【Https】iOS 端两种Https数据传输加密方法

2025-02-17 技术教程

http数据传输传输的是明文，未进行加密的数据链可以在网络中设置代理进行截取，尽管会有token等验证手段，但数据被监听还是不可避免的，这点使用网络抓包软件就能做到。

而对于https数据加密后传输的数据，抓到的数据包都只是乱码，安全性大幅提高，也是当前大势所趋。

下面就介绍一下使用ASIHttpRequest 和 AFNetworking两种三方库进行https加密的方式。

原料： 1、相应的ASIHttpRequest、AFNetworking配置完成 2、相应的证书文件

一、ASIHttpRequest

` /测试https接口/
(void)testClientCertificate { NSURL *httpsUrl = [NSURL URLWithString:@"https://www.XXXXX.com/method.php"];

ASIHTTPRequest*request=[ASIHTTPRequestrequestWithURL:httpsUrl];SecIdentityRefidentity=NULL;SecTrustReftrust=NULL;NSData*cerData=[NSDatadataWithContentsOfFile:[[NSBundlemainBundle]pathForResource:@"证书文件名"ofType:@"文件类型"]];[[selfclass]extractIdentity:&identityandTrust:&trustfromPKCS12Data:cerData];request=[ASIHTTPRequestrequestWithURL:httpsUrl];[requestsetClientCertificateIdentity:identity];

/是否验证服务器端证书，如果此项为yes那么服务器端证书必须为合法的证书机构颁发的，而不能是自己用openssl 或java生成的证书/

[requestsetValidatesSecureCertificate:NO];[requestsetRequestMethod:@"GET"];[requeststartSynchronous];NSError*error=[requesterror];if(!error){NSString*response=[requestresponseString];NSLog(@"responseis:%@",response);NSLog(@"获取数据成功");}

else {

NSLog(@"Failedtosavetodatastore:%@",[errorlocalizedDescription]);NSLog(@"%@",[erroruserInfo]);}

}

/提取证书/

(BOOL)extractIdentity:(SecIdentityRef)identityRef andTrust:(SecTrustRef)trustRef fromPKCS12Data:(NSData *)CerData {

OSStatus securityError = errSecSuccess;

NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"证书密码" forKey:(id)kSecImportExportPassphrase];

CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);

securityError = SecPKCS12Import((CFDataRef)CerData,(CFDictionaryRef)optionsDictionary,&items);

if (securityError == 0) {

CFDictionaryRefmyIdentityAndTrust=CFArrayGetValueAtIndex(items,0);constvoid*tempIdentity=NULL;tempIdentity=CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemIdentity);*identityRef=(SecIdentityRef)tempIdentity;constvoid*tempTrust=NULL;tempTrust=CFDictionaryGetValue(myIdentityAndTrust,kSecImportItemTrust);*trustRef=(SecTrustRef)tempTrust;

} else {

NSLog(@"Failedwitherrorcode%d",(int)securityError);

/若报错 -26275 文件读取不出数据，此时可将文件格式进行更改，再重新导入项目/

returnNO;

}

return YES;

} ` 二、AFNetworking

/测试https接口/
(void)testClientCertificate

{

AFHTTPSessionManager*manager=[AFHTTPSessionManagermanager];manager.responseSerializer=[AFHTTPResponseSerializerserializer];/*HttpsSSL验证。*/[managersetSecurityPolicy:[selfSetSecurityPolicy]];[managerGET:@"https://www.demo.com/method.php"parameters:nilprogress:^(NSProgress*_NonnulldownloadProgress){NSLog(@"%@",downloadProgress);}success:^(NSURLSessionDataTask*_Nonnulltask,id_NullableresponseObject){NSData*responsedata=(NSData*)responseObject;NSString*response=[[NSStringalloc]initWithData:responsedataencoding:NSUTF8StringEncoding];NSLog(@"%@",response);NSLog(@"获取数据成功");}failure:^(NSURLSessionDataTask*_Nullabletask,NSError*_Nonnullerror){NSLog(@"%@",error);}];

}

/设置安全证书/

(AFSecurityPolicy * )SetSecurityPolicy {

NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"证书名称" ofType:@"证书后缀"];

NSData *certData = [NSData dataWithContentsOfFile:cerPath];

/AFSSLPinningModeCertificate 使用证书验证模式/

AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];

/allowInvalidCertificates 是否允许自建证书，默认为NO/ securityPolicy.allowInvalidCertificates = NO;

/validatesDomainName 是否需要验证域名，默认为YES；/

securityPolicy.validatesDomainName = YES;

securityPolicy.pinnedCertificates = [NSSet setWithArray:@[certData]];

return securityPolicy;