Author: pweschmidt
Date: Thu May 2 11:11:11 2013
New Revision: 1478326
URL: http://svn.apache.org/r1478326
Log:
A parameter has been introduced to CMISSessionParameters to allow the setting
of a flag indicating an SSL server is trusted. This flag is then checked in the
Request class to see if we should handle self-certified SSL servers. The
default is NO.
Modified:
chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.h
chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.m
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.h
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
Modified:
chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.h
URL:
http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.h?rev=1478326&r1=1478325&r2=1478326&view=diff
==============================================================================
--- chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.h
(original)
+++ chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.h
Thu May 2 11:11:11 2013
@@ -42,6 +42,8 @@ extern NSString * const kCMISSessionPara
// TODO: Temporary, must be extracted into separate project
extern NSString * const kCMISSessionParameterMode;
+extern NSString * const kCMISSessionTrustedSSLServerFlag;
+
@interface CMISSessionParameters : NSObject
// Repository connection
Modified:
chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.m
URL:
http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.m?rev=1478326&r1=1478325&r2=1478326&view=diff
==============================================================================
--- chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.m
(original)
+++ chemistry/objectivecmis/trunk/ObjectiveCMIS/Common/CMISSessionParameters.m
Thu May 2 11:11:11 2013
@@ -25,6 +25,9 @@ NSString * const kCMISSessionParameterLi
NSString * const kCMISSessionParameterMode = @"session_param_mode";
+
+NSString * const kCMISSessionTrustedSSLServerFlag =
@"session_param_trusted_ssl_server_flag";
+
@interface CMISSessionParameters ()
@property (nonatomic, assign, readwrite) CMISBindingType bindingType;
@property (nonatomic, strong, readwrite) NSMutableDictionary *sessionData;
Modified:
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
URL:
http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m?rev=1478326&r1=1478325&r2=1478326&view=diff
==============================================================================
---
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
(original)
+++
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISDefaultNetworkProvider.m
Thu May 2 11:11:11 2013
@@ -46,11 +46,13 @@ completionBlock:(void (^)(CMISHttpRespon
session:session];
if (!cmisRequest.isCancelled)
{
+ BOOL isTrusted = [[session
objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber
numberWithBool:NO]] boolValue];
CMISHttpRequest* request = [CMISHttpRequest startRequest:urlRequest
httpMethod:httpRequestMethod
requestBody:body
headers:additionalHeaders
authenticationProvider:session.authenticationProvider
+ trustedSSLServer:isTrusted
completionBlock:completionBlock];
if (request)
{
@@ -77,14 +79,16 @@ completionBlock:(void (^)(CMISHttpRespon
httpMethod:httpRequestMethod
session:session];
+ BOOL isTrusted = [[session
objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber
numberWithBool:NO]] boolValue];
CMISHttpUploadRequest* request = [CMISHttpUploadRequest
startRequest:urlRequest
-
httpMethod:httpRequestMethod
-
inputStream:inputStream
-
headers:additionalHeaders
- bytesExpected:0
-
authenticationProvider:session.authenticationProvider
-
completionBlock:completionBlock
- progressBlock:nil];
+
httpMethod:httpRequestMethod
+
inputStream:inputStream
+
headers:additionalHeaders
+ bytesExpected:0
+
authenticationProvider:session.authenticationProvider
+
trustedSSLServer:isTrusted
+
completionBlock:completionBlock
+
progressBlock:nil];
if (request)
{
cmisRequest.httpRequest = request;
@@ -112,14 +116,16 @@ completionBlock:(void (^)(CMISHttpRespon
httpMethod:httpRequestMethod
session:session];
+ BOOL isTrusted = [[session
objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber
numberWithBool:NO]] boolValue];
CMISHttpUploadRequest* request = [CMISHttpUploadRequest
startRequest:urlRequest
-
httpMethod:httpRequestMethod
-
inputStream:inputStream
-
headers:additionalHeaders
-
bytesExpected:bytesExpected
-
authenticationProvider:session.authenticationProvider
-
completionBlock:completionBlock
-
progressBlock:progressBlock];
+
httpMethod:httpRequestMethod
+
inputStream:inputStream
+
headers:additionalHeaders
+
bytesExpected:bytesExpected
+
authenticationProvider:session.authenticationProvider
+
trustedSSLServer:isTrusted
+
completionBlock:completionBlock
+
