From 46299ff73bb3f3e56418a6b7702f4c5fbdba57e1 Mon Sep 17 00:00:00 2001 From: Alban Diquet Date: Tue, 20 Oct 2015 15:15:30 -0700 Subject: [PATCH] Remove TSKSimpleReporter as it serves no real purpose --- TrustKit.xcodeproj/project.pbxproj | 14 -- TrustKit/Reporting/TSKBackgroundReporter.m | 93 ++++++++------ TrustKit/Reporting/TSKSimpleReporter.h | 46 ------- TrustKit/Reporting/TSKSimpleReporter.m | 141 --------------------- TrustKit/TrustKit.m | 22 +--- TrustKitTests/TSKReporterTests.m | 5 +- 6 files changed, 58 insertions(+), 263 deletions(-) delete mode 100644 TrustKit/Reporting/TSKSimpleReporter.h delete mode 100644 TrustKit/Reporting/TSKSimpleReporter.m diff --git a/TrustKit.xcodeproj/project.pbxproj b/TrustKit.xcodeproj/project.pbxproj index 477a90e9..cc970717 100644 --- a/TrustKit.xcodeproj/project.pbxproj +++ b/TrustKit.xcodeproj/project.pbxproj @@ -13,8 +13,6 @@ 070868BB1AE1672D00E5AFDC /* www.good.com.selfsigned.der in Resources */ = {isa = PBXBuildFile; fileRef = 070868BA1AE1672D00E5AFDC /* www.good.com.selfsigned.der */; }; 075AA1091AC985FD00178223 /* TSKPinningValidatorTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 2FA2868CAFECA46ADE0B6E3E /* TSKPinningValidatorTests.m */; }; 0E64A7601B867BA000CA164A /* TSKReportsRateLimiter.m in Sources */ = {isa = PBXBuildFile; fileRef = 8C9EBE011B619BBE00CA7EE0 /* TSKReportsRateLimiter.m */; }; - 6B032D3A1AF1794D00EAFA69 /* TSKSimpleReporter.m in Sources */ = {isa = PBXBuildFile; fileRef = 6B032D391AF1794D00EAFA69 /* TSKSimpleReporter.m */; }; - 6B032D3E1AF1A4AC00EAFA69 /* TSKSimpleReporter.h in Headers */ = {isa = PBXBuildFile; fileRef = 6B032D3D1AF1A4AC00EAFA69 /* TSKSimpleReporter.h */; }; 6B032D401AF1AEC200EAFA69 /* TSKReporterTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 6B032D3F1AF1AEB600EAFA69 /* TSKReporterTests.m */; }; 6B2B06AD1B05154A00FC749E /* TSKBackgroundReporter.h in Headers */ = {isa = PBXBuildFile; fileRef = 6B2B06AC1B05154A00FC749E /* TSKBackgroundReporter.h */; }; 6B2B06AF1B05157400FC749E /* TSKBackgroundReporter.m in Sources */ = {isa = PBXBuildFile; fileRef = 6B2B06AE1B05157400FC749E /* TSKBackgroundReporter.m */; }; @@ -26,7 +24,6 @@ 8C84804D1A896EE30017C155 /* TrustKit.h in Headers */ = {isa = PBXBuildFile; fileRef = 8C84804C1A896EE30017C155 /* TrustKit.h */; settings = {ATTRIBUTES = (Public, ); }; }; 8C8480531A896EE30017C155 /* TrustKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8C8480471A896EE30017C155 /* TrustKit.framework */; }; 8C84806D1A896F660017C155 /* TrustKit.m in Sources */ = {isa = PBXBuildFile; fileRef = 8C84806C1A896F660017C155 /* TrustKit.m */; }; - 8C8716B11B23A9F000267E1D /* TSKSimpleReporter.m in Sources */ = {isa = PBXBuildFile; fileRef = 6B032D391AF1794D00EAFA69 /* TSKSimpleReporter.m */; }; 8C8716B21B23A9F400267E1D /* TSKBackgroundReporter.m in Sources */ = {isa = PBXBuildFile; fileRef = 6B2B06AE1B05157400FC749E /* TSKBackgroundReporter.m */; }; 8C8716B31B23A9F700267E1D /* TSKPinFailureReport.m in Sources */ = {isa = PBXBuildFile; fileRef = 8C15F99F1B16094D00F06C0E /* TSKPinFailureReport.m */; }; 8C8716B41B23A9FA00267E1D /* reporting_utils.m in Sources */ = {isa = PBXBuildFile; fileRef = 8CCBD15A1B186D1100CB88AF /* reporting_utils.m */; }; @@ -41,8 +38,6 @@ 8CA6CC141BAE2B6600BDA419 /* TSKReportsRateLimiter.h in Headers */ = {isa = PBXBuildFile; fileRef = 8C9EBE001B619BBE00CA7EE0 /* TSKReportsRateLimiter.h */; settings = {ASSET_TAGS = (); }; }; 8CA6CC151BAE2B6600BDA419 /* TSKReportsRateLimiter.m in Sources */ = {isa = PBXBuildFile; fileRef = 8C9EBE011B619BBE00CA7EE0 /* TSKReportsRateLimiter.m */; settings = {ASSET_TAGS = (); }; }; 8CA6CC161BAE2B6600BDA419 /* TSKReporterDelegate.h in Headers */ = {isa = PBXBuildFile; fileRef = 8CE919261AEA0991002B29AE /* TSKReporterDelegate.h */; settings = {ASSET_TAGS = (); }; }; - 8CA6CC171BAE2B6600BDA419 /* TSKSimpleReporter.h in Headers */ = {isa = PBXBuildFile; fileRef = 6B032D3D1AF1A4AC00EAFA69 /* TSKSimpleReporter.h */; settings = {ASSET_TAGS = (); }; }; - 8CA6CC181BAE2B6600BDA419 /* TSKSimpleReporter.m in Sources */ = {isa = PBXBuildFile; fileRef = 6B032D391AF1794D00EAFA69 /* TSKSimpleReporter.m */; settings = {ASSET_TAGS = (); }; }; 8CA6CC191BAE2B6600BDA419 /* TSKBackgroundReporter.h in Headers */ = {isa = PBXBuildFile; fileRef = 6B2B06AC1B05154A00FC749E /* TSKBackgroundReporter.h */; settings = {ASSET_TAGS = (); }; }; 8CA6CC1A1BAE2B6600BDA419 /* TSKBackgroundReporter.m in Sources */ = {isa = PBXBuildFile; fileRef = 6B2B06AE1B05157400FC749E /* TSKBackgroundReporter.m */; settings = {ASSET_TAGS = (); }; }; 8CA6CC1B1BAE2B6600BDA419 /* TSKPinFailureReport.h in Headers */ = {isa = PBXBuildFile; fileRef = 8C15F99E1B16094D00F06C0E /* TSKPinFailureReport.h */; settings = {ASSET_TAGS = (); }; }; @@ -151,8 +146,6 @@ 070868BA1AE1672D00E5AFDC /* www.good.com.selfsigned.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = www.good.com.selfsigned.der; sourceTree = ""; }; 2FA286123F801C437F35D240 /* TrustKit+Private.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "TrustKit+Private.h"; sourceTree = ""; }; 2FA2868CAFECA46ADE0B6E3E /* TSKPinningValidatorTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TSKPinningValidatorTests.m; sourceTree = ""; }; - 6B032D391AF1794D00EAFA69 /* TSKSimpleReporter.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = TSKSimpleReporter.m; path = Reporting/TSKSimpleReporter.m; sourceTree = ""; }; - 6B032D3D1AF1A4AC00EAFA69 /* TSKSimpleReporter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TSKSimpleReporter.h; path = Reporting/TSKSimpleReporter.h; sourceTree = ""; }; 6B032D3F1AF1AEB600EAFA69 /* TSKReporterTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TSKReporterTests.m; sourceTree = ""; }; 6B2B06AC1B05154A00FC749E /* TSKBackgroundReporter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TSKBackgroundReporter.h; path = Reporting/TSKBackgroundReporter.h; sourceTree = ""; }; 6B2B06AE1B05157400FC749E /* TSKBackgroundReporter.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = TSKBackgroundReporter.m; path = Reporting/TSKBackgroundReporter.m; sourceTree = ""; }; @@ -431,8 +424,6 @@ 8C9EBE001B619BBE00CA7EE0 /* TSKReportsRateLimiter.h */, 8C9EBE011B619BBE00CA7EE0 /* TSKReportsRateLimiter.m */, 8CE919261AEA0991002B29AE /* TSKReporterDelegate.h */, - 6B032D3D1AF1A4AC00EAFA69 /* TSKSimpleReporter.h */, - 6B032D391AF1794D00EAFA69 /* TSKSimpleReporter.m */, 6B2B06AC1B05154A00FC749E /* TSKBackgroundReporter.h */, 6B2B06AE1B05157400FC749E /* TSKBackgroundReporter.m */, 8C15F99E1B16094D00F06C0E /* TSKPinFailureReport.h */, @@ -466,7 +457,6 @@ 6B2B06AD1B05154A00FC749E /* TSKBackgroundReporter.h in Headers */, 8CD5F7311BC5ED4A005801D8 /* TSKNSURLConnectionDelegateProxy.h in Headers */, 