iOS加载网页时,Https使用的是自制证书

收到AuthenticationChallenge(质疑认证)的处理

- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler {
    ///
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        /// 生成认证凭据
        NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
        /// 接受服务器凭据
        completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
    } else {
        completionHandler(NSURLSessionAuthChallengePerformDefaultHandling ,nil);
    }
}

Tips:

  • 认证质疑的类型:

    • NSURLAuthenticationMethodServerTrust App对服务器进行认证
    • NSURLAuthenticationMethodClientCertificate,NSURLAuthenticationMethodNegotiate,NSURLAuthenticationMethodNTLM,NSURLAuthenticationMethodHTTPBasic 服务器对客户端进行的认证

  • 响应质疑的类型(NSURLSessionAuthChallengeDisposition)

    • NSURLSessionAuthChallengeUseCredential 使用指定的凭据
    • NSURLSessionAuthChallengePerformDefaultHandling 默认处理如果没有实现URLSessionDelegate,参数默认忽略
    • NSURLSessionAuthChallengeCancelAuthenticationChallenge 取消认证,会取消URLSessionTask
    • NSURLSessionAuthChallengeRejectProtectionSpace 拒绝认证,并进行下一个认证质疑

  • 生成要是用的凭据

    typedef NS_ENUM(NSUInteger, NSURLCredentialPersistence) {
    NSURLCredentialPersistenceNone, //不需要存储
    NSURLCredentialPersistenceForSession, //保存在会话中,推荐
    NSURLCredentialPersistencePermanent, //保存在keychain中
    NSURLCredentialPersistenceSynchronizable API_AVAILABLE(macos(10.8), ios(6.0), watchos(2.0), tvos(9.0)) //保存在keychain中并同步到iCloud
};

/// 使用用户名,密码,存储方式生成凭据, persistence; NSURLAuthenticationMethodHTTPBasic类型的认证一般用这种方式生成凭据
+ (NSURLCredential *)credentialWithUser:(NSString *)user password:(NSString *)password persistence:(NSURLCredentialPersistence)persistence;

    /// https://www.cnblogs.com/jisa/p/11271600.html 参考链接
/// 使用标识符和证书生成凭证; NSURLAuthenticationMethodClientCertificate类型认证,通常使用该方法生成凭据
+ (NSURLCredential *)credentialWithIdentity:(SecIdentityRef)identity certificates:(nullable NSArray *)certArray persistence:(NSURLCredentialPersistence)persistence

    /// 使用服务器返回的serverTrust生成凭证
+ (NSURLCredential *)credentialForTrust:(SecTrustRef)trust
posted @   jisa  阅读(184)  评论(0编辑  收藏  举报
相关博文:
· iOS 15.4以上系统12/24小时制的问题。
· iOS15 模拟器,加载WKWebView崩溃,真机可以正常运行
· App校验https证书
· https双向认证
· IOS平台APP安全Checklist
阅读排行:
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
点击右上角即可分享
微信分享提示