web-eid · mrts · Feb 4, 2025 · Oct 23, 2024 · Feb 4, 2025
diff --git a/.github/workflows/cmake-linux-fedora.yml b/.github/workflows/cmake-linux-fedora.yml
@@ -14,7 +14,7 @@ jobs:
     container: fedora:${{ matrix.container }}
     strategy:
       matrix:
-        container: [38, 39, 40]
+        container: [40, 41]
 
     steps:
       - name: Install Deps

diff --git a/.github/workflows/cmake-linux-ubuntu.yml b/.github/workflows/cmake-linux-ubuntu.yml
@@ -13,20 +13,16 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04${{ matrix.arch == 'arm64' && '-arm' || '' }}
     container: ubuntu:${{matrix.container}}
     strategy:
       matrix:
-        container: ['20.04', '22.04', '24.04']
+        container: ['22.04', '24.04', '24.10']
+        arch: ['amd64', 'arm64']
 
     steps:
       - name: Install dependencies
-        if: matrix.container == '20.04'
-        run: apt update -qq && apt install --no-install-recommends -y git lsb-release fakeroot build-essential devscripts debhelper lintian pkg-config cmake libpcsclite-dev libssl-dev libgtest-dev libqt5svg5-dev qttools5-dev-tools qttools5-dev
-
-      - name: Install dependencies
-        if: matrix.container != '20.04'
-        run: apt update -qq && apt install --no-install-recommends -y git lsb-release fakeroot build-essential devscripts debhelper lintian pkg-config cmake libpcsclite-dev libssl-dev libgtest-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools libqt6core5compat6-dev
+        run: apt update -qq && apt install --no-install-recommends -y git lsb-release fakeroot build-essential devscripts debhelper lintian pkg-config cmake libpcsclite-dev libssl-dev libgtest-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools
 
       - uses: actions/checkout@v4
         with:
@@ -46,5 +42,5 @@ jobs:
 
       - uses: actions/upload-artifact@v4
         with:
-          name: web-eid-app-ubuntu-build-ubuntu${{matrix.container}}-${{github.run_number}}
+          name: web-eid-app-ubuntu-build-ubuntu${{matrix.container}}-${{ matrix.arch }}-${{github.run_number}}
           path: build/*.*deb
diff --git a/.github/workflows/cmake-macos.yml b/.github/workflows/cmake-macos.yml
@@ -64,7 +64,7 @@ jobs:
       - name: Install Qt
         uses: jurplel/install-qt-action@v4
         with:
-          version: 6.7.2
+          version: 6.7.3
           arch: clang_64
 
       - name: Configure

diff --git a/.github/workflows/cmake-windows.yml b/.github/workflows/cmake-windows.yml
@@ -35,7 +35,7 @@ jobs:
       - name: Install Qt
         uses: jurplel/install-qt-action@v4
         with:
-          version: 6.7.2
+          version: 6.7.3
           arch: win64_msvc2019_64
 
       - name: Setup MS Visual C++ dev env
@@ -45,10 +45,10 @@ jobs:
 
       - name: Install WiX
         run: |
-          dotnet tool install --global wix --version 5.0.1
-          wix extension -g add WixToolset.UI.wixext/5.0.1
-          wix extension -g add WixToolset.Util.wixext/5.0.1
-          wix extension -g add WixToolset.BootstrapperApplications.wixext/5.0.1
+          dotnet tool install --global wix --version 5.0.2
+          wix extension -g add WixToolset.UI.wixext/5.0.2
+          wix extension -g add WixToolset.Util.wixext/5.0.2
+          wix extension -g add WixToolset.BootstrapperApplications.wixext/5.0.2
 
