Skip to content

Commit

Permalink
Add revision: v1.26.0
Browse files Browse the repository at this point in the history
  • Loading branch information
GovernikusAusweisApp2 committed Dec 15, 2022
1 parent 994e1bc commit eea7ef2
Show file tree
Hide file tree
Showing 807 changed files with 19,499 additions and 20,513 deletions.
8 changes: 6 additions & 2 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
cmake_minimum_required(VERSION 3.13.0)
if(WIN32)
cmake_minimum_required(VERSION 3.19.0)
else()
cmake_minimum_required(VERSION 3.13.0)
endif()

if(POLICY CMP0020)
cmake_policy(SET CMP0020 NEW)
Expand Down Expand Up @@ -56,7 +60,7 @@ if(UNIX AND NOT IOS)
set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15 CACHE STRING "Required macOS version")
endif()

project(AusweisApp2 VERSION 1.24.4 LANGUAGES ${LANGUAGES})
project(AusweisApp2 VERSION 1.26.0 LANGUAGES ${LANGUAGES})

# Set TWEAK if not defined in PROJECT_VERSION above to
# have a valid tweak version without propagating it
Expand Down
15 changes: 15 additions & 0 deletions CMakePresets.json
Original file line number Diff line number Diff line change
Expand Up @@ -112,11 +112,19 @@
{
"name": "ci-ios-framework-simulator",
"inherits": "ci-ios-framework",
"generator": "Xcode",
"cacheVariables": {
"CMAKE_OSX_SYSROOT": "iphonesimulator",
"CMAKE_OSX_ARCHITECTURES": "x86_64"
}
},
{
"name": "ci-ios-framework-simulator-arm64",
"inherits": "ci-ios-framework-simulator",
"cacheVariables": {
"CMAKE_OSX_ARCHITECTURES": "arm64"
}
},
{
"name": "ci-android",
"hidden": true,
Expand Down Expand Up @@ -183,6 +191,13 @@
"CMAKE_CXX_COMPILER_LAUNCHER": null
}
},
{
"name": "ci-tools-with-libs",
"inherits": "ci-tools",
"cacheVariables": {
"CMAKE_PREFIX_PATH": "${sourceParentDir}/libs/build/dist"
}
},
{
"name": "base",
"hidden": true,
Expand Down
3 changes: 0 additions & 3 deletions cmake/CompilerFlags.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -192,9 +192,6 @@ else()
endif()


include(CompilerFlagsPersoSim)


# http:https://gcc.gnu.org/onlinedocs/gcc/Gcov.html
# http:https://llvm.org/docs/CommandGuide/llvm-cov.html
option(COVERAGE "Enable code coverage")
Expand Down
22 changes: 0 additions & 22 deletions cmake/CompilerFlagsPersoSim.cmake

This file was deleted.

4 changes: 2 additions & 2 deletions cmake/Libraries.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -111,10 +111,10 @@ endif()

if(MINGW)
find_package(PCSC REQUIRED)
set(WIN_DEFAULT_LIBS "-ladvapi32" "-lkernel32" "-lole32" "-lsetupapi" "-lversion")
set(WIN_DEFAULT_LIBS "-ladvapi32" "-lkernel32" "-lole32" "-lsetupapi" "-lversion" "-liphlpapi")
elseif(MSVC OR CMAKE_CXX_SIMULATE_ID STREQUAL "MSVC")
find_package(PCSC REQUIRED)
set(WIN_DEFAULT_LIBS setupapi.lib version.lib)
set(WIN_DEFAULT_LIBS setupapi.lib version.lib iphlpapi.lib)
elseif(ANDROID)

elseif(IOS)
Expand Down
7 changes: 5 additions & 2 deletions cmake/Packaging.cmake
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# CPack
# http:https://www.cmake.org/Wiki/CMake:CPackConfiguration
# https:https://gitlab.kitware.com/cmake/community/-/wikis/doc/cpack/Configuration

set(PACKAGE_VERSION ${PROJECT_VERSION})

