Programming IceSSL in Swift

On this page:

Obtaining SSL Connection Information in Swift

You can obtain information about any SSL connection using the getInfo operation on a Connection object. IceSSL supports the following API:

Slice
module Ice
{
    local class ConnectionInfo
    {
        ConnectionInfo underlying;
        bool incoming;
        string adapterName;
        string connectionId;
    }
}

["swift:module:Ice:SSL"]
module IceSSL
{
    local class ConnectionInfo extends Ice::IPConnectionInfo
    {
        string cipher;
        ["swift:type:[SecCertificate]"] Ice::StringSeq certs;
        bool verified;
    }
}

The Ice::ConnectionInfo object can be down-casted to a IceSSL::ConnectionInfo for a SSL connection.

The certs member contains the peer's certificate chain; the swift:type metadata changes the mapping to an array of SecCertificate objects. The array is structured so that the first element is the peer's certificate, followed by its signing certificates in the order they appear in the chain, with the root CA certificate as the last element. The array is empty if the peer did not present a certificate chain.

The cipher member is a description of the ciphersuite that SSL negotiated for this connection. The verified member is always true if IceSSL.VerifyPeer > 0. Otherwise, it is false if one of these checks fail:

  • the underlying SSL engine certificate verification fails,
  • if IceSSL.CheckCertName > 0, the host name verification check failed.

The inherited underlying data member contains the connection information of the underlying transport (if SSL is based on TCP, this member will contain an instance of Ice::TCPEndpointInfo that you can use to retrieve the remote and local addresses). The incoming member indicates whether the connection is inbound (a server connection) or outbound (a client connection). The connectionId data member matches the connection identifier set on the proxy. Finally, if incoming is true, the adapterName member supplies the name of the object adapter that hosts the endpoint.

Back to Top ^

Installing a Password Prompt  in Swift

The setSslPasswordPrompt method on Communicator allows applications to install a custom password retrieval mechanism, for example through a prompt to the user (for interactive applications).

This method must be called before the plug-in is initialized. For example:

Swift
// In module Ice
extension Communicator {
    func setSslPasswordPrompt(prompt: @escaping (() -> String)) {
        ...
    }
}
Swift
let properties = ...
properties.setProperty(key: "Ice.InitPlugins", value: "0")
var initData = Ice.InitializationData()
initData.properties = properties
communicator = try Ice.initialize(initData)

communicator.setSslPasswordPrompt {
    return "password"
}

try communicator.initializePlugins()

Back to Top ^

Installing a Certificate Verifier in Swift

The setSslCertificateVerifier method on Communicator allows applications to install a custom certificate verifier.

This method must be called before any connection is established. For example:

Swift
// In module Ice
extension Communicator {
    func setSslCertificateVerifier(verifier: @escaping ((SSLConnectionInfo) -> Bool)) {
        ...
    }
}
Swift
communicator = ....

communicator.setSslCertificateVerifier { info in
    if let certs = info.certs {
      ....
    }
    return false
}

Back to Top ^

See Also