gpt4 book ai didi

Xamarin WKWebView 接受自签名证书

转载 作者:行者123 更新时间:2023-12-01 22:11:57 30 4
gpt4 key购买 nike

我在网上看到了各种说明如何接受它们的示例,但我总是得到发生 SSL 错误并且无法与服务器建立安全连接。

我会注意到肯定会调用该方法(在 iOS 8.4 模拟器和 iOS 11 实际设备上运行),因此未调用的方法不是这里的问题。

到目前为止我已经尝试过什么(显然我只在开发中使用这段代码而不是在生产中,等等等等):

1:

public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, new NSUrlCredential(serverTrust));
}

2:

public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
}

3:

    public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
SecTrust serverTrust = challenge.ProtectionSpace.ServerSecTrust;
NSData exceptions = serverTrust.GetExceptions();
serverTrust.SetExceptions(exceptions);
exceptions.Dispose();
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
}

4:

    public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
SecTrust serverTrust = challenge.ProtectionSpace.ServerSecTrust; //TODO: Get the following working (currently we still receive SSL errors)
NSData exceptions = serverTrust.GetExceptions();
serverTrust.SetExceptions(exceptions);
exceptions.Dispose();

challenge.Sender.UseCredential(NSUrlCredential.FromTrust(serverTrust), challenge);
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
}

我做错了什么?谢谢。

最佳答案

要支持自签名证书,您 有两件事要做:

  1. 在您的自签名域上允许 NSExceptionAllowsInsecureHTTPLoads
    • 即使您使用的是 https,您的应用也会被标记为存在信任问题
  2. 绕过证书安全检查

关于 2 的安全说明:为任何生产应用获取 CA 颁发的证书,因为这会完全禁用您域上的证书验证,从而允许 MITM 攻击、您的应用的 DNS 重定向欺骗等。 . 您可以通过在主包中包含公共(public) cer 并将其与收到的证书进行检查来固定证书,但这仅意味着需要在 MITM 或 DNS 欺骗攻击中生成伪造的证书(以及那些已经存在的工具在各种漏洞利用工具包中)

使用 https://badssl.com 站点的示例:

WKNavigationDelegate:

public class NavigationDelegate : WKNavigationDelegate
{
const string host = "self-signed.badssl.com";
public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler)
{
switch (challenge.ProtectionSpace.Host)
{
case host:
using (var cred = NSUrlCredential.FromTrust(challenge.ProtectionSpace.ServerSecTrust))
{
completionHandler.Invoke(NSUrlSessionAuthChallengeDisposition.UseCredential, cred);
}
break;
default:
completionHandler.Invoke(NSUrlSessionAuthChallengeDisposition.PerformDefaultHandling, null);
break;
}
}
}

注意:将此类的实例分配给 WKWebView 实例的 NavigationDelegateWeakNavigationDelegate

Info.plist NSAppTransportSecurity:

<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>self-signed.badssl.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>

关于Xamarin WKWebView 接受自签名证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47400391/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com