这种是不验证证书的密钥
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone]; policy.allowInvalidCertificates = YES; policy.validatesDomainName = NO; manager.securityPolicy = policy; //manager.securityPolicy = [self customSecurityPolicy];/**** SSL Pinning ****///验证证书,单项验证。(需要后台给证书,并且改为 cer 格式的,最好找安卓转一下,他们比较方便一点)- (AFSecurityPolicy*)customSecurityPolicy { NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"ios118" ofType:@"cer"]; NSData *certData = [NSData dataWithContentsOfFile:cerPath]; AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init]; [securityPolicy setAllowInvalidCertificates:YES]; [securityPolicy setPinnedCertificates:@[certData]]; securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]; //[securityPolicy setSSLPinningMode:AFSSLPinningModeCertificate]; return securityPolicy;}
//这个是验证证书,双向验证。
if(challenge.previousFailureCount < 5) { self.serverTrust = challenge.protectionSpace.serverTrust; SecTrustResultType result; SecTrustEvaluate(self.serverTrust, &result); if(result == kSecTrustResultProceed || result == kSecTrustResultUnspecified //The cert is valid, but user has not explicitly accepted/denied. Ok to proceed (Ch 15: iOS PTL :Pg 269) ) { CFIndex certificateCount = SecTrustGetCertificateCount(self.serverTrust); NSMutableArray *trustChain = [NSMutableArray arrayWithCapacity:(NSUInteger)certificateCount]; for (CFIndex i = 0; i < certificateCount; i++) { SecCertificateRef certificate = SecTrustGetCertificateAtIndex(self.serverTrust, i); [trustChain addObject:(__bridge_transfer NSData *)SecCertificateCopyData(certificate)]; } NSBundle *bundle = [NSBundle mainBundle]; NSArray *paths = [bundle pathsForResourcesOfType:@"der" inDirectory:@"."]; NSMutableArray *certificates = [NSMutableArray arrayWithCapacity:[paths count]]; for (NSString *path in paths) { NSData *certificateData = [NSData dataWithContentsOfFile:path]; [certificates addObject:certificateData]; } NSArray *_defaultPinnedCertificates = [[NSArray alloc] initWithArray:certificates]; NSUInteger trustedCertificateCount = 0; for (NSData *trustChainCertificate in trustChain) { if ([_defaultPinnedCertificates containsObject:trustChainCertificate]) { trustedCertificateCount++; } } if (trustedCertificateCount > 0) { [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; }else { UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"提示" message:@"该请求不是可信的" delegate:nil cancelButtonTitle:@"确定" otherButtonTitles:nil, nil]; [alert show]; [challenge.sender cancelAuthenticationChallenge:challenge]; }
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
转载于:https://www.cnblogs.com/CodingMann/p/6145251.html
