[英]Trust a self-signed certificate for a HTTPS connection
我正在使用连接服务器的Swift创建一个iOS应用。 这是我用来上传图片的代码:
public class SendImages: NSObject,NSURLConnectionDelegate {
var user = UserInfo?()
var url = String?()
var urladditional = String?()
var sendImages: NSURLConnection = NSURLConnection()
var my_data:NSMutableData? = nil
var statusCode: NSInteger? = nil
public var delegate = SendImagesInterface?()
init(url: String) {
self.url = url
}
public func send(images_to_data: NSMutableArray ,user: UserInfo) {
var error : NSError?
var data_to_send : NSData = NSJSONSerialization.dataWithJSONObject(jsontoSend,
options: NSJSONWritingOptions(0), error: &error)!
var completeURL: AnyObject? = AnyObject?()
completeURL = NSURL(string: (self.url)!+(self.urladditional)!)
let cachePolicy = NSURLRequestCachePolicy.ReloadIgnoringLocalCacheData
var request = NSMutableURLRequest(URL: completeURL as NSURL, cachePolicy: cachePolicy, timeoutInterval: 30.0)
request.HTTPMethod = "POST"
request.HTTPBody = data_to_send
sendImages = NSURLConnection(request: request, delegate: self)!
self.my_data = NSMutableData()
}
func connection(connection: NSURLConnection!, didFailWithError error: NSError!) {
println("Error to connect with URL")
self.my_data = nil
}
func connection(connection: NSURLConnection!, didReceiveData data: NSData!) {
println("Receiving data")
self.my_data!.appendData(data)
}
func connection(connection: NSURLConnection, didReceiveResponse response: NSURLResponse) {
println("Receiving response headers")
var httpResponse = response as NSHTTPURLResponse
statusCode = httpResponse.statusCode
}
func connectionDidFinishLoading(connection: NSURLConnection!){
println("Conexion finished")
}
}
现在,为了增强安全性,我想使用HTTPS连接。 我该如何实现? 我有一个.der
格式的证书,我认为这是iOS使用的证书。
您需要做的是使用NSURLCredential
响应URLSession(_:didReceiveChallenge:completionHandler:)
委托调用。
基本步骤是:
CFDataRef
。 NSURLCredential
所需的证书中提取身份。 SecIdentityCopyCertificate
一起使用以创建SecCertificateRef
。 init(identity:certificates:persistence:)
创建NSURLCredential
此示例显示如何提取从捆绑软件加载的证书的身份和信任:
struct IdentityAndTrust {
var identity:SecIdentityRef
var trust:SecTrustRef
}
func extractIdentity(certData:NSData, certPassword:String) -> IdentityAndTrust {
var identityAndTrust:IdentityAndTrust!
var securityError:OSStatus = errSecSuccess;
var items:Unmanaged<CFArray>?
var certOptions:CFDictionary = [ kSecImportExportPassphrase.takeRetainedValue() as String: certPassword ];
securityError = SecPKCS12Import(certData, certOptions, &items);
if securityError == 0 {
let certItems:CFArray = items?.takeUnretainedValue() as CFArray!;
let certItemsArray:Array = certItems as Array
let dict:AnyObject? = certItemsArray.first;
if let certEntry:Dictionary = dict as? Dictionary<String, AnyObject> {
let identityPointer:AnyObject? = certEntry["identity"];
let secIdentityRef:SecIdentityRef = identityPointer as SecIdentityRef!;
let trustPointer:AnyObject? = certEntry["trust"];
let trustRef:SecTrustRef = trustPointer as SecTrustRef;
identityAndTrust = IdentityAndTrust(identity: secIdentityRef, trust: trustRef);
}
}
return identityAndTrust;
}
您需要牢记一些事情,最重要的是证书可以过期。 您应该意识到,有时可能必须更改证书,因此从一开始就为可能发生的情况做准备。 此外,与NSURLConnection
NSURLSession
,您应该更喜欢NSURLSession
,因为在每个版本中,不赞成使用的方法越来越多。
您可以在此处找到一些有关如何处理证书和信任的示例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.