一 . 客户端和服务器必须进行安全的HTTPS数据传递
服务器端: 要到固定的CA证书机构去生成根证书,存放在服务器和客户端
客户端:除了存放根证书外,还要进行使用NSURLConnection 和NSURLSession 相应的HTTPS请求设置
二.iOS 中代码基于HTTPS的安全请求
1. NSURLConnection 的HTTPS请求
start request
{
_urlConnection = [[NSURLConnection alloc] initWithRequest:_request delegate:self];
[_urlConnection start];
}
#pragma mark - NURLConnection delegate
// We use this method is to accept an untrusted site which unfortunately we need to do, as our PVM servers are self signed.
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
DLog(@"%s",__func__);
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;
{
NSLog(@"WebController Got auth challange via NSURLConnection");
DLog(@"%s",__func__);
if ([challenge previousFailureCount] == 0)
{
_authenticated = YES;
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
} else
{
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}
- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
NSLog(@"WebController received response via NSURLConnection");
NSHTTPURLResponse *repose= (NSHTTPURLResponse *)response;
if(repose.statusCode != 200)
{
[NetworkErrorView showNetworkErrorViewInView:self.view errorStr:@"网络出错啦" SelectBlock:^{
[self startRequestUrl];
}];
return;
}
if([self.webView.request.URL.absoluteString containsString:@"https://qiangui.58.com/changewbid"])
{
return;
}
DLog(@"%s",__func__);
// remake a webview call now that authentication has passed ok.
_authenticated = YES;
[_webView loadRequest:_request];
// Cancel the URL connection otherwise we double up (webview + url connection, same url = no good!)
[_urlConnection cancel];
}
2. NSURLSession 的HTTPS的请求
- (void)startRequestWithUrl:(NSString *)url
{
NSURL *URL = [NSURL URLWithString:url];
NSURLSessionDownloadTask *task = [self.session downloadTaskWithURL:URL];
[task resume];
}
// NSURLSessionAuthChallengeUseCredential = 0, 使用(信任)证书
// NSURLSessionAuthChallengePerformDefaultHandling = 1, 默认,忽略
// NSURLSessionAuthChallengeCancelAuthenticationChallenge = 2, 取消
// NSURLSessionAuthChallengeRejectProtectionSpace = 3, 这次取消,下载次还来问
// 工作中直接复制这一段代理Ok了
// 金融公司
// https 第一段认证过程
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler{
NSLog(@"%s",__func__);
NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;
__block NSURLCredential *credential = nil;
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
if (credential) {
disposition = NSURLSessionAuthChallengeUseCredential;
} else {
disposition = NSURLSessionAuthChallengePerformDefaultHandling;
}
} else {
disposition = NSURLSessionAuthChallengePerformDefaultHandling;
}
if (completionHandler) {
completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, credential);
}
}
// https 第二段认证过程
//- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge
// completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * __nullable credential))completionHandler {
// NSLog(@"%@",challenge.protectionSpace);
// // 如果是请求证书信任,我们再来处理,其他的不需要处理
// if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
// NSURLCredential *cre = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
// // 调用block
// completionHandler(NSURLSessionAuthChallengeUseCredential,cre);
// }
//
//
//}
- (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)dataTask didReceiveData:(NSData *)data {
NSLog(@"%s",__func__);
NSLog(@"%@",[[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding]);
}
- (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask
didWriteData:(int64_t)bytesWritten
totalBytesWritten:(int64_t)totalBytesWritten
totalBytesExpectedToWrite:(int64_t)totalBytesExpectedToWrite {
NSLog(@"%s",__func__);
float percent = (float)totalBytesWritten/totalBytesExpectedToWrite;
NSLog(@"%f",percent);
}
- (void)URLSession:(NSURLSession *)session downloadTask:(NSURLSessionDownloadTask *)downloadTask
didFinishDownloadingToURL:(NSURL *)location {
NSLog(@"%s",__func__);
// 下载完成之后,把相应的文件从临时文件拷贝到Caches 目录中,因为临时目录的文件会在程序杀死时被杀死
NSString *dirPath = [NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES) firstObject];
NSString *path = [dirPath stringByAppendingPathComponent:@"1.mp3"];
NSFileManager *manager = [NSFileManager defaultManager];
if ([manager fileExistsAtPath:path isDirectory:NO]) {
[manager removeItemAtPath:path error:nil];
}
[manager moveItemAtPath:[location path] toPath:path error:nil];
}
- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task
didCompleteWithError:(NSError *)error {
NSLog(@"%s:%lu",__func__,error.code);
}
如果在传输的过程中,不管是私钥串还是原文件被修改,在客户端比对时,都会失败,从而提高数据传输的安全性