您的位置: 首页  >  技术问答  >  AFHTTPRequestOperation with SSL Pinning not working

AFHTTPRequestOperation with SSL Pinning not working

分类: 技术问答 2022-06-21 14:42:10
问题描述:

我为我的iPhone应用程序(Objective-C)使用AFHTTPRequestOperation。我需要启用SSL固定我的应用程序。AFHTTPRequestOperation with SSL Pinning not working

但是,无论我的应用包中包含的证书是正确还是错误,调用API都始终成功。

如果我固定在我的应用程序中的证书是错误的证书,我的服务器API的调用应该失败吗?

这是我在应用程序代码:

- (AFHTTPRequestOperation *)HTTPRequestOperationWithRequest:(NSURLRequest *)request 
                success:(void (^)(AFHTTPRequestOperation *operation, id responseObject))success 
                failure:(void (^)(AFHTTPRequestOperation *operation, NSError *error))failure{ 
    AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc] initWithRequest:request]; 

    operation.responseSerializer = self.responseSerializer; 
    operation.shouldUseCredentialStorage = self.shouldUseCredentialStorage; 
    operation.credential = self.credential; 
    //operation.securityPolicy = self.securityPolicy; 

    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]; 
    NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"wrong_cert" ofType:@"cer"]; 
    NSData *certData = [NSData dataWithContentsOfFile:cerPath]; 
    [securityPolicy setAllowInvalidCertificates:NO]; 
    [securityPolicy setValidatesDomainName:YES]; 
    [securityPolicy setPinnedCertificates:@[certData]]; 
    [operation setSecurityPolicy:securityPolicy]; 

    [operation setCompletionBlockWithSuccess:success failure:failure]; 
    operation.completionQueue = self.completionQueue; 
    operation.completionGroup = self.completionGroup; 

    return operation; 

}

请指教。谢谢。

我使用AFNetworking成功实施了SSL固定。测试前请确保您的证书有效。看下面的代码片段。

AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager sharedManager]; 
    manager.responseSerializer = [AFJSONResponseSerializer serializer]; 
    manager.responseSerializer.acceptableContentTypes = [NSSet setWithObject:@"text/html"]; 
    AFHTTPRequestOperation *post = [manager POST:[NSString stringWithFormat:@"%@",url] parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject) { 
     NSLog(@"JSON: %@", responseObject); 

     [delegate requestCompleted:responseObject]; 
    } failure:^(AFHTTPRequestOperation *operation, NSError *error) { 

     if([error.domain isEqualToString:@"NSURLErrorDomain"] && error.code == -1012){ 
      //SSL Pinning request failed 

     } else if (!operation.cancelled) { 

     } 
    }]; 

    [post start];

相关推荐