【发布时间】:2016-08-04 08:08:59
【问题描述】:
我正在尝试建立从我的 iOS 应用程序到我的后端服务器 (Node.js) 的简单套接字连接 (NO HTTP)。服务器证书是使用我自己制作的自定义 CA 创建和签名的。我相信,为了让 iOS 信任我的服务器,我必须以某种方式将此自定义 CA 证书添加到受信任证书列表中,这些证书用于确定 Java/Android 中的 TrustStore 如何工作的信任类型。
我尝试使用下面的代码进行连接并且没有错误但是 write() 函数似乎没有成功。
主视图控制器:
override func viewDidLoad() {
super.viewDidLoad()
// Do any additional setup after loading the view, typically from a nib.
let api: APIClient = APIClient()
api.initialiseSSL("10.13.37.200", port: 8080)
api.write("Hello")
api.deinitialise()
print("Done")
}
APIClient 类
class APIClient: NSObject, NSStreamDelegate {
var readStream: Unmanaged<CFReadStreamRef>?
var writeStream: Unmanaged<CFWriteStreamRef>?
var inputStream: NSInputStream?
var outputStream: NSOutputStream?
func initialiseSSL(host: String, port: UInt32) {
CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault, host, port, &readStream, &writeStream)
inputStream = readStream!.takeRetainedValue()
outputStream = writeStream!.takeRetainedValue()
inputStream?.delegate = self
outputStream?.delegate = self
inputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
outputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
let cert: SecCertificateRef? = CreateCertificateFromFile("ca", ext: "der")
if cert != nil {
print("GOT CERTIFICATE")
}
let certs: NSArray = NSArray(objects: cert!)
let sslSettings = [
NSString(format: kCFStreamSSLLevel): kCFStreamSocketSecurityLevelNegotiatedSSL,
NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse,
NSString(format: kCFStreamSSLPeerName): kCFNull,
NSString(format: kCFStreamSSLCertificates): certs,
NSString(format: kCFStreamSSLIsServer): kCFBooleanFalse
]
CFReadStreamSetProperty(inputStream, kCFStreamPropertySSLSettings, sslSettings)
CFWriteStreamSetProperty(outputStream, kCFStreamPropertySSLSettings, sslSettings)
inputStream!.open()
outputStream!.open()
}
func write(text: String) {
let data = [UInt8](text.utf8)
outputStream?.write(data, maxLength: data.count)
}
func CreateCertificateFromFile(filename: String, ext: String) -> SecCertificateRef? {
var cert: SecCertificateRef!
if let path = NSBundle.mainBundle().pathForResource(filename, ofType: ext) {
let data = NSData(contentsOfFile: path)!
cert = SecCertificateCreateWithData(kCFAllocatorDefault, data)!
}
else {
}
return cert
}
func deinitialise() {
inputStream?.close()
outputStream?.close()
}
}
我了解 SSL/TLS 的工作原理,因为我在同一个应用程序的 Android 版本中完成了这一切。我只是对 SSL 的 iOS 实现感到困惑。
我来自 Java 背景,并且已经解决了这个问题 3 周。任何帮助将不胜感激。
更喜欢 Swift 代码中的答案,而不是 Objective C,但如果你只有 Obj C 也可以:)
【问题讨论】: