1. 首頁
  2. 問答
  3. 需要使用自簽名證書和http身份驗證查看網站

需要使用自簽名證書和http身份驗證查看網站

2012-10-25 40 views
1

我在查看擁有自簽名證書並且還需要HTTP身份驗證的網站時遇到問題。目前我試圖通過使用How to display the Authentication Challenge in UIWebView?UIWebView to view self signed websites (No private api, not NSURLConnection) - is it possible?作爲如何完成此操作的指南來實現它。我也嘗試使用繞過自簽名證書的私有API方法,但我無法找到指向它的鏈接。但是,私有API頭是:需要使用自簽名證書和http身份驗證查看網站

@interface NSURLRequest (DummyInterface) 
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host; 
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host; 
@end

然後,我有這些作爲重要的功能:

- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType; 
{ 
    NSLog(@"Did start loading: %@ auth:%d", [[request URL] absoluteString], _authenticated); 

     [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]]; 

    _request=[NSURLRequest requestWithURL:URL]; 

    if (!_authenticated) { 
     _authenticated = NO; 

     [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]]; 

     _urlConnection = [[NSURLConnection alloc] initWithRequest:_request delegate:self]; 

     [_urlConnection start]; 

     [mainWebView loadRequest:_request]; 

     return NO; 
    } 

    return YES; 

}

基本上調用NSURL連接日誌傳遞憑證。

#pragma mark - NURLConnection delegate 

    - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge; 
    { 




     NSLog(@"WebController Got auth challange via NSURLConnection"); 

     [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]]; 

     if ([challenge previousFailureCount] == 0) 
     { 
      _authenticated = YES; 



      NSURLCredential *credential = [NSURLCredential credentialWithUser:@"username" 
       password:@"password" 
                    persistence:NSURLCredentialPersistenceForSession]; 

      [challenge.sender useCredential:credential forAuthenticationChallenge:challenge]; 

     NSLog(@"credential created"); 

    } else 
    { 
     NSLog(@"previous authentication failure"); 
     [[challenge sender] cancelAuthenticationChallenge:challenge]; 
    } 
} 


- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response; 
{ 
    NSLog(@"WebController received response via NSURLConnection"); 

    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *)response; 
    NSLog(@"remote url returned error %d %@",[httpResponse statusCode],[NSHTTPURLResponse localizedStringForStatusCode:[httpResponse statusCode]]); 

    NSLog(@"The response is =%@",response); 


    _authenticated = YES; 

    [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]]; 

    NSURLRequest *urlRequest = [NSURLRequest requestWithURL:URL]; 

    [mainWebView loadRequest:urlRequest]; 

    [_urlConnection cancel];  
}

來源

2012-10-25 ZeroSkittles

回答

1

這是很容易使用AFNetworking
我做到了通過繼承AFHTTPRequestOperation並添加以下代碼到init實施

// SSL Support 
[self setAuthenticationChallengeBlock:^(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge) { 
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { 
     [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; 
    } 
}]; 
[self setAuthenticationAgainstProtectionSpaceBlock:^BOOL(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace) { 
    if([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust]) { 
     if(shouldAllowSelfSignedCert) { 
      return YES; // Self-signed cert will be accepted 
     } else { 
      return NO; // Self-signed cert will be rejected 
     } 
     // Note: it doesn't seem to matter what you return for a proper SSL cert 
     //  only self-signed certs 
    } 
    // If no other authentication is required, return NO for everything else 
    // Otherwise maybe YES for NSURLAuthenticationMethodDefault and etc. 
    return NO; 
}];

您還可以添加您的授權標頭的子類,這使得使用的連接你的應用的各個部分都非常簡單。

來源

2012-10-26 09:14:41 Darren

0

覆蓋NSURLConnectionDelegate的

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;

以下將接受沒有主機驗證任何SSL證書,因此是不安全的。您應該有一個包含所有有效主機的資源文件,並使用安全框架比較證書。

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { 
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { 
     [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; 
    } else { 
     [challenge.sender performDefaultHandlingForAuthenticationChallenge:challenge]; 
    } 
}

你看過使用ASIHTTPRequest嗎?我相信它有簡化這個的方法。

來源

2012-10-26 04:52:42

1

使用下面這兩種方法,我們可以允許自簽名的證書

-(BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace; 

-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;

我一直在使用這些方法的深入回答here

來源

2013-12-26 19:07:43

相關問題

 相關問題