[英]AFHTTPRequestOperation with SSL Pinning not working
我正在為我的iPhone應用程序(Objective-C)使用AFHTTPRequestOperation
。 我需要為我的應用啟用SSL
固定。
但是,無論我包含在應用程序捆綁包中的證書是正確的還是錯誤的,調用我的API始終會成功。
如果我在應用中固定的證書是錯誤的證書,則服務器API調用是否應該失敗?
這是我在應用程序中擁有的代碼:
- (AFHTTPRequestOperation *)HTTPRequestOperationWithRequest:(NSURLRequest *)request
success:(void (^)(AFHTTPRequestOperation *operation, id responseObject))success
failure:(void (^)(AFHTTPRequestOperation *operation, NSError *error))failure{
AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc] initWithRequest:request];
operation.responseSerializer = self.responseSerializer;
operation.shouldUseCredentialStorage = self.shouldUseCredentialStorage;
operation.credential = self.credential;
//operation.securityPolicy = self.securityPolicy;
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"wrong_cert" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
[securityPolicy setAllowInvalidCertificates:NO];
[securityPolicy setValidatesDomainName:YES];
[securityPolicy setPinnedCertificates:@[certData]];
[operation setSecurityPolicy:securityPolicy];
[operation setCompletionBlockWithSuccess:success failure:failure];
operation.completionQueue = self.completionQueue;
operation.completionGroup = self.completionGroup;
return operation;
}
請指教。 謝謝。
我通過AFNetworking成功實現了SSL固定。 在進行測試之前,請確保您的證書有效。 請看下面的代碼片段。
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager sharedManager];
manager.responseSerializer = [AFJSONResponseSerializer serializer];
manager.responseSerializer.acceptableContentTypes = [NSSet setWithObject:@"text/html"];
AFHTTPRequestOperation *post = [manager POST:[NSString stringWithFormat:@"%@",url] parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject) {
NSLog(@"JSON: %@", responseObject);
[delegate requestCompleted:responseObject];
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
if([error.domain isEqualToString:@"NSURLErrorDomain"] && error.code == -1012){
//SSL Pinning request failed
} else if (!operation.cancelled) {
}
}];
[post start];
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.