How to authenticate an UIWebView with a client certificate?

Question

I have the following problem:

I have a UIWebView which is loading the website correctly but the server wants an authentication from the client (UIWebView) too. I've added the ssl certificate with the following code I got from another site:

shouldStartLoadWithRequest:

-(BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType (UIWebViewNavigationType)navigationType;
{
    if(![self authenticated])
    {
        [self setAuthenticated:NO];
        [self setUrlConnection:[[NSURLConnection alloc] initWithRequest:[self requestObj] delegate:self]];
        [[self urlConnection] start];
        return NO;
    }
    return YES;
}

didReceiveAuthenticationChallenge:

-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
    if ([challenge previousFailureCount] == 0)
    {
        [self setAuthenticated:YES];
        NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
        [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
    }
    else [[challenge sender] cancelAuthenticationChallenge:challenge];
}

didReceiveResponse:

-(void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
    [self setAuthenticated:YES];
    [[self webView] loadRequest:[self requestObj]];
    [[self urlConnection] cancel];
}

canAuthenticateAgainstProtectionSpace:

-(BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
    return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}

Now the server needed an authentication from the client (certificate) with a specific DN name. I found iOS Client Certificates and Mobile Device Management but the code didn't helped me and didn't solved my problem.

Is it possible to append an PKCS12 file to my UIWebView so if the server wants an authentication from the client the UIWebView show him this file?

I always get the error

2016-04-20 12:20:50.880 App [469:126255] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2016-04-20 12:20:51.454 App [469:126252] CFNetwork SSLHandshake failed (-9824 -> -9829)
2016-04-20 12:20:51.456 App [469:126252] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9829)

@BHASKAR No I've tested on my test device. Should I test it on the simulator? — Premox, Apr 20 '16 at 10:45

score 0 · Accepted Answer · edited Feb 23 '18 at 11:43

0

Use this piece of code

-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {

if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
    NSURL* baseURL = [NSURL URLWithString:SERVER_IP];
    if ([challenge.protectionSpace.host isEqualToString:baseURL.host])
    {
        NSLog(@"trusting connection to host %@", challenge.protectionSpace.host);
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    }
    else
    {
        NSLog(@"Not trusting connection to host %@", challenge.protectionSpace.host);
    }
}

    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

And add this class in upper of your current class

@interface NSURLRequest(AllowAllCerts)

@end


@implementation NSURLRequest(AllowAllCerts)

+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{

return YES;

}
@end

edited Feb 23 '18 at 11:43

Community

1
1

answered Apr 20 '16 at 11:00

BHASKAR

1,201
1
9
20

I added your first method in my `ViewController` but I doesn't have any `UpperClass` of it. I only have the `AppDelegate` class and another one but none of them are the UpperClass. Should I create some `UpperClass` for my `ViewController`? – Premox Apr 20 '16 at 11:12
not upper class. add this before your implementtation. – BHASKAR Apr 20 '16 at 11:29
Always get the same errors and after adding your code I get the output 2016-04-20 14:04:18.690 App[553:149129] trusting connection to host www.example.de – Premox Apr 20 '16 at 12:06
Solved it. I've modified the method from the linked URL in my post =). Thx for support, helped me to understand the logic – Premox Apr 21 '16 at 10:48
And how do you modify the method, @Premox? I don't see edit in the question? – new2ios Aug 08 '16 at 09:19
@new2ios This code here is very old. My project is growing up. I have implemented an Server-Client-Authentication with the methods NSURLAuthenticationMethodClientCertificate and NSURLAuthenticationMethodServerTrust. – Premox Aug 09 '16 at 16:50
10x for replay, @Premox – new2ios Aug 10 '16 at 06:59
`(BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host` : I've read that this approach will get the app rejected from the AppStore – Padawan Jan 05 '17 at 06:53

How to authenticate an UIWebView with a client certificate?

1 Answers1