haraldwolff
/
AusweisApp2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial revision: v1.10.3

1.10 1.10.3
Governikus 2017-07-03 09:30:10 +02:00
commit 2fdb3c0c2f
1618 changed files with 131189 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.editorconfig 100644
View File

@ -0,0 +1,23 @@
# See EditorConfig: http://EditorConfig.org
# top-most EditorConfig file
root = true
# Formatting of Sources: see uncrustify and "make format"
[*.{cpp,h,groovy,py,sh,json,qml,js,cmake,txt}]
charset = utf-8
end_of_line = lf
insert_final_newline = true
indent_style = tab
indent_size = 4
trim_trailing_whitespace = true
# Formatting of reST: see doc8 and "make doc8"
[*.{rst}]
charset = utf-8
end_of_line = lf
insert_final_newline = true
indent_style = space
indent_size = 2
trim_trailing_whitespace = true

18
AUTHORS 100644
View File

@ -0,0 +1,18 @@
Copyright (c) 2014-2016 Governikus GmbH & Co. KG
Authors
----------------
André Klitzing
Sebastian Lösch
Steffen Peil
Ingo Weinhold
Giorgio Busatto
Jan Murawski
Lars Schmertmann
Contributors
----------------

122
CMakeLists.txt 100644
View File

@ -0,0 +1,122 @@
CMAKE_MINIMUM_REQUIRED(VERSION 3.1.0)
IF(POLICY CMP0020)
CMAKE_POLICY(SET CMP0020 NEW)
ENDIF()
IF(POLICY CMP0046)
CMAKE_POLICY(SET CMP0046 NEW)
ENDIF()
IF(POLICY CMP0048)
CMAKE_POLICY(SET CMP0048 NEW)
ENDIF()
IF(POLICY CMP0054)
CMAKE_POLICY(SET CMP0054 NEW)
ENDIF()
# "tools.only" can be defined to disable the normal build and enable
# cmdline "tools" only. For example: "make format" or "make package_source"
IF(tools.only)
SET(LANGUAGES NONE)
ELSE()
SET(LANGUAGES CXX)
ENDIF()
PROJECT(AusweisApp2 VERSION 1.10.3 LANGUAGES ${LANGUAGES})
# Set TWEAK if not defined in PROJECT_VERSION above to
# have a valid tweak version without propagating it
IF(NOT PROJECT_VERSION_TWEAK)
SET(PROJECT_VERSION_TWEAK 0)
ENDIF()
IF(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT OR ANDROID OR IOS)
SET(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/dist" CACHE PATH "default install path" FORCE)
ENDIF()
SET(CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake")
OPTION(BUILD_SHARED_LIBS "Enable build of shared libraries")
INCLUDE(Helper)
IF(NOT VENDOR)
SET(VENDOR_FILE "${PROJECT_SOURCE_DIR}/vendor.txt")
IF(EXISTS "${VENDOR_FILE}")
FILE(READ "${VENDOR_FILE}" VENDOR)
STRING(STRIP "${VENDOR}" VENDOR)
ELSE()
SET(VENDOR AusweisApp2_CE) # CommunityEdition
ENDIF()
ENDIF()
IF(VENDOR MATCHES "Governikus")
SET(VENDOR_GOVERNIKUS TRUE)
ENDIF()
MESSAGE(STATUS "VENDOR: ${VENDOR}")
MESSAGE(STATUS "VERSION: ${PROJECT_VERSION}")
IF(ANDROID)
IF(NOT ANDROID_VERSION_CODE)
SET(ANDROID_VERSION_CODE 0)
ENDIF()
MESSAGE(STATUS "ANDROID_VERSION_CODE: ${ANDROID_VERSION_CODE}")
ENDIF()
IF("${PROJECT_BINARY_DIR}" STREQUAL "${PROJECT_SOURCE_DIR}")
MESSAGE(FATAL_ERROR "in tree building is not supported!")
ENDIF()
IF(CMAKE_BUILD_TYPE)
STRING(TOUPPER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE)
ELSE()
SET(CMAKE_BUILD_TYPE "DEBUG" CACHE STRING "build type configuration" FORCE)
ENDIF()
IF(NOT ${CMAKE_BUILD_TYPE} STREQUAL "DEBUG" AND NOT ${CMAKE_BUILD_TYPE} STREQUAL "RELEASE")
MESSAGE(FATAL_ERROR "CMAKE_BUILD_TYPE is invalid! Available options: RELEASE, DEBUG")
ENDIF()
SET(CMAKE_AUTOMOC ON)
SET(CMAKE_AUTOUIC ON)
SET(CMAKE_INCLUDE_CURRENT_DIR ON)
SET(SRC_DIR ${PROJECT_SOURCE_DIR}/src)
SET(TEST_DIR ${PROJECT_SOURCE_DIR}/test)
SET(RESOURCES_DIR ${PROJECT_SOURCE_DIR}/resources)
SET(PACKAGING_DIR ${RESOURCES_DIR}/packaging)
SET(EXECUTABLE_BASE_NAME AusweisApp2)
SET(EXECUTABLE_NAME ${EXECUTABLE_BASE_NAME}${CMAKE_EXECUTABLE_SUFFIX})
INCLUDE(Tools)
INCLUDE(DVCS)
ADD_SUBDIRECTORY(docs)
INCLUDE(DefaultFiles)
INCLUDE(Appcast)
INCLUDE(Messages)
IF(tools.only)
INCLUDE(Packaging)
RETURN()
ENDIF()
INCLUDE(Libraries)
INCLUDE(CompilerFlags)
ADD_SUBDIRECTORY(resources)
ADD_SUBDIRECTORY(src)
IF("${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
INCLUDE(CTest)
CONFIGURE_FILE("${CMAKE_MODULE_PATH}/CTestCustom.cmake.in" "${CMAKE_BINARY_DIR}/CTestCustom.cmake" COPYONLY)
ENDIF()
IF(BUILD_TESTING)
ADD_SUBDIRECTORY(test)
ENDIF()
ADD_SUBDIRECTORY(utils)
INCLUDE(Packaging)

53
CONTRIBUTING.rst 100644
View File

@ -0,0 +1,53 @@
Contributing
============
Patches
-------
Wir nehmen gerne Patches für die AusweisApp2 an.
Bitte gehen Sie dafür wie folgt vor:
#. Forken des `Repository`_ in das eigene GitHub-Konto.
#. Aufbauen aller Änderungen auf dem ``community`` branch.
#. Erstellen von vollständigen Changesets (amend anstatt weiterer commits).
#. Push in einen topic branch im eigenen GitHub-Konto.
#. Erstellen eines Pull-Requests mit dem Zielbranch ``community``.
Erstellte Pull-Requests werden von Governikus in das interne Code-Review
übernommen und mittels des internen "Continuous Integration"-Systems geprüft.
Bei erfolgreicher Prüfung wird die Änderung in den aktuellen Entwicklungszweig
aufgenommen und mit dem nächsten Major-Release veröffentlicht. In der Zwischenzeit
wird die Änderung ebenfalls in dem ``community`` branch angenommen und beim
offiziellen Release synchronisiert.
.. _`Repository`: https://github.com/Governikus/AusweisApp2
Code Style
----------
Wir verwenden `uncrustify` um den Quellcode automatisch zu formatieren.
Mittels CMake wird das Build-Target "format" im jeweiligen "Makefile"
generiert, welches die Formatierung für alle Dateien vornimmt.
.. code-block:: bash
$ make format
Hierfür muss "uncrustify" im jeweiligen $PATH von CMake vorhanden sein.
.. _`uncrustify`: https://github.com/uncrustify/uncrustify
Lizenz
------
Wir benötigen eine persönliche CLA (contributor license agreement) für
die eingereichten Änderungen.
Siehe `LICENSE.AusweisApp2.German.txt`_ oder `LICENSE.AusweisApp2.English.txt`_ für Details.
.. _`LICENSE.AusweisApp2.German.txt`: LICENSE.AusweisApp2.German.txt
.. _`LICENSE.AusweisApp2.English.txt`: LICENSE.AusweisApp2.English.txt

7
CTestConfig.cmake 100644
View File

@ -0,0 +1,7 @@
SET(CTEST_PROJECT_NAME "AusweisApp2")
SET(CTEST_NIGHTLY_START_TIME "01:00:00 UTC")
SET(CTEST_DROP_METHOD "http")
SET(CTEST_DROP_SITE "cdash")
SET(CTEST_DROP_LOCATION "/submit.php?project=AusweisApp2")
SET(CTEST_DROP_SITE_CDASH TRUE)

47
Doxyfile.in 100644
View File

@ -0,0 +1,47 @@
# Available options
# http://www.stack.nl/~dimitri/doxygen/manual/config.html
PROJECT_NAME = AusweisApp2
OUTPUT_DIRECTORY = @PROJECT_BINARY_DIR@/doc
OUTPUT_LANGUAGE = German
INPUT = @PROJECT_SOURCE_DIR@
FILE_PATTERNS = *.cpp *.h
RECURSIVE = YES
OPTIMIZE_OUTPUT_C = YES
QT_AUTOBRIEF = YES
BUILTIN_STL_SUPPORT = YES
GENERATE_TREEVIEW = YES
STRIP_FROM_PATH = @PROJECT_SOURCE_DIR@
SEARCHENGINE = YES
COLS_IN_ALPHA_INDEX = 10
EXTRACT_ALL = YES
GENERATE_TODOLIST = NO
CLASS_DIAGRAMS = YES
HIDE_UNDOC_RELATIONS = YES
HAVE_DOT = YES
DOT_NUM_THREADS = 0
DOT_FONTNAME = Helvetica
DOT_FONTSIZE = 10
CLASS_GRAPH = YES
COLLABORATION_GRAPH = NO
GROUP_GRAPHS = YES
UML_LOOK = YES
UML_LIMIT_NUM_FIELDS = 15
TEMPLATE_RELATIONS = NO
INCLUDE_GRAPH = YES
INCLUDED_BY_GRAPH = YES
CALL_GRAPH = YES
CALLER_GRAPH = YES
GRAPHICAL_HIERARCHY = NO
DIRECTORY_GRAPH = NO
DOT_IMAGE_FORMAT = png
INTERACTIVE_SVG = NO
DOT_GRAPH_MAX_NODES = 50
MAX_DOT_GRAPH_DEPTH = 0
DOT_TRANSPARENT = NO
DOT_MULTI_TARGETS = NO
GENERATE_LEGEND = YES
DOT_CLEANUP = YES

734
LICENSE.txt 100644
View File

@ -0,0 +1,734 @@
Nutzungsbedingungen
Allgemeines zur Installation
Bitte lesen Sie zunächst die Allgemeinen Geschäftsbedingungen so wie die Lizenzbedingungen für die Überlassung und Nutzung der AusweisApp2 durch. Nachdem Sie zugestimmt haben, können Sie die Installation fortsetzen.
Allgemeine Geschäftsbedingungen
§ 1 Nutzungsbedingungen und Datenschutzhinweis
(1) Diese Allgemeine Geschäftsbedingungen (AGB) des Bundes, vertreten durch das Bundesministerium des Innern (nachfolgend "Bund") und dem Nutzer gelten für die Überlassung und Nutzung der Software AusweisApp2 (nachfolgend AusweisApp2) und deren neue Versionen, die auf der Grundlage dieser Bedingungen überlassen werden.
(2) "Nutzer" im Sinne dieses Vertrages sind natürliche Personen.
§ 2 Vertragsgegenstand und Unentgeltlichkeit
(1) Die AusweisApp2 wird regelmäßig hinsichtlich ihrer Konformität zu den Technischen Richtlinien des Bundesamtes für Sicherheit in der Informationstechnik [TR-03124-2] zertifiziert sowie hinsichtlich ihrer Nutzerfreundlichkeit [EN ISO 9241 Teil 110 Ergonomie Mensch-System-Integration zur Prüfung der Benutzbarkeit und Funktionalität und Trusted Design Guidelines zur Prüfung der Vertrauenswürdigkeit] und auf Barrierefreiheit [BITV 2.0] überprüft.
(2) Die AusweisApp2 wird in maschinenlesbarer Form unentgeltlich überlassen. Der Quellcode der AusweisApp2 wird ebenfalls unentgeltlich veröffentlicht. Eine Auflistung der verwendeten Open Source-Bestandteile der AusweisApp2 findet sich im Anhang.
(3) Die AusweisApp2 wird von der Governikus GmbH & Co. KG (Governikus) als Erfüllungsgehilfe des Bundes überlassen.
§ 3 Verwendungszweck
Die AusweisApp2 und alle ihre Bestandteile dienen ausschließlich dazu, im Zusammenhang mit der Nutzung der Online-Ausweisfunktion des Personalausweises bzw. des elektronischen Aufenthaltstitels und der Übermittlung der damit verbundenen Daten gemäß den gesetzlichen Vorgaben verwendet zu werden.
§ 4 Pflichten und Obliegenheiten des Nutzers
(1) Der Nutzer verpflichtet sich, die AusweisApp2 entsprechend des in § 3 genannten Verwendungszweckes zu nutzen. Es liegt in seinem Interesse, dass in Verbindung mit der AusweisApp2 genutzte Hard- und Software des Nutzers immer auf dem neuesten Stand der Sicherheitstechnik (System- und Firmware Update, Virenscanner, Firewall usw.) sind.
(2) Es liegt im eigenen Interesse des Nutzers aber auch des Bundes, dass stets nur die neueste Version der AusweisApp2 (siehe § 5) verwendet wird.
§ 5 Pflege und Support
(1) Der Bund bietet nach eigenem Ermessen und ohne hierzu verpflichtet zu sein für Teile der AusweisApp2 zusätzliche kostenfreie Supportleistungen in Form von Dokumentationen und online Hilfen auf dem AusweisApp2-Portal im Internet unter der Adresse www.ausweisapp.bund.de an, sowie über die Hotline des Herstellers Governikus unter der E-Mail-Adresse: support@ausweisapp.de und der Tel.-Nr.: +49 1805 348 743. Auch stellt er verfügbare neue Versionen der AusweisApp2 zur Verfügung. Hieraus erwächst jedoch kein zusätzlicher Anspruch auf Mängelbeseitigung, auf Zertifizierung, auf Beibehaltung der Supportleistungen oder der Hotline und auf Überlassung neuer Versionen.
(2) Verfügbare neue Versionen der AusweisApp2 können im Internet kostenfrei auf dem AusweisApp2-Portal unter der Adresse www.ausweisapp.bund.de sowie über allgemein zugängliche AppStore heruntergeladen werden.
(3) Eventuelle Mängel der AusweisApp2 werden grundsätzlich dadurch behoben, dass der Bund jeweils eine neue Version der AusweisApp2 zum Herunterladen zur Verfügung stellt (siehe § 5 Absatz 1). Eine Pflicht zur Bereitstellung von neuen Versionen ergibt sich daraus grundsätzlich nicht.
§ 6 Hinweis auf gewerbliche und urheberrechtliche Schutzrechte
Die Zeichen AusweisApp2 und die entsprechenden Grafiken sowie das Signet zur Online-Ausweisfunktion sind für den Bund als Marken geschützt.
§ 7 Datenschutzhinweis
(1) Mit dieser Software werden personenbezogene Daten im Sinne des § 3 Absatz 1 des Bundesdatenschutzgesetzes (BDSG) zum Zwecke der Verarbeitung grundsätzlich nicht erhoben.
(2) Personenbezogene Daten aus dem Ausweischip werden ausschließlich zum Zweck des elektronischen Identitätsnachweises im Umfang der erteilten Berechtigung nach Einwilligung des Nutzers mit seiner Ausweis-PIN-Eingabe und auf dem Transportweg zwischen dem Ausweischip und dem Diensteanbieter sicher verschlüsselt und auch für Governikus nicht lesbar übertragen.
(3) Neben den reinen Daten, die zur Identifizierung/ Authentisierung benötigt werden, erhebt die Software nur mit Einverständnis des Nutzers Daten über die Art und Version der Anwendungsumgebung (Betriebssystem, Lesegeräte usw.) des Nutzers. Diese Daten kann der Nutzer bei Bedarf an Governikus übermitteln, um die ordnungsgemäße Verarbeitung prüfen zu lassen und Fehlern im Verarbeitungsprozess vorzubeugen. Die Nutzung der Daten erfolgt dann im Rahmen des § 14 BDSG durch Governikus im Auftrag des Bundes und nur für den genannten Zweck.
(4) Die in der AusweisApp2 enthaltene Selbstauskunft über die im Chip gespeicherten Daten, ist ein Dienst der durch Governikus über das Internet erbracht wird. Die Ausweisdaten werden dabei nur zur Anzeige des Nutzers gebracht und nicht dauerhaft bei Governikus gespeichert oder für andere Zwecke verwendet.
§ 8 Deutsches Recht
Auf diese Nutzungsbedingungen ist ausschließlich deutsches Recht unter Ausschluss des Übereinkommens der Vereinten Nationen über Verträge über den internationalen Warenkauf (CISG) anwendbar.
Anhang
Eingearbeitete Open Source-Komponenten
Qt, OpenSSL, http_parser, Qhttpserver und Fervor.
Lizenzbedingungen
Die AusweisApp2 und ihr Quellcode werden unter der EUPL v1.2 bereitgestellt, mit Ausnahme der Open-Source-Bibliothek OpenSSL, die unter der OpenSSL License / SSLeay License lizensiert ist.
OPEN-SOURCE-LIZENZ FÜR DIE EUROPÄISCHE UNION v. 1.2
EUPL © Europäische Union 2007, 2016
Diese Open-Source-Lizenz für die Europäische Union („EUPL“) gilt für Werke (im Sinne der nachfolgenden Begriffsbestimmung),
die unter EUPL-Bedingungen zur Verfügung gestellt werden. Das Werk darf nur in der durch diese Lizenz
gestatteten Form genutzt werden (insoweit eine solche Nutzung dem Urheber vorbehalten ist).
Das Werk wird unter den Bedingungen dieser Lizenz zur Verfügung gestellt, wenn der Lizenzgeber (im Sinne der
nachfolgenden Begriffsbestimmung) den folgenden Hinweis unmittelbar hinter dem Urheberrechtshinweis dieses Werks
anbringt:
Lizenziert unter der EUPL
oder in einer anderen Form zum Ausdruck bringt, dass er es unter der EUPL lizenzieren möchte.
1. Begriffsbestimmungen
Für diese Lizenz gelten folgende Begriffsbestimmungen:
- „Lizenz“: diese Lizenz.
- „Originalwerk“: das Werk oder die Software, die vom Lizenzgeber unter dieser Lizenz verbreitet oder zugänglich
gemacht wird, und zwar als Quellcode und gegebenenfalls auch als ausführbarer Code.
- „Bearbeitungen“: die Werke oder Software, die der Lizenznehmer auf der Grundlage des Originalwerks oder seiner
Bearbeitungen schaffen kann. In dieser Lizenz wird nicht festgelegt, wie umfangreich die Änderung oder wie stark die
Abhängigkeit vom Originalwerk für eine Einstufung als Bearbeitung sein muss; dies bestimmt sich nach dem
Urheberrecht, das in dem unter Artikel 15 aufgeführten Land anwendbar ist.
- „Werk“: das Originalwerk oder seine Bearbeitungen.
- „Quellcode“: diejenige Form des Werkes, die zur Auffassung durch den Menschen bestimmt ist und die am besten
geeignet ist, um vom Menschen verstanden und verändert zu werden.
- „Ausführbarer Code“: die — üblicherweise — kompilierte Form des Werks, die von einem Computer als Programm
ausgeführt werden soll.
- „Lizenzgeber“: die natürliche oder juristische Person, die das Werk unter der Lizenz verbreitet oder zugänglich
macht.
- „Bearbeiter“: jede natürliche oder juristische Person, die das Werk unter der Lizenz verändert oder auf andere Weise
zur Schaffung einer Bearbeitung beiträgt.
- „Lizenznehmer“ („Sie“): jede natürliche oder juristische Person, die das Werk unter den Lizenzbedingungen nutzt.
- „Verbreitung“ oder „Zugänglichmachung“: alle Formen von Verkauf, Überlassung, Verleih, Vermietung, Verbreitung,
Weitergabe, Übermittlung oder anderweitiger Online- oder Offline-Bereitstellung von Vervielfältigungen des Werks
oder Zugänglichmachung seiner wesentlichen Funktionen für dritte natürliche oder juristische Personen.
2. Umfang der Lizenzrechte
Der Lizenzgeber erteilt Ihnen hiermit für die Gültigkeitsdauer der am Originalwerk bestehenden Urheberrechte eine
weltweite, unentgeltliche, nicht ausschließliche, unterlizenzierbare Lizenz, die Sie berechtigt:
- das Werk uneingeschränkt zu nutzen,
- das Werk zu vervielfältigen,
- das Werk zu verändern und Bearbeitungen auf der Grundlage des Werks zu schaffen,
- das Werk öffentlich zugänglich zu machen, was das Recht einschließt, das Werk oder Vervielfältigungsstücke davon
öffentlich bereitzustellen oder wahrnehmbar zu machen oder das Werk, soweit möglich, öffentlich aufzuführen,
- das Werk oder Vervielfältigungen davon zu verbreiten,
- das Werk oder Vervielfältigungen davon zu vermieten oder zu verleihen,
- das Werk oder Vervielfältigungen davon weiter zu lizenzieren.
Für die Wahrnehmung dieser Rechte können beliebige, derzeit bekannte oder künftige Medien, Träger und Formate
verwendet werden, soweit das geltende Recht dem nicht entgegensteht.
Für die Länder, in denen Urheberpersönlichkeitsrechte an dem Werk bestehen, verzichtet der Lizenzgeber im gesetzlich
zulässigen Umfang auf seine Urheberpersönlichkeitsrechte, um die Lizenzierung der oben aufgeführten
Verwertungsrechte wirksam durchführen zu können.
Der Lizenzgeber erteilt dem Lizenznehmer ein nicht ausschließliches, unentgeltliches Nutzungsrecht an seinen Patenten,
sofern dies zur Ausübung der durch die Lizenz erteilten Nutzungsrechte am Werk notwendig ist.
3. Zugänglichmachung des Quellcodes
Der Lizenzgeber kann das Werk entweder als Quellcode oder als ausführbaren Code zur Verfügung stellen. Stellt er es als
ausführbaren Code zur Verfügung, so stellt er darüber hinaus eine maschinenlesbare Kopie des Quellcodes für jedes von
ihm verbreitete Vervielfältigungsstück des Werks zur Verfügung, oder er verweist in einem Vermerk im Anschluss an den
dem Werk beigefügten Urheberrechtshinweis auf einen Speicherort, an dem problemlos und unentgeltlich auf den
Quellcode zugegriffen werden kann, solange der Lizenzgeber das Werk verbreitet oder zugänglich macht.
4. Einschränkungen des Urheberrechts
Es ist nicht Zweck dieser Lizenz, Ausnahmen oder Schranken der ausschließlichen Rechte des Urhebers am Werk, die
dem Lizenznehmer zugutekommen, einzuschränken. Auch die Erschöpfung dieser Rechte bleibt von dieser Lizenz
unberührt.
5. Pflichten des Lizenznehmers
Die Einräumung der oben genannten Rechte ist an mehrere Beschränkungen und Pflichten für den Lizenznehmer
gebunden:
Urheberrechtshinweis, Lizenztext, Nennung des Bearbeiters: Der Lizenznehmer muss alle Urheberrechts-, Patent-
oder Markenrechtshinweise und alle Hinweise auf die Lizenz und den Haftungsausschluss unverändert lassen. Jedem von
ihm verbreiteten oder zugänglich gemachten Vervielfältigungsstück des Werks muss der Lizenznehmer diese Hinweise
sowie diese Lizenz beifügen. Der Lizenznehmer muss auf jedem abgeleiteten Werk deutlich darauf hinweisen, dass das
Werk geändert wurde, und das Datum der Bearbeitung angeben.
„Copyleft“-Klausel: Der Lizenznehmer darf Vervielfältigungen des Originalwerks oder Bearbeitungen nur unter den
Bedingungen dieser EUPL oder einer neueren Version dieser Lizenz verbreiten oder zugänglich machen, außer wenn das
Originalwerk ausdrücklich nur unter dieser Lizenzversion — z. B. mit der Angabe „Nur EUPL V. 1.2“ — verbreitet
werden darf. Der Lizenznehmer (der zum Lizenzgeber wird) darf für das Werk oder die Bearbeitung keine zusätzlichen
Bedingungen anbieten oder vorschreiben, die die Bedingungen dieser Lizenz verändern oder einschränken.
Kompatibilitäts-Klausel: Wenn der Lizenznehmer Bearbeitungen, die auf dem Werk und einem anderen Werk, das
unter einer kompatiblen Lizenz lizenziert wurde, basieren, oder die Kopien dieser Bearbeitungen verbreitet oder
zugänglich macht, kann dies unter den Bedingungen dieser kompatiblen Lizenz erfolgen. Unter „kompatibler Lizenz“ ist
eine im Anhang dieser Lizenz angeführte Lizenz zu verstehen. Sollten die Verpflichtungen des Lizenznehmers aus der
kompatiblen Lizenz mit denjenigen aus der vorliegenden Lizenz (EUPL) in Konflikt stehen, werden die Verpflichtungen
aus der kompatiblen Lizenz Vorrang haben.
Bereitstellung des Quellcodes: Wenn der Lizenznehmer Vervielfältigungsstücke des Werks verbreitet oder zugänglich
macht, muss er eine maschinenlesbare Fassung des Quellcodes mitliefern oder einen Speicherort angeben, über den
problemlos und unentgeltlich so lange auf diesen Quellcode zugegriffen werden kann, wie der Lizenznehmer das Werk
verbreitet oder zugänglich macht.
Rechtsschutz: Diese Lizenz erlaubt nicht die Benutzung von Kennzeichen, Marken oder geschützten Namensrechten des
Lizenzgebers, soweit dies nicht für die angemessene und übliche Beschreibung der Herkunft des Werks und der
inhaltlichen Wiedergabe des Urheberrechtshinweises erforderlich ist.
6. Urheber und Bearbeiter
Der ursprüngliche Lizenzgeber gewährleistet, dass er das Urheberrecht am Originalwerk innehat oder dieses an ihn
lizenziert wurde und dass er befugt ist, diese Lizenz zu erteilen.
Jeder Bearbeiter gewährleistet, dass er das Urheberrecht an den von ihm vorgenommenen Änderungen des Werks besitzt
und befugt ist, diese Lizenz zu erteilen.
Jedes Mal, wenn Sie die Lizenz annehmen, erteilen Ihnen der ursprüngliche Lizenzgeber und alle folgenden Bearbeiter
eine Befugnis zur Nutzung ihrer Beiträge zum Werk unter den Bedingungen dieser Lizenz.
7. Gewährleistungsausschluss
Die Arbeit an diesem Werk wird laufend fortgeführt; es wird durch unzählige Bearbeiter ständig verbessert. Das Werk ist
nicht vollendet und kann daher Fehler („bugs“) enthalten, die dieser Art der Entwicklung inhärent sind.
Aus den genannten Gründen wird das Werk unter dieser Lizenz „so, wie es ist“ ohne jegliche Gewährleistung zur
Verfügung gestellt. Dies gilt unter anderem — aber nicht ausschließlich — für Marktreife, Verwendbarkeit für einen
bestimmten Zweck, Mängelfreiheit, Richtigkeit sowie Nichtverletzung von anderen Immaterialgüterrechten als dem
Urheberrecht (vgl. dazu Artikel 6 dieser Lizenz).
Dieser Gewährleistungsausschluss ist wesentlicher Bestandteil der Lizenz und Bedingung für die Einräumung von
Rechten an dem Werk.
8. Haftungsausschluss/Haftungsbeschränkung
Außer in Fällen von Vorsatz oder der Verursachung von Personenschäden haftet der Lizenzgeber nicht für direkte oder
indirekte, materielle oder immaterielle Schäden irgendwelcher Art, die aus der Lizenz oder der Benutzung des Werks
folgen; dies gilt unter anderem, aber nicht ausschließlich, für Firmenwertverluste, Produktionsausfall, Computerausfall
oder Computerfehler, Datenverlust oder wirtschaftliche Schäden, und zwar auch dann, wenn der Lizenzgeber auf die
Möglichkeit solcher Schäden hingewiesen wurde. Unabhängig davon haftet der Lizenzgeber im Rahmen der gesetzlichen
Produkthaftung, soweit die entsprechenden Regelungen auf das Werk anwendbar sind.
9. Zusatzvereinbarungen
Wenn Sie das Werk verbreiten, können Sie Zusatzvereinbarungen schließen, in denen Verpflichtungen oder
Dienstleistungen festgelegt werden, die mit dieser Lizenz vereinbar sind. Sie dürfen Verpflichtungen indessen nur in
Ihrem eigenen Namen und auf Ihre eigene Verantwortung eingehen, nicht jedoch im Namen des ursprünglichen
Lizenzgebers oder eines anderen Bearbeiters, und nur, wenn Sie sich gegenüber allen Bearbeitern verpflichten, sie zu
entschädigen, zu verteidigen und von der Haftung freizustellen, falls aufgrund der von Ihnen eingegangenen
Gewährleistungsverpflichtung oder Haftungsübernahme Forderungen gegen sie geltend gemacht werden oder eine
Haftungsverpflichtung entsteht.
10. Annahme der Lizenz
Sie können den Bestimmungen dieser Lizenz zustimmen, indem Sie das Symbol „Lizenz annehmen“ unter dem Fenster
mit dem Lizenztext anklicken oder indem Sie Ihre Zustimmung auf vergleichbare Weise in einer nach anwendbarem
Recht zulässigen Form geben. Das Anklicken des Symbols gilt als Anzeichen Ihrer eindeutigen und unwiderruflichen
Annahme der Lizenz und der darin enthaltenen Klauseln und Bedingungen.
In gleicher Weise gilt als Zeichen der eindeutigen und unwiderruflichen Zustimmung die Ausübung eines Rechtes, das in
Artikel 2 dieser Lizenz angeführt ist, wie das Erstellen einer Bearbeitung oder die Verbreitung oder Zugänglichmachung
des Werks oder dessen Vervielfältigungen.
11. Informationspflichten
Wenn Sie das Werk verbreiten oder zugänglich machen (beispielsweise, indem Sie es zum Herunterladen von einer
Website anbieten), müssen Sie über den Vertriebskanal oder das benutzte Verbreitungsmedium der Öffentlichkeit
zumindest jene Informationen bereitstellen, die nach dem anwendbaren Recht bezüglich der Lizenzgeber, der Lizenz und
ihrer Zugänglichkeit, des Abschlusses des Lizenzvertrags sowie darüber, wie die Lizenz durch den Lizenznehmer
gespeichert und vervielfältigt werden kann, erforderlich sind.
12. Beendigung der Lizenz
Die Lizenz und die damit eingeräumten Rechte erlöschen automatisch, wenn der Lizenznehmer gegen die Lizenzbedingungen
verstößt.
Ein solches Erlöschen der Lizenz führt nicht zum Erlöschen der Lizenzen von Personen, denen das Werk vom
Lizenznehmer unter dieser Lizenz zur Verfügung gestellt worden ist, solange diese Personen die Lizenzbedingungen
erfüllen.
13. Sonstiges
Unbeschadet des Artikels 9 stellt die Lizenz die vollständige Vereinbarung der Parteien über das Werk dar.
Sind einzelne Bestimmungen der Lizenz nach geltendem Recht nichtig oder unwirksam, so berührt dies nicht die
Wirksamkeit oder Durchsetzbarkeit der Lizenz an sich. Solche Bestimmungen werden vielmehr so ausgelegt oder
modifiziert, dass sie wirksam und durchsetzbar sind.
Die Europäische Kommission kann weitere Sprachfassungen oder neue Versionen dieser Lizenz oder aktualisierte
Fassungen des Anhangs veröffentlichen, soweit dies notwendig und angemessen ist, ohne den Umfang der Lizenzrechte
zu verringern. Neue Versionen werden mit einer eindeutigen Versionsnummer veröffentlicht.
Alle von der Europäischen Kommission anerkannten Sprachfassungen dieser Lizenz sind gleichwertig. Die Parteien
können sich auf die Sprachfassung ihrer Wahl berufen.
14. Gerichtsstand
Unbeschadet besonderer Vereinbarungen zwischen den Parteien gilt Folgendes:
- Für alle Streitigkeiten über die Auslegung dieser Lizenz zwischen den Organen, Einrichtungen und sonstigen Stellen
der Europäischen Union als Lizenzgeber und einem Lizenznehmer ist der Gerichtshof der Europäischen Union
gemäß Artikel 272 des Vertrags über die Arbeitsweise der Europäischen Union zuständig;
- Gerichtsstand für Streitigkeiten zwischen anderen Parteien über die Auslegung dieser Lizenz ist allein der Ort, an
dem der Lizenzgeber seinen Wohnsitz oder den wirtschaftlichen Mittelpunkt seiner Tätigkeit hat.
15. Anwendbares Recht
Unbeschadet besonderer Vereinbarungen zwischen den Parteien gilt Folgendes:
- Diese Lizenz unterliegt dem Recht des Mitgliedstaats der Europäischen Union, in dem der Lizenzgeber seinen Sitz,
Wohnsitz oder eingetragenen Sitz hat;
- diese Lizenz unterliegt dem belgischen Recht, wenn der Lizenzgeber keinen Sitz, Wohnsitz oder eingetragenen Sitz in
einem Mitgliedstaat der Europäischen Union hat.
Anlage
„Kompatible Lizenzen“ nach Artikel 5 der EUPL sind:
- GNU General Public License (GPL) v. 2, v. 3
- GNU Affero General Public License (AGPL) v. 3
- Open Software License (OSL) v. 2.1, v. 3.0
- Eclipse Public License (EPL) v. 1.0
- CeCILL v. 2.0, v. 2.1
- Mozilla Public Licence (MPL) v. 2
- GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
- Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) für andere Werke als Software
- European Union Public Licence (EUPL) v. 1.1, v. 1.2
- Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) oder Strong Reciprocity (LiLiQ-R+)
- Die Europäische Kommission kann diesen Anhang aktualisieren, um neuere Fassungen der obigen Lizenzen
aufzunehmen, ohne hierfür eine neue Fassung der EUPL auszuarbeiten, solange diese Lizenzen die in Artikel 2
gewährten Rechte gewährleisten und den erfassten Quellcode vor ausschließlicher Aneignung schützen.
- Alle sonstigen Änderungen oder Ergänzungen dieses Anhangs bedürfen der Ausarbeitung einer neuen Version der
EUPL.
Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. All advertising materials mentioning features or use of this
software must display the following acknowledgment:
"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
endorse or promote products derived from this software without
prior written permission. For written permission, please contact
openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL"
nor may "OpenSSL" appear in their names without prior written
permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following
acknowledgment:
"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com). This product includes software written by Tim
Hudson (tjh@cryptsoft.com).
Original SSLeay License
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an SSL implementation written
by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as
the following conditions are aheared to. The following conditions
apply to all code found in this distribution, be it the RC4, RSA,
lhash, DES, etc., code; not just the SSL code. The SSL documentation
included with this distribution is covered by the same copyright terms
except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in
the code are not to be removed.
If this package is used in a product, Eric Young should be given attribution
as the author of the parts of the library used.
This can be in the form of a textual message at program startup or
in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
"This product includes cryptographic software written by
Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library
being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from
the apps directory (application code) you must include an acknowledgement:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
The licence and distribution terms for any publically available version or
derivative of this code cannot be changed. i.e. this code cannot simply be
copied and put under another distribution licence
[including the GNU Public Licence.]
Ergänzende Linzenzhinweise
Die verwendeten OpenSource-Bibliotheken unterliegen den folgenden Nutzungsbedingungen:
Qt
Lizenz: LGPL v3
Version: 5.7.0
Adresse: https://www.qt.io/
http_parser
Lizenz: MIT
Version: 2.7.1
Adresse: https://github.com/nodejs/http-parser/
qhttpserver
Lizenz: MIT
Version: 0.1.0
Adresse: https://github.com/nikhilm/qhttpserver/
fervor
Lizenz: MIT
Version: 9980f27
Adresse: https://github.com/pypt/fervor/
Die Lizenztexte lauten in ihrer originalen Fassung wie folgt:
GNU LESSER GENERAL PUBLIC LICENSE
The Qt Toolkit is Copyright (C) 2016 The Qt Company Ltd.
Contact: http://www.qt.io/licensing/
You may use, distribute and copy the Qt Toolkit under the terms of
GNU Lesser General Public License version 3, which is displayed below.
This license makes reference to the version 3 of the GNU General
Public License, which you can find in the LICENSE.GPLv3 file.
-------------------------------------------------------------------------
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright © 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this
licensedocument, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates
the terms and conditions of version 3 of the GNU General Public
License, supplemented by the additional permissions listed below.
0. Additional Definitions.
As used herein, “this License” refers to version 3 of the GNU Lesser
General Public License, and the “GNU GPL” refers to version 3 of the
GNU General Public License.
“The Library” refers to a covered work governed by this License,
other than an Application or a Combined Work as defined below.
An “Application” is any work that makes use of an interface provided
by the Library, but which is not otherwise based on the Library.
Defining a subclass of a class defined by the Library is deemed a mode
of using an interface provided by the Library.
A “Combined Work” is a work produced by combining or linking an
Application with the Library. The particular version of the Library
with which the Combined Work was made is also called the “Linked
Version”.
The “Minimal Corresponding Source” for a Combined Work means the
Corresponding Source for the Combined Work, excluding any source code
for portions of the Combined Work that, considered in isolation, are
based on the Application, and not on the Linked Version.
The “Corresponding Application Code” for a Combined Work means the
object code and/or source code for the Application, including any data
and utility programs needed for reproducing the Combined Work from the
Application, but excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License
without being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a
facility refers to a function or data to be supplied by an Application
that uses the facility (other than as an argument passed when the
facility is invoked), then you may convey a copy of the modified
version:
a) under this License, provided that you make a good faith effort
to ensure that, in the event an Application does not supply the
function or data, the facility still operates, and performs
whatever part of its purpose remains meaningful, or
b) under the GNU GPL, with none of the additional permissions of
this License applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from
a header file that is part of the Library. You may convey such object
code under terms of your choice, provided that, if the incorporated
material is not limited to numerical parameters, data structure
layouts and accessors, or small macros, inline functions and templates
(ten or fewer lines in length), you do both of the following:
a) Give prominent notice with each copy of the object code that
the Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this
license document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that, taken
together, effectively do not restrict modification of the portions of
the Library contained in the Combined Work and reverse engineering for
debugging such modifications, if you also do each of the following:
a) Give prominent notice with each copy of the Combined Work that
the Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this
license document.
c) For a Combined Work that displays copyright notices during
execution, include the copyright notice for the Library among
these notices, as well as a reference directing the user to the
copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of
this License, and the Corresponding Application Code in a form
suitable for, and under terms that permit, the user to
recombine or relink the Application with a modified version of
the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying
Corresponding Source.
1) Use a suitable shared library mechanism for linking with
the Library. A suitable mechanism is one that (a) uses at run
time a copy of the Library already present on the user's
computer system, and (b) will operate properly with a modified
version of the Library that is interface-compatible with the
Linked Version.
e) Provide Installation Information, but only if you would
otherwise be required to provide such information under section 6
of the GNU GPL, and only to the extent that such information is
necessary to install and execute a modified version of the
Combined Work produced by recombining or relinking the Application
with a modified version of the Linked Version. (If you use option
4d0, the Installation Information must accompany the Minimal
Corresponding Source and Corresponding Application Code. If you
use option 4d1, you must provide the Installation Information in
the manner specified by section 6 of the GNU GPL for conveying
Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the Library
side by side in a single library together with other library
facilities that are not Applications and are not covered by this
License, and convey such a combined library under terms of your
choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work
based on the Library, uncombined with any other library
facilities, conveyed under the terms of this License.
b) Give prominent notice with the combined library that part of
it is a work based on the Library, and explaining where to find
the accompanying uncombined form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions
of the GNU Lesser General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library
as you received it specifies that a certain numbered version of the
GNU Lesser General Public License “or any later version” applies to
it, you have the option of following the terms and conditions either
of that published version or of any later version published by the
Free Software Foundation. If the Library as you received it does not
specify a version number of the GNU Lesser General Public License,
you may choose any version of the GNU Lesser General Public License
ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide
whether future versions of the GNU Lesser General Public License shall
apply, that proxy's public statement of acceptance of any version is
permanent authorization for you to choose that version for the Library.
http_parser.c is based on src/http/ngx_http_parse.c from NGINX copyright
Igor Sysoev.
Additional changes are licensed under the same terms as NGINX and
copyright Joyent, Inc. and other Node contributors. All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to
deal in the Software without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
Copyright (c) 2012 Linas Valiukas and others.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Copyright (C) 2011-2014 Nikhil Marathe <nsm.nikhil@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to
deal in the Software without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.

233
README.rst 100644
View File

@ -0,0 +1,233 @@
AusweisApp2
===========
Kontakt
-------
| Governikus GmbH & Co. KG
| Am Fallturm 9
| 28359 Bremen
| ausweisapp2@governikus.de
Toolchain / Bibliotheken
------------------------
Die Einrichtung der Toolchain wird im Unterordner ``./libs``
bzw. in der darin enthaltenen README erläutert.
Die separate README und das Skript unter "libs" dienen dem Aufzusetzen
der notwendigen Build-Umgebung und dem automatisierten Bauen der
notwendigen Bibliotheken mit den entsprechenden Patches.
Derzeit ist es leider noch nicht möglich, die AusweisApp2 ohne Patches
an OpenSSL und Qt voll funktionsfähig auszuliefern.
Dies liegt unter anderem an dem notwendigen RSA-PSK-Patch für
OpenSSL 1.0.2, welcher mit OpenSSL 1.1.0 nicht mehr notwendig ist.
Diese OpenSSL-Version wird allerdings voraussichtlich erst mit Qt 5.10
bzw. 5.9.2 unterstützt. (siehe https://bugreports.qt.io/browse/QTBUG-52905)
OpenSSL 1.1.0 wird mit der AusweisApp2 1.14.0 unterstützt.
LibreSSL wird auf Grund des fehlenden RSA-PSK nicht unterstützt.
Build
-----
Um die AusweisApp2 zu bauen ist es notwendig ein Makefile mittels CMake zu
generieren. Dazu kann CMake auf der Kommandozeile oder mit der von CMake
mitgelieferten CMake-GUI ausgeführt werden.
CMake erkennt während der Konfigurationszeit automatisch die Abhängigkeiten.
Dazu kann die Variable *CMAKE_PREFIX_PATH* verwendet werden um die Toolchain CMake
bekannt zu machen. Alternativ zu %PATH% bzw. $PATH können alle Ordner, die dort
für den Build eingetragen wurden, über diesen Mechanismus an CMake übergeben werden.
Als Generator für Makefiles sollte eine Variante von "MinGW Makefiles" gewählt
werden.
Beim Generieren des Makefiles ist zu beachten, dass die AusweisApp2 nur sogenannte
"out of source tree"-Builds erlaubt. Daher ist die empfohlene Variante von CMake
zwingend einzuhalten und der Build-Ordner darf sich nicht im Source-Ordner
befinden.
Beispiel über die CLI:
::
C:/AusweisApp2/
C:/Toolchain/
C:/build/
::
$ cd C:/build
$ cmake -G "MinGW Makefiles" -DCMAKE_PREFIX_PATH=C:/Toolchain ../AusweisApp2 -DCMAKE_BUILD_TYPE=release
-- The CXX compiler identification is GNU 4.9.1
-- Check for working CXX compiler: C:/mingw32/bin/g++.exe
-- Check for working CXX compiler: C:/mingw32/bin/g++.exe -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- VERSION: 1.0.0
-- CMAKE_INSTALL_PREFIX: C:/build/dist
-- CMAKE_BUILD_TYPE: RELEASE
-- CMAKE_PREFIX_PATH: C:/Toolchain
-- CMAKE_INCLUDE_PATH:
-- CMAKE_LIBRARY_PATH:
-- CMAKE_SYSTEM_PREFIX_PATH: C:\Program Files;C:\Program Files (x86);C:/Program Files (x86)/CMake;C:/Program Files (x86)/AusweisApp2
-- CMAKE_SYSTEM_INCLUDE_PATH:
-- BUILD_SHARED_LIBS: OFF
-- Found OpenSSL: C:/Toolchain/lib/libssl.dll.a;C:/Toolchain/lib/libcrypto.dll.a (found suitable version "1.0.1i", minimum required is "1.0.1")
-- Found Hg: C:/Program Files/TortoiseHg/hg.exe (found version "3.1.1")
-- PLATFORM_WIDGETS: WINDOWS
-- Configuring done
-- Generating done
-- Build files have been written to: C:/build
Um die mobile Variante der AusweisApp2 zu bauen benötigt man je nach Plattform zusätzliche
externe Komponenten, die in der README in ``./libs`` im Abschnitt Android / iOS beschrieben
sind.
Android
^^^^^^^
Bei Android ist zu beachten, dass ein CMAKE_TOOLCHAIN_FILE angegeben werden muss.
::
$ cd build
$ cmake -DCMAKE_PREFIX_PATH=/home/governikus/Toolchain/dist -DCMAKE_TOOLCHAIN_FILE=../AusweisApp2/cmake/android.toolchain.cmake ../AusweisApp2
$ make
$ make install
$ make apk
Unter dem Ordner "./dist/bin" ist nun ein "AusweisApp2...apk" erstellt worden.
Sofern der Parameter *CMAKE_BUILD_TYPE* auf RELEASE gesetzt wird, sind folgende CMake
Parameter notwendig um das APK zu signieren.
::
-DAPK_SIGN_KEYSTORE=/home/governikus/ausweisapp2.apk.keystore.jks
-DAPK_SIGN_KEYSTORE_ALIAS=ausweisapp
-DAPK_SIGN_KEYSTORE_PSW=123456
Wie schon bei der Toolchain wird standardmäßig die Architektur "armeabi-v7a" verwendet.
Dies kann mittels CMake Parameter "-DANDROID_ABI=x86" verändert werden.
iOS
^^^
Bei iOS wird ein Bundle gebaut, welches mit einem zusätzlichen Befehl in eine IPA-Datei
eingebettet werden kann. Zu beachten ist vor allem, dass in der Umgebungsvariable
*PROVISIONING_PROFILE* das jeweilige Profil verwendet wird, welches unter XCode
eingerichtet ist. Im Ordner "~/Library/MobileDevice/Provisioning Profiles"
sind diese ebenfalls einsehbar.
Unter Umständen kann es zu Berechtigungsproblemen mit XCode und den Zugriff auf
die Keys kommen. Dabei ist es oft hilfreich die Keys im MacOS-Schlüsselbund
freizuschalten bzw. den Schlüsselbund freizugeben.
security unlock-keychain -pPASSWORD ${HOME}/Library/Keychains/login.keychain
Unter iOS wird die AusweisApp2 mittels XCode gebaut!
::
$ cd build
$ cmake -DCMAKE_PREFIX_PATH=/Users/governikus/Toolchain/dist -DCMAKE_TOOLCHAIN_FILE=../AusweisApp2/cmake/iOS.toolchain.cmake -DCMAKE_BUILD_TYPE=release ../AusweisApp2 -GXcode
$ cmakexbuild install -configuration Release
$ cmakexbuild -target ipa
Im Build-Ordner befindet sich nun eine "AusweisApp2-x.y.z.ipa" Datei, welches das
signierte Bundle enthält!
Packages
--------
Nachdem die Build-Umgebung eingerichtet ist, kann je nach System ein Package erstellt werden.
- Unter Windows ist hierfür noch das WiX Toolset (http://wixtoolset.org/ Getestet: 3.8 bis 3.10)
notwendig.
Mittels "mingw32-make package" wird die AusweisApp2 gebaut und ein MSI Paket bereitgestellt.
- Unter MacOS wird mittels "make package" die AusweisApp2 gebaut und ein DMG bereitgestellt.
- Um ein APK für Android zu bauen, sind zwei Schritte notwendig, da CMake das Format bisher
nicht unterstützt. Daher sind nach der Konfiguration des Projektes folgende Befehle notwendig
um ein endgültiges APK zu erhalten:
::
$ make install
$ make apk
Release
-------
Folgende Schritte sind notwendig um ein Tag bzw. Release zu bauen.
Tag anbringen
^^^^^^^^^^^^^
#. Mittels "hg update -r stable" auf das jeweilige Changeset wechseln, welches mit einem
Tag versehen werden soll.
#. Mittels "hg status" überprüfen, dass keine weiteren Änderungen in der Working-Copy
vorhanden sind.
#. In der Datei CMakeLists.txt die PROJECT_VERSION im PROJECT entsprechend anpassen.
#. Mittels "hg tag x.y.z" (Beispiel: hg tag 1.0.0) den Tag anbringen.
#. Mittels "hg bookmark -r x.y.z release" das Bookmark verschieben, damit der Jenkins beim
Release-Build den aktuellen Tag findet.
#. Mittels "hg push" ins Main-Repository übertragen.
Tag bauen
^^^^^^^^^
Wichtig: Der Jenkins erstellt das Release anhand des Bookmarks "release".
Die Jobs müssen nach dem Setzen manuell gestartet werden!
Nachdem die Jobs für Windows und MacOS durchgelaufen sind, muss
der Job für den AppCast gestartet werden.
Für einen sauberen Build sollte folgendes Vorgehen angewandt werden.
Beim Durchlauf von CMake wird, sofern die Versionsverwaltung vorhanden ist, der Mercurial-Tag
angezeigt.
#. Mittels "hg clone -r x.y.z http://mercurial/AusweisApp2" den Tag ausschecken.
- **Wichtig:** Wenn ein bestehender Clone mittels "hg update -r x.y.z" benutzt wird,
sollte mit "hg status -i" geprüft werden, ob die Working-Copy vollständig sauber ist!
#. Einen build-Ordner erstellen und in den Ordner wechseln. Zum Beispiel /tmp/buildTagXYZ
#. cmake -DCMAKE_BUILD_TYPE=release ../AusweisApp2
#. make package_source
#. make package
Probleme & Lösungen
^^^^^^^^^^^^^^^^^^^
- Das gebaute Package beinhaltet einen Hashwert im Namen
- CMake hat erkannt, dass sich die aktuelle Working-Copy nicht auf dem Tag befindet und hängt
somit den Hashwert des Changesets an. Mittels "hg id -t" kann man überprüfen, ob man sich auf
dem Tag befindet.
- Mittels "hg update -r x.y.z" sollte man auf den Tag wechseln.
- Hinter dem Hashwert ist ein +
- Das bedeutet, dass "uncommitted changes" während des Builds in der Working-Copy enthalten waren.
- Dies kann man mittels "hg status" überprüfen.

