merge 3.0.1 into 3.1

corona-warn-app · Feb 1, 2023 · 4ec813d · 4ec813d
2 parents d385df6 + 77fdaac
commit 4ec813d
Show file tree

Hide file tree

Showing 9 changed files with 29 additions and 17 deletions.
diff --git a/src/xcode/ENA/ENA/Resources/Environment/Environments.default.json b/src/xcode/ENA/ENA/Resources/Environment/Environments.default.json
@@ -10,7 +10,11 @@
             "dccURL": "https://dcc.coronawarn.app",
             "dccRecertifyURL": "https://api.reissue.ubirch.com",
             "validationKeyString": "c7DEstcUIRcyk35OYDJ95/hTg3UVhsaDXKT0zK7NhHPXoyzipEnOp3GyNXDVpaPi3cAfQmxeuFMZAIX2+6A5Xg==",
-            "pinningKeyHash": "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab"
+			"pinningKeyHash": [
+				"f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab",
+				"62bdfb71764d97afd156056560fce3e65e6e415b4d2600ac028a04ddeaa92c80",
+				"b79dbce4e7be69ac58417428aa60d2348f97ff667dc8b2094c6e19c87175a3c8"
+			]
         }
     ]
 }
diff --git a/src/xcode/ENA/ENA/Source/Developer Menu/Features/DMNewHttpCommunication/DMNHCViewModel.swift b/src/xcode/ENA/ENA/Source/Developer Menu/Features/DMNewHttpCommunication/DMNHCViewModel.swift
@@ -88,7 +88,7 @@ final class DMNHCViewModel {
 						let requestCertificates = [certificateToReissue] + accompanyingCertificates
 						let sendModel = DCCReissuanceSendModel(action: certificate.action, certificates: requestCertificates)
 						let appConfig = self.appConfiguration.currentAppConfig.value
-						let publicKeyHash = appConfig.dgcParameters.reissueServicePublicKeyDigest
+						let publicKeyHash = [appConfig.dgcParameters.reissueServicePublicKeyDigest]
 						let trustEvaluation = DefaultTrustEvaluation(
 							publicKeyHash: publicKeyHash,
 							certificatePosition: 0

diff --git a/src/xcode/ENA/ENA/Source/Environment/Environments.swift b/src/xcode/ENA/ENA/Source/Environment/Environments.swift
@@ -23,10 +23,10 @@ struct EnvironmentData: Codable {
 	let validationKeyString: String
 
 	/// Used for certificate pinning
-	let pinningKeyHash: String
+	let pinningKeyHash: [String]
 
-	var pinningKeyHashData: Data {
-		pinningKeyHash.dataWithHexString()
+	var pinningKeyHashData: [Data] {
+		pinningKeyHash.map { $0.dataWithHexString() }
 	}
 }
 

diff --git a/src/xcode/ENA/ENA/Source/Environment/__tests__/TestEnvironments.json b/src/xcode/ENA/ENA/Source/Environment/__tests__/TestEnvironments.json
@@ -10,7 +10,9 @@
 			"dccURL": "https://TestEnvironment0.dgc",
 			"dccRecertifyURL": "https://TestEnvironment0.logupload",
 			"validationKeyString": "Key0",
-			"pinningKeyHash": "hash0"
+			"pinningKeyHash": [
+				"hash0"
+			]
 		},
 		{
 			"name": "TestEnvironment1",
@@ -22,7 +24,9 @@
 			"dccURL": "https://TestEnvironment1.dgc",
 			"dccRecertifyURL": "https://TestEnvironment1.logupload",
 			"validationKeyString": "Key1",
-			"pinningKeyHash": "hash1"
+			"pinningKeyHash": [
+				"hash1"
+			]
 		},
 		{
 			"name": "TestEnvironment2",
@@ -34,7 +38,9 @@
 			"dccURL": "https://TestEnvironment2.dgc",
 			"dccRecertifyURL": "https://TestEnvironment2.logupload",
 			"validationKeyString": "Key2",
-			"pinningKeyHash": "hash2"
+			"pinningKeyHash": [
+				"hash2"
+			]
 		},
 		{
 			"name": "prod",
@@ -46,7 +52,9 @@
 			"dccURL": "https://prod.dgc",
 			"dccRecertifyURL": "https://prod.recertify",
 			"validationKeyString": "Key",
-			"pinningKeyHash": "hash"
+			"pinningKeyHash": [
+				"hash"
+			]
 		}
 	]
 }
diff --git a/src/xcode/ENA/ENA/Source/HTTPClientCore/Security/EvaluateTrust/DefaultTrustEvaluation.swift b/src/xcode/ENA/ENA/Source/HTTPClientCore/Security/EvaluateTrust/DefaultTrustEvaluation.swift
@@ -11,7 +11,7 @@ public enum DefaultTrustEvaluationError {
 class DefaultTrustEvaluation: TrustEvaluating {
 
