-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trusted Entitlements
: add support for signing request headers
#3424
Conversation
03c29a7
to
beb69fc
Compare
658c490
to
b777a9f
Compare
700fc54
to
50ad627
Compare
b777a9f
to
958a5a9
Compare
...gApps/PurchaseTesterSwiftUI/PurchaseTester.xcworkspace/xcshareddata/swiftpm/Package.resolved
Outdated
Show resolved
Hide resolved
@@ -148,6 +148,14 @@ extension HTTPClient { | |||
} | |||
} | |||
|
|||
static func headerParametersForSignatureHeader(with headers: RequestHeaders) -> RequestHeaders { | |||
if let header = HTTPRequest.headerParametersForSignatureHeader(headers: headers) { | |||
return [RequestHeader.headerParametersForSignature.rawValue: header] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is tested by snapshot tests.
26c660b
to
5d0afcb
Compare
958a5a9
to
01268ef
Compare
This allows us to verify exactly what headers are included in all requests. It also simplifies the implementation for #3424.
01268ef
to
7a2c93b
Compare
9ec2f4b
to
132dca7
Compare
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
Trusted Entitlements
: add support for signing request headersTrusted Entitlements
: add support for signing request headers
} | ||
|
||
@available(iOS 13.0, macOS 10.15, tvOS 13.0, watchOS 6.2, *) | ||
static func signingParameterHash(_ values: [String]) -> String { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is now a shared method for both POST body and header parameters.
@@ -276,6 +283,7 @@ extension Signing.SignatureParameters { | |||
nonce + | |||
path + | |||
postParameterHash + | |||
headerParametersHash + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks to unit tests I was able to get this right. Initially I had this before the post hash.
let response = """ | ||
{"request_date":"2023-12-08T19:17:04Z","request_date_ms":1702063024731,"subscriber":{"entitlements":{},"first_seen":"2023-12-08T19:13:02Z","last_seen":"2023-12-08T19:13:02Z","management_url":null,"non_subscriptions":{},"original_app_user_id":"$RCAnonymousID:6ca4535c42714f88abc99c563703f113","original_application_version":null,"original_purchase_date":null,"other_purchases":{},"subscriptions":{}}}\n | ||
""" | ||
let expectedSignature = "x2qnlHOl5WuzGi4TbSUVHxzlKELRCfrRYG9XAiso7ucZTQAAYEZqbguA3X0YfCJqCKh2hnTLSdEr4R+t23xBlTxceWZu2TJjK3461UJKpUnrwXDv+tYo2K54IoS3/tsEr3VmB5ppKAq0P2CR7SwbsDPpxUlHBcl5/4XJvb/DHOnTKjIVd4WJ+57LLWvIV9sDHnj9XxiBez+p5cEjez1RtUis0XdCfAFXU8XfAq6ggiEJKX4F" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've generated these from the backend, so we can confirm that these real signatures are valid.
03c0f9f
to
ad9af4c
Compare
d36a5a4
to
57f4e8a
Compare
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great!
|
||
extension HTTPRequest { | ||
|
||
static func headerParametersForSignatureHeader(headers: Headers) -> String? { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm this name sounds weird to me... Maybe headerParametersHeaderForSigning
? (To mimick postParametersHeaderForSigning
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was trying to avoid the double "header" word in headerParametersHeaderForSigning
, which I think reads kinda confusingly :/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm yeah... Not sure... maybe it's ok as it is. FFTI
self.path.supportsSignatureVerification, | ||
let body = self.requestBody { | ||
self.path.supportsSignatureVerification { | ||
result += HTTPClient.headerParametersForSignatureHeader(with: defaultHeaders) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FFTI I was wondering whether we should pass the result
headers instead of only the defaultHeaders
to future-proof it in case we need to sign any of the other headers... This should work for now though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah if we need to that will get caught by tests, so we can change this to support that.
33a7047
to
26eb5bf
Compare
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
…s-15 (#3501) Requested by @NachoSoto for [trusted-entitlements-headers](https://github.com/RevenueCat/purchases-ios/tree/trusted-entitlements-headers) Co-authored-by: Distiller <distiller@static.38.23.39.57.cyberlynk.net>
26eb5bf
to
730c8b5
Compare
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
This should be ready, but the signature is still wrong on the load shedder |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #3424 +/- ##
==========================================
+ Coverage 85.97% 86.02% +0.05%
==========================================
Files 240 241 +1
Lines 17494 17552 +58
==========================================
+ Hits 15040 15099 +59
+ Misses 2454 2453 -1 ☔ View full report in Codecov by Sentry. |
Merging this! 🎉 |
…er hash Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm late to the game but great work on this!
**This is an automatic release.** ### RevenueCatUI * `Paywalls`: add header image to `watchOS` paywalls (#3542) via NachoSoto (@NachoSoto) * `Paywalls`: improve template 5 landscape layout (#3534) via NachoSoto (@NachoSoto) * `Paywalls`: fix template 5 footer loading view alignment (#3537) via NachoSoto (@NachoSoto) * `Paywalls`: improve template 1 landscape layout (#3532) via NachoSoto (@NachoSoto) * `Paywalls`: fix `ColorInformation.multiScheme` on `watchOS` (#3530) via NachoSoto (@NachoSoto) ### Other Changes * `Trusted Entitlements`: tests for signature verification without header hash (#3505) via NachoSoto (@NachoSoto) * `.debugRevenueCatOverlay`: added `Locale` (#3539) via NachoSoto (@NachoSoto) * `Trusted Entitlements`: add support for signing request headers (#3424) via NachoSoto (@NachoSoto) * `CI`: Add architecture to cache keys (#3538) via Mark Villacampa (@MarkVillacampa) * `Paywalls Tester`: remove double close button (#3531) via NachoSoto (@NachoSoto) * Fix `RevenueCatUI` snapshot tests (#3526) via NachoSoto (@NachoSoto)
This adds support for including arbitrary headers in the signature verification, therefore preventing tampering of them.