serverRootsPemFile and serverRootsPemData --> only setters (#5)

google · Aug 8, 2016 · c7ad86c · c7ad86c
1 parent 3ea9e9b
commit c7ad86c
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 23 deletions.
diff --git a/Source/MOLAuthenticatingURLSession.h b/Source/MOLAuthenticatingURLSession.h
@@ -46,18 +46,6 @@
 */
 @property(copy, nonatomic) NSString *serverHostname;
 
-/**
-  This should be PEM data containing one or more certificates to use to verify the server's
-  certificate chain. This will override the trusted system roots.
-*/
-@property(copy, nonatomic) NSData *serverRootsPemData;
-
-/**
-  This should be the path to a PEM file containing one or more certificates to use to verify
-  the server's certificate chain. This will override the trusted system roots.
-*/
-@property(copy, nonatomic) NSString *serverRootsPemFile;
-
 /**  If set and client certificate authentication is needed, the pkcs#12 file will be loaded */
 @property(copy, nonatomic) NSString *clientCertFile;
 
@@ -109,7 +97,21 @@
 @property(copy) void
     (^dataTaskDidReceiveDataBlock)(NSURLSession *, NSURLSessionDataTask *, NSData *);
 
-/** Designated initializer */
+/**
+  This method should be called with PEM data containing one or more certificates to use to verify the
+  server's certificate chain. This will override the trusted system roots. If there are no usable
+  certificates within the data, the trusted system roots will be used.
+*/
+- (void)setServerRootsPemData:(NSData *)serverRootsPemData;
+
+/**
+  This method should be called with the path to a PEM file containing one or more certificates to use
+  to verify the server's certificate chain. This will override the trusted system roots. If there are
+  no usable certificates within the file, the trusted system roots will be used.
+*/
+- (void)setServerRootsPemFile:(NSString *)serverRootsPemFile;
+
+/**  Designated initializer */
 - (instancetype)initWithSessionConfiguration:(NSURLSessionConfiguration *)configuration;
 
 @end
diff --git a/Source/MOLAuthenticatingURLSession.m b/Source/MOLAuthenticatingURLSession.m
@@ -60,33 +60,32 @@ - (void)setUserAgent:(NSString *)userAgent {
   self.sessionConfig.HTTPAdditionalHeaders = addlHeaders;
 }
 
-#pragma mark Server Roots properties
+#pragma mark Server Roots
 
 - (void)setServerRootsPemFile:(NSString *)serverRootsPemFile {
-  if (!serverRootsPemFile) {
-    _serverRootsPemFile = nil;
-    return;
-  }
+  if (!serverRootsPemFile) return [self setServerRootsPemData:nil];
   NSError *error;
   NSData *rootsData = [NSData dataWithContentsOfFile:serverRootsPemFile
                                              options:0
                                                error:&error];
   if (!rootsData) {
-    [self log:@"Unable to read server root certificate file %@ with error: %@",
-        self.serverRootsPemFile, error.localizedDescription];
+    return [self log:@"Unable to read server root certificate file %@ with error: %@",
+            serverRootsPemFile, error.localizedDescription];
   }
-  self.serverRootsPemData = rootsData;
+  [self setServerRootsPemData:rootsData];
 }
 
 - (void)setServerRootsPemData:(NSData *)serverRootsPemData {
   if (!serverRootsPemData) {
-    _serverRootsPemData = nil;
+    self.anchors = nil;
     return;
   }
   NSString *pemStrings = [[NSString alloc] initWithData:serverRootsPemData
                                                encoding:NSASCIIStringEncoding];
   NSArray *certs = [MOLCertificate certificatesFromPEM:pemStrings];
-
+  if (!certs.count) {
+    return [self log:@"Unable to read server root certificates from data %@", serverRootsPemData];
+  }
   // Make a new array of the SecCertificateRef's from the MOLCertificate's.
   NSMutableArray *certRefs = [[NSMutableArray alloc] initWithCapacity:certs.count];
   for (MOLCertificate *cert in certs) {