Skip to content

Implement minimal multiple signing certification solution and small fixes. #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ambrose40 merged 2 commits into from
Mar 25, 2026
Merged

Implement minimal multiple signing certification solution and small fixes. #181

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b8a7c5b
NFC-143 Implement minimal multiple signing certification solution and…
ambrose40 Mar 25, 2026
266c4a1
NFC-143 Review stale translations.
ambrose40 Mar 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions Modules/WebEidLib/Sources/WebEidLib/Service/WebEidAuthService.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,15 @@ public actor WebEidAuthService: WebEidAuthServiceProtocol, Loggable {
if let signingCert {
let supportedSignatureAlgorithms = try WebEidAlgorithmUtil
.buildSupportedSignatureAlgorithms(publicKey: publicKey)
token["unverifiedSigningCertificate"] = signingCert.base64EncodedString()
token["supportedSignatureAlgorithms"] = supportedSignatureAlgorithms

let signingCertificates: [[String: Any]] = [
[
"certificate": signingCert.base64EncodedString(),
"supportedSignatureAlgorithms": supportedSignatureAlgorithms
]
]

token["unverifiedSigningCertificates"] = signingCertificates
token["format"] = "web-eid:1.1"
} else {
token["format"] = "web-eid:1.0"
Expand Down
48 changes: 45 additions & 3 deletions Modules/WebEidLib/Tests/WebEidLibTests/Service/WebEidAuthServiceTests.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ struct WebEidAuthServiceTests {
private var service: WebEidAuthServiceProtocol

