Skip to content

Instantly share code, notes, and snippets.

@0xced

0xced/ClientCertificate.m

Last active September 13, 2018 02:22
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 0xced/9e16bebf82b37571fb6b3a24044523a3 to your computer and use it in GitHub Desktop.
Save 0xced/9e16bebf82b37571fb6b3a24044523a3 to your computer and use it in GitHub Desktop.
Download ZIP
Test for NSURLAuthenticationMethodClientCertificate
Raw
ClientCertificate.m
#import <Foundation/Foundation.h>
@interface Delegate : NSObject <NSURLConnectionDelegate, NSURLSessionDataDelegate>
@end
@implementation Delegate
#pragma mark - NSURLConnectionDelegate
- (void) connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;
{
NSLog(@"connection:%@", connection);
NSLog(@"willSendRequestForAuthenticationChallenge:%@ %@", challenge, challenge.protectionSpace);
[challenge.sender performDefaultHandlingForAuthenticationChallenge:challenge];
}
- (void) connectionDidFinishLoading:(NSURLConnection *)connection
{
NSLog(@"connectionDidFinishLoading:%@", connection);
exit(0);
}
- (void) connection:(NSURLConnection *)connection didFailWithError:(NSError *)error
{
NSLog(@"connection:%@", connection);
NSLog(@"didFailWithError:%@", error);
exit(0);
}
#pragma mark - NSURLSessionTaskDelegate
- (void) URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * __nullable credential))completionHandler
{
NSLog(@"URLSession:%@", session);
NSLog(@"task:%@", task);
NSLog(@"didReceiveChallenge:%@ %@", challenge, challenge.protectionSpace);
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
}
@end
void AuthenticateWithNSURLSession(NSURLRequest *request, dispatch_block_t completionHandler)
{
[[[NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration] delegate:[Delegate new] delegateQueue:nil] dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
NSLog(@"%@", [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding] ?: error);
dispatch_async(dispatch_get_main_queue(), completionHandler);
}] resume];
}
void AuthenticateWithNSURLConnection(NSURLRequest *request)
{
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
(void)[[NSURLConnection alloc] initWithRequest:request delegate:[Delegate new] startImmediately:YES];
#pragma clang diagnostic pop
}
int main(int argc, const char * argv[])
{
NSURL *url = [NSURL URLWithString:@"https://auth.startssl.com"];
NSURLRequest *request = [NSURLRequest requestWithURL:url];
AuthenticateWithNSURLSession(request, ^{
AuthenticateWithNSURLConnection(request);
});
[[NSRunLoop mainRunLoop] run];
return 0;
}
@0xced
Copy link
Author

0xced commented Apr 13, 2016

I was expecting to get an authentication challenge with a NSURLAuthenticationMethodClientCertificate method but only got NSURLAuthenticationMethodServerTrust. Going to https://auth.startssl.com in Safari or Chrome asks for a client certificate.

Output as of OS X 10.11.4:

2016-04-14 00:18:13.230 ClientCertificate[94727:14935795] URLSession:<__NSURLSessionLocal: 0x10020e560>
2016-04-14 00:18:13.230 ClientCertificate[94727:14935795] task:<__NSCFLocalDataTask: 0x100107ad0>{ taskIdentifier: 1 } { running }
2016-04-14 00:18:13.231 ClientCertificate[94727:14935795] didReceiveChallenge:<NSURLAuthenticationChallenge: 0x1006167f0> <NSURLProtectionSpace: 0x100618040>: Host:auth.startssl.com, Server:https, Auth-Scheme:NSURLAuthenticationMethodServerTrust, Realm:(null), Port:443, Proxy:NO, Proxy-Type:(null)
2016-04-14 00:18:13.897 ClientCertificate[94727:14935793] URLSession:<__NSURLSessionLocal: 0x10020e560>
2016-04-14 00:18:13.897 ClientCertificate[94727:14935793] task:<__NSCFLocalDataTask: 0x100107ad0>{ taskIdentifier: 1 } { running }
2016-04-14 00:18:13.897 ClientCertificate[94727:14935793] didReceiveChallenge:<NSURLAuthenticationChallenge: 0x10061f1b0> <NSURLProtectionSpace: 0x10061f870>: Host:www.startssl.com, Server:https, Auth-Scheme:NSURLAuthenticationMethodServerTrust, Realm:(null), Port:443, Proxy:NO, Proxy-Type:(null)
2016-04-14 00:18:14.614 ClientCertificate[94727:14935796] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <title> no cert </title>
  <meta name="generator" content="editplus" />
  <meta name="author" content="" />
  <meta name="keywords" content="" />
  <meta name="description" content="" />
     <!--<meta http-equiv="refresh" content="0; url=/OTPLogin" />-->
     <script>
         var ua = navigator.userAgent.toLowerCase();
         var  isWindows = (ua.indexOf("windows")!= -1||ua.indexOf("win32")!= -1) // Windows
         if (isWindows) {
             window.location.href = '/ReissueNewCertificate';
         } else {
             window.location.href = '/OTPLogin';
         }

     </script>
 </head>

 <body>
     <!--Sorry, you don’t provide the correct login certificate.<br/>
     Please close your browser, and try again, choose your StartSSL™ certificate from the dialog.-->

 </body>
</html>
2016-04-14 00:18:14.978 ClientCertificate[94727:14935749] connection:<NSURLConnection: 0x103800330> { request: <NSURLRequest: 0x100600460> { URL: https://auth.startssl.com } }
2016-04-14 00:18:14.979 ClientCertificate[94727:14935749] willSendRequestForAuthenticationChallenge:<NSURLAuthenticationChallenge: 0x10021f590> <NSURLProtectionSpace: 0x10022a000>: Host:auth.startssl.com, Server:https, Auth-Scheme:NSURLAuthenticationMethodServerTrust, Realm:(null), Port:443, Proxy:NO, Proxy-Type:(null)
2016-04-14 00:18:15.554 ClientCertificate[94727:14935749] connection:<NSURLConnection: 0x103800330> { request: <NSURLRequest: 0x100600460> { URL: https://auth.startssl.com } }
2016-04-14 00:18:15.555 ClientCertificate[94727:14935749] willSendRequestForAuthenticationChallenge:<NSURLAuthenticationChallenge: 0x10061aa00> <NSURLProtectionSpace: 0x10064eb30>: Host:www.startssl.com, Server:https, Auth-Scheme:NSURLAuthenticationMethodServerTrust, Realm:(null), Port:443, Proxy:NO, Proxy-Type:(null)
2016-04-14 00:18:16.299 ClientCertificate[94727:14935749] connectionDidFinishLoading:<NSURLConnection: 0x103800330> { request: <NSURLRequest: 0x100600460> { URL: https://auth.startssl.com } }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment