NSURLCredential
typedef NS_ENUM(NSUInteger, NSURLCredentialPersistence) {
NSURLCredentialPersistenceNone,//不存储
NSURLCredentialPersistenceForSession,//按照Session生命周期存储
NSURLCredentialPersistencePermanent,//存储到钥匙串
NSURLCredentialPersistenceSynchronizable API_AVAILABLE(macos(10.8), ios(6.0), watchos(2.0), tvos(9.0))//存储到钥匙串,根据相同的AppleID分配到其他设备。
};
@class NSURLCredentialInternal;
@interface NSURLCredential : NSObject <NSSecureCoding, NSCopying>
{
@private
__strong NSURLCredentialInternal *_internal;
}
/*!
证书存储方式
*/
@property (readonly) NSURLCredentialPersistence persistence;
@end
//针对用户名、密码的证书对象
@interface NSURLCredential(NSInternetPassword)
/*!
@param user 用户名
@param password 密码
@param persistence 存储方式
*/
- (instancetype)initWithUser:(NSString *)user password:(NSString *)password persistence:(NSURLCredentialPersistence)persistence;
+ (NSURLCredential *)credentialWithUser:(NSString *)user password:(NSString *)password persistence:(NSURLCredentialPersistence)persistence;
@property (nullable, readonly, copy) NSString *user;
@property (nullable, readonly, copy) NSString *password;
/*!
判断证书是否有密码、而不是获取
*/
@property (readonly) BOOL hasPassword;
@end
/*!
这种是要求客户端提供证书来建立的挑战凭证、用于服务器要认证客户端的情况、我们需要从钥匙串中得到一个客户端证书。
*/
@interface NSURLCredential(NSClientCertificate)
/*!
@param identity 证书对象(可以导入本地P12之类)
@param 至少包含一个SecCertificateRef对象的数组
参考:https://blog.csdn.net/codingfire/article/details/53419521的demo来看。应该是可以取出多个证书一并导入。
@param persistence 储存方式
*/
- (instancetype)initWithIdentity:(SecIdentityRef)identity certificates:(nullable NSArray *)certArray persistence:(NSURLCredentialPersistence)persistence API_AVAILABLE(macos(10.6), ios(3.0), watchos(2.0), tvos(9.0));
+ (NSURLCredential *)credentialWithIdentity:(SecIdentityRef)identity certificates:(nullable NSArray *)certArray persistence:(NSURLCredentialPersistence)persistence API_AVAILABLE(macos(10.6), ios(3.0), watchos(2.0), tvos(9.0));
/*!
返回这个证书对象SecIdentityRef、如果是账号密码生成的证书则返回NULL
*/
@property (nullable, readonly) SecIdentityRef identity;
/*!
返回这个证书对象的SecIdentityRef数组、如果是账号密码生成的证书则返回NULL
*/
@property (readonly, copy) NSArray *certificates API_AVAILABLE(macos(10.6), ios(3.0), watchos(2.0), tvos(9.0));
@end
//这种要求客户端的对服务器的信任来建立凭证,所谓SecTrust用来描述信任某个证书用来做什么的东西,比如一个证书可以用来做SSL,用来做签名,邮件安全(这个证书以及可以用来做什么来构造一个信任)
@interface NSURLCredential(NSServerTrust)
/*!
@method initWithTrust:
@abstract trust 信任类型
使用参考:http://www.zhimengzhe.com/IOSkaifa/74466.html
*/
- (instancetype)initWithTrust:(SecTrustRef)trust API_AVAILABLE(macos(10.6), ios(3.0), watchos(2.0), tvos(9.0));
+ (NSURLCredential *)credentialForTrust:(SecTrustRef)trust API_AVAILABLE(macos(10.6), ios(3.0), watchos(2.0), tvos(9.0));
@end
参考资料
iOS开发 - 用AFNetworking实现https单向验证,双向验证
关于ios项目绕过证书访问https
网友评论