美文网首页
swift实现https客户端认证(mac app)

swift实现https客户端认证(mac app)

作者: w_j_y | 来源:发表于2020-10-12 10:50 被阅读0次

    使用私钥和证书进行https客户端认证

    网上给的一些客户端认证的方法,在mac app上效果不太好,例如需要生成p12证书、使用时会弹出授权使用私钥的系统提示。
    研究了下苹果的官方文档,以下是完美的解决方案

    私钥和证书加载类

    import Cocoa
class IdentityUtil{
    
    private static var identity: IdentityAndTrust?
    
    public static func loadIdentity() -> IdentityAndTrust{
        
        if(identity != nil){
            return identity!
        }else{
            identity = extractIdentity()
            return identity!
        }
        
    }
    
    //获取客户端证书相关信息
    static func  extractIdentity() -> IdentityAndTrust{
        loadKey()
        return loadPem()
    }
    //加载证书
    static func loadPem()-> IdentityAndTrust{
        
        let pem =
        "MIIC/jCCAeagA... 你的客户端证书(需去除首位的-----BEGIN CERTIFICATE-----和-----END CERTIFICATE------,以及去除换行)...cuY2cg="
        
        let certData = Data(base64Encoded: pem)!
        let certificate: SecCertificate = SecCertificateCreateWithData(nil,certData as CFData)!
        
        var identity: SecIdentity?
        SecIdentityCreateWithCertificate(nil, certificate, &identity)
        
        let certArray = [ certificate ]
        
        var trust: SecTrust?
        SecTrustCreateWithCertificates(certArray as AnyObject,SecPolicyCreateBasicX509(),&trust)
        return IdentityAndTrust(identityRef: identity!,trust:trust!,certArray:  certArray)
        
    }
    //加载私钥
    static func loadKey(){
        let keyBase64 = "MIIEowIBAAKCAQ...你的私钥(需要去除首尾的-----BEGIN PRIVATE KEY-----和-----END PRIVATE KEY-----,以及去除换行) ...MnMOc+wl"
        let keyData = Data(base64Encoded: keyBase64)!
        let tag = "com.wjy.mykey".data(using: .utf8)!
        
        let key = SecKeyCreateWithData(keyData as NSData, [
            kSecAttrKeyType: kSecAttrKeyTypeRSA,
            kSecAttrApplicationTag as String: tag,
            kSecAttrKeyClass: kSecAttrKeyClassPrivate,
            ] as NSDictionary, nil)!
        let addquery: [String: Any] = [kSecClass as String: kSecClassKey,
                                       kSecAttrApplicationTag as String: tag,
                                       kSecAttrKeyType as String:kSecAttrKeyTypeRSA,
                                       kSecValueRef as String: key]
        
        SecItemAdd(addquery as CFDictionary, nil)
        // SecItemDelete(addquery as CFDictionary)
    }
    
    
}

//认证数据结构体
struct IdentityAndTrust {
    var identityRef:SecIdentity
    var trust:SecTrust
    var certArray:[SecCertificate]
}

    URLSession代理类

    import Cocoa

class ClientCertificateDelegate: NSObject, NSApplicationDelegate,URLSessionDelegate {
    
    var identity: IdentityAndTrust!
    
    func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge,
                    completionHandler: @escaping (URLSession.AuthChallengeDisposition,
        URLCredential?) -> Void) {
        //认证服务器(这里不使用服务器证书认证,只需地址是我们定义的几个地址即可信任)
        if challenge.protectionSpace.authenticationMethod
            == NSURLAuthenticationMethodServerTrust {
            print("服务器认证!")
            let credential = URLCredential(trust: challenge.protectionSpace.serverTrust!)
            completionHandler(.useCredential, credential)
        }else if challenge.protectionSpace.authenticationMethod
            == NSURLAuthenticationMethodClientCertificate {
            print("客户端证书认证!")
            //获取客户端证书相关信息
            if self.identity == nil{
                self.identity = IdentityUtil.loadIdentity()
            }
            let urlCredential:URLCredential = URLCredential(
                identity: self.identity.identityRef,
                certificates: nil,
                persistence: .none)
            completionHandler(.useCredential, urlCredential)
        }
    }
    
}

    调用接口demo

    
func getData(){
        //1、创建URL
        let url: URL = URL(string: "https://xxxx")!
        
        //2、创建URLRequest
        let request: URLRequest = URLRequest(url: url)
        
        //3、创建URLSession
        let configration = URLSessionConfiguration.default
        let session =  URLSession(configuration: configration,delegate: ClientCertificateDelegate(), delegateQueue:OperationQueue.main)
        
        //4、URLSessionTask子类
        let task: URLSessionDataTask = session.dataTask(with: request) { (data, response, error) in
            if error == nil {
                DispatchQueue.main.async {
                    if let data = data {
                        //得到数据,回到主线程
                            DispatchQueue.main.async {
                                //更新界面
                               
                            }
                            //完成
                            return
                    }
                    
                }
            }
        }
        
        //5、启动任务
        task.resume()
        
    }

    相关文章

      网友评论

          本文标题:swift实现https客户端认证(mac app)

          本文链接:https://www.haomeiwen.com/subject/grdupktx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|swift实现https客户端认证(mac app)|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!