在 Alamofire 上使用 DisableEvaluation 信任无效证书

Posted 2023-02-24

【中文标题】在 Alamofire 上使用 DisableEvaluation 信任无效证书

【英文标题】：Trust Invalid Certificate with DisableEvaluation on Alamofire

【发布时间】：2018-11-16 10:22:53

【问题描述】：

我需要访问具有无效证书和基本身份验证的 API。当我搜索时，我需要编写自定义 SessionManager 并向 plist 文件添加一个值。经过几天的搜索和大量帖子，我仍然无法访问 API。

struct CustomManagerClass

static let instance = CustomManagerClass()
var sessionManager : SessionManager = 

    let serverTrustPolicies: [String: ServerTrustPolicy] = [
        "baseurl.com:8443": .disableEvaluation
    ]

    // Create custom manager
    let configuration = URLSessionConfiguration.default
    configuration.httpAdditionalHeaders = Alamofire.SessionManager.defaultHTTPHeaders
    let manager = Alamofire.SessionManager(
        configuration: configuration,
        serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
    )

    return manager
()

Plist 文件：

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
    <key>baseurl.com</key>
    <dict>
        <key>NSTemporaryExceptionMinimumTLSVersion</key>
        <string>TLSv1.2</string>
        <key>NSIncludesSubdomains</key>
        <true/>
        <key>NSExceptionRequiresForwardSecrecy</key>
        <false/>
        <key>NSExceptionAllowsInsecureHTTPLoads</key>
        <true/>
    </dict>
</dict>

我怎么称呼它：

CustomManagerClass.instance.sessionManager.request(route).responseJSON(completionHandler:  (result) in
        completion(result)
    ) //Route in here is a ServiceConfiguration class which defines http method, parameters and basic auth.

它仍然返回；

任务 . 完成错误 - 代码：-1202 此服务器的证书无效。您可能正在连接到伪装成“baseurl.com”的服务器，这可能会使您的机密信息面临风险。

我得到帮助的帖子： Certificate Invalid Issue with Alamofire 4.0

How to use Alamofires ServerTrustPolicy.disableEvaluation in swift 3

编辑：我将以下代码添加到信任证书。现在它返回 HTTP 500

 CustomManagerClass.instance.sessionManager.delegate.sessionDidReceiveChallenge =  session, challenge in
        var disposition: URLSession.AuthChallengeDisposition = .performDefaultHandling
        var credential: URLCredential?

        print("received challenge")

        if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust 
            disposition = URLSession.AuthChallengeDisposition.useCredential
            credential = URLCredential(trust: challenge.protectionSpace.serverTrust!)
         else 
            if challenge.previousFailureCount > 0 
                disposition = .cancelAuthenticationChallenge
             else 
                credential = CustomManagerClass.instance.sessionManager.session.configuration.urlCredentialStorage?.defaultCredential(for: challenge.protectionSpace)

                if credential != nil 
                    disposition = .useCredential
                
            
        

        return (disposition, credential)
    

【参考方案1】：

我建议为 SessionManager 委托上的 sessionDidReceiveChallenge 事件添加此处理程序。

let challengeHandler: ((URLSession, URLAuthenticationChallenge) -> (URLSession.AuthChallengeDisposition, URLCredential?))? =  result, challenge in
    return (.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))

然后在您以这种方式初始化manager 对象时分配闭包。

manager.delegate.sessionDidReceiveChallenge = challengeHandler

此外，serverTrustPolicies 可以为空，因为处理程序将忽略它将收到的所有信任挑战。