为什么 Alamofire 公钥固定不起作用?
[英]Why is Alamofire public key pinning not working?
问题描述
I am trying to perform public key pinning using Alamofire and Moya.
我正在尝试使用 Alamofire 和 Moya 执行公钥固定。
I am building my own custom Alamofire Session and passing it to my Moya provider.我正在构建自己的自定义 Alamofire 会话并将其传递给我的 Moya 提供者。 I have read the documentation of Alamofire on how to perform public key pinning which is summarized by these few lines of code:我已经阅读了 Alamofire 关于如何执行公钥固定的文档,这些文档总结了这几行代码:
let configuration = URLSessionConfiguration.default
let trustManager = ServerTrustManager(evaluators: ["domain.example.com": PublicKeysTrustEvaluator()])
return MySession(configuration: configuration, serverTrustManager: trustManager)
My understanding is that PublicKeysTrustEvaluator() will filter through all certificates found in Bundle.main and extract the public keys and perform public key pinning against the host.我的理解是 PublicKeysTrustEvaluator() 将过滤在 Bundle.main 中找到的所有证书并提取公钥并对主机执行公钥固定。 If at least one succeeds, then the server trust is considered valid.如果至少有一个成功,则服务器信任被认为是有效的。
Here is some code from the Alamofire project:以下是 Alamofire 项目的一些代码:
extension AlamofireExtension where ExtendedType: Bundle {
/// Returns all valid `cer`, `crt`, and `der` certificates in the bundle.
public var certificates: [SecCertificate] {
paths(forResourcesOfTypes: [".cer", ".CER", ".crt", ".CRT", ".der", ".DER"]).compactMap { path in
guard
let certificateData = try? Data(contentsOf: URL(fileURLWithPath: path)) as CFData,
let certificate = SecCertificateCreateWithData(nil, certificateData) else { return nil }
return certificate
}
}
/// Returns all public keys for the valid certificates in the bundle.
public var publicKeys: [SecKey] {
certificates.af.publicKeys
}
Why is Alamofire allowing the use of .cer/.crt files if the function SecCertificateCreateWithData only expects DER formats?如果函数SecCertificateCreateWithData只需要 DER 格式,为什么 Alamofire 允许使用 .cer/.crt 文件?
The function paths is returning my .cer file but Bundle.main.af.publicKeys is empty because this call SecCertificateCreateWithData always fails.函数路径正在返回我的 .cer 文件,但 Bundle.main.af.publicKeys 为空,因为此调用SecCertificateCreateWithData总是失败。
Should I convert my certificate to DER format?我应该将我的证书转换为 DER 格式吗?
If so, how should I do this?如果是这样,我该怎么做?
The output of this call is not being found by the function paths(forResourcesOfTypes mentioned above.上面提到的函数paths(forResourcesOfTypes )找不到此调用的输出。
openssl x509 -outform der -in certificatename.pem -out certificatename.der
UPDATE更新
I found that my certificate was incorrect.我发现我的证书不正确。 I replaced it with another of .cer format and this time, I got no errors.我用另一种 .cer 格式替换了它,这一次,我没有出错。 However, all of my API calls result in a 405 error even though this piece of code right here from the Alamofire code:然而,我所有的 API 调用都会导致 405 错误,即使这段代码来自 Alamofire 代码:
if !pinnedKeysInServerKeys {
throw AFError.serverTrustEvaluationFailed(reason: .publicKeyPinningFailed(host: host, trust: trust, pinnedKeys: keys, serverKeys: trust.af.publicKeys))
}
returns a false.返回一个假。 So, does that mean the server trust evaluation did not fail?那么,这是否意味着服务器信任评估没有失败?
1 个解决方案
解决方案1
0 2022-07-12 10:31:20
You can make it work by just adding your trust certification inside your app bundle.您只需在应用程序包中添加您的信任认证即可使其工作。 Just Make sure you add the correct certificate of your server.只需确保添加正确的服务器证书即可。 That's all.就这样。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.