santactl/sync: Update logging

2026-04-24 03:00:12 -04:00 · 2015-04-01 16:15:14 -04:00
parent 4231781178
commit 2486cfdcff
7 changed files with 32 additions and 17 deletions
--- a/Source/common/SNTLogging.m
+++ b/Source/common/SNTLogging.m
@@ -58,6 +58,6 @@ void logMessage(int level, FILE *destination, NSString *format, ...) {
    }

    fprintf(destination, "%s\n", [[NSString stringWithFormat:@"[%@] %@ %@: %@",
-               [dateFormatter stringFromDate:[NSDate date]], levelName, binaryName, s] UTF8String]);
+            [dateFormatter stringFromDate:[NSDate date]], levelName, binaryName, s] UTF8String]);
  }
 }
--- a/Source/santactl/sync/SNTAuthenticatingURLSession.m
+++ b/Source/santactl/sync/SNTAuthenticatingURLSession.m
@@ -68,13 +68,13 @@
  }

  if (![protectionSpace.protocol isEqual:NSURLProtectionSpaceHTTPS]) {
-    LOGD(@"Protection Space: %@ is not a secure protocol", protectionSpace.protocol);
+    LOGE(@"%@ is not a secure protocol", protectionSpace.protocol);
    completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
    return;
  }

  if (!protectionSpace.receivesCredentialSecurely) {
-    LOGD(@"Protection Space: secure authentication or protocol cannot be established.");
+    LOGE(@"Secure authentication or protocol cannot be established.");
    completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
    return;
  }
@@ -97,7 +97,7 @@
      completionHandler(NSURLSessionAuthChallengeUseCredential, cred);
      return;
    } else {
-      LOGE(@"Server asked for client authentication but no usable client certificate found.");
+      LOGE(@"Unable to verify server identity.");
      completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
      return;
    }
@@ -142,7 +142,7 @@
    NSError *error;
    NSData *data = [NSData dataWithContentsOfFile:self.clientCertFile options:0 error:&error];
    if (error) {
-      LOGE(@"Client Trust: Couldn't open client certificate %@: %@",
+      LOGD(@"Client Trust: Couldn't open client certificate %@: %@",
           self.clientCertFile,
           [error localizedDescription]);
      return nil;
@@ -158,7 +158,7 @@
    NSArray *identities = CFBridgingRelease(cfIdentities);

    if (err != errSecSuccess) {
-      LOGE(@"Client Trust: Couldn't load client certificate %@: %d", self.clientCertFile, err);
+      LOGD(@"Client Trust: Couldn't load client certificate %@: %d", self.clientCertFile, err);
      return nil;
    }

@@ -230,7 +230,10 @@
  }

  if (foundIdentity) {
-    LOGD(@"Client Trust: Valid client identity %@.", foundIdentity);
+    SecCertificateRef certificate = NULL;
+    err = SecIdentityCopyCertificate(foundIdentity, &certificate);
+    SNTCertificate *clientCert = [[SNTCertificate alloc] initWithSecCertificateRef:certificate];
+    LOGD(@"Client Trust: Valid client identity %@.", clientCert);
    NSURLCredential *cred =
        [NSURLCredential credentialWithIdentity:foundIdentity
                                   certificates:nil
@@ -278,7 +281,7 @@
    // Set this array of certs as the anchors to trust.
    err = SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)certRefs);
    if (err != errSecSuccess) {
-      LOGE(@"Server Trust: Could not set anchor certificates: %d", err);
+      LOGD(@"Server Trust: Could not set anchor certificates: %d", err);
      return nil;
    }
  }
@@ -287,7 +290,7 @@
  SecTrustResultType result = kSecTrustResultInvalid;
  err = SecTrustEvaluate(serverTrust, &result);
  if (err != errSecSuccess) {
-    LOGE(@"Server Trust: Unable to evaluate certificate chain for server: %d", err);
+    LOGD(@"Server Trust: Unable to evaluate certificate chain for server: %d", err);
    return nil;
  }

