A parameter has been introduced to CMISSessionParameters to allow the setting of a flag indicating an SSL server is trusted. This flag is then checked in the Request class to see if we should handle self-certified SSL servers. The default is NO.
git-svn-id: https://svn.apache.org/repos/asf/chemistry/objectivecmis/trunk@1478326 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/ObjectiveCMIS/Common/CMISSessionParameters.h b/ObjectiveCMIS/Common/CMISSessionParameters.h
index b19d7cd..59a58bf 100644
--- a/ObjectiveCMIS/Common/CMISSessionParameters.h
+++ b/ObjectiveCMIS/Common/CMISSessionParameters.h
@@ -42,6 +42,8 @@
// TODO: Temporary, must be extracted into separate project
extern NSString * const kCMISSessionParameterMode;
+extern NSString * const kCMISSessionTrustedSSLServerFlag;
+
@interface CMISSessionParameters : NSObject
// Repository connection
diff --git a/ObjectiveCMIS/Common/CMISSessionParameters.m b/ObjectiveCMIS/Common/CMISSessionParameters.m
index ac27f9e..5ebe46c 100644
--- a/ObjectiveCMIS/Common/CMISSessionParameters.m
+++ b/ObjectiveCMIS/Common/CMISSessionParameters.m
@@ -25,6 +25,9 @@
NSString * const kCMISSessionParameterMode = @"session_param_mode";
+
+NSString * const kCMISSessionTrustedSSLServerFlag = @"session_param_trusted_ssl_server_flag";
+
@interface CMISSessionParameters ()
@property (nonatomic, assign, readwrite) CMISBindingType bindingType;
@property (nonatomic, strong, readwrite) NSMutableDictionary *sessionData;
diff --git a/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m b/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
index d9dc91f..ff7d7fd 100644
--- a/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
+++ b/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
@@ -46,11 +46,13 @@
session:session];
if (!cmisRequest.isCancelled)
{
+ BOOL isTrusted = [[session objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpRequest* request = [CMISHttpRequest startRequest:urlRequest
httpMethod:httpRequestMethod
requestBody:body
headers:additionalHeaders
authenticationProvider:session.authenticationProvider
+ trustedSSLServer:isTrusted
completionBlock:completionBlock];
if (request)
{
@@ -77,14 +79,16 @@
httpMethod:httpRequestMethod
session:session];
+ BOOL isTrusted = [[session objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpUploadRequest* request = [CMISHttpUploadRequest startRequest:urlRequest
- httpMethod:httpRequestMethod
- inputStream:inputStream
- headers:additionalHeaders
- bytesExpected:0
- authenticationProvider:session.authenticationProvider
- completionBlock:completionBlock
- progressBlock:nil];
+ httpMethod:httpRequestMethod
+ inputStream:inputStream
+ headers:additionalHeaders
+ bytesExpected:0
+ authenticationProvider:session.authenticationProvider
+ trustedSSLServer:isTrusted
+ completionBlock:completionBlock
+ progressBlock:nil];
if (request)
{
cmisRequest.httpRequest = request;
@@ -112,14 +116,16 @@
httpMethod:httpRequestMethod
session:session];
+ BOOL isTrusted = [[session objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpUploadRequest* request = [CMISHttpUploadRequest startRequest:urlRequest
- httpMethod:httpRequestMethod
- inputStream:inputStream
- headers:additionalHeaders
- bytesExpected:bytesExpected
- authenticationProvider:session.authenticationProvider
- completionBlock:completionBlock
- progressBlock:progressBlock];
+ httpMethod:httpRequestMethod
+ inputStream:inputStream
+ headers:additionalHeaders
+ bytesExpected:bytesExpected
+ authenticationProvider:session.authenticationProvider
+ trustedSSLServer:isTrusted
+ completionBlock:completionBlock
+ progressBlock:progressBlock];
if (request){
cmisRequest.httpRequest = request;
}
@@ -148,6 +154,7 @@
httpMethod:httpRequestMethod
session:session];
+ BOOL isTrusted = [[session objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpUploadRequest* request = [CMISHttpUploadRequest startRequest:urlRequest
httpMethod:httpRequestMethod
inputStream:inputStream
@@ -156,6 +163,7 @@
authenticationProvider:session.authenticationProvider
cmisProperties:cmisProperties
mimeType:mimeType
+ trustedSSLServer:isTrusted
completionBlock:completionBlock
progressBlock:progressBlock];
if (request){
@@ -184,13 +192,15 @@
httpMethod:HTTP_GET
session:session];
+ BOOL isTrusted = [[session objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber numberWithBool:NO]] boolValue];
CMISHttpDownloadRequest* request = [CMISHttpDownloadRequest startRequest:urlRequest
- httpMethod:httpRequestMethod
- outputStream:outputStream
- bytesExpected:bytesExpected
- authenticationProvider:session.authenticationProvider
- completionBlock:completionBlock
- progressBlock:progressBlock];
+ httpMethod:httpRequestMethod
+ outputStream:outputStream
+ bytesExpected:bytesExpected
+ authenticationProvider:session.authenticationProvider
+ trustedSSLServer:isTrusted
+ completionBlock:completionBlock
+ progressBlock:progressBlock];
if (request) {
cmisRequest.httpRequest = request;
}
diff --git a/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h b/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
index 2e32367..9a7081c 100644
--- a/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
+++ b/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
@@ -38,6 +38,7 @@
outputStream:(NSOutputStream*)outputStream
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesDownloaded, unsigned long long bytesTotal))progressBlock;
diff --git a/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m b/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
index 94f37ec..b2095aa 100644
--- a/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
+++ b/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
@@ -40,6 +40,7 @@
outputStream:(NSOutputStream*)outputStream
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesDownloaded, unsigned long long bytesTotal))progressBlock
{
@@ -49,6 +50,7 @@
httpRequest.outputStream = outputStream;
httpRequest.bytesExpected = bytesExpected;
httpRequest.authenticationProvider = authenticationProvider;
+ httpRequest.trustedSSLServer = trustedSSLServer;
if ([httpRequest startRequest:urlRequest] == NO) {
httpRequest = nil;
diff --git a/ObjectiveCMIS/Utils/CMISHttpRequest.h b/ObjectiveCMIS/Utils/CMISHttpRequest.h
index 436d9a7..0d15dca 100644
--- a/ObjectiveCMIS/Utils/CMISHttpRequest.h
+++ b/ObjectiveCMIS/Utils/CMISHttpRequest.h
@@ -32,6 +32,7 @@
@property (nonatomic, strong) NSDictionary *additionalHeaders;
@property (nonatomic, strong) NSHTTPURLResponse *response;
@property (nonatomic, strong) id<CMISAuthenticationProvider> authenticationProvider;
+@property (nonatomic, assign) BOOL trustedSSLServer;
@property (nonatomic, copy) void (^completionBlock)(CMISHttpResponse *httpResponse, NSError *error);
/**
@@ -46,6 +47,7 @@
requestBody:(NSData*)requestBody
headers:(NSDictionary*)additionalHeaders
authenticationProvider:(id<CMISAuthenticationProvider>)authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock;
/**
diff --git a/ObjectiveCMIS/Utils/CMISHttpRequest.m b/ObjectiveCMIS/Utils/CMISHttpRequest.m
index e8279a5..a0ec045 100644
--- a/ObjectiveCMIS/Utils/CMISHttpRequest.m
+++ b/ObjectiveCMIS/Utils/CMISHttpRequest.m
@@ -47,6 +47,7 @@
requestBody:(NSData*)requestBody
headers:(NSDictionary*)additionalHeaders
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
{
CMISHttpRequest *httpRequest = [[self alloc] initWithHttpMethod:httpRequestMethod
@@ -54,7 +55,7 @@
httpRequest.requestBody = requestBody;
httpRequest.additionalHeaders = additionalHeaders;
httpRequest.authenticationProvider = authenticationProvider;
-
+ httpRequest.trustedSSLServer = trustedSSLServer;
if ([httpRequest startRequest:urlRequest] == NO) {
httpRequest = nil;
}
@@ -126,7 +127,14 @@
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
- return [self.authenticationProvider canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace];
+ if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !self.trustedSSLServer)
+ {
+ return NO;
+ }
+ else
+ {
+ return [self.authenticationProvider canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace];
+ }
}
@@ -138,6 +146,11 @@
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
+ if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !self.trustedSSLServer)
+ {
+ [challenge.sender cancelAuthenticationChallenge:challenge];
+ return;
+ }
[self.authenticationProvider didReceiveAuthenticationChallenge:challenge];
}
diff --git a/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h b/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
index 0f473c7..78763ce 100644
--- a/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
+++ b/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
@@ -35,6 +35,7 @@
headers:(NSDictionary*)addionalHeaders
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long long bytesTotal))progressBlock;
@@ -53,6 +54,7 @@
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
cmisProperties:(CMISProperties *)cmisProperties
mimeType:(NSString *)mimeType
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long long bytesTotal))progressBlock;
diff --git a/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m b/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
index d656c98..d7a69af 100644
--- a/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
+++ b/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
@@ -116,6 +116,7 @@
headers:(NSDictionary*)additionalHeaders
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long long bytesTotal))progressBlock
{
@@ -129,6 +130,7 @@
httpRequest.base64Encoding = NO;
httpRequest.base64InputStream = nil;
httpRequest.encoderStream = nil;
+ httpRequest.trustedSSLServer = trustedSSLServer;
if ([httpRequest startRequest:urlRequest] == NO) {
httpRequest = nil;
@@ -145,6 +147,7 @@
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
cmisProperties:(CMISProperties *)cmisProperties
mimeType:(NSString *)mimeType
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long long bytesTotal))progressBlock
{
@@ -157,6 +160,7 @@
httpRequest.bytesExpected = bytesExpected;
httpRequest.base64Encoding = YES;
httpRequest.authenticationProvider = authenticationProvider;
+ httpRequest.trustedSSLServer = trustedSSLServer;
[httpRequest prepareStreams];
[httpRequest prepareXMLWithCMISProperties:cmisProperties mimeType:mimeType];