progressBlock:progressBlock];
if (request){
cmisRequest.httpRequest = request;
}
@@ -148,6 +154,7 @@ completionBlock:(void (^)(CMISHttpRespon
httpMethod:httpRequestMethod
session:session];
+ BOOL isTrusted = [[session
objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber
numberWithBool:NO]] boolValue];
CMISHttpUploadRequest* request = [CMISHttpUploadRequest
startRequest:urlRequest
httpMethod:httpRequestMethod
inputStream:inputStream
@@ -156,6 +163,7 @@ completionBlock:(void (^)(CMISHttpRespon
authenticationProvider:session.authenticationProvider
cmisProperties:cmisProperties
mimeType:mimeType
+
trustedSSLServer:isTrusted
completionBlock:completionBlock
progressBlock:progressBlock];
if (request){
@@ -184,13 +192,15 @@ completionBlock:(void (^)(CMISHttpRespon
httpMethod:HTTP_GET
session:session];
+ BOOL isTrusted = [[session
objectForKey:kCMISSessionTrustedSSLServerFlag defaultValue:[NSNumber
numberWithBool:NO]] boolValue];
CMISHttpDownloadRequest* request = [CMISHttpDownloadRequest
startRequest:urlRequest
-
httpMethod:httpRequestMethod
-
outputStream:outputStream
-
bytesExpected:bytesExpected
-
authenticationProvider:session.authenticationProvider
-
completionBlock:completionBlock
-
progressBlock:progressBlock];
+
httpMethod:httpRequestMethod
+
outputStream:outputStream
+
bytesExpected:bytesExpected
+
authenticationProvider:session.authenticationProvider
+
trustedSSLServer:isTrusted
+
completionBlock:completionBlock
+
progressBlock:progressBlock];
if (request) {
cmisRequest.httpRequest = request;
}
Modified:
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
URL:
http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h?rev=1478326&r1=1478325&r2=1478326&view=diff
==============================================================================
--- chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
(original)
+++ chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.h
Thu May 2 11:11:11 2013
@@ -38,6 +38,7 @@
outputStream:(NSOutputStream*)outputStream
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>)
authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse
*httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long
bytesDownloaded, unsigned long long bytesTotal))progressBlock;
Modified:
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
URL:
http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m?rev=1478326&r1=1478325&r2=1478326&view=diff
==============================================================================
--- chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
(original)
+++ chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpDownloadRequest.m
Thu May 2 11:11:11 2013
@@ -40,6 +40,7 @@
outputStream:(NSOutputStream*)outputStream
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>)
authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse
*httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long
bytesDownloaded, unsigned long long bytesTotal))progressBlock
{
@@ -49,6 +50,7 @@
httpRequest.outputStream = outputStream;
httpRequest.bytesExpected = bytesExpected;
httpRequest.authenticationProvider = authenticationProvider;
+ httpRequest.trustedSSLServer = trustedSSLServer;
if ([httpRequest startRequest:urlRequest] == NO) {
httpRequest = nil;
Modified: chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.h
URL:
http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.h?rev=1478326&r1=1478325&r2=1478326&view=diff
==============================================================================
--- chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.h
(original)
+++ chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.h Thu May
2 11:11:11 2013
@@ -32,6 +32,7 @@
@property (nonatomic, strong) NSDictionary *additionalHeaders;
@property (nonatomic, strong) NSHTTPURLResponse *response;
@property (nonatomic, strong) id<CMISAuthenticationProvider>
authenticationProvider;
+@property (nonatomic, assign) BOOL trustedSSLServer;
@property (nonatomic, copy) void (^completionBlock)(CMISHttpResponse
*httpResponse, NSError *error);
/**
@@ -46,6 +47,7 @@
requestBody:(NSData*)requestBody
headers:(NSDictionary*)additionalHeaders
authenticationProvider:(id<CMISAuthenticationProvider>)authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse,
NSError *error))completionBlock;
/**
Modified: chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m
URL:
http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m?rev=1478326&r1=1478325&r2=1478326&view=diff
==============================================================================
--- chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m
(original)
+++ chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpRequest.m Thu May
