iOS:URLRequest错误域= NSURLErrorDomain代码= -1202“此服务器的证书无效

时间:2019-10-04 18:38:01

标签: ios xcode11 urlrequest secure-crt swift5.2

我正在尝试实现一个请求:

func makeRequest(urlStr: String) {
    let session = URLSession.shared
    let url = URL(string: urlStr)!
    let task = session.dataTask(with: url, completionHandler: { data, response, error in
        if error != nil {
            print(error)
        }
    })
    task.resume()
}

但是我需要安装证书,并且生成证书并手动安装在设备上:

ex +'/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect myDomain.io:8243) -scq > file.crt

enter image description here 当我发出请求时,出现此错误:

   - some : Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “myDomain.io” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x281cd4870>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, NSErrorPeerCertificateChainKey=(
     "<cert(0x106002800) s: localhost i: localhost>"
 ), NSUnderlyingError=0x2820acd80 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x281cd4870>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=(
     "<cert(0x106002800) s: localhost i: localhost>"
 )}}, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “myDomain.io” which could put your confidential information at risk., NSErrorFailingURLKey=https://myDomain.io:8243, NSErrorFailingURLStringKey=https://myDomain.io:8243, NSErrorClientCertificateStateKey=0}

你们中的任何人都知道为什么或如何解决此问题?还是应用程序可以在设备中识别证书的方式?

非常感谢您的帮助。

1 个答案:

答案 0 :(得分:0)

使用以下代码进行证书固定。将您的公钥证书添加到应用中。 

let config = URLSessionConfiguration.default
    let session = URLSession(configuration: config, delegate: self, delegateQueue: nil)
    guard let url1 = URL.init(string: "Your URL") else {
        return
    }
    var request = URLRequest.init(url: url1)
    let task = session?.dataTask(with: request) { (data, response, error) in

    }

    extension yourClassName : URLSessionDelegate {
        public func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
            if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
                if let serverTrust = challenge.protectionSpace.serverTrust {
                    var secresult = SecTrustResultType.invalid
                    let status = SecTrustEvaluate(serverTrust, &secresult)

                    if (errSecSuccess == status) {
                        if let serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0) {
                            let serverCertificateData = SecCertificateCopyData(serverCertificate)
                            let data = CFDataGetBytePtr(serverCertificateData)
                            let size = CFDataGetLength(serverCertificateData)
                            let cert1 = NSData(bytes: data, length: size)
                            var file_der: String?
                            if let certName = "certiifcate Name", let certType = "certicifateType" {
                                file_der = Bundle.main.path(forResource: certName, ofType: certType)
                            }
                            if let file = file_der {
                                if let cert2 = NSData(contentsOfFile: file) {
                                    completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: serverTrust))
                                    return
                                    // }
                                }
                            }
                        }
                    }
                }
            }

            // Pinning failed
            completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
        }
    }
相关问题
最新问题