ios 中使用https的知识
2016-01-11 17:51
465 查看
先看文章,这篇文章说的是使用AFNetworing进行https时的事项,十分好!http://blog.cnbang.net/tech/2416/
ios中使用https,主要就是使用NSURLCredential,先看些必要的官方文档:
虽然credentials 有许多种,但是针对URL来说,只有3种!
因此有3个初始化方法:
另外,要参看URL Session Programming Guide中的认证部分:
在使用AFNetworking3.0时,如果你访问的是自签名的https地址,那么会要求你把网站的自签名证书加入到工程里,用来验证网站证书。如果你没有这个证书,会报错:
In order to validate a domain name for self signed certificates, you MUST use pinning.
这个[b]pinning,指的是证书锁定,意思就是只有client包含的证书和服务器的证书一致时,才能通过验证。[/b]
[b]AFnetworking 3.0 好像默认会去 程序中寻找所有cer文件,并找符合要求的。也有准确指定的方法:[/b]
这样做的目的就是安全。
系统自带的nsurlsession的证书验证没有这么严格,它把更多的验证任务交给了程序员,如果你自己不去调用其他函数加强验证,系统也不会强制你使用!
ios中使用https,主要就是使用NSURLCredential,先看些必要的官方文档:
NSURLCredential is an immutable object representing an authentication credential consisting of authentication information specific to the type of credential and the type of persistent storage to use, if any. The URL loading system supports three types of credentials: password-based user credentials, certificate-based user credentials, and certificate-based server credentials (used when verifying the server’s identity). When you create a credential, you can specify that it should be used for a single request, persisted temporarily (until your app quits), or persisted permanently (in the keychain).
虽然credentials 有许多种,但是针对URL来说,只有3种!
因此有3个初始化方法:
+ credentialForTrust: + credentialWithUser:password:persistence: + credentialWithIdentity:certificates:persistence:
另外,要参看URL Session Programming Guide中的认证部分:
To attempt to authenticate, the application should create an NSURLCredential object with authentication information of the form expected by the server. You can determine the server’s authentication method by calling authenticationMethod on the protection space of the provided authentication challenge. Some authentication methods supported by NSURLCredential are: HTTP basic authentication (NSURLAuthenticationMethodHTTPBasic) requires a user name and password. Prompt the user for the necessary information and create an NSURLCredential object with credentialWithUser:password:persistence:. HTTP digest authentication (NSURLAuthenticationMethodHTTPDigest), like basic authentication, requires a user name and password. (The digest is generated automatically.) Prompt the user for the necessary information and create an NSURLCredential object with credentialWithUser:password:persistence:. Client certificate authentication (NSURLAuthenticationMethodClientCertificate) requires the system identity and all certificates needed to authenticate with the server. Create an NSURLCredential object with credentialWithIdentity:certificates:persistence:. Server trust authentication (NSURLAuthenticationMethodServerTrust) requires a trust provided by the protection space of the authentication challenge. Create an NSURLCredential object with credentialForTrust:. After you’ve created the NSURLCredential object: For NSURLSession, pass the object to the authentication challenge’s sender using the provided completion handler block. For NSURLConnection and NSURLDownload, pass the object to the authentication challenge’s sender with useCredential:forAuthenticationChallenge:.
在使用AFNetworking3.0时,如果你访问的是自签名的https地址,那么会要求你把网站的自签名证书加入到工程里,用来验证网站证书。如果你没有这个证书,会报错:
In order to validate a domain name for self signed certificates, you MUST use pinning.
这个[b]pinning,指的是证书锁定,意思就是只有client包含的证书和服务器的证书一致时,才能通过验证。[/b]
[b]AFnetworking 3.0 好像默认会去 程序中寻找所有cer文件,并找符合要求的。也有准确指定的方法:[/b]
AFSecurityPolicy * securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate]; securityPolicy.allowInvalidCertificates = YES; NSString *certificatePath = [[NSBundle mainBundle] pathForResource:@"tomcat" ofType:@"cer"]; NSData *certificateData = [NSData dataWithContentsOfFile:certificatePath]; NSSet *certificateSet = [[NSSet alloc] initWithObjects:certificateData, nil]; [securityPolicy setPinnedCertificates:certificateSet]; manager.securityPolicy = securityPolicy;
这样做的目的就是安全。
系统自带的nsurlsession的证书验证没有这么严格,它把更多的验证任务交给了程序员,如果你自己不去调用其他函数加强验证,系统也不会强制你使用!
相关文章推荐
- [转载]Fiddler监控任意APK的HTTPS请求
- C++ 用libcurl库进行http通讯网络编程
- 从ZooKeeper源代码看如何实现分布式系统(三)高性能的网络编程
- C# post请求 HttpWebRequest
- centos6下httpd2.2的配置
- Android网络请求框架:Android-async-http简单使用
- 网络监控相关的一些命令
- android之Http两种post请求方式
- http-equiv
- HTTP 错误 404.13 - Not Found 请求筛选模块被配置为拒绝超过请求内容长度的请求。
- [Python]网络爬虫(五):urllib2的使用细节与抓站技巧
- CentOS TinyProxy http(s)上网代理及置代理上网的方法
- ping +IP如何判断网络是否连接
- 网络爬虫的实现
- Neural Networks and Deep Learning学习笔记ch1 - 神经网络
- Python]网络爬虫(四):Opener与Handler的介绍和实例应用
- linux网络设备—PHY
- python网络编程——网络IO模型
- Http协议与TCP协议简单理解
- Linux 下curl模拟Http 的get or post请求