summaryrefslogtreecommitdiffstats
path: root/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/NSURLSessionTests.m
blob: 5f1da51ba4d01f716a6e5248e6b11cf7a75f808e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

//
//  NSURLSessionTests.m
//  SSLCertificatePinning
//
//  Created by Alban Diquet on 1/14/14.
//  Copyright (c) 2014 iSEC Partners. All rights reserved.
//

#import <XCTest/XCTest.h>

#import "ISPPinnedNSURLSessionDelegate.h"
#import "ISPCertificatePinning.h"
#import "SSLPinsTestUtility.h"


// Delegate we'll use for our tests
@interface NSURLSessionTaskDelegateTest : ISPPinnedNSURLSessionDelegate <NSURLSessionTaskDelegate, NSURLSessionDataDelegate>
@property BOOL connectionFinished;
@property BOOL connectionSucceeded;
@end


@interface NSURLSessionTests : XCTestCase

@end

@implementation NSURLSessionTests

- (void)setUp
{
    [super setUp];
}

- (void)tearDown
{
    [super tearDown];
}


#pragma mark SSL pinning test
- (void)testNSURLSessionSSLPinning
{
    
    // Create our SSL pins dictionnary for Twitter, iSEC and NCC
    NSDictionary *domainsToPin = [SSLPinsTestUtility setupTestSSLPinsDictionnary];
    if (domainsToPin == nil) {
        NSLog(@"Failed to pin a certificate");
    }
    
    // Save the SSL pins so that our session delegates automatically use them
    if ([ISPCertificatePinning setupSSLPinsUsingDictionnary:domainsToPin] != YES) {
        NSLog(@"Failed to pin the certificates");
    }
    
    
    // Connect to Twitter
    NSURLSessionTaskDelegateTest *sessionDelegate1 = [[NSURLSessionTaskDelegateTest alloc] init];
    NSURLSession *session1 = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration] delegate:sessionDelegate1 delegateQueue:nil];

    NSURLSessionDataTask *dataTask1 = [session1 dataTaskWithURL:[NSURL URLWithString:@"https://twitter.com/"] completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
        
        sessionDelegate1.connectionFinished = YES;
        if (!error) {
            sessionDelegate1.connectionSucceeded = YES;
        }
    }];
    [dataTask1 resume];
    
    
    // Connect to iSEC
    NSURLSessionTaskDelegateTest *sessionDelegate2 = [[NSURLSessionTaskDelegateTest alloc] init];
    NSURLSession *session2 = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration] delegate:sessionDelegate2 delegateQueue:nil];
    
    NSURLSessionDataTask *dataTask2 = [session2 dataTaskWithURL:[NSURL URLWithString:@"https://www.isecpartners.com/"] completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {

        sessionDelegate2.connectionFinished = YES;
        if (!error) {
            sessionDelegate2.connectionSucceeded = YES;
        }
    }];
    [dataTask2 resume];
    
    
    // Connect to NCC Group => will fail because we pinned a wrong certificate
    NSURLSessionTaskDelegateTest *sessionDelegate3 = [[NSURLSessionTaskDelegateTest alloc] init];
    NSURLSession *session3 = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration] delegate:sessionDelegate3 delegateQueue:nil];
    
    NSURLSessionDataTask *dataTask3 = [session3 dataTaskWithURL:[NSURL URLWithString:@"https://www.nccgroup.com/"] completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {

        sessionDelegate3.connectionFinished = YES;
        if (!error) {
            sessionDelegate3.connectionSucceeded = YES;
        }
    }];
    [dataTask3 resume];

    
    // Do some polling to wait for the connections to complete
#define POLL_INTERVAL 0.2 // 200ms
#define N_SEC_TO_POLL 3.0 // poll for 3s
#define MAX_POLL_COUNT N_SEC_TO_POLL / POLL_INTERVAL
    
    NSUInteger pollCount = 0;
    while (!(sessionDelegate1.connectionFinished && sessionDelegate2.connectionFinished && sessionDelegate3.connectionFinished) && (pollCount < MAX_POLL_COUNT)) {
        NSDate* untilDate = [NSDate dateWithTimeIntervalSinceNow:POLL_INTERVAL];
        [[NSRunLoop currentRunLoop] runUntilDate:untilDate];
        pollCount++;
    }
    
    if (pollCount == MAX_POLL_COUNT) {
        XCTFail(@"Could not connect in time");
    }
    
    
    // The first two connections should succeed
    XCTAssertTrue(sessionDelegate1.connectionSucceeded, @"Connection to Twitter failed");
    XCTAssertTrue(sessionDelegate2.connectionSucceeded, @"Connection to iSEC Partners failed");
    
    // The last connection should fail
    XCTAssertFalse(sessionDelegate3.connectionSucceeded, @"Connection to NCC succeeded");
}


@end
    
    
    
    
#pragma mark Delegate class
    
@implementation NSURLSessionTaskDelegateTest
    
    @synthesize connectionSucceeded;
    @synthesize connectionFinished;
    
    -(instancetype) init {
        if (self = [super init])
        {
            self.connectionSucceeded = NO;
            self.connectionFinished = NO;
        }
        return self;
    }

@end
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 12:45:49 +0000