firebase · andrewheard · May 9, 2023 · May 8, 2023
diff --git a/AppCheck.podspec b/AppCheck.podspec
@@ -0,0 +1,108 @@
+Pod::Spec.new do |s|
+  s.name             = 'AppCheck'
+  s.version          = '10.10.0'
+  s.summary          = 'App Check SDK.'
+
+  s.description      = <<-DESC
+  SDK for anti-abuse compatibility.
+                       DESC
+
+  s.homepage         = 'https://firebase.google.com'
+  s.license          = { :type => 'Apache-2.0', :file => 'LICENSE' }
+  s.authors          = 'Google, Inc.'
+
+  s.source           = {
+    :git => 'https://github.com/firebase/firebase-ios-sdk.git',
+    :tag => 'CocoaPods-' + s.version.to_s
+  }
+  s.social_media_url = 'https://twitter.com/Firebase'
+
+  ios_deployment_target = '11.0'
+  osx_deployment_target = '10.13'
+  tvos_deployment_target = '12.0'
+  watchos_deployment_target = '6.0'
+
+  s.swift_version = '5.3'
+
+  s.ios.deployment_target = ios_deployment_target
+  s.osx.deployment_target = osx_deployment_target
+  s.tvos.deployment_target = tvos_deployment_target
+  s.watchos.deployment_target = watchos_deployment_target
+
+  s.cocoapods_version = '>= 1.4.0'
+  s.prefix_header_file = false
+
+  base_dir = "AppCheck/"
+
+  s.source_files = [
+    base_dir + 'Sources/**/*.[mh]',
+    base_dir + 'Interop/*.h',
+    'FirebaseCore/Extension/*.h',
+  ]
+  s.public_header_files = base_dir + 'Sources/Public/AppCheck/*.h'
+
+  s.ios.weak_framework = 'DeviceCheck'
+  s.osx.weak_framework = 'DeviceCheck'
+  s.tvos.weak_framework = 'DeviceCheck'
+
+  s.dependency 'FirebaseCore', '~> 10.0'
+  s.dependency 'PromisesObjC', '~> 2.1'
+  s.dependency 'GoogleUtilities/Environment', '~> 7.8'
+
+  s.pod_target_xcconfig = {
+    'GCC_C_LANGUAGE_STANDARD' => 'c99',
+    'HEADER_SEARCH_PATHS' => '"${PODS_TARGET_SRCROOT}"'
+  }
+
+  # Using environment variable because of the dependency on the unpublished
+  # HeartbeatLoggingTestUtils.
+  if ENV['POD_LIB_LINT_ONLY'] && ENV['POD_LIB_LINT_ONLY'] == '1' then
+    s.test_spec 'unit' do |unit_tests|
+      unit_tests.platforms = {
+        :ios => ios_deployment_target,
+        :osx => osx_deployment_target,
+        :tvos => tvos_deployment_target
+      }
+      unit_tests.source_files = [
+        base_dir + 'Tests/Unit/**/*.[mh]',
+        base_dir + 'Tests/Utils/**/*.[mh]',
+        'SharedTestUtilities/AppCheckFake/*',
+        'SharedTestUtilities/AppCheckBackoffWrapperFake/*',
+        'SharedTestUtilities/Date/*',
+        'SharedTestUtilities/URLSession/*',
+      ]
+
+      unit_tests.resources = base_dir + 'Tests/Fixture/**/*'
+      unit_tests.dependency 'OCMock'
+      unit_tests.dependency 'HeartbeatLoggingTestUtils'
+      unit_tests.requires_app_host = true
+    end
+  end
+
+  s.test_spec 'integration' do |integration_tests|
+    integration_tests.platforms = {
+      :ios => ios_deployment_target,
+      :osx => osx_deployment_target,
+      :tvos => tvos_deployment_target
+    }
+    integration_tests.source_files = [
+      base_dir + 'Tests/Integration/**/*.[mh]',
+      base_dir + 'Tests/Integration/**/*.[mh]',
+    ]
+    integration_tests.resources = base_dir + 'Tests/Fixture/**/*'
+    integration_tests.requires_app_host = true
+  end
+
+  s.test_spec 'swift-unit' do |swift_unit_tests|
+    swift_unit_tests.platforms = {
+      :ios => ios_deployment_target,
+      :osx => osx_deployment_target,
+      :tvos => tvos_deployment_target
+    }
+    swift_unit_tests.source_files = [
+      base_dir + 'Tests/Unit/Swift/**/*.swift',
+      base_dir + 'Tests/Unit/Swift/**/*.h',
+    ]
+  end
+
+end
diff --git a/AppCheck/CHANGELOG.md b/AppCheck/CHANGELOG.md
@@ -0,0 +1,2 @@
+# unreleased
+- [added] Add generic (non-Firebase) App Check SDK.
