From b270133f68546999fc7b92d1e25499978f0757f8 Mon Sep 17 00:00:00 2001 From: Morgan Pretty Date: Tue, 11 Apr 2023 13:10:11 +1000 Subject: [PATCH] Fixed a couple of issues with seed node requests Updated the seed node certificates to use the new 10 year ones Fixed an issue where multiple seed node requests could be triggered at once Increased the version & build numbers --- Session.xcodeproj/project.pbxproj | 72 ++++++------ .../Certificates/public-loki-foundation.crt | 24 ---- .../Certificates/public-loki-foundation.der | Bin 1047 -> 0 bytes Session/Meta/Certificates/seed1-10y.crt | 24 ++++ Session/Meta/Certificates/seed1-10y.der | Bin 0 -> 1041 bytes Session/Meta/Certificates/seed2-10y.crt | 24 ++++ Session/Meta/Certificates/seed2-10y.der | Bin 0 -> 1041 bytes Session/Meta/Certificates/seed3-10y.crt | 24 ++++ Session/Meta/Certificates/seed3-10y.der | Bin 0 -> 1041 bytes Session/Meta/Certificates/storage-seed-1.crt | 25 ----- Session/Meta/Certificates/storage-seed-1.der | Bin 1061 -> 0 bytes Session/Meta/Certificates/storage-seed-3.crt | 25 ----- Session/Meta/Certificates/storage-seed-3.der | Bin 1061 -> 0 bytes Session/Meta/Session-Info.plist | 6 +- SessionSnodeKit/SnodeAPI.swift | 91 ++++++++------- SessionUtilitiesKit/Networking/HTTP.swift | 104 ++++++++++++------ 16 files changed, 234 insertions(+), 185 deletions(-) delete mode 100644 Session/Meta/Certificates/public-loki-foundation.crt delete mode 100644 Session/Meta/Certificates/public-loki-foundation.der create mode 100644 Session/Meta/Certificates/seed1-10y.crt create mode 100644 Session/Meta/Certificates/seed1-10y.der create mode 100644 Session/Meta/Certificates/seed2-10y.crt create mode 100644 Session/Meta/Certificates/seed2-10y.der create mode 100644 Session/Meta/Certificates/seed3-10y.crt create mode 100644 Session/Meta/Certificates/seed3-10y.der delete mode 100644 Session/Meta/Certificates/storage-seed-1.crt delete mode 100644 Session/Meta/Certificates/storage-seed-1.der delete mode 100644 Session/Meta/Certificates/storage-seed-3.crt delete mode 100644 Session/Meta/Certificates/storage-seed-3.der diff --git a/Session.xcodeproj/project.pbxproj b/Session.xcodeproj/project.pbxproj index 398efc33d..6b0ff02cb 100644 --- a/Session.xcodeproj/project.pbxproj +++ b/Session.xcodeproj/project.pbxproj @@ -182,9 +182,6 @@ B80A579F23DFF1F300876683 /* NewClosedGroupVC.swift in Sources */ = {isa = PBXBuildFile; fileRef = B80A579E23DFF1F300876683 /* NewClosedGroupVC.swift */; }; B817AD9A26436593009DF825 /* SimplifiedConversationCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = B817AD9926436593009DF825 /* SimplifiedConversationCell.swift */; }; B817AD9C26436F73009DF825 /* ThreadPickerVC.swift in Sources */ = {isa = PBXBuildFile; fileRef = B817AD9B26436F73009DF825 /* ThreadPickerVC.swift */; }; - B81D25C426157F40004D1FE1 /* storage-seed-3.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B926157F20004D1FE1 /* storage-seed-3.crt */; }; - B81D25C526157F40004D1FE1 /* storage-seed-1.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B726157F20004D1FE1 /* storage-seed-1.crt */; }; - B81D25C626157F40004D1FE1 /* public-loki-foundation.crt in Resources */ = {isa = PBXBuildFile; fileRef = B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */; }; B82149C125D605C6009C0F2A /* InfoBanner.swift in Sources */ = {isa = PBXBuildFile; fileRef = B82149C025D605C6009C0F2A /* InfoBanner.swift */; }; B8269D2925C7A4B400488AB4 /* InputView.swift in Sources */ = {isa = PBXBuildFile; fileRef = B8269D2825C7A4B400488AB4 /* InputView.swift */; }; B8269D3325C7A8C600488AB4 /* InputViewButton.swift in Sources */ = {isa = PBXBuildFile; fileRef = B8269D3225C7A8C600488AB4 /* InputViewButton.swift */; }; @@ -428,9 +425,6 @@ C38EF407255B6DF7007E1867 /* Toast.swift in Sources */ = {isa = PBXBuildFile; fileRef = C38EF3E9255B6DF6007E1867 /* Toast.swift */; }; C38EF40B255B6DF7007E1867 /* TappableStackView.swift in Sources */ = {isa = PBXBuildFile; fileRef = C38EF3ED255B6DF6007E1867 /* TappableStackView.swift */; }; C38EF48A255B7E3F007E1867 /* SessionUIKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C331FF1B2558F9D300070591 /* SessionUIKit.framework */; }; - C3A01E05261D24C400290BEB /* public-loki-foundation.der in Resources */ = {isa = PBXBuildFile; fileRef = C3A01E02261D24C400290BEB /* public-loki-foundation.der */; }; - C3A01E06261D24C400290BEB /* storage-seed-1.der in Resources */ = {isa = PBXBuildFile; fileRef = C3A01E03261D24C400290BEB /* storage-seed-1.der */; }; - C3A01E07261D24C400290BEB /* storage-seed-3.der in Resources */ = {isa = PBXBuildFile; fileRef = C3A01E04261D24C400290BEB /* storage-seed-3.der */; }; C3A3A171256E1D25004D228D /* SSKReachabilityManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = C3A3A170256E1D25004D228D /* SSKReachabilityManager.swift */; }; C3A71D0B2558989C0043A11F /* MessageWrapper.swift