blob: d8c55d6a6780db6919f32934faca529b6c1c1e72 [file] [log] [blame]
jfarrell9f154152014-04-04 11:41:15 -04001/*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19#import <Foundation/Foundation.h>
20#import <CoreFoundation/CoreFoundation.h>
21#import "TSSLSocketClient.h"
22#import "TSSLSocketException.h"
23#import "TObjective-C.h"
24#include <sys/socket.h>
25#include <netinet/in.h>
26#include <netdb.h>
27
28#if !TARGET_OS_IPHONE
29#import <CoreServices/CoreServices.h>
30#else
31#import <CFNetwork/CFNetwork.h>
32#endif
33
34@implementation TSSLSocketClient
35
36- (id) initWithHostname: (NSString *) hostname
37 port: (int) port
38{
39 sslHostname = hostname;
40 CFReadStreamRef readStream = NULL;
41 CFWriteStreamRef writeStream = NULL;
42
43
44 /* create a socket structure */
45 struct sockaddr_in pin;
46 struct hostent *hp = NULL;
47 for(int i = 0; i < 10; i++) {
48
49
50
51 if ((hp = gethostbyname([hostname UTF8String])) == NULL) {
52 NSLog(@"failed to resolve hostname %@", hostname);
53 herror("resolv");
54 if(i == 9) {
55 @throw [TSSLSocketException exceptionWithReason: @"failed to resolve hostname"];
56 }
57 [NSThread sleepForTimeInterval:0.2];
58 } else {
59 break;
60 }
61 }
Roger Meier6b616012015-03-01 12:32:50 +010062
jfarrell9f154152014-04-04 11:41:15 -040063 memset (&pin, 0, sizeof(pin));
64 pin.sin_family = AF_INET;
Roger Meier6b616012015-03-01 12:32:50 +010065 memcpy(&pin.sin_addr, hp->h_addr, sizeof(struct in_addr));
jfarrell9f154152014-04-04 11:41:15 -040066 pin.sin_port = htons (port);
67
68 /* create the socket */
69 if ((sd = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
70 {
71 NSLog(@"failed to create socket for host %@:%d", hostname, port);
72 @throw [TSSLSocketException exceptionWithReason: @"failed to create socket"];
73 }
74
75 /* open a connection */
76 if (connect (sd, (struct sockaddr *) &pin, sizeof(pin)) == -1)
77 {
78 NSLog(@"failed to create conenct to host %@:%d", hostname, port);
79 @throw [TSSLSocketException exceptionWithReason: @"failed to connect"];
80 }
81 CFStreamCreatePairWithSocket(kCFAllocatorDefault, sd, &readStream, &writeStream);
82
83 CFReadStreamSetProperty(readStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
84 CFWriteStreamSetProperty(writeStream, kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
85
86 if (readStream && writeStream) {
87 CFReadStreamSetProperty(readStream,
88 kCFStreamPropertySocketSecurityLevel,
89 kCFStreamSocketSecurityLevelTLSv1);
90
91 NSDictionary *settings =
92 [NSDictionary dictionaryWithObjectsAndKeys:
93 (id)kCFBooleanTrue, (id)kCFStreamSSLValidatesCertificateChain,
94 nil];
95
96 CFReadStreamSetProperty((CFReadStreamRef)readStream,
97 kCFStreamPropertySSLSettings,
98 (CFTypeRef)settings);
99 CFWriteStreamSetProperty((CFWriteStreamRef)writeStream,
100 kCFStreamPropertySSLSettings,
101 (CFTypeRef)settings);
102
103 inputStream = (bridge_stub NSInputStream *)readStream;
104 [inputStream retain_stub];
105 [inputStream setDelegate:self];
106 [inputStream scheduleInRunLoop:[NSRunLoop mainRunLoop] forMode:NSDefaultRunLoopMode];
107 [inputStream open];
108
109 outputStream = (bridge_stub NSOutputStream *)writeStream;
110 [outputStream retain_stub];
111 [outputStream setDelegate:self];
112 [outputStream scheduleInRunLoop:[NSRunLoop mainRunLoop] forMode:NSDefaultRunLoopMode];
113 [outputStream open];
114
115
116 CFRelease(readStream);
117 CFRelease(writeStream);
118 }
119
120
121
122 self = [super initWithInputStream: inputStream outputStream: outputStream];
123
124 return self;
125}
126
127#pragma mark -
128#pragma mark NSStreamDelegate
129- (void)stream:(NSStream *)aStream
130 handleEvent:(NSStreamEvent)eventCode {
131 switch (eventCode) {
132 case NSStreamEventNone:
133 break;
134 case NSStreamEventHasBytesAvailable:
