diff --git a/AFNetworking/AFHTTPClient.h b/AFNetworking/AFHTTPClient.h index 2e5d504..e7083f5 100644 --- a/AFNetworking/AFHTTPClient.h +++ b/AFNetworking/AFHTTPClient.h @@ -141,9 +141,7 @@ typedef enum { /** Default SSL pinning mode for each `AFHTTPRequestOperation` created by `HTTPRequestOperationWithRequest:success:failure:`. */ -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ @property (nonatomic, assign) AFURLConnectionOperationSSLPinningMode defaultSSLPinningMode; -#endif /** Whether each `AFHTTPRequestOperation` created by `HTTPRequestOperationWithRequest:success:failure:` should accept an invalid SSL certificate. diff --git a/AFNetworking/AFHTTPClient.m b/AFNetworking/AFHTTPClient.m index 09049af..7d9d166 100644 --- a/AFNetworking/AFHTTPClient.m +++ b/AFNetworking/AFHTTPClient.m @@ -212,9 +212,7 @@ NSArray * AFQueryStringPairsFromKeyAndValue(NSString *key, id value) { @synthesize networkReachabilityStatus = _networkReachabilityStatus; @synthesize networkReachabilityStatusBlock = _networkReachabilityStatusBlock; #endif -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ @synthesize defaultSSLPinningMode = _defaultSSLPinningMode; -#endif @synthesize allowsInvalidSSLCertificate = _allowsInvalidSSLCertificate; + (instancetype)clientWithBaseURL:(NSURL *)url { @@ -556,9 +554,7 @@ static void AFNetworkReachabilityReleaseCallback(const void *info) { [operation setCompletionBlockWithSuccess:success failure:failure]; operation.credential = self.defaultCredential; -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ operation.SSLPinningMode = self.defaultSSLPinningMode; -#endif operation.allowsInvalidSSLCertificate = self.allowsInvalidSSLCertificate; return operation; diff --git a/AFNetworking/AFURLConnectionOperation.h b/AFNetworking/AFURLConnectionOperation.h index 3866a2e..a86788b 100644 --- a/AFNetworking/AFURLConnectionOperation.h +++ b/AFNetworking/AFURLConnectionOperation.h @@ -45,15 +45,7 @@ - `connection:willCacheResponse:` - `connectionShouldUseCredentialStorage:` - `connection:needNewBodyStream:` - - When _AFNETWORKING_PIN_SSL_CERTIFICATES_ is defined, the following authentication delegate method is implemented: - - `connection:willSendRequestForAuthenticationChallenge:` - - Otherwise, the following authentication delegate methods are implemented: - - - `connection:canAuthenticateAgainstProtectionSpace:` - - `connection:didReceiveAuthenticationChallenge:` If any of these methods are overridden in a subclass, they _must_ call the `super` implementation first. @@ -91,13 +83,11 @@ - Operation copies do not include `completionBlock`. `completionBlock` often strongly captures a reference to `self`, which would otherwise have the unintuitive side-effect of pointing to the _original_ operation when copied. */ -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ typedef enum { AFSSLPinningModeNone, AFSSLPinningModePublicKey, AFSSLPinningModeCertificate, } AFURLConnectionOperationSSLPinningMode; -#endif @interface AFURLConnectionOperation : NSOperation = 50000) || \ @@ -185,9 +175,7 @@ NSCoding, NSCopying> To enable SSL Pinning, `#define _AFNETWORKING_PIN_SSL_CERTIFICATES_` in `Prefix.pch`. Also, make sure that the Security framework is linked with the binary. See the "SSL Pinning" section in the `AFURLConnectionOperation`" header for more information. */ -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ @property (nonatomic, assign) AFURLConnectionOperationSSLPinningMode SSLPinningMode; -#endif ///------------------------ /// @name Accessing Streams @@ -289,7 +277,6 @@ NSCoding, NSCopying> /// @name Setting NSURLConnection Delegate Callbacks ///------------------------------------------------- -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ /** Sets a block to be executed when the connection will authenticate a challenge in order to download its request, as handled by the `NSURLConnectionDelegate` method `connection:willSendRequestForAuthenticationChallenge:`. @@ -299,28 +286,6 @@ NSCoding, NSCopying> */ - (void)setWillSendRequestForAuthenticationChallengeBlock:(void (^)(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge))block; -#else - -/** - Sets a block to be executed to determine whether the connection should be able to respond to a protection space's form of authentication, as handled by the `NSURLConnectionDelegate` method `connection:canAuthenticateAgainstProtectionSpace:`. - - If `allowsInvalidSSLCertificate` is set to YES, `connection:canAuthenticateAgainstProtectionSpace:` will accept invalid SSL certificates, returning `YES` if the protection space authentication method is `NSURLAuthenticationMethodServerTrust`. - - @param block A block object to be executed to determine whether the connection should be able to respond to a protection space's form of authentication. The block has a `BOOL` return type and takes two arguments: the URL connection object, and the protection space to authenticate against. - */ -- (void)setAuthenticationAgainstProtectionSpaceBlock:(BOOL (^)(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace))block; - -/** - Sets a block to be executed when the connection must authenticate a challenge in order to download its request, as handled by the `NSURLConnectionDelegate` method `connection:didReceiveAuthenticationChallenge:`. - - @param block A block object to be executed when the connection must authenticate a challenge in order to download its request. The block has no return type and takes two arguments: the URL connection object, and the challenge that must be authenticated. - - If `allowsInvalidSSLCertificate` is set to YES, `connection:didReceiveAuthenticationChallenge:` will attempt to have the challenge sender use credentials with invalid SSL certificates. - */ -- (void)setAuthenticationChallengeBlock:(void (^)(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge))block; - -#endif - /** Sets a block to be executed when the server redirects the request from one URL to another URL, or when the request URL changed by the `NSURLProtocol` subclass handling the request in order to standardize its format, as handled by the `NSURLConnectionDelegate` method `connection:willSendRequest:redirectResponse:`. diff --git a/AFNetworking/AFURLConnectionOperation.m b/AFNetworking/AFURLConnectionOperation.m index c5ea309..06b203d 100644 --- a/AFNetworking/AFURLConnectionOperation.m +++ b/AFNetworking/AFURLConnectionOperation.m @@ -56,9 +56,6 @@ NSString * const AFNetworkingOperationDidStartNotification = @"com.alamofire.net NSString * const AFNetworkingOperationDidFinishNotification = @"com.alamofire.networking.operation.finish"; typedef void (^AFURLConnectionOperationProgressBlock)(NSUInteger bytes, long long totalBytes, long long totalBytesExpected); -#ifndef _AFNETWORKING_PIN_SSL_CERTIFICATES_ -typedef BOOL (^AFURLConnectionOperationAuthenticationAgainstProtectionSpaceBlock)(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace); -#endif typedef void (^AFURLConnectionOperationAuthenticationChallengeBlock)(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge); typedef NSCachedURLResponse * (^AFURLConnectionOperationCacheResponseBlock)(NSURLConnection *connection, NSCachedURLResponse *cachedResponse); typedef NSURLRequest * (^AFURLConnectionOperationRedirectResponseBlock)(NSURLConnection *connection, NSURLRequest *request, NSURLResponse *redirectResponse); @@ -142,9 +139,6 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { @property (readwrite, nonatomic, assign) AFBackgroundTaskIdentifier backgroundTaskIdentifier; @property (readwrite, nonatomic, copy) AFURLConnectionOperationProgressBlock uploadProgress; @property (readwrite, nonatomic, copy) AFURLConnectionOperationProgressBlock downloadProgress; -#ifndef _AFNETWORKING_PIN_SSL_CERTIFICATES_ -@property (readwrite, nonatomic, copy) AFURLConnectionOperationAuthenticationAgainstProtectionSpaceBlock authenticationAgainstProtectionSpace; -#endif @property (readwrite, nonatomic, copy) AFURLConnectionOperationAuthenticationChallengeBlock authenticationChallenge; @property (readwrite, nonatomic, copy) AFURLConnectionOperationCacheResponseBlock cacheResponse; @property (readwrite, nonatomic, copy) AFURLConnectionOperationRedirectResponseBlock redirectResponse; @@ -170,18 +164,13 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { @dynamic inputStream; @synthesize outputStream = _outputStream; @synthesize credential = _credential; -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ @synthesize SSLPinningMode = _SSLPinningMode; -#endif @synthesize shouldUseCredentialStorage = _shouldUseCredentialStorage; @synthesize userInfo = _userInfo; @synthesize