AppIntegrity Feature #232
AppIntegrity Feature #232
Conversation
jeyanthanperiyasamy
force-pushed
the
SDKS-2630
branch
7 times, most recently
from
d6986d4
to
21bbdcf
Compare
jeyanthanperiyasamy
requested review from
spetrov,
rodrigoareis,
vahancouver,
george-bafaloukas-forgerock and
witrisna
| @@ -57,6 +57,11 @@ | |||
| BlueprintName = "FRAuthTests" | |||
| ReferencedContainer = "container:FRAuth.xcodeproj"> | |||
| </BuildableReference> | |||
| <SkippedTests> | |||
| <Test | |||
| Identifier = "AA_07_AppIntegrityTest/test_01_test_app_integrity()"> | |||
There was a problem hiding this comment.
Why are we skipping this? Should that be committed
There was a problem hiding this comment.
The tests are written and the classes are committed, i just disabled tests because it will only work in local box for now and feature is not available in AM , so when the AM is ready we will add this test back. otherwise it will fail the tests in bitbar when this story merge to dev branch
| case .featureUnsupported: | ||
| return "Unsupported" | ||
| default: | ||
| return "ClientDeviceErrors" |
There was a problem hiding this comment.
I suggest we centralize the strings for errors or outcomes. Either in a utility class (we might have one already) or at least top of the file, on a let
There was a problem hiding this comment.
taken care , i abstracted all the errors in to his own enum.
| } | ||
| self.assertToken = assertKey | ||
|
|
||
| guard let clientData = inputNames.filter({ $0.contains("IDToken1clientData") }).first else { |
There was a problem hiding this comment.
Make the keys lets or a an enum
There was a problem hiding this comment.
addressed
jeyanthanperiyasamy
force-pushed
the
SDKS-2630
branch
4 times, most recently
from
47663b5
to
6d70c8f
Compare
|
|
||
| /// Protocol to override attestation | ||
| @available(iOS 14.0, *) | ||
| public protocol FRAppAttestation { |
There was a problem hiding this comment.
Should we consider FRAppAttestation , FRAppAttestDomainModal, FRAppAttestService as internal class?
Do we need developer to have access of those interfaces?
There was a problem hiding this comment.
@witrisna i think the constructor injection in once of class made all the cascading class to public, i have provided the fix, this will be internal . if you remove public its default to internal in swift . Good Catch
| /// - keyIdentifier: The identifier you received when generating a cryptographic key by calling the generateKey(completionHandler:) method. | ||
| /// - clientDataHash: A SHA256 hash of a unique, single-use data block that represents the client data to be signed with the attested private key. | ||
| /// - Returns: A data structure that you send to your server for processing OR A DCError instance that indicates the reason for failure, or nil on success. | ||
| public func generateAssertion(keyIdentifier: String, clientDataHash: Data) async throws -> Data { |
| } | ||
|
|
||
| /// Creates a new cryptographic key for use with the App Attest service. | ||
| public func generateKey() async throws -> String { |
There was a problem hiding this comment.
Add Throws and Returns to doc
| } | ||
|
|
||
| /// A Boolean value that indicates whether a particular device provides the App Attest service. | ||
| public func isSupported() -> Bool { |
| /// | ||
| /// - Parameter service: FRAppAttestService to connect AppAttestation server | ||
| /// - Parameter bundleIdentifier: BundleId of the application | ||
| /// - encoder encoder: Encoder to endode the Data |
There was a problem hiding this comment.
Should read "- Parameter encoder" and there is a type in encode word
| /// Handle attestation and assertion | ||
| /// - Parameter challenge: Challenge Received from server | ||
| /// - Returns: FRAppIntegrityKeys for attestation and assertion | ||
| public func attest(challenge: String) async throws -> FRAppIntegrityKeys { |
| default: | ||
| return FRAppIntegrityClientError.clientDeviceErrors.rawValue | ||
| } | ||
| } |
There was a problem hiding this comment.
Instead of this map Error method, I suggest adding a property in FRDeviceCheckAPIFailure like this code below. I think it's cleaner especially when using it
var clientError: String {
switch self {
case .featureUnsupported:
return FRAppIntegrityClientError.unSupported.rawValue
default:
return FRAppIntegrityClientError.clientDeviceErrors.rawValue
}
}
There was a problem hiding this comment.
perfect, i like this one. lets do this @vahancouver
| @available(iOS 14.0, *) | ||
| public protocol FRAppAttestation { | ||
| func attest(challenge: String) async throws -> FRAppIntegrityKeys | ||
| } |
There was a problem hiding this comment.
Should we add doumentation for protocol methods as well?
There was a problem hiding this comment.
i am about to modify this and make as a internal protocol . i am happy to add it if thats a team standard, but i like to add docs for any public facing methods
| func attest(keyIdentifier: String, clientDataHash: Data) async throws -> Data | ||
| func generateAssertion(keyIdentifier: String, clientDataHash: Data) async throws -> Data | ||
| func isSupported() -> Bool | ||
| } |
There was a problem hiding this comment.
Should we add doumentation for protocol methods as well?
| public private(set) var assertToken: String | ||
|
|
||
| /// keys received from AM | ||
| private enum keys: String { |
There was a problem hiding this comment.
Enum name should be uppercase
There was a problem hiding this comment.
i will remove this keys enum and add in to the CBConstants
| case clientError = "IDToken1clientError" | ||
| case keyId = "IDToken1keyId" | ||
| case clientData = "IDToken1clientData" | ||
| } |
There was a problem hiding this comment.
Also in other callbacks we never add local Keys enum. we try to reuse CBConstants, and if anything is missing, let's add there
| /// - Parameter attestation: Optional Protocol for providing a ``FRAppAttestation`` to implement own attestation | ||
| @available(iOS 14.0, *) | ||
| public func attest(attestation: FRAppAttestation | ||
| = FRAppAttestDomainModal()) async throws { |
jeyanthanperiyasamy
force-pushed
the
SDKS-2630
branch
from
6d70c8f
to
17f4e99
Compare
|
all the comments where addressed , please review one more time and we can call this complete @vahancouver @george-bafaloukas-forgerock @rodrigoareis @witrisna . |
JIRA Ticket
Please, link jira ticket here.
Description
Briefly describe the change and any information that would help speedup the review and testing process.
Definition of Done Checklist: