CredentialTesterView.m [plain text]
//
// CredentialTesterView.m
// GSSTestApp
//
// Created by Love Hörnquist Åstrand on 2013-07-03.
// Copyright (c) 2013 Apple, Inc. All rights reserved.
//
#import "CredentialTesterView.h"
#import <Foundation/Foundation.h>
#import <Foundation/NSURLCredential_Private.h>
#import <CoreServices/CoreServices.h>
#import <CoreServices/CoreServicesPriv.h>
@interface CredentialTesterView ()
@property (assign) gss_cred_id_t credential;
@property (retain) NSMutableData *content;
@property (retain) NSOperationQueue *opQueue;
@property (retain) NSURLResponse *response;
@end
@implementation CredentialTesterView
- (id)initWithGSSCredential:(gss_cred_id_t)credential
{
self = [super initWithNibName:@"CredentialTesterView" bundle:nil];
if (self) {
CFRetain(credential);
self.credential = credential;
gss_name_t gssName = GSSCredentialCopyName(credential);
if (gssName) {
self.name = (__bridge NSString *)GSSNameCreateDisplayString(gssName);
CFRelease(gssName);
} else {
self.name = @"<credential have no name>";
}
OM_uint32 lifetime = GSSCredentialGetLifetime(credential);
self.expire = [NSDate dateWithTimeIntervalSinceNow:lifetime];
self.opQueue = [[NSOperationQueue alloc] init];
}
return self;
}
- (void)loadView {
[super loadView];
if ([self.name rangeOfString:@"@LKDC:"].location != NSNotFound) {
[self.serverName setStringValue:@"host@WELLKNOWN:COM.APPLE.LKDC"];
} else if ([self.name rangeOfString:@"@ADS.APPLE.COM"].location != NSNotFound) {
[self.serverName setStringValue:@"HTTP@dc03.ads.apple.com"];
[self.url setStringValue:@"http://dc03.ads.apple.com/negotiate/"];
} else if ([self.name rangeOfString:@"@QAD.APPLE.COM"].location != NSNotFound) {
[self.serverName setStringValue:@"HTTP@dc01qad.qad.apple.com"];
[self.url setStringValue:@"http://dc01qad.qad.apple.com/negotiate/"];
} else if ([self.name rangeOfString:@"@APPLECONNECT.APPLE.COM"].location != NSNotFound) {
[self.url setStringValue:@"https://radar-webservices.apple.com/find/16000000"];
}
}
- (IBAction)testISC:(id)sender {
gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
gss_name_t gssName = GSS_C_NO_NAME;
gss_buffer_desc buffer;
OM_uint32 maj_stat, min_stat;
CFErrorRef error = NULL;
NSString *serverName = [self.serverName stringValue];
NSLog(@"isc:
gssName = GSSCreateName((__bridge CFStringRef)serverName, GSS_C_NT_HOSTBASED_SERVICE, NULL);
if (gssName == NULL) {
NSLog(@"import_name if (error) CFRelease(error);
return;
}
maj_stat = gss_init_sec_context(&min_stat, self.credential,
&ctx, gssName, GSS_KRB5_MECHANISM,
GSS_C_REPLAY_FLAG|GSS_C_INTEG_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS,
NULL, NULL, &buffer, NULL, NULL);
if (maj_stat) {
[self.iscStatus setStringValue:[NSString stringWithFormat:@"FAIL init_sec_context maj_stat: } else {
[self.iscStatus setStringValue:[NSString stringWithFormat:@"success: buffer of length: }
gss_delete_sec_context(&min_stat, &ctx, NULL);
CFRelease(gssName);
gss_release_buffer(&min_stat, &buffer);
}
- (IBAction)destroyCredential:(id)sender {
OM_uint32 min_stat;
gss_destroy_cred(&min_stat, &_credential);
self.name = @"";
self.expire = [NSDate distantPast];
[self.tabViewItem.tabView removeTabViewItem:self.tabViewItem];
}
#pragma mark HTTP test
- (void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data
{
[self.content appendData:data];
}
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
NSLog(@"canAuthenticateAgainstProtectionSpace:
if ([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodNegotiate])
return YES;
return NO;
}
- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response {
NSLog(@"Connection didReceiveResponse! Response - self.response = response;
}
- (void)connectionDidFinishLoading:(NSURLConnection *)connection {
__block NSString *status;
NSLog(@"Finished...");
NSLog(@"data:\n\n self.content = NULL;
if ([self.response isKindOfClass:[NSHTTPURLResponse class]]) {
NSHTTPURLResponse *urlResponse = (NSHTTPURLResponse *)self.response;
if ([urlResponse statusCode] == 200) {
status = [NSString stringWithFormat:@"success"];
} else {
status = [NSString stringWithFormat:@"failed with status: }
} else {
status = [NSString stringWithFormat:@"failed with unknown class returned }
dispatch_async(dispatch_get_main_queue(), ^{
[self.urlStatus setStringValue:status];
});
}
- (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error
{
NSLog(@"didFailWithError");
dispatch_async(dispatch_get_main_queue(), ^{
[self.urlStatus setStringValue:@"failed"];
});
}
- (NSURLRequest *)connection:(NSURLConnection *)connection willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)redirectResponse
{
NSLog(@"willSendRequest");
return request;
}
- (BOOL)connectionShouldUseCredentialStorage:(NSURLConnection *)connection
{
NSLog(@"connectionShouldUseCredentialStorage");
return NO;
}
- (void)connection:(NSURLConnection*)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
NSURLProtectionSpace *protectionSpace = [challenge protectionSpace];
NSLog(@"didReceiveAuthenticationChallenge:
NSString *serverPrincipal = [NSString stringWithFormat:@"HTTP/
CFURLCredentialRef cfCredential = _CFURLCredentialCreateForKerberosTicket(NULL, (__bridge CFStringRef)self.name, (__bridge CFStringRef)serverPrincipal, NULL);
if (cfCredential == NULL) {
NSLog(@"failed to create credential");
[[challenge sender] cancelAuthenticationChallenge:challenge];
return;
}
NSURLCredential *credential = [[NSURLCredential alloc] _initWithCFURLCredential:cfCredential];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
NSLog(@"using name
CFRelease(cfCredential);
}
- (IBAction)checkURL:(id)sender {
NSURL *url = [NSURL URLWithString:[self.url stringValue]];
NSURLRequest *request = [NSURLRequest requestWithURL:url];
NSURLConnection *conn = [[NSURLConnection alloc] initWithRequest: request delegate: self startImmediately:NO];
self.content = [NSMutableData data];
[self.urlStatus setStringValue:@"performing test"];
[conn setDelegateQueue:self.opQueue];
[conn start];
}
@end