54 changes: 27 additions & 27 deletions docs/sdk/desktop.rst
View file
@@ -1,27 +1,27 @@
Desktop
=======
This chapter deals with the desktop specific properties of the AusweisApp2 SDK.
The AusweisApp2 core is reachable over a **WebSocket** which is running by
default since AusweisApp2 1.16.0. Subsequent sections deal with the SDK
This chapter deals with the desktop specific properties of the |AppName| SDK.
The |AppName| core is reachable over a **WebSocket** which is running by
default since |AppName| 1.16.0. Subsequent sections deal with the SDK
interface itself and explain which steps are necessary in order to communicate
with the AusweisApp2 SDK.
with the |AppName| SDK.



.. _websocket:

WebSocket
---------
The AusweisApp2 uses the same default port as defined in TR-03124-1.
The |AppName| uses the same default port as defined in TR-03124-1.
Your application can connect to ``ws://localhost:24727/eID-Kernel`` to
establish a bidirectional connection.

You can check the version of AusweisApp2 by the ``Server`` header of the HTTP
You can check the version of |AppName| by the ``Server`` header of the HTTP
response or by an additional query to get the :ref:`client_status`.

If the WebSocket handshake was successful your application can send :doc:`commands`
and receive :doc:`messages`.
The AusweisApp2 will send an HTTP error 503 "Service Unavailable" if the WebSocket
The |AppName| will send an HTTP error 503 "Service Unavailable" if the WebSocket
is disabled.

.. seealso::
Expand All @@ -32,37 +32,37 @@ is disabled.

User installed
^^^^^^^^^^^^^^
Your application can connect to a user installed AusweisApp2. If the
Your application can connect to a user installed |AppName|. If the
user already has an active workflow your request will be refused by
an HTTP error ``409 Conflict``. Also it is not possible to connect
multiple times to the WebSocket as only one connection is allowed and
will be refused by an HTTP error ``429 Too Many Requests``. Once an
application is connected to the WebSocket the graphical user interface
of the AusweisApp2 will be blocked and shows a hint that another
application uses the AusweisApp2.
of the |AppName| will be blocked and shows a hint that another
application uses the |AppName|.

.. important::

Please provide a ``User-Agent`` in your HTTP upgrade request! The AusweisApp2
will show the content to the user as a hint which application uses the AusweisApp2.
Please provide a ``User-Agent`` in your HTTP upgrade request! The |AppName|
will show the content to the user as a hint which application uses the |AppName|.



Integrated
^^^^^^^^^^
You can deliver separate AusweisApp2 binaries inside your own application or
start an already installed AusweisApp2.
You can deliver separate |AppName| binaries inside your own application or
start an already installed |AppName|.
If your application spawns a separate process you should provide the commandline
parameter ``--port 0`` to avoid conflicts with a user started AusweisApp2 and
parameter ``--port 0`` to avoid conflicts with a user started |AppName| and
other processes that uses a specified port.

The AusweisApp2 will create a text file in the system temporary directory to provide
The |AppName| will create a text file in the system temporary directory to provide
the selected port. The port filename contains the PID of the running process to allow
multiple instances at the same time.

Example: **$TMPDIR/AusweisApp2.12345.port**
Example: **$TMPDIR/AusweisApp.12345.port**

Your application can avoid the graphical interface of AusweisApp2 by providing the
Your application can avoid the graphical interface of |AppName| by providing the
commandline parameter ``--ui websocket``.


Expand Down Expand Up @@ -90,7 +90,7 @@ on start up.
* ``AUSWEISAPP2_AUTOMATIC_PUK``

The default value for the PIN is **123456**. If a value is not defined or the card
refuses a PIN, CAN or PUK the AusweisApp2 will cancel the whole workflow.
refuses a PIN, CAN or PUK the |AppName| will cancel the whole workflow.
Also the workflow will be canceled if the card reader is not a basic reader as it
is not possible to automatically enter the values.

Expand All @@ -100,7 +100,7 @@ This will be evaluated if the automatic plugin takes control over the workflow.


.. note::
It is possible to pass multiple plugins to the AusweisApp2, e.g.: ``--ui websocket --ui automatic``.
It is possible to pass multiple plugins to the |AppName|, e.g.: ``--ui websocket --ui automatic``.

.. seealso::
The :doc:`container` SDK is designed for scripted and automatic workflows and enables
Expand All @@ -113,7 +113,7 @@ This will be evaluated if the automatic plugin takes control over the workflow.
Status
------
TR-03124-1 defined a query for status information. This is useful to fetch current
version of installed AusweisApp2 to check if the version supports the WebSocket-API.
version of installed |AppName| to check if the version supports the WebSocket-API.

You can get this by a HTTP GET query to ``http://localhost:24727/eID-Client?Status``.
If you prefer the JSON syntax you can add it to the parameter ``?Status=json`` to get
Expand All @@ -122,10 +122,10 @@ the following information.
.. code-block:: json
{
"Implementation-Title": "AusweisApp2",
"Implementation-Title": "AusweisApp",
"Implementation-Vendor": "Governikus GmbH & Co. KG",
"Implementation-Version": "1.16.0",
"Name": "AusweisApp2",
"Name": "AusweisApp",
"Specification-Title": "TR-03124",
"Specification-Vendor": "Federal Office for Information Security",
"Specification-Version": "1.3"
Expand All @@ -134,14 +134,14 @@ the following information.
.. seealso::

The AusweisApp2 SDK provides a :ref:`get_info` command and an :ref:`info` message
to fetch the same information to check the compatibility of used AusweisApp2.
The |AppName| SDK provides a :ref:`get_info` command and an :ref:`info` message
to fetch the same information to check the compatibility of used |AppName|.



Reader
------
The AusweisApp2 SDK uses PC/SC and paired Smartphones as card reader. If the
The |AppName| SDK uses PC/SC and paired Smartphones as card reader. If the
user wants to use the "smartphone as card reader" feature it is necessary
to pair the devices by the graphical interface of AusweisApp2. The AusweisApp2 SDK
to pair the devices by the graphical interface of |AppName|. The |AppName| SDK
provides no API to pair those devices.
4 changes: 2 additions & 2 deletions docs/sdk/index.rst
View file
@@ -1,7 +1,7 @@
.. only:: html

.. image:: Logo_AusweisApp2.png
:alt: AusweisApp2
.. image:: AusweisApp_Logo.svg
:alt: AusweisApp
:align: center
:width: 200pt

Expand Down
16 changes: 8 additions & 8 deletions docs/sdk/intro.rst
View file
@@ -1,18 +1,18 @@
Introduction
============
This documentation will explain how to initialize and start up
the AusweisApp2 as an additional service. It distinguishes between
the |AppName| as an additional service. It distinguishes between
a connection to the application and the communication between your
application and AusweisApp2.
application and |AppName|.

The section :ref:`connection` will show you what you need to do to
set up a connection to AusweisApp2. Once you have established
set up a connection to |AppName|. Once you have established
a connection you can send and receive JSON documents in a
bi-directional manner.
There are different commands and messages. These are listed
and described in the section :ref:`protocol`. The protocol
is split up in :doc:`commands` and :doc:`messages`. Commands
will be sent by your application to control AusweisApp2.
will be sent by your application to control |AppName|.
Messages contain additional information to your command
or will be sent as an event.

Expand All @@ -21,18 +21,18 @@ show a possible communication.


.. important::
The AusweisApp2 does **not** provide any personal data to
your client application directly as AusweisApp2 does not
The |AppName| does **not** provide any personal data to
your client application directly as |AppName| does not
have access to this data for security reasons.
AusweisApp2 facilitates a secure connection between the
|AppName| facilitates a secure connection between the
eID server and the ID card, enabling the eID server to get
those data from the card.

