qui*_*eam 5 ssl ios afnetworking-3
我正在尝试从 AFNetworking 2.0 迁移到 3.0。
在以前的版本中,我将创建一个 AFHTTPRequestOperation 并在另一个块中使用 setWillSendRequestForAuthenticationChallengeBlock 处理客户端 SSL 身份验证。
例如:
[operation setWillSendRequestForAuthenticationChallengeBlock:^(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge) {
if ([challenge previousFailureCount] > 0) {
//this will cause an authentication failure
[[challenge sender] cancelAuthenticationChallenge:challenge];
return;
}
//this is checking the server certificate
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
SecTrustResultType result;
//This takes the serverTrust object and checkes it against your keychain
SecTrustEvaluate(challenge.protectionSpace.serverTrust, &result);
有人可以向我展示如何使用 AFHTTPSessionManager 执行此操作的示例吗?
我是否需要使用 AFURLSessionManager 发出请求?我确实在那里看到了一个块方法:
(void)setSessionDidReceiveAuthenticationChallengeBlock:(nullable NSURLSessionAuthChallengeDisposition (^)(NSURLSession *session, NSURLAuthenticationChallenge *challenge, NSURLCredential * _Nullable __autoreleasing * _Nullable credential))block
我正在解决同样的问题,目前我在 AFNetworking 上发现的这个问题有一些帮助。
基本上将块设置- (void)setTaskDidReceiveAuthenticationChallengeBlock:([long block variable type here])block;在你的AFURLSessionManager
证书以 p12 格式保存。您需要更改这两行中的证书文件名和密码:
NSData *p12Data = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"cert" ofType:@"p12"]];
CFStringRef 密码 = CFSTR("YOURPASSPHRASE");
设置此块的整个代码如下所示:
AFHTTPRequestSerializer *reqSerializer = [AFHTTPRequestSerializer 序列化器];
NSMutableURLRequest *请求;
request = [reqSerializer requestWithMethod:方法 URLString:[actionURL AbsoluteString] 参数:nil 错误:nil];
AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
[securityPolicy setAllowInvalidCertificates:kAllowsInvalidSSLCertificate];
AFHTTPRequestOperation *操作 = [[AFHTTPRequestOperation alloc] initWithRequest:request];
operation.responseSerializer = [AFHTTPResponseSerializer 序列化器];
[操作setSecurityPolicy:securityPolicy];
[操作 setWillSendRequestForAuthenticationChallengeBlock:^(NSURLConnection *连接, NSURLAuthenticationChallenge *挑战) {
if ([挑战 previousFailureCount] > 0) {
//这将导致身份验证失败
[[挑战发送者]cancelAuthenticationChallenge:challenge];
NSLog(@"错误的用户名或密码");
返回;
}
//这是检查服务器证书
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
SecTrustResultType 结果;
//这将获取 serverTrust 对象并根据您的钥匙串进行检查
SecTrustEvaluate(challenge.protectionSpace.serverTrust, &result);
//如果我们想忽略证书的无效服务器,我们只需接受服务器
如果(kAllowsInvalidSSLCertificate){
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
返回;
} else if(结果 == kSecTrustResultProceed || 结果 == kSecTrustResultUnspecified) {
//当针对受信任的服务器进行测试时,我每次都会得到 kSecTrustResultUnspecified。但另外两个符合可信服务器的描述
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
返回;
}
} else if ([[挑战保护空间]authenticationMethod] == NSURLAuthenticationMethodClientCertificate) {
//这处理验证客户端证书
/*
我们在这里需要做的是获取证书和身份,以便我们可以执行以下操作:
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:身份证书:myCerts persistence:NSURLCredentialPersistencePermanent];
[[挑战发送者] useCredential:credential forAuthenticationChallenge:challenge];
使用 -installCertificate 中的代码可以轻松加载证书
获取身份更加困难。
我们可以从 .p12 文件中获取它,但您需要一个密码:
*/
NSData *p12Data = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"cert" ofType:@"p12"]];
CFStringRef 密码 = CFSTR("YOURPASSPHRASE");
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { 密码 };
CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, 键, 值, 1, NULL, NULL);
CFArrayRef p12Items;
OSStatus 结果 = SecPKCS12Import((__bridge CFDataRef)p12Data, optionsDictionary, &p12Items);
if(结果 == noErr) {
CFDictionaryRef IdentityDict = CFArrayGetValueAtIndex(p12Items, 0);
SecIdentityRef IdentityApp =(SecIdentityRef)CFDictionaryGetValue(identityDict,kSecImportItemIdentity);
SecCertificateRef certRef;
SecIdentityCopyCertificate(identityApp, &certRef);
SecCertificateRef certArray[1] = { certRef };
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray, 1, NULL);
CFRelease(certRef);
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identityApp 证书:(__bridge NSArray *)myCerts persistence:NSURLCredentialPersistencePermanent];
CFRelease(myCerts);
[[挑战发送者] useCredential:credential forAuthenticationChallenge:challenge];
} 别的 {
[[挑战发送者]cancelAuthenticationChallenge:challenge];
}
} else if ([[挑战保护空间] 身份验证方法] == NSURLAuthenticationMethodDefault || [[[挑战保护空间] 身份验证方法] == NSURLAuthenticationMethodNTLM) {
// 用于基于用户名和密码的正常身份验证。这可以是 NTLM 或默认值。
/*
DAVcredentials *cred = _parentSession.credentials;
NSURLCredential *credential = [NSURLCredential credentialWithUser:cred.username 密码:cred.password persistence:NSURLCredentialPersistenceForSession];
[[挑战发送者] useCredential:credential forAuthenticationChallenge:challenge];
*/
NSLog(@"基本身份验证");
} 别的 {
//如果一切都失败了,我们取消挑战。
[[挑战发送者]cancelAuthenticationChallenge:challenge];
}
}];
[操作 setCompletionBlockWithSuccess:^(AFHTTPRequestOperation *操作,id responseObject) {
NSLog(@"成功");
} 失败:^(AFHTTPRequestOperation *操作,NSError *错误) {
NSLog(@"失败");
}];
[[NSOperationQueue mainQueue] addOperation:操作];
请参阅此链接:https://github.com/AFNetworking/AFNetworking/issues/2316#issuecomment-115181437
我现在正在尝试这个。
| 归档时间: |
|
| 查看次数: |
3174 次 |
| 最近记录: |