web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

//
//  SSLPinsTestUtility.m
//  SSLCertificatePinning
//
//  Created by Alban Diquet on 2/2/14.
//  Copyright (c) 2014 iSEC Partners. All rights reserved.
//

#import "SSLPinsTestUtility.h"
#import "ISPCertificatePinning.h"

@implementation SSLPinsTestUtility


+ (NSData*)loadCertificateFromFile:(NSString*)fileName {
    NSString *certPath =  [[NSBundle bundleForClass:[self class]] pathForResource:fileName ofType:@"der"];
    NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath];
    return certData;
}


+ (NSDictionary*) setupTestSSLPinsDictionnary {
    // Build our dictionnary of domain => certificates
    NSMutableDictionary *domainsToPin = [[NSMutableDictionary alloc] init];
    
    
    // For Twitter, we pin the anchor/CA certificate
    NSData *twitterCertData = [SSLPinsTestUtility loadCertificateFromFile:@"VeriSignClass3PublicPrimaryCertificationAuthority-G5"];
    if (twitterCertData == nil) {
        NSLog(@"Failed to load a certificate");
        return nil;
    }
    NSArray *twitterTrustedCerts = [NSArray arrayWithObject:twitterCertData];
    [domainsToPin setObject:twitterTrustedCerts forKey:@"twitter.com"];
    
    
    // For iSEC, we pin the server/leaf certificate
    NSData *isecCertData = [SSLPinsTestUtility loadCertificateFromFile:@"www.isecpartners.com"];
    if (isecCertData == nil) {
        NSLog(@"Failed to load a certificate");
        return nil;
    }
    // We also pin Twitter's CA cert just to show that you can pin multiple certs to a single domain
    // This is useful when transitioning between two certificates on the server
    // The connection will be succesful if at least one of the pinned certs is found in the server's certificate trust chain
    NSArray *iSECTrustedCerts = [NSArray arrayWithObjects:isecCertData, twitterCertData, nil];
    [domainsToPin setObject:iSECTrustedCerts forKey:@"www.isecpartners.com"];
    
    
    // For NCC group, we pin an invalid certificate (Twitter's)
    NSArray *NCCTrustedCerts = [NSArray arrayWithObject:twitterCertData];
    [domainsToPin setObject:NCCTrustedCerts forKey:@"www.nccgroup.com"];
    
    return domainsToPin;
}

@end