backgroundTaskIdentifier = _backgroundTaskIdentifier; @synthesize uploadProgress = _uploadProgress; @synthesize downloadProgress = _downloadProgress; @synthesize authenticationChallenge = _authenticationChallenge; -#ifndef _AFNETWORKING_PIN_SSL_CERTIFICATES_ -@synthesize authenticationAgainstProtectionSpace = _authenticationAgainstProtectionSpace; -#endif @synthesize cacheResponse = _cacheResponse; @synthesize redirectResponse = _redirectResponse; @synthesize lock = _lock; @@ -207,7 +196,6 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { return _networkRequestThread; } -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ + (NSArray *)pinnedCertificates { static NSArray *_pinnedCertificates = nil; static dispatch_once_t onceToken; @@ -265,7 +253,6 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { return _pinnedPublicKeys; } -#endif - (id)initWithRequest:(NSURLRequest *)urlRequest { NSParameterAssert(urlRequest); @@ -394,24 +381,10 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { self.downloadProgress = block; } -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ - - (void)setWillSendRequestForAuthenticationChallengeBlock:(void (^)(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge))block { self.authenticationChallenge = block; } -#else - -- (void)setAuthenticationAgainstProtectionSpaceBlock:(BOOL (^)(NSURLConnection *, NSURLProtectionSpace *))block { - self.authenticationAgainstProtectionSpace = block; -} - -- (void)setAuthenticationChallengeBlock:(void (^)(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge))block { - self.authenticationChallenge = block; -} - -#endif - - (void)setCacheResponseBlock:(NSCachedURLResponse * (^)(NSURLConnection *connection, NSCachedURLResponse *cachedResponse))block { self.cacheResponse = block; } @@ -593,8 +566,6 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { #pragma mark - NSURLConnectionDelegate -#ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_ - - (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { @@ -698,52 +669,6 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe } } -#else - -- (BOOL)connection:(NSURLConnection *)connection -canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace -{ - if (self.allowsInvalidSSLCertificate && - [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { - return YES; - } - - if (self.authenticationAgainstProtectionSpace) { - return self.authenticationAgainstProtectionSpace(connection, protectionSpace); - } else if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] || [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate]) { - return NO; - } else { - return YES; - } -} - -- (void)connection:(NSURLConnection *)connection -didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge -{ - - if (self.allowsInvalidSSLCertificate - && [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { - [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; - return; - } - - if (self.authenticationChallenge) { - self.authenticationChallenge(connection, challenge); - } else { - if ([challenge previousFailureCount] == 0) { - if (self.credential) { - [[challenge sender] useCredential:self.credential forAuthenticationChallenge:challenge]; - } else { - [[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge]; - } - } else { - [[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge]; - } - } -} - -#endif - - (BOOL)connectionShouldUseCredentialStorage:(NSURLConnection __unused *)connection { return self.shouldUseCredentialStorage; } @@ -896,9 +821,6 @@ didReceiveResponse:(NSURLResponse *)response operation.uploadProgress = self.uploadProgress; operation.downloadProgress = self.downloadProgress; -#ifndef _AFNETWORKING_PIN_SSL_CERTIFICATES_ - operation.authenticationAgainstProtectionSpace = self.authenticationAgainstProtectionSpace; -#endif operation.authenticationChallenge = self.authenticationChallenge; operation.cacheResponse = self.cacheResponse; operation.redirectResponse = self.redirectResponse; diff --git a/Example/Prefix.pch b/Example/Prefix.pch index df78b3c..18b984d 100644 --- a/Example/Prefix.pch +++ b/Example/Prefix.pch @@ -1,7 +1,5 @@ #import -#define _AFNETWORKING_PIN_SSL_CERTIFICATES_ - #if __IPHONE_OS_VERSION_MIN_REQUIRED #ifndef __IPHONE_3_0 #warning "This project uses features only available in iPhone SDK 3.0 and later."