步驟:?
一)[服務(wù)器端要做的:]服務(wù)器端生成pxf文件+給亂七八糟設(shè)置:?
-------- 參考代碼如下--------
$cert = New-SelfSignedCertificate -DnsName "自己想" -CertStoreLocation "cert:\LocalMachine\My"
$cert = New-SelfSignedCertificate -DnsName "域名" -CertStoreLocation "cert:\LocalMachine\My"
$pwd = ConvertTo-SecureString -String 'password0A' -Force -AsPlainText
$path = 'cert:\LocalMachine\My' + $cert.thumbprint
Export-PfxCertificate -Cert $cert -FilePath c:\temp\certreaotransaction.pfx -Password $pwd
二)[客戶端要做的:]將pfx文件通過openssl轉(zhuǎn)成cer文件
(終端進(jìn)入pfx文件夾 輸入如下指令)
openssl pkcs12 -in cert.pfx -out cert.cer -nodes (會導(dǎo)出一個(gè)cer文件)
(注:但這個(gè)cer文件是64code編碼,objc文件中使用會出現(xiàn)如下圖片中錯(cuò)誤:caref is nill,需要再準(zhǔn)換成DER-encoded X.509 certificate,也就是用下面的代碼轉(zhuǎn)成der格式)
openssl x509 -in myCA.crt -inform PEM -out myCA.cer -outform DER(得到:myCA.der)
三)將myCA.der文件添加到xcode項(xiàng)目中
四)info.plist?
info.plist 中加入App Transport Security Settings ,Allow Arbitrary Loads設(shè)置為YES
五)寫代碼!先寫GET方式 傳入https
記得先添加<NSURLSessionDelegate>
然后:如下圖
六)鏈接didReceiveChallenge Delegate
代碼如下:?
- (void)URLSession:(NSURLSession*)session didReceiveChallenge:(NSURLAuthenticationChallenge*)challenge
completionHandler:(void(^)(NSURLSessionAuthChallengeDispositiondisposition,NSURLCredential*_Nullablecredential))completionHandler {
NSLog(@"證書認(rèn)證");
if([[[challengeprotectionSpace]authenticationMethod]isEqualToString:NSURLAuthenticationMethodServerTrust]) {
do{
//
SecTrustRefserverTrust = [[challengeprotectionSpace]serverTrust];
NSCAssert(serverTrust !=nil,@"serverTrust is nil");
if(nil== serverTrust)
break;/* failed */
/**
*導(dǎo)入多張CA證書(Certification Authority,支持SSL證書以及自簽名的CA),請?zhí)鎿Q掉你的證書名稱
*/
NSString*cerPath = [[NSBundlemainBundle]pathForResource:@"myCA"ofType:@"der"];//自簽名證書
NSData* caData = [NSDatadataWithContentsOfFile:cerPath];
NSCAssert(caData !=nil,@"caCert is nil");
if(nil== caData)
break;/* failed */
SecCertificateRefcaRef =SecCertificateCreateWithData(NULL, (__bridgeCFDataRef)caData);
NSCAssert(caRef !=nil,@"caRef is nil");
if(nil== caRef)
break;/* failed */
////可以添加多張證書
NSArray*caArray =@[(__bridgeid)(caRef)];
NSCAssert(caArray !=nil,@"caArray is nil");
if(nil== caArray)
break;/* failed */
OSStatusstatus =SecTrustSetAnchorCertificates(serverTrust, (__bridgeCFArrayRef)caArray);
NSCAssert(errSecSuccess== status,@"SecTrustSetAnchorCertificates failed");
if(!(errSecSuccess== status))
break;/* failed */
SecTrustResultTyperesult = -1;
//通過本地導(dǎo)入的證書來驗(yàn)證服務(wù)器的證書是否可信
status =SecTrustEvaluate(serverTrust, &result);
if(!(errSecSuccess== status))
break;/* failed */
BOOLallowConnect = (result ==kSecTrustResultUnspecified) || (result ==kSecTrustResultProceed);
if(allowConnect) {
NSLog(@"success");
}else{
NSLog(@"error");
}
/* kSecTrustResultUnspecified and kSecTrustResultProceed are success */
if(! allowConnect)
{
break;/* failed */
}
#if0
/* Treat kSecTrustResultConfirm and kSecTrustResultRecoverableTrustFailure as success */
/*since the user will likely tap-through to see the dancing bunnies */
if(result == kSecTrustResultDeny || result == kSecTrustResultFatalTrustFailure || result == kSecTrustResultOtherError)
break;/* failed to trust cert (good in this case) */
#endif
// The only good exit point
NSLog(@"信任該證書");
NSURLCredential*credential = [NSURLCredentialcredentialForTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential,credential);
return[[challengesender]useCredential: credential
forAuthenticationChallenge: challenge];
}
while(0);
}
// Bad dog
NSURLCredential*credential = [NSURLCredentialcredentialForTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge,credential);
return[[challengesender]cancelAuthenticationChallenge: challenge];
}
