Skip to content

Commit

Permalink
Merge pull request #11 from grandcentrix/feature/houskeeping_swift41
Browse files Browse the repository at this point in the history 
Feature/houskeeping swift41
  • Loading branch information
@snod
snod authored Jun 21, 2018
2 parents 2a1d33e + 72be087 commit b8138e4
Show file tree
Hide file tree
Showing 10 changed files with 34 additions and 45 deletions.
6 changes: 5 additions & 1 deletion GCXTrustPolicy.xcodeproj/project.pbxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,7 @@
isa = PBXProject;
attributes = {
LastSwiftUpdateCheck = 0730;
LastUpgradeCheck = 0910;
LastUpgradeCheck = 0940;
ORGANIZATIONNAME = "grandcentrix GmbH";
TargetAttributes = {
4FB651681D4F367900D431B5 = {
Expand Down Expand Up @@ -483,12 +483,14 @@
CLANG_WARN_BOOL_CONVERSION = YES;
CLANG_WARN_COMMA = YES;
CLANG_WARN_CONSTANT_CONVERSION = YES;
CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN_ENUM_CONVERSION = YES;
CLANG_WARN_INFINITE_RECURSION = YES;
CLANG_WARN_INT_CONVERSION = YES;
CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
Expand Down Expand Up @@ -542,12 +544,14 @@
CLANG_WARN_BOOL_CONVERSION = YES;
CLANG_WARN_COMMA = YES;
CLANG_WARN_CONSTANT_CONVERSION = YES;
CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
CLANG_WARN_EMPTY_BODY = YES;
CLANG_WARN_ENUM_CONVERSION = YES;
CLANG_WARN_INFINITE_RECURSION = YES;
CLANG_WARN_INT_CONVERSION = YES;
CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
Expand Down
4 changes: 1 addition & 3 deletions GCXTrustPolicy.xcodeproj/xcshareddata/xcschemes/GCXTrustPolicy (Release).xcscheme
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<Scheme
LastUpgradeVersion = "0910"
LastUpgradeVersion = "0940"
version = "1.3">
<BuildAction
parallelizeBuildables = "YES"
Expand All @@ -26,7 +26,6 @@
buildConfiguration = "Release"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
language = ""
shouldUseLaunchSchemeArgsEnv = "YES">
<Testables>
<TestableReference
Expand Down Expand Up @@ -56,7 +55,6 @@
buildConfiguration = "Release"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
language = ""
launchStyle = "0"
useCustomWorkingDirectory = "NO"
ignoresPersistentStateOnLaunch = "NO"
Expand Down
4 changes: 1 addition & 3 deletions GCXTrustPolicy.xcodeproj/xcshareddata/xcschemes/GCXTrustPolicy-Universal.xcscheme
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<Scheme
LastUpgradeVersion = "0910"
LastUpgradeVersion = "0940"
version = "1.3">
<BuildAction
parallelizeBuildables = "YES"
Expand All @@ -26,7 +26,6 @@
buildConfiguration = "Debug"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
language = ""
shouldUseLaunchSchemeArgsEnv = "YES">
<Testables>
</Testables>
Expand All @@ -37,7 +36,6 @@
buildConfiguration = "Debug"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
language = ""
launchStyle = "0"
useCustomWorkingDirectory = "NO"
ignoresPersistentStateOnLaunch = "NO"
Expand Down
8 changes: 3 additions & 5 deletions GCXTrustPolicy.xcodeproj/xcshareddata/xcschemes/GCXTrustPolicy.xcscheme
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<Scheme
LastUpgradeVersion = "0910"
LastUpgradeVersion = "0940"
version = "1.3">
<BuildAction
parallelizeBuildables = "YES"
Expand All @@ -26,9 +26,8 @@
buildConfiguration = "Debug"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
language = ""
shouldUseLaunchSchemeArgsEnv = "YES"
codeCoverageEnabled = "YES">
codeCoverageEnabled = "YES"
shouldUseLaunchSchemeArgsEnv = "YES">
<Testables>
<TestableReference
skipped = "NO">
Expand Down Expand Up @@ -57,7 +56,6 @@
buildConfiguration = "Debug"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
language = ""
launchStyle = "0"
useCustomWorkingDirectory = "NO"
ignoresPersistentStateOnLaunch = "NO"
Expand Down
2 changes: 1 addition & 1 deletion GCXTrustPolicy/ComposePolicy.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ open class ComposePolicy: NSObject {
Not available.
Use the designated initializer instead.
*/
fileprivate override init() {
private override init() {
super.init()
NSException(name: NSExceptionName(rawValue: "Unintended instantiation"),
reason: "Please use the designated initializer to construct object.",
Expand Down
2 changes: 1 addition & 1 deletion GCXTrustPolicy/Info.plist
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<key>CFBundlePackageType</key>
<string>FMWK</string>
<key>CFBundleShortVersionString</key>
<string>1.2.0</string>
<string>1.2.1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
Expand Down
2 changes: 1 addition & 1 deletion GCXTrustPolicy/TrustManager.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ open class TrustManager: NSObject {


