Skip to content
This repository has been archived by the owner on Feb 12, 2022. It is now read-only.

Commit

Permalink
Use SocketRocket pluggable policies (#15)
Browse files Browse the repository at this point in the history 
* Use SocketRocket pluggable policies

Pluggable policies are currently only in our fork, but pending upstream
PR: facebookincubator/SocketRocket#429

Also:
* rebased SocketRocket against latest upstream to incorporate bug fixes.
* adapt to new upstream API for error handling (vs previous exception throwing)
* renamed AFSecurityOWSPolicy -> OWSHTTPSecurityPolicy to differentiate
  it from OSWWebSocketSecurityPolicy
* Follow conventional singleton pattern with onceToken
* bump xcode version to play nice with SWIFT_NAME in SocketRocket

// FREEBIE
  • Loading branch information
@michaelkirk
michaelkirk committed Jul 1, 2016
1 parent 80671b2 commit 664162f
Show file tree
Hide file tree
Showing 11 changed files with 78 additions and 48 deletions.
8 changes: 6 additions & 2 deletions .travis.yml
View file
@@ -1,7 +1,6 @@
language: objective-c

osx_image: xcode7.1
xcode_sdk: iphonesimulator9.1
osx_image: xcode7.3
env:
- TEST_DIR=Example/TSKitiOSTestApp

Expand All @@ -14,6 +13,11 @@ before_install:

install: pod install

script:
- |
set -o pipefail
xcodebuild -workspace TSKitiOSTestApp.xcworkspace -scheme TSKitiOSTestApp -sdk iphonesimulator build test
xcode_workspace: TSKitiOSTestApp.xcworkspace
xcode_scheme: TSKitiOSTestApp

2 changes: 1 addition & 1 deletion Example/TSKitiOSTestApp/Podfile
View file
Expand Up @@ -2,8 +2,8 @@ platform :ios, '8.0'
source 'https://github.com/CocoaPods/Specs.git'

target 'TSKitiOSTestApp' do
pod 'SocketRocket', git: 'https://github.com/WhisperSystems/SocketRocket.git', branch: 'pluggable-security-policies'
pod 'SignalServiceKit', :path => '../../SignalServiceKit.podspec'
pod 'SocketRocket', git: 'https://github.com/WhisperSystems/SocketRocket.git', branch: 'signal-ios'

target 'TSKitiOSTestAppTests' do
inherit! :search_paths
Expand Down
12 changes: 6 additions & 6 deletions Example/TSKitiOSTestApp/Podfile.lock
View file
Expand Up @@ -34,7 +34,7 @@ PODS:
- Mantle/extobjc (2.0.7)
- ProtocolBuffers (1.9.10)
- Reachability (3.2)
- SignalServiceKit (0.0.4):
- SignalServiceKit (0.0.6):
- '25519'
- AFNetworking
- AxolotlKit
Expand Down Expand Up @@ -105,18 +105,18 @@ PODS:

DEPENDENCIES:
- SignalServiceKit (from `../../SignalServiceKit.podspec`)
- SocketRocket (from `https://github.com/WhisperSystems/SocketRocket.git`, branch `signal-ios`)
- SocketRocket (from `https://github.com/WhisperSystems/SocketRocket.git`, branch `pluggable-security-policies`)

EXTERNAL SOURCES:
SignalServiceKit:
:path: "../../SignalServiceKit.podspec"
SocketRocket:
:branch: signal-ios
:branch: pluggable-security-policies
:git: https://github.com/WhisperSystems/SocketRocket.git

CHECKOUT OPTIONS:
SocketRocket:
:commit: 587ad297eb63eb0d64d4caeb32a7da646ad1132b
:commit: cb2cf164c0d215aaff4666918efcc2fca33fc54b
:git: https://github.com/WhisperSystems/SocketRocket.git

SPEC CHECKSUMS:
Expand All @@ -129,14 +129,14 @@ SPEC CHECKSUMS:
Mantle: bc40bb061d8c2c6fb48d5083e04d928c3b7f73d9
ProtocolBuffers: d088180c10072b3d24a9939a6314b7b9bcc2340b
Reachability: 33e18b67625424e47b6cde6d202dce689ad7af96
SignalServiceKit: e27a3025c2d5c61696386e44a50ac8d2fe83151e
SignalServiceKit: 850620cd1535f8628474121e7ea142ff1fe236a6
SocketRocket: 3f77ec2104cc113add553f817ad90a77114f5d43
SQLCipher: 4c768761421736a247ed6cf412d9045615d53dff
SSKeychain: c71293fa57216a40ab06c23f4085387583293de4
TwistedOakCollapsingFutures: f359b90f203e9ab13dfb92c9ff41842a7fe1cd0c
UnionFind: c33be5adb12983981d6e827ea94fc7f9e370f52d
YapDatabase: c00f4197bba2fea17bdbd82c8e8e3f7104b6fa67

PODFILE CHECKSUM: 6bebc6fc58d19a6a56c27878035f7a074da10006
PODFILE CHECKSUM: 2954694f716c25ed9c0cbb599e1dae9612f0da5e

COCOAPODS: 1.0.1
2 changes: 1 addition & 1 deletion SignalServiceKit.podspec
View file
Expand Up @@ -8,7 +8,7 @@

Pod::Spec.new do |s|
s.name = "SignalServiceKit"
s.version = "0.0.5"
s.version = "0.0.6"
s.summary = "An Objective-C library for communicating with the Signal messaging service."

s.description = <<-DESC
Expand Down
4 changes: 2 additions & 2 deletions src/Network/API/TSNetworkManager.m
View file
Expand Up @@ -8,7 +8,7 @@

#import <AFNetworking/AFNetworking.h>

#import "AFSecurityOWSPolicy.h"
#import "OWSHTTPSecurityPolicy.h"

