Question

过去有一种方法可以解决iOS坚持使用有效证书的HTTPs的问题。我对将应用提交到商店的状态不感兴趣，我只是想在开发应用时与Charles窃听网络操作。

谢谢

我尝试了

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

...以及在线上常见的所有其他变体。

必须有一种方法...

Answer 1

您可以使用URLSessionRequest在以下代码中使用SSL请求代码，

<div class="container">
  <a class="logo">Logo</a>
  <p>Navigation links</p>
</div>

状况

 fileprivate func SSLCertificateCreateTrustResult(_ serverTrust: SecTrust)->SecTrustResultType {
        let certificate: SecCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0)!
        let remoteCertificateData = CFBridgingRetain(SecCertificateCopyData(certificate))!
        var certName = "certName"

        let cerPath: String = Bundle.main.path(forResource: certName, ofType: "der")!
        let localCertificateData = NSData(contentsOfFile:cerPath)!

        let certDataRef = localCertificateData as CFData
        let cert = (SecCertificateCreateWithData(nil, certDataRef))
        let certArrayRef = [cert] as CFArray
        SecTrustSetAnchorCertificates(serverTrust, certArrayRef)
        SecTrustSetAnchorCertificatesOnly(serverTrust, false)
        let trustResult: SecTrustResultType = SecTrustResultType.invalid
        return trustResult
    }
    func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
        if challenge.protectionSpace.authenticationMethod == (NSURLAuthenticationMethodServerTrust) {
            let serverTrust:SecTrust = challenge.protectionSpace.serverTrust!
            var localCertificateTrust = SSLCertificateCreateTrustResult(serverTrust)
            SecTrustEvaluate(serverTrust, &localCertificateTrust)
            if localCertificateTrust == SecTrustResultType.unspecified || localCertificateTrust == SecTrustResultType.proceed || localCertificateTrust == SecTrustResultType.recoverableTrustFailure
            {
                let credential:URLCredential = URLCredential(trust: serverTrust)
                challenge.sender?.use(credential, for: challenge)
                completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))

            } else {
                let properties = SecTrustCopyProperties(serverTrust)
                completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
            }
        }
        else
        {
            completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil);
        }
    }

以下类型适用于有效证书

if localCertificateTrust == SecTrustResultType.unspecified || localCertificateTrust == SecTrustResultType.proceed || localCertificateTrust == SecTrustResultType.recoverableTrustFailure

对于无效的证书SecTrustResultType.unspecified , SecTrustResultType.proceed

我在SecTrustResultType.recoverableTrustFailure条件下添加了以上所有三个，以便使用有效证书和无效证书，以防万一您想要删除任何其他类型的证书

iOS 12上的NSAppTransportSecurity + NSAllowsArbitraryLoads

1 个答案: