iOS封装HTTPS双向和单向验证
1.HttpsUtil
(1) 对双向和单向验证的封装
#import <Foundation/Foundation.h>
#import "AFNetworking.h"
@interface HttpsUtil : NSObject
// 双向认证
+ (void)configHTTPSessionManager:(AFHTTPSessionManager *)manager serverCers:(NSArray *) serverCerNames clientP12:(NSString *) clientp12Name clientP12Password:(NSString *) clientP12Password isSelfCa:(BOOL) isSelfCa;
// 单向认证
+ (void)cconfigHTTPSessionManager:(AFHTTPSessionManager *)manager serverCers:(NSArray *) serverCerNames isSelfCa:(BOOL) isSelfCa;
@end
(2)实现方法
#import "HttpsUtil.h"
@implementation HttpsUtil
// 双向认证
+ (void)configHTTPSessionManager:(AFHTTPSessionManager *) manager serverCers:(NSArray *) serverCerNames clientP12:(NSString *) clientp12Name clientP12Password:(NSString *) clientP12Password isSelfCa:(BOOL) isSelfCa{
__weakAFHTTPSessionManager*_manager = manager;
if(!_manager){
return;
}
NSMutableSet * serverCerDatas= [[NSMutableSetalloc] init];
for (NSString * serverCerNamein serverCerNames){
if(!serverCerName){
continue;
}
NSString *cerPath = [[NSBundlemainBundle] pathForResource:serverCerNameofType:nil];// 证书的路径
NSData *certData = [NSDatadataWithContentsOfFile:cerPath];
[serverCerDatas addObject:certData];
};
_manager.securityPolicy.pinnedCertificates=serverCerDatas;
// 需要验证客户端证书(双向认证)
if(clientp12Name && clientP12Password){
[manager setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession*session,NSURLAuthenticationChallenge *challenge,NSURLCredential *__autoreleasing*_credential) {
NSURLSessionAuthChallengeDisposition disposition =NSURLSessionAuthChallengePerformDefaultHandling;
__autoreleasingNSURLCredential *credential =nil;
if([challenge.protectionSpace.authenticationMethodisEqualToString:NSURLAuthenticationMethodServerTrust]) {
if([_manager.securityPolicyevaluateServerTrust:challenge.protectionSpace.serverTrustforDomain:challenge.protectionSpace.host]){
credential = [NSURLCredentialcredentialForTrust:challenge.protectionSpace.serverTrust];
if(credential) {
disposition =NSURLSessionAuthChallengeUseCredential;
} else {
disposition =NSURLSessionAuthChallengePerformDefaultHandling;
}
} else {
disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;
}
} else {
// client authentication
SecIdentityRef identity =NULL;
SecTrustRef trust =NULL;
NSString *p12Path = [[NSBundlemainBundle] pathForResource:clientp12NameofType:nil];
NSFileManager *fileManager =[NSFileManagerdefaultManager];
if(![fileManagerfileExistsAtPath:p12Path]){
NSLog(@"客户端证书不存在!");
} else {
NSData *PKCS12Data = [NSDatadataWithContentsOfFile:p12Path];
if ([[selfclass]extractIdentity:&identityandTrust:&trust fromPKCS12Data:PKCS12Datapkcs12Password:clientP12Password]) {
NSLog(@"加载客户端证书成功");
SecCertificateRef certificate =NULL;
SecIdentityCopyCertificate(identity, &certificate);
constvoid*certs[] = {certificate};
CFArrayRef certArray =CFArrayCreate(kCFAllocatorDefault, certs,1,NULL);
credential =[NSURLCredentialcredentialWithIdentity:identitycertificates:(__bridge NSArray*)certArraypersistence:NSURLCredentialPersistencePermanent];
disposition =NSURLSessionAuthChallengeUseCredential;
}
}
}
*_credential = credential;
return disposition;
}];
}
if(isSelfCa){
manager.securityPolicy.allowInvalidCertificates =YES;
manager.securityPolicy.validatesDomainName=NO;
}else{
// 注释掉Info.plist中整个NSAppTransportSecurity节点的配置
}
}
// 单向认证
+ (void)cconfigHTTPSessionManager:(AFHTTPSessionManager *)manager serverCers:(NSArray *) serverCerNames isSelfCa:(BOOL) isSelfCa{
[[selfclass]configHTTPSessionManager:managerserverCers:serverCerNamesclientP12:nilclientP12Password:nilisSelfCa:isSelfCa];
}
// 解压初始化客户端证书
+ (BOOL)extractIdentity:(SecIdentityRef*)outIdentity andTrust:(SecTrustRef *)outTrust fromPKCS12Data:(NSData *)inPKCS12Data pkcs12Password:(NSString *) p12Password{
OSStatus securityError =errSecSuccess;
NSDictionary* optionsDictionary = [NSDictionarydictionaryWithObject:p12PasswordforKey:(__bridgeid)kSecImportExportPassphrase];
CFArrayRef items =CFArrayCreate(NULL,0, 0,NULL);
securityError = SecPKCS12Import((__bridgeCFDataRef)inPKCS12Data,(__bridgeCFDictionaryRef)optionsDictionary,&items);
if(securityError ==0) {
// 成功
CFDictionaryRef myIdentityAndTrust =CFArrayGetValueAtIndex(items,0);
constvoid*tempIdentity =NULL;
tempIdentity= CFDictionaryGetValue (myIdentityAndTrust,kSecImportItemIdentity);
*outIdentity = (SecIdentityRef)tempIdentity;
constvoid*tempTrust =NULL;
tempTrust = CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemTrust);
*outTrust = (SecTrustRef)tempTrust;
} else {
NSLog(@"初始化客户端证书失败,errorCode:%d",(int)securityError);
returnNO;
}
returnYES;
}
@end
2.HttpsHandler 对网络请求的封装(get请求,post请求,post图片上传)
#import <Foundation/Foundation.h>
#import "AFNetworking.h"
@interface HttpsHandler : NSObject
+ (void)GET:(NSString *)URLString parameters:(id)patameters success:(void (^)(id responseObject))success failure:(void (^)(NSError *error))failure;
+ (void)POST:(NSString *)URLString parameters:(id)patameters success:(void (^)(id responseObject))success failure:(void (^)(NSError *error))failure;
+ (void)POST:(NSString *)URLString parameters:(id)patameters constructingBodyWithBlock:(void (^) (id <AFMultipartFormData> formData))block success:(void (^)(id responseObject))success failure:(void (^)(NSError *error))failure;
@end
//
#import "HttpsHandler.h"
#import "HttpsUtil.h"
@implementation HttpsHandler
+ (void)GET:(NSString *)URLString parameters:(id)patameters success:(void (^)(id))success failure:(void (^)(NSError *))failure {
AFHTTPSessionManager *manager =[AFHTTPSessionManagermanager];
NSArray *serverCersNames = [[NSArrayalloc] initWithObjects:@"mykey.cer",nil];
[HttpsUtilconfigHTTPSessionManager:managerserverCers:serverCersNamesclientP12:@"mykey.p12"clientP12Password:@"password"isSelfCa:true];// 使用自签名CA给服务器server证书签名的isSelfCa为true,第三方权威CA签名的isSelfCa为false,当设置isSelfCa为false时,需要注释掉Info.plist中整个NSAppTransportSecurity节点的配置
manager.responseSerializer = [AFHTTPResponseSerializerserializer];
manager.requestSerializer.timeoutInterval =60.0f;
manager.responseSerializer = [AFJSONResponseSerializerserializer];//申明返回的结果是json类型
[manager.requestSerializersetValue:@"Content-Type"forHTTPHeaderField:@"application/json; charset=utf-8"];
manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/html",nil];
[manager GET:URLStringparameters:patameters progress:nilsuccess:^(NSURLSessionDataTask *_Nonnull task, id _Nullable responseObject) {
if (success)
{
success(responseObject);
}
} failure:^(NSURLSessionDataTask *_Nullable task, NSError *_Nonnull error) {
if (failure)
{
failure(error);
return ;
}
}];
}
+ (void)POST:(NSString *)URLString parameters:(id)patameters success:(void (^)(id))success failure:(void (^)(NSError *))failure {
AFHTTPSessionManager *manager =[AFHTTPSessionManagermanager];
/*
NSString * cerPath = [[NSBundle mainBundle] pathForResource:@"214051022010694" ofType:@"key"];
NSData *cerData = [NSData dataWithContentsOfFile:cerPath];
NSLog(@"%@",cerData);
manager.securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey withPinnedCertificates:[[NSArray alloc] initWithObjects:cerData, nil]];
manager.securityPolicy.allowInvalidCertificates = YES;
