Skip to content

Commit

Permalink
Cleanup old workarounds (open-eid#1217)
Browse files Browse the repository at this point in the history
IB-7817

Signed-off-by: Raul Metsma <[email protected]>
  • Loading branch information
metsma authored Sep 12, 2023
1 parent 3c894f2 commit 3f5a925
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 48 deletions.
3 changes: 1 addition & 2 deletions client/MainWindow_MyEID.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -182,8 +182,7 @@ void MainWindow::updateCardWarnings(const QSmartCardData &data)
ui->myEid->invalidIcon(true);
warnings->showWarning(WarningText(WarningType::CertExpiredWarning));
}
else if(data.version() >= QSmartCardData::VER_3_5 && data.version() < QSmartCardData::VER_IDEMIA &&
data.authCert().publicKey().algorithm() == QSsl::Rsa)
else if(data.authCert().publicKey().algorithm() == QSsl::Rsa)
{
ui->myEid->invalidIcon(true);
warnings->showWarning(WarningText(WarningType::CertRevokedWarning));
Expand Down
34 changes: 6 additions & 28 deletions client/QSmartCard.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
#include "QSmartCard_p.h"

#include "QCardLock.h"
#include "IKValidator.h"
#include "Settings.h"
#include "Utils.h"
#include "dialogs/PinPopup.h"
Expand All @@ -47,8 +46,7 @@ bool QSmartCardData::operator ==(const QSmartCardData &other) const
return d == other.d || (
d->card == other.d->card &&
d->authCert == other.d->authCert &&
d->signCert == other.d->signCert &&
d->version == other.d->version);
d->signCert == other.d->signCert);
}
bool QSmartCardData::operator !=(const QSmartCardData &other) const { return !operator==(other); }

Expand All @@ -68,7 +66,6 @@ SslCertificate QSmartCardData::authCert() const { return d->authCert; }
SslCertificate QSmartCardData::signCert() const { return d->signCert; }
quint8 QSmartCardData::retryCount(PinType type) const { return d->retry.value(type); }
ulong QSmartCardData::usageCount(PinType type) const { return d->usage.value(type); }
QSmartCardData::CardVersion QSmartCardData::version() const { return d->version; }

quint8 QSmartCardData::minPinLen(QSmartCardData::PinType type)
{
Expand Down Expand Up @@ -117,7 +114,6 @@ QPCSCReader::Result Card::transfer(QPCSCReader *reader, bool verify, const QByte



const QByteArray EstEIDCard::AID35 = APDU("00A40400 0F D23300000045737445494420763335");
const QByteArray EstEIDCard::ESTEIDDF = APDU("00A4010C 02 EEEE");
const QByteArray EstEIDCard::PERSONALDATA = APDU("00A4020C 02 5044");
const QTextCodec* EstEIDCard::codec = QTextCodec::codecForName("Windows-1252");
Expand All @@ -127,27 +123,16 @@ QPCSCReader::Result EstEIDCard::change(QPCSCReader *reader, QSmartCardData::PinT
QByteArray cmd = CHANGE;
QByteArray newpin = newpin_.toUtf8();
QByteArray pin = pin_.toUtf8();
cmd[3] = type == QSmartCardData::PukType ? 0 : type;
cmd[3] = char(type == QSmartCardData::PukType ? 0 : type);
cmd[4] = char(pin.size() + newpin.size());
return transfer(reader, false, cmd + pin + newpin, type, quint8(pin.size()), true);
}

QSmartCardData::CardVersion EstEIDCard::isSupported(const QByteArray &atr)
{
static const QHash<QByteArray,QSmartCardData::CardVersion> atrList{
{"3BFE1800008031FE454573744549442076657220312E30A8", QSmartCardData::VER_3_5}, /*ESTEID_V3_COLD_ATR*/
{"3BFE1800008031FE45803180664090A4162A00830F9000EF", QSmartCardData::VER_3_5}, /*ESTEID_V3_WARM_ATR / ESTEID_V35_WARM_ATR*/
{"3BFA1800008031FE45FE654944202F20504B4903", QSmartCardData::VER_3_5}, /*ESTEID_V35_COLD_ATR*/
};
return atrList.value(atr, QSmartCardData::VER_INVALID);
}

bool EstEIDCard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const
{
static const QByteArray AUTHCERT = APDU("00A40200 02 AACE");
static const QByteArray SIGNCERT = APDU("00A40200 02 DDCE");

d->version = isSupported(reader->atr());
if(reader->transfer(MASTER_FILE) &&
reader->transfer(ESTEIDDF) &&
d->data.isEmpty() && reader->transfer(PERSONALDATA))
Expand Down Expand Up @@ -207,8 +192,6 @@ bool EstEIDCard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const
d->signCert = readCert(SIGNCERT);
if(readFailed)
return false;
if(!d->data.contains(QSmartCardData::BirthDate))
d->data[QSmartCardData::BirthDate] = IKValidator::birthDate(d->authCert.personalCode());
d->data[QSmartCardData::Email] = d->authCert.subjectAlternativeNames().values(QSsl::EmailEntry).value(0);
return updateCounters(reader, d);
}
Expand Down Expand Up @@ -302,7 +285,7 @@ QPCSCReader::Result EstEIDCard::verify(QPCSCReader *reader, QSmartCardData::PinT
{
QByteArray pin = pin_.toUtf8();
QByteArray cmd = VERIFY;
cmd[3] = type == QSmartCardData::PukType ? 0 : type;
cmd[3] = char(type == QSmartCardData::PukType ? 0 : type);
cmd[4] = char(pin.size());
return transfer(reader, true, cmd + pin, type, 0, true);
}
Expand Down Expand Up @@ -336,14 +319,13 @@ QPCSCReader::Result IDEMIACard::change(QPCSCReader *reader, QSmartCardData::PinT
return transfer(reader, false, cmd + pin + newpin, type, quint8(pin.size()), true);
}

