en.ts @@ -763,10 +763,6 @@ TSL cache TSL cache - - Applet version - Applet version - true @@ -1571,6 +1567,10 @@ ID-CARD %1 changed! %1 changed! + + The ID-card in the card reader has expired and is no longer supported in the DigiDoc4 Client.<br />You can apply for a new ID-card from the Estonian Police and Border Guard Board.<br /><a href="https://www.politsei.ee/en/instructions/applying-for-an-id-card-for-an-adult">Additional information</a>. + The ID-card in the card reader has expired and is no longer supported in the DigiDoc4 Client.<br />You can apply for a new ID-card from the Estonian Police and Border Guard Board.<br /><a href="https://www.politsei.ee/en/instructions/applying-for-an-id-card-for-an-adult">Additional information</a>. + Encrypting Encrypting @@ -3055,10 +3055,6 @@ Additional licenses and components Certificate has expired! Certificate has expired! - - Certificate is revoked! - Certificate is revoked! - Certificate %1is valid%2 until %3 Certificate %1is valid%2 until %3 @@ -3103,16 +3099,6 @@ Additional licenses and components PUK code is blocked because the PUK code has been entered 3 times incorrectly. You can not unblock the PUK code yourself. As long as the PUK code is blocked, all eID options can be used, except PUK code. Please visit the service center to obtain new codes. <a href="https://www.politsei.ee/en/instructions/applying-for-an-id-card-for-an-adult/reminders-for-id-card-holders/">Additional information</a>. PUK code is blocked because the PUK code has been entered 3 times incorrectly. You can not unblock the PUK code yourself. <br><br>As long as the PUK code is blocked, all eID options can be used, except PUK code. <br><br>Please visit the service center to obtain new codes. <a href="https://www.politsei.ee/en/instructions/applying-for-an-id-card-for-an-adult/reminders-for-id-card-holders/">Additional information</a>. - - key has been used %1 times - pin1 - Authentication key has been used %1 times - - - key has been used %1 times - pin2 - Signature key has been used %1 times - PIN can be changed only using eToken utility PIN can be changed only using eToken utility @@ -3165,10 +3151,6 @@ Additional licenses and components PIN%1 can not be used because the certificate has expired. PIN%1 can not be used because the certificate has expired. - - PIN%1 can not be used because the certificate has revoked. - PIN%1 can not be used because the certificate has revoked. - Certificate status check failed. Please check your internet connection. Certificate status check failed. Please check your internet connection. @@ -3204,18 +3186,6 @@ Additional licenses and components WarningItem - - Certificates are revoked! - Certificates are revoked! - - - Additional information - Additional information - - - https://www.id.ee/en/article/the-majority-of-electronically-used-id-cards-were-renewed/ - https://www.id.ee/en/article/the-majority-of-electronically-used-id-cards-were-renewed/ - %n signatures are not valid! diff --git a/client/translations/et.ts b/client/translations/et.ts index 3a2f95429..28a30a7df 100644 --- a/client/translations/et.ts +++ b/client/translations/et.ts @@ -763,10 +763,6 @@ TSL cache TSL puhver - - Applet version - Apleti versioon - true @@ -1571,6 +1567,10 @@ ID-KAARDIGA %1 changed! %1-kood muudetud! + + The ID-card in the card reader has expired and is no longer supported in the DigiDoc4 Client.<br />You can apply for a new ID-card from the Estonian Police and Border Guard Board.