{"id":13681598,"url":"https://github.com/web-eid/web-eid-app","last_synced_at":"2026-01-17T07:47:32.481Z","repository":{"id":37896469,"uuid":"322340899","full_name":"web-eid/web-eid-app","owner":"web-eid","description":"The Web eID application performs cryptographic digital signing and authentication operations with electronic ID smart cards for the Web eID browser extension","archived":false,"fork":false,"pushed_at":"2024-10-16T07:56:44.000Z","size":4132,"stargazers_count":25,"open_issues_count":14,"forks_count":29,"subscribers_count":12,"default_branch":"main","last_synced_at":"2024-10-17T23:48:54.925Z","etag":null,"topics":["authentication","cpp","cryptography","digital-signature","eid-card","pcsc","pkcs11","qt","smartcard","web-eid"],"latest_commit_sha":null,"homepage":"https://web-eid.eu","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/web-eid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-17T15:47:50.000Z","updated_at":"2024-10-16T07:56:49.000Z","dependencies_parsed_at":"2023-09-29T21:13:45.093Z","dependency_job_id":"542bfa3c-5cd5-4afc-a8eb-cc0be0f1020e","html_url":"https://github.com/web-eid/web-eid-app","commit_stats":null,"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-eid%2Fweb-eid-app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-eid%2Fweb-eid-app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-eid%2Fweb-eid-app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-eid%2Fweb-eid-app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/web-eid","download_url":"https://codeload.github.com/web-eid/web-eid-app/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224201694,"owners_count":17272623,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","cpp","cryptography","digital-signature","eid-card","pcsc","pkcs11","qt","smartcard","web-eid"],"created_at":"2024-08-02T13:01:32.815Z","updated_at":"2026-01-17T07:47:32.453Z","avatar_url":"https://github.com/web-eid.png","language":"C++","readme":"# web-eid-app\n\n![European Regional Development Fund](https://github.com/open-eid/DigiDoc4-Client/blob/master/client/images/EL_Regionaalarengu_Fond.png)\n\nThe Web eID application performs cryptographic digital signing and\nauthentication operations with electronic ID smart cards for the Web eID\nbrowser extension (it is the [native messaging host](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging)\nfor the extension). Also works standalone without the extension in command-line\nmode.\n\nMore information about the Web eID project is available on the project [website](https://web-eid.eu/).\n\nOverview of the Web eID system architecture is available in the [system architecture document](https://github.com/web-eid/web-eid-system-architecture-doc).\n\nCommand-line mode is described first as it is easily accessible for testing. Input-output mode that the application uses for communication with the browser extension is described [below](#input-output-mode).\n\n## Command-line mode\n\nCommand-line mode is useful both for testing and for using the application\noutside of the Web eID browser extension context.\n\n### Usage\n\nUsage:\n\n    web-eid [options] command arguments\n\nOptions:\n\n```\n  -h, --help               Displays help.\n  -c, --command-line-mode  Command-line mode, read commands from command line\n                           arguments instead of standard input.\n```\n\nArguments:\n\n```\n  command                  The command to execute in command-line mode, any of\n                           'get-signing-certificate', 'authenticate', 'sign'.\n  arguments                Arguments to the given command as a JSON-encoded\n                           string.\n```\n\n### Authenticate\n\nThe authentication command creates the [Web eID authentication token](https://github.com/web-eid/web-eid-system-architecture-doc#web-eid-authentication-token-specification)\nand signs it with the authentication key.\n\nThe authentication command requires the challenge nonce and origin URL as\nJSON-encoded command-line arguments:\n\n    web-eid -c authenticate '{\"challengeNonce\": \"12345678901234567890123456789012345678901234\", \"origin\": \"https://ria.ee\"}'\n\nThe result will be written to standard output as a JSON-encoded message that\neither contains the authentication token or an error code. Successful output\nexample:\n\n```json\n{\n    \"unverifiedCertificate\": \"MIIEAzCCA2WgAwIBAgIQHWbVWxCkcYxbzz9nBzGrDzAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTE4MTAyMzE1MzM1OVoXDTIzMTAyMjIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ/u+9IncarVpgrACN6aRgUiT9lWC9H7llnxoEXe8xoCI982Md8YuJsVfRdeG5jwVfXe0N6KkHLFRARspst8qnACULkqFNat/Kj+XRwJ2UANeJ3Gl5XBr+tnLNuDf/UiR6jggHDMIIBvzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBHBgNVHSAEQDA+MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAIBgYEAI96AQIwHwYDVR0RBBgwFoEUMzgwMDEwODU3MThAZWVzdGkuZWUwHQYDVR0OBBYEFOTddHnA9rJtbLwhBNyn0xZTQGCMMGEGCCsGAQUFBwEDBFUwUzBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBiwAwgYcCQgHYElkX4vn821JR41akI/lpexCnJFUf4GiOMbTfzAxpZma333R8LNrmI4zbzDp03hvMTzH49g1jcbGnaCcbboS8DAJBObenUp++L5VqldHwKAps61nM4V+TiLqD0jILnTzl+pV+LexNL3uGzUfvvDNLHnF9t6ygi8+Bsjsu3iHHyM1haKM=\",\n    \"algorithm\": \"ES384\",\n    \"signature\": \"j8KBTYCXZ8OLuL6eoitRlSmiqw6oIsIJmDm6SttGYvEaJUkBS5kLeCeaokQm5u5viLEJy9iUDONEVlcnLgHIlOZUoEozPNw+AzjI9n7n/D25koYrzmGvMsHX1AKbwqAc\",\n    \"format\": \"web-eid:1.0\",\n    \"appVersion\": \"https://web-eid.eu/web-eid-app/releases/2.0.0+0\"\n}\n```\n\nError example:\n\n    {\"error\": {\"code\": \"ERR_WEBEID_NATIVE_FATAL\", \"message\": \"Invalid origin\"}}\n\nThe full specification of the format is available in the [Web eID system\narchitecture document](https://github.com/web-eid/web-eid-system-architecture-doc#web-eid-authentication-token-specification).\n\n### Get signing certificate\n\nThe get signing certificate command retrieves the digital signing certificate.\n\nFor security reasons, the authentication certificate can only be accessed through the `\"authenticate\"` command and there is no support for signing of raw hash values with the authentication key.\n\nPass the origin URL as JSON-encoded command-line argument to the `get-signing-certificate`\ncommand to retrieve the digital signing certificate:\n\n    web-eid -c get-signing-certificate '{\"origin\": \"https://ria.ee\"}'\n\nThe result will be written to standard output as a JSON-encoded message that\neither contains the requested Base64-encoded certificate and supported\nsignature algorithms, or an error object with a symbolic error code. Successful\noutput example:\n\n```json\n{\"certificate\":\"MIID7DCCA02gAwIBAgIQOZYpcFbeurZbzz9ngqCZsTAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTE4MTAyMzE1MzM1OVoXDTIzMTAyMjIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASKvaAJSGYBrLcvq0KjgM1sOAS9vbtqeSS2OkqyY4i5AazaetYmCtXKOqUUeljOJUGBUzljDFlAEPHs5Fn+vFT7+cGkOVCA93PBYKVsA9avcWyMwgQQJoW6kA4ZN9yD/mijggGrMIIBpzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGQDBIBgNVHSAEQTA/MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAJBgcEAIvsQAECMB0GA1UdDgQWBBRYwsjA5GJ7HWPvD8ByThPTZ6j3PDCBigYIKwYBBQUHAQMEfjB8MAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwUQYGBACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRpdGlvbnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBjAAwgYgCQgDBTN1LM08SeH18xKQplqAmV8AQhVvrOxRELCmYp54Qr0XTi2i7kMw0k8gVOV84RlPQP6/ayjs4+ytRbIdkBZK1vQJCARF17/gWYUu7bmy/AXT6fWgyuDV5j2UC2cWDFhPUYyS99rdLGSfP10rP9mPK87Y+4HkfJB/qDyENnJYPa5mUsuFK\",\"supportedSignatureAlgorithms\":[{\"cryptoAlgorithm\":\"ECC\",\"hashFunction\":\"SHA-224\",\"paddingScheme\":\"NONE\"},{\"cryptoAlgorithm\":\"ECC\",\"hashFunction\":\"SHA-256\",\"paddingScheme\":\"NONE\"},{\"cryptoAlgorithm\":\"ECC\",\"hashFunction\":\"SHA-384\",\"paddingScheme\":\"NONE\"},{\"cryptoAlgorithm\":\"ECC\",\"hashFunction\":\"SHA-512\",\"paddingScheme\":\"NONE\"},{\"cryptoAlgorithm\":\"ECC\",\"hashFunction\":\"SHA3-224\",\"paddingScheme\":\"NONE\"},{\"cryptoAlgorithm\":\"ECC\",\"hashFunction\":\"SHA3-256\",\"paddingScheme\":\"NONE\"},{\"cryptoAlgorithm\":\"ECC\",\"hashFunction\":\"SHA3-384\",\"paddingScheme\":\"NONE\"},{\"cryptoAlgorithm\":\"ECC\",\"hashFunction\":\"SHA3-512\",\"paddingScheme\":\"NONE\"}]}\n```\n\nThe `supportedSignatureAlgorithms` field contains an array of objects that\nspecify the signature algorithms that the card supports. Each object has three\nmembers:\n\n- `cryptoAlgorithm`, the cryptographic algorithm, `ECC` for elliptic curve\n  cryptography or `RSA` for the Rivest-Shamir-Adleman algorithm;\n- `hashFunction`, the cryptographic hash function, any of the SHA-2 or SHA-3\n  standard algorithms, see _Allowed hash functions_ below in section _Sign_;\n- `paddingScheme`, the padding scheme used, for example `PKCS1.5` for PKCS#1\n  v1.5 padding.\n\n### Sign\n\nThe signing command signs the provided document hash with the signing key.\n\nThe signing command requires the Base64-encoded document hash, hash function,\norigin URL and previously retrieved Base64-encoded user signing certificate as\nJSON-encoded command-line arguments:\n\n    web-eid -c sign '{\"hash\": \"MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4\", \"hashFunction\": \"SHA-384\", \"origin\": \"https://ria.ee\", \"certificate\": \"MIID7DCCA02gAwIBAgIQGWaqJX+JmHFbyFd4ba1pajAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTE4MTAxODA5NTA0N1oXDTIzMTAxNzIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATF0tc74ZjE9UNp4iWwMFQ/zolrDB9XH//FJdwT6ynQBT8v6HNdxRF+z+8P81eRMHNb+VehUNUob/s5et7iW0bK28yQrlTcyHfQNxHMfBJFzDl+6QImU2fXKKK4oopV28ujggGrMIIBpzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGQDBIBgNVHSAEQTA/MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAJBgcEAIvsQAECMB0GA1UdDgQWBBTig5wckMK9lsiS+SbcAuZUPIWx1DCBigYIKwYBBQUHAQMEfjB8MAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwUQYGBACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRpdGlvbnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBjAAwgYgCQgFgoBAifjq0O56O8ivxAWI6zyBwQ8Vpag1qanuh7Qcxspac4mZshc+maWG2ZcxLSNSOJ1a8kxOKe+3PCbittcfwPgJCANc9dTngWTc/8PLLXM62W3FeRnhQqFtw+5askIKEBw5e6maOrxP2mcz9yvnfg0jS52gQ0r905Af0bwp6vVxObxVU\"}'\n\nAllowed hash function values are SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224,\nSHA3-256, SHA3-384, SHA3-512, and the hash function has to be supported by the\ncard (see the `hashFunction` member of `supportedSignatureAlgorithms` array elements\nin the `get-signing-certificate` command output). The document hash length has to match\nthe hash function output length and the hash function has to be supported by\nthe electronic ID signing implementation.\n\nThe user signing certificate for the `certificate` field can be retrieved\nwith the `get-signing-certificate` command as described above:\n\n    web-eid -c get-signing-certificate '{...other arguments as above...}'\n\nThe result will be written to standard output as a JSON-encoded message that\neither contains the Base64-encoded signature and the signature algorithm used\n(see the description of the `supportedSignatureAlgorithms` field above in section\n_Get certificate_), or an error code. Successful output example:\n\n```json\n{\n    \"signatureAlgorithm\": {\"hashFunction\": \"SHA-384\", \"paddingScheme\": \"NONE\", \"cryptoAlgorithm\": \"ECC\"},\n    \"signature\": \"oIw20YRlryXgAhGbHEKBCzQetVAE/S2VjqEQ1h+Kc9Scujcl37oOCmAgoHmEkG4Fpmp/z2waGw8ciJ1yXNpgzIaLhtyytFnFmcwR3zp6OKZTqHuEvTEAxZkxC6gLCxJh\"\n}\n```\n\n## Origin URL\n\nAll commands require the mandatory `origin` field in arguments that must contain the URL of the\nthe website origin, i.e. the URL serving the web application. `origin` URL must be in the form of\n`\u003cscheme\u003e \"://\" \u003chostname\u003e [ \":\" \u003cport\u003e ]` as defined in\n[MDN Web Docs](https://developer.mozilla.org/en-US/docs/Web/API/Location/origin),\nwhere `scheme` must be `https`. Note that the `origin` URL must not end with a slash `/`.\n\n## Changing the user interface language\n\nAll commands support an optional `lang` parameter that, if provided, must\ncontain a two-letter ISO 639-1 language code. If translations exist for the given\nlanguage, then the user interface will be displayed in this language.\nCurrently, English, Estonian, Finnish, Croatian and Russian translations are included.\n\nThe following example will display the user interface in Estonian:\n\n    web-eid -c get-signing-certificate '{\"lang\": \"et\", \"origin\": \"https://ria.ee\"}'\n\nSee also section [_Adding and updating translations_](#adding-and-updating-translations) below.\n\n## Input-output mode\n\nInput-output mode is intended for communicating with the Web eID browser extension.\nStart the application without options and arguments to activate the input-output mode:\n\n    web-eid\n\nInput-output mode supports the same commands, arguments and output as\ncommand-line mode. The command and arguments should be written as a\nJSON-encoded message to the application standard input:\n\n```json\n{\n  \"command\": \"authenticate\",\n  \"arguments\": { \"nonce\": \"...\", \"origin\": \"...\", \"origin-cert\": \"...\" }\n}\n```\n\nThe message should start with message length prefix in native-endian byte order\nin accordance with the [WebExtensions native messaging specification](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging).\n\nThe application exits after writing the result to the standard output.\n\nTo notify the browser extension that it is ready to receive commands, the\napplication initiates communication by sending its version to standard\noutput in input-output mode with the following message (actual version\nnumber varies):\n\n```json\n{ \"version\": \"1.0.0\" }\n```\n\nThere is a Python script in `tests/input-output-mode/test.py` that demonstrates\nhow to use input-output mode, it can be run with:\n\n    python tests/input-output-mode/test.py\n\n## Logging\n\nTo enable logging,\n\n- in Linux, run the following command in the console:\n\n      echo 'logging=true' \u003e ~/.config/RIA/web-eid.conf\n\n- in macOS, run the following commands in the console:\n\n      defaults write \\\n        \"$HOME/Library/Containers/eu.web-eid.web-eid/Data/Library/Preferences/eu.web-eid.web-eid.plist\" \\\n        logging true\n      defaults write \"$HOME/Library/Containers/eu.web-eid.web-eid-safari/Data/Library/Preferences/eu.web-eid.web-eid-safari.plist\" \\\n        logging true\n\n- in Windows, add the following registry key:\n\n      [HKEY_CURRENT_USER\\SOFTWARE\\RIA\\web-eid]\n      \"logging\"=\"true\"\n\nThe application writes logs to\n\n- `~/.local/share/RIA/web-eid/web-eid.log` in Linux\n- `~/Library/Containers/eu.web-eid.web-eid/Data/Library/Application\\ Support/RIA/web-eid/web-eid.log` in macOS\n- `~/Library/Containers/eu.web-eid.web-eid-safari/Data/Library/Application\\ Support/RIA/web-eid-safari/web-eid-safari.log` of Safari in macOS\n- `C:/Users/\u003cUSER\u003e/AppData/Local/RIA/web-eid/web-eid.log` in Windows.\n\n## Internal design\n\nThe Web eID native application is built with the [Qt](https://www.qt.io/) framework. It consists of\n\n- the Qt application bootstrapping code that starts the Qt event loop (in `src/app` and `src/controller/application.{cpp,hpp}`),\n- a controller component that is responsible for creating other component objects and coordinating communication between them and the user (in `src/controller/controller.{cpp,hpp}`),\n- command handlers that implement the actual PKI operations (authenticate, get signing certificate, sign) using the `libelectronic-id` library (in `src/controller/command-handlers`),\n- thread management code, including the card reader and smart card event monitoring thread (in `src/controller/threads`),\n- a dynamic user interface dialog built with Qt Widgets (interface in `src/controller/ui.hpp`, implementation in `src/ui`).\n- Code is compatible with Qt5 and Qt6 versions.\n\nThe controller has an event-driven internal design that supports unexpected events like card or reader removal or insertion during all operations. Communication with the smart card and card monitoring run in separate threads to assure responsive, non-blocking operations.\n\n## Safari extension\n\nThe Web eID extension for Safari is built as a [Safari web extension](https://developer.apple.com/documentation/safariservices/safari_web_extensions). The source code of the Safari extension is in the `src/mac` subdirectory.\n\nSafari web extensions are similar to [WebExtensions](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions) extensions that communicate with a native application, except that the native application is bundled with the extension. The extension can use a combination of JavaScript, CSS, and native code written in Objective-C or Swift. As extensions are built on the standard macOS app model, they are bundled inside an app and distributed through the App Store.\n\nThe extension's injected JavaScript script comes from the [_web-eid-webextension_ GitHub repository](https://github.com/web-eid/web-eid-webextension) and is shared with other browsers. The _web-eid-webextension_ repository is linked to `src/mac/js` as a Git submodule.\n\nThe injected script, the Safari web extension and the extension's native app live in different sandboxed environments, each with specific limits on what it can access. Like with WebExtensions, communication between the injected script and the web extension happens with message passing. The two runtime environments share a common format for message passing, and each provides an interface for sending and receiving messages.\n\nHowever, Apple does not provide a dedicated two-way communication channel between the extension and the extension's native app. Therefore a combination of [`NSNotificationCenter`](https://developer.apple.com/documentation/foundation/NSNotificationCenter) and [`NSUserDefaults`](https://developer.apple.com/documentation/foundation/nsuserdefaults) is used for sending and receiving messages between the extension and the extension's native app.\n\nThe extension's native component that coordinates launching the app and exchanging messages with it is in `safari-extension.mm`.\n\nThe extension's native app in `main.mm` is a thin adapter layer on top of the Qt-based Web eID native app libraries and calls the Web eID app API functions directly from Objective-C code. It also manages message exchange with the app extension.