135 break;
136 case NSStreamEventOpenCompleted:
137 break;
138 case NSStreamEventHasSpaceAvailable:
139 {
140 SecPolicyRef policy = SecPolicyCreateSSL(NO, (__bridge CFStringRef)(sslHostname));
141 SecTrustRef trust = NULL;
142 CFArrayRef streamCertificatesRef =
143 CFBridgingRetain((__bridge id)((__bridge CFArrayRef)([aStream propertyForKey:(NSString *) kCFStreamPropertySSLPeerCertificates])));
144 SecTrustCreateWithCertificates(CFBridgingRetain((__bridge id)(streamCertificatesRef)),
145 policy,
146 &trust);
147
148 SecTrustResultType trustResultType = kSecTrustResultInvalid;
149 SecTrustEvaluate(trust, &trustResultType);
150
151 BOOL proceed = NO;
152 switch (trustResultType) {
153 case kSecTrustResultProceed:
154 proceed = YES;
155 break;
156 case kSecTrustResultUnspecified:
157 NSLog(@"Trusted by OS");
158 proceed = YES;
159 break;
160 case kSecTrustResultRecoverableTrustFailure:
161 proceed = recoverFromTrustFailure(trust);
162 break;
163 case kSecTrustResultDeny:
164 NSLog(@"Deny");
165 break;
166 case kSecTrustResultFatalTrustFailure:
167 NSLog(@"FatalTrustFailure");
168 break;
169 case kSecTrustResultOtherError:
170 NSLog(@"OtherError");
171 break;
172 case kSecTrustResultInvalid:
173 NSLog(@"Invalid");
174 break;
175 default:
176 NSLog(@"Default");
177 break;
178 }
179
180 if (trust) {
181 CFRelease(trust);
182 }
183 if (policy) {
184 CFRelease(policy);
185 }
186 if (!proceed) {
187 NSLog(@"Cannot trust certificate. TrustResultType: %u", trustResultType);
188 [aStream close];
189 @throw [TSSLSocketException exceptionWithReason: @"Cannot trust certificate"];
190 }
191 }
192 break;
193 case NSStreamEventErrorOccurred:
194 {
195 NSError *theError = [aStream streamError];
Konrad Grochowski3b5dacb2014-11-24 10:55:31 +0100196 NSLog(@"Error occurred opening stream: %@", theError);
197// @throw [TSSLSocketException exceptionWithReason: @"Error occurred opening stream" error: theError];
jfarrell9f154152014-04-04 11:41:15 -0400198 break;
199 }
200 case NSStreamEventEndEncountered:
201 break;
jfarrell9f154152014-04-04 11:41:15 -0400202 }
203}
204
205bool recoverFromTrustFailure(SecTrustRef myTrust)
206{
207
208 SecTrustResultType trustResult;
209 OSStatus status = SecTrustEvaluate(myTrust, &trustResult);
210
211 CFAbsoluteTime trustTime,currentTime,timeIncrement,newTime;
212 CFDateRef newDate;
213 if (trustResult == kSecTrustResultRecoverableTrustFailure) {
214 trustTime = SecTrustGetVerifyTime(myTrust);
215 timeIncrement = 31536000;
216 currentTime = CFAbsoluteTimeGetCurrent();
217 newTime = currentTime - timeIncrement;
218 if (trustTime - newTime){
219 newDate = CFDateCreate(NULL, newTime);
220 SecTrustSetVerifyDate(myTrust, newDate);
221 status = SecTrustEvaluate(myTrust, &trustResult);
222 }
223 }
224 if (trustResult != kSecTrustResultProceed) {
225 NSLog(@"Certificate trust failure");
226 return false;
227 }
228 return true;
229}
230
231- (void)close
232{
233 if(self.mInput) {
234 //Close and reset inputstream
235 CFReadStreamSetProperty((__bridge CFReadStreamRef)(self.mInput), kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
236 [self.mInput setDelegate:nil];
237 [self.mInput close];
238 [self.mInput removeFromRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
239 self.mInput = nil;
240 }
241
242 if(self.mOutput) {
243 //Close and reset outputstream
244 CFReadStreamSetProperty((__bridge CFReadStreamRef)(self.mOutput), kCFStreamPropertyShouldCloseNativeSocket, kCFBooleanTrue);
245 [self.mOutput setDelegate:nil];
246 [self.mOutput close];
247 [self.mOutput removeFromRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
248 self.mOutput = nil;
249 }
250}
251
252- (BOOL) isOpen
253{
254 if(sd > 0)
255 return TRUE;
256 else
257 return FALSE;
258}
259
260@end
261