Discarded all changes made to support untrusted server certificates (TrustedSSL parameter). This functionality will be re-implemented for those who need it in the CMISAuthenticationProvider as it is done in OpenCMIS.
git-svn-id: https://svn.apache.org/repos/asf/chemistry/objectivecmis/trunk@1495379 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/ObjectiveCMIS/Common/CMISSessionParameters.h b/ObjectiveCMIS/Common/CMISSessionParameters.h
index 7df616f..b19d7cd 100644
--- a/ObjectiveCMIS/Common/CMISSessionParameters.h
+++ b/ObjectiveCMIS/Common/CMISSessionParameters.h
@@ -41,10 +41,6 @@
// TODO: Temporary, must be extracted into separate project
extern NSString * const kCMISSessionParameterMode;
-/**
- This flag is used for SSL self certification and indicates, whether a server is trusted. Default value is NO.
- */
-extern NSString * const kCMISSessionAllowUntrustedSSLCertificate;
@interface CMISSessionParameters : NSObject
diff --git a/ObjectiveCMIS/Common/CMISSessionParameters.m b/ObjectiveCMIS/Common/CMISSessionParameters.m
index 6abe5b1..ac27f9e 100644
--- a/ObjectiveCMIS/Common/CMISSessionParameters.m
+++ b/ObjectiveCMIS/Common/CMISSessionParameters.m
@@ -25,9 +25,6 @@
NSString * const kCMISSessionParameterMode = @"session_param_mode";
-
-NSString * const kCMISSessionAllowUntrustedSSLCertificate = @"session_param_trusted_ssl_server_flag";
-
@interface CMISSessionParameters ()
@property (nonatomic, assign, readwrite) CMISBindingType bindingType;
@property (nonatomic, strong, readwrite) NSMutableDictionary *sessionData;
diff --git a/ObjectiveCMIS/Common/CMISStandardAuthenticationProvider.m b/ObjectiveCMIS/Common/CMISStandardAuthenticationProvider.m
index 1bbd4a9..ce17816 100644
--- a/ObjectiveCMIS/Common/CMISStandardAuthenticationProvider.m
+++ b/ObjectiveCMIS/Common/CMISStandardAuthenticationProvider.m
@@ -63,10 +63,7 @@
}
}
-/**
- This checks whether a request can be authenticated. It gets called from the CMISHttpRequest. For SSL servers we filter the call directly in HttpRequest.
- So that when we reach this call, we know, the SSL server can be trusted.
- */
+
- (BOOL)canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
// default implementation mimics default NSURLConnectionDelegate behavior
@@ -74,12 +71,10 @@
if ([authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate] && self.credential.identity) {
return YES; // client certificat requested and certificate identity available
}
- if ([authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
- return YES;
- }
if ([authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic] && self.credential.user && self.credential.hasPassword) {
return YES; // basic authentication requested and username & password available
}
+
return NO;
}
@@ -89,10 +84,7 @@
// nothing to do in the default implementation
}
-/**
- This gets called from CMISHttpRequest. CMISHttpRequest also filters out any unauthorised calls to SSL server. We only get called here, if the SSL server
- is actually trusted.
- */
+
- (void)didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if (challenge.previousFailureCount == 0) {
@@ -107,9 +99,6 @@
} else if (challenge.proposedCredential) {
CMISLogDebug(@"Authenticating with proposed credential");
[challenge.sender useCredential:challenge.proposedCredential forAuthenticationChallenge:challenge];
- } else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){
- [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
- [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
} else {
CMISLogDebug(@"Authenticating without credential");
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
diff --git a/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m b/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
index df345b5..d9dc91f 100644
--- a/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
+++ b/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
@@ -46,13 +46,11 @@
session:session];
if (!cmisRequest.isCancelled)
{
- BOOL useTrustedSSLServer = [[session objectForKey:kCMISSessionAllowUntrustedSSLCertificate defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpRequest* request = [CMISHttpRequest startRequest:urlRequest
httpMethod:httpRequestMethod
requestBody:body
headers:additionalHeaders
authenticationProvider:session.authenticationProvider
- useTrustedSSLServer:useTrustedSSLServer
completionBlock:completionBlock];
if (request)
{
@@ -79,16 +77,14 @@
httpMethod:httpRequestMethod
session:session];
- BOOL useTrustedSSLServer = [[session objectForKey:kCMISSessionAllowUntrustedSSLCertificate defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpUploadRequest* request = [CMISHttpUploadRequest startRequest:urlRequest
- httpMethod:httpRequestMethod
- inputStream:inputStream
- headers:additionalHeaders
- bytesExpected:0
- authenticationProvider:session.authenticationProvider
- useTrustedSSLServer:useTrustedSSLServer
