Merge pull request #247 from openpassport-org/update-csca

Update csca - fix bug on android
openpassport-org · Nov 17, 2024 · 8249e5b · 8249e5b
2 parents 16db2ef + 4cf4ac5
commit 8249e5b
Show file tree

Hide file tree

Showing 20 changed files with 1,831 additions and 1,347 deletions.
diff --git a/app/android/app/build.gradle b/app/android/app/build.gradle
@@ -85,8 +85,8 @@ android {
         applicationId "com.proofofpassportapp"
         minSdkVersion rootProject.ext.minSdkVersion
         targetSdkVersion rootProject.ext.targetSdkVersion
-        versionCode 14
-        versionName "1.3"
+        versionCode 15
+        versionName "1.4"
         externalNativeBuild {
             cmake {
                 cppFlags += "-fexceptions -frtti -std=c++11"

diff --git a/app/ios/OpenPassport.xcodeproj/project.pbxproj b/app/ios/OpenPassport.xcodeproj/project.pbxproj
@@ -500,7 +500,7 @@
 				CODE_SIGN_ENTITLEMENTS = OpenPassport/OpenPassportDebug.entitlements;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 65;
+				CURRENT_PROJECT_VERSION = 66;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				DEVELOPMENT_TEAM = 5B29R5LYHQ;
 				ENABLE_BITCODE = NO;
@@ -615,7 +615,7 @@
 					"$(PROJECT_DIR)",
 					"$(PROJECT_DIR)/MoproKit/Libs",
 				);
-				MARKETING_VERSION = 1.9.8;
+				MARKETING_VERSION = 1.9.9;
 				OTHER_LDFLAGS = (
 					"$(inherited)",
 					"-ObjC",
@@ -639,7 +639,7 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_ENTITLEMENTS = OpenPassport/OpenPassport.entitlements;
-				CURRENT_PROJECT_VERSION = 65;
+				CURRENT_PROJECT_VERSION = 66;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				DEVELOPMENT_TEAM = 5B29R5LYHQ;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -753,7 +753,7 @@
 					"$(PROJECT_DIR)",
 					"$(PROJECT_DIR)/MoproKit/Libs",
 				);
-				MARKETING_VERSION = 1.9.8;
+				MARKETING_VERSION = 1.9.9;
 				OTHER_LDFLAGS = (
 					"$(inherited)",
 					"-ObjC",

diff --git a/app/src/screens/SplashScreen.tsx b/app/src/screens/SplashScreen.tsx
@@ -9,7 +9,7 @@ const SplashScreen = () => {
     const { setSelectedTab } = useNavigationStore();
     useEffect(() => {
         if (userLoaded) {
-            if (passportData) {
+            if (passportData && passportData.dg2Hash && !passportData.mockUser) {
                 setSelectedTab('app');
             } else {
                 setSelectedTab('start');

diff --git a/app/src/utils/nfcScanner.ts b/app/src/utils/nfcScanner.ts
@@ -230,13 +230,17 @@ const handleResponseAndroid = async (
     LDSVersion,
     unicodeVersion,
     encapContent,
-    documentSigningCertificate
+    documentSigningCertificate,
+    dataGroupHashes
   } = response;
 
+  const dgHashesObj = JSON.parse(dataGroupHashes);
+  const dg2Hash = dgHashesObj["2"]; // This will give you the DG2 hash
   const pem = "-----BEGIN CERTIFICATE-----" + documentSigningCertificate + "-----END CERTIFICATE-----"
   const passportData: PassportData = {
     mrz: mrz.replace(/\n/g, ''),
     dsc: pem,
+    dg2Hash,
     eContent: JSON.parse(encapContent),
     signedAttr: JSON.parse(eContent),
     encryptedDigest: JSON.parse(encryptedDigest),

