From 5da14042f70711ea5cf66e034699730335462f66 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 5 May 2024 14:08:03 +0200 Subject: Merging upstream version 1.45.3+dfsg. Signed-off-by: Daniel Baumann --- .../NSURLConnectionTests.m | 154 --------------------- .../SSLCertificatePinningTests/NSURLSessionTests.m | 145 ------------------- .../SSLCertificatePinningTests-Info.plist | 22 --- .../SSLPinsTestUtility.h | 15 -- .../SSLPinsTestUtility.m | 57 -------- ...lass3PublicPrimaryCertificationAuthority-G5.der | Bin 1239 -> 0 bytes .../en.lproj/InfoPlist.strings | 2 - .../www.isecpartners.com.der | Bin 1876 -> 0 bytes 8 files changed, 395 deletions(-) delete mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/NSURLConnectionTests.m delete mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/NSURLSessionTests.m delete mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLCertificatePinningTests-Info.plist delete mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.h delete mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m delete mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/VeriSignClass3PublicPrimaryCertificationAuthority-G5.der delete mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/en.lproj/InfoPlist.strings delete mode 100644 web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/www.isecpartners.com.der (limited to 'web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests') diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/NSURLConnectionTests.m b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/NSURLConnectionTests.m deleted file mode 100644 index 53d860785..000000000 --- a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/NSURLConnectionTests.m +++ /dev/null @@ -1,154 +0,0 @@ -// -// NSURLConnectionTests.m -// SSLCertificatePinning -// -// Created by Alban Diquet on 1/14/14. -// Copyright (c) 2014 iSEC Partners. All rights reserved. -// - -#import - -#import "ISPPinnedNSURLConnectionDelegate.h" -#import "ISPCertificatePinning.h" -#import "SSLPinsTestUtility.h" - - -// Delegate we'll use for our tests -@interface NSURLConnectionDelegateTest : ISPPinnedNSURLConnectionDelegate - @property BOOL connectionFinished; - @property BOOL connectionSucceeded; -@end - - - -@interface NSURLConnectionTests : XCTestCase - -@end - - -@implementation NSURLConnectionTests - - -- (void)setUp -{ - [super setUp]; -} - -- (void)tearDown -{ - [super tearDown]; -} - -#pragma mark SSL pinning test - - -// This is sample code to demonstrate how to implement certificate pinning with NSURLConnection -- (void)testNSURLConnectionSSLPinning -{ - - // Create our SSL pins dictionnary for Twitter, iSEC and NCC - NSDictionary *domainsToPin = [SSLPinsTestUtility setupTestSSLPinsDictionnary]; - if (domainsToPin == nil) { - NSLog(@"Failed to pin a certificate"); - } - - - // Save the SSL pins so that our connection delegates automatically use them - if ([ISPCertificatePinning setupSSLPinsUsingDictionnary:domainsToPin] != YES) { - NSLog(@"Failed to pin the certificates"); - } - - // Connect to Twitter - NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://twitter.com/"]]; - NSURLConnectionDelegateTest *connectionDelegate = [[NSURLConnectionDelegateTest alloc] init]; - NSURLConnection *connection=[[NSURLConnection alloc] initWithRequest:request delegate:connectionDelegate]; - [connection start]; - - // Connect to iSEC - NSURLRequest *request2 = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://www.isecpartners.com/"]]; - NSURLConnectionDelegateTest *connectionDelegate2 = [[NSURLConnectionDelegateTest alloc] init]; - NSURLConnection *connection2 = [[NSURLConnection alloc] initWithRequest:request2 delegate:connectionDelegate2]; - [connection2 start]; - - // Connect to NCC Group => will fail because we pinned a wrong certificate - NSURLRequest *request3 = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://www.nccgroup.com/"]]; - NSURLConnectionDelegateTest *connectionDelegate3 = [[NSURLConnectionDelegateTest alloc] init]; - NSURLConnection *connection3 = [[NSURLConnection alloc] initWithRequest:request3 delegate:connectionDelegate3]; - [connection3 start]; - - - // Do some polling to wait for the connections to complete -#define POLL_INTERVAL 0.2 // 200ms -#define N_SEC_TO_POLL 3.0 // poll for 3s -#define MAX_POLL_COUNT N_SEC_TO_POLL / POLL_INTERVAL - - NSUInteger pollCount = 0; - while (!(connectionDelegate.connectionFinished && connectionDelegate2.connectionFinished && connectionDelegate3.connectionFinished) && (pollCount < MAX_POLL_COUNT)) { - NSDate* untilDate = [NSDate dateWithTimeIntervalSinceNow:POLL_INTERVAL]; - [[NSRunLoop currentRunLoop] runUntilDate:untilDate]; - pollCount++; - } - - if (pollCount == MAX_POLL_COUNT) { - XCTFail(@"Could not connect in time"); - } - - - // The first two connections should succeed - XCTAssertTrue(connectionDelegate.connectionSucceeded, @"Connection to Twitter failed"); - XCTAssertTrue(connectionDelegate2.connectionSucceeded, @"Connection to iSEC Partners failed"); - - // The last connection should fail - XCTAssertFalse(connectionDelegate3.connectionSucceeded, @"Connection to NCC succeeded"); -} - - -@end - - -#pragma mark Delegate class - -@implementation NSURLConnectionDelegateTest - -@synthesize connectionSucceeded; -@synthesize connectionFinished; - --(instancetype) init { - if (self = [super init]) - { - self.connectionSucceeded = NO; - self.connectionFinished = NO; - } - return self; -} - - -- (void)connectionDidFinishLoading:(NSURLConnection *)connection { - self.connectionSucceeded = YES; - self.connectionFinished = YES; -} - -- (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error { - self.connectionSucceeded = NO; - self.connectionFinished = YES; -} - -- (void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data { - self.connectionSucceeded = YES; - self.connectionFinished = YES; -} - -- (NSCachedURLResponse *)connection:(NSURLConnection *)connection willCacheResponse:(NSCachedURLResponse *)cachedResponse { - return cachedResponse; -} - -- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response { - self.connectionSucceeded = YES; - self.connectionFinished = YES; -} - -- (NSURLRequest *)connection:(NSURLConnection *)connection willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)redirectResponse { - return request; -} - -@end \ No newline at end of file diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/NSURLSessionTests.m b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/NSURLSessionTests.m deleted file mode 100644 index 5f1da51ba..000000000 --- a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/NSURLSessionTests.m +++ /dev/null @@ -1,145 +0,0 @@ -// -// NSURLSessionTests.m -// SSLCertificatePinning -// -// Created by Alban Diquet on 1/14/14. -// Copyright (c) 2014 iSEC Partners. All rights reserved. -// - -#import - -#import "ISPPinnedNSURLSessionDelegate.h" -#import "ISPCertificatePinning.h" -#import "SSLPinsTestUtility.h" - - -// Delegate we'll use for our tests -@interface NSURLSessionTaskDelegateTest : ISPPinnedNSURLSessionDelegate -@property BOOL connectionFinished; -@property BOOL connectionSucceeded; -@end - - -@interface NSURLSessionTests : XCTestCase - -@end - -@implementation NSURLSessionTests - -- (void)setUp -{ - [super setUp]; -} - -- (void)tearDown -{ - [super tearDown]; -} - - -#pragma mark SSL pinning test -- (void)testNSURLSessionSSLPinning -{ - - // Create our SSL pins dictionnary for Twitter, iSEC and NCC - NSDictionary *domainsToPin = [SSLPinsTestUtility setupTestSSLPinsDictionnary]; - if (domainsToPin == nil) { - NSLog(@"Failed to pin a certificate"); - } - - // Save the SSL pins so that our session delegates automatically use them - if ([ISPCertificatePinning setupSSLPinsUsingDictionnary:domainsToPin] != YES) { - NSLog(@"Failed