应苹果要求,将http转换成https,本文介绍的是如何配置自签名证书,将http转换成https。
获取.cer证书文件
<1>首先从后台那拿到.crt文件,然后打开终端,cd 到该.crt文件所在的文件目录,再使用如下命令:
openssl x509 -in wangfu.crt -out wangfu.cer -outform der(假设文件名是wangfu.crt)
你会得到我们的目标文件,wangfu.cer。
<2>将得到wangfu.cer文件,放入我门的工程里面。
配置AFNetWorking(这里以AFNetWorking3.1.0版本为例)
在你的网络工具类里面添加如下代码即可:
/***配置https***/
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"wangfu" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
securityPolicy.allowInvalidCertificates = YES;
securityPolicy.validatesDomainName = NO;
NSSet *set = [[NSSet alloc] initWithObjects:certData, nil];
securityPolicy.pinnedCertificates = set;
self.securityPolicy = securityPolicy;注意:我封装的网络工具类是基于AFNetWorking3.1.0版本的,继承AFHTTPSessionManager。
afn网络请求配置到此结束。
配置原生的网络请求
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]
delegate:self delegateQueue:[NSOperationQueue mainQueue]];
[[session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
NSDictionary *dict = [NSJSONSerialization JSONObjectWithData:data options:NSJSONReadingAllowFragments error:nil];
callback(dict,error);
}] resume];这里先设置好delegate,并且开启任务。
/***配置原生的https***/
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
}
else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate])
{
//客户端证书认证,https进行配置
NSString *path = [[NSBundle mainBundle]pathForResource:@"wangfu"ofType:@"cer"];
NSData *p12data = [NSData dataWithContentsOfFile:path];
CFDataRef inP12data = (__bridge CFDataRef)p12data;
SecIdentityRef myIdentity;
OSStatus status = [self extractIdentity:inP12data toIdentity:&myIdentity];
if (status != 0) {
return;
}
SecCertificateRef myCertificate;
SecIdentityCopyCertificate(myIdentity, &myCertificate);
const void *certs[] = { myCertificate };
CFArrayRef certsArray =CFArrayCreate(NULL, certs,1,NULL);
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity certificates:(__bridge NSArray*)certsArray persistence:NSURLCredentialPersistencePermanent];
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
}
}
-(OSStatus)extractIdentity:(CFDataRef)inP12Data toIdentity:(SecIdentityRef*)identity {
OSStatus securityError = errSecSuccess;
CFStringRef password = CFSTR("123456");
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
securityError = SecPKCS12Import(inP12Data, options, &items);
if (securityError == 0)
{
CFDictionaryRef ident = CFArrayGetValueAtIndex(items,0);
const void *tempIdentity = NULL;
tempIdentity = CFDictionaryGetValue(ident, kSecImportItemIdentity);
*identity = (SecIdentityRef)tempIdentity;
}
else
{
NSLog(@"wangfu.cer error!");
}
if (options) {
CFRelease(options);
}
return securityError;
}实现代理方法,并且在代理方法添加如上的代码。相信代码你能看懂。原生网络请求配置到此结束。
加载网络图片
替换成https网络请求之后,网络图片的链接也会从http变成https,之前的加载图片的方式就不能把图片显示出来了。这里以SD_WebImage为例。将之前的代码替换成下面的代码即可。
NSString *url = [NSString stringWithFormat:@"%@",data[@"url"]];
[self.qrCodeImageView sd_setImageWithURL:[NSURL URLWithString:url] placeholderImage:nil options:SDWebImageAllowInvalidSSLCertificates];这是我的一些总结,欢饮指正。
814
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
