fix: deprecation fix (#404)

* fix: deprecation fix * remove AMPURLConnection.m file * refactor to save a bool var
amplitude · Jul 18, 2022 · 2f1203c · 2f1203c
1 parent aba104d
commit 2f1203c
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 335 deletions.
diff --git a/Amplitude.xcodeproj/project.pbxproj b/Amplitude.xcodeproj/project.pbxproj
diff --git a/Sources/Amplitude/AMPURLConnection.h b/Sources/Amplitude/AMPURLConnection.h
diff --git a/Sources/Amplitude/AMPURLConnection.m b/Sources/Amplitude/AMPURLConnection.m
diff --git a/Sources/Amplitude/AMPUtils.m b/Sources/Amplitude/AMPUtils.m
@@ -187,9 +187,11 @@ + (CGFloat)statusBarHeight {
 
 + (UIWindow *)getKeyWindow {
     if (@available(iOS 13.0, *)) {
-        for (UIWindow *window in [[AMPUtils getSharedApplication] windows]) {
-            if ([window isKeyWindow]) {
-                return window;
+        for (UIWindowScene *windowScene in [[AMPUtils getSharedApplication] connectedScenes]) {
+            for (UIWindow *window in [windowScene windows]) {
+                if ([window isKeyWindow]) {
+                    return window;
+                }
             }
         }
         return nil;

diff --git a/Sources/Amplitude/Amplitude.m b/Sources/Amplitude/Amplitude.m
@@ -52,7 +52,6 @@
 #import "AMPConstants.h"
 #import "AMPConfigManager.h"
 #import "AMPDeviceInfo.h"
-#import "AMPURLConnection.h"
 #import "AMPURLSession.h"
 #import "AMPDatabaseHelper.h"
 #import "AMPUtils.h"

diff --git a/Sources/Amplitude/ISPCertificatePinning.m b/Sources/Amplitude/ISPCertificatePinning.m
@@ -99,9 +99,15 @@ + (BOOL)verifyPinnedCertificateForTrust:(SecTrustRef)trust andDomain:(NSString *
         // Unfortunately the anchor/CA certificate cannot be accessed this way
         CFIndex certsNb = SecTrustGetCertificateCount(trust);
         for(int i=0;i<certsNb;i++) {
-
+            SecCertificateRef certificate = nil;
             // Extract the certificate
-            SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, i);
+            if (@available(macOS 12.0, iOS 15.0, *)) {
+                CFArrayRef certs = SecTrustCopyCertificateChain(trust);
+                certificate = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);
+            } else {
+                certificate = SecTrustGetCertificateAtIndex(trust, i);
+            }
+
             NSData *DERCertificate = (__bridge NSData *)SecCertificateCopyData(certificate);
 
             // Compare the two certificates
@@ -126,9 +132,17 @@ + (BOOL)verifyPinnedCertificateForTrust:(SecTrustRef)trust andDomain:(NSString *
         }
         SecTrustSetAnchorCertificates(trust, NULL);
 
-        SecTrustResultType trustResult;
-        SecTrustEvaluate(trust, &trustResult);
-        if (trustResult == kSecTrustResultUnspecified) {
+        BOOL isTrusted = false;
+        if (@available(iOS 12.0, macos 10.14, *)) {
+            CFErrorRef error;
+            isTrusted = SecTrustEvaluateWithError(trust, &error);
+        } else {
+            SecTrustResultType trustResult;
+            SecTrustEvaluate(trust, &trustResult);
+            isTrusted = trustResult == kSecTrustResultUnspecified;
+        }
+
+        if (isTrusted) {
             // The anchor certificate was pinned
             CFRelease(anchorCertificate);
             return YES;

diff --git a/Sources/Amplitude/ISPPinnedNSURLConnectionDelegate.h b/Sources/Amplitude/ISPPinnedNSURLConnectionDelegate.h
diff --git a/Sources/Amplitude/ISPPinnedNSURLConnectionDelegate.m b/Sources/Amplitude/ISPPinnedNSURLConnectionDelegate.m
diff --git a/Sources/Amplitude/ISPPinnedNSURLSessionDelegate.m b/Sources/Amplitude/ISPPinnedNSURLSessionDelegate.m
@@ -20,25 +20,29 @@ - (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticat
 
         SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust];
         NSString *domain = [[challenge protectionSpace] host];
-        SecTrustResultType trustResult;
 
         // Validate the certificate chain with the device's trust store anyway
         // This *might* give use revocation checking
-        SecTrustEvaluate(serverTrust, &trustResult);
-        if (trustResult == kSecTrustResultUnspecified) {
-
+        BOOL isTrusted = false;
+        if (@available(iOS 12.0, macos 10.14, *)) {
+            CFErrorRef error;
+            isTrusted = SecTrustEvaluateWithError(serverTrust, &error);
+        } else {
+            SecTrustResultType trustResult;
+            SecTrustEvaluate(serverTrust, &trustResult);
+            isTrusted = trustResult == kSecTrustResultUnspecified;
+        }
+        if (isTrusted) {
             // Look for a pinned certificate in the server's certificate chain
             if ([ISPCertificatePinning verifyPinnedCertificateForTrust:serverTrust andDomain:domain]) {
 
                 // Found the certificate; continue connecting
                 completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
-            }
-            else {
+            } else {
                 // The certificate wasn't found in the certificate chain; cancel the connection
                 completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
             }
-        }
-        else {
+        } else {
             // Certificate chain validation failed; cancel the connection
             completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
         }