diff --git a/AppCheck/Interop/CMakeLists.txt b/AppCheck/Interop/CMakeLists.txt
@@ -0,0 +1,27 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if(NOT APPLE)
+  return()
+endif()
+
+file(GLOB headers *.h)
+firebase_ios_generate_dummy_source(AppCheckInterop sources)
+
+firebase_ios_add_framework(
+  AppCheckInterop DISABLE_STRICT_WARNINGS EXCLUDE_FROM_ALL
+  ${headers} ${sources}
+)
+
+firebase_ios_framework_public_headers(AppCheckInterop ${headers})
diff --git a/AppCheck/Interop/GACAppCheckInterop.h b/AppCheck/Interop/GACAppCheckInterop.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+
+@protocol GACAppCheckTokenResultInterop;
+
+NS_ASSUME_NONNULL_BEGIN
+
+NS_SWIFT_NAME(InternalAppCheckTokenHandlerInterop)
+typedef void (^GACAppCheckTokenHandlerInterop)(id<GACAppCheckTokenResultInterop> tokenResult);
+
+NS_SWIFT_NAME(InternalAppCheckInterop) @protocol GACAppCheckInterop
+
+/// Retrieve a cached or generate a new FAA Token. If forcingRefresh == YES always generates a new
+/// token and updates the cache.
+- (void)getTokenForcingRefresh:(BOOL)forcingRefresh
+                    completion:(GACAppCheckTokenHandlerInterop)handler
+    NS_SWIFT_NAME(getToken(forcingRefresh:completion:));
+
+/// A notification with the specified name is sent to the default notification center
+/// (`NotificationCenter.default`) each time a Firebase app check token is refreshed.
+/// The user info dictionary contains `-[self notificationTokenKey]` and
+/// `-[self notificationAppNameKey]` keys.
+- (NSString *)tokenDidChangeNotificationName;
+
+/// `userInfo` key for the FAC token in a notification for `tokenDidChangeNotificationName`.
+- (NSString *)notificationTokenKey;
+/// `userInfo` key for the `FirebaseApp.name` in a notification for
+/// `tokenDidChangeNotificationName`.
+- (NSString *)notificationAppNameKey;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff --git a/AppCheck/Interop/GACAppCheckTokenResultInterop.h b/AppCheck/Interop/GACAppCheckTokenResultInterop.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@protocol GACAppCheckTokenResultInterop <NSObject>
+
+/// App Check token in the case of success or a dummy token in the case of a failure.
+/// In general, the value of the token should always be set to the request header.
+@property(nonatomic, readonly) NSString *token;
+
+/// A token fetch error in the case of a failure or `nil` in the case of success.
+@property(nonatomic, readonly, nullable) NSError *error;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff --git a/AppCheck/Interop/dummy.m b/AppCheck/Interop/dummy.m
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Swift Package Manager needs at least one source file.
diff --git a/AppCheck/Sources/AppAttestProvider/API/GACAppAttestAPIService.h b/AppCheck/Sources/AppAttestProvider/API/GACAppAttestAPIService.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+
+@class FBLPromise<Result>;
+@class FIRAppAttestAttestationResponse;
+@class GACAppCheckToken;
+@protocol GACAppCheckAPIServiceProtocol;
+
+NS_ASSUME_NONNULL_BEGIN
+
+/// Methods to send API requests required for App Attest based attestation sequence.
+@protocol FIRAppAttestAPIServiceProtocol <NSObject>
+
+/// Request a random challenge from server.
+- (FBLPromise<NSData *> *)getRandomChallenge;
+
+/// Sends attestation data to Firebase backend for validation.
+/// @param attestation The App Attest key attestation data obtained from the method
+/// `-[DCAppAttestService attestKey:clientDataHash:completionHandler:]` using the random challenge
+/// received from Firebase backend.
+/// @param keyID The key ID used to generate the attestation.
+/// @param challenge The challenge used to generate the attestation.
+/// @return A promise that is fulfilled with a response object with an encrypted attestation
+/// artifact and an Firebase App Check token or rejected with an error.
+- (FBLPromise<FIRAppAttestAttestationResponse *> *)attestKeyWithAttestation:(NSData *)attestation
+                                                                      keyID:(NSString *)keyID
+                                                                  challenge:(NSData *)challenge;
+
+/// Exchanges attestation data (artifact & assertion) and a challenge for a FAC token.
+- (FBLPromise<GACAppCheckToken *> *)getAppCheckTokenWithArtifact:(NSData *)artifact
+                                                       challenge:(NSData *)challenge
+                                                       assertion:(NSData *)assertion;
+
+@end
+
+/// A default implementation of `FIRAppAttestAPIServiceProtocol`.
+@interface FIRAppAttestAPIService : NSObject <FIRAppAttestAPIServiceProtocol>
+
+/// Default initializer.
+/// @param APIService An instance implementing `GACAppCheckAPIServiceProtocol` to be used to send
+/// network requests to Firebase App Check backend.
+/// @param projectID A Firebase project ID for the requests (`FIRApp.options.projectID`).
+/// @param appID A Firebase app ID for the requests (`FIRApp.options.googleAppID`).
+- (instancetype)initWithAPIService:(id<GACAppCheckAPIServiceProtocol>)APIService
+                         projectID:(NSString *)projectID
+                             appID:(NSString *)appID;
+
+@end
+
+NS_ASSUME_NONNULL_END
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# unreleased
		- [added] Add generic (non-Firebase) App Check SDK.