Tls cert feature (#47)

kylebrowning · web-flow · commit 686c69561040 · 2019-09-22T11:02:52.000-07:00
* Attempt to let token auth be used.

* Remove unsed Signer code.

# Conflicts:
#	Sources/APNSwiftPemExample/main.swift

* Adds Pem Example.

# Conflicts:
#	Sources/APNSwiftPemExample/main.swift

* Refactor negotiation

* update example path.

* device token update.
diff --git a/Package.swift b/Package.swift
@@ -23,13 +23,15 @@ let package = Package(
         ),
 
         .target(name: "APNSwiftExample", dependencies: ["APNSwift"]),
+        .target(name: "APNSwiftPemExample", dependencies: ["APNSwift"]),
         .testTarget(name: "APNSwiftJWTTests", dependencies: ["APNSwift"]),
         .testTarget(name: "APNSwiftTests", dependencies: ["APNSwift"]),
         .target(name: "APNSwift", dependencies: ["NIO",
                                                 "NIOSSL",
                                                 "NIOHTTP1",
                                                 "NIOHTTP2",
                                                 "NIOFoundationCompat",
-                                                "CAPNSOpenSSL"]),
+                                                "CAPNSOpenSSL",
+                                                "NIOTLS"]),
     ]
 )
diff --git a/Sources/APNSwift/APNSwiftConfiguration.swift b/Sources/APNSwift/APNSwiftConfiguration.swift
@@ -63,7 +63,8 @@ public struct APNSwiftConfiguration {
         self.topic = topic
         self.signer = signer
         self.environment = environment
-        tlsConfiguration = TLSConfiguration.forClient(applicationProtocols: ["h2"])
+        self.tlsConfiguration = TLSConfiguration.forClient(applicationProtocols: ["h2"])
+
     }
 }
 
diff --git a/Sources/APNSwift/APNSwiftConnection.swift b/Sources/APNSwift/APNSwiftConnection.swift
@@ -16,6 +16,48 @@ import Foundation
 import NIO
 import NIOHTTP2
 import NIOSSL
+import NIOTLS
+
+private final class WaitForTLSUpHandler: ChannelInboundHandler {
+    typealias InboundIn = Never
+
+    struct TLSNegotiationError: Error {
+        var wrongProtocolNegotiated: String?
+    }
+
+    private let allDonePromise: EventLoopPromise<Void>
+
+    init(allDonePromise: EventLoopPromise<Void>) {
+        self.allDonePromise = allDonePromise
+    }
+
+    func errorCaught(context: ChannelHandlerContext, error: Error) {
+        // this is an unknown error, this is unexpected, let's fail everything and close the connection.
+        self.allDonePromise.fail(error)
+        context.close(promise: nil)
+    }
+
+    func userInboundEventTriggered(context: ChannelHandlerContext, event: Any) {
+        if let event = event as? TLSUserEvent {
+            switch event {
+            case .handshakeCompleted(negotiatedProtocol: "h2"):
+                self.allDonePromise.succeed(())
+            case .handshakeCompleted(negotiatedProtocol: let proto):
+                self.allDonePromise.fail(TLSNegotiationError(wrongProtocolNegotiated: proto))
+                context.close(promise: nil)
+            case .shutdownCompleted:
+                context.fireUserInboundEventTriggered(event)
+            }
+        } else {
+            context.fireUserInboundEventTriggered(event)
+        }
+    }
+
+    func channelInactive(context: ChannelHandlerContext) {
+        // there's always the possibility that we just get a close which we need to handle.
+        self.allDonePromise.fail(ChannelError.eof)
+    }
+}
 
