Skip to content

Commit

Permalink
Pull master branch from daltoniam/Starscream
Browse files Browse the repository at this point in the history
  • Loading branch information
@turbulem
turbulem committed Sep 26, 2018
1 parent 912e7da commit 74e3c63
Show file tree
Hide file tree
Showing 2 changed files with 105 additions and 4 deletions.
92 changes: 92 additions & 0 deletions Sources/SSLClientCertificate.swift
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
//
// SSLClientCertificate.swift
// Starscream
//
// Created by Tomasz Trela on 08/03/2018.
// Copyright © 2018 Vluxe. All rights reserved.
//

import Foundation

public struct SSLClientCertificateError: LocalizedError {
public var errorDescription: String?

init(errorDescription: String) {
self.errorDescription = errorDescription
}
}

public class SSLClientCertificate {
internal let streamSSLCertificates: NSArray

/**
Convenience init.
- parameter pkcs12Path: Path to pkcs12 file containing private key and X.509 ceritifacte (.p12)
- parameter password: file password, see **kSecImportExportPassphrase**
*/
public convenience init(pkcs12Path: String, password: String) throws {
let pkcs12Url = URL(fileURLWithPath: pkcs12Path)
do {
try self.init(pkcs12Url: pkcs12Url, password: password)
} catch {
throw error
}
}

/**
Designated init. For more information, see SSLSetCertificate() in Security/SecureTransport.h.
- parameter identity: SecIdentityRef, see **kCFStreamSSLCertificates**
- parameter identityCertificate: CFArray of SecCertificateRefs, see **kCFStreamSSLCertificates**
*/
public init(identity: SecIdentity, identityCertificate: SecCertificate) {
self.streamSSLCertificates = NSArray(objects: identity, identityCertificate)
}

/**
Convenience init.
- parameter pkcs12Url: URL to pkcs12 file containing private key and X.509 ceritifacte (.p12)
- parameter password: file password, see **kSecImportExportPassphrase**
*/
public convenience init(pkcs12Url: URL, password: String) throws {
let importOptions = [kSecImportExportPassphrase as String : password] as CFDictionary
do {
try self.init(pkcs12Url: pkcs12Url, importOptions: importOptions)
} catch {
throw error
}
}

/**
Designated init.
- parameter pkcs12Url: URL to pkcs12 file containing private key and X.509 ceritifacte (.p12)
- parameter importOptions: A dictionary containing import options. A
kSecImportExportPassphrase entry is required at minimum. Only password-based
PKCS12 blobs are currently supported. See **SecImportExport.h**
*/
public init(pkcs12Url: URL, importOptions: CFDictionary) throws {
do {
let pkcs12Data = try Data(contentsOf: pkcs12Url)
var rawIdentitiesAndCertificates: CFArray?
let pkcs12CFData: CFData = pkcs12Data as CFData
let importStatus = SecPKCS12Import(pkcs12CFData, importOptions, &rawIdentitiesAndCertificates)

guard importStatus == errSecSuccess else {
throw SSLClientCertificateError(errorDescription: "(Starscream) Error during 'SecPKCS12Import', see 'SecBase.h' - OSStatus: \(importStatus)")
}
guard let identitiyAndCertificate = (rawIdentitiesAndCertificates as? Array<Dictionary<String, Any>>)?.first else {
throw SSLClientCertificateError(errorDescription: "(Starscream) Error - PKCS12 file is empty")
}

let identity = identitiyAndCertificate[kSecImportItemIdentity as String] as! SecIdentity
var identityCertificate: SecCertificate?
let copyStatus = SecIdentityCopyCertificate(identity, &identityCertificate)
guard copyStatus == errSecSuccess else {
throw SSLClientCertificateError(errorDescription: "(Starscream) Error during 'SecIdentityCopyCertificate', see 'SecBase.h' - OSStatus: \(copyStatus)")
}
self.streamSSLCertificates = NSArray(objects: identity, identityCertificate!)
} catch {
throw error
}
}
}

