Objc client ssl verification

modules/swagger-codegen/src/main/resources/objc/ApiClient-body.mustache

@@ -28,6 +28,7 @@ static void (^reachabilityChangeBlock)(int);
     if (self) {
         self.requestSerializer = [AFJSONRequestSerializer serializer];
         self.responseSerializer = [AFJSONResponseSerializer serializer];
+        self.securityPolicy = [self customSecurityPolicy];
         // configure reachability
         [self configureCacheReachibility];
     }
@@ -278,7 +279,7 @@ static void (^reachabilityChangeBlock)(int);
 
     // pure object
     if ([class isEqualToString:@"NSObject"]) {
-        return [[NSObject alloc] init];
+        return data;
     }
 
     // list of models
@@ -407,7 +408,7 @@ static void (^reachabilityChangeBlock)(int);
 
                                                                        if([[{{classPrefix}}Configuration sharedConfig] debug])
                                                                            [self logResponse:nil forRequest:request error:augmentedError];
-                                                                       
+
                                                                        NSDictionary *responseHeaders = [[operation response] allHeaderFields];
                                                                        self.HTTPResponseHeaders = responseHeaders;
 
@@ -740,5 +741,26 @@ static void (^reachabilityChangeBlock)(int);
         @throw e;
     }
 }
-  
+
+- (AFSecurityPolicy *) customSecurityPolicy {
+    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
+
+    {{classPrefix}}Configuration *config = [{{classPrefix}}Configuration sharedConfig];
+
+    if (config.sslCaCert) {
+        NSData *certData = [NSData dataWithContentsOfFile:config.sslCaCert];
+        [securityPolicy setPinnedCertificates:@[certData]];
+    }
+
+    if (config.verifySSL) {
+        [securityPolicy setAllowInvalidCertificates:NO];
+    }
+    else {
+        [securityPolicy setAllowInvalidCertificates:YES];
+        [securityPolicy setValidatesDomainName:NO];
+    }
+
+    return securityPolicy;
+}
+
 @end

modules/swagger-codegen/src/main/resources/objc/ApiClient-header.mustache

@@ -203,4 +203,11 @@ extern NSString *const {{classPrefix}}ResponseObjectErrorKey;
  */
 - (id) sanitizeForSerialization:(id) object;
 
+/**
+ * Custom security policy
+ *
+ * @return AFSecurityPolicy
+ */
+- (AFSecurityPolicy *) customSecurityPolicy;
+
 @end

modules/swagger-codegen/src/main/resources/objc/Configuration-body.mustache

@@ -31,6 +31,7 @@
         self.password = @"";
         self.tempFolderPath = nil;
         self.debug = NO;
+        self.verifySSL = YES;
         self.loggingFile = nil;
         self.mutableApiKey = [NSMutableDictionary dictionary];
         self.mutableApiKeyPrefix = [NSMutableDictionary dictionary];

modules/swagger-codegen/src/main/resources/objc/Configuration-header.mustache

@@ -1,6 +1,6 @@
 #import <Foundation/Foundation.h>
 #import "{{classPrefix}}ApiClient.h"
-  
+
 /** The `{{classPrefix}}Configuration` class manages the configurations for the sdk.
  *
  * NOTE: This class is auto generated by the swagger code generator program.
@@ -9,14 +9,14 @@
  */
 
 @class {{classPrefix}}ApiClient;
-  
+
 @interface {{classPrefix}}Configuration : NSObject
 
 /**
  * Default api client
  */
 @property (nonatomic) {{classPrefix}}ApiClient *apiClient;
-  
+
 /**
  * Default base url
  */
@@ -75,6 +75,18 @@
  */
 + (instancetype) sharedConfig;
 
+/**
+ * SSL/TLS verification
+ * Set this to NO to skip verifying SSL certificate when calling API from https server
+ */
+@property (nonatomic) BOOL verifySSL;
+
+/**
+ * SSL/TLS verification
+ * Set this to customize the certificate file to verify the peer
+ */
+@property (nonatomic) NSString *sslCaCert;
+
 /**
  * Sets API key
  *