@@ -301,7 +304,7 @@
  // Having a trust level "unspecified" by the user is the usual result, described at
  // https://developer.apple.com/library/mac/qa/qa1360
  if (result != kSecTrustResultProceed && result != kSecTrustResultUnspecified) {
-    LOGE(@"Server Trust: Server isn't trusted. SecTrustResultType: %d", result);
+    LOGD(@"Server Trust: Server isn't trusted. SecTrustResultType: %d", result);
    return nil;
  }

--- a/Source/santactl/sync/SNTCommandSync.m
+++ b/Source/santactl/sync/SNTCommandSync.m
@@ -118,6 +118,8 @@ REGISTER_COMMAND_NAME(@"sync");
  if (!s.progress.syncBaseURL) {
    LOGE(@"Missing SyncBaseURL. Can't sync without it.");
    exit(1);
+  } else if (![s.progress.syncBaseURL.scheme isEqual:@"https"]) {
+    LOGW(@"SyncBaseURL is not over HTTPS!");
  }
  authURLSession.serverHostname = s.progress.syncBaseURL.host;

--- a/Source/santactl/sync/SNTCommandSyncEventUpload.m
+++ b/Source/santactl/sync/SNTCommandSyncEventUpload.m
@@ -102,8 +102,11 @@
  [[session dataTaskWithRequest:req completionHandler:^(NSData *data,
                                                        NSURLResponse *response,
                                                        NSError *error) {
-      if ([(NSHTTPURLResponse *)response statusCode] != 200) {
-        LOGD(@"HTTP Response Code: %d", [(NSHTTPURLResponse *)response statusCode]);
+      long statusCode = [(NSHTTPURLResponse *)response statusCode];
+      if (statusCode != 200) {
+          LOGE(@"HTTP Response: %d %@",
+               statusCode,
+               [[NSHTTPURLResponse localizedStringForStatusCode:statusCode] capitalizedString]);
        handler(NO);
      } else {
        LOGI(@"Uploaded %d events", eventIds.count);
--- a/Source/santactl/sync/SNTCommandSyncLogUpload.m
+++ b/Source/santactl/sync/SNTCommandSyncLogUpload.m
@@ -61,8 +61,11 @@
  [[session uploadTaskWithRequest:req
                         fromData:reqBody
                completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
-      if ([(NSHTTPURLResponse *)response statusCode] != 200) {
-        LOGD(@"HTTP Response Code: %d", [(NSHTTPURLResponse *)response statusCode]);
+      long statusCode = [(NSHTTPURLResponse *)response statusCode];
+      if (statusCode != 200) {
+        LOGE(@"HTTP Response: %d %@",
+             statusCode,
+             [[NSHTTPURLResponse localizedStringForStatusCode:statusCode] capitalizedString]);
        handler(NO);
      } else {
        LOGI(@"Uploaded %d logs", [logsToUpload count]);
--- a/Source/santactl/sync/SNTCommandSyncPostflight.m
+++ b/Source/santactl/sync/SNTCommandSyncPostflight.m
@@ -33,8 +33,11 @@
  [[session dataTaskWithRequest:req completionHandler:^(NSData *data,
                                                        NSURLResponse *response,
                                                        NSError *error) {
-    if ([(NSHTTPURLResponse *)response statusCode] != 200) {
-      LOGD(@"HTTP Response Code: %d", [(NSHTTPURLResponse *)response statusCode]);
+    long statusCode = [(NSHTTPURLResponse *)response statusCode];
+    if (statusCode != 200) {
+      LOGE(@"HTTP Response: %d %@",
+           statusCode,
+           [[NSHTTPURLResponse localizedStringForStatusCode:statusCode] capitalizedString]);
      handler(NO);
    } else {
      handler(YES);
--- a/Source/santactl/sync/SNTCommandSyncPreflight.m
+++ b/Source/santactl/sync/SNTCommandSyncPreflight.m
@@ -53,7 +53,8 @@
                                                        NSError *error) {
      long statusCode = [(NSHTTPURLResponse *)response statusCode];
      if (statusCode != 200) {
-        LOGD(@"HTTP Response: %@",
+        LOGE(@"HTTP Response: %d %@",
+             statusCode,
             [[NSHTTPURLResponse localizedStringForStatusCode:statusCode] capitalizedString]);
        handler(NO);
      } else {