Interact with cloudfront directly for iOS 13

This commit is contained in:
Nora Trapp 2019-06-25 18:41:42 -07:00
parent 0f1924cdb4
commit e39e9774a4
3 changed files with 28 additions and 1 deletions

View File

@ -23,6 +23,8 @@ extern NSString *const OWSFrontingHost_GoogleQatar;
+ (BOOL)isCensoredPhoneNumber:(NSString *)e164PhoneNumber;
+ (AFSecurityPolicy *)pinningPolicyWithCertNames:(NSArray<NSString *> *)certNames;
@property (nonatomic, readonly) NSString *signalServiceReflectorHost;
@property (nonatomic, readonly) NSString *CDNReflectorHost;
@property (nonatomic, readonly) NSURL *domainFrontBaseURL;

View File

@ -239,7 +239,13 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange =
OWSLogInfo(@"using reflector CDNSessionManager via: %@", censorshipConfiguration.domainFrontBaseURL);
result = [self reflectorCDNSessionManagerWithCensorshipConfiguration:censorshipConfiguration];
} else {
result = self.defaultCDNSessionManager;
// On iOS 13 there is a bug that currently prevents us from telling iOS our CDN is trusted.
// As a workaround, connect to cloudfront directly for now.
if (@available(iOS 13, *)) {
result = self.iOS13CDNSessionManager;
} else {
result = self.defaultCDNSessionManager;
}
}
// By default, CDN content should be binary.
result.responseSerializer = [AFHTTPResponseSerializer serializer];
@ -263,6 +269,24 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange =
return sessionManager;
}
- (AFHTTPSessionManager *)iOS13CDNSessionManager
{
NSURL *baseURL = [[NSURL alloc] initWithString:textSecureDirectCDNServerURL];
OWSAssertDebug(baseURL);
NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration;
AFHTTPSessionManager *sessionManager = [[AFHTTPSessionManager alloc] initWithBaseURL:baseURL
sessionConfiguration:sessionConf];
sessionManager.securityPolicy =
[OWSCensorshipConfiguration pinningPolicyWithCertNames:@[ @"DigiCertGlobalRootG2" ]];
// Default acceptable content headers are rejected by AWS
sessionManager.responseSerializer.acceptableContentTypes = nil;
return sessionManager;
}
- (AFHTTPSessionManager *)reflectorCDNSessionManagerWithCensorshipConfiguration:
(OWSCensorshipConfiguration *)censorshipConfiguration
{

View File

@ -28,6 +28,7 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) {
#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
#define textSecureCDNServerURL @"https://cdn.signal.org"
#define textSecureDirectCDNServerURL @"https://d83eunklitikj.cloudfront.net"
// Use same reflector for service and CDN
#define textSecureServiceReflectorHost @"europe-west1-signal-cdn-reflector.cloudfunctions.net"
#define textSecureCDNReflectorHost @"europe-west1-signal-cdn-reflector.cloudfunctions.net"