Expand Down Expand Up @@ -113,6 +113,9 @@ if(WIN32)
# suppress warning LGHT1076/ICE61 caused by AllowSameVersionUpgrades
set(CPACK_WIX_LIGHT_EXTRA_FLAGS -sw1076 ${CPACK_WIX_LIGHT_EXTRA_FLAGS})

configure_file(${CMAKE_DIR}/PrepareProxy.cmake.in ${CMAKE_BINARY_DIR}/PrepareProxy.cmake @ONLY)
set(CPACK_PRE_BUILD_SCRIPTS "${CMAKE_BINARY_DIR}/PrepareProxy.cmake")

if(SIGNTOOL_CMD)
message(STATUS "MSI can be signed with 'make package.sign'")
set(MSI ${PROJECT_BINARY_DIR}/${CPACK_PACKAGE_FILE_NAME}.msi)
Expand Down Expand Up @@ -168,7 +171,7 @@ elseif(ANDROID)
file(READ "${BUILD_GRADLE_APPEND}" BUILD_GRADLE)
file(APPEND "${CMAKE_INSTALL_PREFIX}/build.gradle" "${BUILD_GRADLE}")

if(USE_SMARTEID)
if(USE_SMARTEID AND NOT INTEGRATED_SDK)
set(BUILD_GRADLE_APPEND "${PACKAGING_DIR}/android/build.gradle.append.smarteid")
file(READ "${BUILD_GRADLE_APPEND}" BUILD_GRADLE)
file(APPEND "${CMAKE_INSTALL_PREFIX}/build.gradle" "${BUILD_GRADLE}")
Expand Down
11 changes: 11 additions & 0 deletions cmake/PrepareProxy.cmake.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
set(WIX_BUILD_DIR "@CMAKE_BINARY_DIR@/_CPack_Packages/win64/WIX")
file(GLOB WIX_INSTALL_DIR RELATIVE ${WIX_BUILD_DIR} ${WIX_BUILD_DIR}/@PROJECT_NAME@-*)

list(LENGTH WIX_INSTALL_DIR DIR_COUNT)
if(NOT DIR_COUNT EQUAL 1 OR NOT IS_DIRECTORY "${WIX_BUILD_DIR}/${WIX_INSTALL_DIR}")
message(FATAL_ERROR "No unique CPack installation directory was found: ${WIX_INSTALL_DIR}")
endif()

execute_process(COMMAND ${CMAKE_COMMAND} -E copy
"${WIX_BUILD_DIR}/${WIX_INSTALL_DIR}/@PROJECT_NAME@@CMAKE_EXECUTABLE_SUFFIX@"
"${WIX_BUILD_DIR}/Proxy@PROJECT_NAME@@CMAKE_EXECUTABLE_SUFFIX@")
4 changes: 2 additions & 2 deletions cmake/SignFiles.cmake.in
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,9 @@ if(APPLE AND NOT IOS)

file(GLOB_RECURSE AUTOSTART_HELPER_BINARY ${CMAKE_BINARY_DIR}/*/@AUTOSTART_HELPER_FULL_NAME@)
message("Signing autostart helper bundle: ${AUTOSTART_HELPER_BINARY}")
execute_process(COMMAND @SIGNTOOL_CMD@ ${BUNDLE_APPLE_CODESIGN_PARAMETER} --entitlements @PACKAGING_DIR@/macos/autostart_helper/@[email protected] -i @AUTOSTART_HELPER_BUNDLE_ID@ ${AUTOSTART_HELPER_BINARY})
execute_process(COMMAND "@SIGNTOOL_CMD@" ${BUNDLE_APPLE_CODESIGN_PARAMETER} --entitlements @PACKAGING_DIR@/macos/autostart_helper/@[email protected] -i @AUTOSTART_HELPER_BUNDLE_ID@ ${AUTOSTART_HELPER_BINARY})

file(GLOB_RECURSE APP_BINARY ${CMAKE_BINARY_DIR}/*/@PROJECT_NAME@)
message("Signing app bundle: ${APP_BINARY}")
execute_process(COMMAND @SIGNTOOL_CMD@ ${BUNDLE_APPLE_CODESIGN_PARAMETER} --entitlements @PACKAGING_DIR@/macos/@PROJECT_NAME@.entitlements -i @BUNDLE_IDENTIFIER@ ${APP_BINARY})
execute_process(COMMAND "@SIGNTOOL_CMD@" ${BUNDLE_APPLE_CODESIGN_PARAMETER} --entitlements @PACKAGING_DIR@/macos/@PROJECT_NAME@.entitlements -i @BUNDLE_IDENTIFIER@ ${APP_BINARY})
endif()
20 changes: 19 additions & 1 deletion cmake/SwiftPackage.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,12 @@ if(NOT XCODEBUILD)
message(FATAL_ERROR "Cannot find xcodebuild")
endif()

