閱讀784 返回首頁    go 阿裏雲 go 技術社區[雲棲]

單IP多HTTPS域名場景下的解決方案__最佳實踐_HTTPDNS-阿裏雲

1.背景說明

在搭建支持HTTPS的前端代理服務器時候,通常會遇到讓人頭痛的證書問題。根據HTTPS的工作原理,瀏覽器在訪問一個HTTPS站點時,先與服務器建立SSL連接,建立連接的第一步就是請求服務器的證書。而服務器在發送證書的時候,是不知道瀏覽器訪問的是哪個域名的,所以不能根據不同域名發送不同的證書。

SNI(Server Name Indication)是為了解決一個服務器使用多個域名和證書的SSL/TLS擴展。它的工作原理如下:

  1. 在連接到服務器建立SSL鏈接之前先發送要訪問站點的域名(Hostname)。
  2. 服務器根據這個域名返回一個合適的證書。

目前,大多數操作係統和瀏覽器都已經很好地支持SNI擴展,OpenSSL 0.9.8也已經內置這一功能。

上述過程中,當客戶端使用HTTPDNS解析域名時,請求URL中的host會被替換成HTTPDNS解析出來的IP,導致服務器獲取到的域名為解析後的IP,無法找到匹配的證書,隻能返回默認的證書或者不返回,所以會出現SSL/TLS握手不成功的錯誤。

比如當你需要通過HTTPS訪問CDN資源時,CDN的站點往往服務了很多的域名,所以需要通過SNI指定具體的域名證書進行通信。

2 解決方案

針對以上問題,可以采用如下方案解決:hook HTTPS訪問前SSL連接過程,根據網絡請求頭部域中的HOST信息,設置SSL連接PeerHost的值,再根據服務器返回的證書執行驗證過程。

下麵分別列出Android和iOS平台的示例代碼。

2.1 Android示例

HTTPDNS Android Demo Github中針對HttpsURLConnection接口,提供了在SNI業務場景下使用HTTPDNS的示例代碼。

定製SSLSocketFactory,在createSocket時替換為HTTPDNS的IP,並進行SNI/HostNameVerify配置。

  1. class TlsSniSocketFactory extends SSLSocketFactory {
  2.     private final String TAG = TlsSniSocketFactory.class.getSimpleName();
  3.     HostnameVerifier hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
  4.     private HttpsURLConnection conn;
  6.     public TlsSniSocketFactory(HttpsURLConnection conn) {
  7.         this.conn = conn;
  8.     }
  10.     @Override
  11.     public Socket createSocket() throws IOException {
  12.         return null;
  13.     }
  15.     @Override
  16.     public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
  17.         return null;
  18.     }
  20.     @Override
  21.     public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
  22.         return null;
  23.     }
  25.     @Override
  26.     public Socket createSocket(InetAddress host, int port) throws IOException {
  27.         return null;
  28.     }
  30.     @Override
  31.     public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
  32.         return null;
  33.     }
  35.     // TLS layer
  37.     @Override
  38.     public String[] getDefaultCipherSuites() {
  39.         return new String[0];
  40.     }
  42.     @Override
  43.     public String[] getSupportedCipherSuites() {
  44.         return new String[0];
  45.     }
  47.     @Override
  48.     public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException {
  49.         String peerHost = this.conn.getRequestProperty("Host");
  50.         if (peerHost == null)
  51.             peerHost = host;
  52.         Log.i(TAG, "customized createSocket. host: " + peerHost);
  53.         InetAddress address = plainSocket.getInetAddress();
  54.         if (autoClose) {
  55.             // we don't need the plainSocket
  56.             plainSocket.close();
  57.         }
  58.         // create and connect SSL socket, but don't do hostname/certificate verification yet
  59.         SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0);
  60.         SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(address, port);
  62.         // enable TLSv1.1/1.2 if available
  63.         ssl.setEnabledProtocols(ssl.getSupportedProtocols());
  65.         // set up SNI before the handshake
  66.         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
  67.             Log.i(TAG, "Setting SNI hostname");
  68.             sslSocketFactory.setHostname(ssl, peerHost);
  69.         } else {
  70.             Log.d(TAG, "No documented SNI support on Android <4.2, trying with reflection");
  71.             try {
  72.                 java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class);
  73.                 setHostnameMethod.invoke(ssl, peerHost);
  74.             } catch (Exception e) {
  75.                 Log.w(TAG, "SNI not useable", e);
  76.             }
  77.         }
  79.         // verify hostname and certificate
  80.         SSLSession session = ssl.getSession();
  82.         if (!hostnameVerifier.verify(peerHost, session))
  83.             throw new SSLPeerUnverifiedException("Cannot verify hostname: " + peerHost);
  85.         Log.i(TAG, "Established " + session.getProtocol() + " connection with " + session.getPeerHost() +
  86.                 " using " + session.getCipherSuite());
  88.         return ssl;
  89.     }
  90. }

