iOS:URLRequest Error Domain=NSURLErrorDomain Code=-1202 "此服務器的證書無效

Question

我正在嘗試實現一個請求：

func makeRequest(urlStr: String) {
    let session = URLSession.shared
    let url = URL(string: urlStr)!
    let task = session.dataTask(with: url, completionHandler: { data, response, error in
        if error != nil {
            print(error)
        }
    })
    task.resume()
}

但我需要安裝證書，我生成了證書並手動安裝在設備上：

ex +'/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect myDomain.io:8243) -scq > file.crt

當我提出請求時，我收到此錯誤：

   - some : Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “myDomain.io” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x281cd4870>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, NSErrorPeerCertificateChainKey=(
     "<cert(0x106002800) s: localhost i: localhost>"
 ), NSUnderlyingError=0x2820acd80 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x281cd4870>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=(
     "<cert(0x106002800) s: localhost i: localhost>"
 )}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “myDomain.io” which could put your confidential information at risk., NSErrorFailingURLKey=https://myDomain.io:8243, NSErrorFailingURLStringKey=https://myDomain.io:8243, NSErrorClientCertificateStateKey=0}

你們中的任何人都知道為什么或如何解決這個問題？ 或者是否是應用程序識別設備中證書的一種方式？

我會非常感謝你的幫助。

Answer 1

使用以下代碼進行證書固定。 將您的公鑰證書添加到應用程序中。

let config = URLSessionConfiguration.default
    let session = URLSession(configuration: config, delegate: self, delegateQueue: nil)
    guard let url1 = URL.init(string: "Your URL") else {
        return
    }
    var request = URLRequest.init(url: url1)
    let task = session?.dataTask(with: request) { (data, response, error) in

    }

    extension yourClassName : URLSessionDelegate {
        public func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
            if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
                if let serverTrust = challenge.protectionSpace.serverTrust {
                    var secresult = SecTrustResultType.invalid
                    let status = SecTrustEvaluate(serverTrust, &secresult)

                    if (errSecSuccess == status) {
                        if let serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0) {
                            let serverCertificateData = SecCertificateCopyData(serverCertificate)
                            let data = CFDataGetBytePtr(serverCertificateData)
                            let size = CFDataGetLength(serverCertificateData)
                            let cert1 = NSData(bytes: data, length: size)
                            var file_der: String?
                            if let certName = "certiifcate Name", let certType = "certicifateType" {
                                file_der = Bundle.main.path(forResource: certName, ofType: certType)
                            }
                            if let file = file_der {
                                if let cert2 = NSData(contentsOfFile: file) {
                                    completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: serverTrust))
                                    return
                                    // }
                                }
                            }
                        }
                    }
                }
            }

            // Pinning failed
            completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
        }
    }