Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #pragma mark - NSURLConnection methods
- /*
- - (BOOL)connectionShouldUseCredentialStorage:(NSURLConnection *)connection {
- return NO;
- }
- */
- - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
- //NSLog(@"can auth");
- if ([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust]) {
- NSArray *certificates = [self.secUtil getTrustedCertificatesFromDisk];
- BOOL trustedResult = [self.secUtil getTrustResult:protectionSpace certificates:(CFArrayRef)certificates];
- return trustedResult; //if NO, then server is untrusted
- }
- else if ([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodClientCertificate]) {
- return YES; //always YES, because server already checked for trust
- }
- return NO;
- }
- - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
- {
- SecIdentityRef identity = NULL;
- if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
- SecTrustResultType trustResult = 0;
- SecTrustRef serverTrust = NULL;
- serverTrust = [[challenge protectionSpace] serverTrust];
- OSStatus err = [self.secUtil evaluateServerTrust:&trustResult challenge:challenge identity:&identity serverTrust:&serverTrust];
- if (err == noErr) {
- //NSLog(@"NSURLAuthenticationMethodServerTrust");
- NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
- [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
- }
- } else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate]) {
- identity = self.secUtil.currentIdentity;
- if (identity) {
- //NSLog(@"NSURLAuthenticationMethodClientCertificate");
- NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity
- certificates:nil
- persistence:NSURLCredentialPersistenceNone];
- [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
- }
- }
- }
- - (SecurityUtilities *)secUtil {
- if (!secUtil_) {
- secUtil_ = [[SecurityUtilities alloc] init];
- secUtil_.certificatesPath = self.certificatesPath;
- }
- return secUtil_;
- }
Add Comment
Please, Sign In to add comment