documentation and cleanup

awslabs · Nov 8, 2024 · 31eab1e · 31eab1e
1 parent b7b96ca
commit 31eab1e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 48 deletions.
diff --git a/source/darwin/darwin_pki_utils.c b/source/darwin/darwin_pki_utils.c
@@ -675,12 +675,11 @@ int aws_secitem_import_cert_and_key(
             key_type = kSecAttrKeyTypeEC;
             break;
 
-            // DEBUG WIP
         case AWS_PEM_TYPE_PRIVATE_PKCS8:
-            /* PKCS8 is not supported on iOS and currently is NOT supported by us on macOS
-             * PKCS8 support for macOS using SecItem can be added later for macOS only  but
-             * will require a different import strategy than the currently shared one.
-             */
+            /* PKCS8 is not supported on iOS/tvOS (the framework doesn't allow it) and is
+             * currently NOT supported by us on macOS PKCS8 support for macOS using SecItem
+             * can be added later for macOS only but will require a different import strategy
+             * than the currently shared one. */
             key_type = kSecAttrKeyTypeRSA;
             AWS_LOGF_ERROR(
                 AWS_LS_IO_PKI, "The PKCS8 private key format is currently unsupported for use with SecItem.");
@@ -740,21 +739,6 @@ int aws_secitem_import_cert_and_key(
     CFDictionaryAddValue(key_attributes, kSecAttrKeyType, key_type);
     key_ref = SecKeyCreateWithData(key_data, key_attributes, &error);
 
-    // DEBUG WIP
-    // if (!key_ref) {
-    //     CFStringRef error_desc = CFErrorCopyDescription(error);
-    //     char error_c_string[256];
-    //     if (CFStringGetCString(error_desc, error_c_string, sizeof(error_c_string), kCFStringEncodingUTF8)) {
-    //         AWS_LOGF_ERROR(AWS_LS_IO_PKI, "Failed creating private key with error: %s", error_c_string);
-    //     } else {
-    //         AWS_LOGF_ERROR(AWS_LS_IO_PKI, "Failed creating private key");
-    //     }
-
-    //     CFRelease(error_desc);
-    //     result = aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE);
-    //     goto done;
-    // }
-
     // Get the hash of the public key stored within the private key
     key_copied_attributes = SecKeyCopyAttributes(key_ref);
     // application_label_ref gets released when key_copied_attributes is released.

diff --git a/source/darwin/nw_socket.c b/source/darwin/nw_socket.c
@@ -326,8 +326,7 @@ static void s_setup_tls_options(
 
           /* Since we manually handle the verification of the peer, the value set using
            * sec_protocol_options_set_peer_authentication_required is ignored and this block is
-           * run instead. We must manually skip the verification at this point if verify_peer is
-           * false. */
+           * run instead. We manually skip the verification at this point if verify_peer is false. */
           if (!transport_ctx->verify_peer) {
               AWS_LOGF_WARN(
                   AWS_LS_IO_TLS,
@@ -447,10 +446,6 @@ static void s_setup_tcp_options_local(nw_protocol_options_t tcp_options, const s
     (void)tcp_options;
     (void)options;
 }
-// DEBUG WIP
-// static void s_setup_tls_options_local(nw_protocol_options_t tls_options) {
-//     (void)tls_options;
-// }
 
 static int s_setup_socket_params(struct nw_socket *nw_socket, const struct aws_socket_options *options) {
 
@@ -508,18 +503,6 @@ static int s_setup_socket_params(struct nw_socket *nw_socket, const struct aws_s
                     });
             }
         } else if (options->domain == AWS_SOCKET_LOCAL) {
-            // DEBUG WIP issues with local sockets and potential permissions
-            /*
-            nw_socket->nw_parameters = nw_parameters_create_secure_tcp(
-                // TLS options Block disabled
-                ^(nw_protocol_options_t tls_options) {
-                  s_setup_tls_options_local(tls_options);
-                },
-                // TCP options Block
-                ^(nw_protocol_options_t tcp_options) {
-                  s_setup_tcp_options_local(tcp_options, options);
-                });
-            */
             if (setup_tls) {
                 nw_socket->nw_parameters = nw_parameters_create_secure_tcp(
                     // TLS options block
@@ -528,14 +511,14 @@ static int s_setup_socket_params(struct nw_socket *nw_socket, const struct aws_s
                     },
                     // TCP options block
                     ^(nw_protocol_options_t tcp_options) {
-                      s_setup_tcp_options(tcp_options, options);
+                      s_setup_tcp_options_local(tcp_options, options);
                     });
 
             } else {
                 nw_socket->nw_parameters = nw_parameters_create_secure_tcp(
                     NW_PARAMETERS_DISABLE_PROTOCOL,
                     // TCP options Block
-                    ^(nw_protocol_options_t tcp_options) { // try setup with nothing inside.
+                    ^(nw_protocol_options_t tcp_options) {
                       s_setup_tcp_options_local(tcp_options, options);
                     });
             }
@@ -544,16 +527,9 @@ static int s_setup_socket_params(struct nw_socket *nw_socket, const struct aws_s
         nw_socket->nw_parameters = nw_parameters_create_secure_udp(
             NW_PARAMETERS_DISABLE_PROTOCOL,
             // TCP options Block
-            ^(nw_protocol_options_t tcp_options) { // try setup with nothing inside. DEBUG WIP
+            ^(nw_protocol_options_t tcp_options) {
               s_setup_tcp_options_local(tcp_options, options);
             });
-
-        // DEBUG WIP
-        //  NW_PARAMETERS_DEFAULT_CONFIGURATION); // DEBUG WIP local should not have tcp options set for Apple
-
-        // ^(nw_protocol_options_t tcp_options) {
-        //   s_setup_tcp_options(tcp_options, options);
-        // });
     }
 
     if (!nw_socket->nw_parameters) {