>Release date: 2015-07-05

Support TLS Client Certificates [NEW] Client Certificates
novastone-media · Jul 5, 2015 · 7c979f1 · 7c979f1
1 parent fc29c3f
commit 7c979f1
Show file tree

Hide file tree

Showing 33 changed files with 1,000 additions and 397 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,13 @@
 MQTT-Client-Framework iOS Release Notes
 =======================================
 
+## MQTT-Client-Framework 0.2.2
+>Release date: 2015-07-05
+
+Support TLS Client Certificates
+
+[NEW] Client Certificates
+
 ## MQTT-Client-Framework 0.2.1
 >Release date: 2015-06-19
 

diff --git a/MQTTClient.podspec b/MQTTClient.podspec
@@ -1,11 +1,11 @@
 Pod::Spec.new do |s|
   s.name         = "MQTTClient"
-  s.version      = "0.2.1"
+  s.version      = "0.2.2"
   s.summary      = "IOS native ObjectiveC MQTT Framework"
   s.homepage     = "https://github.com/ckrey/MQTT-Client-Framework"
   s.license      = { :type => "MIT", :file => "LICENSE" }
   s.author       = { "Christoph Krey" => "krey.christoph@gmail.com" }
-  s.source       = { :git => "https://github.com/ckrey/MQTT-Client-Framework.git", :tag => "0.2.1" }
+  s.source       = { :git => "https://github.com/ckrey/MQTT-Client-Framework.git", :tag => "0.2.2" }
 
   s.source_files = "MQTTClient/MQTTClient", "MQTTClient/MQTTClient/**/*.{h,m}"
   s.requires_arc = true

diff --git a/MQTTClient/MQTTClient.xcodeproj/project.pbxproj b/MQTTClient/MQTTClient.xcodeproj/project.pbxproj
@@ -67,6 +67,9 @@
 		8462436A1ABE9E5900B72519 /* MQTTPersistence.m in Sources */ = {isa = PBXBuildFile; fileRef = 846243681ABE9E5900B72519 /* MQTTPersistence.m */; };
 		8462436C1ABEAAF900B72519 /* CoreData.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8462436B1ABEAAF900B72519 /* CoreData.framework */; };
 		8462436D1ABEAB2900B72519 /* CoreData.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8462436B1ABEAAF900B72519 /* CoreData.framework */; };
+		8482D3C41B49110200D81CC8 /* KreyChristoph.p12 in Resources */ = {isa = PBXBuildFile; fileRef = 8482D3C31B49110200D81CC8 /* KreyChristoph.p12 */; };
+		8482D3C61B4922E200D81CC8 /* info@owntracks.org.p12 in Resources */ = {isa = PBXBuildFile; fileRef = 8482D3C51B4922E100D81CC8 /* info@owntracks.org.p12 */; };
+		8482D3CA1B49332700D81CC8 /* mosquitto.org.cer in Resources */ = {isa = PBXBuildFile; fileRef = 8482D3C91B49332700D81CC8 /* mosquitto.org.cer */; };
 		848BB8F3195FF7A2004FCAE2 /* MQTTClientOnlyTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 848BB8F2195FF7A2004FCAE2 /* MQTTClientOnlyTests.m */; };
 		84B1AFEE196C7AF60056B959 /* MultiThreadingTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 84B1AFED196C7AF60056B959 /* MultiThreadingTests.m */; };
 		84B1AFF2196D99170056B959 /* MQTTSessionManager.h in Headers */ = {isa = PBXBuildFile; fileRef = 84B1AFF0196D99170056B959 /* MQTTSessionManager.h */; };
@@ -193,6 +196,9 @@
 		846243671ABE9E5900B72519 /* MQTTPersistence.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MQTTPersistence.h; sourceTree = "<group>"; };
 		846243681ABE9E5900B72519 /* MQTTPersistence.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MQTTPersistence.m; sourceTree = "<group>"; };
 		8462436B1ABEAAF900B72519 /* CoreData.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreData.framework; path = System/Library/Frameworks/CoreData.framework; sourceTree = SDKROOT; };
+		8482D3C31B49110200D81CC8 /* KreyChristoph.p12 */ = {isa = PBXFileReference; lastKnownFileType = file; path = KreyChristoph.p12; sourceTree = "<group>"; };
+		8482D3C51B4922E100D81CC8 /* info@owntracks.org.p12 */ = {isa = PBXFileReference; lastKnownFileType = file; path = "info@owntracks.org.p12"; sourceTree = "<group>"; };
+		8482D3C91B49332700D81CC8 /* mosquitto.org.cer */ = {isa = PBXFileReference; lastKnownFileType = file; path = mosquitto.org.cer; sourceTree = "<group>"; };
 		848BB8F2195FF7A2004FCAE2 /* MQTTClientOnlyTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MQTTClientOnlyTests.m; sourceTree = "<group>"; };
 		84B1AFED196C7AF60056B959 /* MultiThreadingTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MultiThreadingTests.m; sourceTree = "<group>"; };
 		84B1AFF0196D99170056B959 /* MQTTSessionManager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MQTTSessionManager.h; sourceTree = "<group>"; };
@@ -255,6 +261,9 @@
 		6BC7F2729125FE9CAD2DBEAD /* Resources */ = {
 			isa = PBXGroup;
 			children = (
+				8482D3C91B49332700D81CC8 /* mosquitto.org.cer */,
+				8482D3C51B4922E100D81CC8 /* info@owntracks.org.p12 */,
+				8482D3C31B49110200D81CC8 /* KreyChristoph.p12 */,
 				C21D3CA71B1ED2F40012DD2F /* server.der */,
 				C21D3CA11B1EC63E0012DD2F /* adn_0.cer */,
 				C21D3CA31B1EC6420012DD2F /* adn_1.cer */,
@@ -580,8 +589,11 @@
 				C21D3CA01B1EC44A0012DD2F /* HTTPBinOrgServerTrustChain in Resources */,
 				C21D3C991B1EC4070012DD2F /* httpbinorg_01162016.cer in Resources */,
 				C21D3C9A1B1EC4090012DD2F /* AddTrust_External_CA_Root.cer in Resources */,
+				8482D3CA1B49332700D81CC8 /* mosquitto.org.cer in Resources */,
 				C21D3C9B1B1EC40A0012DD2F /* COMODO_RSA_Certification_Authority.cer in Resources */,
 				C21D3C9C1B1EC40C0012DD2F /* COMODO_RSA_Domain_Validation_Secure_Server_CA.cer in Resources */,
+				8482D3C61B4922E200D81CC8 /* info@owntracks.org.p12 in Resources */,
+				8482D3C41B49110200D81CC8 /* KreyChristoph.p12 in Resources */,
 				C21D3C961B1EC4000012DD2F /* AltName.cer in Resources */,
 				C21D3C971B1EC4010012DD2F /* NoDomains.cer in Resources */,
 				C21D3C981B1EC4030012DD2F /* foobar.com.cer in Resources */,

diff --git a/MQTTClient/MQTTClient/MQTTSession.h b/MQTTClient/MQTTClient/MQTTSession.h
@@ -325,6 +325,10 @@ typedef NS_ENUM(NSInteger, MQTTSessionEvent) {
 */
 @property (strong, nonatomic) MQTTSSLSecurityPolicy *securityPolicy;
 
+/** see initWithClientId for description
+*/
+@property (strong, nonatomic) NSArray *certificates;
+
 /** for mqttio-OBJC backward compatibility
  the connect message used is stored here
  */
@@ -340,67 +344,22 @@ typedef NS_ENUM(NSInteger, MQTTSessionEvent) {
  */
 - (MQTTSession *)init;
 
