From e080c7b8892d7e65157dd4e908721ad4794f16e1 Mon Sep 17 00:00:00 2001 From: Yannick Spreen Date: Thu, 13 May 2021 11:29:18 +0200 Subject: [PATCH] Add context and cert pinning. (#37) --- DGCAWallet.xcodeproj/project.pbxproj | 4 +++ DGCAWallet/Models/LocalData.swift | 10 +++++++ DGCAWallet/Services/GatewayConnection.swift | 33 ++++++++++++++------- context.jsonc | 24 +++++++++++++++ 4 files changed, 61 insertions(+), 10 deletions(-) create mode 100644 context.jsonc diff --git a/DGCAWallet.xcodeproj/project.pbxproj b/DGCAWallet.xcodeproj/project.pbxproj index 427cb41..bd31e35 100644 --- a/DGCAWallet.xcodeproj/project.pbxproj +++ b/DGCAWallet.xcodeproj/project.pbxproj @@ -35,6 +35,7 @@ CEA6D703261F8D2900715333 /* DGCAWalletTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = CEA6D702261F8D2900715333 /* DGCAWalletTests.swift */; }; CEA6D70E261F8D2900715333 /* DGCAWalletUITests.swift in Sources */ = {isa = PBXBuildFile; fileRef = CEA6D70D261F8D2900715333 /* DGCAWalletUITests.swift */; }; CEA6E561264058B50066DC8E /* UIViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = CEA6E560264058B50066DC8E /* UIViewController.swift */; }; + CEC7FEDF264C5A41005561BA /* context.jsonc in Resources */ = {isa = PBXBuildFile; fileRef = CEC7FEDE264C5A41005561BA /* context.jsonc */; }; CED2726026398683003D47A9 /* UIFont.swift in Sources */ = {isa = PBXBuildFile; fileRef = CED2725F26398683003D47A9 /* UIFont.swift */; }; CED949CA263B50CE00883558 /* List.swift in Sources */ = {isa = PBXBuildFile; fileRef = CED949C9263B50CE00883558 /* List.swift */; }; CEDABD40263C5FF4007A9B97 /* CertTable.swift in Sources */ = {isa = PBXBuildFile; fileRef = CEDABD3F263C5FF4007A9B97 /* CertTable.swift */; }; @@ -92,6 +93,7 @@ CEA6D70D261F8D2900715333 /* DGCAWalletUITests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DGCAWalletUITests.swift; sourceTree = ""; }; CEA6D70F261F8D2900715333 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; CEA6E560264058B50066DC8E /* UIViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UIViewController.swift; sourceTree = ""; }; + CEC7FEDE264C5A41005561BA /* context.jsonc */ = {isa = PBXFileReference; lastKnownFileType = file; path = context.jsonc; sourceTree = SOURCE_ROOT; }; CED2725F26398683003D47A9 /* UIFont.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UIFont.swift; sourceTree = ""; }; CED949C9263B50CE00883558 /* List.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = List.swift; sourceTree = ""; }; CEDABD3F263C5FF4007A9B97 /* CertTable.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CertTable.swift; sourceTree = ""; }; @@ -198,6 +200,7 @@ CEA6D6F4261F8D2900715333 /* Assets.xcassets */, CEA6D6F9261F8D2900715333 /* Info.plist */, CE6D4A46264835F100A5D33D /* Localizable.strings */, + CEC7FEDE264C5A41005561BA /* context.jsonc */, ); path = SupportingFiles; sourceTree = ""; @@ -399,6 +402,7 @@ CE13CF05262DCDCD0070C80E /* CertificateViewer.storyboard in Resources */, CE6D4A44264835F100A5D33D /* Localizable.strings in Resources */, CEA6D6F8261F8D2900715333 /* LaunchScreen.storyboard in Resources */, + CEC7FEDF264C5A41005561BA /* context.jsonc in Resources */, CE81533A263FF7EC0030D777 /* README.md in Resources */, CEA6D6F5261F8D2900715333 /* Assets.xcassets in Resources */, CEA6D6F3261F8D2700715333 /* Main.storyboard in Resources */, diff --git a/DGCAWallet/Models/LocalData.swift b/DGCAWallet/Models/LocalData.swift index 6515759..5f642c8 100644 --- a/DGCAWallet/Models/LocalData.swift +++ b/DGCAWallet/Models/LocalData.swift @@ -27,6 +27,7 @@ import Foundation import SwiftDGC +import SwiftyJSON struct DatedCertString: Codable { var date: Date @@ -38,9 +39,11 @@ struct DatedCertString: Codable { } struct LocalData: Codable { + static let appVersion = (Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String) ?? "?.?.?" static var sharedInstance = LocalData() var certStrings = [DatedCertString]() + var config = Config.load() public func save() { Self.storage.save(self) @@ -64,4 +67,11 @@ struct LocalData: Codable { completion() } } + + var versionedConfig: JSON { + if config["versions"][Self.appVersion].exists() { + return config["versions"][Self.appVersion] + } + return config["versions"]["default"] + } } diff --git a/DGCAWallet/Services/GatewayConnection.swift b/DGCAWallet/Services/GatewayConnection.swift index 55095c0..2530805 100644 --- a/DGCAWallet/Services/GatewayConnection.swift +++ b/DGCAWallet/Services/GatewayConnection.swift @@ -30,10 +30,7 @@ import Alamofire import SwiftDGC import SwiftyJSON -struct GatewayConnection { - static let serverURI = "https://dgca-issuance-web.cfapps.eu10.hana.ondemand.com/" - static let claimEndpoint = "dgca-issuance-service/dgci/wallet/claim" - +struct GatewayConnection: ContextConnection { public static func claim(cert: HCert, with tan: String?, completion: ((Bool, String?) -> Void)?) { guard var tan = tan, !tan.isEmpty else { return @@ -62,14 +59,11 @@ struct GatewayConnection { "signature": sign.base64EncodedString(), "sigAlg": "SHA256withECDSA" ] - AF.request( - serverURI + claimEndpoint, + request( + ["endpoints", "claim"], method: .post, parameters: param, - encoding: JSONEncoding.default, - headers: nil, - interceptor: nil, - requestModifier: nil + encoding: JSONEncoding.default ).response { guard case .success(_) = $0.result, @@ -87,4 +81,23 @@ struct GatewayConnection { } } } + + public static func fetchContext() { + request( + ["context"] + ).response { + guard + let data = $0.data, + let string = String(data: data, encoding: .utf8) + else { + return + } + let json = JSON(parseJSONC: string) + LocalData.sharedInstance.config.merge(other: json) + LocalData.sharedInstance.save() + } + } + static var config: JSON { + LocalData.sharedInstance.versionedConfig + } } diff --git a/context.jsonc b/context.jsonc new file mode 100644 index 0000000..a61f68e --- /dev/null +++ b/context.jsonc @@ -0,0 +1,24 @@ +{ + // Origin in ISO alpha 2 code: + "origin": "DE", + "versions": { + "default": { + // catch-all for normal versions + "privacyUrl": "https://publications.europa.eu/en/web/about-us/legal-notices/eu-mobile-apps", + "context": { + "url": "https://dgca-issuance-web.cfapps.eu10.hana.ondemand.com/dgca-issuance-service/context", + "pubKeys": ["Ef6tLK887tpTdkiVkSG7ioXCgNEJsbIgKcAU+dxTTag="] + }, + "endpoints": { + "claim": { + "url": "https://dgca-issuance-web.cfapps.eu10.hana.ondemand.com/dgca-issuance-service/dgci/wallet/claim", + "pubKeys": ["Ef6tLK887tpTdkiVkSG7ioXCgNEJsbIgKcAU+dxTTag="] + } + } + }, + "0.1.0": { + // Example for a version that is insecure and shouldn't start. + "outdated": true + } + } +}