Add support for LTA signatures

Modules/LibdigidocLib/Sources/LibdigidocObjC/Libs/digidocpp.xcframework/ios-arm64/digidocpp.framework/Headers/crypto/X509Cert.h

@@ -96,6 +96,7 @@ namespace digidoc
           std::vector<std::string> qcStatements() const;
           bool isCA() const;
           bool isValid(time_t *t = nullptr) const;
+          bool verify(bool noqscd, tm validation_time = {}) const;
 
           X509* handle() const;
           operator std::vector<unsigned char>() const;

Modules/LibdigidocLib/Sources/LibdigidocObjC/Libs/digidocpp.xcframework/ios-arm64/digidocpp.framework/Info.plist

@@ -17,11 +17,11 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>4.3.0</string>
+	<string>4.4.0</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>
-	<string>46</string>
+	<string>48</string>
 	<key>CSResourcesFileMapped</key>
 	<true/>
 	<key>MinimumOSVersion</key>

Modules/LibdigidocLib/Sources/LibdigidocObjC/Libs/digidocpp.xcframework/ios-arm64_x86_64-simulator/digidocpp.framework/Headers/crypto/X509Cert.h

@@ -96,6 +96,7 @@ namespace digidoc
           std::vector<std::string> qcStatements() const;
           bool isCA() const;
           bool isValid(time_t *t = nullptr) const;
+          bool verify(bool noqscd, tm validation_time = {}) const;
 
           X509* handle() const;
           operator std::vector<unsigned char>() const;

Modules/LibdigidocLib/Sources/LibdigidocObjC/Libs/digidocpp.xcframework/ios-arm64_x86_64-simulator/digidocpp.framework/Info.plist

@@ -17,11 +17,11 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>4.3.0</string>
+	<string>4.4.0</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>
-	<string>46</string>
+	<string>48</string>
 	<key>CSResourcesFileMapped</key>
 	<true/>
 	<key>MinimumOSVersion</key>

Modules/LibdigidocLib/Sources/LibdigidocObjC/include/Container/DigiDocContainerWrapper.h

@@ -39,6 +39,9 @@ NS_ASSUME_NONNULL_BEGIN
 + (NSString *)libdigidocppVersion;
 + (NSString *)mediaType;
 
++ (void)extendLastSignatureToLTA:(NSString *)containerPath completion:(void (^)(NSError * _Nullable error))completion;
++ (void)extendAllSignaturesToLTA:(NSString *)containerPath completion:(void (^)(NSError * _Nullable error))completion;
+
 @end
 
 NS_ASSUME_NONNULL_END

Modules/LibdigidocLib/Sources/LibdigidocObjC/include/Container/DigiDocContainerWrapper.mm

@@ -86,6 +86,7 @@ + (NSData *)getNSDataFromVector:(const std::vector<unsigned char>&)vectorData {
     return [NSData dataWithBytes:vectorData.data() length:vectorData.size()];
 }
 
+
 + (DigiDocSignatureStatus)determineSignatureStatus:(int)status {
     typedef digidoc::Signature::Validator::Status Status;
 
@@ -133,6 +134,16 @@ + (DigiDocSignature *)getSignature:(digidoc::Signature *)signature pos:(int)pos
     digiDocSignature.messageImprint = [NSData dataWithBytes:signature->messageImprint().data() length:signature->messageImprint().size()];
     digiDocSignature.trustedSigningTime = [NSString stringWithUTF8String:signature->trustedSigningTime().c_str()];
 
+    auto archiveTimestamps = signature->ArchiveTimeStamps();
+    if (!archiveTimestamps.empty()) {
+        const auto& firstTS = archiveTimestamps.front();
+        digiDocSignature.archiveTimestampTime = [NSString stringWithUTF8String:firstTS.time.c_str()];
+        digiDocSignature.archiveTimestampCert = [DigiDocContainerWrapper getNSDataFromVector:firstTS.cert];
+    } else {
+        digiDocSignature.archiveTimestampTime = @"";
+        digiDocSignature.archiveTimestampCert = [NSData data];
+    }
+
     std::vector<std::string> signerRoles = signature->signerRoles();
     NSMutableArray* signerRolesList = [NSMutableArray arrayWithCapacity: signerRoles.size()];
     for (auto const& signerRole: signerRoles) {
@@ -358,5 +369,31 @@ + (void)removeDataFileFromContainerWithPath:(NSString *)containerPath atIndex:(N
     } completion:completion];
 }
 
