问题描述
我目前可以使用 Alamofire 和 SSL 固定在我的 IOS 应用程序上登录我的公司网站。
但是我无法登录到我网站的子域。 我的代码中是否缺少任何特殊配置,以便能够与我的子域建立 SSL 通信?
func loadcertificate()->[SecCertificate]{
guard let pathToCert = Bundle.main.path(forResource: "amua",ofType: "cer") else {fatalError("can not find")}
guard let localCertificate = NSData(contentsOfFile: pathToCert) else {fatalError("can not load")}
guard let cert = SecCertificateCreateWithData(nil,localCertificate) else {fatalError("can not read cert")}
return [cert]
}
- 创建 Alamofire 会话和连接请求:
func connection() {
sessionManager = Session(configuration: URLSessionConfiguration.default)
let evaluator = PinnedCertificatesTrustEvaluator(certificates: loadcertificate(),acceptSelfSignedCertificates: false,performDefaultValidation: true,validateHost: true)
let ServerTrustManager = ServerTrustManager(allHostsMustBeEvaluated: false,evaluators:
["airmacau.com.mo" : evaluator])
sessionManager = Session(configuration: URLSessionConfiguration.default,delegate: SessionDelegate(),serverTrustManager: ServerTrustManager)
sessionManager?.request("https://icrew.airmacau.com.mo",method: .get,encoding: URLEncoding.default)
.response { response in
if let st = response.data {
let str = String(decoding: st,as: UTF8.self)
do {
print("OK")
let doc: Document = try SwiftSoup.parse(str)
print(doc)
}catch let err {
print("ERRORE .get icrew")
print(err.localizedDescription)
}
}
}
}
}
如果我连接到主网站地址 https://www.airmacau.com.mo 一切正常,如果我连接到子域 https://icrew.airmacau.com.mo 连接失败,我收到错误 HANDSHAKE_FAILURE
解决方法
class WildcardServerTrustPolicyManager: ServerTrustManager {
override func serverTrustEvaluator(forHost host: String) throws -> ServerTrustEvaluating? {
if let policy = evaluators[host] {
return policy
}
var domainComponents = host.split(separator: ".")
if domainComponents.count > 2 {
domainComponents[0] = "*"
let wildcardHost = domainComponents.joined(separator: ".")
return evaluators[wildcardHost]
}
return nil
}
}
实施:
let evaluators: [String: ServerTrustEvaluating] = [
"*.airmacau.com.mo": evaluator
]
let manager = WildcardServerTrustPolicyManager(evaluators: evaluators)
会话管理器配置:
sessionManager = Session(configuration: URLSessionConfiguration.default,delegate: SessionDelegate(),serverTrustManager: manager)