1

我无法查看具有自签名证书且还需要 HTTP 身份验证的网站。目前我正在尝试通过使用如何在 UIWebView 中显示身份验证挑战来实现它?UIWebView 来查看自签名网站(没有私有 api,不是 NSURLConnection) - 有可能吗?作为如何实现这一点的指南。我也在尝试使用绕过自签名证书的私有 api 方法,但我无法找到指向它的链接。但私有 api 标头是:

@interface NSURLRequest (DummyInterface)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host;
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host;
@end

然后我将这些作为重要功能:

- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType;
{
    NSLog(@"Did start loading: %@ auth:%d", [[request URL] absoluteString], _authenticated);

      [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]];

   _request=[NSURLRequest requestWithURL:URL];

    if (!_authenticated) {
        _authenticated = NO;

        [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]];

        _urlConnection = [[NSURLConnection alloc] initWithRequest:_request delegate:self];

        [_urlConnection start];

       [mainWebView loadRequest:_request];

        return NO;
    }

    return YES;

}

基本上调用 nsurl 连接来传递登录凭据。

    #pragma mark - NURLConnection delegate

    - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;
    {




        NSLog(@"WebController Got auth challange via NSURLConnection");

        [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]];

        if ([challenge previousFailureCount] == 0)
        {
            _authenticated = YES;



            NSURLCredential *credential = [NSURLCredential credentialWithUser:@"username"
              password:@"password"
                                                                   persistence:NSURLCredentialPersistenceForSession];

           [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];

        NSLog(@"credential created");

    } else
    {
        NSLog(@"previous authentication failure");
        [[challenge sender] cancelAuthenticationChallenge:challenge];
    }
}


- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
    NSLog(@"WebController received response via NSURLConnection");

    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *)response;
     NSLog(@"remote url returned error %d %@",[httpResponse statusCode],[NSHTTPURLResponse localizedStringForStatusCode:[httpResponse statusCode]]);

    NSLog(@"The response is =%@",response);


   _authenticated = YES;

  [NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]];

    NSURLRequest *urlRequest = [NSURLRequest requestWithURL:URL];

    [mainWebView loadRequest:urlRequest];

    [_urlConnection cancel];    
}
4

3 回答 3

1

使用以下两种方法,我们可以允许自签名证书

-(BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace;

-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;

我在这里使用这些方法进行了深入回答

于 2013-12-26T19:07:43.923 回答
1

这很容易使用AFNetworking
实现 我通过子类化AFHTTPRequestOperation并将此代码添加到 init 来实现

// SSL Support
[self setAuthenticationChallengeBlock:^(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge) {
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    }
}];
[self setAuthenticationAgainstProtectionSpaceBlock:^BOOL(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace) {
    if([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        if(shouldAllowSelfSignedCert) {
            return YES; // Self-signed cert will be accepted
        } else {
            return NO;  // Self-signed cert will be rejected
        }
        // Note: it doesn't seem to matter what you return for a proper SSL cert
        //       only self-signed certs
    }
    // If no other authentication is required, return NO for everything else
    // Otherwise maybe YES for NSURLAuthenticationMethodDefault and etc.
    return NO;
}];

您还可以将您的授权标头添加到子类中,这使得在应用程序的各个部分中使用连接非常简单。

于 2012-10-26T09:14:41.300 回答
0

覆盖 NSURLConnectionDelegate 的

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;

以下将接受任何未经主机验证的 SSL 证书,因此不安全。您应该有一个包含所有有效主机的资源文件,并使用安全框架比较证书。

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    } else {
        [challenge.sender performDefaultHandlingForAuthenticationChallenge:challenge];
    }
}

您是否考虑过使用 ASIHTTPRequest?我相信它有简化这一点的方法。

于 2012-10-26T04:52:42.730 回答