Ios7 未读取AF2.0证书
我使用代码读取JSON数据:Ios7 未读取AF2.0证书,ios7,afnetworking-2,Ios7,Afnetworking 2,我使用代码读取JSON数据: [[DVAPIManager sharedManager] setUsername:user andPassword:pass]; NSLog(@"Using %d pinned certificates", [[DVAPIManager sharedManager].securityPolicy.pinnedCertificates count]); [[DVAPIManager sharedManager] GET:@"/areas" parameters:n
[[DVAPIManager sharedManager] setUsername:user andPassword:pass];
NSLog(@"Using %d pinned certificates", [[DVAPIManager sharedManager].securityPolicy.pinnedCertificates count]);
[[DVAPIManager sharedManager] GET:@"/areas" parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject) {
NSLog(@"JSON: %@", responseObject);
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
NSLog(@"Error: %@", error);
}];
但出于调试原因,我使用的NSLong给出了:使用0固定的证书
我已经将apache.cer文件复制到项目中,也复制到我的singleton类文件中:
- (id)initWithBaseURL:(NSURL *)url
{
self = [super initWithBaseURL:url];
if(!self)
return nil;
self.requestSerializer = [AFJSONRequestSerializer serializer];
[[AFNetworkActivityIndicatorManager sharedManager] setEnabled:YES];
AFSecurityPolicy *mySecurityPolicy = [[AFSecurityPolicy alloc] init];
[mySecurityPolicy setSSLPinningMode:AFSSLPinningModeCertificate];
[self setSecurityPolicy:mySecurityPolicy];
return self;
}
当我运行时,我得到一个错误:
错误:Error Domain=nsurerrordomain Code=-1012“该操作无法完成。(nsurerrordomain Error-1012。)
你知道为什么不能获取JSON数据,为什么系统不能读取my.cer文件吗
当我尝试手动读取.cer文件时
[mySecurityPolicy setPinnedCertificates:[[NSArray alloc] initWithObjects:@"apache.cer", nil]];
它崩溃了!!为了读取证书文件,我在我的singleton类中添加了以下代码,解决了这个问题:
NSString* fileRoot = [[NSBundle mainBundle] pathForResource:@"apache" ofType:@"cer"];
NSData *certData = [[NSData alloc] initWithContentsOfFile:fileRoot];
self.requestSerializer = [AFJSONRequestSerializer serializer];
[[AFNetworkActivityIndicatorManager sharedManager] setEnabled:YES];
AFSecurityPolicy *mySecurityPolicy = [[AFSecurityPolicy alloc] init];
[mySecurityPolicy setSSLPinningMode:AFSSLPinningModeCertificate];
[mySecurityPolicy setAllowInvalidCertificates:YES];
[mySecurityPolicy setPinnedCertificates:[[NSArray alloc] initWithObjects:certData, nil]];
可能是默认读取.cer文件,但它不起作用,您必须手动执行此操作(如上面的代码)我通过在singleton类中添加此代码来解决此问题,以便读取证书文件:
NSString* fileRoot = [[NSBundle mainBundle] pathForResource:@"apache" ofType:@"cer"];
NSData *certData = [[NSData alloc] initWithContentsOfFile:fileRoot];
self.requestSerializer = [AFJSONRequestSerializer serializer];
[[AFNetworkActivityIndicatorManager sharedManager] setEnabled:YES];
AFSecurityPolicy *mySecurityPolicy = [[AFSecurityPolicy alloc] init];
[mySecurityPolicy setSSLPinningMode:AFSSLPinningModeCertificate];
[mySecurityPolicy setAllowInvalidCertificates:YES];
[mySecurityPolicy setPinnedCertificates:[[NSArray alloc] initWithObjects:certData, nil]];
可能是默认读取的.cer文件,但它不工作,您必须手动执行此操作(如上面的代码)我通过手动加载证书来获得证书:
- (void)setupSSL
{
self.securityPolicy.SSLPinningMode = AFSSLPinningModePublicKey;
NSString *sslPublicKeyPath = [[NSBundle mainBundle] pathForResource:@"mydomain" ofType:@"cer"];
NSData *sslPublicKey = [NSData dataWithContentsOfFile:sslPublicKeyPath];
[self.securityPolicy setPinnedCertificates:@[
sslPublicKey
]];
}
我从pem生成的密钥如下:
openssl x509 -in mydomain.pem -out mydomain.cer -outform der
我通过手动加载证书来获得证书:
- (void)setupSSL
{
self.securityPolicy.SSLPinningMode = AFSSLPinningModePublicKey;
NSString *sslPublicKeyPath = [[NSBundle mainBundle] pathForResource:@"mydomain" ofType:@"cer"];
NSData *sslPublicKey = [NSData dataWithContentsOfFile:sslPublicKeyPath];
[self.securityPolicy setPinnedCertificates:@[
sslPublicKey
]];
}
我从pem生成的密钥如下:
openssl x509 -in mydomain.pem -out mydomain.cer -outform der
请修复您的标题、格式和拼写…请修复您的标题、格式和拼写…仅供参考,自从您将AllowInvalidCertificates设置为“是”后,此实现实际上完全跳过了SSL固定。@drewag您有没有不跳过SSL固定的问题解决方案?是的,我已将其用于我自己的证书,而无需求助于允许无效证书。我的“添加我的解决方案”解决了问题本身,但简而言之,我手动加载了证书并将其设置在现有安全策略上(在将其设置为AFSSLPiningModePublicKey之后)。这并不能解决任何问题(对我而言)仅供参考,由于您将AllowInvalidCertificates设置为“是”,此实现实际上完全跳过了SSL锁定。@drewag您有没有不跳过SSL锁定的问题解决方案?是的,我让它在不允许无效证书的情况下为我自己的证书工作。我的“添加我的解决方案”解决了问题本身,但简而言之,我手动加载证书并将其设置为现有安全策略(在将其设置为AFSSLPiningModePublicKey之后)。这不会修复任何问题(对我而言)