Signing: added request time & eTag to signature verification

[NachoSoto]

See https://github.com/RevenueCat/khepri/pull/5300

[NachoSoto]

No more special casing here 🎉

[codecov]

Codecov Report

Merging #2309 (e228f72) into main (a188b1e) will increase coverage by 0.09%.
The diff coverage is 100.00%.

❗ Current head e228f72 differs from pull request most recent head 59cdce7. Consider uploading reports for the commit 59cdce7 to get more accurate results

@@            Coverage Diff             @@
##             main    #2309      +/-   ##
==========================================
+ Coverage   86.31%   86.41%   +0.09%     
==========================================
  Files         187      187              
  Lines       12608    12633      +25     
==========================================
+ Hits        10883    10917      +34     
+ Misses       1725     1716       -9     

Impacted Files	Coverage Δ
Sources/FoundationExtensions/Date+Extensions.swift	100.00% <100.00%> (ø)
Sources/Logging/Strings/SigningStrings.swift	95.00% <100.00%> (+1.25%)	⬆️
Sources/Misc/Signing+ResponseVerification.swift	97.56% <100.00%> (+0.22%)	⬆️
Sources/Misc/Signing.swift	89.36% <100.00%> (+1.40%)	⬆️
Sources/Networking/HTTPClient/ETagManager.swift	99.18% <100.00%> (ø)
Sources/Networking/HTTPClient/HTTPClient.swift	98.10% <100.00%> (ø)
Sources/Logging/Strings/PurchaseStrings.swift	87.89% <0.00%> (-0.53%)	⬇️
Sources/Error Handling/ErrorUtils.swift	85.87% <0.00%> (+1.12%)	⬆️
...rces/Purchasing/StoreKit1/ProductsFetcherSK1.swift	94.35% <0.00%> (+3.38%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[tonidero]

Nice! Looks great!

[tonidero]

I like this refactor 👍

[tonidero]

Hmm I wonder if we should make the HTTPResponse.body parameter nullable instead of setting to an empty Data... We would have to guard against that later on but seems like a better representation? NABD though.

[NachoSoto]

HTTPResponse is generic over its Body type.
Initially we do create an HTTPResponse<Data?>, and this method returns that, but Signing.verify takes a body as Data. I think it's simpler to deal with only one valid representation of an empty body.
This is the same thing with [], {}, "". Ideally the language allows a way to represent in the type system a value that can't be empty, but since we can't, I think it's better to make the parameter to Signing.verify non-optional so we don't have to handle both cases.

[bisho]

Only log if signature is requested?

[NachoSoto]

This method starts with:

guard let nonce = request.nonce,
      let publicKey = publicKey,
      #available(iOS 13.0, macOS 10.15, tvOS 13.0, watchOS 6.2, *) else {
    return .notVerified
}

So this won't be executed if there is no signature requested.

[bisho]

Given etag and message are exclusive, I would omit the etag from the signing parameters. For not modified responses the message IS the etag. That way you avoid having to have request-level logic in the signing code, gives you better abstraction IMHO. The signature for signature check should just be "local_nonce, server_timestamp, message, signature". And and leave the not-modified handling to the http request.

[NachoSoto]

Oh that's a great observation!
That was a nice small refactor, thanks: 59cdce7

[bisho]

Include etag for the text. 200 responses will do have etag field.

[NachoSoto]

No longer relevant with the other refactor 👍🏻