{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 冷血范 的问题《Certificate pinning in Alamofire》','https://www.manongdao.com/q-1335581.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am creating an iPad app that accesses HTTPS web services. I want to implement pinning, but am having issues.
This class creates the Alamofire Manager (mostly taken from documentation):
class NetworkManager {
var manager: Manager?
init() {
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"www.google.co.uk": .PinCertificates(
certificates: ServerTrustPolicy.certificatesInBundle(),
validateCertificateChain: true,
validateHost: true
),
"insecure.expired-apis.com": .DisableEvaluation
]
manager = Alamofire.Manager(
configuration: NSURLSessionConfiguration.defaultSessionConfiguration(),
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
}
}
This function makes the call:
static let networkManager = NetworkManager()
public static func testPinning() {
networkManager.manager!.request(.GET, "https://www.google.co.uk").response { response in
if response.1 != nil {
print("Success")
print(response.1)
print(response.1?.statusCode)
} else {
print("Error")
print(response.3)
}
}
}
The certificate is saved in the project and shows under 'Targets > Build Phases > Copy Bundle Resources'.
I am currently receiving the following error every time I make the request (from the else block in testPinning()):
Optional(Error Domain=NSURLErrorDomain Code=-999 "cancelled" UserInfo={NSErrorFailingURLKey=https://www.google.co.uk/, NSLocalizedDescription=cancelled, NSErrorFailingURLStringKey=https://www.google.co.uk/})
So, the issue was that the certificate was saved in the wrong format.
ServerTrustPolicy.certificatesInBundle()finds all certificates in the bundle based on a list of extensions, then tries to load them usingSecCertificateCreateWithData. Per its documentation, this function:When you export a certificate in Firefox, you have a "format" pop-up at the bottom of the file browser. Select "X.509 Certificate (DER)", and you should get a certificate in the right format for this purpose.
First, you need to download the certificate. The best way is to download the certificate on the Firefox browser.
Step 1
Go to your webpage/ API and click the lock icon to get a certificate.
Step 2
Click View Certificate
Step 3
Click Certificate Fields tab's first section and click export
Step 4
Select the Format:- DER
Step 5
Drag and drop the file into your XCode Project
Step 6
Add Certificate under 'Targets > Build Phases > Copy Bundle Resources'
Step 7
Add Network Manager File. Replace your URL with google.com
Step 8
Add a file to get the session manager
Step 9
Use this session manager on Alamofire eg:-