NSURLConnection SSL HTTP 기본 인증

Question

ssl urls와 기본 인증을 모두 수행하라는 url 요청을받을 수 없습니다. 나는 다른 관련 질문을 확인했는데 작동하지 않는 것 같아요.

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace { 
// NSLog(@"We are checking protection Space!"); 
    if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) 
    { 
     NSLog(@"Can Auth Secure Requestes!"); 
     return YES; 
    } 
    else if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic]) 
    { 
     NSLog(@"Can Auth Basic Requestes!"); 
     return YES; 
     //return NO; 
    } 
    NSLog(@"Cannot Auth!"); 
    return NO; 


} 
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge { 
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) 
    { 
     NSLog(@"Trust Challenge Requested!"); 
     [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; 
     [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge]; 

    } 
    else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic]) 
    { 
     NSLog(@"HTTP Auth Challenge Requested!"); 
     NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:@"user" password:@"pass" persistence:NSURLCredentialPersistenceForSession]; 
     [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge]; 
     [credential release]; 
    } 

무엇이 잘못하고 있는지 알 수없는 것처럼 보입니다. 연결 설명에 보안 연결 실패가 표시됩니다. 나는 단순히 SSL로 시도했지만 아무런 기본 작동하지 않습니다. 나는 또한 SSL과 기본없이 노력하고 잘 작동합니다.

Answer 1

실제로 문제가 SSL 인증서와 관련이 있습니다.

Answer 2

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace { 
if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) 
{ 

    return YES; 
} 
else 
{ 
    if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic]) 
    { 
     return YES; 
    } 
} 
    return NO; 


} 
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge { 

if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) 
{ 
    [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; 
    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge]; 

} 
else 
{ 
    if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic]) 
    { 

     NSURLCredential *creden = [[NSURLCredential alloc] initWithUser:@"USERNAME" password:@"PASSWORD" persistence:NSURLCredentialPersistenceForSession]; 


     [[challenge sender] useCredential:creden forAuthenticationChallenge:challenge]; 
     [creden release]; 
    } 
    else 
    { 
     [[challenge sender]cancelAuthenticationChallenge:challenge]; 

    } 
} 
} 

Answer 3

신뢰할 수있는 응답은 서버 신뢰를 검증하지 않으므로 잘못된 서버 인증서를 잘못 신뢰하게 될 수도 있습니다.

Apple's documentation for NSURLCredential credentialForTrust: 당신이 그것을 사용하기 전에 당신이 실제로 서버 신뢰를 확인해야 함을 나타냅니다 : 서버의 신뢰 자격 증명을 작성하기 전에

를, 그것은있는 NSURLConnection 개체의 위임 또는를 평가하는 NSURLDownload 개체의 책임이다 믿음. 이 작업을 수행하려면 SecTrustEvaluate를 호출하여 서버의 NSURLProtectionSpace 객체에 대한 serverTrust 메서드에서 얻은 트러스트를 전달합니다. 신뢰가 유효하지 않으면 cancelAuthenticationChallenge :로 인증 시도를 취소해야합니다.

Apple's documentation for NSURLAuthenticationChallenge도 도전 번호 proposedCredential을 고려해야 함을 나타냅니다. didReceiveAuthenticationChallenge : : * 방법

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge 
{ 
    if (challenge.proposedCredential) 
    { 
     if (challenge.previousFailureCount == 0) 
     { 
      [challenge.sender useCredential:challenge.proposedCredential forAuthenticationChallenge:challenge]; 
     } 
     else 
     { 
      // The server has rejected the proposed credential, and 
      // you should use that credential to populate a password 
      // or certificate chooser dialog, then provide a new credential. 
      // You can create password-based credentials by calling the 
      // credentialWithUser:password:persistence: method or create 
      // certificate-based credentials with the 
      NSLog(@"Need to add code here to create new credential..."); 
     } 
    } 
    else if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) 
    { 
     NSLog(@"Trust Challenge Requested!"); 

     // As per NSURLCredential class reference, verify the server trust... 
     SecTrustResultType trustResult = kSecTrustResultInvalid; 
     const OSStatus status = SecTrustEvaluate(challenge.protectionSpace.serverTrust, &trustResult); 

     if (noErr == status && 
      (
       kSecTrustResultProceed == trustResult || 

       // https://developer.apple.com/library/mac/qa/qa1360/_index.html 
       kSecTrustResultUnspecified == trustResult 
      ) 
     ) 
     { 
      [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; 
      [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge]; 
     } 
     else 
     { 
      NSLog(@"Failed to verify server trust, cancelling..."); 
      [challenge.sender cancelAuthenticationChallenge:challenge]; 
     } 
    } 
    else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic]) 
    { 
     NSLog(@"HTTP Auth Challenge Requested!"); 
     NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:@"user" password:@"pass" persistence:NSURLCredentialPersistenceForSession]; 
     [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge]; 
    } 
}