您的位置:首页 > 理论基础 > 计算机网络

HTTPS网络加密双向验证->使用AFNetworking封装

2017-02-27 14:05 561 查看
1.首先使用OC封装请求头 

#import <Foundation/Foundation.h>

#import "AFNetworking.h"

@interface HttpsHandler :
NSObject

+ (AFHTTPSessionManager *)setHttpsMange;

@end

2.实现方法

+ (AFHTTPSessionManager *)setHttpsMange;

{

    

    NSString *certFilePath = [[NSBundle
mainBundle] pathForResource:@"mykey"
ofType:@"cer"];

    NSData *certData = [NSData
dataWithContentsOfFile:certFilePath];

    NSSet *certSet = [NSSet
setWithObject:certData];

    AFSecurityPolicy *policy = [AFSecurityPolicy
policyWithPinningMode:AFSSLPinningModeNone
withPinnedCertificates:certSet];

    policy.allowInvalidCertificates =
YES;//是否允许不信任的证书通过验证,默认为NO

    policy.validatesDomainName =
NO;//是否验证主机名,默认为YES

    __weak
AFHTTPSessionManager *_manager = [AFHTTPSessionManager
manager];

    _manager.securityPolicy = policy;

    _manager.requestSerializer = [AFHTTPRequestSerializer
serializer];

    _manager.responseS
1374e
erializer = [AFHTTPResponseSerializer
serializer];

    _manager.requestSerializer = [AFHTTPRequestSerializer
serializer];

    _manager.responseSerializer = [AFJSONResponseSerializer
serializer];

    [_manager.requestSerializer
setValue:@"application/json"
forHTTPHeaderField:@"Content-Type"];

    _manager.responseSerializer.acceptableContentTypes = [NSSet
setWithObject:@"application/json"];

    [_manager.requestSerializer
setValue:@"application/json"
forHTTPHeaderField:@"Accept"];

    _manager.responseSerializer.acceptableContentTypes =  [NSSet
setWithObjects:@"application/json",
@"text/json", @"text/javascript",
@"text/plain", @"text/html",@"application/text",
nil];

   
//关闭缓存避免干扰测试r

    _manager.requestSerializer.cachePolicy =
NSURLRequestReloadIgnoringLocalCacheData;

    [_manager setSessionDidBecomeInvalidBlock:^(NSURLSession *
_Nonnull session,
NSError * _Nonnull error) {

        NSLog(@"setSessionDidBecomeInvalidBlock");

    }];

    //客户端请求验证
重写 setSessionDidReceiveAuthenticationChallengeBlock
方法

    __weak
typeof(self)weakSelf =
self;

    [_manager setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession*session,
NSURLAuthenticationChallenge *challenge,
NSURLCredential *__autoreleasing*_credential) {

        NSURLSessionAuthChallengeDisposition disposition =
NSURLSessionAuthChallengePerformDefaultHandling;

        __autoreleasing
NSURLCredential *credential =nil;

        if([challenge.protectionSpace.authenticationMethod
isEqualToString:NSURLAuthenticationMethodServerTrust]) {

            if([_manager.securityPolicy
evaluateServerTrust:challenge.protectionSpace.serverTrust
forDomain:challenge.protectionSpace.host]) {

                credential = [NSURLCredential
credentialForTrust:challenge.protectionSpace.serverTrust];

                if(credential) {

                    disposition =NSURLSessionAuthChallengeUseCredential;

                } else {

                    disposition =NSURLSessionAuthChallengePerformDefaultHandling;

                }

            } else {

                disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;

            }

        } else {

            // client authentication

            SecIdentityRef identity =
NULL;

            SecTrustRef trust =
NULL;

            NSString *p12 = [[NSBundle
mainBundle] pathForResource:@"mykey"ofType:@"p12"];

            NSFileManager *fileManager =[NSFileManager
defaultManager];

            

            if(![fileManager
fileExistsAtPath:p12])

            {

                NSLog(@"client.p12:not exist");

            }

            else

            {

                NSData *PKCS12Data = [NSData
dataWithContentsOfFile:p12];

                

                if ([[weakSelf
class]extractIdentity:&identity
andTrust:&trust fromPKCS12Data:PKCS12Data])

                {

                    SecCertificateRef certificate =
NULL;

                    SecIdentityCopyCertificate(identity, &certificate);

                    const
void*certs[] = {certificate};

                    CFArrayRef certArray =CFArrayCreate(kCFAllocatorDefault,
certs,1,NULL);

                    credential =[NSURLCredential
credentialWithIdentity:identity
certificates:(__bridge 
NSArray*)certArray
persistence:NSURLCredentialPersistencePermanent];

                    disposition =NSURLSessionAuthChallengeUseCredential;

                }

            }

        }

        *_credential = credential;

        return disposition;

    }];

    return _manager;

}

最后   加上这些

+(BOOL)extractIdentity:(SecIdentityRef*)outIdentity andTrust:(SecTrustRef
*)outTrust fromPKCS12Data:(NSData *)inPKCS12Data {

    OSStatus securityError =
errSecSuccess;

    //client certificate password

    NSDictionary*optionsDictionary = [NSDictionary
dictionaryWithObject:@"password"
forKey:(__bridge
id)kSecImportExportPassphrase];

    

    CFArrayRef items =
CFArrayCreate(NULL,
0, 0,
NULL);

    securityError = SecPKCS12Import((__bridge
CFDataRef)inPKCS12Data,(__bridge
CFDictionaryRef)optionsDictionary,&items);

    

    if(securityError ==
0) {

        CFDictionaryRef myIdentityAndTrust =CFArrayGetValueAtIndex(items,0);

        const
void*tempIdentity =NULL;

        tempIdentity= CFDictionaryGetValue (myIdentityAndTrust,kSecImportItemIdentity);

        *outIdentity = (SecIdentityRef)tempIdentity;

        const
void*tempTrust =NULL;

        tempTrust = CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemTrust);

        *outTrust = (SecTrustRef)tempTrust;

    } else {

        NSLog(@"Failedwith error code %d",(int)securityError);

        return
NO;

    }

    return
YES;

}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航