我正在创建一个访问HTTPS Web服务的iPad应用。我想实现固定,但是遇到了问题。
I am creating an iPad app that accesses HTTPS web services. I want to implement pinning, but am having issues.
该类创建Alamofire管理器(大部分取自文档):
This class creates the Alamofire Manager (mostly taken from documentation):
class NetworkManager { var manager: Manager? init() { let serverTrustPolicies: [String: ServerTrustPolicy] = [ "www.google.co.uk": .PinCertificates( certificates: ServerTrustPolicy.certificatesInBundle(), validateCertificateChain: true, validateHost: true ), "insecure.expired-apis": .DisableEvaluation ] manager = Alamofire.Manager( configuration: NSURLSessionConfiguration.defaultSessionConfiguration(), serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies) ) } }此函数进行调用:
static let networkManager = NetworkManager() public static func testPinning() { networkManager.manager!.request(.GET, "www.google.co.uk").response { response in if response.1 != nil { print("Success") print(response.1) print(response.1?.statusCode) } else { print("Error") print(response.3) } } }证书已保存在项目中,并显示在目标>构建阶段>复制捆绑资源下。
The certificate is saved in the project and shows under 'Targets > Build Phases > Copy Bundle Resources'.
我每次发出请求时都收到以下错误(来自 testPinning()中的else块) >):
I am currently receiving the following error every time I make the request (from the else block in testPinning()):
Optional(Error Domain=NSURLErrorDomain Code=-999 "cancelled" UserInfo={NSErrorFailingURLKey=www.google.co.uk/, NSLocalizedDescription=cancelled, NSErrorFailingURLStringKey=www.google.co.uk/})推荐答案
因此,问题在于证书以错误的格式保存。
So, the issue was that the certificate was saved in the wrong format.
ServerTrustPolicy.certificatesIn Bundle()根据扩展列表查找捆绑中的所有证书,然后尝试使用 SecCertificateCreateWithData 加载它们。根据其文档,此函数:
ServerTrustPolicy.certificatesInBundle() finds all certificates in the bundle based on a list of extensions, then tries to load them using SecCertificateCreateWithData. Per its documentation, this function:
如果在data参数中传递的数据不是有效的 DER编码,则返回NULL X.509证书
Returns NULL if the data passed in the data parameter is not a valid DER-encoded X.509 certificate
在Firefox中导出证书时,文件底部会弹出格式浏览器。选择 X.509证书(DER),您将为此获得正确格式的证书。
When you export a certificate in Firefox, you have a "format" pop-up at the bottom of the file browser. Select "X.509 Certificate (DER)", and you should get a certificate in the right format for this purpose.
更多推荐
证书固定在Alamofire中
发布评论