如何使用客户端证书对 UIWebView 进行身份验证?
How to authenticate an UIWebView with a client certificate?
我有以下问题:
我有一个 UIWebView 可以正确加载网站,但服务器也需要来自客户端 (UIWebView) 的身份验证。我已经使用从另一个站点获得的以下代码添加了 ssl certificate:
shouldStartLoadWithRequest:
-(BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType (UIWebViewNavigationType)navigationType;
{
if(![self authenticated])
{
[self setAuthenticated:NO];
[self setUrlConnection:[[NSURLConnection alloc] initWithRequest:[self requestObj] delegate:self]];
[[self urlConnection] start];
return NO;
}
return YES;
}
didReceiveAuthenticationChallenge:
-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge previousFailureCount] == 0)
{
[self setAuthenticated:YES];
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
}
else [[challenge sender] cancelAuthenticationChallenge:challenge];
}
didReceiveResponse:
-(void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
[self setAuthenticated:YES];
[[self webView] loadRequest:[self requestObj]];
[[self urlConnection] cancel];
}
canAuthenticateAgainstProtectionSpace:
-(BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}
现在服务器需要来自具有特定 DN 名称的客户端(证书)的身份验证。我找到 iOS Client Certificates and Mobile Device Management 但代码没有帮助我,也没有解决我的问题。
是否可以将 PKCS12 文件附加到我的 UIWebView,这样如果服务器需要来自客户端的身份验证,UIWebView 会向他显示此文件吗?
我总是得到错误
2016-04-20 12:20:50.880 App [469:126255] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2016-04-20 12:20:51.454 App [469:126252] CFNetwork SSLHandshake failed (-9824 -> -9829)
2016-04-20 12:20:51.456 App [469:126252] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9829)
使用这段代码
-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
NSURL* baseURL = [NSURL URLWithString:SERVER_IP];
if ([challenge.protectionSpace.host isEqualToString:baseURL.host])
{
NSLog(@"trusting connection to host %@", challenge.protectionSpace.host);
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}
else
{
NSLog(@"Not trusting connection to host %@", challenge.protectionSpace.host);
}
}
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
并将此 class 添加到当前 class
的上方
@interface NSURLRequest(AllowAllCerts)
@end
@implementation NSURLRequest(AllowAllCerts)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
@end
我有以下问题:
我有一个 UIWebView 可以正确加载网站,但服务器也需要来自客户端 (UIWebView) 的身份验证。我已经使用从另一个站点获得的以下代码添加了 ssl certificate:
shouldStartLoadWithRequest:
-(BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType (UIWebViewNavigationType)navigationType;
{
if(![self authenticated])
{
[self setAuthenticated:NO];
[self setUrlConnection:[[NSURLConnection alloc] initWithRequest:[self requestObj] delegate:self]];
[[self urlConnection] start];
return NO;
}
return YES;
}
didReceiveAuthenticationChallenge:
-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge previousFailureCount] == 0)
{
[self setAuthenticated:YES];
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
}
else [[challenge sender] cancelAuthenticationChallenge:challenge];
}
didReceiveResponse:
-(void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
[self setAuthenticated:YES];
[[self webView] loadRequest:[self requestObj]];
[[self urlConnection] cancel];
}
canAuthenticateAgainstProtectionSpace:
-(BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}
现在服务器需要来自具有特定 DN 名称的客户端(证书)的身份验证。我找到 iOS Client Certificates and Mobile Device Management 但代码没有帮助我,也没有解决我的问题。
是否可以将 PKCS12 文件附加到我的 UIWebView,这样如果服务器需要来自客户端的身份验证,UIWebView 会向他显示此文件吗?
我总是得到错误
2016-04-20 12:20:50.880 App [469:126255] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2016-04-20 12:20:51.454 App [469:126252] CFNetwork SSLHandshake failed (-9824 -> -9829)
2016-04-20 12:20:51.456 App [469:126252] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9829)
使用这段代码
-(void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
NSURL* baseURL = [NSURL URLWithString:SERVER_IP];
if ([challenge.protectionSpace.host isEqualToString:baseURL.host])
{
NSLog(@"trusting connection to host %@", challenge.protectionSpace.host);
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}
else
{
NSLog(@"Not trusting connection to host %@", challenge.protectionSpace.host);
}
}
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
并将此 class 添加到当前 class
的上方@interface NSURLRequest(AllowAllCerts)
@end
@implementation NSURLRequest(AllowAllCerts)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
@end