static bool TryGetAuthenticationType(NSUrlProtectionSpace protectionSpace, out string authenticationType)
{
if (protectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodNTLM)
{
authenticationType = "NTLM";
}
else if (protectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodHTTPBasic)
{
authenticationType = "basic";
}
else if (protectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodNegotiate ||
protectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodHTMLForm ||
protectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodHTTPDigest)
{
// Want to reject this authentication type to allow the next authentication method in the request to
// be used.
authenticationType = RejectProtectionSpaceAuthType;
}
else
{
// ServerTrust, ClientCertificate or Default.
authenticationType = null;
return(false);
}
return(true);
}
static bool IsProtectionSpaceForProject(NSUrlProtectionSpace protectionSpace, ProxyInfo proxy)
{
return(protectionSpace != null &&
protectionSpace.IsProxy &&
protectionSpace.Port == proxy.Port &&
StringComparer.OrdinalIgnoreCase.Equals(protectionSpace.ProxyType, proxy.ProxyType.ToString()) &&
StringComparer.OrdinalIgnoreCase.Equals(protectionSpace.Host, proxy.HostName));
}
Uri UriFromNSUrlProtectionSpace(NSUrlProtectionSpace pSpace)
{
var builder = new UriBuilder(pSpace.Protocol, pSpace.Host);
builder.Port = (int)pSpace.Port;
Uri retval;
try {
retval = builder.Uri;
} catch (UriFormatException) {
retval = null;
}
return(retval);
}
public void HttpProxy_Proxy()
{
using (var ps = new NSUrlProtectionSpace("www.xamarin.com", 80, NSUrlProtectionSpace.HTTPProxy, "default", NSUrlProtectionSpace.AuthenticationMethodHTTPDigest, true)) {
Assert.That(ps.AuthenticationMethod, Is.EqualTo("NSURLAuthenticationMethodHTTPDigest"), "AuthenticationMethod");
Assert.Null(ps.DistinguishedNames, "DistinguishedNames");
Assert.That(ps.Host, Is.EqualTo("www.xamarin.com"), "Host");
Assert.True(ps.IsProxy, "IsProxy");
Assert.That(ps.Port, Is.EqualTo((nint)80), "Port");
Assert.That(ps.Protocol, Is.EqualTo("http"), "Protocol");
Assert.That(ps.ProxyType, Is.EqualTo("http"), "ProxyType");
Assert.Null(ps.Realm, "Realm");
Assert.True(ps.ReceivesCredentialSecurely, "ReceivesCredentialSecurely");
Assert.Null(ps.ServerSecTrust, "ServerSecTrust");
}
}
public void Https()
{
using (var ps = new NSUrlProtectionSpace("mail.google.com", 443, NSUrlProtectionSpace.HTTPS, null, NSUrlProtectionSpace.AuthenticationMethodHTTPBasic)) {
if (TestRuntime.CheckXcodeVersion(7, 0))
{
Assert.That(ps.AuthenticationMethod, Is.EqualTo("NSURLAuthenticationMethodHTTPBasic"), "AuthenticationMethod");
}
else
{
Assert.That(ps.AuthenticationMethod, Is.EqualTo("NSURLAuthenticationMethodDefault"), "AuthenticationMethod");
}
Assert.Null(ps.DistinguishedNames, "DistinguishedNames");
Assert.That(ps.Host, Is.EqualTo("mail.google.com"), "Host");
Assert.False(ps.IsProxy, "IsProxy");
Assert.That(ps.Port, Is.EqualTo((nint)443), "Port");
Assert.That(ps.Protocol, Is.EqualTo("https"), "Protocol");
Assert.Null(ps.ProxyType, "ProxyType");
Assert.Null(ps.Realm, "Realm");
Assert.True(ps.ReceivesCredentialSecurely, "ReceivesCredentialSecurely");
Assert.Null(ps.ServerSecTrust, "ServerSecTrust");
}
}
public override bool CanAuthenticateAgainstProtectionSpace(NSUrlConnection connection, NSUrlProtectionSpace protectionSpace)
{
return true;
}
public override void DidReceiveChallenge(NSUrlSession session, NSUrlSessionTask task, NSUrlAuthenticationChallenge challenge, Action <NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler)
{
if (challenge.ProtectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodNTLM)
{
if (_secureHttpClientHandler.Credentials != null)
{
NetworkCredential credentialsToUse;
var credentials = _secureHttpClientHandler.Credentials as NetworkCredential;
if (credentials != null)
{
credentialsToUse = credentials;
}
else
{
var uri = GetResponseForTask(task).Request.RequestUri;
credentialsToUse = _secureHttpClientHandler.Credentials.GetCredential(uri, "NTLM");
}
var credential = new NSUrlCredential(credentialsToUse.UserName, credentialsToUse.Password, NSUrlCredentialPersistence.ForSession);
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, credential);
return;
}
}
if (challenge.ProtectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodServerTrust)
{
challenge.ProtectionSpace.ServerSecTrust.SetAnchorCertificates(_trustedRoots);
var hostname = task.CurrentRequest.Url.Host;
if (_certificatePinner != null && _certificatePinner.HasPin(hostname))
{
var serverTrust = challenge.ProtectionSpace.ServerSecTrust;
var status = serverTrust.Evaluate();
if (status == SecTrustResult.Proceed || status == SecTrustResult.Unspecified)
{
var serverCertificate = serverTrust[0];
var x509Certificate = serverCertificate.ToX509Certificate2();
var match = _certificatePinner.Check(hostname, x509Certificate.RawData);
if (match)
{
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
}
else
{
var inflightRequest = GetResponseForTask(task);
inflightRequest.Error = new NSError(NSError.NSUrlErrorDomain, (nint)(long)NSUrlError.ServerCertificateUntrusted);
completionHandler(NSUrlSessionAuthChallengeDisposition.CancelAuthenticationChallenge, null);
}
return;
}
}
}
if (challenge.ProtectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodClientCertificate)
{
var certificate = _secureHttpClientHandler.ClientCertificate;
if (certificate == null)
{
var url = task.CurrentRequest.Url;
var space = new NSUrlProtectionSpace(url.Host, url.Port, url.Scheme, null, NSUrlProtectionSpace.AuthenticationMethodClientCertificate);
certificate = NSUrlCredentialStorage.SharedCredentialStorage.GetDefaultCredential(space);
}
if (certificate != null)
{
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, certificate);
return;
}
}
completionHandler(NSUrlSessionAuthChallengeDisposition.PerformDefaultHandling, challenge.ProposedCredential);
}
public override bool CanAuthenticateAgainstProtectionSpace(NSUrlConnection connection, NSUrlProtectionSpace protectionSpace)
{
return(true);
}
/// <summary>
/// Tells the connection it can authenticate
/// </summary>
public override bool CanAuthenticateAgainstProtectionSpace(NSUrlConnection connection, NSUrlProtectionSpace protectionSpace)
{
return protectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodServerTrus;
}
