39.iOS使用HTTPS
2020-11-11 本文已影响0人
bytebytebyte
1.针对AFN
(1)导出证书
(2)在原来http请求加一句话就OK了
(3)调用Get请求
// Get请求
+ (void)getValueWithGetUrl:(NSString *)url parameters:(NSDictionary *)parameters complete:(completes)complete;
{
AFHTTPSessionManager *manager = [[AFHTTPSessionManager alloc] init];
manager.responseSerializer.acceptableContentTypes = [NSSet setWithObjects:@"application/json", nil];
[manager setSecurityPolicy:[self customSecurityPolicy]];
[manager GET:kUrlstr parameters:parameters
progress:nil
success:^(NSURLSessionDataTask * _Nonnull task, id _Nullable responseObject) {
complete(responseObject);
}
failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) {
SLog(@"%@",[error description]);
complete(@"0");
}];
}
+ (AFSecurityPolicy*)customSecurityPolicy {
// /先导入证书
NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"ca" ofType:@"cer"];//证书的路径
NSData *certData = [NSData dataWithContentsOfFile:cerPath];
// AFSSLPinningModeCertificate 使用证书验证模式
AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
// allowInvalidCertificates 是否允许无效证书(也就是自建的证书),默认为NO
securityPolicy.allowInvalidCertificates = YES;
//validatesDomainName 是否需要验证域名,默认为YES;
securityPolicy.validatesDomainName = NO;
// securityPolicy.validatesCertificateChain = NO;
securityPolicy.pinnedCertificates = [NSSet setWithObjects:certData, nil];
return securityPolicy;
}
2.针对NSURLSession下载
此方法实际上是手动安装证书,不需要倒入证书的;这也是系统方法有点的体现,缺点就是下载有点慢
#define kUrlstrs @"https://192.168.1.159:9091/admin/api.jsp"
-(void)downLoad
{
WS(weakSelf);
NSString *paramPath = [NSString stringWithFormat:@"?method=loadAvatar&username=18337125561"];
NSURL *url = [NSURL URLWithString:[kUrlstrs stringByAppendingString:paramPath]];
NSURLSessionConfiguration *config = [NSURLSessionConfiguration defaultSessionConfiguration];
NSURLSession *session = [NSURLSession sessionWithConfiguration:config delegate:self delegateQueue:[[NSOperationQueue alloc]init]];
NSURLSessionDataTask *dataTask = [session dataTaskWithURL:url completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
NSLog(@"***:%@ %@",data,error);
weakSelf.imageV.image = [UIImage imageWithData:data];
}];
[dataTask resume];
}
遵循下协议NSURLSessionDelegate,上边已经设置了代理,下边是实现方法.
- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * __nullable credential))completionHandler {
// 判断是否是信任服务器证书
if(challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
// 告诉服务器,客户端信任证书
// 创建凭据对象
NSURLCredential *credntial = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
// 通过completionHandler告诉服务器信任证书
if (completionHandler) {
completionHandler(NSURLSessionAuthChallengeUseCredential,credntial);
}
}
// NSLog(@"protectionSpace = %@",challenge.protectionSpace);
}
3.解决SDWebImage的HTTPS问题
NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)解决办法
[self.imageV sd_setImageWithURL:[NSURL URLWithString:@"https://192.168.1.159:9091/admin/api.jsp?method=loadAvatar&username=18805025104"] placeholderImage:[UIImage imageNamed:@"jsy.jpg"] options:SDWebImageAllowInvalidSSLCertificates];