我正在尝试建立从我的 iOS 应用程序到我的后端服务器 (Node.js) 的简单套接字连接(无 HTTP)。服务器证书已使用我自己创建的自定义 CA 创建并签名。我相信,为了让 iOS 信任我的服务器,我将不得不以某种方式将此自定义 CA 证书添加到受信任证书列表中,这些证书用于确定 Java/Android 中 TrustStore 工作方式的信任类型。
我已尝试使用下面的代码进行连接并且没有错误,但是 write() 函数似乎没有成功。
主视图 Controller :
override func viewDidLoad() {
super.viewDidLoad()
// Do any additional setup after loading the view, typically from a nib.
let api: APIClient = APIClient()
api.initialiseSSL("10.13.37.200", port: 8080)
api.write("Hello")
api.deinitialise()
print("Done")
}
API客户端类
class APIClient: NSObject, NSStreamDelegate {
var readStream: Unmanaged<CFReadStreamRef>?
var writeStream: Unmanaged<CFWriteStreamRef>?
var inputStream: NSInputStream?
var outputStream: NSOutputStream?
func initialiseSSL(host: String, port: UInt32) {
CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault, host, port, &readStream, &writeStream)
inputStream = readStream!.takeRetainedValue()
outputStream = writeStream!.takeRetainedValue()
inputStream?.delegate = self
outputStream?.delegate = self
inputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
outputStream!.scheduleInRunLoop(NSRunLoop.currentRunLoop(), forMode: NSDefaultRunLoopMode)
let cert: SecCertificateRef? = CreateCertificateFromFile("ca", ext: "der")
if cert != nil {
print("GOT CERTIFICATE")
}
let certs: NSArray = NSArray(objects: cert!)
let sslSettings = [
NSString(format: kCFStreamSSLLevel): kCFStreamSocketSecurityLevelNegotiatedSSL,
NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse,
NSString(format: kCFStreamSSLPeerName): kCFNull,
NSString(format: kCFStreamSSLCertificates): certs,
NSString(format: kCFStreamSSLIsServer): kCFBooleanFalse
]
CFReadStreamSetProperty(inputStream, kCFStreamPropertySSLSettings, sslSettings)
CFWriteStreamSetProperty(outputStream, kCFStreamPropertySSLSettings, sslSettings)
inputStream!.open()
outputStream!.open()
}
func write(text: String) {
let data = [UInt8](text.utf8)
outputStream?.write(data, maxLength: data.count)
}
func CreateCertificateFromFile(filename: String, ext: String) -> SecCertificateRef? {
var cert: SecCertificateRef!
if let path = NSBundle.mainBundle().pathForResource(filename, ofType: ext) {
let data = NSData(contentsOfFile: path)!
cert = SecCertificateCreateWithData(kCFAllocatorDefault, data)!
}
else {
}
return cert
}
func deinitialise() {
inputStream?.close()
outputStream?.close()
}
我了解 SSL/TLS 的工作原理以及所有这些,因为我在同一应用程序的 Android 版本中完成了这一切。我只是对 SSL 的 iOS 实现感到困惑。
我有 Java 背景并且已经解决这个问题 3 周了。任何帮助将不胜感激。
更喜欢 Swift 代码的答案,而不是 Objective C,但如果你只有 Obj C,那也没关系:)
最佳答案
好吧,我在这个问题上花了 8 周 :( 但我终于设法找到了一个可行的解决方案。我必须说 iOS 上的 SSL/TLS 是个笑话。Android 上的 Java 让它死了。这完全是荒谬的为了评估对自签名证书的信任,您必须完全禁用证书链验证并自己完成。完全荒谬。无论如何,这是使用自签名服务器证书连接到远程套接字服务器(无 HTTP)的完整解决方案. 请随意编辑此答案以提供更好的答案,因为我还没有更改以添加用于发送和接收数据的代码:)
// SecureSocket
//
// Created by snapper26 on 2/9/16.
// Copyright © 2016 snapper26. All rights reserved.
//
import Foundation
class ProXimityAPIClient: NSObject, StreamDelegate {
// Input and output streams for socket
var inputStream: InputStream?
var outputStream: OutputStream?
// Secondary delegate reference to prevent ARC deallocating the NSStreamDelegate
var inputDelegate: StreamDelegate?
var outputDelegate: StreamDelegate?
// Add a trusted root CA to out SecTrust object
func addAnchorToTrust(trust: SecTrust, certificate: SecCertificate) -> SecTrust {
let array: NSMutableArray = NSMutableArray()
array.add(certificate)
SecTrustSetAnchorCertificates(trust, array)
return trust
}
// Create a SecCertificate object from a DER formatted certificate file
func createCertificateFromFile(filename: String, ext: String) -> SecCertificate {
let rootCertPath = Bundle.main.path(forResource:filename, ofType: ext)
let rootCertData = NSData(contentsOfFile: rootCertPath!)
return SecCertificateCreateWithData(kCFAllocatorDefault, rootCertData!)!
