这种是不验证证书的密钥
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
policy.allowInvalidCertificates = YES;
policy.validatesDomainName = NO;
manager.securityPolicy = policy;
//manager.securityPolicy = [self customSecurityPolicy];
/**** SSL Pinning ****///验证证书,单项验证。(需要后台给证书,并且改为 cer 格式的,最好找安卓转一下,他们比较方便一点)
- (AFSecurityPolicy*)customSecurityPolicy {
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"ios118" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
[securityPolicy setAllowInvalidCertificates:YES];
[securityPolicy setPinnedCertificates:@[certData]];
securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
//[securityPolicy setSSLPinningMode:AFSSLPinningModeCertificate];
return securityPolicy;
}
//这个是验证证书,双向验证。
if(challenge.previousFailureCount < 5) {
self.serverTrust = challenge.protectionSpace.serverTrust;
SecTrustResultType result;
SecTrustEvaluate(self.serverTrust, &result);
if(result == kSecTrustResultProceed ||
result == kSecTrustResultUnspecified //The cert is valid, but user has not explicitly accepted/denied. Ok to proceed (Ch 15: iOS PTL :Pg 269)
) {
CFIndex certificateCount = SecTrustGetCertificateCount(self.serverTrust);
NSMutableArray *trustChain = [NSMutableArray arrayWithCapacity:(NSUInteger)certificateCount];
for (CFIndex i = 0; i < certificateCount; i++) {
SecCertificateRef certificate = SecTrustGetCertificateAtIndex(self.serverTrust, i);
[trustChain addObject:(__bridge_transfer NSData *)SecCertificateCopyData(certificate)];
}
NSBundle *bundle = [NSBundle mainBundle];
NSArray *paths = [bundle pathsForResourcesOfType:@"der" inDirectory:@"."];
NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[paths count]];
for (NSString *path in paths) {
NSData *certificateData = [NSData dataWithContentsOfFile:path];
[certificates addObject:certificateData];
}
NSArray *_defaultPinnedCertificates = [[NSArray alloc] initWithArray:certificates];
NSUInteger trustedCertificateCount = 0;
for (NSData *trustChainCertificate in trustChain) {
if ([_defaultPinnedCertificates containsObject:trustChainCertificate]) {
trustedCertificateCount++;
}
}
if (trustedCertificateCount > 0) {
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}else {
UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"提示" message:@"该请求不是可信的" delegate:nil cancelButtonTitle:@"确定" otherButtonTitles:nil, nil];
[alert show];
[challenge.sender cancelAuthenticationChallenge:challenge];
}
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];