def credential(jss_prefs_dict): credential = NSURLCredential.credentialWithUser_password_persistence_( jss_prefs_dict['jss_user'], jss_prefs_dict['jss_password'], NSURLCredentialPersistenceNone # we don't expect ephemeral requests to save keychain items. ) return credential
def handleChallenge_withCompletionHandler_(self, challenge, completionHandler): '''Handle an authentication challenge''' protectionSpace = challenge.protectionSpace() host = protectionSpace.host() realm = protectionSpace.realm() authenticationMethod = protectionSpace.authenticationMethod() self.log( 'Authentication challenge for Host: %s Realm: %s AuthMethod: %s' % (host, realm, authenticationMethod)) if challenge.previousFailureCount() > 0: # we have the wrong credentials. just fail self.log('Previous authentication attempt failed.') if completionHandler: completionHandler( NSURLSessionAuthChallengeCancelAuthenticationChallenge, None) else: challenge.sender().cancelAuthenticationChallenge_(challenge) if self.username and self.password and authenticationMethod in [ 'NSURLAuthenticationMethodDefault', 'NSURLAuthenticationMethodHTTPBasic', 'NSURLAuthenticationMethodHTTPDigest' ]: self.log('Will attempt to authenticate.') self.log('Username: %s Password: %s' % (self.username, ('*' * len(self.password or '')))) credential = ( NSURLCredential.credentialWithUser_password_persistence_( self.username, self.password, NSURLCredentialPersistenceNone)) if completionHandler: completionHandler(NSURLSessionAuthChallengeUseCredential, credential) else: challenge.sender().useCredential_forAuthenticationChallenge_( credential, challenge) else: # fall back to system-provided default behavior self.log('Allowing OS to handle authentication request') if completionHandler: completionHandler( NSURLSessionAuthChallengePerformDefaultHandling, None) else: if (challenge.sender().respondsToSelector_( 'performDefaultHandlingForAuthenticationChallenge:')): self.log('Allowing OS to handle authentication request') challenge.sender( ).performDefaultHandlingForAuthenticationChallenge_( challenge) else: # Mac OS X 10.6 doesn't support # performDefaultHandlingForAuthenticationChallenge: self.log('Continuing without credential.') challenge.sender( ).continueWithoutCredentialForAuthenticationChallenge_( challenge)
def handleChallenge_withCompletionHandler_( self, challenge, completionHandler): '''Handle an authentication challenge''' protectionSpace = challenge.protectionSpace() host = protectionSpace.host() realm = protectionSpace.realm() authenticationMethod = protectionSpace.authenticationMethod() self.log( 'Authentication challenge for Host: %s Realm: %s AuthMethod: %s' % (host, realm, authenticationMethod)) if challenge.previousFailureCount() > 0: # we have the wrong credentials. just fail self.log('Previous authentication attempt failed.') if completionHandler: completionHandler( NSURLSessionAuthChallengeCancelAuthenticationChallenge, None) else: challenge.sender().cancelAuthenticationChallenge_(challenge) if self.username and self.password and authenticationMethod in [ 'NSURLAuthenticationMethodDefault', 'NSURLAuthenticationMethodHTTPBasic', 'NSURLAuthenticationMethodHTTPDigest']: self.log('Will attempt to authenticate.') self.log('Username: %s Password: %s' % (self.username, ('*' * len(self.password or '')))) credential = ( NSURLCredential.credentialWithUser_password_persistence_( self.username, self.password, NSURLCredentialPersistenceNone)) if completionHandler: completionHandler( NSURLSessionAuthChallengeUseCredential, credential) else: challenge.sender().useCredential_forAuthenticationChallenge_( credential, challenge) else: # fall back to system-provided default behavior self.log('Allowing OS to handle authentication request') if completionHandler: completionHandler( NSURLSessionAuthChallengePerformDefaultHandling, None) else: if (challenge.sender().respondsToSelector_( 'performDefaultHandlingForAuthenticationChallenge:')): self.log('Allowing OS to handle authentication request') challenge.sender( ).performDefaultHandlingForAuthenticationChallenge_( challenge) else: # Mac OS X 10.6 doesn't support # performDefaultHandlingForAuthenticationChallenge: self.log('Continuing without credential.') challenge.sender( ).continueWithoutCredentialForAuthenticationChallenge_( challenge)
def webView_resource_didReceiveAuthenticationChallenge_fromDataSource_(self, sender, identifier, challenge, dataSource): self._authRequestCount += 1 if self._authRequestCount > 2: BlinkLogger().log_debug(u"Could not load Blink Server Tools page: authentication failure") self.errorText.setHidden_(False) self.errorText.setStringValue_("Could not load Blink Server Tools page: authentication failure") self.spinWheel.stopAnimation_(None) self.spinWheel2.stopAnimation_(None) self.loadingText.setHidden_(True) else: credential = NSURLCredential.credentialWithUser_password_persistence_(self._account.id.username, self._account.server.web_password or self._account.auth.password, NSURLCredentialPersistenceForSession) challenge.sender().useCredential_forAuthenticationChallenge_(credential, challenge)
