diff --git a/proj-xcode/TestClasses/PowerAuthSDKTests.m b/proj-xcode/TestClasses/PowerAuthSDKTests.m index 69128203..7595bc40 100644 --- a/proj-xcode/TestClasses/PowerAuthSDKTests.m +++ b/proj-xcode/TestClasses/PowerAuthSDKTests.m @@ -672,8 +672,13 @@ - (void) testValidateSignature ? [@"hello online world" dataUsingEncoding:NSUTF8StringEncoding] : [[NSData alloc] initWithBase64EncodedString:@"zYnF8edfgfgT2TcZjupjppBHoUJGjONkk6H+eThIsi0=" options:0] ; // Positive - result = [self validateSignature:auth_possession data:data method:@"POST" uriId:@"/hello/world" online:online_mode cripple:0]; - XCTAssertTrue(result, @"Failed for %@ mode", online_mode ? @"online" : @"offline"); + if (!online_mode) { + // V31 server doesn't allow offline signature with only possession factor. + if (_testServerApi.serverVersion == PATS_V3 || _testServerApi.serverVersion == PATS_V2) { + result = [self validateSignature:auth_possession data:data method:@"POST" uriId:@"/hello/world" online:online_mode cripple:0]; + XCTAssertTrue(result, @"Failed for %@ mode", online_mode ? @"online" : @"offline"); + } + } result = [self validateSignature:auth_possession_knowledge data:data method:online_mode ? @"GET" : @"POST" uriId:@"/hello/hacker" online:online_mode cripple:0]; XCTAssertTrue(result, @"Failed for %@ mode", online_mode ? @"online" : @"offline"); // Negative diff --git a/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerAPI.m b/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerAPI.m index 73250f7d..205d722e 100644 --- a/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerAPI.m +++ b/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerAPI.m @@ -369,7 +369,7 @@ - (PATSActivationStatus*) getActivationStatus:(NSString*)activationId if (!localError) obj.timestampLastUsed = [[resp nodeForXPath:@"pa:timestampLastUsed" namespaceMappings:ns error:&localError] stringValue]; if (!localError) obj.encryptedStatusBlob = [[resp nodeForXPath:@"pa:encryptedStatusBlob" namespaceMappings:ns error:&localError] stringValue]; if (!localError) obj.devicePublicKeyFingerprint = [[resp nodeForXPath:@"pa:devicePublicKeyFingerprint" namespaceMappings:ns error:&localError] stringValue]; - if (_serverVersion == PATS_V3) { + if (_serverVersion != PATS_V2) { if (!localError) obj.protocolVersion = _IntegerValue([resp nodeForXPath:@"pa:protocolVersion" namespaceMappings:ns error:&localError]); } else { obj.protocolVersion = 0; @@ -432,7 +432,12 @@ - (PATSVerifySignatureResponse*) verifySignature:(NSString*)activationId signatureType:(NSString*)signatureType { [self checkForValidConnection]; - NSArray * params = @[activationId, _appVersion.applicationKey, normalizedData, signature, signatureType.uppercaseString]; + NSArray * params; + if (_serverVersion == PATS_V31) { + params = @[activationId, _appVersion.applicationKey, normalizedData, signature, signatureType.uppercaseString, @"3.0"]; + } else { + params = @[activationId, _appVersion.applicationKey, normalizedData, signature, signatureType.uppercaseString]; + } PATSVerifySignatureResponse * response = [_helper soapRequest:@"VerifySignature" params:params response:@"VerifySignatureResponse" transform:^id(CXMLNode *resp, NSDictionary *ns) { NSError * localError = nil; PATSVerifySignatureResponse * obj = [[PATSVerifySignatureResponse alloc] init]; diff --git a/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerConfig.h b/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerConfig.h index 7e19cbce..e1419c4e 100644 --- a/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerConfig.h +++ b/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerConfig.h @@ -20,8 +20,9 @@ The `PowerAuthTestServerVersion` defines version of PowerAuth SOAP API. */ typedef NS_ENUM(int, PowerAuthTestServerVersion) { - PATS_V2 = 2, - PATS_V3 = 3, + PATS_V2 = 0x002, + PATS_V3 = 0x003, + PATS_V31 = 0x301, }; /** diff --git a/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerConfig.m b/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerConfig.m index 4f836fdb..88a3554f 100644 --- a/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerConfig.m +++ b/proj-xcode/TestClasses/PowerAuthServerSOAP/PowerAuthTestServerConfig.m @@ -70,7 +70,9 @@ + (instancetype) loadFromJsonFile:(NSString *)path + (PowerAuthTestServerVersion) soapApiVersionFromString:(NSString*)string { string = [string lowercaseString]; - if ([string isEqualToString:@"v3"]) { + if ([string isEqualToString:@"v3.1"]) { + return PATS_V31; + } else if ([string isEqualToString:@"v3"]) { return PATS_V3; } else if ([string isEqualToString:@"v2"]) { return PATS_V2; diff --git a/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapHelper.m b/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapHelper.m index 1b7972a1..d78e7bfa 100644 --- a/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapHelper.m +++ b/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapHelper.m @@ -38,7 +38,9 @@ - (id) initWithBundle:(NSBundle*)bundle _version = config.soapApiVersion; _cache = [NSMutableDictionary dictionary]; _session = [NSURLSession sharedSession]; - if (_version == PATS_V3) { + if (_version == PATS_V31) { + _templateMapping = [SoapHelper mappingForV31]; + } else if (_version == PATS_V3) { _templateMapping = [SoapHelper mappingForV3]; } else { @throw [NSException exceptionWithName:@"SoapError" reason:@"Connection to V2 server is not supported." userInfo:nil]; @@ -233,7 +235,36 @@ - (NSString*) formatEnvelope:(NSString*)templateName @"VerifyECDSASignature" : MAP(v3, @"VerifyECDSASignature"), @"VerifyOfflineSignature" : MAP(v3, @"VerifyOfflineSignature"), @"VerifySignature" : MAP(v3, @"_v3/VerifySignature"), // Default signature validation (without specified version) - @"VerifySignature_ForceVer" : MAP(v3, @"_v3/VerifySignature"), // The same template, but with additional "signatureVersion" param + @"VerifySignature_ForceVer" : MAP(v3, @"_v3/VerifySignature_ForceVer"), // The same template, but with additional "forcedSignatureVersion" param + }; +} + ++ (NSDictionary*) mappingForV31 +{ + NSString * v3 = @"http://getlime.io/security/powerauth/v3"; + return @{ + @"BlockActivation" : MAP(v3, @"BlockActivation"), + @"CommitActivation" : MAP(v3, @"CommitActivation"), + @"CreateApplication" : MAP(v3, @"CreateApplication"), + @"CreateApplicationVersion" : MAP(v3, @"CreateApplicationVersion"), + @"CreateNonPersonalizedOfflineSignaturePayload": MAP(v3, @"CreateNonPersonalizedOfflineSignaturePayload"), + @"CreatePersonalizedOfflineSignaturePayload" : MAP(v3, @"CreatePersonalizedOfflineSignaturePayload"), + @"CreateToken" : MAP(v3, @"_v3/CreateToken"), + @"GetActivationStatus" : MAP(v3, @"GetActivationStatus"), + @"GetApplicationDetail" : MAP(v3, @"GetApplicationDetail"), + @"GetApplicationList" : MAP(v3, @"GetApplicationList"), + @"GetSystemStatus" : MAP(v3, @"GetSystemStatus"), + @"InitActivation" : MAP(v3, @"InitActivation"), + @"RemoveActivation" : MAP(v3, @"RemoveActivation"), + @"RemoveToken" : MAP(v3, @"RemoveToken"), + @"SupportApplicationVersion" : MAP(v3, @"SupportApplicationVersion"), + @"UnblockActivation" : MAP(v3, @"UnblockActivation"), + @"UnsupportApplicationVersion" : MAP(v3, @"UnsupportApplicationVersion"), + @"ValidateToken" : MAP(v3, @"ValidateToken"), + @"VerifyECDSASignature" : MAP(v3, @"VerifyECDSASignature"), + @"VerifyOfflineSignature" : MAP(v3, @"VerifyOfflineSignature"), + @"VerifySignature" : MAP(v3, @"_v31/VerifySignature"), // Default signature validation, now contains explicit protocol version. + @"VerifySignature_ForceVer" : MAP(v3, @"_v31/VerifySignature_ForceVer"), // The same template, but with additional "forcedSignatureVersion" param }; } diff --git a/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v3/VerifySignature_ForceVer.xml b/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v3/VerifySignature_ForceVer.xml index dd205c4d..36e5e2c1 100644 --- a/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v3/VerifySignature_ForceVer.xml +++ b/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v3/VerifySignature_ForceVer.xml @@ -7,7 +7,7 @@ $3 $4 $5 - $6 + $6 diff --git a/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v31/VerifySignature.xml b/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v31/VerifySignature.xml new file mode 100644 index 00000000..dd205c4d --- /dev/null +++ b/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v31/VerifySignature.xml @@ -0,0 +1,13 @@ + + + + + $1 + $2 + $3 + $4 + $5 + $6 + + + diff --git a/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v31/VerifySignature_ForceVer.xml b/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v31/VerifySignature_ForceVer.xml new file mode 100644 index 00000000..e1ca47b7 --- /dev/null +++ b/proj-xcode/TestClasses/PowerAuthServerSOAP/SoapRequests.bundle/_v31/VerifySignature_ForceVer.xml @@ -0,0 +1,14 @@ + + + + + $1 + $2 + $3 + $4 + $5 + $6 + $7 + + +