AFNetworking + Python + Flask + pyOpenSSL build iOS HTTPS client & amp; server, afnetworkingflask

AFNetworking + Python + Flask + pyOpenSSL build iOS HTTPS client & server, afnetworkingflask

I have read a bunch of documents on the Internet for HTTPS, and the various protocols and certificates are a bit dizzy.

 

In the end, I feel that I have put a certificate on the HTTP server. Before the original HTTP access, the client checks whether the certificate is correct.

If the client certificate check is correct, the server is the one I want to connect.

No, it indicates that this server is a fake

 

You can also put a certificate on the client. The server checks the certificate sent from the client.

If the server checks that the certificate is correct, it means that this client is my younger brother and I allow him to connect in.

No, it means this client is "undercover" and cannot be put in.

 

Okay. Let's talk about the setup process.

 

Where can I create a certificate?

You can search for them online. You can also find them for free or for free.

If you don't want to worry about it, just do it yourself.

This requires pyOpenSSL. The method is as follows:

1. Install pyOpenSSL

sudo easy_install pyOpenSSL

After installation, you can begin to make your own certificates.

 

2. Generate a Privatekey

openssl genrsa -des3 -out server.key 1024

 

3. Generate. csr

openssl req -new -key server.key -out server.csr

 

4. Generate. key

cp server.key server.key.org openssl rsa -in server.key.org -out server.key

 

5. Generate. crt

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

 

Now, server. key & server. crt is available in the current directory. These two can be directly used by the server.

 

The server uses Python + Flask to provide an example code:

1 from flask import Flask, jsonify2 app = Flask(__name__)3 4 @app.route('/test', methods=['GET'])5 def method():6     return jsonify({'Result': 'OK'})7 8 app.run(port=8100,ssl_context=('/Users/jackey/Downloads/BackHomeServer/server.crt', '/Users/jackey/Downloads/BackHomeServer/server.key'))

Okay, the above is almost a simple HTTPS server.

Tested in a browser, You need to manually set trust for this certificate to connect normally

 

Next, configure the client.

Before that, convert the crt certificate to the cer format. The openSSL code is also as follows:

openssl x509 -in server.crt -out server.cer -outform der

In this way, the current directory has an additional server. cer

 

Drag server. cer to the project. Remember to check Copy item if needed and Targets. Otherwise, an error will be reported.

Then we can use AFNetworking to connect, but there is more than the general HTTP connection to set the certificate.

Here is an example:

 1 manager = [AFHTTPSessionManager manager]; 2      3 AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]; 4 securityPolicy.allowInvalidCertificates = YES; 5 manager.securityPolicy = securityPolicy; 6  7 [manager GET:@"https://localhost:8100/test" parameters:nil progress:nil success:^(NSURLSessionDataTask * _Nonnull task, id  _Nullable    responseObject) { 8         NSLog(@"pass"); 9 } failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) {10         NSLog(@"fail");11 }];

 

This is a simple HTTPS link. However, if you have high security requirements

The certificate and authentication method must be adjusted.