大佬教程收集整理的这篇文章主要介绍了Swift中的iOS SSL连接,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
好的,我在这个问题上花了8周的时间:(但是我终于设法提出了一个可行的解决方案。我必须说iOS上的SSL / TLS是个玩笑。AndroID上的Java会让它死掉。为了这样做,这完全荒谬。评估自签名证书的信任度,您必须完全禁用证书链验证并自己做,这完全荒谬。无论如何,这是使用自签名服务器证书连接到远程套接字服务器(无http)的完全有效的解决方案。编辑此答案以提供更好的答案,因为我还没有添加添加用于发送和接收数据的代码的更改:)
// SecureSocket
//
// Created by snapper26 on 2/9/16.
// copyright © 2016 snapper26. All rights reserved.
//
import Foundation
class ProXimityapiclient: NSObject, StreamDelegate {
// input and output streams for socket
var inputStream: inputStream?
var outputStream: OutputStream?
// Secondary delegate reference to prevent ARC deallocating the NsstreamDelegate
var inputDelegate: StreamDelegate?
var outputDelegate: StreamDelegate?
// Add a trusted root CA to out SecTrust object
func addAnchorToTrust(trust: SecTrust, certificate: SecCertificatE) -> SecTrust {
let array: NSMutableArray = NSMutableArray()
array.add(certificatE)
SecTrustSetAnchorCertificates(trust, array)
return trust
}
// Create a SecCertificate object from a DER formatted certificate file
func createCertificateFromfile(filename: String, ext: String) -> SecCertificate {
let rootCertPath = Bundle.main.path(forresource:filename, ofType: ext)
let rootCertData = NSData(contentsOffile: rootCertPath!)
return SecCertificateCreateWithData(kcfallocatorDefault, rootCertData!)!
}
// Connect to remote host/server
func connect(host: String, port: int) {
// Specify host and port number. Get reference to newly created socket streams both in and out
Stream.getStreamsToHost(withname:host, port: port, inputStream: &inputStream, outputStream: &outputStream)
// Create strong delegate reference to stop ARC deallocating the object
inputDelegate = self
outputDelegate = self
// Now that we have a strong reference, assign the object to the stream delegates
inputStream!.delegate = inputDelegate
outputStream!.delegate = outputDelegate
// This doesn't work because of arc memory management. Thats why another strong reference above is needed.
//inputStream!.delegate = self
//outputStream!.delegate = self
// schedule our run loops. This is needed so that we can receive StreamEvents
inputStream!.schedule(in:runLoop.main, forMode: RunLoopMode.defaultRunLoopModE)
outputStream!.schedule(in:runLoop.main, forMode: RunLoopMode.defaultRunLoopModE)
// Enable SSL/TLS on the streams
inputStream!.setProperty(kcfStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
outputStream!.setProperty(kcfStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
// Defin custom SSL/TLS setTings
let sslSetTings : [NsString: Any] = [
// Nsstream automatically sets up the socket, the streams and creates a trust object and evaulates it before you even get a chance to check the trust yourself. Only proper SSL certificates will work with this method. If you have a self signed certificate like I do, you need to disable the trust check here and evaulate the trust against your custom root CA yourself.
NsString(format: kcfStreamSSLValIDatesCertificateChain): kcfBooleanfalse,
//
NsString(format: kcfStreamSSLPeerName): kcfNull,
// We are an SSL/TLS clIEnt, not a server
NsString(format: kcfStreamSSlisServer): kcfBooleanfalse
]
// Set the SSL/TLS setTingson the streams
inputStream!.setProperty(sslSetTings, forKey: kcfStreamPropertySSLSetTings as Stream.PropertyKey)
outputStream!.setProperty(sslSetTings, forKey: kcfStreamPropertySSLSetTings as Stream.PropertyKey)
// Open the streams
inputStream!.open()
outputStream!.open()
}
// This is where we get all our events (haven't finished wriTing this class)
func stream(_ aStream: Stream, handle eventCode: Stream.Event) {
switch eventCode {
case Stream.Event.endEncountered:
print("End Encountered")
break
case Stream.Event.openCompleted:
print("Open Completed")
break
case Stream.Event.hasspaceAvailable:
print("Has Space Available")
// If you try and obtain the trust object (aka kcfStreamPropertySSLPeerTrust) before the stream is available for wriTing I found that the oject is always nil!
var sslTrusTinput: SecTrust? = inputStream! .property(forKey:kcfStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?
var sslTrustOutput: SecTrust? = outputStream!.property(forKey:kcfStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?
if (sslTrusTinput == nil) {
print("input TRUST NIL")
}
else {
print("input TRUST NOT NIL")
}
if (sslTrustOutput == nil) {
print("OUTPUT TRUST NIL")
}
else {
print("OUTPUT TRUST NOT NIL")
}
// Get our certificate reference. Make sure to add your root certificate filE into your project.
let rootCert: SecCertificate? = createCertificateFromfile(filename: "ca", ext: "der")
// Todo: Don't want to keep adding the certificate every time???
