这篇文章给大家介绍如何理解AFNetWorking https双向认证,内容非常详细,感兴趣的小伙伴们可以参考借鉴,希望对大家能有所帮助。
客户端验证服务端证书:
需要超文本传送协议(超文本传输协议的缩写)配置路径需要域名
1:先项目中倒入服务端证书sever.cer,
2.然后设置安全政策
自我。manager=[AFHTTPRequestOperationManager manager];
自我。经理。response serializer=[[afhttpresponse serializer alloc]init];
[自我。经理。http ader field : @“header-platform ”]的请求序列化程序set value : @“iphone ”;
自我。经理。安全策略=[具有锁定模式: afsslpinningmodepublikey的afsecurity policy策略];
自我。经理。安全政策。允许有效证书=是;
自我。经理。安全政策。validateddomain域名=否;
自我。经理。安全政策。验证证书链=否;
客户端会变了项目中的证书和服务端的证书匹配
服务端验证客户端证书,首先把服务端的证书client.p12导入到服务端的密钥库里
然后在AFURLConnectionOperation.m中加入以下方法
-(OSStatus)extracentity :(CFDataRef)in p12 data :(SecIdentityRef *)identity {
OSStatus安全错误=errSecSuccess
CFStringRef密码=CFSTR('你的证书密码');
const void * keys[]={ ksecimportexportpassage };
const void * values[]={ password };
cf dictionary ref options=cf dictionary create(NULL,键,值,1,空,空);
CFArrayRef items=CFArrayCreate(NULL,0,0,NULL);
安全错误=secpkcs12导入(在p12数据、选项、项目中);
if (securityError==0)
{
cf dictionary ref ident=CFArrayGetValueAtIndex(items,0);
const void *tempIdentity=空;
tempIdentity=cf dictionary get value(ident,ksecimportititemidentity);
* identity=(SecIdentityRef)tempIdentity;
}
if (options) {
CFRelease(options);
}
return securityError;
}
把AFURLConnectionOperation.m中的
- (void)connection:(NSURLConnection *)connection
willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
替换成
- (void)connection:(NSURLConnection *)connection
willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
NSString *thePath = [[NSBundle mainBundle] pathForResource:@"client" ofType:@"p12"];
NSLog(@"thePath===========%@",thePath);
NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath];
CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
SecIdentityRef identity = NULL;
// extract the ideneity from the certificate
[self extractIdentity :inPKCS12Data :&identity];
SecCertificateRef certificate = NULL;
SecIdentityCopyCertificate (identity, &certificate);
const void *certs[] = {certificate};
// CFArrayRef certArray = CFArrayCreate(kCFAllocatorDefault, certs, 1, NULL);
// create a credential from the certificate and ideneity, then reply to the challenge with the credential
//NSLog(@"identity=========%@",identity);
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity certificates:nil persistence:NSURLCredentialPersistencePermanent];
// credential = [NSURLCredential credentialWithIdentity:identity certificates:(__bridge NSArray*)certArray persistence:NSURLCredentialPersistencePermanent];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
}
然后就可以进行双向认证了
关于如何理解AFNetWorking https双向认证就分享到这里了,希望
内容来源网络,如有侵权,联系删除,本文地址:https://www.230890.com/zhan/117729.html