[Issue #1962] Refactoring security policy to use assertion macros to DRY up cleanup code

AFNetworking/AFSecurityPolicy.m

@@ -22,6 +22,8 @@
 
 #import "AFSecurityPolicy.h"
 
+#import <AssertMacros.h>
+
 #if !defined(__IPHONE_OS_VERSION_MIN_REQUIRED)
 static NSData * AFSecKeyGetData(SecKeyRef key) {
     CFDataRef data = NULL;
@@ -50,6 +52,8 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) {
 }
 
 static id AFPublicKeyForCertificate(NSData *certificate) {
+    id allowedPublicKey = nil;
+
     SecCertificateRef allowedCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificate);
     NSCParameterAssert(allowedCertificate);
 
@@ -57,51 +61,44 @@ static id AFPublicKeyForCertificate(NSData *certificate) {
     CFArrayRef tempCertificates = CFArrayCreate(NULL, (const void **)allowedCertificates, 1, NULL);
 
     SecPolicyRef policy = SecPolicyCreateBasicX509();
-    SecTrustRef allowedTrust = NULL;
-    OSStatus status = SecTrustCreateWithCertificates(tempCertificates, policy, &allowedTrust);
-    NSCAssert(status == errSecSuccess, @"SecTrustCreateWithCertificates error: %ld", (long int)status);
-    if (status != errSecSuccess) {
-        if (allowedTrust) {
-            CFRelease(allowedTrust);
-        }
-        CFRelease(policy);
-        CFRelease(tempCertificates);
-        CFRelease(allowedCertificate);
-        return nil;
-    }
+    SecTrustRef allowedTrust;
+    __Require_noErr(SecTrustCreateWithCertificates(tempCertificates, policy, &allowedTrust), _out);
 
-    SecTrustResultType result = 0;
+    SecTrustResultType result;
+    __Require_noErr(SecTrustEvaluate(allowedTrust, &result), _out);
 
-    status = SecTrustEvaluate(allowedTrust, &result);
-    NSCAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
-    if (status != errSecSuccess) {
+    allowedPublicKey = (__bridge_transfer id)SecTrustCopyPublicKey(allowedTrust);
+    NSCParameterAssert(allowedPublicKey);
+
+_out:
+    if (allowedTrust) {
         CFRelease(allowedTrust);
+    }
+
+    if (policy) {
         CFRelease(policy);
-        CFRelease(tempCertificates);
-        CFRelease(allowedCertificate);
-        return nil;
     }
 
-    SecKeyRef allowedPublicKey = SecTrustCopyPublicKey(allowedTrust);
-    NSCParameterAssert(allowedPublicKey);
+    if (tempCertificates) {
+        CFRelease(tempCertificates);
+    }
 
-    CFRelease(allowedTrust);
-    CFRelease(policy);
-    CFRelease(tempCertificates);
-    CFRelease(allowedCertificate);
+    if (allowedCertificate) {
+        CFRelease(allowedCertificate);
+    }
 
-    return (__bridge_transfer id)allowedPublicKey;
+    return allowedPublicKey;
 }
 
 static BOOL AFServerTrustIsValid(SecTrustRef serverTrust) {
-    SecTrustResultType result = 0;
+    BOOL isValid = NO;
+    SecTrustResultType result;
+    __Require_noErr(SecTrustEvaluate(serverTrust, &result), _out);
 
-    OSStatus status = SecTrustEvaluate(serverTrust, &result);
-    NSCAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
-    if (status != errSecSuccess) {
-        return NO;
-    }
-    return (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);
+    isValid = (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);
+
+_out:
+    return isValid;
 }
 
 static NSArray * AFCertificateTrustChainForServerTrust(SecTrustRef serverTrust) {
@@ -126,34 +123,24 @@ static NSArray * AFPublicKeyTrustChainForServerTrust(SecTrustRef serverTrust) {
         SecCertificateRef someCertificates[] = {certificate};
         CFArrayRef certificates = CFArrayCreate(NULL, (const void **)someCertificates, 1, NULL);
 
-        SecTrustRef trust = NULL;
+        SecTrustRef trust;
+        __Require_noErr(SecTrustCreateWithCertificates(certificates, policy, &trust), _out);
+        
+        SecTrustResultType result;
+        __Require_noErr(SecTrustEvaluate(trust, &result), _out);
 
-        OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust);
-        NSCAssert(status == errSecSuccess, @"SecTrustCreateWithCertificates error: %ld", (long int)status);
-        if (status != errSecSuccess) {
-            if (trust) {
-                CFRelease(trust);
-            }
-            CFRelease(certificates);
-            continue;
+        [trustChain addObject:(__bridge_transfer id)SecTrustCopyPublicKey(trust)];
+
+    _out:
+        if (trust) {
+            CFRelease(trust);
         }
 