++ (void)extendLastSignatureToLTA:(NSString *)containerPath completion:(void (^)(NSError * _Nullable error))completion {
+    [self open:containerPath validateOnline:YES command:^(digidoc::Container &container) {
+        auto sigs = container.signatures();
+        if (!sigs.empty()) {
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+            sigs.back()->extendSignatureProfile("time-stamp-archive");
+#pragma clang diagnostic pop
+        }
+        container.save(containerPath.UTF8String);
+    } completion:completion];
+}
+
++ (void)extendAllSignaturesToLTA:(NSString *)containerPath completion:(void (^)(NSError * _Nullable error))completion {
+    [self open:containerPath validateOnline:YES command:^(digidoc::Container &container) {
+        auto sigs = container.signatures();
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+        for (auto *sig : sigs) {
+            sig->extendSignatureProfile("time-stamp-archive");
+        }
+#pragma clang diagnostic pop
+        container.save(containerPath.UTF8String);
+    } completion:completion];
+}
+
 
 @end

Modules/LibdigidocLib/Sources/LibdigidocObjC/include/Model/DigiDocSignature.h

@@ -52,5 +52,8 @@ typedef NS_ENUM(int, DigiDocSignatureStatus) {
 @property (nonatomic, assign) DigiDocSignatureStatus status;
 @property (nonatomic, strong) NSString *diagnosticsInfo;
 
+@property (nonatomic, strong) NSString *archiveTimestampTime;
+@property (nonatomic, strong) NSData *archiveTimestampCert;
+
 @end
 

Modules/LibdigidocLib/Sources/LibdigidocSwift/Domain/Container/ContainerWrapper.swift

@@ -263,6 +263,44 @@ public actor ContainerWrapper: ContainerWrapperProtocol, Loggable {
         }
     }
 
+    @discardableResult
+    public func extendSignatureToLTA(containerFile: URL) async throws -> ContainerWrapperProtocol {
+        do {
+            try await withCheckedThrowingContinuation { (continuation: CheckedContinuation<Void, Error>) in
+                DigiDocContainerWrapper.extendLastSignature(toLTA: containerFile.resolvedPath) { error in
+                    if let error = error {
+                        continuation.resume(throwing: error)
+                    } else {
+                        continuation.resume()
+                    }
+                }
+            }
+            return try await open(containerFile: containerFile, isSivaConfirmed: true)
+        } catch {
+            let nsError = (error as NSError?) ?? NSError(domain: "ContainerWrapper - cannot extend signature to LTA", code: 8)
+            throw DigiDocError.signatureExtensionFailed(ErrorDetail(nsError: nsError))
+        }
+    }
+
+    @discardableResult
+    public func extendSignaturesToLTA(containerFile: URL) async throws -> ContainerWrapperProtocol {
+        do {
+            try await withCheckedThrowingContinuation { (continuation: CheckedContinuation<Void, Error>) in
+                DigiDocContainerWrapper.extendAllSignatures(toLTA: containerFile.resolvedPath) { error in
+                    if let error = error {
+                        continuation.resume(throwing: error)
+                    } else {
+                        continuation.resume()
+                    }
+                }
+            }
+            return try await open(containerFile: containerFile, isSivaConfirmed: true)
+        } catch {
+            let nsError = (error as NSError?) ?? NSError(domain: "ContainerWrapper - cannot extend signatures to LTA", code: 9)
+            throw DigiDocError.signatureExtensionFailed(ErrorDetail(nsError: nsError))
+        }
+    }
+
     private static func signatureStatusToDigiDocStatus(_ status: DigiDocSignatureStatus) -> SignatureStatus {
         switch status {
         case .Valid:
@@ -339,7 +377,9 @@ public actor ContainerWrapper: ContainerWrapperProtocol, Loggable {
                 status: signatureStatusToDigiDocStatus(signature.status),
                 format: signature.format,
                 messageImprint: signature.messageImprint,
-                diagnosticsInfo: signature.diagnosticsInfo
+                diagnosticsInfo: signature.diagnosticsInfo,
+                archiveTimestampTime: signature.archiveTimestampTime,
+                archiveTimestampCert: signature.archiveTimestampCert
             )
         }
     }

