fix(ios): harden VoIP DDP WebSocket client on receive failure and TLS

PR 3a from VoIP split plan: call disconnect on WebSocket receive errors,
reuse existing Challenge TLS handling via URLSession delegate, remove dead
default-branch capture, and add a DEBUG-only XCTest source plus bridging
for Challenge. Disconnect is synchronous when already on the client queue
so cleanup finishes before further queued work.

Made-with: Cursor

Author: diegolmello

ios/Libraries/DDPClient.swift

@@ -15,6 +15,8 @@ final class DDPClient {
 
     private var webSocketTask: URLSessionWebSocketTask?
     private var urlSession: URLSession?
+    /// Retains the delegate passed to `URLSession` so TLS challenges reuse `Challenge` from `SSLPinning.mm`.
+    private var urlSessionChallengeDelegate: DDPClientURLSessionChallengeDelegate?
     private var sendCounter = 0
     private var isConnected = false
 
@@ -43,9 +45,11 @@ final class DDPClient {
             print("[\(Self.TAG)] Connecting to \(wsUrl)")
             #endif
 
-            let session = URLSession(configuration: .default)
+            let challengeDelegate = DDPClientURLSessionChallengeDelegate()
+            let session = URLSession(configuration: .default, delegate: challengeDelegate, delegateQueue: nil)
             let task = session.webSocketTask(with: url)
 
+            self.urlSessionChallengeDelegate = challengeDelegate
             self.urlSession = session
             self.webSocketTask = task
             self.isConnected = false
@@ -145,21 +149,30 @@ final class DDPClient {
     // MARK: - Disconnect
 
     func disconnect() {
-        stateQueue.async {
-            #if DEBUG
-            print("[\(Self.TAG)] Disconnecting")
-            #endif
-            self.isConnected = false
-            self.pendingCallbacks.removeAll()
-            self.clearQueuedMethodCalls()
-            self.connectedCallback = nil
-            self.onCollectionMessage = nil
-            self.webSocketTask?.cancel(with: .normalClosure, reason: nil)
-            self.webSocketTask = nil
-            self.urlSession?.invalidateAndCancel()
-            self.urlSession = nil
+        if DispatchQueue.getSpecific(key: stateQueueKey) != nil {
+            disconnectOnStateQueue()
+        } else {
+            stateQueue.async { [weak self] in
+                self?.disconnectOnStateQueue()
+            }
         }
     }
+
+    private func disconnectOnStateQueue() {
+        #if DEBUG
+        print("[\(Self.TAG)] Disconnecting")
+        #endif
+        isConnected = false
+        pendingCallbacks.removeAll()
+        clearQueuedMethodCalls()
+        connectedCallback = nil
+        onCollectionMessage = nil
+        webSocketTask?.cancel(with: .normalClosure, reason: nil)
+        webSocketTask = nil
+        urlSession?.invalidateAndCancel()
+        urlSession = nil
+        urlSessionChallengeDelegate = nil
+    }
 
     // MARK: - Private
 
@@ -292,27 +305,33 @@ final class DDPClient {
 
     private func listenForMessages(task: URLSessionWebSocketTask) {
         task.receive { [weak self] result in
-            self?.stateQueue.async {
-                guard let self = self, let currentTask = self.webSocketTask, task === currentTask else { return }
-                
-                switch result {
-                case .success(let message):
-                    switch message {
-                    case .string(let text):
-                        self.handleMessage(text)
-                    default:
-                        break
-                    }
-                    self.listenForMessages(task: task)
-                    
-                case .failure(let error):
-                    #if DEBUG
-                    print("[\(Self.TAG)] Receive error: \(error.localizedDescription)")
-                    #endif
-                }
+            self?.stateQueue.async { [weak self] in
+                guard let self else { return }
+                self.handleWebSocketReceiveResult(result, for: task)
             }
         }
     }
+
+    private func handleWebSocketReceiveResult(_ result: Result<URLSessionWebSocketTask.Message, Error>, for task: URLSessionWebSocketTask) {
+        guard task === webSocketTask else { return }
+
+        switch result {
+        case .success(let message):
+            switch message {
+            case .string(let text):
+                handleMessage(text)
+            default:
+                break
+            }
+            listenForMessages(task: task)
+
+        case .failure(let error):
+            #if DEBUG
+            print("[\(Self.TAG)] Receive error: \(error.localizedDescription)")
+            #endif
+            disconnect()
+        }
+    }
 
     private func handleMessage(_ text: String) {
         guard let data = text.data(using: .utf8),
@@ -358,9 +377,8 @@ final class DDPClient {
             }
 
