如何在Swift中使用自己的锚证书实现`URLSession:didReceiveChallenge:completionHandler:`?
我想使用NSURLSession在Swift中实现一个客户端,它使用HTTPS访问自己的公司服务器。此服务器证书有效,但由公司CA签署如何在Swift中使用自己的锚证书实现`URLSession:didReceiveChallenge:completionHandler:`?,swift,authentication,swift2,ssl-certificate,Swift,Authentication,Swift2,Ssl Certificate,我想使用NSURLSession在Swift中实现一个客户端,它使用HTTPS访问自己的公司服务器。此服务器证书有效,但由公司CA签署 如何在Swift中正确实现URLSession:didReceiveChallenge:completionHandler:?首先,您必须将CA证书转换为DER格式,并将其作为捆绑资源添加到您的项目中。在本例中,此文件称为company\u ca.der 接下来,为类中的CA证书准备一个具有数组的属性: private var anchorCertificate
如何在Swift中正确实现
URLSession:didReceiveChallenge:completionHandler:
?首先,您必须将CA证书转换为DER格式,并将其作为捆绑资源添加到您的项目中。在本例中,此文件称为company\u ca.der
接下来,为类中的CA证书准备一个具有数组的属性:
private var anchorCertificates = NSMutableArray()
在初始化过程中,加载、转换并添加CA证书:
let caCertData = NSData(contentsOfURL: NSBundle.mainBundle().URLForResource("company_ca", withExtension: "der")!)!
let caCert = SecCertificateCreateWithData(nil, caCertData)!
anchorCertificates.addObject(caCert)
委托处理程序将如下所示:
func URLSession(session: NSURLSession, didReceiveChallenge challenge: NSURLAuthenticationChallenge, completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?) -> Void) {
if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
var trust: SecTrustRef = challenge.protectionSpace.serverTrust!
// Make sure we accept the given hostname/ip address for the certificate
let serverHost = challenge.protectionSpace.host
let sslPolicy = SecPolicyCreateSSL(true, serverHost)
let sslPolicyArray = NSMutableArray()
sslPolicyArray.addObject(sslPolicy)
// Copy the existing certificates from the trust object
let trustCertificateArray = NSMutableArray()
let trustCertificateCount = SecTrustGetCertificateCount(trust)
for i in 0..<trustCertificateCount {
trustCertificateArray.addObject(SecTrustGetCertificateAtIndex(trust, i)!)
}
// Replace the trust object
var newTrust: SecTrustRef?
if SecTrustCreateWithCertificates(trustCertificateArray, sslPolicyArray, &newTrust) != errSecSuccess {
// application error
completionHandler(.CancelAuthenticationChallenge, nil)
return
}
trust = newTrust!
// Set our own anchor certificates to the trust.
if SecTrustSetAnchorCertificates(trust, anchorCertificates) != errSecSuccess {
// Application error.
completionHandler(.CancelAuthenticationChallenge, nil)
return
}
// No keychains should be searched.
if SecTrustSetKeychains(trust, []) != errSecSuccess {
print("Failed to set no keychain for the trust.")
completionHandler(.CancelAuthenticationChallenge, nil)
return
}
// Allow implicit anchors.
if SecTrustSetOptions(trust, .ImplicitAnchors) != errSecSuccess {
// Application error.
completionHandler(.CancelAuthenticationChallenge, nil)
return
}
completionHandler(.UseCredential, NSURLCredential(forTrust: trust))
} else {
// Handle any other case.
completionHandler(.CancelAuthenticationChallenge, nil)
}
}
func-URLSession(会话:NSURLSession,didReceiveChallenge质询:nsurAuthenticationChallenge,completionHandler:(NSURLSessionAuthChallengeDisposition,NSURLCredential?)->Void){
如果challenge.protectionSpace.authenticationMethod==nsurAuthenticationMethodServerTrust{
var trust:SecTrustRef=challenge.protectionSpace.serverTrust!
//确保我们接受证书的给定主机名/ip地址
让serverHost=challenge.protectionSpace.host
设sslPolicy=SecPolicyCreateSSL(true,serverHost)
设sslPolicyArray=NSMutableArray()
sslPolicyArray.addObject(sslPolicy)
//从信任对象复制现有证书
让trustCertificateArray=NSMutableArray()
让trustCertificateCount=SecTrustGetCertificateCount(信任)
对于0中的i..首先必须将CA证书转换为DER格式,并将其作为捆绑资源添加到项目中。在本例中,此文件称为company\u CA.DER
接下来,为类中的CA证书准备一个具有数组的属性:
private var anchorCertificates = NSMutableArray()
在初始化过程中,加载、转换并添加CA证书:
let caCertData = NSData(contentsOfURL: NSBundle.mainBundle().URLForResource("company_ca", withExtension: "der")!)!
let caCert = SecCertificateCreateWithData(nil, caCertData)!
anchorCertificates.addObject(caCert)
委托处理程序将如下所示:
func URLSession(session: NSURLSession, didReceiveChallenge challenge: NSURLAuthenticationChallenge, completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?) -> Void) {
if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
var trust: SecTrustRef = challenge.protectionSpace.serverTrust!
// Make sure we accept the given hostname/ip address for the certificate
let serverHost = challenge.protectionSpace.host
let sslPolicy = SecPolicyCreateSSL(true, serverHost)
let sslPolicyArray = NSMutableArray()
sslPolicyArray.addObject(sslPolicy)
// Copy the existing certificates from the trust object
let trustCertificateArray = NSMutableArray()
let trustCertificateCount = SecTrustGetCertificateCount(trust)
for i in 0..<trustCertificateCount {
trustCertificateArray.addObject(SecTrustGetCertificateAtIndex(trust, i)!)
}
// Replace the trust object
var newTrust: SecTrustRef?
if SecTrustCreateWithCertificates(trustCertificateArray, sslPolicyArray, &newTrust) != errSecSuccess {
// application error
completionHandler(.CancelAuthenticationChallenge, nil)
return
}
trust = newTrust!
// Set our own anchor certificates to the trust.
if SecTrustSetAnchorCertificates(trust, anchorCertificates) != errSecSuccess {
// Application error.
completionHandler(.CancelAuthenticationChallenge, nil)
return
}
// No keychains should be searched.
if SecTrustSetKeychains(trust, []) != errSecSuccess {
print("Failed to set no keychain for the trust.")
completionHandler(.CancelAuthenticationChallenge, nil)
return
}
// Allow implicit anchors.
if SecTrustSetOptions(trust, .ImplicitAnchors) != errSecSuccess {
// Application error.
completionHandler(.CancelAuthenticationChallenge, nil)
return
}
completionHandler(.UseCredential, NSURLCredential(forTrust: trust))
} else {
// Handle any other case.
completionHandler(.CancelAuthenticationChallenge, nil)
}
}
func-URLSession(会话:NSURLSession,didReceiveChallenge质询:nsurAuthenticationChallenge,completionHandler:(NSURLSessionAuthChallengeDisposition,NSURLCredential?)->Void){
如果challenge.protectionSpace.authenticationMethod==nsurAuthenticationMethodServerTrust{
var trust:SecTrustRef=challenge.protectionSpace.serverTrust!
//确保我们接受证书的给定主机名/ip地址
让serverHost=challenge.protectionSpace.host
设sslPolicy=SecPolicyCreateSSL(true,serverHost)
设sslPolicyArray=NSMutableArray()
sslPolicyArray.addObject(sslPolicy)
//从信任对象复制现有证书
让trustCertificateArray=NSMutableArray()
让trustCertificateCount=SecTrustGetCertificateCount(信任)
因为我在0。。