替换 iOS 15 中已弃用的 `SecTrustGetCertificateAtIndex`？

Question

我在 iOS 15 SDK 中收到了弃用警告，但建议的替换不是一对一的替换。这是我用于评估 SSL 信任链的内容：

func valid(_ trust: SecTrust, forHost host: String) -> Bool {
    guard valid(trust, for: [SecPolicyCreateSSL(true, nil)]),
        valid(trust, for: [SecPolicyCreateSSL(true, host as CFString)]) else {
            return false
    }

    let serverCertificatesData = Set(
        (0..<SecTrustGetCertificateCount(trust))
            .compactMap { SecTrustGetCertificateAtIndex(trust, $0) }
            .map { SecCertificateCopyData($0) as Data }
    )

    let pinnedCertificatesData = Set(
        certificates.map { SecCertificateCopyData($0) as Data }
    )

    return !serverCertificatesData.isDisjoint(with: pinnedCertificatesData)
}

我在 Xcode 13 beta 中收到的警告是：

'SecTrustGetCertificateAtIndex' was deprecated in iOS 15.0: renamed to 'SecTrustCopyCertificateChain(_:)'. 
Use 'SecTrustCopyCertificateChain(_:)' instead.

但是，SecTrustGetCertificateAtIndex (docs) 返回 SecCertificate，其中 SecTrustCopyCertificateChain (docs) 返回 CFArray。如何在我提供的用法中正确更新？

Answer 1

iOS 14.5 => iOS 15 SDK Diff 表示只有这些（Xcode 13 Beta 1）

SecBase.h
Added errSecInvalidCRLAuthority
Added errSecInvalidTupleCredentials
Added errSecCertificateDuplicateExtension

SecTrust.h
Added SecTrustCopyCertificateChain()

他们没有向SecCertificate 添加任何新的同级类型。正如您已经注意到的，它返回一个CFArray。

func SecTrustCopyCertificateChain(_ trust: SecTrust) -> CFArray?

所以对于这部分代码 -

let serverCertificatesData = Set(
    (0..<SecTrustGetCertificateCount(trust))
        .compactMap { SecTrustGetCertificateAtIndex(trust, $0) }
        .map { SecCertificateCopyData($0) as Data }
)

SecTrustCopyCertificateChain 可能会返回 CFArray 的 SecCertificate 实例似乎值得一试？不幸的是，我现在无法调试它。

也许可以试试这样 -

if let certificates = SecTrustCopyCertificateChain(trust) as? [SecCertificate] {
    let serverCertificatesData = Set(
        certificates.map { SecCertificateCopyData($0) as Data }
    )
}