Recently, the company’s customers required that when logging in to request data, they must use their domain name and the encryption certificate with their own signature. Since they had not done this before, I also studied the relevant knowledge and completed the task. There are two points recorded in this note: one is the principle of HTTPS, and the other is how to quickly configure the signed certificate in the project to complete the development task.

HTTPS is introduced

HTTPS = HTTP + encryption + authentication + integrity protection, that is, HTTPS is HTTP dressed as SSL.

There are two common HTTPS encryption modes: shared key encryption (symmetric encryption) and public key encryption (asymmetric encryption). HTTPS uses a hybrid encryption mechanism, that is, a combination of both.

Shared key encryption: Encrypts and decrypts a common key. Advantages: Fast encryption and decryption speed. Disadvantages: Once the key is leaked, others can decrypt the data.

Public-key encryption: public key for encryption and private key for decryption. The sender uses the public key of the other party for encryption, while the receiver uses its own private key for decryption. Even if the result and public key are known, it is very difficult to decrypt the encrypted data, and the private key is required for decryption.

HTTPS working principle diagram

The certificate with a signature is configured in the project

AFNetworking 3.0 or higher is recommended. My current version is github 3.2.

First, the cer certificate provided by the customer is added to the project. If it is not a CER certificate, it needs to be converted to a CER format.

In the AFN source code, there is afSecurityPolicy. h, you can see that there are three types:

Next, show the code directly, which is the login request method, post request.

//: New email login + (void)Users_loginEmail:(NSString *)aEmail Password :(NSString *)aPassword style:(NSString *)style dic:(void Adic {/* style email is string email password is string password */ NSMutableDictionary *parameters = [NSMutableDictionary dictionaryWithObjects:@[aEmail,aPassword,style]forKeys:@[@"email"The @"password"The @"style"]];
    NSString * listUrl = [NSString stringWithFormat:@"Index/index"];
    [self POSTSetTheURL:listUrl parameters:parameters token:@"No." "Details:^(NSDictionary *dic) { adic(dic); }]; } //POST sets the root URL and the passing argument +(void)POSTSetTheURL:(NSString *)aUrl parameters:(NSMutableDictionary *) Aparameters token:(NSString * )aToken Details:(void(^)(NSDictionary *dic))adic{ NSString *listUrl;if ([aUrl containsString:@"?"]) {
        listUrl =[NSString stringWithFormat:@"% @ % @",URLSERVER_TRAINING,aUrl];
    }else{
        listUrl =[NSString stringWithFormat:@"% @ % @",URLSERVER_TRAINING,aUrl];
    }
    
    if ([aToken isEqualToString:@"Yes"]) {
            [Aparameters setObject:[app.userDefaults objectForKey:TOKENKEY_DATA] forKey:@"token"];
            [Aparameters setObject:[app.userDefaults objectForKey:EXPIRES_TOKENKEY] forKey:@"secret_key"];
    }

    NSLog(@"% @",listUrl); / * this is configuration code AFSecurityPolicy * policy = [AFSecurityPolicy policyWithPinningMode: AFSSLPinningModeCertificate]; AFHTTPSessionManager *manager = [[AFHTTPSessionManager manager] initWithBaseURL:[NSURL URLWithString:listUrl]]; manager.securityPolicy = policy; manager.responseSerializer = [AFHTTPResponseSerializer serializer]; */ [manager POST:listUrl parameters:Aparameters progress:^(NSProgress * _Nonnull uploadProgress) {} success:^(NSURLSessionDataTask * _Nonnull task, id _Nullable responseObject) { NSString *data = [[NSString alloc] initWithData:responseObject encoding:NSUTF8StringEncoding]; NSDictionary *dic = [NSString dictionaryWithJsonString:data]; adic(dic);  NSString *strCode =[NSString stringWithFormat:@"% @",dic[@"code"]].if ([strCode isEqualToString:@"1033"]) {
            [[NSNotificationCenter defaultCenter] postNotificationName:@"getExpiredRelogin" object:nil];
        }
        
        if ([dic[@"status"] isEqualToString:@"error"[app.hud Hide_Show:YES]; }} failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) {NSLog(@)"Error: %@", error);
            if(error.code ! = -999) { NSMutableDictionary *parameters= [NSMutableDictionary dictionaryWithObjects:@[@"error"]
                                                  forKeys:@[@"code"]]. adic(parameters); [app.HUD Hide_Show:YES]; [MyToast showWithText:[NSString stringWithFormat:@"Appears to be disconnected from the Internet."]]. }}]; }Copy the code

The most important thing is that a few words: choose AFSSLPinningModeCertificate, then there is an attention is, to use their own signing certificate, AFHTTPSessionManager created, must be initWithBaseURL, otherwise will be an error, the screenshot below:

AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
    AFHTTPSessionManager *manager = [[AFHTTPSessionManager manager] initWithBaseURL:[NSURL URLWithString:listUrl]];
    manager.securityPolicy = policy;
    manager.responseSerializer = [AFHTTPResponseSerializer serializer];
Copy the code

If the certificate is authenticated, as shown in the following figure, return YES indicates that the certificate is authenticated.

conclusion

I hope I can share with you on the nuggets platform and communicate more with various gods. I am also learning constantly and hope my skills can get better and better.