find_program(LIPO lipo)
if(NOT LIPO)
message(FATAL_ERROR "Cannot find lipo")
endif()


set(prefix AusweisApp2)
set(extension .framework.zip)
file(GLOB_RECURSE FRAMEWORK_ZIP RELATIVE "${CMAKE_BINARY_DIR}" "${CMAKE_BINARY_DIR}/*${extension}")
Expand Down Expand Up @@ -37,9 +43,21 @@ foreach(framework ${FRAMEWORK_ZIP})
set(framework_dir ${dir}/${prefix}.framework)
file(REMOVE_RECURSE ${framework_dir})
execute_process(COMMAND ${CMAKE_COMMAND} -E tar xf "${filename}" WORKING_DIRECTORY "${dir}")
list(APPEND FRAMEWORK_PARAM -framework ${framework_dir} )
if (NOT ${framework_dir} MATCHES simulator)
list(APPEND FRAMEWORK_PARAM -framework ${framework_dir})
else()
if (NOT FAT_LIB_TARGETS)
list(APPEND FRAMEWORK_PARAM -framework ${framework_dir})
set(FAT_LIB_OUTPUT ${framework_dir}/${prefix})
endif()
list(APPEND FAT_LIB_TARGETS -create ${framework_dir}/${prefix})
endif()
endforeach()

if (FAT_LIB_TARGETS)
execute_process(COMMAND ${LIPO} ${FAT_LIB_TARGETS} -output ${FAT_LIB_OUTPUT})
endif()

file(REMOVE_RECURSE ${prefix}.xcframework)
execute_process(COMMAND ${XCODEBUILD} -create-xcframework ${FRAMEWORK_PARAM} -output ${prefix}.xcframework)
file(REMOVE_RECURSE ${FRAMEWORK_PARAM})
Expand Down
23 changes: 23 additions & 0 deletions cmake/Tools.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,29 @@ if(UNCRUSTIFY)
endif()
endif()

find_program(QMLFORMAT qmlformat HINTS "${QT_INSTALL_ARCHDATA}/bin" CMAKE_FIND_ROOT_PATH_BOTH)
if(QMLFORMAT)
execute_process(COMMAND ${QMLFORMAT} --version OUTPUT_VARIABLE QMLFORMAT_VERSION OUTPUT_STRIP_TRAILING_WHITESPACE)
string(REPLACE "qmlformat " "" QMLFORMAT_VERSION "${QMLFORMAT_VERSION}")

if("${QMLFORMAT_VERSION}" VERSION_LESS "6")
message(WARNING "qmlformat is too old: ${QMLFORMAT_VERSION}")
else()
file(GLOB_RECURSE FILES_QML ${PROJECT_SOURCE_DIR}/*.qml)
set(QMLFORMAT_CMD ${QMLFORMAT} -i -n -l unix -t -w 4)

set(FORMATTING_FILE ${PROJECT_BINARY_DIR}/formatting.files.qml)
file(WRITE ${FORMATTING_FILE} "")
foreach(file ${FILES_QML})
file(APPEND ${FORMATTING_FILE} ${file})
file(APPEND ${FORMATTING_FILE} "\n")
endforeach()

add_custom_target(format.qml COMMAND ${QMLFORMAT_CMD} -F ${FORMATTING_FILE} SOURCES ${FILES_QML})
add_dependencies(format format.qml)
endif()
endif()

find_program(PYTHON python CMAKE_FIND_ROOT_PATH_BOTH)
if(PYTHON)
list(APPEND GLOB_JSON ${RESOURCES_DIR}/updatable-files/*.json)
Expand Down
11 changes: 7 additions & 4 deletions docs/AusweisApp2.1
Original file line number Diff line number Diff line change
Expand Up @@ -82,11 +82,14 @@ Show window on startup.
Disable system proxy.

