我能够让它发挥作用。有几个问题妨碍了我们。首先,您必须允许 IOS 接受自签名证书。这需要设置 AlamoFire serverTrustPolicy:
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"your-domain.com": .disableEvaluation
]
self.sessionManager = Alamofire.SessionManager(
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
从那里,您必须重写 sessionDidRecieveChallenge 才能发送客户端证书。因为我想使用 p12 文件,所以我修改了在其他地方找到的一些代码(抱歉我不再有源代码),使 Swift 3.0 使用基础类导入 p12:
import Foundation
public class PKCS12 {
var label:String?
var keyID:Data?
var trust:SecTrust?
var certChain:[SecTrust]?
var identity:SecIdentity?
let securityError:OSStatus
public init(data:Data, password:String) {
//self.securityError = errSecSuccess
var items:CFArray?
let certOptions:NSDictionary = [kSecImportExportPassphrase as NSString:password as NSString]
// import certificate to read its entries
self.securityError = SecPKCS12Import(data as NSData, certOptions, &items);
if securityError == errSecSuccess {
let certItems:Array = (items! as Array)
let dict:Dictionary<String, AnyObject> = certItems.first! as! Dictionary<String, AnyObject>;
self.label = dict[kSecImportItemLabel as String] as? String;
self.keyID = dict[kSecImportItemKeyID as String] as? Data;
self.trust = dict[kSecImportItemTrust as String] as! SecTrust?;
self.certChain = dict[kSecImportItemCertChain as String] as? Array<SecTrust>;
self.identity = dict[kSecImportItemIdentity as String] as! SecIdentity?;
}
}
public convenience init(mainBundleResource:String, resourceType:String, password:String) {
self.init(data: NSData(contentsOfFile: Bundle.main.path(forResource: mainBundleResource, ofType:resourceType)!)! as Data, password: password);
}
public func urlCredential() -> URLCredential {
return URLCredential(
identity: self.identity!,
certificates: self.certChain!,
persistence: URLCredential.Persistence.forSession);
}
}
这将允许我导入文件并将其发送回客户端。
let cert = PKCS12.init(mainBundleResource: "cert", resourceType: "p12", password: "password");
self.sessionManager.delegate.sessionDidReceiveChallenge = { session, challenge in
if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate {
return (URLSession.AuthChallengeDisposition.useCredential, self.cert.urlCredential());
}
if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
return (URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!));
}
return (URLSession.AuthChallengeDisposition.performDefaultHandling, Optional.none);
}
现在,您可以使用 sessionManager 创建所需数量的调用。
作为说明,我还按照建议将以下内容添加到了 info.plist 中,以绕过较新 iOS 功能中的新安全功能:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>your-domain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
我希望这有帮助!