<br /><a href="https://www.politsei.ee/en/instructions/applying-for-an-id-card-for-an-adult">Additional information</a>. + Lugejas olev ID-kaart on aegunud ning ei ole enam DigiDoc4 kliendis toetatud.<br />Uue ID-kaardi saad taotleda Politsei- ja Piirivalveametist.<br /><a href="https://www.politsei.ee/et/juhend/id-kaardi-taotlemine-taeiskasvanule">Loe täpsemalt siit</a>. + Encrypting Krüpteerin @@ -3055,10 +3055,6 @@ Täiendavad litsentsid ja komponendid Certificate has expired! Sertifikaat on aegunud! - - Certificate is revoked! - Sertifikaat on tühistatud! - Certificate %1is valid%2 until %3 Sertifikaat %1kehtib%2 kuni %3 @@ -3111,16 +3107,6 @@ Täiendavad litsentsid ja komponendid PIN can be changed only using eToken utility PIN-koodi saab muuta ainult e-Templi tarkvaraga - - key has been used %1 times - pin1 - Sertifikaati on kasutatud %1 korda - - - key has been used %1 times - pin2 - Sertifikaati on kasutatud %1 korda - Certificate for Encryption Krüpteerimissertifikaat @@ -3165,10 +3151,6 @@ Täiendavad litsentsid ja komponendid Certificate is not valid. A valid certificate is required for electronic use. Sertifikaat ei kehti. Elektrooniliseks kasutamiseks on vaja kehtivat sertifikaati. - - PIN%1 can not be used because the certificate has revoked. - PIN%1 ei saa kasutada, kuna sertifikaat on tühistatud. - Certificate status check failed. Please check your internet connection. Sertifikaadi staatuse kontrollimine ebaõnnestus. Palun kontrolli internetiühendust. @@ -3204,18 +3186,6 @@ Täiendavad litsentsid ja komponendid WarningItem - - Certificates are revoked! - Sertifikaadid on tühistatud! - - - Additional information - Täiendav informatsioon - - - https://www.id.ee/en/article/the-majority-of-electronically-used-id-cards-were-renewed/ - https://www.id.ee/artikkel/uuendati-enamik-elektrooniliselt-kasutatud-id-kaartidest/ - %n signatures are not valid! diff --git a/client/translations/ru.ts b/client/translations/ru.ts index a1e9490ad..ca5afbacd 100644 --- a/client/translations/ru.ts +++ b/client/translations/ru.ts @@ -763,10 +763,6 @@ TSL cache TSL-буфер - - Applet version - Версия апплета - true @@ -1571,6 +1567,10 @@ ID-КАРТОЙ %1 changed! %1-код изменён! + + The ID-card in the card reader has expired and is no longer supported in the DigiDoc4 Client.<br />You can apply for a new ID-card from the Estonian Police and Border Guard Board.<br /><a href="https://www.politsei.ee/en/instructions/applying-for-an-id-card-for-an-adult">Additional information</a>. + Срок действия ID-карты подключенной к считывателю карт истек, и больше не поддерживается программой DigiDoc4 клиент.<br />Вы можете ходатайствовать о новой ID-карте в Департаменте полиции и погранохраны.<br /><a href="https://www.politsei.ee/ru/instruktsii/hodataystvo-o-vydache-id-karty-vzroslomu">Подробнее читайте здесь</a>. + Encrypting Зашифровывание @@ -3056,10 +3056,6 @@ Additional licenses and components Certificate has expired! Срок действия сертификата истек! - - Certificate is revoked! - Сертификат отозван! - Certificate %1is valid%2 until %3 Сертификат %1действителен%2 до %3 @@ -3108,16 +3104,6 @@ Additional licenses and components PIN can be changed only using eToken utility PIN-код можно сменить только при помощи программного обеспечения e-Tempel - - key has been used %1 times - pin1 - Сертификат использован %1 раз - - - key has been used %1 times - pin2 - Сертификат использован %1 раз - Certificate for Encryption