HTTPS和RSA结合的数据安全传递

来源：互联网发布：淘宝服饰店铺推荐编辑：程序博客网时间：2024/06/06 00:15

一 . 客户端和服务器必须进行安全的HTTPS数据传递

服务器端：要到固定的CA证书机构去生成根证书，存放在服务器和客户端

客户端：除了存放根证书外，还要进行使用NSURLConnection 和NSURLSession 相应的HTTPS请求设置

二.iOS 中代码基于HTTPS的安全请求

1. NSURLConnection 的HTTPS请求

start request

{

_urlConnection = [[NSURLConnectionalloc] initWithRequest:_requestdelegate:self];

[_urlConnectionstart];

}

#pragma mark - NURLConnection delegate

// We use this method is to accept an untrusted site which unfortunately we need to do, as our PVM servers are self signed.

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace

{

DLog(@"%s",__func__);

return [protectionSpace.authenticationMethodisEqualToString:NSURLAuthenticationMethodServerTrust];

}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;

{

NSLog(@"WebController Got auth challange via NSURLConnection");

DLog(@"%s",__func__);

if ([challengepreviousFailureCount] ==0)

{

_authenticated =YES;

NSURLCredential *credential = [NSURLCredentialcredentialForTrust:challenge.protectionSpace.serverTrust];

[challenge.senderuseCredential:credentialforAuthenticationChallenge:challenge];

} else

{

[[challenge sender]cancelAuthenticationChallenge:challenge];

}

- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;

{

NSLog(@"WebController received response via NSURLConnection");

NSHTTPURLResponse *repose= (NSHTTPURLResponse *)response;

if(repose.statusCode !=200)

{

[NetworkErrorViewshowNetworkErrorViewInView:self.viewerrorStr:@"网络出错啦"SelectBlock:^{

[selfstartRequestUrl];

}];

return;

}

if([self.webView.request.URL.absoluteStringcontainsString:@"https://qiangui.58.com/changewbid"])

{

return;

}

DLog(@"%s",__func__);

// remake a webview call now that authentication has passed ok.

_authenticated =YES;

[_webViewloadRequest:_request];

// Cancel the URL connection otherwise we double up (webview + url connection, same url = no good!)

[_urlConnectioncancel];

}

2. NSURLSession 的HTTPS的请求

- (void)startRequestWithUrl:(NSString *)url

{

NSURL *URL = [NSURLURLWithString:url];

NSURLSessionDownloadTask *task = [self.sessiondownloadTaskWithURL:URL];

[task resume];

}

// NSURLSessionAuthChallengeUseCredential = 0, 使用（信任）证书

// NSURLSessionAuthChallengePerformDefaultHandling = 1, 默认，忽略

// NSURLSessionAuthChallengeCancelAuthenticationChallenge = 2, 取消

// NSURLSessionAuthChallengeRejectProtectionSpace = 3, 这次取消，下载次还来问

// 工作中直接复制这一段代理Ok了

// 金融公司

// https 第一段认证过程

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition,NSURLCredential * _Nullable))completionHandler{

NSLog(@"%s",__func__);

NSURLSessionAuthChallengeDisposition disposition =NSURLSessionAuthChallengePerformDefaultHandling;

__blockNSURLCredential *credential =nil;

if ([challenge.protectionSpace.authenticationMethodisEqualToString:NSURLAuthenticationMethodServerTrust]) {

credential = [NSURLCredentialcredentialForTrust:challenge.protectionSpace.serverTrust];

if (credential) {

disposition = NSURLSessionAuthChallengeUseCredential;

} else {

disposition = NSURLSessionAuthChallengePerformDefaultHandling;

}

} else {

disposition = NSURLSessionAuthChallengePerformDefaultHandling;

}

if (completionHandler) {

completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, credential);

}

// https 第二段认证过程

//- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge

// completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * __nullable credential))completionHandler {

// NSLog(@"%@",challenge.protectionSpace);

// // 如果是请求证书信任，我们再来处理，其他的不需要处理

// if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {

// NSURLCredential *cre = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];

// // 调用block

// completionHandler(NSURLSessionAuthChallengeUseCredential,cre);

// }

//}

- (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)dataTask didReceiveData:(NSData *)data {

NSLog(@"%s",__func__);

NSLog(@"%@",[[NSStringalloc]initWithData:dataencoding:NSUTF8StringEncoding]);

}

- (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask

didWriteData:(int64_t)bytesWritten

totalBytesWritten:(int64_t)totalBytesWritten

totalBytesExpectedToWrite:(int64_t)totalBytesExpectedToWrite {

NSLog(@"%s",__func__);

float percent = (float)totalBytesWritten/totalBytesExpectedToWrite;

NSLog(@"%f",percent);

}

- (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask

didFinishDownloadingToURL:(NSURL *)location {

NSLog(@"%s",__func__);

// 下载完成之后，把相应的文件从临时文件拷贝到Caches目录中，因为临时目录的文件会在程序杀死时被杀死

NSString *dirPath = [NSSearchPathForDirectoriesInDomains(NSCachesDirectory,NSUserDomainMask, YES) firstObject];

NSString *path = [dirPathstringByAppendingPathComponent:@"1.mp3"];

NSFileManager *manager = [NSFileManagerdefaultManager];

if ([managerfileExistsAtPath:path isDirectory:NO]) {

[manager removeItemAtPath:patherror:nil];

}

[manager moveItemAtPath:[locationpath] toPath:patherror:nil];

}

- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task

didCompleteWithError:(NSError *)error {

NSLog(@"%s:%lu",__func__,error.code);

}

三.使用MD5和RSA进行公钥私钥的加密请求过程

如果在传输的过程中，不管是私钥串还是原文件被修改，在客户端比对时，都会失败，从而提高数据传输的安全性

0 0