merge 3.0.1 into 3.1

naveeddotio · naveeddotio · commit 4ec813d7f428 · 2023-02-01T15:40:59.000+01:00
diff --git a/src/xcode/ENA/ENA/Resources/Environment/Environments.default.json b/src/xcode/ENA/ENA/Resources/Environment/Environments.default.json
@@ -10,7 +10,11 @@
             "dccURL": "https://dcc.coronawarn.app",
             "dccRecertifyURL": "https://api.reissue.ubirch.com",
             "validationKeyString": "c7DEstcUIRcyk35OYDJ95/hTg3UVhsaDXKT0zK7NhHPXoyzipEnOp3GyNXDVpaPi3cAfQmxeuFMZAIX2+6A5Xg==",
-            "pinningKeyHash": "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab"
+			"pinningKeyHash": [
+				"f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab",
+				"62bdfb71764d97afd156056560fce3e65e6e415b4d2600ac028a04ddeaa92c80",
+				"b79dbce4e7be69ac58417428aa60d2348f97ff667dc8b2094c6e19c87175a3c8"
+			]
         }
     ]
 }
diff --git a/src/xcode/ENA/ENA/Source/Developer Menu/Features/DMNewHttpCommunication/DMNHCViewModel.swift b/src/xcode/ENA/ENA/Source/Developer Menu/Features/DMNewHttpCommunication/DMNHCViewModel.swift
@@ -88,7 +88,7 @@ final class DMNHCViewModel {
 						let requestCertificates = [certificateToReissue] + accompanyingCertificates
 						let sendModel = DCCReissuanceSendModel(action: certificate.action, certificates: requestCertificates)
 						let appConfig = self.appConfiguration.currentAppConfig.value
-						let publicKeyHash = appConfig.dgcParameters.reissueServicePublicKeyDigest
+						let publicKeyHash = [appConfig.dgcParameters.reissueServicePublicKeyDigest]
 						let trustEvaluation = DefaultTrustEvaluation(
 							publicKeyHash: publicKeyHash,
 							certificatePosition: 0
diff --git a/src/xcode/ENA/ENA/Source/Environment/Environments.swift b/src/xcode/ENA/ENA/Source/Environment/Environments.swift
@@ -23,10 +23,10 @@ struct EnvironmentData: Codable {
 	let validationKeyString: String
 
 	/// Used for certificate pinning
-	let pinningKeyHash: String
+	let pinningKeyHash: [String]
 	
-	var pinningKeyHashData: Data {
-		pinningKeyHash.dataWithHexString()
+	var pinningKeyHashData: [Data] {
+		pinningKeyHash.map { $0.dataWithHexString() }
 	}
 }
 
diff --git a/src/xcode/ENA/ENA/Source/Environment/__tests__/TestEnvironments.json b/src/xcode/ENA/ENA/Source/Environment/__tests__/TestEnvironments.json
@@ -10,7 +10,9 @@
 			"dccURL": "https://TestEnvironment0.dgc",
 			"dccRecertifyURL": "https://TestEnvironment0.logupload",
 			"validationKeyString": "Key0",
-			"pinningKeyHash": "hash0"
+			"pinningKeyHash": [
+				"hash0"
+			]
 		},
 		{
 			"name": "TestEnvironment1",
@@ -22,7 +24,9 @@
 			"dccURL": "https://TestEnvironment1.dgc",
 			"dccRecertifyURL": "https://TestEnvironment1.logupload",
 			"validationKeyString": "Key1",
-			"pinningKeyHash": "hash1"
+			"pinningKeyHash": [
+				"hash1"
+			]
 		},
 		{
 			"name": "TestEnvironment2",
@@ -34,7 +38,9 @@
 			"dccURL": "https://TestEnvironment2.dgc",
 			"dccRecertifyURL": "https://TestEnvironment2.logupload",
 			"validationKeyString": "Key2",
-			"pinningKeyHash": "hash2"
+			"pinningKeyHash": [
+				"hash2"
+			]
 		},
 		{
 			"name": "prod",
@@ -46,7 +52,9 @@
 			"dccURL": "https://prod.dgc",
 			"dccRecertifyURL": "https://prod.recertify",
 			"validationKeyString": "Key",
-			"pinningKeyHash": "hash"
+			"pinningKeyHash": [
+				"hash"
+			]
 		}
 	]
 }
diff --git a/src/xcode/ENA/ENA/Source/HTTPClientCore/Security/EvaluateTrust/DefaultTrustEvaluation.swift b/src/xcode/ENA/ENA/Source/HTTPClientCore/Security/EvaluateTrust/DefaultTrustEvaluation.swift
@@ -11,7 +11,7 @@ public enum DefaultTrustEvaluationError {
 class DefaultTrustEvaluation: TrustEvaluating {
 	
