// This source code is dual-licensed under the Mozilla Public License ("MPL"), // version 1.1 and the Apache License ("ASL"), version 2.0. // // The ASL v2.0: // // --------------------------------------------------------------------------- // Copyright 2016 Pivotal Software, Inc. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // --------------------------------------------------------------------------- // // The MPL v1.1: // // --------------------------------------------------------------------------- // The contents of this file are subject to the Mozilla Public License // Version 1.1 (the "License"); you may not use this file except in // compliance with the License. You may obtain a copy of the License at // https://www.mozilla.org/MPL/ // // Software distributed under the License is distributed on an "AS IS" // basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the // License for the specific language governing rights and limitations // under the License. // // The Original Code is RabbitMQ // // The Initial Developer of the Original Code is Pivotal Software, Inc. // All Rights Reserved. // // Alternatively, the contents of this file may be used under the terms // of the Apache Standard license (the "ASL License"), in which case the // provisions of the ASL License are applicable instead of those // above. If you wish to allow use of your version of this file only // under the terms of the ASL License and not to allow others to use // your version of this file under the MPL, indicate your decision by // deleting the provisions above and replace them with the notice and // other provisions required by the ASL License. If you do not delete // the provisions above, a recipient may use your version of this file // under either the MPL or the ASL License. // --------------------------------------------------------------------------- #import "RMQPKCS12CertificateConverter.h" #import "RMQErrors.h" @interface RMQPKCS12CertificateConverter () @property (nonatomic, readwrite) NSData *data; @property (nonatomic, readwrite) NSString *password; @end @implementation RMQPKCS12CertificateConverter - (instancetype)initWithData:(NSData *)data password:(NSString *)password { self = [super init]; if (self) { self.data = data; self.password = password; } return self; } - (NSArray *)certificatesWithError:(NSError *__autoreleasing *)error { if (self.data.length == 0) return @[]; SecIdentityRef identity; [self parseIdentity:self.data identity:&identity error:error]; if (*error) { return nil; } else { return @[(__bridge id)identity]; } } # pragma mark - Private - (void)parseIdentity:(NSData *)data identity:(SecIdentityRef *)identity error:(NSError **)error { CFDataRef cfData = (__bridge CFDataRef)data; NSDictionary *options = @{(__bridge NSString *)kSecImportExportPassphrase: self.password}; CFArrayRef items = NULL; OSStatus status = SecPKCS12Import(cfData, (__bridge CFDictionaryRef)options, &items); switch (status) { case errSecSuccess: *identity = (SecIdentityRef)CFDictionaryGetValue(CFArrayGetValueAtIndex(items, 0), kSecImportItemIdentity); break; case errSecAuthFailed: *error = [NSError errorWithDomain:RMQErrorDomain code:RMQErrorTLSCertificateAuthFailure userInfo:@{NSLocalizedDescriptionKey: @"TLS certificate authentication failed. Incorrect password?"}]; break; case errSecDecode: *error = [NSError errorWithDomain:RMQErrorDomain code:RMQErrorTLSCertificateDecodeError userInfo:@{NSLocalizedDescriptionKey: @"TLS certificate decoding error. Corrupt PKCS12 data?"}]; break; default: break; } } @end