[英]Trust a self-signed certificate for a HTTPS connection
我正在使用連接服務器的Swift創建一個iOS應用。 這是我用來上傳圖片的代碼:
public class SendImages: NSObject,NSURLConnectionDelegate {
var user = UserInfo?()
var url = String?()
var urladditional = String?()
var sendImages: NSURLConnection = NSURLConnection()
var my_data:NSMutableData? = nil
var statusCode: NSInteger? = nil
public var delegate = SendImagesInterface?()
init(url: String) {
self.url = url
}
public func send(images_to_data: NSMutableArray ,user: UserInfo) {
var error : NSError?
var data_to_send : NSData = NSJSONSerialization.dataWithJSONObject(jsontoSend,
options: NSJSONWritingOptions(0), error: &error)!
var completeURL: AnyObject? = AnyObject?()
completeURL = NSURL(string: (self.url)!+(self.urladditional)!)
let cachePolicy = NSURLRequestCachePolicy.ReloadIgnoringLocalCacheData
var request = NSMutableURLRequest(URL: completeURL as NSURL, cachePolicy: cachePolicy, timeoutInterval: 30.0)
request.HTTPMethod = "POST"
request.HTTPBody = data_to_send
sendImages = NSURLConnection(request: request, delegate: self)!
self.my_data = NSMutableData()
}
func connection(connection: NSURLConnection!, didFailWithError error: NSError!) {
println("Error to connect with URL")
self.my_data = nil
}
func connection(connection: NSURLConnection!, didReceiveData data: NSData!) {
println("Receiving data")
self.my_data!.appendData(data)
}
func connection(connection: NSURLConnection, didReceiveResponse response: NSURLResponse) {
println("Receiving response headers")
var httpResponse = response as NSHTTPURLResponse
statusCode = httpResponse.statusCode
}
func connectionDidFinishLoading(connection: NSURLConnection!){
println("Conexion finished")
}
}
現在,為了增強安全性,我想使用HTTPS連接。 我該如何實現? 我有一個.der
格式的證書,我認為這是iOS使用的證書。
您需要做的是使用NSURLCredential
響應URLSession(_:didReceiveChallenge:completionHandler:)
委托調用。
基本步驟是:
CFDataRef
。 NSURLCredential
所需的證書中提取身份。 SecIdentityCopyCertificate
一起使用以創建SecCertificateRef
。 init(identity:certificates:persistence:)
創建NSURLCredential
此示例顯示如何提取從捆綁軟件加載的證書的身份和信任:
struct IdentityAndTrust {
var identity:SecIdentityRef
var trust:SecTrustRef
}
func extractIdentity(certData:NSData, certPassword:String) -> IdentityAndTrust {
var identityAndTrust:IdentityAndTrust!
var securityError:OSStatus = errSecSuccess;
var items:Unmanaged<CFArray>?
var certOptions:CFDictionary = [ kSecImportExportPassphrase.takeRetainedValue() as String: certPassword ];
securityError = SecPKCS12Import(certData, certOptions, &items);
if securityError == 0 {
let certItems:CFArray = items?.takeUnretainedValue() as CFArray!;
let certItemsArray:Array = certItems as Array
let dict:AnyObject? = certItemsArray.first;
if let certEntry:Dictionary = dict as? Dictionary<String, AnyObject> {
let identityPointer:AnyObject? = certEntry["identity"];
let secIdentityRef:SecIdentityRef = identityPointer as SecIdentityRef!;
let trustPointer:AnyObject? = certEntry["trust"];
let trustRef:SecTrustRef = trustPointer as SecTrustRef;
identityAndTrust = IdentityAndTrust(identity: secIdentityRef, trust: trustRef);
}
}
return identityAndTrust;
}
您需要牢記一些事情,最重要的是證書可以過期。 您應該意識到,有時可能必須更改證書,因此從一開始就為可能發生的情況做准備。 此外,與NSURLConnection
NSURLSession
,您應該更喜歡NSURLSession
,因為在每個版本中,不贊成使用的方法越來越多。
您可以在此處找到一些有關如何處理證書和信任的示例。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.