强烈建议先读懂 “图解HTTPS协议加密解密全过程”
目前很多APP都要求支持Https通讯,现在大多APP都是AFN 或者 ASI框架之上实现的网络通讯层。
以下讨论了一下,AFN 和 ASI框架之下,如何实现Http 和 Https兼容(都支持)。(这个知识点虽然不难,但是网上很少有一试就能成功的帖子)
一、首先说一下AFN框架下Https 和 Http的兼容(目前市场上应该大多都是AFN实现的,可能一些老项目仍然采用的ASI项目。也有一些很苦逼的项目,ASI,AFN都用了)
现在网上有很多“iOS9与XCode7中不能使用http连接的解决办法”的贴子,
做法如下:
1.在项目左侧找到Info.plist文件,可以通过Filter来搜索
2.在右侧点击Add Row添加NSAppTransportSecurity,类型为Dictionary,然后再添加子项目NSAllowsArbitraryLoads类行为 Boolean值为YES
按照以上的操作,的确实现了http的支持。但是如果是通过第三方机构生成SSL数字证书比如(https://www.wosign.com/),要实现http,https在AFN构架下同时兼容还不行。(网上有一些通过生成证书,放在App里,实现https的通讯,个人不建议使用此用方案,因为AFN的官网上,指出了修改info.plist文件来实现https通讯。个人按照生成证书,调试AFN框架下的Https通讯,并没有成功)
建议直接用文本工作,打开Info.plist这个xml文件。直接配置如下图信息:
解释一下:
1> IOS9下,对http通讯支持需要添加:
<key>NSAllowsArbitraryLoads</key>
<true/>
2> 如果域名是www.baidu.com的接口,在AFN框架下,要支持https访问,需要添加:
<key>NSExceptionDomains</key>
<dict>
<key>www.baidu.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
</dict>
</dict>
如果Https通信中,SSL数字证书是自己生成的AFN示例代码如下
-(void)httpsForPrivateCer {
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
// 是否允许,NO-- 不允许无效的证书
[securityPolicy setAllowInvalidCertificates:YES];
[securityPolicy setValidatesDomainName:NO];
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
manager.requestSerializer.timeoutInterval = 20;
manager.responseSerializer = [AFHTTPResponseSerializer serializer];
manager.securityPolicy = securityPolicy;
[manager GET:@"https://123.57.207.198/appservice/server/list" parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject){
NSString *result = [[ NSString alloc] initWithData:responseObject encoding:NSUTF8StringEncoding];
NSLog(@"%@",result);
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
NSLog(@"error come here");
}];
}
如果是通过第三方机构生成SSL数字证书比如(https://www.wosign.com/),AFN示例代码如下
-(void)httpsForPublicCer {
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
// 是否允许,NO-- 不允许无效的证书
[securityPolicy setAllowInvalidCertificates:YES];
[securityPolicy setValidatesDomainName:NO];
AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
manager.requestSerializer.timeoutInterval = 20;
manager.responseSerializer = [AFHTTPResponseSerializer serializer];
manager.securityPolicy = securityPolicy;
[manager POST:@"https://www.baidu.com/home/subscribe/data/manlotteryuserdata?indextype=manht&_req_seqid=0x933251bb0002c2f5&asyn=1&t=1458805039282&sid=18880_18285_1426_17943_18205_17000_15718_12187" parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject){
NSString *result =[[ NSString alloc] initWithData:responseObject encoding:NSUTF8StringEncoding];
NSLog(@"%@",result);
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
NSLog(@"error come here");
}];
}
二、相比之下,ASI框架下的http 和 https的兼容就显得相当的Easy
[request setValidatesSecureCertificate:NO];