校验颁发机构
let sessionConfiguration = URLSessionConfiguration.default
sessionConfiguration.timeoutIntervalForRequest = 20
let sessionDelegate = SessionDelegate()
sessionDelegate.sessionDidReceiveChallengeWithCompletion = { (session, challenge, completion) in
var disposition: URLSession.AuthChallengeDisposition = .performDefaultHandling
var credential: URLCredential?
disposition = URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge
if challenge.protectionSpace.authenticationMethod
== NSURLAuthenticationMethodServerTrust {
let trust = challenge.protectionSpace.serverTrust!
var trustResult = SecTrustResultType.invalid
let status = SecTrustEvaluate(trust, &trustResult)
if status == errSecSuccess && (trustResult == .proceed || trustResult == .unspecified) {
var trusted = false
for index in 0..<SecTrustGetCertificateCount(trust) {
if let certificate = SecTrustGetCertificateAtIndex(trust, index),
let tempCerSummary = SecCertificateCopySubjectSummary(certificate) {
let cerSummary = tempCerSummary as String
print(cerSummary)
//要校验的机构名称,可添加删除
if cerSummary.range(of: "GeoTrust") != nil ||
cerSummary.range(of: "Symantec") != nil ||
cerSummary.range(of: "VeriSign") != nil ||
cerSummary.range(of: "DigiCert") != nil {
trusted = true
break
}
}
}
credential = URLCredential(trust: trust)
if (credential != nil) && trusted {
disposition = URLSession.AuthChallengeDisposition.useCredential
}
}
}
completion(disposition, credential)
}
let manager = SessionManager(configuration: sessionConfiguration, delegate: sessionDelegate)
校验公钥
var serverTrustPolicies: [String: ServerTrustPolicy] = [:]
#if DEBUG
#else
//要校验的域名数组
let cerStrArr = [
"www.baidu.com",
"www.test.com"
]
cerStrArr.forEach {
serverTrustPolicies[$0] = ServerTrustPolicy.pinPublicKeys(
publicKeys: ServerTrustPolicy.publicKeys(),
validateCertificateChain: true,
validateHost: true
)
}
#endif
let sessionConfiguration = URLSessionConfiguration.default
sessionConfiguration.timeoutIntervalForRequest = 20
let sessionDelegate = SessionDelegate()
let manager = SessionManager(configuration: sessionConfiguration,
delegate: sessionDelegate,
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies))
证书完全校验
let sessionConfiguration = URLSessionConfiguration.default
sessionConfiguration.timeoutIntervalForRequest = 30
let sessionDelegate = SessionDelegate()
sessionDelegate.sessionDidReceiveChallenge = { _, challenge in
#if DEBUG
return (URLSession.AuthChallengeDisposition.useCredential,URLCredential(trust:challenge.protectionSpace.serverTrust!))
#else
if challenge.protectionSpace.authenticationMethod
== NSURLAuthenticationMethodServerTrust {
let serverTrust = challenge.protectionSpace.serverTrust!
let certificate = SecTrustGetCertificateAtIndex(serverTrust, 0)
let remoteCertificateData = CFBridgingRetain(SecCertificateCopyData(certificate!))!
let localCertificateData = ServerTrustPolicy.certificates().map { SecCertificateCopyData($0) as Data }
var equal = false
for local in localCertificateData {
if local == remoteCertificateData as! Data {
equal = true
break
}
}
if equal {
let credential = URLCredential(trust: serverTrust)
challenge.sender!.continueWithoutCredential(for: challenge)
challenge.sender?.use(credential, for: challenge)
return (URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
} else {
challenge.sender?.cancel(challenge)
return (URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil) }
} else {
return (URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
}
#endif
}
return SessionManager(configuration: sessionConfiguration, delegate: sessionDelegate)
