Revert "Revert temporary changes."

This reverts commit 97eb405a9e.
7 years ago · 54d025e110
parent 594c9aacfe
commit 54d025e110
6 changed files with 56 additions and 33 deletions
--- a/Signal/Signal-Info.plist
+++ b/Signal/Signal-Info.plist
@ -128,5 +128,10 @@
 	</array>
 	<key>UIViewControllerBasedStatusBarAppearance</key>
 	<true/>
-</dict>
+		<key>NSAppTransportSecurity</key>
+	  <dict>
+	      <key>NSAllowsArbitraryLoads</key>
+	      <true/>
+	  </dict>
+ </dict>
 </plist>
--- a/Signal/src/AppDelegate.m
+++ b/Signal/src/AppDelegate.m
@ -1108,6 +1108,10 @@ static NSTimeInterval launchStartedAt;
    // Resume lazy restore.
    [OWSBackupLazyRestoreJob runAsync];
 #endif
+
+    if ([TSAccountManager isRegistered]) {
+        [[ContactDiscoveryService sharedService] testService];
+    }
 }

 - (void)registrationStateDidChange
--- a/SignalServiceKit/Resources/Certificates/acton-ca.cer
+++ b/SignalServiceKit/Resources/Certificates/acton-ca.cer
--- a/SignalServiceKit/Resources/Certificates/cacert.cer
+++ b/SignalServiceKit/Resources/Certificates/cacert.cer
--- a/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m
+++ b/SignalServiceKit/src/Security/OWSHTTPSecurityPolicy.m
@ -20,16 +20,22 @@
    self = [[super class] defaultPolicy];

    if (self) {
-        self.pinnedCertificates = [NSSet setWithArray:@[
-            [self certificateDataForService:@"textsecure"],
-        ]];
+        //        self.pinnedCertificates = [NSSet setWithArray:@[
+        //                                                        [self certificateDataForService:@"cacert"],
+        //                                                        ]];
+        //        self.pinnedCertificates = [NSSet setWithArray:@[
+        //            [self certificateDataForService:@"acton-ca"],
+        //        ]];
+        //
+        self.allowInvalidCertificates = YES;
    }

    return self;
 }

 - (NSArray *)certs {
-    return @[ (__bridge id)[self certificateForService:@"textsecure"] ];
+    return @[ (__bridge id)[self certificateForService:@"cacert"] ];
+    //    return @[ (__bridge id)[self certificateForService:@"acton-ca"] ];
 }

 - (NSData *)certificateDataForService:(NSString *)service {
@ -52,28 +58,29 @@


 - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain {
-    NSMutableArray *policies = [NSMutableArray array];
-    [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)];
-
-    if (SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies) != errSecSuccess) {
-        DDLogError(@"The trust policy couldn't be set.");
-        return NO;
-    }
-
-    NSMutableArray *pinnedCertificates = [NSMutableArray array];
-    for (NSData *certificateData in self.pinnedCertificates) {
-        [pinnedCertificates
-            addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)];
-    }
-
-    if (SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates) != errSecSuccess) {
-        DDLogError(@"The anchor certificates couldn't be set.");
-        return NO;
-    }
-
-    if (!AFServerTrustIsValid(serverTrust)) {
-        return NO;
-    }
+    //    NSMutableArray *policies = [NSMutableArray array];
+    //    [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)];
+    //
+    //    if (SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies) != errSecSuccess) {
+    //        DDLogError(@"The trust policy couldn't be set.");
+    //        return NO;
+    //    }
+    //
+    //    NSMutableArray *pinnedCertificates = [NSMutableArray array];
+    //    for (NSData *certificateData in self.pinnedCertificates) {
+    //        [pinnedCertificates
+    //            addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge
+    //            CFDataRef)certificateData)];
+    //    }
+    //
+    //    if (SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates) != errSecSuccess) {
+    //        DDLogError(@"The anchor certificates couldn't be set.");
+    //        return NO;
+    //    }
+    //
+    //    if (!AFServerTrustIsValid(serverTrust)) {
+    //        return NO;
+    //    }

    return YES;
 }
--- a/SignalServiceKit/src/TSConstants.h
+++ b/SignalServiceKit/src/TSConstants.h
@ -29,12 +29,12 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) {
 //#ifndef DEBUG

 // Production
-#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
-#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
-#define textSecureCDNServerURL @"https://cdn.signal.org"
-// Use same reflector for service and CDN
-#define textSecureServiceReflectorHost @"textsecure-service-reflected.whispersystems.org"
-#define textSecureCDNReflectorHost @"textsecure-service-reflected.whispersystems.org"
+//#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
+//#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
+//#define textSecureCDNServerURL @"https://cdn.signal.org"
+//// Use same reflector for service and CDN
+//#define textSecureServiceReflectorHost @"textsecure-service-reflected.whispersystems.org"
+//#define textSecureCDNReflectorHost @"textsecure-service-reflected.whispersystems.org"

 //#else
 //
@ -47,6 +47,13 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) {
 //
 //#endif

+// Testing
+#define textSecureWebSocketAPI @"wss://messaging.acton-signal.org/v1/websocket/"
+#define textSecureServerURL @"https://messaging.acton-signal.org/"
+#define textSecureCDNServerURL @"https://cdn-staging.signal.org"
+#define textSecureServiceReflectorHost @"meek-signal-service-staging.appspot.com";
+#define textSecureCDNReflectorHost @"meek-signal-cdn-staging.appspot.com";
+
 #define textSecureAccountsAPI @"v1/accounts"
 #define textSecureAttributesAPI @"/attributes/"