This way your backend receives high level trust data.
Since your client application runs in a user's environment,
you could not be sure about the integrity of the data
if your client application were to receive high sensitive
data from the AusweisApp2 directly as your backend does
data from the |AppName| directly as your backend does
not have any possibility to verify the source of the data.

Also this approach, recommended for compliance reasons by the
Expand Down
32 changes: 16 additions & 16 deletions docs/sdk/ios.rst
View file
@@ -1,11 +1,11 @@
iOS
===
This chapter deals with the iOS specific properties of the AusweisApp2 SDK.
The AusweisApp2 core is encapsulated into an **XCFramework** which needs to
This chapter deals with the iOS specific properties of the |AppName| SDK.
The |AppName| core is encapsulated into an **XCFramework** which needs to
be linked into your application.

Subsequent sections deal with the SDK interface itself and explain which
steps are necessary in order to communicate with the AusweisApp2 SDK.
steps are necessary in order to communicate with the |AppName| SDK.

.. important::
Apple released the necessary NFC API with iOS 13.0!
Expand All @@ -18,9 +18,9 @@ Use XCFramework
The interface ``AusweisApp2.h`` of the SDK for iOS is provided as **C-Header**
that you need to import/include into your application. It grants access to
start and shutdown a separate background thread with the integrated
AusweisApp2 core.
|AppName| core.

After you established a connection to the AusweisApp2 SDK your application
After you established a connection to the |AppName| SDK your application
can send :doc:`commands` and receive :doc:`messages`.


Expand Down Expand Up @@ -56,14 +56,14 @@ in Objective-C classes and call the functions of the ``AusweisApp2.h`` header.
Added optional parameter ``pCmdline`` to function ``ausweisapp2_init``.


First, you need to define a callback function that will be called by the AusweisApp2
First, you need to define a callback function that will be called by the |AppName|
to request or provide additional information. If your application initializes the
SDK you must pass that callback to ``ausweisapp2_init``. That function will return
``false`` if the callback is ``NULL`` or the SDK is already running.
The Parameter ``pCmdline`` is optional and can be ``NULL``. This allows your application
to provide additional commandline arguments like ``--no-loghandler``.

After you called that function the AusweisApp2 SDK will start up. If the
After you called that function the |AppName| SDK will start up. If the
initialization is finished the SDK calls your callback function once with
``NULL`` as parameter to indicate that it is ready to accept :doc:`commands`.
Do not call ``ausweisapp2_send`` until your callback received that message, otherwise
Expand All @@ -72,17 +72,17 @@ that command will be ignored.
Once the SDK is ready to go you can send :doc:`commands` by ``ausweisapp2_send``.
Your callback will receive the :doc:`messages`.

If you call ``ausweisapp2_shutdown`` the AusweisApp2 SDK will be terminated. This
function joins the thread of the AusweisApp2 and blocks until the AusweisApp2 is
If you call ``ausweisapp2_shutdown`` the |AppName| SDK will be terminated. This
function joins the thread of the |AppName| and blocks until the |AppName| is
finished. You should not call this function in your callback as it is called
by the AusweisApp2 thread. In that case ``ausweisapp2_shutdown`` cannot be a
by the |AppName| thread. In that case ``ausweisapp2_shutdown`` cannot be a
blocking call to avoid a deadlock.
If you call this function while a workflow is running the workflow will be
canceled automatically before the shutdown.


.. important::
Your callback will be called by the separate AusweisApp2 thread. Do **not**
Your callback will be called by the separate |AppName| thread. Do **not**
make long running or blocking calls! It is recommended to use an async dispatcher.

Also, you should not call ``ausweisapp2_send`` or ``ausweisapp2_shutdown`` within
Expand All @@ -104,7 +104,7 @@ a message why your application needs access to the NFC hardware.
</array>
<key>NFCReaderUsageDescription</key>
<string>AusweisApp2 needs NFC to access the ID card.</string>
<string>AusweisApp needs NFC to access the ID card.</string>
.. seealso::
Expand Down Expand Up @@ -141,22 +141,22 @@ of reader sessions.
Logging
-------

The AusweisApp2 uses default logging of iOS and has its own log file.
The |AppName| uses default logging of iOS and has its own log file.
It is **recommended** to collect that log file if an error occurs in
your application to receive better support.

The log file is in your application path:

.. code-block:: text
NSTemporaryDirectory() + /AusweisApp2.XXXXXX.log
NSTemporaryDirectory() + /AusweisApp.XXXXXX.log
The *XXXXXX* characters will be replaced by an automatically generated
portion of the filename to avoid conflicts with previous instances.

A new log file will be created for each new instance of the AusweisApp2 and
A new log file will be created for each new instance of the |AppName| and
will be deleted after a correct shutdown.
In case of old or multiple log files, it is highly probable that the
previous instance crashed.

The AusweisApp2 deletes any log files that are older than 14 days.
The |AppName| deletes any log files that are older than 14 days.
128 changes: 72 additions & 56 deletions docs/sdk/messages.rst
View file
@@ -1,6 +1,6 @@
Messages
--------
The AusweisApp2 (server) will send some proper
The |AppName| (server) will send some proper
messages (**msg**) to your application (client)
during the whole workflow or as an answer to
your :doc:`commands`.
Expand All @@ -12,8 +12,8 @@ your :doc:`commands`.

ACCESS_RIGHTS
^^^^^^^^^^^^^
This message will be sent by AusweisApp2 once the authentication is started
by :ref:`run_auth` and the AusweisApp2 got the certificate from the service.
This message will be sent by |AppName| once the authentication is started
by :ref:`run_auth` and the |AppName| got the certificate from the service.

If your application receives this message you can call :ref:`set_access_rights`
to change some optional access rights or you can call :ref:`get_access_rights`
Expand All @@ -30,47 +30,48 @@ the whole workflow.
- **error**: This optional parameter indicates an error of a :ref:`set_access_rights` call
if the command contained invalid data.

- **chat**: Access rights of the provider.

- **effective**: Indicates the enabled access rights of **optional** and **required**.

- **optional**: These rights are optional and can be enabled or disabled by :ref:`set_access_rights`.

- **required**: These rights are mandatory and cannot be disabled.

- **transactionInfo**: Optional transaction information.

- **aux**: Optional auxiliary data of the provider.

- **ageVerificationDate**: Optional required date of birth for AgeVerification as ISO 8601.

- **requiredAge**: Optional required age for AgeVerification. It is calculated
by AusweisApp2 on the basis of ageVerificationDate and current date.
by |AppName| on the basis of ageVerificationDate and current date.

- **validityDate**: Optional validity date as ISO 8601.

- **communityId**: Optional id of community.

- **chat**: Access rights of the provider.

- **effective**: Indicates the enabled access rights of **optional** and **required**.

- **optional**: These rights are optional and can be enabled or disabled by :ref:`set_access_rights`.

- **required**: These rights are mandatory and cannot be disabled.

- **transactionInfo**: Optional transaction information.


.. code-block:: json
{
"msg": "ACCESS_RIGHTS",
"error": "some optional error message",
"aux":
{
"ageVerificationDate": "1999-07-20",
"requiredAge": "18",
"validityDate": "2017-07-20",
"communityId": "02760400110000"
},
"chat":
{
"effective": ["Address", "FamilyName", "GivenNames", "AgeVerification", "CanAllowed"],
"optional": ["GivenNames", "AgeVerification", "CanAllowed"],
"required": ["Address", "FamilyName"]
},
"transactionInfo": "this is an example",
"aux":
{
"ageVerificationDate": "1999-07-20",
"requiredAge": "18",
"validityDate": "2017-07-20",
"communityId": "02760400110000"
}
}
Expand Down Expand Up @@ -173,14 +174,14 @@ Also it indicates the **current** selected API level.
"current": 4
}
Your application should always set the compatible API level. The AusweisApp2
Your application should always set the compatible API level. The |AppName|
will support multiple API levels to give you enough time to add support
for the new API.

Even if you added support for the new API, your application should still support
the old API level in case the user updates your application but
does not update the AusweisApp2. Otherwise you need to show a message to the user
that they need to update the AusweisApp2.
does not update the |AppName|. Otherwise you need to show a message to the user
that they need to update the |AppName|.

The API level will be increased for **incompatible** changes only. If we can add
additional commands, messages or information without breaking the previous API
Expand All @@ -202,7 +203,7 @@ This documentation will mark every API change with a flag like the following:

AUTH
^^^^
This message will be sent by AusweisApp2 if an authentication
This message will be sent by |AppName| if an authentication
is initially started. The next message should be :ref:`access_rights`
or :ref:`auth` again if the authentication immediately results
in an error.
Expand All @@ -223,7 +224,7 @@ started at all.
If the workflow is finished the AusweisApp2 will send a message with
If the workflow is finished the |AppName| will send a message with
a result and an url parameter to indicate the end of an authentication.

.. versionadded:: 1.26.3
Expand Down Expand Up @@ -358,7 +359,7 @@ Provides information about the used certificate.

CHANGE_PIN
^^^^^^^^^^
This message will be sent by AusweisApp2 if a change PIN workflow
This message will be sent by |AppName| if a change PIN workflow
is initially started.

If you receive a :ref:`change_pin` message with a parameter **success**
Expand Down Expand Up @@ -405,24 +406,24 @@ ENTER_CAN
^^^^^^^^^
Indicates that a CAN is required to continue workflow.

If the AusweisApp2 sends this message, you will have to
If the |AppName| sends this message, you will have to
provide the CAN of the inserted card with :ref:`set_can`.

The CAN is required to enable the last attempt of PIN input if
the retryCounter is **1**. The workflow continues automatically with
the correct CAN and the AusweisApp2 will send an :ref:`enter_pin` message.
the correct CAN and the |AppName| will send an :ref:`enter_pin` message.
Despite the correct CAN being entered, the retryCounter remains at **1**.

The CAN is also required, if the authentication terminal has an approved
"CAN allowed right". This allows the workflow to continue without
an additional PIN.

If your application provides an invalid :ref:`set_can` command
the AusweisApp2 will send an :ref:`enter_can` message with an error
the |AppName| will send an :ref:`enter_can` message with an error
parameter.

If your application provides a valid :ref:`set_can` command
and the CAN was incorrect the AusweisApp2 will send :ref:`enter_can`
and the CAN was incorrect the |AppName| will send :ref:`enter_can`
again but without an error parameter.

.. versionadded:: 1.14.2
Expand Down Expand Up @@ -467,28 +468,28 @@ ENTER_PIN
^^^^^^^^^
Indicates that a PIN is required to continue the workflow.

If the AusweisApp2 sends this message, you will have to
If the |AppName| sends this message, you will have to
provide the PIN of the inserted card with :ref:`set_pin`.

The workflow will automatically continue if the PIN was correct.
Otherwise you will receive another message :ref:`enter_pin`.
If the correct PIN is entered the retryCounter will be set to **3**.

If your application provides an invalid :ref:`set_pin` command
the AusweisApp2 will send an :ref:`enter_pin` message with an error
the |AppName| will send an :ref:`enter_pin` message with an error
parameter and the retryCounter of the card is **not** decreased.

If your application provides a valid :ref:`set_pin` command
and the PIN was incorrect the AusweisApp2 will send :ref:`enter_pin`
and the PIN was incorrect the |AppName| will send :ref:`enter_pin`
again with a decreased retryCounter but without an error parameter.

If the value of retryCounter is **1** the AusweisApp2 will initially send an
If the value of retryCounter is **1** the |AppName| will initially send an
:ref:`enter_can` message. Once your application provides a correct CAN the
AusweisApp2 will send an :ref:`enter_pin` again with a retryCounter of **1**.
|AppName| will send an :ref:`enter_pin` again with a retryCounter of **1**.

If the value of retryCounter is **0** the AusweisApp2 will initially send an
If the value of retryCounter is **0** the |AppName| will initially send an
:ref:`enter_puk` message. Once your application provides a correct PUK the
AusweisApp2 will send an :ref:`enter_pin` again with a retryCounter of **3**.
|AppName| will send an :ref:`enter_pin` again with a retryCounter of **3**.


- **error**: Optional error message if your command :ref:`set_pin`
Expand Down Expand Up @@ -527,7 +528,7 @@ ENTER_NEW_PIN
^^^^^^^^^^^^^
Indicates that a new PIN is required to continue the workflow.

If the AusweisApp2 sends this message, you will have to
If the |AppName| sends this message, you will have to
provide the new PIN of the inserted card with :ref:`set_new_pin`.


Expand Down Expand Up @@ -571,23 +572,23 @@ ENTER_PUK
^^^^^^^^^
Indicates that a PUK is required to continue the workflow.

If the AusweisApp2 sends this message, you will have to
If the |AppName| sends this message, you will have to
provide the PUK of the inserted card with :ref:`set_puk`.

The workflow will automatically continue if the PUK was correct
and the AusweisApp2 will send an :ref:`enter_pin` message.
and the |AppName| will send an :ref:`enter_pin` message.
Otherwise you will receive another message :ref:`enter_puk`.
If the correct PUK is entered the retryCounter will be set to **3**.

If your application provides an invalid :ref:`set_puk` command
the AusweisApp2 will send an :ref:`enter_puk` message with an error
the |AppName| will send an :ref:`enter_puk` message with an error
parameter.

If your application provides a valid :ref:`set_puk` command
and the PUK was incorrect the AusweisApp2 will send :ref:`enter_puk`
and the PUK was incorrect the |AppName| will send :ref:`enter_puk`
again but without an error parameter.

If AusweisApp2 sends :ref:`enter_puk` with field "inoperative" of embedded
If |AppName| sends :ref:`enter_puk` with field "inoperative" of embedded
:ref:`reader` message set true it is not possible to unblock the PIN.
You will have to show a message to the user that the card is inoperative
and the user should contact the authority responsible for issuing the
Expand Down Expand Up @@ -626,7 +627,7 @@ Please see the note for more information.
There is no retry limit for an incorrect PUK. But
be aware that the PUK can only be used 10 times to
unblock the PIN. There is no readable counter for this.
The AusweisApp2 is not able to provide any counter information
The |AppName| is not able to provide any counter information
of PUK usage.
If the PUK is used 10 times it is not possible to unblock
the PIN anymore and the card will remain in PUK state.
Expand All @@ -641,7 +642,7 @@ Please see the note for more information.

INFO
^^^^
Provides information about the AusweisApp2.
Provides information about the |AppName|.

Especially if you want to get a specific **Implementation-Version**
to check if the current installation supports some additional
Expand All @@ -667,6 +668,20 @@ increased for **incompatible** changes.

- **Specification-Version**: Version of specification.

- **AusweisApp**: Indicates the state of the connection to
the AusweisApp2 for integrated SDK (**Android only**).
The following states are possible.

- **CONNECTED**: The SDK is connected.

- **DISCONNECTED**: The SDK is not connected.

- **INVALID_CERTIFICATE**: The certificate of LocalIfd is not valid.

- **INCOMPATIBLE_VERSION**: The version of LocalIfd is not compatible.

- **UNKNOWN**: The state could not be recognized.

.. code-block:: json
{
Expand All @@ -676,11 +691,12 @@ increased for **incompatible** changes.
"Name": "AusweisApp2",
"Implementation-Title": "AusweisApp2",
"Implementation-Vendor": "Governikus GmbH & Co. KG",
"Implementation-Version": "1.10.0",
"Specification-Title": "TR-03124",
"Implementation-Version": "2.0.0",
"Specification-Title": "TR-03124-1",
"Specification-Vendor": "Federal Office for Information Security",
"Specification-Version": "1.2"
}
"Specification-Version": "1.4"
},
"AusweisApp": "CONNECTED"
}
Expand All @@ -690,9 +706,9 @@ increased for **incompatible** changes.

INSERT_CARD
^^^^^^^^^^^
Indicates that the AusweisApp2 requires a card to continue.
Indicates that the |AppName| requires a card to continue.

If the AusweisApp2 needs a card to continue the workflow
If the |AppName| needs a card to continue the workflow
this message will be sent as a notification.
If your application receives this message it should
show a hint to the user.
Expand All @@ -703,7 +719,7 @@ to provide a "virtual" card by calling :ref:`set_card`.
After the user or your application inserted a card, the workflow will
continue automatically, unless both the eID function and
CAN allowed mode are disabled.
CAN allowed mode is enabled if the AusweisApp2 is used as SDK and the
CAN allowed mode is enabled if the |AppName| is used as SDK and the
certificate contains the CAN allowed right.
In this case, the workflow will be paused until another card is inserted.
If the user already inserted a card this message will not be sent at all.
Expand Down Expand Up @@ -752,7 +768,7 @@ INVALID
Indicates a broken JSON message.

If your application receives this message you
passed a broken JSON structure to the AusweisApp2.
passed a broken JSON structure to the |AppName|.

Please fix your JSON document and send it again!

Expand All @@ -776,7 +792,7 @@ READER
^^^^^^
Provides information about a connected or disconnected card reader.

This message will be sent by the AusweisApp2 if a card reader was added
This message will be sent by the |AppName| if a card reader was added
or removed to the operating system. Also if a card was inserted into a
card reader or removed from a card reader.

Expand Down Expand Up @@ -886,7 +902,7 @@ STATUS
^^^^^^
Provides information about the current workflow and state.
This message indicates if a workflow is in progress or the
workflow is paused. This can occur if the AusweisApp2 needs
workflow is paused. This can occur if the |AppName| needs
additional data like :ref:`access_rights` or :ref:`insert_card`.

The messages will be sent by default if not disabled in :ref:`run_auth`
Expand Down Expand Up @@ -925,7 +941,7 @@ UNKNOWN_COMMAND
Indicates that the command type is unknown.

If your application receives this message you
passed a wrong command to the AusweisApp2.
passed a wrong command to the |AppName|.

Please fix your command and send it again!

Expand Down
4 changes: 2 additions & 2 deletions docs/sdk/workflow.rst
View file
@@ -1,15 +1,15 @@
Workflow
--------
This section shows some possible workflows as an example
communication between your application and the AusweisApp2.
communication between your application and the |AppName|.

The JSON structure can be identified by parameter **cmd**
or parameter **msg** as described in section :doc:`commands`
and section :doc:`messages`.

- **cmd**: Commands are sent by your application.

- **msg**: Messages are sent by the AusweisApp2.
- **msg**: Messages are sent by the |AppName|.



Expand Down
42 changes: 18 additions & 24 deletions libs/CMakeLists.txt
View file
Expand Up @@ -147,9 +147,9 @@ set(ENABLED_TARGETS)
list(APPEND ENABLED_TARGETS openssl)

set(OPENSSL_CONFIGURE_FLAGS no-camellia no-bf no-aria no-seed no-poly1305 no-srp no-gost no-idea no-mdc2 no-rc2 no-rc4 no-rc5 no-srtp no-sm2 no-sm3 no-sm4)
set(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-ct no-dgram no-cast no-chacha no-blake2 no-rmd160 no-scrypt no-siphash no-whirlpool no-md4 no-des)
set(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-ct no-dgram no-cast no-chacha no-blake2 no-rmd160 no-scrypt no-siphash no-whirlpool no-md4 no-des no-ec2m)
set(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-tls1_3 no-ssl3 no-ssl3-method no-dtls no-dtls1-method no-dtls1_2-method)
set(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-engine no-async no-dso no-comp no-ts no-makedepend no-tests no-legacy shared)
set(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-deprecated no-engine no-async no-dso no-comp no-ts no-makedepend no-tests no-legacy shared)

if(${CMAKE_BUILD_TYPE} STREQUAL "DEBUG")
set(OPENSSL_CONFIGURE_FLAGS --debug ${OPENSSL_CONFIGURE_FLAGS})
Expand Down Expand Up @@ -280,9 +280,9 @@ ExternalProject_Add_Step(openssl configdata
if(MAC)
set(OPENSSL_FILE_VERSION 3)
add_custom_command(TARGET openssl POST_BUILD
COMMAND install_name_tool -id libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}
COMMAND install_name_tool -id libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}
COMMAND install_name_tool -change ${DESTINATION_DIR}/lib/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX})
COMMAND install_name_tool -id @rpath/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}
COMMAND install_name_tool -id @rpath/libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}
COMMAND install_name_tool -change ${DESTINATION_DIR}/lib/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} @rpath/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX})
endif()

if(IOS)
Expand Down Expand Up @@ -345,9 +345,9 @@ list(APPEND NO_FEATURES_SHARED designer testlib_selfcover)
list(APPEND NO_FEATURES_SHARED imageformat_bmp imageformat_ppm imageformat_xbm)
list(APPEND NO_FEATURES_SHARED sharedmemory textodfwriter)
list(APPEND NO_FEATURES_SHARED undocommand undogroup undostack)
list(APPEND NO_FEATURES_SHARED printsupport dtls dom sql xml)
list(APPEND NO_FEATURES_SHARED printsupport dtls dom sql xml pdf)
if(CONTAINER_SDK)
list(APPEND NO_FEATURES_SHARED testlib)
list(APPEND NO_FEATURES_SHARED testlib androiddeployqt)
endif()
foreach(feature ${NO_FEATURES_SHARED})
set(QT_CONFIGURE_FLAGS_SHARED ${QT_CONFIGURE_FLAGS_SHARED} -no-feature-${feature})
Expand All @@ -363,18 +363,17 @@ foreach(feature ${NO_FEATURES})
endforeach()


list(APPEND SKIP_MODULES qtopcua qtwebchannel qtlanguageserver qtspeech)
list(APPEND SKIP_MODULES qtwebengine qtactiveqt qtserialbus qt5compat qtsensors)
list(APPEND SKIP_MODULES qtserialport qtvirtualkeyboard qtcharts)
list(APPEND SKIP_MODULES qtdatavis3d qt3d qtwayland qtremoteobjects)
list(APPEND SKIP_MODULES qtwebview qtmultimedia qtlottie qtquick3d qtquick3dphysics)
list(APPEND SKIP_MODULES qtnetworkauth qtmqtt qtcoap qtquicktimeline qtdoc qtpositioning)
set(QT_MODULES qtbase,qtwebsockets,qtscxml)
if(NOT INTEGRATED_SDK)
set(QT_MODULES ${QT_MODULES},qttranslations,qtdeclarative,qtimageformats,qttools,qtsvg,qtconnectivity,qtshadertools)
endif()
set(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} -submodules ${QT_MODULES})

