Skip to content

Commit

Permalink
fix: fixing apns keys encoding (#246)
Browse files Browse the repository at this point in the history
  • Loading branch information
geekbrother authored Oct 17, 2023
1 parent 80e3bf5 commit 2e6a9fe
Show file tree
Hide file tree
Showing 6 changed files with 107 additions and 21 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ jobs:
DATABASE_URL: postgres://postgres:root@localhost:5432/postgres
TENANT_DATABASE_URL: postgres://postgres:root@localhost:5433/postgres
RELAY_PUBLIC_KEY: ${{ secrets.RELAY_PUBLIC_KEY }}
JWT_SECRET: ${{ secrets.JWT_SECRET }}
steps:
# Checkout code
- name: "Git checkout"
Expand Down Expand Up @@ -155,6 +156,9 @@ jobs:
args: ${{ matrix.cargo.args }}
env:
ECHO_TEST_FCM_KEY: ${{ secrets.ECHO_TEST_FCM_KEY }}
ECHO_TEST_APNS_P8_KEY_ID: ${{ secrets.ECHO_TEST_APNS_P8_KEY_ID }}
ECHO_TEST_APNS_P8_TEAM_ID: ${{ secrets.ECHO_TEST_APNS_P8_TEAM_ID }}
ECHO_TEST_APNS_P8_PEM: ${{ secrets.ECHO_TEST_APNS_P8_PEM }}

- name: "Print sccache stats"
run: sccache --show-stats
Expand Down
4 changes: 2 additions & 2 deletions src/handlers/get_tenant.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ use {
http::HeaderMap,
Json,
},
serde::Serialize,
serde::{Deserialize, Serialize},
std::sync::Arc,
};

#[derive(Serialize)]
#[derive(Serialize, Deserialize)]
pub struct GetTenantResponse {
url: String,
enabled_providers: Vec<String>,
Expand Down
30 changes: 19 additions & 11 deletions src/handlers/update_apns.rs
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,27 @@ impl ApnsUpdateBody {
}),
})
}
(Some(topic), Some(certificate), None, None, None, None) => Ok(ApnsSqlUpdate {
topic: Some(topic.clone()),
auth: Some(TenantApnsUpdateAuth::Certificate {
apns_certificate: certificate.clone(),
apns_certificate_password: String::new(),
}),
}),
(None, Some(certificate), Some(password), None, None, None) => Ok(ApnsSqlUpdate {
topic: None,
auth: Some(TenantApnsUpdateAuth::Certificate {
apns_certificate: certificate.clone(),
apns_certificate_password: password.clone(),
}),
}),
(None, Some(certificate), None, None, None, None) => Ok(ApnsSqlUpdate {
topic: None,
auth: Some(TenantApnsUpdateAuth::Certificate {
apns_certificate: certificate.clone(),
apns_certificate_password: String::new(),
}),
}),
// Update Token
(Some(topic), None, None, Some(pkcs8_pem), Some(key_id), Some(team_id)) => {
Ok(ApnsSqlUpdate {
Expand Down Expand Up @@ -136,9 +150,7 @@ pub async fn handler(
body.apns_certificate_password = Some(field.text().await?);
}
"apns_pkcs8_pem" => {
let data = field.bytes().await?;
let encoded_pem = base64::engine::general_purpose::STANDARD.encode(&data);
body.apns_pkcs8_pem = Some(encoded_pem);
body.apns_pkcs8_pem = Some(field.text().await?);
}
"apns_key_id" => {
body.apns_key_id = Some(field.text().await?);
Expand Down Expand Up @@ -179,11 +191,10 @@ pub async fn handler(
apns_certificate,
apns_certificate_password,
} => {
let cert_bytes = apns_certificate.into_bytes();
let mut reader = BufReader::new(&*cert_bytes);

let decoded = base64::engine::general_purpose::STANDARD
.decode(apns_certificate.into_bytes())?;
match a2::Client::certificate(
&mut reader,
&mut std::io::Cursor::new(decoded),
&apns_certificate_password,
a2::Endpoint::Sandbox,
) {
Expand All @@ -199,11 +210,8 @@ pub async fn handler(
apns_key_id,
apns_team_id,
} => {
let pem_bytes = apns_pkcs8_pem.into_bytes();
let mut reader = BufReader::new(&*pem_bytes);

match a2::Client::token(
&mut reader,
&mut std::io::Cursor::new(apns_pkcs8_pem.into_bytes()),
apns_key_id,
apns_team_id,
a2::Endpoint::Sandbox,
Expand Down
5 changes: 1 addition & 4 deletions src/stores/tenant.rs
Original file line number Diff line number Diff line change
Expand Up @@ -218,10 +218,7 @@ impl Tenant {
&self.apns_team_id,
) {
(Some(topic), Some(pkcs8_pem), Some(key_id), Some(team_id)) => {
let decoded =
base64::engine::general_purpose::STANDARD.decode(pkcs8_pem)?;
let mut reader = BufReader::new(&*decoded);