def __call__(self, r): # type: (PreparedRequest) -> PreparedRequest """Instead of modifying the request object, we construct an instance of NSURLCredential to attach to ourselves. When the delegate detects that attribute is present, it uses it whenever a challenge comes in.""" credential = NSURLCredential.credentialWithUser_password_persistence_( self.username, self.password, NSURLCredentialPersistenceNone # we don't expect ephemeral requests to save keychain items. ) self.credential = credential return r
def performServerAuthWithTrust_handler_(self, trust, completionHandler): SecTrustSetAnchorCertificates(trust, [self.serverCert]) valid, error = SecTrustEvaluateWithError(trust, None) if not valid: logger.error(error) completionHandler( NSURLSessionAuthChallengeCancelAuthenticationChallenge, None) return credential = NSURLCredential.credentialForTrust_(trust) completionHandler(NSURLSessionAuthChallengeUseCredential, credential)
def _build_NSURLCredential(auth): """ Convert an instance of requests.auth.* into an instance of NSURLCredential. Args: auth: requests.auth.HTTPBasicAuth|requests.auth.HTTPDigestAuth Returns: NSURLCredential instance """ credential = NSURLCredential.credentialWithUser_password_persistence_( auth.username, auth.password, NSURLCredentialPersistenceNone # we don't expect ephemeral requests to save keychain items. ) return credential
def URLSession_task_didReceiveChallenge_completionHandler_( self, session, # type: NSURLSession task, # type: NSURLSessionTask challenge, # type: NSURLAuthenticationChallenge completionHandler # type: (NSURLSessionAuthChallengeDisposition, NSURLCredential) -> Void ): # type: (...) -> None logger.debug('URLSession_task_didReceiveChallenge_completionHandler_') completionHandler.__block_signature__ = objc_method_signature('v@i@') protectionSpace = challenge.protectionSpace() host = protectionSpace.host() realm = protectionSpace.realm() authenticationMethod = protectionSpace.authenticationMethod() logger.debug('NSURLProtectionSpace host: %s, realm: %s, method: %s', host, realm, authenticationMethod) if authenticationMethod == 'NSURLAuthenticationMethodServerTrust' and not self.verify: logger.debug( 'Trusting invalid SSL certificate because verify=False') trust = protectionSpace.serverTrust() credential = NSURLCredential.credentialForTrust_(trust) completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, credential) elif authenticationMethod in [ 'NSURLAuthenticationMethodDefault', 'NSURLAuthenticationMethodHTTPBasic', 'NSURLAuthenticationMethodHTTPDigest' ]: logger.debug('Attempting to authenticate') if getattr(self, 'credential', None) is not None: logger.debug('Using supplied NSURLCredential') completionHandler(NSURLSessionAuthChallengeUseCredential, self.credential) else: logger.debug( 'No NSURLCredential available, not authenticating.') completionHandler( NSURLSessionAuthChallengePerformDefaultHandling, None) else: completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, None)
def webView_resource_didReceiveAuthenticationChallenge_fromDataSource_( self, sender, identifier, challenge, dataSource): self._authRequestCount += 1 if self._authRequestCount > 2: BlinkLogger().log_debug( "Could not load Server Tools page: authentication failure") self.errorText.setHidden_(False) e = NSLocalizedString("Authentication failure", "Label") self.errorText.setStringValue_( NSLocalizedString("Could not load page: %s", "Label") % e) self.spinWheel.stopAnimation_(None) self.spinWheel2.stopAnimation_(None) self.loadingText.setHidden_(True) else: credential = NSURLCredential.credentialWithUser_password_persistence_( self._account.id.username, self._account.server.web_password or self._account.auth.password, NSURLCredentialPersistenceForSession) challenge.sender().useCredential_forAuthenticationChallenge_( credential, challenge)
