博客> 【Https】iOS 端两种Https数据传输加密方法
【Https】iOS 端两种Https数据传输加密方法
2017-08-16 19:57 评论:2 阅读:881 waschildnew
iOS开发 HTTPS

http数据传输传输的是明文,未进行加密的数据链可以在网络中设置代理进行截取,尽管会有token等验证手段,但数据被监听还是不可避免的,这点使用网络抓包软件就能做到。

而对于https数据加密后传输的数据,抓到的数据包都只是乱码,安全性大幅提高,也是当前大势所趋。

下面就介绍一下使用ASIHttpRequest 和 AFNetworking两种三方库进行https加密的方式。

原料: 1、相应的ASIHttpRequest、AFNetworking配置完成 2、相应的证书文件

一、ASIHttpRequest

` / 测试https接口 /

ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:httpsUrl];    

SecIdentityRef identity = NULL;

SecTrustRef trust = NULL;

NSData *cerData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"证书文件名" ofType:@"文件类型"]];

[[self class] extractIdentity:&identity andTrust:&trust fromPKCS12Data:cerData];

request = [ASIHTTPRequest requestWithURL:httpsUrl];

[request setClientCertificateIdentity:identity];

/ 是否验证服务器端证书,如果此项为yes那么服务器端证书必须为合法的证书机构颁发的,而不能是自己用openssl 或java生成的证书 /

[request setValidatesSecureCertificate:NO];

[request setRequestMethod:@"GET"];

[request startSynchronous];

NSError *error = [request error];

if (!error) {

    NSString *response = [request responseString];

    NSLog(@"response is : %@",response);

    NSLog(@"获取数据成功");

} 

else {

    NSLog(@"Failed to save to data store: %@", [error localizedDescription]);

    NSLog(@"%@",[error userInfo]);

}

}

/ 提取证书 /

  • (BOOL)extractIdentity:(SecIdentityRef )identityRef andTrust:(SecTrustRef)trustRef fromPKCS12Data:(NSData *)CerData {

    OSStatus securityError = errSecSuccess;

    NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"证书密码" forKey:(id)kSecImportExportPassphrase];

    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);

    securityError = SecPKCS12Import((CFDataRef)CerData,(CFDictionaryRef)optionsDictionary,&items);

    if (securityError == 0) {

    CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
    
    const void *tempIdentity = NULL;
    
    tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity);
    
    *identityRef = (SecIdentityRef)tempIdentity;
    
    const void *tempTrust = NULL;
    
    tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
    
    *trustRef = (SecTrustRef)tempTrust;

    } else {

    NSLog(@"Failed with error code %d",(int)securityError);

    / 若报错 -26275 文件读取不出数据,此时可将文件格式进行更改,再重新导入项目 /

    return NO;

    }

    return YES;

} ` 二、AFNetworking

/ 测试https接口 /

  • (void)testClientCertificate

{

AFHTTPSessionManager *manager = [AFHTTPSessionManager manager];

manager.responseSerializer = [AFHTTPResponseSerializer serializer];

/*
 Https SSL 验证。
 */
[manager setSecurityPolicy:[self SetSecurityPolicy]];

[manager GET:@"https://www.demo.com/method.php" parameters:nil progress:^(NSProgress * _Nonnull downloadProgress)

 {

     NSLog(@"%@",downloadProgress);

 }

     success:^(NSURLSessionDataTask * _Nonnull task, id  _Nullable responseObject) {

         NSData * responsedata=(NSData *)responseObject;

         NSString * response =[[NSString alloc]initWithData: responsedata encoding:NSUTF8StringEncoding];

         NSLog(@"%@", response);

         NSLog(@"获取数据成功");

     }

     failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull   error) {

         NSLog(@"%@",error);

     }];

}

/ 设置安全证书 /

  • (AFSecurityPolicy * )SetSecurityPolicy {

    NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"证书名称" ofType:@"证书后缀"];

    NSData *certData = [NSData dataWithContentsOfFile:cerPath];

    / AFSSLPinningModeCertificate 使用证书验证模式 /

    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];

    / allowInvalidCertificates 是否允许自建证书,默认为NO / securityPolicy.allowInvalidCertificates = NO;

    / validatesDomainName 是否需要验证域名,默认为YES; /

    securityPolicy.validatesDomainName = YES;

    securityPolicy.pinnedCertificates = [NSSet setWithArray:@[certData]];

    return securityPolicy;

}

收藏
1
sina weixin mail 回到顶部