8C9EBE021B619BBE00CA7EE0 /* TSKReportsRateLimiter.h in Headers */, - 6B032D3E1AF1A4AC00EAFA69 /* TSKSimpleReporter.h in Headers */, 8CD5F7421BCB06F4005801D8 /* RSSwizzle.h in Headers */, 8C9492F61B2379A100F5DF38 /* reporting_utils.h in Headers */, 8C84804D1A896EE30017C155 /* TrustKit.h in Headers */, @@ -480,7 +470,6 @@ isa = PBXHeadersBuildPhase; buildActionMask = 2147483647; files = ( - 8CA6CC171BAE2B6600BDA419 /* TSKSimpleReporter.h in Headers */, 8CD5F74A1BCB535E005801D8 /* TSKNSURLSessionDelegateProxy.h in Headers */, 8CA6CC1B1BAE2B6600BDA419 /* TSKPinFailureReport.h in Headers */, 8CA6CC141BAE2B6600BDA419 /* TSKReportsRateLimiter.h in Headers */, @@ -698,7 +687,6 @@ 8C9EBE031B619BBE00CA7EE0 /* TSKReportsRateLimiter.m in Sources */, 6B2B06AF1B05157400FC749E /* TSKBackgroundReporter.m in Sources */, 8CD5F74B1BCB535E005801D8 /* TSKNSURLSessionDelegateProxy.m in Sources */, - 6B032D3A1AF1794D00EAFA69 /* TSKSimpleReporter.m in Sources */, 8CE9191F1AEA073C002B29AE /* public_key_utils.m in Sources */, 8C15F9A11B16094E00F06C0E /* TSKPinFailureReport.m in Sources */, 8C15F9941B132F9200F06C0E /* TSKPinningValidator.m in Sources */, @@ -736,7 +724,6 @@ 0E64A7601B867BA000CA164A /* TSKReportsRateLimiter.m in Sources */, 8CD5F74C1BCB535E005801D8 /* TSKNSURLSessionDelegateProxy.m in Sources */, 8CD5F7341BC5ED4A005801D8 /* TSKNSURLConnectionDelegateProxy.m in Sources */, - 8C8716B11B23A9F000267E1D /* TSKSimpleReporter.m in Sources */, 8C8716B61B23AA0800267E1D /* ssl_pin_verifier.m in Sources */, 8CD0D4171BD42A7D004478C0 /* RSSwizzle.m in Sources */, ); @@ -755,7 +742,6 @@ 8CA6CC261BAE2B6A00BDA419 /* TrustKit.m in Sources */, 8CA6CC151BAE2B6600BDA419 /* TSKReportsRateLimiter.m in Sources */, 8CD5F7351BC5ED4A005801D8 /* TSKNSURLConnectionDelegateProxy.m in Sources */, - 8CA6CC181BAE2B6600BDA419 /* TSKSimpleReporter.m in Sources */, 8CA6CC221BAE2B6A00BDA419 /* ssl_pin_verifier.m in Sources */, 8CD5F7451BCB06F4005801D8 /* RSSwizzle.m in Sources */, ); diff --git a/TrustKit/Reporting/TSKBackgroundReporter.m b/TrustKit/Reporting/TSKBackgroundReporter.m index d730ec99..fa11e3db 100644 --- a/TrustKit/Reporting/TSKBackgroundReporter.m +++ b/TrustKit/Reporting/TSKBackgroundReporter.m @@ -59,63 +59,72 @@ - (instancetype)initAndRateLimitReports:(BOOL)shouldRateLimitReports self.appBundleId = (__bridge NSString *)CFBundleGetIdentifier(appBundle); self.appVersion = (__bridge NSString *)CFBundleGetValueForInfoDictionaryKey(appBundle, kCFBundleVersionKey); - if (self.appBundleId == nil) - { - // The bundle ID we get is nil if we're running tests on Travis. If the bundle ID is nil, background sessions can't be used - // backgroundSessionConfigurationWithIdentifier: will throw an exception within dispatch_once() which can't be handled - // Throw an exception here instead - [NSException raise:@"Null Bundle ID" format:@"Application must have a bundle identifier to use a background NSURLSession"]; - } - if (self.appVersion == nil) { self.appVersion = @"N/A"; } - /* - Using dispatch_once here ensures that multiple background sessions with the same identifier are not created - in this instance of the application. If you want to support multiple background sessions within a single process, - you should create each session with its own identifier. - */ - dispatch_once(&dispatchOnceBackgroundSession, ^{ - NSURLSessionConfiguration *backgroundConfiguration = nil; + if (self.appBundleId == nil) + { + // The bundle ID we get is nil if we're running tests on Travis. If the bundle ID is nil, background sessions can't be used + // backgroundSessionConfigurationWithIdentifier: will throw an exception within dispatch_once() which can't be handled + // Use a regular session instead + TSKLog(@"Null bundle ID: we are running the test suite; falling back to a normal session."); + self.appBundleId = @"N/A"; + self.appVendorId = @"unit-tests"; - // The API for creating background sessions changed between iOS 7 and iOS 8 and OS X 10.9 and 10.10 + dispatch_once(&dispatchOnceBackgroundSession, ^{ + _backgroundSession = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration]]; + }); + } + else + { + // We're not running unit tests - use a background session + /* + Using dispatch_once here ensures that multiple background sessions with the same identifier are not created + in this instance of the application. If you want to support multiple background sessions within a single process, + you should create each session with its own identifier. + */ + dispatch_once(&dispatchOnceBackgroundSession, ^{ + NSURLSessionConfiguration *backgroundConfiguration = nil; + + // The API for creating background sessions changed between iOS 7 and iOS 8 and OS X 10.9 and 10.10 #if (TARGET_OS_IPHONE &&__IPHONE_OS_VERSION_MAX_ALLOWED < 80000) || (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MAX_ALLOWED < 1100) - // iOS 7 or OS X 10.9 as the max SDK: awlays use the deprecated/iOS 7 API - backgroundConfiguration = [NSURLSessionConfiguration backgroundSessionConfiguration:[NSString stringWithFormat:kTSKBackgroundSessionIdentifierFormat, self.appBundleId]]; + // iOS 7 or OS X 10.9 as the max SDK: awlays use the deprecated/iOS 7 API + backgroundConfiguration = [NSURLSessionConfiguration backgroundSessionConfiguration:[NSString stringWithFormat:kTSKBackgroundSessionIdentifierFormat, self.appBundleId]]; #else - // iOS 8+ or OS X 10.10+ as the max SDK + // iOS 8+ or OS X 10.10+ as the max SDK #if (TARGET_OS_IPHONE &&__IPHONE_OS_VERSION_MIN_REQUIRED < 80000) || (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED < 1100) - // iOS 7 or OS X 10.9 as the min SDK - // Try to use the new API if available at runtime - if (![NSURLSessionConfiguration respondsToSelector:@selector(backgroundSessionConfigurationWithIdentifier:)]) - { - // Device runs on iOS 7 or OS X 10.9 - backgroundConfiguration = [NSURLSessionConfiguration backgroundSessionConfiguration:[NSString stringWithFormat:kTSKBackgroundSessionIdentifierFormat, self.appBundleId]]; - } - else + // iOS 7 or OS X 10.9 as the min SDK + // Try to use the new API if available at runtime + if (![NSURLSessionConfiguration respondsToSelector:@selector(backgroundSessionConfigurationWithIdentifier:)]) + { + // Device runs on iOS 7 or OS X 10.9 + backgroundConfiguration = [NSURLSessionConfiguration backgroundSessionConfiguration:[NSString stringWithFormat:kTSKBackgroundSessionIdentifierFormat, self.appBundleId]]; + } + else #endif - { - // Device runs on iOS 8+ or OS X 10.10+ or min SDK is iOS 8+ or OS X 10.10+ - backgroundConfiguration = [NSURLSessionConfiguration backgroundSessionConfigurationWithIdentifier: [NSString stringWithFormat:kTSKBackgroundSessionIdentifierFormat, self.appBundleId]]; - } + { + // Device runs on iOS 8+ or OS X 10.10+ or min SDK is iOS 8+ or OS X 10.10+ + backgroundConfiguration = [NSURLSessionConfiguration backgroundSessionConfigurationWithIdentifier: [NSString stringWithFormat:kTSKBackgroundSessionIdentifierFormat, self.appBundleId]]; + } #endif - - - + + + #if TARGET_OS_IPHONE - // iOS-only settings - // Do not wake up the App after completing the upload - backgroundConfiguration.sessionSendsLaunchEvents = NO; + // iOS-only settings + // Do not wake up the App after completing the upload + backgroundConfiguration.sessionSendsLaunchEvents = NO; #endif - + #if (TARGET_OS_IPHONE) || ((!TARGET_OS_IPHONE) && (__MAC_OS_X_VERSION_MIN_REQUIRED >= 1100)) - // On OS X discretionary is only available on 10.10 - backgroundConfiguration.discretionary = YES; + // On OS X discretionary is only available on 10.10 + backgroundConfiguration.discretionary = YES; #endif - _backgroundSession = [NSURLSession sessionWithConfiguration:backgroundConfiguration delegate:self delegateQueue:nil]; - }); + _backgroundSession = [NSURLSession sessionWithConfiguration:backgroundConfiguration delegate:self delegateQueue:nil]; + }); + } } return self; } diff --git a/TrustKit/Reporting/TSKSimpleReporter.h b/TrustKit/Reporting/TSKSimpleReporter.h deleted file mode 100644 index 2c5b1e8e..00000000 --- a/TrustKit/Reporting/TSKSimpleReporter.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - - TSKSimpleReporter.h - TrustKit - - Copyright 2015 The TrustKit Project Authors - Licensed under the MIT license, see associated LICENSE file for terms. - See AUTHORS file for the list of project authors. - - */ - -#import -#import "TSKReporterDelegate.h" - - -/** - `TSKSimpleReporter` is a class for uploading pin failure reports. - - While TSKSimpleBackgroundReporter is a better implementation in most scenarios as it has a smaller performance impact on the App, the background transfer service cannot be used when running the test suite. Therefore, and only when we run the tests, we fall back to using TSKSimpleReporter. - - */ -@interface TSKSimpleReporter : NSObject - -///--------------------- -/// @name Initialization -///--------------------- - -/** - Initializes a simple reporter. - - @param shouldRateLimitReports Prevent identical pin failure reports from being sent more than once per day. - - */ -- (instancetype)initAndRateLimitReports:(BOOL)shouldRateLimitReports; - -- (void) pinValidationFailedForHostname:(NSString *) serverHostname - port:(NSNumber *) serverPort - trust:(SecTrustRef) serverTrust - notedHostname:(NSString *) notedHostname - reportURIs:(NSArray *) reportURIs - includeSubdomains:(BOOL) includeSubdomains - knownPins:(NSArray *) knownPins - validationResult:(TSKPinValidationResult) validationResult; - -@end - diff --git a/TrustKit/Reporting/TSKSimpleReporter.m b/TrustKit/Reporting/TSKSimpleReporter.m deleted file mode 100644 index d7c51988..00000000 --- a/TrustKit/Reporting/TSKSimpleReporter.m +++ /dev/null @@ -1,141 +0,0 @@ -/* - - TSKSimpleReporter.m - TrustKit - - Copyright 2015 The TrustKit Project Authors - Licensed under the MIT license, see associated LICENSE file for terms. - See AUTHORS file for the list of project authors. - - */ - -#import "TSKSimpleReporter.h" -#import "TrustKit+Private.h" -#import "TSKPinFailureReport.h" -#import "reporting_utils.h" -#import "TSKReportsRateLimiter.h" - -#if