Validate CAdES signature in SiVa service

IB-6671 Signed-off-by: Raul Metsma <[email protected]>
open-eid · Nov 8, 2023 · 5e98329 · 5e98329
1 parent d5bbd75
commit 5e98329
Show file tree

Hide file tree

Showing 9 changed files with 38 additions and 5 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -55,7 +55,7 @@ jobs:
     container: ${{ matrix.container }}
     strategy:
       matrix:
-        container: ['ubuntu:20.04', 'ubuntu:22.04', 'ubuntu:23.04']
+        container: ['ubuntu:20.04', 'ubuntu:22.04', 'ubuntu:23.04', 'ubuntu:23.10']
     env:
       DEBIAN_FRONTEND: noninteractive
       DEBFULLNAME: github-actions
@@ -110,7 +110,9 @@ jobs:
       MAKEFLAGS: -j3
     steps:
     - name: Install Deps
-      run: dnf install -y git gcc-c++ cmake rpm-build gettext openssl-devel openldap-devel pcsc-lite-devel qt6-qtsvg-devel qt6-qttools-devel qt6-qt5compat-devel flatbuffers-devel flatbuffers-compiler zlib-devel
+      run: |
+        dnf install -y --setopt=install_weak_deps=False \
+        git gcc-c++ cmake rpm-build gettext openssl-devel openldap-devel pcsc-lite-devel qt6-qtsvg-devel qt6-qttools-devel qt6-qt5compat-devel flatbuffers-devel flatbuffers-compiler zlib-devel
     - name: Checkout
       uses: actions/checkout@v4
       with:

diff --git a/client/DigiDoc.cpp b/client/DigiDoc.cpp
@@ -453,6 +453,13 @@ bool DigiDoc::isAsicS() const
 		});
 }
 
+bool DigiDoc::isCades() const
+{
+	return std::any_of(m_signatures.cbegin(), m_signatures.cend(), [](const DigiDocSignature &s) {
+		return s.profile().contains(QLatin1String("CADES"), Qt::CaseInsensitive);
+	});
+}
+
 bool DigiDoc::isPDF() const
 {
 	return b && b->mediaType() == "application/pdf";
@@ -461,7 +468,7 @@ bool DigiDoc::isModified() const { return modified; }
 
 bool DigiDoc::isSupported() const
 {
-	return b && b->mediaType() == "application/vnd.etsi.asic-e+zip";
+	return b && b->mediaType() == "application/vnd.etsi.asic-e+zip" && !isCades();
 }
 
 QString DigiDoc::mediaType() const

diff --git a/client/DigiDoc.h b/client/DigiDoc.h
@@ -127,6 +127,7 @@ class DigiDoc: public QObject
 	DocumentModel *documentModel() const;
 	QString fileName() const;
 	bool isAsicS() const;
+	bool isCades() const;
 	bool isPDF() const;
 	bool isModified() const;
 	bool isSupported() const;

diff --git a/client/common_enums.h b/client/common_enums.h
@@ -95,6 +95,7 @@ enum WarningType {
     UnknownSignatureWarning,
     UnknownTimestampWarning,
     UnsupportedAsicSWarning,
+    UnsupportedAsicCadesWarning,
     UnsupportedDDocWarning,
     EmptyFileWarning,
 };

diff --git a/client/translations/en.ts b/client/translations/en.ts
@@ -3288,6 +3288,10 @@ Additional licenses and components</translation>
         <source>This ASiC-S container contains XAdES signature. You are not allowed to add or remove signatures to this container.</source>
         <translation>This ASiC-S container contains XAdES signature. You are not allowed to add or remove signatures to this container.</translation>
     </message>
+    <message>
+        <source>This container contains CAdES signature. You are not allowed to add or remove signatures to this container.</source>
+        <translation>This container contains CAdES signature. You are not allowed to add or remove signatures to this container.</translation>
+    </message>
 </context>
 <context>
     <name>WarningRibbon</name>

diff --git a/client/translations/et.ts b/client/translations/et.ts
@@ -3286,7 +3286,11 @@ Täiendavad litsentsid ja komponendid</translation>
     </message>
     <message>
         <source>This ASiC-S container contains XAdES signature. You are not allowed to add or remove signatures to this container.</source>
-        <translation>Tegemist on XAdES allkirja sisalduva ASiC-S ümbrikuga. Sellele ümbrikule ei saa allkirja lisada ega eemaldada.</translation>
+        <translation>Tegemist on XAdES allkirja sisaldava ASiC-S ümbrikuga. Sellele ümbrikule ei saa allkirja lisada ega eemaldada.</translation>
+    </message>
+    <message>
+        <source>This container contains CAdES signature. You are not allowed to add or remove signatures to this container.</source>
+        <translation>Tegemist on CAdES allkirja sisaldava ümbrikuga. Sellele ümbrikule ei saa allkirja lisada ega eemaldada.</translation>
     </message>
 </context>
 <context>

diff --git a/client/translations/ru.ts b/client/translations/ru.ts
@@ -3293,6 +3293,10 @@ Additional licenses and components</source>
         <source>This ASiC-S container contains XAdES signature. You are not allowed to add or remove signatures to this container.</source>
         <translation>Речь идет о конверте ASiC-S, содержащемся в подписи XAdES. К данному контейнеру нельзя добавить или удалить из него подпись.</translation>
     </message>
+    <message>
+        <source>This container contains CAdES signature. You are not allowed to add or remove signatures to this container.</source>
+        <translation>Этот контейнер содержит подпись CAdES. К данному контейнеру нельзя добавить или удалить из него подпись.</translation>
+    </message>
 </context>
 <context>
     <name>WarningRibbon</name>

diff --git a/client/widgets/ContainerPage.cpp b/client/widgets/ContainerPage.cpp
@@ -334,6 +334,8 @@ void ContainerPage::transition(DigiDoc* container)
 		emit warning(UnsupportedDDocWarning);
 	if(container->isAsicS())
 		emit warning(UnsupportedAsicSWarning);
+	if(container->isCades())
+		emit warning(UnsupportedAsicCadesWarning);
 
 	hasEmptyFile = false;
 	for (auto i = 0; i < container->documentModel()->rowCount(); i++)

diff --git a/client/widgets/WarningItem.cpp b/client/widgets/WarningItem.cpp
@@ -141,8 +141,16 @@ void WarningItem::lookupWarning()
 		warnText.details = tr("More information");
 		warnText.page = ria::qdigidoc4::SignDetails;
 		break;
+	case ria::qdigidoc4::UnsupportedAsicCadesWarning:
+		warnText.text = tr("This container contains CAdES signature. "
+			"You are not allowed to add or remove signatures to this container.");
+		warnText.url = tr("https://www.id.ee/en/article/digidoc-container-format-life-cycle-2/");
+		warnText.details = tr("More information");
+		warnText.page = ria::qdigidoc4::SignDetails;
+		break;
 	case ria::qdigidoc4::UnsupportedDDocWarning:
-		warnText.text = tr("The current file is a DigiDoc container that is not supported officially any longer. You are not allowed to add or remove signatures to this container.");
+		warnText.text = tr("The current file is a DigiDoc container that is not supported officially any longer. "
+			"You are not allowed to add or remove signatures to this container.");
 		warnText.url = tr("https://www.id.ee/en/article/digidoc-container-format-life-cycle-2/");
 		warnText.details = tr("More information");
 		warnText.page = ria::qdigidoc4::SignDetails;