参考文章 iOS获取SSL证书的sha1值和sha256值 感谢作者!
首先我们可以通过浏览器查看远程https的sha256或者sha1
通过代码获取方法如下
初始化NSURLSession对象时指定代理
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[[NSOperationQueue alloc]init]];
实现如下代理方法
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler
{
SecTrustRef serverTrust = [[challenge protectionSpace] serverTrust];
//这里取第一个值的论证,其实我没找到,只是查到的都是取第一个值.如果有看到取第一个值的文献,麻烦推荐一下.
SecCertificateRef certRef = SecTrustGetCertificateAtIndex(serverTrust, 0);
// CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef);
CFDataRef certData = SecCertificateCopyData(certRef);
//此处CFDataRef可直接强转NSData类型
NSData *myData = (__bridge NSData *)certData;
NSString *sha256 = [self sha256:myData];
NSLog(@"sha256=%@\n ---- certificateNo=%@",sha256,[YZTLoanDoor share].certificateNo);
BOOL result = [sha256 compare:remoteCerSha256 options:NSCaseInsensitiveSearch];(忽略大小写的字符串对比)
if (result == NSOrderedSame) {
NSURLCredential *card = [[NSURLCredential alloc]initWithTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential , card);
} else {
NSURLCredential *card = [[NSURLCredential alloc]initWithTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge , card);
}
}
引入头文件
#import <CommonCrypto/CommonDigest.h>
实现方法
- (NSString*)sha256:(NSData*)certData
{
unsigned char sha256Buffer[CC_SHA256_DIGEST_LENGTH];
CC_SHA256(certData.bytes, certData.length, sha256Buffer);
NSMutableString *fingerprint = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH * 3];
for (int i = 0; i < CC_SHA256_DIGEST_LENGTH; ++i)
[fingerprint appendFormat:@"%02x",sha256Buffer[i]];
return [fingerprint stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceCharacterSet]];
}
当然如果需要sha1,使用一下方法
+(NSString*)sha1:(NSData*)certData {
unsigned char sha1Buffer[CC_SHA1_DIGEST_LENGTH];
CC_SHA1(certData.bytes, certData.length, sha1Buffer);
NSMutableString *fingerprint = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 3];
for (int i = 0; i < CC_SHA1_DIGEST_LENGTH; ++i)
[fingerprint appendFormat:@"%02x ",sha1Buffer[i]];
return [fingerprint stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceCharacterSet]];
}