to pin the certificates"); - } - - - // Connect to Twitter - NSURLSessionTaskDelegateTest *sessionDelegate1 = [[NSURLSessionTaskDelegateTest alloc] init]; - NSURLSession *session1 = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration] delegate:sessionDelegate1 delegateQueue:nil]; - - NSURLSessionDataTask *dataTask1 = [session1 dataTaskWithURL:[NSURL URLWithString:@"https://twitter.com/"] completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { - - sessionDelegate1.connectionFinished = YES; - if (!error) { - sessionDelegate1.connectionSucceeded = YES; - } - }]; - [dataTask1 resume]; - - - // Connect to iSEC - NSURLSessionTaskDelegateTest *sessionDelegate2 = [[NSURLSessionTaskDelegateTest alloc] init]; - NSURLSession *session2 = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration] delegate:sessionDelegate2 delegateQueue:nil]; - - NSURLSessionDataTask *dataTask2 = [session2 dataTaskWithURL:[NSURL URLWithString:@"https://www.isecpartners.com/"] completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { - - sessionDelegate2.connectionFinished = YES; - if (!error) { - sessionDelegate2.connectionSucceeded = YES; - } - }]; - [dataTask2 resume]; - - - // Connect to NCC Group => will fail because we pinned a wrong certificate - NSURLSessionTaskDelegateTest *sessionDelegate3 = [[NSURLSessionTaskDelegateTest alloc] init]; - NSURLSession *session3 = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration] delegate:sessionDelegate3 delegateQueue:nil]; - - NSURLSessionDataTask *dataTask3 = [session3 dataTaskWithURL:[NSURL URLWithString:@"https://www.nccgroup.com/"] completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { - - sessionDelegate3.connectionFinished = YES; - if (!error) { - sessionDelegate3.connectionSucceeded = YES; - } - }]; - [dataTask3 resume]; - - - // Do some polling to wait for the connections to complete -#define POLL_INTERVAL 0.2 // 200ms -#define N_SEC_TO_POLL 3.0 // poll for 3s -#define MAX_POLL_COUNT N_SEC_TO_POLL / POLL_INTERVAL - - NSUInteger pollCount = 0; - while (!(sessionDelegate1.connectionFinished && sessionDelegate2.connectionFinished && sessionDelegate3.connectionFinished) && (pollCount < MAX_POLL_COUNT)) { - NSDate* untilDate = [NSDate dateWithTimeIntervalSinceNow:POLL_INTERVAL]; - [[NSRunLoop currentRunLoop] runUntilDate:untilDate]; - pollCount++; - } - - if (pollCount == MAX_POLL_COUNT) { - XCTFail(@"Could not connect in time"); - } - - - // The first two connections should succeed - XCTAssertTrue(sessionDelegate1.connectionSucceeded, @"Connection to Twitter failed"); - XCTAssertTrue(sessionDelegate2.connectionSucceeded, @"Connection to iSEC Partners failed"); - - // The last connection should fail - XCTAssertFalse(sessionDelegate3.connectionSucceeded, @"Connection to NCC succeeded"); -} - - -@end - - - - -#pragma mark Delegate class - -@implementation NSURLSessionTaskDelegateTest - - @synthesize connectionSucceeded; - @synthesize connectionFinished; - - -(instancetype) init { - if (self = [super init]) - { - self.connectionSucceeded = NO; - self.connectionFinished = NO; - } - return self; - } - -@end diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLCertificatePinningTests-Info.plist b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLCertificatePinningTests-Info.plist deleted file mode 100644 index ccba61f8e..000000000 --- a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLCertificatePinningTests-Info.plist +++ /dev/null @@ -1,22 +0,0 @@ - - - - - CFBundleDevelopmentRegion - en - CFBundleExecutable - ${EXECUTABLE_NAME} - CFBundleIdentifier - com.isecpartners.