Package apple.networkextension.protocol

Interface NWTCPConnectionAuthenticationDelegate

public interface NWTCPConnectionAuthenticationDelegate

[@protocol] NWTCPConnectionAuthenticationDelegate Allows the caller to take custom actions on some connection events.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	NWTCPConnectionAuthenticationDelegate.Block_evaluateTrustForConnectionPeerCertificateChainCompletionHandler
static interface	NWTCPConnectionAuthenticationDelegate.Block_provideIdentityForConnectionCompletionHandler

Method Summary

Modifier and Type	Method	Description
default void	evaluateTrustForConnectionPeerCertificateChainCompletionHandler(NWTCPConnection connection, NSArray<?> peerCertificateChain, NWTCPConnectionAuthenticationDelegate.Block_evaluateTrustForConnectionPeerCertificateChainCompletionHandler completion)	evaluateTrustForConnection:peerCertificateChain:completionHandler: The caller can implement this optional protocol method to set up custom policies for peer certificate trust evaluation.
default void	provideIdentityForConnectionCompletionHandler(NWTCPConnection connection, NWTCPConnectionAuthenticationDelegate.Block_provideIdentityForConnectionCompletionHandler completion)	provideIdentityForConnection:completionHandler: The caller can implement this optional protocol method to provide the identity and an optional certificate chain to be used for authentication.
default boolean	shouldEvaluateTrustForConnection(NWTCPConnection connection)	shouldEvaluateTrustForConnection: The caller can implement this optional protocol method to decide whether it wants to take over the default trust evaluation for this connection.
default boolean	shouldProvideIdentityForConnection(NWTCPConnection connection)	shouldProvideIdentityForConnection: The caller can implement this optional protocol method to decide whether it wants to provide the identity for this connection for authentication.

Method Detail

evaluateTrustForConnectionPeerCertificateChainCompletionHandler

default void evaluateTrustForConnectionPeerCertificateChainCompletionHandler(NWTCPConnection connection,
                                                                             NSArray<?> peerCertificateChain,
                                                                             NWTCPConnectionAuthenticationDelegate.Block_evaluateTrustForConnectionPeerCertificateChainCompletionHandler completion)

evaluateTrustForConnection:peerCertificateChain:completionHandler: The caller can implement this optional protocol method to set up custom policies for peer certificate trust evaluation. If the delegate method is implemented, the caller is responsible for creating and setting up the SecTrustRef object and passing it to the completion handler. Otherwise, the default trust evaluation policy is used for the connection.

Parameters:

connection - The connection sending this message

peerCertificateChain - The peer certificate chain

completion - The completion handler for passing the SecTrustRef object to the connection. The SecTrustRef object "trust" is required and must not be nil. It will be evaluated using SecTrustEvaluate() if necessary. The caller is responsible for keeping the argument object alive for the duration of the completion handler invocation.

provideIdentityForConnectionCompletionHandler

default void provideIdentityForConnectionCompletionHandler(NWTCPConnection connection,
                                                           NWTCPConnectionAuthenticationDelegate.Block_provideIdentityForConnectionCompletionHandler completion)

provideIdentityForConnection:completionHandler: The caller can implement this optional protocol method to provide the identity and an optional certificate chain to be used for authentication.

Parameters:

connection - The connection sending this message

completion - The completion handler for passing identity and certificate chain to the connection. The "identity" argument is required and must not be nil. The "certificateChain" argument is optional, and is an array of one or more SecCertificateRef objects. The certificate chain must contain objects of type SecCertificateRef only. If the certificate chain is set, it will be used. Otherwise, the leaf certificate will be extracted from the SecIdentityRef object and will be used for authentication. The caller is responsible for keeping the argument object(s) alive for the duration of the completion handler invocation.

shouldEvaluateTrustForConnection

default boolean shouldEvaluateTrustForConnection(NWTCPConnection connection)

shouldEvaluateTrustForConnection: The caller can implement this optional protocol method to decide whether it wants to take over the default trust evaluation for this connection. If this delegate method is not implemented, the return value will default to YES if provideIdentityForConnection:completionHandler: is implemented.

Parameters:

connection - The connection sending this message

Returns:

YES to take over the default trust evaluation, in which case, the delegate method evaluateTrustForConnection:peerCertificateChain:completionHandler: will be called.

shouldProvideIdentityForConnection

default boolean shouldProvideIdentityForConnection(NWTCPConnection connection)

shouldProvideIdentityForConnection: The caller can implement this optional protocol method to decide whether it wants to provide the identity for this connection for authentication. If this delegate method is not implemented, the return value will default to YES if provideIdentityForConnection:completionHandler: is implemented.

Parameters:

connection - The connection sending this message

Returns:

YES to provide the identity for this connection, in which case, the delegate method provideIdentityForConnection:completionHandler: will be called.