QSmartCardData::CardVersion IDEMIACard::isSupported(const QByteArray &atr)
bool IDEMIACard::isSupported(const QByteArray &atr)
{
return atr == "3BDB960080B1FE451F830012233F536549440F9000F1" ? QSmartCardData::VER_IDEMIA : QSmartCardData::VER_INVALID;
return atr == "3BDB960080B1FE451F830012233F536549440F9000F1";
}

bool IDEMIACard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const
{
d->version = isSupported(reader->atr());
if(!reader->transfer(AID) ||
!reader->transfer(MASTER_FILE))
return false;
Expand Down Expand Up @@ -426,10 +408,6 @@ bool IDEMIACard::loadPerso(QPCSCReader *reader, QSmartCardDataPrivate *d) const

if(readFailed)
return false;
if(!d->data[QSmartCardData::Expiry].toDate().isValid())
d->data[QSmartCardData::Expiry] = d->authCert.expiryDate();
if(!d->data.contains(QSmartCardData::BirthDate))
d->data[QSmartCardData::BirthDate] = IKValidator::birthDate(d->authCert.personalCode());
d->data[QSmartCardData::Email] = d->authCert.subjectAlternativeNames().values(QSsl::EmailEntry).value(0);
return updateCounters(reader, d);
}
Expand Down Expand Up @@ -706,7 +684,7 @@ void QSmartCard::reloadCard(const TokenData &token)
t->reader = selectedReader->name();
t->pinpad = selectedReader->isPinPad();
delete d->card;
if(IDEMIACard::isSupported(selectedReader->atr()) == QSmartCardData::VER_IDEMIA)
if(IDEMIACard::isSupported(selectedReader->atr()))
d->card = new IDEMIACard();
else
d->card = new EstEIDCard();
Expand Down
7 changes: 0 additions & 7 deletions client/QSmartCard.h
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,6 @@ class QSmartCardData
Pin2Type,
PukType
};
enum CardVersion
{
VER_INVALID = -1,
VER_3_5,
VER_IDEMIA,
};

QSmartCardData();
QSmartCardData( const QSmartCardData &other );
Expand All @@ -84,7 +78,6 @@ class QSmartCardData
SslCertificate signCert() const;
quint8 retryCount( PinType type ) const;
ulong usageCount( PinType type ) const;
CardVersion version() const;

static quint8 minPinLen(QSmartCardData::PinType type);
static QString typeString( PinType type );
Expand Down
5 changes: 1 addition & 4 deletions client/QSmartCard_p.h
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,8 @@ class EstEIDCard: public Card
QPCSCReader::Result verify(QPCSCReader *reader, QSmartCardData::PinType type, const QString &pin) const final;

static QString cardNR(QPCSCReader *reader);
static QSmartCardData::CardVersion isSupported(const QByteArray &atr);

static const QTextCodec *codec;
static const QByteArray AID35;
static const QByteArray ESTEIDDF;
static const QByteArray PERSONALDATA;
};
Expand All @@ -84,7 +82,7 @@ class IDEMIACard: public Card
QPCSCReader::Result verify(QPCSCReader *reader, QSmartCardData::PinType type, const QString &pin) const final;

static QString cardNR(QPCSCReader *reader);
static QSmartCardData::CardVersion isSupported(const QByteArray &atr);
static bool isSupported(const QByteArray &atr);
static QByteArray pinTemplate(const QString &pin);

static const QByteArray AID, AID_OT, AID_QSCD;
Expand All @@ -110,6 +108,5 @@ class QSmartCardDataPrivate: public QSharedData
SslCertificate authCert, signCert;
QHash<QSmartCardData::PinType,quint8> retry;
QHash<QSmartCardData::PinType,ulong> usage;
QSmartCardData::CardVersion version = QSmartCardData::VER_INVALID;
bool pinpad = false;
};
11 changes: 4 additions & 7 deletions client/widgets/VerifyCert.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -109,8 +109,6 @@ void VerifyCert::update()
bool isBlockedPuk = !cardData.isNull() && cardData.retryCount( QSmartCardData::PukType ) == 0;
bool isTempelType = c.type() & SslCertificate::TempelType;
bool isRevoked = pinType != QSmartCardData::PukType &&
cardData.version() >= QSmartCardData::VER_3_5 &&
cardData.version() < QSmartCardData::VER_IDEMIA &&
cardData.authCert().publicKey().algorithm() == QSsl::Rsa;
isValidCert = c.isNull() || (c.isValid() && !isRevoked);

Expand All @@ -132,12 +130,11 @@ void VerifyCert::update()
DateTime(c.expiryDate().toLocalTime()).formatDate(QStringLiteral("dd. MMMM yyyy")));
if(leftDays <= 105 && !c.isNull())
cert << "</span>";
if(!isTempelType && cardData.version() != QSmartCardData::VER_IDEMIA)
if(auto count = cardData.usageCount(pinType); count > 0)
{
if(pinType == QSmartCardData::Pin1Type)
cert << "<br />" << tr("key has been used %1 times", "pin1").arg(cardData.usageCount(pinType));
else
cert << "<br />" << tr("key has been used %1 times", "pin2").arg(cardData.usageCount(pinType));
cert << "<br />" << (pinType == QSmartCardData::Pin1Type ?
tr("key has been used %1 times", "pin1").arg(count) :
tr("key has been used %1 times", "pin2").arg(count));
}
}
switch(pinType)
Expand Down

0 comments on commit 3f5a925

Please sign in to comment.