CODEWITHSUNDEEP
iosobjective-csslhttpsafnetworking-2
raistlin
raistlin

Reputation: 4346

AFNetworking 2 with AFSSLPinningModeCertificate

I have problem with SSL pinning. First question: is it OK if I logged in via Safari, added required certificate to keychain, then exported file from Keychain app and put it in my Xcode project? I have .cer file already so few questions here on SO seemed to be irrelevant for my situation.

Here is my code:

- (AFSecurityPolicy*) customSecurityPolicy{
  NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"cert_name" ofType:@"cer"];
  NSData *certData = [NSData dataWithContentsOfFile:cerPath];
  AFSecurityPolicy *securityPolicy = [[AFSecurityPolicy alloc] init];
  [securityPolicy setAllowInvalidCertificates:NO];
  [securityPolicy setPinnedCertificates:@[certData]];
  [securityPolicy setSSLPinningMode:AFSSLPinningModeCertificate];
  return securityPolicy;
}

-(void)secureLogin{    
  NSString *server = @"https_url";
  NSDictionary *params = @{@"login": self.loginField.text, @"password" : self.passField.text};
  NSError *error = nil;
  NSString *JSON = [[NSString alloc] initWithData:[NSJSONSerialization dataWithJSONObject:params
                                                                                options:NSJSONWritingPrettyPrinted
                                                                                  error:&error]
                                         encoding:NSUTF8StringEncoding];
  //NSLog(@"JSON: %@", JSON);

  AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
  [manager setSecurityPolicy:[self customSecurityPolicy]];
  manager.requestSerializer = [AFHTTPRequestSerializer serializer];
  manager.responseSerializer = [AFJSONResponseSerializer serializer];
  [manager POST:server
     parameters:@{@"data" : JSON}
        success:^(AFHTTPRequestOperation *operation, id responseObject) {
            NSLog(@"hell yea! %@", responseObject);
        } failure:^(AFHTTPRequestOperation *operation, NSError *error) {
            NSLog(@"error: %@", error);
        }];
}

If I set setAllowInvalidCertificates:YES] then it's cool, but not secure. I'm trying to get some sense out of it, but nothing so far. I keep getting:

error: Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be completed. (NSURLErrorDomain error -1012.)" UserInfo=0x8a35800 {NSErrorFailingURLKey=https_url, NSErrorFailingURLStringKey=https_url}

Upvotes: 3

Views: 2547

Answers (3)

王永吉
王永吉

Reputation: 83

Because your Domain name is not registered You maybe use similar to https://42.62.101.10:80/andsoon you need download Site certificate (.cer) in you Xcode. and then

 AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
manager.securityPolicy =  [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
[manager.securityPolicy setAllowInvalidCertificates:YES];

// Just try

Upvotes: 0

www.jensolsson.se
www.jensolsson.se

Reputation: 3073

If you have a valid certificate issued by a public CA you should probably either include a collection of all certificates from the issued certificate up to the root certificate including all intermediate certificates or you should set the following:

[securityPolicy setValidatesCertificateChain:NO];

Upvotes: 1

raistlin
raistlin

Reputation: 4346

what worked for me (at least for now) was to drag&drop my .cer file into simulator and install certificate, which made connecting via ssl successful. Not sure if this should be the proper way, I'd prefer doing that by AFNetworking, but seem to work

Upvotes: 0

Related Questions