Alamofire-安全认证
2019-08-27 本文已影响0人
Code_人生
一、问题探索
SessionManager.default.request(urlString).response { (defaultResponse) in
print(defaultResponse)
}
-
if let taskDidReceiveChallenge = taskDidReceiveChallenge {},用户实现了,执行用户实现的;用户没实现,执行系统实现的
//SessionDelegate
extension SessionDelegate: URLSessionTaskDelegate {
open func urlSession(
_ session: URLSession,
task: URLSessionTask,
didReceive challenge: URLAuthenticationChallenge,
completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void)
{
guard taskDidReceiveChallengeWithCompletion == nil else {
taskDidReceiveChallengeWithCompletion?(session, task, challenge, completionHandler)
return
}
if let taskDidReceiveChallenge = taskDidReceiveChallenge {
let result = taskDidReceiveChallenge(session, task, challenge)
completionHandler(result.0, result.1)
} else if let delegate = self[task]?.delegate {
delegate.urlSession(
session,
task: task,
didReceive: challenge,
completionHandler: completionHandler
)
} else {
urlSession(session, didReceive: challenge, completionHandler: completionHandler)
}
}
}
serverTrustPolicy = session.serverTrustPolicyManager?.serverTrustPolicy(forHost: host)serverTrust = challenge.protectionSpace.serverTrust
//TaskDelegate
@objc(URLSession:task:didReceiveChallenge:completionHandler:)
func urlSession(
_ session: URLSession,
task: URLSessionTask,
didReceive challenge: URLAuthenticationChallenge,
completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void)
{
var disposition: URLSession.AuthChallengeDisposition = .performDefaultHandling
var credential: URLCredential?
if let taskDidReceiveChallenge = taskDidReceiveChallenge {
(disposition, credential) = taskDidReceiveChallenge(session, task, challenge)
} else if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
let host = challenge.protectionSpace.host
if
let serverTrustPolicy = session.serverTrustPolicyManager?.serverTrustPolicy(forHost: host),
let serverTrust = challenge.protectionSpace.serverTrust
{
if serverTrustPolicy.evaluate(serverTrust, forHost: host) {
disposition = .useCredential
credential = URLCredential(trust: serverTrust)
} else {
disposition = .cancelAuthenticationChallenge
}
}
} else {
if challenge.previousFailureCount > 0 {
disposition = .rejectProtectionSpace
} else {
credential = self.credential ?? session.configuration.urlCredentialStorage?.defaultCredential(for: challenge.protectionSpace)
if credential != nil {
disposition = .useCredential
}
}
}
completionHandler(disposition, credential)
}
二、添加认证
self.sessionManager = trustSessionManager()
self.sessionManager?.request(urlString).response { (defaultResponse) in
print(defaultResponse)
}
-
pinPublicKeys(publicKeys: [SecKey], validateCertificateChain: Bool, validateHost: Bool)验证证书-
ServerTrustPolicy.certificates()Alamofire提供的方法,默认Bundle.main -
ServerTrustPolicy.certificates(in: Bundle)Alamofire提供的方法,自己添加证书路径 -
validateCertificateChain验证证书链 -
validateHost验证域名地址
-
-
pinPublicKeys(publicKeys: [SecKey], validateCertificateChain: Bool, validateHost: Bool)只验证公钥 -
disableEvaluation不用验证 -
performDefaultEvaluation(validateHost: Bool)默认的策略,只有合法证书才能通过验证 -
performRevokedEvaluation(validateHost: Bool, revocationFlags: CFOptionFlags)对注销证书做的一种额外设置 -
customEvaluation((_ serverTrust: SecTrust, _ host: String) -> Bool)自定义验证,需要返回一个布尔类型的结果
func trustSessionManager() -> SessionManager{
let serverTrustPlolicies:[String: ServerTrustPolicy] = [
// hostUrl: .pinCertificates(
// certificates: ServerTrustPolicy.certificates(),
// validateCertificateChain: true, //验证证书链
// validateHost: true //验证域名地址
// ) //验证证书
// hostUrl: .disableEvaluation //不用验证
hostUrl: .pinPublicKeys(publicKeys: ServerTrustPolicy.publicKeys(), validateCertificateChain: true, validateHost: true) //只验证公钥
]
let sessionManger = SessionManager(serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPlolicies))
return sessionManger
}
