Prefer roots.pem from gRPC-C++, but fall back to Firestore bundled ones if necessary (#2106)

var-const · web-flow · commit 16af0f13d78d · 2018-11-22T16:10:55.000-05:00
gRPC-C++ versions up to and including 0.0.3, and also 0.0.5, don't bundle `roots.pem` in the podspec. gRPC-C++ 0.0.4 and, presumably, the currently not-yet-released 0.0.6 do. Firestore currently also bundles this file under the same bundle name, which leads to build errors when both Firestore and gRPC-C++ try to add the file into the build (only shows during archiving).

For transition, this PR:
* renames the Firestore bundle to avoid naming clash;
* changes the loading code so that it first tries to load certificates bundled with gRPC-C++ (versions 0.0.4 and 0.0.6+), but falls back to those bundled with Firestore if necessary.

At a later point, Firestore should be changed to not bundle the certificates altogether.
diff --git a/FirebaseFirestore.podspec b/FirebaseFirestore.podspec
@@ -50,7 +50,7 @@ Google Cloud Firestore is a NoSQL document database built for automatic scaling,
 
   # TODO(varconst): remove once https://github.com/grpc/grpc/pull/16962 makes it
   # into a release.
-  s.resource_bundles = { 'gRPCCertificates' => ['Firestore/etc/roots.pem'] }
+  s.resource_bundles = { 'gRPCCertificates-Firestore' => ['Firestore/etc/roots.pem'] }
 
   s.dependency 'FirebaseAuthInterop', '~> 1.0'
   s.dependency 'FirebaseCore', '~> 5.1'
diff --git a/Firestore/core/src/firebase/firestore/remote/grpc_root_certificate_finder_apple.mm b/Firestore/core/src/firebase/firestore/remote/grpc_root_certificate_finder_apple.mm
@@ -20,6 +20,7 @@
 
 #include "Firestore/core/src/firebase/firestore/util/filesystem.h"
 #include "Firestore/core/src/firebase/firestore/util/hard_assert.h"
+#include "Firestore/core/src/firebase/firestore/util/log.h"
 #include "Firestore/core/src/firebase/firestore/util/statusor.h"
 
 #import "Firestore/Source/Core/FSTFirestoreClient.h"
@@ -34,19 +35,30 @@
 using util::StringFormat;
 
 std::string LoadGrpcRootCertificate() {
-  // TODO(varconst): uncomment these lines once it's possible to load the
-  // certificate from gRPC-C++ pod.
-  // NSBundle* bundle = [NSBundle bundleWithIdentifier:@"org.cocoapods.grpcpp"];
-  // HARD_ASSERT(bundle, "Could not find grpcpp bundle");
-
-  // `mainBundle` may be nil in certain cases (e.g., unit tests).
-  NSBundle* bundle = [NSBundle bundleForClass:FSTFirestoreClient.class];
-  HARD_ASSERT(bundle, "Could not find Firestore bundle");
-  NSString* path =
-      [bundle pathForResource:@"gRPCCertificates.bundle/roots" ofType:@"pem"];
+  // Try to load certificates bundled by gRPC-C++ if available (depends on
+  // gRPC-C++ version).
+  // Note that `mainBundle` may be nil in certain cases (e.g., unit tests).
+  NSBundle* bundle = [NSBundle bundleWithIdentifier:@"org.cocoapods.grpcpp"];
+  NSString* path;
+  if (bundle) {
+    path =
+        [bundle pathForResource:@"gRPCCertificates.bundle/roots" ofType:@"pem"];
+  }
+  if (path) {
+    LOG_DEBUG("Using roots.pem file from gRPC-C++ pod");
+  } else {
+    // Fall back to the certificates bundled with Firestore if necessary.
+    LOG_DEBUG("Using roots.pem file from Firestore pod");
+
+    bundle = [NSBundle bundleForClass:FSTFirestoreClient.class];
+    HARD_ASSERT(bundle, "Could not find Firestore bundle");
+    path = [bundle pathForResource:@"gRPCCertificates-Firestore.bundle/roots"
+                            ofType:@"pem"];
+  }
+
   HARD_ASSERT(
       path,
-      "Could not load root certificates from the bundle. SSL won't work.");
+      "Could not load root certificates from the bundle. SSL cannot work.");
 
   StatusOr<std::string> certificate = ReadFile(Path::FromNSString(path));
   HARD_ASSERT(
