From 58daab21cd043e1dc37024a7f99b396788372918 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 9 Mar 2024 14:19:48 +0100
Subject: Merging upstream version 1.44.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../SSLPinsTestUtility.m                           | 57 ++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m

(limited to 'web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m')

diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m
new file mode 100644
index 000000000..7a5eb22c5
--- /dev/null
+++ b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m
@@ -0,0 +1,57 @@
+//
+//  SSLPinsTestUtility.m
+//  SSLCertificatePinning
+//
+//  Created by Alban Diquet on 2/2/14.
+//  Copyright (c) 2014 iSEC Partners. All rights reserved.
+//
+
+#import "SSLPinsTestUtility.h"
+#import "ISPCertificatePinning.h"
+
+@implementation SSLPinsTestUtility
+
+
++ (NSData*)loadCertificateFromFile:(NSString*)fileName {
+    NSString *certPath =  [[NSBundle bundleForClass:[self class]] pathForResource:fileName ofType:@"der"];
+    NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath];
+    return certData;
+}
+
+
++ (NSDictionary*) setupTestSSLPinsDictionnary {
+    // Build our dictionnary of domain => certificates
+    NSMutableDictionary *domainsToPin = [[NSMutableDictionary alloc] init];
+    
+    
+    // For Twitter, we pin the anchor/CA certificate
+    NSData *twitterCertData = [SSLPinsTestUtility loadCertificateFromFile:@"VeriSignClass3PublicPrimaryCertificationAuthority-G5"];
+    if (twitterCertData == nil) {
+        NSLog(@"Failed to load a certificate");
+        return nil;
+    }
+    NSArray *twitterTrustedCerts = [NSArray arrayWithObject:twitterCertData];
+    [domainsToPin setObject:twitterTrustedCerts forKey:@"twitter.com"];
+    
+    
+    // For iSEC, we pin the server/leaf certificate
+    NSData *isecCertData = [SSLPinsTestUtility loadCertificateFromFile:@"www.isecpartners.com"];
+    if (isecCertData == nil) {
+        NSLog(@"Failed to load a certificate");
+        return nil;
+    }
+    // We also pin Twitter's CA cert just to show that you can pin multiple certs to a single domain
+    // This is useful when transitioning between two certificates on the server
+    // The connection will be succesful if at least one of the pinned certs is found in the server's certificate trust chain
+    NSArray *iSECTrustedCerts = [NSArray arrayWithObjects:isecCertData, twitterCertData, nil];
+    [domainsToPin setObject:iSECTrustedCerts forKey:@"www.isecpartners.com"];
+    
+    
+    // For NCC group, we pin an invalid certificate (Twitter's)
+    NSArray *NCCTrustedCerts = [NSArray arrayWithObject:twitterCertData];
+    [domainsToPin setObject:NCCTrustedCerts forKey:@"www.nccgroup.com"];
+    
+    return domainsToPin;
+}
+
+@end
-- 
cgit v1.2.3