TCP/TCPEndpoint.h
author Jens Alfke <jens@mooseyard.com>
Sun May 10 19:05:52 2009 -0700 (2009-05-10)
changeset 46 50dc5502ef46
parent 8 6f539dd9921c
permissions -rw-r--r--
Unnecessary self-merge (I'm just being confused with hg. Sorry.)
jens@0
     1
//
jens@0
     2
//  TCPEndpoint.h
jens@0
     3
//  MYNetwork
jens@0
     4
//
jens@0
     5
//  Created by Jens Alfke on 5/14/08.
jens@0
     6
//  Copyright 2008 Jens Alfke. All rights reserved.
jens@0
     7
//
jens@0
     8
jens@0
     9
#import <Foundation/Foundation.h>
jens@26
    10
#import <Security/SecBase.h>
jens@8
    11
#if TARGET_OS_IPHONE
jens@8
    12
#include <CFNetwork/CFSocketStream.h>
jens@8
    13
#else
jens@0
    14
#import <CoreServices/CoreServices.h>
jens@8
    15
#endif
jens@0
    16
jens@0
    17
jens@0
    18
// SSL properties:
jens@26
    19
jens@26
    20
/** This defines the SSL identity to be used by this endpoint.
jens@26
    21
    The value is an NSArray (or CFArray) whose first item must be a SecIdentityRef;
jens@26
    22
    optionally, it can also contain SecCertificateRefs for supporting certificates in the
jens@26
    23
    validation chain. */
jens@0
    24
#define kTCPPropertySSLCertificates  ((NSString*)kCFStreamSSLCertificates)
jens@26
    25
jens@26
    26
/** If set to YES, the connection will accept self-signed certificates from the peer,
jens@26
    27
    or any certificate chain that terminates in an unrecognized root. */
jens@0
    28
#define kTCPPropertySSLAllowsAnyRoot ((NSString*)kCFStreamSSLAllowsAnyRoot)
jens@8
    29
jens@26
    30
/** This sets the hostname that the peer's certificate must have.
jens@26
    31
    (The default value is the hostname, if any, that the connection was opened with.)
jens@26
    32
    Setting a value of [NSNull null] completely disables host-name checking. */
jens@26
    33
#define kTCPPropertySSLPeerName      ((NSString*)kCFStreamSSLPeerName)
jens@26
    34
jens@26
    35
/** Specifies whether the client (the peer that opened the connection) will use a certificate.
jens@26
    36
    The value is a TCPAuthenticate enum value wrapped in an NSNumber. */
jens@26
    37
extern NSString* const kTCPPropertySSLClientSideAuthentication;
jens@26
    38
jens@8
    39
typedef enum {
jens@8
    40
	kTCPNeverAuthenticate,			/* skip client authentication */
jens@8
    41
	kTCPAlwaysAuthenticate,         /* require it */
jens@8
    42
	kTCPTryAuthenticate             /* try to authenticate, but not error if client has no cert */
jens@8
    43
} TCPAuthenticate; // these MUST have same values as SSLAuthenticate enum in SecureTransport.h!
jens@0
    44
jens@0
    45
jens@0
    46
/** Abstract base class of TCPConnection and TCPListener.
jens@0
    47
    Mostly just manages the SSL properties. */
jens@0
    48
@interface TCPEndpoint : NSObject
jens@0
    49
{
jens@0
    50
    NSMutableDictionary *_sslProperties;
jens@0
    51
    id _delegate;
jens@0
    52
}
jens@0
    53
jens@0
    54
/** The desired security level. Use the security level constants from NSStream.h,
jens@0
    55
    such as NSStreamSocketSecurityLevelNegotiatedSSL. */
jens@0
    56
@property (copy) NSString *securityLevel;
jens@0
    57
jens@0
    58
/** Detailed SSL settings. This is the same as CFStream's kCFStreamPropertySSLSettings
jens@0
    59
    property. */
jens@0
    60
@property (copy) NSMutableDictionary *SSLProperties;
jens@0
    61
jens@0
    62
/** Shortcut to set a single SSL property. */
jens@0
    63
- (void) setSSLProperty: (id)value 
jens@0
    64
                 forKey: (NSString*)key;
jens@0
    65
jens@26
    66
/** High-level setup for secure P2P connections. Uses the given identity for SSL,
jens@26
    67
    requires peers to use SSL, turns off root checking and peer-name checking. */
jens@26
    68
- (void) setPeerToPeerIdentity: (SecIdentityRef)identity;
jens@26
    69
jens@0
    70
//protected:
jens@0
    71
- (void) tellDelegate: (SEL)selector withObject: (id)param;
jens@0
    72
jens@0
    73
@end