iOS封装HTTPS双向和单向验证

1.HttpsUtil

(1) 对双向和单向验证的封装

#import <Foundation/Foundation.h>

#import "AFNetworking.h"

@interface HttpsUtil : NSObject

// 双向认证

+ (void)configHTTPSessionManager:(AFHTTPSessionManager *)manager serverCers:(NSArray *) serverCerNames clientP12:(NSString *) clientp12Name clientP12Password:(NSString *) clientP12Password isSelfCa:(BOOL) isSelfCa;

// 单向认证

+ (void)cconfigHTTPSessionManager:(AFHTTPSessionManager *)manager serverCers:(NSArray *) serverCerNames isSelfCa:(BOOL) isSelfCa;

@end

(2)实现方法

#import "HttpsUtil.h"

@implementation HttpsUtil

// 双向认证

+ (void)configHTTPSessionManager:(AFHTTPSessionManager *) manager serverCers:(NSArray *) serverCerNames clientP12:(NSString *) clientp12Name clientP12Password:(NSString *) clientP12Password isSelfCa:(BOOL) isSelfCa{

__weakAFHTTPSessionManager*_manager = manager;

if(!_manager){

return;

}

NSMutableSet * serverCerDatas= [[NSMutableSetalloc] init];

for (NSString * serverCerNamein serverCerNames){

if(!serverCerName){

continue;

}

NSString *cerPath = [[NSBundlemainBundle] pathForResource:serverCerNameofType:nil];// 证书的路径

NSData *certData = [NSDatadataWithContentsOfFile:cerPath];

[serverCerDatas addObject:certData];

};

_manager.securityPolicy.pinnedCertificates=serverCerDatas;

// 需要验证客户端证书（双向认证）

if(clientp12Name && clientP12Password){

[manager setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession*session,NSURLAuthenticationChallenge *challenge,NSURLCredential *__autoreleasing*_credential) {

NSURLSessionAuthChallengeDisposition disposition =NSURLSessionAuthChallengePerformDefaultHandling;

__autoreleasingNSURLCredential *credential =nil;

if([challenge.protectionSpace.authenticationMethodisEqualToString:NSURLAuthenticationMethodServerTrust]) {

if([_manager.securityPolicyevaluateServerTrust:challenge.protectionSpace.serverTrustforDomain:challenge.protectionSpace.host]){

credential = [NSURLCredentialcredentialForTrust:challenge.protectionSpace.serverTrust];

if(credential) {

disposition =NSURLSessionAuthChallengeUseCredential;

} else {

disposition =NSURLSessionAuthChallengePerformDefaultHandling;

}

} else {

disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;

}

} else {

// client authentication

SecIdentityRef identity =NULL;

SecTrustRef trust =NULL;

NSString *p12Path = [[NSBundlemainBundle] pathForResource:clientp12NameofType:nil];

NSFileManager *fileManager =[NSFileManagerdefaultManager];

if(![fileManagerfileExistsAtPath:p12Path]){

NSLog(@"客户端证书不存在！");

} else {

NSData *PKCS12Data = [NSDatadataWithContentsOfFile:p12Path];

if ([[selfclass]extractIdentity:&identityandTrust:&trust fromPKCS12Data:PKCS12Datapkcs12Password:clientP12Password]) {

NSLog(@"加载客户端证书成功");

SecCertificateRef certificate =NULL;

SecIdentityCopyCertificate(identity, &certificate);

constvoid*certs[] = {certificate};

CFArrayRef certArray =CFArrayCreate(kCFAllocatorDefault, certs,1,NULL);

credential =[NSURLCredentialcredentialWithIdentity:identitycertificates:(__bridge NSArray*)certArraypersistence:NSURLCredentialPersistencePermanent];

disposition =NSURLSessionAuthChallengeUseCredential;

}

*_credential = credential;

return disposition;

}];

}

if(isSelfCa){

manager.securityPolicy.allowInvalidCertificates =YES;

manager.securityPolicy.validatesDomainName=NO;

}else{

// 注释掉Info.plist中整个NSAppTransportSecurity节点的配置

}

// 单向认证

+ (void)cconfigHTTPSessionManager:(AFHTTPSessionManager *)manager serverCers:(NSArray *) serverCerNames isSelfCa:(BOOL) isSelfCa{

[[selfclass]configHTTPSessionManager:managerserverCers:serverCerNamesclientP12:nilclientP12Password:nilisSelfCa:isSelfCa];

}

// 解压初始化客户端证书

+ (BOOL)extractIdentity:(SecIdentityRef*)outIdentity andTrust:(SecTrustRef *)outTrust fromPKCS12Data:(NSData *)inPKCS12Data pkcs12Password:(NSString *) p12Password{

OSStatus securityError =errSecSuccess;

NSDictionary* optionsDictionary = [NSDictionarydictionaryWithObject:p12PasswordforKey:(__bridgeid)kSecImportExportPassphrase];

CFArrayRef items =CFArrayCreate(NULL,0, 0,NULL);

securityError = SecPKCS12Import((__bridgeCFDataRef)inPKCS12Data,(__bridgeCFDictionaryRef)optionsDictionary,&items);

if(securityError ==0) {

// 成功

CFDictionaryRef myIdentityAndTrust =CFArrayGetValueAtIndex(items,0);

constvoid*tempIdentity =NULL;

tempIdentity= CFDictionaryGetValue (myIdentityAndTrust,kSecImportItemIdentity);

*outIdentity = (SecIdentityRef)tempIdentity;

constvoid*tempTrust =NULL;

tempTrust = CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemTrust);

*outTrust = (SecTrustRef)tempTrust;

} else {

NSLog(@"初始化客户端证书失败，errorCode：%d",(int)securityError);

returnNO;

}

returnYES;

}

@end

2.HttpsHandler 对网络请求的封装(get请求,post请求,post图片上传)

#import <Foundation/Foundation.h>

#import "AFNetworking.h"

@interface HttpsHandler : NSObject

+ (void)GET:(NSString *)URLString parameters:(id)patameters success:(void (^)(id responseObject))success failure:(void (^)(NSError *error))failure;

+ (void)POST:(NSString *)URLString parameters:(id)patameters success:(void (^)(id responseObject))success failure:(void (^)(NSError *error))failure;

+ (void)POST:(NSString *)URLString parameters:(id)patameters constructingBodyWithBlock:(void (^) (id <AFMultipartFormData> formData))block success:(void (^)(id responseObject))success failure:(void (^)(NSError *error))failure;

@end

#import "HttpsHandler.h"

#import "HttpsUtil.h"

@implementation HttpsHandler

+ (void)GET:(NSString *)URLString parameters:(id)patameters success:(void (^)(id))success failure:(void (^)(NSError *))failure {

AFHTTPSessionManager *manager =[AFHTTPSessionManagermanager];

NSArray *serverCersNames = [[NSArrayalloc] initWithObjects:@"mykey.cer",nil];

[HttpsUtilconfigHTTPSessionManager:managerserverCers:serverCersNamesclientP12:@"mykey.p12"clientP12Password:@"password"isSelfCa:true];// 使用自签名CA给服务器server证书签名的isSelfCa为true，第三方权威CA签名的isSelfCa为false，当设置isSelfCa为false时，需要注释掉Info.plist中整个NSAppTransportSecurity节点的配置

manager.responseSerializer = [AFHTTPResponseSerializerserializer];

manager.requestSerializer.timeoutInterval =60.0f;

manager.responseSerializer = [AFJSONResponseSerializerserializer];//申明返回的结果是json类型

[manager.requestSerializersetValue:@"Content-Type"forHTTPHeaderField:@"application/json; charset=utf-8"];

manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/html",nil];

[manager GET:URLStringparameters:patameters progress:nilsuccess:^(NSURLSessionDataTask *_Nonnull task, id _Nullable responseObject) {

if (success)

{

success(responseObject);

}

} failure:^(NSURLSessionDataTask *_Nullable task, NSError *_Nonnull error) {

if (failure)

{

failure(error);

return ;

}

}];

}

+ (void)POST:(NSString *)URLString parameters:(id)patameters success:(void (^)(id))success failure:(void (^)(NSError *))failure {

AFHTTPSessionManager *manager =[AFHTTPSessionManagermanager];

NSString * cerPath = [[NSBundle mainBundle] pathForResource:@"214051022010694" ofType:@"key"];

NSData *cerData = [NSData dataWithContentsOfFile:cerPath];

NSLog(@"%@",cerData);

manager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey withPinnedCertificates:[[NSArray alloc] initWithObjects:cerData, nil]];

manager.securityPolicy.allowInvalidCertificates = YES;

[manager.securityPolicy setValidatesDomainName:NO];

manager.requestSerializer = [AFJSONRequestSerializer serializer];

manager.responseSerializer = [AFJSONResponseSerializer serializer];

NSArray *serverCersNames = [[NSArrayalloc] initWithObjects:@"mykey.cer",nil];

manager.requestSerializer.timeoutInterval =60.0f;

manager.requestSerializer = [AFHTTPRequestSerializerserializer];//表明请求的是json

manager.responseSerializer = [AFJSONResponseSerializerserializer];//申明返回的结果是json类型

[manager.requestSerializersetValue:@"Content-Type"forHTTPHeaderField:@"charset=utf-8"];

manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/html",@"text/xml",nil];

[manager.requestSerializersetValue:@"Content-Type"forHTTPHeaderField:@"charset=utf-8"];

manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/html",@"text/xml",nil];

[manager POST:URLStringparameters:patameters progress:nilsuccess:^(NSURLSessionDataTask *_Nonnull task, id _Nullable responseObject) {

if (success)

{

success(responseObject);