64
cmake/AndroidNdkGdb.cmake 100644
View File

@ -0,0 +1,64 @@
# Copyright (c) 2014, Pavel Rojtberg
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# 3. Neither the name of the copyright holder nor the names of its
# contributors may be used to endorse or promote products derived from this
# software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
# ------------------------------------------------------------------------------
macro(android_ndk_gdb_enable)
if(ANDROID)
# create custom target that depends on the real target so it gets executed afterwards
add_custom_target(NDK_GDB ALL)
set(NDK_GDB_SOLIB_PATH ${PROJECT_BINARY_DIR}/dist/obj/local/${ANDROID_NDK_ABI_NAME}/)
file(MAKE_DIRECTORY ${NDK_GDB_SOLIB_PATH})
# 1. generate essential Android Makefiles
file(MAKE_DIRECTORY ${PROJECT_BINARY_DIR}/dist/jni)
if(NOT EXISTS ${PROJECT_BINARY_DIR}/dist/jni/Android.mk)
file(WRITE ${PROJECT_BINARY_DIR}/dist/jni/Android.mk "APP_ABI := ${ANDROID_NDK_ABI_NAME}\n")
endif()
if(NOT EXISTS ${PROJECT_BINARY_DIR}/dist/jni/Application.mk)
file(WRITE ${PROJECT_BINARY_DIR}/dist/jni/Application.mk "APP_ABI := ${ANDROID_NDK_ABI_NAME}\n")
endif()
# 2. generate gdb.setup
get_directory_property(PROJECT_INCLUDES DIRECTORY ${PROJECT_SOURCE_DIR} INCLUDE_DIRECTORIES)
string(REGEX REPLACE ";" " " PROJECT_INCLUDES "${PROJECT_INCLUDES}")
file(WRITE ${PROJECT_BINARY_DIR}/dist/libs/${ANDROID_NDK_ABI_NAME}/gdb.setup "set solib-search-path ${NDK_GDB_SOLIB_PATH}\n")
file(APPEND ${PROJECT_BINARY_DIR}/dist/libs/${ANDROID_NDK_ABI_NAME}/gdb.setup "directory ${PROJECT_INCLUDES}\n")
endif()
endmacro()
macro(android_ndk_gdb_debuggable TARGET_NAME)
if(ANDROID)
# create custom target that depends on the real target so it gets executed afterwards
add_dependencies(NDK_GDB ${TARGET_NAME})
add_custom_command(TARGET NDK_GDB POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $<TARGET_FILE:${TARGET_NAME}> ${NDK_GDB_SOLIB_PATH})
endif()
endmacro()

61
cmake/Appcast.cmake 100644
View File

@ -0,0 +1,61 @@
IF(MAC OR LINUX OR WIN32)
IF(JENKINS_APPCAST)
SET(APPCAST_URL ${REMOTE_CONFIG_URL}/build CACHE STRING "Appcast download URL" FORCE)
ELSE()
SET(APPCAST_URL ${REMOTE_CONFIG_URL} CACHE STRING "Appcast download URL" FORCE)
ENDIF()
MACRO(ADD_APPCAST_FILE _files _system)
FOREACH(filePath ${_files})
FILE_SIZE(fileSize ${filePath})
IF(NOT DEFINED fileSize)
MESSAGE(FATAL_ERROR "Cannot get file size of: ${file}")
ENDIF()
GET_FILENAME_COMPONENT(file ${filePath} NAME)
MESSAGE(STATUS "Processing: ${file}")
IF(NOT "${_system}" STREQUAL "SOURCES")
FILE(READ ${PACKAGING_DIR}/updater/Appcast.item.xml.in item)
STRING(REPLACE "AusweisApp2-" "" APPCAST_FILE_VERSION ${file})
STRING(REPLACE ".dmg" "" APPCAST_FILE_VERSION ${APPCAST_FILE_VERSION})
STRING(REPLACE ".msi" "" APPCAST_FILE_VERSION ${APPCAST_FILE_VERSION})
STRING(TIMESTAMP currentDate "%Y-%m-%dT%H:%M:%S")
STRING(REPLACE "APPCAST_DATE" ${currentDate} item ${item})
STRING(REPLACE "APPCAST_DOWNLOAD_URL" "${APPCAST_URL}/${file}" item ${item})
STRING(REPLACE "APPCAST_VERSION" "${APPCAST_FILE_VERSION}" item ${item})
STRING(REPLACE "APPCAST_OS" ${_system} item ${item})
STRING(REPLACE "APPCAST_PACKAGE_SIZE" "${fileSize}" item ${item})
STRING(REPLACE "APPCAST_URL" "${APPCAST_URL}" item ${item})
SET(APPCAST_ITEMS "${APPCAST_ITEMS}\n${item}")
ENDIF()
FILE(SHA256 ${filePath} fileHash)
FILE(WRITE ${filePath}.sha256 "${fileHash} ${file}\n")
ENDFOREACH()
ENDMACRO()
IF(LINUX OR MAC)
FILE(GLOB DMG_FILES ${PROJECT_BINARY_DIR}/*.dmg)
FILE(GLOB MSI_FILES ${PROJECT_BINARY_DIR}/*.msi)
FILE(GLOB TAR_GZ_FILES ${PROJECT_BINARY_DIR}/*.tar.gz)
IF(DMG_FILES)
ADD_APPCAST_FILE("${DMG_FILES}" "Q_OS_MAC")
ENDIF()
IF(MSI_FILES)
ADD_APPCAST_FILE("${MSI_FILES}" "Q_OS_WIN32")
ENDIF()
IF(TAR_GZ_FILES)
ADD_APPCAST_FILE("${TAR_GZ_FILES}" "SOURCES")
ENDIF()
IF(APPCAST_ITEMS)
CONFIGURE_FILE(${PACKAGING_DIR}/updater/Appcast.xml.in ${PROJECT_BINARY_DIR}/Appcast.xml @ONLY)
ENDIF()
ENDIF()
ENDIF()

4
cmake/CTestCustom.cmake.in 100644
View File

@ -0,0 +1,4 @@
LIST(APPEND CTEST_CUSTOM_COVERAGE_EXCLUDE "/test/")
LIST(APPEND CTEST_CUSTOM_COVERAGE_EXCLUDE "/external/")
LIST(APPEND CTEST_CUSTOM_COVERAGE_EXCLUDE \\.moc moc_ qrc_ ui_ _ui)
LIST(APPEND CTEST_EXTRA_COVERAGE_GLOB *.cpp *.h)

83
cmake/CompilerFlags.cmake 100644
View File

@ -0,0 +1,83 @@
ADD_DEFINITIONS(-DUNICODE)
ADD_DEFINITIONS(-DQT_MESSAGELOGCONTEXT)
ADD_DEFINITIONS(-DQT_NO_CAST_FROM_BYTEARRAY)
ADD_DEFINITIONS(-DQT_NO_CAST_TO_ASCII)
ADD_DEFINITIONS(-DQT_RESTRICTED_CAST_FROM_ASCII)
ADD_DEFINITIONS(-DQT_NO_FOREACH)
ADD_DEFINITIONS(-DQT_NO_KEYWORDS)
IF(QT_VENDOR STREQUAL "Governikus")
ADD_DEFINITIONS(-DGOVERNIKUS_QT)
ENDIF()
IF(CMAKE_VERSION VERSION_LESS 3.2)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
ELSE()
SET(CMAKE_CXX_STANDARD 11)
SET(CMAKE_CXX_STANDARD_REQUIRED ON)
ENDIF()
IF(NOT DEFINED WARNINGS_ARE_ERRORS AND VENDOR_GOVERNIKUS)
SET(WARNINGS_ARE_ERRORS ON)
ENDIF()
IF(MSVC)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /W3")
IF(WARNINGS_ARE_ERRORS)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /WX")
ENDIF()
ELSE()
ADD_DEFINITIONS(-DQT_STRICT_ITERATORS)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -Wpedantic -Wcast-qual -Wshadow -Wvla")
ADD_FLAG(-fstack-protector-strong -fstack-protector)
ADD_FLAG(-fuse-ld=gold VAR CMAKE_EXE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS LINK -fuse-ld=gold)
ADD_FLAG(-Wfloat-conversion)
ADD_FLAG(-Wloop-analysis)
ADD_FLAG(-Wlogical-op)
ADD_FLAG(-Wmisleading-indentation)
ADD_FLAG(-Wduplicated-cond)
ADD_FLAG(-Wweak-vtables)
ADD_FLAG(-Wcovered-switch-default)
ADD_FLAG(-Wno-gnu-zero-variadic-macro-arguments) # Qt (qDebug) is not compatible
IF(WARNINGS_ARE_ERRORS AND NOT CMAKE_GENERATOR STREQUAL Xcode)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror")
ENDIF()
IF(CMAKE_COMPILER_IS_GNUCXX)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-error=shadow")
ENDIF()
IF(APPLE AND NOT CMAKE_SYSTEM_VERSION VERSION_LESS 14)
# Allow warning for LSSharedFileListItemResolve since we support OSX 10.9, too!
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-error=deprecated-declarations")
ENDIF()
SET(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -O0")
IF(SANITIZER STREQUAL "address")
ADD_FLAG("-fsanitize=address -fno-omit-frame-pointer -fno-optimize-sibling-calls" LINK -fsanitize=address)
ELSEIF(SANITIZER STREQUAL "undefined")
ADD_FLAG("-fsanitize=undefined -fno-omit-frame-pointer -fno-optimize-sibling-calls" LINK -fsanitize=undefined)
ENDIF()
ENDIF()
# enable Objective-C support on MacOS X
IF(APPLE)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -ObjC++")
ENDIF()
INCLUDE(CompilerFlagsPersoSim)
# http://gcc.gnu.org/onlinedocs/gcc/Gcov.html
# http://llvm.org/docs/CommandGuide/llvm-cov.html
OPTION(COVERAGE "Enable code coverage")
IF(COVERAGE)
MESSAGE(STATUS "Enable code coverage instrumentation")
ADD_FLAG(--coverage LINK --coverage VAR CMAKE_CXX_FLAGS_DEBUG)
ENDIF()

22
cmake/CompilerFlagsPersoSim.cmake 100644
View File

@ -0,0 +1,22 @@
IF("${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
IF(PERSOSIM)
IF(NOT JAVA_EXECUTABLE)
FIND_PACKAGE(Java COMPONENTS Runtime)
IF(Java_JAVA_EXECUTABLE)
SET(JAVA_EXECUTABLE "${Java_JAVA_EXECUTABLE}")
ENDIF()
ENDIF()
IF(JAVA_EXECUTABLE)
MESSAGE(STATUS "PersoSim based tests enabled, using PersoSim Jar: ${PERSOSIM}")
MESSAGE(STATUS "Java: ${JAVA_EXECUTABLE}")
ADD_DEFINITIONS(-DPERSOSIM_EXECUTABLE=\"\\\"${PERSOSIM}\\\"\" -DJAVA_EXECUTABLE=\"\\\"${JAVA_EXECUTABLE}\\\"\")
SET(CMAKE_AUTOMOC_MOC_OPTIONS ${CMAKE_AUTOMOC_MOC_OPTIONS} -DPERSOSIM_EXECUTABLE=\"\\\"${PERSOSIM}\\\"\" -DJAVA_EXECUTABLE=\"\\\"${JAVA_EXECUTABLE}\\\"\")
ELSE()
MESSAGE(STATUS "Java not found! PersoSim based tests disabled.")
UNSET(PERSOSIM)
ENDIF()
ELSE()
MESSAGE(STATUS "PersoSim based tests disabled")
ENDIF()
ENDIF()

112
cmake/DVCS.cmake 100644
View File

@ -0,0 +1,112 @@
MACRO(FIND_DVCS _dest)
IF(EXISTS "${_dest}/.hg")
FIND_HOST_PACKAGE(Hg)
IF(HG_FOUND)
SET(DVCS_EXECUTABLE ${HG_EXECUTABLE})
ENDIF()
ELSEIF(EXISTS "${_dest}/.git")
FIND_HOST_PACKAGE(Git)
IF(GIT_FOUND)
SET(DVCS_EXECUTABLE ${GIT_EXECUTABLE})
ENDIF()
ENDIF()
IF(DVCS_EXECUTABLE)
SET(DVCS_FOUND TRUE)
ENDIF()
ENDMACRO()
FUNCTION(DVCS_EXECUTE _out)
EXECUTE_PROCESS(COMMAND ${DVCS_EXECUTABLE} ${ARGN}
WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}
OUTPUT_VARIABLE _output
RESULT_VARIABLE _result
ERROR_QUIET
OUTPUT_STRIP_TRAILING_WHITESPACE)
IF(${_result} EQUAL 0)
SET(${_out} "${_output}" PARENT_SCOPE)
ENDIF()
ENDFUNCTION()
FUNCTION(DVCS_CALL _name _sep ${ARGN})
DVCS_EXECUTE(_exec ${ARGN})
IF(DEFINED _exec)
MESSAGE(STATUS "DVCS ${_name}: ${_exec}")
SET(dvcs_${_name} ${_exec} PARENT_SCOPE)
IF(NOT "${_sep}" STREQUAL "")
SET(VERSION_DVCS ${VERSION_DVCS}${_sep}${_exec} PARENT_SCOPE)
ENDIF()
ENDIF()
ENDFUNCTION()
MACRO(CHECK_DVCS)
SET(VERSION_DVCS ${PROJECT_VERSION})
IF(HG_FOUND)
DVCS_CALL("tag" "" id -t)
ELSEIF(GIT_FOUND)
DVCS_CALL("tag" "" name-rev --tags --name-only HEAD)
ENDIF()
IF(NOT "${dvcs_tag}" STREQUAL "tip" AND NOT "${dvcs_tag}" STREQUAL "" AND NOT "${dvcs_tag}" STREQUAL "undefined")
IF(NOT dvcs_tag STREQUAL PROJECT_VERSION)
MESSAGE(FATAL_ERROR "DVCS Tag and defined PROJECT_VERSION is not equal")
ENDIF()
ELSE()
IF(HG_FOUND)
DVCS_EXECUTE(dvcs_distance log -r ${PROJECT_VERSION}::. --template 1)
STRING(LENGTH "${dvcs_distance}" dvcs_distance)
MESSAGE(STATUS "DVCS distance: ${dvcs_distance}")
SET(VERSION_DVCS ${VERSION_DVCS}+${dvcs_distance})
ELSEIF(GIT_FOUND)
DVCS_CALL("distance" "+" rev-list --count ${PROJECT_VERSION}...HEAD)
ENDIF()
GET_DVCS_INFO()
ENDIF()
ENDMACRO()
MACRO(GET_DVCS_INFO)
IF(HG_FOUND)
DVCS_CALL("branch" "-" branch)
ELSEIF(GIT_FOUND)
DVCS_CALL("branch" "-" rev-parse --abbrev-ref HEAD)
ENDIF()
IF(HG_FOUND)
DVCS_CALL("phase" "" log -r . -T {phase})
IF(DEFINED dvcs_phase)
IF("${dvcs_phase}" STREQUAL "public")
UNSET(dvcs_phase)
ELSE()
SET(VERSION_DVCS ${VERSION_DVCS}-${dvcs_phase})
ENDIF()
ENDIF()
ENDIF()
IF(HG_FOUND)
DVCS_CALL("revision" "-" id -i)
ELSEIF(GIT_FOUND)
DVCS_CALL("revision" "-" rev-parse --verify --short HEAD)
DVCS_EXECUTE(dvcs_dirty_wc diff --shortstat)
IF(DEFINED dvcs_dirty_wc)
MESSAGE(STATUS "DVCS: dirty working copy")
SET(dvcs_revision ${dvcs_revision}+)
SET(VERSION_DVCS ${VERSION_DVCS}+)
ENDIF()
ENDIF()
ENDMACRO()
FIND_DVCS(${PROJECT_SOURCE_DIR})
IF(DVCS_FOUND)
OPTION(ENABLE_DVCS "Check consistency of version/tag and get additional revision data" true)
IF(ENABLE_DVCS)
CHECK_DVCS()
ENDIF()
ENDIF()

38
cmake/DefaultFiles.cmake 100644
View File

@ -0,0 +1,38 @@
IF(JENKINS_APPCAST)
SET(REMOTE_CONFIG_URL https://buildautentapp/job/${JENKINS_APPCAST}/lastSuccessfulBuild/artifact CACHE STRING "Remote config download URL" FORCE)
ELSE()
SET(REMOTE_CONFIG_URL https://appl.governikus-asp.de/ausweisapp2 CACHE STRING "Remote config download URL" FORCE)
ENDIF()
FUNCTION(CONFIGURE_DEFAULT_FILES _destination)
# Set DEFAULT_PROVIDER_FILE to replace this in config.json.in.
IF(IOS)
SET(DEFAULT_PROVIDER_FILE default-providers-ios.json)
ELSE()
SET(DEFAULT_PROVIDER_FILE default-providers.json)
ENDIF()
IF(JENKINS_APPCAST)
SET(REMOTE_CONFIG_PATH_APPCAST /build)
SET(REMOTE_CONFIG_PATH_APPCAST_BETA /build)
SET(REMOTE_CONFIG_PATH_PROVIDERS /source/resources)
SET(REMOTE_CONFIG_PATH_DRIVERS /source/resources)
ELSE()
SET(REMOTE_CONFIG_PATH_APPCAST )
SET(REMOTE_CONFIG_PATH_APPCAST_BETA /beta)
SET(REMOTE_CONFIG_PATH_PROVIDERS )
SET(REMOTE_CONFIG_PATH_DRIVERS /driver)
ENDIF()
# Copy secure storage file, so that the AusweisApp2 can be started from the build directory.
CONFIGURE_FILE(${RESOURCES_DIR}/config.json.in ${_destination}/config.json @ONLY)
# The same with default providers
CONFIGURE_FILE(${RESOURCES_DIR}/${DEFAULT_PROVIDER_FILE} ${_destination}/default-providers.json COPYONLY)
# The same with default supported devices
CONFIGURE_FILE(${RESOURCES_DIR}/default-supported-devices.json ${_destination}/default-supported-devices.json COPYONLY)
# Copy qtlogging.ini file
CONFIGURE_FILE(${RESOURCES_DIR}/qtlogging.ini ${_destination}/qtlogging.ini COPYONLY)
ENDFUNCTION()

347
cmake/Helper.cmake 100644
View File

@ -0,0 +1,347 @@
INCLUDE(CheckCXXCompilerFlag)
INCLUDE(CMakeParseArguments)
FUNCTION(ADD_FLAG)
SET(options NOQUOTES)
SET(oneValueArgs)
SET(multiValueArgs LINK VAR)
cmake_parse_arguments(_PARAM "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
IF(NOT _PARAM_VAR)
SET(_PARAM_VAR CMAKE_CXX_FLAGS)
ENDIF()
IF(_PARAM_LINK)
SET(CMAKE_REQUIRED_LIBRARIES ${_PARAM_LINK})
ENDIF()
FOREACH(flag ${_PARAM_UNPARSED_ARGUMENTS})
STRING(REPLACE "-" "_" flagname ${flag})
STRING(REPLACE " " "_" flagname ${flagname})
CHECK_CXX_COMPILER_FLAG(${flag} ${flagname})
IF(${flagname})
FOREACH(var ${_PARAM_VAR})
IF(_PARAM_NOQUOTES)
SET(${var} ${${var}} ${flag} PARENT_SCOPE)
ELSE()
SET(${var} "${${var}} ${flag}" PARENT_SCOPE)
ENDIF()
ENDFOREACH()
RETURN()
ENDIF()
ENDFOREACH()
ENDFUNCTION()
FUNCTION(GET_FILE_MATCHER _result_remove _result_keep)
IF(NOT ${CMAKE_BUILD_TYPE} STREQUAL "DEBUG")
LIST(APPEND matcher_remove "_debug")
ENDIF()
IF(NOT ANDROID)
LIST(APPEND matcher_remove "_android")
ELSE()
LIST(APPEND matcher_keep "_android")
ENDIF()
IF(NOT IOS)
LIST(APPEND matcher_remove "_ios")
ELSE()
LIST(APPEND matcher_keep "_ios")
ENDIF()
IF(NOT MAC)
LIST(APPEND matcher_remove "_osx")
ELSE()
LIST(APPEND matcher_keep "_osx")
ENDIF()
IF(NOT WIN32)
LIST(APPEND matcher_remove "_win")
ELSE()
LIST(APPEND matcher_keep "_win")
ENDIF()
IF(NOT LINUX)
LIST(APPEND matcher_remove "_linux")
ELSE()
LIST(APPEND matcher_keep "_linux")
ENDIF()
IF(NOT BSD)
LIST(APPEND matcher_remove "_bsd")
ELSE()
LIST(APPEND matcher_keep "_bsd")
ENDIF()
SET(${_result_remove} ${matcher_remove} PARENT_SCOPE)
SET(${_result_keep} ${matcher_keep} PARENT_SCOPE)
ENDFUNCTION()
FUNCTION(GET_FILE_EXTENSIONS _result)
set(options)
set(oneValueArgs)
set(multiValueArgs PATH)
cmake_parse_arguments(_PARAM "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
SET(FILE_EXTENSIONS *.cpp)
OPTION(WITH_HEADER "Add header to target; only useful for some IDEs" OFF)
IF(WITH_HEADER)
LIST(APPEND FILE_EXTENSIONS *.h)
ENDIF()
IF(IOS)
LIST(APPEND FILE_EXTENSIONS *.m *.mm)
ENDIF()
IF(_PARAM_PATH)
FOREACH(path ${_PARAM_PATH})
FOREACH(ext ${FILE_EXTENSIONS})
LIST(APPEND tmpExt "${path}/${ext}")
ENDFOREACH()
ENDFOREACH()
LIST(APPEND FILE_EXTENSIONS ${tmpExt})
ENDIF()
SET(${_result} ${FILE_EXTENSIONS} PARENT_SCOPE)
ENDFUNCTION()
FUNCTION(ADD_PLATFORM_LIBRARY _name)
set(options)
set(oneValueArgs)
set(multiValueArgs PATH)
cmake_parse_arguments(_PARAM "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
GET_FILE_EXTENSIONS(FILE_EXTENSIONS PATH ${_PARAM_PATH})
FILE(GLOB_RECURSE FILES ${FILE_EXTENSIONS})
GET_FILE_MATCHER(matcher_remove matcher_keep)
FOREACH(file ${FILES})
SET(keep FALSE)
FOREACH(match ${matcher_keep})
IF("${file}" MATCHES ${match})
SET(keep TRUE)
BREAK()
ENDIF()
ENDFOREACH()
IF(NOT keep)
FOREACH(match ${matcher_remove})
IF("${file}" MATCHES ${match})
LIST(REMOVE_ITEM FILES "${file}")
BREAK()
ELSEIF("${file}" MATCHES "_generic")
LIST(REMOVE_ITEM FILES "${file}")
LIST(APPEND GENERICS "${file}")
BREAK()
ENDIF()
ENDFOREACH()
ENDIF()
ENDFOREACH()
FOREACH(generic ${GENERICS})
STRING(FIND "${generic}" "generic" position REVERSE)
STRING(SUBSTRING "${generic}" 0 ${position} generic_basename)
STRING(REPLACE "${CMAKE_SOURCE_DIR}" "" generic_basename "${generic_basename}")
SET(found FALSE)
FOREACH(file ${FILES})
IF("${file}" MATCHES "${generic_basename}" AND NOT "${file}" MATCHES ".h$")
SET(found TRUE)
BREAK()
ENDIF()
ENDFOREACH()
IF(NOT found)
LIST(APPEND FILES "${generic}")
ENDIF()
ENDFOREACH()
ADD_LIBRARY(${_name} ${FILES})
TARGET_INCLUDE_DIRECTORIES(${_name} INTERFACE "$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>")
ENDFUNCTION()
# This FUNCTION is a workaround for a "bug" in cmake to use OBJECT LIBRARIES with IMPORTED TARGETS like Qt
# http://www.cmake.org/Bug/view.php?id=14778
FUNCTION(ADD_OBJECT_LIBRARY TargetName Files)
ADD_LIBRARY(${TargetName} OBJECT ${Files})
FOREACH(MODULE ${ARGN})
TARGET_INCLUDE_DIRECTORIES(${TargetName} PRIVATE $<TARGET_PROPERTY:${MODULE},INTERFACE_INCLUDE_DIRECTORIES>)
TARGET_COMPILE_DEFINITIONS(${TargetName} PRIVATE $<TARGET_PROPERTY:${MODULE},INTERFACE_COMPILE_DEFINITIONS>)
ENDFOREACH()
IF(Qt5_POSITION_INDEPENDENT_CODE)
SET_TARGET_PROPERTIES(${TargetName} PROPERTIES POSITION_INDEPENDENT_CODE ON)
ENDIF()
ENDFUNCTION()
FUNCTION(GET_QUOTED_STRING _dest _str _filename)
IF(CMAKE_GENERATOR STREQUAL Xcode AND CMAKE_VERSION VERSION_LESS "3.5")
SET(tmp_var \\\\"${_str}\\\\")
ELSEIF(NOT "${_filename}" MATCHES ".rc$")
SET(tmp_var \\"${_str}\\")
ELSE()
SET(tmp_var ${_str})
ENDIF()
SET(${_dest} ${tmp_var} PARENT_SCOPE)
ENDFUNCTION()
FUNCTION(ADD_STRING_DEFINITION _str _def)
IF(ARGN)
FOREACH(arg ${ARGN})
IF (${arg} MATCHES "^AusweisApp")
SET(ARG_TYPE TARGET)
ELSE()
SET(ARG_TYPE SOURCE)
ENDIF()
IF(NOT "${_str}" STREQUAL "")
GET_QUOTED_STRING(tmp_var ${_str} ${arg})
SET(tmp_var =\"${tmp_var}\")
ENDIF()
SET_PROPERTY(${ARG_TYPE} ${arg} APPEND_STRING PROPERTY COMPILE_FLAGS " -D${_def}${tmp_var}")
ENDFOREACH()
ELSE()
IF(NOT "${_str}" STREQUAL "")
GET_QUOTED_STRING(tmp_var ${_str} ${arg})
SET(tmp_var =${tmp_var})
ENDIF()
ADD_DEFINITIONS(-D${_def}${tmp_var})
ENDIF()
ENDFUNCTION()
FUNCTION(ADD_DEFINITION _def)
ADD_STRING_DEFINITION("" ${_def} ${ARGN})
ENDFUNCTION()
FUNCTION(SUBDIRLIST _result _currentdir)
FILE(GLOB children RELATIVE ${_currentdir} ${_currentdir}/*)
SET(dirlist "")
FOREACH(child ${children})
IF(IS_DIRECTORY ${_currentdir}/${child})
LIST(APPEND dirlist ${child})
ENDIF()
ENDFOREACH()
SET(${_result} ${dirlist} PARENT_SCOPE)
ENDFUNCTION()
FUNCTION(DIRLIST_OF_FILES _result _files)
FILE(GLOB_RECURSE children ${_files})
SET(dirlist "")
FOREACH(child ${children})
GET_FILENAME_COMPONENT(dir ${child} DIRECTORY)
LIST(APPEND dirlist ${dir})
ENDFOREACH()
LIST(REMOVE_DUPLICATES dirlist)
SET(${_result} ${dirlist} PARENT_SCOPE)
ENDFUNCTION()
IF("${CMAKE_SYSTEM_NAME}" MATCHES "BSD")
SET(BSD true)
ENDIF()
IF(APPLE AND NOT IOS)
SET(MAC true)
ENDIF()
IF(UNIX AND NOT ANDROID AND NOT APPLE AND NOT CYGWIN AND NOT BSD)
SET(LINUX true)
ENDIF()
IF(LINUX OR WIN32 OR MAC OR CYGWIN OR BSD)
SET(DESKTOP true)
ENDIF()
FUNCTION(FILE_SIZE _outSize _file)
IF(LINUX)
SET(SIZE_COMMAND stat -c "%s" "${_file}")
ELSEIF(MAC)
SET(SIZE_COMMAND stat -f "%z" "${_file}")
ELSE()
RETURN()
ENDIF()
EXECUTE_PROCESS(COMMAND ${SIZE_COMMAND}
OUTPUT_VARIABLE SIZE_OUTPUT
RESULT_VARIABLE SIZE_RESULT
ERROR_QUIET
OUTPUT_STRIP_TRAILING_WHITESPACE)
IF(${SIZE_RESULT} EQUAL 0)
SET(${_outSize} ${SIZE_OUTPUT} PARENT_SCOPE)
ENDIF()
ENDFUNCTION()
IF(NOT COMMAND FIND_HOST_PACKAGE)
MACRO(FIND_HOST_PACKAGE)
FIND_PACKAGE(${ARGN})
ENDMACRO()
ENDIF()
FUNCTION(FETCH_TARGET_LOCATION _destination _target)
GET_TARGET_PROPERTY(tmp "${_target}" IMPORTED_LOCATION_${CMAKE_BUILD_TYPE})
IF(NOT tmp)
IF("${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
GET_TARGET_PROPERTY(tmp "${_target}" IMPORTED_LOCATION_RELEASE)
ELSEIF("${CMAKE_BUILD_TYPE}" STREQUAL "RELEASE")
GET_TARGET_PROPERTY(tmp "${_target}" IMPORTED_LOCATION_DEBUG)
ENDIF()
ENDIF()
IF(NOT tmp)
GET_TARGET_PROPERTY(tmp "${_target}" IMPORTED_LOCATION)
ENDIF()
SET(${_destination} ${tmp} PARENT_SCOPE)
ENDFUNCTION()
FUNCTION(map_set_value _map _key _value)
SET(${_map}_${_key} "${_value}" PARENT_SCOPE)
ENDFUNCTION()
FUNCTION(map_get_value _var _map _key)
SET(${_var} ${${_map}_${_key}} PARENT_SCOPE)
ENDFUNCTION()
IF(WIN32)
IF(WIN_SIGN_SUBJECT_NAME OR (WIN_SIGN_KEYSTORE AND WIN_SIGN_KEYSTORE_PSW))
FIND_PROGRAM(SIGNTOOL_CMD signtool.exe)
IF(SIGNTOOL_CMD)
OPTION(WIN_TIMESTAMP "Timestamp the MSI/Files" ON)
IF(NOT WIN_SIGN_HASHALGO)
SET(WIN_SIGN_HASHALGO SHA256)
ENDIF()
SET(SIGNTOOL_PARAMS sign /v /fd ${WIN_SIGN_HASHALGO} /d AusweisApp2 /du https://www.ausweisapp.bund.de)
IF(WIN_SIGN_SUBJECT_NAME)
SET(SIGNTOOL_PARAMS ${SIGNTOOL_PARAMS} /n ${WIN_SIGN_SUBJECT_NAME})
MESSAGE(STATUS "Files will be signed using: ${WIN_SIGN_SUBJECT_NAME}")
ELSE()
SET(SIGNTOOL_PARAMS ${SIGNTOOL_PARAMS} /f ${WIN_SIGN_KEYSTORE} /p ${WIN_SIGN_KEYSTORE_PSW})
MESSAGE(STATUS "Files will be signed using: ${WIN_SIGN_KEYSTORE}")
ENDIF()
IF(WIN_TIMESTAMP)
IF(NOT WIN_TIMESTAMP_URL)
SET(WIN_TIMESTAMP_URL http://timestamp.digicert.com)
ENDIF()
SET(SIGNTOOL_PARAMS ${SIGNTOOL_PARAMS} /tr ${WIN_TIMESTAMP_URL} /td ${WIN_SIGN_HASHALGO})
ENDIF()
ELSE()
MESSAGE(STATUS "Could NOT find signtool.exe to sign files")
ENDIF()
ENDIF()
ENDIF()

213
cmake/Install.cmake 100644
View File

@ -0,0 +1,213 @@
################################################
# Implements install target!
# It will be included by ./src/CMakeLists.txt
################################################
SET(TRANSLATION_DESTINATION translations)
SET(DEFAULT_FILE_DESTINATION .)
IF(CMAKE_PREFIX_PATH)
STRING(REPLACE "\\" "/" TOOLCHAIN_PATH ${CMAKE_PREFIX_PATH})
SET(TOOLCHAIN_BIN_PATH ${TOOLCHAIN_PATH}/bin)
SET(TOOLCHAIN_LIB_PATH ${TOOLCHAIN_PATH}/lib)
ENDIF()
SET(SEARCH_ADDITIONAL_DIRS "
SET(CMAKE_MODULE_PATH \"${CMAKE_MODULE_PATH}\")
INCLUDE(Helper)
DIRLIST_OF_FILES(ADDITIONAL_DIRS ${CMAKE_BINARY_DIR}/src/*${CMAKE_SHARED_LIBRARY_SUFFIX})
")
IF(WIN32)
IF(MSVC)
SET(CMAKE_INSTALL_SYSTEM_RUNTIME_DESTINATION .)
IF(NOT CMAKE_VERSION VERSION_LESS "3.6")
SET(CMAKE_INSTALL_UCRT_LIBRARIES TRUE)
ENDIF()
INCLUDE(InstallRequiredSystemLibraries)
ENDIF()
FETCH_TARGET_LOCATION(libSvg "Qt5::Svg")
FETCH_TARGET_LOCATION(pluginSvg "Qt5::QSvgPlugin")
FETCH_TARGET_LOCATION(pluginGif "Qt5::QGifPlugin")
FETCH_TARGET_LOCATION(platformWin "Qt5::QWindowsIntegrationPlugin")
INSTALL(TARGETS AusweisApp DESTINATION . COMPONENT Application)
INSTALL(FILES ${libSvg} DESTINATION . COMPONENT Runtime)
INSTALL(FILES ${pluginSvg} DESTINATION imageformats COMPONENT Runtime)
INSTALL(FILES ${pluginGif} DESTINATION imageformats COMPONENT Runtime)
INSTALL(FILES ${platformWin} DESTINATION platforms COMPONENT Runtime)
INSTALL(CODE
"
${SEARCH_ADDITIONAL_DIRS}
INCLUDE(BundleUtilities)
FIXUP_BUNDLE(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${EXECUTABLE_NAME}\" \"\" \"${TOOLCHAIN_BIN_PATH};\${ADDITIONAL_DIRS}\")
" COMPONENT Runtime)
ELSEIF(APPLE AND NOT IOS)
SET(MACOS_BUNDLE_PLUGINS_DIR ../PlugIns)
SET(MACOS_BUNDLE_FRAMEWORKS_DIR ../Frameworks)
# We need to include the following (i.e. all) image format plug-ins,
# since those seem to be loaded upon program start-up. Not including
# them would cause the respective add-on from a Qt installation (if
# any) to be loaded, which would in turn cause the Qt libraries they
# depend on to be loaded as well, thus resulting in two sets of Qt
# libraries being loaded (ours from the bundle and the ones from the
# installation) and the program misbehaving (crashing).
FETCH_TARGET_LOCATION(platformMac "Qt5::QCocoaIntegrationPlugin")
FOREACH (qtComponent QtCore Qt5Gui Qt5Network Qt5Svg Qt5Widgets)
FOREACH(plugin ${${qtComponent}_PLUGINS})
GET_TARGET_PROPERTY(pluginPath ${plugin} LOCATION)
GET_FILENAME_COMPONENT(pluginDir ${pluginPath} DIRECTORY)
GET_FILENAME_COMPONENT(pluginName ${pluginPath} NAME)
GET_FILENAME_COMPONENT(pluginDirName ${pluginDir} NAME)
INSTALL(FILES ${pluginPath} DESTINATION ${MACOS_BUNDLE_PLUGINS_DIR}/${pluginDirName} COMPONENT Runtime)
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/PlugIns/${pluginDirName}/${pluginName}")
ENDFOREACH()
ENDFOREACH()
INSTALL(TARGETS AusweisApp DESTINATION . COMPONENT Application)
INSTALL(FILES ${platformMac} DESTINATION ${MACOS_BUNDLE_PLUGINS_DIR}/platforms COMPONENT Runtime)
INSTALL(CODE
"
${SEARCH_ADDITIONAL_DIRS}
file(GLOB_RECURSE QTPLUGINS \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${MACOS_BUNDLE_PLUGINS_DIR}/*${CMAKE_SHARED_LIBRARY_SUFFIX}\")
INCLUDE(BundleUtilities)
FIXUP_BUNDLE(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${EXECUTABLE_NAME}\" \"\${QTPLUGINS}\" \"${TOOLCHAIN_LIB_PATH};\${ADDITIONAL_DIRS}\")
" COMPONENT Runtime)
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtCore.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtGui.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtXml.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtNetwork.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtSvg.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtWidgets.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtPrintSupport.framework")
IF(${CMAKE_BUILD_TYPE} STREQUAL "DEBUG")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtQml.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtQuick.framework")
ENDIF()
FOREACH (OPENSSL_LIBRARY ${OPENSSL_LIBRARIES})
GET_FILENAME_COMPONENT(OPENSSL_LIBRARY_REAL ${OPENSSL_LIBRARY} REALPATH)
GET_FILENAME_COMPONENT(OPENSSL_LIBRARY_NAME ${OPENSSL_LIBRARY_REAL} NAME)
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/MacOS/${OPENSSL_LIBRARY_NAME}")
ENDFOREACH()
# set it to parent scope to be able to access it from Packaging.cmake
SET(ADDITIONAL_BUNDLE_FILES_TO_SIGN ${ADDITIONAL_BUNDLE_FILES_TO_SIGN} PARENT_SCOPE)
ELSEIF(IOS)
LIST(APPEND CMAKE_MODULE_PATH "${PACKAGING_DIR}/ios")
ELSEIF(ANDROID)
SET(ANDROID_DEST libs/${ANDROID_ABI})
SET(PERMISSIONS PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
INSTALL(TARGETS AusweisApp DESTINATION ${ANDROID_DEST} ${PERMISSIONS} COMPONENT Application)
SET(RESOURCES_IMG_ANDROID_DIR ${RESOURCES_DIR}/images/android)
INSTALL(FILES ${RESOURCES_IMG_ANDROID_DIR}/ldpi/npa.png DESTINATION res/drawable-ldpi COMPONENT Runtime)
INSTALL(FILES ${RESOURCES_IMG_ANDROID_DIR}/mdpi/npa.png DESTINATION res/drawable-mdpi COMPONENT Runtime)
INSTALL(FILES ${RESOURCES_IMG_ANDROID_DIR}/hdpi/npa.png DESTINATION res/drawable-hdpi COMPONENT Runtime)
INSTALL(FILES ${RESOURCES_IMG_ANDROID_DIR}/xhdpi/npa.png DESTINATION res/drawable-xhdpi COMPONENT Runtime)
INSTALL(FILES ${RESOURCES_IMG_ANDROID_DIR}/xxhdpi/npa.png DESTINATION res/drawable-xxhdpi COMPONENT Runtime)
INSTALL(FILES ${RESOURCES_IMG_ANDROID_DIR}/xxxhdpi/npa.png DESTINATION res/drawable-xxxhdpi COMPONENT Runtime)
INSTALL(FILES ${PACKAGING_DIR}/android/nfc_tech_filter.xml DESTINATION res/xml COMPONENT Runtime)
INSTALL(FILES ${PACKAGING_DIR}/android/colors.xml DESTINATION res/values COMPONENT Runtime)
FILE(GLOB_RECURSE JAVA_FILES "${SRC_DIR}/*.java")
INSTALL(FILES ${JAVA_FILES} DESTINATION src COMPONENT Runtime)
INSTALL(FILES ${PACKAGING_DIR}/android/IAusweisApp2Sdk.aidl DESTINATION src/com/governikus/ausweisapp2/ COMPONENT Runtime)
INSTALL(FILES ${PACKAGING_DIR}/android/IAusweisApp2SdkCallback.aidl DESTINATION src/com/governikus/ausweisapp2/ COMPONENT Runtime)
SET(TRANSLATION_DESTINATION assets/translations)
SET(DEFAULT_FILE_DESTINATION assets)
ELSEIF(UNIX)
IF(BUILD_SHARED_LIBS)
SET(CMAKE_INSTALL_RPATH "\$ORIGIN")
ENDIF()
SET(DEFAULT_FILE_DESTINATION bin)
INSTALL(TARGETS AusweisApp DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Application)
INSTALL(CODE
"
${SEARCH_ADDITIONAL_DIRS}
INCLUDE(BundleUtilities)
FIXUP_BUNDLE(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${DEFAULT_FILE_DESTINATION}/${EXECUTABLE_NAME}\" \"\" \"\${ADDITIONAL_DIRS}\")
" COMPONENT Runtime)
CONFIGURE_FILE(${PACKAGING_DIR}/linux/AusweisApp2.desktop.in ${CMAKE_CURRENT_BINARY_DIR}/AusweisApp2.desktop @ONLY)
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/AusweisApp2.desktop DESTINATION share/applications COMPONENT Application)
#INSTALL(FILES ${RESOURCES_DIR}/images/AusweisApp2.svg DESTINATION share/icons/hicolor/scalable/apps COMPONENT Application)
ENDIF()
IF(LINUX OR WIN32 OR MAC)
OPTION(SELFPACKER "Compress executable with self packer like UPX")
IF(SELFPACKER)
FIND_PACKAGE(SelfPackers)
IF(SELF_PACKER_FOR_EXECUTABLE)
MESSAGE(STATUS "Using SelfPacker: ${SELF_PACKER_FOR_EXECUTABLE} ${SELF_PACKER_FOR_EXECUTABLE_FLAGS}")
ELSE()
MESSAGE(FATAL_ERROR "Cannot find self packer")
ENDIF()
INSTALL(CODE
"
EXECUTE_PROCESS(COMMAND
${SELF_PACKER_FOR_EXECUTABLE} ${SELF_PACKER_FOR_EXECUTABLE_FLAGS} \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${DEFAULT_FILE_DESTINATION}/${EXECUTABLE_NAME}\")
" COMPONENT Application)
ENDIF()
ENDIF()
IF(WIN32)
IF(SIGNTOOL_CMD)
CONFIGURE_FILE(${CMAKE_MODULE_PATH}/SignFiles.cmake.in ${CMAKE_BINARY_DIR}/SignFiles.cmake @ONLY)
INSTALL(CODE
"
EXECUTE_PROCESS(COMMAND \"${CMAKE_COMMAND}\" -DSIGN_EXT=*.exe -P \"${CMAKE_BINARY_DIR}/SignFiles.cmake\" WORKING_DIRECTORY \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${DEFAULT_FILE_DESTINATION}\")
" COMPONENT Application)
ENDIF()
ENDIF()
IF(LINUX)
INSTALL(FILES ${QM_FILES} DESTINATION ${TRANSLATION_DESTINATION} COMPONENT Translations)
ELSE()
INSTALL(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/translations/ DESTINATION ${TRANSLATION_DESTINATION} COMPONENT Translations)
ENDIF()
# resources file
INSTALL(FILES ${RCC} DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)
# secure storage file
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/config.json DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)
# qtlogging.ini
INSTALL(FILES ${RESOURCES_DIR}/qtlogging.ini DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)
# qml directory
IF(IOS OR ANDROID)
INSTALL(DIRECTORY ${RESOURCES_DIR}/qml DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)
ENDIF()
# default-providers.json
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/default-providers.json DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)
# default-supported-devices.json
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/default-supported-devices.json DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)

118
cmake/Libraries.cmake 100644
View File

@ -0,0 +1,118 @@
# Set CMAKE_PREFIX_PATH with toolchain directory
IF(MINGW)# AND CMAKE_VERSION VERSION_LESS 3.3.0) # see https://public.kitware.com/Bug/view.php?id=15409
SET(CMAKE_FIND_LIBRARY_SUFFIXES ".dll.a" ".a" ".lib")
ENDIF()
SET(MIN_QT_VERSION 5.7)
FIND_PACKAGE(Qt5Core ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Network ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Xml ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Svg ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5PrintSupport ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5LinguistTools ${MIN_QT_VERSION} REQUIRED)
IF(DESKTOP)
FIND_PACKAGE(Qt5Widgets ${MIN_QT_VERSION} REQUIRED)
ENDIF()
IF(ANDROID OR IOS OR "${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
FIND_PACKAGE(Qt5Qml ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Quick ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5QuickControls2 ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5WebSockets ${MIN_QT_VERSION} REQUIRED)
ENDIF()
IF(LINUX OR ANDROID OR IOS)
FIND_PACKAGE(Qt5Bluetooth ${MIN_QT_VERSION} REQUIRED)
ENDIF()
IF(ANDROID)
FIND_PACKAGE(Qt5AndroidExtras ${MIN_QT_VERSION} REQUIRED)
ENDIF()
SET(QT_HOST_PREFIX ${_qt5Core_install_prefix})
FOREACH(dest "" "share/qt" "share/qt5")
IF(EXISTS "${QT_HOST_PREFIX}/${dest}/translations")
SET(QT_TRANSLATIONS_DIR ${QT_HOST_PREFIX}/${dest}/translations)
ENDIF()
ENDFOREACH()
MESSAGE(STATUS "QT_HOST_PREFIX: ${QT_HOST_PREFIX}")
MESSAGE(STATUS "QT_TRANSLATIONS_DIR: ${QT_TRANSLATIONS_DIR}")
SET(QT_VENDOR_FILE "${QT_HOST_PREFIX}/mkspecs/qt_vendor_governikus")
IF(EXISTS "${QT_VENDOR_FILE}")
SET(QT_VENDOR "Governikus")
MESSAGE(STATUS "QT_VENDOR: ${QT_VENDOR}")
ENDIF()
IF(NOT DEFINED QT_TRANSLATIONS_DIR)
MESSAGE(FATAL_ERROR "Cannot detect QT_TRANSLATIONS_DIR")
ENDIF()
IF(MINGW AND NOT CMAKE_CROSSCOMPILING)
SET(tmp_crosscompile_enabled TRUE)
SET(CMAKE_CROSSCOMPILING ON)
ENDIF()
FIND_PACKAGE(OpenSSL 1.0.2 REQUIRED)
IF(tmp_crosscompile_enabled)
SET(CMAKE_CROSSCOMPILING OFF)
ENDIF()
IF(ANDROID)
STRING(REPLACE "libssl.so" "libgovssl.so" OPENSSL_LIBRARIES "${OPENSSL_LIBRARIES}")
STRING(REPLACE "libcrypto.so" "libgovcrypto.so" OPENSSL_LIBRARIES "${OPENSSL_LIBRARIES}")
STRING(REPLACE "libssl.so" "libgovssl.so" OPENSSL_SSL_LIBRARY "${OPENSSL_SSL_LIBRARY}")
STRING(REPLACE "libcrypto.so" "libgovcrypto.so" OPENSSL_CRYPTO_LIBRARY "${OPENSSL_CRYPTO_LIBRARY}")
MESSAGE(STATUS "Rewrite OPENSSL_LIBRARIES: ${OPENSSL_LIBRARIES}")
ENDIF()
IF(MINGW)
SET(PCSC_LIBRARIES -lwinscard)
SET(WIN_DEFAULT_LIBS "-lAdvapi32" "-lKernel32" "-lOle32" "-lSetupapi" "-lVersion" "-lws2_32")
ELSEIF(MSVC)
SET(PCSC_LIBRARIES winscard.lib)
SET(WIN_DEFAULT_LIBS setupapi.lib version.lib Ws2_32.lib)
ELSEIF(ANDROID)
ELSEIF(IOS)
FIND_LIBRARY(IOS_ASSETSLIBRARY AssetsLibrary)
FIND_LIBRARY(IOS_UIKIT UIKit)
FIND_LIBRARY(IOS_MOBILECORESERVICES MobileCoreServices)
FIND_LIBRARY(IOS_COREBLUETOOTH CoreBluetooth)
FIND_LIBRARY(IOS_COREFOUNDATION CoreFoundation)
FIND_LIBRARY(IOS_OPENGLES OpenGLES)
FIND_LIBRARY(IOS_FOUNDATION Foundation)
FIND_LIBRARY(IOS_QUARTZCORE QuartzCore)
FIND_LIBRARY(IOS_CORETEXT CoreText)
FIND_LIBRARY(IOS_COREGRAPHICS CoreGraphics)
FIND_LIBRARY(IOS_SECURITY Security)
FIND_LIBRARY(IOS_SYSTEMCONFIGURATION SystemConfiguration)
FIND_LIBRARY(IOS_AUDIOTOOLBOX AudioToolbox)
ELSEIF(MAC)
FIND_PATH(PCSC_INCLUDE_DIRS WinSCard.h)
FIND_LIBRARY(PCSC_LIBRARIES NAMES PCSC WinSCard)
FIND_LIBRARY(OSX_APPKIT AppKit)
FIND_LIBRARY(IOKIT NAMES IOKit)
FIND_LIBRARY(OSX_SECURITY Security)
ELSEIF(UNIX)
IF(LINUX)
FIND_LIBRARY(LIBUDEV NAMES udev ludev libudev)
ENDIF()
FIND_PACKAGE(PkgConfig REQUIRED)
pkg_check_modules(PCSC REQUIRED libpcsclite)
LINK_DIRECTORIES("${PCSC_LIBRARY_DIRS}")
ENDIF()
IF("${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
FIND_PACKAGE(Qt5Test ${MIN_QT_VERSION} REQUIRED)
ENDIF()