${PRODUCT_NAME:rfc1034identifier} - CFBundleInfoDictionaryVersion - 6.0 - CFBundlePackageType - BNDL - CFBundleShortVersionString - 1.0 - CFBundleSignature - ???? - CFBundleVersion - 1 - - diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.h b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.h deleted file mode 100644 index 56dde1ac7..000000000 --- a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.h +++ /dev/null @@ -1,15 +0,0 @@ -// -// SSLPinsTestUtility.h -// SSLCertificatePinning -// -// Created by Alban Diquet on 2/2/14. -// Copyright (c) 2014 iSEC Partners. All rights reserved. -// - -#import - -@interface SSLPinsTestUtility : NSObject - -+ (NSDictionary*) setupTestSSLPinsDictionnary; - -@end diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m deleted file mode 100644 index 7a5eb22c5..000000000 --- a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/SSLPinsTestUtility.m +++ /dev/null @@ -1,57 +0,0 @@ -// -// SSLPinsTestUtility.m -// SSLCertificatePinning -// -// Created by Alban Diquet on 2/2/14. -// Copyright (c) 2014 iSEC Partners. All rights reserved. -// - -#import "SSLPinsTestUtility.h" -#import "ISPCertificatePinning.h" - -@implementation SSLPinsTestUtility - - -+ (NSData*)loadCertificateFromFile:(NSString*)fileName { - NSString *certPath = [[NSBundle bundleForClass:[self class]] pathForResource:fileName ofType:@"der"]; - NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath]; - return certData; -} - - -+ (NSDictionary*) setupTestSSLPinsDictionnary { - // Build our dictionnary of domain => certificates - NSMutableDictionary *domainsToPin = [[NSMutableDictionary alloc] init]; - - - // For Twitter, we pin the anchor/CA certificate - NSData *twitterCertData = [SSLPinsTestUtility loadCertificateFromFile:@"VeriSignClass3PublicPrimaryCertificationAuthority-G5"]; - if (twitterCertData == nil) { - NSLog(@"Failed to load a certificate"); - return nil; - } - NSArray *twitterTrustedCerts = [NSArray arrayWithObject:twitterCertData]; - [domainsToPin setObject:twitterTrustedCerts forKey:@"twitter.com"]; - - - // For iSEC, we pin the server/leaf certificate - NSData *isecCertData = [SSLPinsTestUtility loadCertificateFromFile:@"www.isecpartners.com"]; - if (isecCertData == nil) { - NSLog(@"Failed to load a certificate"); - return nil; - } - // We also pin Twitter's CA cert just to show that you can pin multiple certs to a single domain - // This is useful when transitioning between two certificates on the server - // The connection will be succesful if at least one of the pinned certs is found in the server's certificate trust chain - NSArray *iSECTrustedCerts = [NSArray arrayWithObjects:isecCertData, twitterCertData, nil]; - [domainsToPin setObject:iSECTrustedCerts forKey:@"www.isecpartners.com"]; - - - // For NCC group, we pin an invalid certificate (Twitter's) - NSArray *NCCTrustedCerts = [NSArray arrayWithObject:twitterCertData]; - [domainsToPin setObject:NCCTrustedCerts forKey:@"www.nccgroup.com"]; - - return domainsToPin; -} - -@end diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/VeriSignClass3PublicPrimaryCertificationAuthority-G5.der b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/VeriSignClass3PublicPrimaryCertificationAuthority-G5.der deleted file mode 100644 index 9818d19d0..000000000 Binary files a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/VeriSignClass3PublicPrimaryCertificationAuthority-G5.der and /dev/null differ diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/en.lproj/InfoPlist.strings b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/en.lproj/InfoPlist.strings deleted file mode 100644 index 477b28ff8..000000000 --- a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/en.lproj/InfoPlist.strings +++ /dev/null @@ -1,2 +0,0 @@ -/* Localized versions of Info.plist keys */ - diff --git a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/www.isecpartners.com.der b/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/www.isecpartners.com.der deleted file mode 100644 index 886cf483e..000000000 Binary files a/web/server/h2o/libh2o/deps/ssl-conservatory/ios/SSLCertificatePinning/SSLCertificatePinningTests/www.isecpartners.com.der and /dev/null differ -- cgit v1.2.3