 	init(
-		publicKeyHash: Data,
+		publicKeyHash: [Data],
 		// 1 is used as default for backwards compatibility.
 		certificatePosition: Int = 1
 	) {
@@ -45,7 +45,7 @@ class DefaultTrustEvaluation: TrustEvaluating {
 		guard let serverCertificate = SecTrustGetCertificateAtIndex(trust, certificatePosition),
 			  let serverPublicKey = SecCertificateCopyKey(serverCertificate),
 			  let serverPublicKeyData = SecKeyCopyExternalRepresentation(serverPublicKey, nil ) as Data?,
-			  publicKeyHash == serverPublicKeyData.sha256()
+			  publicKeyHash.contains(where: { $0 == serverPublicKeyData.sha256() })
 		else {
 			Log.error("Certificate mismatch.")
 			trustEvaluationError = .default(.CERT_MISMATCH)
@@ -64,7 +64,7 @@ class DefaultTrustEvaluation: TrustEvaluating {
 
 	// MARK: - Private
 	
-	private let publicKeyHash: Data
+	private let publicKeyHash: [Data]
 	private let certificatePosition: Int
 	
 }
diff --git a/src/xcode/ENA/ENA/Source/HTTPClientCore/Security/URLSessionDelegates/CoronaWarnURLSessionDelegate.swift b/src/xcode/ENA/ENA/Source/HTTPClientCore/Security/URLSessionDelegates/CoronaWarnURLSessionDelegate.swift
@@ -19,7 +19,7 @@ final class CoronaWarnURLSessionDelegate: NSObject, URLSessionDelegate {
 	}
 
 	convenience init(
-		publicKeyHash: Data
+		publicKeyHash: [Data]
 	) {
 		self.init(
 			evaluateTrust: DefaultTrustEvaluation(
diff --git a/src/xcode/ENA/ENA/Source/HTTPClientCore/Security/__tests__/HTTPClientCertificatePinningTests.swift b/src/xcode/ENA/ENA/Source/HTTPClientCore/Security/__tests__/HTTPClientCertificatePinningTests.swift
@@ -10,7 +10,7 @@ class HTTPClientCertificatePinningTests: CWATestCase {
 	/// Testing ~~certificate~~ public key pinning mechanism on a valid and invalid host.
     func testPinning() throws {
 		let coronaWarnURLSessionDelegate = CoronaWarnURLSessionDelegate(
-			publicKeyHash: "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()
+			publicKeyHash: ["f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()]
 		)
 		let session = URLSession(
 			configuration: .coronaWarnSessionConfiguration(),
@@ -70,7 +70,7 @@ class HTTPClientCertificatePinningTests: CWATestCase {
 		]
 
 		let coronaWarnURLSessionDelegate = CoronaWarnURLSessionDelegate(
-			publicKeyHash: "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()
+			publicKeyHash: ["f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()]
 		)
 		let session = URLSession(
 			configuration: .coronaWarnSessionConfiguration(),
diff --git a/src/xcode/ENA/ENA/Source/Scenes/HealthCertificates/Reissuance/ReissuanceConsent/HealthCertificateReissuanceConsentViewModel.swift b/src/xcode/ENA/ENA/Source/Scenes/HealthCertificates/Reissuance/ReissuanceConsent/HealthCertificateReissuanceConsentViewModel.swift
@@ -190,7 +190,7 @@ final class HealthCertificateReissuanceConsentViewModel {
 				}
 				
 				let trustEvaluation = DefaultTrustEvaluation(
-					publicKeyHash: appConfig.dgcParameters.reissueServicePublicKeyDigest,
+					publicKeyHash: [appConfig.dgcParameters.reissueServicePublicKeyDigest],
 					certificatePosition: 0
 				)
 				guard let certificateReissuance = self.certifiedPerson.dccWalletInfo?.certificateReissuance else {
diff --git a/src/xcode/fastlane/Fastfile b/src/xcode/fastlane/Fastfile
@@ -19,7 +19,7 @@ ENV["LC_ALL"] = "de_DE.UTF-8"
 ENV["LANG"] = "de_DE.UTF-8"
 
