Merge branch 'invalid-ssl' of git://github.com/kcharwood/AFNetworking into kcharwood-invalid-ssl

mattt · mattt · commit 8ea42866b83a · 2013-04-17T18:04:50.000+02:00
diff --git a/AFNetworking/AFHTTPClient.h b/AFNetworking/AFHTTPClient.h
@@ -145,6 +145,11 @@ typedef enum {
 @property (nonatomic, assign) AFURLConnectionOperationSSLPinningMode defaultSSLPinningMode;
 #endif
 
+/**
+ The flag to determine if each `AFHTTPRequestOperation` that is created in `HTTPRequestOperationWithRequest` should accept an invalid SSL certificate. If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is set, this property defaults to YES for backwards compatibility support. Otherwise, this property defaults to NO.
+ */
+@property (nonatomic,assign) BOOL allowInvalidSSLCertificate;
+
 ///---------------------------------------------
 /// @name Creating and Initializing HTTP Clients
 ///---------------------------------------------
diff --git a/AFNetworking/AFHTTPClient.m b/AFNetworking/AFHTTPClient.m
@@ -263,6 +263,11 @@ - (id)initWithBaseURL:(NSURL *)url {
     self.operationQueue = [[NSOperationQueue alloc] init];
 	[self.operationQueue setMaxConcurrentOperationCount:NSOperationQueueDefaultMaxConcurrentOperationCount];
 
+    //This ifdef has been added for backwards compatibility purposes
+#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
+    self.allowInvalidSSLCertificate = YES;
+#endif
+    
     return self;
 }
 
@@ -536,6 +541,7 @@ - (AFHTTPRequestOperation *)HTTPRequestOperationWithRequest:(NSURLRequest *)urlR
 #ifdef _AFNETWORKING_PIN_SSL_CERTIFICATES_
     operation.SSLPinningMode = self.defaultSSLPinningMode;
 #endif
+    operation.allowInvalidSSLCertificate = self.allowInvalidSSLCertificate;
 
     return operation;
 }
diff --git a/AFNetworking/AFURLConnectionOperation.h b/AFNetworking/AFURLConnectionOperation.h
@@ -127,6 +127,11 @@ NSCoding, NSCopying>
  */
 @property (readonly, nonatomic, strong) NSError *error;
 
+/**
+ The flag to determine if the connection should accept an invalid SSL certificate. If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is set, this property defaults to YES for backwards compatibility support. Otherwise, this property defaults to NO.
+ */
+@property (nonatomic,assign) BOOL allowInvalidSSLCertificate;
+
 ///----------------------------
 /// @name Getting Response Data
 ///----------------------------
@@ -280,7 +285,7 @@ NSCoding, NSCopying>
 
  @param block A block object to be executed to determine whether the connection should be able to respond to a protection space's form of authentication. The block has a `BOOL` return type and takes two arguments: the URL connection object, and the protection space to authenticate against.
 
- If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is defined, `connection:canAuthenticateAgainstProtectionSpace:` will accept invalid SSL certificates, returning `YES` if the protection space authentication method is `NSURLAuthenticationMethodServerTrust`.
+  If `allowInvalidSSLCertificate` is set to YES, `connection:canAuthenticateAgainstProtectionSpace:` will accept invalid SSL certificates, returning `YES` if the protection space authentication method is `NSURLAuthenticationMethodServerTrust`.
  */
 - (void)setAuthenticationAgainstProtectionSpaceBlock:(BOOL (^)(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace))block;
 
@@ -289,7 +294,7 @@ NSCoding, NSCopying>
 
  @param block A block object to be executed when the connection must authenticate a challenge in order to download its request. The block has no return type and takes two arguments: the URL connection object, and the challenge that must be authenticated.
 
