AFHTTPRequestOperation with SSL Pinning not working
问题描述:
我为我的iPhone应用程序(Objective-C)使用AFHTTPRequestOperation
。我需要启用SSL
固定我的应用程序。AFHTTPRequestOperation with SSL Pinning not working
但是,无论我的应用包中包含的证书是正确还是错误,调用API都始终成功。
如果我固定在我的应用程序中的证书是错误的证书,我的服务器API的调用应该失败吗?
这是我在应用程序代码:
- (AFHTTPRequestOperation *)HTTPRequestOperationWithRequest:(NSURLRequest *)request
success:(void (^)(AFHTTPRequestOperation *operation, id responseObject))success
failure:(void (^)(AFHTTPRequestOperation *operation, NSError *error))failure{
AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc] initWithRequest:request];
operation.responseSerializer = self.responseSerializer;
operation.shouldUseCredentialStorage = self.shouldUseCredentialStorage;
operation.credential = self.credential;
//operation.securityPolicy = self.securityPolicy;
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"wrong_cert" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
[securityPolicy setAllowInvalidCertificates:NO];
[securityPolicy setValidatesDomainName:YES];
[securityPolicy setPinnedCertificates:@[certData]];
[operation setSecurityPolicy:securityPolicy];
[operation setCompletionBlockWithSuccess:success failure:failure];
operation.completionQueue = self.completionQueue;
operation.completionGroup = self.completionGroup;
return operation;
}
请指教。谢谢。
答
我使用AFNetworking成功实施了SSL固定。测试前请确保您的证书有效。看下面的代码片段。
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager sharedManager];
manager.responseSerializer = [AFJSONResponseSerializer serializer];
manager.responseSerializer.acceptableContentTypes = [NSSet setWithObject:@"text/html"];
AFHTTPRequestOperation *post = [manager POST:[NSString stringWithFormat:@"%@",url] parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject) {
NSLog(@"JSON: %@", responseObject);
[delegate requestCompleted:responseObject];
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
if([error.domain isEqualToString:@"NSURLErrorDomain"] && error.code == -1012){
//SSL Pinning request failed
} else if (!operation.cancelled) {
}
}];
[post start];