-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow adding extra client certificates via the clientCertificates array
Added a test for client certificates (iOS only) Attempt to fix, YET AGAIN, building for 10.6 and that stupid NSXMLParserDelegate
- Loading branch information
Showing
11 changed files
with
149 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
// | ||
// ClientCertificateTests.h | ||
// Part of ASIHTTPRequest -> http://allseeing-i.com/ASIHTTPRequest | ||
// | ||
// Created by Ben Copsey on 18/08/2010. | ||
// Copyright 2010 All-Seeing Interactive. All rights reserved. | ||
// | ||
|
||
// Currently, these tests only work on iOS - it looks like the method for parsing the PKCS12 file would need to be ported | ||
|
||
#import <Foundation/Foundation.h> | ||
#import <Security/Security.h> | ||
#import "ASITestCase.h" | ||
|
||
@interface ClientCertificateTests : ASITestCase { | ||
|
||
} | ||
- (void)testClientCertificate; | ||
+ (BOOL)extractIdentity:(SecIdentityRef *)outIdentity andTrust:(SecTrustRef*)outTrust fromPKCS12Data:(NSData *)inPKCS12Data; | ||
|
||
@end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
// | ||
// ClientCertificateTests.m | ||
// Part of ASIHTTPRequest -> http://allseeing-i.com/ASIHTTPRequest | ||
// | ||
// Created by Ben Copsey on 18/08/2010. | ||
// Copyright 2010 All-Seeing Interactive. All rights reserved. | ||
// | ||
|
||
#import "ClientCertificateTests.h" | ||
#import "ASIHTTPRequest.h" | ||
|
||
@implementation ClientCertificateTests | ||
|
||
- (void)testClientCertificate | ||
{ | ||
// This test will fail the second time it is run, I presume the certificate is being cached somewhere | ||
|
||
// This url requires we present a client certificate to connect to it | ||
NSURL *url = [NSURL URLWithString:@"https://clientcertificate.allseeing-i.com:8080/ASIHTTPRequest/tests/first"]; | ||
|
||
// First, let's attempt to connect to the url without supplying a certificate | ||
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url]; | ||
|
||
// We have to turn off validation for these tests, as the server has a self-signed certificate | ||
[request setValidatesSecureCertificate:NO]; | ||
[request startSynchronous]; | ||
|
||
GHAssertNotNil([request error],@"Request succeeded even though we presented no certificate, cannot proceed with test"); | ||
|
||
// Now, let's grab the certificate (included in the resources of the test app) | ||
SecIdentityRef identity = NULL; | ||
SecTrustRef trust = NULL; | ||
NSData *PKCS12Data = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"client" ofType:@"p12"]]; | ||
[ClientCertificateTests extractIdentity:&identity andTrust:&trust fromPKCS12Data:PKCS12Data]; | ||
|
||
request = [ASIHTTPRequest requestWithURL:[NSURL URLWithString:@"https://clientcertificate.allseeing-i.com:8080/ASIHTTPRequest/tests/first"]]; | ||
|
||
// In this case, we have no need to add extra certificates, just the one inside the indentity will be used | ||
[request setClientCertificateIdentity:identity]; | ||
[request setValidatesSecureCertificate:NO]; | ||
[request startSynchronous]; | ||
|
||
// Make sure the request got the correct content | ||
GHAssertNil([request error],@"Request failed with error %@",[request error]); | ||
BOOL success = [[request responseString] isEqualToString:@"This is the expected content for the first string"]; | ||
GHAssertTrue(success,@"Request failed to download the correct content"); | ||
} | ||
|
||
// Based on code from http://developer.apple.com/mac/library/documentation/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html | ||
|
||
+ (BOOL)extractIdentity:(SecIdentityRef *)outIdentity andTrust:(SecTrustRef*)outTrust fromPKCS12Data:(NSData *)inPKCS12Data | ||
{ | ||
OSStatus securityError = errSecSuccess; | ||
|
||
NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"" forKey:(id)kSecImportExportPassphrase]; | ||
|
||
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); | ||
securityError = SecPKCS12Import((CFDataRef)inPKCS12Data,(CFDictionaryRef)optionsDictionary,&items); | ||
|
||
if (securityError == 0) { | ||
CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0); | ||
const void *tempIdentity = NULL; | ||
tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity); | ||
*outIdentity = (SecIdentityRef)tempIdentity; | ||
const void *tempTrust = NULL; | ||
tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust); | ||
*outTrust = (SecTrustRef)tempTrust; | ||
} else { | ||
NSLog(@"Failed with error code %i",securityError); | ||
return NO; | ||
} | ||
return YES; | ||
} | ||
|
||
|
||
@end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters