Added authentication token provider support

Author: polyitan

Sources/SwiftyAPNS/CertificateProvider.swift

@@ -0,0 +1,115 @@
+//
+//  CertificateProvider.swift
+//  SwiftyAPNS
+//
+//  Created by Sergii Tkachenko on 11.08.2020.
+//  Copyright © 2020 Sergii Tkachenko. All rights reserved.
+//
+
+import Foundation
+
+private enum APNSCertificateProviderError: LocalizedError {
+    
+    case badUrl
+    case encodePayload
+    case parseResponce
+    case emptyData
+    
+    public var errorDescription: String? {
+        switch self {
+        case .badUrl: return
+            "The url was invalid"
+        case .encodePayload: return
+            "Can't encode payload"
+        case .parseResponce: return
+            "Can't parse responce"
+        case .emptyData: return
+            "Empty data"
+        }
+    }
+}
+
+open class APNSCertificateProvider: NSObject, APNSSendMessageProtocol {
+    
+    private var identity: SecIdentity
+    private var sesion: URLSession?
+    
+    public init(identity: SecIdentity, sandbox: Bool = true, configuration: URLSessionConfiguration = URLSessionConfiguration.default, qeue: OperationQueue = OperationQueue.main) {
+        self.identity = identity
+        super.init()
+        self.sesion = URLSession.init(configuration: configuration, delegate: self, delegateQueue: qeue)
+    }
+    
+    public func push(_ notification: APNSNotification, completion: @escaping (Result<APNSResponse, Error>) -> Void) {
+        
+        let options = notification.options
+        var components = URLComponents()
+        components.scheme = "https"
+        components.host = options.url
+        components.path = "/3/device/\(notification.token)"
+        guard let url = components.url else {
+            completion(.failure(APNSCertificateProviderError.badUrl))
+            return
+        }
+        
+        var request = URLRequest.init(url: url)
+        request.httpMethod = "POST"
+        if let port = options.port {
+            components.port = port.rawValue
+        }
+        request.applyOptions(options)
+        
+        let encoder = JSONEncoder()
+        encoder.outputFormatting = .prettyPrinted
+        do {
+            let payload = try encoder.encode(notification.payload)
+            request.httpBody = payload
+        } catch {
+            completion(.failure(APNSCertificateProviderError.encodePayload))
+            return
+        }
+        
+        let task = self.sesion?.dataTask(with: request) { (data, responce, error) in
+            if let error = error {
+                completion(.failure(error))
+            } else if let responce = responce as? HTTPURLResponse, let data = data {
+                if let apnsStatus = APNSStatus(code: responce.statusCode),
+                    let apnsId = responce.allHeaderFields["apns-id"] as? String
+                {
+                    let decoder = JSONDecoder()
+                    let reason = try? decoder.decode(APNSError.self, from: data)
+                    let apnsResponce = APNSResponse(status: apnsStatus, apnsId: apnsId, reason: reason)
+                    completion(.success(apnsResponce))
+                } else {
+                    completion(.failure(APNSCertificateProviderError.parseResponce))
+                }
+            } else {
+                completion(.failure(APNSCertificateProviderError.emptyData))
+            }
+        }
+        task?.resume()
+    }
+}
+
+extension APNSCertificateProvider: URLSessionDelegate {
+    public func urlSession(_ session: URLSession, didBecomeInvalidWithError error: Error?) {
+        if let error = error {
+            print("Error: \(error)")
+        }
+    }
+    
+    public func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Swift.Void) {
+        var certificate: SecCertificate?
+        _ = withUnsafeMutablePointer(to: &certificate) {
+            SecIdentityCopyCertificate(self.identity, UnsafeMutablePointer($0))
+        }
+        
+        var certificates = [SecCertificate]()
+        if let cert = certificate {
+            certificates.append(cert)
+        }
+        
+        let cred = URLCredential.init(identity: self.identity, certificates: certificates, persistence: .forSession)
+        completionHandler(.useCredential, cred)
+    }
+}