}
// Connect to remote host/server
func connect(host: String, port: Int) {
// Specify host and port number. Get reference to newly created socket streams both in and out
Stream.getStreamsToHost(withName:host, port: port, inputStream: &inputStream, outputStream: &outputStream)
// Create strong delegate reference to stop ARC deallocating the object
inputDelegate = self
outputDelegate = self
// Now that we have a strong reference, assign the object to the stream delegates
inputStream!.delegate = inputDelegate
outputStream!.delegate = outputDelegate
// This doesn't work because of arc memory management. Thats why another strong reference above is needed.
//inputStream!.delegate = self
//outputStream!.delegate = self
// Schedule our run loops. This is needed so that we can receive StreamEvents
inputStream!.schedule(in:RunLoop.main, forMode: RunLoopMode.defaultRunLoopMode)
outputStream!.schedule(in:RunLoop.main, forMode: RunLoopMode.defaultRunLoopMode)
// Enable SSL/TLS on the streams
inputStream!.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
outputStream!.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)
// Defin custom SSL/TLS settings
let sslSettings : [NSString: Any] = [
// NSStream automatically sets up the socket, the streams and creates a trust object and evaulates it before you even get a chance to check the trust yourself. Only proper SSL certificates will work with this method. If you have a self signed certificate like I do, you need to disable the trust check here and evaulate the trust against your custom root CA yourself.
NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse,
//
NSString(format: kCFStreamSSLPeerName): kCFNull,
// We are an SSL/TLS client, not a server
NSString(format: kCFStreamSSLIsServer): kCFBooleanFalse
]
// Set the SSL/TLS settingson the streams
inputStream!.setProperty(sslSettings, forKey: kCFStreamPropertySSLSettings as Stream.PropertyKey)
outputStream!.setProperty(sslSettings, forKey: kCFStreamPropertySSLSettings as Stream.PropertyKey)
// Open the streams
inputStream!.open()
outputStream!.open()
}
// This is where we get all our events (haven't finished writing this class)
func stream(_ aStream: Stream, handle eventCode: Stream.Event) {
switch eventCode {
case Stream.Event.endEncountered:
print("End Encountered")
break
case Stream.Event.openCompleted:
print("Open Completed")
break
case Stream.Event.hasSpaceAvailable:
print("Has Space Available")
// If you try and obtain the trust object (aka kCFStreamPropertySSLPeerTrust) before the stream is available for writing I found that the oject is always nil!
var sslTrustInput: SecTrust? = inputStream! .property(forKey:kCFStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?
var sslTrustOutput: SecTrust? = outputStream!.property(forKey:kCFStreamPropertySSLPeerTrust as Stream.PropertyKey) as! SecTrust?
if (sslTrustInput == nil) {
print("INPUT TRUST NIL")
}
else {
print("INPUT TRUST NOT NIL")
}
if (sslTrustOutput == nil) {
print("OUTPUT TRUST NIL")
}
else {
print("OUTPUT TRUST NOT NIL")
}
// Get our certificate reference. Make sure to add your root certificate file into your project.
let rootCert: SecCertificate? = createCertificateFromFile(filename: "ca", ext: "der")
// TODO: Don't want to keep adding the certificate every time???
// Make sure to add your trusted root CA to the list of trusted anchors otherwise trust evaulation will fail
sslTrustInput = addAnchorToTrust(trust: sslTrustInput!, certificate: rootCert!)
sslTrustOutput = addAnchorToTrust(trust: sslTrustOutput!, certificate: rootCert!)
// convert kSecTrustResultUnspecified type to SecTrustResultType for comparison
var result: SecTrustResultType = SecTrustResultType.unspecified
// This is it! Evaulate the trust.
let error: OSStatus = SecTrustEvaluate(sslTrustInput!, &result)
// An error occured evaluating the trust check the OSStatus codes for Apple at osstatus.com
if (error != noErr) {
print("Evaluation Failed")
}
if (result != SecTrustResultType.proceed && result != SecTrustResultType.unspecified) {
// Trust failed. This will happen if you faile to add the trusted anchor as mentioned above
print("Peer is not trusted :(")
}
else {
// Peer certificate is trusted. Now we can send data. Woohoo!
