Skip to content

Commit

Permalink
Merge branch 'master' into mila/MIEQ-add-negative-tests
Browse files Browse the repository at this point in the history
  • Loading branch information
milaGGL committed Oct 20, 2023
2 parents 187ff66 + 3e4b721 commit 4ba9469
Show file tree
Hide file tree
Showing 82 changed files with 1,518 additions and 353 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/firebase_app_check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
strategy:
matrix:
podspec: [FirebaseAppCheckInterop.podspec, FirebaseAppCheck.podspec]
target: [ios, tvos, macos]
target: [ios, tvos, macos, watchos]
steps:
- uses: actions/checkout@v3
- uses: ruby/setup-ruby@v1
Expand Down
38 changes: 38 additions & 0 deletions .github/workflows/firestore.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,9 @@ jobs:
- 'FirebaseCore/Sources/Public'
# Podspec
- 'FirebaseFirestoreInternal.podspec'
- 'FirebaseFirestore.podspec'
- 'FirebaseFirestoreSwift.podspec'
# CMake
- '**CMakeLists.txt'
Expand Down Expand Up @@ -178,6 +180,40 @@ jobs:
run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/firestore.plist.gpg \
Firestore/Example/App/GoogleService-Info.plist "$plist_secret"

- name: Install Google Service Account key
run: |
scripts/decrypt_gha_secret.sh scripts/gha-encrypted/firestore-integration.json.gpg \
google-service-account.json "$plist_secret"
# create composite indexes with Terraform
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
- name: Terraform Init
run: |
cd Firestore
terraform init
- name: Terraform Apply
run: |
cd Firestore
# Define a temporary file, redirect both stdout and stderr to it
output_file=$(mktemp)
if ! terraform apply -var-file=../google-service-account.json -auto-approve > "$output_file" 2>&1 ; then
cat "$output_file"
if cat "$output_file" | grep -q "index already exists"; then
echo "==================================================================================="
echo "Terraform apply failed due to index already exists; We can safely ignore this error."
echo "==================================================================================="
fi
exit 1
fi
rm -f "$output_file"
env:
GOOGLE_APPLICATION_CREDENTIALS: ../google-service-account.json
continue-on-error: true

- name: Setup build
run: scripts/install_prereqs.sh Firestore ${{ runner.os }} cmake

Expand Down Expand Up @@ -265,6 +301,7 @@ jobs:
strategy:
matrix:
podspec: [
'FirebaseFirestoreInternal.podspec',
'FirebaseFirestore.podspec',
'FirebaseFirestoreSwift.podspec',
]
Expand Down Expand Up @@ -292,6 +329,7 @@ jobs:
strategy:
matrix:
podspec: [
'FirebaseFirestoreInternal.podspec',
'FirebaseFirestore.podspec',
'FirebaseFirestoreSwift.podspec',
]
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/zip.yml
Original file line number Diff line number Diff line change
Expand Up @@ -465,7 +465,7 @@ jobs:
run: |
scripts/check_firestore_symbols.sh \
$(pwd) \
"${HOME}"/ios_frameworks/Firebase/FirebaseFirestore/FirebaseFirestore.xcframework
"${HOME}"/ios_frameworks/Firebase/FirebaseFirestore/FirebaseFirestoreInternal.xcframework
quickstart_framework_inappmessaging:
# Don't run on private repo.
Expand Down
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -156,3 +156,9 @@ FirebaseAppCheck/Apps/AppCheckCustomProvideApp/AppCheckCustomProvideApp/GoogleSe
/Example/FirestoreSample/ui-debug.log
/Example/FirestoreSample/firestore-debug.log
/Example/FirestoreSample/firebase-debug.log

# generated Terraform docs
.terraform/*
.terraform.lock.hcl
*.tfstate
*.tfstate.*
1 change: 1 addition & 0 deletions CoreOnly/NOTICES
Original file line number Diff line number Diff line change
Expand Up @@ -1067,6 +1067,7 @@ IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.