Sources/SwiftyAPNS/Extensions/Data+Extensions.swift

@@ -0,0 +1,163 @@
+//
+//  Data+Extensions.swift
+//  SwiftyAPNS
+//
+//  Created by Sergii Tkachenko on 12.08.2020.
+//  Copyright © 2020 Sergii Tkachenko. All rights reserved.
+//
+
+import Foundation
+
+public typealias ASN1 = Data
+
+public enum ASN1Error: LocalizedError {
+    
+    case invalidAsn1
+    
+    public var errorDescription: String? {
+        switch self {
+        case .invalidAsn1:
+            return "The ASN.1 data has invalid format."
+        }
+    }
+}
+
+extension ASN1 {
+    private indirect enum ASN1Element {
+        case seq(elements: [ASN1Element])
+        case integer(int: Int)
+        case bytes(data: Data)
+        case constructed(tag: Int, elem: ASN1Element)
+        case unknown
+    }
+    
+    public func toECKeyData() throws -> ECKeyData {
+        let (result, _) = self.toASN1Element()
+
+        guard case let ASN1Element.seq(elements: es) = result,
+            case let ASN1Element.bytes(data: privateOctest) = es[2] else {
+                throw ASN1Error.invalidAsn1
+        }
+
+        let (octest, _) = privateOctest.toASN1Element()
+        guard case let ASN1Element.seq(elements: seq) = octest,
+            case let ASN1Element.bytes(data: privateKeyData) = seq[1],
+            case let ASN1Element.constructed(tag: _, elem: publicElement) = seq[3],
+            case let ASN1Element.bytes(data: publicKeyData) = publicElement else {
+                throw ASN1Error.invalidAsn1
+        }
+
+        let keyData = (publicKeyData.drop(while: { $0 == 0x00}) + privateKeyData)
+        return keyData
+    }
+
+    // SecKeyCreateSignature seems to sometimes return a leading zero; strip it out
+    private func dropLeadingBytes() -> Data {
+        if self.count == 33 {
+            return self.dropFirst()
+        }
+        return self
+    }
+
+    /// Convert an ASN.1 format EC signature returned by commoncrypto into a raw 64bit signature
+    public func toRawSignature() throws -> Data {
+        let (result, _) = self.toASN1Element()
+
+        guard case let ASN1Element.seq(elements: es) = result,
+            case let ASN1Element.bytes(data: sigR) = es[0],
+            case let ASN1Element.bytes(data: sigS) = es[1] else {
+                throw ASN1Error.invalidAsn1
+        }
+
+        let rawSig =  sigR.dropLeadingBytes() + sigS.dropLeadingBytes()
+        return rawSig
+    }
+
+    private func readLength() -> (Int, Int) {
+        if self[0] & 0x80 == 0x00 { // short form
+            return (Int(self[0]), 1)
+        } else {
+            let lenghOfLength = Int(self[0] & 0x7F)
+            var result: Int = 0
+            for i in 1..<(1 + lenghOfLength) {
+                result = 256 * result + Int(self[i])
+            }
+            return (result, 1 + lenghOfLength)
+        }
+    }
+
+    private func toASN1Element() -> (ASN1Element, Int) {
+        guard self.count >= 2 else {
+            // format error
+            return (.unknown, self.count)
+        }
+
+        switch self[0] {
+        case 0x30: // sequence
+            let (length, lengthOfLength) = self.advanced(by: 1).readLength()
+            var result: [ASN1Element] = []
+            var subdata = self.advanced(by: 1 + lengthOfLength)
+            var alreadyRead = 0
+
+            while alreadyRead < length {
+                let (e, l) = subdata.toASN1Element()
+                result.append(e)
+                subdata = subdata.count > l ? subdata.advanced(by: l) : Data()
+                alreadyRead += l
+            }
+            return (.seq(elements: result), 1 + lengthOfLength + length)
+
+        case 0x02: // integer
+            let (length, lengthOfLength) = self.advanced(by: 1).readLength()
+            if (length < 8) {
+                var result: Int = 0
+                let subdata = self.advanced(by: 1 + lengthOfLength)
+                // ignore negative case
+                for i in 0..<length {
+                    result = 256 * result + Int(subdata[i])
+                }
+                return (.integer(int: result), 1 + lengthOfLength + length)
+            }
+            // number is too large to fit in Int; return the bytes
+            return (.bytes(data: self.subdata(in: (1 + lengthOfLength) ..< (1 + lengthOfLength + length))), 1 + lengthOfLength + length)
+
+
+        case let s where (s & 0xe0) == 0xa0: // constructed
+            let tag = Int(s & 0x1f)
+            let (length, lengthOfLength) = self.advanced(by: 1).readLength()
+            let subdata = self.advanced(by: 1 + lengthOfLength)
+            let (e, _) = subdata.toASN1Element()
+            return (.constructed(tag: tag, elem: e), 1 + lengthOfLength + length)
+
+        default: // octet string
+            let (length, lengthOfLength) = self.advanced(by: 1).readLength()
+            return (.bytes(data: self.subdata(in: (1 + lengthOfLength) ..< (1 + lengthOfLength + length))), 1 + lengthOfLength + length)
+        }
+    }
+}
+
+public typealias ECKeyData = Data
+
+extension ECKeyData {
+    public func toPrivateKey() throws -> ECPrivateKey {
+        var error: Unmanaged<CFError>? = nil
+        guard let privateKey =
+            SecKeyCreateWithData(self as CFData,
+                                 [kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
+                                  kSecAttrKeyClass: kSecAttrKeyClassPrivate,
+                                  kSecAttrKeySizeInBits: 256] as CFDictionary,
+                                 &error) else {
+                                    throw error!.takeRetainedValue()
+        }
+        return privateKey
+    }
+}
+
+extension Data {
+    func base64EncodedURLString() -> String {
+        return base64EncodedString()
+            .replacingOccurrences(of: "=", with: "")
+            .replacingOccurrences(of: "+", with: "-")
+            .replacingOccurrences(of: "/", with: "_")
+    }
+}

