证书固定在 swift 3/Alamofire 4 中停止工作？答案

【问题标题】：Certificate pinning stopped working in swift 3/Alamofire 4?证书固定在 swift 3/Alamofire 4 中停止工作？
【发布时间】：2017-12-06 07:10:02
【问题描述】：

证书固定似乎在 Alamofire 4 和 Swift 3 中停止工作

这是我的代码

let pathToCert = Bundle.main.path(forResource: "certificate", ofType: "der")
let localCertificate = NSData(contentsOfFile: pathToCert!)!

 let serverTrustPolicy = ServerTrustPolicy.pinCertificates(
            certificates: [SecCertificateCreateWithData(nil, localCertificate)!],
            validateCertificateChain: true,
            validateHost: true
        )

let myServer = "...". //string in format without https://
let serverTrustPolicies = [
            myServer: serverTrustPolicy
        ]

afManager = SessionManager(
            serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
        )

    afManager.request("https://www.google.co.uk", method: .get).response { response in
                //I get status code 200 here, which should NOT happen
                log.info(response)
            }

证书加载正确，这是证书

certificate printed inside console

我的问题是我似乎收到了来自我的域和任何其他域的状态代码200。

我不应该收到来自其他域

的 200

有人告诉我，在 swift 3 / alamofire 4 中不应以这种方式实现 SSL 证书固定，这是真的吗？

另外，证书有问题吗？

附：我也试过这段代码，但也没有运气:(((

let serverTrustPolicies = [
        "*.mydomain.com": serverTrustPolicy
    ]

【问题讨论】：

github.com/antekarin/ssl-pinning-swift 试试这个例子
@BHAVIKPANCHAL 对你有用吗？
是的，这对我有用
@BHAVIKPANCHAL 其他域是否被阻止？对于其他域，您会得到什么响应？
你得到的回应能告诉我吗？所以我会帮你的。

标签： ios swift ssl-certificate alamofire

【解决方案1】：

let hostname = "YOUR_HOST_NAME"
let endpoint = "YOUR_ENDPOINT"
let cert = "YOUR_CERT" // e.g. for cert.der, this should just be "cert"

// Set up certificates
let pathToCert = Bundle.main.path(forResource: cert, ofType: "der")
let localCertificate = NSData(contentsOfFile: pathToCert!)
let certificates = [SecCertificateCreateWithData(nil, localCertificate!)!]

// Configure the trust policy manager
let serverTrustPolicy = ServerTrustPolicy.pinCertificates(
    certificates: certificates,
    validateCertificateChain: true,
    validateHost: true
)    
let serverTrustPolicies = [hostname: serverTrustPolicy]
let serverTrustPolicyManager = ServerTrustPolicyManager(policies: serverTrustPolicies)

// Configure session manager with trust policy
afManager = SessionManager(
    configuration: URLSessionConfiguration.default,
    serverTrustPolicyManager: serverTrustPolicyManager
)


afManager.request(endpoint, method: .get).responseJSON { response in
    debugPrint("All Response Info: \(response)")
}

【讨论】：

如果我提出这个请求：afManager.request("google.co.uk", method: .get)，我仍然得到状态码 200，这是不好的。 :(