Remove Gemalto card support and fix warnings

IB-7701 Signed-off-by: Raul Metsma <raul@metsma.ee>
open-eid · Jan 22, 2024 · 14f9ea0 · 14f9ea0
1 parent 4349f73
commit 14f9ea0
Show file tree

Hide file tree

Showing 22 changed files with 927 additions and 535 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -8,16 +8,11 @@ jobs:
     runs-on: macos-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
-      with:
-        submodules: 'true'
+      uses: actions/checkout@v4
     - name: Build
-      run: |
-        xcodebuild -project EstEIDTokenApp.xcodeproj -target package CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO DSTROOT=$PWD/tmp install
-        mkdir upload
-        mv *pkg upload
+      run: xcodebuild -project EstEIDTokenApp.xcodeproj -target package CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO DSTROOT=$PWD/tmp install
     - name: Archive artifacts
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         name: pkg
-        path: upload
+        path: ./*.pkg
diff --git a/EstEIDToken/Info.plist b/EstEIDToken/Info.plist
@@ -30,8 +30,6 @@
 		<dict>
 			<key>com.apple.ctk.aid</key>
 			<array>
-				<string>F04573744549442076657220312E</string>
-				<string>D23300000045737445494420763335</string>
 				<string>A000000077010800070000FE00000100</string>
 			</array>
 			<key>com.apple.ctk.class-id</key>

diff --git a/EstEIDToken/Localizable.xcstrings b/EstEIDToken/Localizable.xcstrings
@@ -0,0 +1,241 @@
+{
+  "sourceLanguage" : "en",
+  "strings" : {
+    "AUTH_CERT" : {
+      "comment" : "Localizable.strings\n CryptoTokenKit",
+      "extractionState" : "manual",
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Certificate For Card Authentication"
+          }
+        },
+        "et" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Certificate For Card Authentication"
+          }
+        },
+        "ru" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Certificate For Card Authentication"
+          }
+        }
+      }
+    },
+    "AUTH_KEY" : {
+      "extractionState" : "manual",
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Key For Card Authentication"
+          }
+        },
+        "et" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Key For Card Authentication"
+          }
+        },
+        "ru" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Key For Card Authentication"
+          }
+        }
+      }
+    },
+    "ENTER_PINPAD" : {
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Please enter PIN code on PinPAD"
+          }
+        },
+        "et" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Palun sisestada PIN kaardilugeja sõrmistikult"
+          }
+        },
+        "ru" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Please enter PIN code on PinPAD"
+          }
+        }
+      }
+    },
+    "INVALID_PIN" : {
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Invalid PIN entered"
+          }
+        },
+        "et" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Sisestati ebakorrektne PIN"
+          }
+        },
+        "ru" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Invalid PIN entered"
+          }
+        }
+      }
+    },
+    "SIGN_CERT" : {
+      "extractionState" : "manual",
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Certificate For Digital Signature"
+          }
+        },
+        "et" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Certificate For Digital Signature"
+          }
+        },
+        "ru" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Certificate For Digital Signature"
+          }
+        }
+      }
+    },
+    "SIGN_KEY" : {
+      "extractionState" : "manual",
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Key For Digital Signature"
+          }
+        },
+        "et" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Key For Digital Signature"
+          }
+        },
+        "ru" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Key For Digital Signature"
+          }
+        }
+      }
+    },
+    "VERIFY_TRY_LEFT" : {
+      "localizations" : {
+        "en" : {
+          "variations" : {
+            "plural" : {
+              "one" : {
+                "stringUnit" : {
+                  "state" : "translated",
+                  "value" : "PIN Incorrect.\nPIN will be locked next failed attempt."
+                }
+              },
+              "other" : {
+                "stringUnit" : {
+                  "state" : "translated",
+                  "value" : "PIN Incorrect.\n%d tries left"
+                }
+              },
+              "zero" : {
+                "stringUnit" : {
+                  "state" : "translated",
+                  "value" : "PIN locked.\nUnblock to reuse PIN."
+                }
+              }
+            }
+          }
+        },
+        "et" : {
+          "variations" : {
+            "plural" : {
+              "one" : {
+                "stringUnit" : {
+                  "state" : "translated",
+                  "value" : "Vale PIN.\nJärgmise vale koodi sisestamisel PIN lukustub."
+                }
+              },
+              "other" : {
+                "stringUnit" : {
+                  "state" : "translated",
+                  "value" : "Vale PIN.\n%d katset jäänud"
+                }
+              },
+              "zero" : {
+                "stringUnit" : {
+                  "state" : "translated",
+                  "value" : "PIN on lukus.\nTühista blokeering, et PIN-i taas kasutada."
+                }
+              }
+            }
+          }
+        },
+        "ru" : {
+          "variations" : {
+            "plural" : {
+              "one" : {
+                "stringUnit" : {
+                  "state" : "translated",
+                  "value" : "Неверный PIN.\nPIN будет заблокирован при следующей неудачной попытке"
+                }
+              },
+              "other" : {
+                "stringUnit" : {
+                  "state" : "translated",
+                  "value" : "Неправильный PIN.\nОсталось %d попыток"
+                }
+              },
+              "zero" : {
+                "stringUnit" : {
+                  "state" : "translated",
+                  "value" : "PIN заблокирован.\nРазблокируйте его для повторного использования PIN."
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "WRONG_CONSTR" : {
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Unexpected constraint"
+          }
+        },
+        "et" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Unexpected constraint"
+          }
+        },
+        "ru" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Unexpected constraint"
+          }
+        }
+      }
+    }
+  },
+  "version" : "1.0"
+}
diff --git a/EstEIDToken/Token.h b/EstEIDToken/Token.h
@@ -35,18 +35,12 @@ static const TKTokenOperationConstraint EstEIDConstraintPIN = @"PIN";
 @interface Token : TKSmartCardToken<TKTokenDelegate>
 @end
 
-@interface EstEIDToken : Token
-@end
-
 @interface IDEMIAToken : Token
 @end
 
 @interface TokenSession : TKSmartCardTokenSession<TKTokenSessionDelegate>
 @end
 
-@interface EstEIDTokenSession : TokenSession
-@end
-
 @interface IDEMIATokenSession : TokenSession
 @end
 

diff --git a/EstEIDToken/Token.m b/EstEIDToken/Token.m
@@ -77,19 +77,6 @@ - (nullable NSData*)readCert:(NSData*)file error:(NSError **) error {
     return fileData;
 }
 
-- (nullable NSString*)readRecord:(UInt8)record error:(NSError **) error {
-    UInt16 sw = 0;
-    NSData *data = [self sendIns:0xB2 p1:record p2:0x04 data:nil le:@0 sw:&sw error:error];
-    if (sw == 0x9000) {
-        return [[NSString alloc] initWithData:data encoding:NSWindowsCP1252StringEncoding];
-    }
-    NSLog(@"EstEIDToken readRecord failed to read record %@", @(record));
-    if (error != nil) {
-        *error = [NSError errorWithDomain:TKErrorDomain code:TKErrorCodeObjectNotFound userInfo:nil];
-    }
-    return nil;
-}
-
 @end
 
 @implementation TKTokenKeychainItem(EstEIDDataFormat)
@@ -148,11 +135,10 @@ - (BOOL)populateIdentity:(NSData*)certificateData certificateID:(NSData*)certifi
     }
     [keyItem setName:NSLocalizedString(auth ? @"AUTH_KEY" : @"SIGN_KEY", nil)];
     keyItem.canSign = YES;
-    keyItem.canDecrypt = NO; //auth; FIXME: implement decryption
+    keyItem.canDecrypt = NO;
     keyItem.suitableForLogin = NO; //auth; FIXME: implement login
     keyItem.canPerformKeyExchange = NO; //auth; FIXME: implement derive
     keyItem.constraints = @{ @(TKTokenOperationSignData): EstEIDConstraintPIN };
-    // keyItem.constraints = constraints[@(TKTokenOperationDecryptData)] = EstEIDConstraintPIN; //auth; FIXME: implement decryption
     // keyItem.constraints = constraints[@(TKTokenOperationPerformKeyExchange)] = EstEIDConstraintPIN; //auth; FIXME: implement derive
     // Populate keychain state with keys.
     [self.keychainContents fillWithItems:@[certificateItem, keyItem]];
@@ -161,36 +147,6 @@ - (BOOL)populateIdentity:(NSData*)certificateData certificateID:(NSData*)certifi
 
