commit | author | age
|
2370e0
|
1 |
// |
H |
2 |
// MQTTSSLSecurityPolicy.h |
|
3 |
// MQTTClient.framework |
|
4 |
// |
|
5 |
// Created by @bobwenx on 15/6/1. |
|
6 |
// |
|
7 |
// based on |
|
8 |
// |
|
9 |
// Copyright (c) 2011–2015 AFNetwork (http://alamofire.org/) |
|
10 |
// |
|
11 |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
|
12 |
// of this software and associated documentation files (the "Software"), to deal |
|
13 |
// in the Software without restriction, including without limitation the rights |
|
14 |
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
15 |
// copies of the Software, and to permit persons to whom the Software is |
|
16 |
// furnished to do so, subject to the following conditions: |
|
17 |
// |
|
18 |
// The above copyright notice and this permission notice shall be included in |
|
19 |
// all copies or substantial portions of the Software. |
|
20 |
// |
|
21 |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
22 |
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
23 |
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
24 |
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
25 |
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
26 |
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
|
27 |
// THE SOFTWARE. |
|
28 |
|
|
29 |
#import <Foundation/Foundation.h> |
|
30 |
#import <Security/Security.h> |
|
31 |
|
|
32 |
/** |
|
33 |
## SSL Pinning Modes |
|
34 |
|
|
35 |
The following constants are provided by `MQTTSSLPinningModeNone` as possible SSL pinning modes. |
|
36 |
|
|
37 |
enum { |
|
38 |
MQTTSSLPinningModeNone, |
|
39 |
MQTTSSLPinningModePublicKey, |
|
40 |
MQTTSSLPinningModeCertificate, |
|
41 |
} |
|
42 |
|
|
43 |
`MQTTSSLPinningModeNone` |
|
44 |
Do not used pinned certificates to validate servers. |
|
45 |
|
|
46 |
`MQTTSSLPinningModePublicKey` |
|
47 |
Validate host certificates against public keys of pinned certificates. |
|
48 |
|
|
49 |
`MQTTSSLPinningModeCertificate` |
|
50 |
Validate host certificates against pinned certificates. |
|
51 |
*/ |
|
52 |
typedef NS_ENUM(NSUInteger, MQTTSSLPinningMode) { |
|
53 |
// Do not used pinned certificates to validate servers. |
|
54 |
MQTTSSLPinningModeNone, |
|
55 |
// Validate host certificates against public keys of pinned certificates. |
|
56 |
MQTTSSLPinningModePublicKey, |
|
57 |
// Validate host certificates against pinned certificates. |
|
58 |
MQTTSSLPinningModeCertificate, |
|
59 |
}; |
|
60 |
|
|
61 |
/** |
|
62 |
`MQTTSSLSecurityPolicy` evaluates server trust against pinned X.509 certificates and public keys over secure connections. |
|
63 |
|
|
64 |
If your app using security model which require pinning SSL certificates to helps prevent man-in-the-middle attacks |
|
65 |
and other vulnerabilities. you need to set securityPolicy to properly value(see MQTTSSLSecurityPolicy.h for more detail). |
|
66 |
|
|
67 |
NOTE: about self-signed server certificates: |
|
68 |
if your server using Self-signed certificates to establish SSL/TLS connection, you need to set property: |
|
69 |
MQTTSSLSecurityPolicy.allowInvalidCertificates=YES. |
|
70 |
|
|
71 |
If SSL is enabled, by default it only evaluate server's certificates using CA infrastructure, and for most case, this type of check is enough. |
|
72 |
However, if your app using security model which require pinning SSL certificates to helps prevent man-in-the-middle attacks |
|
73 |
and other vulnerabilities. you may need to set securityPolicy to properly value(see MQTTSSLSecurityPolicy.h for more detail). |
|
74 |
|
|
75 |
NOTE: about self-signed server certificates: |
|
76 |
In CA infrastructure, you may establish a SSL/TLS connection with server which using self-signed certificates |
|
77 |
by install the certificates into OS keychain(either programmatically or manually). however, this method has some disadvantages: |
|
78 |
1. every socket you app created will trust certificates you added. |
|
79 |
2. if user choice to remove certificates from keychain, you app need to handling certificates re-adding. |
|
80 |
|
|
81 |
If you only want to verify the cert for the socket you are creating and for no other sockets in your app, you need to use |
|
82 |
MQTTSSLSecurityPolicy. |
|
83 |
And if you use self-signed server certificates, your need to set property: MQTTSSLSecurityPolicy.allowInvalidCertificates=YES |
|
84 |
|
|
85 |
Adding pinned SSL certificates to your app helps prevent man-in-the-middle attacks and other vulnerabilities. |
|
86 |
Applications dealing with sensitive customer data or financial information are strongly encouraged to route all communication |
|
87 |
over an SSL/TLS connection with SSL pinning configured and enabled. |
|
88 |
*/ |
|
89 |
@interface MQTTSSLSecurityPolicy : NSObject |
|
90 |
/** |
|
91 |
The criteria by which server trust should be evaluated against the pinned SSL certificates. Defaults to `MQTTSSLPinningMode`. |
|
92 |
*/ |
|
93 |
@property (readonly, nonatomic, assign) MQTTSSLPinningMode SSLPinningMode; |
|
94 |
|
|
95 |
/** |
|
96 |
Whether to evaluate an entire SSL certificate chain, or just the leaf certificate. Defaults to `YES`. |
|
97 |
*/ |
|
98 |
@property (nonatomic, assign) BOOL validatesCertificateChain; |
|
99 |
|
|
100 |
/** |
|
101 |
The certificates used to evaluate server trust according to the SSL pinning mode. By default, this property is set to any (`.cer`) certificates included in the app bundle. |
|
102 |
Note: Array item type: NSData - Bytes of X.509 certificate file in der format. |
|
103 |
Note that if you create an array with duplicate certificates, the duplicate certificates will be removed. |
|
104 |
*/ |
|
105 |
@property (nonatomic, strong) NSArray *pinnedCertificates; |
|
106 |
|
|
107 |
/** |
|
108 |
Whether or not to trust servers with an invalid or expired SSL certificates. Defaults to `NO`. |
|
109 |
Note: If your server-certificates are self signed, your should set this property to 'YES'. |
|
110 |
*/ |
|
111 |
@property (nonatomic, assign) BOOL allowInvalidCertificates; |
|
112 |
|
|
113 |
/** |
|
114 |
Whether or not to validate the domain name in the certificate's CN field. Defaults to `YES`. |
|
115 |
*/ |
|
116 |
@property (nonatomic, assign) BOOL validatesDomainName; |
|
117 |
|
|
118 |
///----------------------------------------- |
|
119 |
/// @name Getting Specific Security Policies |
|
120 |
///----------------------------------------- |
|
121 |
|
|
122 |
/** |
|
123 |
Returns the shared default security policy, which does not allow invalid certificates, validates domain name, and does not validate against pinned certificates or public keys. |
|
124 |
|
|
125 |
@return The default security policy. |
|
126 |
*/ |
|
127 |
+ (instancetype)defaultPolicy; |
|
128 |
|
|
129 |
///--------------------- |
|
130 |
/// @name Initialization |
|
131 |
///--------------------- |
|
132 |
|
|
133 |
/** |
|
134 |
Creates and returns a security policy with the specified pinning mode. |
|
135 |
|
|
136 |
@param pinningMode The SSL pinning mode. |
|
137 |
|
|
138 |
@return A new security policy. |
|
139 |
*/ |
|
140 |
+ (instancetype)policyWithPinningMode:(MQTTSSLPinningMode)pinningMode; |
|
141 |
|
|
142 |
///------------------------------ |
|
143 |
/// @name Evaluating Server Trust |
|
144 |
///------------------------------ |
|
145 |
|
|
146 |
/** |
|
147 |
Whether or not the specified server trust should be accepted, based on the security policy. |
|
148 |
|
|
149 |
This method should be used when responding to an authentication challenge from a server. |
|
150 |
|
|
151 |
@param serverTrust The X.509 certificate trust of the server. |
|
152 |
@param domain The domain of serverTrust. If `nil`, the domain will not be validated. |
|
153 |
|
|
154 |
@return Whether or not to trust the server. |
|
155 |
*/ |
|
156 |
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust |
|
157 |
forDomain:(NSString *)domain; |
|
158 |
@end |