Я хочу использовать пользовательские сертификаты в iOS. Я сделал что-то подобное в Android:
private fun getTrustManagerFactory(): TrustManagerFactory {
try {
context.resources.openRawResource(R.raw.server).use {
val cf = CertificateFactory.getInstance("X.509").run {
generateCertificate(it)
}
val keyStore = KeyStore.getInstance(KeyStore.getDefaultType()).apply {
load(null, null)
setCertificateEntry("ca", cf)
}
return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).apply {
init(keyStore)
}
}
} catch (e: Exception) {
i(e, { "load trust manager error" })
return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
}
}
private fun getKeyManagerFactory(): KeyManagerFactory {
try {
context.resources.openRawResource(R.raw.client).use {
val keyStore = KeyStore.getInstance("PKCS12").apply {
load(it, "example_password".toCharArray())
}
return KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).apply {
init(keyStore, "example_password".toCharArray())
}
}
} catch (e: Exception) {
i(e, { "load key manager error" })
return KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
}
}
Когда я передаю этот TrustManagerFactory и KeyManagerFactory в sslSocketFactory в OkHttp, все работает хорошо.
В iOS я попробовал все из документов alamofire (здесь: https://github.com/Alamofire/Alamofire/blob/master/Documentation/AdvancedUsage.md#security)
Я конвертирую оба сертификата в формат .der и добавляю его в ServerTrustPolicy во многих различных комбинациях, но всегда получаю ошибки SSL.
Вот одна из моих неудачных попыток на ios:
let pathToCert = Bundle.main.url(forResource: "server", withExtension: "der")
let partToSecCert = Bundle.main.url(forResource: "client", withExtension: "der")
let secCert = try! Data(contentsOf: partToSecCert!)
let localCert = try! Data(contentsOf: pathToCert!)
let serverCertificate = SecCertificateCreateWithData(nil, localCert as CFData)!
let localCertificate = SecCertificateCreateWithData(nil, secCert as CFData)!
let certs: [SecCertificate] = [ SecCertificateCreateWithData(nil, secCert as CFData)!]
let keyChainQueryDictionary = [kSecClass as String : kSecClassCertificate, kSecValueRef as String : serverCertificate, kSecAttrLabel as String: "My Certificate"] as [String : Any]
let summary = SecCertificateCopySubjectSummary(serverCertificate)
let statu = SecItemAdd(keyChainQueryDictionary as CFDictionary, nil)
var trust: SecTrust?
let policy = SecPolicyCreateBasicX509()
let status = SecTrustCreateWithCertificates(localCertificate, policy, &trust)
var key: SecKey?
if status == errSecSuccess {
key = SecTrustCopyPublicKey(trust!)!
}
let customEval = ServerTrustPolicy.customEvaluation { _, _ in
print("CUSTOM EVAL")
return true
}
let serverTrustPolicies: [String: ServerTrustPolicy] = [
"192.168.0.1": ServerTrustPolicy.pinCertificates(
certificates: certs,
validateCertificateChain: true,
validateHost: true),
]
sessionManager = SessionManager(
serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
)
Есть идеи, как передать пользовательские сертификаты клиента и сервера в alamofire?