2 11:11:11 2013
@@ -47,6 +47,7 @@ NSString * const kCMISExceptionVersionin
requestBody:(NSData*)requestBody
headers:(NSDictionary*)additionalHeaders
authenticationProvider:(id<CMISAuthenticationProvider>)
authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse,
NSError *error))completionBlock
{
CMISHttpRequest *httpRequest = [[self alloc]
initWithHttpMethod:httpRequestMethod
@@ -54,7 +55,7 @@ NSString * const kCMISExceptionVersionin
httpRequest.requestBody = requestBody;
httpRequest.additionalHeaders = additionalHeaders;
httpRequest.authenticationProvider = authenticationProvider;
-
+ httpRequest.trustedSSLServer = trustedSSLServer;
if ([httpRequest startRequest:urlRequest] == NO) {
httpRequest = nil;
}
@@ -126,7 +127,14 @@ NSString * const kCMISExceptionVersionin
- (BOOL)connection:(NSURLConnection *)connection
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
- return [self.authenticationProvider
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace];
+ if ([protectionSpace.authenticationMethod
isEqualToString:NSURLAuthenticationMethodServerTrust] && !self.trustedSSLServer)
+ {
+ return NO;
+ }
+ else
+ {
+ return [self.authenticationProvider
canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace];
+ }
}
@@ -138,6 +146,11 @@ NSString * const kCMISExceptionVersionin
- (void)connection:(NSURLConnection *)connection
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
+ if ([challenge.protectionSpace.authenticationMethod
isEqualToString:NSURLAuthenticationMethodServerTrust] && !self.trustedSSLServer)
+ {
+ [challenge.sender cancelAuthenticationChallenge:challenge];
+ return;
+ }
[self.authenticationProvider didReceiveAuthenticationChallenge:challenge];
}
Modified:
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
URL:
http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h?rev=1478326&r1=1478325&r2=1478326&view=diff
==============================================================================
--- chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
(original)
+++ chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.h
Thu May 2 11:11:11 2013
@@ -35,6 +35,7 @@
headers:(NSDictionary*)addionalHeaders
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>)
authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse
*httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long
bytesUploaded, unsigned long long bytesTotal))progressBlock;
@@ -53,6 +54,7 @@
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
cmisProperties:(CMISProperties *)cmisProperties
mimeType:(NSString *)mimeType
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError
*error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long
long bytesTotal))progressBlock;
Modified:
chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
URL:
http://svn.apache.org/viewvc/chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m?rev=1478326&r1=1478325&r2=1478326&view=diff
==============================================================================
--- chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
(original)
+++ chemistry/objectivecmis/trunk/ObjectiveCMIS/Utils/CMISHttpUploadRequest.m
Thu May 2 11:11:11 2013
@@ -116,6 +116,7 @@ const NSUInteger kRawBufferSize = 24576;
headers:(NSDictionary*)additionalHeaders
bytesExpected:(unsigned long long)bytesExpected
authenticationProvider:(id<CMISAuthenticationProvider>)
authenticationProvider
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse
*httpResponse, NSError *error))completionBlock
progressBlock:(void (^)(unsigned long long
bytesUploaded, unsigned long long bytesTotal))progressBlock
{
@@ -129,6 +130,7 @@ const NSUInteger kRawBufferSize = 24576;
httpRequest.base64Encoding = NO;
httpRequest.base64InputStream = nil;
httpRequest.encoderStream = nil;
+ httpRequest.trustedSSLServer = trustedSSLServer;
if ([httpRequest startRequest:urlRequest] == NO) {
httpRequest = nil;
@@ -145,6 +147,7 @@ const NSUInteger kRawBufferSize = 24576;
authenticationProvider:(id<CMISAuthenticationProvider>) authenticationProvider
cmisProperties:(CMISProperties *)cmisProperties
mimeType:(NSString *)mimeType
+ trustedSSLServer:(BOOL)trustedSSLServer
completionBlock:(void (^)(CMISHttpResponse *httpResponse, NSError
*error))completionBlock
progressBlock:(void (^)(unsigned long long bytesUploaded, unsigned long
long bytesTotal))progressBlock
{
@@ -157,6 +160,7 @@ authenticationProvider:(id<CMISAuthentic
httpRequest.bytesExpected = bytesExpected;
httpRequest.base64Encoding = YES;
httpRequest.authenticationProvider = authenticationProvider;
+ httpRequest.trustedSSLServer = trustedSSLServer;
[httpRequest prepareStreams];
[httpRequest prepareXMLWithCMISProperties:cmisProperties
mimeType:mimeType];
