有没有人看到用指纹而不是公钥固定Alamofire的方法?
Has anyone seen a way to do pinning with Alamofire with the fingerprint instead of the public key?
对不起,如果已经回答了,我还没有看到
Sorry if this has been answered, I haven't seen it anywhere.
谢谢
推荐答案这最终很简单。下面的代码可能并不完美,我的真实代码正在做一些附加检查,但这只是其中的大部分。
This ended up being pretty straight forward. The code below might not be perfect, my real code is doing some addtional checks, but this is most of it.
.SHA1Fingerprint是SecCertificate上的扩展方法,可将其复制到NSData中,然后将其转换为SHA1。我使用RNCryptor来做到这一点,但是您可以这样做。
The .SHA1Fingerprint is an extension method on SecCertificate that copies it into NSData and then converts it to a SHA1. I use RNCryptor to do that, but you can do it however.
isValidFingerprint只是将结果与我的每个已知指纹进行比较。
The isValidFingerprint just compares the result to each of my known fingerprint(s).
这一切都挂起了我的静态Alamofire.Manager。
This all hangs off my static Alamofire.Manager.
manager.delegate.sessionDidReceiveChallenge = { session, challenge in var disposition: NSURLSessionAuthChallengeDisposition = .PerformDefaultHandling var credential: NSURLCredential? if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust { let host = challenge.protectionSpace.host if let serverTrust = challenge.protectionSpace.serverTrust { let serverTrustPolicy = ServerTrustPolicy.PerformDefaultEvaluation(validateHost: true) if serverTrustPolicy.evaluateServerTrust(serverTrust, isValidForHost: host) { disposition = .UseCredential credential = NSURLCredential(forTrust: serverTrust) } else { disposition = .CancelAuthenticationChallenge return (disposition, credential) } for index in 0..<SecTrustGetCertificateCount(serverTrust) { if let certificate = SecTrustGetCertificateAtIndex(serverTrust, index) { if let fingerPrint = certificate.SHA1Fingerprint { if isValidFingerprint(fingerPrint) { return (disposition, credential) } } } } } } disposition = .CancelAuthenticationChallenge return (disposition, credential) }更多推荐
在Alamofire中使用指纹进行SSL固定
发布评论