Sources/SwiftyAPNS/Extensions/SecIdentity+Extensions.swift

@@ -0,0 +1,32 @@
+//
+//  SecIdentity+Extensions.swift
+//  SwiftyAPNS
+//
+//  Created by Sergii Tkachenko on 12.08.2020.
+//  Copyright © 2020 Sergii Tkachenko. All rights reserved.
+//
+
+import Foundation
+
+extension SecIdentity {
+    public func name() -> String {
+        var result = ""
+        var certificate: SecCertificate?
+        _ = withUnsafeMutablePointer(to: &certificate) {
+            SecIdentityCopyCertificate(self, UnsafeMutablePointer($0))
+        }
+        
+        if let cert = certificate {
+            var cfName: CFString?
+            _ = withUnsafeMutablePointer(to: &cfName) {
+                SecCertificateCopyCommonName(cert, UnsafeMutablePointer($0))
+            }
+            if let neme = cfName {
+                result = neme as String
+            } else if let description = SecCertificateCopyLongDescription(nil, cert, nil) {
+                result = description as String
+            }
+        }
+        return result
+    }
+}

Sources/SwiftyAPNS/Extensions/SecKey+Extensions.swift

@@ -0,0 +1,52 @@
+//
+//  SecKey+Extensions.swift
+//  SwiftyAPNS
+//
+//  Created by Sergii Tkachenko on 12.08.2020.
+//  Copyright © 2020 Sergii Tkachenko. All rights reserved.
+//
+
+import Foundation
+import CommonCrypto
+
+public typealias ECPrivateKey = SecKey
+
+public enum ECPrivateKeyError: LocalizedError {
+    
+    case digestDataCorruption
+    case keyNotSupportES256Signing
+    
+    public var errorDescription: String? {
+        switch self {
+        case .digestDataCorruption:
+            return "Internal error."
+        case .keyNotSupportES256Signing:
+            return "The private key does not support ES256 signing"
+        }
+    }
+}
+
+extension ECPrivateKey {
+    public func es256Sign(digest: String) throws -> String {
+        guard let message = digest.data(using: .utf8) else {
+            throw ECPrivateKeyError.digestDataCorruption
+        }
+
+        var hash = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH))
+        CC_SHA256((message as NSData).bytes, CC_LONG(message.count), &hash)
+        
+        let digestData = Data(hash)
+        let algorithm = SecKeyAlgorithm.ecdsaSignatureDigestX962SHA256
+        guard SecKeyIsAlgorithmSupported(self, .sign, algorithm) else {
+            throw ECPrivateKeyError.keyNotSupportES256Signing
+        }
+
+        var error: Unmanaged<CFError>? = nil
+        guard let signature = SecKeyCreateSignature(self, algorithm, digestData as CFData, &error) else {
+            throw error!.takeRetainedValue()
+        }
+
+        let rawSignature = try (signature as ASN1).toRawSignature()
+        return rawSignature.base64EncodedURLString()
+    }
+}