// swiftlint:disable line_length
private let testCert = "MIIEDjCCA2+gAwIBAgIQfS1XPVaqF6id70AX3+4UQzAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTI1MDQyMjEwMTg0OFoXDTMwMDQyMTIwNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASJtW601r+uC3ipDFbn4st6lxtAjqICVTUTIQ0Wq/hsxHPjzSUfWDJqhWXuDBg0E9hDnnQlkIiX+c7vYeBOhHG0kbzjhQ+iz9xF3fnuDHVb/QtXBbXrh4fXWu5tVOb6IkejggHNMIIByTAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFMCEmSnETp87AjT2meEKVgAIKT57MHMGCCsGAQUFBwEBBGcwZTA1BggrBgEFBQcwAoYpaHR0cDovL2Muc2suZWUvVGVzdF9vZl9FU1RFSUQyMDE4LmRlci5jcnQwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MB8GA1UdEQQYMBaBFDM4MDAxMDg1NzE4QGVlc3RpLmVlMEcGA1UdIARAMD4wMgYLKwYBBAGDkSEBAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvQ1BTMAgGBgQAj3oBAjAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwawYIKwYBBQUHAQMEXzBdMAgGBgQAjkYBATBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAmVuMB0GA1UdDgQWBBRR540dJ/FCuVZGORkQFu/jLdK1PDAOBgNVHQ8BAf8EBAMCA4gwCgYIKoZIzj0EAwQDgYwAMIGIAkIBSoNaxY9V3Z7w0/tKUcLvzHLfJVb0v6OPHPlBm1wXQBw0dXSOoz3b67OFINismuBWLnvSHvIzLWZv73wth37ERIICQgDCQAFgi70IOKSLBbEGJEmJpjPq+r3VcbfBy/lXhuPOxzaIkAaCejOuehBl31gogGSIQp4LmFmR/4OOszWPOvu41w=="
private let testAuthCert = "MIIEDjCCA2+gAwIBAgIQfS1XPVaqF6id70AX3+4UQzAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTI1MDQyMjEwMTg0OFoXDTMwMDQyMTIwNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASJtW601r+uC3ipDFbn4st6lxtAjqICVTUTIQ0Wq/hsxHPjzSUfWDJqhWXuDBg0E9hDnnQlkIiX+c7vYeBOhHG0kbzjhQ+iz9xF3fnuDHVb/QtXBbXrh4fXWu5tVOb6IkejggHNMIIByTAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFMCEmSnETp87AjT2meEKVgAIKT57MHMGCCsGAQUFBwEBBGcwZTA1BggrBgEFBQcwAoYpaHR0cDovL2Muc2suZWUvVGVzdF9vZl9FU1RFSUQyMDE4LmRlci5jcnQwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MB8GA1UdEQQYMBaBFDM4MDAxMDg1NzE4QGVlc3RpLmVlMEcGA1UdIARAMD4wMgYLKwYBBAGDkSEBAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvQ1BTMAgGBgQAj3oBAjAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwawYIKwYBBQUHAQMEXzBdMAgGBgQAjkYBATBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAmVuMB0GA1UdDgQWBBRR540dJ/FCuVZGORkQFu/jLdK1PDAOBgNVHQ8BAf8EBAMCA4gwCgYIKoZIzj0EAwQDgYwAMIGIAkIBSoNaxY9V3Z7w0/tKUcLvzHLfJVb0v6OPHPlBm1wXQBw0dXSOoz3b67OFINismuBWLnvSHvIzLWZv73wth37ERIICQgDCQAFgi70IOKSLBbEGJEmJpjPq+r3VcbfBy/lXhuPOxzaIkAaCejOuehBl31gogGSIQp4LmFmR/4OOszWPOvu41w=="
private let testSignCert = "MIID7DCCA02gAwIBAgIQK33iqGajpAnSrLD7w+X3TjAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTI1MDQyMjEwMTg0OVoXDTMwMDQyMTIwNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATYWYk4C8W5+RAMeuvIQVa0sVdobkxXKASvA4lUh5K/whRAT5f3p8n2rw8O3nsCt/1LFyKXVVrZdtWZ1Vh894TA2QHEm6xaXnJs4ZmYo4blrm/nXE1PcEZan9023+73sE+jggGrMIIBpzAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFMCEmSnETp87AjT2meEKVgAIKT57MHMGCCsGAQUFBwEBBGcwZTA1BggrBgEFBQcwAoYpaHR0cDovL2Muc2suZWUvVGVzdF9vZl9FU1RFSUQyMDE4LmRlci5jcnQwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MEgGA1UdIARBMD8wMgYLKwYBBAGDkSEBAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvQ1BTMAkGBwQAi+xAAQIwgYoGCCsGAQUFBwEDBH4wfDAIBgYEAI5GAQEwCAYGBACORgEEMBMGBgQAjkYBBjAJBgcEAI5GAQYBMFEGBgQAjkYBBTBHMEUWP2h0dHBzOi8vc2suZWUvZW4vcmVwb3NpdG9yeS9jb25kaXRpb25zLWZvci11c2Utb2YtY2VydGlmaWNhdGVzLxMCZW4wHQYDVR0OBBYEFFh+R2KDfE2Tdj///kXTCqcz6rRuMA4GA1UdDwEB/wQEAwIGQDAKBggqhkjOPQQDBAOBjAAwgYgCQgD7B3WI1xpXX94+9e3TdaIcUNCj5JkCX15pj1mjRqv/Vx9Hlg3tbgwW2yOhqnTF04+e9rVHCtA8YRINp5BfDFqj/wJCAVuUlCu7GNVSFeU7A6lEORkB6obIALZusUFxT4bsaFWTpKllmvlX6lZm3QEbHgeiD8k7VMPdcw5V51p+B+2WUWBh"
private let testSignature =
"UYyRpzkKNwFgtgcbI1YQc2l1XQQTj7gy+FW/x94TsEberwzS2Rnu4dqC/JhYB3se2iOk1c6FAK2TN5WJTiIcQ9Nt3o/x7kfEsdkc5c39eUXuD83GXfUsyUxR9IQBQrpL"
// swiftlint:enable line_length
Expand All @@ -40,10 +41,10 @@ struct WebEidAuthServiceTests {

@Test
func buildAuthToken_returnJSONPayloadData() async throws {
let authCert = Data(base64Encoded: testCert) ?? Data()
let authCert = Data(base64Encoded: testAuthCert) ?? Data()
let signature = Data(base64Encoded: testSignature) ?? Data()
let token: [String: Any] = [
"unverifiedCertificate": testCert,
"unverifiedCertificate": testAuthCert,
"issuerApp": "https://web-eid.eu/web-eid-mobile-app/releases/v1.0.0",
"algorithm": "ES384",
"format": "web-eid:1.0",
Expand All @@ -61,6 +62,47 @@ struct WebEidAuthServiceTests {

