Apple 开发者要进行https的使用了,虽然被延期了,但是apple推出了这项措施,还是表明要推行的,虽然目前被延期了,但是考虑一下,推行https是必须的趋势,到现在考虑了一下移动端需要做的事情,真的不多,端口有我们的事情么。没有,环境需要我们搭建么,不需要,我们做什么,我们就要把后台或者说搭建https的人把它们的crt证书发给我们。还有密码,然后导入到我们的钥匙串里面,导出cer证书,然后拉进项目里,是add new file的那种,还要看build phases里面的编译进去了么,这个是重点。
然后(这段是对AFN的使用者说的)在我们请求的基类里面添加这些东西:直接上代码,废话不多说
-(id)init
{
self = [superinit];
if (self) {
_manager = [AFHTTPSessionManagermanager];
}
returnself;
}
-(void)postWithPath:(NSString *)path
params:(NSDictionary *)params
vc:(UIViewController *)vc//VC为show-->视图 赋值为--->self
success:(void (^)(NSURLSessionTask *task,id responseObject))success
failure:(void (^)(NSURLSessionTask *task,id responseObject))failure
{
NSLog(@"URL -- %@%@",NetPerfix,path);
NSLog(@"请求参数:%@",params);
if (vc !=nil) {
[SVProgressHUDshowWithStatus:@"载入中..."];
}
NSString *url=[NSStringstringWithFormat:@"%@%@",NetPerfix,path];
NSLog(@"请求url......%@",url);
// 加上这行代码,https ssl验证,等待后台搭建https成功后在使用,将cer证书拖进项目,名字是:https.cer就可以使用https了
// [_manager setSecurityPolicy:[self customSecurityPolicy]];
[_managerPOST:url
parameters:params
progress:nil
success:^(NSURLSessionDataTask *_Nonnull task,id _Nullable responseObject) {
NSLog(@"errorMessage---%@",responseObject[@"msg"]);
NSLog(@"Path---%@",path);
if ([responseObject[@"resultscode"]intValue] ==2) {
[selfisChenckOutWithVC:vc];
[SVProgressHUDdismiss];
return ;
}else{
if ([responseObject[@"resultscode"]intValue] ==1) {
[SVProgressHUDdismiss];
success(task,responseObject);
return ;
}elseif([responseObject[@"resultscode"]intValue] == 0){
[selfshowErrorWithVC:vcwithMessag:[NSStringstringWithFormat:@"%@",responseObject[@"errorMessage"]]];
[SVProgressHUDdismiss];
return ;
}
}
if (vc !=nil)
{
[SVProgressHUDdismiss];
}
} failure:^(NSURLSessionDataTask *_Nullable task,NSError *_Nonnull error) {
NSLog(@"error -- %@",[error localizedDescription]);
if (vc !=nil) {
[SVProgressHUDdismiss];
[vc showToast:[errorlocalizedDescription]];
}
failure(task,error);
}];
}
- (AFSecurityPolicy*)customSecurityPolicy
{
// /先导入证书
NSString *cerPath = [[NSBundlemainBundle]pathForResource:@"https"ofType:@"cer"];//证书的路径
NSData *certData = [NSDatadataWithContentsOfFile:cerPath];
// AFSSLPinningModeCertificate使用证书验证模式
AFSecurityPolicy *securityPolicy = [AFSecurityPolicypolicyWithPinningMode:AFSSLPinningModeCertificate];
// allowInvalidCertificates是否允许无效证书(也就是自建的证书),默认为NO
// 如果是需要验证自建证书,需要设置为YES
securityPolicy.allowInvalidCertificates =YES;
//validatesDomainName 是否需要验证域名,默认为YES;
//假如证书的域名与你请求的域名不一致,需把该项设置为NO;如设成NO的话,即服务器使用其他可信任机构颁发的证书,也可以建立连接,这个非常危险,建议打开。
//置为NO,主要用于这种情况:客户端请求的是子域名,而证书上的是另外一个域名。因为SSL证书上的域名是独立的,假如证书上注册的域名是www.google.com,那么mail.google.com是无法验证通过的;当然,有钱可以注册通配符的域名*.google.com,但这个还是比较贵的。
//如置为NO,建议自己添加对应域名的校验逻辑。
securityPolicy.validatesDomainName =NO;
securityPolicy.pinnedCertificates =@[certData];
return securityPolicy;
}
// 加上这行代码,https ssl 验证,等待后台搭建https成功后在使用,将cer证书拖进项目,名字是:https.cer就可以使用https了
// [_manager setSecurityPolicy:[self customSecurityPolicy]];
- (AFSecurityPolicy*)customSecurityPolicy这个是证书
NSString *urlString = @"https://svn.sqzht.com:8443/fsb/inter/GoodsInter?flag=14&id=3247&rebaty=2";
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"tomcat" ofType:@"cer"];
NSData * certData =[NSData dataWithContentsOfFile:cerPath];
NSSet * certSet = [[NSSet alloc] initWithObjects:certData, nil];
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
// 是否允许,NO-- 不允许无效的证书
[securityPolicy setAllowInvalidCertificates:YES];
// 设置证书
[securityPolicy setPinnedCertificates:certSet];
AFHTTPSessionManager *manager = [AFHTTPSessionManager manager];
manager.securityPolicy = securityPolicy;
manager.responseSerializer = [AFHTTPResponseSerializer serializer];
// request
[manager GET:urlString parameters:nil progress:^(NSProgress * progress){
} success:^(NSURLSessionDataTask *task, id responseObject) {
NSArray * array = [NSJSONSerialization JSONObjectWithData:responseObject options:NSJSONReadingMutableLeaves error:nil];
NSLog(@"OK === %@",array);
} failure:^(NSURLSessionDataTask *task, NSError *error) {
NSLog(@"error ==%@",error.description);
}];