From 5ac7acfbc545786639fcca4540b0f790143d27e7 Mon Sep 17 00:00:00 2001 From: Frederic Jacobs Date: Sat, 2 Aug 2014 13:57:50 +0200 Subject: [PATCH] Enhancements in the verification flow - Certificate Pinning with AFNetworking - Block syntax for number validation - Fixes null debug logs --- Podfile | 2 +- Signal.xcodeproj/project.pbxproj | 29 ++------ Signal/src/environment/Release.m | 2 +- Signal/src/environment/VersionMigrations.m | 62 +++++++++--------- Signal/src/network/PushManager.h | 2 + Signal/src/network/PushManager.m | 41 ++++++++++-- .../network/http/CallServerRequestsManager.m | 2 +- .../view controllers/RegisterViewController.m | 16 +++-- Signal/{whisperReal.der => whisperReal.cer} | Bin 9 files changed, 86 insertions(+), 70 deletions(-) rename Signal/{whisperReal.der => whisperReal.cer} (100%) diff --git a/Podfile b/Podfile index bbfd31953..42f50897d 100644 --- a/Podfile +++ b/Podfile @@ -6,5 +6,5 @@ pod 'UICKeyChainStore', :podspec => 'Podspecs/UICKeyChainStore.podspec' pod 'OpenSSL', '~> 1.0.108' pod 'MMDrawerController', '~> 0.5.0' pod 'libPhoneNumber-iOS', '~> 0.7' -pod 'PastelogKit', '~> 1.0' +pod 'PastelogKit', '~> 1.1' pod 'AFNetworking', '~> 2.3.1' diff --git a/Signal.xcodeproj/project.pbxproj b/Signal.xcodeproj/project.pbxproj index 324c39ccf..f00f6f5f2 100644 --- a/Signal.xcodeproj/project.pbxproj +++ b/Signal.xcodeproj/project.pbxproj @@ -410,7 +410,6 @@ B621B08D198C69A100D36C3D /* Localizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = B621B053198C69A100D36C3D /* Localizable.strings */; }; B621B08E198C69A100D36C3D /* Localizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = B621B056198C69A100D36C3D /* Localizable.strings */; }; B621B08F198C69A100D36C3D /* Localizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = B621B059198C69A100D36C3D /* Localizable.strings */; }; - B621B090198C69A100D36C3D /* Localizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = B621B05C198C69A100D36C3D /* Localizable.strings */; }; B621B091198C69A100D36C3D /* Localizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = B621B05F198C69A100D36C3D /* Localizable.strings */; }; B621B092198C69A100D36C3D /* Localizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = B621B062198C69A100D36C3D /* Localizable.strings */; }; B621B093198C69A100D36C3D /* Localizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = B621B065198C69A100D36C3D /* Localizable.strings */; }; @@ -484,7 +483,7 @@ E1370BF018A0689000826894 /* AppIcon60x60@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = E18AB3FA18A05734001A532A /* AppIcon60x60@2x.png */; }; E1370BF118A0689000826894 /* AppIcon76x76.png in Resources */ = {isa = PBXBuildFile; fileRef = E18AB3FB18A05734001A532A /* AppIcon76x76.png */; }; E1370BF218A0689000826894 /* AppIcon76x76@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = E18AB3FC18A05734001A532A /* AppIcon76x76@2x.png */; }; - E1370BF618A068A600826894 /* whisperReal.der in Resources */ = {isa = PBXBuildFile; fileRef = E1C407C117F0C246007BEE65 /* whisperReal.der */; }; + E1370BF618A068A600826894 /* whisperReal.cer in Resources */ = {isa = PBXBuildFile; fileRef = E1C407C117F0C246007BEE65 /* whisperReal.cer */; }; E14874A218A0692F002CC4F3 /* archive_icon.png in Resources */ = {isa = PBXBuildFile; fileRef = E1370B3018A0660300826894 /* archive_icon.png */; }; E14874A318A0692F002CC4F3 /* archive_icon@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = E1370B3118A0660300826894 /* archive_icon@2x.png */; }; E14874A418A0692F002CC4F3 /* backspace.png in Resources */ = {isa = PBXBuildFile; fileRef = E1370B3218A0660300826894 /* backspace.png */; }; @@ -1142,7 +1141,6 @@ B621B054198C69A100D36C3D /* sl */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = sl; path = Localizable.strings; sourceTree = ""; }; B621B057198C69A100D36C3D /* sq */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = sq; path = Localizable.strings; sourceTree = ""; }; B621B05A198C69A100D36C3D /* sv_SE */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = sv_SE; path = Localizable.strings; sourceTree = ""; }; - B621B05D198C69A100D36C3D /* sv-SE */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "sv-SE"; path = Localizable.strings; sourceTree = ""; }; B621B060198C69A100D36C3D /* ta */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ta; path = Localizable.strings; sourceTree = ""; }; B621B063198C69A100D36C3D /* tr_TR */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = tr_TR; path = Localizable.strings; sourceTree = ""; }; B621B066198C69A100D36C3D /* uk */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = uk; path = Localizable.strings; sourceTree = ""; }; @@ -1358,7 +1356,7 @@ E197B62618BBF63B00F073E5 /* SoundBoard.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SoundBoard.m; sourceTree = ""; }; E1A0AD8B16E13FDD0071E604 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; }; E1B3DC731885EFA100B7F794 /* NotificationManifest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = NotificationManifest.h; sourceTree = ""; }; - E1C407C117F0C246007BEE65 /* whisperReal.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = whisperReal.der; sourceTree = ""; }; + E1C407C117F0C246007BEE65 /* whisperReal.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = whisperReal.cer; sourceTree = ""; }; E1CD329418BCFF9900B1A496 /* SoundInstance.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SoundInstance.h; sourceTree = ""; }; E1CD329518BCFF9900B1A496 /* SoundInstance.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SoundInstance.m; sourceTree = ""; }; /* End PBXFileReference section */ @@ -2749,15 +2747,6 @@ path = translations/sv_SE.lproj; sourceTree = ""; }; - B621B05B198C69A100D36C3D /* sv-SE.lproj */ = { - isa = PBXGroup; - children = ( - B621B05C198C69A100D36C3D /* Localizable.strings */, - ); - name = "sv-SE.lproj"; - path = "translations/sv-SE.lproj"; - sourceTree = ""; - }; B621B05E198C69A100D36C3D /* ta.lproj */ = { isa = PBXGroup; children = ( @@ -2847,7 +2836,6 @@ B621B052198C69A100D36C3D /* sl.lproj */, B621B055198C69A100D36C3D /* sq.lproj */, B621B058198C69A100D36C3D /* sv_SE.lproj */, - B621B05B198C69A100D36C3D /* sv-SE.lproj */, B621B05E198C69A100D36C3D /* ta.lproj */, B621B061198C69A100D36C3D /* tr_TR.lproj */, B621B064198C69A100D36C3D /* uk.lproj */, @@ -2935,7 +2923,7 @@ D221A099169C9E5E00537ABF /* main.m */, D221A095169C9E5E00537ABF /* Signal-Info.plist */, D221A09B169C9E5E00537ABF /* Signal-Prefix.pch */, - E1C407C117F0C246007BEE65 /* whisperReal.der */, + E1C407C117F0C246007BEE65 /* whisperReal.cer */, ); name = "Supporting Files"; sourceTree = ""; @@ -3339,12 +3327,11 @@ E14874F118A06930002CC4F3 /* volume_high.png in Resources */, E14874F218A06930002CC4F3 /* volume_high@2x.png in Resources */, 70B8FEE21909FE360042E3F0 /* 171756__nenadsimic__picked-coin-echo-2.wav in Resources */, - B621B090198C69A100D36C3D /* Localizable.strings in Resources */, E14874F318A06930002CC4F3 /* volume_low.png in Resources */, E14874F418A06930002CC4F3 /* volume_low@2x.png in Resources */, E14874F518A06930002CC4F3 /* whisper_notification_icon.png in Resources */, E14874F618A06930002CC4F3 /* whisper_notification_icon@2x.png in Resources */, - E1370BF618A068A600826894 /* whisperReal.der in Resources */, + E1370BF618A068A600826894 /* whisperReal.cer in Resources */, E1370BEA18A0689000826894 /* AppIcon29x29.jpg in Resources */, E1370BEB18A0689000826894 /* AppIcon29x29.png in Resources */, E1370BEC18A0689000826894 /* AppIcon29x29@2x.png in Resources */, @@ -4173,14 +4160,6 @@ name = Localizable.strings; sourceTree = ""; }; - B621B05C198C69A100D36C3D /* Localizable.strings */ = { - isa = PBXVariantGroup; - children = ( - B621B05D198C69A100D36C3D /* sv-SE */, - ); - name = Localizable.strings; - sourceTree = ""; - }; B621B05F198C69A100D36C3D /* Localizable.strings */ = { isa = PBXVariantGroup; children = ( diff --git a/Signal/src/environment/Release.m b/Signal/src/environment/Release.m index f8e0a3f51..4ad38e3a6 100644 --- a/Signal/src/environment/Release.m +++ b/Signal/src/environment/Release.m @@ -54,7 +54,7 @@ static unsigned char DH3K_PRIME[]={ andMasterServerHostName:@"master.whispersystems.org" andDefaultRelayName:@"relay" andRelayServerHostNameSuffix:@"whispersystems.org" - andCertificate:[Certificate certificateFromResourcePath:@"whisperReal" ofType:@"der"] + andCertificate:[Certificate certificateFromResourcePath:@"whisperReal" ofType:@"cer"] andCurrentRegionCodeForPhoneNumbers:[(NSLocale*)[NSLocale currentLocale] objectForKey:NSLocaleCountryCode] andSupportedKeyAgreementProtocols:[self supportedKeyAgreementProtocols] andPhoneManager:[PhoneManager phoneManagerWithErrorHandler:errorNoter] diff --git a/Signal/src/environment/VersionMigrations.m b/Signal/src/environment/VersionMigrations.m index f17363ea0..bbdd7e1b7 100644 --- a/Signal/src/environment/VersionMigrations.m +++ b/Signal/src/environment/VersionMigrations.m @@ -18,36 +18,38 @@ NSString* documentsDirectory = [NSHomeDirectory() stringByAppendingPathComponent:@"/Documents/"]; NSString *path = [NSString stringWithFormat:@"%@/%@.plist", documentsDirectory, @"RedPhone-Data"]; - NSData *plistData = [NSData dataWithContentsOfFile:path]; - - NSError *error; - NSPropertyListFormat format; - NSDictionary *dict = [NSPropertyListSerialization propertyListWithData:plistData options:NSPropertyListImmutable format:&format error:&error]; - - NSArray *entries = [dict allKeys]; - NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults]; - - for (NSUInteger i = 0; i < [entries count]; i++) { - NSString *key = [entries objectAtIndex:i]; - [defaults setObject:[dict objectForKey:key] forKey:key]; - } - - [defaults synchronize]; - - [[NSFileManager defaultManager]removeItemAtPath:path error:&error]; - - if (error) { - DDLogError(@"Error while migrating data: %@", error.description); - } - - // Some users push IDs were not correctly registered, by precaution, we are going to re-register all of them - - [[PushManager sharedManager] askForPushRegistration]; - - [[NSFileManager defaultManager] removeItemAtPath:path error:&error]; - - if (error) { - DDLogError(@"Error upgrading from 1.0.2 : %@", error.description); + if ([[NSFileManager defaultManager] fileExistsAtPath:path]) { + NSData *plistData = [NSData dataWithContentsOfFile:path]; + + NSError *error; + NSPropertyListFormat format; + NSDictionary *dict = [NSPropertyListSerialization propertyListWithData:plistData options:NSPropertyListImmutable format:&format error:&error]; + + NSArray *entries = [dict allKeys]; + NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults]; + + for (NSUInteger i = 0; i < [entries count]; i++) { + NSString *key = [entries objectAtIndex:i]; + [defaults setObject:[dict objectForKey:key] forKey:key]; + } + + [defaults synchronize]; + + [[NSFileManager defaultManager]removeItemAtPath:path error:&error]; + + if (error) { + DDLogError(@"Error while migrating data: %@", error.description); + } + + // Some users push IDs were not correctly registered, by precaution, we are going to re-register all of them + + [[PushManager sharedManager] askForPushRegistration]; + + [[NSFileManager defaultManager] removeItemAtPath:path error:&error]; + + if (error) { + DDLogError(@"Error upgrading from 1.0.2 : %@", error.description); + } } return; diff --git a/Signal/src/network/PushManager.h b/Signal/src/network/PushManager.h index 5f9878f95..daa578b38 100644 --- a/Signal/src/network/PushManager.h +++ b/Signal/src/network/PushManager.h @@ -16,6 +16,8 @@ - (void)askForPushRegistration; +- (void)askForPushRegistrationWithSuccess:(void (^)())success failure:(void (^)())failure; + - (void)registerForPushWithToken:(NSData*)token; @end diff --git a/Signal/src/network/PushManager.m b/Signal/src/network/PushManager.m index 16cb46f32..361f5e961 100644 --- a/Signal/src/network/PushManager.m +++ b/Signal/src/network/PushManager.m @@ -12,6 +12,9 @@ @interface PushManager () +@property (nonatomic, copy) void (^PushRegisteringSuccessBlock)(); +@property (nonatomic, copy) void (^PushRegisteringFailureBlock)(); + @property int retries; @end @@ -60,6 +63,12 @@ } +- (void)askForPushRegistrationWithSuccess:(void (^)())success failure:(void (^)())failure{ + self.PushRegisteringSuccessBlock = success; + self.PushRegisteringFailureBlock = failure; + [self askForPushRegistration]; +} + - (void)askForPushRegistration{ [[UIApplication sharedApplication] registerForRemoteNotificationTypes:(UIRemoteNotificationTypeAlert | UIRemoteNotificationTypeSound | UIRemoteNotificationTypeBadge)]; self.retries = 3; @@ -72,17 +81,37 @@ if (statusCode == 200) { DDLogInfo(@"Device sent push ID to server"); [[Environment preferences] setRevokedPushPermission:NO]; + if (self.PushRegisteringSuccessBlock) { + self.PushRegisteringSuccessBlock(); + self.PushRegisteringSuccessBlock = nil; + } + } else{ + [self registerFailureWithToken:token]; } } } failure:^(NSURLSessionDataTask *task, NSError *error) { - if (self.retries > 0) { - [self registerForPushWithToken:token]; - self.retries--; - } else{ - [[Environment preferences] setRevokedPushPermission:YES]; - } + [self registerForPushWithToken:token]; }]; } +/** + * Token was not sucessfully register. Try again / deal with failure + * + * @param token Token to register + */ + +- (void)registerFailureWithToken:(NSData*)token{ + if (self.retries > 0) { + [self registerForPushWithToken:token]; + self.retries--; + } else{ + if (self.PushRegisteringFailureBlock) { + self.PushRegisteringFailureBlock(); + self.PushRegisteringFailureBlock = nil; + } + [[Environment preferences] setRevokedPushPermission:YES]; + } +} + @end diff --git a/Signal/src/network/http/CallServerRequestsManager.m b/Signal/src/network/http/CallServerRequestsManager.m index ca7c308b6..8dfd565e8 100644 --- a/Signal/src/network/http/CallServerRequestsManager.m +++ b/Signal/src/network/http/CallServerRequestsManager.m @@ -40,7 +40,7 @@ NSURL *endPointURL = [NSURL URLWithString:[NSString stringWithFormat:@"https://%@:%hu", endpoint.hostname, endpoint.port]]; NSURLSessionConfiguration *sessionConf = [NSURLSessionConfiguration ephemeralSessionConfiguration]; self.operationManager = [[AFHTTPSessionManager alloc] initWithBaseURL:endPointURL sessionConfiguration:sessionConf]; - [self.operationManager setSecurityPolicy:[AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone]]; + [self.operationManager setSecurityPolicy:[AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]]; self.operationManager.securityPolicy.allowInvalidCertificates = YES; // We use a custom certificate, not signed by a CA. self.operationManager.responseSerializer = [AFJSONResponseSerializer serializer]; } diff --git a/Signal/src/view controllers/RegisterViewController.m b/Signal/src/view controllers/RegisterViewController.m index 71be8a497..e3b546055 100644 --- a/Signal/src/view controllers/RegisterViewController.m +++ b/Signal/src/view controllers/RegisterViewController.m @@ -194,12 +194,16 @@ }]; [futureDone thenDo:^(id result) { - [Environment setRegistered:YES]; - [[[Environment getCurrent] phoneDirectoryManager] forceUpdate]; - [registered trySetResult:@YES]; - [self dismissView]; - [futureChallengeAcceptedSource trySetResult:result]; - [[PushManager sharedManager] askForPushRegistration]; + [[PushManager sharedManager] askForPushRegistrationWithSuccess:^{ + [Environment setRegistered:YES]; + [[[Environment getCurrent] phoneDirectoryManager] forceUpdate]; + [registered trySetResult:@YES]; + [self dismissView]; + [futureChallengeAcceptedSource trySetResult:result]; + } failure:^{ + UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:REGISTER_ERROR_ALERT_VIEW_TITLE message:REGISTER_ERROR_ALERT_VIEW_BODY delegate:nil cancelButtonTitle:REGISTER_ERROR_ALERT_VIEW_DISMISS otherButtonTitles:nil, nil]; + [alertView show]; + }]; }]; [futureDone finallyDo:^(Future *completed) { diff --git a/Signal/whisperReal.der b/Signal/whisperReal.cer similarity index 100% rename from Signal/whisperReal.der rename to Signal/whisperReal.cer