溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
http數據傳輸傳輸的是明文,未進行加密的數據鏈可以在網絡中設置代理進行截取,盡管會有token等驗證手段,但數據被監聽還是不可避免的,這點使用網絡抓包軟件就能做到。
而對于https數據加密后傳輸的數據,抓到的數據包都只是亂碼,安全性大幅提高,也是當前大勢所趨。
下面就介紹一下使用ASIHttpRequest 和 AFNetworking兩種三方庫進行https加密的方式。
原料: 1、相應的ASIHttpRequest、AFNetworking配置完成 2、相應的證書文件
一、ASIHttpRequest
` / 測試https接口 /
(void)testClientCertificate { NSURL *httpsUrl = [NSURL URLWithString:@"https://www.XXXXX.com/method.php"];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:httpsUrl]; SecIdentityRef identity = NULL; SecTrustRef trust = NULL;NSData *cerData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"證書文件名" ofType:@"文件類型"]]; [[self class] extractIdentity:&identity andTrust:&trust fromPKCS12Data:cerData]; request = [ASIHTTPRequest requestWithURL:httpsUrl]; [request setClientCertificateIdentity:identity];
/ 是否驗證服務器端證書,如果此項為yes那么服務器端證書必須為合法的證書機構頒發的,而不能是自己用openssl 或java生成的證書 /
[request setValidatesSecureCertificate:NO];
[request setRequestMethod:@"GET"];
[request startSynchronous];NSError *error = [request error];if (!error) { NSString *response = [request responseString]; NSLog(@"response is : %@",response); NSLog(@"獲取數據成功");
}else {
NSLog(@"Failed to save to data store: %@", [error localizedDescription]); NSLog(@"%@",[error userInfo]); }
}
/ 提取證書 /
(BOOL)extractIdentity:(SecIdentityRef )identityRef andTrust:(SecTrustRef)trustRef fromPKCS12Data:(NSData *)CerData {
OSStatus securityError = errSecSuccess;
NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"證書密碼" forKey:(id)kSecImportExportPassphrase];
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
securityError = SecPKCS12Import((CFDataRef)CerData,(CFDictionaryRef)optionsDictionary,&items);
if (securityError == 0) {
CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);const void *tempIdentity = NULL; tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity); *identityRef = (SecIdentityRef)tempIdentity;const void *tempTrust = NULL; tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust); *trustRef = (SecTrustRef)tempTrust;
} else {
NSLog(@"Failed with error code %d",(int)securityError);
/ 若報錯 -26275 文件讀取不出數據,此時可將文件格式進行更改,再重新導入項目 /
return NO;
}
return YES;
} ` 二、AFNetworking
/ 測試https接口 /
(void)testClientCertificate
{
AFHTTPSessionManager *manager = [AFHTTPSessionManager manager];
manager.responseSerializer = [AFHTTPResponseSerializer serializer];/*
Https SSL 驗證。
*/[manager setSecurityPolicy:[self SetSecurityPolicy]];
[manager GET:@"https://www.demo.com/method.php" parameters:nil progress:^(NSProgress * _Nonnull downloadProgress)
{ NSLog(@"%@",downloadProgress);
}
success:^(NSURLSessionDataTask * _Nonnull task, id _Nullable responseObject) { NSData * responsedata=(NSData *)responseObject; NSString * response =[[NSString alloc]initWithData: responsedata encoding:NSUTF8StringEncoding]; NSLog(@"%@", response); NSLog(@"獲取數據成功");
}
failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) { NSLog(@"%@",error);
}];}
/ 設置安全證書 /
(AFSecurityPolicy * )SetSecurityPolicy {
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"證書名稱" ofType:@"證書后綴"];
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
/ AFSSLPinningModeCertificate 使用證書驗證模式 /
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
/ allowInvalidCertificates 是否允許自建證書,默認為NO / securityPolicy.allowInvalidCertificates = NO;
/ validatesDomainName 是否需要驗證域名,默認為YES; /
securityPolicy.validatesDomainName = YES;
securityPolicy.pinnedCertificates = [NSSet setWithArray:@[certData]];
return securityPolicy;
}
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
