Alamofire,ssl 固定在子域地址上
Alamofire, ssl pinning on subdomain address
我目前能够在我的 IOS 应用程序上使用 Alamofire 和 SSL 固定登录我公司的网站。
但是我无法登录我网站的子域。
我的代码中是否缺少任何能够与我的子域建立 SSL 通信的特殊配置?
- 我在应用程序包中添加了证书文件 .cer
- 创建 [SecCertificate]
func loadcertificate()->[SecCertificate]{
guard let pathToCert = Bundle.main.path(forResource: "amua", ofType: "cer") else {fatalError("can not find")}
guard let localCertificate = NSData(contentsOfFile: pathToCert) else {fatalError("can not load")}
guard let cert = SecCertificateCreateWithData(nil, localCertificate) else {fatalError("can not read cert")}
return [cert]
}
- 创建 Alamofire 会话和连接请求:
func connection() {
sessionManager = Session(configuration: URLSessionConfiguration.default)
let evaluator = PinnedCertificatesTrustEvaluator(certificates: loadcertificate(),
acceptSelfSignedCertificates: false,
performDefaultValidation: true,
validateHost: true)
let ServerTrustManager = ServerTrustManager(allHostsMustBeEvaluated: false,
evaluators:
["airmacau.com.mo" : evaluator])
sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: ServerTrustManager)
sessionManager?.request("https://icrew.airmacau.com.mo", method: .get, encoding: URLEncoding.default)
.response { response in
if let st = response.data {
let str = String(decoding: st, as: UTF8.self)
do {
print("OK")
let doc: Document = try SwiftSoup.parse(str)
print(doc)
}catch let err {
print("ERRORE .get icrew")
print(err.localizedDescription)
}
}
}
}
}
如果我连接到主网站地址https://www.airmacau.com.mo all work fine, if I connect to the subdomain https://icrew.airmacau.com.mo,连接失败,我得到错误HANDSHAKE_FAILURE
class WildcardServerTrustPolicyManager: ServerTrustManager {
override func serverTrustEvaluator(forHost host: String) throws -> ServerTrustEvaluating? {
if let policy = evaluators[host] {
return policy
}
var domainComponents = host.split(separator: ".")
if domainComponents.count > 2 {
domainComponents[0] = "*"
let wildcardHost = domainComponents.joined(separator: ".")
return evaluators[wildcardHost]
}
return nil
}
}
实施:
let evaluators: [String: ServerTrustEvaluating] = [
"*.airmacau.com.mo": evaluator
]
let manager = WildcardServerTrustPolicyManager(evaluators: evaluators)
会话管理器配置:
sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: manager)
我目前能够在我的 IOS 应用程序上使用 Alamofire 和 SSL 固定登录我公司的网站。
但是我无法登录我网站的子域。 我的代码中是否缺少任何能够与我的子域建立 SSL 通信的特殊配置?
- 我在应用程序包中添加了证书文件 .cer
- 创建 [SecCertificate]
func loadcertificate()->[SecCertificate]{
guard let pathToCert = Bundle.main.path(forResource: "amua", ofType: "cer") else {fatalError("can not find")}
guard let localCertificate = NSData(contentsOfFile: pathToCert) else {fatalError("can not load")}
guard let cert = SecCertificateCreateWithData(nil, localCertificate) else {fatalError("can not read cert")}
return [cert]
}
- 创建 Alamofire 会话和连接请求:
func connection() {
sessionManager = Session(configuration: URLSessionConfiguration.default)
let evaluator = PinnedCertificatesTrustEvaluator(certificates: loadcertificate(),
acceptSelfSignedCertificates: false,
performDefaultValidation: true,
validateHost: true)
let ServerTrustManager = ServerTrustManager(allHostsMustBeEvaluated: false,
evaluators:
["airmacau.com.mo" : evaluator])
sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: ServerTrustManager)
sessionManager?.request("https://icrew.airmacau.com.mo", method: .get, encoding: URLEncoding.default)
.response { response in
if let st = response.data {
let str = String(decoding: st, as: UTF8.self)
do {
print("OK")
let doc: Document = try SwiftSoup.parse(str)
print(doc)
}catch let err {
print("ERRORE .get icrew")
print(err.localizedDescription)
}
}
}
}
}
如果我连接到主网站地址https://www.airmacau.com.mo all work fine, if I connect to the subdomain https://icrew.airmacau.com.mo,连接失败,我得到错误HANDSHAKE_FAILURE
class WildcardServerTrustPolicyManager: ServerTrustManager {
override func serverTrustEvaluator(forHost host: String) throws -> ServerTrustEvaluating? {
if let policy = evaluators[host] {
return policy
}
var domainComponents = host.split(separator: ".")
if domainComponents.count > 2 {
domainComponents[0] = "*"
let wildcardHost = domainComponents.joined(separator: ".")
return evaluators[wildcardHost]
}
return nil
}
}
实施:
let evaluators: [String: ServerTrustEvaluating] = [
"*.airmacau.com.mo": evaluator
]
let manager = WildcardServerTrustPolicyManager(evaluators: evaluators)
会话管理器配置:
sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: manager)