print("Peer is trusted :)")
}
break
case Stream.Event.hasBytesAvailable:
print("Has Bytes Available")
break
case Stream.Event.errorOccurred:
print("Error Occured")
break
default:
print("Default")
break
}
}
}
关于Swift 中的 iOS SSL 连接,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38761837/
总的来说,我对ruby还比较陌生,我正在为我正在创建的对象编写一些rspec测试用例。许多测试用例都非常基础,我只是想确保正确填充和返回值。我想知道是否有办法使用循环结构来执行此操作。不必为我要测试的每个方法都设置一个assertEquals。例如:describeitem,"TestingtheItem"doit"willhaveanullvaluetostart"doitem=Item.new#HereIcoulddotheitem.name.shouldbe_nil#thenIcoulddoitem.category.shouldbe_nilendend但我想要一些方法来使用
我试图在一个项目中使用rake,如果我把所有东西都放到Rakefile中,它会很大并且很难读取/找到东西,所以我试着将每个命名空间放在lib/rake中它自己的文件中,我添加了这个到我的rake文件的顶部:Dir['#{File.dirname(__FILE__)}/lib/rake/*.rake'].map{|f|requiref}它加载文件没问题,但没有任务。我现在只有一个.rake文件作为测试,名为“servers.rake”,它看起来像这样:namespace:serverdotask:testdoputs"test"endend所以当我运行rakeserver:testid时
作为我的Rails应用程序的一部分,我编写了一个小导入程序,它从我们的LDAP系统中吸取数据并将其塞入一个用户表中。不幸的是,与LDAP相关的代码在遍历我们的32K用户时泄漏了大量内存,我一直无法弄清楚如何解决这个问题。这个问题似乎在某种程度上与LDAP库有关,因为当我删除对LDAP内容的调用时,内存使用情况会很好地稳定下来。此外,不断增加的对象是Net::BER::BerIdentifiedString和Net::BER::BerIdentifiedArray,它们都是LDAP库的一部分。当我运行导入时,内存使用量最终达到超过1GB的峰值。如果问题存在,我需要找到一些方法来更正我的代
Rails2.3可以选择随时使用RouteSet#add_configuration_file添加更多路由。是否可以在Rails3项目中做同样的事情? 最佳答案 在config/application.rb中:config.paths.config.routes在Rails3.2(也可能是Rails3.1)中,使用:config.paths["config/routes"] 关于ruby-on-rails-Rails3中的多个路由文件,我们在StackOverflow上找到一个类似的问题
我需要从一个View访问多个模型。以前,我的links_controller仅用于提供以不同方式排序的链接资源。现在我想包括一个部分(我假设)显示按分数排序的顶级用户(@users=User.all.sort_by(&:score))我知道我可以将此代码插入每个链接操作并从View访问它,但这似乎不是“ruby方式”,我将需要在不久的将来访问更多模型。这可能会变得很脏,是否有针对这种情况的任何技术?注意事项:我认为我的应用程序正朝着单一格式和动态页面内容的方向发展,本质上是一个典型的网络应用程序。我知道before_filter但考虑到我希望应用程序进入的方向,这似乎很麻烦。最终从任何
我在我的项目中添加了一个系统来重置用户密码并通过电子邮件将密码发送给他,以防他忘记密码。昨天它运行良好(当我实现它时)。当我今天尝试启动服务器时,出现以下错误。=>BootingWEBrick=>Rails3.2.1applicationstartingindevelopmentonhttp://0.0.0.0:3000=>Callwith-dtodetach=>Ctrl-CtoshutdownserverExiting/Users/vinayshenoy/.rvm/gems/ruby-1.9.3-p0/gems/actionmailer-3.2.1/lib/action_mailer
刚入门rails,开始慢慢理解。有人可以解释或给我一些关于在application_controller中编码的好处或时间和原因的想法吗?有哪些用例。您如何为Rails应用程序使用应用程序Controller?我不想在那里放太多代码,因为据我了解,每个请求都会调用此Controller。这是真的? 最佳答案 ApplicationController实际上是您应用程序中的每个其他Controller都将从中继承的类(尽管这不是强制性的)。我同意不要用太多代码弄乱它并保持干净整洁的态度,尽管在某些情况下ApplicationContr
我想向我的Controller传递一个参数,它是一个简单的复选框,但我不知道如何在模型的form_for中引入它,这是我的观点:{:id=>'go_finance'}do|f|%>Transferirde:para:Entrada:"input",:placeholder=>"Quantofoiganho?"%>Saída:"output",:placeholder=>"Quantofoigasto?"%>Nota:我想做一个额外的复选框,但我该怎么做,模型中没有一个对象,而是一个要检查的对象,以便在Controller中创建一个ifelse,如果没有检查,请帮助我,非常感谢,谢谢
我正在使用Sequel构建一个愿望list系统。我有一个wishlists和itemstable和一个items_wishlists连接表(该名称是续集选择的名称)。items_wishlists表还有一个用于facebookid的额外列(因此我可以存储opengraph操作),这是一个NOTNULL列。我还有Wishlist和Item具有续集many_to_many关联的模型已建立。Wishlist类也有:selectmany_to_many关联的选项设置为select:[:items.*,:items_wishlists__facebook_action_id].有没有一种方法可以
我注意到像bundler这样的项目在每个specfile中执行requirespec_helper我还注意到rspec使用选项--require,它允许您在引导rspec时要求一个文件。您还可以将其添加到.rspec文件中,因此只要您运行不带参数的rspec就会添加它。使用上述方法有什么缺点可以解释为什么像bundler这样的项目选择在每个规范文件中都需要spec_helper吗? 最佳答案 我不在Bundler上工作,所以我不能直接谈论他们的做法。并非所有项目都checkin.rspec文件。原因是这个文件,通常按照当前的惯例,只