我正在寻找一种方法来实现能够切换我的网络应用程序正在使用哪个 NSURLCredential 与给定服务器通信。
有没有办法让我“重置”给定服务器信任的 NSURLCredential ssl 凭据并强制整个握手过程使用不同的凭据集重复? 换句话说,我希望我的网络应用程序忘记它曾经与该服务器通信。
我认为下面的代码片段是检索我之前评估过的凭证的内容。
- (void)customHTTPProtocol:(CustomHTTPProtocol *)protocol didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
NSURLCredential * credential = nil;
SecTrustRef trust;
NSURLProtectionSpace* protectionSpace = challenge.protectionSpace;
if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
//this verifies that we are talking to a server that we trust by checking it's certificate
// Extract the SecTrust object from the challenge, apply our trusted anchors to that
// object, and then evaluate the trust. If it's OK, create a credential and use
// that to resolve the authentication challenge. If anything goes wrong, resolve
// the challenge with nil, which continues without a credential, which causes the
// connection to fail.
trust = [protectionSpace serverTrust];
if (trust == NULL) {
assert(NO);
} else {
// Just Ignore Self Signed Certs
SecTrustResultType result;
//This takes the serverTrust object and checkes it against your keychain
SecTrustEvaluate(protectionSpace.serverTrust, &result);
//if we want to ignore invalid server for certificates, we just accept the server
credential = [NSURLCredential credentialForTrust: challenge.protectionSpace.serverTrust];
if(result == kSecTrustResultProceed ||
// result == kSecTrustResultConfirm || // Deprecated - Remove?
result == kSecTrustResultUnspecified) {
[challenge.sender useCredential:credential forAuthenticationChallenge: challenge];
}
}
[protocol resolveAuthenticationChallenge:challenge withCredential:credential];
}
//... more ways to resolve challenge
}