All geek questions in one place

Swift 3 How to verify a server certificate using SSL Pinning and AlamoFire?

I am writing an application in swift 3 that needs to talk to my server. I have a complete certificate chain in der and crt format, for which I am a CA (not to be confused with self-subscription). How to use this in my application to check my server? Below is my rest and answer

Rest Call:

var request = URLRequest(url: URL(string: "https://myserver/login")!)
    request.addValue("Content-Type", forHTTPHeaderField: "application/json")
    request.httpMethod = "GET"
    let session = URLSession.shared

    session.dataTask(with: request) {data, response, err in         
        print("=========================DATA===============================")
        if data != nil {
            print(data!)
        }
        print("=========================RESPONSE===============================")
        if response != nil {
            print(response!)
        }
        print("=========================ERR===============================")
        if err != nil {
            print(err!)
        }
        }.resume()

Conclusion:

=========================DATA===============================
=========================RESPONSE===============================
=========================ERR===============================
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x60800011f020>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=(
"<cert(0x7fae4803d200) s: myserver i: MySubCA>",
"<cert(0x7fae48047000) s: MySubCA i: MyRootCA>",
"<cert(0x7fae48044600) s: MyRootCA i: MyRootCA>"
), NSUnderlyingError=0x60800005a040 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x60800011f020>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x7fae4803d200) s: myserver i: MySubCA>",
"<cert(0x7fae48047000) s: MySubCA i: MyRootCA>",
"<cert(0x7fae48044600) s: MyRootCA i: MyRootCA>"
)}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://myserver/login, NSErrorFailingURLStringKey=https://myserver/login, NSErrorClientCertificateStateKey=0}
+4
source share
1 answer

I solved it quite simply using the online blog, AlamoFire and openssl

I used AlamoFire for networks in iOS

https://github.com/Alamofire/Alamofire

I used the article on securing SSL in iOS to go in the right direction

https://infinum.co/the-capsized-eight/articles/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

openssl

https://help.netmail.com/display/KB/Converting+SSL+Certificate+File+from+CRT+TO+DER+TO+PEM

Der

openssl x509 -in cert.crt -out cert.der -outform DER

cert, .

Swift 3

// Your hostname and endpoint
let hostname = "YOUR_HOST_NAME"
let endpoint = "YOUR_ENDPOINT"
let cert = "YOUR_CERT" // e.g. for cert.der, this should just be "cert"

// Set up certificates
let pathToCert = Bundle.main.path(forResource: cert, ofType: "der")
let localCertificate = NSData(contentsOfFile: pathToCert!)
let certificates = [SecCertificateCreateWithData(nil, localCertificate!)!]

// Configure the trust policy manager
let serverTrustPolicy = ServerTrustPolicy.pinCertificates(
    certificates: certificates,
    validateCertificateChain: true,
    validateHost: true
)    
let serverTrustPolicies = [hostname: serverTrustPolicy]
let serverTrustPolicyManager = ServerTrustPolicyManager(policies: serverTrustPolicies)

// Configure session manager with trust policy
afManager = SessionManager(
    configuration: URLSessionConfiguration.default,
    serverTrustPolicyManager: serverTrustPolicyManager
)


afManager.request(endpoint, method: .get).responseJSON { response in
    debugPrint("All Response Info: \(response)")
}
+7

Source: https://habr.com/ru/post/1660977/

More articles:


All Articles