 ENV["FASTLANE_SKIP_UPDATE_CHECK"] = "true"
-
+ENV['ITMSTRANSPORTER_FORCE_ITMS_PACKAGE_UPLOAD'] = 'true'
 
 default_platform(:ios)
 

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,11 @@`
`10`	`10`	`"dccURL": "https://dcc.coronawarn.app",`
`11`	`11`	`"dccRecertifyURL": "https://api.reissue.ubirch.com",`
`12`	`12`	`"validationKeyString": "c7DEstcUIRcyk35OYDJ95/hTg3UVhsaDXKT0zK7NhHPXoyzipEnOp3GyNXDVpaPi3cAfQmxeuFMZAIX2+6A5Xg==",`
`13`		`- "pinningKeyHash": "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab"`
	`13`	`+ "pinningKeyHash": [`
	`14`	`+ "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab",`
	`15`	`+ "62bdfb71764d97afd156056560fce3e65e6e415b4d2600ac028a04ddeaa92c80",`
	`16`	`+ "b79dbce4e7be69ac58417428aa60d2348f97ff667dc8b2094c6e19c87175a3c8"`
	`17`	`+ ]`
`14`	`18`	`}`
`15`	`19`	`]`
`16`	`20`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,10 +23,10 @@ struct EnvironmentData: Codable {`
`23`	`23`	`let validationKeyString: String`
`24`	`24`
`25`	`25`	`/// Used for certificate pinning`
`26`		`- let pinningKeyHash: String`
	`26`	`+ let pinningKeyHash: [String]`
`27`	`27`
`28`		`- var pinningKeyHashData: Data {`
`29`		`- pinningKeyHash.dataWithHexString()`
	`28`	`+ var pinningKeyHashData: [Data] {`
	`29`	`+ pinningKeyHash.map { $0.dataWithHexString() }`
`30`	`30`	`}`
`31`	`31`	`}`
`32`	`32`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ final class CoronaWarnURLSessionDelegate: NSObject, URLSessionDelegate {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`convenience init(`
`22`		`- publicKeyHash: Data`
	`22`	`+ publicKeyHash: [Data]`
`23`	`23`	`) {`
`24`	`24`	`self.init(`
`25`	`25`	`evaluateTrust: DefaultTrustEvaluation(`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ class HTTPClientCertificatePinningTests: CWATestCase {`
`10`	`10`	`/// Testing ~~certificate~~ public key pinning mechanism on a valid and invalid host.`
`11`	`11`	`func testPinning() throws {`
`12`	`12`	`let coronaWarnURLSessionDelegate = CoronaWarnURLSessionDelegate(`
`13`		`- publicKeyHash: "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()`
	`13`	`+ publicKeyHash: ["f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()]`
`14`	`14`	`)`
`15`	`15`	`let session = URLSession(`
`16`	`16`	`configuration: .coronaWarnSessionConfiguration(),`
`@@ -70,7 +70,7 @@ class HTTPClientCertificatePinningTests: CWATestCase {`
`70`	`70`	`]`
`71`	`71`
`72`	`72`	`let coronaWarnURLSessionDelegate = CoronaWarnURLSessionDelegate(`
`73`		`- publicKeyHash: "f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()`
	`73`	`+ publicKeyHash: ["f30c3959de6b062374f037c505fb3864e1b0678086252ab457ddd97c729d06ab".dataWithHexString()]`
`74`	`74`	`)`
`75`	`75`	`let session = URLSession(`
`76`	`76`	`configuration: .coronaWarnSessionConfiguration(),`
Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,7 @@ final class HealthCertificateReissuanceConsentViewModel {`
`190`	`190`	`}`
`191`	`191`
`192`	`192`	`let trustEvaluation = DefaultTrustEvaluation(`
`193`		`- publicKeyHash: appConfig.dgcParameters.reissueServicePublicKeyDigest,`
	`193`	`+ publicKeyHash: [appConfig.dgcParameters.reissueServicePublicKeyDigest],`
`194`	`194`	`certificatePosition: 0`
`195`	`195`	`)`
`196`	`196`	`guard let certificateReissuance = self.certifiedPerson.dccWalletInfo?.certificateReissuance else {`