Skip to content

Trusted Entitlements: tests for signature verification without header hash#3505

Merged
NachoSoto merged 3 commits into
mainfrom
trusted-entitlements-headers-2
Dec 21, 2023
Merged

Trusted Entitlements: tests for signature verification without header hash#3505
NachoSoto merged 3 commits into
mainfrom
trusted-entitlements-headers-2

Conversation

@NachoSoto

@NachoSoto NachoSoto commented Dec 8, 2023

Copy link
Copy Markdown
Contributor

Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.

@NachoSoto NachoSoto added the test label Dec 8, 2023
NachoSoto
NachoSoto commented Dec 8, 2023
View reviewed changes
Comment thread Tests/BackendIntegrationTests/SignatureVerificationIntegrationTests.swift
Comment on lines +346 to +348
class SignatureVerificationWithoutHeaderHashIntegrationTests: EnforcedSignatureVerificationIntegrationTests {

override var disableHeaderSignatureVerification: Bool { return true }

@NachoSoto NachoSoto Dec 8, 2023

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This allows us to run all of EnforcedSignatureVerificationIntegrationTests without the new feature, so we can verify that the older SDKs continue to work.

NachoSoto
NachoSoto commented Dec 8, 2023
View reviewed changes
Comment thread Tests/UnitTests/Networking/SignatureVerificationHTTPClientTests.swift
expect(signingRequest.parameters.message) == responseContent
expect(signingRequest.parameters.nonce) == request.nonce
expect(signingRequest.parameters.requestDate) == Self.date1.millisecondsSince1970
expect(signingRequest.parameters.requestBody as? BodyWithSignature) == requestBody

@NachoSoto NachoSoto Dec 8, 2023

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We were missing a test with this.

@NachoSoto NachoSoto force-pushed the trusted-entitlements-headers branch 3 times, most recently from d36a5a4 to 57f4e8a Compare December 9, 2023 01:27
@NachoSoto NachoSoto force-pushed the trusted-entitlements-headers-2 branch from 012ebc1 to fc18c7f Compare December 9, 2023 01:30
NachoSoto
NachoSoto commented Dec 11, 2023
View reviewed changes
Comment thread Tests/BackendIntegrationTests/LoadShedderIntegrationTests.swift
/// Header verification (see `HTTPRequest.headerParametersForSignatureHeader`) is enabled by default,
/// but this helps verify that the backend is still signing correctly without it for older SDK versions.
/// See also `SignatureVerificationWithoutHeaderHashIntegrationTests`.
class LoadShedderSignatureVerificationWithoutHeaderHashIntegrationTests: LoadShedderStoreKit1IntegrationTests {

@NachoSoto NachoSoto Dec 11, 2023

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also verifying that the load shedder continues signing these correctly.

@NachoSoto NachoSoto force-pushed the trusted-entitlements-headers branch 2 times, most recently from 33a7047 to 26eb5bf Compare December 20, 2023 20:58
@NachoSoto NachoSoto force-pushed the trusted-entitlements-headers-2 branch from e9e027f to 513b651 Compare December 20, 2023 21:00
@NachoSoto NachoSoto force-pushed the trusted-entitlements-headers branch from 26eb5bf to 730c8b5 Compare December 20, 2023 21:07
@NachoSoto NachoSoto force-pushed the trusted-entitlements-headers-2 branch from 513b651 to ffd69f2 Compare December 20, 2023 21:08
Base automatically changed from trusted-entitlements-headers to main December 21, 2023 19:53
@NachoSoto
Trusted Entitlements: tests for signature verification without head…
6d8c825 
…er hash

Follow up to #3424. This adds coverage to ensure that the backend continues to sign correctly for old SDK versions that don't support this.
@NachoSoto
Also test load shedder
9e7dace
@NachoSoto
Lint
b605ecc
@NachoSoto NachoSoto force-pushed the trusted-entitlements-headers-2 branch from ffd69f2 to b605ecc Compare December 21, 2023 19:54
@NachoSoto NachoSoto enabled auto-merge (squash) December 21, 2023 20:28
@NachoSoto NachoSoto merged commit 1cea997 into main Dec 21, 2023
@NachoSoto NachoSoto deleted the trusted-entitlements-headers-2 branch December 21, 2023 20:47
This was referenced Dec 21, 2023
Closed
Merged
NachoSoto pushed a commit that referenced this pull request Dec 22, 2023
@RCGitBot
[AUTOMATIC] Release/4.31.6 (#3544)
deccece 
**This is an automatic release.**

### RevenueCatUI
* `Paywalls`: add header image to `watchOS` paywalls (#3542) via
NachoSoto (@NachoSoto)
* `Paywalls`: improve template 5 landscape layout (#3534) via NachoSoto
(@NachoSoto)
* `Paywalls`: fix template 5 footer loading view alignment (#3537) via
NachoSoto (@NachoSoto)
* `Paywalls`: improve template 1 landscape layout (#3532) via NachoSoto
(@NachoSoto)
* `Paywalls`: fix `ColorInformation.multiScheme` on `watchOS` (#3530)
via NachoSoto (@NachoSoto)
### Other Changes
* `Trusted Entitlements`: tests for signature verification without
header hash (#3505) via NachoSoto (@NachoSoto)
* `.debugRevenueCatOverlay`: added `Locale` (#3539) via NachoSoto
(@NachoSoto)
* `Trusted Entitlements`: add support for signing request headers
(#3424) via NachoSoto (@NachoSoto)
* `CI`: Add architecture to cache keys (#3538) via Mark Villacampa
(@MarkVillacampa)
* `Paywalls Tester`: remove double close button (#3531) via NachoSoto
(@NachoSoto)
* Fix `RevenueCatUI` snapshot tests (#3526) via NachoSoto (@NachoSoto)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MarkVillacampa MarkVillacampa MarkVillacampa approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NachoSoto @MarkVillacampa