evie/AFNetworking
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes AFSSLPinningModePublicKey on OS X.

Browse source
This commit is contained in:
Oliver Letterer 2013-06-01 19:28:40 +02:00
parent 3163069cbc
commit f1cfb96ad7
1 changed files with 28 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
AFNetworking/AFURLConnectionOperation.m
View file

@ -107,6 +107,26 @@ static inline BOOL AFStateTransitionIsValid(AFOperationState fromState, AFOperat
} }
} }
#if !defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
static NSData *AFSecKeyGetData(SecKeyRef key) {
CFDataRef data = NULL;
OSStatus status = SecItemExport(key, kSecFormatUnknown, kSecItemPemArmour, NULL, &data);
NSCAssert(status == errSecSuccess, @"SecItemExport error: %ld", (long int)status);
NSCParameterAssert(data);
return (__bridge_transfer NSData *)data;
}
#endif
static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) {
#if defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
return [(__bridge id)key1 isEqual:(__bridge id)key2];
#else
return [AFSecKeyGetData(key1) isEqual:AFSecKeyGetData(key2)];
#endif
}
@interface AFURLConnectionOperation () @interface AFURLConnectionOperation ()
@property (readwrite, nonatomic, assign) AFOperationState state; @property (readwrite, nonatomic, assign) AFOperationState state;
@property (readwrite, nonatomic, assign, getter = isCancelled) BOOL cancelled; @property (readwrite, nonatomic, assign, getter = isCancelled) BOOL cancelled;
@ -616,11 +636,15 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
switch (self.SSLPinningMode) { switch (self.SSLPinningMode) {
case AFSSLPinningModePublicKey: { case AFSSLPinningModePublicKey: {
NSArray *pinnedPublicKeys = [self.class pinnedPublicKeys];
for (id publicKey in trustChain) { for (id publicKey in trustChain) {
if ([[self.class pinnedPublicKeys] containsObject:publicKey]) { for (id pinnedPublicKey in pinnedPublicKeys) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust]; if (AFSecKeyIsEqualToKey((__bridge SecKeyRef)publicKey, (__bridge SecKeyRef)pinnedPublicKey)) {
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge]; NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
return; [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
return;
}
} }
} }