ASIHTTPRequest下访问https

最新推荐文章于 2024-03-20 09:58:16 发布

倒茄子

最新推荐文章于 2024-03-20 09:58:16 发布

阅读量1k

点赞数

文章标签： ios ASIHTTPRequest HTTPS

本文介绍了一个使用ASIHTTPRequest进行HTTPS请求的测试案例，重点在于如何处理客户端证书验证过程。通过测试无证书连接失败的情况，然后引入正确的客户端证书完成成功的HTTPS连接，并确保能够正确下载预期的内容。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

#import "ClientCertificateTests.h"
#import "ASIHTTPRequest.h"

@implementation ClientCertificateTests

- (void)testClientCertificate
{
	// This test will fail the second time it is run, I presume the certificate is being cached somewhere

	// This url requires we present a client certificate to connect to it
	NSURL *url = [NSURL URLWithString:@"https://clientcertificate.allseeing-i.com:8080/ASIHTTPRequest/tests/first"];

	// First, let's attempt to connect to the url without supplying a certificate
	ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];

	// We have to turn off validation for these tests, as the server has a self-signed certificate
	[request setValidatesSecureCertificate:NO];
	[request startSynchronous];

	GHAssertNotNil([request error],@"Request succeeded even though we presented no certificate, cannot proceed with test");

	// Now, let's grab the certificate (included in the resources of the test app)
	SecIdentityRef identity = NULL;
	SecTrustRef trust = NULL;
	NSData *PKCS12Data = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"client" ofType:@"p12"]];
	[ClientCertificateTests extractIdentity:&identity andTrust:&trust fromPKCS12Data:PKCS12Data];

	request = [ASIHTTPRequest requestWithURL:[NSURL URLWithString:@"https://clientcertificate.allseeing-i.com:8080/ASIHTTPRequest/tests/first"]];

	// In this case, we have no need to add extra certificates, just the one inside the indentity will be used
	[request setClientCertificateIdentity:identity];
	[request setValidatesSecureCertificate:NO];
	[request startSynchronous];

	// Make sure the request got the correct content
	GHAssertNil([request error],@"Request failed with error %@",[request error]);
	BOOL success = [[request responseString] isEqualToString:@"This is the expected content for the first string"];
	GHAssertTrue(success,@"Request failed to download the correct content");
}

// Based on code from http://developer.apple.com/mac/library/documentation/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html

+ (BOOL)extractIdentity:(SecIdentityRef *)outIdentity andTrust:(SecTrustRef*)outTrust fromPKCS12Data:(NSData *)inPKCS12Data
{
	OSStatus securityError = errSecSuccess;

	NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"" forKey:(id)kSecImportExportPassphrase];

	CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
	securityError = SecPKCS12Import((CFDataRef)inPKCS12Data,(CFDictionaryRef)optionsDictionary,&items);

	if (securityError == 0) { 
		CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
		const void *tempIdentity = NULL;
		tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity);
		*outIdentity = (SecIdentityRef)tempIdentity;
		const void *tempTrust = NULL;
		tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
		*outTrust = (SecTrustRef)tempTrust;
	} else {
		NSLog(@"Failed with error code %d",(int)securityError);
		return NO;
	}
	return YES;
}


@end