我有以下问题:
我有一个UIWebView正在加载网站,但服务器也希望从客户端(UIWebView)进行身份验证。我已经使用以下来自其他网站的代码添加了ssl certificate:
shouldStartLoadWithRequest:
-(BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType (UIWebViewNavigationType)navigationType;
{
if(![self authenticated])
{
[self setAuthenticated:NO];
[self setUrlConnection:[[NSURLConnection alloc] initWithRequest:[self requestObj] delegate:self]];
[[self urlConnection] start];
return NO;
}
return YES;
}
didReceiveAuthenticationChallenge:
-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge previousFailureCount] == 0)
{
[self setAuthenticated:YES];
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
}
else [[challenge sender] cancelAuthenticationChallenge:challenge];
}
didReceiveResponse:
-(void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
[self setAuthenticated:YES];
[[self webView] loadRequest:[self requestObj]];
[[self urlConnection] cancel];
}
canAuthenticateAgainstProtectionSpace:
-(BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}
现在服务器需要来自客户端(证书)的具有特定DN名称的身份验证。我找到iOS Client Certificates and Mobile Device Management,但代码没有帮助我,也没有解决我的问题。
是否可以将PKCS12文件附加到我的UIWebView,因此如果服务器想要从客户端进行身份验证,UIWebView会向他显示此文件?
我总是收到错误
2016-04-20 12:20:50.880 App [469:126255] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2016-04-20 12:20:51.454 App [469:126252] CFNetwork SSLHandshake failed (-9824 -> -9829)
2016-04-20 12:20:51.456 App [469:126252] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9829)
答案 0 :(得分:0)
使用这段代码
-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
NSURL* baseURL = [NSURL URLWithString:SERVER_IP];
if ([challenge.protectionSpace.host isEqualToString:baseURL.host])
{
NSLog(@"trusting connection to host %@", challenge.protectionSpace.host);
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}
else
{
NSLog(@"Not trusting connection to host %@", challenge.protectionSpace.host);
}
}
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
将此课程添加到当前课程的上层
@interface NSURLRequest(AllowAllCerts)
@end
@implementation NSURLRequest(AllowAllCerts)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
@end