Alamofire，ssl 固定在子域地址上

Question

I'm current able on my IOS app using Alamofire and SSL pinning to log in to my company website.我目前可以使用 Alamofire 和 SSL 固定在我的 IOS 应用程序上登录我的公司网站。

But I can't log in to a subdomain of my website.但是我无法登录到我网站的子域。 is there any special configuration I'm missing in my code to be able to establish the SSL communication with my subdomain?我的代码中是否缺少任何特殊配置，以便能够与我的子域建立 SSL 通信？

I add the certificate file .cer in the app bundle我在应用程序包中添加证书文件 .cer
create the [SecCertificate]创建 [SecCertificate]

func loadcertificate()->[SecCertificate]{
        guard let pathToCert = Bundle.main.path(forResource: "amua", ofType: "cer") else {fatalError("can not find")}
        guard let localCertificate = NSData(contentsOfFile: pathToCert) else {fatalError("can not load")}
        guard let cert = SecCertificateCreateWithData(nil, localCertificate) else {fatalError("can not read cert")}
        
        return  [cert]
    }

Create the Alamofire session and connection request:创建 Alamofire 会话和连接请求：

 func connection() {
        sessionManager = Session(configuration: URLSessionConfiguration.default)
        
        let evaluator = PinnedCertificatesTrustEvaluator(certificates: loadcertificate(),
                                                         acceptSelfSignedCertificates: false,
                                                         performDefaultValidation: true,
                                                         validateHost: true)
        
        let ServerTrustManager = ServerTrustManager(allHostsMustBeEvaluated: false,
                                                    evaluators:
                                                        ["airmacau.com.mo" : evaluator])
        sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: ServerTrustManager)
        
        
        sessionManager?.request("https://icrew.airmacau.com.mo", method: .get, encoding: URLEncoding.default)
            
            .response { response in
                if let st = response.data {
                    let str = String(decoding: st, as: UTF8.self)
                    do {
                        print("OK")
                        let doc: Document = try SwiftSoup.parse(str)
                        print(doc)
                    }catch let err  {
                        print("ERRORE .get icrew")
                        print(err.localizedDescription)
                    }
                    
                    
                }
            }
    }
}

if I connect to the main website address https://www.airmacau.com.mo all work fine, if I connect to the subdomain https://icrew.airmacau.com.mo the connection fail and I get the error HANDSHAKE_FAILURE如果我连接到主网站地址https://www.airmacau.com.mo一切正常，如果我连接到子域https://icrew.airmacau.com.mo连接失败，我收到错误HANDSHAKE_FAILURE

Answer 1

class WildcardServerTrustPolicyManager: ServerTrustManager {
    override func serverTrustEvaluator(forHost host: String) throws -> ServerTrustEvaluating? {
        if let policy = evaluators[host] {
            return policy
        }
        var domainComponents = host.split(separator: ".")
        if domainComponents.count > 2 {
            domainComponents[0] = "*"
            let wildcardHost = domainComponents.joined(separator: ".")
            return evaluators[wildcardHost]
        }
        return nil
    }
}

Implementation:执行：

 let evaluators: [String: ServerTrustEvaluating] = [
        "*.airmacau.com.mo": evaluator
    ]

    let manager = WildcardServerTrustPolicyManager(evaluators: evaluators)

Session Manager Config:会话管理器配置：

sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: manager)

Alamofire，ssl 固定在子域地址上

问题描述

1 个解决方案

解决方案1
1 已采纳 2021-07-04 16:38:18

Alamofire，ssl 固定在子域地址上

问题描述

1 个解决方案

解决方案1 1 已采纳 2021-07-04 16:38:18

解决方案1
1 已采纳 2021-07-04 16:38:18