我在网上看过各种示例如何接受它们但我总是得到发生了SSL错误,无法与服务器建立安全连接。
我会注意到该方法肯定被调用(在iOS 8.4模拟器和iOS 11实际设备上运行),所以这里没有调用方法不是问题。
到目前为止我尝试过(显然我只在开发中使用此代码,而不是在生产中,等等等等):
1:
public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, new NSUrlCredential(serverTrust));
}
2:
public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
}
3:
public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
SecTrust serverTrust = challenge.ProtectionSpace.ServerSecTrust;
NSData exceptions = serverTrust.GetExceptions();
serverTrust.SetExceptions(exceptions);
exceptions.Dispose();
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
}
4:
public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
SecTrust serverTrust = challenge.ProtectionSpace.ServerSecTrust; //TODO: Get the following working (currently we still receive SSL errors)
NSData exceptions = serverTrust.GetExceptions();
serverTrust.SetExceptions(exceptions);
exceptions.Dispose();
challenge.Sender.UseCredential(NSUrlCredential.FromTrust(serverTrust), challenge);
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
}
我做错了什么?感谢。
答案 0 :(得分:2)
要支持自签名证书,您 要做的事情
NSExceptionAllowsInsecureHTTPLoads
https
,您的应用也会被标记为有信任问题安全提示2 :为任何生产应用获取CA颁发的证书,因为这会完全禁用您域上的证书验证,从而允许MITM攻击,应用程序的DNS重定向欺骗等。你可以通过将公共cer包含在主包中并根据收到的证书进行检查来确定证书,但这只是意味着需要在MITM或DNS欺骗攻击中生成伪证书(以及那些已经存在的工具)在各种漏洞利用工具包中)
使用https://badssl.com
网站的示例:
public class NavigationDelegate : WKNavigationDelegate
{
const string host = "self-signed.badssl.com";
public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler)
{
switch (challenge.ProtectionSpace.Host)
{
case host:
using (var cred = NSUrlCredential.FromTrust(challenge.ProtectionSpace.ServerSecTrust))
{
completionHandler.Invoke(NSUrlSessionAuthChallengeDisposition.UseCredential, cred);
}
break;
default:
completionHandler.Invoke(NSUrlSessionAuthChallengeDisposition.PerformDefaultHandling, null);
break;
}
}
}
注意:将此类的实例分配给WKWebView实例的NavigationDelegate
或WeakNavigationDelegate
。
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>self-signed.badssl.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>