Skip to content

Trusted Entitlements: update handling of 304 responses#2698

Merged
NachoSoto merged 4 commits into
mainfrom
nacho/changed-etag-signatures-2
Jun 30, 2023
Merged

Trusted Entitlements: update handling of 304 responses#2698
NachoSoto merged 4 commits into
mainfrom
nacho/changed-etag-signatures-2

Conversation

@NachoSoto

@NachoSoto NachoSoto commented Jun 23, 2023
edited
Loading

Copy link
Copy Markdown
Contributor

Changes:

  • ETagManager no longer stores the verification mode
  • Created new VerifiedHTTPResponse, which has the VerificationResult, extracted from HTTPResponse
  • Removed VerificationResult.from(cache:response:)
  • Changed SignatureVerificationHTTPClientTests to test using the real ETagManager, so they become more "end to end" unit tests. A lot of them were relying on implementation details of the mock instead of the real ETagManager.
  • Removed several HTTPClient tests that were checking a behavior that was impossible (for example, no verification result despite it being enabled), or that checked behavior based on the cached VerificationResult

Depends on #2679 and #2697.

@NachoSoto NachoSoto requested a review from a team June 23, 2023 00:07
@NachoSoto NachoSoto mentioned this pull request Jun 23, 2023
Merged
@NachoSoto NachoSoto marked this pull request as ready for review June 23, 2023 00:16
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch from f3654ae to 90a95d8 Compare June 23, 2023 00:17
tonidero
tonidero reviewed Jun 23, 2023
View reviewed changes
Comment thread Sources/Networking/HTTPClient/HTTPClient.swift Outdated
@NachoSoto NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch 2 times, most recently from 38c9d99 to fd49f15 Compare June 23, 2023 15:47
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch from 90a95d8 to 12283d5 Compare June 23, 2023 15:48
@NachoSoto NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch from fd49f15 to 5b3a59d Compare June 23, 2023 21:33
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch from 12283d5 to 5741e29 Compare June 23, 2023 21:33
@NachoSoto NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch from 5b3a59d to 83757b0 Compare June 26, 2023 20:36
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch 2 times, most recently from 4875780 to 6d5da7b Compare June 26, 2023 21:06
@NachoSoto NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch from 250270c to b0782ab Compare June 26, 2023 21:07
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch from 6d5da7b to e9e2d8e Compare June 26, 2023 21:07
@NachoSoto NachoSoto requested review from aboedo and bisho June 26, 2023 22:25
@NachoSoto NachoSoto mentioned this pull request Jun 26, 2023
Merged
tonidero
tonidero reviewed Jun 27, 2023
View reviewed changes
Comment thread Sources/Networking/HTTPClient/HTTPClient.swift
@NachoSoto NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch from b0782ab to a11ae88 Compare June 27, 2023 14:29
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch from e9e2d8e to 4d7e631 Compare June 27, 2023 14:31
@NachoSoto NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch 2 times, most recently from 88a3120 to 62010bf Compare June 28, 2023 22:52
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch 4 times, most recently from b4e4adc to dd41618 Compare June 29, 2023 16:12
NachoSoto
NachoSoto commented Jun 29, 2023
View reviewed changes
Comment thread Sources/Networking/HTTPClient/HTTPResponse.swift Outdated

@NachoSoto NachoSoto Jun 29, 2023

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is removed from HTTPResponse now, so it no longer defaults to .notRequested.

NachoSoto
NachoSoto commented Jun 29, 2023
View reviewed changes
Comment thread Sources/Networking/HTTPClient/HTTPResponse.swift Outdated

@NachoSoto NachoSoto Jun 29, 2023

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A nice refactor here: this is now defined on the protocol HTTPResponseType so it's available for both response types.
Also no longer accepting any String, enforcing that we use this only with HTTPClient.ResponseHeaders and not HTTPClient.RequestHeaders

@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch 3 times, most recently from 1265476 to c101849 Compare June 29, 2023 18:11
@NachoSoto NachoSoto requested review from a team and tonidero June 29, 2023 18:57
NachoSoto
NachoSoto commented Jun 29, 2023
View reviewed changes
Comment thread Sources/Security/VerificationResult.swift Outdated

