Skip to content

Created Signing.verify(message:hasValidSignature:with:)#2216

Merged
NachoSoto merged 3 commits into
mainfrom
verify-signature
Feb 8, 2023
Merged

Created Signing.verify(message:hasValidSignature:with:)#2216
NachoSoto merged 3 commits into
mainfrom
verify-signature

Conversation

@NachoSoto

@NachoSoto NachoSoto commented Jan 14, 2023
edited
Loading

Copy link
Copy Markdown
Contributor

Fixes CSDK-633.
This adds Signing.verify(message:nonce:hasValidSignature:with:).

Thanks to @tonidero for helping with the signature part (#2253).

@NachoSoto NachoSoto requested a review from a team January 14, 2023 01:59
@NachoSoto NachoSoto force-pushed the configuration-public-key branch from 39aa955 to 8f1bc1a Compare January 14, 2023 02:12
@NachoSoto NachoSoto force-pushed the configuration-public-key branch from 8f1bc1a to 51a2635 Compare January 17, 2023 22:04
@tonidero tonidero mentioned this pull request Jan 30, 2023
Merged
@NachoSoto NachoSoto force-pushed the configuration-public-key branch 2 times, most recently from a4b1e3f to 2ea4a17 Compare February 6, 2023 22:23
@NachoSoto NachoSoto force-pushed the verify-signature branch 6 times, most recently from 289913b to 32044f3 Compare February 7, 2023 18:12
@NachoSoto

NachoSoto commented Feb 7, 2023

Copy link
Copy Markdown
Contributor Author

This is pretty much ready.

@NachoSoto NachoSoto marked this pull request as ready for review February 7, 2023 18:52
@NachoSoto NachoSoto mentioned this pull request Feb 7, 2023
Merged
@NachoSoto NachoSoto force-pushed the configuration-public-key branch from 213b677 to 7c520aa Compare February 7, 2023 21:05
@NachoSoto NachoSoto mentioned this pull request Feb 7, 2023
Merged
Base automatically changed from configuration-public-key to main February 8, 2023 16:53
tonidero
tonidero approved these changes Feb 8, 2023
View reviewed changes

@tonidero tonidero left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@NachoSoto NachoSoto merged commit f6e8dfe into main Feb 8, 2023
aboedo
aboedo reviewed Feb 8, 2023
View reviewed changes

@aboedo aboedo left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome

Comment thread Tests/UnitTests/Misc/SigningTests.swift
hasValidSignature: "invalid signature".asData.base64EncodedString(),
with: try Signing.loadPublicKey())

logger.verifyMessageWasLogged("Signature failed validation", level: .warn)

@aboedo aboedo Feb 8, 2023

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love that we have tests for logging stuff now

@NachoSoto NachoSoto Feb 8, 2023

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

@NachoSoto NachoSoto deleted the verify-signature branch February 8, 2023 20:21
@NachoSoto NachoSoto mentioned this pull request Feb 8, 2023
Merged
@RCGitBot RCGitBot mentioned this pull request Feb 15, 2023
Merged
NachoSoto pushed a commit that referenced this pull request Feb 15, 2023
@RCGitBot
[AUTOMATIC] Release/4.17.6 (#2287)
df6a0e3 
**This is an automatic release.**

### Bugfixes
* `PurchaseOrchestrator`: always refresh receipt purchasing in sandbox
(#2280) via NachoSoto (@NachoSoto)
* `BundleSandboxEnvironmentDetector`: always return `true` when running
on simulator (#2276) via NachoSoto (@NachoSoto)
* `OfferingsManager`: ensure underlying
`OfferingsManager.Error.configurationError` is logged (#2266) via
NachoSoto (@NachoSoto)
### Other Changes
* `UserDefaultsDefaultTests`: fixed flaky failures (#2284) via NachoSoto
(@NachoSoto)
* `BaseBackendTest`: improved test failure message (#2285) via NachoSoto
(@NachoSoto)
* Updated targets and schemes for Xcode 14.2 (#2282) via NachoSoto
(@NachoSoto)
* `HTTPRequest.Path.health`: don't cache using `ETagManager` (#2278) via
NachoSoto (@NachoSoto)
* `EntitlementInfos.all`: fixed docstring (#2279) via NachoSoto
(@NachoSoto)
* `StoreKit2StorefrontListener`: added tests to fix flaky code coverage
(#2265) via NachoSoto (@NachoSoto)
* `NetworkError`: added underlying error to description (#2263) via
NachoSoto (@NachoSoto)
* Created `Signing.verify(message:hasValidSignature:with:)` (#2216) via
NachoSoto (@NachoSoto)
NachoSoto added a commit that referenced this pull request Feb 16, 2023
@NachoSoto
PurchasesDiagnostics: added step to verify signature verification (#…
dbe93db 
…2267)

⚠️ 🎉 This also changes integration tests to use
`EntitlementVerificationLevel.enforced` so that integration tests fail
if signatures are invalid.

#### Depends on:
- https://github.com/RevenueCat/khepri/pull/5191
- https://github.com/RevenueCat/khepri/pull/5204
- #2214
- #2215 
- #2216
- #2272

_Marking this as `feat`ure because it contains a new error in
`PurchasesDiagnostics.Error`_
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aboedo aboedo aboedo left review comments
@tonidero tonidero tonidero approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NachoSoto @tonidero @aboedo