Ios 信任HTTPS连接的自签名证书
我正在使用Swift创建一个iOS应用程序,它与服务器连接。这是我用来上传图像的代码:Ios 信任HTTPS连接的自签名证书,ios,http,swift,https,Ios,Http,Swift,Https,我正在使用Swift创建一个iOS应用程序,它与服务器连接。这是我用来上传图像的代码: public class SendImages: NSObject,NSURLConnectionDelegate { var user = UserInfo?() var url = String?() var urladditional = String?() var sendImages: NSURLConnection = NSURLConnection()
public class SendImages: NSObject,NSURLConnectionDelegate {
var user = UserInfo?()
var url = String?()
var urladditional = String?()
var sendImages: NSURLConnection = NSURLConnection()
var my_data:NSMutableData? = nil
var statusCode: NSInteger? = nil
public var delegate = SendImagesInterface?()
init(url: String) {
self.url = url
}
public func send(images_to_data: NSMutableArray ,user: UserInfo) {
var error : NSError?
var data_to_send : NSData = NSJSONSerialization.dataWithJSONObject(jsontoSend,
options: NSJSONWritingOptions(0), error: &error)!
var completeURL: AnyObject? = AnyObject?()
completeURL = NSURL(string: (self.url)!+(self.urladditional)!)
let cachePolicy = NSURLRequestCachePolicy.ReloadIgnoringLocalCacheData
var request = NSMutableURLRequest(URL: completeURL as NSURL, cachePolicy: cachePolicy, timeoutInterval: 30.0)
request.HTTPMethod = "POST"
request.HTTPBody = data_to_send
sendImages = NSURLConnection(request: request, delegate: self)!
self.my_data = NSMutableData()
}
func connection(connection: NSURLConnection!, didFailWithError error: NSError!) {
println("Error to connect with URL")
self.my_data = nil
}
func connection(connection: NSURLConnection!, didReceiveData data: NSData!) {
println("Receiving data")
self.my_data!.appendData(data)
}
func connection(connection: NSURLConnection, didReceiveResponse response: NSURLResponse) {
println("Receiving response headers")
var httpResponse = response as NSHTTPURLResponse
statusCode = httpResponse.statusCode
}
func connectionDidFinishLoading(connection: NSURLConnection!){
println("Conexion finished")
}
}
现在为了增加安全性,我想使用HTTPS连接。我怎样才能做到这一点?我有一个
.der
格式的证书,我认为这是iOS使用的。要使这项工作正常,您需要做的是用NSURLCredential
响应URLSession(\uuuuuuu0:didReceiveChallenge:completionHandler:)
委托调用
基本步骤是:
CFDataRef
中NSURLCredential
所需的证书中提取标识SecIdentityCopyCertificate
一起使用,以创建SecCertificateRef
init(标识:证书:持久性:)创建NSURLCredential
struct IdentityAndTrust {
var identity:SecIdentityRef
var trust:SecTrustRef
}
func extractIdentity(certData:NSData, certPassword:String) -> IdentityAndTrust {
var identityAndTrust:IdentityAndTrust!
var securityError:OSStatus = errSecSuccess;
var items:Unmanaged<CFArray>?
var certOptions:CFDictionary = [ kSecImportExportPassphrase.takeRetainedValue() as String: certPassword ];
securityError = SecPKCS12Import(certData, certOptions, &items);
if securityError == 0 {
let certItems:CFArray = items?.takeUnretainedValue() as CFArray!;
let certItemsArray:Array = certItems as Array
let dict:AnyObject? = certItemsArray.first;
if let certEntry:Dictionary = dict as? Dictionary<String, AnyObject> {
let identityPointer:AnyObject? = certEntry["identity"];
let secIdentityRef:SecIdentityRef = identityPointer as SecIdentityRef!;
let trustPointer:AnyObject? = certEntry["trust"];
let trustRef:SecTrustRef = trustPointer as SecTrustRef;
identityAndTrust = IdentityAndTrust(identity: secIdentityRef, trust: trustRef);
}
}
return identityAndTrust;
}
struct IdentityAndTrust{
变量标识:SecIdentityRef
var信托:SecTrustRef
}
func extractIdentity(certData:NSData,certPassword:String)->IdentityAndTrust{
var identityAndTrust:identityAndTrust!
var securityError:OSStatus=errSecSuccess;
变量项:非托管?
var certOptions:CFDictionary=[kSecImportExportPassphrase.takeRetainedValue()作为字符串:certPassword];
securityError=SecPKCS12Import(certData、certOptions和items);
如果securityError==0{
让certItems:CFArray=items?.takeUnretainedValue()作为CFArray!;
让certItemsArray:Array=certItems作为数组
让dict:AnyObject?=certItemsArray.first;
如果让certEntry:Dictionary=DictAs?Dictionary{
let identityPointer:AnyObject?=certEntry[“identity”];
让secIdentityRef:secIdentityRef=identityPointer作为secIdentityRef!;
让信任指针:AnyObject?=certEntry[“信任”];
让trustRef:SecTrustRef=trustPointer作为SecTrustRef;
identityAndTrust=identityAndTrust(identity:secIdentityRef,trust:trustRef);
}
}
返回标识和信任;
}
有几件事你必须记住,首先也是最重要的证书是可以过期的。您应该知道,在某一点上,您可能必须更改证书,以便从一开始就做好准备。此外,您应该更喜欢
NSURLSession
而不是NSURLConnection
,因为随着每个版本越来越多的方法被弃用
您可以找到一些关于如何处理证书和信任的示例