一个app是否做到强大的加密方式,需要一个好的后台支撑,我有幸我们公司后台哥是珍爱网出来的大神,第一次知道用到除了以前md5 base64 等等单向加密还有ssl认证加密,一般来讲如果app用了web service , 我们需要防止数据嗅探来保证数据安全.通常的做法是用ssl来连接以防止数据抓包和嗅探,其实但心的黑客用伪造的ssl认证链接伪造的服务器上。
1.话不多说,首先你得要你后台给提供他的证书
2.拖到你的项目管理里面,这是你要做的,记住的项目是.cer结尾的证书。
3.我用到的是AFNetwrking这个框架。如果你自己用NSURLSession一样。
4.贴上代码
[objc] view
plain copy
- #import "MyDataService.h"
- #import "AFNetworking.h"
- #define BASE_URL @"xxxxxxxxx/"
- /**
- * 是否开启https SSL 验证
- *
- * @return YES为开启,NO为关闭
- */
- #define LXPopenHttpsSSL YES
- /**
- * SSL 证书名称,仅支持cer格式。
- */
- #define LXPcertificate @"mykey"
- //1.开发阶段: 测试服务器 -->ip --->
- //2.上线 : 生产服务器 -->ip -->
- @implementation MyDataService
- + (NSURLSessionDataTask *)requestURL:(NSString *)urlstring
- httpMethod:(NSString *)method
- params:(NSDictionary *)params
- completion:(void(^)(id result,NSError *error))block {
- //1.拼接URL
- NSString *url = [BASE_URL stringByAppendingString:urlstring];
- #pragma mark - 设备唯一标识
- NSString *identifierForVendor = [[UIDevice currentDevice].identifierForVendor UUIDString];
- #pragma mark - 设备信号
- NSString * strModel = [UIDevice currentDevice].model;
- NSLog(@"%@",identifierForVendor);
- NSLog(@"%@",strModel);
- //3.创建AFHTTPSessionManager对象
- AFHTTPSessionManager *af = [AFHTTPSessionManager manager];
- NSString *userId1 = [[NSUserDefaults standardUserDefaults] objectForKey:@"user_id"];
- NSString *token = [LXPTokenManager accessToken];
- NSInteger aa =[userId1 integerValue];
- NSLog(@"%@",userId1);
- //设置请求头
- if ([urlstring isEqualToString:@"noauth/loginUser.do"]||[urlstring isEqualToString:@"noauth/getProvideTypeList.do"]||[urlstring isEqualToString:@"noauth/addUser.do"]) {
- [af.requestSerializer setValue:identifierForVendor forHTTPHeaderField:@"identify"];
- [af.requestSerializer setValue:identifierForVendor forHTTPHeaderField:@"deviceid"];
- [af.requestSerializer setValue:@"1" forHTTPHeaderField:@"appId"];
- [af.requestSerializer setValue:@"iOS" forHTTPHeaderField:@"client"];
- }else{
- [af.requestSerializer setValue:identifierForVendor forHTTPHeaderField:@"identify"];
- [af.requestSerializer setValue:identifierForVendor forHTTPHeaderField:@"deviceid"];
- [af.requestSerializer setValue:@"1" forHTTPHeaderField:@"appId"];
- [af.requestSerializer setValue:@"iOS"forHTTPHeaderField:@"client"];
- NSLog(@"%@",userId1);
- [af.requestSerializer setValue:[NSString stringWithFormat:@"%@",userId1] forHTTPHeaderField:@"userId"];
- [af.requestSerializer setValue:token forHTTPHeaderField:@"token"];
- }
- af.requestSerializer.timeoutInterval = 10;
- //设置请求参数的数据格式:JSON 默认:&拼接
- // af.requestSerializer = [AFJSONRequestSerializer serializerWithWritingOptions:<#(NSJSONWritingOptions)#>];
- //设置服务器返回的数据,不做解析,默认:使用JSON解析
- af.responseSerializer = [AFHTTPResponseSerializer serializer];
- // 加上这行代码,https ssl 验证。
- if(LXPopenHttpsSSL)
- {
- [af setSecurityPolicy:[self customSecurityPolicy]];
- }
-
af.securityPolicy = [selfcustomSecurityPolicy];
此处改成这样
此
- NSURLSessionDataTask *task = nil;
- //4.判断请求方式
- if ([method caseInsensitiveCompare:@"GET"] == NSOrderedSame) {
- //发送GET请求
- task = [af GET:url parameters:params success:^(NSURLSessionDataTask *task, id responseObject) {
- block(responseObject,nil);
- NSString *string = [[NSString alloc] initWithData:responseObject encoding:NSUTF8StringEncoding];
- NSLog(@"string _____________%@", string);
- } failure:^(NSURLSessionDataTask *task, NSError *error) {
- block(nil,error);
- }];
- }
- else if([method caseInsensitiveCompare:@"POST"] == NSOrderedSame) {
- //发送POST请求
- task = [af POST:url parameters:params success:^(NSURLSessionDataTask *task, id responseObject) {
- block(responseObject,nil);
- // NSString *string = [[NSString alloc] initWithData:responseObject encoding:NSUTF8StringEncoding];
- // NSLog(@"string _____________%@", string);
- } failure:^(NSURLSessionDataTask *task, NSError *error) {
- block(nil,error);
- }];
- }
- return task;
- }
- + (AFSecurityPolicy*)customSecurityPolicy
- {
- // /先导入证书
- NSString *cerPath = [[NSBundle mainBundle] pathForResource:LXPcertificate ofType:@"cer"];//证书的路径
- NSData *certData = [NSData dataWithContentsOfFile:cerPath];
- NSLog(@"====%@",certData);
- NSString *string;
- string = [[NSString alloc] initWithData:certData encoding:NSUTF8StringEncoding];
- NSLog(@"数据%@",string);
- // NSData *data1 = [string dataUsingEncoding:NSUTF8StringEncoding];
- // NSError *e;
- // NSDictionary *dic2 = [NSJSONSerialization JSONObjectWithData:data1 options:NSJSONReadingMutableContainers error:&e];
- // NSLog(@"=============>%@",dic2);
- //
- // AFSSLPinningModeCertificate 使用证书验证模式
- AFSecurityPolicy *securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
//此处要改 - AFSecurityPolicy *securityPolicy = [AFSecurityPolicy
defaultPolicy];;改成这样
- // allowInvalidCertificates 是否允许无效证书(也就是自建的证书),默认为NO
- // 如果是需要验证自建证书,需要设置为YES
- securityPolicy.allowInvalidCertificates = YES;
- //validatesDomainName 是否需要验证域名,默认为YES;
- //假如证书的域名与你请求的域名不一致,需把该项设置为NO;如设成NO的话,即服务器使用其他可信任机构颁发的证书,也可以建立连接,这个非常危险,建议打开。
- //置为NO,主要用于这种情况:客户端请求的是子域名,而证书上的是另外一个域名。因为SSL证书上的域名是独立的,假如证书上注册的域名是www.google.com,那么mail.google.com是无法验证通过的;当然,有钱可以注册通配符的域名*.google.com,但这个还是比较贵的。
- //如置为NO,建议自己添加对应域名的校验逻辑。
- securityPolicy.validatesDomainName = NO;
- securityPolicy.pinnedCertificates = @[certData];
- return securityPolicy;
- }
接下来,我们通过Charles抓取数据,抓到的数据已经加密。
时间: 2024-08-10 21:08:21