Skip to content
This repository has been archived by the owner on Mar 4, 2020. It is now read-only.

Added MKNetworkOperation.serverTrustDelegate. #362

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions MKNetworkKit/MKNetworkOperation.h
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,36 @@ typedef enum {
MKNKPostDataEncodingTypePlist,
MKNKPostDataEncodingTypeCustom
} MKNKPostDataEncodingType;


@class NSURLAuthenticationChallenge;
@protocol MKServerTrustDelegate

@required

/*!
* @abstract This function is called when a server presents an SSL certificate and the certificate is not
* immediately trusted.
*
* @discussion
* This gives you an opportunity to present the certificate to the user for a decision, or however else you
* would like to make the trust decision.
*
* You should call either [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge] or
* [challenge.sender useCredential:[NSURLCredential credentialForTrust:trustRef] forAuthenticationChallenge:challenge]
* when the decision is made.
*
* SecTrustEvaluate has already been called on the given trustRef.
*
* @param trustRef The SecTrustRef object for this challenge (i.e. challenge.protectionSpace.serverTrust).
* @param trustResult One of the valid SecTrustResultType values, except for kSecTrustResultProceed and
* kSecTrustResultUnspecified. This is the result from SecTrustEvaluate(trustRef).
*/
-(void)handleServerCertificate:(MKNetworkOperation*)op challenge:(NSURLAuthenticationChallenge*)challenge trustRef:(SecTrustRef)trustRef trustResult:(SecTrustResultType)trustResult;

@end


/*!
@header MKNetworkOperation.h
@abstract Represents a single unique network operation.
Expand Down Expand Up @@ -241,6 +271,15 @@ typedef enum {
*/
@property (nonatomic, assign) BOOL shouldContinueWithInvalidCertificate;

/*!
* @abstract A delegate used when a server presents an SSL certificate and the certificate is not immediately trusted.
*
* @discussion
* See MKServerTrustDelegate for more details. self.shouldContinueWithInvalidCertificate takes precedence over serverTrustDelegate.
* If this is nil, then any invalid or untrusted certificate is rejected.
*/
@property (nonatomic, weak) id<MKServerTrustDelegate> serverTrustDelegate;

/*!
* @abstract Boolean variable that states whether the request should automatically include an Accept-Language header.
* @property shouldSendAcceptLanguageHeader
Expand Down
7 changes: 7 additions & 0 deletions MKNetworkKit/MKNetworkOperation.m
Original file line number Diff line number Diff line change
Expand Up @@ -1146,6 +1146,10 @@ - (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticatio
// Cert not trusted, but user is OK with that
DLog(@"Certificate is not trusted, but self.shouldContinueWithInvalidCertificate is YES");
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
} else if (self.serverTrustDelegate != nil) {

DLog(@"Certificate is not trusted, calling self.serverTrustDelegate to proceed.");
[self.serverTrustDelegate handleServerCertificate:self challenge:challenge trustRef:self.serverTrust trustResult:result];
} else {

DLog(@"Certificate is not trusted, continuing without credentials. Might result in 401 Unauthorized");
Expand All @@ -1158,6 +1162,9 @@ - (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticatio
if(self.shouldContinueWithInvalidCertificate) {
DLog(@"Certificate is invalid, but self.shouldContinueWithInvalidCertificate is YES");
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
} else if (self.serverTrustDelegate != nil) {
DLog(@"Certificate is invalid, calling self.serverTrustDelegate to proceed.");
[self.serverTrustDelegate handleServerCertificate:self challenge:challenge trustRef:self.serverTrust trustResult:result];
} else {
DLog(@"Certificate is invalid, continuing without credentials. Might result in 401 Unauthorized");
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
Expand Down