set(QT_MODULES_SKIP qtactiveqt,qtlanguageserver) # enabled by dependency but not necessary
if(INTEGRATED_SDK)
list(APPEND SKIP_MODULES qttranslations qtsensors qtdeclarative qtquickcontrols2 qtgraphicaleffects qtimageformats qttools qtsvg qtconnectivity)
set(QT_MODULES_SKIP ${QT_MODULES_SKIP},qtdeclarative) # otherwise qtwebsockets and qtscxml enables it
endif()
foreach(module ${SKIP_MODULES})
set(QT_CONFIGURE_FLAGS_SHARED ${QT_CONFIGURE_FLAGS_SHARED} -skip ${module})
endforeach()
set(QT_CONFIGURE_FLAGS_SHARED ${QT_CONFIGURE_FLAGS_SHARED} -skip ${QT_MODULES_SKIP})


set(QT_CONFIGURE_FLAGS_OTHER -no-journald -no-directfb -no-linuxfb)
Expand Down Expand Up @@ -470,13 +469,8 @@ if (BUILD_HOST_QT AND (IOS OR ANDROID))

set(QT_HOST_CONFIGURE_FLAGS -prefix ${QT_HOST_PATH} -release -optimize-size -shared -no-widgets -no-openssl -no-zstd -no-opengl)
set(QT_HOST_CONFIGURE_FLAGS ${QT_HOST_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_SHARED})

set(QT_HOST_CMAKE_FLAGS ${QT_HOST_CMAKE_FLAGS} -DCMAKE_PREFIX_PATH=${QT_HOST_PATH})

list(APPEND SKIP_HOST_MODULES qtsvg qtimageformats qtconnectivity qttranslations qtwebsockets)
foreach(module ${SKIP_HOST_MODULES})
set(QT_HOST_CONFIGURE_FLAGS ${QT_HOST_CONFIGURE_FLAGS} -skip ${module})
endforeach()
set(QT_HOST_CMAKE_FLAGS ${QT_HOST_CMAKE_FLAGS} -DCMAKE_PREFIX_PATH=${QT_HOST_PATH})
set(QT_HOST_CONFIGURE_FLAGS ${QT_HOST_CONFIGURE_FLAGS} -submodules qtbase,qtdeclarative,qtshadertools,qttools)

ExternalProject_Add(qt-host
URL ${QT_URLS}
Expand Down
22 changes: 11 additions & 11 deletions libs/README.rst
View file
@@ -1,7 +1,7 @@
Libraries
=========

Um die AusweisApp2 zu bauen ist eine Toolchain erforderlich, die die
Um die AusweisApp zu bauen ist eine Toolchain erforderlich, die die
Abhängigkeiten und die Compilertools beinhaltet.

Unterstützte C++17 Compiler:
Expand Down Expand Up @@ -50,10 +50,10 @@ Der Build umfasst unter anderem das Qt-Framework, daher kann (je nach Rechenleis
der Build einige Stunden dauern.

Wichtig bei der Angabe in CMake ist der Verweis auf den Ordner "libs". Ein Verweis
direkt auf "AusweisApp2" würde den Build für die "AusweisApp2" konfigurieren.
direkt auf "AusweisApp" würde den Build für die "AusweisApp" konfigurieren.

Nach dem Aufruf "nmake"/"mingw32-make"/"ninja" werden nun alle Bibliotheken gebaut und
in dem Ordner ./dist installiert. Dieser Ordner kann beim Build von der AusweisApp2
in dem Ordner ./dist installiert. Dieser Ordner kann beim Build von der AusweisApp
mittels -DCMAKE_PREFIX_PATH als Toolchain angegeben werden.
Zusätzlich kann mit dem make Target "compress" der Inhalt der dist-Ordner bereinigt und
ein Tarball aus den gebauten Bibliotheken erzeugt werden.
Expand All @@ -78,14 +78,14 @@ macOS
Unter MacOS ist die Einrichtung relativ einfach und bedarf nur der oben genannten Voreinstellungen.
Es wird der von Apple ausgelieferte clang compiler verwendet.

Beispiel: Innerhalb von /Users/governikus/AusweisApp2 befindet sich der Quellcode.
Beispiel: Innerhalb von /Users/governikus/AusweisApp befindet sich der Quellcode.

::

$ cd /Users/governikus
$ mkdir build
$ cd build
$ cmake -DCMAKE_BUILD_TYPE=release ../AusweisApp2/libs
$ cmake -DCMAKE_BUILD_TYPE=release ../AusweisApp/libs
$ make


Expand Down Expand Up @@ -248,7 +248,7 @@ Dabei wird Qt über Windows-CLI und OpenSSL unter MSYS2 gebaut.

#. cd c:\msys64\home\user\qt

#. cmake -DCMAKE_BUILD_TYPE=release C:/AusweisApp2/libs -G "MinGW Makefiles"
#. cmake -DCMAKE_BUILD_TYPE=release C:/AusweisApp/libs -G "MinGW Makefiles"

#. MSYS2 Shell starten ("msys2_shell.cmd -use-full-path")

Expand Down Expand Up @@ -277,7 +277,7 @@ OpenSSL / Qt mit MSVC

#. call vcvarsall.bat amd64

#. cmake -DCMAKE_BUILD_TYPE=release C:/AusweisApp2/libs -G "NMake Makefiles"
#. cmake -DCMAKE_BUILD_TYPE=release C:/AusweisApp/libs -G "NMake Makefiles"

#. nmake

Expand All @@ -291,14 +291,14 @@ auf dem Mac vorhanden sein. Die folgende Anleitung wurde unter macOS 10.12 getes
Ebenfalls muss für den Build-Vorgang von Qt ein iOS Developer-Zertifikat mit Wildcard (*)
im Keystore von MacOS hinterlegt sein.

Beispiel: Innerhalb von /Users/governikus/AusweisApp2 befindet sich der Quellcode.
Beispiel: Innerhalb von /Users/governikus/AusweisApp befindet sich der Quellcode.

::

$ cd /Users/governikus
$ mkdir build
$ cd build
$ cmake -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE=../AusweisApp2/cmake/iOS.toolchain.cmake ../AusweisApp2/libs
$ cmake -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE=../AusweisApp/cmake/iOS.toolchain.cmake ../AusweisApp/libs
$ make


Expand Down Expand Up @@ -340,14 +340,14 @@ Komponenten vorhanden sein:



Beispiel: Innerhalb von /home/governikus/AusweisApp2 befindet sich der Quellcode.
Beispiel: Innerhalb von /home/governikus/AusweisApp befindet sich der Quellcode.

::

$ cd /home/governikus
$ mkdir build
$ cd build
$ cmake -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE=../AusweisApp2/cmake/android.toolchain.cmake ../AusweisApp2/libs
$ cmake -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE=../AusweisApp/cmake/android.toolchain.cmake ../AusweisApp/libs
$ make

Standardmäßig wird die Architektur "armeabi-v7a" gewählt. Um zum Beispiel die Toolchain für x86-Architektur
Expand Down
8 changes: 4 additions & 4 deletions libs/Versions.cmake
View file
@@ -1,5 +1,5 @@
set(QT 6.4.1)
set(QT_HASH e20b850b6134098a7f2e7701cfddfb213c6cf394b9e848e6fbc5b0e89dcfcc09)
set(QT 6.5.3)
set(QT_HASH 7cda4d119aad27a3887329cfc285f2aba5da85601212bcb0aea27bd6b7b544cb)

set(OPENSSL 3.0.9)
set(OPENSSL_HASH eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90)
set(OPENSSL 3.1.4)
set(OPENSSL_HASH 840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3)
8 changes: 6 additions & 2 deletions libs/patches.cmake
View file
Expand Up @@ -26,9 +26,10 @@ cmake_minimum_required(VERSION 3.19.0)
# - Upgrade Qt or OpenSSL
# 1. Apply all patches with this script and do the following on each repository.
# The version is an example and should be adjusted!
# 2. git checkout ausweisapp_6.4.3 -b ausweisapp_6.6.0
# 2. git checkout ausweisapp_6.4.3
# 3. git rebase --onto v6.6.0 v6.4.3 HEAD
# 4. Bump version in Versions.cmake and use this script to generate the patches.
# 4. git checkout -b ausweisapp_6.6.0
# 5. Bump version in Versions.cmake and use this script to generate the patches.

if(NOT CMAKE_SCRIPT_MODE_FILE OR NOT CMD)
message(FATAL_ERROR "Usage: cmake -DCMD=apply|generate -P libs/patches.cmake")
Expand Down Expand Up @@ -92,6 +93,9 @@ function(get_version_branch prefix _version _branch)
set(tmp_branch ${tmp_branch}_${OPENSSL})
elseif(prefix MATCHES "qt")
set(version v${QT})
if(version MATCHES "-rc$")
set(version ${version}1)
endif()
set(tmp_branch ${tmp_branch}_${QT})
endif()

Expand Down
2 changes: 1 addition & 1 deletion libs/patches/openssl-0001-Adjust-iOS-target.patch
View file
@@ -1,4 +1,4 @@
From c97e9531a9da0ad5ae3bfb7cec90b03475a58a76 Mon Sep 17 00:00:00 2001
From 89d4eab1163e8542e59c6c486a2546d20940663b Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Fri, 12 Feb 2021 13:15:00 +0100
Subject: Adjust iOS target
Expand Down
2 changes: 1 addition & 1 deletion libs/patches/openssl-0002-android-shlib_variant.patch
View file
@@ -1,4 +1,4 @@
From 8353ce61f188109953e327b4bddf65c95e4baf92 Mon Sep 17 00:00:00 2001
From 898564ac262e25b8b2aa67d541a819e6986fda62 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Tue, 19 Jan 2021 17:07:51 +0100
Subject: android shlib_variant
Expand Down
55 changes: 0 additions & 55 deletions libs/patches/openssl-0003-Do-not-ignore-empty-associated-data-with-AES-SIV-mod.patch
View file

This file was deleted.

72 changes: 0 additions & 72 deletions libs/patches/openssl-0004-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
View file

This file was deleted.

8 changes: 4 additions & 4 deletions libs/patches/qtbase-0001-Revert-Fix-usage-of-logging-category-on-Android.patch
View file
@@ -1,4 +1,4 @@
From 68bc2e3fae6480d6315f524c2ee9acf3a33a435a Mon Sep 17 00:00:00 2001
From 40410b9e2ba5d02b457bb37fc90663585573ca53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Mon, 25 Jul 2022 17:08:54 +0200
Subject: Revert "Fix usage of logging category on Android"
Expand All @@ -11,10 +11,10 @@ Change-Id: If19a9d615e01d61c79955cda4789ba1646520ee1
1 file changed, 1 insertion(+), 8 deletions(-)

diff --git x/qtbase/src/corelib/global/qlogging.cpp y/qtbase/src/corelib/global/qlogging.cpp
index 9ac70b3340..737a91dc6e 100644
index 7e708c9c41..96c3bc5dc6 100644
--- x/qtbase/src/corelib/global/qlogging.cpp
+++ y/qtbase/src/corelib/global/qlogging.cpp
@@ -1450,10 +1450,7 @@ QString qFormatLogMessage(QtMsgType type, const QMessageLogContext &context, con
@@ -1593,10 +1593,7 @@ QString qFormatLogMessage(QtMsgType type, const QMessageLogContext &context, con
} else if (token == messageTokenC) {
message.append(str);
} else if (token == categoryTokenC) {
Expand All @@ -25,7 +25,7 @@ index 9ac70b3340..737a91dc6e 100644
} else if (token == typeTokenC) {
switch (type) {
case QtDebugMsg: message.append("debug"_L1); break;
@@ -1701,11 +1698,7 @@ static bool android_default_message_handler(QtMsgType type,
@@ -1844,11 +1841,7 @@ static bool android_default_message_handler(QtMsgType type,
break;
};

Expand Down
89 changes: 0 additions & 89 deletions libs/patches/qtbase-0002-Android-Restore-the-default-QSettings-path-to-the-.c.patch
View file

This file was deleted.

4 changes: 2 additions & 2 deletions ...0algorithm.h-when-xcodebuild-is-use.patch → ...0algorithm.h-when-xcodebuild-is-use.patch
View file
@@ -1,4 +1,4 @@
From 03485e0ca36c615b87b82c6711fbacf0493d02bc Mon Sep 17 00:00:00 2001
From 0fa22a4be5abda44d34cf7c5d0352378c2f9fd54 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Mon, 9 Jan 2023 06:54:53 +0100
Subject: Fix warning in q20algorithm.h when xcodebuild is used
Expand All @@ -14,7 +14,7 @@ Change-Id: If5ccbfffd0b6a53f73f221b45033dab7e4775d89
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git x/qtbase/src/corelib/global/q20algorithm.h y/qtbase/src/corelib/global/q20algorithm.h
index 69dc2d2446..88e8ab08d2 100644
index f670a5dbee..24d801b2cd 100644
--- x/qtbase/src/corelib/global/q20algorithm.h
+++ y/qtbase/src/corelib/global/q20algorithm.h
@@ -147,7 +147,7 @@ using std::ranges::none_of;
Expand Down
63 changes: 0 additions & 63 deletions libs/patches/qtbase-0003-Android-A11Y-Only-access-the-main-thread-when-it-is-.patch
View file

This file was deleted.

78 changes: 78 additions & 0 deletions libs/patches/qtbase-0003-Revert-iOS-Don-t-invalidate-a11y-whenever-UI-element.patch
View file
@@ -0,0 +1,78 @@
From 525b1bd08f9805685134f6f2272edff80fe4b023 Mon Sep 17 00:00:00 2001
From: Andre Klitzing <andre.klitzing@governikus.de>
Date: Mon, 24 Jul 2023 16:13:12 +0200
Subject: Revert "iOS: Don't invalidate a11y whenever UI elements are added or
removed"

This reverts commit 6eefbf74149164eac316cea59a00b45f70976ad2.
---
.../platforms/ios/qiosplatformaccessibility.mm | 17 ++++-------------
src/plugins/platforms/ios/qioswindow.mm | 1 -
.../platforms/ios/quiview_accessibility.mm | 1 +
3 files changed, 5 insertions(+), 14 deletions(-)

diff --git x/qtbase/src/plugins/platforms/ios/qiosplatformaccessibility.mm y/qtbase/src/plugins/platforms/ios/qiosplatformaccessibility.mm
index f22782fb04..d54b7db57a 100644
--- x/qtbase/src/plugins/platforms/ios/qiosplatformaccessibility.mm
+++ y/qtbase/src/plugins/platforms/ios/qiosplatformaccessibility.mm
@@ -25,6 +25,8 @@ void invalidateCache(QAccessibleInterface *iface)
// This will invalidate everything regardless of what window the
// interface belonged to. We might want to revisit this strategy later.
// (Therefore this function still takes the interface as argument)
+ // It is also responsible for the bug that focus gets temporary lost
+ // when items get added or removed from the screen
foreach (QWindow *win, QGuiApplication::topLevelWindows()) {
if (win && win->handle()) {
QT_PREPEND_NAMESPACE(QIOSWindow) *window = static_cast<QT_PREPEND_NAMESPACE(QIOSWindow) *>(win->handle());
@@ -36,25 +38,14 @@ void invalidateCache(QAccessibleInterface *iface)

