Source/WebKit/webpushd/PushClientConnection.mm - WebKit - Git at Google

 /*
  * Copyright (C) 2021 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
  * THE POSSIBILITY OF SUCH DAMAGE.
  */

 #import "config.h"
 #import "PushClientConnection.h"

 #import "AppBundleRequest.h"
 #import "CodeSigning.h"
 #import "WebPushDaemon.h"
 #import "WebPushDaemonConnectionConfiguration.h"
 #import <JavaScriptCore/ConsoleTypes.h>
 #import <wtf/HexNumber.h>
 #import <wtf/Vector.h>
 #import <wtf/cocoa/Entitlements.h>

 namespace WebPushD {

 Ref<ClientConnection> ClientConnection::create(xpc_connection_t connection)
 {
     return adoptRef(*new ClientConnection(connection));
 }

 ClientConnection::ClientConnection(xpc_connection_t connection)
     : m_xpcConnection(connection)
 {
 }

 void ClientConnection::updateConnectionConfiguration(const WebPushDaemonConnectionConfiguration& configuration)
 {
     if (configuration.hostAppAuditTokenData)
         setHostAppAuditTokenData(*configuration.hostAppAuditTokenData);

     m_useMockBundlesForTesting = configuration.useMockBundlesForTesting;
 }

 void ClientConnection::setHostAppAuditTokenData(const Vector<uint8_t>& tokenData)
 {
     audit_token_t token;
     if (tokenData.size() != sizeof(token)) {
         ASSERT_WITH_MESSAGE(false, "Attempt to set an audit token from incorrect number of bytes");
         return;
     }

     memcpy(&token, tokenData.data(), tokenData.size());

     if (hasHostAppAuditToken()) {
         // Verify the token being set is equivalent to the last one set
         audit_token_t& existingAuditToken = *m_hostAppAuditToken;
         RELEASE_ASSERT(!memcmp(&existingAuditToken, &token, sizeof(token)));
         return;
     }

     m_hostAppAuditToken = WTFMove(token);
     Daemon::singleton().broadcastAllConnectionIdentities();
 }

 const String& ClientConnection::hostAppCodeSigningIdentifier()
 {
     if (!m_hostAppCodeSigningIdentifier) {
 #if PLATFORM(MAC) && !USE(APPLE_INTERNAL_SDK)
         // This isn't great, but currently the only user of webpushd in open source builds is TestWebKitAPI and codeSigningIdentifier returns the null String on x86_64 Macs.
         m_hostAppCodeSigningIdentifier = "com.apple.WebKit.TestWebKitAPI";
 #else
         if (!m_hostAppAuditToken)
             m_hostAppCodeSigningIdentifier = String();
         else
             m_hostAppCodeSigningIdentifier = WebKit::codeSigningIdentifier(*m_hostAppAuditToken);
 #endif
     }

     return *m_hostAppCodeSigningIdentifier;
 }

 bool ClientConnection::hostAppHasPushEntitlement()
 {
     if (!m_hostAppHasPushEntitlement)
         m_hostAppHasPushEntitlement = hostHasEntitlement("com.apple.private.webkit.webpush"_s);

     return *m_hostAppHasPushEntitlement;
 }

 bool ClientConnection::hostAppHasPushInjectEntitlement()
 {
     return hostHasEntitlement("com.apple.private.webkit.webpush.inject"_s);
 }

 bool ClientConnection::hostHasEntitlement(const char* entitlement)
 {
     if (!m_hostAppAuditToken)
         return false;
 #if !PLATFORM(MAC) || USE(APPLE_INTERNAL_SDK)
     return WTF::hasEntitlement(*m_hostAppAuditToken, entitlement);
 #else
     return true;
 #endif
 }

 void ClientConnection::setDebugModeIsEnabled(bool enabled)
 {
     if (enabled == m_debugModeEnabled)
         return;

     m_debugModeEnabled = enabled;
     broadcastDebugMessage(makeString("Turned Debug Mode ", m_debugModeEnabled ? "on" : "off"));
 }

 void ClientConnection::broadcastDebugMessage(const String& message)
 {
     String messageIdentifier;
     auto signingIdentifer = hostAppCodeSigningIdentifier();
     if (signingIdentifer.isEmpty())
         messageIdentifier = makeString("[(0x", hex(reinterpret_cast<uint64_t>(m_xpcConnection.get()), WTF::HexConversionMode::Lowercase), ") (", String::number(identifier()), " )] ");
     else
         messageIdentifier = makeString("[", signingIdentifer, " (", String::number(identifier()), ")] ");