@NachoSoto NachoSoto Jun 29, 2023

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is gone 🎉

@NachoSoto NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch from 62010bf to e654254 Compare June 29, 2023 19:02
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch from fb1b4c9 to 7181dba Compare June 29, 2023 19:02
@NachoSoto

NachoSoto commented Jun 29, 2023

Copy link
Copy Markdown
Contributor Author

This is ready again 🎉

tonidero
tonidero reviewed Jun 30, 2023
View reviewed changes
Comment thread Sources/Networking/HTTPClient/ETagManager.swift
Comment thread Sources/Networking/HTTPClient/ETagManager.swift
tonidero
tonidero approved these changes Jun 30, 2023
View reviewed changes

@tonidero tonidero left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything makes sense!

Comment thread Sources/Networking/HTTPClient/HTTPResponse.swift

// MARK: - VerifiedHTTPResponse

struct VerifiedHTTPResponse<Body: HTTPResponseBody>: HTTPResponseType {

@tonidero tonidero Jun 30, 2023

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In Android, I'm still keeping only the HTTPResponse object (in android that's HTTPResult. In Android, that's created within the ETagManager, (which I admit, it's a weird responsibility to have there), but we don't need to default to NOT_REQUESTED.

@NachoSoto NachoSoto Jun 30, 2023

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I kept this refactor cause it made things cleaner on iOS.

@NachoSoto NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch from 9d3ee66 to 92b1d1c Compare June 30, 2023 16:06
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch from 7181dba to ba53303 Compare June 30, 2023 16:07
@NachoSoto NachoSoto force-pushed the nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping branch 4 times, most recently from 6d66630 to 4d8fd34 Compare June 30, 2023 18:10
Base automatically changed from nacho/sdk-3164-ios-dont-parse-nonce-for-offerings-and-entitlement-mapping to main June 30, 2023 18:50
NachoSoto added 4 commits June 30, 2023 12:10
@NachoSoto
Trusted Entitlements: update handling of 304 responses
8e78737 
- `ETagManager` no longer knows anything about signatures
- `HTTPClient` loads cached response from `ETagManager` first before verifying signature with the cached body
- Created new `VerifiedHTTPResponse`, which has the `VerificationResult`, extracted from `HTTPResponse`
- Removed `VerificationResult.from(cache:response:)`
- Updated `MockETagManager` to reflect behavior changed in #2666
- Removed `ETagManager` tests about verification since they're no longer relevant
- Removed several `HTTPClient` tests that were checking a behavior that was impossible (for example, no verification result despite it being enabled), or that checked behavior based on the cached `VerificationResult`
@NachoSoto
ETagManager: added support for storing result again
02f9fa3
@NachoSoto
Using real ETagManager
0bf3c2b
@NachoSoto
Added comment
1876819
@NachoSoto NachoSoto force-pushed the nacho/changed-etag-signatures-2 branch from ba53303 to 1876819 Compare June 30, 2023 19:10
@NachoSoto NachoSoto enabled auto-merge (squash) June 30, 2023 19:10
@NachoSoto NachoSoto disabled auto-merge June 30, 2023 19:10
@NachoSoto NachoSoto enabled auto-merge (squash) June 30, 2023 19:10
@NachoSoto NachoSoto merged commit 3f538fc into main Jun 30, 2023
@NachoSoto NachoSoto deleted the nacho/changed-etag-signatures-2 branch June 30, 2023 19:24
NachoSoto added a commit that referenced this pull request Jun 30, 2023
@NachoSoto
Signing: extract and verify intermediate key (#2715)
e0ffea5 
Last step of the new Signature format. Follow up to #2679 and #2698.

This reverts the public key change in #2679, since that was the
intermediate key.
This now extracts the new intermediate public key from the signature,
and verifies it using the public key.
@RCGitBot RCGitBot mentioned this pull request Jul 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonidero tonidero tonidero approved these changes
@bisho bisho Awaiting requested review from bisho
@aboedo aboedo Awaiting requested review from aboedo

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NachoSoto @tonidero