我对SSL固定有问题。第一个问题:如果我通过Safari登录,将所需的证书添加到钥匙串中,然后从钥匙串应用程序中导出文件并将其放入我的Xcode项目中,可以吗?我已经有.cer文件,所以关于我的情况,这里的几个问题似乎与我的情况无关。
这是我的代码:
- (AFSecurityPolicy*) customSecurityPolicy{
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"cert_name" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
[securityPolicy setAllowInvalidCertificates:NO];
[securityPolicy setPinnedCertificates:@[certData]];
[securityPolicy setSSLPinningMode:AFSSLPinningModeCertificate];
return securityPolicy;
}
-(void)secureLogin{
NSString *server = @"https_url";
NSDictionary *params = @{@"login": self.loginField.text, @"password" : self.passField.text};
NSError *error = nil;
NSString *JSON = [[NSString alloc] initWithData:[NSJSONSerialization dataWithJSONObject:params
options:NSJSONWritingPrettyPrinted
error:&error]
encoding:NSUTF8StringEncoding];
//NSLog(@"JSON: %@", JSON);
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
[manager setSecurityPolicy:[self customSecurityPolicy]];
manager.requestSerializer = [AFHTTPRequestSerializer serializer];
manager.responseSerializer = [AFJSONResponseSerializer serializer];
[manager POST:server
parameters:@{@"data" : JSON}
success:^(AFHTTPRequestOperation *operation, id responseObject) {
NSLog(@"hell yea! %@", responseObject);
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
NSLog(@"error: %@", error);
}];
}
如果我设置
setAllowInvalidCertificates:YES]
,那很酷,但是不安全。我试图从中获得一些感觉,但到目前为止没有任何进展。我不断得到:错误:错误域= NSURLErrorDomain代码= -1012“该操作无法完成。
(NSURLErrorDomain错误-1012。)“UserInfo = 0x8a35800
{NSErrorFailingURLKey = https_url,
NSErrorFailingURLStringKey = https_url}
最佳答案
如果您具有由 public CA颁发的有效证书,则可能应该包括从已颁发的证书到根证书(包括所有中间证书)的所有证书的集合,或者应该设置以下各项:
[securityPolicy setValidatesCertificateChain:NO];
关于ios - 带有AFSSLPinningModeCertificate的AFNetworking 2,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/22312857/