}

} failure:^(NSURLSessionDataTask *_Nullable task, NSError *_Nonnull error) {

if (failure)

{

failure(error);

}

}];

}

+ (void)POST:(NSString *)URLString parameters:(id)patameters constructingBodyWithBlock:(void (^)(id<AFMultipartFormData>))block success:(void (^)(id))success failure:(void (^)(NSError *))failure {

AFHTTPSessionManager *manager =[AFHTTPSessionManagermanager];

NSArray *serverCersNames = [[NSArrayalloc] initWithObjects:@"mykey.cer",nil];

manager.responseSerializer = [AFHTTPResponseSerializerserializer];

manager.requestSerializer.timeoutInterval =60.0f;

manager.requestSerializer = [AFHTTPRequestSerializerserializer];//表明请求的是json

manager.responseSerializer = [AFJSONResponseSerializerserializer];//申明返回的结果是json类型

[manager.requestSerializersetValue:@"application/json"forHTTPHeaderField:@"Content-Type"];

[manager.requestSerializersetValue:@"application/json"forHTTPHeaderField:@"Accept"];

manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/html,@“text/plain",nil];

[manager POST:URLStringparameters:patameters constructingBodyWithBlock:^(id<AFMultipartFormData> _Nonnull formData) {

if (block)

{

block(formData);

}

} progress:nilsuccess:^(NSURLSessionDataTask *_Nonnull task, id _Nullable responseObject) {

if (success)

{

success(responseObject);

}

} failure:^(NSURLSessionDataTask *_Nullable task, NSError *_Nonnull error) {

if (failure)

{

failure(error);

}

}];

}

//+ (NSString*)dataToJsonString:(id)object

//{

// NSString *jsonString = nil;

// NSError *error;

// NSData *jsonData = [NSJSONSerialization dataWithJSONObject:object

// options:NSJSONWritingPrettyPrinted // Pass 0 if you don't care about the readability of the generated string

// error:&error];

// if (! jsonData) {

// NSLog(@"Got an error: %@", error);

// } else {

// jsonString = [[NSString alloc] initWithData:jsonData encoding:NSUTF8StringEncoding];

// }

// return jsonString;

//}

@end

iOS封装HTTPS双向和单向验证相关推荐

HTTPS的SSL单向验证和双向验证
HTTPS的SSL单向验证和双向验证 HTTPs利用SSL/TLS建立安全信道,加密数据包,主要目的是提供对网站服务器的身份认证,同时保护交换数据的安全性与完整性 SSL/TLS TLS在传输 ...
HTTPS实战之单向验证和双向验证
转载自:https://mp.weixin.qq.com/s/UiGEzXoCn3F66NRz_T9crA 原创: 涛哥 coding涛 6月9日作者对https 解释的入目三分啊 (全文太长,太懒 ...
解决ios的https双向认证不能抓包问题
一般来说,我们抓https包使用fiddler或charles,然后手机安装证书就可以抓包了,但是有时候我们抓某些app时候,一连上代理,却提示不能上网,明明可以上网,为啥app提示无网络,原因可能就 ...
iOS https 自制证书单向双向验证，以及服务器(Nginx)配置
一.http和https的区别与原理介绍原理的博文太多了,这里列出一篇详细的: IOS 使用自签名证书开发HTTPS文件传输二.证书的类型和自制证书生成 1.什么是数字证书(Certificate ...
iOS https双向配置
只需要服务器验证手机端的童鞋可以点开以下链接[ios 单向配置https] http://www.cnblogs.com/OC888/p/6560602.html 兜兜转转弄了一个星期,网上的大多数 ...
Java nginx 双向ssl_使用Nginx实现HTTPS双向验证的方法
https单向验证应用广泛想必大家都很熟悉,我已经在一篇博文中分享过,这次来看看Nginx如何实现双向验证. 单向验证与双向验证的区别: 单向验证: 指客户端验证服务器端证书,服务器并不需要验证客户端 ...
HTTPS原理、单向和双向认证
参考文章:https://blog.51cto.com/11883699/2160032 https://www.songma.com/news/txtlist_i39807v.html 众所周知,W ...
Tomcat服务器配置https双向认证，使用JDK的keytool生成证书（适用于web、安卓、IOS）
Tomcat服务器配置https双向认证,使用JDK的keytool生成证书(适用于web.安卓.IOS) 一.原理 1.HTTP:平时浏览网页时候使用的一种协议.HTTP协议传输的数据都是未加密的( ...
Https双向验证与Springboot整合测试-人来人往我只认你
1 简介不知不觉Https相关的文章已经写了6篇了,本文将是这个专题的最后一篇,起码近期是最后一篇.前面6篇讲的全都是单向的Https验证,本文将重点介绍一下双向验证.有兴趣的同学可以了解一下之前的 ...

iOS封装HTTPS双向和单向验证

iOS封装HTTPS双向和单向验证相关推荐

最新文章

热门文章