在Alamofire中使用指纹进行SSL固定 [英] SSL Pinning with fingerprint in Alamofire

问题描述

有没有人看到用指纹而不是公钥固定Alamofire的方法？

Has anyone seen a way to do pinning with Alamofire with the fingerprint instead of the public key?

对不起，如果已经回答了，我还没有看到

Sorry if this has been answered, I haven't seen it anywhere.

谢谢

推荐答案

这最终很简单。下面的代码可能并不完美，我的真实代码正在做一些附加检查，但这只是其中的大部分。

This ended up being pretty straight forward. The code below might not be perfect, my real code is doing some addtional checks, but this is most of it.

.SHA1Fingerprint是SecCertificate上的扩展方法，可将其复制到NSData中，然后将其转换为SHA1。我使用RNCryptor来做到这一点，但是您可以这样做。

The .SHA1Fingerprint is an extension method on SecCertificate that copies it into NSData and then converts it to a SHA1. I use RNCryptor to do that, but you can do it however.

isValidFingerprint只是将结果与我的每个已知指纹进行比较。

The isValidFingerprint just compares the result to each of my known fingerprint(s).

这一切都挂起了我的静态Alamofire.Manager。

This all hangs off my static Alamofire.Manager.

manager.delegate.sessionDidReceiveChallenge = { session, challenge in
        var disposition: NSURLSessionAuthChallengeDisposition = .PerformDefaultHandling
        var credential: NSURLCredential?

        if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
            let host = challenge.protectionSpace.host

            if let serverTrust = challenge.protectionSpace.serverTrust {

                let serverTrustPolicy = ServerTrustPolicy.PerformDefaultEvaluation(validateHost: true)

                if serverTrustPolicy.evaluateServerTrust(serverTrust, isValidForHost: host) {
                    disposition = .UseCredential
                    credential = NSURLCredential(forTrust: serverTrust)
                } else {
                    disposition = .CancelAuthenticationChallenge
                    return (disposition, credential)
                }

                for index in 0..<SecTrustGetCertificateCount(serverTrust) {
                    if let certificate = SecTrustGetCertificateAtIndex(serverTrust, index) {
                        if let fingerPrint = certificate.SHA1Fingerprint {
                            if isValidFingerprint(fingerPrint)  {
                                return (disposition, credential)
                            }
                        }
                    }
                }
            }
        }
        disposition = .CancelAuthenticationChallenge
        return (disposition, credential)
    }

这篇关于在Alamofire中使用指纹进行SSL固定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！