ningModeCertificate的AFNetworking

ningModeCertificate的AFNetworking

我对SSL固定有问题。第一个问题:如果我通过Safari登录,将所需的证书添加到钥匙串中,然后从钥匙串应用程序中导出文件并将其放入我的Xcode项目中,可以吗?我已经有.cer文件,所以关于我的情况,这里的几个问题似乎与我的情况无关。

这是我的代码:

- (AFSecurityPolicy*) customSecurityPolicy{
  NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"cert_name" ofType:@"cer"];
  NSData *certData = [NSData dataWithContentsOfFile:cerPath];
  AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
  [securityPolicy setAllowInvalidCertificates:NO];
  [securityPolicy setPinnedCertificates:@[certData]];
  [securityPolicy setSSLPinningMode:AFSSLPinningModeCertificate];
  return securityPolicy;
}

-(void)secureLogin{
  NSString *server = @"https_url";
  NSDictionary *params = @{@"login": self.loginField.text, @"password" : self.passField.text};
  NSError *error = nil;
  NSString *JSON = [[NSString alloc] initWithData:[NSJSONSerialization dataWithJSONObject:params
                                                                                options:NSJSONWritingPrettyPrinted
                                                                                  error:&error]
                                         encoding:NSUTF8StringEncoding];
  //NSLog(@"JSON: %@", JSON);

  AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
  [manager setSecurityPolicy:[self customSecurityPolicy]];
  manager.requestSerializer = [AFHTTPRequestSerializer serializer];
  manager.responseSerializer = [AFJSONResponseSerializer serializer];
  [manager POST:server
     parameters:@{@"data" : JSON}
        success:^(AFHTTPRequestOperation *operation, id responseObject) {
            NSLog(@"hell yea! %@", responseObject);
        } failure:^(AFHTTPRequestOperation *operation, NSError *error) {
            NSLog(@"error: %@", error);
        }];
}

如果我设置setAllowInvalidCertificates:YES],那很酷,但是不安全。我试图从中获得一些感觉,但到目前为止没有任何进展。我不断得到:

错误:错误域= NSURLErrorDomain代码= -1012“该操作无法完成。
(NSURLErrorDomain错误-1012。)“UserInfo = 0x8a35800
{NSErrorFailingURLKey = https_url,
NSErrorFailingURLStringKey = https_url}

最佳答案

如果您具有由 public CA颁发的有效证书,则可能应该包括从已颁发的证书到根证书(包括所有中间证书)的所有证书的集合,或者应该设置以下各项:

[securityPolicy setValidatesCertificateChain:NO];

关于ios - 带有AFSSLPinningModeCertificate的AFNetworking 2,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/22312857/

10-12 03:11