let mut reader = BufReader::new(pkcs8_pem.as_bytes());
let apns_client = ApnsProvider::new_token(
&mut reader,
key_id.clone(),
Expand Down
10 changes: 7 additions & 3 deletions tests/context/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ pub struct ConfigContext {

pub struct EchoServerContext {
pub server: EchoServer,
pub config: Config,
}

pub struct StoreContext {
Expand All @@ -41,8 +42,10 @@ impl TestContext for ConfigContext {
disable_header: true,
validate_signatures: false,
relay_public_key: env::var("RELAY_PUBLIC_KEY").unwrap_or("none".to_string()),
database_url: env::var("DATABASE_URL").unwrap(),
tenant_database_url: env::var("TENANT_DATABASE_URL").unwrap(),
database_url: env::var("DATABASE_URL")
.expect("DATABASE_URL environment variable is not set"),
tenant_database_url: env::var("TENANT_DATABASE_URL")
.expect("TENANT_DATABASE_URL environment variable is not set"),
#[cfg(feature = "multitenant")]
jwt_secret: "n/a".to_string(),
otel_exporter_otlp_endpoint: None,
Expand Down Expand Up @@ -87,8 +90,9 @@ impl TestContext for ConfigContext {
#[async_trait]
impl AsyncTestContext for EchoServerContext {
async fn setup() -> Self {
let config = ConfigContext::setup().config;
let server = EchoServer::start(ConfigContext::setup().config).await;
Self { server }
Self { server, config }
}
}

Expand Down
75 changes: 74 additions & 1 deletion tests/functional/multitenant/apns.rs
Original file line number Diff line number Diff line change
@@ -1,10 +1,23 @@
use {
crate::context::EchoServerContext,
echo_server::handlers::create_tenant::TenantRegisterBody,
echo_server::handlers::{create_tenant::TenantRegisterBody, get_tenant::GetTenantResponse},
jsonwebtoken::{encode, EncodingKey, Header},
random_string::generate,
serde::Serialize,
std::time::SystemTime,
test_context::test_context,
uuid::Uuid,
};

/// Struct to hold claims for JWT validation
#[derive(Serialize)]
struct ClaimsForValidation {
sub: String,
aud: String,
role: String,
exp: usize,
}

// #[test_context(EchoServerContext)]
// #[tokio::test]
// async fn tenant_update_apns(ctx: &mut EchoServerContext) {
Expand Down Expand Up @@ -44,6 +57,66 @@ use {
// );
// }

#[test_context(EchoServerContext)]
#[tokio::test]
async fn tenant_update_apns_valid_token(ctx: &mut EchoServerContext) {
let tenant_id = Uuid::new_v4().to_string();
let payload = TenantRegisterBody {
id: tenant_id.clone(),
};
let unix_timestamp = SystemTime::now()
.duration_since(SystemTime::UNIX_EPOCH)
.unwrap()
.as_secs() as usize;
let token_claims = ClaimsForValidation {
sub: tenant_id.clone(),
aud: "authenticated".to_string(),
role: "authenticated".to_string(),
exp: unix_timestamp + 60 * 60, // Add an hour for expiration
};
let jwt_token = encode(
&Header::default(),
&token_claims,
&EncodingKey::from_secret(ctx.config.jwt_secret.as_bytes()),
)
.expect("Failed to encode jwt token");

// Register new tenant
let client = reqwest::Client::new();
let create_tenant_result = client
.post(format!("http://{}/tenants", ctx.server.public_addr))
.header("AUTHORIZATION", jwt_token.clone())
.json(&payload)
.send()
.await
.expect("Failed to create a new tenant");
assert_eq!(create_tenant_result.status(), reqwest::StatusCode::OK);

// Send valid APNS p8 Key
let form = reqwest::multipart::Form::new()
.text("apns_type", "token")
.text("apns_topic", "app.test")
.text("apns_key_id", env!("ECHO_TEST_APNS_P8_KEY_ID"))
.text("apns_team_id", env!("ECHO_TEST_APNS_P8_TEAM_ID"))
.part(
"apns_pkcs8_pem",
reqwest::multipart::Part::text(env!("ECHO_TEST_APNS_P8_PEM"))
.file_name("apns.p8")
.mime_str("text/plain")
.expect("Error on passing multipart stream to the form request"),
);
let apns_update_result = client
.post(format!(
"http://{}/tenants/{}/apns",
ctx.server.public_addr, &tenant_id
))
.multipart(form)
.send()
.await
.expect("Failed to call update tenant endpoint");
assert_eq!(apns_update_result.status(), reqwest::StatusCode::OK);
}

#[test_context(EchoServerContext)]
#[tokio::test]
async fn tenant_update_apns_bad_token(ctx: &mut EchoServerContext) {
Expand Down

0 comments on commit 2e6a9fe

Please sign in to comment.