 	init(
-		publicKeyHash: Data,
+		publicKeyHash: [Data],
 		// 1 is used as default for backwards compatibility.
 		certificatePosition: Int = 1
 	) {
@@ -45,7 +45,7 @@ class DefaultTrustEvaluation: TrustEvaluating {
 		guard let serverCertificate = SecTrustGetCertificateAtIndex(trust, certificatePosition),
 			  let serverPublicKey = SecCertificateCopyKey(serverCertificate),
 			  let serverPublicKeyData = SecKeyCopyExternalRepresentation(serverPublicKey, nil ) as Data?,
-			  publicKeyHash == serverPublicKeyData.sha256()
+			  publicKeyHash.contains(where: { $0 == serverPublicKeyData.sha256() })
 		else {
 			Log.error("Certificate mismatch.")
 			trustEvaluationError = .default(.CERT_MISMATCH)
@@ -64,7 +64,7 @@ class DefaultTrustEvaluation: TrustEvaluating {
 
 	// MARK: - Private
 
-	private let publicKeyHash: Data
+	private let publicKeyHash: [Data]
 	private let certificatePosition: Int
 
 }
diff --git a/...ENA/Source/HTTPClientCore/Security/URLSessionDelegates/CoronaWarnURLSessionDelegate.swift b/...ENA/Source/HTTPClientCore/Security/URLSessionDelegates/CoronaWarnURLSessionDelegate.swift
@@ -19,7 +19,7 @@ final class CoronaWarnURLSessionDelegate: NSObject, URLSessionDelegate {
 	}
 
 	convenience init(
-		publicKeyHash: Data
+		publicKeyHash: [Data]
 	) {
 		self.init(
 			evaluateTrust: DefaultTrustEvaluation(

diff --git a/.../ENA/ENA/Source/HTTPClientCore/Security/__tests__/HTTPClientCertificatePinningTests.swift b/.../ENA/ENA/Source/HTTPClientCore/Security/__tests__/HTTPClientCertificatePinningTests.swift
@@ -10,7 +10,7 @@ class HTTPClientCertificatePinningTests: CWATestCase {
 	/// Testing ~~certificate~~ public key pinning mechanism on a valid and invalid host.
     func testPinning() throws {
 		let coronaWarnURLSessionDelegate = CoronaWarnURLSessionDelegate(
-			publicKeyHash: "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()
+			publicKeyHash: ["f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()]
 		)
 		let session = URLSession(
 			configuration: .coronaWarnSessionConfiguration(),
@@ -70,7 +70,7 @@ class HTTPClientCertificatePinningTests: CWATestCase {
 		]
 
 		let coronaWarnURLSessionDelegate = CoronaWarnURLSessionDelegate(
-			publicKeyHash: "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()
+			publicKeyHash: ["f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()]
 		)
 		let session = URLSession(
 			configuration: .coronaWarnSessionConfiguration(),

diff --git a/...rtificates/Reissuance/ReissuanceConsent/HealthCertificateReissuanceConsentViewModel.swift b/...rtificates/Reissuance/ReissuanceConsent/HealthCertificateReissuanceConsentViewModel.swift
@@ -190,7 +190,7 @@ final class HealthCertificateReissuanceConsentViewModel {
 				}
 
 				let trustEvaluation = DefaultTrustEvaluation(
-					publicKeyHash: appConfig.dgcParameters.reissueServicePublicKeyDigest,
+					publicKeyHash: [appConfig.dgcParameters.reissueServicePublicKeyDigest],
 					certificatePosition: 0
 				)
 				guard let certificateReissuance = self.certifiedPerson.dccWalletInfo?.certificateReissuance else {

diff --git a/src/xcode/fastlane/Fastfile b/src/xcode/fastlane/Fastfile
@@ -19,7 +19,7 @@ ENV["LC_ALL"] = "de_DE.UTF-8"
 ENV["LANG"] = "de_DE.UTF-8"
 
 ENV["FASTLANE_SKIP_UPDATE_CHECK"] = "true"
-
+ENV['ITMSTRANSPORTER_FORCE_ITMS_PACKAGE_UPLOAD'] = 'true'
 
 default_platform(:ios)