From 5caef0d024fb4fb018bfd4cb6eef40218d057ff0 Mon Sep 17 00:00:00 2001 From: Andres Voll Date: Fri, 20 Nov 2020 12:06:47 +0200 Subject: [PATCH] Hold container ref in memory & don't save container while the signature is in pending state, only save after its finalization MOPPIOS-813\n\nSigned-off-by: Andres Voll \n --- MoppApp/MoppApp/MobileIDSignature.swift | 1 - MoppApp/MoppApp/MoppApp.swift | 9 -- MoppApp/MoppApp/SmartIDSignature.swift | 1 - MoppLib/MoppLib/MoppLibDigidocManager.h | 1 - MoppLib/MoppLib/MoppLibDigidocManager.mm | 91 +++++-------------- .../MoppLib/PublicInterface/MoppLibManager.h | 1 - .../MoppLib/PublicInterface/MoppLibManager.m | 4 - 7 files changed, 25 insertions(+), 83 deletions(-) diff --git a/MoppApp/MoppApp/MobileIDSignature.swift b/MoppApp/MoppApp/MobileIDSignature.swift index 84a48337..95264ddc 100644 --- a/MoppApp/MoppApp/MobileIDSignature.swift +++ b/MoppApp/MoppApp/MobileIDSignature.swift @@ -213,7 +213,6 @@ class MobileIDSignature { // MARK: Error generating private func generateError(mobileIDError: MobileIDError) -> Void { - MoppLibManager.cancelSigning() let error = NSError(domain: "SkSigningLib", code: 10, userInfo: [NSLocalizedDescriptionKey: mobileIDError]) return self.errorResult(error: error) } diff --git a/MoppApp/MoppApp/MoppApp.swift b/MoppApp/MoppApp/MoppApp.swift index ef945550..bbc9ff9f 100644 --- a/MoppApp/MoppApp/MoppApp.swift +++ b/MoppApp/MoppApp/MoppApp.swift @@ -307,7 +307,6 @@ class MoppApp: UIApplication, URLSessionDelegate, URLSessionDownloadDelegate { func willTerminate() { // Called when the application is about to terminate. Save data if appropriate. See also applicationDidEnterBackground:. - removeSignatureOnAppClose() } func handleEventsForBackgroundURLSession(identifier: String, completionHandler: @escaping () -> Void) { @@ -438,14 +437,6 @@ class MoppApp: UIApplication, URLSessionDelegate, URLSessionDownloadDelegate { defaults.synchronize() } - private func removeSignatureOnAppClose() { - let topViewController = UIViewController().getTopViewController() - - if topViewController is MobileIDChallengeViewController || topViewController is SmartIDChallengeViewController { - MoppLibManager.cancelSigning() - } - } - } extension MoppApp { diff --git a/MoppApp/MoppApp/SmartIDSignature.swift b/MoppApp/MoppApp/SmartIDSignature.swift index 020be909..93465459 100644 --- a/MoppApp/MoppApp/SmartIDSignature.swift +++ b/MoppApp/MoppApp/SmartIDSignature.swift @@ -173,7 +173,6 @@ class SmartIDSignature { } private func generateError(error: MobileIDError) -> Void { - MoppLibManager.cancelSigning() let error = NSError(domain: "SkSigningLib", code: 10, userInfo: [NSLocalizedDescriptionKey: error]) DispatchQueue.main.async { NotificationCenter.default.post(name: .errorNotificationName, object: nil, userInfo: [kErrorKey: error]) diff --git a/MoppLib/MoppLib/MoppLibDigidocManager.h b/MoppLib/MoppLib/MoppLibDigidocManager.h index 81431f69..9939fb76 100644 --- a/MoppLib/MoppLib/MoppLibDigidocManager.h +++ b/MoppLib/MoppLib/MoppLibDigidocManager.h @@ -47,7 +47,6 @@ typedef enum { + (NSString *)prepareSignature:(NSString *)cert containerPath:(NSString *)containerPath; + (BOOL)isSignatureValid:(NSString *)cert signatureValue:(NSString *)signatureValue; + (NSArray *)getDataToSign; -+ (void)cancelSigning; - (NSString *)dataFileCalculateHashWithDigestMethod:(NSString *)method container:(MoppLibContainer *)moppContainer dataFileId:(NSString *)dataFileId; - (BOOL)container:(MoppLibContainer *)moppContainer containsSignatureWithCert:(NSData *)cert; - (void)addSignature:(NSString *)containerPath pin2:(NSString *)pin2 cert:(NSData *)cert success:(ContainerBlock)success andFailure:(FailureBlock)failure; diff --git a/MoppLib/MoppLib/MoppLibDigidocManager.mm b/MoppLib/MoppLib/MoppLibDigidocManager.mm index b9f92590..e8f362de 100644 --- a/MoppLib/MoppLib/MoppLibDigidocManager.mm +++ b/MoppLib/MoppLib/MoppLibDigidocManager.mm @@ -205,8 +205,8 @@ - (MoppLibSignatureStatus)determineSignatureStatus:(int) status; @implementation