Сертификат шифрования @@ -3166,10 +3152,6 @@ Additional licenses and components PIN%1 can not be used because the certificate has expired. PIN%1 не может быть использован, так как срок действия сертификата истек. - - PIN%1 can not be used because the certificate has revoked. - PIN%1 не может быть использован, так как сертификат был отменен. - Certificate status check failed. Please check your internet connection. Проверка статуса сертификата не удалась. Пожалуйста проверьте подключение к интернету. @@ -3205,18 +3187,6 @@ Additional licenses and components WarningItem - - Certificates are revoked! - Сертификаты отозваны! - - - Additional information - Дополнительная информация - - - https://www.id.ee/en/article/the-majority-of-electronically-used-id-cards-were-renewed/ - https://www.id.ee/ru/artikkel/obnovleno-bolshinstvo-zatronutyh-riskom-id-kart-kotorye-ispolzovalis-elektronno/ - %n signatures are not valid! diff --git a/client/widgets/InfoStack.cpp b/client/widgets/InfoStack.cpp index df2a1a3f2..b9f4f82f5 100644 --- a/client/widgets/InfoStack.cpp +++ b/client/widgets/InfoStack.cpp @@ -134,14 +134,8 @@ void InfoStack::update(const SslCertificate &cert) void InfoStack::update(const QSmartCardData &t) { data = t; - QStringList firstName { - t.data( QSmartCardData::FirstName1 ).toString(), - t.data( QSmartCardData::FirstName2 ).toString() - }; - firstName.removeAll({}); - certType = t.authCert().type(); - givenNamesText = firstName.join(' '); + givenNamesText = t.data(QSmartCardData::FirstName).toString(); surnameText = t.data(QSmartCardData::SurName).toString(); personalCodeText = t.data(QSmartCardData::Id).toString(); citizenshipText = t.data(QSmartCardData::Citizen).toString(); diff --git a/client/widgets/VerifyCert.cpp b/client/widgets/VerifyCert.cpp index c5a71b0a3..b3fc7d51e 100644 --- a/client/widgets/VerifyCert.cpp +++ b/client/widgets/VerifyCert.cpp @@ -34,18 +34,18 @@ VerifyCert::VerifyCert(QWidget *parent) { ui->setupUi( this ); - connect(ui->changePIN, &QPushButton::clicked, [=] { + connect(ui->changePIN, &QPushButton::clicked, this, [=] { emit changePinClicked( false, isBlockedPin ); }); - connect(ui->forgotPinLink, &QPushButton::clicked, [=] { + connect(ui->forgotPinLink, &QPushButton::clicked, this, [=] { emit changePinClicked( true, false ); // Change PIN with PUK code }); - connect(ui->details, &QPushButton::clicked, [=] { + connect(ui->details, &QPushButton::clicked, this, [=] { CertificateDetails::showCertificate(c, this, pinType == QSmartCardData::Pin1Type ? QStringLiteral("-auth") : QStringLiteral("-sign")); }); connect(ui->checkCert, &QPushButton::clicked, this, [=]{ - QString msg = tr("Read more here.");; + QString msg = tr("Read more here."); switch(c.validateOnline()) { case SslCertificate::Good: @@ -108,16 +108,12 @@ void VerifyCert::update() { bool isBlockedPuk = !cardData.isNull() && cardData.retryCount( QSmartCardData::PukType ) == 0; bool isTempelType = c.type() & SslCertificate::TempelType; - bool isRevoked = pinType != QSmartCardData::PukType && - cardData.authCert().publicKey().algorithm() == QSsl::Rsa; - isValidCert = c.isNull() || (c.isValid() && !isRevoked); + isValidCert = c.isNull() || c.isValid(); QString txt; QTextStream cert( &txt ); - if(isRevoked) - cert << tr("Certificate is revoked!"); - else if( !isValidCert ) + if(!isValidCert) cert << tr("Certificate has expired!"); else { @@ -125,17 +121,11 @@ void VerifyCert::update() if(leftDays <= 105 && !c.isNull()) cert << ""; cert << tr("Certificate %1is valid%2 until %3").arg( - QStringLiteral(""), - QStringLiteral(""), + QLatin1String(""), + QLatin1String(""), DateTime(c.expiryDate().toLocalTime()).formatDate(QStringLiteral("dd. MMMM yyyy"))); if(leftDays <= 105 && !c.isNull()) cert << ""; - if(auto count = cardData.usageCount(pinType); count > 0) - { - cert << "
