From 754cefd48573d3bab7b8c367f33c48447f597d26 Mon Sep 17 00:00:00 2001 From: Phillip Tennen Date: Mon, 27 Nov 2017 12:13:47 -0500 Subject: [PATCH] TSKSPKIHashCache must be passed a non-nil identifier --- TrustKit/Pinning/TSKSPKIHashCache.h | 5 ++--- TrustKit/Pinning/TSKSPKIHashCache.m | 8 +++----- TrustKitTests/TSKPublicKeyAlgorithmTests.m | 5 ----- 3 files changed, 5 insertions(+), 13 deletions(-) diff --git a/TrustKit/Pinning/TSKSPKIHashCache.h b/TrustKit/Pinning/TSKSPKIHashCache.h index 5ed19da2..f0395fa1 100644 --- a/TrustKit/Pinning/TSKSPKIHashCache.h +++ b/TrustKit/Pinning/TSKSPKIHashCache.h @@ -30,13 +30,12 @@ typedef NSMutableDictionary SPKICacheDictionnary; /** Create a new cache of SPKI hashes. The identifier is required to ensure that multiple cache - instances do not attempt to use the same file on disk for persistence. If nil, persistence - will be disabled (not recommended). + instances do not attempt to use the same file on disk for persistence. @param uniqueIdentifier A unique identifier that is stable across app launches/instance creation @return An initialized hash cache. */ -- (instancetype _Nullable)initWithIdentifier:(NSString * _Nullable)uniqueIdentifier NS_DESIGNATED_INITIALIZER; +- (instancetype _Nullable)initWithIdentifier:(NSString*)uniqueIdentifier NS_DESIGNATED_INITIALIZER; /** Get a pin cache for the provided certificate and public key algorithm. The pins diff --git a/TrustKit/Pinning/TSKSPKIHashCache.m b/TrustKit/Pinning/TSKSPKIHashCache.m index 8cf8f2c4..7b267f34 100644 --- a/TrustKit/Pinning/TSKSPKIHashCache.m +++ b/TrustKit/Pinning/TSKSPKIHashCache.m @@ -116,7 +116,9 @@ - (instancetype)initWithIdentifier:(NSString *)uniqueIdentifier // Initialize our locks _lockQueue = dispatch_queue_create("TSKSPKIHashLock", DISPATCH_QUEUE_CONCURRENT); - _spkiCacheFilename = uniqueIdentifier; // if this value is nil, persistence will always fail. + // Ensure a non-nil identifier was provided + NSAssert(uniqueIdentifier, @"TSKSPKIHashCache initializer must be passed a unique identifier"); + _spkiCacheFilename = uniqueIdentifier; // First try to load a cached version from the filesystem _subjectPublicKeyInfoHashesCache = [self loadSPKICacheFromFileSystem]; @@ -278,10 +280,6 @@ - (NSData *)getPublicKeyDataFromCertificate:(SecCertificateRef)certificate - (NSURL *)SPKICachePath { - if (!self.spkiCacheFilename) - { - return nil; - } NSURL *cachesDirUrl = [NSFileManager.defaultManager URLsForDirectory:NSCachesDirectory inDomains:NSUserDomainMask].firstObject; return [cachesDirUrl URLByAppendingPathComponent:self.spkiCacheFilename]; diff --git a/TrustKitTests/TSKPublicKeyAlgorithmTests.m b/TrustKitTests/TSKPublicKeyAlgorithmTests.m index 1a10726a..00891275 100644 --- a/TrustKitTests/TSKPublicKeyAlgorithmTests.m +++ b/TrustKitTests/TSKPublicKeyAlgorithmTests.m @@ -32,24 +32,19 @@ @interface TSKPublicKeyAlgorithmTests : XCTestCase @implementation TSKPublicKeyAlgorithmTests { TSKSPKIHashCache *spkiCache; - TSKSPKIHashCache *nonPersistentSpkiCache; } - (void)setUp { [super setUp]; [spkiCache resetSubjectPublicKeyInfoDiskCache]; - [nonPersistentSpkiCache resetSubjectPublicKeyInfoDiskCache]; spkiCache = [[TSKSPKIHashCache alloc] initWithIdentifier:@"test"]; - nonPersistentSpkiCache = [[TSKSPKIHashCache alloc] initWithIdentifier:nil]; } - (void)tearDown { [spkiCache resetSubjectPublicKeyInfoDiskCache]; - [nonPersistentSpkiCache resetSubjectPublicKeyInfoDiskCache]; spkiCache = nil; - nonPersistentSpkiCache = nil; [super tearDown]; }