 public final class APNSwiftConnection {
     
@@ -39,26 +81,25 @@ public final class APNSwiftConnection {
      */
     
     public static func connect(configuration: APNSwiftConfiguration, on eventLoop: EventLoop) -> EventLoopFuture<APNSwiftConnection> {
-        let bootstrap = ClientBootstrap(group: eventLoop)
-            .channelOption(ChannelOptions.socket(IPPROTO_TCP, TCP_NODELAY), value: 1)
-            .channelInitializer { channel in
-                do {
-                    let sslContext = try NIOSSLContext(configuration: configuration.tlsConfiguration)
-                    let sslHandler = try NIOSSLClientHandler(context: sslContext, serverHostname: configuration.url.host)
-                    return channel.pipeline.addHandler(sslHandler).flatMap {
-                        channel.configureHTTP2Pipeline(mode: .client) { _, _ in
-                            fatalError("server push not supported")
-                        }.map { _ in }
+        struct UnsupportedServerPushError: Error {}
+
+        let sslContext = try! NIOSSLContext(configuration: configuration.tlsConfiguration)
+        let connectionFullyUpPromise = eventLoop.makePromise(of: Void.self)
+
+        let tcpConnection = ClientBootstrap(group: eventLoop).connect(host: configuration.url.host!, port: 443)
+        tcpConnection.cascadeFailure(to: connectionFullyUpPromise)
+        return tcpConnection.flatMap { channel in
+            let sslHandler = try! NIOSSLClientHandler(context: sslContext,
+                                                     serverHostname: configuration.url.host)
+            return channel.pipeline.addHandlers([sslHandler,
+                                                 WaitForTLSUpHandler(allDonePromise: connectionFullyUpPromise)]).flatMap {
+                channel.configureHTTP2Pipeline(mode: .client) { channel, _ in
+                    return channel.eventLoop.makeFailedFuture(UnsupportedServerPushError())
+                }.flatMap { multiplexer in
+                    connectionFullyUpPromise.futureResult.map {
+                        return APNSwiftConnection(channel: channel, multiplexer: multiplexer, configuration: configuration)
                     }
-                } catch {
-                    channel.close(mode: .all, promise: nil)
-                    return channel.eventLoop.makeFailedFuture(error)
                 }
-        }
-        
-        return bootstrap.connect(host: configuration.url.host!, port: 443).flatMap { channel in
-            return channel.pipeline.handler(type: HTTP2StreamMultiplexer.self).map { multiplexer in
-                return APNSwiftConnection(channel: channel, multiplexer: multiplexer, configuration: configuration)
             }
         }
     }
@@ -117,7 +158,6 @@ public final class APNSwiftConnection {
             )
             
             return streamPromise.futureResult.flatMap { stream in
-                responsePromise.futureResult.whenComplete { _ in }
                 return stream.writeAndFlush(context)
             }.flatMap {
                 responsePromise.futureResult
diff --git a/Sources/APNSwift/APNSwiftRequestEncoder.swift b/Sources/APNSwift/APNSwiftRequestEncoder.swift
@@ -77,11 +77,15 @@ internal final class APNSwiftRequestEncoder: ChannelOutboundHandler {
             reqHead.headers.add(name: "apns-push-type", value: pushType.rawValue)
         }
         reqHead.headers.add(name: "host", value: configuration.url.host!)
-        guard let token = bearerToken.token else {
-            promise?.fail(APNSwiftError.SigningError.invalidSignatureData)
-            return
+        // Only use token auth if private key is nil
+        if configuration.tlsConfiguration.privateKey == nil {
+            guard let token = bearerToken.token else {
+                promise?.fail(APNSwiftError.SigningError.invalidSignatureData)
+                return
+            }
+            reqHead.headers.add(name: "authorization", value: "bearer \(token)")
         }
-        reqHead.headers.add(name: "authorization", value: "bearer \(token)")
+
         context.write(wrapOutboundOut(.head(reqHead))).cascadeFailure(to: promise)
         context.write(wrapOutboundOut(.body(.byteBuffer(buffer)))).cascadeFailure(to: promise)
         context.write(wrapOutboundOut(.end(nil)), promise: promise)
diff --git a/Sources/APNSwiftExample/main.swift b/Sources/APNSwiftExample/main.swift
@@ -22,7 +22,7 @@ import NIOSSL
 let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
 var verbose = true
 
-let signer = try! APNSwiftSigner(filePath: "/Users/kylebrowning/Downloads/AuthKey_9UC9ZLQ8YW.p8")
+let signer = try! APNSwiftSigner(filePath: "/Users/kylebrowning/Desktop/AuthKey_9UC9ZLQ8YW.p8")
 
 let apnsConfig = APNSwiftConfiguration(keyIdentifier: "9UC9ZLQ8YW",
                                        teamIdentifier: "ABBM6U9RM5",
@@ -56,12 +56,7 @@ let token = APNSwiftBearerToken(configuration: apnsConfig, timeout: 50.0)
 