32
cmake/Messages.cmake 100644
View File

@ -0,0 +1,32 @@
MESSAGE(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
MESSAGE(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}")
MESSAGE(STATUS "CMAKE_PREFIX_PATH: ${CMAKE_PREFIX_PATH}")
MESSAGE(STATUS "CMAKE_INCLUDE_PATH: ${CMAKE_INCLUDE_PATH}")
MESSAGE(STATUS "CMAKE_LIBRARY_PATH: ${CMAKE_LIBRARY_PATH}")
MESSAGE(STATUS "CMAKE_SYSTEM_PREFIX_PATH: ${CMAKE_SYSTEM_PREFIX_PATH}")
MESSAGE(STATUS "CMAKE_SYSTEM_INCLUDE_PATH: ${CMAKE_SYSTEM_INCLUDE_PATH}")
MESSAGE(STATUS "CMAKE_VERSION: ${CMAKE_VERSION}")
IF(ANDROID)
MESSAGE(STATUS "ANDROID_SDK: ${ANDROID_SDK}")
MESSAGE(STATUS "ANDROID_NDK: ${ANDROID_NDK}")
MESSAGE(STATUS "ANDROID_NDK_RELEASE: ${ANDROID_NDK_RELEASE}")
MESSAGE(STATUS "ANDROID_NDK_HOST_SYSTEM_NAME: ${ANDROID_NDK_HOST_SYSTEM_NAME}")
MESSAGE(STATUS "ANDROID_ABI: ${ANDROID_ABI}")
MESSAGE(STATUS "ANDROID_NATIVE_API_LEVEL: ${ANDROID_NATIVE_API_LEVEL}")
MESSAGE(STATUS "ANDROID_SYSROOT: ${ANDROID_SYSROOT}")
MESSAGE(STATUS "ANDROID_COMPILER_VERSION: ${ANDROID_COMPILER_VERSION}")
MESSAGE(STATUS "ANDROID_TOOLCHAIN_MACHINE_NAME: ${ANDROID_TOOLCHAIN_MACHINE_NAME}")
MESSAGE(STATUS "ANDROID_TOOLCHAIN_NAME: ${ANDROID_TOOLCHAIN_NAME}")
MESSAGE(STATUS "ANDROID_TOOLCHAIN_ROOT: ${ANDROID_TOOLCHAIN_ROOT}")
ELSEIF(IOS)
MESSAGE(STATUS "CMAKE_IOS_SDK_ROOT: ${CMAKE_IOS_SDK_ROOT}")
MESSAGE(STATUS "CMAKE_IOS_DEVELOPER_ROOT: ${CMAKE_IOS_DEVELOPER_ROOT}")
ENDIF()
MESSAGE(STATUS "BUILD_SHARED_LIBS: ${BUILD_SHARED_LIBS}")

219
cmake/Packaging.cmake 100644
View File

@ -0,0 +1,219 @@
# CPack
# http://www.cmake.org/Wiki/CMake:CPackConfiguration
SET(FILENAME ${PROJECT_NAME}-${PROJECT_VERSION})
IF(ANDROID)
SET(FILENAME ${FILENAME}-${ANDROID_ABI})
ENDIF()
IF(DEFINED dvcs_distance)
SET(FILENAME ${FILENAME}+${dvcs_distance})
ENDIF()
IF(DEFINED dvcs_branch)
SET(FILENAME ${FILENAME}-${dvcs_branch})
ENDIF()
IF(DEFINED dvcs_phase)
SET(FILENAME ${FILENAME}-${dvcs_phase})
ENDIF()
IF(DEFINED dvcs_revision)
SET(FILENAME ${FILENAME}-${dvcs_revision})
ENDIF()
SET(CPACK_PACKAGE_NAME ${PROJECT_NAME})
SET(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})
SET(CPACK_PACKAGE_VERSION_MAJOR ${PROJECT_VERSION_MAJOR})
SET(CPACK_PACKAGE_VERSION_MINOR ${PROJECT_VERSION_MINOR})
SET(CPACK_PACKAGE_VERSION_PATCH ${PROJECT_VERSION_PATCH})
SET(CPACK_PACKAGE_VERSION_TWEAK ${PROJECT_VERSION_TWEAK})
SET(CPACK_PACKAGE_VENDOR "Governikus GmbH & Co. KG")
SET(CPACK_PACKAGE_CONTACT "info@governikus.com")
SET(CPACK_PACKAGE_DESCRIPTION_SUMMARY "Governikus AusweisApp2")
SET(CPACK_PACKAGE_DESCRIPTION_FILE "${PROJECT_SOURCE_DIR}/README.rst")
SET(CPACK_PACKAGE_FILE_NAME ${FILENAME})
SET(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE.txt")
IF(APPLE AND NOT IOS)
FIND_PROGRAM(ICONV iconv)
IF(NOT ICONV)
MESSAGE(FATAL_ERROR "Cannot find 'iconv' to convert LICENSE.txt")
ENDIF()
EXECUTE_PROCESS(COMMAND ${ICONV} -f UTF-8 -t MAC ${CPACK_RESOURCE_FILE_LICENSE} OUTPUT_FILE "${PROJECT_BINARY_DIR}/LICENSE.txt")
SET(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_BINARY_DIR}/LICENSE.txt")
ENDIF()
IF(${CMAKE_BUILD_TYPE} STREQUAL "RELEASE")
SET(CPACK_STRIP_FILES TRUE)
ENDIF()
SET(CPACK_SOURCE_GENERATOR TGZ)
SET(CPACK_SOURCE_PACKAGE_FILE_NAME ${FILENAME} CACHE INTERNAL "tarball basename")
SET(CPACK_SOURCE_IGNORE_FILES "\\\\.hgignore" "\\\\.hgtags" "/\\\\.hg/")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "vendor.txt")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "${CMAKE_CURRENT_BINARY_DIR}")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeCache.txt")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeFiles")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeLists\\\\.txt\\\\.user")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "\\\\.project")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "\\\\.cproject")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "\\\\.reviewboardrc")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "utils/tlscheck")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "utils/testbedtool")
SET(CPACK_MONOLITHIC_INSTALL true)
IF(WIN32)
SET(CPACK_PACKAGE_EXECUTABLES "AusweisApp2;AusweisApp2")
SET(CPACK_GENERATOR WIX)
SET(CPACK_WIX_UPGRADE_GUID 4EE0E467-EAB7-483E-AB45-87BD1DB6B037)
SET(CPACK_WIX_PRODUCT_ICON ${RESOURCES_DIR}/images/npa.ico)
SET(CPACK_WIX_CULTURES de-DE en-US)
# disable above line, enable beneath line to build MSI for english
# SET(CPACK_WIX_CULTURES en-US)
SET(CPACK_WIX_TEMPLATE ${PACKAGING_DIR}/win/WIX.template.in)
SET(CPACK_WIX_UI_BANNER ${RESOURCES_DIR}/images/wix_banner.jpg)
SET(CPACK_WIX_UI_DIALOG ${RESOURCES_DIR}/images/wix_dialog.jpg)
SET(CPACK_WIX_EXTENSIONS WixUtilExtension)
SET(CPACK_WIX_LIGHT_EXTRA_FLAGS -loc ${PACKAGING_DIR}/win/WIX.Texts.de-DE.wxl -loc ${PACKAGING_DIR}/win/WIX.Texts.en-US.wxl)
IF(SIGNTOOL_CMD)
MESSAGE(STATUS "MSI can be signed with 'make package.sign'")
ADD_CUSTOM_TARGET(package.sign COMMAND ${SIGNTOOL_CMD} ${SIGNTOOL_PARAMS} ${PROJECT_BINARY_DIR}/${CPACK_PACKAGE_FILE_NAME}.msi)
ENDIF()
ELSEIF(IOS)
FIND_PROGRAM(xcrun xcrun CMAKE_FIND_ROOT_PATH_BOTH)
IF(NOT xcrun)
MESSAGE(FATAL_ERROR "Cannot find xcrun to create IPAs")
ENDIF()
FILE(WRITE ${PROJECT_BINARY_DIR}/ipa.cmake "
SET(BUNDLE_DIRS \"\${CONFIG}-iphoneos;UninstalledProducts;UninstalledProducts/iphoneos\")
FOREACH(dir \${BUNDLE_DIRS})
SET(tmpBundleDir ${PROJECT_BINARY_DIR}/src/\${dir}/${PROJECT_NAME}.app)
IF(EXISTS \"\${tmpBundleDir}\")
SET(BundleDir \"\${tmpBundleDir}\")
BREAK()
ENDIF()
ENDFOREACH()
IF(BundleDir)
MESSAGE(STATUS \"Use bundle: \${BundleDir}\")
ELSE()
MESSAGE(FATAL_ERROR \"Bundle directory does not exist\")
ENDIF()
EXECUTE_PROCESS(COMMAND ${xcrun} -sdk iphoneos PackageApplication \${BundleDir} -o ${PROJECT_BINARY_DIR}/${CPACK_PACKAGE_FILE_NAME}.ipa)
")
ADD_CUSTOM_TARGET(ipa COMMAND ${CMAKE_COMMAND} -DCONFIG=$<CONFIGURATION> -P ${CMAKE_BINARY_DIR}/ipa.cmake)
ELSEIF(APPLE)
SET(MACOS_PACKAGING_DIR ${PACKAGING_DIR}/macos)
SET(CPACK_GENERATOR Bundle)
SET(CPACK_INSTALL_CMAKE_PROJECTS ${CMAKE_BINARY_DIR};${PROJECT_NAME};ALL;/)
SET(CPACK_BUNDLE_NAME ${PROJECT_NAME})
SET(CPACK_BUNDLE_ICON ${RESOURCES_DIR}/images/bundle_icons.icns)
SET(CPACK_BUNDLE_APPLE_CERT_APP "Developer ID Application: Governikus GmbH & Co. KG (G7EQCJU4BR)")
SET(CPACK_BUNDLE_APPLE_CODESIGN_FILES ${ADDITIONAL_BUNDLE_FILES_TO_SIGN})
SET(CPACK_APPLE_BUNDLE_ID "com.governikus.AusweisApp2")
SET(CPACK_BUNDLE_APPLE_CODESIGN_PARAMETER "--force")
OPTION(OSX_TIMESTAMP "Timestamp the application bundle" ON)
IF(OSX_TIMESTAMP)
SET(CPACK_BUNDLE_APPLE_CODESIGN_PARAMETER "${CPACK_BUNDLE_APPLE_CODESIGN_PARAMETER} --timestamp")
ELSE()
SET(CPACK_BUNDLE_APPLE_CODESIGN_PARAMETER "${CPACK_BUNDLE_APPLE_CODESIGN_PARAMETER} --timestamp=none")
ENDIF()
SET(CPACK_PACKAGE_ICON ${RESOURCES_DIR}/images/dmg_icons.icns)
SET(CPACK_DMG_VOLUME_NAME ${CPACK_PACKAGE_NAME})
SET(CPACK_DMG_FORMAT UDBZ)
SET(CPACK_DMG_BACKGROUND_IMAGE ${RESOURCES_DIR}/images/dmg_background.png)
SET(CPACK_DMG_SLA_DIR ${MACOS_PACKAGING_DIR}/sla)
SET(CPACK_DMG_SLA_LANGUAGES English German)
# We can not generate the DS_STORE on each build since jenkins runs headless
#SET(CPACK_DMG_DS_STORE_SETUP_SCRIPT ${MACOS_PACKAGING_DIR}/prepare-ds_store.applescript)
SET(CPACK_DMG_DS_STORE ${MACOS_PACKAGING_DIR}/DS_STORE)
SET(INFO_PLIST_FILE_NAME Info.plist)
CONFIGURE_FILE(${MACOS_PACKAGING_DIR}/${INFO_PLIST_FILE_NAME} ${INFO_PLIST_FILE_NAME} @ONLY)
SET(CPACK_BUNDLE_PLIST ${INFO_PLIST_FILE_NAME})
SET(STARTUP_FILE_NAME start-ausweisapp2.sh)
CONFIGURE_FILE(${MACOS_PACKAGING_DIR}/${STARTUP_FILE_NAME} ${STARTUP_FILE_NAME} @ONLY)
SET(CPACK_BUNDLE_STARTUP_COMMAND ${STARTUP_FILE_NAME})
ELSEIF(ANDROID)
FIND_PROGRAM(androiddeployqt androiddeployqt CMAKE_FIND_ROOT_PATH_BOTH)
IF(NOT androiddeployqt)
MESSAGE(FATAL_ERROR "Cannot find androiddeployqt to create APKs")
ENDIF()
MESSAGE(STATUS "Using androiddeployqt: ${androiddeployqt}")
SET(ANDROID_APK_DIR ${CMAKE_INSTALL_PREFIX})
SET(DEPLOYMENT_SETTINGS ${PROJECT_BINARY_DIR}/libAusweisApp2.so-deployment-settings.json)
SET(PACKAGE_SRC_DIR ${PROJECT_BINARY_DIR}/package-src-dir)
IF("${ANDROID_ABI}" STREQUAL "x86")
SET(ANDROID_TOOLCHAIN_PREFIX x86)
SET(ANDROID_TOOL_PREFIX i686-linux-android)
ELSEIF("${ANDROID_ABI}" STREQUAL "armeabi-v7a")
SET(ANDROID_TOOLCHAIN_PREFIX arm-linux-androideabi)
SET(ANDROID_TOOL_PREFIX arm-linux-androideabi)
ELSEIF("${ANDROID_ABI}" STREQUAL "arm64-v8a")
SET(ANDROID_TOOLCHAIN_PREFIX aarch64-linux-android)
SET(ANDROID_TOOL_PREFIX aarch64-linux-android)
ELSE()
MESSAGE(FATAL_ERROR "Unsupported ANDROID_ABI: ${ANDROID_ABI}")
ENDIF()
CONFIGURE_FILE(${PACKAGING_DIR}/android/AndroidManifest.xml.in ${PACKAGE_SRC_DIR}/AndroidManifest.xml @ONLY)
CONFIGURE_FILE(${PACKAGING_DIR}/android/libAusweisApp2.so-deployment-settings.json.in ${DEPLOYMENT_SETTINGS} @ONLY)
IF(${CMAKE_BUILD_TYPE} STREQUAL "RELEASE")
IF(APK_SIGN_KEYSTORE AND APK_SIGN_KEYSTORE_ALIAS AND APK_SIGN_KEYSTORE_PSW)
MESSAGE(STATUS "Release build will be signed using: ${APK_SIGN_KEYSTORE} | Alias: ${APK_SIGN_KEYSTORE_ALIAS}")
SET(DEPLOY_CMD_SIGN --sign ${APK_SIGN_KEYSTORE} ${APK_SIGN_KEYSTORE_ALIAS} --storepass ${APK_SIGN_KEYSTORE_PSW} --digestalg SHA-256 --sigalg SHA256WithRSA)
SET(APK_FILE QtApp-release-signed.apk)
ELSE()
MESSAGE(FATAL_ERROR "Cannot sign release build! Set APK_SIGN_KEYSTORE, APK_SIGN_KEYSTORE_ALIAS and APK_SIGN_KEYSTORE_PSW!")
ENDIF()
ELSE()
SET(APK_FILE QtApp-debug.apk)
ENDIF()
SET(DEPLOY_CMD ${androiddeployqt} --verbose --input ${DEPLOYMENT_SETTINGS} --output ${ANDROID_APK_DIR} ${DEPLOY_CMD_SIGN})
SET(DESTINATION_APK_FILE ${CMAKE_INSTALL_PREFIX}/bin/${CPACK_PACKAGE_FILE_NAME}.apk)
# Add DEPENDS install someday
# http://public.kitware.com/Bug/view.php?id=8438
ADD_CUSTOM_TARGET(apk
COMMAND ${DEPLOY_CMD}
COMMAND ${CMAKE_COMMAND} -E rename ${CMAKE_INSTALL_PREFIX}/bin/${APK_FILE} ${DESTINATION_APK_FILE})
FIND_PROGRAM(jarsigner jarsigner CMAKE_FIND_ROOT_PATH_BOTH)
IF(jarsigner)
IF(APK_SIGN_KEYSTORE)
SET(jarsigner_keystore -keystore ${APK_SIGN_KEYSTORE})
ENDIF()
ADD_CUSTOM_TARGET(verify.signature
COMMAND ${jarsigner} -verify -verbose -certs ${jarsigner_keystore} ${DESTINATION_APK_FILE})
ENDIF()
ELSEIF(UNIX)
SET(CPACK_GENERATOR STGZ)
ENDIF()
INCLUDE(CPack)

63
cmake/SignFiles.cmake.in 100644
View File

@ -0,0 +1,63 @@
CMAKE_MINIMUM_REQUIRED(VERSION 3.1.0)
FUNCTION(IS_SIGNED _result _file)
EXECUTE_PROCESS(COMMAND "@SIGNTOOL_CMD@" verify /pa ${file}
OUTPUT_VARIABLE _output
ERROR_QUIET
WORKING_DIRECTORY "${CMAKE_BINARY_DIR}")
IF("${_output}" MATCHES "Successfully verified: ")
SET(${_result} TRUE PARENT_SCOPE)
ELSE()
SET(${_result} FALSE PARENT_SCOPE)
ENDIF()
ENDFUNCTION()
FUNCTION(CREATE_PARAMETER _output_param _output_remain _input)
SET(param)
SET(remain)
FOREACH(file ${_input})
UNSET(signed)
IS_SIGNED(signed "${file}")
IF(signed)
MESSAGE(STATUS "File is already signed: ${file}")
CONTINUE()
ENDIF()
# Avoid max parameter length
# Windows has a limit of 8191
STRING(LENGTH "${param} ${file}" len)
IF(len LESS 7500)
LIST(APPEND param ${file})
ELSE()
LIST(APPEND remain ${file})
ENDIF()
ENDFOREACH()
SET(${_output_param} ${param} PARENT_SCOPE)
SET(${_output_remain} ${remain} PARENT_SCOPE)
ENDFUNCTION()
SET(FILE_EXTENSIONS *.dll ${SIGN_EXT})
MESSAGE(STATUS "Sign files in directory: ${CMAKE_BINARY_DIR}")
MESSAGE(STATUS "Sign file extensions: ${FILE_EXTENSIONS}")
FILE(GLOB_RECURSE FILES RELATIVE "${CMAKE_BINARY_DIR}" ${FILE_EXTENSIONS})
MESSAGE(STATUS "Sign files: ${FILES}")
WHILE(FILES)
CREATE_PARAMETER(param remain "${FILES}")
IF(param)
MESSAGE(STATUS "Call signtool with files: ${param}")
EXECUTE_PROCESS(COMMAND "@SIGNTOOL_CMD@" @SIGNTOOL_PARAMS@ ${param} WORKING_DIRECTORY "${CMAKE_BINARY_DIR}")
ELSE()
MESSAGE(WARNING "Every file is already signed")
BREAK()
ENDIF()
SET(FILES ${remain})
ENDWHILE()

91
cmake/Sphinx.cmake 100644
View File

@ -0,0 +1,91 @@
FIND_PROGRAM(SPHINX_BIN NAMES sphinx-build2 sphinx-build CMAKE_FIND_ROOT_PATH_BOTH)
IF(SPHINX_BIN)
SET(SPHINX_FOUND TRUE)
FUNCTION(SPHINX_INTERNAL_BUILD SPHINX_DOCS_DIR _target _builder _options _output _defaultLang)
IF("${_builder}" STREQUAL "gettext")
MESSAGE(STATUS "Generate ${_target} POT files")
ELSE()
FILE(GLOB _LOCALES "${SPHINX_DOCS_DIR}/locales/*")
ENDIF()
LIST(APPEND _LOCALES ${_defaultLang})
SET(_TMP_DIR "${CMAKE_BINARY_DIR}/_tmp/${_target}/${_builder}")
SET(_CONFIG_DIR "${_TMP_DIR}/config")
SET(SPHINX_CONF_PY_IN "${SPHINX_DOCS_DIR}/${_builder}.conf.py.in")
IF(NOT EXISTS "${SPHINX_CONF_PY_IN}")
SET(SPHINX_CONF_PY_IN "${SPHINX_DOCS_DIR}/conf.py.in")
ENDIF()
CONFIGURE_FILE("${SPHINX_CONF_PY_IN}" "${_CONFIG_DIR}/conf.py" @ONLY) # Use @SPHINX_DOCS_DIR@ here
FILE(GLOB_RECURSE _FILES
"${SPHINX_DOCS_DIR}/*.rst"
"${SPHINX_DOCS_DIR}/*.po"
"${SPHINX_DOCS_DIR}/*.png"
"${SPHINX_DOCS_DIR}/*.jpg"
"${SPHINX_DOCS_DIR}/*.svg")
FOREACH(lang ${_LOCALES})
GET_FILENAME_COMPONENT(lang "${lang}" NAME)
MESSAGE(STATUS "Generate (${_builder}) ${_target}: ${lang}")
SET(target_dir "${_output}/${_target}/${_builder}/${lang}")
SET(TARGET_CMD ${SPHINX_BIN} -c "${_CONFIG_DIR}" -Dlanguage=${lang} ${_options} -d "${_TMP_DIR}/${lang}" -b ${_builder} "${SPHINX_DOCS_DIR}" "${target_dir}")
ADD_CUSTOM_COMMAND(OUTPUT ${target_dir} COMMAND ${TARGET_CMD} DEPENDS ${_FILES})
SET(subtarget ${_target}.${_builder}.${lang})
ADD_CUSTOM_TARGET(${subtarget} DEPENDS ${target_dir} SOURCES ${_FILES})
LIST(APPEND target_list ${subtarget})
IF("${_builder}" STREQUAL "latex")
ADD_CUSTOM_TARGET(${subtarget}.pdf COMMAND make WORKING_DIRECTORY ${target_dir} DEPENDS ${subtarget})
LIST(APPEND target_list_pdf ${subtarget}.pdf)
ENDIF()
ENDFOREACH()
LIST(APPEND _FILES "${SPHINX_CONF_PY_IN}")
ADD_CUSTOM_TARGET(${_target}.${_builder} DEPENDS ${target_list} SOURCES ${_FILES})
IF("${_builder}" STREQUAL "latex")
ADD_CUSTOM_TARGET(${_target}.${_builder}.pdf DEPENDS ${target_list_pdf} SOURCES ${_FILES})
ENDIF()
ENDFUNCTION()
FUNCTION(SPHINX_GEN SPHINX_DOCS_DIR _target)
SET(options )
SET(oneValueArgs DEST OPTIONS DEFAULT_LANG)
SET(multiValueArgs BUILDER)
cmake_parse_arguments(_PARAM "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
IF(NOT _PARAM_DEST)
SET(_PARAM_DEST "${CMAKE_CURRENT_BINARY_DIR}")
ENDIF()
IF(NOT _PARAM_DEFAULT_LANG)
SET(_PARAM_DEFAULT_LANG de)
ENDIF()
IF(NOT _PARAM_BUILDER)
IF(SPHINX_BUILDER_${_target})
SET(_PARAM_BUILDER ${SPHINX_BUILDER_${_target}})
ELSEIF(SPHINX_BUILDER)
SET(_PARAM_BUILDER ${SPHINX_BUILDER})
ELSE()
SET(_PARAM_BUILDER "html")
ENDIF()
ENDIF()
FOREACH(builder ${_PARAM_BUILDER})
map_get_value(builder_options "${_PARAM_OPTIONS}" "${builder}")
SPHINX_INTERNAL_BUILD(${SPHINX_DOCS_DIR} "${_target}" "${builder}" "${builder_options}" "${_PARAM_DEST}" "${_PARAM_DEFAULT_LANG}")
LIST(APPEND _dep_targets ${_target}.${builder})
ENDFOREACH()
ADD_CUSTOM_TARGET(${_target} DEPENDS ${_dep_targets})
CREATE_DOC8_TARGET("${SPHINX_DOCS_DIR}" "${_target}")
ENDFUNCTION()
ENDIF()

172
cmake/Tools.cmake 100644
View File

@ -0,0 +1,172 @@
IF(COVERAGE)
# LCov (http://ltp.sourceforge.net/coverage/lcov.php)
FIND_PROGRAM(LCOV_BIN lcov CMAKE_FIND_ROOT_PATH_BOTH)
IF(LCOV_BIN)
SET(LCOV_FILE "${PROJECT_BINARY_DIR}/coverage.info")
SET(LCOV_GLOBAL_CMD ${LCOV_BIN} -q -o ${LCOV_FILE})
SET(LCOV_CMD ${LCOV_GLOBAL_CMD} -c -d ${PROJECT_BINARY_DIR} -b ${PROJECT_SOURCE_DIR})
SET(LCOV_RM_CMD ${LCOV_GLOBAL_CMD} -r ${LCOV_FILE} "*/test/*" "*/include/*" "*/src/external/*" "moc_*" "*.moc" "qrc_*" "ui_*")
IF("${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
IF(WIN32)
SET(CLANG_GCOV py)
ELSE()
SET(CLANG_GCOV sh)
ENDIF()
SET(LCOV_CMD ${LCOV_CMD} --gcov-tool ${RESOURCES_DIR}/jenkins/clang-gcov.${CLANG_GCOV})
ENDIF()
ADD_CUSTOM_COMMAND(OUTPUT ${LCOV_FILE} COMMAND ${LCOV_CMD} COMMAND ${LCOV_RM_CMD})
ADD_CUSTOM_TARGET(lcov COMMAND ${LCOV_BIN} -l ${LCOV_FILE} DEPENDS ${LCOV_FILE})
FIND_PROGRAM(GENHTML_BIN genhtml CMAKE_FIND_ROOT_PATH_BOTH)
IF(GENHTML_BIN)
SET(REPORT_DIR "${PROJECT_BINARY_DIR}/coverage.report")
SET(GENHTML_CMD ${GENHTML_BIN} -q -p ${PROJECT_SOURCE_DIR} --num-spaces=4 -o ${REPORT_DIR} ${LCOV_FILE})
FIND_PROGRAM(FILT_BIN c++filt CMAKE_FIND_ROOT_PATH_BOTH)
IF(FILT_BIN)
SET(GENHTML_CMD ${GENHTML_CMD} --demangle-cpp)
ENDIF()
ADD_CUSTOM_COMMAND(OUTPUT ${REPORT_DIR} COMMAND ${GENHTML_CMD} DEPENDS ${LCOV_FILE})
ADD_CUSTOM_TARGET(lcov.report DEPENDS ${REPORT_DIR})
ENDIF()
SET(LCOV_XML "${PROJECT_BINARY_DIR}/coverage.xml")
SET(LCOV_COBERTURA_CMD ${RESOURCES_DIR}/jenkins/lcov_cobertura.py ${LCOV_FILE} -b ${PROJECT_SOURCE_DIR} -o ${LCOV_XML})
ADD_CUSTOM_COMMAND(OUTPUT ${LCOV_XML} COMMAND ${LCOV_COBERTURA_CMD} DEPENDS ${LCOV_FILE})
ADD_CUSTOM_TARGET(lcov.xml DEPENDS ${LCOV_XML})
ENDIF()
# gcovr (http://gcovr.com/)
FIND_PROGRAM(GCOVR_BIN gcovr CMAKE_FIND_ROOT_PATH_BOTH)
IF(GCOVR_BIN)
SET(GCOVR_FILE "${PROJECT_BINARY_DIR}/gcovr.xml")
SET(GCOVR_CMD ${GCOVR_BIN} -x -o ${GCOVR_FILE} --exclude="src/external" --exclude="test" -r ${PROJECT_SOURCE_DIR} ${PROJECT_BINARY_DIR})
ADD_CUSTOM_COMMAND(OUTPUT ${GCOVR_FILE} COMMAND ${GCOVR_CMD})
ADD_CUSTOM_TARGET(gcovr DEPENDS ${GCOVR_FILE})
ENDIF()
ENDIF()
# CppCheck (http://cppcheck.sourceforge.net)
FIND_PROGRAM(CPPCHECK_BIN cppcheck CMAKE_FIND_ROOT_PATH_BOTH)
IF(CPPCHECK_BIN)
SET(XML_FILE "${PROJECT_BINARY_DIR}/cppcheck.xml")
SET(XML_FILE_TESTS "${PROJECT_BINARY_DIR}/cppcheck.tests.xml")
SET(CPPCHECK_SUPPRESS --suppress=missingInclude --suppress=unmatchedSuppression --suppress=unusedFunction --suppress=noExplicitConstructor)
SET(CPPCHECK_SUPPRESS_SRC ${CPPCHECK_SUPPRESS})
SET(CPPCHECK_SUPPRESS_TESTS ${CPPCHECK_SUPPRESS} --suppress=noConstructor)
DIRLIST_OF_FILES(CPPCHECK_INCLUDE_DIRS ${SRC_DIR}/*.h)
FOREACH(dir ${CPPCHECK_INCLUDE_DIRS})
SET(CPPCHECK_OPTIONS "${CPPCHECK_OPTIONS} -I${dir}")
ENDFOREACH()
SET(CPPCHECK_CMD ${CPPCHECK_BIN} ${CPPCHECK_OPTIONS} --relative-paths=${PROJECT_SOURCE_DIR} --enable=all ${SRC_DIR} ${CPPCHECK_SUPPRESS_SRC} --force)
SET(CPPCHECK_CMD_TESTS ${CPPCHECK_BIN} ${CPPCHECK_OPTIONS} --relative-paths=${PROJECT_SOURCE_DIR} --enable=all ${TEST_DIR} ${CPPCHECK_SUPPRESS_TESTS} --force)
SET(CPPCHECK_OPTIONS_FILE -q --xml --xml-version=2)
ADD_CUSTOM_COMMAND(OUTPUT ${XML_FILE} COMMAND ${CPPCHECK_CMD} ${CPPCHECK_OPTIONS_FILE} 2> ${XML_FILE} COMMAND ${CPPCHECK_CMD_TESTS} ${CPPCHECK_OPTIONS_FILE} 2> ${XML_FILE_TESTS})
ADD_CUSTOM_COMMAND(OUTPUT ${XML_FILE_TESTS} COMMAND ${CPPCHECK_CMD_TESTS} ${CPPCHECK_OPTIONS_FILE} 2> ${XML_FILE_TESTS})
ADD_CUSTOM_TARGET(cppcheck COMMAND ${CPPCHECK_CMD_TESTS} -v COMMAND ${CPPCHECK_CMD} -v)
ADD_CUSTOM_TARGET(cppcheck.report DEPENDS ${XML_FILE} ${XML_FILE_TESTS})
ENDIF()
# CppNcss (http://cppncss.sourceforge.net)
FIND_PROGRAM(CPPNCSS_BIN cppncss CMAKE_FIND_ROOT_PATH_BOTH)
IF(CPPNCSS_BIN)
SET(XML_FILE "${PROJECT_BINARY_DIR}/cppncss.xml")
SET(CPPNCSS_CMD ${CPPNCSS_BIN} -k -r -p="${PROJECT_SOURCE_DIR}/" ${SRC_DIR} ${TEST_DIR})
ADD_CUSTOM_COMMAND(OUTPUT ${XML_FILE} COMMAND ${CPPNCSS_CMD} -x -f="${XML_FILE}")
ADD_CUSTOM_TARGET(cppncss COMMAND ${CPPNCSS_CMD} -m=CCN,NCSS,function)
ADD_CUSTOM_TARGET(cppncss.report DEPENDS ${XML_FILE})
ENDIF()
# pmccabe (http://parisc-linux.org/~bame/pmccabe/)
FIND_PROGRAM(PMCCABE_BIN pmccabe CMAKE_FIND_ROOT_PATH_BOTH)
IF(PMCCABE_BIN)
ADD_CUSTOM_TARGET(pmccabe COMMAND ${PMCCABE_BIN} -v ${SRC_DIR}/*.cpp ${TEST_DIR}/*.cpp)
ENDIF()
# Doxygen (http://www.doxygen.org)
# http://www.stack.nl/~dimitri/doxygen/manual/config.html
FIND_PACKAGE(Doxygen)
IF(DOXYGEN_FOUND)
SET(DOXYGEN_BIN_DIR "${PROJECT_BINARY_DIR}/doxygen")
SET(DOXYGEN_CMD ${DOXYGEN_EXECUTABLE} ${PROJECT_BINARY_DIR}/Doxyfile)
SET(DOXYGEN_CFG ${PROJECT_SOURCE_DIR}/Doxyfile.in)
CONFIGURE_FILE(${DOXYGEN_CFG} ${PROJECT_BINARY_DIR}/Doxyfile @ONLY)
ADD_CUSTOM_COMMAND(OUTPUT ${DOXYGEN_BIN_DIR} COMMAND ${DOXYGEN_CMD})
ADD_CUSTOM_TARGET(doxy DEPENDS ${DOXYGEN_BIN_DIR} WORKING_DIRECTORY ${PROJECT_BINARY_DIR} SOURCES ${DOXYGEN_CFG})
ENDIF()
FIND_PROGRAM(CLOC_BIN cloc CMAKE_FIND_ROOT_PATH_BOTH)
IF(CLOC_BIN)
SET(CLOC_FILE "${PROJECT_BINARY_DIR}/cloc.xml")
SET(CLOC_CMD ${CLOC_BIN} ${CMAKE_SOURCE_DIR})
ADD_CUSTOM_COMMAND(OUTPUT ${CLOC_FILE} COMMAND ${CLOC_CMD} --by-file-by-lang --xml --report-file=${CLOC_FILE})
ADD_CUSTOM_TARGET(cloc COMMAND ${CLOC_CMD})
ADD_CUSTOM_TARGET(cloc.report DEPENDS ${CLOC_FILE})
ENDIF()
FIND_PROGRAM(UNCRUSTIFY uncrustify CMAKE_FIND_ROOT_PATH_BOTH)
IF(UNCRUSTIFY)
FILE(GLOB_RECURSE FILES_JAVA ${PROJECT_SOURCE_DIR}/*.java)
FILE(GLOB_RECURSE FILES_CPP ${PROJECT_SOURCE_DIR}/*.cpp)
FILE(GLOB_RECURSE FILES_H ${PROJECT_SOURCE_DIR}/*.h)
FILE(GLOB_RECURSE FILES_MM ${PROJECT_SOURCE_DIR}/*.mm)
FILE(GLOB_RECURSE FILES_M ${PROJECT_SOURCE_DIR}/*.m)
SET(FILES ${FILES_JAVA} ${FILES_CPP} ${FILES_H} ${FILES_MM} ${FILES_M})
SET(FORMATTING_FILE ${PROJECT_BINARY_DIR}/formatting.files)
FILE(WRITE ${FORMATTING_FILE} "")
FOREACH(file ${FILES})
IF(NOT "${file}" MATCHES "/external/")
FILE(APPEND ${FORMATTING_FILE} ${file})
FILE(APPEND ${FORMATTING_FILE} "\n")
ENDIF()
ENDFOREACH()
SET(UNCRUSTIFY_CFG ${PROJECT_SOURCE_DIR}/uncrustify.cfg)
SET(UNCRUSTIFY_CMD ${UNCRUSTIFY} -c ${UNCRUSTIFY_CFG} --replace --no-backup -q -F ${FORMATTING_FILE})
EXECUTE_PROCESS(COMMAND ${UNCRUSTIFY} --version OUTPUT_VARIABLE UNCRUSTIFY_VERSION OUTPUT_STRIP_TRAILING_WHITESPACE)
STRING(REPLACE "uncrustify " "" UNCRUSTIFY_VERSION ${UNCRUSTIFY_VERSION})
SET(UNCRUSTIFY_NEEDED_VERSION "0.64")
IF("${UNCRUSTIFY_VERSION}" STRLESS "${UNCRUSTIFY_NEEDED_VERSION}")
MESSAGE(WARNING "Uncrustify seems to be too old. Use at least ${UNCRUSTIFY_NEEDED_VERSION}... you are using: ${UNCRUSTIFY_VERSION}")
ELSE()
ADD_CUSTOM_TARGET(format COMMAND ${UNCRUSTIFY_CMD} SOURCES ${UNCRUSTIFY_CFG})
ENDIF()
ENDIF()
FIND_PROGRAM(QMLLINT_BIN qmllint CMAKE_FIND_ROOT_PATH_BOTH)
IF(QMLLINT_BIN)
FILE(GLOB_RECURSE FILES_QML ${RESOURCES_DIR}/qml/*.qml)
FILE(GLOB_RECURSE FILES_JS ${RESOURCES_DIR}/qml/*.js)
SET(QMLLINT_CMD ${QMLLINT_BIN} ${FILES_QML} ${FILES_JS})
ADD_CUSTOM_TARGET(qmllint COMMAND ${QMLLINT_CMD} SOURCES ${FILES_QML} ${FILES_JS})
ENDIF()
# doc8 (https://pypi.python.org/pypi/doc8)
FIND_PROGRAM(DOC8_BIN doc8 CMAKE_FIND_ROOT_PATH_BOTH)
FUNCTION(CREATE_DOC8_TARGET _dir _name)
IF(DOC8_BIN)
ADD_CUSTOM_TARGET(doc8.${_name} COMMAND ${DOC8_BIN} --config ${PROJECT_SOURCE_DIR}/docs/doc8.ini WORKING_DIRECTORY ${_dir})
IF(NOT TARGET doc8)
ADD_CUSTOM_TARGET(doc8)
ENDIF()
ADD_DEPENDENCIES(doc8 doc8.${_name})
ENDIF()
ENDFUNCTION()
INCLUDE(Sphinx)

1690
cmake/android.toolchain.cmake 100644
View File

File diff suppressed because it is too large Load Diff

217
cmake/iOS.toolchain.cmake 100644
View File

@ -0,0 +1,217 @@
# This file is based off of the Platform/Darwin.cmake and Platform/UnixPaths.cmake
# files which are included with CMake 2.8.4
# It has been altered for iOS development
# Options:
#
# IOS_PLATFORM = OS (default) or SIMULATOR or SIMULATOR64
# This decides if SDKS will be selected from the iPhoneOS.platform or iPhoneSimulator.platform folders
# OS - the default, used to build for iPhone and iPad physical devices, which have an arm arch.
# SIMULATOR - used to build for the Simulator platforms, which have an x86 arch.
#
# CMAKE_IOS_DEVELOPER_ROOT = automatic(default) or /path/to/platform/Developer folder
# By default this location is automatcially chosen based on the IOS_PLATFORM value above.
# If set manually, it will override the default location and force the user of a particular Developer Platform
#
# CMAKE_IOS_SDK_ROOT = automatic(default) or /path/to/platform/Developer/SDKs/SDK folder
# By default this location is automatcially chosen based on the CMAKE_IOS_DEVELOPER_ROOT value.
# In this case it will always be the most up-to-date SDK found in the CMAKE_IOS_DEVELOPER_ROOT path.
# If set manually, this will force the use of a specific SDK version
# Macros:
#
# set_xcode_property (TARGET XCODE_PROPERTY XCODE_VALUE)
# A convenience macro for setting xcode specific properties on targets
# example: set_xcode_property (myioslib IPHONEOS_DEPLOYMENT_TARGET "3.1")
#
# find_host_package (PROGRAM ARGS)
# A macro used to find executable programs on the host system, not within the iOS environment.
# Thanks to the android-cmake project for providing the command
# Standard settings
set (CMAKE_SYSTEM_NAME Darwin)
set (CMAKE_SYSTEM_VERSION 1)
set (UNIX True)
set (APPLE True)
set (IOS True)
find_program(xcrun_bin xcrun CMAKE_FIND_ROOT_PATH_BOTH)
if(NOT xcrun_bin)
message(FATAL_ERROR "Cannot find xcrun")
endif()
function(XCRUN _out _find)
execute_process(COMMAND ${xcrun_bin} --sdk iphoneos -f ${_find} OUTPUT_VARIABLE tmp_out OUTPUT_STRIP_TRAILING_WHITESPACE)
set(${_out} "${tmp_out}" PARENT_SCOPE)
endfunction()
# https://cmake.org/Bug/view.php?id=15329
set(CMAKE_MACOSX_BUNDLE YES)
set(CMAKE_XCODE_ATTRIBUTE_CODE_SIGNING_REQUIRED "NO")
# Required as of cmake 2.8.10
set (CMAKE_OSX_DEPLOYMENT_TARGET "" CACHE STRING "Force unset of the deployment target for iOS" FORCE)
# Determine the cmake host system version so we know where to find the iOS SDKs
find_program (CMAKE_UNAME uname /bin /usr/bin /usr/local/bin)
if (CMAKE_UNAME)
exec_program(uname ARGS -r OUTPUT_VARIABLE CMAKE_HOST_SYSTEM_VERSION)
string (REGEX REPLACE "^([0-9]+)\\.([0-9]+).*$" "\\1" DARWIN_MAJOR_VERSION "${CMAKE_HOST_SYSTEM_VERSION}")
endif (CMAKE_UNAME)
XCRUN(CMAKE_C_COMPILER clang)
XCRUN(CMAKE_CXX_COMPILER clang++)
XCRUN(CMAKE_AR ar)
set(CMAKE_AR ${CMAKE_AR} CACHE FILEPATH "" FORCE)
# All iOS/Darwin specific settings - some may be redundant
set (CMAKE_SHARED_LIBRARY_PREFIX "lib")
set (CMAKE_SHARED_LIBRARY_SUFFIX ".dylib")
set (CMAKE_SHARED_MODULE_PREFIX "lib")
set (CMAKE_SHARED_MODULE_SUFFIX ".so")
set (CMAKE_MODULE_EXISTS 1)
set (CMAKE_DL_LIBS "")
set (CMAKE_C_OSX_COMPATIBILITY_VERSION_FLAG "-compatibility_version ")
set (CMAKE_C_OSX_CURRENT_VERSION_FLAG "-current_version ")
set (CMAKE_CXX_OSX_COMPATIBILITY_VERSION_FLAG "${CMAKE_C_OSX_COMPATIBILITY_VERSION_FLAG}")
set (CMAKE_CXX_OSX_CURRENT_VERSION_FLAG "${CMAKE_C_OSX_CURRENT_VERSION_FLAG}")
# Hidden visibilty is required for cxx on iOS
set (CMAKE_C_FLAGS_INIT "")
set (CMAKE_CXX_FLAGS_INIT "-fvisibility=hidden -fvisibility-inlines-hidden")
set (CMAKE_C_LINK_FLAGS "-Wl,-search_paths_first ${CMAKE_C_LINK_FLAGS}")
set (CMAKE_CXX_LINK_FLAGS "-Wl,-search_paths_first ${CMAKE_CXX_LINK_FLAGS}")
set (CMAKE_PLATFORM_HAS_INSTALLNAME 1)
set (CMAKE_SHARED_LIBRARY_CREATE_C_FLAGS "-dynamiclib -headerpad_max_install_names")
set (CMAKE_SHARED_MODULE_CREATE_C_FLAGS "-bundle -headerpad_max_install_names")
set (CMAKE_SHARED_MODULE_LOADER_C_FLAG "-Wl,-bundle_loader,")
set (CMAKE_SHARED_MODULE_LOADER_CXX_FLAG "-Wl,-bundle_loader,")
set (CMAKE_FIND_LIBRARY_SUFFIXES ".dylib" ".so" ".a")
# hack: if a new cmake (which uses CMAKE_INSTALL_NAME_TOOL) runs on an old build tree
# (where install_name_tool was hardcoded) and where CMAKE_INSTALL_NAME_TOOL isn't in the cache
# and still cmake didn't fail in CMakeFindBinUtils.cmake (because it isn't rerun)
# hardcode CMAKE_INSTALL_NAME_TOOL here to install_name_tool, so it behaves as it did before, Alex
if (NOT DEFINED CMAKE_INSTALL_NAME_TOOL)
find_program(CMAKE_INSTALL_NAME_TOOL install_name_tool)
endif (NOT DEFINED CMAKE_INSTALL_NAME_TOOL)
# Setup iOS platform unless specified manually with IOS_PLATFORM
if (NOT DEFINED IOS_PLATFORM)
set (IOS_PLATFORM "OS")
endif (NOT DEFINED IOS_PLATFORM)
set (IOS_PLATFORM ${IOS_PLATFORM} CACHE STRING "Type of iOS Platform")
# Setup building for arm64 or not
if (NOT DEFINED BUILD_ARM64)
set (BUILD_ARM64 true)
endif (NOT DEFINED BUILD_ARM64)
set (BUILD_ARM64 ${BUILD_ARM64} CACHE STRING "Build arm64 arch or not")
# Check the platform selection and setup for developer root
if (${IOS_PLATFORM} STREQUAL "OS")
set (IOS_PLATFORM_LOCATION "iPhoneOS.platform")
# This causes the installers to properly locate the output libraries
set (CMAKE_XCODE_EFFECTIVE_PLATFORMS "-iphoneos")
elseif (${IOS_PLATFORM} STREQUAL "SIMULATOR")
set (SIMULATOR true)
set (IOS_PLATFORM_LOCATION "iPhoneSimulator.platform")
# This causes the installers to properly locate the output libraries
set (CMAKE_XCODE_EFFECTIVE_PLATFORMS "-iphonesimulator")
elseif (${IOS_PLATFORM} STREQUAL "SIMULATOR64")
set (SIMULATOR true)
set (IOS_PLATFORM_LOCATION "iPhoneSimulator.platform")
# This causes the installers to properly locate the output libraries
set (CMAKE_XCODE_EFFECTIVE_PLATFORMS "-iphonesimulator")
else (${IOS_PLATFORM} STREQUAL "OS")
message (FATAL_ERROR "Unsupported IOS_PLATFORM value selected. Please choose OS or SIMULATOR")
endif (${IOS_PLATFORM} STREQUAL "OS")
# Setup iOS developer location unless specified manually with CMAKE_IOS_DEVELOPER_ROOT
# Note Xcode 4.3 changed the installation location, choose the most recent one available
exec_program(/usr/bin/xcode-select ARGS -print-path OUTPUT_VARIABLE CMAKE_XCODE_DEVELOPER_DIR)
set (XCODE_POST_43_ROOT "${CMAKE_XCODE_DEVELOPER_DIR}/Platforms/${IOS_PLATFORM_LOCATION}/Developer")
set (XCODE_PRE_43_ROOT "/Developer/Platforms/${IOS_PLATFORM_LOCATION}/Developer")
if (NOT DEFINED CMAKE_IOS_DEVELOPER_ROOT)
if (EXISTS ${XCODE_POST_43_ROOT})
set (CMAKE_IOS_DEVELOPER_ROOT ${XCODE_POST_43_ROOT})
elseif(EXISTS ${XCODE_PRE_43_ROOT})
set (CMAKE_IOS_DEVELOPER_ROOT ${XCODE_PRE_43_ROOT})
endif (EXISTS ${XCODE_POST_43_ROOT})
endif (NOT DEFINED CMAKE_IOS_DEVELOPER_ROOT)
set (CMAKE_IOS_DEVELOPER_ROOT ${CMAKE_IOS_DEVELOPER_ROOT} CACHE PATH "Location of iOS Platform")
# Find and use the most recent iOS sdk unless specified manually with CMAKE_IOS_SDK_ROOT
if (NOT DEFINED CMAKE_IOS_SDK_ROOT)
file (GLOB _CMAKE_IOS_SDKS "${CMAKE_IOS_DEVELOPER_ROOT}/SDKs/*")
if (_CMAKE_IOS_SDKS)
list (SORT _CMAKE_IOS_SDKS)
list (REVERSE _CMAKE_IOS_SDKS)
list (GET _CMAKE_IOS_SDKS 0 CMAKE_IOS_SDK_ROOT)
else (_CMAKE_IOS_SDKS)
message (FATAL_ERROR "No iOS SDK's found in default search path ${CMAKE_IOS_DEVELOPER_ROOT}. Manually set CMAKE_IOS_SDK_ROOT or install the iOS SDK.")
endif (_CMAKE_IOS_SDKS)
message (STATUS "Toolchain using default iOS SDK: ${CMAKE_IOS_SDK_ROOT}")
endif (NOT DEFINED CMAKE_IOS_SDK_ROOT)
set (CMAKE_IOS_SDK_ROOT ${CMAKE_IOS_SDK_ROOT} CACHE PATH "Location of the selected iOS SDK")
# Set the sysroot default to the most recent SDK
set (CMAKE_OSX_SYSROOT ${CMAKE_IOS_SDK_ROOT} CACHE PATH "Sysroot used for iOS support")
# set the architecture for iOS
if (${IOS_PLATFORM} STREQUAL "OS")
set (IOS_ARCH armv7 arm64)
elseif (${IOS_PLATFORM} STREQUAL "SIMULATOR")
set (IOS_ARCH i386)
elseif (${IOS_PLATFORM} STREQUAL "SIMULATOR64")
set (IOS_ARCH x86_64)
endif (${IOS_PLATFORM} STREQUAL "OS")
set (CMAKE_OSX_ARCHITECTURES ${IOS_ARCH} CACHE string "Build architecture for iOS")
# Set the find root to the iOS developer roots and to user defined paths
set (CMAKE_FIND_ROOT_PATH ${CMAKE_IOS_DEVELOPER_ROOT} ${CMAKE_IOS_SDK_ROOT} ${CMAKE_PREFIX_PATH} CACHE string "iOS find search path root")
# default to searching for frameworks first
set (CMAKE_FIND_FRAMEWORK FIRST)
# set up the default search directories for frameworks
set (CMAKE_SYSTEM_FRAMEWORK_PATH
${CMAKE_IOS_SDK_ROOT}/System/Library/Frameworks
${CMAKE_IOS_SDK_ROOT}/System/Library/PrivateFrameworks
${CMAKE_IOS_SDK_ROOT}/Developer/Library/Frameworks
)
# only search the iOS sdks, not the remainder of the host filesystem
set (CMAKE_FIND_ROOT_PATH_MODE_PROGRAM ONLY)
set (CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
set (CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
# This little macro lets you set any XCode specific property
macro (set_xcode_property TARGET XCODE_PROPERTY XCODE_VALUE)
set_property (TARGET ${TARGET} PROPERTY XCODE_ATTRIBUTE_${XCODE_PROPERTY} ${XCODE_VALUE})
endmacro (set_xcode_property)
# This macro lets you find executable programs on the host system
macro (find_host_package)
set (CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
set (CMAKE_FIND_ROOT_PATH_MODE_LIBRARY NEVER)
set (CMAKE_FIND_ROOT_PATH_MODE_INCLUDE NEVER)
set (IOS FALSE)
find_package(${ARGN})
set (IOS TRUE)
set (CMAKE_FIND_ROOT_PATH_MODE_PROGRAM ONLY)
set (CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
set (CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
endmacro (find_host_package)

7
docs/CMakeLists.txt 100644
View File

@ -0,0 +1,7 @@
IF(SPHINX_FOUND)
SPHINX_GEN("${CMAKE_CURRENT_SOURCE_DIR}/releasenotes" "notes" BUILDER singlehtml html latex)
SPHINX_GEN("${CMAKE_CURRENT_SOURCE_DIR}/sdk" "sdk" BUILDER changes html latex DEFAULT_LANG en)
ELSE()
MESSAGE(STATUS "No documentation will be generated")
ENDIF()

4
docs/doc8.ini 100644
View File

@ -0,0 +1,4 @@
[doc8]
max-line-length=120
file-encoding=utf-8
verbose=0

9
docs/releasenotes/1.0.0.rst 100644
View File

@ -0,0 +1,9 @@
AusweisApp2 1.0.0
^^^^^^^^^^^^^^^^^
**Releasedatum:** 28. Oktober 2014
Initiale Bereitstellung der AusweisApp2 in der Erprobungsphase für
stationäre Betriebssysteme.

10
docs/releasenotes/1.0.1.rst 100644
View File

@ -0,0 +1,10 @@
AusweisApp2 1.0.1
^^^^^^^^^^^^^^^^^
**Releasedatum:** 20. November 2014
Anwender
""""""""
- Korrekturen bei der Verwendung von Basislesern.

10
docs/releasenotes/1.0.2.rst 100644
View File

@ -0,0 +1,10 @@
AusweisApp2 1.0.2
^^^^^^^^^^^^^^^^^
**Releasedatum:** 11. Dezember 2014
Anwender
""""""""
- Update der Anbieterliste.

39
docs/releasenotes/1.10.0.rst 100644
View File

@ -0,0 +1,39 @@
AusweisApp2 1.10.0
^^^^^^^^^^^^^^^^^^
**Releasedatum:** 05. Dezember 2016
Anwender
""""""""
- Unterstützung von Dualstack (IPv4 / IPv6).
- Das Problem, dass die AusweisApp2 nicht wie gewünscht in den Vordergrund
kommt, wurde behoben.
- Die kontextsensitive Hilfe wurde vollständig überarbeitet.
- Fehler der Diagnosefunktion unter Windows 8, Windows 8.1 und Windows 10
wurden behoben.
- Im Log-Dialog werden nun auch alte Logs angezeigt. Diese Logs
entstehen nur wenn die AusweisApp2 nicht korrekt beendet werden konnte.
- Bei der Erzeugung des PDFs in der Selbstauskunft wird nun das Datum bzw. die
Uhrzeit der Authentisierung gespeichert und nicht die der Erzeugung.
- Es wurden einige Probleme mit der Proxy-Authentisierung behoben.
Entwickler
""""""""""
- Aktualisierung von OpenSSL auf die Version 1.0.2j.
- Aktualisierung von Qt auf die Version 5.7.0.
- Die TLS Parameter sind nun in der config.json konfigurierbar.
- Bei der Verwendung von TLS 1.2 sind nur noch Signaturalgorithmen
mit SHA224, SHA256, SHA384 und SHA512 erlaubt.

11
docs/releasenotes/1.10.1.rst 100644
View File

@ -0,0 +1,11 @@
AusweisApp2 1.10.1
^^^^^^^^^^^^^^^^^^
**Releasedatum:** 05. Dezember 2016
Anwender
""""""""
- Unter Windows wurde u.U. fälschlicherweise das
Beta-Symbol angezeigt.

25
docs/releasenotes/1.10.2.rst 100644
View File

@ -0,0 +1,25 @@
AusweisApp2 1.10.2
^^^^^^^^^^^^^^^^^^
**Releasedatum:** 09. Juni 2017
Anmerkung
"""""""""
- Version wurde auf Grund der EUPL v1.2 ausgesetzt.
Anwender
""""""""
- Veröffentlichung der AusweisApp2 unter geänderten
Nutzungsbedingungen (EUPL v1.1).
Entwickler
""""""""""
- Umsetzung des Entwicklermodus gemäß TR-03124.
- Bereitstellung des Sourcecode der AusweisApp2 auf GitHub.

19
docs/releasenotes/1.10.3.rst 100644
View File

@ -0,0 +1,19 @@
AusweisApp2 1.10.3
^^^^^^^^^^^^^^^^^^
**Releasedatum:** 30. Juni 2017
Anwender
""""""""
- Veröffentlichung der AusweisApp2 unter geänderten
Nutzungsbedingungen (EUPL v1.2).
Entwickler
""""""""""
- Umsetzung des Entwicklermodus gemäß TR-03124.
- Bereitstellung des Sourcecode der AusweisApp2 auf GitHub.

26
docs/releasenotes/1.2.0.rst 100644
View File

@ -0,0 +1,26 @@
AusweisApp2 1.2.0
^^^^^^^^^^^^^^^^^
**Releasedatum:** 20. Januar 2015
Anwender
""""""""
- Die Bildschirmtastatur wurde überarbeitet.
- Die Proxy-Einstellungen wurden überarbeitet.
- Der verwendete Proxy wird nun immer aus den System-Einstellungen übernommen.
- Die manuelle Konfigurationsoption wurde aus den Einstellungen entfernt.
- Es fand eine Überarbeitung in Hinblick auf Barrierefreiheit statt.
- Kleinere optische Verbesserungen vorgenommen.
- Es wird nun ein Einrichtungsassistenten angeboten, der den Benutzer bei der
Deinstallation der AusweisApp (1) unterstützt und Verweise auf die
Herstellerseiten der Kartenleser zum Treiberdownload enthält.
- Die Anbieterliste wird nun automatisch aktualisiert.

29
docs/releasenotes/1.2.1.rst 100644
View File

@ -0,0 +1,29 @@
AusweisApp2 1.2.1
^^^^^^^^^^^^^^^^^
**Releasedatum:** 6. Juli 2015
Anwender
""""""""
- Die URL und das Zertifikat für den Updateserver wurde angepasst.
- Ein Fehler beim Autostart der AusweisApp2 ist nun behoben.
- Die PIN-Eingabe bei Verwendung von Basislesern erlaubt nun nur
noch Ziffern.
- Ein Fehler bei der Bildschirmtastatur, der keine führende Ziffer 0 erlaubte,
wurde korrigiert.
- Die Anordnung der Ziffern bei der Bildschirmtastatur ist unter Windows nun
auch zufällig.
- Im Hilfemenü verweist der Eintrag "Fragen" nun auf die neue FAQ-Seite.
Entwickler
""""""""""
- Die Vertrauensbasis für die PreVerification (CVCA) der AusweisApp2 wurde aktualisiert.

10
docs/releasenotes/1.2.2.rst 100644
View File

@ -0,0 +1,10 @@
AusweisApp2 1.2.2
^^^^^^^^^^^^^^^^^
**Releasedatum:** 6. August 2015
Anwender
""""""""
- Umgehung für den von Microsoft ab Windows 8 eingeführten PC/SC Card Reset (5 Sekunden Timeout).

21
docs/releasenotes/1.6.0.rst 100644
View File

@ -0,0 +1,21 @@
AusweisApp2 1.6.0
^^^^^^^^^^^^^^^^^
**Releasedatum:** 30. Oktober 2015
Anwender
""""""""
- Optimierungen im Bereich der Barrierefreiheit und Usability vorgenommen.
- Fehlerkorrekturen und Verbesserungen bei den angezeigten Meldungen, dem Fehlerhandling,
den Eingabe- und Suchfeldern und im Bereich der angezeigten Texte.
- Der Einrichtungsassistent wurde überarbeitet und erweitert.
Entwickler
""""""""""
- Aktualisierung der Drittanbieterbibliotheken.

14
docs/releasenotes/1.6.1.rst 100644
View File

@ -0,0 +1,14 @@
AusweisApp2 1.6.1
^^^^^^^^^^^^^^^^^
**Releasedatum:** 14. Dezember 2015
Anwender
""""""""
- Offizielle Unterstützung von Windows 10 und OS X 10.11.
- Das DMG für OS X ist nun in deutscher und englischer Sprache verfügbar.
- Kleinere Fehlerkorrekturen.

10
docs/releasenotes/1.6.2.rst 100644
View File

@ -0,0 +1,10 @@
AusweisApp2 1.6.2
^^^^^^^^^^^^^^^^^
**Releasedatum:** 5. Januar 2016
Anwender
""""""""
- Verbindungsprobleme mit einzelnen Diensten wurden behoben

10
docs/releasenotes/1.6.3.rst 100644
View File

@ -0,0 +1,10 @@
AusweisApp2 1.6.3
^^^^^^^^^^^^^^^^^
**Releasedatum:** 22. Januar 2016
Anwender
""""""""
- Fehlermeldung bei der Installation auf Windows behoben.

56
docs/releasenotes/1.8.0.rst 100644
View File

@ -0,0 +1,56 @@
AusweisApp2 1.8.0
^^^^^^^^^^^^^^^^^
**Releasedatum:** 1. Juni 2016
Anwender
""""""""
- Updateprüfung wird erst durchgeführt, wenn der Benutzer das
Fenster öffnet und nicht beim Anwendungsstart. Behebt
Fehlermeldung beim Autostart, wenn keine Internetverbindung
besteht.
- Absturz bei VoiceOver unter OS X und PIN-Eingabe behoben.
- Verbesserung der Anbieterliste: Behebt einen Aktualisierungsfehler
in der Darstellung, wenn eine neue Anbieterliste vorhanden ist.
- Überlagerung von zwei Darstellungen beim Wechsel von den Einstellungen
zu der Verlaufsansicht wurde behoben.
- Die Bildschirmtastatur wird geschlossen, wenn die Karte vom Lesegerät
entfernt wird.
- Hinweis auf die notwendige Freischaltung der Karte beim ersten
Ausweisen. Dies betrifft nur neue Installationen.
- Fehlerbehebung für die automatische Proxy-Erkennung unter Windows.
- Deinstallationsoption für die AusweisApp1 aus dem Einrichtungsassistenten
entfernt.
- Menüleiste unter OS X wird nun bei jedem Start angezeigt.
- Fehlermeldungen verbessert.
- Überarbeitung der Darstellung der Release Notes.
Entwickler
""""""""""
- Aktualisierung von OpenSSL auf die Version 1.0.2h.
- Einführung einer Update-URL für den Betakanal.
- Verbesserung bei der Entschlüsselung der Response APDUs
im Secure Messaging.
- Einführung von Signatur und Zeitstempel auf .dll und .exe
unter Windows.
- Link-CVCA DECVCAeID00103_DECVCAeID00104 im TrustStore abgelegt.
- SHA256 and SHA384 ist nun für die Verbindung mittels RSA-PSK erlaubt.

24
docs/releasenotes/_themes/appcast/layout.html 100644
View File

@ -0,0 +1,24 @@
<!DOCTYPE html>
<html class="no-js" lang="de">
<head>
<meta charset="utf-8">
<title>AusweisApp2 Release Notes</title>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<div class="wy-nav-content">
<div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
{% block body %}{% endblock %}
</div>
</div>
</div>
</div>
</section>
</div>
</body>
</html>

2
docs/releasenotes/_themes/appcast/theme.conf 100644
View File

@ -0,0 +1,2 @@
[theme]
inherit = basic

7
docs/releasenotes/announce.rst 100644
View File

@ -0,0 +1,7 @@
Abkündigungen
=============
Mit der Version 1.14.0 der AusweisApp2 wird die Unterstützung
folgender Systeme eingestellt.
- OS X 10.9

12
docs/releasenotes/appcast.rst 100644
View File

@ -0,0 +1,12 @@
Release Notes
=============
.. toctree::
:maxdepth: 1
1.10.3
1.10.2
1.10.1
1.10.0
announce
issues

170
docs/releasenotes/conf.py.in 100644
View File

@ -0,0 +1,170 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
import os
import shlex
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
needs_sphinx = '1.3'
# If true, figures, tables and code-blocks are automatically numbered
# if they has caption. For now, it works only with the HTML builder.
# Default is False.
numfig = True
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = []
locale_dirs = ['@SPHINX_DOCS_DIR@/locales/']
gettext_additional_targets = ['image']
gettext_location = False
gettext_compact = True
# Add any paths that contain templates here, relative to this directory.
#templates_path = ['@SPHINX_DOCS_DIR@/_templates']
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = 'AusweisApp2'
copyright = '2016, Governikus GmbH & Co. KG'
author = 'Governikus GmbH & Co. KG'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '@PROJECT_VERSION@'
# The full version, including alpha/beta/rc tags.
release = '@VERSION_DVCS@'
today = ' '
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = 'de'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['appcast.rst']
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
html_favicon = '@SPHINX_DOCS_DIR@/../../resources/images/npa.ico'
html_theme_path = ['@SPHINX_DOCS_DIR@/_themes']
#html_theme = 'appcast'
html_theme = 'sphinx_rtd_theme'
# If false, no module index is generated.
html_domain_indices = True
# If false, no index is generated.
html_use_index = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
html_show_sphinx = False
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
html_show_copyright = True
html_scaled_image_link = False
# Output file base name for HTML help builder.
htmlhelp_basename = 'AusweisApp2ReleaseNotes'
html_context = {
'display_github': False,
'display_bitbucket': False,
'show_source': False,
'html_show_sourcelink': False,
}
html_add_permalinks = ""
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
'papersize': 'a4paper',
# The font size ('10pt', '11pt' or '12pt').
'pointsize': '11pt',
# Additional stuff for the LaTeX preamble.
'preamble': '''
\hypersetup{pdfauthor={Governikus GmbH \& Co. KG},
pdftitle={AusweisApp2},
pdfsubject={Release Notes},
pdfkeywords={release, notes},
pdfproducer={LaTeX},
pdfcreator={Sphinx}
}
''',
# Override tableofcontents
'tableofcontents': '''
\\tableofcontents
\\newpage
\\pagestyle{plain}
\\pagenumbering{arabic}
''',
# Latex figure (float) alignment
'figure_align': 'H',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, 'AusweisApp2_ReleaseNotes.tex', 'AusweisApp2 Release Notes',
'Governikus GmbH \& Co. KG', 'howto'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
latex_logo = '@SPHINX_DOCS_DIR@/../../resources/images/android/xhdpi/npa.png'
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# If true, show page references after internal links.
latex_show_pagerefs = True
# If true, show URL addresses after external links.
latex_show_urls = 'footnote'
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True

14
docs/releasenotes/general.rst 100644
View File

@ -0,0 +1,14 @@
Allgemeines
===========
Die AusweisApp2 ist eine Software, die Sie auf Ihrem Computer installieren, um sich mit
Ihrem Personalausweis bzw. Ihrem elektronischen Aufenthaltstitel online auszuweisen.
Für die Nutzung der Online-Ausweisfunktion benötigen die Nutzerinnen und Nutzer eine
Software, mit deren Hilfe eine sichere Verbindung zwischen Kartenlesegerät,
Personalausweis und eID-Diensteanbieter hergestellt werden kann. Sie ermöglicht den
verschlüsselten Datenaustausch zwischen Personalausweis und eID-Dienst.
Die im Auftrag des Bundesinnenministeriums von der Governikus KG entwickelte
AusweisApp2 ist schnell, leistungsstark und unabhängig von dem verwendeten Webbrowser.
Sie steht für die Betriebssysteme Windows und macOS zur Verfügung.

11
docs/releasenotes/index.rst 100644
View File

@ -0,0 +1,11 @@
Release Notes
=============
.. toctree::
:maxdepth: 2
general
support
announce
issues
versions

35
docs/releasenotes/issues.rst 100644
View File

@ -0,0 +1,35 @@
Bekannte Fehler
===============
Die nachfolgende Liste bezieht sich auf die aktuelle Version der AusweisApp2.
- Auf Windows 10 Plattformen mit aktivierter Benutzerkontensteuerung kann
es bei Benutzern mit eingeschränkten Berechtigungen zu Problemen mit der
Online-Ausweisfunktion kommen.
- Bei Erhöhung der Schriftgröße über 175% kommt es zu Darstellungsfehlern.
- Unter OS X 10.9 wird teilweise das Auflegen eines Ausweisdokumentes erst
nach einem Neustart der AusweisApp2 erkannt.
- Wenn unter OS X ein Kartenleser mit aufliegendem Ausweisdokument
angeschlossen wird und eine Selbstauskunft angestartet wurde, kann unter
Umständen die AusweisApp2 einfrieren.
- Beim Ausweisen ohne aktivierte Online-Ausweisfunktion wird derzeit
fälschlicherweise nach der PUK gefragt.
- Derzeit kommt es noch zu leichten Schwierigkeiten bei der Bedienbarkeit
mit der Tastatur.
- Bei aktivierter Kontrasteinstellung ist unter Windows u. U.
die Darstellung der Farben nicht optimal.
- Bei Verwendung des Screenreaders JAWS unter Windows, kann es zu
leichten Irritationen bei der angegebenen Bedienung kommen.
- Unter Mac OS im WLAN kann die Bandbreite beeinträchtigt werden, wenn die
AusweisApp2 im Hintergrund läuft.
- Unter Mac OS kommt es vereinzelt zu Problemen bei der Verwendung des Kobil
ID Token.

108
docs/releasenotes/singlehtml.conf.py.in 100644
View File

@ -0,0 +1,108 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
import os
import shlex
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
needs_sphinx = '1.3'
# If true, figures, tables and code-blocks are automatically numbered
# if they has caption. For now, it works only with the HTML builder.
# Default is False.
numfig = True
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = []
locale_dirs = ['@SPHINX_DOCS_DIR@/locales/']
gettext_additional_targets = ['image']
gettext_location = False
gettext_compact = True
# Add any paths that contain templates here, relative to this directory.
#templates_path = ['@SPHINX_DOCS_DIR@/_templates']
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'appcast'
# General information about the project.
project = 'AusweisApp2'
copyright = '2016, Governikus GmbH & Co. KG'
author = 'Governikus GmbH & Co. KG'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '@PROJECT_VERSION@'
# The full version, including alpha/beta/rc tags.
release = '@VERSION_DVCS@'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = 'de'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['index.rst', 'support.rst', 'versions.rst', 'general.rst']
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
html_favicon = '@SPHINX_DOCS_DIR@/../../resources/images/npa.ico'
html_theme_path = ['@SPHINX_DOCS_DIR@/_themes']
html_theme = 'appcast'
# If false, no module index is generated.
html_domain_indices = True
# If false, no index is generated.
html_use_index = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
html_show_sphinx = False
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
html_show_copyright = True
html_scaled_image_link = False
# Output file base name for HTML help builder.
htmlhelp_basename = 'AusweisApp2ReleaseNotes'
html_context = {
'display_github': False,
'display_bitbucket': False,
'show_source': False,
'html_show_sourcelink': False,
}
html_add_permalinks = ""

86
docs/releasenotes/support.rst 100644
View File

@ -0,0 +1,86 @@
Unterstützte Systeme
====================
Folgende Systeme, Browser, Karten und Lesegeräte werden von
der AusweisApp2 unterstützt.
Betriebssysteme
"""""""""""""""
- OS X 10.9
- OS X 10.10
- OS X 10.11
- macOS 10.12
- Windows 7 SP1 (32bit / 64bit)
- Windows 8.1 (64bit)
- Windows 10 (64bit)
Browser
"""""""
Das BSI hat die Online-Ausweisfunktion als einen Aufruf konzipiert,
der unabhängig vom verwendeten Browser ist. Durch die strikte
Einhaltung der Vorgaben aus den entsprechenden Technischen Richtlinie
des BSI (BSI TR-03124) ist die AusweisApp2 generell browserunabhängig
und sollte daher mit allen marktüblichen Browsern verwendet werden können.
Im Rahmen der Qualitätssicherung werden die folgenden Browserversionen
getestet.
- Firefox 54
- Chrome 59
- Internet Explorer 11
- Safari 10
Kartenleser
"""""""""""
Alle Kartenlesegeräte, die die Onlineausweisfunktionalität unterstützen und nach
BSI TR-03119 zertifiziert sind. Details hierzu befinden sich auf der Homepage
des BSI unter "Nach Technischen Richtlinien zertifizierte Produkte".
Zusätzlich werden folgende nicht zertifizierte Kartenleser getestet.
- Identiv Cloud 4701 F
- Identiv SCL3711
- Identiv Cloud 3700 F
- Identiv CLOUD 4700 F
- ST-1200-CR3 / ST-1275
- SDI Cloud uTrust 4700 F
- ACR1252U
- OMNIKEY 5021 CL
- OMNIKEY 5421
- cyberJack wave (via USB)
Aktuelle Informationen zu Kartenlesern finden Sie auf unserer Webseite:
https://www.ausweisapp.bund.de/informieren/voraussetzungen/
Karten
""""""
- Neuer Personalausweis
- Elektronischer Aufenthaltstitel

51
docs/releasenotes/versions.rst 100644
View File

@ -0,0 +1,51 @@
Versionen
=========
Versionszweig 1.10
------------------
.. toctree::
:maxdepth: 1
1.10.3
1.10.2
1.10.1
1.10.0
Versionszweig 1.8
-----------------
.. toctree::
:maxdepth: 1
1.8.0
Versionszweig 1.6
-----------------
.. toctree::
:maxdepth: 1
1.6.3
1.6.2
1.6.1
1.6.0
Versionszweig 1.2
-----------------
.. toctree::
:maxdepth: 1
1.2.2
1.2.1
1.2.0
Versionszweig 1.0
-----------------
.. toctree::
:maxdepth: 1
1.0.2
1.0.1
1.0.0

668
docs/sdk/android.rst 100644
View File

@ -0,0 +1,668 @@
Android
=======
This chapter deals with the Android specific properties of the AusweisApp2 SDK.
The AusweisApp2 core is encapsulated into an **Android service** which is
running in the background without a user interface. This service is interfaced
via an Android specific interprocess communication (IPC) mechanism. The basics
of this very mechanism - the **Android Interface Definition Language** (AIDL) -
are introduced in the following section. The following section deals with the
cryptographic verification of the SDKs authenticity. This step is necessary to
ensure that the SDK has not been modified in a malicious way. Subsequent
sections deal with the SDK interface itself and explain which steps are
necessary in order to talk to the AusweisApp2 SDK.
.. _android_import_aidl:
Import the AIDL files
---------------------
Android provides an interprocess communication (IPC) mechanism which is based on
messages consisting of primitive types.
In order to abstract from this very basic mechanism, there is the Android
Interface Definition Language (AIDL).
It allows the definition of Java like interfaces.
The Android SDK generates the necessary interface implementations from supplied
AIDL files in order to perform IPC, as if this function had been called directly
in the current process.
In order to interact with the AusweisApp2 SDK there are two AIDL interfaces.
The first one is given to the client application by the SDK and allows the
client to establish a session with the SDK,
to send JSON commands to the SDK and to pass discovered NFC tags to the SDK.
The second AIDL interface is given to the SDK by the client application. It
enables the client to receive the intial session parameters as well as
JSON messages
from the SDK. Both interfaces are listed below and you need to import them into
your build environment.
.. seealso::
https://developer.android.com/guide/components/aidl.html
Interface
^^^^^^^^^
.. code-block:: java
package com.governikus.ausweisapp2;
import com.governikus.ausweisapp2.IAusweisApp2SdkCallback;
import android.nfc.Tag;
interface IAusweisApp2Sdk
{
boolean connectSdk(IAusweisApp2SdkCallback pCallback);
boolean send(String pSessionId, String pMessageFromClient);
boolean updateNfcTag(String pSessionId, in Tag pTag);
}
Callback
^^^^^^^^
.. code-block:: java
package com.governikus.ausweisapp2;
interface IAusweisApp2SdkCallback
{
void sessionIdGenerated(String pSessionId, boolean pIsSecureSessionId);
void receive(String pJson);
}
Verify the authenticity of AusweisApp2
--------------------------------------
Fingerprint
^^^^^^^^^^^
In order to verify that the AusweisApp2 SDK is authentic and has not been
modified in a malicious way, it is required to verify its authenticity
before establishing a connection with it.
Each Android application is signed by a distribution certificate which
ensures its authenticity. During the installation of an application
Android verifies that it has been correctly signed with the supplied
distribution certificate.
So everything the client has to do in order to verify the authenticity
is to verify that the correct certificate has been used. The **SHA256**
fingerprint of the authentic SDK certificate is the following:
.. code-block:: text
B0:2A:C7:6B:50:A4:97:AE:81:0A:EA:C2:25:98:18:7B:3D:42:90:27:7D:08:51:A7:FA:8E:1A:EA:5A:97:98:70
Example
^^^^^^^
The following example code demonstrates how the certificate
hash value of a signed application on Android can be verified.
.. code-block:: java
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
public class AusweisApp2Validator
{
private static final String PACKAGE = "com.governikus.ausweisapp2";
private static final String FINGERPRINT = "..." // see above;
public boolean isValid()
{
final PackageManager m = getPackageManager();
PackageInfo info;
try {
info = m.getPackageInfo(PACKAGE, PackageManager.GET_SIGNATURES);
} catch (PackageManager.NameNotFoundException e) {
return false;
}
// What the API names signatures are actually the signing certificates.
Signature certificates[] = info.signatures;
String computed = computeHashHexString("SHA256", certificates[0]);
return FINGERPRINT.equalsIgnoreCase(computed);
}
}
.. _android_binding_service:
Binding to the service
----------------------
In order to start the AusweisApp2 SDK it is necessary to bind to the
Android service supplied by the SDK.
This binding fulfils two purposes:
- First it starts the SDK.
- Second it enables the client to establish an IPC connection as mentioned above.
Due to the nature of an Android service, there can be only one instance of
the SDK running. If multiple clients bind to the service, they are interacting
with the same instance of the service.
The service is terminated once all previously bound clients are unbound.
To differentiate between different connected clients, virtual sessions are used
once the binding is completed. These sessions are discussed in a separate
section, section :ref:`android_create_session`.
Create connection
^^^^^^^^^^^^^^^^^
First of all, in order to bind to the service, one needs to instantiate an
Android ServiceConnection.
Subsequently, the object is passed to the Android API and the contained
methods are invoked
by Android on service connection and disconnection.
.. code-block:: java
import android.content.ServiceConnection;
// [...]
ServiceConnection mConnection = new ServiceConnection()
{
@Override
public void onServiceConnected(ComponentName className, IBinder service)
{
// ... details below
}
@Override
public void onServiceDisconnected(ComponentName className)
{
// ... details below
}
}
Bind service to raw connection
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In order to perform the actual binding a directed Intent, which identifies
the AusweisApp2 SDK, is created.
This Intent is send to
the Android API along with the ServiceConnection created above.
This API call either starts up the SDK if it is the first client,
or connects to the running SDK instance
if there is already another client bound.
.. code-block:: java
import android.app.Activity;
import android.content.Context;
import android.content.Intent;
// [...]
String name = "com.governikus.ausweisapp2.START_SERVICE";
Intent serviceIntent = new Intent(name);
serviceIntent.setPackage("com.governikus.ausweisapp2");
bindService(serviceIntent, mConnection, Context.BIND_AUTO_CREATE);
.. seealso::
https://developer.android.com/guide/components/bound-services.html
https://developer.android.com/reference/android/app/Activity.html
Redirect to Play Store
^^^^^^^^^^^^^^^^^^^^^^
It is necessary that AusweisApp2 is installed in order to use the SDK.
It is recommended to check and display a message in case the user needs
to install AusweisApp2 first. Also, the user should be redirected to
the Play Store entry to find the app.
.. code-block:: java
import android.content.ActivityNotFoundException;
import android.content.pm.ResolveInfo;
import android.net.Uri;
import java.util.List;
PackageManager m = getPackageManager();
List<ResolveInfo> list = m.queryIntentServices(serviceIntent, PackageManager.MATCH_ALL);
if (list == null || list.isEmpty())
{
final String name = "com.governikus.ausweisapp2";
try {
startActivity(new Intent(Intent.ACTION_VIEW, Uri.parse("market://details?id=" + name)));
} catch (ActivityNotFoundException e) {
// Use the browser if Play Store is not installed, too!
startActivity(new Intent(Intent.ACTION_VIEW, Uri.parse("https://play.google.com/store/apps/details?id=" + name)));
}
}
.. _android_init_aidl:
Initializing the AIDL connection
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Once the Android service of the AusweisApp2 SDK is successfully started
and bound to by the client,
the Android system calls the onServiceConnected method of the ServiceConnection
created and supplied above.
This method receives an instance of the IBinder Android service interface.
The IBinder is then used by the client application to initialize the auto
generated AIDL stub
in order to use the AIDL IPC mechanism.
The used stub is supposed to be auto generated by the Android SDK if you have
properly configured your build environment.
The stub initialization returns an instance of **IAusweisApp2Sdk** which is used
to interact with the SDK.
The example below stores this instance in the member variable mSdk.
.. code-block:: java
import android.content.ComponentName;
import android.content.ServiceConnection;
import android.os.IBinder;
import com.governikus.ausweisapp2.IAusweisApp2Sdk;
// [...]
IAusweisApp2Sdk mSdk;
ServiceConnection mConnection = new ServiceConnection(){
@Override
public void onServiceConnected(ComponentName className, IBinder service)
{
try {
mSdk = IAusweisApp2Sdk.Stub.asInterface(service);
} catch (ClassCastException|RemoteException e) {
// ...
}
}
@Override
public void onServiceDisconnected(ComponentName className)
{
mSdk = null;
}
}
.. seealso::
:ref:`android_import_aidl`
.. _android_create_session:
Create session to AusweisApp2
-----------------------------
Once your client is bound to the AusweisApp2 SDK service and you have initialized
the AIDL IPC mechanism, you are ready to use the actual SDK API.
Since the Android system does not allow to limit the number of clients which
can connect to a service, the SDK API uses custom **sessions** to manage the
connected clients. There is a maximum of one established session at a time.
In order to open a session with the SDK you need to pass an
instance of **IAusweisApp2SdkCallback** to the **connectSdk** function of your
previously acquired instance of **IAusweisApp2Sdk**. If your callback is accepted,
the function returns true. Otherwise there is another session connected.
Sessions will be disconnected once the IBinder instance of the connected client is
invalidated or another communication error occurs. Please see
:ref:`android_disconnect_sdk` for instructions to gracefully disconnect from the SDK.
If you have successfully established a session, the **sessionIdGenerated** function
of your callback is invoked. With this invocation you receive two arguments.
**pIsSecureSessionId** is true if the SDK was able to gather enough entropy in
order to generate a secure random session ID. If it is false, there is no
session ID passed. There is nothing you can do about such an error. It results from
a problem with the random number generator, which in turn is very likely the result of
an ongoing local attack. The device should be considered manipulated and the user should be
informed.
On success **pSessionId** holds the actual session ID generated by the SDK.
This ID is used to identify your session and you need to pass it to all future SDK
function invocations of this session.
The listing below shows an example for an instantiation of IAusweisApp2SdkCallback
and establishing a session.
.. code-block:: java
import com.governikus.ausweisapp2.IAusweisApp2Sdk;
import com.governikus.ausweisapp2.IAusweisApp2SdkCallback;
// [...]
LocalCallback mCallback = new LocalCallback();
class LocalCallback extends IAusweisApp2SdkCallback.Stub
{
public String mSessionID = null;
@Override
public void sessionIdGenerated(
String pSessionId, boolean pIsSecureSessionId) throws RemoteException
{
mSessionID = pSessionId;
}
@Override
public void receive(String pJson) throws RemoteException
{
// handle message from SDK
}
}
// [...]
try
{
if (!mSdk.connectSdk(mCallback))
{
// already connected? Handle error...
}
}
catch (RemoteException e)
{
// handle exception
}
.. seealso::
:ref:`android_init_aidl`
:ref:`android_disconnect_sdk`
Send command
^^^^^^^^^^^^
In order to send a JSON command to the AusweisApp2 SDK, you need to invoke
the **send** function of your instance of **IAusweisApp2Sdk**. For this command
to be processed by the SDK you need to supply the session ID which you have
previously received. The listing below shows an example.
.. code-block:: java
String cmd = "{\"cmd\": \"GET_INFO\"}";
try
{
if (!mSdk.send(mCallback.mSessionID, cmd))
{
// disconnected? Handle error...
}
}
catch (RemoteException e)
{
// handle exception
}
Receive message
^^^^^^^^^^^^^^^
Messages from the AusweisApp2 SDK are passed to you via the same instance of
**IAusweisApp2SdkCallback** in which you have received the session ID.
The **receive** method is called each time the SDK sends a message.
.. seealso::
:ref:`android_create_session`
.. _android_disconnect_sdk:
Disconnect from SDK
-------------------
In order to disconnect from the AusweisApp2 SDK you need to invalidate your
instance of **IBinder**. There are two possibilities to do this. The first
one is to unbind from the SDK Android service to undo your binding, like
shown in the code listing below. The second one is to return false in the
**pingBinder** function of your IBinder instance.
.. code-block:: java
unbindService(mConnection);
.. seealso::
:ref:`android_binding_service`
https://developer.android.com/reference/android/os/IBinder.html
.. _android_nfc_tags:
Passing NFC tags to the SDK
---------------------------
NFC tags can only be detected by applications which have a foreground window
on the Android platform. A common workaround for this problem is
to equip background services with a transparent window which is shown
to dispatch NFC tags.
However, if there are multiple applications installed, which are capable
of dispatching NFC tags, the Android system will display an **App Chooser**
for each discovered tag enabling the user to select the appropriate application
to handle the NFC tag. To have such a chooser
display the name and image of the client application instead of the SDK,
the client application is required to dispatch discovered NFC tags and to
pass them to the SDK.
Furthermore, this interface design enables the client application to do
**foreground dispatching** of NFC tags. If the active application registers itself for
foreground dispatching, it receives discovered NFC tags directly without
Android displaying an App Chooser.
Permissions in AndroidManifest.xml
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The client applications needs to register the NFC permission as shown in the
listing below in order to access the NFC reader hardware.
.. code-block:: xml
<uses-permission android:name="android.permission.NFC"/>
.. seealso::
https://developer.android.com/guide/topics/security/permissions.html
Intent-Filter in AndroidManifest.xml
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In order to be informed about attached NFC tags by Android, the client
application is required to register an intent filter. The appropriate
filter is shown in the listing below.
.. code-block:: xml
<intent-filter>
<action android:name="android.nfc.action.TECH_DISCOVERED" />
</intent-filter>
<meta-data android:name="android.nfc.action.TECH_DISCOVERED" android:resource="@xml/nfc_tech_filter" />
.. seealso::
https://developer.android.com/guide/components/intents-filters.html
NFC Technology Filter
^^^^^^^^^^^^^^^^^^^^^
Since there are many different kinds of NFC tags, Android requires the
application to register a technology filter for the kind of tags the application
wants to receive. The proper filter for the German eID card is shown
in the listing below.
.. code-block:: xml
<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
<tech-list>
<tech>android.nfc.tech.IsoDep</tech>
</tech-list>
</resources>
Implementation
^^^^^^^^^^^^^^
As it is common on the Android platform, information is send to applications
encapsulated in instances of the **Intent** class. In order to process newly
discovered NFC tags, Intents which are given to the application need to be
checked for the parcelable NFC extra as shown in the code listing below.
Subsequently the client is required to send them to the AusweisApp2 SDK by
calling the **updateNfcTag** method (of) the previously acquired **IAusweisApp2Sdk**
instance.
The listing below shows an example for the described process.
.. code-block:: java
import android.content.Intent;
import android.nfc.NfcAdapter;
import android.nfc.Tag;
import com.governikus.ausweisapp2.IAusweisApp2Sdk;
import com.governikus.ausweisapp2.IAusweisApp2SdkCallback;
// [...]
void handleIntent(Intent intent)
{
final Tag tag = intent.getParcelableExtra(NfcAdapter.EXTRA_TAG);
if (tag != null)
{
try {
mSdk.updateNfcTag(mCallback.mSessionID, tag);
} catch (RemoteException e) {
// ...
}
}
}
Dispatching NFC tags in foreground
----------------------------------
As already mentioned under :ref:`android_nfc_tags`, an App Chooser is displayed
for discovered NFC tags by Android if multiple applications which are able to
dispatch NFC tags are installed. An application can suppress this App Chooser
if it registers itself for **foreground dispatching** at runtime. This way NFC
tags are send directly to the registered application without a chooser being
displayed. An example implementation of the required steps in order to register
are shown in code listing below.
.. code-block:: java
import android.app.Activity;
import android.nfc.NfcAdapter;
import android.content.Intent;
import android.app.PendingIntent;
import android.content.IntentFilter;
import android.nfc.tech.IsoDep;
class ForegroundDispatcher
{
private Activity mActivity;
private NfcAdapter mAdapter;
private PendingIntent mPendingIntent;
private IntentFilter[] mFilters;
private String[][] mTechLists;
ForegroundDispatcher(Activity pActivity)
{
mActivity = pActivity;
mAdapter = NfcAdapter.getDefaultAdapter(mActivity);
Intent intent = new Intent(mActivity, mActivity.getClass()).
addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP);
mPendingIntent = PendingIntent.getActivity(mActivity, 0, intent, 0);
mFilters = new IntentFilter[] {
new IntentFilter(NfcAdapter.ACTION_TECH_DISCOVERED)
};
mTechLists = new String[][] { new String[] {
IsoDep.class.getName()
} };
}
void enable()
{
mAdapter.enableForegroundDispatch(mActivity,
mPendingIntent,
mFilters,
mTechLists);
}
void disable()
{
mAdapter.disableForegroundDispatch(mActivity);
}
}
// [...]
ForegroundDispatcher mDispatcher = new ForegroundDispatcher(this);
The example implementation from above needs to be invoked when the application
is brought to foreground and when it looses focus. An example for appropriate
places are the **onResume** and the **onPause** methods of Activities as shown
in the code listing below.
.. code-block:: java
@Override
public void onResume()
{
super.onResume();
mDispatcher.enable();
}
@Override
public void onPause()
{
super.onPause();
mDispatcher.disable();
}
.. seealso::
https://developer.android.com/reference/android/app/Activity.html#ActivityLifecycle

330
docs/sdk/commands.rst 100644
View File

@ -0,0 +1,330 @@
Commands
--------
Your application (client) can send some commands (**cmd**) to
control the AusweisApp2. The AusweisApp2 (server) will send
some proper :doc:`messages` during the whole workflow or as an
answer to your command.
.. _get_info:
GET_INFO
^^^^^^^^
Returns information about the current installation of AusweisApp2.
The AusweisApp2 will send an :ref:`info` message as an answer.
.. code-block:: json
{"cmd": "GET_INFO"}
.. _get_api_level:
GET_API_LEVEL
^^^^^^^^^^^^^
Returns information about the available and current API level.
The AusweisApp2 will send an :ref:`api_level` message as an answer.
.. code-block:: json
{"cmd": "GET_API_LEVEL"}
.. _set_api_level:
SET_API_LEVEL
^^^^^^^^^^^^^
Set supported API level of your application.
If you initially develop your application against the
AusweisApp2 SDK you should check with :ref:`get_api_level`
the highest supported level and set this value with this command
if you connect to the SDK. This will set the SDK to act with
the defined level even if a newer level is available.
The AusweisApp2 will send an :ref:`api_level` message as an answer.
- **level**:
Supported API level of your app.
.. code-block:: json
{
"cmd": "SET_API_LEVEL",
"level": 1
}
.. _get_reader:
GET_READER
^^^^^^^^^^
Returns information about the requested reader.
If you explicitly want to ask for information of a known
reader name you can request it with this command.
The AusweisApp2 will send a :ref:`reader` message as an answer.
- **name**:
Name of the reader.
.. code-block:: json
{
"cmd": "GET_READER",
"name": "NAME OF THE READER"
}
GET_READER_LIST
^^^^^^^^^^^^^^^
Returns information about all connected readers.
If you explicitly want to ask for information of all connected
readers you can request it with this command.
The AusweisApp2 will send a :ref:`reader_list` message as an answer.
.. code-block:: json
{"cmd": "GET_READER_LIST"}
.. _run_auth:
RUN_AUTH
^^^^^^^^
Starts an authentication.
The AusweisApp2 will send a :ref:`auth` message when the authentication is started.
- **tcTokenURL**:
URL to the TcToken. This is equal to the desktop style activation URL.
*(http://127.0.0.1:24727/eID-Client?tcTokenURL=)*
.. code-block:: json
{
"cmd": "RUN_AUTH",
"tcTokenURL": "https://test.governikus-eid.de/Autent-DemoApplication/RequestServlet?provider=demo_epa_20&redirect=true"
}
.. note::
This command is allowed only if the AusweisApp2 has no running
authentication. Otherwise you will get a :ref:`bad_state`
message as an answer.
.. _get_access_rights:
GET_ACCESS_RIGHTS
^^^^^^^^^^^^^^^^^
Returns information about the requested access rights.
The AusweisApp2 will send an :ref:`access_rights` message as an answer.
.. code-block:: json
{"cmd": "GET_ACCESS_RIGHTS"}
.. note::
This command is allowed only if the AusweisApp2 sends an initial
:ref:`access_rights` message. Otherwise you will get a :ref:`bad_state`
message as an answer.
.. _set_access_rights:
SET_ACCESS_RIGHTS
^^^^^^^^^^^^^^^^^
Set effective access rights.
By default the **"effective"** access rights are **"optional"** + **"required"**.
If you want to enable or disable some **"optional"** access rights you can
send this command to modify the **effective** access rights.
The AusweisApp2 will send an :ref:`access_rights` message as an answer.
- **raw**:
List of enabled **optional** access rights. If you send an empty **[]**
all **optional** access rights are disabled.
.. code-block:: json
{
"cmd": "SET_ACCESS_RIGHTS",
"raw": []
}
.. note::
This command is allowed only if the AusweisApp2 sends an initial
:ref:`access_rights` message. Otherwise you will get a :ref:`bad_state`
message as an answer.
.. _get_certificate:
GET_CERTIFICATE
^^^^^^^^^^^^^^^
Returns the certificate of current authentication.
The AusweisApp2 will send a :ref:`certificate` message as an answer.
.. code-block:: json
{"cmd": "GET_CERTIFICATE"}
.. note::
This command is allowed only if the AusweisApp2 sends an initial
:ref:`access_rights` message. Otherwise you will get a :ref:`bad_state`
message as an answer.
.. _cancel:
CANCEL
^^^^^^
Cancel the whole workflow.
If your application sends this command the AusweisApp2 will cancel the
workflow. You can send this command in any state of a running workflow
to abort it.
.. code-block:: json
{"cmd": "CANCEL"}
.. note::
This command is allowed only if the AusweisApp2 started an authentication.
Otherwise you will get a :ref:`bad_state` message as an answer.
.. _accept:
ACCEPT
^^^^^^
Accept the current state.
If the AusweisApp2 will send the message :ref:`access_rights` the user
needs to **accept** or **deny**. So the workflow is paused until
your application sends this command to accept the requested information.
If the user does not accept the requested information your application
needs to send the command :ref:`cancel` to abort the whole workflow.
This command will be used later for additional requested information
if the AusweisApp2 needs to pause the workflow. In :ref:`api_level` v1
only :ref:`access_rights` needs to be accepted.
.. code-block:: json
{"cmd": "ACCEPT"}
.. note::
This command is allowed only if the AusweisApp2 sends an initial
:ref:`access_rights` message. Otherwise you will get a :ref:`bad_state`
message as an answer.
.. _set_pin:
SET_PIN
^^^^^^^
Set PIN of inserted card.
If the AusweisApp2 sends message :ref:`enter_pin` you need
to send this command to unlock the card with the PIN.
The AusweisApp2 will send an :ref:`enter_pin` message on error
or message :ref:`enter_can` if the retryCounter of the card
is decreased to **1**.
For detailed information see message :ref:`enter_pin`.
If the PIN was correct, the workflow will continue.
- **pin**: The personal identification number of the card.
This must be 6 digits.
.. code-block:: json
{
"cmd": "SET_PIN",
"pin": "123456"
}
.. note::
This command is allowed only if the AusweisApp2 sends an initial
:ref:`enter_pin` message. Otherwise you will get a :ref:`bad_state`
message as an answer.
.. _set_can:
SET_CAN
^^^^^^^
Set CAN of inserted card.
If the AusweisApp2 sends message :ref:`enter_can` you need
to send this command to unlock the last retry of :ref:`set_pin`.
The AusweisApp2 will send an :ref:`enter_can` message on error.
Otherwise the workflow will continue with :ref:`enter_pin`.
- **can**: The card access number of the card.
This must be 6 digits.
.. code-block:: json
{
"cmd": "SET_CAN",
"can": "123456"
}
.. note::
This command is allowed only if the AusweisApp2 sends an initial
:ref:`enter_can` message. Otherwise you will get a :ref:`bad_state`
message as an answer.

