Почетна Преглед Помоћ
Пријавите се
yosoyhendrix
/
psiphon-tunnel-core
1
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Дрво: d8d164c18f
Гране Ознаке
psiphon-tunnel-...
/
MobileLibrary
/
iOS
/
SampleApps
/
Common
/
AuthURLSessionTaskDelegate.h

AuthURLSessionTaskDelegate.h 2.2 KB
Историја Датотека

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. //
    2. 

  2. //  AuthURLSessionTaskDelegate.h
    3. 

  3. //  TunneledWebRequest
    4. 

  4. //
    5. 

  5. /*
    6. 

  6.  Licensed under Creative Commons Zero (CC0).
    7. 

  7.  https://creativecommons.org/publicdomain/zero/1.0/
    8. 

  8.  */
    9. 

  9. 

  10. 

  11. // NOTE: this file is shared by TunneledWebRequest and TunneledWebView
    12. 

  12. 

  13. #import <Foundation/Foundation.h>
    14. 

  14. 

  15. NS_ASSUME_NONNULL_BEGIN
    16. 

  16. 

  17. /*
    18. 

  18.  * AuthURLSessionTaskDelegate implements URLSession:task:didReceiveChallenge:completionHandler:
    19. 

  19.  * of the NSURLSessionTaskDelegate protocol.
    20. 

  20.  *
    21. 

  21.  * The main motivation of AuthURLSessionTaskDelegate is to ensure that OCSP requests are not
    22. 

  22.  * sent in plaintext outside of the tunnel.
    23. 

  23.  *
    24. 

  24.  * If the policy object for checking the revocation of certificates is created with
    25. 

  25.  * SecPolicyCreateRevocation(kSecRevocationOCSPMethod | ...), and network access is allowed
    26. 

  26.  * (the kSecRevocationNetworkAccessDisabled flag is not provided), a plaintext OCSP request over
    27. 

  27.  * HTTP is triggered when SecTrustEvaluate() is called. This request does not respect NSURLProtocol
    28. 

  28.  * subclassing.
    29. 

  29.  *
    30. 

  30.  * The solution is to inspect each X.509 certificate for the Online Certificate Status Protocol
    31. 

  31.  * (1.3.6.1.5.5.7.48.1) Authority Information Access Method, which contains the locations (URLs) of
    32. 

  32.  * the OCSP servers; then OCSP requests are then made to these servers through the local HTTP proxy.
    33. 

  33.  *
    34. 

  34.  * Note: The OCSP Authority Information Access Method is found in the Certificate Authority
    35. 

  35.  *       Information Access (1.3.6.1.5.5.7.1.1) X.509v3 extension --
    36. 

  36.  *       https://tools.ietf.org/html/rfc2459#section-4.2.2.1.
    37. 

  37.  */
    38. 

  38. @interface AuthURLSessionTaskDelegate : NSObject <NSURLSessionDelegate>
    39. 

  39. 

  40. /*
    41. 

  41.  * Logger for errors.
    42. 

  42.  */
    43. 

  43. @property (nonatomic, strong) void (^logger)(NSString*);
    44. 

  44. 

  45. /*
    46. 

  46.  * Local HTTP proxy port.
    47. 

  47.  *
    48. 

  48.  * OCSP request URL is constructed as:
    49. 

  49.  *   http://127.0.0.1:<HTTP proxy port>/tunneled/<URL encoded OCSP request>
    50. 

  50.  */
    51. 

  51. @property (atomic, assign) NSInteger localHTTPProxyPort;
    52. 

  52. 

  53. - (id)initWithLogger:(void (^)(NSString*))logger andLocalHTTPProxyPort:(NSInteger)port;
    54. 

  54. 

  55. - (void)URLSession:(NSURLSession *)session
    56. 

  56.               task:(NSURLSessionTask *)task
    57. 

  57. didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge
    58. 

  58.  completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler;
    59. 

  59. 

  60. @end
    61. 

  61. 

  62. NS_ASSUME_NONNULL_END
    63.