void QIOSPlatformAccessibility::notifyAccessibilityUpdate(QAccessibleEvent *event)
{
- auto *accessibleInterface = event->accessibleInterface();
- if (!isActive() || !accessibleInterface)
+ if (!isActive() || !event->accessibleInterface())
return;
switch (event->type()) {
case QAccessible::ObjectCreated:
case QAccessible::ObjectShow:
case QAccessible::ObjectHide:
case QAccessible::ObjectDestroyed:
- invalidateCache(accessibleInterface);
- switch (accessibleInterface->role()) {
- case QAccessible::Window:
- case QAccessible::Dialog:
- // Bigger changes to the UI require a full reset of VoiceOver
- UIAccessibilityPostNotification(UIAccessibilityScreenChangedNotification, nil);
- break;
- default:
- // While smaller changes can be handled by re-reading the layout
- UIAccessibilityPostNotification(UIAccessibilityLayoutChangedNotification, nil);
- }
+ invalidateCache(event->accessibleInterface());
break;
default:
break;
diff --git x/qtbase/src/plugins/platforms/ios/qioswindow.mm y/qtbase/src/plugins/platforms/ios/qioswindow.mm
index 8de094533b..99f9e38846 100644
--- x/qtbase/src/plugins/platforms/ios/qioswindow.mm
+++ y/qtbase/src/plugins/platforms/ios/qioswindow.mm
@@ -75,7 +75,6 @@ QIOSWindow::~QIOSWindow()
[m_view touchesCancelled:[NSSet set] withEvent:0];

clearAccessibleCache();
-
m_view.platformWindow = 0;
[m_view removeFromSuperview];
[m_view release];
diff --git x/qtbase/src/plugins/platforms/ios/quiview_accessibility.mm y/qtbase/src/plugins/platforms/ios/quiview_accessibility.mm
index 04e1f8cfb3..366141ef81 100644
--- x/qtbase/src/plugins/platforms/ios/quiview_accessibility.mm
+++ y/qtbase/src/plugins/platforms/ios/quiview_accessibility.mm
@@ -54,6 +54,7 @@
- (void)clearAccessibleCache
{
[m_accessibleElements removeAllObjects];
+ UIAccessibilityPostNotification(UIAccessibilityScreenChangedNotification, @"");
}

// this is a container, returning yes here means the functions below will never be called
25 changes: 25 additions & 0 deletions libs/patches/qtbase-0004-Fix-living-QLibProxyWrapper-after-shutdown-of-QCoreA.patch
View file
@@ -0,0 +1,25 @@
From 496b958b6c0026a681a9ee8871894a079dc2ea5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Fri, 18 Aug 2023 14:32:57 +0200
Subject: Fix living QLibProxyWrapper after shutdown of QCoreApplication

Pick-to: 6.6 6.5
Task-number: QTBUG-84234
Change-Id: I8f5e2947b6529a0a8871d040050205934ee60354
---
src/network/kernel/qnetworkproxy_libproxy.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git x/qtbase/src/network/kernel/qnetworkproxy_libproxy.cpp y/qtbase/src/network/kernel/qnetworkproxy_libproxy.cpp
index 46066b86f7..6de7a7fb76 100644
--- x/qtbase/src/network/kernel/qnetworkproxy_libproxy.cpp
+++ y/qtbase/src/network/kernel/qnetworkproxy_libproxy.cpp
@@ -72,7 +72,7 @@ private:
Data *request;
};

-Q_GLOBAL_STATIC(QLibProxyWrapper, libProxyWrapper);
+Q_APPLICATION_STATIC(QLibProxyWrapper, libProxyWrapper)

QLibProxyWrapper::QLibProxyWrapper()
{
25 changes: 25 additions & 0 deletions libs/patches/qtbase-0005-Do-not-override-OPENSSL_API_COMPAT.patch
View file
@@ -0,0 +1,25 @@
From 1d935cfe1de1a015561ee8755c67ec9c8a1bd121 Mon Sep 17 00:00:00 2001
From: Klitzing <andre.klitzing@governikus.de>
Date: Thu, 31 Aug 2023 13:19:55 +0200
Subject: Do not override OPENSSL_API_COMPAT

See QTBUG-83733 and AUTENTAPP-24481

Change-Id: Ied55e3d6ebd90fbbecb8c4d8d1638b1de3ba6969
---
src/plugins/tls/openssl/CMakeLists.txt | 2 --
1 file changed, 2 deletions(-)

diff --git x/qtbase/src/plugins/tls/openssl/CMakeLists.txt y/qtbase/src/plugins/tls/openssl/CMakeLists.txt
index 0e0a7a1552..e176bbf9d5 100644
--- x/qtbase/src/plugins/tls/openssl/CMakeLists.txt
+++ y/qtbase/src/plugins/tls/openssl/CMakeLists.txt
@@ -20,8 +20,6 @@ qt_internal_add_plugin(QTlsBackendOpenSSLPlugin
LIBRARIES
Qt::NetworkPrivate
Qt::CorePrivate
- DEFINES
- OPENSSL_API_COMPAT=0x10100000L
)

if (WIN32) # Windows header issues
127 changes: 0 additions & 127 deletions libs/patches/qtbase-0005-macOS-Use-NSStatusItem.menu-to-manage-system-tray-me.patch
View file

This file was deleted.

41 changes: 0 additions & 41 deletions libs/patches/qtbase-0006-iOS-Don-t-assume-screens-will-not-be-connected-befor.patch
View file

This file was deleted.

40 changes: 40 additions & 0 deletions libs/patches/qtbase-0006-xkb-fix-build-with-libxkbcommon-1.6.0-and-later.patch
View file
@@ -0,0 +1,40 @@
From 62ae219de264975c0f7e7546b702471d70af4b40 Mon Sep 17 00:00:00 2001
From: Liang Qi <liang.qi@qt.io>
Date: Tue, 10 Oct 2023 14:08:48 +0200
Subject: xkb: fix build with libxkbcommon 1.6.0 and later
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A few XKB_KEY_dead_* defines got removed from 1.6.0. See also
https://github.com/xkbcommon/libxkbcommon/blob/6073565903488cb5b9a8d37fdc4a7c2f9d7ad04d/NEWS#L9-L14
https://gitlab.freedesktop.org/xorg/proto/xorgproto/-/merge_requests/70/diffs?commit_id=cb44799b72f611eb4c9d7cc185bc3b09e070be08

Pick-to: 6.6 6.5 6.2 5.15
Fixes: QTBUG-117950
Change-Id: I55861868f2bb29c553d68365fa9b9b6ed01c9aea
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
(cherry picked from commit 8af35d27e8f02bbb99aef4ac495ed406e50e3cca)
---
src/gui/platform/unix/qxkbcommon.cpp | 4 ++++
1 file changed, 4 insertions(+)

diff --git x/qtbase/src/gui/platform/unix/qxkbcommon.cpp y/qtbase/src/gui/platform/unix/qxkbcommon.cpp
index fc014b38e2..0de9e98fc7 100644
--- x/qtbase/src/gui/platform/unix/qxkbcommon.cpp
+++ y/qtbase/src/gui/platform/unix/qxkbcommon.cpp
@@ -239,10 +239,14 @@ static constexpr const auto KeyTbl = qMakeArray(
Xkb2Qt<XKB_KEY_dead_small_schwa, Qt::Key_Dead_Small_Schwa>,
Xkb2Qt<XKB_KEY_dead_capital_schwa, Qt::Key_Dead_Capital_Schwa>,
Xkb2Qt<XKB_KEY_dead_greek, Qt::Key_Dead_Greek>,
+/* The following four XKB_KEY_dead keys got removed in libxkbcommon 1.6.0
+ The define check is kind of version check here. */
+#ifdef XKB_KEY_dead_lowline
Xkb2Qt<XKB_KEY_dead_lowline, Qt::Key_Dead_Lowline>,
Xkb2Qt<XKB_KEY_dead_aboveverticalline, Qt::Key_Dead_Aboveverticalline>,
Xkb2Qt<XKB_KEY_dead_belowverticalline, Qt::Key_Dead_Belowverticalline>,
Xkb2Qt<XKB_KEY_dead_longsolidusoverlay, Qt::Key_Dead_Longsolidusoverlay>,
+#endif