168
docs/sdk/conf.py.in 100644
View File

@ -0,0 +1,168 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
import os
import shlex
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
needs_sphinx = '1.4'
# If true, figures, tables and code-blocks are automatically numbered
# if they has caption. For now, it works only with the HTML builder.
# Default is False.
numfig = True
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = []
locale_dirs = ['@SPHINX_DOCS_DIR@/locales/']
gettext_additional_targets = ['image']
gettext_location = False
gettext_compact = True
# Add any paths that contain templates here, relative to this directory.
#templates_path = ['@SPHINX_DOCS_DIR@/_templates']
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = 'AusweisApp2 SDK'
copyright = '2016, Governikus GmbH & Co. KG'
author = 'Governikus GmbH & Co. KG'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '@PROJECT_VERSION@'
# The full version, including alpha/beta/rc tags.
release = '@VERSION_DVCS@'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = 'en'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
#exclude_patterns = ['']
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
html_favicon = '@SPHINX_DOCS_DIR@/../../resources/images/npa.ico'
#html_theme_path = ['@SPHINX_DOCS_DIR@/_themes']
#html_theme = 'appcast'
html_theme = 'sphinx_rtd_theme'
# If false, no module index is generated.
html_domain_indices = True
# If false, no index is generated.
html_use_index = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
html_show_sphinx = False
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
html_show_copyright = True
html_scaled_image_link = False
# Output file base name for HTML help builder.
htmlhelp_basename = 'AusweisApp2ReleaseNotes'
html_context = {
'display_github': False,
'display_bitbucket': False,
'show_source': False,
'html_show_sourcelink': False,
}
html_add_permalinks = ""
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
'papersize': 'a4paper',
# The font size ('10pt', '11pt' or '12pt').
'pointsize': '11pt',
# Additional stuff for the LaTeX preamble.
'preamble': '''
\hypersetup{pdfauthor={Governikus GmbH \& Co. KG},
pdftitle={AusweisApp2},
pdfsubject={SDK},
pdfkeywords={sdk, api},
pdfproducer={LaTeX},
pdfcreator={Sphinx}
}
''',
# Override tableofcontents
'tableofcontents': '''
\\tableofcontents
\\newpage
\\pagestyle{plain}
\\pagenumbering{arabic}
''',
# Latex figure (float) alignment
'figure_align': 'H',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, 'AusweisApp2_SDK.tex', 'AusweisApp2 SDK',
'Governikus GmbH \& Co. KG', 'howto'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
latex_logo = '@SPHINX_DOCS_DIR@/../../resources/images/android/xhdpi/npa.png'
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# If true, show page references after internal links.
latex_show_pagerefs = True
# If true, show URL addresses after external links.
latex_show_urls = 'footnote'
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True

52
docs/sdk/index.rst 100644
View File

@ -0,0 +1,52 @@
.. only:: html
.. image:: ../../resources/images/AppLogo_AutentApp2_2014.png
:alt: AusweisApp2
:align: center
:width: 200pt
|
Table of contents
-----------------
.. toctree::
:maxdepth: 2
intro
.. raw:: latex
\clearpage
.. toctree::
:maxdepth: 3
:caption: Connection
android
.. raw:: latex
\clearpage
.. toctree::
:maxdepth: 2
:caption: Protocol
commands
messages
workflow

32
docs/sdk/intro.rst 100644
View File

@ -0,0 +1,32 @@
Introduction
============
This documentation will explain how to initialize and start up
the AusweisApp2 as an additional service. It distinguishes between
a connection to the application and the communication between your
application and AusweisApp2.
The section "Connection" will show you what you need to do to
set up a connection to AusweisApp2. Once you have established
a connection you can send and receive JSON documents in a
bi-directional manner.
There are different commands and messages. These are listed
and described in the section "Protocol". The protocol
is split up in :doc:`commands` and :doc:`messages`. Commands
will be sent by your application to control AusweisApp2.
Messages contain additional information to your command
or will be sent as an event.
Also this documentation provides some example workflows to
show a possible communication.
Recommended
-----------
The SDK uses JSON as the communication protocol.
It is recommended to use an existing library for this.
- **Java**: `Google GSON <https://github.com/google/gson>`_
- **C++**: `JsonCPP <https://github.com/open-source-parsers/jsoncpp>`_

587
docs/sdk/messages.rst 100644
View File

@ -0,0 +1,587 @@
Messages
--------
The AusweisApp2 (server) will send some proper
messages (**msg**) to your application (client)
during the whole workflow or as an answer to
your :doc:`commands`.
.. _access_rights:
ACCESS_RIGHTS
^^^^^^^^^^^^^
This message will be send by AusweisApp2 once the authentication is started
by :ref:`run_auth` and the AusweisApp2 got the certificate from the service.
If your application receives this message you can call :ref:`set_access_rights`
to change some optional access rights or you can call :ref:`get_access_rights`
to get this message again.
Also you can call :ref:`get_certificate` to get the certificate to show this
to your user.
The workflow will continue if you call :ref:`accept` to indicate that the
user accepted the requested access rights or call :ref:`cancel` to abort
the whole workflow.
- **error**: This optional parameter indicates an error of a :ref:`set_access_rights` call
if the command contained invalid data.
- **raw**: Access rights of the service provider.
- **effective**: Indicates the enabled access rights of **optional** and **required**.
- **optional**: These rights are optional and can be enabled or disabled by :ref:`set_access_rights`.
- **required**: These rights are mandatory and cannot be disabled.
.. code-block:: json
{
"msg": "ACCESS_RIGHTS",
"error": "some optional error message",
"raw":
{
"effective": [24,20,16,15,14,12,11,10,9,8,2,0],
"optional": [15],
"required": [24,20,16,14,12,11,10,9,8,2,0]
}
}
.. seealso::
`TR-03110`_, part 4, chapter 2.2.3
.. _TR-03110: https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html
.. _api_level:
API_LEVEL
^^^^^^^^^
This message will be send if :ref:`get_api_level` or :ref:`set_api_level` is called.
It lists all **available** API levels that can be used and set by :ref:`set_api_level`.
Also it indicates the **current** selected API level.
- **error**: Optional error message if :ref:`SET_API_LEVEL` failed.
- **available**: List of supported API level by this version.
- **current**: Currently selected API level.
.. code-block:: json
{
"msg": "API_LEVEL",
"error": "optional error message like an invalid level",
"available": [1,2,3,4],
"current": 4
}
Your application should always set the compatible API level. The AusweisApp2
will support multiple API levels to give you enough time to add support
for the new API.
Even if you added support for the new API, your application should still support
the old API level in case the user updates your application but
does not update the AusweisApp2. Otherwise you need to show a message to the user
that they need to update the AusweisApp2.
The API level will be increased for **incompatible** changes only. If we can add
additional commands, messages or information without breaking the previous API
you can check the application version with :ref:`get_info` to know if the
current version supports your requirements.
This documentation will mark every API change with a flag like the following:
- New in version 1.10.0.
- Changed in version 1.10.0.
- Deprecated since version 1.10.0.
.. _auth:
AUTH
^^^^
This message will be send by AusweisApp2 if an authentication
is initially started. The next message should be :ref:`access_rights`
or :ref:`auth` again if the authentication immediately results
in an error.
If you receive an :ref:`auth` message with a parameter **error**
your command :ref:`run_auth` was invalid and the workflow was not
started at all.
- **error**: Optional error message if :ref:`run_auth` failed.
.. code-block:: json
{
"msg": "AUTH",
"error": "error message if RUN_AUTH failed"
}
If the workflow is finished the AusweisApp2 will send a message with
a result and an url parameter to indicate the end of an authentication.
- **result**: The final result of authentication.
- **major**: Major "error" code.
- **minor**: Minor error code.
- **language**: Language of description and message. AusweisApp2 will
use "de" for German system locale or "en" as the fall back.
- **description**: Description of the error message.
- **message**: The error message.
- **url**: Refresh url or communication error address.
.. code-block:: json
{
"msg": "AUTH",
"result":
{
"major": "http://www.bsi.bund.de/ecard/api/1.1/resultmajor#ok"
},
"url": "https://test.governikus-eid.de/gov_autent/async?refID=_123456789"
}
.. code-block:: json
{
"msg": "AUTH",
"result":
{
"major": "http://www.bsi.bund.de/ecard/api/1.1/resultmajor#error",
"minor": "http://www.bsi.bund.de/ecard/api/1.1/resultminor/al/common#internalError",
"language": "en",
"description": "An internal error has occurred during processing.",
"message": "The ID card has been removed. The process is aborted."
},
"url": "https://test.governikus-eid.de/gov_autent/async?refID=_abcdefgh"
}
.. _bad_state:
BAD_STATE
^^^^^^^^^
Indicates that your previous command was send in an invalid state.
Some commands can be send to the server only if certain "state"
is reached in the workflow to obtain the corresponding result.
Otherwise the command will fail with :ref:`bad_state`.
For example, you cannot send :ref:`get_certificate` if there is no
authentication in progress.
- **error**: Name of the received command that is invalid in this state.
.. code-block:: json
{
"msg": "BAD_STATE",
"error": "NAME_OF_YOUR_COMMAND"
}
.. _certificate:
CERTIFICATE
^^^^^^^^^^^
Provides information about the used certificate.
- **description**: Detailed description of the certificate.
- **issuerName**: Name of the certificate issuer.
- **issuerUrl**: URL of the certificate issuer.
- **subjectName**: Name of the certificate subject.
- **subjectUrl**: URL of the certificate subject.
- **termsOfUsage**: Raw certificate information about
the terms of usage.
- **validity**: Validity dates of the certificate in UTC.
- **effectiveDate**: Certificate is valid since this date.
- **expirationDate**: Certificate is invalid after this date.
.. code-block:: json
{
"msg": "CERTIFICATE",
"description":
{
"issuerName": "Governikus Test DVCA",
"issuerUrl": "http://www.governikus.de",
"subjectName": "Governikus GmbH & Co. KG",
"subjectUrl": "https://test.governikus-eid.de",
"termsOfUsage": "Anschrift:\t\r\nGovernikus GmbH & Co. KG\r\nAm Fallturm 9\r\n28359 Bremen\t\r\n\r\nE-Mail-Adresse:\thb@bos-bremen.de\t\r\n\r\nZweck des Auslesevorgangs:\tDemonstration des eID-Service\t\r\n\r\nZuständige Datenschutzaufsicht:\t\r\nDie Landesbeauftragte für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen\r\nArndtstraße 1\r\n27570 Bremerhaven"
},
"validity":
{
"effectiveDate": "2016-07-31",
"expirationDate": "2016-08-30"
}
}
.. _enter_can:
ENTER_CAN
^^^^^^^^^
Indicates that a CAN is required to continue workflow.
If the AusweisApp2 will send this message you need to
provide the CAN of inserted card with :ref:`set_can`.
The workflow will automatically continue if the CAN
was correct and the AuweisApp2 will send a :ref:`enter_pin` message.
If the correct CAN is entered the retryCounter will still be **1**.
If your application provides an invalid :ref:`set_can` command
the AusweisApp2 will send an :ref:`enter_can` message with an error
parameter.
If your application provides a valid :ref:`set_can` command
and the CAN was incorrect the AusweisApp2 will send :ref:`enter_can`
again but without an error parameter.
- **error**: Optional error message if your command :ref:`set_can`
was invalid.
- **reader**: Information about the used card and card reader.
Please see message :ref:`READER` for details.
.. code-block:: json
{
"msg": "ENTER_CAN",
"error": "You must provide 6 digits",
"reader":
{
"name": "NFC",
"attached": true,
"card":
{
"inserted": true,
"deactivated": false,
"retryCounter": 1
}
}
}
.. _enter_pin:
ENTER_PIN
^^^^^^^^^
Indicates that a PIN is required to continue the workflow.
If the AusweisApp2 sends this message, you will have to
provide the PIN of inserted card with :ref:`set_pin`.
The workflow will automatically continue if the PIN
was correct. Otherwise you will receive another message :ref:`enter_pin`.
If the correct PIN is entered the retryCounter will be set to **3**.
If your application provides an invalid :ref:`set_pin` command
the AusweisApp2 will send an :ref:`enter_pin` message with an error
parameter and the retryCounter of the card is **not**
decreased.
If your application provides a valid :ref:`set_pin` command
and the PIN was incorrect the AusweisApp2 will send :ref:`enter_pin`
again with a decreased retryCounter but without an error parameter.
If the value of retryCounter is **1** the AusweisApp2 will initially send an
:ref:`enter_can` message. Once your application provides a correct CAN the
AusweisApp2 will send an :ref:`enter_pin` again with a retryCounter of **1**.
- **error**: Optional error message if your command :ref:`set_pin`
was invalid.
- **reader**: Information about the used card and card reader.
Please see message :ref:`READER` for details.
.. code-block:: json
{
"msg": "ENTER_PIN",
"error": "You must provide 6 digits",
"reader":
{
"name": "NFC",
"attached": true,
"card":
{
"inserted": true,
"deactivated": false,
"retryCounter": 3
}
}
}
.. _info:
INFO
^^^^
Provides information about the AusweisApp2.
Especially if you want to get a specific **Implementation-Version**
to check if the current installation supports some additional
:doc:`commands` or :doc:`messages`.
Also you should check the :ref:`api_level` as it will be
increased for **incompatible** changes.
- **VersionInfo**: Structure of version information.
- **Name**: Application name.
- **Implementation-Title**: Title of implementation.
- **Implementation-Vendor**: Vendor of implementation.
- **Implementation-Version**: Version of implementation.
- **Specification-Title**: Title of specification.
- **Specification-Vendor**: Vendor of specification.
- **Specification-Version**: Version of specification.
.. code-block:: json
{
"msg": "INFO",
"VersionInfo":
{
"Name": "AusweisApp2",
"Implementation-Title": "AusweisApp2",
"Implementation-Vendor": "Governikus GmbH & Co. KG",
"Implementation-Version": "1.10.0",
"Specification-Title": "TR-03124",
"Specification-Vendor": "Federal Office for Information Security",
"Specification-Version": "1.2"
}
}
.. _insert_card:
INSERT_CARD
^^^^^^^^^^^
Indicates that the AusweisApp2 requires a card to continue.
If the AusweisApp2 needs a card to continue the workflow
this message will be send as a notification.
If your application receives this message it should
show a hint to the user.
After the user inserted a card the workflow will automatically
continue. If the user already inserted a card this message
won't be send at all.
This message will also be send if there is no connected card reader.
.. code-block:: json
{"msg": "INSERT_CARD"}
INTERNAL_ERROR
^^^^^^^^^^^^^^
Indicates an internal error.
If your application receives this message you found
a bug. Please report this issue to our support!
- **error**: Optional detailed error message.
.. code-block:: json
{
"msg": "INTERNAL_ERROR",
"error": "Unexpected condition"
}
INVALID
^^^^^^^
Indicates a broken JSON message.
If your application receives this message you
passed a broken JSON structure to the AusweisApp2.
Please fix your JSON document and send it again!
- **error**: Detailed error message.
.. code-block:: json
{
"msg": "INVALID",
"error": "unterminated string (offset: 12)"
}
.. _reader:
READER
^^^^^^
Provides information about a connected or disconnected card reader.
This message will be send by the AusweisApp2 if a card reader was added
or removed to the operating system. Also if a card was inserted into a
card reader or removed from a card reader.
Your application can explicitly check for card reader with :ref:`get_reader`.
- **name**: Identifier of card reader.
- **attached**: Indicates if a card reader is connected or disconnected.
- **card**: Provides information about inserted card.
- **inserted**: True if card inserted, otherwise false.
- **deactivated**: True if eID functionality is deactivated, otherwise false.
- **retryCounter**: Count of possible retries for the PIN. If you enter a PIN
with command :ref:`set_pin` it will be decreased if PIN was incorrect.
.. code-block:: json
{
"msg": "READER",
"name": "NFC",
"attached": true,
"card":
{
"inserted": true,
"deactivated": false,
"retryCounter": 3
}
}
.. _reader_list:
READER_LIST
^^^^^^^^^^^
Provides information about all connected card readers.
- **reader**: A list of all connected card readers. Please
see message :ref:`READER` for details.
.. code-block:: json
{
"msg": "READER_LIST",
"reader":
[
{
"name": "Example reader 1 [SmartCard] (1234567) 01 00",
"attached": true,
"card":
{
"inserted": false
}
},
{
"name": "NFC",
"attached": true,
"card":
{
"inserted": true,
"deactivated": false,
"retryCounter": 3
}
}
]
}
UNKNOWN_COMMAND
^^^^^^^^^^^^^^^
Indicates that the command type is unknown.
If your application receives this message you
passed a wrong command to the AusweisApp2.
Please fix your command and send it again!
Be aware of case sensitive names in :doc:`commands`.
- **error**: Name of the unknown command.
.. code-block:: json
{
"msg": "UNKNOWN_COMMAND"
"error": "get_INFo",
}

109
docs/sdk/workflow.rst 100644
View File

@ -0,0 +1,109 @@
Workflow
--------
This section shows some possible workflows as an example
communication between your application and the AusweisApp2.
The JSON structure can be identified by parameter **cmd**
or parameter **msg** as described in section :doc:`commands`
and section :doc:`messages`.
- **cmd**: Commands are sent by your application.
- **msg**: Messages are sent by the AusweisApp2.
Minimal successful authentication
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The following messages and commands are the minimal
iterations of a successful authentication.
We assume that the user already inserted a card
into the connected card reader.
.. code-block:: json
{"cmd": "RUN_AUTH", "tcTokenURL": "https://test.governikus-eid.de/DEMO"}
{"msg": "AUTH"}
{"msg": "ACCESS_RIGHTS", "raw": {"effective":[24,15,0],"optional":[15],"required":[24,0]}}
{"cmd": "ACCEPT"}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"deactivated":false,"inserted":true,"retryCounter":3},"name":"NFC"}}
{"cmd": "SET_PIN", "pin": "123456"}
{"msg": "AUTH","result": {"major":"http://www.bsi.bund.de/ecard/api/1.1/resultmajor#ok"},"url":"https://test.governikus-eid.de/DEMO/?refID=123456"}
Successful authentication with CAN
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The following messages and commands show possible
iterations if the user enters an incorrect PIN and CAN twice
before entering the correct CAN and PIN.
We assume that the user didn't insert a card
into the connected card reader.
.. code-block:: json
{"cmd": "RUN_AUTH", "tcTokenURL": "https://test.governikus-eid.de/DEMO"}
{"msg": "AUTH"}
{"msg": "ACCESS_RIGHTS", "raw": {"effective":[0],"optional":[],"required":[0]}}
{"cmd": "ACCEPT"}
{"msg": "INSERT_CARD"}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"deactivated":false,"inserted":true,"retryCounter":3},"name":"NFC"}}
{"cmd": "SET_PIN", "pin": "000000"}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"deactivated":false,"inserted":true,"retryCounter":2},"name":"NFC"}}
{"cmd": "SET_PIN", "pin": "000001"}
{"msg": "ENTER_CAN", "reader": {"attached":true,"card":{"deactivated":false,"inserted":true,"retryCounter":1},"name":"NFC"}}
{"cmd": "SET_CAN", "can": "000000"}
{"msg": "ENTER_CAN", "reader": {"attached":true,"card":{"deactivated":false,"inserted":true,"retryCounter":1},"name":"NFC"}}
{"cmd": "SET_CAN", "can": "654321"}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"deactivated":false,"inserted":true,"retryCounter":1},"name":"NFC"}}
{"cmd": "SET_PIN", "pin": "123456"}
{"msg": "AUTH","result": {"major":"http://www.bsi.bund.de/ecard/api/1.1/resultmajor#ok"},"url":"https://test.governikus-eid.de/DEMO/?refID=123456"}
Cancelled authentication
^^^^^^^^^^^^^^^^^^^^^^^^
The following messages and commands show possible
iterations if the user cancels the authentication.
We assume that the user didn't connect the card reader.
.. code-block:: json
{"cmd": "RUN_AUTH", "tcTokenURL": "https://test.governikus-eid.de/DEMO"}
{"msg": "AUTH"}
{"msg": "ACCESS_RIGHTS", "raw": {"effective":[0],"optional":[],"required":[0]}}
{"cmd": "CANCEL"}
{"msg": "AUTH", "result": {"description":"The operation was aborted due to cancellation by user.","language":"en","major":"http://www.bsi.bund.de/ecard/api/1.1/resultmajor#error","message":"The process was cancelled by the user.","minor":"http://www.bsi.bund.de/ecard/api/1.1/resultminor/sal#cancellationByUser"},"url":"https://test.governikus-eid.de/DEMO/?errID=123456"}

440
libs/CMakeLists.txt 100644
View File

@ -0,0 +1,440 @@
CMAKE_MINIMUM_REQUIRED(VERSION 3.1.0)
IF(POLICY CMP0010)
CMAKE_POLICY(SET CMP0010 NEW)
ENDIF()
IF(POLICY CMP0020)
CMAKE_POLICY(SET CMP0020 NEW)
ENDIF()
IF(NOT ANDROID AND NOT IOS)
SET(COMPILER_SEARCH C CXX)
ENDIF()
PROJECT(AusweisApp2_Libs ${COMPILER_SEARCH})
SET(CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/../cmake")
INCLUDE(ExternalProject)
INCLUDE(Helper)
INCLUDE(DVCS)
ADD_FLAG(-fstack-protector-strong -fstack-protector NOQUOTES VAR COMPILER_FLAGS)
IF(MSVC)
FIND_PROGRAM(MAKE nmake CMAKE_FIND_ROOT_PATH_BOTH)
ELSE()
FIND_PROGRAM(MAKE make CMAKE_FIND_ROOT_PATH_BOTH)
ENDIF()
IF(MINGW AND NOT MAKE)
FIND_PROGRAM(MAKE mingw32-make CMAKE_FIND_ROOT_PATH_BOTH)
ENDIF()
IF(MAKE)
MESSAGE(STATUS "Using 'make' command... ${MAKE}")
ELSE()
MESSAGE(FATAL_ERROR "Cannot find 'make' command")
ENDIF()
IF(NOT DEFINED PROCESSOR_COUNT)
INCLUDE(ProcessorCount)
ProcessorCount(PROCESSOR_COUNT)
ENDIF()
IF(NOT PROCESSOR_COUNT EQUAL 0 AND NOT "${MAKE}" MATCHES "nmake")
SET(MAKE_JOBS -j${PROCESSOR_COUNT})
MESSAGE(STATUS "PROCESSOR_COUNT: ${PROCESSOR_COUNT}")
ENDIF()
IF(CMAKE_BUILD_TYPE)
STRING(TOUPPER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE)
ELSE()
SET(CMAKE_BUILD_TYPE "RELEASE" CACHE STRING "build type configuration" FORCE)
ENDIF()
IF(NOT ${CMAKE_BUILD_TYPE} STREQUAL "DEBUG" AND NOT ${CMAKE_BUILD_TYPE} STREQUAL "RELEASE")
MESSAGE(FATAL_ERROR "CMAKE_BUILD_TYPE is invalid! Available options: RELEASE, DEBUG")
ENDIF()
FIND_HOST_PACKAGE(Perl REQUIRED)
FIND_HOST_PACKAGE(PythonInterp 2.7 REQUIRED)
IF(NOT "${PYTHON_VERSION_MAJOR}" STREQUAL "2")
MESSAGE(FATAL_ERROR "Cannot find 'python v2' command")
ENDIF()
FIND_PROGRAM(PATCH_CMD patch CMAKE_FIND_ROOT_PATH_BOTH)
IF(PATCH_CMD)
SET(PATCH_OPTIONS -i)
MESSAGE(STATUS "Using 'patch' command... ${PATCH_CMD}")
ELSE()
SET(PATCH_CMD ${PYTHON_EXECUTABLE} ${PROJECT_SOURCE_DIR}/patch.py --debug -v)
MESSAGE(STATUS "Cannot find 'patch' command... using patch.py")
ENDIF()
IF(NOT DESTINATION_DIR)
SET(DESTINATION_DIR ${PROJECT_BINARY_DIR}/dist)
ENDIF()
IF(MSYS)
STRING(REPLACE "C:/msys/1.0" "" DESTINATION_DIR ${DESTINATION_DIR})
ENDIF()
SET(PATCHES_DIR ${PROJECT_SOURCE_DIR}/../patches)
IF(NOT PACKAGES_DIR)
SET(PACKAGES_DIR $ENV{PACKAGES_DIR})
IF(NOT PACKAGES_DIR)
MESSAGE(STATUS "Define PACKAGES_DIR for local packages")
SET(PACKAGES_DIR ${PROJECT_BINARY_DIR}/download)
ENDIF()
ENDIF()
STRING(REPLACE "\\" "/" PACKAGES_DIR ${PACKAGES_DIR})
SET_DIRECTORY_PROPERTIES(PROPERTIES EP_PREFIX ${CMAKE_CURRENT_BINARY_DIR}/b)
INCLUDE(Messages)
################################## Versionen
SET(QT 5.7.0)
SET(OPENSSL 1.0.2j)
SET(QT_HASH a6a2632de7e44bbb790bc3b563f143702c610464a7f537d02036749041fd1800)
SET(OPENSSL_HASH e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431)
################################## Files
SET(QT_FILE qt-everywhere-opensource-src-${QT}.tar.xz)
SET(OPENSSL_FILE openssl-${OPENSSL}.tar.gz)
################################## Downloads
IF("${QT}" MATCHES "alpha|beta|rc")
SET(QT_DEST_DIR development_releases)
ELSE()
SET(QT_DEST_DIR official_releases)
ENDIF()
STRING(SUBSTRING ${QT} 0 3 QT_SUBVERSION)
SET(QT_URL http://download.qt.io/${QT_DEST_DIR}/qt/${QT_SUBVERSION}/${QT}/single)
SET(OPENSSL_URL https://www.openssl.org/source)
IF(ANDROID OR APPLE)
FIND_PROGRAM(SH_CMD sh CMAKE_FIND_ROOT_PATH_BOTH)
IF(SH_CMD)
MESSAGE(STATUS "Using 'sh' command... ${SH_CMD}")
ELSE()
MESSAGE(FATAL_ERROR "Cannot find 'sh' command")
ENDIF()
ENDIF()
################################## Android NDK /SDK
#########################################################################
IF(ANDROID)
SET(HOST --host=${ANDROID_TOOLCHAIN_MACHINE_NAME})
FIND_PROGRAM(SED_CMD sed CMAKE_FIND_ROOT_PATH_BOTH)
IF(SED_CMD)
MESSAGE(STATUS "Using 'sed' command... ${SED_CMD}")
ELSE()
MESSAGE(FATAL_ERROR "Cannot find 'sed' command")
ENDIF()
SET(ANDROID_STANDALONE "${PROJECT_BINARY_DIR}/standalone")
IF(ANDROID_NDK AND NOT EXISTS ${ANDROID_STANDALONE})
MESSAGE(STATUS "Creating standalone toolchain...")
EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} ${ANDROID_NDK}/build/tools/make_standalone_toolchain.py
--arch ${ANDROID_ARCH_NAME} --api ${ANDROID_NATIVE_API_LEVEL} --install-dir ${ANDROID_STANDALONE}
RESULT_VARIABLE CREATE_STANDALONE_TOOLCHAIN)
if(${CREATE_STANDALONE_TOOLCHAIN} EQUAL 0)
MESSAGE(STATUS "You need to call 'export PATH=${ANDROID_STANDALONE}/bin:\$PATH'")
ELSE()
MESSAGE(FATAL_ERROR "Cannot create standalone toolchain")
ENDIF()
ENDIF()
ENDIF()
IF(IOS)
SET(HOST --host=arm-apple-darwin7)
SET(HOST64 --host=aarch64-apple-darwin)
SET(IOS_ARCH armv7)
SET(IOS_ARCH64 arm64)
ENDIF()
SET(ENABLED_TARGETS)
################################## OpenSSL
#########################################################################
LIST(APPEND ENABLED_TARGETS openssl)
SET(OPENSSL_CONFIGURE_FLAGS no-ssl2 no-ssl3 no-ssl3-method no-dtls no-srp no-idea no-mdc2 no-rc5 no-hw -DOPENSSL_NO_HEARTBEATS shared)
IF(NOT WIN32)
SET(OPENSSL_CONFIGURE_FLAGS no-engine ${OPENSSL_CONFIGURE_FLAGS})
ENDIF()
IF(IOS)
SET(OPENSSL_PATCH_COMMAND ${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl_iOS.patch && )
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} iphoneos-cross)
SET(OPENSSL_PATCH_AFTER_CONFIGURE ${SH_CMD} ${PATCHES_DIR}/openssl_iOS_perl.sh ${CMAKE_IOS_SDK_ROOT} &&)
ELSEIF(APPLE)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} darwin64-x86_64-cc)
#SET(OPENSSL_PATCH_AFTER_CONFIGURE ${SH_CMD} ${PATCHES_DIR}/openssl_MacOS_perl.sh &&)
ELSEIF(MINGW)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} mingw)
ELSEIF(MSVC)
SET(OPENSSL_PREBUILD ms\\do_ms.bat)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-asm VC-WIN32)
SET(OPENSSL_ADDITIONAL_MAKE -f ms/ntdll.mak)
SET(OPENSSL_INSTALL_TARGET install)
ELSEIF(ANDROID)
IF("${ANDROID_TOOLCHAIN_MACHINE_NAME}" STREQUAL "arm-linux-androideabi")
SET(OPENSSL_ARCH android-armv7)
SET(OPENSSL_COMPILER_FLAGS "-mfloat-abi=softfp")
ELSEIF("${ANDROID_TOOLCHAIN_MACHINE_NAME}" STREQUAL "i686-linux-android")
SET(OPENSSL_ARCH android-x86)
ELSEIF("${ANDROID_TOOLCHAIN_MACHINE_NAME}" STREQUAL "aarch64-linux-android")
SET(OPENSSL_ARCH android)
ELSE()
MESSAGE(FATAL_ERROR "ANDROID_TOOLCHAIN_MACHINE_NAME not supported by openssl")
ENDIF()
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} --cross-compile-prefix=${ANDROID_TOOLCHAIN_MACHINE_NAME}- ${OPENSSL_ARCH})
SET(OPENSSL_PATCH_COMMAND ${PATCH_CMD} -p0 ${PATCH_OPTIONS} ${PATCHES_DIR}/soname/openssl_makefile.shared.patch && ${SH_CMD} ${PATCHES_DIR}/soname/openssl_sed.sh && )
ELSEIF(BSD)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} BSD-x86_64)
ELSEIF(LINUX)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} linux-x86_64)
ELSE()
MESSAGE(FATAL_ERROR "Unsupported system")
ENDIF()
IF(NOT OPENSSL_PREBUILD)
SET(OPENSSL_PREBUILD ${OPENSSL_PATCH_AFTER_CONFIGURE} ${MAKE} depend)
ENDIF()
IF(NOT OPENSSL_INSTALL_TARGET)
SET(OPENSSL_INSTALL_TARGET install_sw)
ENDIF()
# OpenSSL does not support multiple make jobs!
IF(IOS)
ExternalProject_Add(openssl64
URL ${OPENSSL_URL}/${OPENSSL_FILE}
URL_HASH SHA256=${OPENSSL_HASH}
DOWNLOAD_DIR ${PACKAGES_DIR}
PATCH_COMMAND
${OPENSSL_PATCH_COMMAND}
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl_rsa_psk.patch
CONFIGURE_COMMAND ${PERL_EXECUTABLE} Configure --prefix=${PROJECT_BINARY_DIR}/openssl64-prefix/tmp ${OPENSSL_CONFIGURE_FLAGS} "-arch ${IOS_ARCH64}" "${COMPILER_FLAGS}"
BUILD_COMMAND ${OPENSSL_PATCH_AFTER_CONFIGURE} ${MAKE} depend && ${MAKE}
BUILD_IN_SOURCE 1
INSTALL_COMMAND ${MAKE} install_sw
)
ExternalProject_Add(openssl
DEPENDS openssl64
URL ${OPENSSL_URL}/${OPENSSL_FILE}
URL_HASH SHA256=${OPENSSL_HASH}
DOWNLOAD_DIR ${PACKAGES_DIR}
PATCH_COMMAND
${OPENSSL_PATCH_COMMAND}
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl_rsa_psk.patch
CONFIGURE_COMMAND ${PERL_EXECUTABLE} Configure --prefix=${PROJECT_BINARY_DIR}/openssl-prefix/tmp ${OPENSSL_CONFIGURE_FLAGS} "-arch ${IOS_ARCH}" "${COMPILER_FLAGS}"
BUILD_COMMAND ${OPENSSL_PATCH_AFTER_CONFIGURE} ${MAKE} depend && ${MAKE}
BUILD_IN_SOURCE 1
INSTALL_COMMAND ${MAKE} install_sw
)
ADD_CUSTOM_COMMAND(TARGET openssl POST_BUILD COMMAND ${SH_CMD} ${PATCHES_DIR}/create_multi_architecture_build.sh ${PROJECT_BINARY_DIR}/openssl-prefix/tmp ${PROJECT_BINARY_DIR}/openssl64-prefix/tmp ${DESTINATION_DIR})
ELSE()
ExternalProject_Add(openssl
URL ${OPENSSL_URL}/${OPENSSL_FILE}
URL_HASH SHA256=${OPENSSL_HASH}
DOWNLOAD_DIR ${PACKAGES_DIR}
PATCH_COMMAND
${OPENSSL_PATCH_COMMAND}
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl_rsa_psk.patch
CONFIGURE_COMMAND ${PERL_EXECUTABLE} Configure --prefix=${DESTINATION_DIR} ${OPENSSL_CONFIGURE_FLAGS} "${COMPILER_FLAGS}" "${OPENSSL_COMPILER_FLAGS}"
BUILD_COMMAND ${MAKE} ${OPENSSL_ADDITIONAL_MAKE}
BUILD_IN_SOURCE 1
INSTALL_COMMAND ${MAKE} ${OPENSSL_ADDITIONAL_MAKE} ${OPENSSL_INSTALL_TARGET}
)
ExternalProject_Add_Step(openssl prebuild
COMMAND ${OPENSSL_PREBUILD}
DEPENDEES configure
DEPENDERS build
WORKING_DIRECTORY <BINARY_DIR>)
ENDIF()
IF(UNIX)
ADD_CUSTOM_COMMAND(TARGET openssl POST_BUILD COMMAND chmod 755 ${DESTINATION_DIR}/lib/libssl*${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libcrypto*${CMAKE_SHARED_LIBRARY_SUFFIX})
ENDIF()
IF(ANDROID)
IF(ANDROID_COMPILER_IS_CLANG)
SET(COMPILER clang)
ELSE()
SET(COMPILER gcc)
ENDIF()
ADD_CUSTOM_COMMAND(TARGET openssl POST_BUILD
COMMAND ${ANDROID_TOOLCHAIN_MACHINE_NAME}-${COMPILER} -o ${DESTINATION_DIR}/lib/libgovcrypto${CMAKE_SHARED_LIBRARY_SUFFIX} -shared -Wl,-soname=libgovcrypto${CMAKE_SHARED_LIBRARY_SUFFIX} -Wl,--whole-archive ${DESTINATION_DIR}/lib/libcrypto${CMAKE_STATIC_LIBRARY_SUFFIX} -Wl,--no-whole-archive
COMMAND ${ANDROID_TOOLCHAIN_MACHINE_NAME}-${COMPILER} -o ${DESTINATION_DIR}/lib/libgovssl${CMAKE_SHARED_LIBRARY_SUFFIX} -shared -Wl,-soname=libgovssl${CMAKE_SHARED_LIBRARY_SUFFIX} -Wl,--whole-archive ${DESTINATION_DIR}/lib/libssl${CMAKE_STATIC_LIBRARY_SUFFIX} -Wl,--no-whole-archive ${DESTINATION_DIR}/lib/libgovcrypto${CMAKE_SHARED_LIBRARY_SUFFIX})
ELSEIF(MAC)
SET(OPENSSL_FILE_VERSION 1.0.0)
ADD_CUSTOM_COMMAND(TARGET openssl POST_BUILD
COMMAND install_name_tool -id libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}
COMMAND install_name_tool -id libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}
COMMAND install_name_tool -change ${DESTINATION_DIR}/lib/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX})
ENDIF()
################################## QT
#########################################################################
LIST(APPEND ENABLED_TARGETS qt)
IF(${CMAKE_BUILD_TYPE} STREQUAL "DEBUG")
SET(QT_CONFIGURE_FLAGS -debug -qml-debug)
SET(QT_PATCH_COMMAND ${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Enable-debug-output-for-OpenSSL.patch &&)
ELSE()
SET(QT_CONFIGURE_FLAGS -release -no-qml-debug)
ENDIF()
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} -opensource -confirm-license -shared -qt-zlib -no-mtdev -qt-libpng -qt-libjpeg -qt-freetype -no-harfbuzz -qt-pcre -system-proxies -no-compile-examples -nomake examples -nomake tests -no-sql-sqlite -openssl-linked -I ${DESTINATION_DIR}/include -L ${DESTINATION_DIR}/lib)
SET(QT_CONFIGURE_FLAGS_OTHER --prefix=${DESTINATION_DIR} -no-journald -no-dbus -no-directfb -no-linuxfb)
SET(QT_CONFIGURE_FLAGS_SKIP_MODULES -skip qtwebchannel -skip qtwebengine -skip qtscript -skip qtactiveqt -skip qtlocation -skip qtserialbus -skip qtserialport -skip qtgamepad -skip qtvirtualkeyboard -skip qtcanvas3d -skip qtcharts -skip qtdatavis3d -skip qt3d -skip qtpurchasing)
SET(QT_CONFIGURE ./configure)
IF(IOS)
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_OTHER} -framework -sdk iphoneos -xplatform macx-ios-clang)
ELSEIF(APPLE)
FIND_PROGRAM(XCODE_SELECT xcode-select)
IF(NOT XCODE_SELECT)
MESSAGE(FATAL_ERROR "Cannot find xcode-select")
ENDIF()
EXECUTE_PROCESS(COMMAND ${XCODE_SELECT} -p OUTPUT_VARIABLE osx_dev_dir OUTPUT_STRIP_TRAILING_WHITESPACE)
FILE(GLOB osx_sdk "${osx_dev_dir}/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.*")
GET_FILENAME_COMPONENT(osx_sdk ${osx_sdk} NAME)
STRING(REPLACE ".sdk" "" osx_sdk "${osx_sdk}")
STRING(TOLOWER "${osx_sdk}" osx_sdk)
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_OTHER} -framework -sdk ${osx_sdk})
ELSEIF(WIN32)
IF(MSVC)
SET(QT_PLATFORM win32-msvc2015)
SET(QT_OPENSSL OPENSSL_LIBS=-llibeay32\ -lssleay32)
ELSE()
SET(QT_PLATFORM win32-g++)
SET(QT_OPENSSL OPENSSL_LIBS=-lcrypto\ -lssl)
ENDIF()
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} ${QT_OPENSSL} -prefix ${DESTINATION_DIR} -opengl desktop -no-icu -no-sql-odbc -platform ${QT_PLATFORM})
SET(QT_CONFIGURE configure.bat)
ELSEIF(ANDROID)
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_OTHER}
-android-sdk ${ANDROID_SDK} -android-ndk ${ANDROID_NDK} -android-ndk-platform android-${ANDROID_NATIVE_API_LEVEL} -android-ndk-host ${ANDROID_NDK_HOST_SYSTEM_NAME}
-android-arch ${ANDROID_ABI} -android-toolchain-version ${ANDROID_COMPILER_VERSION}
-xplatform android-g++)
SET(QT_ENV export OPENSSL_LIBS=-lgovcrypto\ -lgovssl &&)
ELSE()
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_OTHER} -no-libproxy)
ENDIF()
ExternalProject_Add(qt
DEPENDS openssl
URL ${QT_URL}/${QT_FILE}
URL_HASH SHA256=${QT_HASH}
DOWNLOAD_DIR ${PACKAGES_DIR}
PATCH_COMMAND ${QT_PATCH_COMMAND}
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-disable-qtplugininfo.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Re-apply-the-cast-part-of-commit-392c7b99348e2a96ef1.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Enable-use-of-the-same-NetworkAccessAuthenticationManager.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Make-sure-SSL-configuration-is-correct-in-QNetworkRe.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Make-QCryptographicHash-a-Q_GADGET.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Make-server-side-signature-algorithms-configurable.patch &&
${CMAKE_COMMAND} -E touch qtbase/.gitignore
CONFIGURE_COMMAND ${QT_ENV} ${QT_CONFIGURE} ${QT_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_SKIP_MODULES}
BUILD_COMMAND ${MAKE} ${MAKE_JOBS}
BUILD_IN_SOURCE 1
)
ADD_CUSTOM_COMMAND(TARGET qt POST_BUILD COMMAND cmake -E touch ${DESTINATION_DIR}/mkspecs/qt_vendor_governikus)
#########################################################################
FOREACH(var ${ENABLED_TARGETS})
EXTERNALPROJECT_GET_PROPERTY(${var} INSTALL_DIR)
LIST(APPEND CLEAN_TARGETS ${INSTALL_DIR})
ENDFOREACH()
SET_DIRECTORY_PROPERTIES(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES "${DESTINATION_DIR};${CLEAN_TARGETS}")
OPTION(COMPRESS_DEPENDS "Disable DEPENDS for compress target" ON)
IF(COMPRESS_DEPENDS)
SET(COMPRESS_TARGETS ${ENABLED_TARGETS})
ENDIF()
STRING(TIMESTAMP stamp "%Y-%m-%d")
FIND_DVCS(${PROJECT_SOURCE_DIR}/..)
IF(DVCS_FOUND)
GET_DVCS_INFO()
IF(DEFINED dvcs_phase)
SET(stamp ${stamp}_${dvcs_phase})
ENDIF()
IF(DEFINED dvcs_revision)
SET(stamp ${stamp}_${dvcs_revision})
ENDIF()
ENDIF()
IF(IOS)
SET(SYSTEM_NAME iOS)
# Remove this work-around! Do not build any .dylib or be able to use .dylib
# Globbing is not supported by cmake command mode! This will work if executed with unix shell only.
SET(CLEANUP_FILES ${CMAKE_COMMAND} -E remove ${DESTINATION_DIR}/lib/*.dylib)
ELSEIF(ANDROID)
SET(SYSTEM_NAME ${CMAKE_SYSTEM_NAME}_${CMAKE_CXX_COMPILER_ID}_${ANDROID_ABI})
ELSE()
SET(SYSTEM_NAME ${CMAKE_SYSTEM_NAME}_${CMAKE_CXX_COMPILER_ID})
ENDIF()
IF(WIN32)
IF(SIGNTOOL_CMD)
CONFIGURE_FILE(${CMAKE_MODULE_PATH}/SignFiles.cmake.in ${CMAKE_BINARY_DIR}/SignFiles.cmake @ONLY)
SET(SIGN_COMMAND "${CMAKE_COMMAND}" -P "${CMAKE_BINARY_DIR}/SignFiles.cmake")
ENDIF()
ENDIF()
IF(CMAKE_VERSION VERSION_LESS 3.2)
SET(COMPRESSION cfj)
SET(COMPRESSION_FILENDING tar.bz2)
ELSE()
SET(COMPRESSION cfJ)
SET(COMPRESSION_FILENDING tar.xz)
ENDIF()
ADD_CUSTOM_TARGET(compress.pre ${compressed_filename}
COMMAND ${CLEANUP_FILES}
COMMAND ${CMAKE_COMMAND} -E remove_directory "${DESTINATION_DIR}/doc"
COMMAND ${CMAKE_COMMAND} -E remove_directory "${DESTINATION_DIR}/lib/engines"
COMMAND ${CMAKE_COMMAND} -E remove_directory "${DESTINATION_DIR}/share"
COMMAND ${SIGN_COMMAND}
DEPENDS ${COMPRESS_TARGETS}
WORKING_DIRECTORY "${DESTINATION_DIR}")
SET(compressed_filename Toolchain_${SYSTEM_NAME}_${stamp}.${COMPRESSION_FILENDING})
ADD_CUSTOM_COMMAND(OUTPUT ${compressed_filename}
COMMAND ${CMAKE_COMMAND} -E tar "${COMPRESSION}" "${compressed_filename}" "${DESTINATION_DIR}"
DEPENDS compress.pre)
ADD_CUSTOM_TARGET(compress DEPENDS ${compressed_filename})

253
libs/README.rst 100644
View File

@ -0,0 +1,253 @@
Libraries
=========
Um die AusweisApp2 zu bauen ist eine Toolchain erforderlich, die die
Abhängigkeiten und die Compilertools beinhaltet.
Unterstützte Compiler:
- MinGW 32 / 64 >= 4.9
- GCC >= 4.7
- Clang >= 3.4
- MSVC >= 2015
Notwendige Bibliotheken:
- Qt >= 5.7
- http://www.qt.io/download/
- OpenSSL >= 1.0.2
- https://www.openssl.org/source/
- Aus dem Ordner "patches" müssen die folgenden Patches angewandt werden.
(Sofern der automatische Build mittels CMake gestartet wird, werden
die Patches automatisch angewandt.)
- openssl_rsa_psk.patch
- pcsclite >= 1.8 (nur Linux)
Notwendige Tools:
- CMake >= 3.1.0
- http://www.cmake.org
Build
-----
Die Abhängigkeiten lassen sich mittels der CMakeLists.txt in diesem Ordner
automatisch aufbauen.
Das Skript kann die abhängigen Bibliotheken als Quellcode selbständig herunterladen,
entpacken und bauen. Dabei ist allerdings zu beachten, dass CMake erst ab v3.1.0
die notwendigen Kompressionen beherrscht [1].
Lokale Pakete können mittels -DPACKAGES_DIR=C:/packages verwendet werden.
Wichtig: Bei PACKAGES_DIR muss ein absoluter Pfad angegeben werden!
Der Build umfasst unter anderem das Qt-Framework, daher kann (je nach Rechenleistung)
der Build einige Stunden dauern.
Wichtig bei der Angabe in CMake ist der Verweis auf den Ordner "libs". Ein Verweis
direkt auf "AusweisApp2" würde den Build für die "AusweisApp2" konfigurieren.
Nach dem Aufruf "make" bzw. "mingw32-make" werden nun alle Bibliotheken gebaut und in
dem Ordner ./dist installiert. Dieser Ordner kann beim Build von der AusweisApp2 mittels
-DCMAKE_PREFIX_PATH als Toolchain angegeben werden.
Zusätzlich kann mit dem make Target "compress" der Inhalt der dist-Ordner bereinigt und
ein Tarball aus den gebauten Bibliotheken erzeugt werden.
[1] http://www.cmake.org/Bug/view.php?id=13515
Proxy
^^^^^
Sofern beim Download der Pakete ein Proxy notwendig ist, müssen vorm Aufruf von "make"
folgende Umgebungsvariablen gesetzt werden. (Ein erneutes Ausführen von CMake ist nicht
notwendig.)
::
http_proxy=host:port
https_proxy=host:port
ftp_proxy=host:port
macOS
^^^^^
Unter MacOS ist die Einrichtung relativ einfach und bedarf nur der oben gennanten Voreinstellungen.
Es wird der von Apple ausgelieferte clang compiler verwendet.
Beispiel: Innerhalb von /Users/governikus/AusweisApp2 befindet sich der Quellcode.
::
$ cd /Users/governikus
$ mkdir build
$ cd build
$ cmake -DPACKAGES_DIR=/Users/governikus/packages ../AusweisApp2/libs
$ make
Windows MinGW
^^^^^^^^^^^^^
Unter Windows ist es derzeit empfohlen einen Teil der Toolchain mittels MSYS zu bauen.
Perl muss dafür ebenfalls installiert sein.
MinGW
"""""
- http://sourceforge.net/projects/mingw-w64/
- Dabei wurde das folgende Paket getestet:
https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/5.3.0/threads-posix/dwarf/i686-5.3.0-release-posix-dwarf-rt_v4-rev0.7z/download
MSYS
""""
- http://www.mingw.org/wiki/msys
- Getestet: 1.0.11
Perl
""""
- http://www.activestate.com/activeperl/downloads
- Getestet: 5.24.0
Vorbereitung
""""""""""""
#. Download und Entpacken des MinGW Paketes.
#. Eintragen des Ordners "bin" von der MinGW-Installation in %PATH%.
#. Installation von MSYS, welche sich auf die MinGW-Installation bezieht.
#. Der Ordner von Perl muss sich in %PATH% befinden.
#. In der Datei "fstab" unter C:\msys\1.0\etc folgende Einträge mit den jeweiligen Pfaden:
::
C:/mingw32/i686-5.3.0-release-posix-dwarf-rt_v4-rev0 /mingw
C:/Perl /perl
Durch einige Probleme mit Unix-Shell-Skripten ist es derzeit leider
notwendig die Toolchain in zwei Schritten aufzubauen.
Hierzu muss OpenSSL und Qt separat gebaut werden.
openssl / Qt
""""""""""""
Da Qt mittels Batchskript gebaut werden muss, ist es leider nicht möglich dies innerhalb
von MSYS zu bauen [2]. Daher wird OpenSSL und Qt mittels Windows-CLI konfiguriert.
Dabei wird Qt über Windows-CLI und OpenSSL unter MSYS gebaut.
#. cmd.exe von Windows starten
#. mkdir c:\msys\1.0\home\user\qt ("user" ist der Benutzer, der unter MSYS verwendet wird)
#. cd c:\msys\1.0\home\user\qt
#. cmake -DPACKAGES_DIR=C:/packages C:/AusweisApp2/libs -G "MinGW Makefiles"
#. MSYS Shell starten
#. cd qt
#. mingw32-make openssl
#. MSYS Shell verlassen
#. In der cmd.exe: c:\msys\1.0\home\user\qt
#. mingw32-make qt
[2] http://sourceforge.net/p/mingw/bugs/1902/
iOS
"""
Die Toolchain für iOS kann nur auf MacOS gebaut werden. Dabei müssen XCode und
die Command Line Tools (siehe "xcode-select -p" bzw. "xcode-select --install")
auf dem Mac vorhanden sein. Die folgende Anleitung wurde unter MacOS 10.9 und 10.11 getestet.
Ebenfalls muss für den Build-Vorgang von Qt ein iOS Developer-Zertifikat mit Wildcard (*)
im Keystore von MacOS hinterlegt sein.
Beispiel: Innerhalb von /Users/governikus/AusweisApp2 befindet sich der Quellcode.
::
$ cd /Users/governikus
$ mkdir build
$ cd build
$ cmake -DPACKAGES_DIR=/Users/governikus/packages -DCMAKE_TOOLCHAIN_FILE=../AusweisApp2/cmake/iOS.toolchain.cmake ../AusweisApp2/libs
$ make
Android
"""""""
Die Toolchain für Android wird derzeit nur unter Linux unterstützt. Dabei müssen folgende
Komponenten vorhanden sein:
- Android NDK mit gesetztem ANDROID_NDK
- https://developer.android.com/tools/sdk/ndk/index.html
- Getestet: r12b (x86_64)
- Android SDK mit gesetztem ANDROID_HOME
- https://developer.android.com/sdk/index.html#Other
- Getestet: 25.1.7
- Unter bestimmten Umständen kann es vorkommen, dass die Build-Tools-Version nicht erkannt
wird. Dies kann mittels der Umgebungsvariable ANDROID_BUILD_TOOLS_REVISION behoben werden.
Die genaue Version ist im Android Manager vom Android SDK (./tools/android) hinterlegt.
- Um Qt erfolgreich zu bauen, sind verschiedene API Level von Android notwendig.
Diese sollten mindestens Level 10, 11, 16 und 18 sein. Nähere Informationen dazu
sind im Wiki von Qt enthalten: http://wiki.qt.io/Android
Die Plattformen können mittels Android Manager nachinstalliert werden.
- JDK mit gesetztem JAVA_HOME
- Apache Ant mit gesetztem ANT_HOME
Beispiel: Innerhalb von /home/governikus/AusweisApp2 befindet sich der Quellcode.
::
$ cd /home/governikus
$ mkdir build
$ cd build
$ cmake -DPACKAGES_DIR=/home/governikus/packages -DCMAKE_TOOLCHAIN_FILE=../AusweisApp2/cmake/android.toolchain.cmake ../AusweisApp2/libs
$ export PATH=/home/governikus/build/standalone/bin:$PATH
$ make
Standardmäßig wird die Architektur "armeabi-v7a" gewählt. Um zum Beispiel die Toolchain für x86-Architektur
zu bauen , ist beim Aufruf von CMake der Parameter "-DANDROID_ABI=x86" mitzugeben.
Der "export" der PATH-Variable wird auch beim Konfigurieren angezeigt. Siehe dazu "You need to call ..."!
Sofern die PATH-Variable nicht um den standalone-Ordner erweitert wird, wird es beim Build zu dem Fehler kommen,
dass der Cross-Compiler für die jeweilige Architektur nicht gefunden werden konnte.