17 changes: 13 additions & 4 deletions Starscream.xcodeproj/project.pbxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,10 @@
33CCF08A1F5DDC030099B092 /* libz.tbd in Frameworks */ = {isa = PBXBuildFile; fileRef = D88EAF811ED4DFD3004FE2C3 /* libz.tbd */; };
33CCF08C1F5DDC030099B092 /* Starscream.h in Headers */ = {isa = PBXBuildFile; fileRef = 5C1360001C473BEF00AA3A01 /* Starscream.h */; settings = {ATTRIBUTES = (Public, ); }; };
33CCF08D1F5DDC030099B092 /* include.h in Headers */ = {isa = PBXBuildFile; fileRef = D85927D71ED76F25003460CB /* include.h */; settings = {ATTRIBUTES = (Private, ); }; };
BB8A648020E1105C00527BA5 /* NSString+SHA1.h in Headers */ = {isa = PBXBuildFile; fileRef = BB8A647E20E1105C00527BA5 /* NSString+SHA1.h */; settings = {ATTRIBUTES = (Private, ); }; };
BB8A648120E1105C00527BA5 /* NSString+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = BB8A647F20E1105C00527BA5 /* NSString+SHA1.m */; };
BB1018E421087DEF00BA9E60 /* NSString+SHA1.h in Headers */ = {isa = PBXBuildFile; fileRef = BB8A647E20E1105C00527BA5 /* NSString+SHA1.h */; settings = {ATTRIBUTES = (Private, ); }; };
BB1018E521087DF300BA9E60 /* NSString+SHA1.m in Sources */ = {isa = PBXBuildFile; fileRef = BB8A647F20E1105C00527BA5 /* NSString+SHA1.m */; };
BB1018E621087E7E00BA9E60 /* SSLClientCertificate.swift in Sources */ = {isa = PBXBuildFile; fileRef = EACFF1BE2052FE8F00B95FFF /* SSLClientCertificate.swift */; };
EACFF1BF2052FE8F00B95FFF /* SSLClientCertificate.swift in Sources */ = {isa = PBXBuildFile; fileRef = EACFF1BE2052FE8F00B95FFF /* SSLClientCertificate.swift */; };
/* End PBXBuildFile section */

/* Begin PBXFileReference section */
Expand All @@ -30,6 +32,7 @@
D85927D71ED76F25003460CB /* include.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = include.h; sourceTree = "<group>"; };
D88EAF811ED4DFD3004FE2C3 /* libz.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libz.tbd; path = usr/lib/libz.tbd; sourceTree = SDKROOT; };
D88EAF831ED4E7D8004FE2C3 /* CompressionTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CompressionTests.swift; sourceTree = "<group>"; };
EACFF1BE2052FE8F00B95FFF /* SSLClientCertificate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SSLClientCertificate.swift; sourceTree = "<group>"; };
/* End PBXFileReference section */

/* Begin PBXFrameworksBuildPhase section */
Expand Down Expand Up @@ -77,6 +80,10 @@
children = (
BB8A648320E1123400527BA5 /* modulemap */,
5C1360001C473BEF00AA3A01 /* Starscream.h */,
5C135FFF1C473BEF00AA3A01 /* SSLSecurity.swift */,
5C1360011C473BEF00AA3A01 /* WebSocket.swift */,
D88EAF7E1ED4DFB5004FE2C3 /* Compression.swift */,
EACFF1BE2052FE8F00B95FFF /* SSLClientCertificate.swift */,
6B3E79E919D48B7F006071F7 /* Supporting Files */,
DD52B820CB852287AC065D9C /* WebSocket.swift */,
DD52B329FF434097A6C8F66E /* SSLClientCertificate.swift */,
Expand Down Expand Up @@ -146,8 +153,8 @@
isa = PBXHeadersBuildPhase;
buildActionMask = 2147483647;
files = (
BB8A648020E1105C00527BA5 /* NSString+SHA1.h in Headers */,
33CCF08C1F5DDC030099B092 /* Starscream.h in Headers */,
BB1018E421087DEF00BA9E60 /* NSString+SHA1.h in Headers */,
33CCF08D1F5DDC030099B092 /* include.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
Expand Down Expand Up @@ -251,6 +258,7 @@
files = (
335FA1F91F5DF71D00F6D2EC /* CompressionTests.swift in Sources */,
335FA1FA1F5DF71D00F6D2EC /* StarscreamTests.swift in Sources */,
BB1018E621087E7E00BA9E60 /* SSLClientCertificate.swift in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
Expand All @@ -259,8 +267,9 @@
buildActionMask = 2147483647;
files = (
33CCF0861F5DDC030099B092 /* Compression.swift in Sources */,
BB1018E521087DF300BA9E60 /* NSString+SHA1.m in Sources */,
EACFF1BF2052FE8F00B95FFF /* SSLClientCertificate.swift in Sources */,
33CCF0871F5DDC030099B092 /* WebSocket.swift in Sources */,
BB8A648120E1105C00527BA5 /* NSString+SHA1.m in Sources */,
33CCF0881F5DDC030099B092 /* SSLSecurity.swift in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
Expand Down

0 comments on commit 74e3c63

Please sign in to comment.