https 양방향 인증(AFNetworking 2.x)

3355 단어
AFNetworking 3.0은 2.6 버전의 AFHTTPRequest OperationManager를 AFHTTPSessionManager로 대체했습니다.AFHTTPSessionManager는 setSessionDidReceiveAuthenticationChallengeBlock을 호출하여 이 블록 내부에서 자신의 p12를 서버에 넘겨 검증할 수 있습니다. 그러나 2.x 버전의 AFHTTPRequest OperationManager는 이 블록 방법이 없기 때문에 2.x 버전에 약간의 변화가 있습니다.
 : CA
+(AFHTTPRequestOperationManager *)SignalSSL{
    AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
manager.responseSerializer = [AFHTTPResponseSerializer serializer];

    NSString *certFilePath = [[NSBundle mainBundle] pathForResource:@"CA" ofType:@"cer"];
    NSData *certData = [NSData dataWithContentsOfFile:certFilePath];
    NSArray *caArray = [NSArray arrayWithObject:certData];
    AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
    policy.allowInvalidCertificates = YES;
    [policy setPinnedCertificates:caArray];
    policy.validatesDomainName = YES;
    manager.securityPolicy = policy;

    [manager.requestSerializer setValue:@"header" forHTTPHeaderField:@"Accept-Language"];
 
    return manager;
}
 : , AFURLConnectionOperation 
-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{
   SecIdentityRef identity = NULL;
   SecTrustRef trust = NULL;
   NSString *p12Str = [[NSBundle mainBundle] pathForResource:@"p12 " ofType:@"p12"];
   NSData *PKCS12Data = [NSData dataWithContentsOfFile:certFilePath];
   [self extractIdentity:&identity andTrust:&trust fromPKCS12Data:PKCS12Data];
   // extract the ideneity from the certificate
   [self extractIdentity:&identity andTrust:&trust fromPKCS12Data:PKCS12Data];
   SecCertificateRef certificate = NULL;
   SecIdentityCopyCertificate (identity, &certificate);
   
   NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity certificates:nil persistence:NSURLCredentialPersistencePermanent];
   
   [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
   //
}
-(BOOL)extractIdentity:(SecIdentityRef*)outIdentity andTrust:(SecTrustRef *)outTrust fromPKCS12Data:(NSData *)inPKCS12Data {
   OSStatus securityError = errSecSuccess;
   //client certificate password
   NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"p12pwd"
                                                                 forKey:(__bridge id)kSecImportExportPassphrase];
   
   CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
   securityError = SecPKCS12Import((__bridge CFDataRef)inPKCS12Data,(__bridge CFDictionaryRef)optionsDictionary,&items);
   
   if(securityError == 0) {
       CFDictionaryRef myIdentityAndTrust =CFArrayGetValueAtIndex(items,0);
       const void*tempIdentity =NULL;
       tempIdentity= CFDictionaryGetValue (myIdentityAndTrust,kSecImportItemIdentity);
       *outIdentity = (SecIdentityRef)tempIdentity;
       const void*tempTrust =NULL;
       tempTrust = CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemTrust);
       *outTrust = (SecTrustRef)tempTrust;
   } else {
       NSLog(@"Failedwith error code %d",(int)securityError);
       return NO;
   }
   return YES;
}


이렇게 하면 AF Networking 3.0 이하 버전의 https 양방향 채널 설정이 완성된다

좋은 웹페이지 즐겨찾기