Use SocketRocket pluggable policies (#15)
* Use SocketRocket pluggable policies Pluggable policies are currently only in our fork, but pending upstream PR: https://github.com/facebook/SocketRocket/pull/429 Also: * rebased SocketRocket against latest upstream to incorporate bug fixes. * adapt to new upstream API for error handling (vs previous exception throwing) * renamed AFSecurityOWSPolicy -> OWSHTTPSecurityPolicy to differentiate it from OSWWebSocketSecurityPolicy * Follow conventional singleton pattern with onceToken * bump xcode version to play nice with SWIFT_NAME in SocketRocket // FREEBIE
This commit is contained in:
parent
80671b247f
commit
664162fe24
@ -1,7 +1,6 @@
|
||||
language: objective-c
|
||||
|
||||
osx_image: xcode7.1
|
||||
xcode_sdk: iphonesimulator9.1
|
||||
osx_image: xcode7.3
|
||||
env:
|
||||
- TEST_DIR=Example/TSKitiOSTestApp
|
||||
|
||||
@ -14,6 +13,11 @@ before_install:
|
||||
|
||||
install: pod install
|
||||
|
||||
script:
|
||||
- |
|
||||
set -o pipefail
|
||||
xcodebuild -workspace TSKitiOSTestApp.xcworkspace -scheme TSKitiOSTestApp -sdk iphonesimulator build test
|
||||
|
||||
xcode_workspace: TSKitiOSTestApp.xcworkspace
|
||||
xcode_scheme: TSKitiOSTestApp
|
||||
|
||||
|
||||
@ -2,8 +2,8 @@ platform :ios, '8.0'
|
||||
source 'https://github.com/CocoaPods/Specs.git'
|
||||
|
||||
target 'TSKitiOSTestApp' do
|
||||
pod 'SocketRocket', git: 'https://github.com/WhisperSystems/SocketRocket.git', branch: 'pluggable-security-policies'
|
||||
pod 'SignalServiceKit', :path => '../../SignalServiceKit.podspec'
|
||||
pod 'SocketRocket', git: 'https://github.com/WhisperSystems/SocketRocket.git', branch: 'signal-ios'
|
||||
|
||||
target 'TSKitiOSTestAppTests' do
|
||||
inherit! :search_paths
|
||||
|
||||
@ -34,7 +34,7 @@ PODS:
|
||||
- Mantle/extobjc (2.0.7)
|
||||
- ProtocolBuffers (1.9.10)
|
||||
- Reachability (3.2)
|
||||
- SignalServiceKit (0.0.4):
|
||||
- SignalServiceKit (0.0.6):
|
||||
- '25519'
|
||||
- AFNetworking
|
||||
- AxolotlKit
|
||||
@ -105,18 +105,18 @@ PODS:
|
||||
|
||||
DEPENDENCIES:
|
||||
- SignalServiceKit (from `../../SignalServiceKit.podspec`)
|
||||
- SocketRocket (from `https://github.com/WhisperSystems/SocketRocket.git`, branch `signal-ios`)
|
||||
- SocketRocket (from `https://github.com/WhisperSystems/SocketRocket.git`, branch `pluggable-security-policies`)
|
||||
|
||||
EXTERNAL SOURCES:
|
||||
SignalServiceKit:
|
||||
:path: "../../SignalServiceKit.podspec"
|
||||
SocketRocket:
|
||||
:branch: signal-ios
|
||||
:branch: pluggable-security-policies
|
||||
:git: https://github.com/WhisperSystems/SocketRocket.git
|
||||
|
||||
CHECKOUT OPTIONS:
|
||||
SocketRocket:
|
||||
:commit: 587ad297eb63eb0d64d4caeb32a7da646ad1132b
|
||||
:commit: cb2cf164c0d215aaff4666918efcc2fca33fc54b
|
||||
:git: https://github.com/WhisperSystems/SocketRocket.git
|
||||
|
||||
SPEC CHECKSUMS:
|
||||
@ -129,7 +129,7 @@ SPEC CHECKSUMS:
|
||||
Mantle: bc40bb061d8c2c6fb48d5083e04d928c3b7f73d9
|
||||
ProtocolBuffers: d088180c10072b3d24a9939a6314b7b9bcc2340b
|
||||
Reachability: 33e18b67625424e47b6cde6d202dce689ad7af96
|
||||
SignalServiceKit: e27a3025c2d5c61696386e44a50ac8d2fe83151e
|
||||
SignalServiceKit: 850620cd1535f8628474121e7ea142ff1fe236a6
|
||||
SocketRocket: 3f77ec2104cc113add553f817ad90a77114f5d43
|
||||
SQLCipher: 4c768761421736a247ed6cf412d9045615d53dff
|
||||
SSKeychain: c71293fa57216a40ab06c23f4085387583293de4
|
||||
@ -137,6 +137,6 @@ SPEC CHECKSUMS:
|
||||
UnionFind: c33be5adb12983981d6e827ea94fc7f9e370f52d
|
||||
YapDatabase: c00f4197bba2fea17bdbd82c8e8e3f7104b6fa67
|
||||
|
||||
PODFILE CHECKSUM: 6bebc6fc58d19a6a56c27878035f7a074da10006
|
||||
PODFILE CHECKSUM: 2954694f716c25ed9c0cbb599e1dae9612f0da5e
|
||||
|
||||
COCOAPODS: 1.0.1
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
|
||||
Pod::Spec.new do |s|
|
||||
s.name = "SignalServiceKit"
|
||||
s.version = "0.0.5"
|
||||
s.version = "0.0.6"
|
||||
s.summary = "An Objective-C library for communicating with the Signal messaging service."
|
||||
|
||||
s.description = <<-DESC
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
|
||||
#import <AFNetworking/AFNetworking.h>
|
||||
|
||||
#import "AFSecurityOWSPolicy.h"
|
||||
#import "OWSHTTPSecurityPolicy.h"
|
||||
|
||||
#import "NSURLSessionDataTask+StatusCode.h"
|
||||
#import "TSAccountManager.h"
|
||||
@ -45,7 +45,7 @@ typedef void (^failureBlock)(NSURLSessionDataTask *task, NSError *error);
|
||||
self.operationManager =
|
||||
[[AFHTTPSessionManager alloc] initWithBaseURL:[[NSURL alloc] initWithString:textSecureServerURL]
|
||||
sessionConfiguration:sessionConf];
|
||||
self.operationManager.securityPolicy = [AFSecurityOWSPolicy OWS_PinningPolicy];
|
||||
self.operationManager.securityPolicy = [OWSHTTPSecurityPolicy sharedPolicy];
|
||||
}
|
||||
return self;
|
||||
}
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
#import "TSSocketManager.h"
|
||||
#import "TSStorageManager+keyingMaterial.h"
|
||||
|
||||
#import "AFSecurityOWSPolicy.h"
|
||||
#import "OWSWebsocketSecurityPolicy.h"
|
||||
#import "Cryptography.h"
|
||||
|
||||
#define kWebSocketHeartBeat 30
|
||||
@ -100,9 +100,8 @@ NSString *const SocketConnectingNotification = @"SocketConnectingNotification";
|
||||
[textSecureWebSocketAPI stringByAppendingString:[[self sharedManager] webSocketAuthenticationString]];
|
||||
NSURL *webSocketConnectURL = [NSURL URLWithString:webSocketConnect];
|
||||
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:webSocketConnectURL];
|
||||
request.SR_securityPolicy = [AFSecurityOWSPolicy OWS_PinningPolicy];
|
||||
|
||||
socket = [[SRWebSocket alloc] initWithURLRequest:request];
|
||||
socket = [[SRWebSocket alloc] initWithURLRequest:request securityPolicy:[OWSWebsocketSecurityPolicy sharedPolicy]];
|
||||
socket.delegate = [self sharedManager];
|
||||
|
||||
[[self sharedManager] setWebsocket:socket];
|
||||
@ -226,10 +225,11 @@ NSString *const SocketConnectingNotification = @"SocketConnectingNotification";
|
||||
}
|
||||
|
||||
- (void)webSocketHeartBeat {
|
||||
@try {
|
||||
[self.websocket sendPing:nil];
|
||||
} @catch (NSException *exception) {
|
||||
DDLogWarn(@"Caught exception while trying to write on the socket %@", exception.debugDescription);
|
||||
NSError *error;
|
||||
|
||||
[self.websocket sendPing:nil error:&error];
|
||||
if (error) {
|
||||
DDLogWarn(@"Error in websocket heartbeat: %@", error.localizedDescription);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
//
|
||||
// AFSecurityPolicyNone.h
|
||||
// Signal
|
||||
//
|
||||
// Created by Fred on 01/09/15.
|
||||
// Copyright © 2015 Open Whisper Systems. All rights reserved.