MoppLibDigidocManager -static NSString *docContainerPath = nil; -static NSString *signatureId = nil; +static digidoc::Container *docContainer = nil; +static digidoc::Signature *signature = nil; static std::string profile = "time-stamp"; @@ -316,11 +316,7 @@ + (NSArray *)certificatePolicyIdentifiers:(NSData *)certData { } + (NSArray *)getDataToSign { - - digidoc::Container *currentContainer = digidoc::Container::open(docContainerPath.UTF8String); - digidoc::Signature *currentSignature = [self getSignatureFromContainer:currentContainer signatureId:signatureId]; - - std::vector dataTosign = currentSignature->dataToSign(); + std::vector dataTosign = signature->dataToSign(); NSMutableArray *dataToSignArray = [NSMutableArray arrayWithCapacity: dataTosign.size()]; @@ -331,35 +327,6 @@ + (NSArray *)getDataToSign { return dataToSignArray; } -+ (void)cancelSigning { - if (docContainerPath == nil) { - return; - } - digidoc::Container *currentContainer = digidoc::Container::open(docContainerPath.UTF8String); - for (unsigned int i = 0; i < currentContainer->signatures().size(); ++i) { - digidoc::Signature *signature = currentContainer->signatures().at(i); - if (signature->id() == signatureId.UTF8String) { - NSLog(@"Remove signature with an ID of %s", signatureId.UTF8String); - currentContainer->removeSignature(i); - } - } - currentContainer->save(); -} - -+ (digidoc::Signature *)getSignatureFromContainer:(digidoc::Container *)container signatureId:(NSString *)signatureId { - digidoc::Signature *currentSignature = NULL; - - NSLog(@"Getting signature with an ID of %s", signatureId.UTF8String); - for (auto signature : container->signatures()) { - if (signature->id() == signatureId.UTF8String) { - NSLog(@"Found signature with an ID of %s", signatureId.UTF8String); - currentSignature = signature; - } - } - - return currentSignature; -} - + (BOOL)isSignatureValid:(NSString *)cert signatureValue:(NSString *)signatureValue { std::string calculatedSignatureBase64 = std::string(base64_decode(signatureValue.UTF8String)); @@ -370,15 +337,12 @@ + (BOOL)isSignatureValid:(NSString *)cert signatureValue:(NSString *)signatureVa OCSPUrl = [NSString stringWithCString:getOCSPUrl(x509Cert.handle()).c_str() encoding:[NSString defaultCStringEncoding]]; - digidoc::Container *currentContainer = digidoc::Container::open(docContainerPath.UTF8String); - digidoc::Signature *currentSignature = [self getSignatureFromContainer:currentContainer signatureId:signatureId]; - - if (!currentSignature) { - NSLog(@"\nError: Did not find signature with an ID of %s\n", signatureId.UTF8String); + if (!signature) { + NSLog(@"\nError: Did not find signature with an ID of %s\n", signature->id().c_str()); return false; } - NSString *timeStampTime = [NSString stringWithUTF8String:currentSignature->TimeStampTime().c_str()]; + NSString *timeStampTime = [NSString stringWithUTF8String:signature->TimeStampTime().c_str()]; if ([timeStampTime length] != 0) { NSLog(@"\nSignature already validated at %@\n", timeStampTime); return true; @@ -387,34 +351,34 @@ + (BOOL)isSignatureValid:(NSString *)cert signatureValue:(NSString *)signatureVa try { NSLog(@"\nStarting signature validation...\n"); NSLog(@"\nSetting signature value...\n"); - currentSignature->setSignatureValue(vec); + signature->setSignatureValue(vec); NSLog(@"\nExtending signature profile...\n"); - currentSignature->extendSignatureProfile(profile); + signature->extendSignatureProfile(profile); NSLog(@"\nValidating signature...\n"); - digidoc::Signature::Validator *validator = new digidoc::Signature::Validator(currentSignature); + digidoc::Signature::Validator *validator = new digidoc::Signature::Validator(signature); NSLog(@"\nValidator status: %u\n", validator->status()); NSLog(@"\nSaving container...\n"); - currentContainer->save(); - NSLog(@"\nSignature validated at %s!\n", currentSignature->TimeStampTime().c_str()); + docContainer->save(); + NSLog(@"\nSignature validated at %s!\n", signature->TimeStampTime().c_str()); return true; } catch(const digidoc::Exception &e) { parseException(e); NSError *error; - [self removeSignature:docContainerPath signatureId:signatureId error:&error]; + NSString *signatureId = [NSString stringWithCString:signature->id().c_str() encoding:[NSString defaultCStringEncoding]]; + [self removeSignature:docContainer signatureId:signatureId error:&error]; NSLog(@"\nError validating signature: %s\n", e.msg().c_str()); return false; } } -+ (void)removeSignature:(NSString *)containerPath signatureId:(NSString *)signatureId error:(NSError **)error { - digidoc::Container *doc = digidoc::Container::open(containerPath.UTF8String); ++ (void)removeSignature:(digidoc::Container *)container signatureId:(NSString *)signatureId error:(NSError **)error { - for (int i = 0; i < doc->signatures().size(); i++) { - digidoc::Signature *signature = doc->signatures().at(i); + for (int i = 0; i < container->signatures().size(); i++) { + digidoc::Signature *signature = container->signatures().at(i); try { if (signature->id() == signatureId.UTF8String) { - doc->removeSignature(i); - doc->save(containerPath.UTF8String); + container->removeSignature(i); + container->save(); break; } } catch(const digidoc::Exception &e) { @@ -429,15 +393,13 @@ + (NSString *)prepareSignature:(NSString *)cert containerPath:(NSString *)contai digidoc::X509Cert x509Cert = [MoppLibDigidocManager getDerCert:cert]; WebSigner *signer = new WebSigner(x509Cert); - docContainerPath = NULL; - signatureId = NULL; - - digidoc::Container *doc = digidoc::Container::open(containerPath.UTF8String); + docContainer = NULL; + signature = NULL; - docContainerPath = containerPath; + docContainer = digidoc::Container::open(containerPath.UTF8String); NSMutableArray *profiles = [NSMutableArray new]; - for (auto signature : doc->signatures()) { + for (auto signature : docContainer->signatures()) { NSLog(@"Signature ID: %s", signature->id().c_str()); [profiles addObject:[[NSString alloc] initWithBytes:signature->profile().c_str() length:signature->profile().size() encoding:NSUTF8StringEncoding]]; } @@ -448,12 +410,9 @@ + (NSString *)prepareSignature:(NSString *)cert containerPath:(NSString *)contai signer->setSignerRoles(std::vector()); NSLog(@"\nProfile info set successfully\n"); - digidoc::Signature *signature = doc->prepareSignature(signer); - - doc->save(); - - NSLog(@"\nSetting signature id...\n"); - signatureId = [NSString stringWithCString:signature->id().c_str() encoding:[NSString defaultCStringEncoding]]; + NSLog(@"\nSetting signature...\n"); + signature = docContainer->prepareSignature(signer); + NSString *signatureId = [NSString stringWithCString:signature->id().c_str() encoding:[NSString defaultCStringEncoding]]; NSLog(@"\nSignature ID set to %@...\n", signatureId); std::vector dataToSign = signature->dataToSign(); diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibManager.h b/MoppLib/MoppLib/PublicInterface/MoppLibManager.h index 0b2440c6..16ac3490 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibManager.h +++ b/MoppLib/MoppLib/PublicInterface/MoppLibManager.h @@ -51,7 +51,6 @@ typedef NS_ENUM(NSUInteger, EIDType) { + (NSString *)prepareSignature:(NSString *)cert containerPath:(NSString *)containerPath; + (NSArray *)getDataToSign; + (BOOL)isSignatureValid:(NSString *)cert signatureValue:(NSString *)signatureValue; -+ (void)cancelSigning; - (NSString *)moppLibVersion; - (NSString *)libdigidocppVersion; diff --git a/MoppLib/MoppLib/PublicInterface/MoppLibManager.m b/MoppLib/MoppLib/PublicInterface/MoppLibManager.m index b2a1d10e..0af8c71d 100644 --- a/MoppLib/MoppLib/PublicInterface/MoppLibManager.m +++ b/MoppLib/MoppLib/PublicInterface/MoppLibManager.m @@ -55,10 +55,6 @@ + (BOOL)isSignatureValid:(NSString *)cert signatureValue:(NSString *)signatureVa return [MoppLibDigidocManager isSignatureValid:cert signatureValue:signatureValue]; } -+ (void)cancelSigning { - [MoppLibDigidocManager cancelSigning]; -} - - (NSString *)moppLibVersion { return [[MoppLibDigidocManager sharedInstance] getMoppLibVersion]; }