Merge pull request #2 from github/dont-cancel-authentication-requests

Don’t cancel authentication requests
2014-10-06 18:25:14 -04:00 · 2014-10-06 18:25:14 -04:00 · d7bcfb85e8
--- a/AFNetworking/AFURLConnectionOperation.m
+++ b/AFNetworking/AFURLConnectionOperation.m
@ -578,25 +578,25 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
        self.authenticationChallenge(connection, challenge);
        return;
    }
-    
+
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
-        
+
        SecPolicyRef policy = SecPolicyCreateBasicX509();
        CFIndex certificateCount = SecTrustGetCertificateCount(serverTrust);
        NSMutableArray *trustChain = [NSMutableArray arrayWithCapacity:certificateCount];
-        
+
        for (CFIndex i = 0; i < certificateCount; i++) {
            SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, i);
-            
+
            if (self.SSLPinningMode == AFSSLPinningModeCertificate) {
                [trustChain addObject:(__bridge_transfer NSData *)SecCertificateCopyData(certificate)];
            } else if (self.SSLPinningMode == AFSSLPinningModePublicKey) {
                SecCertificateRef someCertificates[] = {certificate};
                CFArrayRef certificates = CFArrayCreate(NULL, (const void **)someCertificates, 1, NULL);
-                
+
                SecTrustRef trust = NULL;
-                
+
                OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust);
                NSAssert(status == errSecSuccess, @"SecTrustCreateWithCertificates error: %ld", (long int)status);
                if (status == errSecSuccess && trust) {
@ -609,17 +609,17 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe

                    CFRelease(trust);
                }
-              
+
                CFRelease(certificates);
            }
        }
-        
+
        CFRelease(policy);
-        
+
        switch (self.SSLPinningMode) {
            case AFSSLPinningModePublicKey: {
                NSArray *pinnedPublicKeys = [self.class pinnedPublicKeys];
-                
+
                for (id publicKey in trustChain) {
                    for (id pinnedPublicKey in pinnedPublicKeys) {
                        if (AFSecKeyIsEqualToKey((__bridge SecKeyRef)publicKey, (__bridge SecKeyRef)pinnedPublicKey)) {
@ -629,7 +629,7 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
                        }
                    }
                }
-                
+
                [[challenge sender] cancelAuthenticationChallenge:challenge];
                break;
            }
@ -641,39 +641,33 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
                        return;
                    }
                }
-                
+
                [[challenge sender] cancelAuthenticationChallenge:challenge];
                break;
            }
            case AFSSLPinningModeNone: {
-                if (self.allowsInvalidSSLCertificate){
+                SecTrustResultType result = 0;
+                OSStatus status = SecTrustEvaluate(serverTrust, &result);
+
+                if (self.allowsInvalidSSLCertificate || (status == errSecSuccess && (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed))) {
                    NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
                    [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
-                } else {
-                    SecTrustResultType result = 0;
-                    OSStatus status = SecTrustEvaluate(serverTrust, &result);
-                    NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
-                    
-                    if (status == errSecSuccess && (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed)) {
-                        NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
-                        [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
-                    } else {
-                        [[challenge sender] cancelAuthenticationChallenge:challenge];
-                    }
+                    return;
                }
+
+                if ([[challenge sender] respondsToSelector:@selector(performDefaultHandlingForAuthenticationChallenge:)]) {
+                    [[challenge sender] performDefaultHandlingForAuthenticationChallenge:challenge];
+                } else {
+                    [[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge];
+                }
+
                break;
            }
        }
+    } else if ([challenge previousFailureCount] == 0 && self.credential != nil) {
+        [[challenge sender] useCredential:self.credential forAuthenticationChallenge:challenge];
    } else {
-        if ([challenge previousFailureCount] == 0) {
-            if (self.credential) {
-                [[challenge sender] useCredential:self.credential forAuthenticationChallenge:challenge];
-            } else {
-                [[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge];
-            }
-        } else {
-            [[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge];
-        }
+        [[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge];
    }
 }