Sesame-iOS/Sesame/Common/Client.swift

import Foundation
import CryptoKit

final class Client {
    
    private let localRequestRoute = "message"
    
    private let urlMessageParameter = "m"
    
    init() {}
    
    func send(_ message: Message, to url: String, through route: TransmissionType, using keys: KeySet) async -> ServerResponse {
        let sentTime = Date.now
        let signedMessage = message.authenticate(using: keys.remote)
        let response: Message
        switch route {
        case .throughServer:
            response = await send(signedMessage, toServerUrl: url, authenticateWith: keys.server, verifyUsing: keys.device)
            
        case .overLocalWifi:
            response = await send(signedMessage, toLocalDeviceUrl: url, verifyUsing: keys.device)
        }
        let receivedTime = Date.now
        // Create best guess for creation of challenge.
        let roundTripTime = receivedTime.timeIntervalSince(sentTime)
        let serverChallenge = ServerChallenge(
            creationDate: sentTime.addingTimeInterval(roundTripTime / 2),
            message: response)
        
        // Validate message content
        guard response.result == .messageAccepted else {
            print("Failure: \(response)")
            return (response, nil)
        }
        
        guard response.clientChallenge == message.clientChallenge else {
            print("Invalid client challenge: \(response)")
            return (response.with(result: .invalidClientChallengeFromDevice), nil)
        }
        return (response, serverChallenge)
    }

    
    private func send(_ message: SignedMessage, toLocalDeviceUrl server: String, verifyUsing deviceKey: SymmetricKey) async -> Message {
        let data = message.encoded.hexEncoded
        guard let url = URL(string: server)?.appendingPathComponent("\(localRequestRoute)?\(urlMessageParameter)=\(data)") else {
            return message.message.with(result: .serverUrlInvalid)
        }
        
        var request = URLRequest(url: url)
        request.httpMethod = "POST"
        request.timeoutInterval = 10
        return await perform(request, inResponseTo: message.message, verifyUsing: deviceKey)
    }
    
    private func send(_ message: SignedMessage, toServerUrl server: String, authenticateWith authToken: Data, verifyUsing deviceKey: SymmetricKey) async -> Message {
        guard let url = URL(string: server)?.appendingPathComponent(SesameRoute.postMessage.rawValue) else {
            return message.message.with(result: .serverUrlInvalid)
        }
        
        var request = URLRequest(url: url)
        request.httpBody = message.encoded
        request.httpMethod = "POST"
        request.timeoutInterval = 10
        request.addValue(authToken.hexEncoded, forHTTPHeaderField: SesameHeader.authenticationHeader)
        return await perform(request, inResponseTo: message.message, verifyUsing: deviceKey)
    }
    
    private func perform(_ request: URLRequest, inResponseTo message: Message, verifyUsing deviceKey: SymmetricKey) async -> Message {
        let (response, responseData) = await fulfill(request)
        guard response == .messageAccepted, let data = responseData else {
            return message.with(result: response)
        }
        guard data.count == SignedMessage.size else {
            print("[WARN] Received message with \(data.count) bytes (\(Array(data)))")
            return message.with(result: .invalidMessageSizeFromDevice)
        }
        let decodedMessage: SignedMessage
        do {
            decodedMessage = try SignedMessage(decodeFrom: data)
        } catch {
            return message.with(result: error as! MessageResult)
        }
        guard decodedMessage.isValid(using: deviceKey) else {
            return message.with(result: .invalidSignatureFromDevice)
        }
        return decodedMessage.message
    }
    
    private func fulfill(_ request: URLRequest) async -> (response: MessageResult, data: Data?) {
        do {
            let (data, response) = try await URLSession.shared.data(for: request)
            guard let code = (response as? HTTPURLResponse)?.statusCode else {
                return (.unexpectedUrlResponseType, nil)
            }
            return (.init(httpCode: code), data)
        } catch {
            print("Request failed: \(error)")
            return (.deviceTimedOut, nil)
        }
    }
}
Initial version 2022-01-29 18:59:42 +01:00			`import Foundation`
			`import CryptoKit`

Add option to connect locally to device 2023-04-11 18:18:31 +02:00			`final class Client {`
Initial version 2022-01-29 18:59:42 +01:00
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`private let localRequestRoute = "message"`

			`private let urlMessageParameter = "m"`
Initial version 2022-01-29 18:59:42 +01:00
Add option to connect locally to device 2023-04-11 18:18:31 +02:00			`init() {}`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00
			`func send(_ message: Message, to url: String, through route: TransmissionType, using keys: KeySet) async -> ServerResponse {`
			`let sentTime = Date.now`
			`let signedMessage = message.authenticate(using: keys.remote)`
			`let response: Message`
			`switch route {`
			`case .throughServer:`
			`response = await send(signedMessage, toServerUrl: url, authenticateWith: keys.server, verifyUsing: keys.device)`

			`case .overLocalWifi:`
			`response = await send(signedMessage, toLocalDeviceUrl: url, verifyUsing: keys.device)`
			`}`
			`let receivedTime = Date.now`
			`// Create best guess for creation of challenge.`
			`let roundTripTime = receivedTime.timeIntervalSince(sentTime)`
			`let serverChallenge = ServerChallenge(`
			`creationDate: sentTime.addingTimeInterval(roundTripTime / 2),`
			`message: response)`

			`// Validate message content`
			`guard response.result == .messageAccepted else {`
			`print("Failure: \(response)")`
			`return (response, nil)`
			`}`

			`guard response.clientChallenge == message.clientChallenge else {`
			`print("Invalid client challenge: \(response)")`
			`return (response.with(result: .invalidClientChallengeFromDevice), nil)`
			`}`
			`return (response, serverChallenge)`
Add option to connect locally to device 2023-04-11 18:18:31 +02:00			`}`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00
Add option to connect locally to device 2023-04-11 18:18:31 +02:00
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`private func send(_ message: SignedMessage, toLocalDeviceUrl server: String, verifyUsing deviceKey: SymmetricKey) async -> Message {`
Add option to connect locally to device 2023-04-11 18:18:31 +02:00			`let data = message.encoded.hexEncoded`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`guard let url = URL(string: server)?.appendingPathComponent("\(localRequestRoute)?\(urlMessageParameter)=\(data)") else {`
			`return message.message.with(result: .serverUrlInvalid)`
Add option to connect locally to device 2023-04-11 18:18:31 +02:00			`}`

			`var request = URLRequest(url: url)`
			`request.httpMethod = "POST"`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`request.timeoutInterval = 10`
			`return await perform(request, inResponseTo: message.message, verifyUsing: deviceKey)`
Add option to connect locally to device 2023-04-11 18:18:31 +02:00			`}`

Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`private func send(_ message: SignedMessage, toServerUrl server: String, authenticateWith authToken: Data, verifyUsing deviceKey: SymmetricKey) async -> Message {`
			`guard let url = URL(string: server)?.appendingPathComponent(SesameRoute.postMessage.rawValue) else {`
			`return message.message.with(result: .serverUrlInvalid)`
Add option to connect locally to device 2023-04-11 18:18:31 +02:00			`}`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00
Initial version 2022-01-29 18:59:42 +01:00			`var request = URLRequest(url: url)`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`request.httpBody = message.encoded`
Initial version 2022-01-29 18:59:42 +01:00			`request.httpMethod = "POST"`
Clean code and add network timeout 2023-08-09 16:27:34 +02:00			`request.timeoutInterval = 10`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`request.addValue(authToken.hexEncoded, forHTTPHeaderField: SesameHeader.authenticationHeader)`
			`return await perform(request, inResponseTo: message.message, verifyUsing: deviceKey)`
Add option to connect locally to device 2023-04-11 18:18:31 +02:00			`}`

Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`private func perform(_ request: URLRequest, inResponseTo message: Message, verifyUsing deviceKey: SymmetricKey) async -> Message {`
			`let (response, responseData) = await fulfill(request)`
			`guard response == .messageAccepted, let data = responseData else {`
			`return message.with(result: response)`
Move to new key system 2022-04-09 17:43:33 +02:00			`}`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`guard data.count == SignedMessage.size else {`
			`print("[WARN] Received message with \(data.count) bytes (\(Array(data)))")`
			`return message.with(result: .invalidMessageSizeFromDevice)`
Move to new key system 2022-04-09 17:43:33 +02:00			`}`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`let decodedMessage: SignedMessage`
			`do {`
			`decodedMessage = try SignedMessage(decodeFrom: data)`
			`} catch {`
			`return message.with(result: error as! MessageResult)`
Initial version 2022-01-29 18:59:42 +01:00			`}`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`guard decodedMessage.isValid(using: deviceKey) else {`
			`return message.with(result: .invalidSignatureFromDevice)`
Move to new key system 2022-04-09 17:43:33 +02:00			`}`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`return decodedMessage.message`
Initial version 2022-01-29 18:59:42 +01:00			`}`

Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`private func fulfill(_ request: URLRequest) async -> (response: MessageResult, data: Data?) {`
Initial version 2022-01-29 18:59:42 +01:00			`do {`
			`let (data, response) = try await URLSession.shared.data(for: request)`
			`guard let code = (response as? HTTPURLResponse)?.statusCode else {`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`return (.unexpectedUrlResponseType, nil)`
Initial version 2022-01-29 18:59:42 +01:00			`}`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`return (.init(httpCode: code), data)`
Initial version 2022-01-29 18:59:42 +01:00			`} catch {`
			`print("Request failed: \(error)")`
Challenge-response, SwiftData, new UI 2023-12-12 17:33:42 +01:00			`return (.deviceTimedOut, nil)`
Initial version 2022-01-29 18:59:42 +01:00			`}`
			`}`
			`}`