Skip to content

Prefer roots.pem from gRPC-C++, but fall back to Firestore bundled ones if necessary #2106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Nov 22, 2018
Merged

Prefer roots.pem from gRPC-C++, but fall back to Firestore bundled ones if necessary #2106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5ef1a36
Initial
var-const Nov 21, 2018
929935b
Temporarily downgrade gRPC to 0.0.4
var-const Nov 21, 2018
920de13
Restore 0.0.5
var-const Nov 21, 2018
c066510
Revert unnecessary
var-const Nov 21, 2018
b9887c3
Add logging
var-const Nov 22, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion FirebaseFirestore.podspec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Google Cloud Firestore is a NoSQL document database built for automatic scaling,

# TODO(varconst): remove once https://github.com/grpc/grpc/pull/16962 makes it
# into a release.
s.resource_bundles = { 'gRPCCertificates' => ['Firestore/etc/roots.pem'] }
s.resource_bundles = { 'gRPCCertificates-Firestore' => ['Firestore/etc/roots.pem'] }

s.dependency 'FirebaseAuthInterop', '~> 1.0'
s.dependency 'FirebaseCore', '~> 5.1'
Expand Down
34 changes: 23 additions & 11 deletions Firestore/core/src/firebase/firestore/remote/grpc_root_certificate_finder_apple.mm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@

#include "Firestore/core/src/firebase/firestore/util/filesystem.h"
#include "Firestore/core/src/firebase/firestore/util/hard_assert.h"
#include "Firestore/core/src/firebase/firestore/util/log.h"
#include "Firestore/core/src/firebase/firestore/util/statusor.h"

#import "Firestore/Source/Core/FSTFirestoreClient.h"
Expand All @@ -34,19 +35,30 @@
using util::StringFormat;

std::string LoadGrpcRootCertificate() {
// TODO(varconst): uncomment these lines once it's possible to load the
// certificate from gRPC-C++ pod.
// NSBundle* bundle = [NSBundle bundleWithIdentifier:@"org.cocoapods.grpcpp"];
// HARD_ASSERT(bundle, "Could not find grpcpp bundle");

// `mainBundle` may be nil in certain cases (e.g., unit tests).
NSBundle* bundle = [NSBundle bundleForClass:FSTFirestoreClient.class];
HARD_ASSERT(bundle, "Could not find Firestore bundle");
NSString* path =
[bundle pathForResource:@"gRPCCertificates.bundle/roots" ofType:@"pem"];
// Try to load certificates bundled by gRPC-C++ if available (depends on
// gRPC-C++ version).
// Note that `mainBundle` may be nil in certain cases (e.g., unit tests).
NSBundle* bundle = [NSBundle bundleWithIdentifier:@"org.cocoapods.grpcpp"];
NSString* path;
if (bundle) {
path =
[bundle pathForResource:@"gRPCCertificates.bundle/roots" ofType:@"pem"];
}
if (path) {
LOG_DEBUG("Using roots.pem file from gRPC-C++ pod");
} else {
// Fall back to the certificates bundled with Firestore if necessary.
LOG_DEBUG("Using roots.pem file from Firestore pod");

bundle = [NSBundle bundleForClass:FSTFirestoreClient.class];
HARD_ASSERT(bundle, "Could not find Firestore bundle");
path = [bundle pathForResource:@"gRPCCertificates-Firestore.bundle/roots"
ofType:@"pem"];
}

HARD_ASSERT(
path,
"Could not load root certificates from the bundle. SSL won't work.");
"Could not load root certificates from the bundle. SSL cannot work.");

StatusOr<std::string> certificate = ReadFile(Path::FromNSString(path));
HARD_ASSERT(
Expand Down