 do {
     let expiry = Date().addingTimeInterval(5)
-    try apns.send(notification, bearerToken: token, to: "b693f99efa926bcf9977adae75bc88a97988365f49e4c6abf94aa659a4d87a6b", expiration: expiry, priority: 10).wait()
-    try apns.send(notification, bearerToken: token, to: "b693f99efa926bcf9977adae75bc88a97988365f49e4c6abf94aa659a4d87a6b", expiration: expiry, priority: 10).wait()
-    try apns.send(notification, bearerToken: token,  to: "b693f99efa926bcf9977adae75bc88a97988365f49e4c6abf94aa659a4d87a6b", expiration: expiry, priority: 10).wait()
-    try apns.send(notification, bearerToken: token,  to: "b693f99efa926bcf9977adae75bc88a97988365f49e4c6abf94aa659a4d87a6b", expiration: expiry, priority: 10).wait()
-    try apns.send(notification, bearerToken: token,  to: "b693f99efa926bcf9977adae75bc88a97988365f49e4c6abf94aa659a4d87a6b", expiration: expiry, priority: 10).wait()
-    try apns.send(notification, bearerToken: token,  to: "b693f99efa926bcf9977adae75bc88a97988365f49e4c6abf94aa659a4d87a6b", expiration: expiry, priority: 10).wait()
+    try apns.send(notification, bearerToken: token, to: "98AAD4A2398DDC58595F02FA307DF9A15C18B6111D1B806949549085A8E6A55D", expiration: expiry, priority: 10).wait()
 } catch {
     print(error)
 }
diff --git a/Sources/APNSwiftPemExample/main.swift b/Sources/APNSwiftPemExample/main.swift
@@ -0,0 +1,76 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the APNSwift open source project
+//
+// Copyright (c) 2019 the APNSwift project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of APNSwift project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import Foundation
+import NIO
+import APNSwift
+import NIOHTTP1
+import NIOHTTP2
+import NIOSSL
+
+let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
+var verbose = true
+
+//let signer = try! APNSwiftSigner(filePath: "/Users/kylebrowning/Downloads/AuthKey_9UC9ZLQ8YW.p8")
+
+var apnsConfig = try APNSwiftConfiguration(keyIdentifier: "9UC9ZLQ8YW",
+                                       teamIdentifier: "ABBM6U9RM5",
+                                       signer: APNSwiftSigner.init(buffer: ByteBufferAllocator().buffer(capacity: Data().count)),
+                                       topic: "com.grasscove.Fern",
+                                       environment: .sandbox)
+
+let key = try NIOSSLPrivateKey(file: "/Users/kylebrowning/Projects/swift/Fern/development_com.grasscove.Fern.pkey", format: .pem)
+apnsConfig.tlsConfiguration.privateKey = NIOSSLPrivateKeySource.privateKey(key)
+apnsConfig.tlsConfiguration.certificateVerification = .noHostnameVerification
+apnsConfig.tlsConfiguration.certificateChain = try! [.certificate(.init(file: "/Users/kylebrowning/Projects/swift/Fern/development_com.grasscove.Fern.pem", format: .pem))]
+
+let apns = try APNSwiftConnection.connect(configuration: apnsConfig, on: group.next()).wait()
+
+if verbose {
+    print("* Connected to \(apnsConfig.url.host!) (\(apns.channel.remoteAddress!)")
+}
+
+struct AcmeNotification: APNSwiftNotification {
+    let acme2: [String]
+    let aps: APNSwiftPayload
+
+    init(acme2: [String], aps: APNSwiftPayload) {
+        self.acme2 = acme2
+        self.aps = aps
+    }
+}
+
+let alert = APNSwiftPayload.APNSwiftAlert(title: "Hey There", subtitle: "Subtitle", body: "Body")
+let apsSound = APNSwiftPayload.APNSSoundDictionary(isCritical: true, name: "cow.wav", volume: 0.8)
+let aps = APNSwiftPayload(alert: alert, badge: 0, sound: .critical(apsSound), hasContentAvailable: true)
+let temp = try! JSONEncoder().encode(aps)
+let string = String(bytes: temp, encoding: .utf8)
+let notification = AcmeNotification(acme2: ["bang", "whiz"], aps: aps)
+let token = APNSwiftBearerToken(configuration: apnsConfig, timeout: 50.0)
+
+do {
+    let expiry = Date().addingTimeInterval(5)
+    try apns.send(notification, bearerToken: token, to: "98AAD4A2398DDC58595F02FA307DF9A15C18B6111D1B806949549085A8E6A55D", expiration: expiry, priority: 10).wait()
+    try apns.send(notification, bearerToken: token, to: "98AAD4A2398DDC58595F02FA307DF9A15C18B6111D1B806949549085A8E6A55D", expiration: expiry, priority: 10).wait()
+    try apns.send(notification, bearerToken: token,  to: "98AAD4A2398DDC58595F02FA307DF9A15C18B6111D1B806949549085A8E6A55D", expiration: expiry, priority: 10).wait()
+    try apns.send(notification, bearerToken: token,  to: "98AAD4A2398DDC58595F02FA307DF9A15C18B6111D1B806949549085A8E6A55D", expiration: expiry, priority: 10).wait()
+    try apns.send(notification, bearerToken: token,  to: "98AAD4A2398DDC58595F02FA307DF9A15C18B6111D1B806949549085A8E6A55D", expiration: expiry, priority: 10).wait()
+    try apns.send(notification, bearerToken: token,  to: "98AAD4A2398DDC58595F02FA307DF9A15C18B6111D1B806949549085A8E6A55D", expiration: expiry, priority: 10).wait()
+} catch {
+    print(error)
+}
+
+try apns.close().wait()
+try group.syncShutdownGracefully()
+exit(0)

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,8 @@ public struct APNSwiftConfiguration {`
`63`	`63`	`self.topic = topic`
`64`	`64`	`self.signer = signer`
`65`	`65`	`self.environment = environment`
`66`		`- tlsConfiguration = TLSConfiguration.forClient(applicationProtocols: ["h2"])`
	`66`	`+ self.tlsConfiguration = TLSConfiguration.forClient(applicationProtocols: ["h2"])`
	`67`	`+`
`67`	`68`	`}`
`68`	`69`	`}`
`69`	`70`