\n\n## Build environment setup\n\nYou can examine the files in the `.github/workflows/` directory to see how continuous integration build environment has been set up for different operating systems.\n\n### Ubuntu Linux\n\nRun all commands starting from `RUN apt-get update` from the following\n`Dockerfile`:\n\nhttps://github.com/mrts/docker-qt-cmake-gtest-valgrind-ubuntu/blob/master/Dockerfile\n\n### Windows\n\n- Download Visual Studio 2022 community installer from https://visualstudio.microsoft.com/ and install _Desktop C++ Development_\n- Install WIX toolset\n\n      dotnet tool install --global wix --version 6.0.2\n      wix extension -g add WixToolset.UI.wixext/6.0.2\n      wix extension -g add WixToolset.Util.wixext/6.0.2\n      wix extension -g add WixToolset.Bal.wixext/6.0.2\n\n- Download and install Git for Windows from https://git-scm.com/download/win\n- Download and install CMake from https://cmake.org/download/\n- Install _vcpkg_ by running the following commands in Powershell:\n\n      git clone https://github.com/microsoft/vcpkg.git C:\\vcpkg\n      cd C:\\vcpkg\n      .\\bootstrap-vcpkg.bat\n      .\\vcpkg integrate install\n\n- Install _Qt_ with the official [_Qt Online Installer_](https://www.qt.io/download-qt-installer),\n  choose _Custom installation \u003e Qt 6.10.0 \u003e MSVC 2022 64-bit_.\n\n### macOS\n\n- Install _Homebrew_ if not already installed:\n\n      /usr/bin/ruby -e \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)\"\n\n- Install _CMake_, _Google Test_, _OpenSSL_ and _Qt_ with _Homebrew_:\n\n      brew install cmake web-eid/gtest/gtest openssl qt@6 node\n\n- Create symlink to _OpenSSL_ location and setup environment variables required\n  by _CMake_:\n\n      export OPENSSL_ROOT_DIR=/usr/local/opt/openssl@3.0\n      export QT_DIR=/usr/local/opt/qt6/lib/cmake/Qt6\n\n## Building and testing\n\n    git clone --recurse-submodules git@github.com:web-eid/web-eid-app.git\n    cd web-eid-app\n    ./build.sh\n    ./test.sh\n    ./build/src/app/web-eid -c get-signing-certificate '{\"origin\":\"https://ria.ee\"}'\n\n### Building and testing in Windows\n\nUse _Powershell_ to run the following commands to build the project.\n\n- Set the _Qt_ installation directory variable:\n\n      $QT_ROOT = \"C:\\Qt\\6.10.0\\msvc2022_64\"\n\n- Set the _vcpkg_ installation directory variable:\n\n      $VCPKG_ROOT = \"C:\\vcpkg\"\n\n- Set the build type variable:\n\n      $BUILD_TYPE = \"RelWithDebInfo\"\n\n- Run _CMake_:\n\n      cmake -A x64 -B build -S .\n          \"-DCMAKE_PREFIX_PATH=${QT_ROOT}\" `\n          \"-DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake\" `\n          \"-DCMAKE_BUILD_TYPE=${BUILD_TYPE}\" `\n          \"-DVCPKG_MANIFEST_DIR=lib/libelectronic-id/.github\"\n\n- Run the build and installer build:\n\n      cmake --build build --config ${BUILD_TYPE}\n      cmake --build build --config ${BUILD_TYPE} --target installer\n\n- Add _Qt_ binary directory to path:\n\n      $env:PATH += \";${QT_ROOT}\\bin\"\n\n- Run tests:\n\n      ctest -V -C ${BUILD_TYPE} --test-dir build\n\n## Adding and updating translations\n\nYou can use the free [Qt Linguist application](https://doc.qt.io/qt-6/qtlinguist-index.html)\nto add and edit translations.\n\nRun the following command to update Qt Linguist TS files:\n\n      cmake --build build --config ${BUILD_TYPE} --target update_translations\n","funding_links":[],"categories":["C++"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fweb-eid%2Fweb-eid-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fweb-eid%2Fweb-eid-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fweb-eid%2Fweb-eid-app/lists"}