- completionBlock:completionBlock
- progressBlock:nil];
+ httpMethod:httpRequestMethod
+ inputStream:inputStream
+ headers:additionalHeaders
+ bytesExpected:0
+ authenticationProvider:session.authenticationProvider
+ completionBlock:completionBlock
+ progressBlock:nil];
if (request)
{
cmisRequest.httpRequest = request;
@@ -116,16 +112,14 @@
httpMethod:httpRequestMethod
session:session];
- BOOL useTrustedSSLServer = [[session objectForKey:kCMISSessionAllowUntrustedSSLCertificate defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpUploadRequest* request = [CMISHttpUploadRequest startRequest:urlRequest
- httpMethod:httpRequestMethod
- inputStream:inputStream
- headers:additionalHeaders
- bytesExpected:bytesExpected
- authenticationProvider:session.authenticationProvider
- useTrustedSSLServer:useTrustedSSLServer
- completionBlock:completionBlock
- progressBlock:progressBlock];
+ httpMethod:httpRequestMethod
+ inputStream:inputStream
+ headers:additionalHeaders
+ bytesExpected:bytesExpected
+ authenticationProvider:session.authenticationProvider
+ completionBlock:completionBlock
+ progressBlock:progressBlock];
if (request){
cmisRequest.httpRequest = request;
}
@@ -154,7 +148,6 @@
httpMethod:httpRequestMethod
session:session];
- BOOL useTrustedSSLServer = [[session objectForKey:kCMISSessionAllowUntrustedSSLCertificate defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpUploadRequest* request = [CMISHttpUploadRequest startRequest:urlRequest
httpMethod:httpRequestMethod
inputStream:inputStream
@@ -163,7 +156,6 @@
authenticationProvider:session.authenticationProvider
cmisProperties:cmisProperties
mimeType:mimeType
- useTrustedSSLServer:useTrustedSSLServer
completionBlock:completionBlock
progressBlock:progressBlock];
if (request){
@@ -192,15 +184,13 @@
httpMethod:HTTP_GET
session:session];
- BOOL useTrustedSSLServer = [[session objectForKey:kCMISSessionAllowUntrustedSSLCertificate defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpDownloadRequest* request = [CMISHttpDownloadRequest startRequest:urlRequest
- httpMethod:httpRequestMethod
- outputStream:outputStream
- bytesExpected:bytesExpected
- authenticationProvider:session.authenticationProvider
- useTrustedSSLServer:useTrustedSSLServer
- completionBlock:completionBlock
- progressBlock:progressBlock];
+ httpMethod:httpRequestMethod
+ outputStream:outputStream
+ bytesExpected:bytesExpected
+ authenticationProvider:session.authenticationProvider
+ completionBlock:completionBlock
+ progressBlock:progressBlock];
if (request) {
cmisRequest.httpRequest = request;
}
diff --git a/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h b/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
index a3fab19..2e32367 100644
--- a/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
+++ b/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
@@ -38,7 +38,6 @@
outputStream:(NSOutputStream*)outputStream
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
- useTrustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesDownloaded, unsigned long long bytesTotal))progressBlock;
diff --git a/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m b/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
index 20bd5c2..94f37ec 100644
--- a/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
+++ b/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
@@ -40,7 +40,6 @@
outputStream:(NSOutputStream*)outputStream
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
- useTrustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesDownloaded, unsigned long long bytesTotal))progressBlock
{
@@ -50,7 +49,6 @@
httpRequest.outputStream = outputStream;
httpRequest.bytesExpected = bytesExpected;
httpRequest.authenticationProvider = authenticationProvider;
- httpRequest.trustedSSLServer = trustedSSLServer;
if ([httpRequest startRequest:urlRequest] == NO) {
httpRequest = nil;
diff --git a/ObjectiveCMIS/Utils/CMISHttpRequest.h b/ObjectiveCMIS/Utils/CMISHttpRequest.h
index 13569d0..436d9a7 100644
--- a/ObjectiveCMIS/Utils/CMISHttpRequest.h
+++ b/ObjectiveCMIS/Utils/CMISHttpRequest.h
@@ -32,9 +32,8 @@
@property (nonatomic, strong) NSDictionary *additionalHeaders;
@property (nonatomic, strong) NSHTTPURLResponse *response;
@property (nonatomic, strong) id<CMISAuthenticationProvider> authenticationProvider;
-@property (nonatomic, assign) BOOL trustedSSLServer;
@property (nonatomic, copy) void (^completionBlock)(CMISHttpResponse *httpResponse, NSError *error);
-@property (nonatomic, strong) NSURL *requestURL;
+
/**
* starts a URL request for given HTTP method
* @param requestBody (optional)
@@ -47,7 +46,6 @@
requestBody:(NSData*)requestBody
headers:(NSDictionary*)additionalHeaders
authenticationProvider:(id<CMISAuthenticationProvider>)authenticationProvider
- useTrustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock;
/**
