Hi,
I’d like to perform client-side certificate authentication from https based connection in macOS.
I’m using the method didReceiveChallenge from URLSession. However, I cannot read the keychain directly since my process is running as Daemon, and my client certificate reside in login keychain.
Therefore, I send this authentication request to a user-based process which is running in the current user so it has access to the keychain. After I acquire the NSURLCredential object, I’d like to return it back to the Daemon, so it may run the completionHandler with that credential.
However, After I successfully create the NSURLCredential in the user process, and send it back using some reply callback. It looks like the object didn’t serialized properly and I get the following error :
Exception: decodeObjectForKey: Object of class "NSURLCredential" returned nil from -initWithCoder: while being decoded for key <no key>
Here’s my client side code ( I made sure that the server side create a valid NSURLCredential object).
and the problem occur after I send the XPC request, right when i’m about to get the callback response (reply)
- (void)URLSession:(NSURLSession *)session
didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge
completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler {
if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate) {
[myXpcService getCertIdentityWithAcceptedIssuers:challenge.protectionSpace.distinguishedNames
withReply:^(NSURLCredential *cred, NSError *error) {
if (error != nil) {
completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
} else {
completionHandler(NSURLSessionAuthChallengeUseCredential, cred);
}
}];
}
Perhaps anybody can tell me what did I do wrong here ? Does XPC is capable to pass complex objects like NSURLCredentials ?
thanks !