我正在寻找一种方法来实现能够切换我的Web应用程序用于与给定服务器通信的NSURLCredential。
有没有办法让我“重置”给定服务器信任的NSURLCredential ssl凭据,并强制整个握手过程重复使用不同的凭据集?换句话说,我想要我的网站应用程序忘了它曾经对这个服务器说过话。
我认为下面的代码片段是检索我之前评估过的凭据的内容。
- (void)customHTTPProtocol:(CustomHTTPProtocol *)protocol didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
NSURLCredential * credential = nil;
SecTrustRef trust;
NSURLProtectionSpace* protectionSpace = challenge.protectionSpace;
if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
//this verifies that we are talking to a server that we trust by checking it's certificate
// Extract the SecTrust object from the challenge, apply our trusted anchors to that
// object, and then evaluate the trust. If it's OK, create a credential and use
// that to resolve the authentication challenge. If anything goes wrong, resolve
// the challenge with nil, which continues without a credential, which causes the
// connection to fail.
trust = [protectionSpace serverTrust];
if (trust == NULL) {
assert(NO);
} else {
// Just Ignore Self Signed Certs
SecTrustResultType result;
//This takes the serverTrust object and checkes it against your keychain
SecTrustEvaluate(protectionSpace.serverTrust, &result);
//if we want to ignore invalid server for certificates, we just accept the server
credential = [NSURLCredential credentialForTrust: challenge.protectionSpace.serverTrust];
if(result == kSecTrustResultProceed ||
// result == kSecTrustResultConfirm || // Deprecated - Remove?
result == kSecTrustResultUnspecified) {
[challenge.sender useCredential:credential forAuthenticationChallenge: challenge];
}
}
[protocol resolveAuthenticationChallenge:challenge withCredential:credential];
}
//... more ways to resolve challenge
}
答案 0 :(得分:3)
我尝试了各种方法来实现这一点,但一切都在静脉。
但是一个简单的技巧奏效了。
要强制我的网页重新进行身份验证,我会在请求网址末尾添加以下内容。
&r=1100910192 **(timestamp)**。
因此,它不是使用缓存的经过身份验证的凭据,而是进行了重新身份验证。
在其他情况下,只需在请求结束时添加#即可:
[NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http://localhost:8080/some.json#"]]
我希望它有所帮助。