summaryrefslogtreecommitdiffstats
path: root/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m57
1 files changed, 57 insertions, 0 deletions
diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m
new file mode 100644
index 00000000..7a5eb22c
--- /dev/null
+++ b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m
@@ -0,0 +1,57 @@
+//
+// SSLPinsTestUtility.m
+// SSLCertificatePinning
+//
+// Created by Alban Diquet on 2/2/14.
+// Copyright (c) 2014 iSEC Partners. All rights reserved.
+//
+
+#import "SSLPinsTestUtility.h"
+#import "ISPCertificatePinning.h"
+
+@implementation SSLPinsTestUtility
+
+
++ (NSData*)loadCertificateFromFile:(NSString*)fileName {
+ NSString *certPath = [[NSBundle bundleForClass:[self class]] pathForResource:fileName ofType:@"der"];
+ NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath];
+ return certData;
+}
+
+
++ (NSDictionary*) setupTestSSLPinsDictionnary {
+ // Build our dictionnary of domain => certificates
+ NSMutableDictionary *domainsToPin = [[NSMutableDictionary alloc] init];
+
+
+ // For Twitter, we pin the anchor/CA certificate
+ NSData *twitterCertData = [SSLPinsTestUtility loadCertificateFromFile:@"VeriSignClass3PublicPrimaryCertificationAuthority-G5"];
+ if (twitterCertData == nil) {
+ NSLog(@"Failed to load a certificate");
+ return nil;
+ }
+ NSArray *twitterTrustedCerts = [NSArray arrayWithObject:twitterCertData];
+ [domainsToPin setObject:twitterTrustedCerts forKey:@"twitter.com"];
+
+
+ // For iSEC, we pin the server/leaf certificate
+ NSData *isecCertData = [SSLPinsTestUtility loadCertificateFromFile:@"www.isecpartners.com"];
+ if (isecCertData == nil) {
+ NSLog(@"Failed to load a certificate");
+ return nil;
+ }
+ // We also pin Twitter's CA cert just to show that you can pin multiple certs to a single domain
+ // This is useful when transitioning between two certificates on the server
+ // The connection will be succesful if at least one of the pinned certs is found in the server's certificate trust chain
+ NSArray *iSECTrustedCerts = [NSArray arrayWithObjects:isecCertData, twitterCertData, nil];
+ [domainsToPin setObject:iSECTrustedCerts forKey:@"www.isecpartners.com"];
+
+
+ // For NCC group, we pin an invalid certificate (Twitter's)
+ NSArray *NCCTrustedCerts = [NSArray arrayWithObject:twitterCertData];
+ [domainsToPin setObject:NCCTrustedCerts forKey:@"www.nccgroup.com"];
+
+ return domainsToPin;
+}
+
+@end
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-12 15:24:54 +0000