#expect(result.count == expected.count)
}

@Test
func buildAuthToken_returnJSONPayloadData_whenSignCertProvided() async throws {
let authCert = Data(base64Encoded: testAuthCert) ?? Data()
let signCert = Data(base64Encoded: testSignCert) ?? Data()
let signature = Data(base64Encoded: testSignature) ?? Data()
let token: [String: Any] = [
"issuerApp": "https://web-eid.eu/web-eid-mobile-app/releases/v1.0.0",
"format": "web-eid:1.1",
"algorithm": "ES384",
"unverifiedCertificate": testAuthCert,
"signature": testSignature,
"unverifiedSigningCertificates": [
[
"supportedSignatureAlgorithms": [
["cryptoAlgorithm": "ECC", "hashFunction": "SHA-224", "paddingScheme": "NONE"],
["cryptoAlgorithm": "ECC", "paddingScheme": "NONE", "hashFunction": "SHA-256"],
["cryptoAlgorithm": "ECC", "hashFunction": "SHA-384", "paddingScheme": "NONE"],
["hashFunction": "SHA-512", "paddingScheme": "NONE", "cryptoAlgorithm": "ECC"],
["cryptoAlgorithm": "ECC", "hashFunction": "SHA3-224", "paddingScheme": "NONE"],
["hashFunction": "SHA3-256", "cryptoAlgorithm": "ECC", "paddingScheme": "NONE"],
["paddingScheme": "NONE", "hashFunction": "SHA3-384", "cryptoAlgorithm": "ECC"],
["hashFunction": "SHA3-512", "cryptoAlgorithm": "ECC", "paddingScheme": "NONE"]
],
"certificate": testSignCert
]
]
]

let expected = try JSONSerialization.data(
withJSONObject: token,
options: []
)
let result = try await service.buildAuthToken(
authCert: authCert,
signingCert: signCert,
signature: signature
)

#expect(result.count == expected.count)
}

@Test
func buildAuthToken_throwinvalidCertificateWhenCertIsInvalid() async throws {
Expand Down
13 changes: 13 additions & 0 deletions RIADigiDoc/Supporting files/Localizable.xcstrings
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,7 @@
}
},
"Back" : {
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -397,6 +398,7 @@
},
"Certificate details" : {
"comment" : "Title of Certificate Details view",
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -773,6 +775,7 @@
}
},
"Close" : {
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -952,6 +955,7 @@
},
"Container files" : {
"comment" : "Signing view container files title",
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -1131,6 +1135,7 @@
},
"Continue" : {
"comment" : "My eID PIN change or unblock view step button",
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -2156,6 +2161,7 @@
},
"General error" : {
"comment" : "General error",
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -2791,6 +2797,7 @@
},
"Libdigidocpp is already initialized" : {
"comment" : "Meant to be shown in logging only",
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -2827,6 +2834,7 @@
},
"Loading" : {
"comment" : "Loading label",
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -4967,6 +4975,7 @@
}
},
"Menu" : {
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -5110,6 +5119,7 @@
},
"More options" : {
"comment" : "More options button name",
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -6905,6 +6915,7 @@
}
},
"Save" : {
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -7047,6 +7058,7 @@
}
},
"Settings" : {
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down Expand Up @@ -7370,6 +7382,7 @@
},
"Signature details" : {
"comment" : "Title for Signature Details view",
"extractionState" : "manual",
"localizations" : {
"en" : {
"stringUnit" : {
Expand Down
11 changes: 0 additions & 11 deletions RIADigiDoc/UI/Component/Container/Signing/NFC/NFCView.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,17 +307,6 @@ struct NFCView: View {
pinType: pinType,
actionType: actionType
)
Task {
let rememberedCan = await viewModel.retrieveEncryptedCAN() ?? ""

if rememberMe &&
!rememberedCertInvalidated &&
!rememberedCan.isEmpty &&
canNumber != rememberedCan {
await viewModel.setSigningCertificate("")
rememberedCertInvalidated = true
}
}
},
showPinField: actionType != .myeid && actionType != .certificate,
isWebEidAuthenticating: isWebEidAuthenticating,
Expand Down
4 changes: 1 addition & 3 deletions RIADigiDoc/ViewModel/Signing/NFC/NFCViewModel.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,9 +135,7 @@ class NFCViewModel: NFCViewModelProtocol, Loggable {
await clearEncryptedCAN()
await saveTempCAN(canNumber)

if actionType == .auth {
await setSigningCertificate("")
}
await setSigningCertificate("")
}
}

Expand Down
Loading