如何使用发送https请求。p12关于Objective-C或Swift的证书
我有一个react本机项目,我必须使用为https请求创建本机模块。p12认证,但我从未使用Objective-C(有点复杂)或Swift。我找到了一个用于https请求的类,但我没有使用这个类,因为我没有证书。h文件和我的项目文件夹;
我的桥。H
#import "React/RCTBridgeModule.h"
@interface MyFirstBridge : NSObject <RCTBridgeModule>
@end
我的桥。M
#import "MyFirstBridge.h"
#import <React/RCTLog.h>
@implementation MyFirstBridge
RCT_EXPORT_MODULE();
RCT_EXPORT_METHOD(sendGetRequest:(NSString *)urllocation:(NSString *)location)
{
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
[request setHTTPMethod:@"GET"];
[request setURL:[NSURL URLWithString:url]];
NSError *error = nil;
NSHTTPURLResponse *responseCode = nil;
NSData *oResponseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&responseCode error:&error];
if([responseCode statusCode] != 200){
NSLog(@"Error getting %@, HTTP status code %i", url, [responseCode statusCode]);
return nil;
}
callback(@[[NSNull null], [[NSString alloc] initWithData:oResponseData encoding:NSUTF8StringEncoding]]);
}
@end
它作为基本的HTTPget请求工作,但当我尝试https服务时,我需要为每个请求固定一个证书。我如何发送此案例的HTTPS请求?
共有2个答案
由于时间不够,我现在不能在目标C中转换它,我希望你自己转换它,
设置请求时也设置URL会话委托,
fileprivate func SSLCertificateCreateTrustResult(_ serverTrust: SecTrust)->SecTrustResultType {
let certificate: SecCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0)!
let remoteCertificateData = CFBridgingRetain(SecCertificateCopyData(certificate))!
var certName = "localServerCert"
if serverUrl.contains(find: "uniqueNameinURL"){
certName = "liveServerCert"
}
let cerPath: String = Bundle.main.path(forResource: certName, ofType: "der")!
let localCertificateData = NSData(contentsOfFile:cerPath)!
let certDataRef = localCertificateData as CFData
let cert = (SecCertificateCreateWithData(nil, certDataRef))
let certArrayRef = [cert] as CFArray
SecTrustSetAnchorCertificates(serverTrust, certArrayRef)
SecTrustSetAnchorCertificatesOnly(serverTrust, false)
let trustResult: SecTrustResultType = SecTrustResultType.invalid
return trustResult
}
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
if challenge.protectionSpace.authenticationMethod == (NSURLAuthenticationMethodServerTrust) {
let serverTrust:SecTrust = challenge.protectionSpace.serverTrust!
var localCertificateTrust = SSLCertificateCreateTrustResult(serverTrust)
SecTrustEvaluate(serverTrust, &localCertificateTrust)
if localCertificateTrust == SecTrustResultType.unspecified || localCertificateTrust == SecTrustResultType.proceed
{
let credential:URLCredential = URLCredential(trust: serverTrust)
challenge.sender?.use(credential, for: challenge)
completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
} else {
let properties = SecTrustCopyProperties(serverTrust)
completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
}
}
else
{
completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil);
}
}
或者您也可以遵循以下URL
iOS:在keychain中预装SSL证书-以编程方式
我猜通过使用. p12证书,您指的是在客户端和服务器之间建立相互身份验证。基本上,你要经过以下步骤(目标-c):
- 创建验证服务器(根据根CA签名验证其签名)和验证客户端(向服务器提供客户端证书以验证其签名)所需的安全对象。加载一个。CA和a的cer文件。p12客户端的文件
加载证书文件(服务器客户端密钥和证书的根CA证书)
rootCertRef包含CA证书(签署服务器证书的CA的根证书)
标识(SecIdentityRef)包含客户端密钥和服务器验证客户端所需的证书。
NSData *rootCertData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@”rootCert” ofType:@”cer”]];
SecCertificateRef rootCertRef = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef) rootCertData);
NSData *p12Data = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@“clientCert" ofType:@"p12"]];
NSArray *item = nil;
NSDictionary *dict = [NSDictionary dictionaryWithObjectsAndKeys:@“password", kSecImportExportPassphrase, nil];
SecPKCS12Import((CFDataRef) p12Data , (CFDictionaryRef)dict, (CFArrayRef *)item);
SecIdentityRef identity = (SecIdentityRef)[[item objectAtIndex:0] objectForKey:(id)kSecImportItemIdentity];
配置URL(您已经这样做了)
// Create the request.
NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"http://google.com"]];
创建NSURLConnection
// Create url connection and fire request asynchronously
NSURLConnection *conn = [[NSURLConnection alloc] initWithRequest:request delegate:self];
在回调中启用服务器和客户端身份验证
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
if([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust])
return YES;
if([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodClientCertificate])
return YES;
return NO;
}
执行服务器请求的相互身份验证
-(void) connection:didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
//Authenticate the server
if([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust]) { // Verify method
SecTrustRef trust = [[challenge protectionSpace] serverTrust]; // Create trust object
NSArray *trustArray = [NSArray arrayWithObjects:rootCertRef, nil]; // Add as many certificates as needed
SecTrustSetAnchorCertificates(trust, (CFArrayRef) trustArray ); // Set trust anchors
SecTrustResultType trustResult; // Store trust result in this
SecTrustEvaluate(trust, trustResult); // Evaluate server trust
if(trust_result == kSecTrustResultUnspecified) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:trust];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
} else {
// handle error;
}
//Send client identity to server for client authentication
if([[challenge protectionSpace] authenticationMethod] isEqualToString:NSURLAuthenticationMethodClientCertificate]) {
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity certificates:nil persistence:NSURLCredentialPersistenceNone];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
}
}
-
问题内容: 我有一台具有通过https运行的rest API的服务器。我想在我的应用程序中调用此rest api,该应用程序在不同的端口中运行,但是由于这是通过https进行的,因此 我有2个文件pulic_key.pem和private_key可用于验证证书。使用golang发送休假请求时如何验证证书?我正在发送休息请求。这就是我现在忽略证书的操作。 问题答案: 您需要将证书的CA添加到传输中,
-
嗨,我想用Swift发出Https请求。当前im通过ip地址访问本地服务器。通过访问证书,本地服务器有一个SSL证书。要向服务器发出请求,当前我正在这样做。 我已经在plist中使用了上述代码来发出请求 在plist中,我已经给出了这样的结果,但我仍然得到了这样的错误
-
我需要发送https请求,请放心,有c.crt证书和公钥。密钥,如果我的证书和密钥在项目中,我该如何发送请求
-
本文向大家介绍c#使用Socket发送HTTP/HTTPS请求的实现代码,包括了c#使用Socket发送HTTP/HTTPS请求的实现代码的使用技巧和注意事项,需要的朋友参考一下 C# 自带的HttpWebRequest效率太低,对于自组HTTP封包不好操作。 在写超级SQL注入工具时,研究了很长一段时间如何使用Socket来发送HTTP、HTTPS请求。 经过一年的修改和测试,可完美、高效发送并
-
问题内容: 我正在迁移课程,以便对Swift进行一些培训。我通过桥接头成功使用了Objective- C代码,但是我需要导入一个包含指令的常量文件。 我在结合Swift和Cocoa和Objective-C(简单宏)中看到以下内容: 简单宏 通常在C和Objective-C中使用指令定义原始常量的地方,在Swift中使用全局常量代替。例如,常数定义可以在Swift中使用更好地表达。由于简单的类似于常
-
说我想得到以编程方式。目前是戈朗。org(ssl)有一个颁发给所以当我运行此命令时: 我得到了(如我所料) 现在,我想自己信任这个证书(想象一个自我颁发的证书,我可以验证指纹等):我如何发出请求并验证/信任证书? 我可能需要使用openssl下载证书,将其加载到我的文件中,并填写结构!?