代码之家  ›  专栏  ›  技术社区  ›  hvaughan3

Xamarin WKWebView接受自签名证书

  •  2
  • hvaughan3  · 技术社区  · 8 年前

    我在网上看到过各种各样的例子,说如何接受它们,但我总是得到 出现SSL错误,无法与服务器建立安全连接。

    我会注意到,该方法肯定会被调用(在iOS 8.4模拟器和iOS 11实际设备上运行),因此,不被调用的方法不是这里的问题。

    到目前为止,我尝试了什么(显然我只在开发中使用这段代码,而不是在生产中使用,等等):

    1:

    public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
     completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, new NSUrlCredential(serverTrust));
    }
    

    2:

    public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
     completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
    }
    

    三:

        public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
            SecTrust serverTrust = challenge.ProtectionSpace.ServerSecTrust;
            NSData exceptions = serverTrust.GetExceptions();
            serverTrust.SetExceptions(exceptions);
            exceptions.Dispose();
            completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
        }
    

    4:

        public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
            SecTrust serverTrust = challenge.ProtectionSpace.ServerSecTrust;    //TODO: Get the following working (currently we still receive SSL errors)
            NSData exceptions = serverTrust.GetExceptions();
            serverTrust.SetExceptions(exceptions);
            exceptions.Dispose();
    
            challenge.Sender.UseCredential(NSUrlCredential.FromTrust(serverTrust), challenge);
            completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
        }
    

    我做错了什么?谢谢

    1 回复  |  直到 8 年前
        1
  •  7
  •   SushiHangover    8 年前

    为了支持自签名证书 要做的事情:

    1. 允许 NSExceptionAllowsInsecureHTTPLoads 在您的自签名域上
      • 即使您正在使用 https ,你的应用被标记为存在信任问题
    2. 绕过证书安全检查

    2上的安全说明 :为任何生产应用程序获取CA颁发的证书,因为这将完全禁用域上的证书验证,从而允许MITM攻击、应用程序的DNS重定向欺骗等。。。您可以通过将公共cer包含在主捆绑包中并根据收到的证书进行检查来锁定证书,但这只意味着需要在MITM或DNS欺骗攻击中生成假证书(以及各种漏洞工具包中已经存在的工具)

    示例使用 https://badssl.com 地点:

    WKNavigationDelegate:

    public class NavigationDelegate : WKNavigationDelegate
    {
        const string host = "self-signed.badssl.com";
        public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler)
        {
            switch (challenge.ProtectionSpace.Host)
            {
                case host:
                    using (var cred = NSUrlCredential.FromTrust(challenge.ProtectionSpace.ServerSecTrust))
                    {
                        completionHandler.Invoke(NSUrlSessionAuthChallengeDisposition.UseCredential, cred);
                    }
                    break;
                default:
                    completionHandler.Invoke(NSUrlSessionAuthChallengeDisposition.PerformDefaultHandling, null);
                    break;
            }
        }
    }
    

    注意:将此类的实例分配给 NavigationDelegate WeakNavigationDelegate WKWebView实例的。

    信息。plist NSAppTransportSecurity:

    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>self-signed.badssl.com</key>
            <dict>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
        </dict>
    </dict>