FirebaseFirestore
FirebaseFirestoreInternal

Apache License
Version 2.0, January 2004
Expand Down
56 changes: 35 additions & 21 deletions FirebaseAppCheck/Sources/AppAttestProvider/FIRAppAttestProvider.m
Original file line number Diff line number Diff line change
Expand Up @@ -280,16 +280,21 @@ - (void)getTokenWithCompletion:(void (^)(FIRAppCheckToken *_Nullable, NSError *_
do:^NSData *_Nullable {
return [FIRAppCheckCryptoUtils sha256HashFromData:challenge];
}]
.thenOn(
self.queue,
^FBLPromise<NSData *> *(NSData *challengeHash) {
return [FBLPromise onQueue:self.queue
wrapObjectOrErrorCompletion:^(FBLPromiseObjectOrErrorCompletion _Nonnull handler) {
[self.appAttestService attestKey:keyID
clientDataHash:challengeHash
completionHandler:handler];
}];
})
.thenOn(self.queue,
^FBLPromise<NSData *> *(NSData *challengeHash) {
return [FBLPromise onQueue:self.queue
wrapObjectOrErrorCompletion:^(
FBLPromiseObjectOrErrorCompletion _Nonnull handler) {
[self.appAttestService attestKey:keyID
clientDataHash:challengeHash
completionHandler:handler];
}]
.recoverOn(self.queue, ^id(NSError *error) {
return [FIRAppCheckErrorUtil appAttestAttestKeyFailedWithError:error
keyId:keyID
clientDataHash:challengeHash];
});
})
.thenOn(self.queue, ^FBLPromise<FIRAppAttestKeyAttestationResult *> *(NSData *attestation) {
FIRAppAttestKeyAttestationResult *result =
[[FIRAppAttestKeyAttestationResult alloc] initWithKeyID:keyID
Expand Down Expand Up @@ -391,17 +396,22 @@ - (void)getTokenWithCompletion:(void (^)(FIRAppCheckToken *_Nullable, NSError *_
// 1.2. Get the statement SHA256 hash.
return [FIRAppCheckCryptoUtils sha256HashFromData:[statementForAssertion copy]];
}]
.thenOn(
self.queue,
^FBLPromise<NSData *> *(NSData *statementHash) {
// 2. Generate App Attest assertion.
return [FBLPromise onQueue:self.queue
wrapObjectOrErrorCompletion:^(FBLPromiseObjectOrErrorCompletion _Nonnull handler) {
[self.appAttestService generateAssertion:keyID
clientDataHash:statementHash
completionHandler:handler];
}];
})
.thenOn(self.queue,
^FBLPromise<NSData *> *(NSData *statementHash) {
return [FBLPromise onQueue:self.queue
wrapObjectOrErrorCompletion:^(
FBLPromiseObjectOrErrorCompletion _Nonnull handler) {
[self.appAttestService generateAssertion:keyID
clientDataHash:statementHash
completionHandler:handler];
}]
.recoverOn(self.queue, ^id(NSError *error) {
return [FIRAppCheckErrorUtil
appAttestGenerateAssertionFailedWithError:error
keyId:keyID
clientDataHash:statementHash];
});
})
// 3. Compose the result object.
.thenOn(self.queue, ^FIRAppAttestAssertionData *(NSData *assertion) {
return [[FIRAppAttestAssertionData alloc] initWithChallenge:challenge
Expand Down Expand Up @@ -479,6 +489,10 @@ - (void)getTokenWithCompletion:(void (^)(FIRAppCheckToken *_Nullable, NSError *_
wrapObjectOrErrorCompletion:^(FBLPromiseObjectOrErrorCompletion _Nonnull handler) {
[self.appAttestService generateKeyWithCompletionHandler:handler];
}]
.recoverOn(self.queue,
^id(NSError *error) {
return [FIRAppCheckErrorUtil appAttestGenerateKeyFailedWithError:error];
})
.thenOn(self.queue, ^FBLPromise<NSString *> *(NSString *keyID) {
return [self.keyIDStorage setAppAttestKeyID:keyID];
});
Expand Down
12 changes: 12 additions & 0 deletions FirebaseAppCheck/Sources/Core/Errors/FIRAppCheckErrorUtil.h
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,18 @@ void FIRAppCheckSetErrorToPointer(NSError *error, NSError **pointer);

+ (NSError *)appAttestKeyIDNotFound;

// MARK: - App Attest Errors

+ (NSError *)appAttestGenerateKeyFailedWithError:(NSError *)error;

+ (NSError *)appAttestAttestKeyFailedWithError:(NSError *)error
keyId:(NSString *)keyId
clientDataHash:(NSData *)clientDataHash;

+ (NSError *)appAttestGenerateAssertionFailedWithError:(NSError *)error
keyId:(NSString *)keyId
clientDataHash:(NSData *)clientDataHash;

@end

NS_ASSUME_NONNULL_END
39 changes: 39 additions & 0 deletions FirebaseAppCheck/Sources/Core/Errors/FIRAppCheckErrorUtil.m
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,45 @@ + (NSError *)errorWithFailureReason:(NSString *)failureReason {
underlyingError:nil];
}

