Add Jenkinsfile, refactor docs, move iOS-project to ios/

.gitignore

@@ -1,22 +1,21 @@
-# We ignore the android/build.properties file becuase the user is
+# We ignore the android/build.properties file because the user is
 # expected copy android/build.properties.example to
 # android/build.properties and modify it for their development
 # environment.
 android/build.properties
 
-
 # Titanium module build artifacts
-iphone/appcelerator.https-iphone-*.zip
-iphone/build
-iphone/metadata.json
+ios/appcelerator.https-iphone-*.zip
+ios/build
+ios/metadata.json
 android/dist
 android/libs
 
 # These eight are symlinks
-iphone/LICENSE
-iphone/assets
-iphone/documentation
-iphone/example
+ios/LICENSE
+ios/assets
+ios/documentation
+ios/example
 android/LICENSE
 android/assets
 android/documentation
@@ -25,14 +24,13 @@ android/example
 example/build/
 example/modules/
 
-
-
 # User-specific Xcode settings.
-iphone/appcelerator.https.xcodeproj/xcuserdata
-iphone/appcelerator.https.xcodeproj/project.xcworkspace/xcuserdata
+ios/appcelerator.https.xcodeproj/xcuserdata/*
+ios/appcelerator.https.xcodeproj/project.xcworkspace/xcuserdata/*
 
 # Emacs backup files
 *~
 
-# OS X
+# macOS
 .DS_Store
+/android/java-sources.txt

Jenkinsfile

@@ -0,0 +1,8 @@
+@Library('pipeline-library') _
+
+buildModule {
+	// defaults:
+	//nodeVersion = '6.11.4' // Must have version set up on Jenkins master before it can be changed
+	//sdkVersion = '6.2.2.GA'
+	//androidAPILevel = '25' // if changed, must install on build nodes
+}

apidoc/Https.yml

@@ -1,7 +1,7 @@
 name: Modules.Https
 summary: Prevents a man-in-the-middle attack when used with the `Titanium.Network.HTTPClient` class.
 description: |
-    <p class="note">Note: This feature requires a Pro, Team, or Enterprise subscription.</p>
+    <p class="note">Note: This feature requires a Pro or Enterprise subscription.</p>
 
     Use the HTTPS module to create a Security Manager for `Titanium.Network.HTTPClient`
     that authenticates a set of HTTPS servers by pinning an HTTPS server's URL to its
@@ -65,12 +65,10 @@ description: |
 
     For example:
 
-        var securityManager = https.createX509CertificatePinningSecurityManager([
-            {
-                url: 'https://www.yourorg.com',
-                serverCertificate: 'yourorg.der'
-            }
-        ]);
+        var securityManager = https.createX509CertificatePinningSecurityManager([{
+            url: 'https://www.yourorg.com',
+            serverCertificate: 'yourorg.der'
+        }]);
 
     After the security manager is created, create an `HTTPClient` object and set the
     [securityManager](Titanium.Network.HTTPClient.securityManager) property to the security manager
@@ -93,6 +91,18 @@ description: |
 
         httpClient.open('GET', 'https://yourorg.com');
         httpClient.send();
+
+    ### Wildcard Support
+
+    Additionally to the above API, you can also pass wildcard-certificates to your
+    security-manager. Example:
+
+        var securityManager = https.createX509CertificatePinningSecurityManager([{
+            url: '*.example.com',
+            serverCertificate: 'example.der'
+        }]);
+
+    ### Error Responses
 
     If the authentication fails, a security exception is thrown. The HTTP client's `onerror`
     callback will be passed an error object with the `code` key set to `-1` and the `message` key
@@ -144,28 +154,23 @@ examples:
         `Resources` directory or `app/assets/` directory for Alloy projects.
 
             // Require in the module
-            var https = require('appcelerator.https'),
-                securityManager,
-                httpClient;
+            var https = require('appcelerator.https');
 
             // Use the module to create a Security Manager that authenticates the specified URLs
-            securityManager = https.createX509CertificatePinningSecurityManager([
-                {
-                    url: 'https://dashboard.appcelerator.com',
-                    serverCertificate: 'dashboard.appcelerator.com.der'
-                },
-                {
-                    url: 'https://www.wellsfargo.com',
-                    serverCertificate: 'wellsfargo.der'
-                }
-            ]);
+            var securityManager = https.createX509CertificatePinningSecurityManager([{
+                url: 'https://dashboard.appcelerator.com',
+                serverCertificate: 'dashboard.appcelerator.com.der'
+            }, {
+                url: 'https://www.wellsfargo.com',
+                serverCertificate: 'wellsfargo.der'
+            }]);
 
             // Create an HTTP client the same way you always have
             // but pass in the optional Security Manager that was created previously.
-            httpClient = Ti.Network.createHTTPClient({
+            var httpClient = Ti.Network.createHTTPClient({
                 onload: function(e) {
                     Ti.API.info('Received text: ' + this.responseText);
-                },
+                }, 
                 onerror: function(e) {
                     Ti.API.error(e.error);
                 },

build.py

@@ -62,9 +62,9 @@ def main(args):
 
     if cmd == 'build':
         packages = []
-        if os.path.exists('iphone'):
-            create_module('iphone', 'appc ti build -p ios')
-            packages.append('iphone')
+        if os.path.exists('ios'):
+            create_module('ios', 'appc ti build -p ios')
+            packages.append('ios')
 
         if os.path.exists('android'):
             create_module('android', 'appc ti build -p android')
@@ -74,8 +74,8 @@ def main(args):
         fork('.', packages_cmd, False)
 
