投稿
  1. 首页
  2. app

ios – Xcode中的证书固定

高级工程师挂靠2022-5-25app阅读31

ios – Xcode中的证书固定,第1张

概述我得到了证书 pinning in Android的代码 CertificatePinner certificatePinner = new CertificatePinner.Builder().add("publicobject.com", "sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=").add("publicobject.com", "sha1/SXxoaOSE 我得到了证书 pinning in Android的代码 

CertificatePinner certificatePinner = new CertificatePinner.Builder().add("publicobject.com","sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=").add("publicobject.com","sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=").add("publicobject.com","sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=").add("publicobject.com","sha1/T5x9IXmcrQ7YuQxXnxocmeeQ84c=").build();

如何使用NSURLSession方法在IOS中实现相同的任务?

这里有一些参考代码

- (voID)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust,0);NSData *remoteCertificateData = CFBrIDgingrelease(SecCertificatecopyData(certificate));Nsstring *cerPath = [[NSBundle mainBundle] pathForResource:@"MyLocalCertificate" ofType:@"cer"];NSData *localCertData = [NSData dataWithContentsOffile:cerPath];if ([remoteCertificateData isEqualToData:localCertData]) {NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];}else {[[challenge sender] cancelAuthenticationChallenge:challenge];}

编辑部分

我得到了以下解决方案,在NSURLSession中自动调用委托函数,有人可以解释它是如何工作的吗?还需要发送乘数证书我该怎么做?

(voID)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task dIDReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(voID (^)(NSURLSessionAuthChallengedisposition,NSURLCredential * _Nullable))completionHandler{    Nsstring *authMethod = [[challenge protectionSpace] authenticationMethod];    if ([authMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {        NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];        completionHandler(NSURLSessionAuthChallengeUseCredential,credential);    } else {        SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;        SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust,0);        NSData *remoteCertificateData = CFBrIDgingrelease(SecCertificatecopyData(certificate));        Nsstring *cerPath = [[NSBundle mainBundle] pathForResource:@"MyLocalCertificate" ofType:@"cer"];        NSData *localCertData = [NSData dataWithContentsOffile:cerPath];        NSURLCredential *credential;        if ([remoteCertificateData isEqualToData:localCertData]) {             credential = [NSURLCredential credentialForTrust:serverTrust];            [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];        }        else {            [[challenge sender] cancelAuthenticationChallenge:challenge];        }        completionHandler(NSURLSessionAuthChallengeUseCredential,credential);        NSLog(@"Finished Challenge");    }}
解决方法 如果身份验证方法是NSURLAuthenticationMethodServerTrust,则if块会跳过证书固定.我不太确定你为什么这样做 – 你必须查看你获得这段代码片段的来源,看看它的要求是什么.

如果身份验证方法是其他任何内容,则else块执行证书固定.

变量serverTrust从服务器发送到SSL事务状态.这里的主要内容是它有一系列证书来验证服务器.在下一行中,证书设置为链中的叶证书,即服务器的证书.

remoteCertificateData本质上是一个大的二进制blob,表示证书中的信息.内存管理需要调用CFBrIDgingrelease(所有CFxxx函数都是C/C++函数,而不是Objective-C,并且内存管理比正常情况稍微复杂一点).

localCertData是证书本地副本中信息的二进制blob.请注意,iOS应用程序(或多或少)是一组文件,包括可执行文件以及各种资源等.作为构建过程的一部分,您可以安排将服务器证书的副本包含在该集合中(NSBundle) )文件. cerPath变量设置为证书本地副本的文件路径.

最后,我们检查两个二进制blob是否相等.如果没有,那么来自服务器的证书是假的,我们不继续处理该请求.

我不完全确定你的意思是“需要发送乘数证书”.从您引用的Java代码判断我假设你想要将服务器证书与多个本地证书进行比较.在这种情况下,某些(大致)如下所示(注意:未经测试的代码):

SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;   SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust,0);   NSData *remoteCertificateData = CFBrIDgingrelease(SecCertificatecopyData(certificate));   BOol match = NO;   NSURLCredential *credential;   for (Nsstring *path in [[NSBundle mainBundle] pathsForResourcesOfType:@"cer" inDirectory:@"."]) {          NSData *localCertData = [NSData dataWithContentsOffile:path];          if ([remoteCertificateData isEqualToData:localCertData]) {              credential = [NSURLCredential credentialForTrust:serverTrust];              match = YES;              break;          }   }          if (match) {      [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];   } else {      [[challenge sender] cancelAuthenticationChallenge:challenge];   }   completionHandler(NSURLSessionAuthChallengeUseCredential,credential);   NSLog(@"Finished Challenge");
总结

以上是内存溢出为你收集整理的ios – Xcode中的证书固定全部内容,希望文章能够帮你解决ios – Xcode中的证书固定所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。

欢迎分享,转载请注明来源:内存溢出

原文地址:https://www.54852.com/web/1054941.html

(0)
打赏 微信扫一扫微信扫一扫 支付宝扫一扫支付宝扫一扫
高级工程师挂靠高级工程师挂靠一级用户组
00
上一篇 2022-05-25
下一篇2022-05-25

发表评论

登录后才能评论

评论列表(0条)

    保存