in Sources */ = {isa = PBXBuildFile; fileRef = C3A71D0A2558989C0043A11F /* MessageWrapper.swift */; }; C3A71D1E25589AC30043A11F /* WebSocketProto.swift in Sources */ = {isa = PBXBuildFile; fileRef = C3A71D1C25589AC30043A11F /* WebSocketProto.swift */; }; @@ -609,6 +603,12 @@ FD245C6B2850667400B966DD /* VisibleMessage+Profile.swift in Sources */ = {isa = PBXBuildFile; fileRef = C300A5B12554AF9800555489 /* VisibleMessage+Profile.swift */; }; FD245C6C2850669200B966DD /* MessageReceiveJob.swift in Sources */ = {isa = PBXBuildFile; fileRef = C352A31225574F5200338F3E /* MessageReceiveJob.swift */; }; FD245C6D285066A400B966DD /* NotifyPushServerJob.swift in Sources */ = {isa = PBXBuildFile; fileRef = C352A32E2557549C00338F3E /* NotifyPushServerJob.swift */; }; + FD29A11D29E4EB71001923B4 /* seed1-10y.der in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11729E4EB71001923B4 /* seed1-10y.der */; }; + FD29A11E29E4EB71001923B4 /* seed2-10y.der in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11829E4EB71001923B4 /* seed2-10y.der */; }; + FD29A11F29E4EB71001923B4 /* seed3-10y.crt in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11929E4EB71001923B4 /* seed3-10y.crt */; }; + FD29A12029E4EB71001923B4 /* seed1-10y.crt in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11A29E4EB71001923B4 /* seed1-10y.crt */; }; + FD29A12129E4EB71001923B4 /* seed3-10y.der in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11B29E4EB71001923B4 /* seed3-10y.der */; }; + FD29A12229E4EB71001923B4 /* seed2-10y.crt in Resources */ = {isa = PBXBuildFile; fileRef = FD29A11C29E4EB71001923B4 /* seed2-10y.crt */; }; FD2AAAED28ED3E1000A49611 /* MockGeneralCache.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDFD645C27F273F300808CA1 /* MockGeneralCache.swift */; }; FD2AAAEE28ED3E1100A49611 /* MockGeneralCache.swift in Sources */ = {isa = PBXBuildFile; fileRef = FDFD645C27F273F300808CA1 /* MockGeneralCache.swift */; }; FD2AAAF028ED57B500A49611 /* SynchronousStorage.swift in Sources */ = {isa = PBXBuildFile; fileRef = FD2AAAEF28ED57B500A49611 /* SynchronousStorage.swift */; }; @@ -1266,9 +1266,6 @@ B80A579E23DFF1F300876683 /* NewClosedGroupVC.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NewClosedGroupVC.swift; sourceTree = ""; }; B817AD9926436593009DF825 /* SimplifiedConversationCell.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SimplifiedConversationCell.swift; sourceTree = ""; }; B817AD9B26436F73009DF825 /* ThreadPickerVC.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ThreadPickerVC.swift; sourceTree = ""; }; - B81D25B726157F20004D1FE1 /* storage-seed-1.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "storage-seed-1.crt"; sourceTree = ""; }; - B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "public-loki-foundation.crt"; sourceTree = ""; }; - B81D25B926157F20004D1FE1 /* storage-seed-3.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "storage-seed-3.crt"; sourceTree = ""; }; B82149C025D605C6009C0F2A /* InfoBanner.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = InfoBanner.swift; sourceTree = ""; }; B8269D2825C7A4B400488AB4 /* InputView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = InputView.swift; sourceTree = ""; }; B8269D3225C7A8C600488AB4 /* InputViewButton.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = InputViewButton.swift; sourceTree = ""; }; @@ -1542,9 +1539,6 @@ C396469D2509D3F400B0B9F5 /* ja */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ja; path = ja.lproj/Localizable.strings; sourceTree = ""; }; C396469E2509D40400B0B9F5 /* vi-VN */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "vi-VN"; path = "vi-VN.lproj/Localizable.strings"; sourceTree = ""; }; C396469F2509D41100B0B9F5 /* id-ID */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "id-ID"; path = "id-ID.lproj/Localizable.strings"; sourceTree = ""; }; - C3A01E02261D24C400290BEB /* public-loki-foundation.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "public-loki-foundation.der"; sourceTree = ""; }; - C3A01E03261D24C400290BEB /* storage-seed-1.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "storage-seed-1.der"; sourceTree = ""; }; - C3A01E04261D24C400290BEB /* storage-seed-3.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "storage-seed-3.der"; sourceTree = ""; }; C3A3A170256E1D25004D228D /* SSKReachabilityManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SSKReachabilityManager.swift; sourceTree = ""; }; C3A71D0A2558989C0043A11F /* MessageWrapper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MessageWrapper.swift; sourceTree = ""; }; C3A71D1C25589AC30043A11F /* WebSocketProto.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WebSocketProto.swift; sourceTree = ""; }; @@ -1699,6 +1693,12 @@ FD23EA6028ED0B260058676E /* CombineExtensions.