jens@0: // jens@0: // TCPEndpoint.h jens@0: // MYNetwork jens@0: // jens@0: // Created by Jens Alfke on 5/14/08. jens@0: // Copyright 2008 Jens Alfke. All rights reserved. jens@0: // jens@0: jens@0: #import jens@26: #import jens@8: #if TARGET_OS_IPHONE jens@8: #include jens@8: #else jens@0: #import jens@8: #endif jens@0: jens@0: jens@0: // SSL properties: jens@26: jens@26: /** This defines the SSL identity to be used by this endpoint. jens@26: The value is an NSArray (or CFArray) whose first item must be a SecIdentityRef; jens@26: optionally, it can also contain SecCertificateRefs for supporting certificates in the jens@26: validation chain. */ jens@0: #define kTCPPropertySSLCertificates ((NSString*)kCFStreamSSLCertificates) jens@26: jens@26: /** If set to YES, the connection will accept self-signed certificates from the peer, jens@26: or any certificate chain that terminates in an unrecognized root. */ jens@0: #define kTCPPropertySSLAllowsAnyRoot ((NSString*)kCFStreamSSLAllowsAnyRoot) jens@8: jens@26: /** This sets the hostname that the peer's certificate must have. jens@26: (The default value is the hostname, if any, that the connection was opened with.) jens@26: Setting a value of [NSNull null] completely disables host-name checking. */ jens@26: #define kTCPPropertySSLPeerName ((NSString*)kCFStreamSSLPeerName) jens@26: jens@26: /** Specifies whether the client (the peer that opened the connection) will use a certificate. jens@26: The value is a TCPAuthenticate enum value wrapped in an NSNumber. */ jens@26: extern NSString* const kTCPPropertySSLClientSideAuthentication; jens@26: jens@8: typedef enum { jens@8: kTCPNeverAuthenticate, /* skip client authentication */ jens@8: kTCPAlwaysAuthenticate, /* require it */ jens@8: kTCPTryAuthenticate /* try to authenticate, but not error if client has no cert */ jens@8: } TCPAuthenticate; // these MUST have same values as SSLAuthenticate enum in SecureTransport.h! jens@0: jens@0: jens@0: /** Abstract base class of TCPConnection and TCPListener. jens@0: Mostly just manages the SSL properties. */ jens@0: @interface TCPEndpoint : NSObject jens@0: { jens@0: NSMutableDictionary *_sslProperties; jens@0: id _delegate; jens@0: } jens@0: jens@0: /** The desired security level. Use the security level constants from NSStream.h, jens@0: such as NSStreamSocketSecurityLevelNegotiatedSSL. */ jens@0: @property (copy) NSString *securityLevel; jens@0: jens@0: /** Detailed SSL settings. This is the same as CFStream's kCFStreamPropertySSLSettings jens@0: property. */ jens@0: @property (copy) NSMutableDictionary *SSLProperties; jens@0: jens@0: /** Shortcut to set a single SSL property. */ jens@0: - (void) setSSLProperty: (id)value jens@0: forKey: (NSString*)key; jens@0: jens@26: /** High-level setup for secure P2P connections. Uses the given identity for SSL, jens@26: requires peers to use SSL, turns off root checking and peer-name checking. */ jens@26: - (void) setPeerToPeerIdentity: (SecIdentityRef)identity; jens@26: jens@0: //protected: jens@0: - (void) tellDelegate: (SEL)selector withObject: (id)param; jens@0: jens@0: @end