-/** initialises the MQTT session
- 
- @param clientId The Client Identifier identifies the Client to the Server. If nil, a random clientId is generated.
- 
- @param userName an NSString object containing the user's name (or ID) for authentification. May be nil.
- 
- @param password an NSString object containing the user's password. If userName is nil, password must be nil as well.
- 
- @param keepAliveInterval The Keep Alive is a time interval measured in seconds. The MQTTClient ensures that the interval
- between Control Packets being sent does not exceed the Keep Alive value. In the  absence of sending any other Control Packets, the Client sends a PINGREQ Packet.
-
- @param cleanSessionFlag specifies if the server should discard previous session information.
- 
- @param willFlag If the Will Flag is set to YES this indicates that a Will Message MUST be published by the Server when the
-        Server detects that the Client is disconnected for any reason other than the Client flowing a DISCONNECT Packet.
-
- @param willTopic If the Will Flag is set to YES, the Will Topic is a string, nil otherwise.
- 
- @param willMsg If the Will Flag is set to YES the Will Message must be specified, nil otherwise.
-
- @param willQoS specifies the QoS level to be used when publishing the Will Message.
-    If the Will Flag is set to NO, then the Will QoS MUST be set to 0.
-    If the Will Flag is set to YES, the value of Will QoS can be 0 (0x00), 1 (0x01), or 2 (0x02).
-
- @param willRetainFlag indicates if the server should publish the Will Messages with retainFlag
-    If the Will Flag is set to NO, then the Will Retain Flag MUST be set to NO .
-    If the Will Flag is set to YES:
-        If Will Retain is set to NO, the Server MUST publish the Will Message as a non-retained publication [MQTT-3.1.2-14].
-        If Will Retain is set to YES, the Server MUST publish the Will Message as a retained publication [MQTT-3.1.2-15].
- 
- @param protocolLevel specifies the protocol to be used.
-    The value of the Protocol Level field for the version 3.1.1 of the protocol is 4. The value for the version 3.1 is 3.
- 
- @param runLoop The runLoop where the streams are scheduled. If nil, defaults to [NSRunLoop currentRunLoop].
- 
- @param runLoopMode The runLoopMode where the streams are scheduled. If nil, defaults to NSRunLoopCommonModes.
- 
+/** alternative initializer
+ @param clientId see initWithClientId for description.
+ @param userName see initWithClientId for description.
+ @param password see initWithClientId for description.
+ @param keepAliveInterval see initWithClientId for description.
+ @param cleanSessionFlag see initWithClientId for description.
+ @param willFlag see initWithClientId for description.
+ @param willTopic see initWithClientId for description.
+ @param willMsg see initWithClientId for description.
+ @param willQoS see initWithClientId for description.
+ @param willRetainFlag see initWithClientId for description.
+ @param protocolLevel see initWithClientId for description.
+ @param runLoop see initWithClientId for description.
+ @param runLoopMode see initWithClientId for description.
  @return the initialised MQTTSession object
- 
  @exception NSInternalInconsistencyException if the parameters are invalid
- 
- @code
- #import "MQTTClient.h"
- 
- MQTTSession *session = [[MQTTSession alloc]
-                            initWithClientId:@"example-1234"
-                            userName:@"user"
-                            password:@"secret"
-                            keepAlive:60
-                            cleanSession:YES
-                            will:YES
-                            willTopic:@"example/status"
-                            willMsg:[[@"Client off-line"] dataUsingEncoding:NSUTF8StringEncoding]
-                            willQoS:2
-                            willRetainFlag:YES
-                            protocolLevel:4
-                            runLoop:[NSRunLoop currentRunLoop]
-                            forMode:NSRunLoopCommonModes];
- @endcode
-
- 
  */
  - (MQTTSession *)initWithClientId:(NSString *)clientId
                          userName:(NSString *)userName
@@ -416,6 +375,39 @@ typedef NS_ENUM(NSInteger, MQTTSessionEvent) {
                           runLoop:(NSRunLoop *)runLoop
                           forMode:(NSString *)runLoopMode;
 
+/** alternative initializer
+ @param clientId see initWithClientId for description.
+ @param userName see initWithClientId for description.
+ @param password see initWithClientId for description.
+ @param keepAliveInterval see initWithClientId for description.
+ @param cleanSessionFlag see initWithClientId for description.
+ @param willFlag see initWithClientId for description.
+ @param willTopic see initWithClientId for description.
+ @param willMsg see initWithClientId for description.
+ @param willQoS see initWithClientId for description.
+ @param willRetainFlag see initWithClientId for description.
+ @param protocolLevel see initWithClientId for description.
+ @param runLoop see initWithClientId for description.
+ @param runLoopMode see initWithClientId for description.
+ @param securityPolicy see initWithClientId for description.
+ @return the initialised MQTTSession object
+ @exception NSInternalInconsistencyException if the parameters are invalid
+ */
+- (MQTTSession *)initWithClientId:(NSString *)clientId
+                         userName:(NSString *)userName
+                         password:(NSString *)password
+                        keepAlive:(UInt16)keepAliveInterval
+                     cleanSession:(BOOL)cleanSessionFlag
+                             will:(BOOL)willFlag
+                        willTopic:(NSString *)willTopic
+                          willMsg:(NSData *)willMsg
+                          willQoS:(MQTTQosLevel)willQoS
+                   willRetainFlag:(BOOL)willRetainFlag
+                    protocolLevel:(UInt8)protocolLevel
+                          runLoop:(NSRunLoop *)runLoop
+                          forMode:(NSString *)runLoopMode
+                   securityPolicy:(MQTTSSLSecurityPolicy *) securityPolicy;
+
 /** initialises the MQTT session
 *
 * this constructor can specifies SSL securityPolicy. the default value of securityPolicy is nil(which do nothing).
@@ -449,6 +441,7 @@ typedef NS_ENUM(NSInteger, MQTTSessionEvent) {
 * @param runLoop The runLoop where the streams are scheduled. If nil, defaults to [NSRunLoop currentRunLoop].
 * @param runLoopMode The runLoopMode where the streams are scheduled. If nil, defaults to NSRunLoopCommonModes.
 * @param securityPolicy The security policy used to evaluate server trust for secure connections.
+* @param certificates An identity certificate used to reply to a server requiring client certificates according to the description given for SSLSetCertificate(). You may build the certificates array yourself or use the sundry method clientCertFromP12
 * @return the initialised MQTTSession object
 * @exception NSInternalInconsistencyException if the parameters are invalid
 *
@@ -474,7 +467,8 @@ typedef NS_ENUM(NSInteger, MQTTSessionEvent) {
                             protocolLevel:4
                             runLoop:[NSRunLoop currentRunLoop]
                             forMode:NSRunLoopCommonModes
-                            securityPolicy:securityPolicy];
+                            securityPolicy:securityPolicy
+                            certificates:certificates];
 
     [session connectToHost:@"example-1234" port:1883 usingSSL:YES];
 @endcode
@@ -492,7 +486,8 @@ typedef NS_ENUM(NSInteger, MQTTSessionEvent) {
                     protocolLevel:(UInt8)protocolLevel
                           runLoop:(NSRunLoop *)runLoop
                           forMode:(NSString *)runLoopMode
-                   securityPolicy:(MQTTSSLSecurityPolicy *) securityPolicy;
+                   securityPolicy:(MQTTSSLSecurityPolicy *) securityPolicy
+                     certificates:(NSArray *)certificates;
 
 /**
 * for mqttio-OBJC backward compatibility
@@ -1054,4 +1049,42 @@ withConnectionHandler:(void (^)(MQTTSessionEvent event))connHandler
  */
 - (void)closeAndWait;
 
+/** reads the content of a PKCS12 file and converts it to an certificates array for initWith...
+ @param path the path to a PKCS12 file
+ @param passphrase the passphrase to unlock the PKCS12 file
+ @returns a certificates array or nil if an error occured
+ 
+ @code
+ NSString *path = [[NSBundle bundleForClass:[MQTTClientTests class]] pathForResource:@"filename"
+ ofType:@"p12"];
+ 
+ NSArray *myCerts = [MQTTSession clientCertsFromP12:path passphrase:@"passphrase"];
+ if (myCerts) {
+ 
+ self.session = [[MQTTSession alloc] initWithClientId:nil
+    userName:nil
+    password:nil
+    keepAlive:60
+    cleanSession:YES
+    will:NO
+    willTopic:nil
+    willMsg:nil
+    willQoS:0
+    willRetainFlag:NO
+    protocolLevel:4
+    runLoop:[NSRunLoop currentRunLoop]
+    forMode:NSRunLoopCommonModes
+    securityPolicy:nil
+    certificates:myCerts];
+ [self.session connectToHost:@"localhost" port:8884 usingSSL:YES];
+ ...
+ }
+
+ @endcode
+ 
+ */
+
++ (NSArray *)clientCertsFromP12:(NSString *)path passphrase:(NSString *)passphrase;
+
+
 @end