AFNetWorking https 雙向認證

客戶端驗證服務端證書：

須要http配置路徑須要域名

1:先項目中倒入服務端證書 sever.cer，

2.然後設置 AFSecurityPolicy

self.manager = [AFHTTPRequestOperationManager manager];

self.manager.responseSerializer = [[AFHTTPResponseSerializer alloc] init];

[self.manager.requestSerializer setValue:@"iphone" forHTTPHeaderField:@"header-platform"];

self.manager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];

self.manager.securityPolicy.allowInvalidCertificates = YES;

self.manager.securityPolicy.validatesDomainName = NO;

self.manager.securityPolicy.validatesCertificateChain = NO;

客戶端會變了項目中的證書和服務端的證書匹配

服務端驗證客戶端證書，首先把服務端的證書client.p12 導入到服務端的密鑰庫裏

然後在 AFURLConnectionOperation.m中加入如下方法

- (OSStatus)extractIdentity:(CFDataRef)inP12Data :(SecIdentityRef*)identity {

OSStatus securityError = errSecSuccess;

CFStringRef password = CFSTR("clic1234");

const void *keys[] = { kSecImportExportPassphrase };

const void *values[] = { password };

CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);

CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);

securityError = SecPKCS12Import(inP12Data, options, &items);

if (securityError == 0)

{

CFDictionaryRef ident = CFArrayGetValueAtIndex(items,0);

const void *tempIdentity = NULL;

tempIdentity = CFDictionaryGetValue(ident, kSecImportItemIdentity);

*identity = (SecIdentityRef)tempIdentity;

}

if (options) {

CFRelease(options);

}

return securityError;

}

把AFURLConnectionOperation.m中的

- (void)connection:(NSURLConnection *)connection

willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

替換成

- (void)connection:(NSURLConnection *)connection

willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

{

NSString *thePath = [[NSBundle mainBundle] pathForResource:@"client" ofType:@"p12"];

NSLog(@"thePath===========%@",thePath);

NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath];

CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;

SecIdentityRef identity = NULL;

// extract the ideneity from the certificate

[self extractIdentity :inPKCS12Data :&identity];

SecCertificateRef certificate = NULL;

SecIdentityCopyCertificate (identity, &certificate);

const void *certs[] = {certificate};

// CFArrayRef certArray = CFArrayCreate(kCFAllocatorDefault, certs, 1, NULL);

// create a credential from the certificate and ideneity, then reply to the challenge with the credential

//NSLog(@"identity=========%@",identity);

NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity certificates:nil persistence:NSURLCredentialPersistencePermanent];

// credential = [NSURLCredential credentialWithIdentity:identity certificates:(__bridge NSArray*)certArray persistence:NSURLCredentialPersistencePermanent];

[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];

}

然後就能夠進行雙向認證了

 ios, https

更多相關文章

• Tomcat和Openssl構建HTTPS雙向認證

  折騰了兩天終於搞好了,查看了不少資料並嘗試了上十次才終於配置好,爲了你們不走彎路,特寫此文 一. 服務端環境 CNETOS-6.5 Tomcat 7 jdk7 openssl-1.0.2-beta1.tar.gz 二.源碼安裝及證書申請與簽發 將openssl-1.0.2-beta1.tar.gz ...

• keytool+tomcat配置HTTPS雙向證書認證

  系統需求: 1. Windows系統或Linux系統 2. 安裝並配置JDK 1.6.0_13 3. 安裝並配置Tomcat 6.0 第一步:爲服務器生成證書 1. Windows系統 "運行"控制檯,進入%JAVA_HOME%/bin目錄 使用keytool爲Tomcat生成證 ...

• Nginx、SSL雙向認證、PHP、SOAP、Webservice、https

  本文是1:1模式,N:1模式請參見新的一篇博客<SSL雙向認證(高清版)> -- 我是 標題太長了不知道該怎麼起,索性就把keyword列出來吧~ WebService的WS-*搞了一天沒搞定,看樣子PHP應該是徹底拋棄SOAP協議了,google翻爛了也沒找到什麼靠譜的解決方案. 合做 ...

• ToncatOpenSSL雙向認證配置（iOS）

  OpenSSL生成證書 要生成證書的目錄下創建幾個文件和文件夾,有./demoCA/ ./demoCA/newcerts/ ./demoCA/private/ ./demoCA/index.txt (空文件,生成證書時會將數據記錄寫入)./demoCA/serial (在serial文件中寫入第一個 ...

• webservice ssl雙向認證配置

  1.在tomcat中安裝axis2插件 2.生成證書,用jdk自帶的keytool 服務端 keytool -genkey -alias Server -dname "CN=192.168.10.100, OU=JH, O=JH, L=HangZhou, S=ZheJiang, C=CN& ...

• Nginx、Tomcat、SSL、雙向認證

  1. 證書層級結構2. 服務器結構tomcat不要求認證客戶端,nginx要求認證客戶端3. tomcat配置注意點tomcat的服務器證書的CN必須爲tomcat_backend4. nginx配置注意點使用openssl從pfx文件中導出pem格式公鑰1openssl pkcs12 -clcer ...

• 在JEE項目中實施SSL雙向認證

  一.爲什麼要實施雙向認證(Why)雙向認證通常使用在B2B系統或企業內部系統中,目的就是阻止無關人員訪問系統,哪怕就一個登錄頁面也不行.只有系統管理員給你發放了證書,你才能訪問到該系統.二.準備工做(Getting ready)1. 你係統中要有JDK2. 你要有一個Servlet容器,這裏使用to ...

• Centos6.3下apache實現SSL虛擬主機雙向認證

  好久沒有更新LAMP的相關文檔了,剛好最近單位作項目須要用到apache的SSL虛擬主機雙向認證,剛好以前在作LAMP的時候順帶作過SSL模塊加載,SO參考了google大量文檔,用了半天時間搞定,這裏總結出來給你們分享一下. 該方案是爲了實現apache下實現SSL虛擬主機雙向認證,從而實現可信任 ...

源地址：http://www.xlgps.com/article/75782.html