[manager.securityPolicy setValidatesDomainName:NO];
manager.requestSerializer = [AFJSONRequestSerializer serializer];
manager.responseSerializer = [AFJSONResponseSerializer serializer];
*/
NSArray *serverCersNames = [[NSArrayalloc] initWithObjects:@"mykey.cer",nil];
[HttpsUtilconfigHTTPSessionManager:managerserverCers:serverCersNamesclientP12:@"mykey.p12"clientP12Password:@"password"isSelfCa:true];// 使用自签名CA给服务器server证书签名的isSelfCa为true,第三方权威CA签名的isSelfCa为false,当设置isSelfCa为false时,需要注释掉Info.plist中整个NSAppTransportSecurity节点的配置
manager.requestSerializer.timeoutInterval =60.0f;
manager.requestSerializer = [AFHTTPRequestSerializerserializer];//表明请求的是json
manager.responseSerializer = [AFJSONResponseSerializerserializer];//申明返回的结果是json类型
[manager.requestSerializersetValue:@"Content-Type"forHTTPHeaderField:@"charset=utf-8"];
manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/html",@"text/xml",nil];
[manager.requestSerializersetValue:@"Content-Type"forHTTPHeaderField:@"charset=utf-8"];
manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/html",@"text/xml",nil];
[manager POST:URLStringparameters:patameters progress:nilsuccess:^(NSURLSessionDataTask *_Nonnull task, id _Nullable responseObject) {
if (success)
{
success(responseObject);
}
} failure:^(NSURLSessionDataTask *_Nullable task, NSError *_Nonnull error) {
if (failure)
{
failure(error);
}
}];
}
+ (void)POST:(NSString *)URLString parameters:(id)patameters constructingBodyWithBlock:(void (^)(id<AFMultipartFormData>))block success:(void (^)(id))success failure:(void (^)(NSError *))failure {
AFHTTPSessionManager *manager =[AFHTTPSessionManagermanager];
NSArray *serverCersNames = [[NSArrayalloc] initWithObjects:@"mykey.cer",nil];
[HttpsUtilconfigHTTPSessionManager:managerserverCers:serverCersNamesclientP12:@"mykey.p12"clientP12Password:@"password"isSelfCa:true];// 使用自签名CA给服务器server证书签名的isSelfCa为true,第三方权威CA签名的isSelfCa为false,当设置isSelfCa为false时,需要注释掉Info.plist中整个NSAppTransportSecurity节点的配置
manager.responseSerializer = [AFHTTPResponseSerializerserializer];
manager.requestSerializer.timeoutInterval =60.0f;
manager.requestSerializer = [AFHTTPRequestSerializerserializer];//表明请求的是json
manager.responseSerializer = [AFJSONResponseSerializerserializer];//申明返回的结果是json类型
[manager.requestSerializersetValue:@"application/json"forHTTPHeaderField:@"Content-Type"];
[manager.requestSerializersetValue:@"application/json"forHTTPHeaderField:@"Accept"];
manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/html,@“text/plain",nil];
[manager POST:URLStringparameters:patameters constructingBodyWithBlock:^(id<AFMultipartFormData> _Nonnull formData) {
if (block)
{
block(formData);
}
} progress:nilsuccess:^(NSURLSessionDataTask *_Nonnull task, id _Nullable responseObject) {
if (success)
{
success(responseObject);
}
} failure:^(NSURLSessionDataTask *_Nullable task, NSError *_Nonnull error) {
if (failure)
{
failure(error);
}
}];
}
//+ (NSString*)dataToJsonString:(id)object
//{
// NSString *jsonString = nil;
// NSError *error;
// NSData *jsonData = [NSJSONSerialization dataWithJSONObject:object
// options:NSJSONWritingPrettyPrinted // Pass 0 if you don't care about the readability of the generated string
// error:&error];
// if (! jsonData) {
// NSLog(@"Got an error: %@", error);
// } else {
// jsonString = [[NSString alloc] initWithData:jsonData encoding:NSUTF8StringEncoding];
// }
// return jsonString;
//}
@end
iOS封装HTTPS双向和单向验证相关推荐
- HTTPS的SSL单向验证和双向验证
HTTPS的SSL单向验证和双向验证 HTTPs利用SSL/TLS建立安全信道,加密数据包,主要目的是提供对网站服务器的身份认证,同时保护交换数据的安全性与完整性 SSL/TLS TLS在传输 ...
- HTTPS实战之单向验证和双向验证
转载自:https://mp.weixin.qq.com/s/UiGEzXoCn3F66NRz_T9crA 原创: 涛哥 coding涛 6月9日 作者对https 解释的入目三分啊 (全文太长,太懒 ...
- 解决ios的https双向认证不能抓包问题
一般来说,我们抓https包使用fiddler或charles,然后手机安装证书就可以抓包了,但是有时候我们抓某些app时候,一连上代理,却提示不能上网,明明可以上网,为啥app提示无网络,原因可能就 ...
- iOS https 自制证书 单向 双向 验证,以及服务器(Nginx)配置
一.http和https的区别与原理 介绍原理的博文太多了,这里列出一篇详细的: IOS 使用自签名证书开发HTTPS文件传输 二.证书的类型和自制证书生成 1.什么是数字证书(Certificate ...
- iOS https双向配置
只需要服务器验证手机端的童鞋可以点开以下链接[ios 单向配置https] http://www.cnblogs.com/OC888/p/6560602.html 兜兜转转弄了一个星期,网上的大多数 ...
- Java nginx 双向ssl_使用Nginx实现HTTPS双向验证的方法
https单向验证应用广泛想必大家都很熟悉,我已经在一篇博文中分享过,这次来看看Nginx如何实现双向验证. 单向验证与双向验证的区别: 单向验证: 指客户端验证服务器端证书,服务器并不需要验证客户端 ...
- HTTPS原理、单向和双向认证
参考文章:https://blog.51cto.com/11883699/2160032 https://www.songma.com/news/txtlist_i39807v.html 众所周知,W ...
- Tomcat服务器配置https双向认证,使用JDK的keytool生成证书(适用于web、安卓、IOS)
Tomcat服务器配置https双向认证,使用JDK的keytool生成证书(适用于web.安卓.IOS) 一.原理 1.HTTP:平时浏览网页时候使用的一种协议.HTTP协议传输的数据都是未加密的( ...
- Https双向验证与Springboot整合测试-人来人往我只认你
1 简介 不知不觉Https相关的文章已经写了6篇了,本文将是这个专题的最后一篇,起码近期是最后一篇.前面6篇讲的全都是单向的Https验证,本文将重点介绍一下双向验证.有兴趣的同学可以了解一下之前的 ...
最新文章
- 【干货】新手炼丹经验总结
- JSON调试找不到 net.sf.ezmorph.Morpher问题解决
- 渗透测试专题之decms的攻防篇(一)
- C语言:gcc编译过程及make命令、makefile语法规则
- ValueError: XPath error: Invalid expression in //*[@id=‘info‘]/div/p[1]/test()_Python系列学习笔记
- (五)DOM4j进行XML文件的解析及生成
- excel可以处理html吗,处理包含XML/HTML元素的Excel文件
- html:(13):ol-li和div作用
- 蓝桥杯真题训练 2019.4题
- python元类使用场景_Python元类使用简介
- ReScript 与 TypeScript,谁是前端圈的“当红辣子鸡”
- 光标的覆盖模式与插入模式
- 关于LINUX输入法候选框光标跟随的代码的一个网页
- ps4插html屏幕不亮光,ps4连接显示器怎么老是黑屏
- 微信抖音工具箱头像制作壁纸小程序带改图制图流量主功能搭建动态社群人脉助手
- 读书文摘卡 -《大秦帝国》
- HTML + CSS + JavaScript速成
- 数据库设计的重要性和设计原则
- 剑灵服务器延迟时间在哪看,《剑灵怎么看延迟》,剑灵怎么显示ping
- GWL_WNDPROC 、GWL_USERDATA、GWL_HINSTANCE未定义
热门文章
- 《异步处理在分布式系统中的优化作用》学习笔记
- C/C++中static关键字用法汇总
- 数据集cifar10到Caffe支持的lmdb/leveldb转换的实现
- 【数据库】MySQL的C语言接口学习
- java 卖票问题_Java之多线程窗口卖票问题(Thread)
- java写事物提交_fabric-sdk-java 提交事务
- python3.7.1安装教程详细_CentOS 7 安装python3.7.1的方法及注意事项
- Java学习总结:52(Java网络编程)
- linux镜像修改密码,OpenStack 镜像修改密码方案
- 进制转换converse