目标:
使用URLProtocol测试SSL固定。
问题:
不能以预期的方式将URLProtectionSpace子类化。永远不会调用服务器信任属性,即使自定义类的初始化程序被调用,alamofire auth回调也仅接收URLProtectionSpace类类型而不是我的类。
配置: [使用Alamofire]
let sessionConfiguration: URLSessionConfiguration = .default
sessionConfiguration.protocolClasses?.insert(BaseURLProtocol.self, at: 0)
let sessionManager = AlamofireSessionBuilderImpl(configuration: sessionConfiguration).default
// overriding the auth challenge in Alamofire in order to test what is being called
sessionManager.delegate.sessionDidReceiveChallengeWithCompletion = { session, challenge, completionHandler in
let protectionSpace = challenge.protectionSpace
guard protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust,
protectionSpace.host.contains("myDummyURL.com") else {
// otherwise it means a different challenge is encountered and we are only interested in certificate validation
completionHandler(.performDefaultHandling, nil)
return
}
guard let serverTrust = protectionSpace.serverTrust else {
completionHandler(.performDefaultHandling, nil)
return
}
guard let serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0) else {
return completionHandler(.cancelAuthenticationChallenge, nil)
}
let serverCertificateData = SecCertificateCopyData(serverCertificate) as Data
// cannot find the local certificate
guard let localCertPath = Bundle.main.path(forResource: "cert", ofType: "der"),
let localCertificateData = NSData(contentsOfFile: localCertPath) else {
return completionHandler(.cancelAuthenticationChallenge, nil)
}
guard localCertificateData.isEqual(to: serverCertificateData) else {
// the certificate received from the server is invalid
completionHandler(.cancelAuthenticationChallenge, nil)
return
}
let credential = URLCredential(trust: serverTrust)
completionHandler(.useCredential, credential)
}
BaseURLProtocol定义:
class BaseURLProtocol: URLProtocol {
override class func canInit(with request: URLRequest) -> Bool {
return true
}
override class func canonicalRequest(for request: URLRequest) -> URLRequest {
return request
}
override func startLoading() {
debugPrint("--- request loading \(request)")
guard request.url?.host?.contains("myDummyURL.com") ?? false else {
debugPrint("--- caught untargetted request --- skipping ---host is \(request.url?.host)")
return
}
let protectionSpace = CertificatePinningMockURLProtectionSpace(host: "https://myDummyURL.com", port: 443, protocol: nil, realm: nil, authenticationMethod: NSURLAuthenticationMethodServerTrust)
let challenge = URLAuthenticationChallenge(protectionSpace: protectionSpace, proposedCredential: nil, previousFailureCount: 0, failureResponse: nil, error: nil, sender: self)
client?.urlProtocol(self, didReceive: challenge)
}
}
CertificatePinningMockURLProtectionSpace: [使用Alamofire ServerTrustPolicy获取证书]
-永远不会调用serverTrust属性。我还重写了URLProtectionSpace的所有其他属性,除了调用了init外,什么都没有。
class CertificatePinningMockURLProtectionSpace: URLProtectionSpace {
private static let expectedHost = "myDummyURL.com"
override init(host: String, port: Int, protocol: String?, realm: String?, authenticationMethod: String?) {
debugPrint("--- super init will be called")
super.init(host: host, port: port, protocol: `protocol`, realm: realm, authenticationMethod: authenticationMethod)
}
override var serverTrust: SecTrust? {
guard let certificate = ServerTrustPolicy.certificates(in: .main).first else {
return nil
}
let policy: SecPolicy = SecPolicyCreateSSL(true, CertificatePinningMockURLProtectionSpace.expectedHost as CFString)
var serverTrust: SecTrust?
SecTrustCreateWithCertificates(certificate, policy, &serverTrust)
return serverTrust
}
}
测试声明:
sessionManager.request("https://myDummyURL.com").responseString(completionHandler: { response in
debugPrint("--- response is \(response)")
done()
})
URLProtectionSpace是否可以成功重写并作为模拟提供给URLProtocol中的URLProtocolClient?
答案 0 :(得分:0)
许多从Core Foundation派生的“类”都非常耐子类化,因此这也就不足为奇了。它可能基本上只是一个在引擎盖下带有魔术胶的结构。 :-)
在这里,单元测试可能比功能测试更好。创建一个任意的保护空间对象,将其填充,然后将其直接传递给委托方法,并断言使用预期结果调用了该回调。
或者,如果您真的想进行完整的端到端测试,则可以实例化本地Web服务器,然后您的测试可以调整其配置,以实时控制提供给应用程序的凭据。 / p>