iOS development supports HTTPS requests and SSL certificate configuration (RPM)

Source: Internet
Author: User
Tags openssl x509 ssl certificate

Original address: http://blog.5ibc.net/p/100221.html

As we all know, Apple has made a statement, starting from 2017, will block HTTP resources, strong push HTTPS
Landlord just recently will be http to HTTPS, to have not hands-on friends to share one or two

First, certificate preparation 1, certificate conversion

After the server personnel, send you the CRT certificate, go to the certificate path, execute the following statement
OpenSSL x509-in your certificate. Crt-out your certificate. Cer-outform der
This allows you to obtain a certificate of the CER type. Double-click to import the computer.

2, the certificate into the project

1. You can drag the converted CER file directly into the project.
2, you can find the certificate you imported in the keychain, right-click, export the project, you can export the certificate of the. cer file

Second, the Code preparation

<key>NSAppTransportSecurity</key>    <dict>        <key>nsallowsarbitraryloads</key >        <true/>    </dict>

1.1 Nsurlconnection Settings Support HTTPS.

In 2015 iOS9 update, Nsurlconnection was discarded by nsurlsession replaced, so it is not recommended to continue to use this class to do network requests (also have afnetworking 2.x version), but considering some of the old program, Also can not say change, say replace on replace, so still need to popularize, if use nsurlconnection you need how to do.

The code is as follows:

-(void) connection: (Nsurlconnection *) connection Willsendrequestforauthenticationchallenge: ( Nsurlauthenticationchallenge *) challenge{    if (Challenge.protectionSpace.authenticationMethod = = Nsurlauthenticationmethodservertrust) {        //Tell server, client Trust certificate        //Create credential object        nsurlcredential *credntial = [ Nsurlcredential CredentialForTrust:challenge.protectionSpace.serverTrust];        Tell the server to trust the certificate        [Challenge.sender usecredential:credntial forauthenticationchallenge:challenge];}    

You simply need to add the proxy method above, you can increase the support of HTTPS request without affecting your original request.

1.2 Nsurlsession settings Support HTTPS.

It is now recommended to use Nsurlsession to handle related network requests, if you use the system comes with the class, you can refer to the following code:

-(void) Urlsession: (Nsurlsession *) session Task: (Nsurlsessiontask *) Task  Didreceivechallenge: ( Nsurlauthenticationchallenge *) Challenge Completionhandler: (void (^) (nsurlsessionauthchallengedisposition Disposition, nsurlcredential * __nullable credential)) Completionhandler {    //Determine if the server certificate is trusted    if ( Challenge.protectionSpace.authenticationMethod = = nsurlauthenticationmethodservertrust) {        //Tell server, client trust certificate        //Create credential Object        Nsurlcredential *credntial = [nsurlcredential credentialForTrust:challenge.protectionSpace.serverTrust];        Tell the server to trust the certificate        Completionhandler (nsurlsessionauthchallengeusecredential,credntial) via Completionhandler;    }    NSLog (@ "protectionspace =%@", challenge.protectionspace);}

2. Send a network request using afnetworking

Afnetworking is a favorite Web library for iOS and Mac OS X. It is built on Nsurlconnection, Nsoperation, and other familiar foundation technologies. It has a good architecture, a rich API, and a modular way of building it, making it easy to use.

2.1 Afnetworking 2.x version

With this release in mind, we can also use the Afhttprequestoperationmanager class to handle network requests. So what we're going to do is give this class, set some parameters so that it can support HTTPS requests, the code is as follows:
Support HTTPS (school verification book, not to grab package):

1. Initialize a singleton class    afhttprequestoperationmanager *mgr = [Afhttprequestoperationmanager manager];    Mgr.securityPolicy.SSLPinningMode = afsslpinningmodecertificate;    2. Set the certificate mode    NSString * Cerpath = [[NSBundle mainbundle] pathforresource:@ "xxx" oftype:@ "cer"];    NSData * Cerdata = [NSData Datawithcontentsoffile:cerpath];    Mgr.securityPolicy.pinnedCertificates = [[Nsarray alloc] initwithobjects:cerdata, nil];    Whether the client trusts the illegal certificate    mgr.securityPolicy.allowInvalidCertificates = YES;    Verify the domain name in the certificate domain field    [mgr.securitypolicy Setvalidatesdomainname:no];

Support HTTPS (no school verification book, can grab the package view):

    1. Initialize a singleton class    afhttprequestoperationmanager *mgr = [Afhttprequestoperationmanager manager];    Mgr.securityPolicy.SSLPinningMode = afsslpinningmodecertificate;    2. Set the non-school Certificate mode    mgr.securitypolicy = [Afsecuritypolicy policywithpinningmode:afsslpinningmodenone];    Mgr.securityPolicy.allowInvalidCertificates = YES;    [Mgr.securitypolicy Setvalidatesdomainname:no];

2.2 Afnetworking 3.x version

After Xcode7.0, Apple abandoned the Nsurlconnection method, the data request uses the Nsurlsession, as the network request class third-party library uses the biggest AFN also promptly updates the new version--afn 3.0 version. The new version discards the Afhttprequestoperationmanager based on the nsurlconnection package, and instead uses the Afhttpsessionmanager based on the nsurlsession package.
Support HTTPS (school verification book, not to grab package):

1. Initialize     afhttpsessionmanager *manager = [Afhttpsessionmanager manager];    Manager.securityPolicy.SSLPinningMode = afsslpinningmodecertificate;    2. Set the certificate mode    NSString * Cerpath = [[NSBundle mainbundle] pathforresource:@ "xxx" oftype:@ "cer"];    NSData * Cerdata = [NSData Datawithcontentsoffile:cerpath];    Manager.securitypolicy = [Afsecuritypolicy policywithpinningmode:afsslpinningmodecertificate Withpinnedcertificates:[[nsset Alloc] initwithobjects:cerdata, nil]];    Whether the client trusts the illegal certificate    mgr.securityPolicy.allowInvalidCertificates = YES;    Verify the domain name in the certificate domain field    [mgr.securitypolicy Setvalidatesdomainname:no];

Support HTTPS (no school verification book, can grab the package view):

1. Initialize     afhttpsessionmanager *manager = [Afhttpsessionmanager manager];    2. Set the non-school Certificate mode    manager.securitypolicy = [Afsecuritypolicy policywithpinningmode:afsslpinningmodenone];    Manager.securityPolicy.allowInvalidCertificates = YES;    [Manager.securitypolicy Setvalidatesdomainname:no];

The configuration is complete here, I hope to help you.

iOS development supports HTTPS requests and SSL certificate configuration (RPM)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.