       - name: Configure
         run: |

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.16)
+cmake_minimum_required(VERSION 3.22)
 
 if(NOT EXISTS "${CMAKE_SOURCE_DIR}/lib/libelectronic-id/README.md")
     message(FATAL_ERROR "libelectronic-id submodule directory empty, did you 'git clone --recursive'?")
@@ -11,7 +11,7 @@ elseif($ENV{CI_PIPELINE_IID})
 else()
     set(BUILD_NUMBER 0)
 endif()
-project(web-eid VERSION 2.6.0.${BUILD_NUMBER})
+project(web-eid VERSION 2.7.0.${BUILD_NUMBER})
 
 set(MACOSX_BUNDLE_SHORT_VERSION_STRING "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}")
 set(MACOSX_BUNDLE_BUNDLE_VERSION ${PROJECT_VERSION_TWEAK})
@@ -32,9 +32,8 @@ set(SIGNCERT "" CACHE STRING "Common name of certificate to used sign binaries,
 set(CROSSSIGNCERT "" CACHE STRING "Common name of certificate to used cross sign binaries, empty skips signing (Windows)")
 set(SAFARI_PROVISIONPROFILE "" CACHE STRING "Provision profile to include in application (macOS)")
 
-find_package(QT NAMES Qt6 Qt5 COMPONENTS Core REQUIRED)
-find_package(Qt${QT_VERSION_MAJOR} 5.12.0 REQUIRED COMPONENTS Core Widgets Network Test LinguistTools Svg)
-get_target_property(qtCore_install_prefix Qt${QT_VERSION_MAJOR}::qmake IMPORTED_LOCATION)
+find_package(Qt6 6.2.0 REQUIRED COMPONENTS Core Widgets Network Test LinguistTools SvgWidgets)
+get_target_property(qtCore_install_prefix Qt6::qmake IMPORTED_LOCATION)
 get_filename_component(qtCore_install_prefix ${qtCore_install_prefix} DIRECTORY)
 
 add_subdirectory(lib/libelectronic-id)

diff --git a/debian/control b/debian/control
@@ -4,14 +4,14 @@ Priority: optional
 Maintainer: RIA <[email protected]>
 Build-Depends:
  cmake,
- debhelper-compat (= 12),
+ debhelper-compat (= 13),
  libpcsclite-dev,
  libssl-dev,
  libgtest-dev,
- qt6-tools-dev | qttools5-dev,
- qt6-l10n-tools | qttools5-dev-tools,
- libqt6svg6-dev | libqt5svg5-dev
-Standards-Version: 4.5.1
+ qt6-tools-dev,
+ qt6-l10n-tools,
+ libqt6svg6-dev
+Standards-Version: 4.6.1
 Homepage: https://github.com/web-eid/web-eid-app
 
 Package: web-eid
@@ -30,7 +30,7 @@ Architecture: any
 Multi-Arch: foreign
 Depends:
  pcscd,
- qt6-qpa-plugins | libqt5gui5,
+ qt6-qpa-plugins,
  ${shlibs:Depends},
  ${misc:Depends}
 Replaces: token-signing-native

diff --git a/install/web-eid.wxs b/install/web-eid.wxs
@@ -23,7 +23,7 @@
 <Wix xmlns="http://wixtoolset.org/schemas/v4/wxs"
      xmlns:ui="http://wixtoolset.org/schemas/v4/wxs/ui">
   <Package Name="Web eID software" UpgradeCode="4f0e0fef-0dbc-481b-9d81-08921740f781"
-      Language="1033" Version="$(var.MSI_VERSION)" Codepage="1251" Manufacturer="RIA" InstallerVersion="500">
+      Language="1033" Version="!(bind.FileVersion.App)" Manufacturer="RIA">
     <MediaTemplate EmbedCab="yes" CompressionLevel="high" />
     <Icon Id="web_eid.exe" SourceFile="$(var.app_path)" />
     <Property Id="ARPPRODUCTICON" Value="web_eid.exe" />
@@ -69,7 +69,7 @@
 