/// trust policies by hostname
fileprivate var policies: [String: TrustPolicy] = [:]
private var policies: [String: TrustPolicy] = [:]


/**
Expand Down
2 changes: 1 addition & 1 deletion GCXTrustPolicy/TrustPolicy.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import Foundation
public protocol TrustPolicy {

/// The name of the host
var hostName: String { get set }
var hostName: String! { get set }

/// Validates a policy against a given trust
func validate(with trust: SecTrust) -> Bool
Expand Down
45 changes: 18 additions & 27 deletions GCXTrustPolicy/internal/TrustDirective.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,8 @@
import Foundation
import OpenSSL
import CommonCrypto
import Pkcs7UnionAccessors // so swift sees the c structs

// so swift sees the c structs
import Pkcs7UnionAccessors

// MARK: - Base class for validation -

Expand All @@ -37,20 +36,15 @@ class TrustDirective: NSObject, TrustPolicy {

// MARK: - Variables -

var hostName: String
var hostName: String!

fileprivate var validateServerTrust: Bool
fileprivate var validateHost: Bool
fileprivate var validateServerTrust: Bool!
fileprivate var validateHost: Bool!


// MARK: - Initialisation -

override init() {
// Make the compiler stop demanding for initialized values, we are using custom init anyway.
self.hostName = ""
self.validateServerTrust = true
self.validateHost = true

NSException(name: NSExceptionName(rawValue: "Unintended initialisation"),
reason: "Please use a concrete child class to perform initialisation.",
userInfo: nil).raise()
Expand Down Expand Up @@ -142,17 +136,14 @@ class DefaultOnlineDirective: DefaultDirective {
self.trustServer = trustServer
self.trustCertificate = trustServerCertificate
self.customer = customer


let fm = FileManager.default
let docsurl = try! fm.url(for:.documentDirectory, in: .userDomainMask, appropriateFor: nil, create: false)
let docsurl = try! FileManager.default.url(for:.documentDirectory, in: .userDomainMask, appropriateFor: nil, create: true)
trustStore = docsurl.appendingPathComponent("trustedCertificates.json.signed")


super.init(withHostName: hostName, validateServerTrust: validateServerTrust, validateHost: validateHost)
}

fileprivate func reloadPinningFileFromServer() {
private func reloadPinningFileFromServer() {
// this request must be syncron otherwise we cannot tell if the certs are pinned
let semaphore = DispatchSemaphore(value: 0)
let task = URLSession.shared.dataTask(with: self.trustServer) { data, response, error in
Expand All @@ -174,9 +165,9 @@ class DefaultOnlineDirective: DefaultDirective {

