HTTPS网络加密双向验证->使用AFNetworking封装

1.首先使用OC封装请求头 

#import <Foundation/Foundation.h>

#import "AFNetworking.h"

@interface HttpsHandler : NSObject

+ (AFHTTPSessionManager *)setHttpsMange;

@end

2.实现方法

+ (AFHTTPSessionManager *)setHttpsMange;

{

    

    NSString *certFilePath = [[NSBundlemainBundle] pathForResource:@"mykey"ofType:@"cer"];

    NSData *certData = [NSDatadataWithContentsOfFile:certFilePath];

    NSSet *certSet = [NSSetsetWithObject:certData];

    AFSecurityPolicy *policy = [AFSecurityPolicypolicyWithPinningMode:AFSSLPinningModeNonewithPinnedCertificates:certSet];

    policy.allowInvalidCertificates =YES;//是否允许不信任的证书通过验证，默认为NO

    policy.validatesDomainName =NO;//是否验证主机名，默认为YES

    __weakAFHTTPSessionManager *_manager = [AFHTTPSessionManagermanager];

    _manager.securityPolicy = policy;

    _manager.requestSerializer = [AFHTTPRequestSerializerserializer];

    _manager.responseSerializer = [AFHTTPResponseSerializerserializer];

    _manager.requestSerializer = [AFHTTPRequestSerializerserializer];

    _manager.responseSerializer = [AFJSONResponseSerializerserializer];

    [_manager.requestSerializersetValue:@"application/json"forHTTPHeaderField:@"Content-Type"];

    _manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObject:@"application/json"];

    [_manager.requestSerializersetValue:@"application/json"forHTTPHeaderField:@"Accept"];

    _manager.responseSerializer.acceptableContentTypes =  [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/plain", @"text/html",@"application/text",nil];

    //关闭缓存避免干扰测试r

    _manager.requestSerializer.cachePolicy =NSURLRequestReloadIgnoringLocalCacheData;

    [_manager setSessionDidBecomeInvalidBlock:^(NSURLSession *_Nonnull session, NSError * _Nonnull error) {

        NSLog(@"setSessionDidBecomeInvalidBlock");

    }];

    //客户端请求验证重写 setSessionDidReceiveAuthenticationChallengeBlock方法

    __weaktypeof(self)weakSelf =self;

    [_manager setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession*session,NSURLAuthenticationChallenge *challenge,NSURLCredential *__autoreleasing*_credential) {

        NSURLSessionAuthChallengeDisposition disposition =NSURLSessionAuthChallengePerformDefaultHandling;

        __autoreleasingNSURLCredential *credential =nil;

        if([challenge.protectionSpace.authenticationMethodisEqualToString:NSURLAuthenticationMethodServerTrust]) {

            if([_manager.securityPolicyevaluateServerTrust:challenge.protectionSpace.serverTrustforDomain:challenge.protectionSpace.host]) {

                credential = [NSURLCredentialcredentialForTrust:challenge.protectionSpace.serverTrust];

                if(credential) {

                    disposition =NSURLSessionAuthChallengeUseCredential;

                } else {

                    disposition =NSURLSessionAuthChallengePerformDefaultHandling;

                }

            } else {

                disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;

            }

        } else {

            // client authentication

            SecIdentityRef identity =NULL;

            SecTrustRef trust =NULL;

            NSString *p12 = [[NSBundlemainBundle] pathForResource:@"mykey"ofType:@"p12"];

            NSFileManager *fileManager =[NSFileManagerdefaultManager];

            

            if(![fileManagerfileExistsAtPath:p12])

            {

                NSLog(@"client.p12:not exist");

            }

            else

            {

                NSData *PKCS12Data = [NSDatadataWithContentsOfFile:p12];

                

                if ([[weakSelfclass]extractIdentity:&identityandTrust:&trust fromPKCS12Data:PKCS12Data])

                {

                    SecCertificateRef certificate =NULL;

                    SecIdentityCopyCertificate(identity, &certificate);

                    constvoid*certs[] = {certificate};

                    CFArrayRef certArray =CFArrayCreate(kCFAllocatorDefault, certs,1,NULL);

                    credential =[NSURLCredentialcredentialWithIdentity:identitycertificates:(__bridge NSArray*)certArraypersistence:NSURLCredentialPersistencePermanent];

                    disposition =NSURLSessionAuthChallengeUseCredential;

                }

            }

        }

        *_credential = credential;

        return disposition;

    }];

    return _manager;

}

最后   加上这些

+(BOOL)extractIdentity:(SecIdentityRef*)outIdentity andTrust:(SecTrustRef *)outTrust fromPKCS12Data:(NSData *)inPKCS12Data {

    OSStatus securityError =errSecSuccess;

    //client certificate password

    NSDictionary*optionsDictionary = [NSDictionarydictionaryWithObject:@"password"forKey:(__bridgeid)kSecImportExportPassphrase];

    

    CFArrayRef items =CFArrayCreate(NULL,0, 0,NULL);

    securityError = SecPKCS12Import((__bridgeCFDataRef)inPKCS12Data,(__bridgeCFDictionaryRef)optionsDictionary,&items);

    

    if(securityError ==0) {

        CFDictionaryRef myIdentityAndTrust =CFArrayGetValueAtIndex(items,0);

        constvoid*tempIdentity =NULL;

        tempIdentity= CFDictionaryGetValue (myIdentityAndTrust,kSecImportItemIdentity);

        *outIdentity = (SecIdentityRef)tempIdentity;

        constvoid*tempTrust =NULL;

        tempTrust = CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemTrust);

        *outTrust = (SecTrustRef)tempTrust;

    } else {

        NSLog(@"Failedwith error code %d",(int)securityError);

        returnNO;

    }

    returnYES;

}