     <StandardDirectory Id="ProgramFiles6432Folder">
       <Directory Id="INSTALLFOLDER" Name="Web eID">
-        <File Source="$(var.app_path)" />
+        <File Id="App" Source="$(var.app_path)" />
 <?ifdef var.qt_path ?>
         <File Source="$(var.VCPATH)\msvcp140$(var.qt_suffix).dll" />
         <File Source="$(var.VCPATH)\msvcp140_1$(var.qt_suffix).dll" />

diff --git a/lib/libelectronic-id b/lib/libelectronic-id
diff --git a/src/app/CMakeLists.txt b/src/app/CMakeLists.txt
@@ -31,7 +31,6 @@ if(WIN32)
         -arch ${PLATFORM}
         -ext WixToolset.UI.wixext
         -bv WixUIDialogBmp=${CMAKE_SOURCE_DIR}/install/dlgbmp.bmp
-        -d MSI_VERSION=${PROJECT_VERSION}
         -d ssl_path="${SSL_PATH}"
         -d qt_suffix="$<$<CONFIG:Debug>:d>"
         -d json=${CMAKE_CURRENT_BINARY_DIR}/eu.webeid.json

diff --git a/src/app/main.cpp b/src/app/main.cpp
@@ -29,7 +29,6 @@
 int main(int argc, char* argv[])
 {
     Q_INIT_RESOURCE(web_eid_resources);
-    Q_INIT_RESOURCE(translations);
 
     Application app(argc, argv, QStringLiteral("web-eid"));
 

diff --git a/src/controller/CMakeLists.txt b/src/controller/CMakeLists.txt
@@ -49,10 +49,10 @@ set_property(SOURCE application.cpp APPEND PROPERTY COMPILE_DEFINITIONS PROJECT_
 target_include_directories(controller PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
 target_link_libraries(controller
     electronic-id
-    Qt${QT_VERSION_MAJOR}::Network
-    Qt${QT_VERSION_MAJOR}::Widgets
+    Qt6::Network
+    Qt6::Widgets
 )
 
 # %{function}:%{file}:%{line} works in Qt log message pattern only if code
 # is compiled in debug mode or if QT_MESSAGELOGCONTEXT is set in compiler flags.
-target_compile_definitions(controller PUBLIC QT_MESSAGELOGCONTEXT)
+target_compile_definitions(controller PUBLIC QT_MESSAGELOGCONTEXT QT_WARN_DEPRECATED_UP_TO=060200)
diff --git a/src/controller/command-handlers/authenticate.cpp b/src/controller/command-handlers/authenticate.cpp
@@ -124,10 +124,13 @@ QVariantMap Authenticate::onConfirm(WebEidUI* window,
         const auto signatureAlgorithm =
             QString::fromStdString(cardCertAndPin.cardInfo->eid().authSignatureAlgorithm());
         pcsc_cpp::byte_vector pin;
-        pin.reserve(5 + 16); // Avoid realloc: apdu + pin padding
+        // Reserve space for APDU overhead (5 bytes) + PIN padding (16 bytes) to prevent PIN memory
+        // reallocation. The 16-byte limit comes from the max PIN length of 12 bytes across all card
+        // implementations in lib/libelectronic-id/src/electronic-ids/pcsc/.
+        pin.reserve(5 + 16);
         getPin(pin, cardCertAndPin.cardInfo->eid(), window);
-        const auto signature =
-            createSignature(origin.url(), challengeNonce, cardCertAndPin.cardInfo->eid(), std::move(pin));
+        const auto signature = createSignature(origin.url(), challengeNonce,
+                                               cardCertAndPin.cardInfo->eid(), std::move(pin));
         return createAuthenticationToken(signatureAlgorithm, cardCertAndPin.certificateBytesInDer,
                                          signature);
 

