使用原生的NSURLSession请求时获取https远程证书的

参考文章 iOS获取SSL证书的sha1值和sha256值 感谢作者!

首先我们可以通过浏览器查看远程https的sha256或者sha1

通过浏览器查看证书1.png 通过浏览器查看证书2.png 通过浏览器查看证书3.png

通过代码获取方法如下

初始化NSURLSession对象时指定代理

 NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[[NSOperationQueue alloc]init]];

实现如下代理方法

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler
{
    SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust];
//这里取第一个值的论证,其实我没找到,只是查到的都是取第一个值.如果有看到取第一个值的文献,麻烦推荐一下.
    SecCertificateRef certRef = SecTrustGetCertificateAtIndex(serverTrust, 0);
    //        CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef);
    CFDataRef certData = SecCertificateCopyData(certRef);
//此处CFDataRef可直接强转NSData类型
    NSData *myData = (__bridge NSData *)certData;
    NSString *sha256 =  [self sha256:myData];
    NSLog(@"sha256=%@\n ---- certificateNo=%@",sha256,[YZTLoanDoor share].certificateNo);
    BOOL result = [sha256 compare:remoteCerSha256 options:NSCaseInsensitiveSearch];(忽略大小写的字符串对比)
    if (result == NSOrderedSame) {
        NSURLCredential *card = [[NSURLCredential alloc]initWithTrust:challenge.protectionSpace.serverTrust];
        completionHandler(NSURLSessionAuthChallengeUseCredential , card);
    } else {
        NSURLCredential *card = [[NSURLCredential alloc]initWithTrust:challenge.protectionSpace.serverTrust];
        completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge , card);
    }
}

引入头文件

#import <CommonCrypto/CommonDigest.h>

实现方法

- (NSString*)sha256:(NSData*)certData
{
    unsigned char sha256Buffer[CC_SHA256_DIGEST_LENGTH];
    CC_SHA256(certData.bytes, certData.length, sha256Buffer);
    NSMutableString *fingerprint = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH * 3];
    for (int i = 0; i < CC_SHA256_DIGEST_LENGTH; ++i)
        [fingerprint appendFormat:@"%02x",sha256Buffer[i]];
    return [fingerprint stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceCharacterSet]];
}

当然如果需要sha1,使用一下方法

+(NSString*)sha1:(NSData*)certData {
    unsigned char sha1Buffer[CC_SHA1_DIGEST_LENGTH];
    CC_SHA1(certData.bytes, certData.length, sha1Buffer);
    NSMutableString *fingerprint = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 3];
    for (int i = 0; i < CC_SHA1_DIGEST_LENGTH; ++i)
        [fingerprint appendFormat:@"%02x ",sha1Buffer[i]];
    return [fingerprint stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceCharacterSet]];
}