#import "NSURLSessionDataTask+StatusCode.h"
#import "TSAccountManager.h"
Expand Down Expand Up @@ -45,7 +45,7 @@ - (id)init {
self.operationManager =
[[AFHTTPSessionManager alloc] initWithBaseURL:[[NSURL alloc] initWithString:textSecureServerURL]
sessionConfiguration:sessionConf];
self.operationManager.securityPolicy = [AFSecurityOWSPolicy OWS_PinningPolicy];
self.operationManager.securityPolicy = [OWSHTTPSecurityPolicy sharedPolicy];
}
return self;
}
Expand Down
14 changes: 7 additions & 7 deletions src/Network/WebSockets/TSSocketManager.m
View file
Expand Up @@ -14,7 +14,7 @@
#import "TSSocketManager.h"
#import "TSStorageManager+keyingMaterial.h"

#import "AFSecurityOWSPolicy.h"
#import "OWSWebsocketSecurityPolicy.h"
#import "Cryptography.h"

#define kWebSocketHeartBeat 30
Expand Down Expand Up @@ -100,9 +100,8 @@ + (void)becomeActive {
[textSecureWebSocketAPI stringByAppendingString:[[self sharedManager] webSocketAuthenticationString]];
NSURL *webSocketConnectURL = [NSURL URLWithString:webSocketConnect];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:webSocketConnectURL];
request.SR_securityPolicy = [AFSecurityOWSPolicy OWS_PinningPolicy];

socket = [[SRWebSocket alloc] initWithURLRequest:request];
socket = [[SRWebSocket alloc] initWithURLRequest:request securityPolicy:[OWSWebsocketSecurityPolicy sharedPolicy]];
socket.delegate = [self sharedManager];

[[self sharedManager] setWebsocket:socket];
Expand Down Expand Up @@ -226,10 +225,11 @@ - (void)webSocket:(SRWebSocket *)webSocket
}

- (void)webSocketHeartBeat {
@try {
[self.websocket sendPing:nil];
} @catch (NSException *exception) {
DDLogWarn(@"Caught exception while trying to write on the socket %@", exception.debugDescription);
NSError *error;

[self.websocket sendPing:nil error:&error];
if (error) {
DDLogWarn(@"Error in websocket heartbeat: %@", error.localizedDescription);
}
}

Expand Down
16 changes: 0 additions & 16 deletions src/Security/AFSecurityOWSPolicy.h
View file

This file was deleted.

12 changes: 12 additions & 0 deletions src/Security/OWSHTTPSecurityPolicy.h
View file
@@ -0,0 +1,12 @@
//
// Created by Fred on 01/09/15.
// Copyright © 2015 Open Whisper Systems. All rights reserved.
//

#import <AFNetworking/AFSecurityPolicy.h>

@interface OWSHTTPSecurityPolicy : AFSecurityPolicy

+ (instancetype)sharedPolicy;

@end
23 changes: 10 additions & 13 deletions src/Security/AFSecurityOWSPolicy.m → src/Security/OWSHTTPSecurityPolicy.m
View file
@@ -1,23 +1,21 @@
//
// AFSecurityPolicyNone.m
// Signal
//
// Created by Fred on 01/09/15.
// Copyright © 2015 Open Whisper Systems. All rights reserved.
//

#import "OWSHTTPSecurityPolicy.h"

#import <AssertMacros.h>
#import "AFSecurityOWSPolicy.h"

@implementation AFSecurityOWSPolicy
@implementation OWSHTTPSecurityPolicy

+ (instancetype)OWS_PinningPolicy {
static AFSecurityOWSPolicy *sharedMyManager = nil;
@synchronized(self) {
if (sharedMyManager == nil)
sharedMyManager = [[self alloc] initWithOWSPolicy];
}
return sharedMyManager;
+ (instancetype)sharedPolicy {
static OWSHTTPSecurityPolicy *httpSecurityPolicy = nil;
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
httpSecurityPolicy = [[self alloc] initWithOWSPolicy];
});
return httpSecurityPolicy;
}

- (instancetype)initWithOWSPolicy {
Expand Down Expand Up @@ -84,7 +82,6 @@ - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domai
return YES;
}


static BOOL AFServerTrustIsValid(SecTrustRef serverTrust) {
BOOL isValid = NO;
SecTrustResultType result;
Expand Down
9 changes: 9 additions & 0 deletions src/Security/OWSWebsocketSecurityPolicy.h
View file
@@ -0,0 +1,9 @@
// Copyright © 2016 Open Whisper Systems. All rights reserved.

#import <SocketRocket/SRSecurityPolicy.h>

@interface OWSWebsocketSecurityPolicy : SRSecurityPolicy

+ (instancetype)sharedPolicy;

@end
24 changes: 24 additions & 0 deletions src/Security/OWSWebsocketSecurityPolicy.m
View file
@@ -0,0 +1,24 @@
// Copyright © 2016 Open Whisper Systems. All rights reserved.

#import "OWSWebsocketSecurityPolicy.h"

#import <SocketRocket/SRSecurityPolicy.h>
#import "OWSHTTPSecurityPolicy.h"

@implementation OWSWebsocketSecurityPolicy

+ (instancetype)sharedPolicy {
static OWSWebsocketSecurityPolicy *websocketSecurityPolicy = nil;
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
websocketSecurityPolicy = [[self alloc] initWithCertificateChainValidationEnabled:NO];
});
return websocketSecurityPolicy;
}

- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain {
// Delegate server trust to our existing HTTP policy.
return [[OWSHTTPSecurityPolicy sharedPolicy] evaluateServerTrust:serverTrust forDomain:domain];
}

@end

0 comments on commit 664162f

Please sign in to comment.