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CombineExtensions.swift; sourceTree = ""; }; FD245C612850664300B966DD /* Configuration.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Configuration.swift; sourceTree = ""; }; FD28A4F527EAD44C00FF65E7 /* Storage.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Storage.swift; sourceTree = ""; }; + FD29A11729E4EB71001923B4 /* seed1-10y.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "seed1-10y.der"; sourceTree = ""; }; + FD29A11829E4EB71001923B4 /* seed2-10y.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "seed2-10y.der"; sourceTree = ""; }; + FD29A11929E4EB71001923B4 /* seed3-10y.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "seed3-10y.crt"; sourceTree = ""; }; + FD29A11A29E4EB71001923B4 /* seed1-10y.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "seed1-10y.crt"; sourceTree = ""; }; + FD29A11B29E4EB71001923B4 /* seed3-10y.der */ = {isa = PBXFileReference; lastKnownFileType = file; path = "seed3-10y.der"; sourceTree = ""; }; + FD29A11C29E4EB71001923B4 /* seed2-10y.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "seed2-10y.crt"; sourceTree = ""; }; FD2AAAEF28ED57B500A49611 /* SynchronousStorage.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SynchronousStorage.swift; sourceTree = ""; }; FD37E9C228A1C6F3003AE748 /* ThemeManager.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ThemeManager.swift; sourceTree = ""; }; FD37E9C528A1D4EC003AE748 /* Theme+ClassicDark.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Theme+ClassicDark.swift"; sourceTree = ""; }; @@ -2366,12 +2366,12 @@ B81D260326158DF5004D1FE1 /* Certificates */ = { isa = PBXGroup; children = ( - B81D25B826157F20004D1FE1 /* public-loki-foundation.crt */, - C3A01E02261D24C400290BEB /* public-loki-foundation.der */, - B81D25B726157F20004D1FE1 /* storage-seed-1.crt */, - C3A01E03261D24C400290BEB /* storage-seed-1.der */, - B81D25B926157F20004D1FE1 /* storage-seed-3.crt */, - C3A01E04261D24C400290BEB /* storage-seed-3.der */, + FD29A11A29E4EB71001923B4 /* seed1-10y.crt */, + FD29A11729E4EB71001923B4 /* seed1-10y.der */, + FD29A11C29E4EB71001923B4 /* seed2-10y.crt */, + FD29A11829E4EB71001923B4 /* seed2-10y.der */, + FD29A11929E4EB71001923B4 /* seed3-10y.crt */, + FD29A11B29E4EB71001923B4 /* seed3-10y.der */, ); path = Certificates; sourceTree = ""; @@ -4692,15 +4692,12 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( - B81D25C526157F40004D1FE1 /* storage-seed-1.crt in Resources */, - B81D25C426157F40004D1FE1 /* storage-seed-3.crt in Resources */, - B81D25C626157F40004D1FE1 /* public-loki-foundation.crt in Resources */, 4C63CC00210A620B003AE45C /* SignalTSan.supp in Resources */, 4C6F527C20FFE8400097DEEE /* SignalUBSan.supp in Resources */, + FD29A11D29E4EB71001923B4 /* seed1-10y.der in Resources */, 34CF078A203E6B78005C4D61 /* end_call_tone_cept.caf in Resources */, C3CA3AA2255CDADA00F4C6D4 /* english.txt in Resources */, B6F509971AA53F760068F56A /* Localizable.strings in Resources */, - C3A01E05261D24C400290BEB /* public-loki-foundation.der in Resources */, B66DBF4A19D5BBC8006EA940 /* Images.xcassets in Resources */, 34CF0788203E6B78005C4D61 /* ringback_tone_ansi.caf in Resources */, 7BFD1A972747689000FB91B9 /* Session-Turn-Server in Resources */, @@ -4710,13 +4707,13 @@ 34C3C78D20409F320000134C /* Opening.m4r in Resources */, C3CA3AB4255CDAE600F4C6D4 /* japanese.txt in Resources */, B67EBF5D19194AC60084CCFD /* Settings.bundle in Resources */, + FD29A12129E4EB71001923B4 /* seed3-10y.der in Resources */, 34CF0787203E6B78005C4D61 /* busy_tone_ansi.caf in Resources */, 45A2F005204473A3002E978A /* NewMessage.aifc in Resources */, 45B74A882044AAB600CD42F8 /* aurora.aifc in Resources */, 45B74A742044AAB600CD42F8 /* aurora-quiet.aifc in Resources */, 7B0EFDF4275490EA00FFAAE7 /* ringing.mp3 in Resources */, 45B74A852044AAB600CD42F8 /* bamboo.aifc in Resources */, - C3A01E06261D24C400290BEB /* storage-seed-1.der in Resources */, 45B74A782044AAB600CD42F8 /* bamboo-quiet.aifc in Resources */, 45B74A7B2044AAB600CD42F8 /* chord.aifc in Resources */, 45B74A812044AAB600CD42F8 /* chord-quiet.aifc in Resources */, @@ -4730,10 +4727,12 @@ B8FF8E7425C10FC3004D1F22 /* GeoLite2-Country-Locations-English in Resources */, B8CCF6352396005F0091D419 /* SpaceMono-Regular.ttf in Resources */, 45B74A872044AAB600CD42F8 /* complete-quiet.aifc in Resources */, + FD29A11F29E4EB71001923B4 /* seed3-10y.crt in Resources */, 45B74A772044AAB600CD42F8 /* hello.aifc in Resources */, 45B74A7C2044AAB600CD42F8 /* hello-quiet.aifc in Resources */, 7B50D64D28AC7CF80086CCEC /* silence.aiff in Resources */, 45B74A792044AAB600CD42F8 /* input.aifc in Resources */, + FD29A12029E4EB71001923B4 /* seed1-10y.crt in Resources */, C3CA3ABE255CDB0D00F4C6D4 /* portuguese.txt in Resources */, 45B74A8C2044AAB600CD42F8 /* input-quiet.aifc in Resources */, 45B74A7A2044AAB600CD42F8 /* keys.aifc in Resources */, @@ -4745,7 +4744,8 @@ 45B74A822044AAB600CD42F8 /* pulse.aifc in Resources */, C3CA3AC8255CDB2900F4C6D4 /* spanish.txt in Resources */, B8FF8E6225C10DA5004D1F22 /* GeoLite2-Country-Blocks-IPv4 in Resources */, - C3A01E07261D24C400290BEB /* storage-seed-3.der in Resources */, + FD29A11E29E4EB71001923B4 /* seed2-10y.der in Resources */, + FD29A12229E4EB71001923B4 /* seed2-10y.crt in Resources */, 45B74A802044AAB600CD42F8 /* pulse-quiet.aifc in Resources */, 45B74A8B2044AAB600CD42F8 /* synth.aifc in Resources */, 45B74A752044AAB600CD42F8 /* synth-quiet.aifc in Resources */, @@ -6052,7 +6052,7 @@ "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; CODE_SIGN_STYLE = Automatic; COPY_PHASE_STRIP = NO; - CURRENT_PROJECT_VERSION = 399; + CURRENT_PROJECT_VERSION = 400; DEBUG_INFORMATION_FORMAT = dwarf; DEVELOPMENT_TEAM = SUQ8J2PCT7; FRAMEWORK_SEARCH_PATHS = "$(inherited)"; @@ -6077,7 +6077,7 @@ "@executable_path/Frameworks", "@executable_path/../../Frameworks", ); - MARKETING_VERSION = 2.2.10; + MARKETING_VERSION = 2.2.11; MTL_ENABLE_DEBUG_INFO = YES; PRODUCT_BUNDLE_IDENTIFIER = "com.loki-project.loki-messenger.ShareExtension"; PRODUCT_NAME = "$(TARGET_NAME)"; @@ -6125,7 +6125,7 @@ "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; CODE_SIGN_STYLE = Automatic; COPY_PHASE_STRIP = NO; - CURRENT_PROJECT_VERSION = 399; + CURRENT_PROJECT_VERSION = 400; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; DEVELOPMENT_TEAM = SUQ8J2PCT7; ENABLE_NS_ASSERTIONS = NO; @@ -6155,7 +6155,7 @@ "@executable_path/Frameworks", "@executable_path/../../Frameworks", ); - MARKETING_VERSION = 2.2.10; + MARKETING_VERSION = 2.2.11; MTL_ENABLE_DEBUG_INFO = NO; PRODUCT_BUNDLE_IDENTIFIER = "com.loki-project.loki-messenger.ShareExtension"; PRODUCT_NAME = "$(TARGET_NAME)"; @@ -6191,7 +6191,7 @@ "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; CODE_SIGN_STYLE = Automatic; COPY_PHASE_STRIP = NO; - CURRENT_PROJECT_VERSION = 399; + CURRENT_PROJECT_VERSION = 400; DEBUG_INFORMATION_FORMAT = dwarf; DEVELOPMENT_TEAM = SUQ8J2PCT7; FRAMEWORK_SEARCH_PATHS = "$(inherited)"; @@ -6214,7 +6214,7 @@ "@executable_path/Frameworks", "@executable_path/../../Frameworks", ); - MARKETING_VERSION = 2.2.10; + MARKETING_VERSION = 2.2.11; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; PRODUCT_BUNDLE_IDENTIFIER = "com.loki-project.loki-messenger.NotificationServiceExtension"; @@ -6265,7 +6265,7 @@ "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; CODE_SIGN_STYLE = Automatic; COPY_PHASE_STRIP = NO; - CURRENT_PROJECT_VERSION = 399; + CURRENT_PROJECT_VERSION = 400; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; DEVELOPMENT_TEAM = SUQ8J2PCT7; ENABLE_NS_ASSERTIONS = NO; @@ -6293,7 +6293,7 @@ "@executable_path/Frameworks", "@executable_path/../../Frameworks", ); - MARKETING_VERSION = 2.2.10; + MARKETING_VERSION = 2.2.11; MTL_ENABLE_DEBUG_INFO = NO; MTL_FAST_MATH = YES; PRODUCT_BUNDLE_IDENTIFIER = "com.loki-project.loki-messenger.NotificationServiceExtension"; @@ -7193,7 +7193,7 @@ CODE_SIGN_ENTITLEMENTS = Session/Meta/Signal.entitlements; CODE_SIGN_IDENTITY = "iPhone Developer"; "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; - CURRENT_PROJECT_VERSION = 399; + CURRENT_PROJECT_VERSION = 400; DEVELOPMENT_TEAM = SUQ8J2PCT7; FRAMEWORK_SEARCH_PATHS = ( "$(inherited)", @@ -7232,7 +7232,7 @@ "$(SRCROOT)", ); LLVM_LTO = NO; - MARKETING_VERSION = 2.2.10; + MARKETING_VERSION = 2.2.11; OTHER_LDFLAGS = "$(inherited)"; OTHER_SWIFT_FLAGS = "$(inherited) \"-D\" \"COCOAPODS\" \"-DDEBUG\""; PRODUCT_BUNDLE_IDENTIFIER = "com.loki-project.loki-messenger"; @@ -7265,7 +7265,7 @@ CODE_SIGN_ENTITLEMENTS = Session/Meta/Signal.entitlements; CODE_SIGN_IDENTITY = "iPhone Developer"; "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; - CURRENT_PROJECT_VERSION = 399; + CURRENT_PROJECT_VERSION = 400; DEVELOPMENT_TEAM = SUQ8J2PCT7; FRAMEWORK_SEARCH_PATHS = ( "$(inherited)", @@ -7304,7 +7304,7 @@ "$(SRCROOT)", ); LLVM_LTO = NO; - MARKETING_VERSION = 2.2.10; + MARKETING_VERSION = 2.2.11; OTHER_LDFLAGS = "$(inherited)"; PRODUCT_BUNDLE_IDENTIFIER = "com.loki-project.loki-messenger"; PRODUCT_NAME = Session; diff --git a/Session/Meta/Certificates/public-loki-foundation.crt b/Session/Meta/Certificates/public-loki-foundation.crt deleted file mode 100644 index 344a05543..000000000 --- a/Session/Meta/Certificates/public-loki-foundation.