39.iOS使用HTTPS

1.针对AFN

(1)导出证书

(2)在原来http请求加一句话就OK了

(3)调用Get请求

// Get请求
+ (void)getValueWithGetUrl:(NSString *)url parameters:(NSDictionary *)parameters complete:(completes)complete;
{
    AFHTTPSessionManager *manager = [[AFHTTPSessionManager alloc] init];
    manager.responseSerializer.acceptableContentTypes = [NSSet setWithObjects:@"application/json", nil];
    [manager setSecurityPolicy:[self customSecurityPolicy]];
    [manager GET:kUrlstr parameters:parameters
         progress:nil
          success:^(NSURLSessionDataTask * _Nonnull task, id  _Nullable responseObject) {
              complete(responseObject);
          }
          failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) {
              SLog(@"%@",[error description]);
              complete(@"0");
          }];
}
+ (AFSecurityPolicy*)customSecurityPolicy {
    // /先导入证书
    NSString *cerPath = [[NSBundle mainBundle] pathForResource:@"ca" ofType:@"cer"];//证书的路径
    NSData *certData = [NSData dataWithContentsOfFile:cerPath];
    // AFSSLPinningModeCertificate 使用证书验证模式
    AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
    // allowInvalidCertificates 是否允许无效证书（也就是自建的证书），默认为NO
    securityPolicy.allowInvalidCertificates = YES;
    //validatesDomainName 是否需要验证域名，默认为YES；
    securityPolicy.validatesDomainName = NO;
//    securityPolicy.validatesCertificateChain = NO;
    securityPolicy.pinnedCertificates = [NSSet setWithObjects:certData, nil];
    return securityPolicy;
}


2.针对NSURLSession下载

此方法实际上是手动安装证书,不需要倒入证书的;这也是系统方法有点的体现,缺点就是下载有点慢

#define kUrlstrs @"https://192.168.1.159:9091/admin/api.jsp"

-(void)downLoad
{
    WS(weakSelf);
    NSString *paramPath = [NSString stringWithFormat:@"?method=loadAvatar&username=18337125561"];
    NSURL *url = [NSURL URLWithString:[kUrlstrs stringByAppendingString:paramPath]];
    NSURLSessionConfiguration *config = [NSURLSessionConfiguration defaultSessionConfiguration];
    NSURLSession *session = [NSURLSession sessionWithConfiguration:config delegate:self delegateQueue:[[NSOperationQueue alloc]init]];
    NSURLSessionDataTask *dataTask = [session dataTaskWithURL:url completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
        NSLog(@"***:%@ %@",data,error);
        weakSelf.imageV.image = [UIImage imageWithData:data];
    }];
    [dataTask resume];
}


遵循下协议NSURLSessionDelegate,上边已经设置了代理,下边是实现方法.

- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task  didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * __nullable credential))completionHandler {
    
    // 判断是否是信任服务器证书
    if(challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
        // 告诉服务器，客户端信任证书
        // 创建凭据对象
        NSURLCredential *credntial = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
        // 通过completionHandler告诉服务器信任证书
        if (completionHandler) {
            completionHandler(NSURLSessionAuthChallengeUseCredential,credntial);
        }
    }
    //    NSLog(@"protectionSpace = %@",challenge.protectionSpace);
}


3.解决SDWebImage的HTTPS问题

 NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)解决办法

[self.imageV sd_setImageWithURL:[NSURL URLWithString:@"https://192.168.1.159:9091/admin/api.jsp?method=loadAvatar&username=18805025104"] placeholderImage:[UIImage imageNamed:@"jsy.jpg"] options:SDWebImageAllowInvalidSSLCertificates];