美文网首页
使用原生的NSURLSession请求时获取https远程证书的

使用原生的NSURLSession请求时获取https远程证书的

作者: 禾口王No_1 | 来源:发表于2018-09-21 14:39 被阅读51次

    参考文章 iOS获取SSL证书的sha1值和sha256值 感谢作者!

    首先我们可以通过浏览器查看远程https的sha256或者sha1

    通过浏览器查看证书1.png 通过浏览器查看证书2.png 通过浏览器查看证书3.png

    通过代码获取方法如下

    初始化NSURLSession对象时指定代理

     NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[[NSOperationQueue alloc]init]];
    

    实现如下代理方法

    - (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler
    {
        SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust];
    //这里取第一个值的论证,其实我没找到,只是查到的都是取第一个值.如果有看到取第一个值的文献,麻烦推荐一下.
        SecCertificateRef certRef = SecTrustGetCertificateAtIndex(serverTrust, 0);
        //        CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef);
        CFDataRef certData = SecCertificateCopyData(certRef);
    //此处CFDataRef可直接强转NSData类型
        NSData *myData = (__bridge NSData *)certData;
        NSString *sha256 =  [self sha256:myData];
        NSLog(@"sha256=%@\n ---- certificateNo=%@",sha256,[YZTLoanDoor share].certificateNo);
        BOOL result = [sha256 compare:remoteCerSha256 options:NSCaseInsensitiveSearch];(忽略大小写的字符串对比)
        if (result == NSOrderedSame) {
            NSURLCredential *card = [[NSURLCredential alloc]initWithTrust:challenge.protectionSpace.serverTrust];
            completionHandler(NSURLSessionAuthChallengeUseCredential , card);
        } else {
            NSURLCredential *card = [[NSURLCredential alloc]initWithTrust:challenge.protectionSpace.serverTrust];
            completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge , card);
        }
    }
    

    引入头文件

    #import <CommonCrypto/CommonDigest.h>
    

    实现方法

    - (NSString*)sha256:(NSData*)certData
    {
        unsigned char sha256Buffer[CC_SHA256_DIGEST_LENGTH];
        CC_SHA256(certData.bytes, certData.length, sha256Buffer);
        NSMutableString *fingerprint = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH * 3];
        for (int i = 0; i < CC_SHA256_DIGEST_LENGTH; ++i)
            [fingerprint appendFormat:@"%02x",sha256Buffer[i]];
        return [fingerprint stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceCharacterSet]];
    }
    

    当然如果需要sha1,使用一下方法

    +(NSString*)sha1:(NSData*)certData {
        unsigned char sha1Buffer[CC_SHA1_DIGEST_LENGTH];
        CC_SHA1(certData.bytes, certData.length, sha1Buffer);
        NSMutableString *fingerprint = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 3];
        for (int i = 0; i < CC_SHA1_DIGEST_LENGTH; ++i)
            [fingerprint appendFormat:@"%02x ",sha1Buffer[i]];
        return [fingerprint stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceCharacterSet]];
    }
    

    相关文章

      网友评论

          本文标题:使用原生的NSURLSession请求时获取https远程证书的

          本文链接:https://www.haomeiwen.com/subject/fjgssftx.html