ios - certificateInBundle 不附加自签名证书
<p><p>在我的情况下,使用便捷方法 <code>ServerTrustPolicy.certificatesInBundle()</code> 似乎无法正常工作</p>
<pre><code>// MARK: - Bundle Location
/**
Returns all certificates within the given bundle with a `.cer` file extension.
- parameter bundle: The bundle to search for all `.cer` files.
- returns: All certificates within the given bundle.
*/
public static func certificatesInBundle(bundle: NSBundle = NSBundle.mainBundle()) -> {
var certificates: = []
let paths = Set([".cer", ".CER", ".crt", ".CRT", ".der", ".DER"].map { fileExtension in
bundle.pathsForResourcesOfType(fileExtension, inDirectory: nil)
}.flatten())
for path in paths {
if let
certificateData = NSData(contentsOfFile: path), // <-- we get the data of the certificate in bundle
certificate = SecCertificateCreateWithData(nil, certificateData)// <-- The problem is here, the certificate is not set neither errors.
{
certificates.append(certificate)// <-- this doesn't run
}
}
return certificates
}
</code></pre>
<p>可能与自签名证书的格式有关。我完全使用了这篇博文中的#tip 5。 <a href="https://blog.httpwatch.com/2013/12/12/five-tips-for-using-self-signed-ssl-certificates-with-ios/" rel="noreferrer noopener nofollow">Five Tips for Using Self Signed SSL Certificates with iOS</a> </p>
<p>问题是 <code>SecCertificateCreateWithData</code> 方法的限制是什么,可以接受哪些证书格式?更好的是,我可以在哪里阅读有关此特定问题的更多信息。</p>
<p>我的代码似乎是正确的,没什么特别的,可能是最常用的片段之一:P </p>
<pre><code>let defaultManager:Alamofire.Manager = {
let serverTrustPolicies: = [
"localhost": .PinCertificates(
certificates: ServerTrustPolicy.certificatesInBundle(),
validateCertificateChain: true,
validateHost: true
)
]
let configuration = NSURLSessionConfiguration.ephemeralSessionConfiguration()
configuration.HTTPAdditionalHeaders = Alamofire.Manager.defaultHTTPHeaders
return Alamofire.Manager(
configuration: configuration,
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
}()
</code></pre></p>
<br><hr><h1><strong>Best Answer-推荐答案</ strong></h1><br>
<p><p>SecCertificateCreateWithData 返回 nil 的最可能原因是该文件是 PEM 而不是 DER 格式。 </p>
<p>根据 <a href="https://developer.apple.com/library/mac/documentation/Security/Reference/certifkeytrustservices/#//apple_ref/c/func/SecCertificateCreateWithData" rel="noreferrer noopener nofollow">documentation</a> , 数据应包含 </p>
<blockquote>
<p>A DER (Distinguished Encoding Rules) representation of an X.509
certificate</p>
</blockquote>
<p>如果您的数据以“-----BEGIN...”开头,则格式错误。 PEM 可以使用 OpenSSL 转换为 DER(反之亦然) - 这是一个方便的引用 <a href="https://www.sslshopper.com/article-most-common-openssl-commands.html" rel="noreferrer noopener nofollow">https://www.sslshopper.com/article-most-common-openssl-commands.html</a> .</p>
<p>此外,如果是自签名证书(由“localhost”判断),<code>validateCertificateChain</code> 属性应为 false。否则请求将失败并返回“cancelled” NSError。</p>
<p>此外,从 iOS9 开始,应将 App Transport Security 设置设置为允许任意加载(在 Info.plist 中)。这是唯一允许您的应用评估自签名证书的设置。没有它,Alamofire 信任策略机制将无法发挥作用。</p></p>
<p style="font-size: 20px;">关于ios - certificateInBundle 不附加自签名证书,我们在Stack Overflow上找到一个类似的问题:
<a href="https://stackoverflow.com/questions/34630539/" rel="noreferrer noopener nofollow" style="color: red;">
https://stackoverflow.com/questions/34630539/
</a>
</p>
页:
[1]