preface
These two days the company chooses the so-called advanced individual, the result is also my most satisfied, did not choose but can get his partner around their own recognition, very happy, cold or a lot of! Although I know that you choose me, just to my work level of recognition, has nothing to do with personal character, but I would rather partners to my personal character level also have the same recognition.
Graduation already nearly two years, come out working time rises on the whole, also had fast 3 years. From the beginning to follow the master, to slowly independent, and then to take a new partner to do the project, this way, there was helplessness, there was doubt, there was the partner “willing to leave alone” impulse, there was the temptation of low-level interest, there was moved, there was firm, say I stupid B or say I what it is, I accept everything.
To be honest, sometimes it’s contradictory. I am a person who “listens to others’ opinions with an open mind”. After reflecting on other people’s suggestions, I will adjust most of them except for the part which is due to my personality. Of course, you can also understand that I have no independent ideas, so I will change the design and test according to what I say, and try my best to do the work arranged by leaders. Slowly to their own way of working also have a question, is it appropriate to do so? I have also been told by some distinguished people that I should learn to express myself. Therefore, I have made some changes. In terms of technology, I began to express my ideas, but sometimes I did not pay attention to the methods and ways of expression, which also caused some confusion to the leaders.
Anyway, the year of the Monkey is coming to an end, and this is probably the last project for the year. I would like to share with you some things about HTTPS certificate verification a few days ago. Said to write a “iOS self-signed HTTPS certificate one-way verification scheme”, and pulled so many idle articles, we do not live.
HTTPS analysis
Apple announced that it was delaying the ATS adoption deadline just before Christmas, but since it’s rolling out App Transport Security in iOS9.0, it’s only a matter of time before it’s ready for HTTPS. In terms of my humble technology, I think HTTPS adaptation of iOS APP mainly involves three aspects:
- Common network request;
-
H5
Page loading; -
SDWebImage
loadingHTTPS
Image (self-signed certificates are commonly used in corporate test libraries).
The so-called HTTPS is HTTP+SSL/TSL. At the bottom, SSL is added between the HTTP protocol layer and TCP/IP protocol layer, so as to achieve the purpose of encrypted transmission of HTTP packets.
sequenceDiagram
participant Client
participant Server
Client->>Server: Transmits data in plaintext, including encryption information supported by the client, such as the SSL versionServer-->>Server: The server selects the encryption modeServer-->>Client: The server returns information such as the SSL version and random number to the clientClient->>Client: Verifies whether the server certificate is valid and generates random numbersClient->>Server: Encrypts data with a random number on the server and sends it to the serverServer-->>Server: The server uses the private key to decrypt client dataServer-->>Client: Encrypts data with the received random number and returns it to the clientClient->>Client: The client uses the public key to decrypt dataCopy the code
Simplified books do not support MarkDown advanced syntax. The MarkDown text above looks like this:
IOS for HTTPS note
- NSURLConnection/NSURLSession network request
- H5 page ADAPTS to WKWebView/UIWebView
- SDWebImage image loading adaptor
Network request section
NSURLConnection adaptation
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
}
else
{
if ([challenge previousFailureCount] == 0)
{
[[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge];
}
else
{
[[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge]; }}}Copy the code
NSURLSession adaptation
/ * * disposition: How to deal with the certificate NSURLSessionAuthChallengeUseCredential use NSURLSessionAuthChallengePerformDefaultHandling ignore certificate The practice of the default NSURLSessionAuthChallengeCancelAuthenticationChallenge request, ignore the certificate NSURLSessionAuthChallengeRejectProtectionSpace refused, ignore the certificate * /
Pragma mark - NSURLSessionDelegate agent method HTTPS -- start --
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void(^) (NSURLSessionAuthChallengeDisposition.NSURLCredential *))completionHandler
{
NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;
__block NSURLCredential *credential = nil;
// Determine whether the certificate returned by the server is trusted by the server
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
if (credential)
{
disposition = NSURLSessionAuthChallengeUseCredential; // Use the certificate
}
else
{
disposition = NSURLSessionAuthChallengePerformDefaultHandling; // Ignore the certificate default}}else
{
disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge; // Cancel the request and ignore the certificate
}
if (completionHandler)// Install the certificate{ completionHandler(disposition, credential); }}Copy the code
H5 page adaptation
HTTPS adaptation of H5 page based on WKWebView
Pragma mark: HTTPS configuration for WKWebView
- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void(^) (NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler
{
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
NSURLCredential *card = [[NSURLCredential alloc]initWithTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential,card); }}Copy the code
HTTPS adaptation of H5 pages based on UIWebView
5. Stretch stackoverflow
#pragma mark - Webview delegate
- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType;
{
NSLog(@"Did start loading: %@ auth:%d", [[request URL] absoluteString], _authenticated);
if(! _authenticated) { _authenticated =NO;
_urlConnection = [[NSURLConnection alloc] initWithRequest:_request delegate:self];
[_urlConnection start];
return NO;
}
return YES;
}
#pragma mark - NURLConnection delegate
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;
{
NSLog(@"WebController Got auth challange via NSURLConnection");
if ([challenge previousFailureCount] == 0)
{
_authenticated = YES;
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
} else{ [[challenge sender] cancelAuthenticationChallenge:challenge]; }} - (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
NSLog(@"WebController received response via NSURLConnection");
// remake a webview call now that authentication has passed ok.
_authenticated = YES;
[_web loadRequest:_request];
// Cancel the URL connection otherwise we double up (webview + url connection, same url = no good!)
[_urlConnection cancel];
}
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}Copy the code
SDWebImage Loads HTTPS image adaptation
The earlier version of SDWebImage encapsulates NSURLConnection, while the new version encapsulates NSURLSession and ADAPTS HTTPS images. Remember to make sure you use SDWebImageDownloaderOperation SDWebImage versions of the class is done checking. If SDWebImage uses NSURLConnection see if the file has:
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challengeCopy the code
Whether there is otherwise see SDWebImageDownloaderOperation file
- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandlerCopy the code
Once sure, if all images are HTTPS, then we can directly modify the UIImageView+WebCache file
- (void)sd_setImageWithURL:(nullable NSURL *)url
{
// [self sd_setImageWithURL:url placeholderImage:nil options:0 progress:nil completed:nil];
[self sd_setImageWithURL:url placeholderImage:nil options:SDWebImageAllowInvalidSSLCertificates progress:nil completed:nil]; // HTTPS configuration problem
}
- (void)sd_setImageWithURL:(nullable NSURL *)url placeholderImage:(nullable UIImage *)placeholder
{
// [self sd_setImageWithURL:url placeholderImage:placeholder options:0 progress:nil completed:nil];
[self sd_setImageWithURL:url placeholderImage:placeholder options:SDWebImageAllowInvalidSSLCertificates progress:nil completed:nil]; // HTTPS configuration problem
}Copy the code
Its essence is to set the option to SDWebImageAllowInvalidSSLCertificates, see SDWebImageDownloaderOperation file you will find that SDWebImage use direct ignore certificate validation way to loading, So set SDWebImageAllowInvalidSSLCertificates is valid.
If you need to support some HTTP images in some special cases, you need to add response configuration in Exception Domains of plist after following the above method. For details, see Whether the APPLE APP access HTTPS latency deadline is compromise.