Modules/LibdigidocLib/Sources/LibdigidocSwift/Domain/Container/ContainerWrapperProtocol.swift

@@ -39,6 +39,8 @@ public protocol ContainerWrapperProtocol: Sendable {
         userAgent: String
     ) async throws -> Data
     func addSignature(signature: Data, containerFile: URL) async throws -> ContainerWrapperProtocol
+    @discardableResult func extendSignatureToLTA(containerFile: URL) async throws -> ContainerWrapperProtocol
+    @discardableResult func extendSignaturesToLTA(containerFile: URL) async throws -> ContainerWrapperProtocol
 }
 
 extension ContainerWrapperProtocol {

Modules/LibdigidocLib/Sources/LibdigidocSwift/Domain/Models/SignatureWrapper.swift

@@ -52,6 +52,13 @@ public struct SignatureWrapper: Sendable, Identifiable, Hashable {
     public var status: SignatureStatus
     public var diagnosticsInfo: String
 
+    public var archiveTimestampTime: String
+    public var archiveTimestampCert: Data
+
+    public var isLTAExtended: Bool {
+        !archiveTimestampCert.isEmpty
+    }
+
     public init(pos: Int,
                 signingCert: Data,
                 timestampCert: Data,
@@ -71,7 +78,9 @@ public struct SignatureWrapper: Sendable, Identifiable, Hashable {
                 status: SignatureStatus = .unknown,
                 format: String,
                 messageImprint: Data,
-                diagnosticsInfo: String) {
+                diagnosticsInfo: String,
+                archiveTimestampTime: String = "",
+                archiveTimestampCert: Data = Data()) {
         self.pos = pos
         self.signingCert = signingCert
         self.timestampCert = timestampCert
@@ -92,5 +101,7 @@ public struct SignatureWrapper: Sendable, Identifiable, Hashable {
         self.format = format
         self.messageImprint = messageImprint
         self.diagnosticsInfo = diagnosticsInfo
+        self.archiveTimestampTime = archiveTimestampTime
+        self.archiveTimestampCert = archiveTimestampCert
     }
 }

Modules/LibdigidocLib/Sources/LibdigidocSwift/Errors/DigiDocError.swift

@@ -31,6 +31,7 @@ public enum DigiDocError: Error {
     case signatureRemovingFailed(ErrorDetail)
     case dataFileRemovingFailed(ErrorDetail)
     case signatureAddingFailed(ErrorDetail)
+    case signatureExtensionFailed(ErrorDetail)
 
     public var errorDetail: ErrorDetail {
         switch self {
@@ -43,7 +44,8 @@ public enum DigiDocError: Error {
                 .containerDataFileSavingFailed(let errorDetail),
                 .signatureRemovingFailed(let errorDetail),
                 .dataFileRemovingFailed(let errorDetail),
-                .signatureAddingFailed(let errorDetail):
+                .signatureAddingFailed(let errorDetail),
+                .signatureExtensionFailed(let errorDetail):
             return errorDetail
 
         case .alreadyInitialized:

Modules/LibdigidocLib/Sources/LibdigidocSwift/SignedContainer.swift

@@ -291,6 +291,42 @@ public actor SignedContainer: SignedContainerProtocol, Loggable {
             containerUtil: containerUtil
         )
     }
+
+    @discardableResult
+    public func extendSignature() async throws -> SignedContainerProtocol {
+        guard let containerFile else {
+            throw DigiDocError.signatureExtensionFailed(
+                ErrorDetail(message: "Cannot extend signature: container file is nil", code: 0)
+            )
+        }
+        let containerWrapper = try await container.extendSignatureToLTA(containerFile: containerFile)
+        return SignedContainer(
+            containerFile: containerFile,
+            isExistingContainer: true,
+            container: containerWrapper,
+            timestamps: timestamps,
+            fileManager: fileManager,
+            containerUtil: containerUtil
+        )
+    }
+
+    @discardableResult
+    public func extendSignatures() async throws -> SignedContainerProtocol {
+        guard let containerFile else {
+            throw DigiDocError.signatureExtensionFailed(
+                ErrorDetail(message: "Cannot extend signatures: container file is nil", code: 0)
+            )
+        }
+        let containerWrapper = try await container.extendSignaturesToLTA(containerFile: containerFile)
+        return SignedContainer(
+            containerFile: containerFile,
+            isExistingContainer: true,
+            container: containerWrapper,
+            timestamps: timestamps,
+            fileManager: fileManager,
+            containerUtil: containerUtil
+        )
+    }
 }
 
 extension SignedContainer {

Modules/LibdigidocLib/Sources/LibdigidocSwift/SignedContainerProtocol.swift

@@ -52,10 +52,19 @@ public protocol SignedContainerProtocol: GeneralContainer, Sendable {
         userAgent: String
     ) async throws -> Data
     func addSignature(signature: Data, containerFile: URL) async throws -> SignedContainerProtocol
+    @discardableResult func extendSignature() async throws -> SignedContainerProtocol
+    @discardableResult func extendSignatures() async throws -> SignedContainerProtocol
 }
 
 extension SignedContainerProtocol {
     func saveDataFile(dataFile: DataFileWrapper) async throws -> URL {
         try await saveDataFile(dataFile: dataFile, to: nil)
     }
+
+    public func extendSignatureIfEnabled(_ enabled: Bool) async throws -> any SignedContainerProtocol {
+        guard enabled else { return self }
+        let mimetype = await getContainerMimetype()
+        guard mimetype != CommonsLib.Constants.MimeType.Ddoc else { return self }
+        return try await extendSignature()
+    }
 }

RIADigiDoc/DI/AppContainer.swift

@@ -357,6 +357,15 @@ extension Container {
         }
     }
 
+    @MainActor
+    var ltaSettingsViewModel: Factory<LTASettingsViewModel> {
+        self { @MainActor in
+            LTASettingsViewModel(
+                dataStore: self.dataStore()
+            )
+        }
+    }
+
     var signatureUtil: Factory<SignatureUtilProtocol> {
         self { SignatureUtil() }
     }

RIADigiDoc/Domain/Model/Settings/SigningServicesSettingsViewTab.swift

@@ -20,4 +20,5 @@
 enum SigningServicesSettingsViewTab: Int, Sendable {
     case timestampServices = 0
     case mobileIdAndSmartId = 1
+    case lta = 2
 }

RIADigiDoc/Domain/Preferences/DataStore.swift

@@ -505,6 +505,16 @@ public actor DataStore: DataStoreProtocol {
         userDefaults().set(isAlwaysEnabled, forKey: Keys.isCrashlyticsAlwaysEnabled)
     }
 
+    // MARK: - LTA Settings
+
+    public func getIsDefaultLTAEnabled() async -> Bool {
+        userDefaults().bool(forKey: Keys.isDefaultLTAEnabled)
+    }
+
+    public func setIsDefaultLTAEnabled(_ isEnabled: Bool) async {
+        userDefaults().set(isEnabled, forKey: Keys.isDefaultLTAEnabled)
+    }
+
     // MARK: - Migration
     public func getIsRecentDocumentsMigrationDone() async -> Bool {
         userDefaults().bool(forKey: Keys.isRecentDocumentsMigrationDone)
@@ -581,5 +591,6 @@ public actor DataStore: DataStoreProtocol {
         static let isLogFileSaved = "isLogFileSaved"
         static let isCrashlyticsAlwaysEnabled = "isCrashlyticsAlwaysEnabled"
         static let isRecentDocumentsMigrationDone = "isRecentDocumentsMigrationDone"
+        static let isDefaultLTAEnabled = "isDefaultLTAEnabled"
     }
 }

RIADigiDoc/Domain/Preferences/DataStoreProtocol.swift

@@ -123,6 +123,10 @@ public protocol DataStoreProtocol: Sendable {
     func getIsCrashlyticsAlwaysEnabled() async -> Bool
     func setIsCrashlyticsAlwaysEnabled(_ isEnabled: Bool) async
 
+    // MARK: - LTA Settings
+    func getIsDefaultLTAEnabled() async -> Bool
+    func setIsDefaultLTAEnabled(_ isEnabled: Bool) async
+
     // MARK: - Migration
     func getIsRecentDocumentsMigrationDone() async -> Bool
     func setIsRecentDocumentsMigrationDone(_ isDone: Bool) async