Skip to content

Commit

Permalink
Fixes AFSSLPinningModePublicKey on OS X.
Browse files Browse the repository at this point in the history
  • Loading branch information
OliverLetterer committed Jun 1, 2013
1 parent 3163069 commit f1cfb96
Showing 1 changed file with 28 additions and 4 deletions.
32 changes: 28 additions & 4 deletions AFNetworking/AFURLConnectionOperation.m
Original file line number Diff line number Diff line change
@@ -107,6 +107,26 @@ static inline BOOL AFStateTransitionIsValid(AFOperationState fromState, AFOperat
}
}

#if !defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
static NSData *AFSecKeyGetData(SecKeyRef key) {
CFDataRef data = NULL;

OSStatus status = SecItemExport(key, kSecFormatUnknown, kSecItemPemArmour, NULL, &data);
NSCAssert(status == errSecSuccess, @"SecItemExport error: %ld", (long int)status);
NSCParameterAssert(data);

return (__bridge_transfer NSData *)data;
}
#endif

static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) {
#if defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
return [(__bridge id)key1 isEqual:(__bridge id)key2];
#else
return [AFSecKeyGetData(key1) isEqual:AFSecKeyGetData(key2)];
#endif
}

@interface AFURLConnectionOperation ()
@property (readwrite, nonatomic, assign) AFOperationState state;
@property (readwrite, nonatomic, assign, getter = isCancelled) BOOL cancelled;
@@ -616,11 +636,15 @@ - (void)connection:(NSURLConnection *)connection

switch (self.SSLPinningMode) {
case AFSSLPinningModePublicKey: {
NSArray *pinnedPublicKeys = [self.class pinnedPublicKeys];

for (id publicKey in trustChain) {
if ([[self.class pinnedPublicKeys] containsObject:publicKey]) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
return;
for (id pinnedPublicKey in pinnedPublicKeys) {
if (AFSecKeyIsEqualToKey((__bridge SecKeyRef)publicKey, (__bridge SecKeyRef)pinnedPublicKey)) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
return;
}
}
}

0 comments on commit f1cfb96

Please sign in to comment.