1.實現HTTPS請求 --- 單項驗證
針對于用AFNetworking實現https單向驗證,只需要服務端提供 server.p12
雙擊安裝
打開鑰匙
找到你剛安裝的證書,導出此證書,選擇文件格式為 .cer , 命名隨你(建議使用英文)
19BF395E-69C5-4455-AF6D-D65149D3EF27.png
把生成的 server.cer 拖入你的項目中
代碼(代碼未封裝):
- (void)post:(NSString *)url withParameters:(id)parameters success:(void (^)(NSURLSessionDataTask * _Nonnull task, id _Nullable responseObject))success failure:(void (^)(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error))failure {
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
securityPolicy.allowInvalidCertificates = YES; //是否允許使用自簽名證書
securityPolicy.validatesDomainName = NO; //是否需要驗證域名
self.manager = [[AFHTTPSessionManager alloc] initWithBaseURL:[NSURL URLWithString:url]];
self.manager.responseSerializer = [AFJSONResponseSerializer serializer];
self.manager.securityPolicy = securityPolicy;
self.manager.responseSerializer.acceptableContentTypes = [NSSet setWithObjects:@"application/xml",@"text/html",@"text/xml",@"text/plain",@"application/json",nil];
__weak typeof(self) weakSelf = self;
[self.manager setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession *session, NSURLAuthenticationChallenge *challenge, NSURLCredential *__autoreleasing *_credential) {
/// 獲取服務器的trust object
SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust];
/// 導入自簽名證書
#warning 注意將你的證書加入項目,并把下面名稱改為自己證書的名稱
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"xxx.cer" ofType:@"cer"];
NSData* caCert = [NSData dataWithContentsOfFile:cerPath];
if (!caCert) {
NSLog(@" ===== .cer file is nil =====");
return 0;
}
NSArray *cerArray = @[caCert];
weakSelf.manager.securityPolicy.pinnedCertificates = [NSSet setWithArray:cerArray];
SecCertificateRef caRef = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)caCert);
NSCAssert(caRef != nil, @"caRef is nil");
NSArray *caArray = @[(__bridge id)(caRef)];
NSCAssert(caArray != nil, @"caArray is nil");
/// 將讀取到的證書設置為serverTrust的根證書
OSStatus status = SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)caArray);
SecTrustSetAnchorCertificatesOnly(serverTrust,NO);
NSCAssert(errSecSuccess == status, @"SecTrustSetAnchorCertificates failed");
/// 選擇質詢認證的處理方式
NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;
__autoreleasing NSURLCredential *credential = nil;
/// NSURLAuthenticationMethodServerTrust質詢認證方式
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
/// 基于客戶端的安全策略來決定是否信任該服務器,不信任則不響應質詢。
if ([weakSelf.manager.securityPolicy evaluateServerTrust:challenge.protectionSpace.serverTrust forDomain:challenge.protectionSpace.host]) {
/// 創(chuàng)建質詢證書
credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
/// 確認質詢方式
if (credential) {
disposition = NSURLSessionAuthChallengeUseCredential;
} else {
disposition = NSURLSessionAuthChallengePerformDefaultHandling;
}
} else {
//取消挑戰(zhàn)
disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;
}
} else {
disposition = NSURLSessionAuthChallengePerformDefaultHandling;
}
return disposition;
}];
[self.manager POST:url parameters:parameters success:^(NSURLSessionDataTask * _Nonnull task, id _Nullable responseObject) {
NSLog(@"%@", responseObject);
) {
success(task,responseObject);
}
} failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) {
if (failure) {
failure(task,error);
}
}];
}
以上就是單項驗證的步驟和代碼.
2.實現HTTPS請求 --- 雙向驗證
針對于用AFNetworking實現https單向驗證,只需要服務端提供 server.p12 和 客服端所使用的client.p12
只需要安裝server.p12, 導出server.cer(同單向驗證)
拖入導出的server.cer 和 client.p12 到項目中
具體可以看下github上的demo: https://github.com/StephentTom/-AFNetworking-3.x-HTTPS-.git
