Skip to content

When searching for gRPC certificates, search the main bundle as well #2183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Dec 13, 2018
Merged

When searching for gRPC certificates, search the main bundle as well #2183

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f23ca36
Also try reading gRPC certificates from the main bundle
var-const Dec 12, 2018
ccb5d87
More logging
var-const Dec 12, 2018
9dec786
Review feedback
var-const Dec 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 39 additions & 18 deletions Firestore/core/src/firebase/firestore/remote/grpc_root_certificate_finder_apple.mm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,28 +34,49 @@
using util::StatusOr;
using util::StringFormat;

std::string LoadGrpcRootCertificate() {
// Try to load certificates bundled by gRPC-C++ if available (depends on
// gRPC-C++ version).
// Note that `mainBundle` may be nil in certain cases (e.g., unit tests).
NSBundle* bundle = [NSBundle bundleWithIdentifier:@"org.cocoapods.grpcpp"];
NSString* path;
if (bundle) {
path =
[bundle pathForResource:@"gRPCCertificates.bundle/roots" ofType:@"pem"];
}
if (path) {
LOG_DEBUG("Using roots.pem file from gRPC-C++ pod");
} else {
NSString* FindPathToCertificatesFile() {
// Certificates file might be present in one of several bundles, based on
// the environment.
NSArray<NSBundle*>* bundles = @[
// First, try to load certificates bundled by gRPC-C++ if available
// (pod versions 0.0.6+).
[NSBundle bundleWithIdentifier:@"org.cocoapods.grpcpp"],
// Fall back to the certificates bundled with Firestore if necessary.
LOG_DEBUG("Using roots.pem file from Firestore pod");
[NSBundle bundleForClass:FSTFirestoreClient.class],
// Finally, users manually adding resources to the project may add the
// certificate to the main application bundle. Note that `mainBundle` is nil
// for unit tests of library projects, so it cannot fully substitute for
// checking framework bundles.
[NSBundle mainBundle],
];

for (NSBundle* bundle in bundles) {
if (!bundle) {
continue;
}

NSString* resource = @"gRPCCertificates.bundle/roots";
NSString* path = [bundle pathForResource:resource ofType:@"pem"];
if (!path) {
resource = @"gRPCCertificates-Firestore.bundle/roots";
path = [bundle pathForResource:resource ofType:@"pem"];
}

bundle = [NSBundle bundleForClass:FSTFirestoreClient.class];
HARD_ASSERT(bundle, "Could not find Firestore bundle");
path = [bundle pathForResource:@"gRPCCertificates-Firestore.bundle/roots"
ofType:@"pem"];
if (path) {
LOG_DEBUG("%s.pem found in bundle %s", resource,
[bundle bundleIdentifier]);
return path;
} else {
LOG_DEBUG("%s.pem not found in bundle %s", resource,
[bundle bundleIdentifier]);
}
}

return nil;
}

std::string LoadGrpcRootCertificate() {
NSString* path = FindPathToCertificatesFile();
HARD_ASSERT(
path,
"Could not load root certificates from the bundle. SSL cannot work.");
Expand Down