|
jens@0
|
1 |
//
|
|
jens@0
|
2 |
// TCPEndpoint.h
|
|
jens@0
|
3 |
// MYNetwork
|
|
jens@0
|
4 |
//
|
|
jens@0
|
5 |
// Created by Jens Alfke on 5/14/08.
|
|
jens@0
|
6 |
// Copyright 2008 Jens Alfke. All rights reserved.
|
|
jens@0
|
7 |
//
|
|
jens@0
|
8 |
|
|
jens@0
|
9 |
#import <Foundation/Foundation.h>
|
|
jens@26
|
10 |
#import <Security/SecBase.h>
|
|
jens@8
|
11 |
#if TARGET_OS_IPHONE
|
|
jens@8
|
12 |
#include <CFNetwork/CFSocketStream.h>
|
|
jens@8
|
13 |
#else
|
|
jens@0
|
14 |
#import <CoreServices/CoreServices.h>
|
|
jens@8
|
15 |
#endif
|
|
jens@0
|
16 |
|
|
jens@0
|
17 |
|
|
jens@0
|
18 |
// SSL properties:
|
|
jens@26
|
19 |
|
|
jens@26
|
20 |
/** This defines the SSL identity to be used by this endpoint.
|
|
jens@26
|
21 |
The value is an NSArray (or CFArray) whose first item must be a SecIdentityRef;
|
|
jens@26
|
22 |
optionally, it can also contain SecCertificateRefs for supporting certificates in the
|
|
jens@26
|
23 |
validation chain. */
|
|
jens@0
|
24 |
#define kTCPPropertySSLCertificates ((NSString*)kCFStreamSSLCertificates)
|
|
jens@26
|
25 |
|
|
jens@26
|
26 |
/** If set to YES, the connection will accept self-signed certificates from the peer,
|
|
jens@26
|
27 |
or any certificate chain that terminates in an unrecognized root. */
|
|
jens@0
|
28 |
#define kTCPPropertySSLAllowsAnyRoot ((NSString*)kCFStreamSSLAllowsAnyRoot)
|
|
jens@8
|
29 |
|
|
jens@26
|
30 |
/** This sets the hostname that the peer's certificate must have.
|
|
jens@26
|
31 |
(The default value is the hostname, if any, that the connection was opened with.)
|
|
jens@26
|
32 |
Setting a value of [NSNull null] completely disables host-name checking. */
|
|
jens@26
|
33 |
#define kTCPPropertySSLPeerName ((NSString*)kCFStreamSSLPeerName)
|
|
jens@26
|
34 |
|
|
jens@26
|
35 |
/** Specifies whether the client (the peer that opened the connection) will use a certificate.
|
|
jens@26
|
36 |
The value is a TCPAuthenticate enum value wrapped in an NSNumber. */
|
|
jens@26
|
37 |
extern NSString* const kTCPPropertySSLClientSideAuthentication;
|
|
jens@26
|
38 |
|
|
jens@8
|
39 |
typedef enum {
|
|
jens@8
|
40 |
kTCPNeverAuthenticate, /* skip client authentication */
|
|
jens@8
|
41 |
kTCPAlwaysAuthenticate, /* require it */
|
|
jens@8
|
42 |
kTCPTryAuthenticate /* try to authenticate, but not error if client has no cert */
|
|
jens@8
|
43 |
} TCPAuthenticate; // these MUST have same values as SSLAuthenticate enum in SecureTransport.h!
|
|
jens@0
|
44 |
|
|
jens@0
|
45 |
|
|
jens@0
|
46 |
/** Abstract base class of TCPConnection and TCPListener.
|
|
jens@0
|
47 |
Mostly just manages the SSL properties. */
|
|
jens@0
|
48 |
@interface TCPEndpoint : NSObject
|
|
jens@0
|
49 |
{
|
|
jens@0
|
50 |
NSMutableDictionary *_sslProperties;
|
|
jens@0
|
51 |
id _delegate;
|
|
jens@0
|
52 |
}
|
|
jens@0
|
53 |
|
|
jens@0
|
54 |
/** The desired security level. Use the security level constants from NSStream.h,
|
|
jens@0
|
55 |
such as NSStreamSocketSecurityLevelNegotiatedSSL. */
|
|
jens@0
|
56 |
@property (copy) NSString *securityLevel;
|
|
jens@0
|
57 |
|
|
jens@0
|
58 |
/** Detailed SSL settings. This is the same as CFStream's kCFStreamPropertySSLSettings
|
|
jens@0
|
59 |
property. */
|
|
jens@0
|
60 |
@property (copy) NSMutableDictionary *SSLProperties;
|
|
jens@0
|
61 |
|
|
jens@0
|
62 |
/** Shortcut to set a single SSL property. */
|
|
jens@0
|
63 |
- (void) setSSLProperty: (id)value
|
|
jens@0
|
64 |
forKey: (NSString*)key;
|
|
jens@0
|
65 |
|
|
jens@26
|
66 |
/** High-level setup for secure P2P connections. Uses the given identity for SSL,
|
|
jens@26
|
67 |
requires peers to use SSL, turns off root checking and peer-name checking. */
|
|
jens@26
|
68 |
- (void) setPeerToPeerIdentity: (SecIdentityRef)identity;
|
|
jens@26
|
69 |
|
|
jens@0
|
70 |
//protected:
|
|
jens@0
|
71 |
- (void) tellDelegate: (SEL)selector withObject: (id)param;
|
|
jens@0
|
72 |
|
|
jens@0
|
73 |
@end
|