问题描述:

I have a .pem file which will successfully connect to my website via the --cert parameter of curl. I then converted that to a der file:

openssl x509 -inform PEM -outform DER -in client.pem -out cert.der

Then I loaded that cert.der into my project and I'm now trying to use that with Alamofire, following the example on their homepage:

 let serverTrustPolicy = ServerTrustPolicy.PinCertificates(

certificates: ServerTrustPolicy.certificatesInBundle(),

validateCertificateChain: true,

validateHost: true

)

let policyManager = ServerTrustPolicyManager(policies: ["my.domain.com" : serverTrustPolicy])

manager = Alamofire.Manager(configuration: configuration, serverTrustPolicyManager: policyManager)

manager.request(.GET, url, parameters: params, encoding: .URLEncodedInURL, headers: nil)

.authenticate(usingCredential: credential)

.validate()

.responseJSON {

When that runs though it just fails and I get a 'cancelled' as the error's localizedDescription, which is what Alamofire does when authentication fails.

What am I doing wrong?

网友答案:

The Alamofire cert pinning logic does not currently support this use case. It is only designed to handle cert and public key pinning, not client certificates used to authenticate with the server. This is something we could support in the future if this is a common use case.

With that said, I'm assuming in this case you are receiving a NSURLAuthenticationChallenge with a protection space that has an authentication method of type .NSURLAuthenticationMethodClientCertificate. In these cases, you need to evaluate the host of the challenge, then create an NSURLCredential using the credentialWithIdentity:certificates:persistence: API. By passing this credential off to the completion handler, the client certificate should be sent to the server to authenticate the connection. More info can be found here.

Client certificate authentication (NSURLAuthenticationMethodClientCertificate) requires the system identity and all certificates needed to authenticate with the server. Create an NSURLCredential object with credentialWithIdentity:certificates:persistence:.

I've never actually had a need to use this type of authentication before. You'll need to override the auth challenge SessionDelegate closure using the task override closure to get this working.

相关阅读:
Top