def performServerAuthWithTrust_handler_(self, trust, completionHandler):
SecTrustSetAnchorCertificates(trust, [self.serverCert])
valid, error = SecTrustEvaluateWithError(trust, None)
if not valid:
logger.error(error)
completionHandler(
NSURLSessionAuthChallengeCancelAuthenticationChallenge, None)
return
credential = NSURLCredential.credentialForTrust_(trust)
completionHandler(NSURLSessionAuthChallengeUseCredential, credential)
def URLSession_task_didReceiveChallenge_completionHandler_(
self,
session, # type: NSURLSession
task, # type: NSURLSessionTask
challenge, # type: NSURLAuthenticationChallenge
completionHandler # type: (NSURLSessionAuthChallengeDisposition, NSURLCredential) -> Void
): # type: (...) -> None
logger.debug('URLSession_task_didReceiveChallenge_completionHandler_')
completionHandler.__block_signature__ = objc_method_signature('v@i@')
protectionSpace = challenge.protectionSpace()
host = protectionSpace.host()
realm = protectionSpace.realm()
authenticationMethod = protectionSpace.authenticationMethod()
logger.debug('NSURLProtectionSpace host: %s, realm: %s, method: %s',
host, realm, authenticationMethod)
if authenticationMethod == 'NSURLAuthenticationMethodServerTrust' and not self.verify:
logger.debug(
'Trusting invalid SSL certificate because verify=False')
trust = protectionSpace.serverTrust()
credential = NSURLCredential.credentialForTrust_(trust)
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling,
credential)
elif authenticationMethod in [
'NSURLAuthenticationMethodDefault',
'NSURLAuthenticationMethodHTTPBasic',
'NSURLAuthenticationMethodHTTPDigest'
]:
logger.debug('Attempting to authenticate')
if getattr(self, 'credential', None) is not None:
logger.debug('Using supplied NSURLCredential')
completionHandler(NSURLSessionAuthChallengeUseCredential,
self.credential)
else:
logger.debug(
'No NSURLCredential available, not authenticating.')
completionHandler(
NSURLSessionAuthChallengePerformDefaultHandling, None)
else:
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling,
None)