" << (pinType == QSmartCardData::Pin1Type ? - tr("key has been used %1 times", "pin1").arg(count) : - tr("key has been used %1 times", "pin2").arg(count)); - } } switch(pinType) { @@ -154,7 +144,6 @@ void VerifyCert::update() ui->forgotPinLink->setHidden(isBlockedPin || isBlockedPuk || isTempelType); ui->checkCert->setVisible(isValidCert); ui->error->setText( - isRevoked ? tr("PIN%1 can not be used because the certificate has revoked. ").arg(pinType) : !isValidCert ? tr("PIN%1 can not be used because the certificate has expired.").arg(pinType) : (isBlockedPin && isBlockedPuk) ? tr("PIN%1 has been blocked because PIN%1 code has been entered incorrectly 3 times.").arg(pinType) : isBlockedPin ? QStringLiteral("%1 %2").arg(tr("PIN%1 has been blocked because PIN%1 code has been entered incorrectly 3 times.").arg(pinType), tr("Unblock to reuse PIN%1.").arg(pinType)) : @@ -173,7 +162,8 @@ void VerifyCert::update() ui->error->setText( isBlockedPuk ? tr("PUK code is blocked because the PUK code has been entered 3 times incorrectly. " "You can not unblock the PUK code yourself. As long as the PUK code is blocked, all eID options can be used, except PUK code. " - "Please visit the service center to obtain new codes. Additional information.") : + "Please visit the service center to obtain new codes. " + "Additional information.") : QString() ); ui->widget->setHidden(isBlockedPuk); @@ -183,39 +173,35 @@ void VerifyCert::update() if( !isValidCert && pinType != QSmartCardData::PukType ) { setStyleSheet(QStringLiteral("opacity: 0.25; background-color: #F9EBEB;")); - ui->changePIN->setStyleSheet( - "QPushButton { border-radius: 2px; border: none; color: #ffffff; background-color: #006EB5;}" - "QPushButton:pressed { background-color: #41B6E6;}" - "QPushButton:hover:!pressed { background-color: #008DCF;}" - "QPushButton:disabled { background-color: #BEDBED;};" - ); - ui->error->setStyleSheet( - "padding: 6px 6px 6px 6px;" - "line-height: 14px;" - "border: 1px solid #c53e3e;" - "border-radius: 2px;" - "background-color: #e09797;" - "color: #5c1c1c;" - ); + ui->changePIN->setStyleSheet(QStringLiteral( + "QPushButton { border-radius: 2px; border: none; color: #ffffff; background-color: #006EB5;}" + "QPushButton:pressed { background-color: #41B6E6;}" + "QPushButton:hover:!pressed { background-color: #008DCF;}" + "QPushButton:disabled { background-color: #BEDBED;};")); + ui->error->setStyleSheet(QStringLiteral( + "padding: 6px 6px 6px 6px;" + "line-height: 14px;" + "border: 1px solid #c53e3e;" + "border-radius: 2px;" + "background-color: #e09797;" + "color: #5c1c1c;")); ui->nameIcon->load(QStringLiteral(":/images/icon_alert_red.svg")); ui->nameIcon->show(); } else if( isBlockedPin ) { setStyleSheet(QStringLiteral("opacity: 0.25; background-color: #fcf5ea;")); - ui->changePIN->setStyleSheet( - "QPushButton { border-radius: 2px; border: none; color: #ffffff; background-color: #006EB5;}" - "QPushButton:pressed { background-color: #41B6E6;}" - "QPushButton:hover:!pressed { background-color: #008DCF;}" - "QPushButton:disabled { background-color: #BEDBED;};" - ); - ui->error->setStyleSheet( - "padding: 6px 6px 6px 6px;" - "line-height: 14px;" - "border: 1px solid #e89c30;" - "border-radius: 2px;" - "background-color: #F8DDA7;" - ); + ui->changePIN->setStyleSheet(QStringLiteral( + "QPushButton { border-radius: 2px; border: none; color: #ffffff; background-color: #006EB5;}" + "QPushButton:pressed { background-color: #41B6E6;}" + "QPushButton:hover:!pressed { background-color: #008DCF;}" + "QPushButton:disabled { background-color: #BEDBED;};")); + ui->error->setStyleSheet(QStringLiteral( + "padding: 6px 6px 6px 6px;" + "line-height: 14px;" + "border: 1px solid #e89c30;" + "border-radius: 2px;" + "background-color: #F8DDA7;")); ui->nameIcon->load(QStringLiteral(":/images/icon_alert_orange.svg")); ui->nameIcon->show(); } @@ -233,7 +219,7 @@ void VerifyCert::update() if(pinType == QSmartCardData::Pin1Type) { adjustSize(); - if(VerifyCert *pukBox = parent()->findChild(QStringLiteral("pukBox"))) + if(auto *pukBox = parent()->findChild(QStringLiteral("pukBox"))) pukBox->ui->validUntil->setMinimumSize(ui->validUntil->size()); } } diff --git a/client/widgets/WarningItem.cpp b/client/widgets/WarningItem.cpp index d5656a212..1af1d8b1c 100644 --- a/client/widgets/WarningItem.cpp +++ b/client/widgets/WarningItem.cpp @@ -94,11 +94,6 @@ void WarningItem::lookupWarning() ui->warningText->setTextInteractionFlags(Qt::TextBrowserInteraction); ui->warningText->setOpenExternalLinks(true); break; - case ria::qdigidoc4::CertRevokedWarning: - warnText.text = tr("Certificates are revoked!"); - warnText.url = tr("https://www.id.ee/en/article/the-majority-of-electronically-used-id-cards-were-renewed/"); - warnText.details = tr("Additional information").toUpper(); - break; case ria::qdigidoc4::UnblockPin1Warning: warnText.text = QStringLiteral("%1 %2").arg(VerifyCert::tr("PIN%1 has been blocked because PIN%1 code has been entered incorrectly 3 times.").arg(1), VerifyCert::tr("Unblock to reuse PIN%1.").arg(1)); warnText.url = QStringLiteral("#unblock-PIN1"); diff --git a/client/widgets/WarningList.cpp b/client/widgets/WarningList.cpp index eb8797ce5..37bd98808 100644 --- a/client/widgets/WarningList.cpp +++ b/client/widgets/WarningList.cpp @@ -17,15 +17,15 @@ WarningList::WarningList(Ui::MainWindow *main, QWidget *parent) parent->installEventFilter(this); } -bool WarningList::appearsOnPage(WarningItem *warning, int page) const +bool WarningList::appearsOnPage(WarningItem *warning, int page) { return warning->page() == page || warning->page() == -1; } void WarningList::clearMyEIDWarnings() { - static const QList warningTypes {CertExpiredWarning, CertExpiryWarning, CertRevokedWarning, UnblockPin1Warning, UnblockPin2Warning}; - for(auto warning: warnings) + static const QList warningTypes {CertExpiredWarning, CertExpiryWarning, UnblockPin1Warning, UnblockPin2Warning}; + for(auto *warning: warnings) { if(warningTypes.contains(warning->warningType()) || warning->page() == MyEid) closeWarning(warning); @@ -35,7 +35,7 @@ void WarningList::clearMyEIDWarnings() void WarningList::closeWarning(int warningType) { - for(auto warning: warnings) + for(auto *warning: warnings) { if(warningType == warning->warningType()) closeWarning(warning); @@ -51,7 +51,7 @@ void WarningList::closeWarning(WarningItem *warning) void WarningList::closeWarnings(int page) { - for(auto warning: warnings) + for(auto *warning: warnings) { if(warning->page() == page) closeWarning(warning); @@ -64,7 +64,7 @@ bool WarningList::eventFilter(QObject *object, QEvent *event) if(object != parent() || event->type() != QEvent::MouseButtonPress) return QObject::eventFilter(object, event); - for(auto warning: warnings) + for(auto *warning: warnings) { if(warning->underMouse()) { @@ -93,14 +93,14 @@ void WarningList::showWarning(const WarningText &warningText) { if(warningText.warningType) { - for(auto warning: warnings) + for(auto *warning: warnings) { if(warning->warningType() == warningText.warningType) return; } } - WarningItem *warning = new WarningItem(warningText, ui->page); - auto layout = qobject_cast(ui->page->layout()); + auto *warning = new WarningItem(warningText, ui->page); + auto *layout = qobject_cast(ui->page->layout()); warnings << warning; connect(warning, &WarningItem::linkActivated, this, &WarningList::warningClicked); layout->insertWidget(warnings.size(), warning); @@ -110,7 +110,7 @@ void WarningList::showWarning(const WarningText &warningText) void WarningList::updateRibbon(int page, bool expanded) { short count = 0; - for(auto warning: warnings) + for(auto *warning: warnings) { if(appearsOnPage(warning, page)) { @@ -133,7 +133,7 @@ void WarningList::updateWarnings() { int page = ui->startScreen->currentIndex(); int count = 0; - for(auto warning: warnings) + for(auto *warning: warnings) { if(appearsOnPage(warning, page)) count++; @@ -152,7 +152,7 @@ void WarningList::updateWarnings() { delete ribbon; ribbon = nullptr; - for(auto warning: warnings) + for(auto *warning: warnings) { if(appearsOnPage(warning, page)) warning->show(); @@ -162,7 +162,7 @@ void WarningList::updateWarnings() else if(!ribbon) { ribbon = new WarningRibbon(count - 3, ui->page); - auto layout = qobject_cast(ui->page->layout()); + auto *layout = qobject_cast(ui->page->layout()); layout->insertWidget(warnings.size() + 1, ribbon); ribbon->show(); } diff --git a/client/widgets/WarningList.h b/client/widgets/WarningList.h index e28a2505e..a718f67e8 100644 --- a/client/widgets/WarningList.h +++ b/client/widgets/WarningList.h @@ -42,7 +42,7 @@ class WarningList: public QObject void warningClicked(const QString &link); private: - bool appearsOnPage(WarningItem *warning, int page) const; + static bool appearsOnPage(WarningItem *warning, int page); void closeWarning(WarningItem *warning); bool eventFilter(QObject *object, QEvent *event) final; void updateRibbon(int page, bool expanded); diff --git a/prepare_osx_build_environment.sh b/prepare_osx_build_environment.sh index 88c35924c..9f755ae20 100755 --- a/prepare_osx_build_environment.sh +++ b/prepare_osx_build_environment.sh @@ -101,7 +101,7 @@ if [[ "$REBUILD" = true || ! -d ${QT_PATH} ]] ; then qt_ver_parts=( ${QT_VER//./ } ) QT_MINOR="${qt_ver_parts[0]}.${qt_ver_parts[1]}" echo -e "\n${ORANGE}##### Building Qt ${QT_VER} ${QT_PATH} #####${RESET}\n" - for PACKAGE in qtbase-everywhere-src-${QT_VER} qtsvg-everywhere-src-${QT_VER} qttools-everywhere-src-${QT_VER} qt5compat-everywhere-src-${QT_VER}; do + for PACKAGE in qtbase-everywhere-src-${QT_VER} qtsvg-everywhere-src-${QT_VER} qttools-everywhere-src-${QT_VER}; do if [ ! -f ${PACKAGE}.tar.xz ]; then curl -O -L http://download.qt.io/official_releases/qt/${QT_MINOR}/${QT_VER}/submodules/${PACKAGE}.tar.xz fi diff --git a/qdigidoc4.wxs b/qdigidoc4.wxs index ac9fb882a..d699d399c 100644 --- a/qdigidoc4.wxs +++ b/qdigidoc4.wxs @@ -39,7 +39,7 @@ - + - - - - - - - - + + + + + + + + @@ -113,8 +113,8 @@ - - + + @@ -123,7 +123,6 @@ - @@ -143,24 +142,24 @@ - + - + - + - + - + - + - - - + + +