iOS如何重置给定服务器的NSURLCredential，或者让我的应用程序忘记它曾经与服务器对话过？

Question

我正在寻找一种方法来实现能够切换我的网络应用程序用来与给定服务器对话的NSURLCredential。

是否有办法为给定的服务器信任“重置”NSURLCredential ssl凭据，并强制整个握手过程使用不同的凭据？？换句话说，我希望我的web应用程序忘记它曾经与此服务器对话过。

我认为下面的代码片段是检索我之前评估过的凭据的内容。

- (void)customHTTPProtocol:(CustomHTTPProtocol *)protocol didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{

NSURLCredential *   credential = nil;
SecTrustRef         trust;
NSURLProtectionSpace* protectionSpace = challenge.protectionSpace;
  if ([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
            //this verifies that we are talking to a server that we trust by checking it's certificate


            // Extract the SecTrust object from the challenge, apply our trusted anchors to that
            // object, and then evaluate the trust.  If it's OK, create a credential and use
            // that to resolve the authentication challenge.  If anything goes wrong, resolve
            // the challenge with nil, which continues without a credential, which causes the
            // connection to fail.
            trust = [protectionSpace serverTrust];
            if (trust == NULL) {
                assert(NO);
            } else {
                // Just Ignore Self Signed Certs
                SecTrustResultType result;

                //This takes the serverTrust object and checkes it against your keychain
                SecTrustEvaluate(protectionSpace.serverTrust, &result);
                //if we want to ignore invalid server for certificates, we just accept the server
                credential = [NSURLCredential credentialForTrust: challenge.protectionSpace.serverTrust];
                if(result == kSecTrustResultProceed ||
                          // result == kSecTrustResultConfirm || // Deprecated - Remove?
                          result == kSecTrustResultUnspecified) {

                    [challenge.sender useCredential:credential forAuthenticationChallenge: challenge];
                }
            }
            [protocol resolveAuthenticationChallenge:challenge withCredential:credential];
        }

//... more ways to resolve challenge
}

Answer 1

我尝试了各种方法来实现这一点，但都是有道理的。

但一个简单的诡计奏效了。

为了强制我的网页重新认证，我会在请求网址末尾添加下面的内容。

&r=1100910192 **(timestamp)**。

因此，而不是使用缓存的认证证书，它实际上是重新认证。

在其他情况下，只在请求的末尾添加一个#就可以了：

[NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http://localhost:8080/some.json#"]]

希望能帮上忙。