Trusted Entitlements: add support for signing request headers
#3424
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NachoSoto
added
the
refactor
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
from
03c29a7
to
beb69fc
Compare
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
2 times, most recently
from
658c490
to
b777a9f
Compare
NachoSoto
force-pushed
the
http-client-test-headers
branch
2 times, most recently
from
700fc54
to
50ad627
Compare
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
from
b777a9f
to
958a5a9
Compare
NachoSoto
commented
Nov 17, 2023
...gApps/PurchaseTesterSwiftUI/PurchaseTester.xcworkspace/xcshareddata/swiftpm/Package.resolved
Outdated
Show resolved
Hide resolved
NachoSoto
commented
Nov 17, 2023
| @@ -148,6 +148,14 @@ extension HTTPClient { | |||
| } | |||
| } | |||
|
|
|||
| static func headerParametersForSignatureHeader(with headers: RequestHeaders) -> RequestHeaders { | |||
| if let header = HTTPRequest.headerParametersForSignatureHeader(headers: headers) { | |||
| return [RequestHeader.headerParametersForSignature.rawValue: header] | |||
There was a problem hiding this comment.
This is tested by snapshot tests.
NachoSoto
force-pushed
the
http-client-test-headers
branch
from
26c660b
to
5d0afcb
Compare
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
from
958a5a9
to
01268ef
Compare
NachoSoto
commented
Nov 17, 2023
NachoSoto
added a commit
that referenced
this pull request
Nov 17, 2023
This allows us to verify exactly what headers are included in all requests. It also simplifies the implementation for #3424.
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
from
01268ef
to
7a2c93b
Compare
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
3 times, most recently
from
9ec2f4b
to
132dca7
Compare
NachoSoto
added a commit
that referenced
this pull request
Dec 8, 2023
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
NachoSoto
changed the title
Trusted Entitlements: add support for signing request headersTrusted Entitlements: add support for signing request headers
NachoSoto
commented
Dec 8, 2023
| } | ||
|
|
||
| @available(iOS 13.0, macOS 10.15, tvOS 13.0, watchOS 6.2, *) | ||
| static func signingParameterHash(_ values: [String]) -> String { |
There was a problem hiding this comment.
This is now a shared method for both POST body and header parameters.
NachoSoto
commented
Dec 8, 2023
| @@ -276,6 +283,7 @@ extension Signing.SignatureParameters { | |||
| nonce + | |||
| path + | |||
| postParameterHash + | |||
| headerParametersHash + | |||
There was a problem hiding this comment.
Thanks to unit tests I was able to get this right. Initially I had this before the post hash.
NachoSoto
commented
Dec 8, 2023
| let response = """ | ||
| {"request_date":"2023-12-08T19:17:04Z","request_date_ms":1702063024731,"subscriber":{"entitlements":{},"first_seen":"2023-12-08T19:13:02Z","last_seen":"2023-12-08T19:13:02Z","management_url":null,"non_subscriptions":{},"original_app_user_id":"$RCAnonymousID:6ca4535c42714f88abc99c563703f113","original_application_version":null,"original_purchase_date":null,"other_purchases":{},"subscriptions":{}}}\n | ||
| """ | ||
| let expectedSignature = "x2qnlHOl5WuzGi4TbSUVHxzlKELRCfrRYG9XAiso7ucZTQAAYEZqbguA3X0YfCJqCKh2hnTLSdEr4R+t23xBlTxceWZu2TJjK3461UJKpUnrwXDv+tYo2K54IoS3/tsEr3VmB5ppKAq0P2CR7SwbsDPpxUlHBcl5/4XJvb/DHOnTKjIVd4WJ+57LLWvIV9sDHnj9XxiBez+p5cEjez1RtUis0XdCfAFXU8XfAq6ggiEJKX4F" |
There was a problem hiding this comment.
I've generated these from the backend, so we can confirm that these real signatures are valid.
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
2 times, most recently
from
03c0f9f
to
ad9af4c
Compare
bisho
reviewed
Dec 9, 2023
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
from
d36a5a4
to
57f4e8a
Compare
NachoSoto
added a commit
that referenced
this pull request
Dec 9, 2023
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
tonidero
approved these changes
Dec 19, 2023
|
|
||
| extension HTTPRequest { | ||
|
|
||
| static func headerParametersForSignatureHeader(headers: Headers) -> String? { |
There was a problem hiding this comment.
Hmm this name sounds weird to me... Maybe headerParametersHeaderForSigning? (To mimick postParametersHeaderForSigning
There was a problem hiding this comment.
I was trying to avoid the double "header" word in headerParametersHeaderForSigning, which I think reads kinda confusingly :/
There was a problem hiding this comment.
Hmm yeah... Not sure... maybe it's ok as it is. FFTI
| self.path.supportsSignatureVerification, | ||
| let body = self.requestBody { | ||
| self.path.supportsSignatureVerification { | ||
| result += HTTPClient.headerParametersForSignatureHeader(with: defaultHeaders) |
There was a problem hiding this comment.
FFTI I was wondering whether we should pass the result headers instead of only the defaultHeaders to future-proof it in case we need to sign any of the other headers... This should work for now though.
There was a problem hiding this comment.
Yeah if we need to that will get caught by tests, so we can change this to support that.
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
2 times, most recently
from
33a7047
to
26eb5bf
Compare
NachoSoto
added a commit
that referenced
this pull request
Dec 20, 2023
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
…s-15 (#3501) Requested by @NachoSoto for [trusted-entitlements-headers](https://github.com/RevenueCat/purchases-ios/tree/trusted-entitlements-headers) Co-authored-by: Distiller <distiller@static.38.23.39.57.cyberlynk.net>
NachoSoto
force-pushed
the
trusted-entitlements-headers
branch
from
26eb5bf
to
730c8b5
Compare
NachoSoto
added a commit
that referenced
this pull request
Dec 20, 2023
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
|
This should be ready, but the signature is still wrong on the load shedder |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #3424 +/- ##
==========================================
+ Coverage 85.97% 86.02% +0.05%
==========================================
Files 240 241 +1
Lines 17494 17552 +58
==========================================
+ Hits 15040 15099 +59
+ Misses 2454 2453 -1 ☔ View full report in Codecov by Sentry. |
|
Merging this! 🎉 |
NachoSoto
added a commit
that referenced
this pull request
Dec 21, 2023
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
aboedo
reviewed
Dec 21, 2023
NachoSoto
pushed a commit
that referenced
this pull request
Dec 22, 2023
**This is an automatic release.** ### RevenueCatUI * `Paywalls`: add header image to `watchOS` paywalls (#3542) via NachoSoto (@NachoSoto) * `Paywalls`: improve template 5 landscape layout (#3534) via NachoSoto (@NachoSoto) * `Paywalls`: fix template 5 footer loading view alignment (#3537) via NachoSoto (@NachoSoto) * `Paywalls`: improve template 1 landscape layout (#3532) via NachoSoto (@NachoSoto) * `Paywalls`: fix `ColorInformation.multiScheme` on `watchOS` (#3530) via NachoSoto (@NachoSoto) ### Other Changes * `Trusted Entitlements`: tests for signature verification without header hash (#3505) via NachoSoto (@NachoSoto) * `.debugRevenueCatOverlay`: added `Locale` (#3539) via NachoSoto (@NachoSoto) * `Trusted Entitlements`: add support for signing request headers (#3424) via NachoSoto (@NachoSoto) * `CI`: Add architecture to cache keys (#3538) via Mark Villacampa (@MarkVillacampa) * `Paywalls Tester`: remove double close button (#3531) via NachoSoto (@NachoSoto) * Fix `RevenueCatUI` snapshot tests (#3526) via NachoSoto (@NachoSoto)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support for including arbitrary headers in the signature verification, therefore preventing tampering of them.