     elif cmd == 'clean':
-        if os.path.exists('iphone'):
-            clean_build_module('iphone')
+        if os.path.exists('ios'):
+            clean_build_module('ios')
 
         if os.path.exists('android'):
             clean_ant_module('android')

documentation/changelog.md

@@ -1,5 +1,14 @@
 # Change Log
 <pre>
+
+v2.1.0 [MOD-2347] Expose "trustChainIndex" to select different certificates than the leaf
+
+v2.0.2 iOS: Fix module crash on Titanium SDK 6.x
+
+v2.0.1 [MOD-2293] iOS: Fix support for wildcard entries
+
+v2.0.0 Update Android module built against Titanium SDK 6, V8 5.1.281.59.
+
 v1.1.3 [TIMOB-19729] Rebuilding binary for Android 23 SDK. No changes to code.
 
 v1.1.2 [TIMOB-18129] Parity in handling Man In the Middle Attack

example/Resources/app.js

@@ -1,26 +1,23 @@
 /**
  * This is an example of how to use the appcelerator.https module.
- *
- * Author: Matt Langston
- * Created: 2014.04.29
  */
 
 var https = require('appcelerator.https');
 
 /*
  * Create a Security Manager for Titanium.Network.HTTPClient that
  * authenticates a currated set of HTTPS servers. It does this by
- * "pinning" an HTTPS server's DNS name to the public key contained in
+ * 'pinning' an HTTPS server's DNS name to the public key contained in
  * the X509 certificate it uses for TLS communication. The public key
  * is embedded in an app by adding this X509 certificate to the app's
  * Resources directory.
  *
- * With such a "pin" in place, the security manager will guarantee
+ * With such a 'pin' in place, the security manager will guarantee
  * that all HTTPClient connections to this HTTPS server are to a
  * server that holds the private key corresponding to the public key
  * embedded in the app, therefore authenticating the server.
  *
- * This is what prevents "Man-in-the-Middle" attack.
+ * This is what prevents 'Man-in-the-Middle' attack.
  *
  * This example pins two URLs.
  *
@@ -42,16 +39,16 @@ var https = require('appcelerator.https');
  * The X.509 certificate files can have any name and extension you
  * wish, but they must be in the standard DER binary format.
  */
-var securityManager = https.createX509CertificatePinningSecurityManager([
-	{
-		url: "https://www.americanexpress.com",
-		serverCertificate: "wellsfargo.cer"
-	},
-	{
-		url: "https://www.wellsfargo.com",
-		serverCertificate: "wellsfargo.cer"
-	}
-]);
+var securityManager = https.createX509CertificatePinningSecurityManager([{
+	url: 'https://www.americanexpress.com',
+	serverCertificate: 'wellsfargo.cer'
+},
+{
+	url: 'https://www.wellsfargo.com',
+  serverCertificate: 'wellsfargo.cer',
+	// Optional: Pass the trust-chain index to select a certificate different to the leaf
+	// trustChainIndex: 1
+}]);
 
 
 var win = Titanium.UI.createWindow({
@@ -111,7 +108,7 @@ win.open();
 /*
  * Create an HTTP client the same way you always have, but pass in an
  * (optional) Security Manager. In this example, we pass in the
- * "Certificate Pinning Security Manager " that I configured above.
+ * 'Certificate Pinning Security Manager ' that I configured above.
  */
 
 function getXHR(url) {
@@ -131,9 +128,9 @@ function getXHR(url) {
 	return xhr;
 }
 
-var wf = "https://www.wellsfargo.com";
-var amex = "https://www.americanexpress.com";
-var appc = "https://dashboard.appcelerator.com";
+var wf = 'https://www.wellsfargo.com';
+var amex = 'https://www.americanexpress.com';
+var appc = 'https://dashboard.appcelerator.com';
 
 button1.addEventListener('click',function(e){
 	var xhr = getXHR(wf);

iphone/appcelerator.https.xcodeproj/project.pbxproj → ios/appcelerator.https.xcodeproj/project.pbxproj

@@ -259,7 +259,7 @@
 		C9078CFC192E4E1400B7BDDE /* Project object */ = {
 			isa = PBXProject;
 			attributes = {
-				LastUpgradeCheck = 0830;
+				LastUpgradeCheck = 0910;
 				ORGANIZATIONNAME = Appcelerator;
 			};
 			buildConfigurationList = C9078CFF192E4E1400B7BDDE /* Build configuration list for PBXProject "appcelerator.https" */;
@@ -354,14 +354,20 @@
 				CLANG_CXX_LIBRARY = "libc++";
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
 				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
 				CLANG_WARN_CONSTANT_CONVERSION = YES;
 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
 				CLANG_WARN_EMPTY_BODY = YES;
 				CLANG_WARN_ENUM_CONVERSION = YES;
 				CLANG_WARN_INFINITE_RECURSION = YES;
 				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = NO;
 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
@@ -399,14 +405,20 @@
 				CLANG_CXX_LIBRARY = "libc++";
 				CLANG_ENABLE_MODULES = YES;
 				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
 				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
 				CLANG_WARN_CONSTANT_CONVERSION = YES;
 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
 				CLANG_WARN_EMPTY_BODY = YES;
 				CLANG_WARN_ENUM_CONVERSION = YES;
 				CLANG_WARN_INFINITE_RECURSION = YES;
 				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = NO;
 				CLANG_WARN_SUSPICIOUS_MOVE = YES;
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;

ios/metadata.json

@@ -0,0 +1 @@
+{"exports":[]}