         default:
-            if let collection = json["collection"] as? String {
+            if (json["collection"] as? String) != nil {
                 onCollectionMessage?(json)
-                _ = collection
             }
         }
     }
@@ -389,3 +407,51 @@ final class DDPClient {
         return "\(scheme)://\(cleaned)/websocket"
     }
 }
+
+/// Forwards URL authentication challenges to the existing `Challenge` implementation in `SSLPinning.mm`
+/// (same path as `RCTHTTPRequestHandler` swizzling) so WebSocket TLS uses the same client-certificate flow.
+private final class DDPClientURLSessionChallengeDelegate: NSObject, URLSessionDelegate, URLSessionTaskDelegate {
+    func urlSession(
+        _ session: URLSession,
+        didReceive challenge: URLAuthenticationChallenge,
+        completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void
+    ) {
+        Challenge.runChallenge(session, didReceiveChallenge: challenge, completionHandler: completionHandler)
+    }
+
+    func urlSession(
+        _ session: URLSession,
+        task: URLSessionTask,
+        didReceive challenge: URLAuthenticationChallenge,
+        completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void
+    ) {
+        Challenge.runChallenge(session, didReceiveChallenge: challenge, completionHandler: completionHandler)
+    }
+}
+
+#if DEBUG
+extension DDPClient {
+    /// Installs a WebSocket task so receive-failure handling can be exercised without a live server.
+    func testing_installWebSocketSync(urlSession: URLSession, task: URLSessionWebSocketTask) {
+        stateQueue.sync {
+            self.urlSession?.invalidateAndCancel()
+            self.urlSession = urlSession
+            self.webSocketTask = task
+            self.isConnected = true
+        }
+    }
+
+    func testing_applyReceiveResult(_ result: Result<URLSessionWebSocketTask.Message, Error>, for task: URLSessionWebSocketTask) {
+        stateQueue.async { [weak self] in
+            guard let self else { return }
+            self.handleWebSocketReceiveResult(result, for: task)
+        }
+    }
+
+    func testing_readConnectionState(_ completion: @escaping (_ isConnected: Bool, _ webSocketTaskIsNil: Bool, _ urlSessionIsNil: Bool) -> Void) {
+        stateQueue.async {
+            completion(self.isConnected, self.webSocketTask == nil, self.urlSession == nil)
+        }
+    }
+}
+#endif

ios/Libraries/SSLPinning.h

@@ -10,6 +10,16 @@
 
 NS_ASSUME_NONNULL_BEGIN
 
+@class NSURLSession;
+@class NSURLAuthenticationChallenge;
+
+/// Shared TLS / client-certificate handling used by React Native networking and native URLSessions.
+@interface Challenge : NSObject
++ (void)runChallenge:(NSURLSession *)session
+ didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge
+  completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler;
+@end
+
 @interface RCTHTTPRequestHandler (Challenge)
 
 @end

ios/RocketChatRN-Bridging-Header.h

@@ -12,3 +12,4 @@
 #import <MobileCrypto/AESCrypto.h>
 #import <MobileCrypto/RandomUtils.h>
 #import <MobileCrypto/CryptoUtils.h>
+#import "SSLPinning.h"

ios/RocketChatRNTests/DDPClientReceiveFailureTests.swift

@@ -0,0 +1,28 @@
+import XCTest
+@testable import RocketChatRN
+
+/// Covers WebSocket `receive` failures for `DDPClient` (not run in CI until this file is added to an iOS unit-test target in Xcode).
+///
+/// Manual SSL pinning: use Charles with a non-pinned cert on the WebSocket host; the handshake must fail (same `Challenge` path as the rest of the app).
+final class DDPClientReceiveFailureTests: XCTestCase {
+	func testReceiveFailureClearsConnectionAndSession() {
+		let client = DDPClient()
+		let session = URLSession(configuration: .ephemeral)
+		let task = session.webSocketTask(with: URL(string: "wss://example.invalid")!)
+
+		client.testing_installWebSocketSync(urlSession: session, task: task)
+
+		let error = NSError(domain: NSURLErrorDomain, code: NSURLErrorNetworkConnectionLost, userInfo: nil)
+		client.testing_applyReceiveResult(.failure(error), for: task)
+
+		let expectation = expectation(description: "connection state after receive failure")
+		client.testing_readConnectionState { isConnected, webSocketTaskIsNil, urlSessionIsNil in
+			XCTAssertFalse(isConnected, "Client should not stay connected after a receive failure")
+			XCTAssertTrue(webSocketTaskIsNil, "WebSocket task should be cleared after disconnect")
+			XCTAssertTrue(urlSessionIsNil, "URLSession should be invalidated after disconnect")
+			expectation.fulfill()
+		}
+
+		waitForExpectations(timeout: 2.0)
+	}
+}