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIUY9RQqbjhsQEkdeSgV9L0os9xZ7AwDQYJKoZIhvcNAQEL -BQAwfDELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlN -ZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNoIEZvdW5kYXRpb24x -HzAdBgNVBAMMFnB1YmxpYy5sb2tpLmZvdW5kYXRpb24wHhcNMjEwNDA3MDExMDMx -WhcNMjMwNDA3MDExMDMxWjB8MQswCQYDVQQGEwJBVTERMA8GA1UECAwIVmljdG9y -aWExEjAQBgNVBAcMCU1lbGJvdXJuZTElMCMGA1UECgwcT3hlbiBQcml2YWN5IFRl -Y2ggRm91bmRhdGlvbjEfMB0GA1UEAwwWcHVibGljLmxva2kuZm91bmRhdGlvbjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5dBJSIR5+VNNUxUOo6FG0e -RmZteRqBt50KXGbOi2A23a6sa57pLFh9Yw3hmlWV+QCL7ipG1X4IC55OStgoesf+ -K65VwEMP6Mtq0sSJS3R5TiuV2ZSRdSZTVjUyRXVe5T4Aw6wXVTAbc/HsyS780tDh -GclfDHhonPhZpmTAnSbfMOS+BfOnBNvDxdto0kVh6k5nrGlkT4ECloulHTQF2lwJ -0D6IOtv9AJplPdg6s2c4dY7durOdvr3NNVfvn5PTeRvbEPqzZur4WUUKIPNGu6mY -PxImqd4eUsL0Vod4aAsTIx4YMmCTi0m9W6zJI6nXcK/6a+iiA3+NTNMzEA9gQhEC -AwEAAaOBjDCBiTAdBgNVHQ4EFgQU/zahokxLvvFUpbnM6z/pwS1KsvwwHwYDVR0j -BBgwFoAU/zahokxLvvFUpbnM6z/pwS1KsvwwDwYDVR0TAQH/BAUwAwEB/zAhBgNV -HREEGjAYghZwdWJsaWMubG9raS5mb3VuZGF0aW9uMBMGA1UdJQQMMAoGCCsGAQUF -BwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBql+JvoqpaYrFFTOuDn08U+pdcd3GM7tbI -zRH5LU+YnIpp9aRheek+2COW8DXsIy/kUngETCMLmX6ZaUj/WdHnTDkB0KTgxSHv -ad3ZznKPKZ26qJOklr+0ZWj4J3jHbisSzql6mqq7R2Kp4ESwzwqxvkbykM5RUnmz -Go/3Ol7bpN/ZVwwEkGfD/5rRHf57E/gZn2pBO+zotlQgr7HKRsIXQ2hIXVQqWmPQ -lvfIwrwAZlfES7BARFnHOpyVQxV8uNcV5K5eXzuVFjHBqvq+BtyGhWkP9yKJCHS9 -OUXxch0rzRsH2C/kRVVhEk0pI3qlFiRC8pCJs98SNE9l69EQtG7I ------END CERTIFICATE----- diff --git a/Session/Meta/Certificates/public-loki-foundation.der b/Session/Meta/Certificates/public-loki-foundation.der deleted file mode 100644 index 698980d78d9fa965243b5f6ded8748ba1a93b67e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1047 zcmXqLVi7iIV*0&+nTe5!NhJA7z{(vDH!`Y}K3Ncc>C2+?h3Oj%c-c6$+C196^D;7W zvoaXe7;+nMvN4CUun99ch8hYQ@PjxUJRD(}$tC$knTdu%1_B@ z6C)$TxmcDd9q#j|np`yucx5G$E9aJ$TPfAJeJ)o_+PUrov%BloWY2r46H%MY`*2q1 z)SnF9@3h>m)^Tvp^Ygl)QFZ*E_PWpm&ipS0MIkr#Kk!C|IGuBCBL z?HCTP5f3$xF8=uDq~4!P7amHUjOVGynDZlYS;~RAYWEGE>|_1BoaOf6qqj3IxhB5y zOJ9?j;@`+Lt$V4g3G1yG&I@)OR=58$%u2PrVYNBkqO|YsuFZ4z?LBK6{(k=C%azi% z1%7Q#d-WsIl}q8X+wPS!?1j`;-jfSD^d+plB7<94Sx&+zVREw{~2?- zGQTcKtbA#ALwVW<(>KccPl75~e3ZFo*3HcH_#b)kxsN5|g(VM;D!$LWd-GgTzvkRs zD<&_Qwtq`%#t-$1<9XUb=T=tDTD99fY2^c#4d=Nw?sNMz;ap%)!MHA#l>4s6*D}z>eoKDJ8i9*{NI&2IZF0gx_&H@)jliDenbC> gYiOd7ucmUE#!t8_0?C8W|gy7?>Iu8krcIMv3zpBXbATZB2|y$U()(%D~*j$j@NV z#K^_e#K_2So6~Kg>@1##FS;$3Jjz-h;lph6gl+K$`SO2LSFCyQK+3mjYox;sStE9D z-{+CSje)hV^YS`x>|QY`f$7vOr4>?#RM)-DbG{xj-EB7W?SH5E=I)Y>lIPd(j_b79 zYh1Qopz2eUzj%q^gXhQFr`JTh-GAuIk$2jhg6==+8hj5G{k8~YJ=)!;>|edI&7;_2 z+n(}vrid4>*G1O3PI#+pwBm2ZqFnWtB_>?2vmGM89P2s2=<qD;(;42+8#y9^rJ4P=3lEX&6t#v)=G!*NVYrXx6aS>ja| zrI@FaZYh`>$b+PnStJa^8n7z>B{^APM#ldvtOm?L3Zg?0q@xLY$`J&IQyEni~Ax3DeK{F173P(xd2 zPuZo{{->&LZDx7Pv8Yk|>l4mN=2{KQ_m!Ie__9qlbIr?-Y>nGLh@R3BILsCGX!l(o z_l}bLjk|Q(m^#kaPQ7m9JZ)!$(z@^ei(hDm9-YoR_4|(Z+pDH5ymWByGw1oHS3S17 zRi#YyO@CO*t^DNLt@`8nCwO1d>AkyWT%Xl-%GSvGpirIxFB_*;n@8JsUPeZ4 zRtAGALv903Hs(+kHen{mP(wijeh`O)ha)UAxg@_RGtp4UKma7f&co@Onv;}YT9lV+ zsA`}L664~L@vlhDQwS)^EK5wTR0v5;&QNg6FU?CyEXmBzGn6%u1}S6a5h+ehO)=6- zPc11E#!t8_0?C8W|gy7?>Iu8X1`wMTzqoBXbATZB2|y$U()(%D~*j$j@NV z#K^_e#K_37*Ut9d?NY(?BE|Ll;^)WLZPES3;q|-l{Xgy|yOa`f;VYGqw@x+Pu2>;m zeLQxjMdG{4w5gph5AI&N$MTH$uZv6TN*QNNWSfiiOE`O+#8Vk zHSNiPxsE3k_wM2QaQMsI%-P`$cRQ{z98^xMo7f|y_LS?>T8VpKi$b1Q=I=4;+EMW) z_}it9DX;&&d;KI(cdHraq;n^JJg>;kU!@!?`+95cuE&;tzdv06x$3ZR#FI^+a4dFcj|oK8$U?=Ql;SAU(_ zq8}4>-#y6U%H+dh{JK^`@vAKpGb01z;>Iq6#&!c)U?j`(v52vV@RhAeooe{_=g+pj z^aRC%)L*{*E(Y=-X=N4(1F;6|3P4FtR+y3TKMSh?GmwJl5CrLH!k%)3K{`}fcnrAM zIJDUqSy|bc8Ihw4n6iP<#mJB{EA`*3uGo1p7r3YWT*r3hJ!|3=v$nU7oZMLTSGlR# z?*0`M{(jquqDeAlY$lr=UuV=zYiys?=f1Q_i&hKrK_8Px+m%9)0x?h`Zs z$F%R!?p>!GpSM2YpTF1 literal 0 HcmV?d00001 diff --git a/Session/Meta/Certificates/seed3-10y.crt b/Session/Meta/Certificates/seed3-10y.crt new file mode 100644 index 000000000..6939129f8 --- /dev/null +++ b/Session/Meta/Certificates/seed3-10y.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDTCCAvWgAwIBAgIUTz5rHKUe+VA9IM6vY6QACc0ORFkwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3RvcmlhMRIwEAYDVQQHDAlN +ZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNoIEZvdW5kYXRpb24x +HTAbBgNVBAMMFHNlZWQzLmdldHNlc3Npb24ub3JnMB4XDTIzMDQwNTAxMjYzMVoX +DTMzMDQwNTAxMjYzMVowejELMAkGA1UEBhMCQVUxETAPBgNVBAgMCFZpY3Rvcmlh +MRIwEAYDVQQHDAlNZWxib3VybmUxJTAjBgNVBAoMHE94ZW4gUHJpdmFjeSBUZWNo +IEZvdW5kYXRpb24xHTAbBgNVBAMMFHNlZWQzLmdldHNlc3Npb24ub3JnMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FgxIk9KmYISL5fk7BLaGAW6lBx8 +b4VL3DjlyrFMz7ZhSbcUcavWyyYB+iJxBRhfQGJ7vbwJZ1AwVJisjDFdiLcWzTF8 +gzZ7LVXH8qlVnqcx0gksrWYFnG3Y2WJrxEBFdD29lP7LVN3xLQdplMitOciqg5jN +oRjtwGo+wzaMW6WNPzgTvxLzPce9Rl3oN4tSK7qlA9VtsyHwOWBMcogv9LC9IUFZ +2yu0RdcxPdlwLwywYtSRt/W87KbAWTcYY1DfN2VA68p9Cip7/dPOokRduMh1peux +swmIybpC/wz/Ql6J6scSOjDUp/2UsIdYIvyP/Dibi4nHRmD+oz9kb+J3AQIDAQAB +o4GKMIGHMB0GA1UdDgQWBBSQAFetDPIzVg9rfgOI7bfaeEHd8TAfBgNVHSMEGDAW +gBSQAFetDPIzVg9rfgOI7bfaeEHd8TAPBgNVHRMBAf8EBTADAQH/MB8GA1UdEQQY +MBaCFHNlZWQzLmdldHNlc3Npb24ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G +CSqGSIb3DQEBCwUAA4IBAQCiBNdbKNSHyCZJKvC/V+pHy9E/igwvih2GQ5bNZJFA +daOiKBgaADxaxB4lhtzasr2LdgZdLrn0oONw+wYaui9Z12Yfdr9oWuOgktn8HKLY +oKkJc5EcMYFsd00FnnFcO2U8lQoL6PB/tdcEmpOfqtvShpNhp8SbadSNiqlttvtV +1dqvqSBiRdQm1kz2b8hA6GR6SPzSKlSuwI0J+ZcXEi232EJFbgJ3ESHFVHrhUZro +8A16/WDvZOMWCjOqJsFBw15WzosW9kyNwBtZinXVO3LW/7tVl08PDcarpH4IWjd0 +LDpU7zGjcD/A19tfdfMFTOmETuq40I8xxtlR2NENFOAL +-----END CERTIFICATE----- diff --git a/Session/Meta/Certificates/seed3-10y.der b/Session/Meta/Certificates/seed3-10y.der new file mode 100644 index 0000000000000000000000000000000000000000..0a47fb4a198856595bd0000a741acdeee971fca3 GIT binary patch literal 1041 zcmXqLV&OGtV*0v(nTe5!NyOhSTV|=;&j4G6bL*3rFmRsbbBQ$IW#iOp^Jx3d%gD&h z%3x4s$Zf#M#vIDRCd}j*YA9&H58`m}aD-(hm*f{^CK?JE2!Mpxc{qJjbCU8)i}F$p zRSlFuVq82j{uQZt3IRo#Wr@j^3L&Y<847OsrFkidC7JnohO!3IAZ5%vBE_kxDaLx~ zsU^j!