For my unit tests I am using a custom URLProtocol subclass which creates and sends authentication challenge.
The code under test is a networking library which implements TLS certificate verification.
The problem I am having is preparing the challenge to be sent with "client?.urlProtocol(self, didReceive: challenge)"
More specifically, the code under test expects a callback (from a URLSession) which delivers an authentication challenge with protection space authentication method "NSURLAuthenticationMethodServerTrust" It would then obtain the trust from the protection space ("challenge.protectionSpace.serverTrust") and perform certificate verification on the certificates in the trust.
The problem is that "challenge.protectionSpace.serverTrust" is always nil.
In my URLProtocol subclass I create the protection space as follows:
let protectionSpace = URLProtectionSpace(host: host,
port: port,
protocol: proto,
realm: nil,
authenticationMethod: NSURLAuthenticationMethodServerTrust)
Although I can specify the authentication method to be "NSURLAuthenticationMethodServerTrust", at this point I cannot supply the certificates needed to create the trust object.
When I create an authentication challenge, I can supply a proposed credential (which can contain the needed trust)
let challenge = URLAuthenticationChallenge(protectionSpace: protectionSpace,
proposedCredential: credential,
previousFailureCount: 0,
failureResponse: nil,
error: nil,
sender: challengeSender)
But the problem is that the trust object supllied in the proposed credential does not (and is probably not supposed to) get propagated to the protection space.
My questions are the following:
- It it at all possible to create a proper authentication challenge to be sent via "client?.urlProtocol(self, didReceive: challenge)" method ?
- If it's officially not possible, I think, the documentation is not clear at all about it.