#pragma mark - App Attest

+ (NSError *)appAttestGenerateKeyFailedWithError:(NSError *)error {
NSString *failureReason = @"Failed to generate a new cryptographic key for use with the App "
@"Attest service (`generateKeyWithCompletionHandler:`).";
// TODO(#11967): Add a new error code for this case (e.g., FIRAppCheckAppAttestGenerateKeyFailed).
return [self appCheckErrorWithCode:FIRAppCheckErrorCodeUnknown
failureReason:failureReason
underlyingError:error];
}

+ (NSError *)appAttestAttestKeyFailedWithError:(NSError *)error
keyId:(NSString *)keyId
clientDataHash:(NSData *)clientDataHash {
NSString *failureReason =
[NSString stringWithFormat:@"Failed to attest the validity of the generated cryptographic "
@"key (`attestKey:clientDataHash:completionHandler:`); "
@"keyId.length = %lu, clientDataHash.length = %lu",
(unsigned long)keyId.length, (unsigned long)clientDataHash.length];
// TODO(#11967): Add a new error code for this case (e.g., FIRAppCheckAppAttestAttestKeyFailed).
return [self appCheckErrorWithCode:FIRAppCheckErrorCodeUnknown
failureReason:failureReason
underlyingError:error];
}

+ (NSError *)appAttestGenerateAssertionFailedWithError:(NSError *)error
keyId:(NSString *)keyId
clientDataHash:(NSData *)clientDataHash {
NSString *failureReason = [NSString
stringWithFormat:@"Failed to create a block of data that demonstrates the legitimacy of the "
@"app instance (`generateAssertion:clientDataHash:completionHandler:`); "
@"keyId.length = %lu, clientDataHash.length = %lu.",
(unsigned long)keyId.length, (unsigned long)clientDataHash.length];
// TODO(#11967): Add error code for this case (e.g., FIRAppCheckAppAttestGenerateAssertionFailed).
return [self appCheckErrorWithCode:FIRAppCheckErrorCodeUnknown
failureReason:failureReason
underlyingError:error];
}

#pragma mark - Helpers

+ (NSError *)unknownErrorWithError:(NSError *)error {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -393,6 +393,10 @@ - (void)testGetToken_WhenUnregisteredKeyAndKeyAttestationError {
NSError *attestationError = [NSError errorWithDomain:@"testGetTokenWhenKeyAttestationError"
code:0
userInfo:nil];
NSError *expectedError =
[FIRAppCheckErrorUtil appAttestAttestKeyFailedWithError:attestationError
keyId:existingKeyID
clientDataHash:self.randomChallengeHash];
id attestCompletionArg = [OCMArg invokeBlockWithArgs:[NSNull null], attestationError, nil];
OCMExpect([self.mockAppAttestService attestKey:existingKeyID
clientDataHash:self.randomChallengeHash
Expand All @@ -411,7 +415,7 @@ - (void)testGetToken_WhenUnregisteredKeyAndKeyAttestationError {
[completionExpectation fulfill];

XCTAssertNil(token);
XCTAssertEqualObjects(error, attestationError);
XCTAssertEqualObjects(error, expectedError);
}];

[self waitForExpectations:@[ self.fakeBackoffWrapper.backoffExpectation, completionExpectation ]
Expand All @@ -422,7 +426,7 @@ - (void)testGetToken_WhenUnregisteredKeyAndKeyAttestationError {
[self verifyAllMocks];

// 9. Verify backoff error.
XCTAssertEqualObjects(self.fakeBackoffWrapper.operationError, attestationError);
XCTAssertEqualObjects(self.fakeBackoffWrapper.operationError, expectedError);
}

- (void)testGetToken_WhenUnregisteredKeyAndKeyAttestationExchangeError {
Expand Down Expand Up @@ -671,6 +675,10 @@ - (void)testGetToken_WhenKeyRegisteredAndGenerateAssertionError {
[NSError errorWithDomain:@"testGetToken_WhenKeyRegisteredAndGenerateAssertionError"
code:0
userInfo:nil];
NSError *expectedError =
[FIRAppCheckErrorUtil appAttestGenerateAssertionFailedWithError:generateAssertionError
keyId:existingKeyID
clientDataHash:self.randomChallengeHash];
id completionBlockArg = [OCMArg invokeBlockWithArgs:[NSNull null], generateAssertionError, nil];
OCMExpect([self.mockAppAttestService
generateAssertion:existingKeyID
Expand All @@ -690,7 +698,7 @@ - (void)testGetToken_WhenKeyRegisteredAndGenerateAssertionError {
[completionExpectation fulfill];

XCTAssertNil(token);
XCTAssertEqualObjects(error, generateAssertionError);
XCTAssertEqualObjects(error, expectedError);
}];

[self waitForExpectations:@[ completionExpectation ] timeout:0.5];
Expand Down
Loading

0 comments on commit 4ba9469

Please sign in to comment.