一个app是否做到强大的加密方式,需要一个好的后台支撑,我有幸我们公司后台哥是珍爱网出来的大神,第一次知道用到除了以前md5 base64 等等单向加密还有ssl认证加密,一般来讲如果app用了web service , 我们需要防止数据嗅探来保证数据安全.通常的做法是用ssl来连接以防止数据抓包和嗅探,其实但心的黑客用伪造的ssl认证链接伪造的服务器上。
1.话不多说,首先你得要你后台给提供他的证书
2.拖到你的项目管理里面,这是你要做的,记住的项目是.cer结尾的证书。
3.我用到的是AFNetwrking这个框架。如果你自己用NSURLSession一样。
4.贴上代码
- #import "MyDataService.h"
-
- #import "AFNetworking.h"
-
-
- #define BASE_URL @"xxxxxxxxx/"
-
-
-
-
-
-
- #define LXPopenHttpsSSL YES
-
-
-
- #define LXPcertificate @"mykey"
-
-
- @implementation MyDataService
-
- + (NSURLSessionDataTask *)requestURL:(NSString *)urlstring
- httpMethod:(NSString *)method
- params:(NSDictionary *)params
- completion:(void(^)(id result,NSError *error))block {
-
-
- NSString *url = [BASE_URL stringByAppendingString:urlstring];
- #pragma mark - 设备唯一标识
- NSString *identifierForVendor = [[UIDevice currentDevice].identifierForVendor UUIDString];
- #pragma mark - 设备信号
- NSString * strModel = [UIDevice currentDevice].model;
-
- NSLog(@"%@",identifierForVendor);
- NSLog(@"%@",strModel);
-
-
-
-
- AFHTTPSessionManager *af = [AFHTTPSessionManager manager];
-
- NSString *userId1 = [[NSUserDefaults standardUserDefaults] objectForKey:@"user_id"];
- NSString *token = [LXPTokenManager accessToken];
-
- NSInteger aa =[userId1 integerValue];
- NSLog(@"%@",userId1);
-
-
- if ([urlstring isEqualToString:@"noauth/loginUser.do"]||[urlstring isEqualToString:@"noauth/getProvideTypeList.do"]||[urlstring isEqualToString:@"noauth/addUser.do"]) {
-
- [af.requestSerializer setValue:identifierForVendor forHTTPHeaderField:@"identify"];
- [af.requestSerializer setValue:identifierForVendor forHTTPHeaderField:@"deviceid"];
- [af.requestSerializer setValue:@"1" forHTTPHeaderField:@"appId"];
- [af.requestSerializer setValue:@"iOS" forHTTPHeaderField:@"client"];
-
-
-
- }else{
-
-
- [af.requestSerializer setValue:identifierForVendor forHTTPHeaderField:@"identify"];
- [af.requestSerializer setValue:identifierForVendor forHTTPHeaderField:@"deviceid"];
- [af.requestSerializer setValue:@"1" forHTTPHeaderField:@"appId"];
- [af.requestSerializer setValue:@"iOS"forHTTPHeaderField:@"client"];
- NSLog(@"%@",userId1);
-
- [af.requestSerializer setValue:[NSString stringWithFormat:@"%@",userId1] forHTTPHeaderField:@"userId"];
- [af.requestSerializer setValue:token forHTTPHeaderField:@"token"];
-
-
-
- }
-
- af.requestSerializer.timeoutInterval = 10;
-
-
-
-
-
- af.responseSerializer = [AFHTTPResponseSerializer serializer];
-
- if(LXPopenHttpsSSL)
- {
- [af setSecurityPolicy:[self customSecurityPolicy]];
- }
-
-
- NSURLSessionDataTask *task = nil;
-
-
- if ([method caseInsensitiveCompare:@"GET"] == NSOrderedSame) {
-
-
- task = [af GET:url parameters:params success:^(NSURLSessionDataTask *task, id responseObject) {
-
- block(responseObject,nil);
- NSString *string = [[NSString alloc] initWithData:responseObject encoding:NSUTF8StringEncoding];
- NSLog(@"string _____________%@", string);
-
-
-
- } failure:^(NSURLSessionDataTask *task, NSError *error) {
-
- block(nil,error);
-
- }];
-
-
- }
- else if([method caseInsensitiveCompare:@"POST"] == NSOrderedSame) {
-
-
- task = [af POST:url parameters:params success:^(NSURLSessionDataTask *task, id responseObject) {
-
- block(responseObject,nil);
-
-
-
-
- } failure:^(NSURLSessionDataTask *task, NSError *error) {
-
- block(nil,error);
-
- }];
-
- }
-
- return task;
-
- }
-
-
- + (AFSecurityPolicy*)customSecurityPolicy
- {
-
- NSString *cerPath = [[NSBundle mainBundle] pathForResource:LXPcertificate ofType:@"cer"];
- NSData *certData = [NSData dataWithContentsOfFile:cerPath];
- NSLog(@"====%@",certData);
- NSString *string;
-
- string = [[NSString alloc] initWithData:certData encoding:NSUTF8StringEncoding];
- NSLog(@"数据%@",string);
-
-
-
-
-
-
-
-
-
-
- AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
-
-
-
- securityPolicy.allowInvalidCertificates = YES;
-
-
-
-
-
- securityPolicy.validatesDomainName = NO;
-
- securityPolicy.pinnedCertificates = @[certData];
-
- return securityPolicy;
- }
接下来,我们通过Charles抓取数据,抓到的数据已经加密。