TARGET_OS_IPHONE -@import UIKit; // For accessing the IDFV -#endif - - - - -@interface TSKSimpleReporter() -@property (nonatomic, strong) NSString * appBundleId; -@property (nonatomic, strong) NSString * appVersion; -@property (nonatomic, strong) NSString * appVendorId; -@property BOOL shouldRateLimitReports; -@property(nonatomic, strong) NSURLSession *session; -@end - - -@implementation TSKSimpleReporter - - -- (instancetype)initAndRateLimitReports:(BOOL)shouldRateLimitReports -{ - self = [super init]; - if (self) - { - self.shouldRateLimitReports = shouldRateLimitReports; - - // Retrieve the App's information -#if TARGET_OS_IPHONE - // On iOS use the IDFV - self.appVendorId = [[[UIDevice currentDevice] identifierForVendor]UUIDString]; -#else - // On OS X, don't use anything for now - self.appVendorId = @"OS-X"; -#endif - - CFBundleRef appBundle = CFBundleGetMainBundle(); - self.appBundleId = (__bridge NSString *)CFBundleGetIdentifier(appBundle); - self.appVersion = (__bridge NSString *)CFBundleGetValueForInfoDictionaryKey(appBundle, kCFBundleVersionKey); - - if (self.appBundleId == nil) - { - // Should only happen when running tests - self.appBundleId = @"N/A"; - self.appVendorId = @"unit-tests"; - } - - if (self.appVersion == nil) - { - self.appVersion = @"N/A"; - } - - - // Create the session for sending the reports - self.session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration]]; - } - return self; -} - - -- (void) pinValidationFailedForHostname:(NSString *) serverHostname - port:(NSNumber *) serverPort - trust:(SecTrustRef) serverTrust - notedHostname:(NSString *) notedHostname - reportURIs:(NSArray *) reportURIs - includeSubdomains:(BOOL) includeSubdomains - knownPins:(NSArray *) knownPins - validationResult:(TSKPinValidationResult) validationResult -{ - // Pin validation failed for a connection to a pinned domain - - // Default port to 0 if not specified - if (serverPort == nil) - { - serverPort = [NSNumber numberWithInt:0]; - } - - if (reportURIs == nil) - { - [NSException raise:@"TrustKit Simple Reporter configuration invalid" - format:@"Reporter was given an invalid value for reportURIs: %@ for domain %@", - reportURIs, notedHostname]; - } - - // Create the pin validation failure report - NSArray *certificateChain = convertTrustToPemArray(serverTrust); - NSArray *formattedPins = convertPinsToHpkpPins(knownPins); - TSKPinFailureReport *report = [[TSKPinFailureReport alloc]initWithAppBundleId:self.appBundleId - appVersion:self.appVersion - notedHostname:notedHostname - hostname:serverHostname - port:serverPort - dateTime:[NSDate date] // Use the current time - includeSubdomains:includeSubdomains - validatedCertificateChain:certificateChain - knownPins:formattedPins - validationResult:validationResult - appVendorId:self.appVendorId]; - - - // Should we rate-limit this report? - if (self.shouldRateLimitReports && [TSKReportsRateLimiter shouldRateLimitReport:report]) - { - // We recently sent the exact same report; do not send this report - TSKLog(@"Pin failure report for %@ was not sent due to rate-limiting", serverHostname); - return; - } - - - // POST the report to all the configured report URIs - for (NSURL *reportUri in reportURIs) - { - NSURLRequest *request = [report requestToUri:reportUri]; - NSURLSessionDataTask *postDataTask = [self.session dataTaskWithRequest:request - completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { - // We don't do anything here as reports are meant to be sent - // on a best-effort basis: even if we got an error, there's - // nothing to do anyway. - }]; - [postDataTask resume]; - } -} - - -@end diff --git a/TrustKit/TrustKit.m b/TrustKit/TrustKit.m index 4f7c0c84..ae63309d 100644 --- a/TrustKit/TrustKit.m +++ b/TrustKit/TrustKit.m @@ -14,7 +14,6 @@ #import "public_key_utils.h" #import "domain_registry.h" #import "TSKBackgroundReporter.h" -#import "TSKSimpleReporter.h" #import "TSKNSURLConnectionDelegateProxy.h" #import "TSKNSURLSessionDelegateProxy.h" @@ -87,13 +86,11 @@ void sendPinFailureReport_async(TSKPinValidationResult validationResult, SecTrus // Pin validation failed: retrieve the list of configured report URLs NSMutableArray *reportUris = [NSMutableArray arrayWithArray:notedHostnameConfig[kTSKReportUris]]; -#if !DEBUG - // For release builds, also enable the default reporting URL + // Also enable the default reporting URL if ([notedHostnameConfig[kTSKDisableDefaultReportUri] boolValue] == NO) { [reportUris addObject:[NSURL URLWithString:kTSKDefaultReportUri]]; } -#endif // If some report URLs have been defined, send the pin failure report if ((reportUris != nil) && ([reportUris count] > 0)) @@ -344,20 +341,11 @@ static void initializeTrustKit(NSDictionary *trustKitConfig) // Convert and store the SSL pins in our global variable _trustKitGlobalConfiguration = [[NSDictionary alloc]initWithDictionary:parseTrustKitArguments(trustKitConfig)]; - + // Create our reporter for sending pin validation failures; do this before hooking NSURLSession so we don't hook ourselves - @try - { - // Create a reporter that uses the background transfer service to send pin failure reports - _pinFailureReporter = [[TSKBackgroundReporter alloc]initAndRateLimitReports:YES]; - - } - @catch (NSException *e) - { - // The bundle ID we get is nil if we're running tests on Travis so we have to use the simple reporter for unit tests - TSKLog(@"Null bundle ID: we are running the test suite; falling back to TSKSimpleReporter"); - _pinFailureReporter = [[TSKSimpleReporter alloc]initAndRateLimitReports:YES]; - } + // Create a reporter that uses the background transfer service to send pin failure reports + _pinFailureReporter = [[TSKBackgroundReporter alloc]initAndRateLimitReports:YES]; + // Create a dispatch queue for activating the reporter // We use a serial queue targetting the global default queue in order to ensure reports are sent one by one diff --git a/TrustKitTests/TSKReporterTests.m b/TrustKitTests/TSKReporterTests.m index 45ad7083..69a1f42a 100644 --- a/TrustKitTests/TSKReporterTests.m +++ b/TrustKitTests/TSKReporterTests.m @@ -10,7 +10,6 @@ */ #import -#import "TSKSimpleReporter.h" #import "TSKBackgroundReporter.h" #import "TSKPinFailureReport.h" #import "TSKCertificateUtils.h" @@ -56,10 +55,10 @@ - (void)tearDown [super tearDown]; } -- (void)testSimpleReporter +- (void)testReporter { // Just try a simple valid case to see if we can post this to the server - TSKSimpleReporter *reporter = [[TSKSimpleReporter alloc] initAndRateLimitReports:NO]; + TSKBackgroundReporter *reporter = [[TSKBackgroundReporter alloc] initAndRateLimitReports:NO]; [reporter pinValidationFailedForHostname:@"mail.example.com" port:[NSNumber numberWithInt:443]