HTTPS网络加密双向验证->使用AFNetworking封装
来源:互联网 发布:淘宝售后客服工作时间 编辑:程序博客网 时间:2024/04/29 05:28
1.首先使用OC封装请求头
#import <Foundation/Foundation.h>
#import "AFNetworking.h"
@interface HttpsHandler : NSObject
+ (AFHTTPSessionManager *)setHttpsMange;
@end
+ (AFHTTPSessionManager *)setHttpsMange;
{
NSString *certFilePath = [[NSBundlemainBundle] pathForResource:@"mykey"ofType:@"cer"];
NSData *certData = [NSDatadataWithContentsOfFile:certFilePath];
NSSet *certSet = [NSSetsetWithObject:certData];
AFSecurityPolicy *policy = [AFSecurityPolicypolicyWithPinningMode:AFSSLPinningModeNonewithPinnedCertificates:certSet];
policy.allowInvalidCertificates =YES;//是否允许不信任的证书通过验证,默认为NO
policy.validatesDomainName =NO;//是否验证主机名,默认为YES
__weakAFHTTPSessionManager *_manager = [AFHTTPSessionManagermanager];
_manager.securityPolicy = policy;
_manager.requestSerializer = [AFHTTPRequestSerializerserializer];
_manager.responseSerializer = [AFHTTPResponseSerializerserializer];
_manager.requestSerializer = [AFHTTPRequestSerializerserializer];
_manager.responseSerializer = [AFJSONResponseSerializerserializer];
[_manager.requestSerializersetValue:@"application/json"forHTTPHeaderField:@"Content-Type"];
_manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObject:@"application/json"];
[_manager.requestSerializersetValue:@"application/json"forHTTPHeaderField:@"Accept"];
_manager.responseSerializer.acceptableContentTypes = [NSSetsetWithObjects:@"application/json",@"text/json", @"text/javascript",@"text/plain", @"text/html",@"application/text",nil];
//关闭缓存避免干扰测试r
_manager.requestSerializer.cachePolicy =NSURLRequestReloadIgnoringLocalCacheData;
[_manager setSessionDidBecomeInvalidBlock:^(NSURLSession *_Nonnull session, NSError * _Nonnull error) {
NSLog(@"setSessionDidBecomeInvalidBlock");
}];
//客户端请求验证重写 setSessionDidReceiveAuthenticationChallengeBlock方法
__weaktypeof(self)weakSelf =self;
[_manager setSessionDidReceiveAuthenticationChallengeBlock:^NSURLSessionAuthChallengeDisposition(NSURLSession*session,NSURLAuthenticationChallenge *challenge,NSURLCredential *__autoreleasing*_credential) {
NSURLSessionAuthChallengeDisposition disposition =NSURLSessionAuthChallengePerformDefaultHandling;
__autoreleasingNSURLCredential *credential =nil;
if([challenge.protectionSpace.authenticationMethodisEqualToString:NSURLAuthenticationMethodServerTrust]) {
if([_manager.securityPolicyevaluateServerTrust:challenge.protectionSpace.serverTrustforDomain:challenge.protectionSpace.host]) {
credential = [NSURLCredentialcredentialForTrust:challenge.protectionSpace.serverTrust];
if(credential) {
disposition =NSURLSessionAuthChallengeUseCredential;
} else {
disposition =NSURLSessionAuthChallengePerformDefaultHandling;
}
} else {
disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;
}
} else {
// client authentication
SecIdentityRef identity =NULL;
SecTrustRef trust =NULL;
NSString *p12 = [[NSBundlemainBundle] pathForResource:@"mykey"ofType:@"p12"];
NSFileManager *fileManager =[NSFileManagerdefaultManager];
if(![fileManagerfileExistsAtPath:p12])
{
NSLog(@"client.p12:not exist");
}
else
{
NSData *PKCS12Data = [NSDatadataWithContentsOfFile:p12];
if ([[weakSelfclass]extractIdentity:&identityandTrust:&trust fromPKCS12Data:PKCS12Data])
{
SecCertificateRef certificate =NULL;
SecIdentityCopyCertificate(identity, &certificate);
constvoid*certs[] = {certificate};
CFArrayRef certArray =CFArrayCreate(kCFAllocatorDefault, certs,1,NULL);
credential =[NSURLCredentialcredentialWithIdentity:identitycertificates:(__bridge NSArray*)certArraypersistence:NSURLCredentialPersistencePermanent];
disposition =NSURLSessionAuthChallengeUseCredential;
}
}
}
*_credential = credential;
return disposition;
}];
return _manager;
}
+(BOOL)extractIdentity:(SecIdentityRef*)outIdentity andTrust:(SecTrustRef *)outTrust fromPKCS12Data:(NSData *)inPKCS12Data {
OSStatus securityError =errSecSuccess;
//client certificate password
NSDictionary*optionsDictionary = [NSDictionarydictionaryWithObject:@"password"forKey:(__bridgeid)kSecImportExportPassphrase];
CFArrayRef items =CFArrayCreate(NULL,0, 0,NULL);
securityError = SecPKCS12Import((__bridgeCFDataRef)inPKCS12Data,(__bridgeCFDictionaryRef)optionsDictionary,&items);
if(securityError ==0) {
CFDictionaryRef myIdentityAndTrust =CFArrayGetValueAtIndex(items,0);
constvoid*tempIdentity =NULL;
tempIdentity= CFDictionaryGetValue (myIdentityAndTrust,kSecImportItemIdentity);
*outIdentity = (SecIdentityRef)tempIdentity;
constvoid*tempTrust =NULL;
tempTrust = CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemTrust);
*outTrust = (SecTrustRef)tempTrust;
} else {
NSLog(@"Failedwith error code %d",(int)securityError);
returnNO;
}
returnYES;
}
- HTTPS网络加密双向验证->使用AFNetworking封装
- ios AFNetworking https 双向证书验证实现
- HTTPS接口加密和身份认证 使用AFNetworking进行双向认证
- iOS开发 - 用AFNetworking实现https单向验证,双向验证
- iOS封装HTTPS双向和单向验证
- AFNetworking 2.0 网络请求封装使用
- https双向加密认证
- 封装网络请求(AFNetworking)
- HttpsUrlConnection https双向验证
- 网络编程六:https请求(双向验证)
- AFNetWorking 中使用HTTPS
- AFNetWorking之HTTPS使用
- afnetworking使用https
- AFNetworking 使用https
- Tomcat配置https单向双向认证,iOS加密解密验证,iOS访问HTTPS
- Tomcat配置https单向双向认证,iOS加密解密验证,iOS访问HTTPS
- Tomcat配置https单向双向认证,iOS加密解密验证,iOS访问HTTPS
- iOS https 证书双向认证 Afnetworking
- android的多渠道打包
- <15>python学习笔记——类和面向对象
- iOS多线程篇:NSThread
- CSS3的border-radius的使用详解
- ListView头部嵌套ListView显示不全解决方法
- HTTPS网络加密双向验证->使用AFNetworking封装
- 第九章-魔法模块、属性和迭代器——python基础教程(第二版)笔记
- Delta3d组件机制
- WebView(原生)与Js 交互 基本与高级用法
- Pycharm 2016 3.1注册码 到2018年
- Linux命令之ln命令
- ubuntu学习—— ls-l 详解
- BeanFactory not initialized or already closed
- AlertDialog中的一些问题