The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Tatsu Signing Server"
(More research. Still can't access the WSDL, though :() |
m (Don't think I can get much farther without seeing the WSDL itself.) |
||
Line 4: | Line 4: | ||
There is an Apple internal equivalent, known as SpiderCab, running at [http://tatsu-tss-internal.apple.com:80 tatsu-tss-internal.apple.com] and [http://tss-int.apple.com:80 tss-int.apple.com], which are only accessible within Apple's VPN. SpiderCab is used to sign internal/debug and test builds of iOS, including old versions that are no longer signed on production. |
There is an Apple internal equivalent, known as SpiderCab, running at [http://tatsu-tss-internal.apple.com:80 tatsu-tss-internal.apple.com] and [http://tss-int.apple.com:80 tss-int.apple.com], which are only accessible within Apple's VPN. SpiderCab is used to sign internal/debug and test builds of iOS, including old versions that are no longer signed on production. |
||
− | Reliable communication to the TSS server requires the appropriate HTTP header, as described in [[SHSH Protocol#Communication]]. If you are communicating with a TSS service and not the SHSH controller itself, you must additionally provide a <code>SOAPAction:</code> header containing the URL of the service you are accessing. |
+ | Reliable communication to the TSS server requires the appropriate HTTP header, as described in [[SHSH Protocol#Communication]]. If you are communicating with a TSS service and not the SHSH controller itself, you must additionally provide a <code>SOAPAction:</code> header containing the URL of the service you are accessing. Also note that '''not all TSS servers accept SOAP requests.''' Because http://gs.apple.com automatically resolves to one of the half-a-dozen TSS servers, some of which indiscriminately returning "403 Forbidden" to SOAP, it is recommended to communicate directly with a known-working TSS IP address. |
== Services == |
== Services == |
||
Line 14: | Line 14: | ||
> User-Agent: InetURL/1.0 |
> User-Agent: InetURL/1.0 |
||
> Accept: */* |
> Accept: */* |
||
− | > Content-Length: |
+ | > Content-Length: 588 |
> Content-Type: text/xml;charset=utf-8 |
> Content-Type: text/xml;charset=utf-8 |
||
> SOAPAction: http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort |
> SOAPAction: http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort |
||
Line 29: | Line 29: | ||
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" |
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" |
||
xmlns:ns1="http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort"> |
xmlns:ns1="http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort"> |
||
+ | <ns1:param0 |
||
+ | xsi:type="ns2:ReceiptDataPacketStatusRequest" |
||
+ | xmlns:ns2="http://receiptsstatus.web.tss.apple.com"> |
||
+ | </ns1:param0> |
||
</ns1:getReceiptPacketStatus> |
</ns1:getReceiptPacketStatus> |
||
</soapenv:Body> |
</soapenv:Body> |
||
Line 57: | Line 61: | ||
curl -i -m 1.0 -H "Content-Type: text/xml;charset=utf-8" -A InetURL/1.0 -H "SOAPAction: http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort" -H "Host: gs.apple.com" -d @soap.xml http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort |
curl -i -m 1.0 -H "Content-Type: text/xml;charset=utf-8" -A InetURL/1.0 -H "SOAPAction: http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort" -H "Host: gs.apple.com" -d @soap.xml http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort |
||
+ | |||
+ | '''Note: ''' The server may occasionally return <code>java.lang.NullPointerException</code> despite a valid response. Retrying the request will likely remedy this. ''Is this a race condition bug on the server side?'' |
||
===PacketPort=== |
===PacketPort=== |
||
− | ==== |
+ | ====pushDataPacket==== |
+ | |||
− | * pushDataPacket |
||
− | + | * '''Input Message''' (<code>pushDataPacketRequest</code>) |
|
+ | * '''Output Message''' (<code>pushDataPacketResponse</code>) |
||
===tatsuReceiptsStatusPort=== |
===tatsuReceiptsStatusPort=== |
||
− | ==== |
+ | ====getReceiptPacketStatus==== |
+ | |||
− | * getReceiptPacketStatus |
||
− | ** |
+ | ** <code>param0</code>: (type=<code>ReceiptDataPacketStatusRequest</code>) |
+ | * '''Output Message''' (<code>getReceiptPacketStatusResponse</code>) |
||
− | * queryTASExpireTSA |
||
+ | |||
− | ** Return type: <code>queryTASExpireTSAResponse</code> |
||
+ | ====queryTASExpireTSA==== |
||
− | * updateTSSStatus |
||
+ | |||
− | ** Parameters: <code>status</code> |
||
− | + | * '''Input Message''' (<code>getReceiptPacketStatusRequest</code>) |
|
− | ** |
+ | ** <code>param1</code>: (type=<code>ReceiptDataPacketStatusResponse</code>) |
− | + | * '''Input Message''' (<code>queryTASExpireTSARequest</code>) |
|
+ | ** <code>param2</code>: (type=<code>ExpireTSAQueryRequest</code>) |
||
+ | * '''Output Message''' (<code>queryTASExpireTSAResponse</code>) |
||
+ | ** <code>param3</code>: (type=<code>ExpireTSAQueryResponse</code>) |
||
+ | |||
+ | ====updateTSSStatus==== |
||
+ | |||
+ | * '''Input Message''' (<code>updateTSSStatusRequest</code>) |
||
+ | ** <code>param4</code>: (type=<code>status</code>) |
||
+ | *** Elements: <code>status</code> (Number) |
||
+ | * '''Output Message''' (<code>updateTSSStatusResponse</code>) |
||
+ | ** <code>param5</code>: (type=<code>status</code>) |
||
+ | *** Elements: <code>status</code> (Number) |
||
== Notes == |
== Notes == |
Revision as of 22:07, 17 February 2020
The Tatsu Signing Server (TSS) is a collection of services provided by Apple. In late 2012, the list of available services was briefly made public at gs.apple.com. This index page has since been removed, although at least one archived capture exists. TSS is accessed chiefly for use of the SHSH Protocol to receive signed blobs for a given iOS build. This is achieved with the SHSH controller at http://gs.apple.com/TSS/controller.
