代码之家 › 专栏 › 技术社区 › davydotcom

NSURLConnection SSL HTTP基本身份验证

iphone

davydotcom · 技术社区 · 14 年前

我无法获得url请求来执行ssl url和基本身份验证。我检查了其他相关的问题,他们似乎不工作

    - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
//  NSLog(@"We are checking protection Space!");
    if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSLog(@"Can Auth Secure Requestes!");
        return YES;
    }
    else if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {
        NSLog(@"Can Auth Basic Requestes!");
        return YES;
        //return NO;
    }
    NSLog(@"Cannot Auth!");
    return NO;


}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge {
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSLog(@"Trust Challenge Requested!");
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
        [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];

    }
    else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {
        NSLog(@"HTTP Auth Challenge Requested!");
        NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:@"user" password:@"pass" persistence:NSURLCredentialPersistenceForSession];
        [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
        [credential release];
    }

3 回复 | 直到 14 年前

Suresh Varma 14 年前

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{

    return YES;
}
else 
{
    if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {
        return YES;
    }
}
    return NO;


}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge {

if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
    [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];

}
else 
{
    if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {

        NSURLCredential *creden = [[NSURLCredential alloc] initWithUser:@"USERNAME" password:@"PASSWORD" persistence:NSURLCredentialPersistenceForSession];


        [[challenge sender] useCredential:creden forAuthenticationChallenge:challenge];
        [creden release];
    }
    else 
    {
        [[challenge sender]cancelAuthenticationChallenge:challenge];

    }
}
}

davydotcom 14 年前

它工作正常实际上,问题与SSL证书有关。

user2067021 9 年前

我认为被接受的答案可能会错误地信任无效的服务器证书,因为它不会验证服务器信任。

Apple's documentation for NSURLCredential credentialForTrust: 指示在使用服务器信任之前应实际验证它:

Apple's documentation for NSURLAuthenticationChallenge 也表示挑战是如何进行的 proposedCredential 应该考虑到。

考虑到这一点,将产生如下代码:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge
{
    if (challenge.proposedCredential)
    {
        if (challenge.previousFailureCount == 0)
        {
            [challenge.sender useCredential:challenge.proposedCredential forAuthenticationChallenge:challenge];
        }
        else
        {
            // The server has rejected the proposed credential, and 
            // you should use that credential to populate a password 
            // or certificate chooser dialog, then provide a new credential.
            //  You can create password-based credentials by calling the 
            //  credentialWithUser:password:persistence: method or create
            //  certificate-based credentials with the
            NSLog(@"Need to add code here to create new credential...");
        }
    }
    else if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSLog(@"Trust Challenge Requested!");

        // As per NSURLCredential class reference, verify the server trust...
        SecTrustResultType trustResult = kSecTrustResultInvalid;
        const OSStatus status = SecTrustEvaluate(challenge.protectionSpace.serverTrust, &trustResult);

        if (noErr == status &&
            (
                kSecTrustResultProceed == trustResult ||

                // https://developer.apple.com/library/mac/qa/qa1360/_index.html
                kSecTrustResultUnspecified == trustResult
            )
        )
        {
            [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
            [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
        }
        else
        {
            NSLog(@"Failed to verify server trust, cancelling...");
            [challenge.sender cancelAuthenticationChallenge:challenge];
        }
    }
    else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {
        NSLog(@"HTTP Auth Challenge Requested!");
        NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:@"user" password:@"pass" persistence:NSURLCredentialPersistenceForSession];
        [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
    }
}