 @end
 
-@implementation EstEIDToken
-
-- (nullable instancetype)initWithSmartCard:(TKSmartCard *)smartCard AID:(nullable NSData *)AID tokenDriver:(TKSmartCardTokenDriver *)tokenDriver error:(NSError **)error {
-    NSLog(@"EstEIDToken initWithSmartCard AID %@", AID);
-    NSString *instanceID;
-    if ([smartCard selectFile:0x00 p2:0x0C file:nil error:error] == nil ||
-        [smartCard selectFile:0x01 p2:0x0C file:NSDATA(2, 0xEE, 0xEE) error:error] == nil ||
-        [smartCard selectFile:0x02 p2:0x0C file:NSDATA(2, 0x50, 0x44) error:error] == nil ||
-        (instanceID = [smartCard readRecord:0x08 error:error]) == nil) {
-        NSLog(@"EstEIDToken initWithSmartCard failed to read card");
-        return nil;
-    }
-    NSLog(@"EstEIDToken initWithSmartCard %@", instanceID);
-    if (self = [super initWithSmartCard:smartCard AID:AID instanceID:instanceID tokenDriver:tokenDriver]) {
-        NSData *certificateID = NSDATA(2, 0xAA, 0xCE);
-        NSData *keyID = NSDATA(2, 0x11, 0x00);
-        if (![super populateIdentity:[smartCard readCert:certificateID error:error] certificateID:certificateID keyID:keyID auth:YES error:error]) {
-            return nil;
-        }
-    }
-    return self;
-}
-
-- (TKTokenSession *)token:(TKToken *)token createSessionWithError:(NSError **)error {
-    NSLog(@"EstEIDToken createSessionWithError %@", self.AID);
-    return [[EstEIDTokenSession alloc] initWithToken:self];
-}
-
-@end
-
 @implementation IDEMIAToken
 
 - (nullable instancetype)initWithSmartCard:(TKSmartCard *)smartCard AID:(nullable NSData *)AID tokenDriver:(TKSmartCardTokenDriver *)tokenDriver error:(NSError **)error {
@@ -229,10 +185,7 @@ - (TKSmartCardToken *)tokenDriver:(TKSmartCardTokenDriver *)driver createTokenFo
     NSBundle *bundle = [NSBundle bundleForClass:EstEIDTokenDriver.class];
     NSLog(@"EstEIDTokenDriver createTokenForSmartCard AID %@ version %@.%@", AID, bundle.infoDictionary[@"CFBundleShortVersionString"], bundle.infoDictionary[@"CFBundleVersion"]);
     [EstEIDTokenDriver showNotification:nil];
-    if ([AID isEqualToData:NSDATA(16, 0xA0, 0x00, 0x00, 0x00, 0x77, 0x01, 0x08, 0x00, 0x07, 0x00, 0x00, 0xFE, 0x00, 0x00, 0x01, 0x00)]) {
-        return [[IDEMIAToken alloc] initWithSmartCard:smartCard AID:AID tokenDriver:self error:error];
-    }
-    return [[EstEIDToken alloc] initWithSmartCard:smartCard AID:AID tokenDriver:self error:error];
+    return [[IDEMIAToken alloc] initWithSmartCard:smartCard AID:AID tokenDriver:self error:error];
 }
 
 + (void)showNotification:(NSString*__nullable)msg {
@@ -248,8 +201,9 @@ + (void)showNotification:(NSString*__nullable)msg {
         NSBundle *bundle = [NSBundle bundleForClass:EstEIDTokenDriver.class];
         NSString *path = [bundle.bundlePath.stringByDeletingLastPathComponent.stringByDeletingLastPathComponent stringByAppendingString:@"/Resources/EstEIDTokenNotify.app"];
         NSLog(@"EstEIDTokenDriver showNotification path: %@", path);
-        BOOL isLaunched = [NSWorkspace.sharedWorkspace launchApplication:path];
-        NSLog(@"EstEIDTokenDriver showNotification launchApplication: %d", isLaunched);
+        [NSWorkspace.sharedWorkspace openApplicationAtURL:[NSURL fileURLWithPath:path isDirectory:YES] configuration:NSWorkspaceOpenConfiguration.configuration completionHandler:^(NSRunningApplication *app, NSError *error) {
+            NSLog(@"EstEIDTokenDriver showNotification openApplicationAtURL: %@", error);
+        }];
     }
     [NSDistributedNotificationCenter.defaultCenter postNotificationName:@"EstEIDTokenNotify" object:msg userInfo:nil deliverImmediately:YES];
 }