From c7ad86ccb7f9d21e9ac79218592f3c168490f108 Mon Sep 17 00:00:00 2001 From: Tom Burgin Date: Mon, 8 Aug 2016 16:17:15 -0400 Subject: [PATCH] serverRootsPemFile and serverRootsPemData --> only setters (#5) --- Source/MOLAuthenticatingURLSession.h | 28 +++++++++++++++------------- Source/MOLAuthenticatingURLSession.m | 19 +++++++++---------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/Source/MOLAuthenticatingURLSession.h b/Source/MOLAuthenticatingURLSession.h index 602e21f..95836ab 100644 --- a/Source/MOLAuthenticatingURLSession.h +++ b/Source/MOLAuthenticatingURLSession.h @@ -46,18 +46,6 @@ */ @property(copy, nonatomic) NSString *serverHostname; -/** - This should be PEM data containing one or more certificates to use to verify the server's - certificate chain. This will override the trusted system roots. -*/ -@property(copy, nonatomic) NSData *serverRootsPemData; - -/** - This should be the path to a PEM file containing one or more certificates to use to verify - the server's certificate chain. This will override the trusted system roots. -*/ -@property(copy, nonatomic) NSString *serverRootsPemFile; - /** If set and client certificate authentication is needed, the pkcs#12 file will be loaded */ @property(copy, nonatomic) NSString *clientCertFile; @@ -109,7 +97,21 @@ @property(copy) void (^dataTaskDidReceiveDataBlock)(NSURLSession *, NSURLSessionDataTask *, NSData *); -/** Designated initializer */ +/** + This method should be called with PEM data containing one or more certificates to use to verify the + server's certificate chain. This will override the trusted system roots. If there are no usable + certificates within the data, the trusted system roots will be used. +*/ +- (void)setServerRootsPemData:(NSData *)serverRootsPemData; + +/** + This method should be called with the path to a PEM file containing one or more certificates to use + to verify the server's certificate chain. This will override the trusted system roots. If there are + no usable certificates within the file, the trusted system roots will be used. +*/ +- (void)setServerRootsPemFile:(NSString *)serverRootsPemFile; + +/** Designated initializer */ - (instancetype)initWithSessionConfiguration:(NSURLSessionConfiguration *)configuration; @end diff --git a/Source/MOLAuthenticatingURLSession.m b/Source/MOLAuthenticatingURLSession.m index 740764f..5c3e59c 100644 --- a/Source/MOLAuthenticatingURLSession.m +++ b/Source/MOLAuthenticatingURLSession.m @@ -60,33 +60,32 @@ - (void)setUserAgent:(NSString *)userAgent { self.sessionConfig.HTTPAdditionalHeaders = addlHeaders; } -#pragma mark Server Roots properties +#pragma mark Server Roots - (void)setServerRootsPemFile:(NSString *)serverRootsPemFile { - if (!serverRootsPemFile) { - _serverRootsPemFile = nil; - return; - } + if (!serverRootsPemFile) return [self setServerRootsPemData:nil]; NSError *error; NSData *rootsData = [NSData dataWithContentsOfFile:serverRootsPemFile options:0 error:&error]; if (!rootsData) { - [self log:@"Unable to read server root certificate file %@ with error: %@", - self.serverRootsPemFile, error.localizedDescription]; + return [self log:@"Unable to read server root certificate file %@ with error: %@", + serverRootsPemFile, error.localizedDescription]; } - self.serverRootsPemData = rootsData; + [self setServerRootsPemData:rootsData]; } - (void)setServerRootsPemData:(NSData *)serverRootsPemData { if (!serverRootsPemData) { - _serverRootsPemData = nil; + self.anchors = nil; return; } NSString *pemStrings = [[NSString alloc] initWithData:serverRootsPemData encoding:NSASCIIStringEncoding]; NSArray *certs = [MOLCertificate certificatesFromPEM:pemStrings]; - + if (!certs.count) { + return [self log:@"Unable to read server root certificates from data %@", serverRootsPemData]; + } // Make a new array of the SecCertificateRef's from the MOLCertificate's. NSMutableArray *certRefs = [[NSMutableArray alloc] initWithCapacity:certs.count]; for (MOLCertificate *cert in certs) {