YH_H5URLProtocol.m
5.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
//
// YH_H5URLProtocol.m
// YH_Mall
//
// Created by jhsonzhi on 16/4/13.
// Copyright © 2016年 YOHO. All rights reserved.
//
#import "YH_H5URLProtocol.h"
#import "YH_HttpDNS.h"
static NSString * const URLProtocolHandledKey = @"URLProtocolHandledKey";
static NSObject *H5CachingSupportedSchemesMonitor;
static NSSet *H5CachingSupportedSchemes;
@interface YH_H5URLProtocol () <NSURLConnectionDataDelegate>
@property (nonatomic, readwrite, strong) NSURLConnection *connection;
@end
@implementation YH_H5URLProtocol
+ (void)initialize
{
if (self == [YH_H5URLProtocol class])
{
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
H5CachingSupportedSchemesMonitor = [NSObject new];
});
[self setSupportedSchemes:[NSSet setWithArray:@[@"http",@"https"]]];
}
}
+ (NSSet *)supportedSchemes {
NSSet *supportedSchemes;
@synchronized(H5CachingSupportedSchemesMonitor)
{
supportedSchemes = H5CachingSupportedSchemes;
}
return supportedSchemes;
}
+ (void)setSupportedSchemes:(NSSet *)supportedSchemes
{
@synchronized(H5CachingSupportedSchemesMonitor)
{
H5CachingSupportedSchemes = supportedSchemes;
}
}
+ (BOOL)canInitWithRequest:(NSURLRequest *)request
{
if ([NSURLProtocol propertyForKey:URLProtocolHandledKey inRequest:request]) {
return NO;
}
NSURL *requestURL = [request URL];
if (![[self supportedSchemes] containsObject:[requestURL scheme]]) {
return NO;
}
NSString * webViewType = [request valueForHTTPHeaderField:@"X-YH-Request-DNS-H5"];
if ([webViewType hasSuffix:@"iOS"]){
return YES;
}
return NO;
}
+ (NSURLRequest *)canonicalRequestForRequest:(NSURLRequest *)request {
return request;
}
- (void)startLoading
{
NSMutableURLRequest * request = [self.request mutableCopy];
// 表示该请求已经被处理,防止无限循环
[NSURLProtocol setProperty:@(YES) forKey:URLProtocolHandledKey inRequest:request];
NSLog(@">>>>>>>>loading URL:%@",request.URL.absoluteString);
self.connection = [NSURLConnection connectionWithRequest:request delegate:self];
}
- (void)stopLoading
{
[self.connection cancel];
self.connection = nil;
}
#pragma mark - NSURLConnectionDelegate
- (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust
forDomain:(NSString *)domain
{
/*
* 创建证书校验策略
*/
NSMutableArray *policies = [NSMutableArray array];
if (domain) {
[policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)];
} else {
[policies addObject:(__bridge_transfer id)SecPolicyCreateBasicX509()];
}
/*
* 绑定校验策略到服务端的证书上
*/
SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies);
/*
* 评估当前serverTrust是否可信任,
* 官方建议在result = kSecTrustResultUnspecified 或 kSecTrustResultProceed
* 的情况下serverTrust可以被验证通过,https://developer.apple.com/library/ios/technotes/tn2232/_index.html
* 关于SecTrustResultType的详细信息请参考SecTrust.h
*/
SecTrustResultType result;
SecTrustEvaluate(serverTrust, &result);
return (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);
}
/*
* NSURLConnection
*/
- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
if (!challenge) {
return;
}
/*
* URL里面的host在使用HTTPDNS的情况下被设置成了IP,此处从HTTP Header中获取真实域名
*/
NSString* host = [[self.request allHTTPHeaderFields] objectForKey:@"Host"];
if (!host) {
host = self.request.URL.host;
}
/*
* 判断challenge的身份验证方法是否是NSURLAuthenticationMethodServerTrust(HTTPS模式下会进行该身份验证流程),
* 在没有配置身份验证方法的情况下进行默认的网络请求流程。
*/
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
if ([self evaluateServerTrust:challenge.protectionSpace.serverTrust forDomain:host]) {
/*
* 验证完以后,需要构造一个NSURLCredential发送给发起方
*/
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
} else {
/*
* 验证失败,取消这次验证流程
*/
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
} else {
/*
* 对于其他验证方法直接进行处理流程
*/
[[challenge sender] continueWithoutCredentialForAuthenticationChallenge:challenge];
}
}
- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response {
[self.client URLProtocol:self didReceiveResponse:response cacheStoragePolicy:NSURLCacheStorageNotAllowed];
}
- (void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data {
[self.client URLProtocol:self didLoadData:data];
}
- (void)connectionDidFinishLoading:(NSURLConnection *)connection {
[self.client URLProtocolDidFinishLoading:self];
}
- (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error {
[self.client URLProtocol:self didFailWithError:error];
}
@end