1222
libs/patch.py 100644
View File

File diff suppressed because it is too large Load Diff

70
patches/create_multi_architecture_build.sh 100755
View File

@ -0,0 +1,70 @@
#!/bin/bash
DIR=$1
DIR64=$2
PREFIX_PATH=$3
#
# Copy content of all folders except the library files
#
echo "Copy content to ${PREFIX_PATH}:"
for dir in ${DIR}/* ; do
if [ -d $dir ]
then
dirname=$(basename "$dir")
if [ "$dirname" != "lib" ]
then
echo "* Copy content of ${dir}"
mkdir -p ${PREFIX_PATH}/${dirname}
cp -R ${dir}/* ${PREFIX_PATH}/${dirname}
fi
fi
done
#
# Make multi-architecture libraries
#
echo "Create multi-architecture libraries in ${PREFIX_PATH}/lib:"
mkdir -p ${PREFIX_PATH}/lib
cd ${PREFIX_PATH}/lib
for file in ${DIR}/lib/* ; do
filename=$(basename "$file")
if [[ ( $filename == *.dylib ) || ( $filename == *.a ) ]]
then
if [ -h $file ]
then
# create symbolic links for multi-architecture library
resolvedfilename=$(readlink "$file")
echo "* Create sym link ${filename}"
ln -s ${resolvedfilename} ${filename}
else
# create multi-architecture library
file64=${DIR64}/lib/${filename}
if [ -f $file64 ]
then
echo "* Create lib ${filename}"
lipo $file $file64 -create -output ${filename}
else
echo "* 64bit library not found ${file64}"
fi
fi
elif [[ ( $filename == pkgconfig ) ]]
then
mkdir -p ${PREFIX_PATH}/lib/pkgconfig
for configfile in ${DIR}/lib/pkgconfig/* ; do
configfilename=$(basename "$configfile")
sed "s:${DIR}:${PREFIX_PATH}:g" "$configfile" > pkgconfig/${configfilename}
echo "* Copy adapted package config file ${configfilename}"
done
elif [ -f $file ]
then
echo "* Skip file ${filename}"
else
echo "* Skip directory ${filename}"
fi
done

4
patches/openssl_MacOS_perl.sh 100755
View File

@ -0,0 +1,4 @@
#!/bin/sh
echo "Patching..."
perl -i -pe "s|^MAKEDEPPROG=makedepend|MAKEDEPPROG= \\\$(CC) -M|g" Makefile

12
patches/openssl_iOS.patch 100644
View File

@ -0,0 +1,12 @@
diff -ruN openssl-1.0.1j.orig/crypto/ui/ui_openssl.c openssl-1.0.1j/crypto/ui/ui_openssl.c
--- openssl-1.0.1j.orig/crypto/ui/ui_openssl.c 2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ui/ui_openssl.c 2014-11-05 13:10:13.574510723 +0100
@@ -410,7 +410,7 @@
return 1;
}
-static volatile sig_atomic_t intr_signal;
+static volatile int intr_signal;
#endif
static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)

9
patches/openssl_iOS_perl.sh 100755
View File

@ -0,0 +1,9 @@
#!/bin/sh
echo "Patching..."
SDK=$1
echo "SDK: ${SDK}"
perl -i -pe "s|^CC= (.*)|CC= \$1 -miphoneos-version-min=7.1|g" Makefile
perl -i -pe "s|^MAKEDEPPROG=makedepend|MAKEDEPPROG= \\\$(CC) -M|g" Makefile
perl -i -pe "s|isysroot\s\S+\s|isysroot ${SDK} |g" Makefile

934
patches/openssl_rsa_psk.patch 100644
View File

@ -0,0 +1,934 @@
From 47367d2aed4a3acade0a29b45c01b0c2b3cc2854 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Thu, 23 Apr 2015 20:59:30 +0200
Subject: [PATCH] Introduce TLS-RSA-PSK support
Build on the existing PSK support and introduce RSA-PSK
(cf. RFC 4279, 5487).
Based on the original patch by Christian J. Dietrich.
This work has been sponsored by Governikus GmbH & Co. KG.
PR: 2464
---
doc/apps/ciphers.pod | 12 +++
ssl/s3_clnt.c | 122 ++++++++++++++++++++++-----
ssl/s3_lib.c | 206 +++++++++++++++++++++++++++++++++++++++++++++-
ssl/s3_srvr.c | 227 ++++++++++++++++++++++++++++++++++++++++++++++++---
ssl/ssl.h | 2 +
ssl/ssl_ciph.c | 9 +-
ssl/ssl_lib.c | 6 ++
ssl/ssl_locl.h | 2 +
ssl/tls1.h | 36 ++++++++
9 files changed, 587 insertions(+), 35 deletions(-)
diff --git x/doc/apps/ciphers.pod y/doc/apps/ciphers.pod
index 9224557..234350f 100644
--- x/doc/apps/ciphers.pod
+++ y/doc/apps/ciphers.pod
@@ -583,10 +583,22 @@ Note: these ciphers can also be used in SSL v3.
=head2 Pre shared keying (PSK) cipheruites
+ TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
+ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384
TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA
TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA
TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
+ TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256
+ TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384
+ TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
+ TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
=head2 Deprecated SSL v2.0 cipher suites.
diff --git x/ssl/s3_clnt.c y/ssl/s3_clnt.c
index 2185347..1bd6138 100644
--- x/ssl/s3_clnt.c
+++ y/ssl/s3_clnt.c
@@ -337,7 +337,7 @@ int ssl3_connect(SSL *s)
}
#endif
/* Check if it is anon DH/ECDH, SRP auth */
- /* or PSK */
+ /* or plain PSK */
if (!
(s->s3->tmp.
new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
@@ -1419,9 +1419,9 @@ int ssl3_get_key_exchange(SSL *s)
}
#ifndef OPENSSL_NO_PSK
/*
- * In plain PSK ciphersuite, ServerKeyExchange can be omitted if no
- * identity hint is sent. Set session->sess_cert anyway to avoid
- * problems later.
+ * In PSK ciphersuites, ServerKeyExchange can be omitted if no
+ * identity hint is sent. Set session->sess_cert for plain PSK
+ * anyway to avoid problems later.
*/
if (alg_k & SSL_kPSK) {
s->session->sess_cert = ssl_sess_cert_new();
@@ -1466,7 +1466,12 @@ int ssl3_get_key_exchange(SSL *s)
al = SSL_AD_DECODE_ERROR;
#ifndef OPENSSL_NO_PSK
- if (alg_k & SSL_kPSK) {
+ /* handle PSK identity hint */
+ if (alg_k & (SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ | SSL_kRSAPSK
+#endif
+ )) {
param_len = 2;
if (param_len > n) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
@@ -1610,7 +1615,11 @@ int ssl3_get_key_exchange(SSL *s)
} else
#endif /* !OPENSSL_NO_SRP */
#ifndef OPENSSL_NO_RSA
- if (alg_k & SSL_kRSA) {
+ if (alg_k & (SSL_kRSA
+#ifndef OPENSSL_NO_PSK
+ | SSL_kRSAPSK
+#endif
+ )) {
/* Temporary RSA keys only allowed in export ciphersuites */
if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -2012,8 +2021,16 @@ int ssl3_get_key_exchange(SSL *s)
}
}
} else {
- /* aNULL, aSRP or kPSK do not need public keys */
- if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_kPSK)) {
+ /* aNULL, aSRP, kPSK or kRSAPSK do not need public keys */
+ if (!(alg_a & (SSL_aNULL | SSL_aSRP))
+#ifndef OPENSSL_NO_PSK
+ && !(alg_k & (SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ | SSL_kRSAPSK
+#endif
+ ))
+#endif
+ ) {
/* Might be wrong key type, check it */
if (ssl3_check_cert_and_algorithm(s))
/* Otherwise this shouldn't happen */
@@ -3102,7 +3119,11 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_PSK
- else if (alg_k & SSL_kPSK) {
+ else if (alg_k & SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ || alg_k & SSL_kRSAPSK
+#endif
+ ) {
/*
* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
* \0-terminated identity. The last byte is for us for simulating
@@ -3110,8 +3131,8 @@ int ssl3_send_client_key_exchange(SSL *s)
*/
char identity[PSK_MAX_IDENTITY_LEN + 2];
size_t identity_len;
- unsigned char *t = NULL;
unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
+ unsigned char *t = psk_or_pre_ms;
unsigned int pre_ms_len = 0, psk_len = 0;
int psk_err = 1;
@@ -3143,14 +3164,34 @@ int ssl3_send_client_key_exchange(SSL *s)
ERR_R_INTERNAL_ERROR);
goto psk_err;
}
- /* create PSK pre_master_secret */
- pre_ms_len = 2 + psk_len + 2 + psk_len;
- t = psk_or_pre_ms;
- memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
- s2n(psk_len, t);
- memset(t, 0, psk_len);
- t += psk_len;
- s2n(psk_len, t);
+
+ if (alg_k & SSL_kPSK) {
+ /* create PSK pre_master_secret */
+ pre_ms_len = 2 + psk_len + 2 + psk_len;
+ memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
+ s2n(psk_len, t);
+ memset(t, 0, psk_len);
+ t += psk_len;
+ s2n(psk_len, t);
+ }
+#ifndef OPENSSL_NO_RSA
+ else if (alg_k & SSL_kRSAPSK) {
+ const unsigned int pre_ms_prefix = 48;
+
+ pre_ms_len = 2 + 2 + 46 + 2 + psk_len;
+ memmove(psk_or_pre_ms + 52, psk_or_pre_ms, psk_len);
+ s2n(pre_ms_prefix, t);
+
+ psk_or_pre_ms[2] = s->client_version >> 8;
+ psk_or_pre_ms[3] = s->client_version & 0xff;
+ t += 2;
+
+ if (RAND_bytes(psk_or_pre_ms + 4, 46) <= 0)
+ goto psk_err;
+ t += 46;
+ s2n(psk_len, t);
+ }
+#endif
if (s->session->psk_identity_hint != NULL)
OPENSSL_free(s->session->psk_identity_hint);
@@ -3180,8 +3221,41 @@ int ssl3_send_client_key_exchange(SSL *s)
pre_ms_len);
s2n(identity_len, p);
memcpy(p, identity, identity_len);
+ p += identity_len;
n = 2 + identity_len;
+
+#ifndef OPENSSL_NO_RSA
+ if (alg_k & SSL_kRSAPSK) {
+ RSA *rsa;
+ int enc_n;
+
+ if (s->session->sess_cert->peer_rsa_tmp != NULL) {
+ rsa = s->session->sess_cert->peer_rsa_tmp;
+ } else {
+ pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+ if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto psk_err;
+ }
+ rsa = pkey->pkey.rsa;
+ EVP_PKEY_free(pkey);
+ }
+
+ enc_n = RSA_public_encrypt(48, psk_or_pre_ms + 2, p + 2, rsa, RSA_PKCS1_PADDING);
+ if (enc_n <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT);
+ goto psk_err;
+ }
+
+ n += enc_n;
+
+ s2n(enc_n, p);
+ n += 2;
+ }
+#endif
+
psk_err = 0;
+
psk_err:
OPENSSL_cleanse(identity, sizeof(identity));
OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
@@ -3552,7 +3626,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
#endif
#ifndef OPENSSL_NO_RSA
- if (alg_k & SSL_kRSA) {
+ if (alg_k & (SSL_kRSA
+#ifndef OPENSSL_NO_PSK
+ | SSL_kRSAPSK
+#endif
+ )) {
if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
@@ -3619,7 +3697,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
#ifndef OPENSSL_NO_RSA
- if (alg_k & SSL_kRSA) {
+ if (alg_k & (SSL_kRSA
+#ifndef OPENSSL_NO_PSK
+ | SSL_kRSAPSK
+#endif
+ )) {
if (rsa == NULL) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
diff --git x/ssl/s3_lib.c y/ssl/s3_lib.c
index 0385e03..ce69ec4 100644
--- x/ssl/s3_lib.c
+++ y/ssl/s3_lib.c
@@ -1765,6 +1765,74 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
+
+
+#ifndef OPENSSL_NO_RSA
+ /* RSA-PSK ciphersuites from RFC4279 */
+ /* Cipher 92 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher 93 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_3DES,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 112,
+ 168,
+ },
+
+ /* Cipher 94 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher 95 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 256,
+ 256,
+ },
+#endif /* OPENSSL_NO_RSA */
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SEED
@@ -2077,6 +2145,142 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
0},
#endif
+#ifndef OPENSSL_NO_PSK
+ /* PSK ciphersuites from RFC5487 */
+
+ /* Cipher A8 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher A9 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ #ifndef OPENSSL_NO_RSA
+ /* Cipher AC */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher AD */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+#endif /* OPENSSL_NO_RSA */
+
+ /* Cipher AE */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher AF */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ #ifndef OPENSSL_NO_RSA
+ /* Cipher B6 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher B7 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+#endif /* OPENSSL_NO_RSA */
+#endif /* OPENSSL_NO_PSK */
+
#ifndef OPENSSL_NO_ECDH
/* Cipher C001 */
{
@@ -4169,7 +4373,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
- if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
+ if ((alg_k & (SSL_kPSK | SSL_kRSAPSK)) && s->psk_server_callback == NULL)
continue;
#endif /* OPENSSL_NO_PSK */
diff --git x/ssl/s3_srvr.c y/ssl/s3_srvr.c
index 01ccd5d..154d22e 100644
--- x/ssl/s3_srvr.c
+++ y/ssl/s3_srvr.c
@@ -458,19 +458,23 @@ int ssl3_accept(SSL *s)
/*
* only send if a DH key exchange, fortezza or RSA but we have a
- * sign only certificate PSK: may send PSK identity hints For
- * ECC ciphersuites, we send a serverKeyExchange message only if
+ * sign only certificate
+ *
+ * PSK|RSAPSK: may send PSK identity hints.
+ * Send ServerKeyExchange if PSK identity hint is provided.
+ *
+ * For ECC ciphersuites, we send a serverKeyExchange message only if
* the cipher suite is either ECDH-anon or ECDHE. In other cases,
* the server certificate contains the server's public key for
* key exchange.
*/
if (0
- /*
- * PSK: send ServerKeyExchange if PSK identity hint if
- * provided
- */
#ifndef OPENSSL_NO_PSK
- || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
+ || ((alg_k & (SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ | SSL_kRSAPSK
+#endif
+ )) && s->ctx->psk_identity_hint)
#endif
#ifndef OPENSSL_NO_SRP
/* SRP: send ServerKeyExchange */
@@ -526,11 +530,14 @@ int ssl3_accept(SSL *s)
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||
/* don't request certificate for SRP auth */
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
+#ifndef OPENSSL_NO_PSK
/*
- * With normal PSK Certificates and Certificate Requests
+ * With normal PSK, Certificates and Certificate Requests
* are omitted
*/
- || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
+#endif
+ ) {
/* no cert request */
skip = 1;
s->s3->tmp.cert_request = 0;
@@ -1827,7 +1834,11 @@ int ssl3_send_server_key_exchange(SSL *s)
} else
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
- if (type & SSL_kPSK) {
+ if (type & (SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ | SSL_kRSAPSK
+#endif
+ )) {
/*
* reserve size for record length and PSK identity hint
*/
@@ -1866,7 +1877,14 @@ int ssl3_send_server_key_exchange(SSL *s)
}
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
- && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+#ifndef OPENSSL_NO_PSK
+ && !(s->s3->tmp.new_cipher->algorithm_mkey & (SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ | SSL_kRSAPSK
+#endif
+ ))
+#endif
+ ) {
if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md))
== NULL) {
al = SSL_AD_DECODE_ERROR;
@@ -1926,7 +1944,11 @@ int ssl3_send_server_key_exchange(SSL *s)
#endif
#ifndef OPENSSL_NO_PSK
- if (type & SSL_kPSK) {
+ if (type & (SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ | SSL_kRSAPSK
+#endif
+ )) {
/* copy PSK identity hint */
s2n(strlen(s->ctx->psk_identity_hint), p);
strncpy((char *)p, s->ctx->psk_identity_hint,
@@ -1942,7 +1964,11 @@ int ssl3_send_server_key_exchange(SSL *s)
* points to the space at the end.
*/
#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
+ if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)
+#ifndef OPENSSL_NO_PSK
+ && !(type & SSL_kRSAPSK)
+#endif
+ ) {
q = md_buf;
j = 0;
for (num = 2; num > 0; num--) {
@@ -2816,6 +2842,181 @@ int ssl3_get_client_key_exchange(SSL *s)
goto f_err;
} else
#endif
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_PSK
+ if (alg_k & SSL_kRSAPSK) {
+ unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+ int decrypt_len;
+ unsigned char decrypt_good, version_good;
+ unsigned char *orig_p = p;
+
+ unsigned int psk_len;
+
+ const unsigned int pre_master_secret_prefix = 48;
+ unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
+ unsigned int pre_ms_len;
+ unsigned char *t = psk_or_pre_ms;
+
+ char identity[PSK_MAX_IDENTITY_LEN + 1];
+ int identity_len;
+
+ int epms_len;
+ int psk_err = 1;
+
+ /* No server callback? Bail out */
+ if (s->psk_server_callback == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_PSK_NO_SERVER_CB);
+ goto f_err;
+ }
+
+ /* FIX THIS UP EAY EAY EAY EAY */
+ if (s->s3->tmp.use_rsa_tmp) {
+ if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
+ rsa=s->cert->rsa_tmp;
+ /*
+ * Don't do a callback because rsa_tmp should be sent already
+ */
+ if (rsa == NULL) {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_RSA_PKEY);
+ goto f_err;
+ }
+ } else {
+ pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
+ if ((pkey == NULL) ||
+ (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_RSA_CERTIFICATE);
+ goto f_err;
+ }
+ rsa = pkey->pkey.rsa;
+ }
+
+ /* Extract the PSK identity */
+ if (n < (2 + 2)) { /* 2 bytes for the identity len, 2 bytes for the epms len */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ n2s(p, identity_len);
+
+ if (identity_len > PSK_MAX_IDENTITY_LEN) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+
+ if (n < (2 + identity_len + 2)) { /* as above, plus the identity len */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ memset(identity, 0, sizeof(identity));
+ memcpy(identity, p, identity_len);
+ p += identity_len;
+
+ /* fill the pre master secret with random bytes */
+ if (RAND_pseudo_bytes(psk_or_pre_ms, sizeof(psk_or_pre_ms)) <= 0)
+ goto err;
+
+ /* read the psk (into the beginning of the psk_or_pre_ms buffer */
+ psk_len = s->psk_server_callback(s, identity, psk_or_pre_ms, sizeof(psk_or_pre_ms));
+
+ if (psk_len > PSK_MAX_PSK_LEN) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto rsapsk_err;
+ } else if (psk_len == 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_PSK_IDENTITY_NOT_FOUND);
+ al=SSL_AD_UNKNOWN_PSK_IDENTITY;
+ goto rsapsk_err;
+ }
+
+ /* move on onto decoding the 48 encrypted bytes */
+
+ /* how many bytes to decode? */
+ n2s(p, epms_len);
+
+ if (n != (2 + identity_len + 2 + epms_len)) { /* as above */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto rsapsk_err;
+ }
+
+ /* decode in place into p */
+ decrypt_len = RSA_private_decrypt(epms_len, p, p, rsa, RSA_PKCS1_PADDING);
+ decrypt_good = constant_time_eq_int_8(decrypt_len, 48);
+
+ /* check the version sent by the client */
+ version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8));
+ version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff));
+
+ decrypt_good &= version_good;
+
+ for (i = 0; i < (int) sizeof(rand_premaster_secret); i++)
+ p[i] = constant_time_select_8(decrypt_good, p[i], rand_premaster_secret[i]);
+
+ /*
+ * build the pre master secret. it should look like this:
+ * 48 (2b) + version (2b) + random (46b) + psk_len (2b) + psk
+ */
+ pre_ms_len = 2 + 2 + 46 + 2 + psk_len;
+
+ /* the PSK is at the beginning of psk_or_pre_ms, move at the end */
+ memmove(psk_or_pre_ms + 52, psk_or_pre_ms, psk_len);
+
+ /* fill the "48" in */
+ s2n(pre_master_secret_prefix, t);
+
+ /* fill the 2 bytes version + the 46 random bytes (decrypted earlier with RSA) */
+ memcpy(t, p, 48);
+ t += 48;
+
+ /* fill the psk_len */
+ s2n(psk_len, t);
+
+ /* psk_or_pre_ms now contains the pre master secret */
+
+ /* set the identity in the session */
+ if (s->session->psk_identity != NULL)
+ OPENSSL_free(s->session->psk_identity);
+
+ s->session->psk_identity = BUF_strdup(identity);
+ OPENSSL_cleanse(identity, sizeof(identity));
+
+ if (s->session->psk_identity == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto rsapsk_err;
+ }
+
+ /* set the identity hint in the session */
+ if (s->session->psk_identity_hint != NULL)
+ OPENSSL_free(s->session->psk_identity_hint);
+ s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
+ if (s->ctx->psk_identity_hint != NULL && s->session->psk_identity_hint == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto rsapsk_err;
+ }
+
+ /* set the premaster key */
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->session->master_key,
+ psk_or_pre_ms, pre_ms_len);
+
+ psk_err = 0;
+ rsapsk_err:
+ OPENSSL_cleanse(orig_p, n); /* clear the whole payload area */
+ if (psk_err != 0)
+ goto f_err;
+ } else
+#endif
+#endif
#ifndef OPENSSL_NO_SRP
if (alg_k & SSL_kSRP) {
int param_len;
diff --git x/ssl/ssl.h y/ssl/ssl.h
index 90aeb0c..78cf221 100644
--- x/ssl/ssl.h
+++ y/ssl/ssl.h
@@ -254,6 +254,7 @@ extern "C" {
# define SSL_TXT_kEECDH "kEECDH"
# define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */
# define SSL_TXT_kPSK "kPSK"
+# define SSL_TXT_kRSAPSK "kRSAPSK"
# define SSL_TXT_kGOST "kGOST"
# define SSL_TXT_kSRP "kSRP"
@@ -282,6 +283,7 @@ extern "C" {
# define SSL_TXT_ECDSA "ECDSA"
# define SSL_TXT_KRB5 "KRB5"
# define SSL_TXT_PSK "PSK"
+# define SSL_TXT_RSAPSK "RSAPSK"
# define SSL_TXT_SRP "SRP"
# define SSL_TXT_DES "DES"
diff --git x/ssl/ssl_ciph.c y/ssl/ssl_ciph.c
index 2ad8f43..33f6da1 100644
--- x/ssl/ssl_ciph.c
+++ y/ssl/ssl_ciph.c
@@ -263,6 +263,7 @@ static const SSL_CIPHER cipher_aliases[] = {
0, 0, 0},
{0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
@@ -294,6 +295,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_RSAPSK, 0, SSL_kRSAPSK, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
/* symmetric encryption aliases */
@@ -756,7 +758,7 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
*auth |= SSL_aECDH;
#endif
#ifdef OPENSSL_NO_PSK
- *mkey |= SSL_kPSK;
+ *mkey |= SSL_kPSK | SSL_kRSAPSK;
*auth |= SSL_aPSK;
#endif
#ifdef OPENSSL_NO_SRP
@@ -1555,6 +1557,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
*/
ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
+ ssl_cipher_apply_rule(0, SSL_kRSAPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+ &tail);
ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
@@ -1731,6 +1735,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kPSK:
kx = "PSK";
break;
+ case SSL_kRSAPSK:
+ kx = "RSAPSK";
+ break;
case SSL_kSRP:
kx = "SRP";
break;
diff --git x/ssl/ssl_lib.c y/ssl/ssl_lib.c
index 42b980a..f20505b 100644
--- x/ssl/ssl_lib.c
+++ y/ssl/ssl_lib.c
@@ -2436,8 +2436,14 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#ifndef OPENSSL_NO_PSK
mask_k |= SSL_kPSK;
+#ifndef OPENSSL_NO_RSA
+ mask_k |= SSL_kRSAPSK;
+#endif
mask_a |= SSL_aPSK;
emask_k |= SSL_kPSK;
+#ifndef OPENSSL_NO_RSA
+ emask_k |= SSL_kRSAPSK;
+#endif
emask_a |= SSL_aPSK;
#endif
diff --git x/ssl/ssl_locl.h y/ssl/ssl_locl.h
index 6df725f..29af2a4 100644
--- x/ssl/ssl_locl.h
+++ y/ssl/ssl_locl.h
@@ -314,6 +314,8 @@
# define SSL_kGOST 0x00000200L
/* SRP */
# define SSL_kSRP 0x00000400L
+/* RSA PSK */
+# define SSL_kRSAPSK 0x00000800L
/* Bits for algorithm_auth (server authentication) */
/* RSA auth */
diff --git x/ssl/tls1.h y/ssl/tls1.h
index 7e237d0..173be49 100644
--- x/ssl/tls1.h
+++ y/ssl/tls1.h
@@ -410,6 +410,24 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
+/* PSK ciphersuites from 5487 */
+# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8
+# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF
+
+/* RSA-PSK ciphersuites from 4279 */
+# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092
+# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095
+
+/* RSA-PSK ciphersuites from 5487 */
+# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC
+# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7
+
/*
* Additional TLS ciphersuites from expired Internet Draft
* draft-ietf-tls-56-bit-ciphersuites-01.txt (available if
@@ -629,6 +647,24 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
+/* PSK ciphersuites from RFC 5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384"
+
+/* RSA-PSK ciphersuites from RFC 4279 */
+# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA"
+
+/* RSA-PSK ciphersuites from RFC 5487 */
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384"
+
/* SRP ciphersuite from RFC 5054 */
# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
--
2.10.0

54
patches/qt-Enable-debug-output-for-OpenSSL.patch 100644
View File

@ -0,0 +1,54 @@
From 5cad7717db911f113355b353a6eeb3687f6fbf9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Thu, 23 Jul 2015 12:16:01 +0200
Subject: [PATCH] Enable debug output for OpenSSL
---
src/network/ssl/qsslsocket.cpp | 2 +-
src/network/ssl/qsslsocket_mac.cpp | 1 +
src/network/ssl/qsslsocket_openssl.cpp | 4 ++--
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git x/qtbase/src/network/ssl/qsslsocket.cpp y/qtbase/src/network/ssl/qsslsocket.cpp
index 3e7a30a..61ff7a1 100644
--- x/qtbase/src/network/ssl/qsslsocket.cpp
+++ y/qtbase/src/network/ssl/qsslsocket.cpp
@@ -39,7 +39,7 @@
****************************************************************************/
-//#define QSSLSOCKET_DEBUG
+#define QSSLSOCKET_DEBUG
/*!
\class QSslSocket
diff --git x/qtbase/src/network/ssl/qsslsocket_mac.cpp y/qtbase/src/network/ssl/qsslsocket_mac.cpp
index 99ae792..13339c8 100644
--- x/qtbase/src/network/ssl/qsslsocket_mac.cpp
+++ y/qtbase/src/network/ssl/qsslsocket_mac.cpp
@@ -37,6 +37,7 @@
**
****************************************************************************/
+#define QSSLSOCKET_DEBUG
#include "qsslsocket.h"
#include "qssl_p.h"
diff --git x/qtbase/src/network/ssl/qsslsocket_openssl.cpp y/qtbase/src/network/ssl/qsslsocket_openssl.cpp
index 4f62f53..f8d8174 100644
--- x/qtbase/src/network/ssl/qsslsocket_openssl.cpp
+++ y/qtbase/src/network/ssl/qsslsocket_openssl.cpp
@@ -53,8 +53,8 @@
**
****************************************************************************/
-//#define QSSLSOCKET_DEBUG
-//#define QT_DECRYPT_SSL_TRAFFIC
+#define QSSLSOCKET_DEBUG
+#define QT_DECRYPT_SSL_TRAFFIC
#include "qssl_p.h"
#include "qsslsocket_openssl_p.h"
--
2.8.0

59
patches/qt-Enable-use-of-the-same-NetworkAccessAuthenticationManager.patch 100644
View File

@ -0,0 +1,59 @@
From 017de42929811e384a9741d46e4553e74605b79c Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Tue, 13 Sep 2016 14:24:25 +0200
Subject: [PATCH] Introduce QNetworkAccessManager::useAuthenticationManagerFrom
Sometimes it is desirable to use a new connection but keep already
entered user credentials for usability reasons. This is now possible by
using the AuthenticationManager from a different NetworkAccessManager.
[ChangeLog][QtCore][QNetworkAccessManager] Introduce useAuthenticationManagerFrom()
Change-Id: If61f0d03fc8b2f159bad869d0a2b650170e1e174
---
src/network/access/qnetworkaccessmanager.cpp | 15 +++++++++++++++
src/network/access/qnetworkaccessmanager.h | 2 ++
2 files changed, 17 insertions(+)
diff --git x/qtbase/src/network/access/qnetworkaccessmanager.cpp y/qtbase/src/network/access/qnetworkaccessmanager.cpp
index 927e103..c6dfca4 100644
--- x/qtbase/src/network/access/qnetworkaccessmanager.cpp
+++ y/qtbase/src/network/access/qnetworkaccessmanager.cpp
@@ -1083,6 +1083,21 @@ void QNetworkAccessManager::connectToHost(const QString &hostName, quint16 port)
}
/*!
+ \since 5.9
+
+ Sets the manager's authentication manager to be the one from
+ \a accessManager. This is useful when you need to use a new connection,
+ but keep already-entered user-credentials for usability reasons.
+*/
+void QNetworkAccessManager::useAuthenticationManagerFrom(const QNetworkAccessManager& accessManager)
+{
+ const QNetworkAccessManagerPrivate * const e = accessManager.d_func();
+
+ Q_D(QNetworkAccessManager);
+ d->authenticationManager = e->authenticationManager;
+}
+
+/*!
\since 4.7
Sends a custom request to the server identified by the URL of \a request.
diff --git x/qtbase/src/network/access/qnetworkaccessmanager.h y/qtbase/src/network/access/qnetworkaccessmanager.h
index 4ce4757..66e3ffb 100644
--- x/qtbase/src/network/access/qnetworkaccessmanager.h
+++ y/qtbase/src/network/access/qnetworkaccessmanager.h
@@ -143,6 +143,8 @@ public:
#endif
void connectToHost(const QString &hostName, quint16 port = 80);
+ void useAuthenticationManagerFrom(const QNetworkAccessManager& accessManager);
+
Q_SIGNALS:
#ifndef QT_NO_NETWORKPROXY
void proxyAuthenticationRequired(const QNetworkProxy &proxy, QAuthenticator *authenticator);
--
2.9.3

44
patches/qt-Make-QCryptographicHash-a-Q_GADGET.patch 100644
View File

@ -0,0 +1,44 @@
From a899b4f42ba33cf1e40f6177da00c5bc901264aa Mon Sep 17 00:00:00 2001
From: "Richard J. Moore" <rich@kde.org>
Date: Thu, 30 Jul 2015 21:42:45 +0100
Subject: [PATCH] Make QCryptographicHash a Q_GADGET.
This makes the hash algorithm play nicely with qDebug.
Change-Id: I6db651cd5c73e8be65442dd68d6b865dcb975f4c
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
---
src/corelib/tools/qcryptographichash.h | 3 +++
1 file changed, 3 insertions(+)
diff --git x/qtbase/src/corelib/tools/qcryptographichash.h y/qtbase/src/corelib/tools/qcryptographichash.h
index a19c734..0f17baa 100644
--- x/qtbase/src/corelib/tools/qcryptographichash.h
+++ y/qtbase/src/corelib/tools/qcryptographichash.h
@@ -42,6 +42,7 @@
#define QCRYPTOGRAPHICHASH_H
#include <QtCore/qbytearray.h>
+#include <QtCore/qobjectdefs.h>
QT_BEGIN_NAMESPACE
@@ -51,6 +52,7 @@ class QIODevice;
class Q_CORE_EXPORT QCryptographicHash
{
+ Q_GADGET
public:
enum Algorithm {
#ifndef QT_CRYPTOGRAPHICHASH_ONLY_SHA1
@@ -69,6 +71,7 @@ public:
Sha3_512
#endif
};
+ Q_ENUM(Algorithm)
explicit QCryptographicHash(Algorithm method);
~QCryptographicHash();
--
2.10.0

334
patches/qt-Make-server-side-signature-algorithms-configurable.patch 100644
View File

@ -0,0 +1,334 @@
From 992a338b639e4df6da16659dc238dbaae0ae802f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20L=C3=B6sch?= <Sebastian.Loesch@governikus.de>
Date: Thu, 21 Apr 2016 09:19:19 +0200
Subject: [PATCH] Make server side signature algorithms configurable
Signature algorithms are used during the TLS handshake phase to protect
transferred security parameters, e.g the message ServerKeyExchange.
This patch enables the configuration of allowed algorithms used by the
server side.
Change-Id: Ia178efd4778b91863fcc919bf50219115b300d77
---
src/network/ssl/qsslconfiguration.cpp | 42 +++++++++++++
src/network/ssl/qsslconfiguration.h | 6 ++
src/network/ssl/qsslconfiguration_p.h | 5 ++
src/network/ssl/qsslcontext_openssl.cpp | 45 ++++++++++++++
src/network/ssl/qsslsocket.cpp | 2 +
src/network/ssl/qsslsocket_openssl_symbols_p.h | 5 ++
.../auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 71 ++++++++++++++++++++++
7 files changed, 176 insertions(+)
diff --git x/qtbase/src/network/ssl/qsslconfiguration.cpp y/qtbase/src/network/ssl/qsslconfiguration.cpp
index c8040de..6bfca86 100644
--- x/qtbase/src/network/ssl/qsslconfiguration.cpp
+++ y/qtbase/src/network/ssl/qsslconfiguration.cpp
@@ -217,6 +217,7 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const
d->peerVerifyMode == other.d->peerVerifyMode &&
d->peerVerifyDepth == other.d->peerVerifyDepth &&
d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading &&
+ d->signatureAndHashAlgorithms == other.d->signatureAndHashAlgorithms &&
d->sslOptions == other.d->sslOptions &&
d->sslSession == other.d->sslSession &&
d->sslSessionTicketLifeTimeHint == other.d->sslSessionTicketLifeTimeHint &&
@@ -258,6 +259,7 @@ bool QSslConfiguration::isNull() const
d->privateKey.isNull() &&
d->peerCertificate.isNull() &&
d->peerCertificateChain.count() == 0 &&
+ d->signatureAndHashAlgorithms.isEmpty() &&
d->sslOptions == QSslConfigurationPrivate::defaultSslOptions &&
d->sslSession.isNull() &&
d->sslSessionTicketLifeTimeHint == -1 &&
@@ -811,6 +813,46 @@ QVector<QSslEllipticCurve> QSslConfiguration::supportedEllipticCurves()
}
/*!
+ \since 5.9
+
+ Returns the connection's current list of supported signature
+ algorithms if enabled. Enable it by calling
+ setSignatureAndHashAlgorithms().
+
+ \sa setSignatureAndHashAlgorithms()
+ */
+QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > QSslConfiguration::signatureAndHashAlgorithms() const
+{
+ return d->signatureAndHashAlgorithms;
+}
+
+/*!
+ \since 5.9
+
+ Sets the list of signature algorithms to be used for the current
+ connection. The algorithms are expected to be ordered by descending
+ preference (i.e., the first algorithm is the most preferred one).
+ Notice that this restricts the list of supported ciphers (e.g.
+ configuring the signature algorithm RSA+SHA1 will restrict the ciphers
+ to RSA ciphers).
+
+ When configuring the client side this are the algorithms set in the
+ Signature Algorithms TLS extension, see RFC 5246 for details. Although
+ this extension will be ignored for TLS protocol versions prior 1.2
+ this still restricts the supported ciphers as mentioned above.
+
+ By default, the handshake phase can choose any of the algorithms
+ supported by this system's SSL libraries, which may vary from
+ system to system.
+
+ \sa signatureAndHashAlgorithms()
+ */
+void QSslConfiguration::setSignatureAndHashAlgorithms(const QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > &algorithms)
+{
+ d->signatureAndHashAlgorithms = algorithms;
+}
+
+/*!
\since 5.3
This function returns the protocol negotiated with the server
diff --git x/qtbase/src/network/ssl/qsslconfiguration.h y/qtbase/src/network/ssl/qsslconfiguration.h
index f0754d7..cfa1e81 100644
--- x/qtbase/src/network/ssl/qsslconfiguration.h
+++ y/qtbase/src/network/ssl/qsslconfiguration.h
@@ -56,7 +56,10 @@
#ifndef QSSLCONFIGURATION_H
#define QSSLCONFIGURATION_H
+#include <QtCore/qcryptographichash.h>
+#include <QtCore/qpair.h>
#include <QtCore/qshareddata.h>
+#include <QtCore/qvector.h>
#include <QtNetwork/qsslsocket.h>
#include <QtNetwork/qssl.h>
@@ -141,6 +144,9 @@ public:
void setEllipticCurves(const QVector<QSslEllipticCurve> &curves);
static QVector<QSslEllipticCurve> supportedEllipticCurves();
+ QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > signatureAndHashAlgorithms() const;
+ void setSignatureAndHashAlgorithms(const QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > &algorithms);
+
static QSslConfiguration defaultConfiguration();
static void setDefaultConfiguration(const QSslConfiguration &configuration);
diff --git x/qtbase/src/network/ssl/qsslconfiguration_p.h y/qtbase/src/network/ssl/qsslconfiguration_p.h
index 364bba9..9553088 100644
--- x/qtbase/src/network/ssl/qsslconfiguration_p.h
+++ y/qtbase/src/network/ssl/qsslconfiguration_p.h
@@ -73,6 +73,9 @@
#include "qsslcipher.h"
#include "qsslkey.h"
#include "qsslellipticcurve.h"
+#include <QtCore/qcryptographichash.h>
+#include <QtCore/qpair.h>
+#include <QtCore/qvector.h>
QT_BEGIN_NAMESPACE
@@ -117,6 +120,8 @@ public:
QVector<QSslEllipticCurve> ellipticCurves;
+ QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > signatureAndHashAlgorithms;
+
QByteArray sslSession;
int sslSessionTicketLifeTimeHint;
diff --git x/qtbase/src/network/ssl/qsslcontext_openssl.cpp y/qtbase/src/network/ssl/qsslcontext_openssl.cpp
index f132d02..83f2435 100644
--- x/qtbase/src/network/ssl/qsslcontext_openssl.cpp
+++ y/qtbase/src/network/ssl/qsslcontext_openssl.cpp
@@ -41,6 +41,7 @@
#include <QtNetwork/qsslsocket.h>
+#include <QtCore/qmetaobject.h>
#include <QtCore/qmutex.h>
#include "private/qssl_p.h"
@@ -92,6 +93,11 @@ QSslContext::~QSslContext()
q_SSL_SESSION_free(session);
}
+static inline QString msgErrorSettingSignatureAlgorithms(const QString &why)
+{
+ return QSslSocket::tr("Error when setting the signature algorithms (%1)").arg(why);
+}
+
static inline QString msgErrorSettingEllipticCurves(const QString &why)
{
return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why);
@@ -367,6 +373,45 @@ init_context:
sslContext->errorCode = QSslError::UnspecifiedError;
}
}
+
+ const auto& sigAndHashAlgorithms = sslContext->sslConfiguration.signatureAndHashAlgorithms();
+ if (!sigAndHashAlgorithms.isEmpty()) {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ if (q_SSLeay() >= 0x10002000L) {
+ QMetaEnum hashMetaEnum = QMetaEnum::fromType<QCryptographicHash::Algorithm>();
+ QByteArrayList algorithmList;
+ for (int i=0; i < sigAndHashAlgorithms.size(); ++i) {
+ QByteArray sig;
+ switch (sigAndHashAlgorithms[i].first) {
+ case QSsl::KeyAlgorithm::Rsa:
+ sig = QByteArrayLiteral("RSA");
+ break;
+ case QSsl::KeyAlgorithm::Dsa:
+ sig = QByteArrayLiteral("DSA");
+ break;
+ case QSsl::KeyAlgorithm::Ec:
+ sig = QByteArrayLiteral("ECDSA");
+ break;
+ case QSsl::KeyAlgorithm::Opaque:
+ qCWarning(lcSsl, "Invalid value KeyAlgorithm::Opaque will be ignored");
+ continue;
+ }
+ QByteArray hash = QByteArray(hashMetaEnum.valueToKey(sigAndHashAlgorithms[i].second)).toUpper();
+ algorithmList += sig + QByteArrayLiteral("+") + hash;
+ }
+ QByteArray algorithms = algorithmList.join(':');
+ if (!q_SSL_CTX_set1_sigalgs_list(sslContext->ctx, algorithms.data())) {
+ sslContext->errorStr = msgErrorSettingSignatureAlgorithms(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+ } else
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
+ {
+ // specific algorithms requested, but not possible to set -> error
+ sslContext->errorStr = msgErrorSettingSignatureAlgorithms(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+ }
}
QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading)
diff --git x/qtbase/src/network/ssl/qsslsocket.cpp y/qtbase/src/network/ssl/qsslsocket.cpp
index a5ee9bf..c92645f 100644
--- x/qtbase/src/network/ssl/qsslsocket.cpp
+++ y/qtbase/src/network/ssl/qsslsocket.cpp
@@ -927,6 +927,7 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration)
d->configuration.peerVerifyDepth = configuration.peerVerifyDepth();
d->configuration.peerVerifyMode = configuration.peerVerifyMode();
d->configuration.protocol = configuration.protocol();
+ d->configuration.signatureAndHashAlgorithms = configuration.signatureAndHashAlgorithms();
d->configuration.sslOptions = configuration.d->sslOptions;
d->configuration.sslSession = configuration.sessionTicket();
d->configuration.sslSessionTicketLifeTimeHint = configuration.sessionTicketLifeTimeHint();
@@ -2235,6 +2236,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
ptr->peerVerifyDepth = global->peerVerifyDepth;
ptr->sslOptions = global->sslOptions;
ptr->ellipticCurves = global->ellipticCurves;
+ ptr->signatureAndHashAlgorithms = global->signatureAndHashAlgorithms;
}
/*!
diff --git x/qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h y/qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h
index 36e041b..7bdd719 100644
--- x/qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ y/qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -493,6 +493,11 @@ int q_EC_curve_nist2nid(const char *name);
#define q_SSL_get_server_tmp_key(ssl, key) q_SSL_ctrl((ssl), SSL_CTRL_GET_SERVER_TMP_KEY, 0, (char *)key)
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
+// Signature algorithm extension
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#define q_SSL_CTX_set1_sigalgs_list(ctx, s) q_SSL_CTX_ctrl((ctx), SSL_CTRL_SET_SIGALGS_LIST, 0, (char *)s)
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
+
// PKCS#12 support
int q_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
PKCS12 *q_d2i_PKCS12_bio(BIO *bio, PKCS12 **pkcs12);
diff --git x/qtbase/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp y/qtbase/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index f8c5b8b..a94e385 100644
--- x/qtbase/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ y/qtbase/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -229,6 +229,8 @@ private slots:
void simplePskConnect();
void ephemeralServerKey_data();
void ephemeralServerKey();
+ void signatureAlgorithm_data();
+ void signatureAlgorithm();
#endif
static void exitLoop()
@@ -3375,6 +3377,75 @@ void tst_QSslSocket::ephemeralServerKey()
QCOMPARE(client->sslConfiguration().ephemeralServerKey().isNull(), emptyKey);
}
+using SigAlgPair = QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm>;
+Q_DECLARE_METATYPE(QCryptographicHash::Algorithm);
+Q_DECLARE_METATYPE(QSsl::KeyAlgorithm);
+Q_DECLARE_METATYPE(SigAlgPair);
+
+void tst_QSslSocket::signatureAlgorithm_data()
+{
+ QTest::addColumn<SigAlgPair>("serverSigAlgPair");
+ QTest::addColumn<QSsl::SslProtocol>("serverProtocol");
+ QTest::addColumn<SigAlgPair>("clientSigAlgPair");
+ QTest::addColumn<QSsl::SslProtocol>("clientProtocol");
+ QTest::addColumn<QAbstractSocket::SocketState>("state");
+
+ auto rsaSha256 = SigAlgPair(QSsl::Rsa, QCryptographicHash::Sha256);
+ auto rsaSha512 = SigAlgPair(QSsl::Rsa, QCryptographicHash::Sha512);
+ auto ecdsaSha512= SigAlgPair(QSsl::Ec, QCryptographicHash::Sha512);
+
+ QTest::newRow("match_TlsV1_2") << rsaSha256 << QSsl::TlsV1_2 << rsaSha256 << QSsl::AnyProtocol << QAbstractSocket::ConnectedState;
+ QTest::newRow("no_hashalg_match_TlsV1_2") << rsaSha256 << QSsl::TlsV1_2 << rsaSha512 << QSsl::AnyProtocol << QAbstractSocket::UnconnectedState;
+ QTest::newRow("no_sigalg_match_TlsV1_2") << ecdsaSha512 << QSsl::TlsV1_2 << rsaSha512 << QSsl::AnyProtocol << QAbstractSocket::UnconnectedState;
+ QTest::newRow("no_cipher_match_AnyProtocol") << rsaSha512 << QSsl::TlsV1_2 << ecdsaSha512 << QSsl::AnyProtocol << QAbstractSocket::UnconnectedState;
+
+ // signature algorithms do not match, but are ignored because the tls version is not v1.2
+ QTest::newRow("client_ignore_TlsV1_1") << rsaSha256 << QSsl::TlsV1_1 << rsaSha512 << QSsl::AnyProtocol << QAbstractSocket::ConnectedState;
+ QTest::newRow("server_ignore_TlsV1_1") << rsaSha256 << QSsl::AnyProtocol << rsaSha512 << QSsl::TlsV1_1 << QAbstractSocket::ConnectedState;
+ QTest::newRow("client_ignore_TlsV1_0") << rsaSha256 << QSsl::TlsV1_0 << rsaSha512 << QSsl::AnyProtocol << QAbstractSocket::ConnectedState;
+ QTest::newRow("server_ignore_TlsV1_0") << rsaSha256 << QSsl::AnyProtocol << rsaSha512 << QSsl::TlsV1_0 << QAbstractSocket::ConnectedState;
+}
+
+
+void tst_QSslSocket::signatureAlgorithm()
+{
+ QFETCH_GLOBAL(bool, setProxy);
+ if (!QSslSocket::supportsSsl() || setProxy)
+ return;
+
+ QFETCH(SigAlgPair, serverSigAlgPair);
+ QFETCH(QSsl::SslProtocol, serverProtocol);
+ QFETCH(SigAlgPair, clientSigAlgPair);
+ QFETCH(QSsl::SslProtocol, clientProtocol);
+ QFETCH(QAbstractSocket::SocketState, state);
+
+
+ SslServer server;
+ server.protocol = serverProtocol;
+ server.config.setCiphers({QSslCipher("ECDHE-RSA-AES256-SHA")});
+ server.config.setSignatureAndHashAlgorithms({serverSigAlgPair});
+ QVERIFY(server.listen());
+
+ QSslConfiguration clientConfig = QSslConfiguration::defaultConfiguration();
+ clientConfig.setSignatureAndHashAlgorithms({clientSigAlgPair});
+ clientConfig.setProtocol(clientProtocol);
+ QSslSocket client;
+ client.setSslConfiguration(clientConfig);
+ socket = &client;
+
+ QEventLoop loop;
+ QTimer::singleShot(5000, &loop, SLOT(quit()));
+ connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &loop, SLOT(quit()));
+ connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
+ connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit()));
+
+
+ client.connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort());
+ loop.exec();
+ QCOMPARE(client.state(), state);
+}
+
+
#endif // QT_NO_OPENSSL
#endif // QT_NO_SSL
--
2.10.0

100
patches/qt-Make-sure-SSL-configuration-is-correct-in-QNetworkRe.patch 100644
View File

@ -0,0 +1,100 @@
From 29618d33243783725bb601ff8d9bd263309f4f32 Mon Sep 17 00:00:00 2001
From: Vladimir Prus <vladimir.prus@gmail.com>
Date: Fri, 20 Nov 2015 11:20:02 +0300
Subject: [PATCH] Make sure SSL configuration is correct in
QNetworkReply::encrypted.
In some cases, when QNetworkReply::encrypted is emitted,
QNetworkReply::sslConfiguration is not yet initialized, in particular
certificate chain is empty, which breaks the documented usage of
'encrypted' to perform additional checks on certificate chain.
It looks to be caused by the fact that QHttpNetworkReply is originally
associated with 0th QHttpNetworkConnectionChannel, and this association
is not updated if HTTP pipelining is not used. Therefore, a reply on
channel >0 might arrive before reply on channel 0, and then using ssl
configuration from channel 0, which not made it through handshake, is
not usable.
Task-number: QTBUG-49554
Change-Id: Ie5d4b5a0c503d5bdc44761ce8581f6ffe4e3bac2
---
src/network/access/qhttpnetworkconnection.cpp | 15 +++++++++++----
src/network/access/qhttpnetworkconnection_p.h | 1 +
src/network/access/qhttpnetworkconnectionchannel.cpp | 3 +--
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git x/qtbase/src/network/access/qhttpnetworkconnection.cpp y/qtbase/src/network/access/qhttpnetworkconnection.cpp
index 79f418f..7f07403 100644
--- x/qtbase/src/network/access/qhttpnetworkconnection.cpp
+++ y/qtbase/src/network/access/qhttpnetworkconnection.cpp
@@ -674,8 +674,7 @@ bool QHttpNetworkConnectionPrivate::dequeueRequest(QAbstractSocket *socket)
HttpMessagePair messagePair = highPriorityQueue.takeLast();
if (!messagePair.second->d_func()->requestIsPrepared)
prepareRequest(messagePair);
- channels[i].request = messagePair.first;
- channels[i].reply = messagePair.second;
+ updateChannel(i, messagePair);
return true;
}
@@ -684,13 +683,21 @@ bool QHttpNetworkConnectionPrivate::dequeueRequest(QAbstractSocket *socket)
HttpMessagePair messagePair = lowPriorityQueue.takeLast();
if (!messagePair.second->d_func()->requestIsPrepared)
prepareRequest(messagePair);
- channels[i].request = messagePair.first;
- channels[i].reply = messagePair.second;
+ updateChannel(i, messagePair);
return true;
}
return false;
}
+void QHttpNetworkConnectionPrivate::updateChannel(int i, const HttpMessagePair &messagePair)
+{
+ channels[i].request = messagePair.first;
+ channels[i].reply = messagePair.second;
+ // Now that reply is assigned a channel, correct reply to channel association
+ // previously set in queueRequest.
+ channels[i].reply->d_func()->connectionChannel = &channels[i];
+}
+
QHttpNetworkRequest QHttpNetworkConnectionPrivate::predictNextRequest() const
{
if (!highPriorityQueue.isEmpty())
diff --git x/qtbase/src/network/access/qhttpnetworkconnection_p.h y/qtbase/src/network/access/qhttpnetworkconnection_p.h
index e05bc1d..df71425 100644
--- x/qtbase/src/network/access/qhttpnetworkconnection_p.h
+++ y/qtbase/src/network/access/qhttpnetworkconnection_p.h
@@ -213,6 +213,7 @@ public:
void requeueRequest(const HttpMessagePair &pair); // e.g. after pipeline broke
bool dequeueRequest(QAbstractSocket *socket);
void prepareRequest(HttpMessagePair &request);
+ void updateChannel(int i, const HttpMessagePair &messagePair);
QHttpNetworkRequest predictNextRequest() const;
void fillPipeline(QAbstractSocket *socket);
diff --git x/qtbase/src/network/access/qhttpnetworkconnectionchannel.cpp y/qtbase/src/network/access/qhttpnetworkconnectionchannel.cpp
index 56716cb..8e0e88d 100644
--- x/qtbase/src/network/access/qhttpnetworkconnectionchannel.cpp
+++ y/qtbase/src/network/access/qhttpnetworkconnectionchannel.cpp
@@ -1076,6 +1076,7 @@ void QHttpNetworkConnectionChannel::_q_encrypted()
connection->d_func()->dequeueRequest(socket);
if (reply) {
reply->setSpdyWasUsed(false);
+ Q_ASSERT(reply->d_func()->connectionChannel == this);
emit reply->encrypted();
}
if (reply)
@@ -1115,8 +1116,6 @@ void QHttpNetworkConnectionChannel::_q_sslErrors(const QList<QSslError> &errors)
connection->d_func()->pauseConnection();
if (pendingEncrypt && !reply)
connection->d_func()->dequeueRequest(socket);
- if (reply) // a reply was actually dequeued.
- reply->d_func()->connectionChannel = this; // set correct channel like in sendRequest() and queueRequest();
if (connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP) {
if (reply)
emit reply->sslErrors(errors);
--
2.10.0