// Special keys from X.org - This include multimedia keys,
// wireless/bluetooth/uwb keys, special launcher keys, etc.
54 changes: 0 additions & 54 deletions libs/patches/qtbase-0007-Ignore-removed-changed-screens-if-no-QIOSIntegration.patch
View file

This file was deleted.

120 changes: 120 additions & 0 deletions libs/patches/qtbase-0007-Use-SSL_CTX_set_dh_auto-if-DHparam-is-empty.patch
View file
@@ -0,0 +1,120 @@
From 3d86ffeac0beaab4ab183cf1c184a09313425efc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Fri, 29 Sep 2023 08:21:21 +0200
Subject: Use SSL_CTX_set_dh_auto if DHparam is empty
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[ChangeLog][QtNetwork][QSslDiffieHellmanParameters] An empty
Diffie-Hellmann parameter enables auto selection of openssl
backend.

Fixes: QTBUG-117666
Change-Id: Ic2e0529d48542752ca801bcb4d609988e5ddff25
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit fd9c567156830a21da3cd9e127a998ae90a8e564)
---
src/network/ssl/qsslconfiguration.cpp | 3 +++
src/plugins/tls/openssl/qsslcontext_openssl.cpp | 4 +++-
.../tls/openssl/qsslsocket_openssl_symbols_p.h | 1 +
.../network/ssl/qsslsocket/tst_qsslsocket.cpp | 16 ++++++++++------
4 files changed, 17 insertions(+), 7 deletions(-)

diff --git x/qtbase/src/network/ssl/qsslconfiguration.cpp y/qtbase/src/network/ssl/qsslconfiguration.cpp
index 04a9db8521..c8be1ca202 100644
--- x/qtbase/src/network/ssl/qsslconfiguration.cpp
+++ y/qtbase/src/network/ssl/qsslconfiguration.cpp
@@ -942,6 +942,9 @@ QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const
If no Diffie-Hellman parameters have been set, the QSslConfiguration object
defaults to using the 2048-bit MODP group from RFC 3526.

+ Since 6.7 you can provide an empty Diffie-Hellman parameter to use auto selection
+ (see SSL_CTX_set_dh_auto of openssl) if the tls backend supports it.
+
\note The default parameters may change in future Qt versions.
Please check the documentation of the \e{exact Qt version} that you
are using in order to know what defaults that version uses.
diff --git x/qtbase/src/plugins/tls/openssl/qsslcontext_openssl.cpp y/qtbase/src/plugins/tls/openssl/qsslcontext_openssl.cpp
index ef0e63911a..75c192bd01 100644
--- x/qtbase/src/plugins/tls/openssl/qsslcontext_openssl.cpp
+++ y/qtbase/src/plugins/tls/openssl/qsslcontext_openssl.cpp
@@ -697,7 +697,9 @@ QT_WARNING_POP
return;
}

- if (!dhparams.isEmpty()) {
+ if (dhparams.isEmpty()) {
+ q_SSL_CTX_set_dh_auto(sslContext->ctx, 1);
+ } else {
#ifndef OPENSSL_NO_DEPRECATED_3_0
const QByteArray &params = dhparams.d->derData;
const char *ptr = params.constData();
diff --git x/qtbase/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h y/qtbase/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
index 1f0d739210..1531564226 100644
--- x/qtbase/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
+++ y/qtbase/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
@@ -516,6 +516,7 @@ DH *q_PEM_read_bio_DHparams(BIO *a, DH **b, pem_password_cb *c, void *d);

BIGNUM *q_BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
#define q_SSL_CTX_set_tmp_dh(ctx, dh) q_SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TMP_DH, 0, (char *)dh)
+#define q_SSL_CTX_set_dh_auto(ctx, onoff) q_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)

#ifndef OPENSSL_NO_EC
// EC Diffie-Hellman support
diff --git x/qtbase/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp y/qtbase/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index cfcff44a4d..2f3ad0547a 100644
--- x/qtbase/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ y/qtbase/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -3501,9 +3501,10 @@ void tst_QSslSocket::dhServerCustomParamsNull()
if (setProxy)
return;

+ const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256");
SslServer server;
- server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")};
- server.protocol = Test::TlsV1_0;
+ server.ciphers = {cipherWithDH};
+ server.protocol = QSsl::TlsV1_2;

QSslConfiguration cfg = server.config;
cfg.setDiffieHellmanParameters(QSslDiffieHellmanParameters());
@@ -3516,7 +3517,6 @@ void tst_QSslSocket::dhServerCustomParamsNull()

QSslSocket client;
QSslConfiguration config = client.sslConfiguration();
- config.setProtocol(Test::TlsV1_0);
client.setSslConfiguration(config);
socket = &client;
connect(socket, SIGNAL(errorOccurred(QAbstractSocket::SocketError)), &loop, SLOT(quit()));
@@ -3527,7 +3527,8 @@ void tst_QSslSocket::dhServerCustomParamsNull()

loop.exec();

- QVERIFY(client.state() != QAbstractSocket::ConnectedState);
+ QCOMPARE(client.state(), QAbstractSocket::ConnectedState);
+ QCOMPARE(client.sessionCipher(), cipherWithDH);
}

void tst_QSslSocket::dhServerCustomParams()
@@ -3542,7 +3543,9 @@ void tst_QSslSocket::dhServerCustomParams()
return;

SslServer server;
- server.ciphers = {QSslCipher("DHE-RSA-AES256-SHA"), QSslCipher("DHE-DSS-AES256-SHA")};
+ const QSslCipher cipherWithDH("DHE-RSA-AES256-SHA256");
+ server.ciphers = {cipherWithDH};
+ server.protocol = QSsl::TlsV1_2;

QSslConfiguration cfg = server.config;

@@ -3572,7 +3575,8 @@ void tst_QSslSocket::dhServerCustomParams()

loop.exec();

- QVERIFY(client.state() == QAbstractSocket::ConnectedState);
+ QCOMPARE(client.state(), QAbstractSocket::ConnectedState);
+ QCOMPARE(client.sessionCipher(), cipherWithDH);
}
#endif // QT_CONFIG(openssl)

75 changes: 0 additions & 75 deletions libs/patches/qtbase-0008-Fix-specific-overflow-in-qtextlayout.patch
View file

This file was deleted.

289 changes: 0 additions & 289 deletions libs/patches/qtbase-0009-Schannel-Reject-certificate-not-signed-by-a-configur.patch
View file

This file was deleted.

110 changes: 0 additions & 110 deletions libs/patches/qtbase-0010-Ssl-Copy-the-on-demand-cert-loading-bool-from-defaul.patch
View file

This file was deleted.

51 changes: 0 additions & 51 deletions libs/patches/qtbase-0011-Improve-Intent-source-app-detection.patch
View file

This file was deleted.