There is an Apple internal equivalent, known as SpiderCab, running at tatsu-tss-internal.apple.com and tss-int.apple.com, which are only accessible within Apple's VPN. SpiderCab is used to sign internal/debug and test builds of iOS, including old versions that are no longer signed on production.
Reliable communication to the TSS server requires the appropriate HTTP header, as described in SHSH Protocol#Communication. If you are communicating with a TSS service and not the SHSH controller itself, you must additionally provide a SOAPAction:
header containing the URL of the service you are accessing. Also note that not all TSS servers accept SOAP requests. Because http://gs.apple.com automatically resolves to one of the half-a-dozen TSS servers, some of which indiscriminately returning "403 Forbidden" to SOAP, it is recommended to communicate directly with a known-working TSS IP address.
Contents
Services
There are two services provided, both accessible via SOAP requests. They are located in http://gs.apple.com/TSS/services/ under their respective names. A sample request concerning "getReceiptPacketStatus" from the "tatsuReceiptsStatusPort" service is demonstrated below:
> POST /TSS/services/tatsuReceiptsStatusPort HTTP/1.1 > Host: gs.apple.com > User-Agent: InetURL/1.0 > Accept: */* > Content-Length: 588 > Content-Type: text/xml;charset=utf-8 > SOAPAction: http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort
SOAP XML:
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <ns1:getReceiptPacketStatus soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort"> <ns1:param0 xsi:type="ns2:ReceiptDataPacketStatusRequest" xmlns:ns2="http://receiptsstatus.web.tss.apple.com"> </ns1:param0> </ns1:getReceiptPacketStatus> </soapenv:Body> </soapenv:Envelope>
Response:
<?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <ns1:getReceiptPacketStatusResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort"> <param1 xsi:type="ns2:ReceiptDataPacketStatusResponse" xsi:nil="true" xmlns:ns2="http://receiptsstatus.web.tss.apple.com"/> </ns1:getReceiptPacketStatusResponse> </soapenv:Body> </soapenv:Envelope>
This type of SOAP request/response can be performed with a cURL request, like so (where soap.xml
is the location of the aforementioned SOAP XML):
curl -i -m 1.0 -H "Content-Type: text/xml;charset=utf-8" -A InetURL/1.0 -H "SOAPAction: http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort" -H "Host: gs.apple.com" -d @soap.xml http://gs.apple.com/TSS/services/tatsuReceiptsStatusPort
Note: The server may occasionally return java.lang.NullPointerException
despite a valid response. Retrying the request will likely remedy this. Is this a race condition bug on the server side?
PacketPort
pushDataPacket
- Input Message (
pushDataPacketRequest
) - Output Message (
pushDataPacketResponse
)
tatsuReceiptsStatusPort
getReceiptPacketStatus
- Input Message (
getReceiptPacketStatusRequest
)param0
: (type=ReceiptDataPacketStatusRequest
)
- Output Message (
getReceiptPacketStatusResponse
)param1
: (type=ReceiptDataPacketStatusResponse
)
queryTASExpireTSA
- Input Message (
queryTASExpireTSARequest
)param2
: (type=ExpireTSAQueryRequest
)
- Output Message (
queryTASExpireTSAResponse
)param3
: (type=ExpireTSAQueryResponse
)
updateTSSStatus
- Input Message (
updateTSSStatusRequest
)param4
: (type=status
)- Elements:
status
(Number)
- Elements:
- Output Message (
updateTSSStatusResponse
)param5
: (type=status
)- Elements:
status
(Number)
- Elements:
Notes
SoapUI, an automation framework for the SOAP protocol, lists Apple among their largest users [1].
Server Details
It is of moderate security concern to know that the TSS server runs Apache Tomcat, which is exposed, alongside version number, in the default 404 page. The SOAP implementation used is Apache Axis (Java).