對於需要設置SNI的站點,通常需要重定向請求,示例中也給出了重定向請求的處理方法。

  1. public void recursiveRequest(String path, String reffer) {
  2.     URL url = null;
  3.     try {
  4.         url = new URL(path);
  5.         conn = (HttpsURLConnection) url.openConnection();
  6.         // 同步接口獲取IP
  7.         String ip = httpdns.getIpByHostAsync(url.getHost());
  8.         if (ip != null) {
  9.             // 通過HTTPDNS獲取IP成功,進行URL替換和HOST頭設置
  10.             Log.d(TAG, "Get IP: " + ip + " for host: " + url.getHost() + " from HTTPDNS successfully!");
  11.             String newUrl = path.replaceFirst(url.getHost(), ip);
  12.             conn = (HttpsURLConnection) new URL(newUrl).openConnection();
  13.             // 設置HTTP請求頭Host域
  14.             conn.setRequestProperty("Host", url.getHost());
  15.         }
  16.         conn.setConnectTimeout(30000);
  17.         conn.setReadTimeout(30000);
  18.         conn.setInstanceFollowRedirects(false);
  19.         TlsSniSocketFactory sslSocketFactory = new TlsSniSocketFactory(conn);
  20.         conn.setSSLSocketFactory(sslSocketFactory);
  21.         conn.setHostnameVerifier(new HostnameVerifier() {
  22.             /*
  23.              * 關於這個接口的說明,官方有文檔描述:
  24.              * This is an extended verification option that implementers can provide.
  25.              * It is to be used during a handshake if the URL's hostname does not match the
  26.              * peer's identification hostname.
  27.              *
  28.              * 使用HTTPDNS後URL裏設置的hostname不是遠程的主機名(如:m.taobao.com),與證書頒發的域不匹配,
  29.              * Android HttpsURLConnection提供了回調接口讓用戶來處理這種定製化場景。
  30.              * 在確認HTTPDNS返回的源站IP與Session攜帶的IP信息一致後,您可以在回調方法中將待驗證域名替換為原來的真實域名進行驗證。
  31.              *
  32.              */
  33.             @Override
  34.             public boolean verify(String hostname, SSLSession session) {
  35.                 String host = conn.getRequestProperty("Host");
  36.                 if (null == host) {
  37.                     host = conn.getURL().getHost();
  38.                 }
  39.                 return HttpsURLConnection.getDefaultHostnameVerifier().verify(host, session);
  40.             }
  41.         });
  42.         int code = conn.getResponseCode();// Network block
  43.         if (needRedirect(code)) {
  44.             //臨時重定向和永久重定向location的大小寫有區分
  45.             String location = conn.getHeaderField("Location");
  46.             if (location == null) {
  47.                 location = conn.getHeaderField("location");
  48.             }
  49.             if (!(location.startsWith("https://") || location
  50.                     .startsWith("https://"))) {
  51.                 //某些時候會省略host,隻返回後麵的path,所以需要補全url
  52.                 URL originalUrl = new URL(path);
  53.                 location = originalUrl.getProtocol() + "://"
  54.                         + originalUrl.getHost() + location;
  55.             }
  56.             recursiveRequest(location, path);
  57.         } else {
  58.             // redirect finish.
  59.             DataInputStream dis = new DataInputStream(conn.getInputStream());
  60.             int len;
  61.             byte[] buff = new byte[4096];
  62.             StringBuilder response = new StringBuilder();
  63.             while ((len = dis.read(buff)) != -1) {
  64.                 response.append(new String(buff, 0, len));
  65.             }
  66.             Log.d(TAG, "Response: " + response.toString());
  67.         }
  68.     } catch (MalformedURLException e) {
  69.         Log.w(TAG, "recursiveRequest MalformedURLException");
  70.     } catch (IOException e) {
  71.         Log.w(TAG, "recursiveRequest IOException");
  72.     } catch (Exception e) {
  73.         Log.w(TAG, "unknow exception");
  74.     } finally {
  75.         if (conn != null) {
  76.             conn.disconnect();
  77.         }
  78.     }
  79. }
  81. private boolean needRedirect(int code) {
  82.     return code >= 300 && code < 400;
  83. }