def connection_didReceiveAuthenticationChallenge_( self, connection, challenge): '''NSURLConnection delegate method Sent when a connection must authenticate a challenge in order to download its request. Deprecated in 10.10''' # we don't actually use the connection argument, so # pylint: disable=W0613 self.log('connection_didReceiveAuthenticationChallenge_') protectionSpace = challenge.protectionSpace() host = protectionSpace.host() realm = protectionSpace.realm() authenticationMethod = protectionSpace.authenticationMethod() self.log( 'Authentication challenge for Host: %s Realm: %s AuthMethod: %s' % (host, realm, authenticationMethod)) if challenge.previousFailureCount() > 0: # we have the wrong credentials. just fail self.log('Previous authentication attempt failed.') challenge.sender().cancelAuthenticationChallenge_(challenge) if self.username and self.password and authenticationMethod in [ 'NSURLAuthenticationMethodDefault', 'NSURLAuthenticationMethodHTTPBasic', 'NSURLAuthenticationMethodHTTPDigest']: self.log('Will attempt to authenticate.') self.log('Username: %s Password: %s' % (self.username, ('*' * len(self.password or '')))) credential = ( NSURLCredential.credentialWithUser_password_persistence_( self.username, self.password, NSURLCredentialPersistenceNone)) challenge.sender().useCredential_forAuthenticationChallenge_( credential, challenge) else: # fall back to system-provided default behavior self.log('Continuing without credential.') challenge.sender( ).continueWithoutCredentialForAuthenticationChallenge_( challenge)
def connection_willSendRequestForAuthenticationChallenge_( self, connection, challenge): '''NSURLConnection delegate method Tells the delegate that the connection will send a request for an authentication challenge. New in 10.7.''' # we don't actually use the connection argument, so # pylint: disable=W0613 self.log('connection_willSendRequestForAuthenticationChallenge_') protectionSpace = challenge.protectionSpace() host = protectionSpace.host() realm = protectionSpace.realm() authenticationMethod = protectionSpace.authenticationMethod() self.log( 'Authentication challenge for Host: %s Realm: %s AuthMethod: %s' % (host, realm, authenticationMethod)) if challenge.previousFailureCount() > 0: # we have the wrong credentials. just fail self.log('Previous authentication attempt failed.') challenge.sender().cancelAuthenticationChallenge_(challenge) if self.username and self.password and authenticationMethod in [ 'NSURLAuthenticationMethodDefault', 'NSURLAuthenticationMethodHTTPBasic', 'NSURLAuthenticationMethodHTTPDigest']: self.log('Will attempt to authenticate.') self.log('Username: %s Password: %s' % (self.username, ('*' * len(self.password or '')))) credential = ( NSURLCredential.credentialWithUser_password_persistence_( self.username, self.password, NSURLCredentialPersistenceNone)) challenge.sender().useCredential_forAuthenticationChallenge_( credential, challenge) else: # fall back to system-provided default behavior self.log('Allowing OS to handle authentication request') challenge.sender( ).performDefaultHandlingForAuthenticationChallenge_( challenge)
def connection_didReceiveAuthenticationChallenge_( self, connection, challenge): '''NSURLConnection delegate method Sent when a connection must authenticate a challenge in order to download its request. Deprecated in 10.10''' # we don't actually use the connection argument, so # pylint: disable=W0613 self.log('connection_didReceiveAuthenticationChallenge_') protectionSpace = challenge.protectionSpace() host = protectionSpace.host() realm = protectionSpace.realm() authenticationMethod = protectionSpace.authenticationMethod() self.log( 'Authentication challenge for Host: %s Realm: %s AuthMethod: %s' % (host, realm, authenticationMethod)) if challenge.previousFailureCount() > 0: # we have the wrong credentials. just fail self.log('Previous authentication attempt failed.') challenge.sender().cancelAuthenticationChallenge_(challenge) if self.username and self.password and authenticationMethod in [ 'NSURLAuthenticationMethodDefault', 'NSURLAuthenticationMethodHTTPBasic', 'NSURLAuthenticationMethodHTTPDigest']: self.log('Will attempt to authenticate.') self.log('Username: %s Password: %s' % (self.username, ('*' * len(self.password or '')))) credential = ( NSURLCredential.credentialWithUser_password_persistence_( self.username, self.password, NSURLCredentialPersistenceNone)) challenge.sender().useCredential_forAuthenticationChallenge_( credential, challenge) else: # fall back to system-provided default behavior self.log('Continuing without credential.') challenge.sender( ).continueWithoutCredentialForAuthenticationChallenge_( challenge)
def connection_willSendRequestForAuthenticationChallenge_( self, connection, challenge): '''NSURLConnection delegate method Tells the delegate that the connection will send a request for an authentication challenge. New in 10.7.''' # we don't actually use the connection argument, so # pylint: disable=W0613 self.log('connection_willSendRequestForAuthenticationChallenge_') protectionSpace = challenge.protectionSpace() host = protectionSpace.host() realm = protectionSpace.realm() authenticationMethod = protectionSpace.authenticationMethod() self.log( 'Authentication challenge for Host: %s Realm: %s AuthMethod: %s' % (host, realm, authenticationMethod)) if challenge.previousFailureCount() > 0: # we have the wrong credentials. just fail self.log('Previous authentication attempt failed.') challenge.sender().cancelAuthenticationChallenge_(challenge) if self.username and self.password and authenticationMethod in [ 'NSURLAuthenticationMethodDefault', 'NSURLAuthenticationMethodHTTPBasic', 'NSURLAuthenticationMethodHTTPDigest']: self.log('Will attempt to authenticate.') self.log('Username: %s Password: %s' % (self.username, ('*' * len(self.password or '')))) credential = ( NSURLCredential.credentialWithUser_password_persistence_( self.username, self.password, NSURLCredentialPersistenceNone)) challenge.sender().useCredential_forAuthenticationChallenge_( credential, challenge) else: # fall back to system-provided default behavior self.log('Allowing OS to handle authentication request') challenge.sender( ).performDefaultHandlingForAuthenticationChallenge_( challenge)