     Daemon::singleton().broadcastDebugMessage(JSC::MessageLevel::Info, makeString(messageIdentifier, message));
 }

 void ClientConnection::enqueueAppBundleRequest(std::unique_ptr<AppBundleRequest>&& request)
 {
     RELEASE_ASSERT(m_xpcConnection);
     m_pendingBundleRequests.append(WTFMove(request));
     maybeStartNextAppBundleRequest();
 }

 void ClientConnection::maybeStartNextAppBundleRequest()
 {
     RELEASE_ASSERT(m_xpcConnection);

     if (m_currentBundleRequest || m_pendingBundleRequests.isEmpty())
         return;

     m_currentBundleRequest = m_pendingBundleRequests.takeFirst();
     m_currentBundleRequest->start();
 }

 void ClientConnection::didCompleteAppBundleRequest(AppBundleRequest& request)
 {
     // If our connection was closed there should be no in-progress bundle requests.
     RELEASE_ASSERT(m_xpcConnection);

     ASSERT(m_currentBundleRequest.get() == &request);
     m_currentBundleRequest = nullptr;

     maybeStartNextAppBundleRequest();
 }

 void ClientConnection::connectionClosed()
 {
     broadcastDebugMessage("Connection closed");

     RELEASE_ASSERT(m_xpcConnection);
     m_xpcConnection = nullptr;

     if (m_currentBundleRequest) {
         m_currentBundleRequest->cancel();
         m_currentBundleRequest = nullptr;
     }

     Deque<std::unique_ptr<AppBundleRequest>> pendingBundleRequests;
     pendingBundleRequests.swap(m_pendingBundleRequests);
     for (auto& requst : pendingBundleRequests)
         requst->cancel();
 }

 } // namespace WebPushD
	/*
	* Copyright (C) 2021 Apple Inc. All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions
	* are met:
	* 1. Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* 2. Redistributions in binary form must reproduce the above copyright
	* notice, this list of conditions and the following disclaimer in the
	* documentation and/or other materials provided with the distribution.
	*
	* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
	* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
	* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
	* THE POSSIBILITY OF SUCH DAMAGE.
	*/

	#import "config.h"
	#import "PushClientConnection.h"

	#import "AppBundleRequest.h"
	#import "CodeSigning.h"
	#import "WebPushDaemon.h"
	#import "WebPushDaemonConnectionConfiguration.h"
	#import <JavaScriptCore/ConsoleTypes.h>
	#import <wtf/HexNumber.h>
	#import <wtf/Vector.h>
	#import <wtf/cocoa/Entitlements.h>

	namespace WebPushD {

	Ref<ClientConnection> ClientConnection::create(xpc_connection_t connection)
	{
	return adoptRef(*new ClientConnection(connection));
	}

	ClientConnection::ClientConnection(xpc_connection_t connection)
	: m_xpcConnection(connection)
	{
	}

	void ClientConnection::updateConnectionConfiguration(const WebPushDaemonConnectionConfiguration& configuration)
	{
	if (configuration.hostAppAuditTokenData)
	setHostAppAuditTokenData(*configuration.hostAppAuditTokenData);

	m_useMockBundlesForTesting = configuration.useMockBundlesForTesting;
	}

	void ClientConnection::setHostAppAuditTokenData(const Vector<uint8_t>& tokenData)
	{
	audit_token_t token;
	if (tokenData.size() != sizeof(token)) {
	ASSERT_WITH_MESSAGE(false, "Attempt to set an audit token from incorrect number of bytes");
	return;
	}

	memcpy(&token, tokenData.data(), tokenData.size());

	if (hasHostAppAuditToken()) {
	// Verify the token being set is equivalent to the last one set
	audit_token_t& existingAuditToken = *m_hostAppAuditToken;
	RELEASE_ASSERT(!memcmp(&existingAuditToken, &token, sizeof(token)));
	return;
	}

	m_hostAppAuditToken = WTFMove(token);
	Daemon::singleton().broadcastAllConnectionIdentities();
	}

	const String& ClientConnection::hostAppCodeSigningIdentifier()
	{
	if (!m_hostAppCodeSigningIdentifier) {
	#if PLATFORM(MAC) && !USE(APPLE_INTERNAL_SDK)
	// This isn't great, but currently the only user of webpushd in open source builds is TestWebKitAPI and codeSigningIdentifier returns the null String on x86_64 Macs.
	m_hostAppCodeSigningIdentifier = "com.apple.WebKit.TestWebKitAPI";
	#else
	if (!m_hostAppAuditToken)
	m_hostAppCodeSigningIdentifier = String();
	else
	m_hostAppCodeSigningIdentifier = WebKit::codeSigningIdentifier(*m_hostAppAuditToken);
	#endif
	}

	return *m_hostAppCodeSigningIdentifier;
	}

	bool ClientConnection::hostAppHasPushEntitlement()
	{
	if (!m_hostAppHasPushEntitlement)
	m_hostAppHasPushEntitlement = hostHasEntitlement("com.apple.private.webkit.webpush"_s);

	return *m_hostAppHasPushEntitlement;
	}

	bool ClientConnection::hostAppHasPushInjectEntitlement()
	{
	return hostHasEntitlement("com.apple.private.webkit.webpush.inject"_s);
	}

	bool ClientConnection::hostHasEntitlement(const char* entitlement)
	{
	if (!m_hostAppAuditToken)
	return false;
	#if !PLATFORM(MAC) \|\| USE(APPLE_INTERNAL_SDK)
	return WTF::hasEntitlement(*m_hostAppAuditToken, entitlement);
	#else
	return true;
	#endif
	}

	void ClientConnection::setDebugModeIsEnabled(bool enabled)
	{
	if (enabled == m_debugModeEnabled)
	return;

	m_debugModeEnabled = enabled;
	broadcastDebugMessage(makeString("Turned Debug Mode ", m_debugModeEnabled ? "on" : "off"));
	}

	void ClientConnection::broadcastDebugMessage(const String& message)
	{
	String messageIdentifier;
	auto signingIdentifer = hostAppCodeSigningIdentifier();
	if (signingIdentifer.isEmpty())
	messageIdentifier = makeString("[(0x", hex(reinterpret_cast<uint64_t>(m_xpcConnection.get()), WTF::HexConversionMode::Lowercase), ") (", String::number(identifier()), " )] ");
	else
	messageIdentifier = makeString("[", signingIdentifer, " (", String::number(identifier()), ")] ");

	Daemon::singleton().broadcastDebugMessage(JSC::MessageLevel::Info, makeString(messageIdentifier, message));
	}

	void ClientConnection::enqueueAppBundleRequest(std::unique_ptr<AppBundleRequest>&& request)
	{
	RELEASE_ASSERT(m_xpcConnection);
	m_pendingBundleRequests.append(WTFMove(request));
	maybeStartNextAppBundleRequest();
	}

	void ClientConnection::maybeStartNextAppBundleRequest()
	{
	RELEASE_ASSERT(m_xpcConnection);

	if (m_currentBundleRequest \|\| m_pendingBundleRequests.isEmpty())
	return;

	m_currentBundleRequest = m_pendingBundleRequests.takeFirst();
	m_currentBundleRequest->start();
	}

	void ClientConnection::didCompleteAppBundleRequest(AppBundleRequest& request)
	{
	// If our connection was closed there should be no in-progress bundle requests.
	RELEASE_ASSERT(m_xpcConnection);

	ASSERT(m_currentBundleRequest.get() == &request);
	m_currentBundleRequest = nullptr;

	maybeStartNextAppBundleRequest();
	}

	void ClientConnection::connectionClosed()
	{
	broadcastDebugMessage("Connection closed");

	RELEASE_ASSERT(m_xpcConnection);
	m_xpcConnection = nullptr;

	if (m_currentBundleRequest) {
	m_currentBundleRequest->cancel();
	m_currentBundleRequest = nullptr;
	}

	Deque<std::unique_ptr<AppBundleRequest>> pendingBundleRequests;
	pendingBundleRequests.swap(m_pendingBundleRequests);
	for (auto& requst : pendingBundleRequests)
	requst->cancel();
	}

	} // namespace WebPushD