parent
92557bf3ef
commit
81cff837ae
|
@ -168,7 +168,7 @@ SPEC CHECKSUMS:
|
|||
PureLayout: 4d550abe49a94f24c2808b9b95db9131685fe4cd
|
||||
Reachability: 33e18b67625424e47b6cde6d202dce689ad7af96
|
||||
SAMKeychain: 483e1c9f32984d50ca961e26818a534283b4cd5c
|
||||
SignalServiceKit: 1594ae26a08129175c6ca91690602aa47898f24c
|
||||
SignalServiceKit: b84d80de0bfd5f863994a1ce1f5b742b91c46cb5
|
||||
SocketRocket: dbb1554b8fc288ef8ef370d6285aeca7361be31e
|
||||
SQLCipher: 43d12c0eb9c57fb438749618fc3ce0065509a559
|
||||
TwistedOakCollapsingFutures: f359b90f203e9ab13dfb92c9ff41842a7fe1cd0c
|
||||
|
|
|
@ -2090,7 +2090,12 @@
|
|||
"${PODS_ROOT}/SAMKeychain/Support/SAMKeychain.bundle",
|
||||
"${PODS_ROOT}/../SignalServiceKit/src/Security/PinningCertificate/textsecure.cer",
|
||||
"${PODS_ROOT}/../SignalServiceKit/src/Security/PinningCertificate/GIAG2.crt",
|
||||
"${PODS_ROOT}/../SignalServiceKit/src/Security/PinningCertificate/GTSGIAG3.crt",
|
||||
"${PODS_ROOT}/../SignalServiceKit/src/Security/PinningCertificate/GSR2.crt",
|
||||
"${PODS_ROOT}/../SignalServiceKit/src/Security/PinningCertificate/GSR4.crt",
|
||||
"${PODS_ROOT}/../SignalServiceKit/src/Security/PinningCertificate/GTSR1.crt",
|
||||
"${PODS_ROOT}/../SignalServiceKit/src/Security/PinningCertificate/GTSR2.crt",
|
||||
"${PODS_ROOT}/../SignalServiceKit/src/Security/PinningCertificate/GTSR3.crt",
|
||||
"${PODS_ROOT}/../SignalServiceKit/src/Security/PinningCertificate/GTSR4.crt",
|
||||
);
|
||||
name = "[CP] Copy Pods Resources";
|
||||
outputPaths = (
|
||||
|
|
|
@ -29,7 +29,13 @@ An Objective-C library for communicating with the Signal messaging service.
|
|||
|
||||
s.resources = ['SignalServiceKit/src/Security/PinningCertificate/textsecure.cer',
|
||||
'SignalServiceKit/src/Security/PinningCertificate/GIAG2.crt',
|
||||
'SignalServiceKit/src/Security/PinningCertificate/GTSGIAG3.crt']
|
||||
'SignalServiceKit/src/Security/PinningCertificate/GSR2.crt',
|
||||
'SignalServiceKit/src/Security/PinningCertificate/GSR4.crt',
|
||||
'SignalServiceKit/src/Security/PinningCertificate/GTSR1.crt',
|
||||
'SignalServiceKit/src/Security/PinningCertificate/GTSR2.crt',
|
||||
'SignalServiceKit/src/Security/PinningCertificate/GTSR3.crt',
|
||||
'SignalServiceKit/src/Security/PinningCertificate/GTSR4.crt']
|
||||
|
||||
s.prefix_header_file = 'SignalServiceKit/src/TSPrefix.h'
|
||||
s.xcconfig = { 'OTHER_CFLAGS' => '$(inherited) -DSQLITE_HAS_CODEC' }
|
||||
|
||||
|
|
|
@ -305,23 +305,31 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange =
|
|||
static AFSecurityPolicy *securityPolicy = nil;
|
||||
static dispatch_once_t onceToken;
|
||||
dispatch_once(&onceToken, ^{
|
||||
NSError *error;
|
||||
NSData *GIAG2CertData = [self certificateDataWithName:@"GIAG2" error:&error];
|
||||
if (error) {
|
||||
DDLogError(@"%@ Failed to get GIAG2 certificate data with error: %@", self.tag, error);
|
||||
@throw [NSException exceptionWithName:@"OWSSignalService_UnableToReadCertificate"
|
||||
reason:error.description
|
||||
userInfo:nil];
|
||||
}
|
||||
NSData *GTSGIAG3CertData = [self certificateDataWithName:@"GTSGIAG3" error:&error];
|
||||
if (error) {
|
||||
DDLogError(@"%@ Failed to get GIAG3 certificate data with error: %@", self.tag, error);
|
||||
@throw [NSException exceptionWithName:@"OWSSignalService_UnableToReadCertificate"
|
||||
reason:error.description
|
||||
userInfo:nil];
|
||||
|
||||
NSMutableSet<NSData *> *certificates = [NSMutableSet new];
|
||||
|
||||
// GIAG2 cert plus root certs from pki.goog
|
||||
NSArray<NSString *> *certNames = @[ @"GIAG2", @"GSR2", @"GSR4", @"GTSR1", @"GTSR2", @"GTSR3", @"GTSR4" ];
|
||||
|
||||
for (NSString *certName in certNames) {
|
||||
NSError *error;
|
||||
NSData *certData = [self certificateDataWithName:certName error:&error];
|
||||
if (error) {
|
||||
DDLogError(@"%@ Failed to get %@ certificate data with error: %@", self.tag, certName, error);
|
||||
@throw [NSException exceptionWithName:@"OWSSignalService_UnableToReadCertificate"
|
||||
reason:error.description
|
||||
userInfo:nil];
|
||||
}
|
||||
|
||||
if (!certData) {
|
||||
DDLogError(@"%@ No data for certificate: %@", self.tag, certName);
|
||||
@throw [NSException exceptionWithName:@"OWSSignalService_UnableToReadCertificate"
|
||||
reason:error.description
|
||||
userInfo:nil];
|
||||
}
|
||||
[certificates addObject:certData];
|
||||
}
|
||||
|
||||
NSSet<NSData *> *certificates = [NSSet setWithArray:@[ GIAG2CertData, GTSGIAG3CertData ]];
|
||||
securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate withPinnedCertificates:certificates];
|
||||
});
|
||||
return securityPolicy;
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue