Swift中的iOS SSL连接

原文

我正在尝试从我的iOS应用程序到我的后端服务器(Node.js)建立一个简单的套接字连接(无HTTP).已使用我自己创建的自定义CA创建并签署了服务器证书.我相信,为了让iOS信任我的服务器,我必须以某种方式将这个自定义CA证书添加到可信证书列表中,这些证书用于确定Java / Android中的TrustStore如何工作的信任类型.

我尝试使用下面的代码进行连接,但没有错误,但write()函数似乎没有成功.

主视图控制器:

override func viewDidLoad() {
    super.viewDidLoad()
    // Do any additional setup after loading the view,typically from a nib.

    let api: apiclient = apiclient()

    api.initialiseSSL("10.13.37.200",port: 8080)

    api.write("Hello")

    api.deinitialise()

    print("Done")
}

apiclient类

class apiclient: NSObject,NsstreamDelegate {

var readStream: Unmanaged<CFReadStreamRef>?
var writeStream: Unmanaged<CFWriteStreamRef>?

var inputStream: NSInputStream?
var outputStream: NSOutputStream?

func initialiseSSL(host: String,port: UInt32) {
    CFStreamCreatePairWithSocketToHost(kcfAllocatorDefault,host,port,&readStream,&writeStream)

    inputStream = readStream!.takeRetainedValue()
    outputStream = writeStream!.takeRetainedValue()

    inputStream?.delegate = self
    outputStream?.delegate = self

    inputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(),forMode: NSDefaultRunLoopMode)
    outputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(),forMode: NSDefaultRunLoopMode)

    let cert: SecCertificateRef? = CreateCertificateFromFile("ca",ext: "der")

    if cert != nil {
        print("GOT CERTIFICATE")
    }

    let certs: NSArray = NSArray(objects: cert!)

    let sslSettings = [
        Nsstring(format: kcfStreamSsllevel): kcfStreamSocketSecurityLevelNegotiatedSSL,Nsstring(format: kcfStreamSSLValidatesCertificateChain): kcfBooleanFalse,Nsstring(format: kcfStreamSSLPeerName): kcfNull,Nsstring(format: kcfStreamSSLCertificates): certs,Nsstring(format: kcfStreamSSLIsServer): kcfBooleanFalse
    ]

    CFReadStreamSetProperty(inputStream,kcfStreamPropertySSLSettings,sslSettings)
    CFWriteStreamSetProperty(outputStream,sslSettings)

    inputStream!.open()
    outputStream!.open()
}

func write(text: String) {
    let data = [UInt8](text.utf8)

    outputStream?.write(data,maxLength: data.count)
}

func CreateCertificateFromFile(filename: String,ext: String) -> SecCertificateRef? {
    var cert: SecCertificateRef!

    if let path = NSBundle.mainBundle().pathForResource(filename,ofType: ext) {

        let data = NSData(contentsOfFile: path)!

        cert = SecCertificateCreateWithData(kcfAllocatorDefault,data)!
    }
    else {

    }

    return cert
}

func deinitialise() {
    inputStream?.close()
    outputStream?.close()
}

}

我理解SSL / TLS是如何工作的,因为我在同一个应用程序的Android版本中完成了这一切.我只是对SSL的iOS实现感到困惑.

我来自Java背景,已经解决了这个问题3周.任何帮助,将不胜感激.

喜欢Swift代码中的答案,而不是目标C,但如果你只有Obj C那也可以:)

好吧,我在这个问题上花了8个星期:(但我终于设法组建了一个有效的解决方案.我必须说iOS上的SSL / TLS是一个笑话.Java Android上的Java让它死了.这是完全荒谬的,为了评估自签名证书的信任,您必须完全禁用证书链验证并自行完成.完全荒谬.无论如何,这是使用自签名服务器证书连接到远程套接字服务器(无HTTP)的完全可用的解决方案.编辑这个答案以提供更好的答案,因为我还没有更改添加发送和接收数据的代码:) 
//  SecureSocket
//
//  Created by snapper26 on 2/9/16.
//  copyright © 2016 snapper26. All rights reserved.
//
import Foundation

class ProXimityapiclient: NSObject,StreamDelegate {

    // Input and output streams for socket
    var inputStream: InputStream?
    var outputStream: OutputStream?

    // Secondary delegate reference to prevent ARC deallocating the NsstreamDelegate
    var inputDelegate: StreamDelegate?
    var outputDelegate: StreamDelegate?

    // Add a trusted root CA to out SecTrust object
    func addAnchorToTrust(trust: SecTrust,certificate: SecCertificate) -> SecTrust {
        let array: NSMutableArray = NSMutableArray()

        array.add(certificate)

        SecTrustSetAnchorCertificates(trust,array)

        return trust
    }

    // Create a SecCertificate object from a DER formatted certificate file
    func createCertificateFromFile(filename: String,ext: String) -> SecCertificate {
        let rootCertPath = Bundle.main.path(forResource:filename,ofType: ext)

        let rootCertData = NSData(contentsOfFile: rootCertPath!)

        return SecCertificateCreateWithData(kcfAllocatorDefault,rootCertData!)!
    }

    // Connect to remote host/server
    func connect(host: String,port: Int) {
        // Specify host and port number. Get reference to newly created socket streams both in and out
        Stream.getStreamsToHost(withName:host,port: port,inputStream: &inputStream,outputStream: &outputStream)

        // Create strong delegate reference to stop ARC deallocating the object
        inputDelegate = self
        outputDelegate = self

        // Now that we have a strong reference,assign the object to the stream delegates
        inputStream!.delegate = inputDelegate
        outputStream!.delegate = outputDelegate

        // This doesn't work because of arc memory management. Thats why another strong reference above is needed.
        //inputStream!.delegate = self
        //outputStream!.delegate = self

        // Schedule our run loops. This is needed so that we can receive StreamEvents
        inputStream!.schedule(in:RunLoop.main,forMode: RunLoopMode.defaultRunLoopMode)
        outputStream!.schedule(in:RunLoop.main,forMode: RunLoopMode.defaultRunLoopMode)

        // Enable SSL/TLS on the streams
        inputStream!.setProperty(kcfStreamSocketSecurityLevelNegotiatedSSL,forKey:  Stream.PropertyKey.socketSecurityLevelKey)
        outputStream!.setProperty(kcfStreamSocketSecurityLevelNegotiatedSSL,forKey: Stream.PropertyKey.socketSecurityLevelKey)

        // Defin custom SSL/TLS settings
        let sslSettings : [Nsstring: Any] = [
            // Nsstream automatically sets up the socket,the streams and creates a trust object and evaulates it before you even get a chance to check the trust yourself. Only proper SSL certificates will work with this method. If you have a self signed certificate like I do,you need to disable the trust check here and evaulate the trust against your custom root CA yourself.
            Nsstring(format: kcfStreamSSLValidatesCertificateChain): kcfBooleanFalse,//
            Nsstring(format: kcfStreamSSLPeerName): kcfNull,// We are an SSL/TLS client,not a server
            Nsstring(format: kcfStreamSSLIsServer): kcfBooleanFalse
        ]

        // Set the SSL/TLS settingson the streams
        inputStream!.setProperty(sslSettings,forKey:  kcfStreamPropertySSLSettings as Stream.PropertyKey)
        outputStream!.setProperty(sslSettings,forKey: kcfStreamPropertySSLSettings as Stream.PropertyKey)

        // Open the streams
        inputStream!.open()
        outputStream!.open()
    }

    // This is where we get all our events (haven't finished writing this class)
   func stream(_ aStream: Stream,handle eventCode: Stream.Event) {
        switch eventCode {
        case Stream.Event.endEncountered:
            print("End Encountered")
            break
        case Stream.Event.openCompleted:
            print("Open Completed")
            break
        case Stream.Event.hasspaceAvailable:
            print("Has Space Available")

            // If you try and obtain the trust object (aka kcfStreamPropertySSLPeerTrust) before the stream is available for writing I found that the oject is always nil!
            var sslTrustInput: SecTrust? =  inputStream! .property(forKey:kcfStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?
            var sslTrustOutput: SecTrust? = outputStream!.property(forKey:kcfStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?

            if (sslTrustInput == nil) {
                print("INPUT TRUST NIL")
            }
            else {
                print("INPUT TRUST NOT NIL")
            }

            if (sslTrustOutput == nil) {
                print("OUTPUT TRUST NIL")
            }
            else {
                print("OUTPUT TRUST NOT NIL")
            }

            // Get our certificate reference. Make sure to add your root certificate file into your project.
            let rootCert: SecCertificate? = createCertificateFromFile(filename: "ca",ext: "der")

            // Todo: Don't want to keep adding the certificate every time???
            // Make sure to add your trusted root CA to the list of trusted anchors otherwise trust evaulation will fail
            sslTrustInput  = addAnchorToTrust(trust: sslTrustInput!,certificate: rootCert!)
            sslTrustOutput = addAnchorToTrust(trust: sslTrustOutput!,certificate: rootCert!)

            // convert kSecTrustResultUnspecified type to SecTrustResultType for comparison
            var result: SecTrustResultType = SecTrustResultType.unspecified

            // This is it! Evaulate the trust.
            let error: Osstatus = SecTrustEvaluate(sslTrustInput!,&result)

            // An error occured evaluating the trust check the Osstatus codes for Apple at osstatus.com
            if (error != noErr) {
                print("Evaluation Failed")
            }

            if (result != SecTrustResultType.proceed && result != SecTrustResultType.unspecified) {
                // Trust Failed. This will happen if you faile to add the trusted anchor as mentioned above
                print("Peer is not trusted :(")
            }
            else {
                // Peer certificate is trusted. Now we can send data. Woohoo!
                print("Peer is trusted :)")
            }

            break
        case Stream.Event.hasBytesAvailable:
            print("Has Bytes Available")
            break
        case Stream.Event.errorOccurred:
            print("Error Occured")
            break
        default:
            print("Default")
            break
        }
    }
}

Swift中的iOS SSL连接的更多相关文章

  1. Html5跳转到APP指定页面的实现

    这篇文章主要介绍了Html5跳转到APP指定页面的实现,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧

  2. ios – 比较两个版本号

    如何比较两个版本号字符串?例如:3.1.1和3.1.2.5.4现在我需要找出3.1.2.5.4是否高于3.1.1但我不知道如何做到这一点.有谁能够帮我?

  3. iOS:无法获取Caches目录的内容

    试图获取Caches目录的内容:路径是正确的,我可以在Finder中看到它存在并包含我的文件.directoryItems是nil,错误是我怎么了?解决方法你使用错误的路径.要为应用程序获取正确的缓存目录,请使用此:在cacheDirectory中,您将收到这样的字符串路径:整个代码:

  4. ios – 如何使用CNContactVCardSerialization dataWithContacts:方法获取联系人图像的VCF数据?

    我正在使用CNContacts和CNContactUI框架并通过此选择联系人和此联系对象具有contact.imageData和日志.但当我试图通过交叉检查这些数据这是空的:为什么我收到此null并且此联系人在签入联系人时有图像?

  5. ios – 签名无效:oauth_signature

    我正在尝试生成oauth_signature以使用FatsecretAPI,但是获得无效的签名错误–无法弄清楚原因.我尝试尽可能准确地遵循here所述的所有步骤(参见步骤2)来生成签名值.他们说:UsetheHMAC-SHA1signaturealgorithmasdefinedbythe[RFC2104]tosigntherequestwheretextistheSignatureBaseStr

  6. ios – 在没有alloc init的情况下将NSString转换为NSAttributedString

    解决方法我建议在Nsstring上创建一个类别,使用一种方法将其转换为NSAttributedString,然后在整个项目中使用该辅助方法.像这样:

  7. ios – 确定图像选择器媒体类型是否为视频

    优选地,包括“所有图像类型”或“所有视频类型”的方式.解决方法最好检查一下与特定UTI的一致性.现在,iOS告诉你它是一个public.movie,但它明年会说些什么呢?你会看到有人检查public.video.太棒了,所以你硬编码了两种而不是一种.但问“这是一部电影吗?”而不是硬编码您认为iOS将返回的特定类型?

  8. ios – 使用NSURLSession获取JSON数据

    我试图从谷歌距离api使用NSURLSession获取数据,但如下所示,当我打印响应和数据时,我得到的结果为NULL.可能是什么问题?

  9. xcode – 如何在调试中查看NSString中的文本

    我是XCode4的新手,我无法弄清楚如何在断点中查看变量(如NSCFString)的值.我看到我的Autos/Local但它们显示Hex值并且SummaryUnavailable.我想要做的就是将字符串本身视为常规文本.我甚至徘徊在变量上,期望在VisualStudio中看到他们的价值而没有运气.解决方法打开调试器的控制台视图,并在提示符下键入:要么

  10. ios – 在initWithCoder中:NSCoder(UINibDecoder)中的键是什么? (对于UIImageView)

    快速实施和调查,您会发现密钥是“UIResourceName”.但请记住,keyedunarchiver只返回当前解码范围内的key对象.这意味着您无法从根查询此密钥,您必须深入挖掘对象层次结构.以下是记录任何链接资源的代码.这取决于你如何使用它.它还会在解码UIImage时记录.如果你愿意,你可以在这里归还自己的课程.希望这可以帮助.

随机推荐

  1. Swift UITextField,UITextView,UISegmentedControl,UISwitch

    下面我们通过一个demo来简单的实现下这些控件的功能.首先,我们拖将这几个控件拖到storyboard,并关联上相应的属性和动作.如图:关联上属性和动作后,看看实现的代码:

  2. swift UISlider,UIStepper

    我们用两个label来显示slider和stepper的值.再用张图片来显示改变stepper值的效果.首先,这三个控件需要全局变量声明如下然后,我们对所有的控件做个简单的布局:最后,当slider的值改变时,我们用一个label来显示值的变化,同样,用另一个label来显示stepper值的变化,并改变图片的大小:实现效果如下:

  3. preferredFontForTextStyle字体设置之更改

    即:

  4. Swift没有异常处理,遇到功能性错误怎么办?

    本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容,请发送邮件至dio@foxmail.com举报,一经查实,本站将立刻删除。

  5. 字典实战和UIKit初探

    ios中数组和字典的应用Applicationschedule类别子项类别名称优先级数据包contactsentertainment接触UIKit学习用Swift调用CocoaTouchimportUIKitletcolors=[]varbackView=UIView(frame:CGRectMake(0.0,0.0,320.0,CGFloat(colors.count*50)))backView

  6. swift语言IOS8开发战记21 Core Data2

    上一话中我们简单地介绍了一些coredata的基本知识,这一话我们通过编程来实现coredata的使用。还记得我们在coredata中定义的那个Model么,上面这段代码会加载这个Model。定义完方法之后,我们对coredata的准备都已经完成了。最后强调一点,coredata并不是数据库,它只是一个框架,协助我们进行数据库操作,它并不关心我们把数据存到哪里。

  7. swift语言IOS8开发战记22 Core Data3

    上一话我们定义了与coredata有关的变量和方法,做足了准备工作,这一话我们来试试能不能成功。首先打开上一话中生成的Info类,在其中引用头文件的地方添加一个@objc,不然后面会报错,我也不知道为什么。

  8. swift实战小程序1天气预报

    在有一定swift基础的情况下,让我们来做一些小程序练练手,今天来试试做一个简单地天气预报。然后在btnpressed方法中依旧增加loadWeather方法.在loadWeather方法中加上信息的显示语句:运行一下看看效果,如图:虽然显示出来了,但是我们的text是可编辑状态的,在storyboard中勾选Editable,再次运行:大功告成,而且现在每次单击按钮,就会重新请求天气情况,大家也来试试吧。

  9. 【iOS学习01】swift ? and !  的学习

    如果不初始化就会报错。

  10. swift语言IOS8开发战记23 Core Data4

    接着我们需要把我们的Rest类变成一个被coredata管理的类,点开Rest类,作如下修改:关键字@NSManaged的作用是与实体中对应的属性通信,BinaryData对应的类型是NSData,CoreData没有布尔属性,只能用0和1来区分。进行如下操作,输入类名:建立好之后因为我们之前写的代码有些地方并不适用于coredata,所以编译器会报错,现在来一一解决。

返回
顶部