diff --git a/src/controller/command-handlers/sign.cpp b/src/controller/command-handlers/sign.cpp
@@ -99,9 +99,13 @@ QVariantMap Sign::onConfirm(WebEidUI* window, const CardCertificateAndPinInfo& c
 {
     try {
         pcsc_cpp::byte_vector pin;
-        pin.reserve(5 + 16); // Avoid realloc: apdu + pin padding
+        // Reserve space for APDU overhead (5 bytes) + PIN padding (16 bytes) to prevent PIN memory
+        // reallocation. The 16-byte limit comes from the max PIN length of 12 bytes across all card
+        // implementations in lib/libelectronic-id/src/electronic-ids/pcsc/.
+        pin.reserve(5 + 16);
         getPin(pin, cardCertAndPin.cardInfo->eid(), window);
-        const auto signature = signHash(cardCertAndPin.cardInfo->eid(), std::move(pin), docHash, hashAlgo);
+        const auto signature =
+            signHash(cardCertAndPin.cardInfo->eid(), std::move(pin), docHash, hashAlgo);
         return {{QStringLiteral("signature"), signature.first},
                 {QStringLiteral("signatureAlgorithm"), signature.second}};
 

diff --git a/src/mac/CMakeLists.txt b/src/mac/CMakeLists.txt
@@ -49,7 +49,6 @@ set_target_properties(web-eid-safari PROPERTIES
     XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_LIST_DIR}/web-eid-safari.entitlements"
     XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "eu.web-eid.web-eid-safari"
 )
-target_compile_definitions(web-eid-safari PUBLIC QT_DEPRECATED_WARNINGS_SINCE=051200)
 target_link_libraries(web-eid-safari SafariServices controller ui pcsc "-framework Cocoa")
 add_custom_command(TARGET web-eid-safari POST_BUILD
     COMMAND mkdir -p $<TARGET_BUNDLE_CONTENT_DIR:web-eid-safari>/PlugIns

diff --git a/src/mac/js b/src/mac/js
diff --git a/src/mac/main.mm b/src/mac/main.mm
@@ -120,7 +120,7 @@ - (void)notificationEvent:(NSNotification*)notification
     NSDictionary *resp;
     if ([@"status" isEqualToString:req[@"command"]]) {
         resp = [NSApplication
-            toNSDictionary: {{QStringLiteral("version"), qApp->applicationVersion()}}];
+            toNSDictionary: {{QStringLiteral("version"), QCoreApplication::applicationVersion()}}];
     } else {
         try {
             const auto argumentJson =
@@ -142,7 +142,7 @@ Controller controller(std::make_unique<CommandWithArguments>(
     NSLog(@"web-eid-safari: msg to extension nonce (%@) request: %@", nonce, resp);
     setValue(nonce, resp);
     [NSDistributedNotificationCenter.defaultCenter postNotificationName:WebEidExtension object:nonce userInfo:nil deliverImmediately:YES];
-    qApp->quit();
+    QCoreApplication::quit();
 }
 
 @end
@@ -170,7 +170,6 @@ void showSafariSettings() final
 int main(int argc, char* argv[])
 {
     Q_INIT_RESOURCE(web_eid_resources);
-    Q_INIT_RESOURCE(translations);
 
     SafariApplication app(argc, argv, QStringLiteral("web-eid-safari"));
     auto appPtr = &app;

