Xamarin WKWebView 接受自签名证书 [英] Xamarin WKWebView Accepting Self-Signed Certificates

查看:46
本文介绍了Xamarin WKWebView 接受自签名证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在网上看到各种示例说明如何接受它们,但我总是得到发生 SSL 错误并且无法与服务器建立安全连接.

I have seen various example online saying how to accept them but I always get An SSL error has occurred and a secure connection to the server cannot be made.

我会注意到该方法肯定会被调用(在 iOS 8.4 模拟器和 iOS 11 实际设备上运行),因此未被调用的方法不是这里的问题.

I will note than the method is definitely being called (running on an iOS 8.4 simulator and an iOS 11 actual device), so the method not being called is not the issue here.

到目前为止我所尝试的(显然我只在开发中使用此代码,而不是在生产中使用,等等):

What I have tried so far (obviously I only use this code in development and not in production, blah blah blah):

1:

public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
 completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, new NSUrlCredential(serverTrust));
}

2:

public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
 completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
}

3:

    public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
        SecTrust serverTrust = challenge.ProtectionSpace.ServerSecTrust;
        NSData exceptions = serverTrust.GetExceptions();
        serverTrust.SetExceptions(exceptions);
        exceptions.Dispose();
        completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
    }

4:

    public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler) {
        SecTrust serverTrust = challenge.ProtectionSpace.ServerSecTrust;    //TODO: Get the following working (currently we still receive SSL errors)
        NSData exceptions = serverTrust.GetExceptions();
        serverTrust.SetExceptions(exceptions);
        exceptions.Dispose();

        challenge.Sender.UseCredential(NSUrlCredential.FromTrust(serverTrust), challenge);
        completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, NSUrlCredential.FromTrust(serverTrust));
    }

我做错了什么?谢谢.

推荐答案

要支持自签名证书,您两件事要做:

To support self-signed certs you have two things to do:

  1. 在您的自签名域上允许 NSExceptionAllowsInsecureHTTPLoads
    • 即使您使用的是 https,您的应用仍被标记为存在信任问题
  1. Allow NSExceptionAllowsInsecureHTTPLoads on your self-signed domain
    • Even though you are using https, your app is flagged as having a trust issue

安全注意事项 2:为任何生产应用获取 CA 颁发的证书,因为这会完全禁用您域上的证书验证,从而允许 MITM 攻击、您的应用的 DNS 重定向欺骗等.. 您可以通过在主包中包含公共 cer 并根据收到的证书检查它来固定证书,但这仅意味着需要在 MITM 或 DNS 欺骗攻击中生成假证书(以及已经存在的工具)在各种漏洞利用工具包中)

Security Note on 2: Get a CA-issued certificate for any production apps as this completely disables certificate validation on your domain and thus allowing MITM attacks, DNS redirection spoofing of your app, etc... You could pin the cert by including the public cer in the main bundle and checking it against the cert received, but that just means a fake certificate would need to be generated in either the MITM or DNS spoofing attack (and tools for those already exist in the various exploit kits)

使用 https://badssl.com 站点的示例:

public class NavigationDelegate : WKNavigationDelegate
{
    const string host = "self-signed.badssl.com";
    public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler)
    {
        switch (challenge.ProtectionSpace.Host)
        {
            case host:
                using (var cred = NSUrlCredential.FromTrust(challenge.ProtectionSpace.ServerSecTrust))
                {
                    completionHandler.Invoke(NSUrlSessionAuthChallengeDisposition.UseCredential, cred);
                }
                break;
            default:
                completionHandler.Invoke(NSUrlSessionAuthChallengeDisposition.PerformDefaultHandling, null);
                break;
        }
    }
}

注意:将此类的实例分配给 WKWebView 实例的 NavigationDelegateWeakNavigationDelegate.

Note: Assign an instance of this class to the NavigationDelegate or WeakNavigationDelegate of your WKWebView instance.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>self-signed.badssl.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

这篇关于Xamarin WKWebView 接受自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