应苹果要求,将http转换成https,本文介绍的是如何配置自签名证书,将http转换成https。
获取.cer证书文件
<1>首先从后台那拿到.crt文件,然后打开终端,cd 到该.crt文件所在的文件目录,再使用如下命令:
openssl x509 -in wangfu.crt -out wangfu.cer -outform der(假设文件名是wangfu.crt)
你会得到我们的目标文件,wangfu.cer。
<2>将得到wangfu.cer文件,放入我门的工程里面。
配置AFNetWorking(这里以AFNetWorking3.1.0版本为例)
在你的网络工具类里面添加如下代码即可:
/***配置https***/NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"wangfu" ofType:@"cer"];NSData *certData = [NSData dataWithContentsOfFile:cerPath];AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];securityPolicy.allowInvalidCertificates = YES;securityPolicy.validatesDomainName = NO;NSSet *set = [[NSSet alloc] initWithObjects:certData, nil];securityPolicy.pinnedCertificates = set;self.securityPolicy = securityPolicy;
注意:我封装的网络工具类是基于AFNetWorking3.1.0版本的,继承AFHTTPSessionManager。
afn网络请求配置到此结束。
配置原生的网络请求
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[NSOperationQueue mainQueue]]; [[session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { NSDictionary *dict = [NSJSONSerialization JSONObjectWithData:data options:NSJSONReadingAllowFragments error:nil]; callback(dict,error);}] resume];
这里先设置好delegate,并且开启任务。
/***配置原生的https***/- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler{ if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]; completionHandler(NSURLSessionAuthChallengeUseCredential, credential); } else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate]) { //客户端证书认证,https进行配置 NSString *path = [[NSBundle mainBundle]pathForResource:@"wangfu"ofType:@"cer"]; NSData *p12data = [NSData dataWithContentsOfFile:path]; CFDataRef inP12data = (__bridge CFDataRef)p12data; SecIdentityRef myIdentity; OSStatus status = [self extractIdentity:inP12data toIdentity:&myIdentity]; if (status != 0) { return; } SecCertificateRef myCertificate; SecIdentityCopyCertificate(myIdentity, &myCertificate); const void *certs[] = { myCertificate }; CFArrayRef certsArray =CFArrayCreate(NULL, certs,1,NULL); NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity certificates:(__bridge NSArray*)certsArray persistence:NSURLCredentialPersistencePermanent]; completionHandler(NSURLSessionAuthChallengeUseCredential, credential); }}-(OSStatus)extractIdentity:(CFDataRef)inP12Data toIdentity:(SecIdentityRef*)identity { OSStatus securityError = errSecSuccess; CFStringRef password = CFSTR("123456"); const void *keys[] = { kSecImportExportPassphrase }; const void *values[] = { password }; CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL); CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); securityError = SecPKCS12Import(inP12Data, options, &items); if (securityError == 0) { CFDictionaryRef ident = CFArrayGetValueAtIndex(items,0); const void *tempIdentity = NULL; tempIdentity = CFDictionaryGetValue(ident, kSecImportItemIdentity); *identity = (SecIdentityRef)tempIdentity; } else { NSLog(@"wangfu.cer error!"); } if (options) { CFRelease(options); } return securityError;}
实现代理方法,并且在代理方法添加如上的代码。相信代码你能看懂。原生网络请求配置到此结束。
加载网络图片
替换成https网络请求之后,网络图片的链接也会从http变成https,之前的加载图片的方式就不能把图片显示出来了。这里以SD_WebImage为例。将之前的代码替换成下面的代码即可。
NSString *url = [NSString stringWithFormat:@"%@",data[@"url"]];[self.qrCodeImageView sd_setImageWithURL:[NSURL URLWithString:url] placeholderImage:nil options:SDWebImageAllowInvalidSSLCertificates];
这是我的一些总结,欢饮指正。