|
||||
//
|
||||
|
||||
#import <SocketRocket/NSURLRequest+SRWebSocket.h>
|
||||
#import "AFSecurityPolicy.h"
|
||||
|
||||
@interface AFSecurityOWSPolicy : AFSecurityPolicy <SRSecurityPolicy>
|
||||
|
||||
+ (instancetype)OWS_PinningPolicy;
|
||||
|
||||
@end
|
||||
12
src/Security/OWSHTTPSecurityPolicy.h
Normal file
12
src/Security/OWSHTTPSecurityPolicy.h
Normal file
@ -0,0 +1,12 @@
|
||||
//
|
||||
// Created by Fred on 01/09/15.
|
||||
// Copyright © 2015 Open Whisper Systems. All rights reserved.
|
||||
//
|
||||
|
||||
#import <AFNetworking/AFSecurityPolicy.h>
|
||||
|
||||
@interface OWSHTTPSecurityPolicy : AFSecurityPolicy
|
||||
|
||||
+ (instancetype)sharedPolicy;
|
||||
|
||||
@end
|
||||
@ -1,23 +1,21 @@
|
||||
//
|
||||
// AFSecurityPolicyNone.m
|
||||
// Signal
|
||||
//
|
||||
// Created by Fred on 01/09/15.
|
||||
// Copyright © 2015 Open Whisper Systems. All rights reserved.
|
||||
//
|
||||
|
||||
#import "OWSHTTPSecurityPolicy.h"
|
||||
|
||||
#import <AssertMacros.h>
|
||||
#import "AFSecurityOWSPolicy.h"
|
||||
|
||||
@implementation AFSecurityOWSPolicy
|
||||
@implementation OWSHTTPSecurityPolicy
|
||||
|
||||
+ (instancetype)OWS_PinningPolicy {
|
||||
static AFSecurityOWSPolicy *sharedMyManager = nil;
|
||||
@synchronized(self) {
|
||||
if (sharedMyManager == nil)
|
||||
sharedMyManager = [[self alloc] initWithOWSPolicy];
|
||||
}
|
||||
return sharedMyManager;
|
||||
+ (instancetype)sharedPolicy {
|
||||
static OWSHTTPSecurityPolicy *httpSecurityPolicy = nil;
|
||||
static dispatch_once_t onceToken;
|
||||
dispatch_once(&onceToken, ^{
|
||||
httpSecurityPolicy = [[self alloc] initWithOWSPolicy];
|
||||
});
|
||||
return httpSecurityPolicy;
|
||||
}
|
||||
|
||||
- (instancetype)initWithOWSPolicy {
|
||||
@ -84,7 +82,6 @@
|
||||
return YES;
|
||||
}
|
||||
|
||||
|
||||
static BOOL AFServerTrustIsValid(SecTrustRef serverTrust) {
|
||||
BOOL isValid = NO;
|
||||
SecTrustResultType result;
|
||||
9
src/Security/OWSWebsocketSecurityPolicy.h
Normal file
9
src/Security/OWSWebsocketSecurityPolicy.h
Normal file
@ -0,0 +1,9 @@
|
||||
// Copyright © 2016 Open Whisper Systems. All rights reserved.
|
||||
|
||||
#import <SocketRocket/SRSecurityPolicy.h>
|
||||
|
||||
@interface OWSWebsocketSecurityPolicy : SRSecurityPolicy
|
||||
|
||||
+ (instancetype)sharedPolicy;
|
||||
|
||||
@end
|
||||
24
src/Security/OWSWebsocketSecurityPolicy.m
Normal file
24
src/Security/OWSWebsocketSecurityPolicy.m
Normal file
@ -0,0 +1,24 @@
|
||||
// Copyright © 2016 Open Whisper Systems. All rights reserved.
|
||||
|
||||
#import "OWSWebsocketSecurityPolicy.h"
|
||||
|
||||
#import <SocketRocket/SRSecurityPolicy.h>
|
||||
#import "OWSHTTPSecurityPolicy.h"
|
||||
|
||||
@implementation OWSWebsocketSecurityPolicy
|
||||
|
||||
+ (instancetype)sharedPolicy {
|
||||
static OWSWebsocketSecurityPolicy *websocketSecurityPolicy = nil;
|
||||
static dispatch_once_t onceToken;
|
||||
dispatch_once(&onceToken, ^{
|
||||
websocketSecurityPolicy = [[self alloc] initWithCertificateChainValidationEnabled:NO];
|
||||
});
|
||||
return websocketSecurityPolicy;
|
||||
}
|
||||
|
||||
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain {
|
||||
// Delegate server trust to our existing HTTP policy.
|
||||
return [[OWSHTTPSecurityPolicy sharedPolicy] evaluateServerTrust:serverTrust forDomain:domain];
|
||||
}
|
||||
|
||||
@end
|
||||
Loading…
Reference in New Issue
Block a user