2.2 iOS示例

由於iOS係統並沒有提供設置SNI的上層接口(NSURLConnection/NSURLSession),因此在HTTPDNS iOS Demo Github中,我們使用NSURLProtocol攔截網絡請求,然後使用CFHTTPMessageRef創建NSInputStream實例進行Socket通信,並設置其kCFStreamSSLPeerName的值。

需要注意的是,使用NSURLProtocol攔截NSURLSession發起的POST請求時,HTTPBody為空。解決方案有兩個:

  1. 使用NSURLConnection發POST請求。
  2. 先將HTTPBody放入HTTP Header field中,然後在NSURLProtocol中再取出來,Demo中主要演示該方案。

部分代碼如下:

在網絡請求前注冊NSURLProtocol子類,在示例的SNIViewController.m中。

  1. // 注冊攔截請求的NSURLProtocol
  2. [NSURLProtocol registerClass:[CFHttpMessageURLProtocol class]];
  3. // 初始化HTTPDNS
  4. HttpDnsService *httpdns = [HttpDnsService sharedInstance];
  6. // 需要設置SNI的URL
  7. NSString *originalUrl = @"your url";
  8. NSURL *url = [NSURL URLWithString:originalUrl];
  9. self.request = [[NSMutableURLRequest alloc] initWithURL:url];
  10. NSString *ip = [httpdns getIpByHostAsync:url.host];
  11. // 通過HTTPDNS獲取IP成功,進行URL替換和HOST頭設置
  12. if (ip) {
  13.     NSLog(@"Get IP from HTTPDNS Successfully!");
  14.     NSRange hostFirstRange = [originalUrl rangeOfString:url.host];
  15.     if (NSNotFound != hostFirstRange.location) {
  16.         NSString *newUrl = [originalUrl stringByReplacingCharactersInRange:hostFirstRange withString:ip];
  17.         self.request.URL = [NSURL URLWithString:newUrl];
  18.         [_request setValue:url.host forHTTPHeaderField:@"host"];
  19.         }
  20. }
  22. // NSURLConnection例子
  23. [[NSURLConnection alloc] initWithRequest:_request delegate:self startImmediately:YES];
  25. // NSURLSession例子
  26. NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration defaultSessionConfiguration];
  27. NSArray *protocolArray = @[ [CFHttpMessageURLProtocol class] ];
  28. configuration.protocolClasses = protocolArray;
  29. NSURLSession *session = [NSURLSession sessionWithConfiguration:configuration delegate:self delegateQueue:[NSOperationQueue mainQueue]];
  30. NSURLSessionTask *task = [session dataTaskWithRequest:_request];
  31. [task resume];
  33. // 注*:使用NSURLProtocol攔截NSURLSession發起的POST請求時,HTTPBody為空。
  34. // 解決方案有兩個:1. 使用NSURLConnection發POST請求。
  35. // 2. 先將HTTPBody放入HTTP Header field中,然後在NSURLProtocol中再取出來。
  36. // 下麵主要演示第二種解決方案
  37. // NSString *postStr = [NSString stringWithFormat:@"param1=%@&param2=%@", @"val1", @"val2"];
  38. // [_request addValue:postStr forHTTPHeaderField:@"originalBody"];
  39. // _request.HTTPMethod = @"POST";
  40. // NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration defaultSessionConfiguration];
  41. // NSArray *protocolArray = @[ [CFHttpMessageURLProtocol class] ];
  42. // configuration.protocolClasses = protocolArray;
  43. // NSURLSession *session = [NSURLSession sessionWithConfiguration:configuration delegate:self delegateQueue:[NSOperationQueue mainQueue]];
  44. // NSURLSessionTask *task = [session dataTaskWithRequest:_request];
  45. // [task resume];

在NSURLProtocol子類中攔截網絡請求,在示例的CFHttpMessageURLProtocol.m中。

  1. + (BOOL)canInitWithRequest:(NSURLRequest *)request {
  3.     /* 防止無限循環,因為一個請求在被攔截處理過程中,也會發起一個請求,這樣又會走到這裏,如果不進行處理,就會造成無限循環 */
  4.     if ([NSURLProtocol propertyForKey:protocolKey inRequest:request]) {
  5.         return NO;
  6.     }
  8.     NSString *url = request.URL.absoluteString;
  10.     // 如果url以https開頭,則進行攔截處理,否則不處理
  11.     if ([url hasPrefix:@"https"]) {
  12.         return YES;
  13.     }
  14.     return NO;
  15. }

使用CFHTTPMessageRef創建NSInputStream,並設置kCFStreamSSLPeerName,重新發起請求。

  1. /**
  2.  * 開始加載,在該方法中,加載一個請求
  3.  */
  4. - (void)startLoading {
  5.     NSMutableURLRequest *request = [self.request mutableCopy];
  6.     // 表示該請求已經被處理,防止無限循環
  7.     [NSURLProtocol setProperty:@(YES) forKey:protocolKey inRequest:request];
  8.     curRequest = request;
  9.     [self startRequest];
  10. }
  12. /**
  13.  * 取消請求
  14.  */
  15. - (void)stopLoading {
  16.     if (inputStream.streamStatus == NSStreamStatusOpen) {
  17.         [inputStream removeFromRunLoop:curRunLoop forMode:NSRunLoopCommonModes];
  18.         [inputStream setDelegate:nil];
  19.         [inputStream close];
  20.     }
  21.     [self.client URLProtocol:self didFailWithError:[[NSError alloc] initWithDomain:@"stop loading" code:-1 userInfo:nil]];
  22. }
  24. /**
  25.  * 使用CFHTTPMessage轉發請求
  26.  */
  27. - (void)startRequest {
  28.     // 原請求的header信息
  29.     NSDictionary *headFields = curRequest.allHTTPHeaderFields;
  30.     // 添加http post請求所附帶的數據
  31.     CFStringRef requestBody = CFSTR("");
  32.     CFDataRef bodyData = CFStringCreateExternalRepresentation(kCFAllocatorDefault, requestBody, kCFStringEncodingUTF8, 0);
  33.     if (curRequest.HTTPBody) {
  34.         bodyData = (__bridge_retained CFDataRef) curRequest.HTTPBody;
  35.     } else if (headFields[@"originalBody"]) {
  36.         // 使用NSURLSession發POST請求時,將原始HTTPBody從header中取出
  37.         bodyData = (__bridge_retained CFDataRef) [headFields[@"originalBody"] dataUsingEncoding:NSUTF8StringEncoding];
  38.     }
  40.     CFStringRef url = (__bridge CFStringRef) [curRequest.URL absoluteString];
  41.     CFURLRef requestURL = CFURLCreateWithString(kCFAllocatorDefault, url, NULL);
  43.     // 原請求所使用的方法,GET或POST
  44.     CFStringRef requestMethod = (__bridge_retained CFStringRef) curRequest.HTTPMethod;
  46.     // 根據請求的url、方法、版本創建CFHTTPMessageRef對象
  47.     CFHTTPMessageRef cfrequest = CFHTTPMessageCreateRequest(kCFAllocatorDefault, requestMethod, requestURL, kCFHTTPVersion1_1);
  48.     CFHTTPMessageSetBody(cfrequest, bodyData);
  50.     // copy原請求的header信息
  51.     for (NSString *header in headFields) {
  52.         if (![header isEqualToString:@"originalBody"]) {
  53.             // 不包含POST請求時存放在header的body信息
  54.             CFStringRef requestHeader = (__bridge CFStringRef) header;
  55.             CFStringRef requestHeaderValue = (__bridge CFStringRef) [headFields valueForKey:header];
  56.             CFHTTPMessageSetHeaderFieldValue(cfrequest, requestHeader, requestHeaderValue);
  57.         }
  58.     }
  60.     // 創建CFHTTPMessage對象的輸入流
  61.     CFReadStreamRef readStream = CFReadStreamCreateForHTTPRequest(kCFAllocatorDefault, cfrequest);
  62.     inputStream = (__bridge_transfer NSInputStream *) readStream;
  64.     // 設置SNI host信息,關鍵步驟
  65.     NSString *host = [curRequest.allHTTPHeaderFields objectForKey:@"host"];
  66.     if (!host) {
  67.         host = curRequest.URL.host;
  68.     }
  69.     [inputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL forKey:NSStreamSocketSecurityLevelKey];
  70.     NSDictionary *sslProperties = [[NSDictionary alloc] initWithObjectsAndKeys:
  71.                                    host, (__bridge id) kCFStreamSSLPeerName,
  72.                                    nil];
  73.     [inputStream setProperty:sslProperties forKey:(__bridge_transfer NSString *) kCFStreamPropertySSLSettings];
  74.     [inputStream setDelegate:self];
  76.     if (!curRunLoop)
  77.         // 保存當前線程的runloop,這對於重定向的請求很關鍵
  78.         curRunLoop = [NSRunLoop currentRunLoop];
  79.     // 將請求放入當前runloop的事件隊列
  80.     [inputStream scheduleInRunLoop:curRunLoop forMode:NSRunLoopCommonModes];
  81.     [inputStream open];
  83.     CFRelease(cfrequest);
  84.     CFRelease(requestURL);
  85.     CFRelease(url);
  86.     cfrequest = NULL;
  87.     CFRelease(bodyData);
  88.     CFRelease(requestBody);
  89.     CFRelease(requestMethod);
  90. }

在NSStream的回調函數中,根據不同的eventCode通知原請求。此處eventCode主要有四種:

  1. NSStreamEventOpenCompleted:連接已打開。
  2. NSStreamEventHasBytesAvailable:響應頭部已下載完整,body中字節可讀。
  3. NSStreamEventErrorOccurred:連接發生錯誤。
  4. NSStreamEventEndEncountered:連接結束。
  1. - (void)stream:(NSStream *)aStream handleEvent:(NSStreamEvent)eventCode {
  2.     if (eventCode == NSStreamEventHasBytesAvailable) {
  3.         CFReadStreamRef readStream = (__bridge_retained CFReadStreamRef) aStream;
  4.         CFHTTPMessageRef message = (CFHTTPMessageRef) CFReadStreamCopyProperty(readStream, kCFStreamPropertyHTTPResponseHeader);
  5.         if (CFHTTPMessageIsHeaderComplete(message)) {
  6.             // 以防response的header信息不完整
  7.             UInt8 buffer[16 * 1024];
  8.             UInt8 *buf = NULL;
  9.             unsigned long length = 0;
  10.             NSInputStream *inputstream = (NSInputStream *) aStream;
  11.             NSNumber *alreadyAdded = objc_getAssociatedObject(aStream, kAnchorAlreadyAdded);
  12.             if (!alreadyAdded || ![alreadyAdded boolValue]) {
  13.                 objc_setAssociatedObject(aStream, kAnchorAlreadyAdded, [NSNumber numberWithBool:YES], OBJC_ASSOCIATION_COPY);
  14.                 // 通知client已收到response,隻通知一次
  15.                 NSDictionary *headDict = (__bridge NSDictionary *) (CFHTTPMessageCopyAllHeaderFields(message));
  16.                 CFStringRef httpVersion = CFHTTPMessageCopyVersion(message);
  17.                 // 獲取響應頭部的狀態碼
  18.                 CFIndex myErrCode = CFHTTPMessageGetResponseStatusCode(message);
  19.                 NSHTTPURLResponse *response = [[NSHTTPURLResponse alloc] initWithURL:curRequest.URL statusCode:myErrCode HTTPVersion:(__bridge NSString *) httpVersion headerFields:headDict];
  20.                 [self.client URLProtocol:self didReceiveResponse:response cacheStoragePolicy:NSURLCacheStorageNotAllowed];
  22.                 // 驗證證書
  23.                 SecTrustRef trust = (__bridge SecTrustRef) [aStream propertyForKey:(__bridge NSString *) kCFStreamPropertySSLPeerTrust];
  24.                 SecTrustResultType res = kSecTrustResultInvalid;
  25.                 NSMutableArray *policies = [NSMutableArray array];
  26.                 NSString *domain = [[curRequest allHTTPHeaderFields] valueForKey:@"host"];
  27.                 if (domain) {
  28.                     [policies addObject:(__bridge_transfer id) SecPolicyCreateSSL(true, (__bridge CFStringRef) domain)];
  29.                 } else {
  30.                     [policies addObject:(__bridge_transfer id) SecPolicyCreateBasicX509()];
  31.                 }
  32.                 /*
  33.                  * 綁定校驗策略到服務端的證書上
  34.                  */
  35.                 SecTrustSetPolicies(trust, (__bridge CFArrayRef) policies);
  36.                 if (SecTrustEvaluate(trust, &res) != errSecSuccess) {
  37.                     [aStream removeFromRunLoop:curRunLoop forMode:NSRunLoopCommonModes];
  38.                     [aStream setDelegate:nil];
  39.                     [aStream close];
  40.                     [self.client URLProtocol:self didFailWithError:[[NSError alloc] initWithDomain:@"can not evaluate the server trust" code:-1 userInfo:nil]];
  41.                 }
  42.                 if (res != kSecTrustResultProceed && res != kSecTrustResultUnspecified) {
  43.                     /* 證書驗證不通過,關閉input stream */
  44.                     [aStream removeFromRunLoop:curRunLoop forMode:NSRunLoopCommonModes];
  45.                     [aStream setDelegate:nil];
  46.                     [aStream close];
  47.                     [self.client URLProtocol:self didFailWithError:[[NSError alloc] initWithDomain:@"fail to evaluate the server trust" code:-1 userInfo:nil]];
  49.                 } else {
  50.                     // 證書通過,返回數據
  51.                     if (![inputstream getBuffer:&buf length:&length]) {
  52.                         NSInteger amount = [inputstream read:buffer maxLength:sizeof(buffer)];
  53.                         buf = buffer;
  54.                         length = amount;
  55.                     }
  56.                     NSData *data = [[NSData alloc] initWithBytes:buf length:length];
