如何使用客户端证书验证UIWebView?

时间:2016-04-20 10:19:15

标签: ios objective-c iphone uiwebview client-certificates

我有以下问题:

我有一个UIWebView正在加载网站,但服务器也希望从客户端(UIWebView)进行身份验证。我已经使用以下来自其他网站的代码添加了ssl certificate

shouldStartLoadWithRequest:

-(BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType (UIWebViewNavigationType)navigationType;
{
    if(![self authenticated])
    {
        [self setAuthenticated:NO];
        [self setUrlConnection:[[NSURLConnection alloc] initWithRequest:[self requestObj] delegate:self]];
        [[self urlConnection] start];
        return NO;
    }
    return YES;
}

didReceiveAuthenticationChallenge:

-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
    if ([challenge previousFailureCount] == 0)
    {
        [self setAuthenticated:YES];
        NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
        [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
    }
    else [[challenge sender] cancelAuthenticationChallenge:challenge];
}

didReceiveResponse:

-(void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
    [self setAuthenticated:YES];
    [[self webView] loadRequest:[self requestObj]];
    [[self urlConnection] cancel];
}

canAuthenticateAgainstProtectionSpace:

-(BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
    return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}

现在服务器需要来自客户端(证书)的具有特定DN名称的身份验证。我找到iOS Client Certificates and Mobile Device Management,但代码没有帮助我,也没有解决我的问题。

是否可以将PKCS12文件附加到我的UIWebView,因此如果服务器想要从客户端进行身份验证,UIWebView会向他显示此文件?

我总是收到错误

2016-04-20 12:20:50.880 App [469:126255] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2016-04-20 12:20:51.454 App [469:126252] CFNetwork SSLHandshake failed (-9824 -> -9829)
2016-04-20 12:20:51.456 App [469:126252] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9829)

1 个答案:

答案 0 :(得分:0)

使用这段代码

-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {

if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
    NSURL* baseURL = [NSURL URLWithString:SERVER_IP];
    if ([challenge.protectionSpace.host isEqualToString:baseURL.host])
    {
        NSLog(@"trusting connection to host %@", challenge.protectionSpace.host);
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    }
    else
    {
        NSLog(@"Not trusting connection to host %@", challenge.protectionSpace.host);
    }
}

    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

将此课程添加到当前课程的上层

@interface NSURLRequest(AllowAllCerts)

@end


@implementation NSURLRequest(AllowAllCerts)

+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{

return YES;

}
@end