HTTPS 양방향 인증(AFNetworking 3.0)
+(AFHTTPSessionManager *)SignalSSL;
+(AFHTTPSessionManager *)DualSSL;
HttpsManager.m
// : CA
+(AFHTTPSessionManager *)SignalSSL{
AFHTTPSessionManager *_manager = [AFHTTPSessionManager manager];
NSString *certFilePath = [[NSBundle mainBundle] pathForResource:@"CA" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:certFilePath];
NSSet *certSet = [NSSet setWithObject:certData];
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate withPinnedCertificates:certSet];
policy.allowInvalidCertificates = YES;
policy.validatesDomainName = YES;
_manager.securityPolicy = policy;
_manager.responseSerializer = [AFHTTPResponseSerializer serializer];
// POST header
[_manager.requestSerializer setValue:@"value" forHTTPHeaderField:@"key"];
return _manager;
}
// : CA , p12
+(AFHTTPSessionManager *)DualSSL{
__weak AFHTTPSessionManager *_manager = [AFHTTPSessionManager manager];
NSString *certFilePath = [[NSBundle mainBundle] pathForResource:@"cacert" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:certFilePath];
NSSet *certSet = [NSSet setWithObject:certData];
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate withPinnedCertificates:certSet];
policy.allowInvalidCertificates = YES;
policy.validatesDomainName = YES;
_manager.securityPolicy = policy;
_manager.responseSerializer = [AFHTTPResponseSerializer serializer];
// POST header
[_manager.requestSerializer setValue:@"value" forHTTPHeaderField:@"key"];
// setSessionDidReceiveAuthenticationChallengeBlock
__weak typeof(self)weakSelf = self;
[_manager setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession*session, NSURLAuthenticationChallenge *challenge, NSURLCredential *__autoreleasing*_credential) {
NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;
__autoreleasing NSURLCredential *credential =nil;
if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
if([_manager.securityPolicy evaluateServerTrust:challenge.protectionSpace.serverTrust forDomain:challenge.protectionSpace.host]) {
credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
if(credential) {
disposition =NSURLSessionAuthChallengeUseCredential;
} else {
disposition =NSURLSessionAuthChallengePerformDefaultHandling;
}
} else {
disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;
}
} else {
SecIdentityRef identity = NULL;
SecTrustRef trust = NULL;
NSString *p12Str = [[NSBundle mainBundle] pathForResource:@"p12 " ofType:@"p12"];;
NSData *PKCS12Data = [NSData dataWithContentsOfFile:p12Str];
if ([[weakSelf class] extractIdentity:&identity andTrust:&trust fromPKCS12Data:PKCS12Data]){
SecCertificateRef caRef = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)PKCS12Data);
SecIdentityCopyCertificate(identity, &caRef);
const void*certs[] = {caRef};
CFArrayRef certArray =CFArrayCreate(kCFAllocatorDefault, certs,1,NULL);
credential =[NSURLCredential credentialWithIdentity:identity certificates:(__bridge NSArray*)certArray persistence:NSURLCredentialPersistencePermanent];
disposition =NSURLSessionAuthChallengeUseCredential;
}
}
*_credential = credential;
return disposition;
}];
return _manager;
}
#pragma ---mark daili
+(BOOL)extractIdentity:(SecIdentityRef*)outIdentity andTrust:(SecTrustRef *)outTrust fromPKCS12Data:(NSData *)inPKCS12Data {
OSStatus securityError = errSecSuccess;
//client certificate password
NSDictionary*optionsDictionary = [NSDictionary dictionaryWithObject:@"p12Pwd"
forKey:(__bridge id)kSecImportExportPassphrase];
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
securityError = SecPKCS12Import((__bridge CFDataRef)inPKCS12Data,(__bridge CFDictionaryRef)optionsDictionary,&items);
if(securityError == 0) {
CFDictionaryRef myIdentityAndTrust =CFArrayGetValueAtIndex(items,0);
const void*tempIdentity =NULL;
tempIdentity= CFDictionaryGetValue (myIdentityAndTrust,kSecImportItemIdentity);
*outIdentity = (SecIdentityRef)tempIdentity;
const void*tempTrust =NULL;
tempTrust = CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemTrust);
*outTrust = (SecTrustRef)tempTrust;
} else {
NSLog(@"Failedwith error code %d",(int)securityError);
return NO;
}
return YES;
}
ViewController.m
//
- (IBAction)signalSSLRequest:(id)sender {
//
NSDictionary *parameter = [NSDictionary dictionaryWithObjectsAndKeys:
@"libai",@"username",nil];
//
NSString *url = @"https://xxx";
[[HttpsManager SignalSSL] POST:url parameters:parameter progress:nil success:^(NSURLSessionDataTask * _Nonnull task, id _Nullable responseObject) {
NSDictionary *dic = [NSJSONSerialization JSONObjectWithData:responseObject options:NSJSONReadingMutableContainers error:nil];
NSLog(@"errMessage = %@",dic);
} failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) {
NSLog(@" Error: %@", error);
}];
}
//
- (IBAction)DualSSLRequest:(id)sender {
NSDictionary *parameter = @{@"name":@"libai"};
NSString *url = @"https://xxx";
[[HttpsManager DualSSL] POST:url parameters:parameter progress:nil success:^(NSURLSessionDataTask * _Nonnull task, id _Nullable responseObject) {
NSDictionary *dic = [NSJSONSerialization JSONObjectWithData:responseObject options:NSJSONReadingMutableContainers error:nil];
NSLog(@"errMessage = %@",dic);
} failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) {
NSLog(@" Error: %@", error);
}];
}
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
다양한 언어의 JSONJSON은 Javascript 표기법을 사용하여 데이터 구조를 레이아웃하는 데이터 형식입니다. 그러나 Javascript가 코드에서 이러한 구조를 나타낼 수 있는 유일한 언어는 아닙니다. 저는 일반적으로 '객체'{}...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.
좋은 웹페이지 즐겨찾기