- If `_AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_` is defined, `connection:didReceiveAuthenticationChallenge:` will attempt to have the challenge sender use credentials with invalid SSL certificates.
+  If `allowInvalidSSLCertificate` is set to YES, `connection:didReceiveAuthenticationChallenge:` will attempt to have the challenge sender use credentials with invalid SSL certificates.
  */
 - (void)setAuthenticationChallengeBlock:(void (^)(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge))block;
 
diff --git a/AFNetworking/AFURLConnectionOperation.m b/AFNetworking/AFURLConnectionOperation.m
@@ -258,6 +258,11 @@ - (id)initWithRequest:(NSURLRequest *)urlRequest {
     
     self.state = AFOperationReadyState;
     
+    //This ifdef has been added for backwards compatibility purposes
+#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
+    self.allowInvalidSSLCertificate = YES;
+#endif
+
     return self;
 }
 
@@ -606,25 +611,25 @@ - (void)connection:(NSURLConnection *)connection
                 break;
             }
             case AFSSLPinningModeNone: {
-#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
-                NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
-                [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
-#else
-                SecTrustResultType result = 0;
-                OSStatus status = SecTrustEvaluate(serverTrust, &result);
-                NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
-                
-                if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) {
+                if(self.allowInvalidSSLCertificate == YES){
                     NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
                     [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
-                } else {
-                    [[challenge sender] cancelAuthenticationChallenge:challenge];
                 }
-#endif
+                else {
+                    SecTrustResultType result = 0;
+                    OSStatus status = SecTrustEvaluate(serverTrust, &result);
+                    NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
+                    
+                    if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) {
+                        NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
+                        [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
+                    } else {
+                        [[challenge sender] cancelAuthenticationChallenge:challenge];
+                    }
+                }
                 break;
             }
         }
-        
     }
 }
 #endif
@@ -633,11 +638,10 @@ - (void)connection:(NSURLConnection *)connection
 - (BOOL)connection:(NSURLConnection *)connection
 canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
 {
-#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
-    if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
-        return YES;
+    if(self.allowInvalidSSLCertificate == YES &&
+       [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
+            return YES;
     }
-#endif
     
     if (self.authenticationAgainstProtectionSpace) {
         return self.authenticationAgainstProtectionSpace(connection, protectionSpace);
@@ -651,13 +655,14 @@ - (BOOL)connection:(NSURLConnection *)connection
 - (void)connection:(NSURLConnection *)connection
 didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
 {
-#ifdef _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
-    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
+
+    if(self.allowInvalidSSLCertificate == YES
+       && [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
         [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
         return;
     }
-#endif
-    
+
+
     if (self.authenticationChallenge) {
         self.authenticationChallenge(connection, challenge);
     } else {
@@ -805,7 +810,8 @@ - (id)initWithCoder:(NSCoder *)aDecoder {
     self.error = [aDecoder decodeObjectForKey:@"error"];
     self.responseData = [aDecoder decodeObjectForKey:@"responseData"];
     self.totalBytesRead = [[aDecoder decodeObjectForKey:@"totalBytesRead"] longLongValue];
-    
+    self.allowInvalidSSLCertificate = [[aDecoder decodeObjectForKey:@"allowInvalidSSLCertificate"] boolValue];
+
     return self;
 }
 
@@ -829,6 +835,7 @@ - (void)encodeWithCoder:(NSCoder *)aCoder {
     [aCoder encodeObject:self.error forKey:@"error"];
     [aCoder encodeObject:self.responseData forKey:@"responseData"];
     [aCoder encodeObject:[NSNumber numberWithLongLong:self.totalBytesRead] forKey:@"totalBytesRead"];
+    [aCoder encodeObject:[NSNumber numberWithBool:self.allowInvalidSSLCertificate] forKey:@"allowInvalidSSLCertificate"];
 }
 
 #pragma mark - NSCopying
@@ -842,6 +849,7 @@ - (id)copyWithZone:(NSZone *)zone {
     operation.authenticationChallenge = self.authenticationChallenge;
     operation.cacheResponse = self.cacheResponse;
     operation.redirectResponse = self.redirectResponse;
+    operation.allowInvalidSSLCertificate = self.allowInvalidSSLCertificate;
     
     return operation;
 }
