socket.io-client-swift icon indicating copy to clipboard operation
socket.io-client-swift copied to clipboard

Published 20 hours ago verified publisher icon socketio

SSL / TLS client certificate authentication

Open b00tsy opened this issue 6 years ago • 4 comments

I'd like to implement the above mentioned feature in socket.io-client-swift. It was requested in various issues, e.g. #687, #936.

It was recently added to Starscream (https://github.com/daltoniam/Starscream/pull/481) and just needs to be propagated into socket.io-client-swift. The main question is what would be the best place to add this feature.

The client certificate would need to be passed to the Starscream WebSocket in createWebSocketAndConnect. One option to pass id down that way would be extend SocketIO.SSLSecurity with an sslClientCertificate property. Any guidance would be appreciated.

b00tsy avatar Feb 05 '19 13:02 b00tsy

This comment helped me. So, i make a note of the sample source for SSL client certificate.

It seems that the StarScream library needs to be modified. (This is not a good example, so please use it as a reference purposes)

    private func createWebSocketAndConnect() {
        var req = URLRequest(url: urlWebSocketWithSid)

        addHeaders(to: &req, includingCookies: session?.configuration.httpCookieStorage?.cookies(for: urlPollingWithSid))

        let stream = FoundationStream()
        stream.enableSOCKSProxy = enableSOCKSProxy
        ws = WebSocket(request: req, stream: stream)
        ws?.callbackQueue = engineQueue
        ws?.enableCompression = compress
        ws?.disableSSLCertValidation = selfSigned
        ws?.security = security?.security

        // [SSLクライアント認証 暫定対応] start
        let password = "hogehoge"
        let path = Bundle.main.path(forResource: "client-cert", ofType: "pfx")
        let sslClientCertificate = try! SSLClientCertificate(pkcs12Path: path!, password: password)
        ws?.sslClientCertificate = sslClientCertificate
        // [SSLクライアント認証 暫定対応] end

        ws?.onConnect = {[weak self] in

chokotia avatar Sep 02 '20 09:09 chokotia

nice!

ghost avatar Feb 11 '21 02:02 ghost

good job!

okym2021 avatar Feb 11 '21 02:02 okym2021

That's the low level implementation where every user wanting to use client certificates would have to modify the code of socket.io-client-swift, which is a good starting point to get it done but a solution where you can pass an identity down when creating the socketio connection would be much better. And there the question remains how to pass down the certificate to createWebSocketAndConnect()?

b00tsy avatar Feb 11 '21 08:02 b00tsy