diff --git a/common/.yarn/install-state.gz b/common/.yarn/install-state.gz
diff --git a/common/pubkeys/serialized_csca_tree.json b/common/pubkeys/serialized_csca_tree.json
diff --git a/registry/.yarn/install-state.gz b/registry/.yarn/install-state.gz
diff --git a/registry/.yarnrc.yml b/registry/.yarnrc.yml
@@ -0,0 +1 @@
+nodeLinker: node-modules
diff --git a/registry/package.json b/registry/package.json
@@ -4,11 +4,11 @@
     "prisma": "^5.18.0"
   },
   "dependencies": {
-    "@peculiar/x509": "^1.11.0",
-    "@prisma/client": "^5.19.0",
     "@openpassport/zk-kit-imt": "^0.0.5",
     "@openpassport/zk-kit-lean-imt": "^0.0.6",
     "@openpassport/zk-kit-smt": "^0.0.1",
+    "@peculiar/x509": "^1.11.0",
+    "@prisma/client": "^5.19.0",
     "asn1": "^0.2.6",
     "asn1.js": "^5.4.1",
     "asn1js": "^3.0.5",
@@ -28,4 +28,4 @@
     "parse-data": "ts-node src/parseData.ts"
   },
   "license": "MIT"
-}
+}
diff --git a/registry/src/parseData.ts b/registry/src/parseData.ts
@@ -1,7 +1,7 @@
 import { processCertificate } from "./utils/processCertificate";
 import path from 'path';
 import fs from 'fs';
-import { getListOfExponents, getMapJson } from "./utils/parseData";
+import { getListOfExponents, getMapJson, getSkiPemJson } from "./utils/parseData";
 const csca_pem_directory_path = path.join(__dirname, '..', 'outputs', 'csca', 'pem_masterlist');
 const dsc_pem_directory_path = path.join(__dirname, '..', 'outputs', 'dsc', 'pem_masterlist');
 import { CertificateData } from './utils/dataStructure';
@@ -11,6 +11,9 @@ function main(arg: string) {
     // CSCA certificates
     if (arg === 'csca') {
         let csca_certificates: { [key: string]: CertificateData } = {};
+        const seenSKIs = new Set<string>();
+        const duplicates: string[] = [];
+
         // Parse data
         const files = fs.readdirSync(csca_pem_directory_path);
         for (const file of files) {
@@ -20,8 +23,15 @@ function main(arg: string) {
                 if (certificate) {
                     const notAfterDate = new Date(certificate.validity.notAfter);
                     if (notAfterDate > new Date()) {
-                        csca_certificates[file] = certificate;
+                        // Check if we've seen this SKI before
+                        // if (seenSKIs.has(certificate.subjectKeyIdentifier)) {
+                        //     console.log('\x1b[33m%s\x1b[0m', `Skipping duplicate SKI in ${file} (SKI: ${certificate.subjectKeyIdentifier})`);
+                        //     duplicates.push(file);
+                        //     continue;
+                        // }
 
+                        // seenSKIs.add(certificate.subjectKeyIdentifier);
+                        csca_certificates[file] = certificate;
                     } else {
                         console.log('\x1b[90m%s\x1b[0m', `certificate ${file} is expired.`);
                     }
@@ -30,19 +40,19 @@ function main(arg: string) {
             catch (error) {
                 console.log('\x1b[90m%s\x1b[0m', `certificate ${file} is invalid.`);
             }
-
         }
 
-        //Get list of exponents
-        const exponents = getListOfExponents(csca_certificates);
-        console.log(exponents);
-
-        // Get map json
-        // const mapJson = getMapJson(csca_certificates);
-        // console.log(mapJson);
+        // Log summary of duplicates
+        if (duplicates.length > 0) {
+            console.log('\x1b[33m%s\x1b[0m', `\nFound ${duplicates.length} duplicate certificates (by SKI):`);
+            duplicates.forEach(file => console.log('\x1b[33m%s\x1b[0m', `- ${file}`));
+        }
 
-        // Get map json
+        const skiPemJson = getSkiPemJson(csca_certificates);
+        console.log('\nProcessed certificates:', Object.keys(csca_certificates).length);
+        console.log('Unique SKIs:', seenSKIs.size);
 
+        fs.writeFileSync(path.join(__dirname, '..', 'outputs', 'skiPemMasterList.json'), JSON.stringify(skiPemJson, null, 2));
 
     }
 

diff --git a/registry/src/utils/parseData.ts b/registry/src/utils/parseData.ts
@@ -68,16 +68,19 @@ function getMapKey(certificateData: CertificateData): string {
     return `${hashAlgorithm.toLowerCase()} ${signatureAlgorithm.toLowerCase()} ${keyDetails}`;
 }
 
-export async function getSkiPemJson(certificates: { [key: string]: CertificateData }) {
-
+export function getSkiPemJson(certificates: { [key: string]: CertificateData }) {
     const skiPemMap: { [ski: string]: string } = {};
 
+    console.log('Total certificates to process:', Object.keys(certificates).length);
+
     for (const certificateData of Object.values(certificates)) {
-        if (certificateData.rawPem) {
+        if (certificateData.rawPem && certificateData.subjectKeyIdentifier) {
             skiPemMap[certificateData.subjectKeyIdentifier] = certificateData.rawPem;
         }
     }
 
+    console.log('Final map size:', Object.keys(skiPemMap).length);
+
     return skiPemMap;
 }