API tools faq
paste
Guest User

Untitled

a guest
Jul 22nd, 2018
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.58 KB | None | 0 0
raw download clone embed print report
  1. #pragma mark - NSURLConnection methods
  2.  
  3. /*
  4. - (BOOL)connectionShouldUseCredentialStorage:(NSURLConnection *)connection {
  5. return NO;
  6. }
  7. */
  8.  
  9. - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
  10. //NSLog(@"can auth");
  11. if ([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust]) {
  12.  
  13. NSArray *certificates = [self.secUtil getTrustedCertificatesFromDisk];
  14. BOOL trustedResult = [self.secUtil getTrustResult:protectionSpace certificates:(CFArrayRef)certificates];
  15. return trustedResult; //if NO, then server is untrusted
  16. }
  17. else if ([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodClientCertificate]) {
  18. return YES; //always YES, because server already checked for trust
  19. }
  20. return NO;
  21. }
  22.  
  23. - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
  24. {
  25.  
  26. SecIdentityRef identity = NULL;
  27.  
  28. if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
  29.  
  30. SecTrustResultType trustResult = 0;
  31. SecTrustRef serverTrust = NULL;
  32.  
  33. serverTrust = [[challenge protectionSpace] serverTrust];
  34. OSStatus err = [self.secUtil evaluateServerTrust:&trustResult challenge:challenge identity:&identity serverTrust:&serverTrust];
  35.  
  36. if (err == noErr) {
  37. //NSLog(@"NSURLAuthenticationMethodServerTrust");
  38. NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
  39. [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
  40. }
  41.  
  42. } else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate]) {
  43. identity = self.secUtil.currentIdentity;
  44.  
  45. if (identity) {
  46. //NSLog(@"NSURLAuthenticationMethodClientCertificate");
  47. NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity
  48. certificates:nil
  49. persistence:NSURLCredentialPersistenceNone];
  50.  
  51. [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
  52. }
  53. }
  54. }
  55.  
  56. - (SecurityUtilities *)secUtil {
  57. if (!secUtil_) {
  58. secUtil_ = [[SecurityUtilities alloc] init];
  59. secUtil_.certificatesPath = self.certificatesPath;
  60. }
  61. return secUtil_;
  62. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!