  58.                     [self.client URLProtocol:self didLoadData:data];
  59.                 }
  60.             } else {
  61.                 // 證書已驗證過,返回數據
  62.                 if (![inputstream getBuffer:&buf length:&length]) {
  63.                     NSInteger amount = [inputstream read:buffer maxLength:sizeof(buffer)];
  64.                     buf = buffer;
  65.                     length = amount;
  66.                 }
  67.                 NSData *data = [[NSData alloc] initWithBytes:buf length:length];
  69.                 [self.client URLProtocol:self didLoadData:data];
  70.             }
  71.         }
  72.     } else if (eventCode == NSStreamEventErrorOccurred) {
  73.         [aStream removeFromRunLoop:curRunLoop forMode:NSRunLoopCommonModes];
  74.         [aStream setDelegate:nil];
  75.         [aStream close];
  76.         // 通知client發生錯誤了
  77.         [self.client URLProtocol:self didFailWithError:[aStream streamError]];
  78.     } else if (eventCode == NSStreamEventEndEncountered) {
  79.         [self handleResponse];
  80.     }
  81. }
  82. - (void)handleResponse {
  83.     // 獲取響應頭部信息
  84.     CFReadStreamRef readStream = (__bridge_retained CFReadStreamRef) inputStream;
  85.     CFHTTPMessageRef message = (CFHTTPMessageRef) CFReadStreamCopyProperty(readStream, kCFStreamPropertyHTTPResponseHeader);
  86.     if (CFHTTPMessageIsHeaderComplete(message)) {
  87.         // 確保response頭部信息完整
  88.         NSDictionary *headDict = (__bridge NSDictionary *) (CFHTTPMessageCopyAllHeaderFields(message));
  90.         // 獲取響應頭部的狀態碼
  91.         CFIndex myErrCode = CFHTTPMessageGetResponseStatusCode(message);
  93.         // 把當前請求關閉
  94.         [inputStream removeFromRunLoop:curRunLoop forMode:NSRunLoopCommonModes];
  95.         [inputStream setDelegate:nil];
  96.         [inputStream close];
  98.         if (myErrCode >= 200 && myErrCode < 300) {
  100.             // 返回碼為2xx,直接通知client
  101.             [self.client URLProtocolDidFinishLoading:self];
  103.         } else if (myErrCode >= 300 && myErrCode < 400) {
  104.             // 返回碼為3xx,需要重定向請求,繼續訪問重定向頁麵
  105.             NSString *location = headDict[@"Location"];
  106.             NSURL *url = [[NSURL alloc] initWithString:location];
  107.             curRequest = [[NSMutableURLRequest alloc] initWithURL:url];
  109.             /***********重定向通知client處理或內部處理*************/
  110.             // client處理
  111.             // NSURLResponse* response = [[NSURLResponse alloc] initWithURL:curRequest.URL MIMEType:headDict[@"Content-Type"] expectedContentLength:[headDict[@"Content-Length"] integerValue] textEncodingName:@"UTF8"];
  112.             // [self.client URLProtocol:self wasRedirectedToRequest:curRequest redirectResponse:response];
  114.             // 內部處理,將url中的host通過HTTPDNS轉換為IP,不能在startLoading線程中進行同步網絡請求,會被阻塞
  115.             NSString *ip = [[HttpDnsService sharedInstance] getIpByHostAsync:url.host];
  116.             if (ip) {
  117.                 NSLog(@"Get IP from HTTPDNS Successfully!");
  118.                 NSRange hostFirstRange = [location rangeOfString:url.host];
  119.                 if (NSNotFound != hostFirstRange.location) {
  120.                     NSString *newUrl = [location stringByReplacingCharactersInRange:hostFirstRange withString:ip];
  121.                     curRequest = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:newUrl]];
  122.                     [curRequest setValue:url.host forHTTPHeaderField:@"host"];
  123.                 }
  124.             }
  125.             [self startRequest];
  126.         } else {
  127.             // 其他情況,直接返回響應信息給client
  128.             [self.client URLProtocolDidFinishLoading:self];
  129.         }
  130.     } else {
  131.         // 頭部信息不完整,關閉inputstream,通知client
  132.         [inputStream removeFromRunLoop:curRunLoop forMode:NSRunLoopCommonModes];
  133.         [inputStream setDelegate:nil];
  134.         [inputStream close];
  135.         [self.client URLProtocolDidFinishLoading:self];
  136.     }
  137. }

立即試用HTTPDNS服務,點擊此處

最後更新:2016-11-23 16:04:14

  上一篇:go HTTPDNS域名解析場景下如何使用Cookie?__最佳實踐_HTTPDNS-阿裏雲
  下一篇:go 金融雲特性__金融雲介紹_金融雲-阿裏雲