open-eid · lauris71 · Oct 26, 2025 · Oct 28, 2025 · Oct 29, 2025 · Oct 29, 2025
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -284,6 +284,7 @@ jobs:
         patterns: |
           -**/*autogen*/**
           -**/common/qtsingleapplication/**
+          -**/client/qrcodegen/**
           -**:cpp/loop-variable-changed
           -**:cpp/poorly-documented-function
         input: sarif-results/cpp.sarif

diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt
@@ -91,6 +91,8 @@ add_executable(${PROJECT_NAME} WIN32 MACOSX_BUNDLE
 	TokenData.cpp
 	TokenData.h
 	Utils.h
+	qrcodegen/qrcodegen.cpp qrcodegen/qrcodegen.h
+	qrcodegen/QrCodeGenerator.cpp qrcodegen/QrCodeGenerator.h
 )
 qt_add_translations(${PROJECT_NAME} TS_FILES
 	translations/en.ts

diff --git a/client/CheckConnection.cpp b/client/CheckConnection.cpp
@@ -68,16 +68,17 @@ QNetworkAccessManager* CheckConnection::setupNAM(QNetworkRequest &req, const QBy
 		.arg(Application::applicationName(), Application::applicationVersion(), Common::applicationOs()).toUtf8());
 	auto *nam = new QNetworkAccessManager();
 	QObject::connect(nam, &QNetworkAccessManager::sslErrors, nam, [](QNetworkReply *reply, const QList<QSslError> &errors) {
-		QList<QSslError> ignore;
+        QSslCertificate peer = reply->sslConfiguration().peerCertificate();
+        QList<QSslError> ignore;
 		for(const QSslError &error: errors)
 		{
 			switch(error.error())
 			{
-			case QSslError::UnableToVerifyFirstCertificate:
-			case QSslError::UnableToGetLocalIssuerCertificate:
+            case QSslError::UnableToVerifyFirstCertificate:
 			case QSslError::CertificateUntrusted:
+            case QSslError::UnableToGetLocalIssuerCertificate:
 			case QSslError::SelfSignedCertificateInChain:
-				if(reply->sslConfiguration().caCertificates().contains(reply->sslConfiguration().peerCertificate())) {
+				if(reply->sslConfiguration().caCertificates().contains(peer)) {
 					ignore.append(error);
 					break;
 				}
@@ -111,8 +112,10 @@ QSslConfiguration CheckConnection::sslConfiguration(const QByteArray &add)
 	trusted.reserve(list.size());
 	for(const auto &cert: list)
 		trusted.append(QSslCertificate(QByteArray::fromBase64(cert.toString().toLatin1()), QSsl::Der));
-	if(!add.isEmpty())
-		trusted.append(QSslCertificate(QByteArray::fromBase64(add), QSsl::Der));
+	if(!add.isEmpty()) {
+        QSslCertificate cert = QSslCertificate(add, QSsl::Der);
+		trusted.append(cert);
+	}
 	ssl.setCaCertificates(trusted);
 #endif
 	return ssl;

diff --git a/client/Crypto.cpp b/client/Crypto.cpp
@@ -28,6 +28,7 @@
 #include <openssl/ec.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 #include <openssl/kdf.h>
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
@@ -331,6 +332,15 @@ QByteArray Crypto::sign_hmac(const QByteArray &key, const QByteArray &data)
 	return sig;
 }
 
+QByteArray
+Crypto::hmacSha256(const QByteArray& key, const QByteArray& data)
+{
+	uint8_t b[32];
+	unsigned int len = 32;
+	HMAC(EVP_sha256(), key.data(), (int) key.size(), (const uint8_t *) data.data(), (int) data.size(), b, &len);
+	return QByteArray((const char *) b, len);
+}
+
 QByteArray Crypto::toPublicKeyDer(EVP_PKEY *key)
 {
 	if(!key)

diff --git a/client/Crypto.h b/client/Crypto.h
@@ -65,6 +65,7 @@ class Crypto
 	static QByteArray genKey(const EVP_CIPHER *cipher);
 	static QByteArray hkdf(const QByteArray &key, const QByteArray &salt, const QByteArray &info, int len = 32, int mode = 0);
 	static QByteArray sign_hmac(const QByteArray &key, const QByteArray &data);
+	static QByteArray hmacSha256(const QByteArray& key, const QByteArray& data);
 	static QByteArray toPublicKeyDer(EVP_PKEY *key);
 	static QByteArray toPublicKeyDer(const QSslKey &key);
 	static QByteArray random(int len = 32);

diff --git a/client/MainWindow.cpp b/client/MainWindow.cpp
@@ -52,6 +52,8 @@
 #include <QtPrintSupport/QPrintPreviewDialog>
 #include <QtWidgets/QMessageBox>
 
