Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/swift/20.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
如何在Swift中使用自己的锚证书实现`URLSession:didReceiveChallenge:completionHandler:`?_Swift_Authentication_Swift2_Ssl Certificate - Fatal编程技术网
Fatal编程技术网
  • swift/
  • 如何在Swift中使用自己的锚证书实现`URLSession:didReceiveChallenge:completionHandler:`?

如何在Swift中使用自己的锚证书实现`URLSession:didReceiveChallenge:completionHandler:`?

swift authentication swift2

如何在Swift中使用自己的锚证书实现`URLSession:didReceiveChallenge:completionHandler:`?,swift,authentication,swift2,ssl-certificate,Swift,Authentication,Swift2,Ssl Certificate,我想使用NSURLSession在Swift中实现一个客户端,它使用HTTPS访问自己的公司服务器。此服务器证书有效,但由公司CA签署 如何在Swift中正确实现URLSession:didReceiveChallenge:completionHandler:?首先,您必须将CA证书转换为DER格式,并将其作为捆绑资源添加到您的项目中。在本例中,此文件称为company\u ca.der 接下来,为类中的CA证书准备一个具有数组的属性: private var anchorCertificate

我想使用NSURLSession在Swift中实现一个客户端,它使用HTTPS访问自己的公司服务器。此服务器证书有效,但由公司CA签署

如何在Swift中正确实现
URLSession:didReceiveChallenge:completionHandler:

首先,您必须将CA证书转换为DER格式,并将其作为捆绑资源添加到您的项目中。在本例中,此文件称为
company\u ca.der

接下来,为类中的CA证书准备一个具有数组的属性:

private var anchorCertificates = NSMutableArray()
在初始化过程中,加载、转换并添加CA证书:

let caCertData = NSData(contentsOfURL: NSBundle.mainBundle().URLForResource("company_ca", withExtension: "der")!)!
let caCert = SecCertificateCreateWithData(nil, caCertData)!
anchorCertificates.addObject(caCert)
委托处理程序将如下所示:

func URLSession(session: NSURLSession, didReceiveChallenge challenge: NSURLAuthenticationChallenge, completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?) -> Void) {
    if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
        var trust: SecTrustRef = challenge.protectionSpace.serverTrust!
        // Make sure we accept the given hostname/ip address for the certificate
        let serverHost = challenge.protectionSpace.host
        let sslPolicy = SecPolicyCreateSSL(true, serverHost)
        let sslPolicyArray = NSMutableArray()
        sslPolicyArray.addObject(sslPolicy)
        // Copy the existing certificates from the trust object
        let trustCertificateArray = NSMutableArray()
        let trustCertificateCount = SecTrustGetCertificateCount(trust)
        for i in 0..<trustCertificateCount {
            trustCertificateArray.addObject(SecTrustGetCertificateAtIndex(trust, i)!)
        }
        // Replace the trust object
        var newTrust: SecTrustRef?
        if SecTrustCreateWithCertificates(trustCertificateArray, sslPolicyArray, &newTrust) != errSecSuccess {
            // application error
            completionHandler(.CancelAuthenticationChallenge, nil)
            return
        }
        trust = newTrust!
        // Set our own anchor certificates to the trust.
        if SecTrustSetAnchorCertificates(trust, anchorCertificates) != errSecSuccess {
            // Application error.
            completionHandler(.CancelAuthenticationChallenge, nil)
            return
        }
        // No keychains should be searched.
        if SecTrustSetKeychains(trust, []) != errSecSuccess {
            print("Failed to set no keychain for the trust.")
            completionHandler(.CancelAuthenticationChallenge, nil)
            return
        }
        // Allow implicit anchors.
        if SecTrustSetOptions(trust, .ImplicitAnchors) != errSecSuccess {
            // Application error.
            completionHandler(.CancelAuthenticationChallenge, nil)
            return
        }
        completionHandler(.UseCredential, NSURLCredential(forTrust: trust))
    } else {
        // Handle any other case.
        completionHandler(.CancelAuthenticationChallenge, nil)
    }
}

func-URLSession(会话:NSURLSession,didReceiveChallenge质询:nsurAuthenticationChallenge,completionHandler:(NSURLSessionAuthChallengeDisposition,NSURLCredential?)->Void){
如果challenge.protectionSpace.authenticationMethod==nsurAuthenticationMethodServerTrust{
var trust:SecTrustRef=challenge.protectionSpace.serverTrust!
//确保我们接受证书的给定主机名/ip地址
让serverHost=challenge.protectionSpace.host
设sslPolicy=SecPolicyCreateSSL(true,serverHost)
设sslPolicyArray=NSMutableArray()
sslPolicyArray.addObject(sslPolicy)
//从信任对象复制现有证书
让trustCertificateArray=NSMutableArray()
让trustCertificateCount=SecTrustGetCertificateCount(信任)

对于0中的i..首先必须将CA证书转换为DER格式,并将其作为捆绑资源添加到项目中。在本例中,此文件称为
company\u CA.DER

接下来,为类中的CA证书准备一个具有数组的属性:


private var anchorCertificates = NSMutableArray()


在初始化过程中,加载、转换并添加CA证书:


let caCertData = NSData(contentsOfURL: NSBundle.mainBundle().URLForResource("company_ca", withExtension: "der")!)!
let caCert = SecCertificateCreateWithData(nil, caCertData)!
anchorCertificates.addObject(caCert)


委托处理程序将如下所示:


func URLSession(session: NSURLSession, didReceiveChallenge challenge: NSURLAuthenticationChallenge, completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?) -> Void) {
    if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
        var trust: SecTrustRef = challenge.protectionSpace.serverTrust!
        // Make sure we accept the given hostname/ip address for the certificate
        let serverHost = challenge.protectionSpace.host
        let sslPolicy = SecPolicyCreateSSL(true, serverHost)
        let sslPolicyArray = NSMutableArray()
        sslPolicyArray.addObject(sslPolicy)
        // Copy the existing certificates from the trust object
        let trustCertificateArray = NSMutableArray()
        let trustCertificateCount = SecTrustGetCertificateCount(trust)
        for i in 0..<trustCertificateCount {
            trustCertificateArray.addObject(SecTrustGetCertificateAtIndex(trust, i)!)
        }
        // Replace the trust object
        var newTrust: SecTrustRef?
        if SecTrustCreateWithCertificates(trustCertificateArray, sslPolicyArray, &newTrust) != errSecSuccess {
            // application error
            completionHandler(.CancelAuthenticationChallenge, nil)
            return
        }
        trust = newTrust!
        // Set our own anchor certificates to the trust.
        if SecTrustSetAnchorCertificates(trust, anchorCertificates) != errSecSuccess {
            // Application error.
            completionHandler(.CancelAuthenticationChallenge, nil)
            return
        }
        // No keychains should be searched.
        if SecTrustSetKeychains(trust, []) != errSecSuccess {
            print("Failed to set no keychain for the trust.")
            completionHandler(.CancelAuthenticationChallenge, nil)
            return
        }
        // Allow implicit anchors.
        if SecTrustSetOptions(trust, .ImplicitAnchors) != errSecSuccess {
            // Application error.
            completionHandler(.CancelAuthenticationChallenge, nil)
            return
        }
        completionHandler(.UseCredential, NSURLCredential(forTrust: trust))
    } else {
        // Handle any other case.
        completionHandler(.CancelAuthenticationChallenge, nil)
    }
}



func-URLSession(会话:NSURLSession,didReceiveChallenge质询:nsurAuthenticationChallenge,completionHandler:(NSURLSessionAuthChallengeDisposition,NSURLCredential?)->Void){
如果challenge.protectionSpace.authenticationMethod==nsurAuthenticationMethodServerTrust{
var trust:SecTrustRef=challenge.protectionSpace.serverTrust!
//确保我们接受证书的给定主机名/ip地址
让serverHost=challenge.protectionSpace.host
设sslPolicy=SecPolicyCreateSSL(true,serverHost)
设sslPolicyArray=NSMutableArray()
sslPolicyArray.addObject(sslPolicy)
//从信任对象复制现有证书
让trustCertificateArray=NSMutableArray()
让trustCertificateCount=SecTrustGetCertificateCount(信任)
因为我在0。。