zoukankan      html  css  js  c++  java
  • iOS 项目中将 http 改成 https 后需要改动的地方(密钥验证)

    这种是不验证证书的密钥

    AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
    policy.allowInvalidCertificates = YES;
    policy.validatesDomainName = NO;
    manager.securityPolicy = policy;
    //manager.securityPolicy = [self customSecurityPolicy];


    /**** SSL Pinning ****///验证证书,单项验证。(需要后台给证书,并且改为 cer 格式的,最好找安卓转一下,他们比较方便一点)
    - (AFSecurityPolicy*)customSecurityPolicy {
    NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"ios118" ofType:@"cer"];
    NSData *certData = [NSData dataWithContentsOfFile:cerPath];
    AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
    [securityPolicy setAllowInvalidCertificates:YES];
    [securityPolicy setPinnedCertificates:@[certData]];
    securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
    //[securityPolicy setSSLPinningMode:AFSSLPinningModeCertificate];
    return securityPolicy;
    }

    //这个是验证证书,双向验证。

    if(challenge.previousFailureCount < 5) {
    self.serverTrust = challenge.protectionSpace.serverTrust;
    SecTrustResultType result;
    SecTrustEvaluate(self.serverTrust, &result);

    if(result == kSecTrustResultProceed ||
    result == kSecTrustResultUnspecified //The cert is valid, but user has not explicitly accepted/denied. Ok to proceed (Ch 15: iOS PTL :Pg 269)
    ) {

    CFIndex certificateCount = SecTrustGetCertificateCount(self.serverTrust);

    NSMutableArray *trustChain = [NSMutableArray arrayWithCapacity:(NSUInteger)certificateCount];

    for (CFIndex i = 0; i < certificateCount; i++) {

    SecCertificateRef certificate = SecTrustGetCertificateAtIndex(self.serverTrust, i);

    [trustChain addObject:(__bridge_transfer NSData *)SecCertificateCopyData(certificate)];

    }
    NSBundle *bundle = [NSBundle mainBundle];
    NSArray *paths = [bundle pathsForResourcesOfType:@"der" inDirectory:@"."];
    NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[paths count]];

    for (NSString *path in paths) {

    NSData *certificateData = [NSData dataWithContentsOfFile:path];

    [certificates addObject:certificateData];

    }
    NSArray *_defaultPinnedCertificates = [[NSArray alloc] initWithArray:certificates];

    NSUInteger trustedCertificateCount = 0;

    for (NSData *trustChainCertificate in trustChain) {

    if ([_defaultPinnedCertificates containsObject:trustChainCertificate]) {

    trustedCertificateCount++;

    }

    }

    if (trustedCertificateCount > 0) {

    [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];

    }else {

    UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"提示" message:@"该请求不是可信的" delegate:nil cancelButtonTitle:@"确定" otherButtonTitles:nil, nil];

    [alert show];

    [challenge.sender cancelAuthenticationChallenge:challenge];

    }

    [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];

  • 相关阅读:
    变动原因change事件
    获取一个Java项目的所有接口信息
    部署
    Apache Nutch(二)
    导论
    昨天去看了海,今天是第一天上班.心情不错.告诉自己要努力啊!
    从ASP.net Ajax 1.0 Beta 1升级到 ASP.net Ajax 1.0 Beta 2具体说明。
    好些天没有写什么了,不能懒散下去了,要重新振作起来。
    ComboBox怎么不绑定而设置Text和Value 网上收集
    使用无刷新技术,去请求该失效Session的页面,实现跳转到重新登陆页面。
  • 原文地址:https://www.cnblogs.com/CodingMann/p/6145251.html
Copyright © 2011-2022 走看看