def handleChallenge_withCompletionHandler_(self, challenge, completionHandler): '''Handle an authentication challenge''' protectionSpace = challenge.protectionSpace() host = protectionSpace.host() realm = protectionSpace.realm() authenticationMethod = protectionSpace.authenticationMethod() self.log( 'Authentication challenge for Host: %s Realm: %s AuthMethod: %s' % (host, realm, authenticationMethod)) if challenge.previousFailureCount() > 0: # we have the wrong credentials. just fail self.log('Previous authentication attempt failed.') if completionHandler: completionHandler( NSURLSessionAuthChallengeCancelAuthenticationChallenge, None) else: challenge.sender().cancelAuthenticationChallenge_(challenge) if self.username and self.password and authenticationMethod in [ 'NSURLAuthenticationMethodDefault', 'NSURLAuthenticationMethodHTTPBasic', 'NSURLAuthenticationMethodHTTPDigest' ]: self.log('Will attempt to authenticate.') self.log('Username: %s Password: %s' % (self.username, ('*' * len(self.password or '')))) credential = ( NSURLCredential.credentialWithUser_password_persistence_( self.username, self.password, NSURLCredentialPersistenceNone)) if completionHandler: completionHandler(NSURLSessionAuthChallengeUseCredential, credential) else: challenge.sender().useCredential_forAuthenticationChallenge_( credential, challenge) elif authenticationMethod == 'NSURLAuthenticationMethodClientCertificate': self.log('Client certificate required') # get issuers info from the response expected_issuer_dicts = [] for dn in protectionSpace.distinguishedNames(): raw = dn.bytes().tobytes() name = Name.load(raw) expected_issuer_dicts.append(dict(name.native)) self.log('Accepted certificate-issuing authority: %s' % name.human_friendly) if not expected_issuer_dicts: self.log("The server didn't sent the list of " "acceptable certificate-issuing authorities") if completionHandler: completionHandler( NSURLSessionAuthChallengeCancelAuthenticationChallenge, None) else: challenge.sender().cancelAuthenticationChallenge_( challenge) # search for a matching identity status, identity_refs = SecItemCopyMatching( { kSecClass: kSecClassIdentity, kSecReturnRef: kCFBooleanTrue, kSecMatchLimit: kSecMatchLimitAll }, None) if status != errSecSuccess: self.log('Could not list keychain certificates') if completionHandler: completionHandler( NSURLSessionAuthChallengeCancelAuthenticationChallenge, None) else: challenge.sender().cancelAuthenticationChallenge_( challenge) for identity_ref in identity_refs: status, cert_ref = SecIdentityCopyCertificate( identity_ref, None) if status != errSecSuccess: continue cert_data = SecCertificateCopyData(cert_ref) cert = Certificate.load(cert_data.bytes().tobytes()) issuer_dict = dict(cert.native["tbs_certificate"]["issuer"]) if issuer_dict in expected_issuer_dicts: self.log("Found matching identity") break else: self.log('Could not find matching identity') if completionHandler: completionHandler( NSURLSessionAuthChallengeCancelAuthenticationChallenge, None) else: challenge.sender().cancelAuthenticationChallenge_( challenge) self.log("Will attempt to authenticate") credential = NSURLCredential.alloc( ).initWithIdentity_certificates_persistence_( identity_ref, None, NSURLCredentialPersistenceForSession) if completionHandler: completionHandler(NSURLSessionAuthChallengeUseCredential, credential) else: challenge.sender().useCredential_forAuthenticationChallenge_( credential, challenge) else: # fall back to system-provided default behavior self.log('Allowing OS to handle authentication request') if completionHandler: completionHandler( NSURLSessionAuthChallengePerformDefaultHandling, None) else: if (challenge.sender().respondsToSelector_( 'performDefaultHandlingForAuthenticationChallenge:')): self.log('Allowing OS to handle authentication request') challenge.sender( ).performDefaultHandlingForAuthenticationChallenge_( challenge) else: # Mac OS X 10.6 doesn't support # performDefaultHandlingForAuthenticationChallenge: self.log('Continuing without credential.') challenge.sender( ).continueWithoutCredentialForAuthenticationChallenge_( challenge)