+#include <digidocpp/crypto/X509Cert.h>
+
 using namespace ria::qdigidoc4;
 using namespace std::chrono;
 
@@ -365,9 +367,12 @@ void MainWindow::onSignAction(int action, const QString &info1, const QString &i
 		break;
 	case SignatureSmartID:
 		sign([this, info1, info2](const QString &city, const QString &state, const QString &zip, const QString &country, const QString &role) {
-			SmartIDProgress s(this);
-			return s.init(info1, info2, digiDoc->fileName()) &&
-				digiDoc->sign(city, state, zip, country, role, &s);
+            SmartIDProgress s(this);
+            if (!s.init(info1, info2, digiDoc->fileName())) return false;
+            std::string subj_name = s.cert().subjectName("serialNumber");
+            if (subj_name.starts_with("PNOEE-")) subj_name = subj_name.substr(6, subj_name.size() - 6);
+            return ui->signContainerPage->checkIfAlreadySigned(SignatureMobile, QString::fromStdString(subj_name), {}) &&
+                digiDoc->sign(city, state, zip, country, role, &s);
 		});
 		break;
 	case ClearSignatureWarning:

diff --git a/client/dialogs/MobileProgress.ui b/client/dialogs/MobileProgress.ui
@@ -3,7 +3,7 @@
  <class>MobileProgress</class>
  <widget class="QDialog" name="MobileProgress">
   <property name="windowModality">
-   <enum>Qt::WindowModal</enum>
+   <enum>Qt::WindowModality::WindowModal</enum>
   </property>
   <property name="geometry">
    <rect>
@@ -64,7 +64,7 @@ background-color: #82A9D3;
     <number>30</number>
    </property>
    <property name="sizeConstraint">
-    <enum>QLayout::SetFixedSize</enum>
+    <enum>QLayout::SizeConstraint::SetFixedSize</enum>
    </property>
    <property name="leftMargin">
     <number>40</number>
@@ -95,20 +95,20 @@ background-color: #82A9D3;
         <string>Control code:</string>
        </property>
        <property name="alignment">
-        <set>Qt::AlignCenter</set>
+        <set>Qt::AlignmentFlag::AlignCenter</set>
        </property>
       </widget>
      </item>
      <item>
       <widget class="QLabel" name="code">
        <property name="focusPolicy">
-        <enum>Qt::TabFocus</enum>
+        <enum>Qt::FocusPolicy::TabFocus</enum>
        </property>
        <property name="text">
         <string notr="true">1234</string>
        </property>
        <property name="alignment">
-        <set>Qt::AlignCenter</set>
+        <set>Qt::AlignmentFlag::AlignCenter</set>
        </property>
       </widget>
      </item>
@@ -118,7 +118,7 @@ background-color: #82A9D3;
         <string notr="true">Make sure control code matches with one in phone screen and enter mobile-ID PIN2-code.</string>
        </property>
        <property name="alignment">
-        <set>Qt::AlignCenter</set>
+        <set>Qt::AlignmentFlag::AlignCenter</set>
        </property>
        <property name="wordWrap">
         <bool>true</bool>
@@ -145,7 +145,7 @@ background-color: #82A9D3;
           <number>0</number>
          </property>
          <property name="alignment">
-          <set>Qt::AlignCenter</set>
+          <set>Qt::AlignmentFlag::AlignCenter</set>
          </property>
          <property name="textVisible">
           <bool>false</bool>
@@ -159,7 +159,7 @@ background-color: #82A9D3;
      </item>
     </layout>
    </item>
-   <item alignment="Qt::AlignHCenter">
+   <item alignment="Qt::AlignmentFlag::AlignHCenter">
     <widget class="QPushButton" name="cancel">
      <property name="cursor">
       <cursorShape>PointingHandCursor</cursorShape>