1.
/* NSObject.h
Copyright (c) 1994-2018, Apple Inc. All rights reserved.
*/
#if __has_feature(objc_arc)
// After using a CFBridgingRetain on an NSObject, the caller must take responsibility for calling CFRelease at an appropriate time.
NS_INLINE CF_RETURNS_RETAINED CFTypeRef _Nullable CFBridgingRetain(id _Nullable X) {
return (__bridge_retained CFTypeRef)X;
}
NS_INLINE id _Nullable CFBridgingRelease(CFTypeRef CF_CONSUMED _Nullable X) {
return (__bridge_transfer id)X;
}
https://www.jianshu.com/p/5c98ac2dab58
2.
SecIdentityRef
https://github.com/xd520/TianjintouNew/blob/79bbeb3915a469d88becce954682d3709c2aedb2/Https.m
https://cloud.tencent.com/developer/ask/109329
3.
https://github.com/search?l=Objective-C&p=2&q=publicKeyIdentifier&type=Code
4.
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust forDomain:(NSString *)domain { if (domain && self.allowInvalidCertificates && self.validatesDomainName && (self.SSLPinningMode == AFSSLPinningModeNone || [self.pinnedCertificates count] == 0)) { // https://developer.apple.com/library/mac/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html // According to the docs, you should only trust your provided certs for evaluation. // Pinned certificates are added to the trust. Without pinned certificates, // there is nothing to evaluate against. // // From Apple Docs: // "Do not implicitly trust self-signed certificates as anchors (kSecTrustOptionImplicitAnchors). // Instead, add your own (self-signed) CA certificate to the list of trusted anchors." NSLog(@"In order to validate a domain name for self signed certificates, you MUST use pinning."); return NO; } NSMutableArray *policies = [NSMutableArray array]; if (self.validatesDomainName) { //如果要验证域名,就通过域名来生成Policy [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)]; } else { //不验证域名,就默认基于X.509 [policies addObject:(__bridge_transfer id)SecPolicyCreateBasicX509()]; } //设置policies SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies); if (self.SSLPinningMode == AFSSLPinningModeNone) { //不校验证书,只要允许过期无效证书或者serverTrust验证通过,即可信任 return self.allowInvalidCertificates || AFServerTrustIsValid(serverTrust); } else if (!AFServerTrustIsValid(serverTrust) && !self.allowInvalidCertificates) { //否则,就不可信任 return NO; } //到了这里就说明: //1.通过了证书的验证 //2.allowInvalidCertificates = YES switch (self.SSLPinningMode) { case AFSSLPinningModeNone: default: return NO; case AFSSLPinningModeCertificate: { //验证全部证书 NSMutableArray *pinnedCertificates = [NSMutableArray array]; for (NSData *certificateData in self.pinnedCertificates) { [pinnedCertificates addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)]; } SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates); //验证证书是否可信任 if (!AFServerTrustIsValid(serverTrust)) { return NO; } // obtain the chain after being validated, which *should* contain the pinned certificate in the last position (if it's the Root CA) NSArray *serverCertificates = AFCertificateTrustChainForServerTrust(serverTrust); //整个证书链都跟本地的证书匹配才通过验证 for (NSData *trustChainCertificate in [serverCertificates reverseObjectEnumerator]) { if ([self.pinnedCertificates containsObject:trustChainCertificate]) { return YES; } } return NO; } case AFSSLPinningModePublicKey: { NSUInteger trustedPublicKeyCount = 0; NSArray *publicKeys = AFPublicKeyTrustChainForServerTrust(serverTrust); //只要有公钥相匹配就通过 for (id trustChainPublicKey in publicKeys) { for (id pinnedPublicKey in self.pinnedPublicKeys) { if (AFSecKeyIsEqualToKey((__bridge SecKeyRef)trustChainPublicKey, (__bridge SecKeyRef)pinnedPublicKey)) { trustedPublicKeyCount += 1; } } } return trustedPublicKeyCount > 0; } } return NO; }
https://www.jianshu.com/p/f522d041cd91
NSMutableArray *policies = [NSMutableArray array]; // BasicX509 不验证域名是否相同 SecPolicyRef policy = SecPolicyCreateBasicX509(); [policies addObject:(__bridge_transfer id)policy]; SecTrustSetPolicies(trust, (__bridge CFArrayRef)policies);
https://www.cnblogs.com/oc-bowen/p/5896041.html
5.
NSArray *serverCertificates = @[@"a",@"b",@"c",@"d",@"e",@"f"]; for (NSString *trustChainCertificate in serverCertificates) { NSLog(@"str:%@",trustChainCertificate); } NSLog(@"---------------"); NSSet *set = [[NSSet alloc] initWithArray:serverCertificates]; for (NSString *trustChainCertificate in [set objectEnumerator]) { NSLog(@"str:%@",trustChainCertificate); }
当枚举一个NSArray的时候:
-
使用 for (id object in array) 如果是顺序枚举
-
使用 for (id object in [array reverseObjectEnumerator]) 如果是倒序枚举
-
使用 for (NSInteger i = 0; i < count; i++) 如果你需要知道它的索引值,或者需要改变数组
-
尝试 [array enumerateObjectsWithOptions:usingBlock:] 如果你的代码受益于并行执行
当枚举一个NSSet的时候:
-
使用 for (id object in set) 大多数时候
-
使用 for (id object in [set copy]) 如果你需要修改集合(但是会很慢)
-
尝试 [array enumerateObjectsWithOptions:usingBlock:] 如果你的代码受益于并行执行
当枚举一个NSDictionary的时候:
-
使用 for (id object in set) 大多数时候
-
使用 for (id object in [set copy]) 如果你需要修改词典
-
尝试 [array enumerateObjectsWithOptions:usingBlock:] 如果你的代码受益于并行执行
https://www.cnblogs.com/mafeng/p/5222295.html