您好,登錄后才能下訂單哦!
http數(shù)據(jù)傳輸傳輸?shù)氖敲魑模催M(jìn)行加密的數(shù)據(jù)鏈可以在網(wǎng)絡(luò)中設(shè)置代理進(jìn)行截取,盡管會(huì)有token等驗(yàn)證手段,但數(shù)據(jù)被監(jiān)聽還是不可避免的,這點(diǎn)使用網(wǎng)絡(luò)抓包軟件就能做到。
而對于https數(shù)據(jù)加密后傳輸?shù)臄?shù)據(jù),抓到的數(shù)據(jù)包都只是亂碼,安全性大幅提高,也是當(dāng)前大勢所趨。
下面就介紹一下使用ASIHttpRequest 和 AFNetworking兩種三方庫進(jìn)行https加密的方式。
原料: 1、相應(yīng)的ASIHttpRequest、AFNetworking配置完成 2、相應(yīng)的證書文件
一、ASIHttpRequest
` / 測試https接口 /
(void)testClientCertificate { NSURL *httpsUrl = [NSURL URLWithString:@"https://www.XXXXX.com/method.php"];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:httpsUrl]; SecIdentityRef identity = NULL; SecTrustRef trust = NULL;NSData *cerData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"證書文件名" ofType:@"文件類型"]]; [[self class] extractIdentity:&identity andTrust:&trust fromPKCS12Data:cerData]; request = [ASIHTTPRequest requestWithURL:httpsUrl]; [request setClientCertificateIdentity:identity];
/ 是否驗(yàn)證服務(wù)器端證書,如果此項(xiàng)為yes那么服務(wù)器端證書必須為合法的證書機(jī)構(gòu)頒發(fā)的,而不能是自己用openssl 或java生成的證書 /
[request setValidatesSecureCertificate:NO]; [request setRequestMethod:@"GET"]; [request startSynchronous];NSError *error = [request error];if (!error) { NSString *response = [request responseString]; NSLog(@"response is : %@",response); NSLog(@"獲取數(shù)據(jù)成功"); }
else {
NSLog(@"Failed to save to data store: %@", [error localizedDescription]); NSLog(@"%@",[error userInfo]); }
}
/ 提取證書 /
(BOOL)extractIdentity:(SecIdentityRef )identityRef andTrust:(SecTrustRef)trustRef fromPKCS12Data:(NSData *)CerData {
OSStatus securityError = errSecSuccess;
NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"證書密碼" forKey:(id)kSecImportExportPassphrase];
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
securityError = SecPKCS12Import((CFDataRef)CerData,(CFDictionaryRef)optionsDictionary,&items);
if (securityError == 0) {
CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);const void *tempIdentity = NULL; tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity); *identityRef = (SecIdentityRef)tempIdentity;const void *tempTrust = NULL; tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust); *trustRef = (SecTrustRef)tempTrust;
} else {
NSLog(@"Failed with error code %d",(int)securityError);
/ 若報(bào)錯(cuò) -26275 文件讀取不出數(shù)據(jù),此時(shí)可將文件格式進(jìn)行更改,再重新導(dǎo)入項(xiàng)目 /
return NO;
}
return YES;
} ` 二、AFNetworking
/ 測試https接口 /
(void)testClientCertificate
{
AFHTTPSessionManager *manager = [AFHTTPSessionManager manager]; manager.responseSerializer = [AFHTTPResponseSerializer serializer];/* Https SSL 驗(yàn)證。 */[manager setSecurityPolicy:[self SetSecurityPolicy]]; [manager GET:@"https://www.demo.com/method.php" parameters:nil progress:^(NSProgress * _Nonnull downloadProgress) { NSLog(@"%@",downloadProgress); } success:^(NSURLSessionDataTask * _Nonnull task, id _Nullable responseObject) { NSData * responsedata=(NSData *)responseObject; NSString * response =[[NSString alloc]initWithData: responsedata encoding:NSUTF8StringEncoding]; NSLog(@"%@", response); NSLog(@"獲取數(shù)據(jù)成功"); } failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) { NSLog(@"%@",error); }];
}
/ 設(shè)置安全證書 /
(AFSecurityPolicy * )SetSecurityPolicy {
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"證書名稱" ofType:@"證書后綴"];
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
/ AFSSLPinningModeCertificate 使用證書驗(yàn)證模式 /
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
/ allowInvalidCertificates 是否允許自建證書,默認(rèn)為NO / securityPolicy.allowInvalidCertificates = NO;
/ validatesDomainName 是否需要驗(yàn)證域名,默認(rèn)為YES; /
securityPolicy.validatesDomainName = YES;
securityPolicy.pinnedCertificates = [NSSet setWithArray:@[certData]];
return securityPolicy;
}
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。