【Https】iOS 端兩種Https數(shù)據(jù)傳輸加密方法

http數(shù)據(jù)傳輸傳輸?shù)氖敲魑模催M(jìn)行加密的數(shù)據(jù)鏈可以在網(wǎng)絡(luò)中設(shè)置代理進(jìn)行截取，盡管會(huì)有token等驗(yàn)證手段，但數(shù)據(jù)被監(jiān)聽還是不可避免的，這點(diǎn)使用網(wǎng)絡(luò)抓包軟件就能做到。

而對于https數(shù)據(jù)加密后傳輸?shù)臄?shù)據(jù)，抓到的數(shù)據(jù)包都只是亂碼，安全性大幅提高，也是當(dāng)前大勢所趨。

下面就介紹一下使用ASIHttpRequest 和 AFNetworking兩種三方庫進(jìn)行https加密的方式。

原料： 1、相應(yīng)的ASIHttpRequest、AFNetworking配置完成 2、相應(yīng)的證書文件

一、ASIHttpRequest

` / 測試https接口 /

• (void)testClientCertificate { NSURL *httpsUrl = [NSURL URLWithString:@"https://www.XXXXX.com/method.php"];

ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:httpsUrl];    

SecIdentityRef identity = NULL;

SecTrustRef trust = NULL;NSData *cerData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"證書文件名" ofType:@"文件類型"]];

[[self class] extractIdentity:&identity andTrust:&trust fromPKCS12Data:cerData];

request = [ASIHTTPRequest requestWithURL:httpsUrl];

[request setClientCertificateIdentity:identity];

/ 是否驗(yàn)證服務(wù)器端證書，如果此項(xiàng)為yes那么服務(wù)器端證書必須為合法的證書機(jī)構(gòu)頒發(fā)的，而不能是自己用openssl 或java生成的證書 /

[request setValidatesSecureCertificate:NO];

[request setRequestMethod:@"GET"];

[request startSynchronous];NSError *error = [request error];if (!error) {    NSString *response = [request responseString];    NSLog(@"response is : %@",response);    NSLog(@"獲取數(shù)據(jù)成功");

}

else {

    NSLog(@"Failed to save to data store: %@", [error localizedDescription]);    NSLog(@"%@",[error userInfo]);

}

}

/ 提取證書 /

• (BOOL)extractIdentity:(SecIdentityRef )identityRef andTrust:(SecTrustRef)trustRef fromPKCS12Data:(NSData *)CerData {

  OSStatus securityError = errSecSuccess;

  NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"證書密碼" forKey:(id)kSecImportExportPassphrase];

  CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);

  securityError = SecPKCS12Import((CFDataRef)CerData,(CFDictionaryRef)optionsDictionary,&items);

  if (securityError == 0) {

  CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);const void *tempIdentity = NULL;
  
  tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity);
  
  *identityRef = (SecIdentityRef)tempIdentity;const void *tempTrust = NULL;
  
  tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
  
  *trustRef = (SecTrustRef)tempTrust;

  } else {

  NSLog(@"Failed with error code %d",(int)securityError);

  / 若報(bào)錯(cuò) -26275 文件讀取不出數(shù)據(jù)，此時(shí)可將文件格式進(jìn)行更改，再重新導(dǎo)入項(xiàng)目 /

  return NO;

  }

  return YES;

} ` 二、AFNetworking

/ 測試https接口 /

• (void)testClientCertificate

{

AFHTTPSessionManager *manager = [AFHTTPSessionManager manager];

manager.responseSerializer = [AFHTTPResponseSerializer serializer];/*
 Https SSL 驗(yàn)證。
 */[manager setSecurityPolicy:[self SetSecurityPolicy]];

[manager GET:@"https://www.demo.com/method.php" parameters:nil progress:^(NSProgress * _Nonnull downloadProgress)

 {     NSLog(@"%@",downloadProgress);

 }

     success:^(NSURLSessionDataTask * _Nonnull task, id  _Nullable responseObject) {         NSData * responsedata=(NSData *)responseObject;         NSString * response =[[NSString alloc]initWithData: responsedata encoding:NSUTF8StringEncoding];         NSLog(@"%@", response);         NSLog(@"獲取數(shù)據(jù)成功");

     }

     failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull   error) {         NSLog(@"%@",error);

     }];

}

/ 設(shè)置安全證書 /

• (AFSecurityPolicy * )SetSecurityPolicy {

  NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"證書名稱" ofType:@"證書后綴"];

  NSData *certData = [NSData dataWithContentsOfFile:cerPath];

  / AFSSLPinningModeCertificate 使用證書驗(yàn)證模式 /

  AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];

  / allowInvalidCertificates 是否允許自建證書，默認(rèn)為NO / securityPolicy.allowInvalidCertificates = NO;

  / validatesDomainName 是否需要驗(yàn)證域名，默認(rèn)為YES； /

  securityPolicy.validatesDomainName = YES;

  securityPolicy.pinnedCertificates = [NSSet setWithArray:@[certData]];

  return securityPolicy;

}