func removeTrustStore() {
do {
let fm = FileManager.default
if fm.fileExists(atPath: self.trustStore.path) {
try fm.removeItem(atPath: self.trustStore.path)
let fileManager = FileManager.default
if fileManager.fileExists(atPath: trustStore.path) {
try fileManager.removeItem(atPath: trustStore.path)
}
} catch let error as NSError {
print(error)
Expand All @@ -187,18 +178,18 @@ class DefaultOnlineDirective: DefaultDirective {
* returnes Content of Trust Store for hostname, if the signature is correct.
*/
fileprivate func loadTrustStore() -> [String: Any]? {
let fm = FileManager.default
let fileManager = FileManager.default
var verifyTimestamp = false

if !fm.fileExists(atPath: self.trustStore.path) {
if !fileManager.fileExists(atPath: self.trustStore.path) {
reloadPinningFileFromServer()

// newly downloaded files need to check the timestamp
verifyTimestamp = true
}

// if file still does not exists -> no trust at all -> panic
if !fm.fileExists(atPath: self.trustStore.path) {
if !fileManager.fileExists(atPath: self.trustStore.path) {
return nil
}

Expand Down Expand Up @@ -285,7 +276,7 @@ class DefaultOnlineDirective: DefaultDirective {
}

for host in parsedData["hashes"] as! [[String: Any]] {
if host["hostname"] as! String != self.hostName {
if host["hostname"] as? String != self.hostName {
// The Hostname is not the correct => try the next
continue
}
Expand Down Expand Up @@ -410,11 +401,11 @@ class PinCertificateOnlineDirective: DefaultOnlineDirective {
return certificateOnlinePinningValidation(withTrust: trust, forceReload: false)
}

fileprivate func certificatePinningValidation(withTrust trust: SecTrust) -> Bool {
private func certificatePinningValidation(withTrust trust: SecTrust) -> Bool {
return false
}

fileprivate func certificateOnlinePinningValidation(withTrust trust: SecTrust, forceReload: Bool) -> Bool {
private func certificateOnlinePinningValidation(withTrust trust: SecTrust, forceReload: Bool) -> Bool {
if forceReload {
removeTrustStore()
}
Expand All @@ -441,7 +432,7 @@ class PinCertificateOnlineDirective: DefaultOnlineDirective {
}
}

fileprivate func loadPinnedFingerprints() -> [String] {
private func loadPinnedFingerprints() -> [String] {
let trustStoreData = loadTrustStore()

// load fingerprints from Truststore
Expand All @@ -464,7 +455,7 @@ class PinPublicKeyOnlineDirective: DefaultOnlineDirective {
return keyPinningOnlineValidation(withTrust: trust, forceReload: false)
}

fileprivate func keyPinningOnlineValidation(withTrust trust: SecTrust, forceReload: Bool) -> Bool {
private func keyPinningOnlineValidation(withTrust trust: SecTrust, forceReload: Bool) -> Bool {
if forceReload {
removeTrustStore()
}
Expand All @@ -488,7 +479,7 @@ class PinPublicKeyOnlineDirective: DefaultOnlineDirective {
}
}

fileprivate func loadPinnedPublicKeys() -> [SecKey] {
private func loadPinnedPublicKeys() -> [SecKey] {
let trustStoreData = loadTrustStore()

// load publicKeys from Truststore
Expand Down
4 changes: 2 additions & 2 deletions GCXTrustPolicy/internal/TrustEvaluation.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ class TrustEvaluation {
static func publicKeysFromCertificates(in bundle: Bundle = Bundle.main) -> [SecKey] {
return readDERCertificates(in: bundle)
.map { publicKey(from: $0) }
.flatMap { $0 }
.compactMap { $0 }
}

/**
Expand All @@ -86,7 +86,7 @@ class TrustEvaluation {
return bundle
.paths(forResourcesOfType: "cer", inDirectory: nil)
.map { readSecCertificate(from: $0) }
.flatMap { $0 }
.compactMap { $0 }
}

/**
Expand Down

0 comments on commit b8138e4

Please sign in to comment.