.TP
.B --ui { qml|websocket }
Use given UI plugin. "qml" will start the program with a visible UI, "websocket"
will let it start in the background as an SDK. This is only useful when integrating
AusweisApp2 into other programs. Default is "qml,websocket".
.B --ui { qml|webservice|websocket }
This option allows multiple values.
- "qml" will start the program with a visible UI.
- "websocket" will let it start in the background as an SDK. This is only useful when integrating
AusweisApp2 into other programs.
- "webservice" starts listening on given port/address.

Default is "qml,webservice,websocket".

.TP
.B --port \fI\,PORT\/\fR
Expand Down
32 changes: 24 additions & 8 deletions docs/installation/README.de.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ alle unterstützten Parameter, die im Anschluss erläutert werden.

.. code-block:: winbatch
msiexec /i AusweisApp2-X.YY.Z.msi /quiet INSTALLDIR="C:\AusweisApp2" SYSTEMSETTINGS=false DESKTOPSHORTCUT=false AUTOSTART=false AUTOHIDE=false REMINDTOCLOSE=false ASSISTANT=false TRANSPORTPINREMINDER=false CUSTOMPROXYTYPE="HTTP" CUSTOMPROXYHOST="proxy.example.org" CUSTOMPROXYPORT=1337 UPDATECHECK=false ONSCREENKEYBOARD=true SHUFFLESCREENKEYBOARD=true HISTORY=false ENABLECANALLOWED=true SKIPRIGHTSONCANALLOWED=true LAUNCH=true
msiexec /i AusweisApp2-X.YY.Z.msi /quiet INSTALLDIR="C:\AusweisApp2" SYSTEMSETTINGS=false DESKTOPSHORTCUT=false PROXYSERVICE=false AUTOSTART=false AUTOHIDE=false REMINDTOCLOSE=false ASSISTANT=false TRANSPORTPINREMINDER=false CUSTOMPROXYTYPE="HTTP" CUSTOMPROXYHOST="proxy.example.org" CUSTOMPROXYPORT=1337 UPDATECHECK=false ONSCREENKEYBOARD=true SHUFFLESCREENKEYBOARD=true HISTORY=false ENABLECANALLOWED=true SKIPRIGHTSONCANALLOWED=true LAUNCH=true
INSTALLDIR
Gibt das Installationsverzeichnis an. Ohne Angabe wird der Ordner
Expand All @@ -29,6 +29,16 @@ DESKTOPSHORTCUT
Desktop-Verknüpfung vermieden werden. Ohne Angabe des Parameters wird eine
Desktop-Verknüpfung für alle Benutzer erstellt (true).

PROXYSERVICE
Um den parallelen Betrieb mehrer Instanzen der AusweisApp2 zu ermöglichen, ist
der Proxy-Dienst notwendig. Der Proxy-Dienst übernimmt die Überwachung von Port
24727 (definiert in BSI TR-03124-1) und leitet Anfragen an die lokalen Instanzen
der AusweisApp2 weiter. Eine Weiterleitung der Discovery-Nachrichten (Ergänzung
zu BSI TR-03112-6 - IFD Service - Kapitel 3) erfolgt nicht, so dass SaK-Geräte
in diesem Betriebsmodus nicht erkannt bzw. genutzt werden können. Ohne Angabe des
Parameters wird der Proxy-Dienst automatisch eingerichtet, wenn Terminaldienste
installiert sind und das System im Anwendungsservermodus ausgeführt wird.

AUTOSTART
Durch Angabe von AUTOSTART=true wird ein Autostart-Eintrag für alle Benutzer
erstellt. Die Deaktivierung des Autostarts ist den Benutzern in der AusweisApp2
Expand Down Expand Up @@ -249,6 +259,11 @@ Anwendungen über eine Websocket-Schnittstelle angeboten (SDK-Funktion, eID-SDK)
Daher müssen eingehende lokale Netzwerkverbindungen auf dem TCP Port 24727
ermöglicht werden.

Bei aktiviertem Proxy-Dienst übernimmt der AusweisApp2-Proxy die Serverfunktionen
der AusweisApp2 auf Port 24727. Die Instanzen der AusweisApp2 erkennen den Proxy
und benutzen in diesem Fall einen zufälligen freien Port auf den der Proxy die
Anfragen weiterleitet.

Für die Verwendung von der "Smartphone als Kartenleser"-Funktion über WLAN
müssen außerdem Broadcasts auf UDP Port 24727 im lokalen Subnetz empfangen
werden können.
Expand Down Expand Up @@ -293,14 +308,15 @@ CA-Zertifikate im Windows-Truststore werden daher ignoriert.
:header: "Referenz", "Protokoll", "Port", "Richtung", "Optional", "Zweck", "Anmerkungen"
:widths: 8, 8, 8, 8, 8, 35, 25

"eID1", TCP, 24727, "eingehend", "Nein", "Online-Ausweisvorgang, eID-Aktivierung [#TR-03124]_", "Nur erreichbar von localhost [#TR-03124]_"
"eID2", TCP, 443, "ausgehend", "Nein", "Online-Ausweisvorgang, Verbindung zum Anbieter, TLS-1-2-Kanal [#TR-03124]_", "TLS-Zertifikate verschränkt mit Berechtigungs-Zertifikat [#TR-03124]_"
"eID3", TCP, 443, "ausgehend", "Nein", "Online-Ausweisvorgang, Verbindung zum eID-Server, TLS-2-Kanal [#TR-03124]_", "TLS-Zertifikate verschränkt mit Berechtigungs-Zertifikat [#TR-03124]_"
"eID-SDK", TCP, 24727, "eingehend", "Nein", "Verwendung der SDK-Schnittstelle", "Nur erreichbar von localhost [#TR-03124]_"
"SaK1", UDP, 24727, "eingehend", "Ja", "Smartphone als Kartenleser, Erkennung [#TR-03112]_", "Broadcasts"
"SaK2", TCP, , "ausgehend", "Ja", "Smartphone als Kartenleser, Verwendung [#TR-03112]_", "Verbindung im lokalen Subnetz"
"Update", TCP, 443, "ausgehend", "Ja", "Updates [#govurl]_ zu Anbietern und Kartenlesern sowie Informationen zu neuen AusweisApp2-Versionen [#updatecheck]_ .", "Die Zertifikate der TLS-Verbindung werden mit in der AusweisApp2 mitgelieferten CA-Zertifikaten validiert. Im Betriebssystem hinterlegte CA-Zertifikate werden ignoriert."
"eID1", TCP, 24727 [#aa2proxy]_, "eingehend", "Nein", "Online-Ausweisvorgang, eID-Aktivierung [#TR-03124]_", "Nur erreichbar von localhost [#TR-03124]_"
"eID2", TCP, 443, "ausgehend", "Nein", "Online-Ausweisvorgang, Verbindung zum Anbieter, TLS-1-2-Kanal [#TR-03124]_", "TLS-Zertifikate verschränkt mit Berechtigungs-Zertifikat [#TR-03124]_"
"eID3", TCP, 443, "ausgehend", "Nein", "Online-Ausweisvorgang, Verbindung zum eID-Server, TLS-2-Kanal [#TR-03124]_", "TLS-Zertifikate verschränkt mit Berechtigungs-Zertifikat [#TR-03124]_"
"eID-SDK", TCP, 24727 [#aa2proxy]_, "eingehend", "Nein", "Verwendung der SDK-Schnittstelle", "Nur erreichbar von localhost [#TR-03124]_"
"SaK1", UDP, 24727 [#aa2proxy]_, "eingehend", "Ja", "Smartphone als Kartenleser, Erkennung [#TR-03112]_", "Broadcasts"
"SaK2", TCP, , "ausgehend", "Ja", "Smartphone als Kartenleser, Verwendung [#TR-03112]_", "Verbindung im lokalen Subnetz"
"Update", TCP, 443, "ausgehend", "Ja", "Updates [#govurl]_ zu Anbietern und Kartenlesern sowie Informationen zu neuen AusweisApp2-Versionen [#updatecheck]_ .", "Die Zertifikate der TLS-Verbindung werden mit in der AusweisApp2 mitgelieferten CA-Zertifikaten validiert. Im Betriebssystem hinterlegte CA-Zertifikate werden ignoriert."

.. [#aa2proxy] Oder ein zufälliger Port bei Verwendung des AusweisApp2-Proxys.
.. [#TR-03124] Siehe TR-03124 des BSI
.. [#TR-03112] Siehe TR-03112-6 des BSI
.. [#govurl] Erreichbar unter dem URL https://appl.governikus-asp.de/ausweisapp2/
Expand Down
Loading

0 comments on commit eea7ef2

Please sign in to comment.