-        
-        SecTrustResultType result;
-        status = SecTrustEvaluate(trust, &result);
-        NSCAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
-        if (status != errSecSuccess) {
-            if (trust) {
-                CFRelease(trust);
-            }
+        if (certificates) {
             CFRelease(certificates);
-            continue;
         }
 
-        [trustChain addObject:(__bridge_transfer id)SecTrustCopyPublicKey(trust)];
-
-        CFRelease(trust);
-        CFRelease(certificates);
+        continue;
     }
     CFRelease(policy);
 

Example/AFNetworking Mac Example.xcodeproj/project.pbxproj

@@ -227,7 +227,7 @@
 		F8129BF21591061B009BFE23 /* Project object */ = {
 			isa = PBXProject;
 			attributes = {
-				LastUpgradeCheck = 0460;
+				LastUpgradeCheck = 0510;
 			};
 			buildConfigurationList = F8129BF51591061B009BFE23 /* Build configuration list for PBXProject "AFNetworking Mac Example" */;
 			compatibilityVersion = "Xcode 3.2";
@@ -287,9 +287,10 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
-				ARCHS = "$(ARCHS_STANDARD_64_BIT)";
 				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
 				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
 				CLANG_WARN_ENUM_CONVERSION = YES;
 				CLANG_WARN_INT_CONVERSION = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
@@ -306,7 +307,9 @@
 				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
 				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
 				GCC_WARN_ABOUT_RETURN_TYPE = YES;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
 				GCC_WARN_UNINITIALIZED_AUTOS = YES;
+				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
 				MACOSX_DEPLOYMENT_TARGET = 10.9;
 				ONLY_ACTIVE_ARCH = YES;
@@ -318,9 +321,10 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
-				ARCHS = "$(ARCHS_STANDARD_64_BIT)";
 				CLANG_ENABLE_OBJC_ARC = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
 				CLANG_WARN_CONSTANT_CONVERSION = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
 				CLANG_WARN_ENUM_CONVERSION = YES;
 				CLANG_WARN_INT_CONVERSION = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
@@ -331,7 +335,9 @@
 				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
 				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
 				GCC_WARN_ABOUT_RETURN_TYPE = YES;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
 				GCC_WARN_UNINITIALIZED_AUTOS = YES;
+				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
 				MACOSX_DEPLOYMENT_TARGET = 10.9;
 				SDKROOT = macosx;

Example/Prefix.pch

@@ -15,6 +15,7 @@
   #ifdef __OBJC__
     #import <Cocoa/Cocoa.h>
     #import <SystemConfiguration/SystemConfiguration.h>
+    #import <AssertMacros.h>
     #import <CoreServices/CoreServices.h>
   #endif
 #endif

Tests/AFNetworking Tests.xcodeproj/project.pbxproj

@@ -360,7 +360,7 @@
 		2544EC2A173BE382004117E8 /* Project object */ = {
 			isa = PBXProject;
 			attributes = {
-				LastUpgradeCheck = 0460;
+				LastUpgradeCheck = 0510;
 				ORGANIZATIONNAME = AFNetworking;
 			};
 			buildConfigurationList = 2544EC2D173BE382004117E8 /* Build configuration list for PBXProject "AFNetworking Tests" */;
@@ -650,6 +650,7 @@
 				CLANG_WARN_BOOL_CONVERSION = YES;
 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				COMBINE_HIDPI_IMAGES = YES;
 				FRAMEWORK_SEARCH_PATHS = (
 					"$(SDKROOT)/Developer/Library/Frameworks",
 					"$(inherited)",
@@ -680,6 +681,7 @@
 				CLANG_WARN_BOOL_CONVERSION = YES;
 				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
 				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
+				COMBINE_HIDPI_IMAGES = YES;
 				ENABLE_NS_ASSERTIONS = NO;
 				FRAMEWORK_SEARCH_PATHS = (
 					"$(SDKROOT)/Developer/Library/Frameworks",

Tests/Tests/AFHTTPRequestOperationTests.m

@@ -443,7 +443,7 @@
     [operation setOutputStream:({
         id mockStream = [OCMockObject mockForClass:[NSOutputStream class]];
         [[[mockStream stub] andReturn:streamError] streamError];
-        [[[mockStream stub] andReturnValue:@NO] hasSpaceAvailable];
+        [[[mockStream stub] andReturnValue:@(NO)] hasSpaceAvailable];
 
         // "Note that currently partial mocks cannot be created for instances of toll-free bridged classes". Thus, we have to fully mock it
         [[mockStream stub] scheduleInRunLoop:OCMOCK_ANY forMode:OCMOCK_ANY];