#l=7=z5Jqd137VCBVz*-15*P-BQs;eC~;n6WbS~vt%*?yIj9&}8JL?G`56qF z7`d357#SH}L>Mahd(CVT(x3k1jnFL#)?HI%YVupX?^rxNwbAGNwnWeEB8983omOM~ zrBui&5$}*xy>}01dVoR5j5R%mu^rpR&KlM9+|7y~EE9Z+I`qG6*sJImd0Tsn>vcohn+5tj8sWpHKr-zgi~Bb5I1 z|FM|e-Fe(C;ooBWl>A5Kj7-do42+8#y9^rJ4P=3lEX&6t#v(F-A$%>*C*v^w>^kO- zx7%-3INtqeAPItVE@O+;+xca|bG8JnKgO-s@s>^CMPaGGCT81Z`aD)ZNEdW-dev> zA<6ZM+BKhV`6nD+q*QtQxug}c?m#c+&*|bqy4!C!x#lsI3o0HBsd^YV>%|A&s=o>E zQyz|D3lH=o`E(ve-ISFMY#{ofrr-JhTL*y<&998u;aI#wa?4Hp;K fAGm%yzVtJz&&w9SS355B8y>qEc;h0k$OCQw-DH7= literal 0 HcmV?d00001 diff --git a/Session/Meta/Certificates/storage-seed-1.crt b/Session/Meta/Certificates/storage-seed-1.crt deleted file mode 100644 index 7360d6fca..000000000 --- a/Session/Meta/Certificates/storage-seed-1.crt +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEITCCAwmgAwIBAgIUJsox1ZQPK/6iDsCC+MUJfNAlFuYwDQYJKoZIhvcNAQEL -BQAwgYAxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJ -TWVsYm91cm5lMSUwIwYDVQQKDBxPeGVuIFByaXZhY3kgVGVjaCBGb3VuZGF0aW9u -MSMwIQYDVQQDDBpzdG9yYWdlLnNlZWQxLmxva2kubmV0d29yazAeFw0yMTA0MDcw -MTE5MjZaFw0yMzA0MDcwMTE5MjZaMIGAMQswCQYDVQQGEwJBVTERMA8GA1UECAwI -VmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTElMCMGA1UECgwcT3hlbiBQcml2 -YWN5IFRlY2ggRm91bmRhdGlvbjEjMCEGA1UEAwwac3RvcmFnZS5zZWVkMS5sb2tp -Lm5ldHdvcmswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtWH3Rz8Dd -kEmM7tcBWHrJ/G8drr/+qidboEVYzxpyRjszaDxKXVhx4eBBsAD5RuCWuTuZmM8k -TKEDLtf8xfb5SQ7YNX+346s9NXS5Poy4CIPASiW/QWXgIHFbVdv2hC+cKOP61OLM -OGnOxfig6tQyd6EaCkedpY1DvSa2lPnQSOwC/jXCx6Vboc0zTY5R2bHtNc9hjIFP -F4VClLAQSh2F4R1V9MH5KZMW+CCP6oaJY658W9JYXYRwlLrL2EFOVxHgcxq/6+fw -+axXK9OXJrGZjuA+hiz+L/uAOtE4WuxrSeuNMHSrMtM9QqVn4bBuMJ21mAzfNoMP -OIwgMT9DwUjVAgMBAAGjgZAwgY0wHQYDVR0OBBYEFOubJp9SoXIw+ONiWgkOaW8K -zI/TMB8GA1UdIwQYMBaAFOubJp9SoXIw+ONiWgkOaW8KzI/TMA8GA1UdEwEB/wQF -MAMBAf8wJQYDVR0RBB4wHIIac3RvcmFnZS5zZWVkMS5sb2tpLm5ldHdvcmswEwYD -VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAIiHNhNrjYvwXVWs -gacx8T/dpqpu9GE3L17LotgQr4R+IYHpNtcmwOTdtWWFfUTr75OCs+c3DqgRKEoj -lnULOsVcalpAGIvW15/fmZWOf66Dpa4+ljDmAc3SOQiD0gGNtqblgI5zG1HF38QP -hjYRhCZ5CVeGOLucvQ8tVVwQvArPFIkBr0jH9jHVgRWEI2MeI3FsU2H93D4TfGln -N4SmmCfYBqygaaZBWkJEt0bYhn8uGHdU9UY9L2FPtfHVKkmFgO7cASGlvXS7B/TT -/8IgbtM3O8mZc2asmdQhGwoAKz93ryyCd8X2UZJg/IwCSCayOlYZWY2fR4OPQmmV -gxJsm+g= ------END CERTIFICATE----- diff --git a/Session/Meta/Certificates/storage-seed-1.der b/Session/Meta/Certificates/storage-seed-1.der deleted file mode 100644 index fac2672f9279587b77bf59e270bedbeb11d2caac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1061 zcmXqLVo@|`V&+`H%*4pVB%*f8@ahzP?SG5-4mABZ%2{(kRqUAoFB_*;n@8JsUPeZ4 zRtAH{219NGPB!LH7B*of$52B-1AY*PgNGw5Gr1(cC^OMe$Up!j#LmO%o0^l9Us{xx zYN%?U3=-qwk@2rc%~J>{$}CGvu2cv~P0mno%P-AKNi50C&ofjuPy{Js=8-A}nw6NI zs#lzvnqsJzlb@ZbmzP>no?n!0AScdiWN2VwU~XV&XlY~?1>_ndaR-AFn;4al1CEiE zfw_s1pTVGsk&CH`k&$6-MD4}%2kuVr?0I*cF{0|^pM2SM`~R&{k6z#!abBv(&DuD_ z#w#|W@Zkf;4Gcfs9!%S5J#)r+6`zI7de{FP{r1z7?}lmp_Q$JjO-pv#_3YqiKH#Og z-!b)pLSc01?Qbpmb2J|Ry7K6ZMdrDqKNh^YVpP6RipzcO(q8AiYTKs#yx{SM>7VJL z<4dC#o;CLE3%t4Ut?Bv1o<@K1R;MW&1iWNhAIgS)Irvj^ve*xW{#R|C$?IyOFGa+* z6inH5`i7%lxZs0gsr|2?fB3m3T>J8LwT(0T9@w?%{L}y4V0FP@!i>t2JB)kc?X zotCCQ+>mE5ck2wE`)1Aj7Cj1v_Ra@At}-z*GB7S~oM6z{Yak1ZaaleVF&2^6v(@GY zEi5wl@i-}plP@!$>rDS;19_0NGK++PSOazip!6pz%*gnkh1Gx=NExVt1O!>+3}l+{ zB_m;wGF28H11>fWZ8k<$R(57a+<^j^z*lsX0mcrA2wE zhN=e2ATcf;8UKpZJcWRw%(BGfN`;WrnWdgC{$l#(gj^{96zeuO4#k`klG9LCZL+ zp5DIsU{;yw>TS#i{C}*{y{i3HX@#Y*%%N$$!B47+H+7%h6&k`|TC!Yg=P#)n3rr%8 zov{65{o*&H%XGG@=Ty(!S`fGTh3JBVY-Ldy%DcHw`KI(f+OKE1QE&l^MCkJAb?n&> z--rL1o-;we6es`KS__g7tZ4_N_Zii~Ff diff --git a/Session/Meta/Session-Info.plist b/Session/Meta/Session-Info.plist index e186b98c9..704f7b3f3 100644 --- a/Session/Meta/Session-Info.plist +++ b/Session/Meta/Session-Info.plist @@ -66,17 +66,17 @@ NSExceptionDomains - public.loki.foundation + seed1.getsession.org NSExceptionRequiresForwardSecrecy - storage.seed1.loki.network + seed2.getsession.org NSExceptionRequiresForwardSecrecy - storage.seed3.loki.network + seed3.getsession.org NSExceptionRequiresForwardSecrecy diff --git a/SessionSnodeKit/SnodeAPI.swift b/SessionSnodeKit/SnodeAPI.swift index eff7c6632..1fb102ea2 100644 --- a/SessionSnodeKit/SnodeAPI.swift +++ b/SessionSnodeKit/SnodeAPI.swift @@ -47,7 +47,14 @@ public final class SnodeAPI { private static let maxRetryCount: UInt = 8 private static let minSwarmSnodeCount = 3 - private static let seedNodePool: Set = Features.useTestnet ? [ "http://public.loki.foundation:38157" ] : [ "https://storage.seed1.loki.network:4433", "https://storage.seed3.loki.network:4433", "https://public.loki.foundation:4433" ] + private static let seedNodePool: Set = (Features.useTestnet ? + [ "http://public.loki.foundation:38157" ] : + [ + "https://seed1.getsession.org:4443", + "https://seed2.getsession.org:4443", + "https://seed3.getsession.org:4443" + ] + ) private static let snodeFailureThreshold = 3 private static let targetSwarmSnodeCount = 2 private static let minSnodePoolCount = 12 @@ -316,46 +323,56 @@ public final class SnodeAPI { if let getSnodePoolPromise = getSnodePoolPromise.wrappedValue { return getSnodePoolPromise } - let promise: Promise> - if snodePool.count < minSnodePoolCount { - promise = getSnodePoolFromSeedNode() - } - else { - promise = getSnodePoolFromSnode().recover2 { _ in - getSnodePoolFromSeedNode() + return getSnodePoolPromise.mutate { result in + /// It was possible for multiple threads to call this at the same time resulting in duplicate promises getting created, while + /// this should no longer be possible (as the `wrappedValue` should now properly be blocked) this is a sanity check + /// to make sure we don't create an additional promise when one already exists + if let previouslyBlockedPromise: Promise> = result { + return previouslyBlockedPromise } - } - - getSnodePoolPromise.mutate { $0 = promise } - promise.map2 { snodePool -> Set in - guard !snodePool.isEmpty else { throw SnodeAPIError.snodePoolUpdatingFailed } - - return snodePool - } - - promise.then2 { snodePool -> Promise> in - let (promise, seal) = Promise>.pending() - - Storage.shared.writeAsync( - updates: { db in - db[.lastSnodePoolRefreshDate] = now - setSnodePool(to: snodePool, db: db) - }, - completion: { _, _ in - seal.fulfill(snodePool) + + let promise: Promise> + + if snodePool.count < minSnodePoolCount { + promise = getSnodePoolFromSeedNode() + } + else { + promise = getSnodePoolFromSnode().recover2 { _ in + getSnodePoolFromSeedNode() } - ) - + } + + promise.map2 { snodePool -> Set in + guard !snodePool.isEmpty else { throw SnodeAPIError.snodePoolUpdatingFailed } + + return snodePool + } + + promise.then2 { snodePool -> Promise> in + let (promise, seal) = Promise>.pending() + + Storage.shared.writeAsync( + updates: { db in + db[.lastSnodePoolRefreshDate] = now + setSnodePool(to: snodePool, db: db) + }, + completion: { _, _ in + seal.fulfill(snodePool) + } + ) + + return promise + } + promise.done2 { _ in + getSnodePoolPromise.mutate { $0 = nil } + } + promise.catch2 { _ in + getSnodePoolPromise.mutate { $0 = nil } + } + + result = promise return promise } - promise.done2 { _ in - getSnodePoolPromise.mutate { $0 = nil } - } - promise.catch2 { _ in - getSnodePoolPromise.mutate { $0 = nil } - } - - return promise } public static func getSessionID(for onsName: String) -> Promise { diff --git a/SessionUtilitiesKit/Networking/HTTP.swift b/SessionUtilitiesKit/Networking/HTTP.swift index cbe2ec9de..34494fb1a 100644 --- a/SessionUtilitiesKit/Networking/HTTP.swift +++ b/SessionUtilitiesKit/Networking/HTTP.swift @@ -9,19 +9,19 @@ public enum HTTP { // MARK: Certificates private static let storageSeed1Cert: SecCertificate = { - let path = Bundle.main.path(forResource: "storage-seed-1", ofType: "der")! + let path = Bundle.main.path(forResource: "seed1-10y", ofType: "der")! let data = try! Data(contentsOf: URL(fileURLWithPath: path)) return SecCertificateCreateWithData(nil, data as CFData)! }() - - private static let storageSeed3Cert: SecCertificate = { - let path = Bundle.main.path(forResource: "storage-seed-3", ofType: "der")! + + private static let storageSeed2Cert: SecCertificate = { + let path = Bundle.main.path(forResource: "seed2-10y", ofType: "der")! let data = try! Data(contentsOf: URL(fileURLWithPath: path)) return SecCertificateCreateWithData(nil, data as CFData)! }() - - private static let publicLokiFoundationCert: SecCertificate = { - let path = Bundle.main.path(forResource: "public-loki-foundation", ofType: "der")! + + private static let storageSeed3Cert: SecCertificate = { + let path = Bundle.main.path(forResource: "seed3-10y", ofType: "der")! let data = try! Data(contentsOf: URL(fileURLWithPath: path)) return SecCertificateCreateWithData(nil, data as CFData)! }() @@ -37,41 +37,75 @@ public enum HTTP { return completionHandler(.cancelAuthenticationChallenge, nil) } // Mark the seed node certificates as trusted - let certificates = [ storageSeed1Cert, storageSeed3Cert, publicLokiFoundationCert ] + let certificates = [ storageSeed1Cert, storageSeed2Cert, storageSeed3Cert ] guard SecTrustSetAnchorCertificates(trust, certificates as CFArray) == errSecSuccess else { + SNLog("Failed to set seed node certificates.") return completionHandler(.cancelAuthenticationChallenge, nil) } - // We want to make sure that the pinned certification was valid during it's validity - // period (which has now expired) so set the date to validate against to be within the - // valid period - let dateFormatter: DateFormatter = DateFormatter() - dateFormatter.dateFormat = "dd/MM/yyyy HH:mm:ss" - - if let validDate: Date = dateFormatter.date(from: "01/01/2022 12:00:00") { - if SecTrustSetVerifyDate(trust, validDate as CFDate) != errSecSuccess { - SNLog("Unable to set date for seed node certificate validation.") + // Check that the presented certificate is one of the seed node certificates + var error: CFError? + guard SecTrustEvaluateWithError(trust, &error) else { + // Extract the result for further processing (since we are defaulting to `invalid` we + // don't care if extracting the result type fails) + var result: SecTrustResultType = .invalid + _ = SecTrustGetTrustResult(trust, &result) + + switch result { + case .proceed, .unspecified: + /// Unspecified indicates that evaluation reached an (implicitly trusted) anchor certificate without any evaluation + /// failures, but never encountered any explicitly stated user-trust preference. This is the most common return + /// value. The Keychain Access utility refers to this value as the "Use System Policy," which is the default user setting. + return completionHandler(.useCredential, URLCredential(trust: trust)) + + case .recoverableTrustFailure: + /// A recoverable failure generally suggests that the certificate was mostly valid but something minor didn't line up, + /// iOS has a specific rule which rejects certificates which have a lifetime over 825 days which we don't really care + /// about so if we end up with a single issue which is `OtherTrustValidityPeriod` then we can just allow + /// the request to continue + guard + let validationResult: [String: Any] = SecTrustCopyResult(trust) as? [String: Any], + let details: [String: Any] = (validationResult["TrustResultDetails"] as? [[String: Any]])? + .reduce(into: [:], { result, next in next.forEach { result[$0.key] = $0.value } }), + let otherTrustValidityPeriod: Int = details["OtherTrustValidityPeriod"] as? Int, + details.count == 1, + otherTrustValidityPeriod == 0, + let exceptions: CFData = SecTrustCopyExceptions(trust), + SecTrustSetExceptions(trust, exceptions) + else { + let reason: String = { + guard + let validationResult: [String: Any] = SecTrustCopyResult(trust) as? [String: Any], + let details: [String: Any] = (validationResult["TrustResultDetails"] as? [[String: Any]])? + .reduce(into: [:], { result, next in next.forEach { result[$0.key] = $0.value } }) + else { return "Unknown" } + + return "\(details)" + }() + + SNLog("Failed to handle a recoverable seed certificate trust failure: \(reason)") + return completionHandler(.cancelAuthenticationChallenge, nil) + } + + /// Now that the `trust` has been updated with the exceptions it can ignore we need to try to re-evaluate it + /// to ensure it is now seen as valid + var error2: CFError? = nil + guard SecTrustEvaluateWithError(trust, &error2) else { + SNLog("Seed certificate reevaluation failed due to error: \(String(describing: error2))") + return completionHandler(.cancelAuthenticationChallenge, nil) + } + + /// If the reevaluation succeeded then try to use the credential + /// + /// **Note:** It is still possible for the OS to reject the request (which seems to be happening with an expired + /// certificate) but it _does_ seem to work fine with the 10 year certificate + return completionHandler(.useCredential, URLCredential(trust: trust)) + + default: return completionHandler(.cancelAuthenticationChallenge, nil) } } - else { - SNLog("Unable to set date for seed node certificate validation.") - } - - // Check that the presented certificate is one of the seed node certificates - var result: SecTrustResultType = .invalid - guard SecTrustEvaluate(trust, &result) == errSecSuccess else { - return completionHandler(.cancelAuthenticationChallenge, nil) - } - switch result { - case .proceed, .unspecified: - // Unspecified indicates that evaluation reached an (implicitly trusted) anchor certificate without - // any evaluation failures, but never encountered any explicitly stated user-trust preference. This - // is the most common return value. The Keychain Access utility refers to this value as the "Use System - // Policy," which is the default user setting. - return completionHandler(.useCredential, URLCredential(trust: trust)) - default: return completionHandler(.cancelAuthenticationChallenge, nil) - } + return completionHandler(.useCredential, URLCredential(trust: trust)) } }