1
我是否需要在使用客戶端證書進行身份驗證後執行證書鎖定?誰可以給我解釋一下這個?客戶端證書驗證與證書綁定相結合
if (challenge.ProtectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodClientCertificate)
{
Console.WriteLine("Client Cert!");
var options = NSDictionary.FromObjectAndKey(NSObject.FromObject(This._passphrase), SecImportExport.Passphrase);
NSDictionary[] importResult;
if (This?._certificate == null) return;
if (This?._passphrase == null) return;
var x509Certificate = new X509Certificate(This._certificate, This._passphrase);
SecStatusCode statusCode = SecImportExport.ImportPkcs12(This._certificate, options, out importResult);
var identityHandle = importResult[0][SecImportExport.Identity];
var identity = new SecIdentity(identityHandle.Handle);
var certificate = new SecCertificate(x509Certificate.GetRawCertData());
SecCertificate[] certificates = { certificate };
NSUrlCredential credential = NSUrlCredential.FromIdentityCertificatesPersistance(identity, certificates, NSUrlCredentialPersistence.ForSession);
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, credential);
return;
}
*Logic for SSL Pinning*
由於在「clientcertificate請求,客戶端身份驗證」部分之後返回statment,證書釘扎的邏輯永遠不會被執行,所以我問自己,如果這部分是與客戶端進行認證後obsolet證書。
感謝您的解釋。我在搜索2-3小時後解決了問題,但無法進行調試......名爲DidReciveResponse的方法正在爲客戶端證書調用兩次,爲服務器證書調用了第二次。 –