45
patches/qt-Re-apply-the-cast-part-of-commit-392c7b99348e2a96ef1.patch 100644
View File

@ -0,0 +1,45 @@
From 0d2e326699d2646e38d60036659a7ff3e0b7b8d0 Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@theqtcompany.com>
Date: Fri, 13 May 2016 14:24:59 +0200
Subject: [PATCH] Re-apply the cast part of commit
392c7b99348e2a96ef11adb5712095fbd13fb780
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We reverted this in 6f59c91c51edd7207635c3fa2f0b2b1179e7aa6e to avoid further
breakage in a patch release. Now let's do the right thing in the next minor
release and replace the qobject_cast on the instance with the IID check that
won't require instantiating the plugin in the qml loader thread.
[ChangeLog][QtQml][Important Behavior Changes] When the engine looks for QML
modules / extension plugins in statically linked applications, the plugins are
not instantiated in the qml loader thread anymore. For this to work however
it is necessary for plugins to use Q_PLUGIN_METADATA(IID QQmlExtensionInterface_iid)
in their class declaration instead of hardcoding the interface id as a string
literal.
Task-number: QTBUG-52012
Change-Id: I45fe8b9fec23b3d0408b7ee79ce297c7d47ce36d
Reviewed-by: Sebastian Lösch <Sebastian.Loesch@governikus.com>
Reviewed-by: J-P Nurmi <jpnurmi@qt.io>
---
src/qml/qml/qqmlimport.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git x/qtdeclarative/src/qml/qml/qqmlimport.cpp y/qtdeclarative/src/qml/qml/qqmlimport.cpp
index b51c78b..32faf76 100644
--- x/qtdeclarative/src/qml/qml/qqmlimport.cpp
+++ y/qtdeclarative/src/qml/qml/qqmlimport.cpp
@@ -913,7 +913,7 @@ bool QQmlImportsPrivate::populatePluginPairVector(QVector<StaticPluginPair> &res
// To avoid traversing all static plugins for all imports, we cut down
// the list the first time called to only contain QML plugins:
foreach (const QStaticPlugin &plugin, QPluginLoader::staticPlugins()) {
- if (qobject_cast<QQmlExtensionPlugin *>(plugin.instance()))
+ if (plugin.metaData().value(QStringLiteral("IID")).toString() == QLatin1String(QQmlExtensionInterface_iid))
plugins.append(plugin);
}
}
--
2.8.3

26
patches/qt-disable-qtplugininfo.patch 100644
View File

@ -0,0 +1,26 @@
From 792487510efc7a1fb34366804c431aee6e1219c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Tue, 22 Dec 2015 18:43:02 +0100
Subject: [PATCH] Disable qtpluginfo as it breaks install step on Android
---
src/src.pro | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git x/qttools/src/src.pro y/qttools/src/src.pro
index 387d54f..3151495 100644
--- x/qttools/src/src.pro
+++ y/qttools/src/src.pro
@@ -14,8 +14,7 @@ qtHaveModule(widgets) {
}
SUBDIRS += linguist \
- qdoc \
- qtplugininfo
+ qdoc
if(!android|android_app):!ios: SUBDIRS += qtpaths
mac {
--
2.6.4

49
patches/soname/openssl_makefile.shared.patch 100644
View File

@ -0,0 +1,49 @@
--- Makefile.shared.orig 2014-05-09 12:44:04.801960645 +0200
+++ Makefile.shared 2014-05-09 13:08:04.595689322 +0200
@@ -109,23 +109,7 @@
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
- ) && $(SYMLINK_SO)
-
-SYMLINK_SO= \
- if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
- prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
- if [ -n "$$SHLIB_COMPAT" ]; then \
- for x in $$SHLIB_COMPAT; do \
- ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
- prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
- fi
+ )
LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
@@ -578,18 +562,15 @@
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
symlink.aix symlink.reliantunix:
@ $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- $(SYMLINK_SO)
+ SHLIB=lib$(LIBNAME).so;
symlink.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
- SHLIB_SUFFIX=.dylib; \
- $(SYMLINK_SO)
+ SHLIB_SUFFIX=.dylib;
symlink.hpux:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
- expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
- $(SYMLINK_SO)
+ expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so;
# The following lines means those specific architectures do no symlinks
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath symlink.beos:

8
patches/soname/openssl_sed.sh 100755
View File

@ -0,0 +1,8 @@
#!/bin/sh
echo "Patching Configure..."
#sed -i 's/.so.\\$(SHLIB_MAJOR).\\$(SHLIB_MINOR)/.so/g' Configure
sed -i 's/.\\$(SHLIB_MAJOR).\\$(SHLIB_MINOR)//g' Configure
echo "Patching Makefile..."
sed -i 's/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX/$$SHLIB/g' Makefile.shared

16
resources/CMakeLists.txt 100644
View File

@ -0,0 +1,16 @@
SET(QRC_FILES "ausweisapp.qrc")
IF(IOS OR ANDROID OR ${CMAKE_BUILD_TYPE} STREQUAL "DEBUG")
LIST(APPEND QRC_FILES "ausweisapp_mobile.qrc")
ENDIF()
IF(LINUX OR WIN32 OR MAC)
LIST(APPEND QRC_FILES "ausweisapp_desktop.qrc")
ENDIF()
SET(RCC ${CMAKE_BINARY_DIR}/src/${PROJECT_NAME}.rcc)
SET(RCC ${RCC} PARENT_SCOPE)
qt5_add_binary_resources(AusweisAppRcc "${QRC_FILES}" DESTINATION ${RCC})
IF(WIN32)
SET(WINDOWS_RC "${CMAKE_CURRENT_SOURCE_DIR}/windows.rc" PARENT_SCOPE)
ENDIF()

78
resources/ausweisapp.qrc 100644
View File

@ -0,0 +1,78 @@
<RCC>
<qresource prefix="/">
<file>images/beta.svg</file>
<file>images/siteWithLogo.png</file>
<file>images/MenuSelected.png</file>
<file>images/MenuUnselected.png</file>
<file>images/MenuUnselectedDisabled.png</file>
<file>images/information.png</file>
<file>images/npa.ico</file>
<file>images/Logo_AutentApp2_2014.png</file>
<file>images/AppLogo_AutentApp2_2014.png</file>
<file>images/start_nPA_eAT.png</file>
<file>images/bg_da.png</file>
<file>images/bt_1.svg</file>
<file>images/bt_1b.svg</file>
<file>images/bt_2.svg</file>
<file>images/bt_2b.svg</file>
<file>images/bt_3.svg</file>
<file>images/bt_3b.svg</file>
<file>images/bt_4.svg</file>
<file>images/bt_4b.svg</file>
<file>images/bspd1.svg</file>
<file>images/canHint.png</file>
<file>images/busy_animation.gif</file>
<file>images/icon_attention.svg</file>
<file>images/icon_ok.png</file>
<file>images/icon_cancelled.png</file>
<file>images/Icon_Checked.svg</file>
<file>images/autentapp2.iconset/icon_16x16.png</file>
<file>images/autentapp2.iconset/icon_32x32.png</file>
<file>images/autentapp2.iconset/icon_512x512.png</file>
<file>images/reader/default_no_cardreader_01.png</file>
<file>images/reader/default_more_cardreader.png</file>
<file>images/reader/default_no_card_found.png</file>
<file>images/reader/img_cyberjack_wave.png</file>
<file>images/reader/img_cyberjack_wave_mit_ausweis.png</file>
<file>stylesheets/common.qss</file>
<file>stylesheets/macos.qss</file>
<file>stylesheets/windows.qss</file>
<file>stylesheets/desktop.qss</file>
<file>images/magnifying-glass.png</file>
<file>images/text-edit-x.png</file>
<file>images/back-chevron.png</file>
<file>images/iOS/tabBar/Anbieter-off.png</file>
<file>images/iOS/tabBar/Anbieter-on.png</file>
<file>images/iOS/tabBar/Ausweisen-off.png</file>
<file>images/iOS/tabBar/Ausweisen-on.png</file>
<file>images/iOS/tabBar/Pin-off.png</file>
<file>images/iOS/tabBar/Pin-on.png</file>
<file>images/iOS/tabBar/Verlauf-off.png</file>
<file>images/iOS/tabBar/Verlauf-on.png</file>
<file>images/iOS/gruener_Haken.svg</file>
<file>images/icon_Bluetooth.svg</file>
<file>images/icon_Pin.svg</file>
<file>images/All.png</file>
<file>images/iOS/tabBar/More-off.svg</file>
<file>images/iOS/tabBar/More-on.svg</file>
<file>images/iOS/rotes_X.svg</file>
<file>images/iOS/ProviderInformation.png</file>
<file>images/iOS/ProviderPurpose.png</file>
<file>images/iOS/CheckedCheckbox.png</file>
<file>images/iOS/Header-Ausweisapp@3x.png</file>
<file>images/delete.png</file>
<file>images/NFCPhoneCard.png</file>
<file>images/submit.png</file>
<file>images/androidtelefon.png</file>
<file>images/ausweis.png</file>
<file>images/provider/adresse.png</file>
<file>images/provider/mail.png</file>
<file>images/provider/telefon.png</file>
<file>images/provider/url.png</file>
<file>images/provider/gradient-citizen.png</file>
<file>images/provider/gradient-insurance.png</file>
<file>images/provider/gradient-finance.png</file>
<file>images/provider/gradient-other.png</file>
</qresource>
</RCC>

47
resources/ausweisapp_desktop.qrc 100644
View File

@ -0,0 +1,47 @@
<RCC>
<qresource prefix="/">
<file>html_templates/alreadyactive.html</file>
<file>html_templates/error.html</file>
<file>images/html_message_section.jpg</file>
<file>images/randompin/btn_normal_0.png</file>
<file>images/randompin/btn_normal_1.png</file>
<file>images/randompin/btn_normal_2.png</file>
<file>images/randompin/btn_normal_3.png</file>
<file>images/randompin/btn_normal_4.png</file>
<file>images/randompin/btn_normal_5.png</file>
<file>images/randompin/btn_normal_6.png</file>
<file>images/randompin/btn_normal_7.png</file>
<file>images/randompin/btn_normal_8.png</file>
<file>images/randompin/btn_normal_9.png</file>
<file>images/randompin/screen_keyboard.png</file>
<file>images/randompin/btn_ok.png</file>
<file>images/randompin/btn_cancel.png</file>
<file>images/randompin/btn_clear.png</file>
<file>images/reader/img_Reiner_SCT_cyberjack_RFID_komfort.png</file>
<file>images/reader/img_Reiner_SCT_cyberjack_RFID_komfort_mit_ausweis.png</file>
<file>images/reader/img_Reiner_SCT_cyberjack_RFID_standard.png</file>
<file>images/reader/img_Reiner_SCT_cyberjack_RFID_standard_mit_ausweis.png</file>
<file>images/reader/img_Reiner_SCT_cyberjack_RFID_basis.png</file>
<file>images/reader/img_Reiner_SCT_cyberjack_RFID_basis_mit_ausweis.png</file>
<file>images/reader/img_Identive_SCL011.png</file>
<file>images/reader/img_Identive_SCL011_mit_ausweis.png</file>
<file>images/reader/img_Identive_SDI011.png</file>
<file>images/reader/img_Identive_SDI011_mit_ausweis.png</file>
<file>images/reader/img_KOBIL_ID_Token.png</file>
<file>images/reader/img_KOBIL_ID_Token_mit_ausweis.png</file>
<file>images/reader/img_ACS_ACR1281U.png</file>
<file>images/reader/img_ACS_ACR1281U_mit_ausweis.png</file>
<file>images/reader/img_HID_Global_OMNIKEY_5321_V2.png</file>
<file>images/reader/img_HID_Global_OMNIKEY_5321_V2_mit_ausweis.png</file>
<file>images/reader/img_HID_Omnikey_Mobile_Reader_4121_CL.png</file>
<file>images/reader/img_HID_Omnikey_Mobile_Reader_4121_CL_mit_ausweis.png</file>
<file>images/reader/img_FEIG_myAXXES_basic.png</file>
<file>images/reader/img_FEIG_myAXXES_basic_mit_ausweis.png</file>
<file>images/reader/img_Gemalto_Prox_SU.png</file>
<file>images/reader/img_Gemalto_Prox_SU_mit_ausweis.png</file>
<file>images/reader/img_Gemalto_Prox_DU.png</file>
<file>images/reader/img_Gemalto_Prox_DU_mit_ausweis.png</file>
</qresource>
</RCC>

83
resources/ausweisapp_mobile.qrc 100644
View File

@ -0,0 +1,83 @@
<RCC>
<qresource prefix="/">
<file>images/mobile/appStartPageBackground.jpg</file>
<file>images/iOS/arrowLeft.svg</file>
<file>images/iOS/arrowRight.svg</file>
<file>images/iOS/check.svg</file>
<file>images/iOS/list_item_arrow.svg</file>
<file>images/iOS/radio_button_check_ios.svg</file>
<file>images/iOS/toggle_on.png</file>
<file>images/iOS/toggle_off.png</file>
<file>images/iOS/toggle_disabled.png</file>
<file>images/android/navigation/ausweisen.png</file>
<file>images/android/navigation/anbieter.png</file>
<file>images/android/navigation/verlauf.png</file>
<file>images/android/navigation/pin.png</file>
<file>images/android/navigation/versionsinformation.png</file>
<file>images/android/navigation/faq.png</file>
<file>images/android/navigation/support.png</file>
<file>images/android/navigation/bewerten.png</file>
<file>images/android/navigation/teilen.png</file>
<file>images/android/mdpi/haken.png</file>
<file>images/android/hdpi/haken.png</file>
<file>images/android/xhdpi/haken.png</file>
<file>images/android/xxhdpi/haken.png</file>
<file>images/android/xxxhdpi/haken.png</file>
<file>images/android/checkbox_0.svg</file>
<file>images/android/checkbox_1.svg</file>
<file>images/android/tabDivider.svg</file>
<file>images/android/arrowRight.svg</file>
<file>images/android/arrowLeft.svg</file>
<file>images/android/arrowRightWhite.svg</file>
<file>images/android/arrowLeftWhite.svg</file>
<file>images/android/android_toggle_on.png</file>
<file>images/android/android_toggle_off.png</file>
<file>images/android/android_toggle_on_disabled.png</file>
<file>images/android/android_toggle_off_disabled.png</file>
<file>images/android/android_arrow_back.svg</file>
<file>images/android/android_arrow_back_white.svg</file>
<file>images/android/android_search_icon.svg</file>
<file>images/more/icon_mehr_favorit.svg</file>
<file>images/more/icon_mehr_fragen.svg</file>
<file>images/more/icon_mehr_upload.svg</file>
<file>images/more/icon_mehr_info.svg</file>
<file>images/provider/categoryIcons/+android/CitizenServices.png</file>
<file>images/provider/categoryIcons/+android/Financials.png</file>
<file>images/provider/categoryIcons/+android/Insurances.png</file>
<file>images/provider/categoryIcons/+android/OtherServices.png</file>
<file>images/provider/categoryIcons/+android/CitizenServices_bg.png</file>
<file>images/provider/categoryIcons/+android/Financials_bg.png</file>
<file>images/provider/categoryIcons/+android/Insurances_bg.png</file>
<file>images/provider/categoryIcons/+android/OtherServices_bg.png</file>
<file>images/provider/categoryIcons/+android/CitizenServices_button.png</file>
<file>images/provider/categoryIcons/+android/Financials_button.png</file>
<file>images/provider/categoryIcons/+android/Insurances_button.png</file>
<file>images/provider/categoryIcons/+android/OtherServices_button.png</file>
<file>images/provider/categoryIcons/+android/General_bg.png</file>
<file>images/provider/categoryIcons/CitizenServices.png</file>
<file>images/provider/categoryIcons/Financials.png</file>
<file>images/provider/categoryIcons/Insurances.png</file>
<file>images/provider/categoryIcons/OtherServices.png</file>
<file>images/provider/+tablet/adresse.png</file>
<file>images/provider/+tablet/mail.png</file>
<file>images/provider/+tablet/telefon.png</file>
<file>images/provider/+tablet/url.png</file>
<file alias="images/provider/categoryIcons/CitizenServices_bg.png">images/provider/categoryIcons/+android/CitizenServices_bg.png</file>
<file alias="images/provider/categoryIcons/Financials_bg.png">images/provider/categoryIcons/+android/Financials_bg.png</file>
<file alias="images/provider/categoryIcons/Insurances_bg.png">images/provider/categoryIcons/+android/Insurances_bg.png</file>
<file alias="images/provider/categoryIcons/OtherServices_bg.png">images/provider/categoryIcons/+android/OtherServices_bg.png</file>
<file alias="images/provider/categoryIcons/CitizenServices_button.png">images/provider/categoryIcons/+android/CitizenServices_button.png</file>
<file alias="images/provider/categoryIcons/Financials_button.png">images/provider/categoryIcons/+android/Financials_button.png</file>
<file alias="images/provider/categoryIcons/Insurances_button.png">images/provider/categoryIcons/+android/Insurances_button.png</file>
<file alias="images/provider/categoryIcons/OtherServices_button.png">images/provider/categoryIcons/+android/OtherServices_button.png</file>
<file alias="images/provider/categoryIcons/General_bg.png">images/provider/categoryIcons/+android/General_bg.png</file>
<file>images/provider/categoryIcons/+android/CitizenServices_section.png</file>
<file>images/provider/categoryIcons/+android/Financials_section.png</file>
<file>images/provider/categoryIcons/+android/Insurances_section.png</file>
<file>images/provider/categoryIcons/+android/OtherServices_section.png</file>
<file>images/zahnraeder.svg</file>
</qresource>
</RCC>

128
resources/config.json.in 100644
View File

@ -0,0 +1,128 @@
{
"_comment_0": "This file is generated by cmake! DO NOT TOUCH THIS MANUALLY!",
"_comment_1": "array of CVCs; hex encoded",
"_comment_2": [
"certificate 1: DECVCAeID00103_DECVCAeID00104",
"certificate 2: DECVCAeID00102_DECVCAeID00103",
"certificate 3: DECVCAeID00102",
"certificate 7: DECVCAeIDCT00001"
],
"cvRootCertificates": [
"7f218201b67f4e82016e5f290100420e44454356434165494430303130337f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7864104241d8627338b64f20077ffd558909a096c635ddb222852038eaae642e869a40173d588f817d95db2a6a0f077ea5ee63596a20f85bc3cb176d2f98d88d90219aa8701015f200e44454356434165494430303130347f4c12060904007f0007030102025305fc0f13ffff5f25060105000901045f24060108000901045f3740313a81ed8734e7a8c45f16b55fb603e63027b7f44c2de3a8e782552d35949db221ca33bd41a01da6a1288c7885714fc3a03fa45683b75d3884930ec6738af8a0",
"7f218201b67f4e82016e5f290100420e44454356434165494430303130327f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a78641048925419fc7f194922cfc6b8dd25ae6a19c1b59216e6cf06270e5d75cfd64205f55cf867bbfefeefd6e680e1fd197f18ab684484901362568efc9adb5c6018d728701015f200e44454356434165494430303130337f4c12060904007f0007030102025305fc0f13ffff5f25060102010200035f24060105010200035f37404d6f08a86a4f18409f6685387dd3c6a7ff5d68ea4f7714a861bbb3bb721d05d3014adf1763c9292f715d8e94ee9b3e1b73ab1382414ebf39dfb3b0fb6c09dbeb",
"7F218201B67F4E82016E5F290100420E44454356434165494430303130327F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A78641043347ECF96FFB4BD9B8554EFBCCFC7D0B242F1071E29B4C9C622C79E339D840AF67BEB9B912692265D9C16C62573F4579FFD4DE2DE92BAB409DD5C5D48244A9F78701015F200E44454356434165494430303130327F4C12060904007F0007030102025305FE0F01FFFF5F25060100010001085F24060103010001085F37405067145C68CAE9520F5BB34817F1CA9C43593DB56406C6A3B006CBF3F314E7349ACF0CC6BFEBCBDEFD10B4DCF0F231DA56977D88F9F90182D199076A56506451",
"7f218201ba7f4e8201725f2901004210444543564341654944435430303030317f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a78641041f86a5f098c0d277ccece27e4fc35687ca67027563c4301956859b7c60ce65991a412c57d02871e22616ea63578ad2267c4cc82a4e3432901bf33693e436d4528701015f2010444543564341654944435430303030317f4c12060904007f0007030102025305fe1fffffff5f25060103000701065f24060106000701055f37407cbf6936f5557d8331321d34c6f59332115fdb704166dd360f7443b0cbb28a815dd111647e354009f7c2de142306954283a4d8fcd2311898729f095763d556cb"
],
"_comment_3": "array of Test-CVCs; hex encoded",
"_comment_4": [
"certificate 4: DETESTeID00001",
"certificate 5: DETESTeID00002_DETESTeID00001",
"certificate 6: DETESTeID00004_DETESTeID00002",
"certificate 8: DETESTeID00005_DETESTeID00004"
],
"cvRootCertificatesTest": [
"7F218201B67F4E82016E5F290100420E44455445535465494430303030317F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7864104184BB519FC2A8F52DC0DC73112FACFE914F2A49B678DD5799A2B1DFE95E1A66359014E22FA8D66438413CEBA6CF0E215576B673376BF617AF4DFE9761D2290148701015F200E44455445535465494430303030317F4C12060904007F0007030102025305FE0F01FFFF5F25060100000801035F24060103000801035F37409F25EBFAF4B91E4C60A1683754C5DC076A3179753EF97D9F8CB01FE1DCD3B8C83E7A26602AB1F344BE5706006D79A9FF6A9716404DC83B9F30E1213B393128A2",
"7f218201b67f4e82016e5f290100420e44455445535465494430303030317f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7864104096eb58bfd86252238ec2652185c43c3a56c320681a21e37a8e69ddc387c0c5f5513856efe2fdc656e604893212e29449b365e304605ac5413e75be31e641f128701015f200e44455445535465494430303030327f4c12060904007f0007030102025305fe0f01ffff5f25060100000902015f24060103000902015f3740141120a0fdfc011a52f3f72b387a3dc7aca88b4868d5ae9741780b6ff8a0b49e5f55169a2d298ef5cf95935dca0c3df3e9d42dc45f74f2066317154961e6c746",
"7f218201b67f4e82016e5f290100420e44455445535465494430303030327f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a786410474ff63ab838c73c303ac003dfee95cf8bf55f91e8febcb7395d942036e47cf1845ec786ec95bb453aac288ad023b6067913cf9b63f908f49304e5cfc8b3050dd8701015f200e44455445535465494430303030347f4c12060904007f0007030102025305fc0f13ffff5f25060102000501015f24060105000501015f37405c035a0611b6c58f0b5261fdd009decab7dc7a79482d5248cca119059b7d82b2157cf0c4a499bcf441efdd35e294a58c0af19a34a0762159533285acf170a505",
"7f218201b67f4e82016e5f290100420e44455445535465494430303030347f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a78641049bfeba8dc7faab6e3bdeb3ff794dbb800848fe4f6940a4cc7eecb5159c87da5395505892026d420a22596cd014ed1fd872dada597db0f8d64441041198f62d448701015f200e44455445535465494430303030357f4c12060904007f0007030102025305fc0f13ffff5f25060105000500045f24060108000500045f37402d2468416d66bcbe259b9b907a73395bc1ef94ed75f9c17615210246e9efb06e6753e9055ce76623b7699b9efb1a7d3a9dd83f6e6e09e55a33ea0a5f62a1c719"
],
"_comment_5": "array of certificates for checking the authenticity of updates; DER format, hex encoded",
"updateCertificates": [
"308206f8308205e0a003020102020840b202f4450f40bf300d06092a864886f70d01010505003076310b300906035504061302444531253023060355040a131c542d53797374656d7320496e7465726e6174696f6e616c20476d6248311e301c060355040b131554727573742043656e7465722053657276696365733120301e0603550403131754656c6553656320536572766572506173732043412031301e170d3132303832313037353132345a170d3135303832363233353935395a3081ab310b3009060355040613024445312d302b060355040a0c246272656d656e206f6e6c696e6520736572766963657320476d6248202620436f2e204b47310b3009060355040b13025345310f300d060355040813064272656d656e310f300d060355040713064272656d656e3124302206092a864886f70d01090116156265747269656240626f732d6272656d656e2e6465311830160603550403130f6170706c2e626f732d6173702e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100baa234d61141856dcc308a4fe30d1eaeb3e3356971e79a7c8257ce0ff15cd786a24670b58f2e0e2ba609805b9db94e7a68c5216375e9549c45c7d2d40ad9ecd1332adb6a94c8b312cc71097a671ff3ebec674f2decde539b619c867b1873deafa8eaeda61b335d483a260196903e4f3922cb3d66e30b6e22cfed5e249f7847b37d53b00409edd52e7148a72e2baf22194ec408496b6726ef5c8e2495e88e1c0193ab46f75b9e6fb0cfd100ab314a59337eb80d7c0449ff523606ea72e357e153182353d9cbe92567507f39c6d6545d3d561657703c6d6858a0cfa322c086bab2366f7df64cf8697f85e0d054a7c1283c7858cc2192082b9e14f88ce6388928d30203010001a38203523082034e301f0603551d2304183016801433dc9e96ecd8e8351f6d901b0b38a4af741bc658300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604146a2f35506e2da75862fe292c02f2222d28d4051c304f0603551d2004483046304406092b06010401bd470d023037303506082b060105050702011629687474703a2f2f7777772e74656c657365632e64652f736572766572706173732f6370732e68746d6c308201220603551d1f04820119308201153045a043a041863f687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f726c2f54656c655365635f536572766572506173735f43415f312e63726c3081cba081c8a081c58681c26c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f636e3d54656c65536563253230536572766572506173732532304341253230312c6f753d547275737425323043656e74657225323053657276696365732c6f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c633d64653f63657274696669636174655265766f636174696f6e6c6973743f626173653f63657274696669636174655265766f636174696f6e6c6973743d2a3082013a06082b060105050701010482012c30820128303306082b060105050730018627687474703a2f2f6f6373702e736572766572706173732e74656c657365632e64652f6f63737072304c06082b060105050730028640687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f6372742f54656c655365635f536572766572506173735f43415f312e6365723081a206082b060105050730028681956c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f636e3d54656c65536563253230536572766572506173732532304341253230312c6f753d547275737425323043656e74657225323053657276696365732c6f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c633d64653f63414365727469666963617465300c0603551d130101ff04023000301a0603551d1104133011820f6170706c2e626f732d6173702e6465300d06092a864886f70d0101050500038201010026a20d746b23686fa3d7513bf46ee88fbc1d895a7626576cd3ca16fa4a483a36bbe72bdb1aafd1f653a30c7e512870037eeba1706c75082248402061c5a2b39abe2c7a13433c6344cdfb9fb83ddee505bc406d7aa00b35b32ace9faffea387d1dd5982ac7e09c2687d5d33853885fea902e30dde7870457ac3431db6f64314a768b293a1ba097cf7b25d0abb83090f8a1b9a8fe009fe63f9fe6029b06e0d4e95e3995c6a93812a783493f66b69270f64d472637a8b30cb5870676ccaf98a4655e843c5c255d57e19388b60c5ffc6fd65f3eb17353279a68b609681b2bd7c629f4e6061619df736f78eabb2761a3ef9b3dcc87abcbca781620297f576ea9ce06a",
"308208673082074fa00302010202086b5eeeb3f0155141300d06092a864886f70d01010b05003081d8310b300906035504061302444531253023060355040a131c542d53797374656d7320496e7465726e6174696f6e616c20476d6248311e301c060355040b131554727573742043656e7465722053657276696365733120301e0603550403131754656c6553656320536572766572506173732043412032311c301a060355040813134e6f7264726865696e205765737466616c656e310e300c0603550411130535373235303110300e060355040713074e65747068656e3120301e06035504091317556e7465726520496e647573747269657374722e203230301e170d3135303532303039353335315a170d3138303532353233353935395a3081a6310b30090603550406130244453121301f060355040a0c18476f7665726e696b757320476d6248202620436f2e204b47310b3009060355040b13025345310f300d060355040813064272656d656e310f300d060355040713064272656d656e3124302206092a864886f70d01090116156265747269656240676f7665726e696b75732e6465311f301d060355040313166170706c2e676f7665726e696b75732d6173702e646530820222300d06092a864886f70d01010105000382020f003082020a0282020100c1d969514392105ce65b089b7357f75356f076b21168233d1eb57ae81f826c74258ec4814c48a3e99633fcac1fb444412cba421c1569d21b6317b6614b096203ab5b605128671764d30186dec09716d2173bfab911a9ad3d2d0b850ff2595dd9c72113bd64879c39c39b3debbfdd7f8d68e8d1bdaf2cca0508583bd59b965ec5f4950e4fbbe48b7be351237d478253bc34ac5aed9448f5ae31878067bdad75179cb776ef19f8e49e62b830de8279142233030189c20008345553847b7edc6471bf7c15c98b087159b44faa5a35fe16adc285e4d8266fab49b7b4e7fbcbd91767e05dbb45a5564cb11abcbeb0ff66869ca72dd7919eae796340fb5b26fb8ecc65b8380d3eb30e46150725e2156ad156773a79b482133b846b247868a6d3fcc18f96cfc6044fb7678fd79c04fb580b7bfb86e3252554b9a97dfd6fb9ae0e0d8d663a56b471d37752fc88a172151494553d78a39ade4669076e5ddfa13fd684b7eb800efedf9af8f90d4bab6d80378b950d43ef6de6f9ca5dccb81ecbbf820126d90923c5b87462af2acf0fc460599b2d7022e488f20069e2b3e80e057ebbd1454891929c2e0252688a1c0e801eb8bec795251087a755a6edcd22759a5c1869550d63b0596cb5ac20a7e5cb11f5412598990092cbe058b4ec67b98dd9ed2b2a5f8b7994e92b89a1ef51517beb2e2594cb8007d514f988968c52246a18945fba0adf0203010001a38203633082035f301f0603551d2304183016801415bbded6256fbdf2319f6213dc5ca6f465b46df2300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604148c76a1377b9cad8059a5d4126a53bc633671ca1c30590603551d2004523050304406092b06010401bd470d023037303506082b060105050702011629687474703a2f2f7777772e74656c657365632e64652f736572766572706173732f6370732e68746d6c3008060667810c010202308201220603551d1f04820119308201153045a043a041863f687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f726c2f54656c655365635f536572766572506173735f43415f322e63726c3081cba081c8a081c58681c26c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f636e3d54656c65536563253230536572766572506173732532304341253230322c6f753d547275737425323043656e74657225323053657276696365732c6f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c633d64653f63657274696669636174655265766f636174696f6e6c6973743f626173653f63657274696669636174655265766f636174696f6e6c6973743d2a3082013a06082b060105050701010482012c30820128303306082b060105050730018627687474703a2f2f6f6373702e736572766572706173732e74656c657365632e64652f6f63737072304c06082b060105050730028640687474703a2f2f63726c2e736572766572706173732e74656c657365632e64652f6372742f54656c655365635f536572766572506173735f43415f322e6365723081a206082b060105050730028681956c6461703a2f2f6c6461702e736572766572706173732e74656c657365632e64652f636e3d54656c65536563253230536572766572506173732532304341253230322c6f753d547275737425323043656e74657225323053657276696365732c6f3d542d53797374656d73253230496e7465726e6174696f6e616c253230476d62482c633d64653f63414365727469666963617465300c0603551d130101ff0402300030210603551d11041a301882166170706c2e676f7665726e696b75732d6173702e6465300d06092a864886f70d01010b050003820101005f35f8a5ed5fe3879dbb137d1505768bff7635e3c7824735bf8c0b1bdd02335de7928f484192925c29738b034b152805935aa54d92abc3be5c7cfec5017ca506a33c2b15fdb2762037b0b4615e39d7697f64dba763ad0b6e05b7e8b6dd29c7ace3ec86ea74a82ce9a5575166375849afbd48cebdbd18bfdab0f905b094b4e686649bee5fba153ff5786cbb5926807891ae07871127a887c2e2747dcfd1bd18d34b0642eb2fa8309e8b434b2cf91ab0e918c3f3c59d70aa096a46abfc50b3e66baacd7748b7ef98110760cce271c1528ed4e84ae9144983ad26aa27f00a527053c50739d2592ad13179a33eb1d299081be8b9824bc63ac70e1ad518380df08a56%",
"308202eb308201d3a003020102020437a18b8a300d06092a864886f70d01010b05003026310b3009060355040613024445311730150603550403130e6275696c64617574656e74617070301e170d3134303732343131323334325a170d3234303732313131323334325a3026310b3009060355040613024445311730150603550403130e6275696c64617574656e7461707030820122300d06092a864886f70d01010105000382010f003082010a0282010100ca573d1c79c72f15dd80020b39886bec2de9004556eabc833f61b86aac3b4658ed8ecf7f32cb3daeb34576b49ff13e9eaaafa5ce2cf7cb13df2f89be6a1659f79cca6b4276b90914594e74998f9b9fffa0c8efdf4409be91a195458e1a0dce707cb1573cab99d297c80e8026c2f299fd97b8bbf14b172094f17abe50483a2e1df0cf6629d024cf5b752a1bb0edbe172dcce7ed30cc3c193ba742bff2e0afa0f15c414f27bdb374f65ac71c0c7af3a4a5fe1707d22bed1b63019e659c42e763c601f45d60094be915a422a0c183da33e8b3909cf83c0d7dfd3d5ffd1a92cf00c07961b284ddbef1e9b9d5536e12630cefa8493c8244edd2f687b09d38e79f639d0203010001a321301f301d0603551d0e04160414b29d3e7f193789f68d2234738a2773e737c4ce1c300d06092a864886f70d01010b0500038201010030800530f9d3abb215e8c8da5ee62ee083bdd8fce00d673702d00fac194eabd4c0b9338166a6dd76711651e685d0b9a50cdf2dc4872edeb5f4369372fb0d70d8fe02892b962e5fafd73add31ec0fd6708aa6ad2c82beca260773dd3e62460d1e416ac8d931e221b1bcf8255abd44933d38660e5bad639c38fb7dbbcf1f9504e20b27d75810b5ab475ce061d725b54628b4cfd7bd53f29d93a8ecb16e96df9ff654da55ea8ed1700c8d3135b1bc97655595a56f75dfb101c27341309602dce89e9c4db08a7c19d7fb199394f0ec478c4f246dbab0a37c2cea22b5b2b4c9e589a640611348b77dddd0fc412c9980cb5d516b274b9649debdd22df123cd06495924%"
],
"_comment_6": "ciphers are ordered by preference",
"_comment_7": "prime256v1 := secp256r1",
"ecCiphers": [
"brainpoolP512r1",
"brainpoolP384r1",
"brainpoolP256r1",
"secp384r1",
"prime256v1",
"secp224r1"
],
"pskCiphers": [
"RSA-PSK-AES256-GCM-SHA384",
"RSA-PSK-AES256-CBC-SHA384",
"RSA-PSK-AES128-GCM-SHA256",
"RSA-PSK-AES128-CBC-SHA256",
"RSA-PSK-AES256-CBC-SHA"
],
"fsCiphers": [
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"DHE-DSS-AES256-GCM-SHA384",
"DHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384",
"DHE-DSS-AES256-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"DHE-DSS-AES128-GCM-SHA256",
"DHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256",
"DHE-DSS-AES128-SHA256",
"DHE-RSA-AES128-SHA256"
],
"fsCiphersWithBc": [
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"DHE-DSS-AES256-SHA",
"DHE-RSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA",
"DHE-DSS-AES128-SHA",
"DHE-RSA-AES128-SHA"
],
"sslProtocolVersion": "TlsV1_0OrLater",
"sslProtocolVersionPsk": "TlsV1_1OrLater",
"signatureAlgorithms" : [
"Rsa+Sha512",
"Dsa+Sha512",
"Ec+Sha512",
"Rsa+Sha384",
"Dsa+Sha384",
"Ec+Sha384",
"Rsa+Sha256",
"Dsa+Sha256",
"Ec+Sha256",
"Rsa+Sha224",
"Dsa+Sha224",
"Ec+Sha224"
],
"signatureAlgorithmsPsk" : [
"Rsa+Sha512",
"Rsa+Sha384",
"Rsa+Sha256",
"Rsa+Sha224"
],
"selfAuthentication": {
"_comment_1": "TCTokenURL for self authentication (AusweisAuskunft)",
"url": "https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=xml",
"certDescr": "308202E0060A04007F00070301030101A10E0C0C442D547275737420476D6248A2181316687474703A2F2F7777772E642D74727573742E6E6574A3190C17476F7665726E696B757320476D6248202620436F2E4B47A41A131868747470733A2F2F7777772E617574656E746170702E6465A58202050C8202014E616D652C20416E7363687269667420756E6420452D4D61696C2D4164726573736520646573204469656E737465616E626965746572733A0D0A476F7665726E696B757320476D6248202620436F2E4B470D0A416D2046616C6C7475726D20390D0A3238333539204272656D656E0D0A6B6F6E74616B7440676F7665726E696B75732E636F6D0D0A0D0A4765736368C3A46674737A7765636B3A0D0A53656C6273746175736B756E66740D0A0D0A48696E7765697320617566206469652066C3BC722064656E204469656E737465616E626965746572207A757374C3A46E646967656E205374656C6C656E2C20646965206469652045696E68616C74756E672064657220566F7273636872696674656E207A756D20446174656E73636875747A206B6F6E74726F6C6C696572656E3A0D0A446572204C616E64657362656175667472616774652066C3BC7220446174656E73636875747A20756E6420496E666F726D6174696F6E736672656968656974206465722046726569656E2048616E73657374616474204272656D656E0D0A41726E647473747261C39F6520310D0A3237353730204272656D6572686176656E0D0A303432312F3336312D323031300D0A6F666669636540646174656E73636875747A2E6272656D656E2E64650D0A687474703A2F2F7777772E646174656E73636875747A2E6272656D656E2E64650D0AA7683166042029F04459C39E4B68C70AA3961FA7B1B40E8A49238446CFE606C56FF8DC0989F404203FFF612368211F69D460DFF157F541BEBC96217D7AF6C2D4F57BF6E4A126A86C04209D8EB0BDF36B19C4AF3147E57401FD792845F0413102A7BD784DF9418098BEBE",
"testUrl": "https://test.governikus-eid.de/AusweisAuskunft/WebServiceRequesterServlet?mode=xml",
"testCertDescr": "30820266060A04007F00070301030101A1160C14476F7665726E696B757320546573742044564341A21A1318687474703A2F2F7777772E676F7665726E696B75732E6465A31A0C18476F7665726E696B757320476D6248202620436F2E204B47A420131E68747470733A2F2F746573742E676F7665726E696B75732D6569642E6465A582014F0C82014B416E736368726966743A090D0A476F7665726E696B757320476D6248202620436F2E204B470D0A416D2046616C6C7475726D20390D0A3238333539204272656D656E090D0A0D0A452D4D61696C2D416472657373653A09686240626F732D6272656D656E2E6465090D0A0D0A5A7765636B20646573204175736C657365766F7267616E67733A0944656D6F6E7374726174696F6E20646573206549442D53657276696365090D0A0D0A5A757374C3A46E6469676520446174656E73636875747A61756673696368743A090D0A446965204C616E64657362656175667472616774652066C3BC7220446174656E73636875747A20756E6420496E666F726D6174696F6E736672656968656974206465722046726569656E2048616E73657374616474204272656D656E0D0A41726E647473747261C39F6520310D0A3237353730204272656D6572686176656EA64B134968747470733A2F2F746573742E676F7665726E696B75732D6569642E64653A3434332F417574656E742D44656D6F4170706C69636174696F6E2F5265636569766572536572766C6574A74631440420D2E54E1D26FC5DFC3408609831BBE4CFE3204365604849E7B094623566B54A760420E224D25B448DC054C023392CA11017751041D762F83D880895B3018D8EC2B290"
},
"drivers": {
"updateUrl": "@REMOTE_CONFIG_URL@@REMOTE_CONFIG_PATH_DRIVERS@/default-supported-devices.json"
},
"providers": {
"updateUrl": "@REMOTE_CONFIG_URL@@REMOTE_CONFIG_PATH_PROVIDERS@/@DEFAULT_PROVIDER_FILE@",
"iconsUpdateUrlBase": "@REMOTE_CONFIG_URL@@REMOTE_CONFIG_PATH_PROVIDERS@/provider/"
},
"updates": {
"release": "@REMOTE_CONFIG_URL@@REMOTE_CONFIG_PATH_APPCAST@/Appcast.xml",
"beta": "@REMOTE_CONFIG_URL@@REMOTE_CONFIG_PATH_APPCAST_BETA@/Appcast.xml"
}
}

53
resources/default-providers-ios.json 100644
View File

@ -0,0 +1,53 @@
{
"issueDate": "2015-10-29T06:25:00+1:00",
"provider": [
{
"name": "Beantragung Schwerbehindertenausweis Saarland",
"address": "https://gatewaylas.saarland.de/FV/Onlineantrag",
"phone": "",
"email": "",
"postaladdress": "",
"category": "citizen"
},
{
"name": "Bürgerportal Rheinland Pfalz",
"address": "http://www.rlpdirekt.de/rheinland-pfalz",
"phone": "",
"email": "",
"postaladdress": "",
"category": "citizen"
},
{
"name": ":::(bit)kasten",
"address": "https://www.bitkasten.de/",
"phone": "",
"email": "",
"postaladdress": "",
"category": "other"
},
{
"name": "Bürgerkonto Test (Testausweis erforderlich)",
"address": "https://bk.test.bos-asp.de/BuergerKontoTestSPTest/",
"phone": "",
"email": "",
"postaladdress": "",
"category": "other"
},
{
"name": "OpenPGP-eID",
"address": "https://pgp.governikus-eid.de/pgp",
"phone": "",
"email": "",
"postaladdress": "",
"category": "other"
},
{
"name": "SkIDentity Service",
"address": "https://skidentity.de/service",
"phone": "",
"email": "",
"postaladdress": "",
"category": "other"
}
]
}

565
resources/default-providers.json 100644
View File

@ -0,0 +1,565 @@
{
"issueDate": "2016-11-07T12:30:00+1:00",
"provider": [
{
"shortName": {"" : ":::(bit)kasten"},
"address": "https://www.bitkasten.de/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrl": "https://www.bitkasten.de/portal/api/login/npa/createRequest?returnUrl=https%3A%2F%2Fwww.bitkasten.de%2Fportal%2Fapi%2Flogin%2Fnpa%2Flogin.html"
},
{
"shortName": {"" : "Allianz Kundenportal - Meine Allianz"},
"address": "https://meine.allianz.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "insurance",
"tcTokenUrl": "https://npa.allianz.de/azsecurity-npa-service/NpaEIDService/nparef/XIbOcJDGV0nWcgSIEaN8KA-",
"tcTokenUrlInfo" : "TcToken URL contains dynamic request id but is accepted anyway."
},
{
"shortName": {"" : "Allianz Maklerportal"},
"address": "https://makler.allianz.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "insurance",
"tcTokenUrl": "https://npa.allianz.de/azsecurity-npa-service/NpaEIDService/nparef/-wnfwSFGamtJotxe6_BKiLj",
"tcTokenUrlInfo" : "TcToken URL contains dynamic request id but is accepted anyway."
},
{
"shortName": {"" : "Ausweis Auskunft des Bundes"},
"address": "https://www.buergerserviceportal.de/bund/ausweisapp/bspx_selbstauskunft",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrl" : "https://www.buergerserviceportal.de:443/bund/ausweisapp/bspx_selbstauskunft/SamlAuthnRequestProvider"
},
{
"shortName": {"" : "BAföG Online"},
"address": "https://www.bafoegonline.bva.bund.de/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrl" : "",
"clientUrl" : "https://www.bafoegonline.bva.bund.de/bafoeg-online/Bafoeg/flow/anmeldenMitNpaPreFlow"
},
{
"shortName": {"" : "BAföG Online Bayern (AKDB)"},
"address": "https://afoegfofa.osrz-akdb.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "BAföG Online Bayern (Studentenwerk)"},
"address": "https://www.bafoeg-bayern.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "BAföG Online Berlin (Studentenwerk)"},
"address": "https://www.berlin-bafoeg.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "BAföG Online Brandenburg"},
"address": "https://www.bafoeg-brandenburg.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "BAföG Online Hamburg"},
"address": "https://bafoeg-online.hamburg.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "BAföG Online Hessen"},
"address": "https://www.bafoeg-hessen.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "BAföG Online Mecklenburg-Vorpommern"},
"address": "http://www.bm.regierung-mv.de/bafoeg",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "BAföG Online Nordrhein-Westfalen"},
"address": "https://www.bafoeg-online.nrw.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "BAföG Online Schleswig-Holstein"},
"address": "https://bafoeg.schleswig-holstein.de/BAfoeGOnline/ABAfoeG/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "BAföG Online Sachsen"},
"address": "https://fs.egov.sachsen.de/formserv/findform?shortname=bafoeg&amp;formtecid=11&amp;areashortname=SMWK_bafoeg",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "Beantragung Schwerbehindertenausweis Bayern"},
"address": "https://www.schwerbehindertenantrag.bayern.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen"
},
{
"shortName": {"" : "Beantragung Schwerbehindertenausweis Saarland"},
"address": "https://gatewaylas.saarland.de/FV/Onlineantrag",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Bundesagentur für Arbeit"},
"address": "https://www.arbeitsagentur.de/npa",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrl" : "",
"clientUrl" : "https://formular.arbeitsagentur.de/eantrag/fallinfo-npa.page"
},
{
"shortName": {"" : "Bundestag ePetition"},
"address": "https://epetitionen.bundestag.de/epet/anmelden.html",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Bürgerantrag Bremen"},
"address": "https://www.buergerantrag.bremen.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Bürgerdienste der Stadt Münster"},
"address": "http://www.muenster.de/stadt/neuer-personalausweis.html",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Bürgerportal Baden-Württemberg"},
"address": "http://service-bw.de/zfinder-bw-web/welcome.do?showMsbwDetails=1",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "Unable to locate URL"
},
{
"shortName": {"" : "Bürgerportal Rheinland Pfalz"},
"address": "http://www.rlpdirekt.de/rheinland-pfalz",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "PLZ required"
},
{
"shortName": {"" : "Bürgerservice-Portal Kreis Herford"},
"address": "https://www.buergerserviceportal.nrw/krz/lkrherford",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Bürgerservice-Portal Kreis Minden-Lübbecke"},
"address": "https://www.buergerserviceportal.nrw/krz/mindenluebbecke",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Bürgerservice-Portal Stadt Lage"},
"address": "https://www.buergerserviceportal.nrw/krz/lage",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Bürgerservice-Portal Stadt Norderstedt"},
"address": "https://norderstedt.de/digital",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Bürgerservice-Portal Wiesbaden"},
"address": "https://www.buergerserviceportal.de/hessen/wiesbaden",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Bürgerservice-Portale der bayerischen Kommunen"},
"address": "https://www.buergerserviceportal.de/bayern/classic/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "CosmosDirekt Kundenportal meinCosmosDirekt"},
"address": "https://www.cosmosdirekt.de/services/mcd-info",
"phone": "",
"email": "",
"postalAddress": "",
"category": "insurance",
"tcTokenUrl" : "https://www.cosmosdirekt.de/nPa/IdentifizierenNPA?back_url=https://www.cosmosdirekt.de/meincosmosdirekt-registrierung/*ident=1"
},
{
"shortName": {"" : "d.velop foxdox.de: Dokumente sicher ablegen"},
"address": "https://mein.foxdox.de/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrl" : "https://mein.foxdox.de/npa_login?action=gettctoken&amp;next=/documents"
},
{
"shortName": {"" : "Datev - Arbeitnehmer online / Lohn- und Gehaltsabrechnung"},
"address": "https://www.datev.de/portal/ShowPage.do?pid=ano&amp;nid=159749",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "Address is faulty"
},
{
"shortName": {"" : "Deutsche Rentenversicherung"},
"address": "https://www.eservice-drv.de/OnlineDiensteWeb/init.do?npa=true",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "DKB-Cash - Onlineantrag Konto und Kreditkarte"},
"address": "http://www.dkb.de/privatkunden/dkb_cash",
"phone": "",
"email": "",
"postalAddress": "",
"category": "finance",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "eAntrag der Investitionsbank Berlin (IBB)"},
"address": "http://www.ibb.de/e_antrag.aspx",
"phone": "",
"email": "",
"postalAddress": "",
"category": "finance",
"tcTokenUrlInfo" : "Registration required."
},
{
"shortName": {"" : "easy Login - Der Zugang für Finanz- &amp; Versicherungsvermittler"},
"address": "http://www.easy-login.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "insurance",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "ElsterOnline-Portal"},
"address": "https://www.elsteronline.de",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "Registration required."
},
{
"shortName": {"" : "Einheitlicher Ansprechpartner Köln"},
"address": "http://www.einheitlicher-ansprechpartner-koeln.de/eaportal/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrl" : "https://ea.stadt-koeln.de/Gastzugang/EIDServiceProvider/Request.ashx?appID=6"
},
{
"shortName": {"" : "ERGO Direkt Lebensversicherung AG"},
"address": "https://ergodirekt.de/de/persoenlicherbereich.html#login",
"phone": "",
"email": "",
"postalAddress": "",
"category": "insurance"
},
{
"shortName": {"" : "Feinstaubplakette beantragen"},
"address": "http://www.berlin.de/labo/fahrzeuge/kfz-zulassung/feinstaubplakette/shop.85047.php",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "Car lizence number required"
},
{
"shortName": {"" : "Führungszeugnis und Auskunft aus dem Gewerbezentralregister"},
"address": "https://www.fuehrungszeugnis.bund.de/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Halterauskunft zu einem KFZ beantragen"},
"address": "https://www.berlin.de/labo/mobilitaet/kfz-zulassung/halterauskunft/shop.86598.php",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "Car lizence number required."
},
{
"shortName": {"" : "Hamburg Service Online-Bürgerdienste"},
"address": "https://gateway.hamburg.de/HamburgGateway/FVP/Application/Index.aspx",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "HUK 24 AG - Registrierung für Servicebereich \"Meine HUK24\""},
"address": "https://www.huk24.de/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "insurance",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "ID-Safe des Landkreis Kitzingen"},
"address": "https://www.buergerservice.org/ID-Safe-Kitzingen",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "ID-Safe des Landkreis Ostallgäu"},
"address": "https://www.sixform.com/ID-safe",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "ID-Safe des Landkreis Würzburg"},
"address": "https://www.buergerservice.org/ID-Safe-Wuerzburg",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "Identitätsprüfungen nach dem Signaturgesetz und dem Geldwäschegesetz"},
"address": "https://www.identity.tm",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "Kraftfahrt-Bundesamt - Auskunft aus dem Verkehrszentralregister"},
"address": "https://www.kba-online.de/faeronline/faeranfrage.do",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrl" : "https://www.kba-online.de:443/faeronline/eidstart.do;jsessionid=vG0b7cExL-p+rDGAQx+aG152.as-idmz-prod1:P_faeronline?ref=vG0b7cExL-p+rDGAQx+aG152.as-idmz-prod1:P_faeronline",
"tcTokenUrlInfo" : "TcToken URL contains dynamic request id but is accepted anyway."
},
{
"shortName": {"" : "Login Meine VBL"},
"address": "https://vbl.de/de/meine_vbl",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "LVM Versicherung - Kundenportal Meine LVM"},
"address": "http://www.lvm.de/personalausweis",
"phone": "",
"email": "",
"postalAddress": "",
"category": "insurance",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "Mentana-Claimsoft AG - Registrierung beim De-Mail Dienst"},
"address": "https://www.fp-demail.de/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "OpenPGP-eID"},
"address": "https://pgp.governikus-eid.de/pgp/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrl" : "https://pgp.governikus-eid.de/pgp/EIDRequest"
},
{
"shortName": {"" : "Registrierung/Login auf www.tk.de"},
"address": "https://www.tk.de/tk/online-filiale/meine-tk/meine-tk/118032",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "Schufa Auskunftsportal „Meine SCHUFA“"},
"address": "https://www.meineschufa.de/index.php?site=30_2_1_pa#tabNPA",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrl" : "https://www.meineschufa.de/eID-Service-Connector-V2/createSamlRequest/Reg"
},
{
"shortName": {"" : "Service-Portal \"Auto\" Kreis Lippe"},
"address": "https://www.buergerserviceportal.nrw/krz/lkrlippe",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "sign-me (Bundesdruckerei)"},
"address": "https://live.esign-service.de/esign/start",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "Website enforces Java plugin :)"
},
{
"shortName": {"" : "SkIDentity Service"},
"address": "https://skidentity.de/service",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Stadt Nürnberg: Online-Bürgerdienste Service"},
"address": "http://www.nuernberg.de/internet/onlinedienste",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "Standesamt Online Mecklenburg-Vorpommern"},
"address": "https://portal.ego-mv.de/",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrlInfo" : "TcToken URL requires valid dynamic request id."
},
{
"shortName": {"" : "Telekom DeMail für Privat- und Geschäftskunden"},
"address": "https://www.telekom.de/de-mail",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "T-Systems DeMail für Großkunden"},
"address": "https://www.t-systems.de/de-mail",
"phone": "",
"email": "",
"postalAddress": "",
"category": "other",
"tcTokenUrlInfo" : "Registration required"
},
{
"shortName": {"" : "Urkundenservice Köln"},
"address": "http://www.stadt-koeln.de/service/produkt/urkundenservice-des-standesamtes",
"phone": "",
"email": "",
"postalAddress": "",
"category": "citizen",
"tcTokenUrl" : "https://ea.stadt-koeln.de/Gastzugang/EIDServiceProvider/Request.ashx?appID=7"
}
]
}

123
resources/default-supported-devices.json 100644
View File

@ -0,0 +1,123 @@
{
"IssueDate": "2015-11-24T12:00:00+1:00",
"SupportedDevices":
[
{
"ReaderType": "REINER_cyberJack_RFID_komfort",
"VendorId": "0x0C4B",
"ProductId": "0x0501",
"Name": "REINER SCT cyberJack RFID komfort",
"Drivers":
[
{
"Platforms": ["WV_WINDOWS7", "WV_WINDOWS8", "WV_WINDOWS8_1", "WV_WINDOWS10"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/bc_7_2_3.exe"
},
{
"Platforms": ["MV_10_9", "MV_10_10"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/pcsc-cyberjack_3.99.5final.SP07-universal-signed.pkg"
},
{
"Platforms": ["MV_10_11"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/01_pcsc-cyberjack_3.99.5final.SP08-universal-osx10.11-signed.pkg"
},
{
"Platforms": ["LINUX"],
"URL": "https://www.reiner-sct.com/support/download/treiber-und-software/cyberjack/rfid-komfort-linux.html"
}
]
},
{
"ReaderType": "REINER_cyberJack_RFID_standard",
"VendorId": "0x0C4B",
"ProductId": "0x0500",
"Name": "REINER SCT cyberJack RFID standard",
"Drivers":
[
{
"Platforms": ["WV_WINDOWS7", "WV_WINDOWS8", "WV_WINDOWS8_1", "WV_WINDOWS10"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/bc_7_2_3.exe"
},
{
"Platforms": ["MV_10_9", "MV_10_10"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/pcsc-cyberjack_3.99.5final.SP07-universal-signed.pkg"
},
{
"Platforms": ["MV_10_11"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/01_pcsc-cyberjack_3.99.5final.SP08-universal-osx10.11-signed.pkg"
},
{
"Platforms": ["LINUX"],
"URL": "https://www.reiner-sct.com/support/download/treiber-und-software/cyberjack/rfid-standard-linux.html"
}
]
},
{
"ReaderType": "REINER_cyberJack_RFID_basis",
"VendorId": "0x0C4B",
"ProductId": "0x9102",
"Name": "REINER SCT cyberJack RFID basis",
"Drivers":
[
{
"Platforms": ["WV_WINDOWS7", "WV_WINDOWS8", "WV_WINDOWS8_1", "WV_WINDOWS10"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/01_cJRFIDbasisIFD.exe"
},
{
"Platforms": ["MV_10_9", "MV_10_10", "MV_10_11"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/ifd-ccid-1.4.8-universal-signed.pkg"
},
{
"Platforms": ["LINUX"],
"URL": "https://www.reiner-sct.com/support/download/treiber-und-software/cyberjack/rfid-basis-linux.html"
}
]
},
{
"ReaderType": "SCM_SDI011",
"VendorId": "0x04E6",
"ProductId": "0x512B",
"Name": "SDI011 Contactless Reader",
"Drivers":
[
{
"Platforms": ["WV_WINDOWS7", "WV_WINDOWS8", "WV_WINDOWS8_1", "WV_WINDOWS10"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/SDI011_win_installer_V1.01.zip"
},
{
"Platforms": ["MV_10_9", "MV_10_10", "MV_10_11"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/SDI011_mac_V5.0.18.zip"
},
{
"Platforms": ["LINUX"],
"URL": "http://support.identive-group.com/npa_downloads.php"
}
]
},
{
"ReaderType": "SCM_SCL011_Contactless_Reader",
"VendorId": "0x04E6",
"ProductId": "0x5292",
"Name": "SCL01x Contactless Reader",
"Drivers":
[
{
"Platforms": ["WV_WINDOWS7", "WV_WINDOWS8", "WV_WINDOWS8_1", "WV_WINDOWS10"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/SCL011_win_installer_V1.01.zip"
},
{
"Platforms": ["MV_10_9", "MV_10_10", "MV_10_11"],
"URL": "https://appl.governikus-asp.de/ausweisapp2/driver/SCL011_V2.09_mac.zip"
},
{
"Platforms": ["LINUX"],
"URL": "http://support.identive-group.com/npa_downloads.php"
}
]
}
]
}

28
resources/hooks/formatting 100755
View File

@ -0,0 +1,28 @@
#!/bin/bash
root=$(hg root)
revs=$(hg log -r "$HG_NODE:tip" --template '{rev} ') #Intentional space after {rev}
builddir=$root/build
rc=0
for rev in $revs
do
hg update -C -r $rev > /dev/null
rm -rf $builddir
mkdir $builddir
cd $builddir
cmake -DENABLE_DVCS=false -Dtools.only=true $root > /dev/null
make format > /dev/null
cd $root
STATUS=$(hg status | wc -c)
if [ "$STATUS" != "0" ]; then
desc=$(hg log -r $rev --template '{firstline(desc)}')
echo "Changeset $rev is not formatted correctly: $desc"
rc=-1
break
fi
done
rm -rf $builddir
hg update -C null > /dev/null
exit $rc

105
resources/html_templates/alreadyactive.html 100644
View File

@ -0,0 +1,105 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon; charset=binary">
<link rel="icon" href="/favicon.ico" type="image/x-icon; charset=binary">
<title>${TITLE}</title>
<style>
body {
margin: 0;
padding: 0;
border: 0;
height: 100%
}
em {
font-style: normal;
font-weight: bold;
}
.header_section {
border-top: 10px solid #619cc8;
padding: 2%;
}
.header_section div {
width: 60%;
margin: 0% auto;
}
.message_section {
background-image: url("/images/html_message_section.jpg");
background-repeat: no-repeat;
background-size: cover;
background-position: center center;
padding: 2%;
}
.message {
background: rgba(0, 0, 0, 0.6);
width: 45%;
margin: auto;
color: #fff;
padding: 2% 8%;
background-image: url("/images/icon_attention.svg");
background-repeat: no-repeat;
background-size: 6%;
background-position: 3% center;
}
.message a {
text-decoration: underline;
color: white;
}
.content_section {
width: 55%;
margin: auto;
padding: 2% 0%;
}
.button {
background: #5288c4;
display: inline-block;
padding: 0 25px;
line-height: 27px;
border-radius: 3px;
}
.button a {
text-decoration: none;
color: white;
}
.button a:hover, .button a:active {
text-decoration: underline;
}
.footer_section {
position: fixed;
bottom: 0;
width: 100%;
border-bottom: 50px solid #619cc8;
padding: 2%;
}
</style>
</head>
<body >
<div class="header_section" >
<div>
<a title="AusweisApp2" href="https://www.ausweisapp.bund.de/">
<img src="/images/AppLogo_AutentApp2_2014.png" alt="AusweisApp2 Logo" width="256" height="48" />
</a>
</div>
</div>
<div class="message_section" >
<div class="message">
<h1>${MESSAGE_HEADER}</h1>
<p>${MESSAGE_HEADER_EXPLANATION}</p>
</div>
</div>
<div class="content_section">
<h2>${CONTENT_HEADER}</h2>
<div class="button">
<a href="${CONTENT_LINK}">${CONTENT_BUTTON}</a>
</div>
</div>
<div class="footer_section"></div>
</body>
</html>

106
resources/html_templates/error.html 100644
View File

@ -0,0 +1,106 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon; charset=binary">
<link rel="icon" href="/favicon.ico" type="image/x-icon; charset=binary">
<title>${TITLE}</title>
<style>
body {
margin: 0;
padding: 0;
border: 0;
height: 100%
}
em {
font-style: normal;
font-weight: bold;
}
.header_section {
border-top: 10px solid #619cc8;
padding: 2%;
}
.header_section div {
width: 60%;
margin: 0% auto;
}
.message_section {
background-image: url("/images/html_message_section.jpg");
background-repeat: no-repeat;
background-size: cover;
background-position: center center;
padding: 2%;
}
.message {
background: rgba(0, 0, 0, 0.6);
width: 45%;
margin: auto;
color: #fff;
padding: 2% 8%;
background-image: url("/images/icon_attention.svg");
background-repeat: no-repeat;
background-size: 6%;
background-position: 3% center;
}
.message a {
text-decoration: underline;
color: white;
}
.content_section {
width: 55%;
margin: auto;
padding: 2% 0%;
}
.button {
background: #5288c4;
display: inline-block;
padding: 0 25px;
line-height: 27px;
border-radius: 3px;
}
.button a {
text-decoration: none;
color: white;
}
.button a:hover, .button a:active {
text-decoration: underline;
}
.footer_section {
position: fixed;
bottom: 0;
width: 100%;
border-bottom: 50px solid #619cc8;
padding: 2%;
}
</style>
</head>
<body >
<div class="header_section" >
<div>
<a title="AusweisApp2" href="https://www.ausweisapp.bund.de/">
<img src="/images/AppLogo_AutentApp2_2014.png" alt="AusweisApp2 Logo" width="256" height="48" />
</a>
</div>
</div>
<div class="message_section" >
<div class="message">
<h1>${MESSAGE_HEADER}</h1>
<p>${MESSAGE_HEADER_EXPLANATION}</p>
<p><em>${ERROR_MESSAGE_LABEL}:</em> ${ERROR_MESSAGE}</p>
</div>
</div>
<div class="content_section">
<h2>${REPORT_HEADER}</h2>
<div class="button">
<a href="${REPORT_LINK}">${REPORT_BUTTON}</a>
</div>
</div>
<div class="footer_section"></div>
</body>
</html>

BIN
resources/images/All.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 445 B

BIN
resources/images/AppLogo_AutentApp2_2014.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

225
resources/images/AusweisApp_2_Logo.svg 100644
View File

@ -0,0 +1,225 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 15.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="188px" height="40.5px" viewBox="0 0 188 40.5" enable-background="new 0 0 188 40.5" xml:space="preserve">
<g>
<defs>
<rect id="SVGID_1_" x="-0.026" width="232.784" height="40.5"/>
</defs>
<clipPath id="SVGID_2_">
<use xlink:href="#SVGID_1_" overflow="visible"/>
</clipPath>
<g clip-path="url(#SVGID_2_)">
<defs>
<rect id="SVGID_3_" x="-0.026" width="232.784" height="40.5"/>
</defs>
<clipPath id="SVGID_4_">
<use xlink:href="#SVGID_3_" overflow="visible"/>
</clipPath>
<path clip-path="url(#SVGID_4_)" fill="#FFFFFF" d="M4.798,4.205c0,0-4.212,0-4.212,4.213v25.037c0,0,0,4.213,4.212,4.213h25.038
c0,0,4.212,0,4.212-4.213V8.418c0,0,0-4.213-4.212-4.213H4.798z"/>
</g>
<g clip-path="url(#SVGID_2_)">
<defs>
<path id="SVGID_5_" d="M4.89,21.283c0,6.68,5.088,12.109,11.589,12.779v-4.551c-3.985-0.639-7.038-4.063-7.038-8.229
c0-4.165,3.053-7.591,7.038-8.228V8.504C9.978,9.176,4.89,14.604,4.89,21.283"/>
</defs>
<clipPath id="SVGID_6_">
<use xlink:href="#SVGID_5_" overflow="visible"/>
</clipPath>
<g clip-path="url(#SVGID_6_)">
<defs>
<rect id="SVGID_7_" x="4.844" y="8.47" width="11.719" height="25.636"/>
</defs>
<clipPath id="SVGID_8_">
<use xlink:href="#SVGID_7_" overflow="visible"/>
</clipPath>
<g transform="matrix(1 0 0 1 -1.810140e-007 1.930745e-006)" clip-path="url(#SVGID_8_)">
<image overflow="visible" width="176" height="385" xlink:href="data:image/jpeg;base64,/9j/4AAQSkZJRgABAgEEOQQ5AAD/7AARRHVja3kAAQAEAAAAHgAA/+4AIUFkb2JlAGTAAAAAAQMA
EAMCAwYAAAU+AAAGxAAACZX/2wCEABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoX
Hh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQEABEQ8PERMRFRISFRQRFBEUGhQWFhQaJhoaHBoa
JjAjHh4eHiMwKy4nJycuKzU1MDA1NUBAP0BAQEBAQEBAQEBAQP/CABEIAYYAwwMBIgACEQEDEQH/
xAChAAEBAQEBAQAAAAAAAAAAAAAAAQUEBgcBAQADAQEAAAAAAAAAAAAAAAACAwQFARAAAAMIAwEB
AQAAAAAAAAAAADIFEDBAAhIDMzQEFQYBITERAAEBBwQCAQQDAQAAAAAAAAIBABBAccGCA6LSMzQR
BLExgRJyIUEUJBIAAQMEAgMAAAcBAAAAAAAAAQAQMHGBkQIxQrEyQxFBUWHRcoIz/9oADAMBAAIR
AxEAAAD6Bm6WTXHCcjm5OtyDrcg63IOtyDrcg63IOtyDrcg63IOvb8z6G6e6OhqZWrlVx8url44o
iiKIoiiKIoiiKJ6DA377N0dHUytXKrj5hXMyRRFEURRFEURRFEUT0GBv3T3B0dTL1MuuPmRzMgAA
AAAAAADewd+6zbHR0svUy64+aVzcsURRFEURRFEURRFE3sLduntjoaWZp5lcfNK52WKIoiiKIoii
KIoiib2Fu2z2h0NLM08yuPnBzswAAAAAAAADcw926eyN+hmaebXHziudmiiKIoiiKIoiiKIom5ib
d09kb9DN0s2EfOq52aKIoiiKIoiiKIoiibeLt2z2Bv0M3SzYR88rnZ4oiiKIoiiKIoiiKJt4u1bP
YG+9naOdCPnlc/PFEURRFEURRFEURRNrG2rZ643Xs7RzoR8+rn0RRFEURRFEURRFEUTaxtm2WuN1
7O0c6EcBXPoiiKIoiiKIoiiKIomzj7NstYbr2foZ8I4CsFEURRFEURRFEURRFE2cfYsnrDdcz9DP
h5gqwZ4oiiKIoiiKIoiiKJsZGvbPWG25n6GfDzCVgoiiKIoiiKIoiiKIomxka9stUbbmfocEPMIY
aAAAAAAAAAGvka9ktUbbnB38EPMMYaAAAAAAAAAGtk61ktUbbnB38EPMMYaAAAAAAAAAGvka9stQ
bLnB38EPMMYaAAAAAAAAAGvka9stQbLnB38EPMMYaAAAAAAAAAGvka9stQbLnB38EPMMYaAAAAAA
AAAGvka9stQbLnB38EPMMYaAAAAAAAAAGvka9stQbLnB38EPMMYaAAAAAAAAAGvka9stQbLnMR84
BRAAAAAAAAAB2EvewXz/AP/aAAgBAgABBQC99+/Ldc4rnFc4rnFc4rnFc4rnFc4rnHHnm+3Rexuu
NlF7G642UXsbrj5RexuuPlF7G64+UXcbrj5RdxuuPlF3G64+UXcbqxkF3G6sZBdxurGQXcbqxkF0
jqxkF0jqxkF0jqxkF0jqxkFwjqzkFwjqzkFwjqzkFwjqzkFwjqzkFwjqzkFwjqzkExfwfg/B+D8H
4Pwfg/B+C2Yf/9oACAEDAAEFAJy1TCqYVTCqYVTCqYVTCqYVTCqYWvv37OLhHVo4nK6tHE5XVo4n
K6tHE5XVs4nK6tnE5XVswnK6tmE5XVswmK6tmExXVswmK6kMJiupDCYrqQwmK6kMJiupDCb+OpDC
b+OpDCYrqQwmK6kMJiupDCYrqQwmK6kMPv8AHUv9H//aAAgBAQABBQALnIvcfh9spDtlIdspDtlI
dspDtlIdspDtlIdspDtlIdspDtlIdspDtlIdspDtlIdspDtlIdspDtlIdspDz3K5HJkZ6LQhfL42
ei0IXzGNnotCF8xjZ6HRhfMkZ6HRhfMkZ6DRhfNEZ6DRhfNEZ6DRhfNkYv6ML5sjF/ShfNkYv6UL
5wjF7ShfOEYvaUL50jF7ShfOkYu6UL50jF3ShfPEYu6cL54jFzThfPEYuacL58jFzThfPkYt6cL5
8jFvThUAjFvThUAjFvThUAjFrUhUEjFrUhUEjFrUhUEjFnUhUIjFnUhUIjFnUhUIjFnUhUMjFnUh
UMjFjUhUMjFjVhUMjFjVhUMjFjVhUQjFjVhUQjFjVhUQjFjVhUQjFjVhUQjFjVhUQjFjVhUQjFjV
hUQjFjVhUQjFjVhUQjFjVhUQjFjVhUQjOb8432zQiihFFCKKEUUIooRRQiihFFCKKEUUIooRRQii
hFFCKKEUUIooRRQiihFFCKOB84fz4P/aAAgBAgIGPwDYj9F7bZXttle22V7bZXttle22V7bZXttl
e22V7bZWoOxPP5/s2/8AWPW/ht/6x638NtSPW/htqR638NtSPW/htqR638NtSPW/htqRi/htqRi/
htqRi7bUjF22pGLttSMXbakYu21IxdtqRi7bUjF22pGLttSMXbakYu21IxdtqRi7bUjF2PF+F8V8
V8V8V8V8V8V8V8V8UP8Al/nlv//aAAgBAwIGPwA0XJyuTlcnK5OVycrk5XJyuTlcnK5OUPxJY0jD
GkYY0jDGkYY0jDGkYY0jDGkYY0jDGMMYwxjDGMMYwxjDGMMYwxjDGMMYwxjDGMMYw38roui6Loui
6Loui6Loutm//9oACAEBAQY/AG/PCagf5InlG7Bt2DbsG3YNuwbdg27Bt2DbsG3YNuwbdg27Bt2D
bsG3YNuwbdg27Bt2DbsG2dc+Rciio/j5/rz5fekN7Ew+CfekN7Ex+CfekN7Ex+Fen7pDexMfhX3p
DexMfhX3pDexMfhXp+6Q3sTH4V9yQ3sTGr7khs8xq+5IbPMavuSGzzGr7khs8xq+5IbPMavuSGzz
Gr7khs8xq+5IbPMavuSGzzGr7khs8xq+5IbPMavuSGzzGr7khs8xq+5IbNMavuSGzTGr7khs0xq+
5IbNMavuSGzTGr7khs0xq+5IbNMavuSGzTGr7khs0xq+5IbNMavuSGzTGr7khs0xq+5IbNMavuSG
zTGr7khs0xq+5IbNMavuSGzTGr7khs0xq+5IbNMavuSGzTGr7khs0xq+5IbNMavuSGzTGr7khs0x
q+5IbNMavuSGzTGr/wDpVRx+U/lPP1+zchatrchatrchatrchatrchatrchatrchatrchatrchat
rchatrchatrchatrchatrchatrchatrchatrchatrchatrchatrchatrchatrH/kJSTyn5efP2+q
I7//2Q==" transform="matrix(0.0666 0 0 -0.0666 4.8438 34.1055)">
</image>
</g>
</g>
</g>
<g clip-path="url(#SVGID_2_)">
<defs>
<path id="SVGID_9_" d="M18.859,13.056c3.984,0.637,7.038,4.063,7.038,8.228c0,4.166-3.053,7.59-7.038,8.229v4.551
c6.5-0.67,11.589-6.1,11.589-12.779c0-6.679-5.089-12.107-11.589-12.779V13.056z"/>
</defs>
<clipPath id="SVGID_10_">
<use xlink:href="#SVGID_9_" overflow="visible"/>
</clipPath>
<g clip-path="url(#SVGID_10_)">
<defs>
<rect id="SVGID_11_" x="18.767" y="8.47" width="11.852" height="25.636"/>
</defs>
<clipPath id="SVGID_12_">
<use xlink:href="#SVGID_11_" overflow="visible"/>
</clipPath>
<g transform="matrix(1 0 0 1 7.456483e-007 1.930745e-006)" clip-path="url(#SVGID_12_)">
<image overflow="visible" width="178" height="385" xlink:href="data:image/jpeg;base64,/9j/4AAQSkZJRgABAgEEOQQ5AAD/7AARRHVja3kAAQAEAAAAHgAA/+4AIUFkb2JlAGTAAAAAAQMA
EAMCAwYAAATzAAAGdwAACSv/2wCEABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoX
Hh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQEABEQ8PERMRFRISFRQRFBEUGhQWFhQaJhoaHBoa
JjAjHh4eHiMwKy4nJycuKzU1MDA1NUBAP0BAQEBAQEBAQEBAQP/CABEIAYYAwwMBIgACEQEDEQH/
xACPAAEBAQEBAQAAAAAAAAAAAAAAAQUEBgcBAQEBAQAAAAAAAAAAAAAAAAAEAgMQAAAFBAMBAQEA
AAAAAAAAAAAyAzMFEDBAEgIVBgQBEREAAAUEAwEAAgMAAAAAAAAAAbECcgMAEEAyotI0ETFBgSIU
EgABAwUBAQEBAAAAAAAAAAABABAwMYGRMkMCEYJC/9oADAMBAAIRAxEAAAD6Bka+HvGO5FsvW5B1
uQdbkHW5B1uQdbkHW5B1uQdbkHXu+X9Hy3uCSph7mJ0x5wWxgAAAAAAAAPRed9Hy67YjqYm3idMe
dVbHFEURRFEURRFEURRPRee9Dy67YjqYu1i9MeeFsYAAAAAAAAD0PnvQ8uu0I6mNs43THnlWSRRF
EURRFEURRFEUT0Pn/Qc+myI6mNs43TGALJAAAAAAAAAG/gb/AD6bIjqY+xj7xgKtkiiKIoiiKIoi
iKIom/g73LpsCSpj7GRvGCq2SKIoiiKIoiiKIoiibuHu8umuJKmRr5G8YSrJIoiiKIoiiKIoiiKJ
u4e5z6a4kqZOtk7xhKskiiKIoiiKIoiiKIom7h7nPprCSpk62TvGILJAAAAAAAAAG3ibfPprCSpl
auVvGILJAAAAAAAAAG3ibfPpqiSplauVvGKLJAAAAAAAAAG1i7XLpqiWpl6mXvGKK5AAAAAAAAAG
1i7XPpqCWpl6mXvGMK5AAAAAAAAAGzjbPPpqCWpl6mZvGMK5AAAAAAAAAGxj7PPppiWpmaeZvGOK
5AAAAAAAAAGxj7HPppiWpmaeZvGOquSKIoiiKIoiiKIoiibGRr8+mmJamZp5u8Y6qpIoiiKIoiiK
IoiiKJr5OvjppCWpm6WbvGQKpAAAAAAAAAGvka+OmkJambpZu8ZCqpIoiiKIoiiKIoiiKJr5Otjp
pCWpm6WbvGSKpQAAAAAAAAGtk62N6QlqZulm7xkiqUAAAAAAAABrZOtjekJambpZu8ZIqkAAAAAA
AAAa2Trc+mkJqnKazxjrxAAAAAAAAAdhnXUOXb//2gAIAQIAAQUAS/P7z04jTiNOI04jTiNOI04j
TiNOI04hbjx/OARctLthJy0u2EnLS7YSctLNhI9pYgSPaWIEj2liBI9pYgSPaWIEj2liBI9pYgSP
aWIEj2liBI9pYgTPaVIEz2lSBM9pUgTPaVIEz2lSBM9pUgTPaVIEz2lSBM9pUg4mtcyj/9oACAED
AAEFAFCbchtyG3IbchtyG3IbchtyG3Ibcgly/f3mFSWkThUlpE4VJaROFSWkThUlpE4VJaROFSWk
ThUlpI4VJaSOFCWkjhQlpI4UJaSOFCWkjhQlpI4UJaSOFCWkjhQlpI4UJaSOFCWkjhQlpI4UJaSO
FCWkjhQlpI45FtcDD//aAAgBAQABBQAeh+r6PmR7eSHbyQ7eSHbyQ7eSHbyQ7eSHbyQ7eSHbyQ7e
SHbyQ7eSHbyQ7eSHbyQ7eSHbyQ7eSHbyQ7eSHnvq+j6UaeoYxfLsU9Oxi+YYp6djF8wxT0zGL5li
npmMXzLFPSsYvmmKelYxfNMU9Ixi+bYp6RjF82xT0bGL5xino2MXzjFPRM4vnWaeiZxfOs09Czi+
eZp6FnF88zT0LOL55mnoGcXz7NPQM4vn2aT7OLAM0n2cWAZpPs4sAzSeZxYFmk8ziwLNJ5nFgWaT
rWLBNUnWsWCapOtYsE1ScaxYNqk41iwbVJxrFg2qTbWLCNUm2sWEapNtYsI1SbaxYRqk01iwrVJp
rFhWqTTWLCtUmmsWFapNNYsK1SZaxYZqky1iwzVJlrFhmqTLWLDNUmWsWGapMtYsM1SZaxYZqky1
iwzVPu/Pk/eGkONIcaQ40hxpDjSHGkONIcaQ40hxpDjSHGkONIcaQ40hxpDjSHGkONIcaQ4+H8+T
84D/2gAIAQICBj8A8/VqMLUYWowtRhajC1GFqMLUYWowtRhH4AKN5jNm8xmzeYzZvMZs3mM2bzGb
N5jNm8xmzCM2YRlhGWEZYRlhGWEZYRlhGWEZYRlhGWEZYRlhGWFbVXVdV1XVdV1XVdV1XVf3+qN/
/9oACAEDAgY/ACqnKqcqpyqnKqcqpyqnKqcqpyqnKH0ljGGMYYxhjGGMYYxhjGGMYYxhjGGMYYxh
jGGMYYxhjGGMYYxhjGGMYYxhjGGMYY0vRclyXJclyXJclyXJclz/ADVv/9oACAEBAQY/AKhVBIMY
qUICIfsPlehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdTKnk
GQUqAAEf0Hy8DxLGneBXgeJY07wK8DxLGneBXgeJY07wK8DxLGneBXheJY0zwK8LxLGmeBXhcJY0
zgK8LhLGmcBXhcJY0zgK8LhLGmcBXhcJY0zgK8LhLGmcBXhcJY0zgK8LhLGmcBXhcJY0zgK8LhLG
mcBXhcJY0zgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY
0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThL
GlcBXicJY0rgK8bhLGkcBXjcJY0jgK8bhLGkcBXjcJY0jgK8bhLGkcBXjcJY0jgK8bhLGkcBXjcJ
Y0jgK8bhLGkcBXjcJY0jgK8bhLGkcBXT/qEUp+/1+ffz/Fbq5da3Vy61url1rdXLrW6uXWt1cutb
q5da3Vy61url1rdXLrW6uXWt1cutbq5da3Vy61url1rdXLrW6uXWt1cutbq5da3Vy61url1pX+UR
Un7/AG+/fz/Nv//Z" transform="matrix(0.0666 0 0 -0.0666 18.7666 34.1055)">
</image>
</g>
</g>
</g>
<g clip-path="url(#SVGID_2_)">
<defs>
<rect id="SVGID_13_" x="-0.026" width="232.784" height="40.5"/>
</defs>
<clipPath id="SVGID_14_">
<use xlink:href="#SVGID_13_" overflow="visible"/>
</clipPath>
<path clip-path="url(#SVGID_14_)" fill="#5286C1" d="M33.628,33.143c0,4.105-4.104,4.105-4.104,4.105H5.111
c-4.105,0-4.105-4.105-4.105-4.105V8.73c0-4.104,4.105-4.104,4.105-4.104h24.413c4.104,0,4.104,4.104,4.104,4.104V33.143z
M34.66,33.354V8.52c0,0,0-4.926-4.926-4.926H4.9c0,0-4.926,0-4.926,4.926v24.834c0,0,0,4.926,4.926,4.926h24.833
C29.733,38.279,34.66,38.279,34.66,33.354"/>
<g opacity="0.8" clip-path="url(#SVGID_14_)">
<g>
<defs>
<rect id="SVGID_15_" x="31.426" width="201.332" height="40.5"/>
</defs>
<clipPath id="SVGID_16_">
<use xlink:href="#SVGID_15_" overflow="visible"/>
</clipPath>
<g clip-path="url(#SVGID_16_)">
<path fill="#5288C1" d="M54.316,30.701l-1.209-4.072H48.07l-1.21,4.072h-3.604l5.629-17.208h3.728l5.407,17.208H54.316z
M51.329,20.307l-0.691-3.037c-0.099,0.396-0.518,2.173-0.814,3.309c-0.321,1.235-0.543,2.05-0.914,3.185h3.358
C52.144,23.394,51.6,21.492,51.329,20.307z"/>
<path fill="#5288C1" d="M67.522,31.047c-0.42-0.295-0.766-0.715-0.988-1.234c-0.814,0.791-2,1.211-3.333,1.211
c-1.778,0-3.309-0.84-3.728-2.051c-0.198-0.566-0.272-1.234-0.272-2.518v-8.099l3.259-0.617v8.124
c0,1.135,0.099,1.729,0.271,2.073c0.173,0.346,0.667,0.594,1.16,0.594c0.815,0,1.802-0.594,2.049-1.211V18.43l3.16-0.666v9.654
c0,0.84,0.271,1.703,0.765,2.297L67.522,31.047z"/>
<path fill="#5288C1" d="M75.839,31.096c-1.555,0-3.259-0.492-5.11-1.455l1.185-2.42c1.012,0.617,2.765,1.432,4.197,1.432
c0.938,0,1.679-0.617,1.679-1.432c0-0.865-0.617-1.309-1.951-1.555l-1.481-0.271c-0.84-0.148-1.876-0.742-2.321-1.285
s-0.716-1.457-0.716-2.271c0-2.469,1.951-4.123,4.889-4.123c2.024,0,3.357,0.617,4.518,1.186l-1.086,2.222
c-1.259-0.642-2.173-0.914-3.111-0.914c-0.963,0-1.604,0.494-1.604,1.236c0,0.642,0.419,0.988,1.58,1.283l1.53,0.396
c1.556,0.395,2.074,0.863,2.519,1.432c0.469,0.592,0.691,1.309,0.691,2.147C81.247,29.318,79.074,31.096,75.839,31.096z"/>
<path fill="#5288C1" d="M94.897,30.701H91.86l-1.136-4.346c-0.271-1.012-0.568-2.221-0.716-3.061l-0.197-1.26
c-0.074,0.543-0.099,0.717-0.296,1.631c-0.247,1.086-0.79,3.258-1.086,4.444l-0.642,2.592h-3.086l-3.457-12.418l3.284-0.371
l1.037,4.865c0.296,1.309,0.642,3.432,0.716,3.924c0.148-0.963,0.518-2.987,0.913-4.395l1.185-4.246h3.111l1.012,4.174
c0.494,2.098,0.864,4.049,0.938,4.467c0.074-0.543,0.346-2.518,0.691-4.124l0.963-4.518h3.407L94.897,30.701z"/>
<path fill="#5288C1" d="M103.312,25.417v0.1c0,1.95,0.963,3.061,2.667,3.061c1.136,0,2.197-0.42,3.21-1.26l1.283,1.977
c-1.457,1.184-2.987,1.752-4.766,1.752c-3.628,0-5.974-2.566-5.974-6.543c0-2.27,0.469-3.777,1.58-5.012
c1.037-1.16,2.296-1.703,3.975-1.703c1.456,0,2.839,0.494,3.653,1.333c1.161,1.186,1.68,2.89,1.68,5.53v0.766H103.312z
M107.189,22.851c0-0.939-0.1-1.433-0.396-1.902c-0.321-0.494-0.79-0.741-1.456-0.741c-1.26,0-1.976,0.988-1.976,2.741v0.049
h3.827V22.851z"/>
<path fill="#5288C1" d="M113.902,16.628c-1.111,0-2.025-0.914-2.025-2.05s0.938-2.049,2.074-2.049c1.111,0,2,0.913,2,2.049
S115.037,16.628,113.902,16.628z M112.248,30.701V18.283l3.309-0.519v12.937H112.248z"/>
<path fill="#5288C1" d="M122.294,31.096c-1.555,0-3.259-0.492-5.11-1.455l1.185-2.42c1.013,0.617,2.766,1.432,4.197,1.432
c0.938,0,1.68-0.617,1.68-1.432c0-0.865-0.617-1.309-1.951-1.555l-1.48-0.271c-0.84-0.148-1.877-0.742-2.321-1.285
s-0.716-1.457-0.716-2.271c0-2.469,1.95-4.123,4.889-4.123c2.023,0,3.357,0.617,4.518,1.186l-1.086,2.222
c-1.26-0.642-2.174-0.914-3.111-0.914c-0.963,0-1.604,0.494-1.604,1.236c0,0.642,0.419,0.988,1.58,1.283l1.53,0.396
c1.556,0.395,2.074,0.863,2.519,1.432c0.469,0.592,0.691,1.309,0.691,2.147C127.702,29.318,125.529,31.096,122.294,31.096z"/>
<path fill="#5288C1" d="M139.549,30.701l-1.209-4.072h-5.037l-1.209,4.072h-3.604l5.63-17.208h3.727l5.408,17.208H139.549z
M136.563,20.307l-0.691-3.037c-0.1,0.396-0.518,2.173-0.814,3.309c-0.32,1.235-0.543,2.05-0.914,3.185h3.357
C137.377,23.394,136.834,21.492,136.563,20.307z"/>
<path fill="#5288C1" d="M154.188,29.541c-0.865,0.914-2,1.432-3.383,1.432c-0.988,0-1.926-0.246-2.641-0.666
c0.049,0.297,0.049,0.666,0.049,1.037v3.949l-3.186,0.84V21.517c0-1.654-0.023-2.124-0.197-3.185l2.938-0.519
c0.123,0.444,0.197,0.79,0.223,1.186c0.568-0.691,1.826-1.186,3.111-1.186c0.889,0,1.803,0.297,2.492,0.766
c1.359,0.913,2.346,2.543,2.346,5.456C155.939,26.752,155.496,28.135,154.188,29.541z M152.014,21.566
c-0.246-0.692-0.764-1.062-1.58-1.062c-0.814,0-1.604,0.346-2.197,0.963v6.147c0.445,0.371,1.162,0.74,1.828,0.74
c1.629,0,2.271-1.109,2.271-3.999C152.336,23.146,152.236,22.183,152.014,21.566z"/>
<path fill="#5288C1" d="M166.578,29.541c-0.863,0.914-2,1.432-3.381,1.432c-0.988,0-1.926-0.246-2.643-0.666
c0.049,0.297,0.049,0.666,0.049,1.037v3.949l-3.184,0.84V21.517c0-1.654-0.025-2.124-0.197-3.185l2.938-0.519
c0.123,0.444,0.197,0.79,0.223,1.186c0.566-0.691,1.826-1.186,3.109-1.186c0.889,0,1.803,0.297,2.494,0.766
c1.357,0.913,2.346,2.543,2.346,5.456C168.332,26.752,167.887,28.135,166.578,29.541z M164.406,21.566
c-0.246-0.692-0.766-1.062-1.58-1.062s-1.605,0.346-2.197,0.963v6.147c0.443,0.371,1.16,0.74,1.826,0.74
c1.631,0,2.271-1.109,2.271-3.999C164.727,23.146,164.629,22.183,164.406,21.566z"/>
</g>
<g clip-path="url(#SVGID_16_)">
<path fill="#5288C1" d="M185.299,30.701h-12.586v-3.076l3.734-2.417c3.453-2.229,4.99-3.672,4.99-5.557
c0-1.569-1.129-2.385-2.887-2.385c-1.947,0-3.768,1.381-4.52,1.978l-1.854-2.009c2.262-2.009,4.457-3.014,7.314-3.014
c3.516,0,5.9,1.915,5.9,4.896c0,2.699-2.229,5.055-6.717,7.786l-1.758,1.066c0.283-0.031,1.57-0.125,3.17-0.125h5.932
L185.299,30.701z"/>
</g>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

10
resources/images/Icon_Checked.svg 100644
View File

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 15.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
<svg version="1.0" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="70.87px" height="70.87px" viewBox="0 0 70.87 70.87" enable-background="new 0 0 70.87 70.87" xml:space="preserve">
<path fill="#5389C2" d="M35.43,17.849c-9.695,0-17.582,7.89-17.582,17.588c0,9.697,7.887,17.586,17.582,17.586
c9.699,0,17.592-7.889,17.592-17.586C53.021,25.738,45.129,17.849,35.43,17.849 M35.43,57.04c-11.91,0-21.6-9.688-21.6-21.604
c0-11.913,9.69-21.606,21.6-21.606c11.916,0,21.611,9.693,21.611,21.606C57.041,47.352,47.346,57.04,35.43,57.04"/>
<polygon fill="#84BC5A" points="34.535,46.109 23.721,37.85 27.314,33.139 33.25,37.689 42.432,24.761 47.148,28.356 "/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 969 B

BIN
resources/images/Logo_AutentApp2_2014.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
resources/images/MenuSelected.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 485 B

BIN
resources/images/MenuUnselected.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 381 B

BIN
resources/images/MenuUnselectedDisabled.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 378 B

BIN
resources/images/NFCPhoneCard.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

7
resources/images/android/android_arrow_back.svg 100644
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="24px" height="24px" viewBox="0 0 24 24" enable-background="new 0 0 24 24" xml:space="preserve">
<path fill="#010202" d="M20,11H7.828l5.586-5.586L12,4l-8,8l8,8l1.414-1.414L7.828,13H20V11z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 572 B

7
resources/images/android/android_arrow_back_white.svg 100644
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="24px" height="24px" viewBox="0 0 24 24" enable-background="new 0 0 24 24" xml:space="preserve">
<path fill="#FFFFFF" d="M20,11H7.828l5.586-5.586L12,4l-8,8l8,8l1.414-1.414L7.828,13H20V11z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 572 B

65
resources/images/android/android_nav_button_icon_history.svg 100644
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="56px" height="24px" viewBox="0 0 56 24" enable-background="new 0 0 56 24" xml:space="preserve">
<symbol id="ic_x5F_delete_x0D_" viewBox="0 -24 24 24">
<g>
<path fill="#010202" d="M6-19c0-1.104,0.895-2,2-2h8c1.104,0,2,0.896,2,2v12H6V-19z M19-4h-3.5l-1,1h-5l-1-1H5v-2h14V-4z"/>
</g>
<polygon fill="none" points="24,-24 0,-24 0,0 24,0 "/>
</symbol>
<use xlink:href="#ic_x5F_delete_x0D_" width="24" height="24" id="ic_x5F_delete" y="-24" transform="matrix(1 0 0 -1 0 0)" display="none" overflow="visible" opacity="0.54"/>
<path display="none" fill="#538AC3" d="M18.443,3H5.556C5.556,3,3,3,3,5.556v12.887C3,18.443,3,21,5.556,21h12.887
c0-0.001,2.556-0.001,2.556-2.557V5.556C21,5.556,21,3,18.443,3z M11.395,7.815C9.368,8.14,7.815,9.882,7.815,12
c0,2.118,1.553,3.86,3.58,4.185v2.314C8.088,18.158,5.5,15.396,5.5,12c0-3.397,2.588-6.158,5.895-6.5V7.815z M12.605,18.499v-2.314
c2.027-0.325,3.58-2.067,3.58-4.185s-1.553-3.861-3.58-4.185V5.5C15.911,5.841,18.5,8.603,18.5,12
C18.5,15.396,15.911,18.158,12.605,18.499z"/>
<g id="TAGS_1_" display="none" enable-background="new ">
<g id="TAGS" display="inline">
<g>
<path fill="#548AC3" d="M20.028,10.283l-1.709-1.634c-0.002,0.003-0.004,0.006-0.006,0.009l-5.605-5.362
c-0.181-0.182-0.431-0.294-0.708-0.294c-0.001,0-0.002,0-0.003,0V3H5.676v0.002c-0.552,0-0.999,0.447-0.999,0.999h7.324
l8.016,7.708l0.073-0.085l0.001,0c0.142-0.172,0.232-0.391,0.232-0.633C20.323,10.715,20.21,10.464,20.028,10.283z
M19.657,13.306c0-0.029-0.001-0.058-0.004-0.087c-0.001-0.006-0.002-0.01-0.003-0.015c-0.004-0.029-0.007-0.057-0.013-0.085
c0-0.001,0-0.001,0-0.001c-0.041-0.198-0.14-0.374-0.28-0.51L11.71,5.294C11.529,5.112,11.279,5,11.002,5C11.001,5,11.001,5,11,5
V4.997H4.678V5C4.126,5,3.679,5.447,3.679,5.998H3.677v6.341h0.004c0.005,0.292,0.136,0.552,0.341,0.731l-0.004,0.004
l8.322,7.656l0.002-0.002c0.131,0.116,0.293,0.198,0.472,0.231c0.007,0.002,0.015,0.003,0.022,0.004
c0.022,0.004,0.045,0.007,0.067,0.009c0.032,0.004,0.064,0.005,0.097,0.005c0.305,0,0.577-0.137,0.76-0.353l0,0.001l5.659-6.658
l0-0.001c0.148-0.174,0.238-0.399,0.238-0.646C19.658,13.317,19.657,13.311,19.657,13.306z M6.342,8.994
c-0.735,0-1.332-0.596-1.332-1.332s0.596-1.332,1.332-1.332s1.332,0.596,1.332,1.332S7.077,8.994,6.342,8.994z"/>
</g>
</g>
</g>
<g id="TEXT__x2F__LEFT_1_" enable-background="new ">
<g id="TEXT__x2F__LEFT">
<g>
<path fill="#548AC3" d="M2.345,10.325h13.317c0,0,0,0,0,0h1.997c0.552,0,0.999-0.447,0.999-0.999
c0-0.552-0.447-0.999-0.999-0.999H2.345c-0.552,0-0.999,0.447-0.999,0.999C1.346,9.877,1.793,10.325,2.345,10.325z M2.345,4.998
h19.31c0.552,0,0.999-0.447,0.999-0.999S22.207,3,21.655,3H2.345C1.793,3,1.346,3.447,1.346,3.999S1.793,4.998,2.345,4.998z
M21.655,13.654H2.345c-0.552,0-0.999,0.447-0.999,0.999c0,0.552,0.447,0.999,0.999,0.999h19.31c0.552,0,0.999-0.447,0.999-0.999
C22.654,14.101,22.207,13.654,21.655,13.654z M15.662,18.981H2.345c-0.552,0-0.999,0.447-0.999,0.999
c0,0.552,0.447,0.999,0.999,0.999h13.317c0.552,0,0.999-0.447,0.999-0.999C16.661,19.428,16.214,18.981,15.662,18.981z"/>
</g>
</g>
</g>
<g id="COG_1_" display="none" enable-background="new ">
<g id="COG" display="inline">
<g>
<path fill="#548AC3" d="M12.003,8.627c-1.864,0-3.375,1.511-3.375,3.375c0,1.864,1.511,3.375,3.375,3.375
s3.375-1.511,3.375-3.375S13.866,8.627,12.003,8.627z M12.003,13.69c-0.932,0-1.688-0.755-1.688-1.688s0.756-1.688,1.688-1.688
c0.932,0,1.688,0.755,1.688,1.688S12.935,13.69,12.003,13.69z M18.617,10.163c-0.152-0.55-0.373-1.072-0.65-1.557
c0.315-0.424,1.401-2.009,0.618-2.792L18.184,5.39c-0.669-0.669-2.378,0.376-2.793,0.646c-0.491-0.278-1.018-0.499-1.575-0.65
C13.726,4.856,13.336,3,12.235,3h-0.44c-0.945,0-1.488,1.919-1.609,2.4C9.636,5.554,9.116,5.775,8.632,6.053
C8.251,5.769,6.614,4.637,5.815,5.436L5.391,5.793C4.695,6.489,5.852,8.325,6.063,8.647c-0.267,0.478-0.482,0.989-0.63,1.529
c-0.462,0.074-2.433,0.454-2.433,1.588v0.44c0,0.982,2.067,1.528,2.444,1.62c0.15,0.536,0.366,1.043,0.634,1.517
c-0.222,0.348-1.335,2.176-0.645,2.867l0.401,0.334c0.908,0.908,2.805-0.584,2.805-0.584l-0.088-0.094
c0.503,0.298,1.048,0.533,1.623,0.695c0.094,0.388,0.64,2.44,1.619,2.44h0.44c1.284,0,1.602-2.397,1.602-2.397L13.72,18.6
c0.582-0.149,1.134-0.373,1.646-0.66c0.401,0.267,2.082,1.319,2.752,0.648l0.446-0.447c0.896-0.896-0.562-2.727-0.602-2.778
c0.276-0.485,0.498-1.004,0.651-1.554c0.501-0.127,2.386-0.668,2.386-1.605v-0.44C20.999,10.52,18.757,10.183,18.617,10.163z
M12.003,17.065c-2.796,0-5.063-2.267-5.063-5.063s2.267-5.063,5.063-5.063c2.796,0,5.063,2.267,5.063,5.063
S14.799,17.065,12.003,17.065z"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

Some files were not shown because too many files have changed in this diff Show More