准备
iOS做https适配时对服务器是有一定要求的,服务端必须要是一个符合ATS(App Transport Security)要求的HTTPS。简单说要满足以下几个要求:
1.Transport Layer Security协议版本要求TLS1.2以上
2.服务的Ciphers配置要求支持Forward Secrecy等
3.证书签名算法符合ATS要求等
Moya对应版本
Moya版本号(10.0.x);Alamofire版本号:4.7.x
实现方法
1、默认非HTTPS实现方法:
默认情况下定义Manager:
MoyaProvider<MultiTarget>.defaultAlamofireManager()
该方法不需要做任何处理,Moya默认已经实现
2、HTTPS免证书实现方法(校验证书,可以抓包):
代码:
let manager: Manager = MoyaProvider<MultiTarget>.defaultAlamofireManager()
manager.delegate.sessionDidReceiveChallenge = {
session,challenge in
return (URLSession.AuthChallengeDisposition.useCredential,URLCredential(trust:challenge.protectionSpace.serverTrust!))
}
注:需要导入:import Alamofire
3、HTTPS+证书实现方法(校验证书,不可以抓包)
在实现本方法前,首先需要服务器端提供“*.crt”证书,然后进入证书所在的路径,控制台执行以下命令:
openssl x509 -in *.crt -out *.cer -outform der
得到cer类型证书后,双击,导入电脑(有可能不需要导入电脑)。
把转换好的cer文件拖动到工程中。
上代码:
let configuration = URLSessionConfiguration.default
configuration.httpAdditionalHeaders = Manager.defaultHTTPHeaders
let path: String = Bundle.main.path(forResource: "xxx", ofType: "cer") ?? ""
let certificationData = try? Data(contentsOf: URL(fileURLWithPath: path)) as CFData
let certificate = SecCertificateCreateWithData(nil, certificationData!)
let certificates: [SecCertificate] = [certificate!]
let policies: [String: ServerTrustPolicy] = ["domain": ServerTrustPolicy.pinCertificates(certificates: certificates, validateCertificateChain: true, validateHost: true)]
let manager = Manager(configuration: configuration, serverTrustPolicyManager: ServerTrustPolicyManager(policies: policies))
最后把manager当参数传递给MoyaProvider
例如:
MoyaProvider<MultiTarget>(endpointClosure: endpoint,
requestClosure: requestEndpoint,
stubClosure: stubClosure,
manager: manager,
plugins: plugins)