AFN HTTPS 双向认证这是传客户端证书

//服务器端证书由AFSecurityPolicy 读取


//重写这个方法就能提供客户端验证

    [managersetSessionDidBecomeInvalidBlock:^(NSURLSession *_Nonnull session,NSError * _Nonnull error) {

        NSLog(@"setSessionDidBecomeInvalidBlock");

    }];

    [manager setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession*session,NSURLAuthenticationChallenge *challenge, NSURLCredential *__autoreleasing*_credential) {

        NSURLSessionAuthChallengeDisposition disposition =NSURLSessionAuthChallengePerformDefaultHandling;

       __autoreleasingNSURLCredential *credential =nil;

        if([challenge.protectionSpace.authenticationMethodisEqualToString:NSURLAuthenticationMethodServerTrust]) {

            if([manager.securityPolicyevaluateServerTrust:challenge.protectionSpace.serverTrustforDomain:challenge.protectionSpace.host]) {

                credential = [NSURLCredentialcredentialForTrust:challenge.protectionSpace.serverTrust];

               if(credential) {

                    disposition =NSURLSessionAuthChallengeUseCredential;

                }else {

                    disposition =NSURLSessionAuthChallengePerformDefaultHandling;

                }

            }else {

                disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;

            }

        }else {

            // client authentication

           SecIdentityRef identity =NULL;

           SecTrustRef trust =NULL;

            NSString *p12 = [[NSBundlemainBundle]pathForResource:@"client.key"ofType:@"p12"];

           NSFileManager *fileManager =[NSFileManagerdefaultManager];

            

           if(![fileManagerfileExistsAtPath:p12])

            {

                NSLog(@"client.p12:not exist");

            }

           else

            {

               NSData *PKCS12Data = [NSDatadataWithContentsOfFile:p12];

                

               if ([[weakSelfclass]extractIdentity:&identityandTrust:&trustfromPKCS12Data:PKCS12Data])

                {

                   SecCertificateRef certificate =NULL;

                   SecIdentityCopyCertificate(identity, &certificate);

                   constvoid*certs[] = {certificate};

                   CFArrayRef certArray =CFArrayCreate(kCFAllocatorDefault, certs,1,NULL);

                    credential =[NSURLCredentialcredentialWithIdentity:identitycertificates:(__bridge NSArray*)certArraypersistence:NSURLCredentialPersistencePermanent];

                    disposition =NSURLSessionAuthChallengeUseCredential;

                }

            }

        }

        *_credential = credential;

       return disposition;

    }];




+(BOOL)extractIdentity:(SecIdentityRef*)outIdentity andTrust:(SecTrustRef *)outTrust fromPKCS12Data:(NSData *)inPKCS12Data {

   OSStatus securityError =errSecSuccess;

    //client certificate password

   NSDictionary*optionsDictionary = [NSDictionarydictionaryWithObject:@"123456"

                                                                forKey:(__bridgeid)kSecImportExportPassphrase];

    

   CFArrayRef items =CFArrayCreate(NULL,0,0, NULL);

    securityError =SecPKCS12Import((__bridgeCFDataRef)inPKCS12Data,(__bridgeCFDictionaryRef)optionsDictionary,&items);

    

   if(securityError ==0) {

       CFDictionaryRef myIdentityAndTrust =CFArrayGetValueAtIndex(items,0);

       constvoid*tempIdentity =NULL;

        tempIdentity=CFDictionaryGetValue (myIdentityAndTrust,kSecImportItemIdentity);

        *outIdentity = (SecIdentityRef)tempIdentity;

       constvoid*tempTrust =NULL;

        tempTrust =CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemTrust);

        *outTrust = (SecTrustRef)tempTrust;

    }else {

       NSLog(@"Failedwith error code %d",(int)securityError);

       returnNO;

    }

    return YES;

}



  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值