diff --git a/ObjectiveCMIS/Utils/CMISHttpRequest.m b/ObjectiveCMIS/Utils/CMISHttpRequest.m
index ddaf883..e8279a5 100644
--- a/ObjectiveCMIS/Utils/CMISHttpRequest.m
+++ b/ObjectiveCMIS/Utils/CMISHttpRequest.m
@@ -47,7 +47,6 @@
requestBody:(NSData*)requestBody
headers:(NSDictionary*)additionalHeaders
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
- useTrustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
{
CMISHttpRequest *httpRequest = [[self alloc] initWithHttpMethod:httpRequestMethod
@@ -55,7 +54,7 @@
httpRequest.requestBody = requestBody;
httpRequest.additionalHeaders = additionalHeaders;
httpRequest.authenticationProvider = authenticationProvider;
- httpRequest.trustedSSLServer = trustedSSLServer;
+
if ([httpRequest startRequest:urlRequest] == NO) {
httpRequest = nil;
}
@@ -78,7 +77,6 @@
- (BOOL)startRequest:(NSMutableURLRequest*)urlRequest
{
- self.requestURL = urlRequest.URL;
if (self.requestBody) {
if ([CMISLog sharedInstance].logLevel == CMISLogLevelTrace) {
CMISLogTrace(@"Request body: %@", [[NSString alloc] initWithData:self.requestBody encoding:NSUTF8StringEncoding]);
@@ -125,22 +123,10 @@
}
}
-/**
- In case of SSL self certification: developers need to set the appropriate session parameter flag to mark the SSL server as trusted. If it is, and if the
- host URL is what we expect, then we pass on the request to the authenticationProvider, which handles all authentication challenges. If not, we return NO.
- For all other requests, we pass this on to the authenticationProvider
- */
+
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
- BOOL isTrusted = (self.trustedSSLServer && [[self.requestURL host] isEqualToString:protectionSpace.host]);
- if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !isTrusted)
- {
- return NO;
- }
- else
- {
- return [self.authenticationProvider canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace];
- }
+ return [self.authenticationProvider canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace];
}
@@ -149,19 +135,9 @@
[self.authenticationProvider didCancelAuthenticationChallenge:challenge];
}
-/**
- this method gets called if the canAuthenticateAgainstProtectionSpace call has returned YES previously. For SSL server certificates, we check if the server is trusted
- (a parameter that developers must set when creating a CMISSession) and the host URL matches the one we actually requested
- If all this passes, we delegate the handling to the authenticationProvider
- */
+
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
- BOOL isTrusted = (self.trustedSSLServer && [[self.requestURL host] isEqualToString:challenge.protectionSpace.host]);
- if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !isTrusted)
- {
- [challenge.sender cancelAuthenticationChallenge:challenge];
- return;
- }
[self.authenticationProvider didReceiveAuthenticationChallenge:challenge];
}
diff --git a/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h b/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
index 60751ef..0f473c7 100644
--- a/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
+++ b/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
@@ -35,7 +35,6 @@
headers:(NSDictionary*)addionalHeaders
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
- useTrustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long long bytesTotal))progressBlock;
@@ -54,7 +53,6 @@
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
cmisProperties:(CMISProperties *)cmisProperties
mimeType:(NSString *)mimeType
-useTrustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long long bytesTotal))progressBlock;
diff --git a/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m b/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
index 8acb211..d656c98 100644
--- a/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
+++ b/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
@@ -116,7 +116,6 @@
headers:(NSDictionary*)additionalHeaders
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
- useTrustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long long bytesTotal))progressBlock
{
@@ -130,7 +129,6 @@
httpRequest.base64Encoding = NO;
httpRequest.base64InputStream = nil;
httpRequest.encoderStream = nil;
- httpRequest.trustedSSLServer = trustedSSLServer;
if ([httpRequest startRequest:urlRequest] == NO) {
httpRequest = nil;
@@ -147,7 +145,6 @@
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
cmisProperties:(CMISProperties *)cmisProperties
mimeType:(NSString *)mimeType
- useTrustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long long bytesTotal))progressBlock
{
@@ -160,7 +157,6 @@
httpRequest.bytesExpected = bytesExpected;
httpRequest.base64Encoding = YES;
httpRequest.authenticationProvider = authenticationProvider;
- httpRequest.trustedSSLServer = trustedSSLServer;
[httpRequest prepareStreams];
[httpRequest prepareXMLWithCMISProperties:cmisProperties mimeType:mimeType];