diff --git a/src/ui/CMakeLists.txt b/src/ui/CMakeLists.txt
@@ -1,14 +1,14 @@
-if(${QT_VERSION} VERSION_LESS "5.15.0")
-    macro(qt_add_translation)
-        qt5_add_translation(${ARGN})
-    endmacro()
-    macro(qt_add_resources)
-        qt5_add_resources(${ARGN})
-    endmacro()
-endif()
-
-configure_file(translations/translations.qrc translations.qrc COPYONLY)
-qt_add_translation(SOURCES
+add_library(ui STATIC
+    certificatewidget.cpp
+    certificatewidget.hpp
+    punycode.hpp
+    ui.cpp
+    webeiddialog.cpp
+    webeiddialog.hpp
+    web-eid-resources.qrc
+    dialog.ui
+)
+qt_add_translations(ui TS_FILES
     translations/en.ts
     translations/et.ts
     translations/fi.ts
@@ -19,26 +19,11 @@ qt_add_translation(SOURCES
     translations/nl.ts
     translations/cs.ts
     translations/sk.ts
-)
-add_library(ui STATIC
-    ${SOURCES}
-    ${CMAKE_CURRENT_BINARY_DIR}/translations.qrc
-    certificatewidget.cpp
-    certificatewidget.hpp
-    punycode.hpp
-    ui.cpp
-    webeiddialog.cpp
-    webeiddialog.hpp
-    web-eid-resources.qrc
-    dialog.ui
+    RESOURCE_PREFIX /translations
 )
 set_target_properties(ui PROPERTIES
     AUTORCC ON
     AUTOUIC ON
 )
 target_include_directories(ui PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
-target_link_libraries(ui controller Qt${QT_VERSION_MAJOR}::Svg)
-if(${QT_VERSION_MAJOR} STREQUAL "6")
-    find_package(Qt6 COMPONENTS SvgWidgets REQUIRED)
-    target_link_libraries(ui Qt6::SvgWidgets)
-endif()
+target_link_libraries(ui PUBLIC controller Qt6::SvgWidgets)
diff --git a/src/ui/certificatewidget.cpp b/src/ui/certificatewidget.cpp
@@ -91,11 +91,7 @@ void CertificateWidgetInfo::drawWarnIcon()
     QPainter p(warnIcon);
     QRect cr = warnIcon->contentsRect();
     cr.adjust(warnIcon->margin(), warnIcon->margin(), -warnIcon->margin(), -warnIcon->margin());
-#if QT_VERSION < QT_VERSION_CHECK(5, 15, 0)
-    warnIcon->style()->drawItemPixmap(&p, cr, Qt::AlignCenter, *warnIcon->pixmap());
-#else
-    warnIcon->style()->drawItemPixmap(&p, cr, Qt::AlignCenter, warnIcon->pixmap(Qt::ReturnByValue));
-#endif
+    warnIcon->style()->drawItemPixmap(&p, cr, Qt::AlignCenter, warnIcon->pixmap());
 }
 
 void CertificateWidgetInfo::setCertificateInfo(const CardCertificateAndPinInfo& cardCertPinInfo)

diff --git a/src/ui/translations/translations.qrc b/src/ui/translations/translations.qrc
diff --git a/tests/tests/CMakeLists.txt b/tests/tests/CMakeLists.txt
@@ -8,6 +8,6 @@ target_compile_definitions(web-eid-tests PRIVATE _CRT_SECURE_NO_WARNINGS)
 target_include_directories(web-eid-tests PRIVATE
     ${CMAKE_SOURCE_DIR}/lib/libelectronic-id/tests/mock
 )
-target_link_libraries(web-eid-tests controller mock-ui pcsc-mock Qt${QT_VERSION_MAJOR}::Test)
+target_link_libraries(web-eid-tests controller mock-ui pcsc-mock Qt6::Test)
 
 add_test(web-eid-tests web-eid-tests)
diff --git a/tests/tests/changecertificatevaliduntil.hpp b/tests/tests/changecertificatevaliduntil.hpp
@@ -87,12 +87,12 @@ inline PcscMock::ApduScript replaceCertValidUntilYear(const PcscMock::ApduScript
 
 inline PcscMock::ApduScript replaceCertValidUntilTo2010(const PcscMock::ApduScript& script)
 {
-    return replaceCertValidUntilYear(script, 4, "10");
+    return replaceCertValidUntilYear(script, 3, "10");
 }
 
 inline PcscMock::ApduScript replaceCertValidUntilToNextYear(const PcscMock::ApduScript& script)
 {
     // UTCDateTime needs 2-digit year since 2000, add +1 for next year
-    return replaceCertValidUntilYear(script, 4,
+    return replaceCertValidUntilYear(script, 3,
                                      std::to_string(QDate::currentDate().year() - 2000 + 1));
 }
+0 −1		.github/workflows/cmake-macos.yml
+0 −0		.gitmodules
+3 −5		CMakeLists.txt
+15 −0		include/electronic-id/electronic-id.hpp
+1 −1		include/electronic-id/enums.hpp
+75 −66		lib/libpcsc-cpp/include/pcsc-cpp/pcsc-cpp.hpp
+4 −5		lib/libpcsc-cpp/src/SmartCard.cpp
+31 −39		lib/libpcsc-cpp/src/utils.cpp
+1 −1		lib/libpcsc-cpp/tests/lib/libpcsc-mock/CMakeLists.txt
+0 −0		lib/libpcsc-cpp/tests/lib/libpcsc-mock/scripts/clang-format.sh
+7 −7		lib/libpcsc-cpp/tests/lib/libpcsc-mock/src/pcsc-mock.cpp
+1 −3		lib/libpcsc-cpp/tests/mock/test-connect-to-card-transmit-apdus.cpp
+128 −28		src/electronic-id.cpp
+39 −66		src/electronic-ids/pcsc/EIDIDEMIA.cpp
+4 −25		src/electronic-ids/pcsc/EIDIDEMIA.hpp
+0 −1		src/electronic-ids/pcsc/EstEIDIDEMIA.hpp
+22 −36		src/electronic-ids/pcsc/FinEID.cpp
+0 −73		src/electronic-ids/pcsc/LatEIDIDEMIAv1.cpp
+0 −62		src/electronic-ids/pcsc/LatEIDIDEMIAv1.hpp
+7 −19		src/electronic-ids/pcsc/LatEIDIDEMIAv2.cpp
+7 −5		src/electronic-ids/pcsc/LatEIDIDEMIAv2.hpp
+21 −37		src/electronic-ids/pcsc/pcsc-common.hpp
+2 −1		src/electronic-ids/pkcs11/PKCS11CardManager.hpp
+50 −3		src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp
+7 −3		src/electronic-ids/x509.hpp
+0 −5		tests/common/selectcard.hpp
+1 −0		tests/integration/test-authenticate.cpp
+2 −0		tests/integration/test-get-certificate.cpp
+1 −0		tests/integration/test-signing.cpp
+6 −18		tests/mock/select-certificate-script-EST-IDEMIA.hpp
+4 −10		tests/mock/select-certificate-script-FIN-V3.hpp
+4 −10		tests/mock/select-certificate-script-FIN-V4.hpp
+0 −521		tests/mock/select-certificate-script-LAT-V1.hpp
+6 −28		tests/mock/select-certificate-script-LAT-V2.hpp
+0 −1		tests/mock/select-certificate-script.hpp
+0 −11		tests/mock/test-autoselect-card.cpp
+47 −0		tests/mock/test-find-masked-atr.cpp
+16 −47		tests/mock/test-get-certificate.cpp
+16 −15		tests/mock/test-is-card-supported.cpp
+2 −0		tests/mock/test-pkcs11-token.cpp
+0 −4		.eslintignore
+0 −31		.eslintrc.js
+1 −1		.github/workflows/build.yml
+76 −0		eslint.config.mjs
+0 −2		jest.config.js
+1 −1		lib/web-eid.js
+3,009 −2,172		package-lock.json
+21 −20		package.json
+2 −1		rollup.config.mjs
+5 −15		scripts/build-utils.mjs
+15 −6		scripts/build.mjs
+13 −4		src/background-safari/services/NativeAppService.ts
+5 −5		src/background/actions/TokenSigning/getCertificate.ts
+5 −5		src/background/actions/TokenSigning/sign.ts
+8 −7		src/background/actions/TokenSigning/status.ts
+5 −6		src/background/actions/authenticate.ts
+5 −5		src/background/actions/getSigningCertificate.ts
+5 −5		src/background/actions/sign.ts
+6 −4		src/background/actions/status.ts
+32 −74		src/background/services/NativeAppService.ts
+3 −3		src/shared/ByteArray.ts
+1 −1		src/shared/HwcryptoPatcher.ts
+0 −53		src/shared/utils/timing.ts