ARTSRSecurityPolicy

Objective-C

@interface ARTSRSecurityPolicy : NSObject

/**
 A default `ARTSRSecurityPolicy` implementation specifies socket security and
 validates the certificate chain.

 Use a subclass of `ARTSRSecurityPolicy` for more fine grained customization.
 */
+ (instancetype)defaultPolicy;

/**
 Specifies socket security and provider certificate pinning, disregarding certificate
 chain validation.

 @param pinnedCertificates Array of `SecCertificateRef` SSL certificates to use for validation.
 */
+ (instancetype)pinnningPolicyWithCertificates:(NSArray *)pinnedCertificates
    DEPRECATED_MSG_ATTRIBUTE("Using pinned certificates is neither secure nor supported in SocketRocket, "
                             "and leads to security issues. Please use a proper, trust chain validated certificate.");

/**
 Specifies socket security and optional certificate chain validation.

 @param enabled Whether or not to validate the SSL certificate chain. If you
 are considering using this method because your certificate was not issued by a
 recognized certificate authority, consider using `pinningPolicyWithCertificates` instead.
 */
- (instancetype)initWithCertificateChainValidationEnabled:(BOOL)enabled
    DEPRECATED_MSG_ATTRIBUTE("Disabling certificate chain validation is unsafe. "
                             "Please use a proper Certificate Authority to issue your TLS certificates.")
    NS_DESIGNATED_INITIALIZER;

/**
 Updates all the security options for input and output streams, for example you
 can set your socket security level here.

 @param stream Stream to update the options in.
 */
- (void)updateSecurityOptionsInStream:(NSStream *)stream;

/**
 Whether or not the specified server trust should be accepted, based on the security policy.

 This method should be used when responding to an authentication challenge from
 a server. In the default implemenation, no further validation is done here, but
 you're free to override it in a subclass. See `ARTSRPinningSecurityPolicy.h` for
 an example.

 @param serverTrust The X.509 certificate trust of the server.
 @param domain The domain of serverTrust.

 @return Whether or not to trust the server.
 */
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain;

@end

Swift

class ARTSRSecurityPolicy : NSObject

Undocumented

+defaultPolicy
A default ARTSRSecurityPolicy implementation specifies socket security and validates the certificate chain.

Use a subclass of ARTSRSecurityPolicy for more fine grained customization.
Declaration
Objective-C

+ (nonnull instancetype)defaultPolicy;
Swift

class func `default`() -> Self


                    
                    
                    +pinnningPolicyWithCertificates:

Deprecated

Using pinned certificates is neither secure nor supported in SocketRocket, and leads to security issues. Please use a proper, trust chain validated certificate.

Specifies socket security and provider certificate pinning, disregarding certificate chain validation.

Declaration

Objective-C

+ (nonnull instancetype)pinnningPolicyWithCertificates:
    (nonnull NSArray *)pinnedCertificates;

Swift

class func pinnningPolicy(withCertificates pinnedCertificates: [Any]) -> Self

Parameters


                                pinnedCertificates

Array of SecCertificateRef SSL certificates to use for validation.


                    
                    
                    -initWithCertificateChainValidationEnabled:

Deprecated

Disabling certificate chain validation is unsafe. Please use a proper Certificate Authority to issue your TLS certificates.

Specifies socket security and optional certificate chain validation.

Declaration

Objective-C

- (nonnull instancetype)initWithCertificateChainValidationEnabled:(BOOL)enabled;

Swift

init(certificateChainValidationEnabled enabled: Bool)

Parameters


                                enabled

Whether or not to validate the SSL certificate chain. If you are considering using this method because your certificate was not issued by a recognized certificate authority, consider using pinningPolicyWithCertificates instead.


                    
                    
                    -updateSecurityOptionsInStream:

Updates all the security options for input and output streams, for example you can set your socket security level here.

Declaration

Objective-C

- (void)updateSecurityOptionsInStream:(nonnull NSStream *)stream;

Swift

func updateSecurityOptions(in stream: Stream)

Parameters


                                stream

Stream to update the options in.


                    
                    
                    -evaluateServerTrust:forDomain:

Whether or not the specified server trust should be accepted, based on the security policy.

This method should be used when responding to an authentication challenge from a server. In the default implemenation, no further validation is done here, but you’re free to override it in a subclass. See ARTSRPinningSecurityPolicy.h for an example.

Declaration

Objective-C

- (BOOL)evaluateServerTrust:(nonnull SecTrustRef)serverTrust
                  forDomain:(nonnull NSString *)domain;

Swift

func evaluateServerTrust(_ serverTrust: SecTrust, forDomain domain: String) -> Bool

Parameters

`serverTrust`	The X.509 certificate trust of the server.
`domain`	The domain of serverTrust.

Return Value

Whether or not to trust the server.