AFNetworking源码阅读(三)AFSecurityPolicy

 

 AFSecurityPolicy.h

1 #import <Foundation/Foundation.h>
2 #import <Security/Security.h>
3 
4 typedef NS_ENUM(NSUInteger, AFSSLPinningMode) {
5     AFSSLPinningModeNone,
6     AFSSLPinningModePublicKey,
7     AFSSLPinningModeCertificate,
8 };

   首先需要添加系统的 Security 框架。

  AFSSLPinningModel 枚举值:

  AFSSLPinningModeNone 代表无条件信任服务器的证书

  AFSSLPinningModelPublicKey 代表会对服务器返回的证书中的 PublicKey 进行验证,通过则通过,否则不通过

  AFSSLPinningModelCertificate 代表会对服务器返回的证书同本地证书全部进行校验,通过则通过,否则不通过

1 /**
2  `AFSecurityPolicy` evaluates server trust against pinned X.509 certificates and public keys over secure connections.
3 
4  Adding pinned SSL certificates to your app helps prevent man-in-the-middle attacks and other vulnerabilities. Applications dealing with sensitive customer data or financial information are strongly encouraged to route all communication over an HTTPS connection with SSL pinning configured and enabled.
5  */

   这段解释是:

  'afsecuritypolicy' 评估服务器信任与寄托的 X.509 证书的公共密钥和安全连接。

  在应用内添加SSL证书能够有效的防止中间人的攻击和安全漏洞。强烈建议涉及用户敏感或隐私数据或金融信息的应用全部网络连接都采用使用 SSL 的 HTTPS 连接。

1 @interface AFSecurityPolicy : NSObject <NSSecureCoding, NSCopying>

  AFSecurityPolicy 继承 NSObject 并且遵守 NSSecureCoding 和 NSCopying 协议。

 属性:

1 /**
2  The criteria by which server trust should be evaluated against the pinned SSL certificates. Defaults to `AFSSLPinningModeNone`.
3  */
4 @property (readonly, nonatomic, assign) AFSSLPinningMode SSLPinningMode;

  应该根据固定的 SSL 证书对服务器信任进行评估的标准。默认是: AFSSLPinningModeNone。

1 /**
2  The certificates used to evaluate server trust according to the SSL pinning mode. 
3 
4   By default, this property is set to any (`.cer`) certificates included in the target compiling AFNetworking. Note that if you are using AFNetworking as embedded framework, no certificates will be pinned by default. Use `certificatesInBundle` to load certificates from your target, and then create a new policy by calling `policyWithPinningMode:withPinnedCertificates`.
5  
6  Note that if pinning is enabled, `evaluateServerTrust:forDomain:` will return true if any pinned certificate matches.
7  */
8 @property (nonatomic, strong, nullable) NSSet <NSData *> *pinnedCertificates;

  

 

posted @ 2017-06-22 00:46  鳄鱼不怕牙医不怕  阅读(194)  评论(0编辑  收藏  举报