// Make sure to add your trusted root CA to the List of trusted anchors otherwise trust evaulation will fail
sslTrusTinput = addAnchorToTrust(trust: sslTrusTinput!, certificate: rootCert!)
sslTrustOutput = addAnchorToTrust(trust: sslTrustOutput!, certificate: rootCert!)
// convert kSecTrustResultUnspecifIEd type to SecTrustResultType for comparison
var result: SecTrustResultType = SecTrustResultType.unspecifIEd
// This is it! Evaulate the trust.
let error: Osstatus = SecTrustEvaluate(sslTrusTinput!, &result)
// An error occured evaluaTing the trust check the Osstatus codes for Apple at osstatus.com
if (error != noErr) {
print("Evaluation Failed")
}
if (result != SecTrustResultType.proceed && result != SecTrustResultType.unspecifIEd) {
// Trust Failed. This will happen if you faile to add the trusted anchor as mentioned above
print("Peer is not trusted :(")
}
else {
// Peer certificate is trusted. Now we can send data. Woohoo!
print("Peer is trusted :)")
}
break
case Stream.Event.hasBytesAvailable:
print("Has Bytes Available")
break
case Stream.Event.errorOccurred:
print("Error Occured")
break
default:
print("Default")
break
}
}
}
我正在尝试从我的iOS应用程序到后端服务器(Node.js)建立简单的套接字连接(NO
http)。服务器证书已使用我自己创建的自定义CA创建并签名。我相信,为了让iOS信任我的服务器,我将不得不以某种方式将此自定义CA证书添加到用于确定Java
/ Android中TrustStore的工作方式的信任类型的受信任证书列表。
我尝试使用下面的代码进行连接,并且没有错误,但是write()函数似乎未成功。
主视图控制器:
override func viewDidLoad() {
super.viewDidLoad()
// Do any additional setup after loading the view,typically from a nib.
let api: APIClient = APIClient()
api.initialiseSSL("10.13.37.200",port: 8080)
api.write("Hello")
api.deinitialise()
print("Done")
}
APIClient类
class APIClient: NSObject,NSStreamDelegate {
var readStream: Unmanaged<CFReadStreamRef>?
var writeStream: Unmanaged<CFWriteStreamRef>?
var inputStream: NSInputStream?
var outputStream: NSOutputStream?
func initialiseSSL(host: String,port: UInt32) {
CFStreamCreatePairWithSocketToHost(kCfallocatorDefault,host,port,&readStream,&writeStream)
inputStream = readStream!.takeRetainedValue()
outputStream = writeStream!.takeRetainedValue()
inputStream?.delegate = self
outputStream?.delegate = self
inputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(),forMode: NSDefaultRunLoopModE)
outputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(),forMode: NSDefaultRunLoopModE)
let cert: SecCertificateRef? = CreateCertificateFromFile("ca",ext: "der")
if cert != nil {
print("GOT CERTIFICATE")
}
let certs: NSArray = NSArray(objects: cert!)
let sslSetTings = [
NSString(format: kCFStreamSSLLevel): kCFStreamSocketSecurityLevelNegotiatedSSL,NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanfalse,NSString(format: kCFStreamSSLPeerName): kCFNull,NSString(format: kCFStreamSSLCertificates): certs,NSString(format: kCFStreamSSLIsServer): kCFBooleanfalse
]
CFReadStreamSetProperty(inputStream,kCFStreamPropertySSLSetTings,sslSetTings)
CFWriteStreamSetProperty(outputStream,sslSetTings)
inputStream!.open()
outputStream!.open()
}
func write(text: String) {
let data = [UInt8](text.utf8)
outputStream?.write(data,maxLength: data.count)
}
func CreateCertificateFromFile(filename: String,ext: String) -> SecCertificateRef? {
var cert: SecCertificateRef!
if let path = NSBundle.mainBundle().pathForresource(filename,ofType: ext) {
let data = NSData(contentsOfFile: path)!
cert = SecCertificateCreateWithData(kCfallocatorDefault,data)!
}
else {
}
return cert
}
func deinitialise() {
inputStream?.close()
outputStream?.close()
}
}
我了解SSL / TLS的工作原理,并且所有这些都是我在同一个应用的Android版本中所做的所有工作。我只是对SSL的iOS实现感到困惑。
我来自Java背景,已经解决了3个星期的问题。任何帮助,将不胜感激。
更喜欢Swift代码中的答案,而不是Objective C,但是如果您只有Obj C也可以:)
以上是大佬教程为你收集整理的Swift中的iOS SSL连接全部内容,希望文章能够帮你解决Swift中的iOS SSL连接所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。