Make the sync client content encoding a tunable (google#1076)

Make the sync client content encoding a tunable.

This makes the sync client's content encoding a tunable so that it can be
compatible with more sync servers.

Removed the "backwards compatibility" config option.

---------

Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>

Source/common/SNTCommonEnums.h

@@ -129,6 +129,12 @@ typedef NS_ENUM(NSInteger, SNTSyncStatusType) {
   SNTSyncStatusTypeUnknown,
 };
 
+typedef NS_ENUM(NSInteger, SNTSyncContentEncoding) {
+  SNTSyncContentEncodingNone,
+  SNTSyncContentEncodingDeflate,
+  SNTSyncContentEncodingGzip,
+};
+
 typedef NS_ENUM(NSInteger, SNTMetricFormatType) {
   SNTMetricFormatTypeUnknown,
   SNTMetricFormatTypeRawJSON,

Source/common/SNTConfigurator.h

@@ -410,6 +410,8 @@
 ///
 @property(nonatomic) BOOL syncCleanRequired;
 
+#pragma mark - USB Settings
+
 ///
 /// USB Mount Blocking. Defaults to false.
 ///
@@ -520,6 +522,12 @@
 ///
 @property(readonly, nonatomic) BOOL enableBackwardsCompatibleContentEncoding;
 
+///
+/// If set, "santactl sync" will use the supplied "Content-Encoding", possible
+/// settings include "gzip", "deflate", "none". If empty defaults to "deflate".
+///
+@property(readonly, nonatomic) SNTSyncContentEncoding syncClientContentEncoding;
+
 ///
 ///  Contains the FCM project name.
 ///

Source/common/SNTConfigurator.m

@@ -13,6 +13,7 @@
 ///    limitations under the License.
 
 #import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTCommonEnums.h"
 
 #include <sys/stat.h>
 
@@ -108,8 +109,7 @@ @implementation SNTConfigurator
 static NSString *const kIgnoreOtherEndpointSecurityClients = @"IgnoreOtherEndpointSecurityClients";
 static NSString *const kEnableDebugLogging = @"EnableDebugLogging";
 
-static NSString *const kEnableBackwardsCompatibleContentEncoding =
-  @"EnableBackwardsCompatibleContentEncoding";
+static NSString *const kClientContentEncoding = @"SyncClientContentEncoding";
 
 static NSString *const kFCMProject = @"FCMProject";
 static NSString *const kFCMEntity = @"FCMEntity";
@@ -129,7 +129,6 @@ @implementation SNTConfigurator
 static NSString *const kEnableAllEventUploadKey = @"EnableAllEventUpload";
 static NSString *const kDisableUnknownEventUploadKey = @"DisableUnknownEventUpload";
 
-// TODO(markowsky): move these to sync server only.
 static NSString *const kMetricFormat = @"MetricFormat";
 static NSString *const kMetricURL = @"MetricURL";
 static NSString *const kMetricExportInterval = @"MetricExportInterval";
@@ -200,6 +199,7 @@ - (instancetype)init {
       kClientAuthCertificatePasswordKey : string,
       kClientAuthCertificateCNKey : string,
       kClientAuthCertificateIssuerKey : string,
+      kClientContentEncoding : string,
       kServerAuthRootsDataKey : data,
       kServerAuthRootsFileKey : string,
       kMachineOwnerKey : string,
@@ -221,7 +221,6 @@ - (instancetype)init {
       kEnableForkAndExitLogging : number,
       kIgnoreOtherEndpointSecurityClients : number,
       kEnableDebugLogging : number,
-      kEnableBackwardsCompatibleContentEncoding : number,
       kFCMProject : string,
       kFCMEntity : string,
       kFCMAPIKey : string,
@@ -463,10 +462,6 @@ + (NSSet *)keyPathsForValuesAffectingEnableDebugLogging {
   return [self configStateSet];
 }
 
-+ (NSSet *)keyPathsForValuesAffectingEnableBackwardsCompatibleContentEncoding {
-  return [self configStateSet];
-}
-
 + (NSSet *)keyPathsForValuesAffectingFcmProject {
   return [self configStateSet];
 }
@@ -715,6 +710,20 @@ - (NSString *)syncClientAuthCertificateIssuer {
   return self.configState[kClientAuthCertificateIssuerKey];
 }
 
+- (SNTSyncContentEncoding)syncClientContentEncoding {
+  NSString *contentEncoding = [self.configState[kClientContentEncoding] lowercaseString];
+  if ([contentEncoding isEqualToString:@"deflate"]) {
+    return SNTSyncContentEncodingDeflate;
+  } else if ([contentEncoding isEqualToString:@"gzip"]) {
+    return SNTSyncContentEncodingGzip;
+  } else if ([contentEncoding isEqualToString:@"none"]) {
+    return SNTSyncContentEncodingNone;
+  } else {
+    // Ensure we have the same default zlib behavior Santa's always had otherwise.
+    return SNTSyncContentEncodingDeflate;
+  }
+}
+
 - (NSData *)syncServerAuthRootsData {
   return self.configState[kServerAuthRootsDataKey];
 }
@@ -888,11 +897,6 @@ - (BOOL)enableDebugLogging {
   return [number boolValue] || self.debugFlag;
 }
 
-- (BOOL)enableBackwardsCompatibleContentEncoding {
-  NSNumber *number = self.configState[kEnableBackwardsCompatibleContentEncoding];
-  return number ? [number boolValue] : NO;
-}
-
 - (NSString *)fcmProject {
   return self.configState[kFCMProject];
 }

Source/santasyncservice/SNTSyncManager.m

@@ -391,10 +391,7 @@ - (SNTSyncState *)createSyncStateWithStatus:(SNTSyncStatusType *)status {
 
   syncState.session = [authURLSession session];
   syncState.daemonConn = self.daemonConn;
-
-  syncState.compressedContentEncoding =
-    config.enableBackwardsCompatibleContentEncoding ? @"zlib" : @"deflate";
-
+  syncState.contentEncoding = config.syncClientContentEncoding;
   syncState.pushNotificationsToken = self.pushNotifications.token;
 
   return syncState;

Source/santasyncservice/SNTSyncStage.m

@@ -13,6 +13,7 @@
 ///    limitations under the License.
 
 #import "Source/santasyncservice/SNTSyncStage.h"
+#include "Source/common/SNTCommonEnums.h"
 
 #import <MOLXPCConnection/MOLXPCConnection.h>
 
@@ -70,10 +71,27 @@ - (NSMutableURLRequest *)requestWithDictionary:(NSDictionary *)dictionary {
   NSString *xsrfHeader = self.syncState.xsrfTokenHeader ?: kDefaultXSRFTokenHeader;
   [req setValue:self.syncState.xsrfToken forHTTPHeaderField:xsrfHeader];
 
-  NSData *compressed = [requestBody zlibCompressed];
+  NSData *compressed;
+  NSString *contentEncodingHeader;
+
+  switch (self.syncState.contentEncoding) {
+    case SNTSyncContentEncodingNone: break;
+    case SNTSyncContentEncodingGzip:
+      compressed = [requestBody gzipCompressed];
+      contentEncodingHeader = @"gzip";
+      break;
+    case SNTSyncContentEncodingDeflate:
+      compressed = [requestBody zlibCompressed];
+      contentEncodingHeader = @"deflate";
+      break;
+    default:
+      // This would be a programming error.
+      LOGD(@"Unexpected value for content encoding %ld", self.syncState.contentEncoding);
+  }
+
   if (compressed) {
     requestBody = compressed;
-    [req setValue:self.syncState.compressedContentEncoding forHTTPHeaderField:@"Content-Encoding"];
+    [req setValue:contentEncodingHeader forHTTPHeaderField:@"Content-Encoding"];
   }
 
   [req setHTTPBody:requestBody];

Source/santasyncservice/SNTSyncState.h

@@ -74,8 +74,7 @@
 /// Array of bundle IDs to find binaries for.
 @property NSArray *bundleBinaryRequests;
 
-/// The header value for ContentEncoding when sending compressed content.
-/// Either "deflate" (default) or "zlib".
-@property(copy) NSString *compressedContentEncoding;
+/// The content-encoding to use for the client uploads during the sync session.
+@property SNTSyncContentEncoding contentEncoding;
 
 @end

docs/deployment/configuration.md

@@ -72,6 +72,7 @@ also known as mobileconfig files, which are in an Apple-specific XML format.
 | RemountUSBMode                    | Array      | Array of strings for arguments to pass to mount -o (any of "rdonly", "noexec", "nosuid", "nobrowse", "noowners", "nodev", "async", "-j"). when forcibly remounting devices. No default. |
 | FileAccessPolicyPlist             | String      | (BETA) Path to a file access configuration plist. |
 | FileAccessPolicyUpdateIntervalSec | Integer     | (BETA) Number of seconds between re-reading the file access policy config and policies/monitored paths updated. |
+| SyncClientContentEncoding | String | Sets the Content-Encoding header for requests sent to the sync service. Acceptable values are "deflate", "gzip", "none" (Defaults to deflate.)  |
 
 
 \*overridable by the sync server: run `santactl status` to check the current